公开(公告)号：US11122346B1

公开(公告)日：2021-09-14

申请号：US16912238

申请日：2020-06-25

Applicant: Cisco Technology, Inc.

Inventor： Manoj Kumar ,  Sujal Sheth ,  Zafar Ali ,  Eric Voit ,  Shwetha Subray Bhandari

IPC: H04Q11/00 ,  H04L29/06

Abstract: The present technology discloses methods, systems, and non-transitory computer-readable media for receiving, by a relying node in an optical transport network environment, attestation information in a trail trace identifier of an optical unit from an attester node in the optical transport network environment; verifying a trustworthiness of the attester node by identifying a level of trust of the attester node from the attestation information; and controlling network service access of the attester node through the relying node in the network environment based on the level of trust of the attester node identified from the attestation information.

公开(公告)号：US20210281553A1

公开(公告)日：2021-09-09

申请号：US16808966

申请日：2020-03-04

Applicant: Cisco Technology, Inc.

Inventor： David Delano Ward ,  Robert Stephen Rodgers ,  Andrew Phillips Thurber ,  Eric Voit ,  Thomas John Giuli

IPC: H04L29/06

Abstract: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.

公开(公告)号：US20200322423A1

公开(公告)日：2020-10-08

申请号：US16783942

申请日：2020-02-06

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L29/08 ,  H04L29/06 ,  H04L29/12 ,  H04L9/32 ,  H04W24/10

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US20200322380A1

公开(公告)日：2020-10-08

申请号：US16839576

申请日：2020-04-03

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L29/06

Abstract: Systems, methods, and computer-readable media for discovering trustworthy devices through attestation and authenticating devices through mutual attestation. A relying node in a network environment can receive attestation information from an attester node in the network environment as part of a unidirectional push of information from the attester node according to a unidirectional link layer communication scheme. A trustworthiness of the attester node can be verified by identifying a level of trust of the attester node from the attestation information. Further, network service access of the attester node through the relying node in the network environment can be controlled based on the level of trust of the attester node identified from the attestation information.

公开(公告)号：US20200322356A1

公开(公告)日：2020-10-08

申请号：US16808114

申请日：2020-03-03

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners ,  Selvaraj Mani ,  Eliot Lear

IPC: H04L29/06 ,  H04L29/12

Abstract: Systems, methods, and computer-readable media are disclosed for measurement of trustworthiness of network devices prior to their configuration and deployment in a network. In one aspect of the present disclosure, a method for pre-configuration of network devices includes receiving, at a dynamic host configuration server, a first request from a network device for configuration data, the configuration data including at least an IP address; sending, by the dynamic host configuration server, a second request to the network device for attestation information; verifying, by the dynamic host configuration server, the network device based on the attestation information; and assigning, by the dynamic host configuration server, the configuration data to the network device upon verifying the network device.

公开(公告)号：US20200322348A1

公开(公告)日：2020-10-08

申请号：US16715271

申请日：2019-12-16

Applicant: Cisco Technology, Inc.

Inventor： Pradeep Kumar Kathail ,  Eric Voit

IPC: H04L29/06 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for evaluation of trustworthiness of network devices are proposed. In one aspect, a first network device can determine a first determine a first probability of a security compromise of a second network device based on visible indicators. The first network device can also determine a second probability of the security compromise of the second device based on invisible indicators. The first network device also determines a trust degradation score for the second network device and establishes, based on the trust degradation score, a specified type of communication session with the second network device.

公开(公告)号：US20200322224A1

公开(公告)日：2020-10-08

申请号：US16728323

申请日：2019-12-27

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L12/24 ,  H04W84/18 ,  H04W40/24 ,  H04L12/751 ,  H04L12/721

Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. A recipient node in a network environment can receive a neighbor discovery (ND) message from an originating node in the network environment that are both implementing a neighbor discovery protocol. Trustworthiness of the originating node can be verified by identifying a level of trust of the originating node based on attestation information for the originating node included in the ND message received at the recipient node. Connectivity with the recipient node through the network environment can be managed based on the level of trust of the originating node identified from the attestation information included in the ND message.

公开(公告)号：US20200320199A1

公开(公告)日：2020-10-08

申请号：US16752488

申请日：2020-01-24

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: G06F21/57 ,  H04L9/32 ,  H04L9/08

Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.