&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12218980.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,218,980 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Using an end-to-end policy controller to split policies between enforcement points in a network</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Andrew E. Ossipov,  Lewisville, TX (US);  Robert Tappenden,  South Melbourne (AU);  Janardhanan Radhakrishnan,  Dublin, CA (US); and  Chandrodaya Prasad,  San Jose, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Cisco Technology, Inc.,  San Jose, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Cisco Technology, Inc.,  San Jose, CA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Dec.  27, 2022, as Appl. No. 18/089,212.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2024/0214424 A1, Jun.  27, 2024</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>H04L 9/40</b></i> (2022.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>H04L 63/20</b></i> (2013.01)</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12218980-20250204-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method comprising:<div class="claim_text">receiving data representing an intent-based security policy associated with a network, the intent-based security policy indicating an entity, a resource, and an authorization associated with the entity accessing the resource;</div>
                <div class="claim_text">determining a path of network traffic between the entity and the resource based at least in part on the authorization, the path of network traffic including one or more network devices;</div>
                <div class="claim_text">identifying, by a Software-Defined Networking (SDN) controller associated with the network and based at least in part on an inventory storing information associated with the network devices, one or more enforcement points associated with the path of network traffic;</div>
                <div class="claim_text">determining that a first enforcement point of the one or more enforcement points associated with the path of network traffic has a first capability to implement at least a first portion of the intent-based security policy;</div>
                <div class="claim_text">determining that a second enforcement point of the one or more enforcement points associated with the path of network traffic has a second capability to implement at least a second portion of the intent-based security policy;</div>
                <div class="claim_text">generating a first chain of enforcement points based at least in part on the first enforcement point and the second enforcement point; and</div>
                <div class="claim_text">sending the first portion of the intent-based security policy and the second portion of the intent-based security policy to the first chain of enforcement points.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>