公开(公告)号：US20230026420A1

公开(公告)日：2023-01-26

申请号：US17937935

申请日：2022-10-04

Applicant: Cisco Technology, Inc.

Inventor： David Delano Ward ,  Robert Stephen Rodgers ,  Andrew Phillips Thurber ,  Eric Voit ,  Thomas John Giuli

IPC: H04L9/40

Abstract: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.

公开(公告)号：US20220394054A1

公开(公告)日：2022-12-08

申请号：US17818147

申请日：2022-08-08

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L9/40

Abstract: Systems, methods, and computer-readable media for discovering trustworthy devices through attestation and authenticating devices through mutual attestation. A relying node in a network environment can receive attestation information from an attester node in the network environment as part of a unidirectional push of information from the attester node according to a unidirectional link layer communication scheme. A trustworthiness of the attester node can be verified by identifying a level of trust of the attester node from the attestation information. Further, network service access of the attester node through the relying node in the network environment can be controlled based on the level of trust of the attester node identified from the attestation information.

公开(公告)号：US11438151B2

公开(公告)日：2022-09-06

申请号：US16750786

申请日：2020-01-23

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Peter Panburana

IPC: H04L9/08 ,  H04L9/32 ,  G06F9/455

Abstract: The present technology discloses a method for enriching local crypto-processor queries with software-defined networking augmented information, comprising sending, from a virtual machine installed on a physical host, a request for trust verification data; augmenting, by an identity verification system on the physical host, the request for trust verification data with encrypted information from an external entity; receiving, at a trusted processor module on the physical host, the request for trust verification data; receiving, at the virtual machine, the trust verification data; and assessing, at the virtual machine, a state of the physical host based on the trust verification data.

公开(公告)号：US20220094559A1

公开(公告)日：2022-03-24

申请号：US17542142

申请日：2021-12-03

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Eric Voit ,  Jesse Daniel Backman ,  Robert Stephen Rodgers ,  Joseph Eryx Malcolm

IPC: H04L9/32 ,  G06F21/72 ,  G06F21/57 ,  H04L29/06 ,  H04L9/08

Abstract: A methodology for requesting at least one signed security measurement from at least one module is provided. The methodology includes receiving the at least one signed security measurement from the at least one module; validating the at least one signed security measurement; generating a signed dossier including all validated signed security measurements in a secure enclave, the signed dossier being used by an external network device for remote attestation of the device.

公开(公告)号：US11196634B2

公开(公告)日：2021-12-07

申请号：US16728323

申请日：2019-12-27

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L12/24 ,  H04W84/18 ,  H04L12/721 ,  H04L12/751 ,  H04W40/24

Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. A recipient node in a network environment can receive a neighbor discovery (ND) message from an originating node in the network environment that are both implementing a neighbor discovery protocol. Trustworthiness of the originating node can be verified by identifying a level of trust of the originating node based on attestation information for the originating node included in the ND message received at the recipient node. Connectivity with the recipient node through the network environment can be managed based on the level of trust of the originating node identified from the attestation information included in the ND message.

公开(公告)号：US20200322145A1

公开(公告)日：2020-10-08

申请号：US16784025

申请日：2020-02-06

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L9/08 ,  H04L29/06 ,  H04L9/32

Abstract: Systems, methods, and computer-readable media for authenticating access control messages include receiving, at a first node, access control messages from a second node. The first node and the second node including network devices and the access control messages can be based on RADIUS or TACACS+ protocols among others. The first node can obtain attestation information from one or more fields of the access control messages determine whether the second node is authentic and trustworthy based on the attestation information. The first node can also determine reliability or freshness of the access control messages based on the attestation information. The first node can be a server and the second node can be a client, or the first node can be a client and the second node can be a server. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp.

公开(公告)号：US20200322143A1

公开(公告)日：2020-10-08

申请号：US16750786

申请日：2020-01-23

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Peter Panburana

IPC: H04L9/08 ,  H04L9/32 ,  G06F9/455

Abstract: The present technology discloses a method for enriching local crypto-processor queries with software-defined networking augmented information, comprising sending, from a virtual machine installed on a physical host, a request for trust verification data; augmenting, by an identity verification system on the physical host, the request for trust verification data with encrypted information from an external entity; receiving, at a trusted processor module on the physical host, the request for trust verification data; receiving, at the virtual machine, the trust verification data; and assessing, at the virtual machine, a state of the physical host based on the trust verification data.

公开(公告)号：US20250031133A1

公开(公告)日：2025-01-23

申请号：US18223255

申请日：2023-07-18

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Pradeep Kumar Kathail ,  Eric Voit ,  David A. Maluf ,  Ali Sajassi

IPC: H04W48/12 ,  H04W12/02 ,  H04W12/08

Abstract: Techniques for establishing connections between user devices and access points to connect to networks. Access points may indicate privacy-support capabilities, enabling a user device to discover privacy-capable access networks, and use this capability for network selection. Furthermore, the techniques enable the user device to request to enable and/or disable privacy support on an on-demand basis. The techniques described herein include the use of an access point that indicates the network's privacy capability to an endpoint device (e.g., source device, user device, etc.) over one or more link-layer messages, IP address configuration mechanisms, and over authentication protocols.

公开(公告)号：US20240372735A1

公开(公告)日：2024-11-07

申请号：US18143470

申请日：2023-05-04

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Pascal Thubert ,  Frank Brockners

IPC: H04L9/32 ,  G06F9/50

Abstract: Techniques performed by offload computing devices that establish and advertise confidential computing environments for use by other computing devices. The offload computing devices may each be executing an attestable bootloader that creates the confidential computing environments, advertises the available resources to the other computing devices, establish secure encrypted channels with the other devices, and run processes in the confidential computing environments on behalf of the other computing devices. In addition to advertising the availability of computing resources in the confidential environments, the offload computing devices may additionally advertise performance metrics associated with the confidential computing environments. Computing devices may receive the advertisements, and send requests to the offload computing devices to run processes on their behalf in the confidential computing environments.

公开(公告)号：US11960607B2

公开(公告)日：2024-04-16

申请号：US17547084

申请日：2021-12-09

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Einar Nilsen-Nygaard ,  Frank Brockners ,  Pradeep Kumar Kathail

IPC: G06F21/57

CPC classification number: G06F21/57 ,  G06F2221/033

Abstract: This disclosure describes techniques for selectively placing and maintaining sensitive workloads in subsystems that achieve a minimum level of trustworthiness. An example method includes identifying at least one trustworthiness requirement associated with an application and transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem. A response indicating the at least one trustworthiness characteristic is received from the first subsystem. The example method further includes determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem.