公开(公告)号：US10547447B2

公开(公告)日：2020-01-28

申请号：US15694883

申请日：2017-09-04

Applicant: Cisco Technology, Inc.

Inventor： Benyamin Hirschberg ,  Yaron Sella ,  Gilad Taub

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/06

Abstract: In one embodiment, a first apparatus includes a processor and an interface, wherein the interface is operative to receive a request from a second apparatus to commence a keyed-hash message authentication code (HMAC) computation, the processor is operative to perform a first computation computing a first part of the HMAC computation using a secret key K as input yielding a first value, the interface is operative to send the first value to the second apparatus, the interface is operative to receive a second value from the second apparatus, the second value resulting from the second apparatus processing the first value with at least part of a message M, the processor is operative to perform a second computation based on the second value and the secret key K yielding an HMAC value, and the interface is operative to send the HMAC value to the second apparatus.

公开(公告)号：US09971800B2

公开(公告)日：2018-05-15

申请号：US15096297

申请日：2016-04-12

Applicant: Cisco Technology, Inc.

Inventor： Yaron Sella ,  Michal Devir ,  Harel Cain

IPC: G06F17/30 ,  H04N19/467 ,  H03M7/30 ,  H03M7/40

CPC classification number: G06F17/30336 ,  H03M7/30 ,  H03M7/3091 ,  H03M7/3093 ,  H03M7/4093 ,  H04N19/467

Abstract: In one embodiment a system, apparatus, and method for optimizing index value lengths when indexing data items in an array of data items is described, the method including producing, at a first processor, an ordered series of index values, sending the ordered series of index values to an indexing processor, receiving, at the indexing processor, a data object including the array of data items, associating, at the indexing processor, a first part of one of the index values with a first one data item of the array of data items, associating, at the indexing processor, a second part of the one of the index values with a next one data item of the array of data items, repeating the steps of associating a first part of one of the index values and associating a second part of the one of the index values until all of the data items in the array of data items are indexed.

公开(公告)号：US20180069879A1

公开(公告)日：2018-03-08

申请号：US15256651

申请日：2016-09-05

Applicant: Cisco Technology, Inc.

Inventor： Steve EPSTEIN ,  Avi Fruchter ,  Moshe Kravchik ,  Yaron Sella ,  Itay Harush

IPC: H04L29/06 ,  H04W4/12 ,  G06N99/00

CPC classification number: H04L63/1425 ,  G06N99/005 ,  H04L12/2818 ,  H04L12/2825 ,  H04L12/2834 ,  H04L63/0861 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/20 ,  H04L2463/082 ,  H04W4/12

Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

公开(公告)号：US11580227B2

公开(公告)日：2023-02-14

申请号：US17392869

申请日：2021-08-03

Applicant: Cisco Technology, Inc.

Inventor： Yaron Sella ,  Kevin Holcomb

IPC: G06F21/57 ,  H04L9/06 ,  G06K9/62

Abstract: The secure chain of trust steps to boot-up a computing device are split between the shutdown procedure of the computing device and the boot-up procedure of the computing device to reduce the time required for the computing device to boot-up. The main image associated with a central processing unit of the computing device is validated during the shutdown procedure of the computing device such that the operating system for the central processing unit is available when the computing device receives an action to power on. The boot-up time for the computing device is reduced, which allows the computing device to boot-up within an established time frame.

公开(公告)号：US11113403B2

公开(公告)日：2021-09-07

申请号：US16379532

申请日：2019-04-09

Applicant: Cisco Technology, Inc.

Inventor： Yaron Sella ,  Kevin Holcomb

IPC: G06F17/00 ,  G06F21/57 ,  H04L9/06 ,  G06K9/62 ,  H04L29/06

Abstract: The secure chain of trust steps to boot-up a computing device are split between the shutdown procedure of the computing device and the boot-up procedure of the computing device to reduce the time required for the computing device to boot-up. The main image associated with a central processing unit of the computing device is validated during the shutdown procedure of the computing device such that the operating system for the central processing unit is available when the computing device receives an action to power on. The boot-up time for the computing device is reduced, which allows the computing device to boot-up within an established time frame.

公开(公告)号：US09788033B1

公开(公告)日：2017-10-10

申请号：US15196068

申请日：2016-06-29

Applicant: Cisco Technology, Inc.

Inventor： Harel Cain ,  Michal Devir ,  Yaron Sella

IPC: H04N7/16 ,  H04N21/2543 ,  H04N21/845 ,  H04N21/426 ,  H04N21/254 ,  H04N21/4627 ,  H04N21/81

CPC classification number: H04N21/2543 ,  G06Q30/0208 ,  G06Q30/0241 ,  H04N7/16 ,  H04N21/2541 ,  H04N21/26606 ,  H04N21/4181 ,  H04N21/42623 ,  H04N21/4623 ,  H04N21/4627 ,  H04N21/4784 ,  H04N21/812 ,  H04N21/845

Abstract: In one embodiment, a consumer device is assigned, at a broadcast headend to one of at least two groups of consumer devices, the two groups including a first group of consumer devices which is required to play content of a second type in order to view content of a first type and a second group of consumer devices which is not required to play content of the second type in order to view content of the first type. A video broadcast stream is sent from the broadcast headend to the consumer device, the video broadcast stream comprising content of the first type sent associated with a first packet ID (PID) and content of the second type sent associated with a second PID, wherein the first PID and the second PID are processed at the consumer device at the same time. An entitlement management message (EMM) is sent from the broadcast headend to the consumer device according to its group of consumer devices, the EMM being of one of a first type of EMM for devices of the first device type and a second type of EMM for devices of the second device type. An entitlement control message (ECM) stream is sent from the broadcast headend to the consumer device, the ECM stream including comprising three types of ECMs: ECM_P_i_start which enables the consumer device to produce a control word which decrypts a first portion of the content of the first type; ECM_A_(i−1) which enables the consumer device to produce a control word which decrypts content of the second type; and ECM_P_i_rest which enables the consumer device to produce a control word which decrypts a second portion of the content of the first type. Related hardware, systems and methods are also described.

公开(公告)号：US20170251283A1

公开(公告)日：2017-08-31

申请号：US15052906

申请日：2016-02-25

Applicant: Cisco Technology, Inc.

Inventor： Harel CAIN ,  Michal Devir ,  Yaron Sella ,  Ben Walton

IPC: H04N21/845 ,  H04N19/70 ,  H04N19/593 ,  H04N19/174 ,  H04N21/4405 ,  H04N19/13 ,  H04N19/169 ,  H04N19/176 ,  H04N19/46 ,  H04N21/8358

CPC classification number: H04N21/8451 ,  H04N19/13 ,  H04N19/174 ,  H04N19/176 ,  H04N19/188 ,  H04N19/46 ,  H04N19/467 ,  H04N19/593 ,  H04N19/70 ,  H04N21/23614 ,  H04N21/23892 ,  H04N21/4316 ,  H04N21/435 ,  H04N21/44 ,  H04N21/4405 ,  H04N21/8358

Abstract: In one embodiment, a video stream is received, and a spatially distinct region of a frame in the received video stream to be modified is identified, the spatially distinct region of the frame being encoded separately from any other region in the frame. A segment of the spatially distinct region of the frame to be modified is extracted. The extracted segment of the spatially distinct region is modified. The extracted segment of the spatially distinct region into a single-segment spatially distinct region is encoded. A network abstraction layer (NAL) header is associated with the encoded single-segment spatially distinct region. The encoded single-segment spatially distinct region and its associated NAL header is inserted into the received video stream following the identified spatially distinct region of the frame to be modified. Related methods, systems and apparatus are also described.

公开(公告)号：US09208352B2

公开(公告)日：2015-12-08

申请号：US14176400

申请日：2014-02-10

Applicant: Cisco Technology Inc.

Inventor： Yaron Sella ,  Harel Cain ,  Michal Devir

IPC: G06F21/62 ,  G06F21/64

CPC classification number: G06F21/64 ,  G06F21/10 ,  G06F21/6209 ,  G06T1/005 ,  G06T2201/0063 ,  G09C5/00 ,  H04L9/3226 ,  H04L9/3236

Abstract: In one embodiment, a system including a processor is operative to receive a content item including a watermark encoding a series of data values of an output stream of a linear feedback shift register initialized with a seed including an information element and an assurance value, the shift register having a plurality of states each including a first and second value, identify at least part of the watermark in the content item, extract at least some of the data values from the at least part of the identified watermark, process at least some of the extracted data values yielding the initial state of shift register, and authenticate the first value of the initial state using the second value of the initial state in order to confirm that the first value is indeed the information element included in the seed processed by the shift register.

Abstract translation: 在一个实施例中，包括处理器的系统可操作以接收内容项目，该内容项目包括编码由包括信息元素和保证值的种子初始化的线性反馈移位寄存器的输出流的一系列数据值的水印， 具有多个状态的寄存器，每个状态包括第一和第二值，识别内容项中的水印的至少一部分，从所识别的水印的至少一部分中提取至少一些数据值，处理至少一些 提取的数据值产生移位寄存器的初始状态，并且使用初始状态的第二值来认证初始状态的第一值，以便确认第一值确实是包括在由移位寄存器处理的种子中的信息元素 。

公开(公告)号：US20140143552A1

公开(公告)日：2014-05-22

申请号：US14082842

申请日：2013-11-18

Applicant: Cisco Technology Inc.

Inventor： David Wachtfogel ,  Yaron Sella

IPC: G06F21/60

CPC classification number: G06F21/10 ,  G06F2221/0797

Abstract: A system and method for device security is described, the system and method including at least one integrated circuit including a CPU, a key register storing a hardware enabling key, the key including a large number of bits, such that each bit of the large number of bits has a correct value, and if any one bit of the large number of bits is set to an incorrect value the key will not function correctly a combination circuit for performing a function, f, the function f being essential for correct functionality of the CPU, such that the combination circuit is activated by the key, the combination circuit only performing function f if each of the large number of bits of the key is set to the correct value, and there exists no set of intermediate or output bits derived from the large number of bits of the key, which determine if the combination circuit performs function f, the set intermediate or output bits including fewer bits than are included in the key. Related apparatus, methods, and systems are also described.

Abstract translation: 描述了一种用于设备安全性的系统和方法，所述系统和方法包括至少一个集成电路，包括CPU，存储硬件使能密钥的密钥寄存器，包括大量位的密钥，使得大数量的每个位 的位具有正确的值，并且如果大量位的任何一位被设置为不正确的值，则该键将不能正常地用于执行功能的组合电路f，功能f对于正确的功能是必要的 CPU，使得组合电路由键激活，组合电路仅在键的大量位中的每一个被设置为正确的值时才执行功能f，并且不存在来自 键的大量位，其确定组合电路是否执行功能f，所设置的中间或输出位包括比包括在键中的位数少。 还描述了相关装置，方法和系统。

公开(公告)号：US11777785B2

公开(公告)日：2023-10-03

申请号：US15876162

申请日：2018-01-21

Applicant: Cisco Technology, Inc.

Inventor： Subhasri Dhesikan ,  Raghuram S. Sudhaakar ,  Kevin Holcomb ,  Yaron Sella

IPC: H04L41/0604 ,  H04L41/0681 ,  H04W4/44 ,  H04L41/0686 ,  H04L47/215 ,  H04L41/069 ,  H04L12/28 ,  H04L12/40

CPC classification number: H04L41/0604 ,  H04L12/2825 ,  H04L41/069 ,  H04L41/0681 ,  H04L41/0686 ,  H04L47/215 ,  H04W4/44 ,  H04L2012/40215 ,  H04L2012/40273

Abstract: In one embodiment, methods, systems, and apparatus are described in which data to be used by a processor is stored in a memory. Network communications with a data center are enabled via a network interface. The processor maintains a reporting policy for reporting anomalous events to the data center, the reporting policy having at least one rule for determining a reporting action to be taken by the processor in response to an anomalous event. The processor further monitors the IoT device for a report of an occurrence of the anomalous event. The processor performs the reporting action according to the at least one rule, in response to the report of the occurrence of the anomalous event. An episodic update to the reporting policy from the data center may be received at the processor, which modifies the reporting policy in accordance with the update. Related methods, systems, and apparatus are also described.