US 11,985,129 B2
Cloud policy enforcement based on network trust
Vivek Ashwin Raman, San Jose, CA (US); Ajit Singh, San Jose, CA (US); Vikas Mahajan, Ludhiana (IN); Amandeep Singh, Surrey (CA); Huiju Wu, San Jose, CA (US); and David Creedy, Los Gatos, CA (US)
Assigned to Zscaler, Inc., San Jose, CA (US)
Filed by Zscaler, Inc., San Jose, CA (US)
Filed on Sep. 29, 2020, as Appl. No. 17/035,918.
Application 17/035,918 is a continuation in part of application No. 16/858,798, filed on Apr. 27, 2020, granted, now 11,363,022.
Application 16/858,798 is a continuation in part of application No. 15/900,951, filed on Feb. 21, 2018, granted, now 10,986,094.
Application 15/900,951 is a continuation of application No. 15/153,108, filed on May 12, 2016, granted, now 9,935,955, issued on Apr. 3, 2018.
Claims priority of application No. 201611010521 (IN), filed on Mar. 28, 2016.
Prior Publication US 2021/0029119 A1, Jan. 28, 2021
Int. Cl. H04L 9/40 (2022.01); H04L 61/4511 (2022.01); H04L 67/02 (2022.01); H04L 67/10 (2022.01); H04L 67/1001 (2022.01); H04L 67/125 (2022.01); H04L 67/51 (2022.01); H04L 67/56 (2022.01); H04L 67/563 (2022.01); H04L 67/564 (2022.01); H04L 69/16 (2022.01); H04L 101/663 (2022.01)
CPC H04L 63/0884 (2013.01) [H04L 61/4511 (2022.05); H04L 63/0272 (2013.01); H04L 63/0281 (2013.01); H04L 67/02 (2013.01); H04L 67/10 (2013.01); H04L 67/1001 (2022.05); H04L 67/125 (2013.01); H04L 67/51 (2022.05); H04L 67/56 (2022.05); H04L 67/563 (2022.05); H04L 67/564 (2022.05); H04L 69/162 (2013.01); H04L 2101/663 (2022.05)] 20 Claims
OG exemplary drawing
 
1. A cloud-based system comprising:
at least one computer processor;
a plurality of enforcement nodes communicatively coupled to one another, to a user, and to the Internet and one or more cloud applications;
a central authority communicatively coupled to the plurality of enforcement nodes; and
memory having computer program instructions, the computer program instructions being executable by the at least one computer processor communicatively coupled to a network, the plurality of enforcement nodes, and the central authority, wherein the central authority is configured to
obtain trusted network rules for a plurality of networks, wherein the trusted network rules include a network trust level for each of the plurality of networks,
obtain policy configurations for each of the trusted network rules, wherein the networks are provided with specific policy configurations based on the associated trust level, and wherein the policy configurations define configurations for a cloud-based system to use with a user device based on a corresponding network where the user device is connected, and
wherein each of the plurality of enforcement nodes is configured to
receive a request from the user device for a cloud service,
responsive to receiving the request, communicate with the user device and determine which specific network of the plurality of networks the user device is utilizing to access the cloud service associated with the cloud-based system, wherein the specific network has one of a plurality of trust levels, or is untrusted, and
apply the specific policy configurations in the cloud-based system for the user device based on the trust level of the specific network the user device is determined to be utilizing to access the cloud-based system.