公开(公告)号：US20210226995A1

公开(公告)日：2021-07-22

申请号：US16746323

申请日：2020-01-17

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Owen Friel

IPC: H04L29/06 ,  G06F8/61 ,  G06F21/57

Abstract: This disclosure describes techniques for providing manufacturer usage description (MUD) solution to automatically update network access policy for client application software. The method may include embedding metadata in the application binary. The metadata may include MUD uniform resource identifiers (URIs) that may point to MUD files describing the application's network access requirements. The MUD files may be hosted by application vendor's MUD servers. The system may include a network policy server that is able discover the MUD URIs. The MUD URIs may be discovered based on extracting the MUD URIs from the metadata and/or being provision with the set of MUD URIs for trusted applications. The method may include enterprise wide policy and individual host policy for implementation of the MUD files.

公开(公告)号：US20200120502A1

公开(公告)日：2020-04-16

申请号：US16281864

申请日：2019-02-21

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Owen Friel ,  Max Pritikin

IPC: H04W12/06 ,  H04W12/08 ,  H04W76/11 ,  H04W12/04 ,  H04W48/18 ,  H04W60/00

Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.

公开(公告)号：US11533179B2

公开(公告)日：2022-12-20

申请号：US16992349

申请日：2020-08-13

Applicant: Cisco Technology, Inc.

Inventor： Ollie Fagan ,  John Costello ,  Owen Friel ,  Andrew West

IPC: H04L9/32 ,  H04L65/1073 ,  H04L9/14 ,  H04L61/2589 ,  H04L9/40 ,  H04L61/4541 ,  H04L61/5007 ,  H04L65/1104

Abstract: In one embodiment, an endpoint in a network sends a Session Initiation Protocol (SIP) registration request to a device. The device generates a first key using information included in the SIP registration request. The device also writes the first key to a storage location accessible by a Traversal Using Relays around Network address translators (TURN) server. The endpoint generates a second key based on the information included in the SIP registration request. The endpoint sends an allocate request to the TURN server that includes the second key. The TURN server authenticates the endpoint based in part by comparing the second key to the first key. The endpoint receives an allocate response from the TURN server, after the TURN server authenticates the endpoint.

公开(公告)号：US20250013766A1

公开(公告)日：2025-01-09

申请号：US18887978

申请日：2024-09-17

Applicant: Cisco Technology, Inc.

Inventor： Owen Friel ,  Richard Lee Barnes

IPC: G06F21/62 ,  H04L9/08 ,  H04L9/40

Abstract: This disclosure describes techniques for allowing an organization to manage user identities. In some examples, the management of user identities may be serverless. In some examples, serverless identity management may be enabled through a distributed application on user devices of the organization. The application may generate and/or store information related to the user identities on the user devices. Serverless identity management may further include storing at least some of the information at a location that is easily accessible to the user devices, such as a cloud computing location, while maintaining security for private data. Serverless identity management may therefore provide an organization with greater operational flexibility.

公开(公告)号：US10791462B2

公开(公告)日：2020-09-29

申请号：US16281864

申请日：2019-02-21

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Owen Friel ,  Max Pritikin

IPC: H04W12/06 ,  H04W12/08 ,  H04W60/00 ,  H04W12/04 ,  H04W48/18 ,  H04W76/11

Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.

公开(公告)号：US11601808B2

公开(公告)日：2023-03-07

申请号：US17008330

申请日：2020-08-31

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Owen Friel ,  Max Pritikin

IPC: H04W12/06 ,  H04W60/00 ,  H04W12/04 ,  H04W48/18 ,  H04W76/11 ,  H04W12/084

Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.

公开(公告)号：US12105817B2

公开(公告)日：2024-10-01

申请号：US17377937

申请日：2021-07-16

Applicant: Cisco Technology, Inc.

Inventor： Owen Friel ,  Richard Lee Barnes

IPC: G06F21/62 ,  H04L9/08 ,  H04L9/40

CPC classification number: G06F21/62 ,  H04L9/0819 ,  H04L63/0428

Abstract: This disclosure describes techniques for allowing an organization to manage user identities. In some examples, the management of user identities may be serverless. In some examples, serverless identity management may be enabled through a distributed application on user devices of the organization. The application may generate and/or store information related to the user identities on the user devices. Serverless identity management may further include storing at least some of the information at a location that is easily accessible to the user devices, such as a cloud computing location, while maintaining security for private data. Serverless identity management may therefore provide an organization with greater operational flexibility.

公开(公告)号：US20230016036A1

公开(公告)日：2023-01-19

申请号：US17377937

申请日：2021-07-16

Applicant: Cisco Technology, Inc.

Inventor： Owen Friel ,  Richard Lee Barnes

IPC: G06F21/62 ,  H04L9/08 ,  H04L29/06

Abstract: This disclosure describes techniques for allowing an organization to manage user identities. In some examples, the management of user identities may be serverless. In some examples, serverless identity management may be enabled through a distributed application on user devices of the organization. The application may generate and/or store information related to the user identities on the user devices. Serverless identity management may further include storing at least some of the information at a location that is easily accessible to the user devices, such as a cloud computing location, while maintaining security for private data. Serverless identity management may therefore provide an organization with greater operational flexibility.

公开(公告)号：US11374981B2

公开(公告)日：2022-06-28

申请号：US16746323

申请日：2020-01-17

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Owen Friel

IPC: H04L9/40 ,  G06F8/61 ,  G06F21/57

Abstract: This disclosure describes techniques for providing manufacturer usage description (MUD) solution to automatically update network access policy for client application software. The method may include embedding metadata in the application binary. The metadata may include MUD uniform resource identifiers (URIs) that may point to MUD files describing the application's network access requirements. The MUD files may be hosted by application vendor's MUD servers. The system may include a network policy server that is able discover the MUD URIs. The MUD URIs may be discovered based on extracting the MUD URIs from the metadata and/or being provision with the set of MUD URIs for trusted applications. The method may include enterprise wide policy and individual host policy for implementation of the MUD files.