US 12,015,722 B2
Methods and systems for cryptographic identity based network microsegmentation
Vipin Jain, San Jose, CA (US); Ravi Kumar Gadde, Los Altos, CA (US); Enrico Schiattarella, Los Altos, CA (US); and Sukhesh Halemane, San Jose, CA (US)
Assigned to Pensando Systems, Inc., Milpitas, CA (US)
Appl. No. 16/958,611
Filed by Pensando Systems Inc., Milpitas, CA (US)
PCT Filed Dec. 20, 2018, PCT No. PCT/US2018/066801
§ 371(c)(1), (2) Date Jun. 26, 2020,
PCT Pub. No. WO2019/133434, PCT Pub. Date Jul. 4, 2019.
Claims priority of provisional application 62/612,093, filed on Dec. 29, 2017.
Prior Publication US 2020/0336316 A1, Oct. 22, 2020
Int. Cl. H04L 9/32 (2006.01); G06F 9/455 (2018.01); H04L 9/08 (2006.01); H04L 9/40 (2022.01); H04L 29/06 (2006.01)
CPC H04L 9/3268 (2013.01) [G06F 9/45558 (2013.01); H04L 9/0894 (2013.01); H04L 63/205 (2013.01); G06F 2009/45595 (2013.01)] 33 Claims
OG exemplary drawing
 
1. A method for establishing a secure and authenticated network connection, the method comprising:
a) receiving, from a requesting entity, a destination IP address and a first certificate that is used to establish a secure network connection, wherein the first certificate comprises a first security attribute associated with a source IP address, wherein the first certificate is a trusted certificate issued by a certificate authority, wherein the first security attribute in the first certificate comprises a security group associated with the source IP address, the security group including multiple endpoints identified to share a security attribute;
b) identifying, with aid of one or more processors, a stored second security attribute associated with the destination IP address; and
c) determining, with aid of the one or more processors, a policy action based at least in part on the first security attribute and the second security attribute.