公开(公告)号：US11784808B2

公开(公告)日：2023-10-10

申请号：US17659530

申请日：2022-04-18

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L9/0866 ,  H04L9/0869 ,  H04L9/3242 ,  H04L9/3247 ,  H04L63/0869 ,  H04L63/10 ,  H04L63/108 ,  H04L2209/12

Abstract: Systems, methods, and computer-readable media for authenticating access control messages include receiving, at a first node, access control messages from a second node. The first node and the second node including network devices and the access control messages can be based on RADIUS or TACACS+ protocols among others. The first node can obtain attestation information from one or more fields of the access control messages determine whether the second node is authentic and trustworthy based on the attestation information. The first node can also determine reliability or freshness of the access control messages based on the attestation information. The first node can be a server and the second node can be a client, or the first node can be a client and the second node can be a server. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp.

公开(公告)号：US11776087B2

公开(公告)日：2023-10-03

申请号：US17669647

申请日：2022-02-11

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Frank Brockners ,  Russell Paul Gyurek ,  Jerome Henry

IPC: G06T1/20 ,  G06F9/50 ,  G06F9/38 ,  G06F9/54 ,  G06F15/80

CPC classification number: G06T1/20 ,  G06F9/3877 ,  G06F9/5038 ,  G06F9/547 ,  G06F15/80

Abstract: A server that includes a graphics processing unit (GPU) may receive, from a first application that is remote from the server, a first request to reserve a first number of cores of the GPU for a first amount of time. The server may also receive, from a second application that is also remote from the server, a second request to reserve a second number of cores of the GPU for a second amount of time that at least partly overlaps the first amount of time. The server may determine that the first request is associated with a higher priority than the second request and, in response, may reserve the first number of cores for the first amount of time for the first application. The server may send, to the first application, an indication that the first number of cores have been reserved as requested by the first application.

公开(公告)号：US20230164214A1

公开(公告)日：2023-05-25

申请号：US18158961

申请日：2023-01-24

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L67/104 ,  H04L9/40 ,  H04W24/10 ,  H04L9/32 ,  H04L61/4511 ,  H04L67/1001

CPC classification number: H04L67/104 ,  H04L63/0823 ,  H04W24/10 ,  H04L9/3247 ,  H04L61/4511 ,  H04L67/1001

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US11616701B2

公开(公告)日：2023-03-28

申请号：US17181243

申请日：2021-02-22

Applicant: Cisco Technology, Inc.

Inventor： Frank Brockners ,  Shwetha Subray Bhandari ,  Pallavi Kalapatapu ,  Enzo Fenoglio ,  Wenqin Shao

IPC: H04L41/22 ,  G06F9/451 ,  H04L41/08

Abstract: Techniques for utilizing a communication system that provides access to a representation of a virtual environment to participants. The communication system may establish connections between personal communication bridge(s) associated with participant(s) interacting within a virtual proximity radius of one another's virtual indicator in the virtual environment. The communication system may cause conversation data to be sent each personal communication bridge associated with a participant that is within the virtual proximity radius of the sender, and cause conversation data to be received via the personal communication bridge of a participant that is within the virtual proximity radius of the sender. The communication system may also analyze data associated with the participant profile(s) and transcribed conversation data from the communication bridges(s) to recommend potential conversations of interest to participant(s).

公开(公告)号：US20220353322A1

公开(公告)日：2022-11-03

申请号：US17857729

申请日：2022-07-05

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L67/104 ,  H04L9/40 ,  H04W24/10 ,  H04L9/32 ,  H04L61/4511 ,  H04L67/1001

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US11451560B2

公开(公告)日：2022-09-20

申请号：US16808114

申请日：2020-03-03

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners ,  Selvaraj Mani ,  Eliot Lear

IPC: H04L12/00 ,  H04L9/40 ,  H04L61/5014 ,  H04L101/686

Abstract: Systems, methods, and computer-readable media are disclosed for measurement of trustworthiness of network devices prior to their configuration and deployment in a network. In one aspect of the present disclosure, a method for pre-configuration of network devices includes receiving, at a dynamic host configuration server, a first request from a network device for configuration data, the configuration data including at least an IP address; sending, by the dynamic host configuration server, a second request to the network device for attestation information; verifying, by the dynamic host configuration server, the network device based on the attestation information; and assigning, by the dynamic host configuration server, the configuration data to the network device upon verifying the network device.

公开(公告)号：US20220174091A1

公开(公告)日：2022-06-02

申请号：US17672502

申请日：2022-02-15

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  William F. Sulzen ,  Frank Brockners

IPC: H04L9/40 ,  H04L61/103

Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. An ARP responder can receive an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment. The ARP responder can build an ARP response including attestation information of the ARP responder. Further, the ARP responder can provide, to the ARP requestor, the attestation information for verifying the ARP responder using the ARP response and the attestation information of the ARP responder.

公开(公告)号：US11343091B2

公开(公告)日：2022-05-24

申请号：US16784025

申请日：2020-02-06

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/32

Abstract: Systems, methods, and computer-readable media for authenticating access control messages include receiving, at a first node, access control messages from a second node. The first node and the second node including network devices and the access control messages can be based on RADIUS or TACACS+ protocols among others. The first node can obtain attestation information from one or more fields of the access control messages determine whether the second node is authentic and trustworthy based on the attestation information. The first node can also determine reliability or freshness of the access control messages based on the attestation information. The first node can be a server and the second node can be a client, or the first node can be a client and the second node can be a server. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp.

公开(公告)号：US11283679B2

公开(公告)日：2022-03-22

申请号：US17020384

申请日：2020-09-14

Applicant: Cisco Technology, Inc.

Inventor： Thomas Michel-Ange Feltin ,  Wenqin Shao ,  Parisa Foroughi ,  Frank Brockners

IPC: H04L12/24 ,  G06N3/08 ,  G06F17/40 ,  G06F17/18 ,  H04L41/083 ,  H04L41/0823

Abstract: Techniques and mechanisms for automatically identifying counters/features of a network component that are related to a state change (or event) for the network component or for the network itself. For example, using data obtained from the network component around a time of the state change, delta-averages for the counters/features around the time of the state change may be determined. The delta-averages may be utilized to determine which counters/features are most descriptive for a particular state change. Determining which counters/features are most descriptive may also include determining which counters/features are most relevant, i.e., counters/features that contribute most to preserving the manifold structure of the original data or counters/features with the highest or lowest correlation with the other counters/features in the data set. Thus, the techniques described herein provide for an approach to distill which counters/features contribute the most to a particular state change from a data driven perspective.

公开(公告)号：US20220070251A1

公开(公告)日：2022-03-03

申请号：US17499731

申请日：2021-10-12

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L29/08 ,  H04W24/10 ,  H04L29/06 ,  H04L29/12 ,  H04L9/32

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.