公开(公告)号：US20210194912A1

公开(公告)日：2021-06-24

申请号：US16721513

申请日：2019-12-19

Applicant: Cisco Technology, Inc.

Inventor： David Delano Ward ,  Nancy Cam-Winget ,  Eric Voit ,  Jesse Daniel Backman

IPC: H04L29/06

Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices across domains. Attestation information for an attester node in a first domain is received at a verifier gateway in the first domain. The attestation information is translated at the verifier gateway into translated attestation information for a second domain. Specifically, the attestation information is translated into translated attested information for a second domain that is a different administrative domain from the first domain. The translated attestation information can be provided to a verifier in the second domain. The verifier can be configured to verify the trustworthiness of the attester node for a relying node in the second domain by identifying a level of trust of the attester node based on the translated attestation information.

公开(公告)号：US10938671B2

公开(公告)日：2021-03-02

申请号：US16162636

申请日：2018-10-17

Applicant: Cisco Technology, Inc.

Inventor： Eric Voit ,  Einar Nilsen-Nygaard

IPC: H04L12/24 ,  H04L12/911

Abstract: A method comprising obtaining from a first service-providing device, a plurality of service capability indicators for a set of interconnected devices. The plurality of service capability indicators are indicative of a corresponding plurality of service capabilities according to which the first service-providing device is providing services to one or more nodes. The method further comprises mapping the plurality of service capability indicators to a service capability label according to satisfaction of a continuity criterion. The service capability label corresponds to a representation of the plurality of service capabilities associated with a connection to the first service-providing device. The method further comprises providing the service capability label to the one or more nodes in order to provide the representation of the plurality of service capabilities associated with the connection to the first service-providing device.

公开(公告)号：US20200322176A1

公开(公告)日：2020-10-08

申请号：US16782235

申请日：2020-02-05

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Eric Voit ,  Jesse Daniel Backman ,  Robert Stephen Rodgers ,  Joseph Eryx Malcolm

IPC: H04L9/32 ,  G06F21/72 ,  H04L29/06 ,  H04L9/08 ,  G06F21/57

Abstract: The present technology discloses systems, methods, and computer-readable media for requesting at least one signed security measurement from at least one module with a corresponding cryptoprocessor, the at least one module existing within a device; receiving the at least one signed security measurement from the at least one module with the corresponding cryptoprocessor; validating the at least one signed security measurement; generating a signed dossier including all validated signed security measurements in a secure enclave, the signed dossier being used by an external network device for remote attestation of the device.

公开(公告)号：US12199969B2

公开(公告)日：2025-01-14

申请号：US18481765

申请日：2023-10-05

Applicant: Cisco Technology, Inc.

Inventor： David Delano Ward ,  Robert Stephen Rodgers ,  Andrew Phillips Thurber ,  Eric Voit ,  Thomas John Giuli

IPC: H04L9/40

Abstract: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.

公开(公告)号：US11972007B2

公开(公告)日：2024-04-30

申请号：US17546991

申请日：2021-12-09

Applicant: Cisco Technology, Inc.

Inventor： Nancy Patricia Cam-Winget ,  Eric Voit

IPC: G06F21/62 ,  G06F16/14 ,  G06F21/12 ,  G06F21/57 ,  H04L9/40 ,  H04L67/56

CPC classification number: G06F21/6218 ,  G06F16/144 ,  G06F21/123 ,  G06F21/57

Abstract: Techniques for maintaining geographic-based data privacy rules in networked environments. An example method includes receiving a request from a user device; generating, based on the request, a query for data associated with fulfilling the request; transmitting, to a data controller, the query; transmitting, to the data controller, an indication of a geographic region in which at least one device implementing the entity is located; and receiving, from the data controller, a portion of the data associated with fulfilling the request.

公开(公告)号：US11949593B2

公开(公告)日：2024-04-02

申请号：US17740903

申请日：2022-05-10

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Kumar Kathail ,  Eric Voit ,  David A. Maluf

IPC: G06F15/173 ,  G06F15/16 ,  H04L45/42 ,  H04L45/741 ,  H04L45/748 ,  H04L61/251

CPC classification number: H04L45/741 ,  H04L45/42 ,  H04L45/748 ,  H04L61/251

Abstract: Stateless address translation at an Autonomous System (AS) boundary for host privacy may be provided. An address associated with a host device in the AS may be received. The address may comprise a network prefix and an interface identifier (ID). Then a cypher value may be assigned to a cypher bit range in the network prefix. The cypher value may be associated with a first cypher algorithm of a plurality of cypher algorithms. Next, the address may be encoded wherein encoding the address comprises applying the first cypher algorithm to encode a coding bit range in the address that is less significant than the cypher bit range. The encoded address may then be used for flows from the host that egress the AS.

公开(公告)号：US20240064101A1

公开(公告)日：2024-02-22

申请号：US17820448

申请日：2022-08-17

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Voit ,  Pradeep Kumar Kathail

IPC: H04L45/745 ,  H04L45/44 ,  H04L41/12

CPC classification number: H04L45/745 ,  H04L45/44 ,  H04L41/12

Abstract: A device for a virtual phone in a virtual network may be provided. A data packet may be received by the device, the device being in a personal-area-network (PAN) with a peer, the data packet containing information defining a characteristic of a software application. The data packet may be profiled, the data packet comprising information about the software application. An SLA table stored on the device may be seeded with the information in the data packet. A routing table may be populated with an address for forwarding the information to the peer.

公开(公告)号：US11902161B1

公开(公告)日：2024-02-13

申请号：US17820448

申请日：2022-08-17

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Voit ,  Pradeep Kumar Kathail

IPC: G06F15/16 ,  H04L45/745 ,  H04L41/12 ,  H04L45/44

CPC classification number: H04L45/745 ,  H04L41/12 ,  H04L45/44

Abstract: A device for a virtual phone in a virtual network may be provided. A data packet may be received by the device, the device being in a personal-area-network (PAN) with a peer, the data packet containing information defining a characteristic of a software application. The data packet may be profiled, the data packet comprising information about the software application. An SLA table stored on the device may be seeded with the information in the data packet. A routing table may be populated with an address for forwarding the information to the peer.

公开(公告)号：US11882176B2

公开(公告)日：2024-01-23

申请号：US18158961

申请日：2023-01-24

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: G06F15/173 ,  H04L67/104 ,  H04L9/40 ,  H04W24/10 ,  H04L9/32 ,  H04L61/4511 ,  H04L67/1001

CPC classification number: H04L67/104 ,  H04L9/3247 ,  H04L61/4511 ,  H04L63/0823 ,  H04L67/1001 ,  H04W24/10

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US20230370373A1

公开(公告)日：2023-11-16

申请号：US17740903

申请日：2022-05-10

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Kumar Kathail ,  Eric Voit ,  David A. Maluf

IPC: H04L45/741 ,  H04L45/748 ,  H04L45/42 ,  H04L61/251

CPC classification number: H04L45/741 ,  H04L45/748 ,  H04L45/42 ,  H04L61/251

Abstract: Stateless address translation at an Autonomous System (AS) boundary for host privacy may be provided. An address associated with a host device in the AS may be received. The address may comprise a network prefix and an interface identifier (ID). Then a cypher value may be assigned to a cypher bit range in the network prefix. The cypher value may be associated with a first cypher algorithm of a plurality of cypher algorithms. Next, the address may be encoded wherein encoding the address comprises applying the first cypher algorithm to encode a coding bit range in the address that is less significant than the cypher bit range. The encoded address may then be used for flows from the host that egress the AS.