公开(公告)号：US12126653B2

公开(公告)日：2024-10-22

申请号：US17107350

申请日：2020-11-30

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  Chris Allen Shenefiel ,  David McGrew ,  Robert M. Waitman

IPC: H04L9/40 ,  G06N20/00

CPC classification number: H04L63/20 ,  H04L63/10 ,  H04L63/1416 ,  H04L63/166 ,  G06N20/00 ,  H04L63/145 ,  H04L63/1458

Abstract: In one embodiment, a service that monitors a network obtains file characteristic data of a file stored on a first endpoint in the network. The service infers characteristics of encrypted content within encrypted traffic in the network between the first endpoint and a second endpoint, by applying a machine learning-based classifier to traffic data regarding the encrypted traffic session. The service compares the file characteristic data of the file to the inferred content characteristics of the encrypted content within the encrypted traffic, to detect the file within the encrypted traffic. The service enforces a network policy in the network, based on the detection of the file within the encrypted traffic.

公开(公告)号：US20210112102A1

公开(公告)日：2021-04-15

申请号：US17107350

申请日：2020-11-30

Applicant: Cisco Technology, Inc.

Inventor： Blake Harrell Anderson ,  Chris Allen Shenefiel ,  David McGrew ,  Robert M. Waitman

IPC: H04L29/06

Abstract: In one embodiment, a service that monitors a network obtains file characteristic data of a file stored on a first endpoint in the network. The service infers characteristics of encrypted content within encrypted traffic in the network between the first endpoint and a second endpoint, by applying a machine learning-based classifier to traffic data regarding the encrypted traffic session. The service compares the file characteristic data of the file to the inferred content characteristics of the encrypted content within the encrypted traffic, to detect the file within the encrypted traffic. The service enforces a network policy in the network, based on the detection of the file within the encrypted traffic.

公开(公告)号：US20170353435A1

公开(公告)日：2017-12-07

申请号：US15174350

申请日：2016-06-06

Applicant: Cisco Technology, Inc.

Inventor： Max Pritikin ,  Rafael Mantilla Montalvo ,  Chris Allen Shenefiel

IPC: H04L29/06 ,  H04W4/02

CPC classification number: H04L63/0428 ,  G06F21/44 ,  G06F21/57 ,  G06F2221/2111 ,  G06Q30/018 ,  H04L9/0872 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/126 ,  H04W4/029

Abstract: A root-of-trust of geolocation is provided for an apparatus that includes a trust anchor module with a cryptographic processor and a secure memory. The apparatus further includes a main processor coupled to the trust anchor module and configured to receive a digital geolocation certificate, the geolocation certificate including information identifying the apparatus, information regarding a physical location of the apparatus, information identifying an authorized entity that has verified the physical location of the apparatus, and a digital signature of the authorized entity. The main processor is further configured to cause the trust anchor module to store the digital geolocation certificate in the secure memory such that the digital geolocation certificate is cryptographically bound to the apparatus. The trust anchor module may also include, or otherwise communicate over a secure channel with, a movement sensor associated with the apparatus.

公开(公告)号：US12277446B2

公开(公告)日：2025-04-15

申请号：US17202447

申请日：2021-03-16

Applicant: Cisco Technology, Inc.

Inventor： John David White ,  Steven Joseph Rich ,  William Michael Hudson, Jr. ,  Chris Allen Shenefiel

IPC: G06F9/50 ,  G06F12/02 ,  G06F12/14 ,  G06F21/57 ,  G06F21/62 ,  G06F21/78

Abstract: According to certain embodiments, a method comprises monitoring a request for use of memory requested by a container manager application on behalf of a given one of a plurality of containers during runtime of the given container. The method further comprises determining that the request for use of memory has caused an exception. The exception indicates that the request has requested an invalid operation on a memory table or that the request has requested a previously not seen memory table. In response, the method further comprises determining an action to perform. The action depends on both first trustworthiness information associated with the given container and second trustworthiness information associated with the given container. The first trustworthiness information is obtained from a Third Party Reputation Service (TPRS). The second trustworthiness information is obtained based on monitoring the runtime behavior of the given container.

公开(公告)号：US20220350913A1

公开(公告)日：2022-11-03

申请号：US17860217

申请日：2022-07-08

Applicant: Cisco Technology, Inc.

Inventor： Chris Allen Shenefiel ,  Robert Waitman ,  David McGrew ,  Blake Harrell Anderson

IPC: G06F21/62 ,  G06N20/00

Abstract: In one embodiment, a traffic analysis service that monitors a network obtains file metadata regarding an electronic file. The traffic analysis service determines a sensitivity score for the electronic file based on the file metadata. The traffic analysis service detects the electronic file within traffic in the network. The traffic analysis service causes performance of a mitigation action regarding the detection of the electronic file within the traffic, based on the sensitivity score of the electronic file.

公开(公告)号：US20200159947A1

公开(公告)日：2020-05-21

申请号：US16196035

申请日：2018-11-20

Applicant: Cisco Technology, Inc.

Inventor： Chris Allen Shenefiel ,  Robert Waitman ,  David McGrew ,  Blake Harrell Anderson

IPC: G06F21/62 ,  G06N20/00

Abstract: In one embodiment, a traffic analysis service that monitors a network obtains file metadata regarding an electronic file. The traffic analysis service determines a sensitivity score for the electronic file based on the file metadata. The traffic analysis service detects the electronic file within traffic in the network. The traffic analysis service causes performance of a mitigation action regarding the detection of the electronic file within the traffic, based on the sensitivity score of the electronic file.

公开(公告)号：US11783076B2

公开(公告)日：2023-10-10

申请号：US17860217

申请日：2022-07-08

Applicant: Cisco Technology, Inc.

Inventor： Chris Allen Shenefiel ,  Robert Waitman ,  David McGrew ,  Blake Harrell Anderson

IPC: G06F21/62 ,  G06N20/00

CPC classification number: G06F21/6218 ,  G06N20/00

Abstract: In one embodiment, a traffic analysis service that monitors a network obtains file metadata regarding an electronic file. The traffic analysis service determines a sensitivity score for the electronic file based on the file metadata. The traffic analysis service detects the electronic file within traffic in the network. The traffic analysis service causes performance of a mitigation action regarding the detection of the electronic file within the traffic, based on the sensitivity score of the electronic file.

公开(公告)号：US20220300330A1

公开(公告)日：2022-09-22

申请号：US17202447

申请日：2021-03-16

Applicant: Cisco Technology, Inc.

Inventor： John David White ,  Steven Joseph Rich ,  William Michael Hudson, JR. ,  Chris Allen Shenefiel

IPC: G06F9/50 ,  G06F12/14 ,  G06F12/02 ,  G06F21/62 ,  G06F21/57 ,  G06F21/78

Abstract: According to certain embodiments, a method comprises monitoring a request for use of memory requested by a container manager application on behalf of a given one of a plurality of containers during runtime of the given container. The method further comprises determining that the request for use of memory has caused an exception. The exception indicates that the request has requested an invalid operation on a memory table or that the request has requested a previously not seen memory table. In response, the method further comprises determining an action to perform. The action depends on both first trustworthiness information associated with the given container and second trustworthiness information associated with the given container. The first trustworthiness information is obtained from a Third Party Reputation Service (TPRS). The second trustworthiness information is obtained based on monitoring the runtime behavior of the given container.

公开(公告)号：US10601787B2

公开(公告)日：2020-03-24

申请号：US15174350

申请日：2016-06-06

Applicant: Cisco Technology, Inc.

Inventor： Max Pritikin ,  Rafael Mantilla Montalvo ,  Chris Allen Shenefiel

IPC: H04L29/06 ,  H04W4/029 ,  H04L9/32 ,  G06F21/57 ,  G06F21/44 ,  H04L9/08 ,  G06Q30/00

Abstract: A root-of-trust of geolocation is provided for an apparatus that includes a trust anchor module with a cryptographic processor and a secure memory. The apparatus further includes a main processor coupled to the trust anchor module and configured to receive a digital geolocation certificate, the geolocation certificate including information identifying the apparatus, information regarding a physical location of the apparatus, information identifying an authorized entity that has verified the physical location of the apparatus, and a digital signature of the authorized entity. The main processor is further configured to cause the trust anchor module to store the digital geolocation certificate in the secure memory such that the digital geolocation certificate is cryptographically bound to the apparatus. The trust anchor module may also include, or otherwise communicate over a secure channel with, a movement sensor associated with the apparatus.