公开(公告)号：US10833929B2

公开(公告)日：2020-11-10

申请号：US16234379

申请日：2018-12-27

Applicant: Juniper Networks, Inc.

Inventor： Kent A. Watsen ,  Guy Fedorkow

IPC: G06F15/17 ,  H04L12/24 ,  H04L9/30 ,  H04L29/12 ,  H04L29/08

Abstract: Techniques are disclosed for performing secure remote bootstrapping operations of a network device such that sensitive configuration resides in volatile memory or is inaccessible upon power loss. In one example, a network device performs a first request for onboarding information. In response to determining that a first initialization of the network device has not occurred, the network device performs the first initialization by configuring, with the onboarding information, the network device to mount a portion of a file system to a volatile memory and not a non-volatile memory. After rebooting, the network device performs a second request for the onboarding information. In response to determining that the first initialization of the network device has occurred, the network device performs a bootstrapping operation of the network device. The bootstrapping operation may configure the network device for remote management such that any subsequent configuration obtained remotely is not retained on power loss.

公开(公告)号：US20200213191A1

公开(公告)日：2020-07-02

申请号：US16234379

申请日：2018-12-27

Applicant: Juniper Networks, Inc.

Inventor： Kent A. Watsen ,  Guy Fedorkow

IPC: H04L12/24 ,  H04L29/08 ,  H04L29/12 ,  H04L9/30

Abstract: Techniques are disclosed for performing secure remote bootstrapping operations of a network device such that sensitive configuration resides in volatile memory or is inaccessible upon power loss. In one example, a network device performs a first request for onboarding information. In response to determining that a first initialization of the network device has not occurred, the network device performs the first initialization by configuring, with the onboarding information, the network device to mount a portion of a file system to a volatile memory and not a non-volatile memory. After rebooting, the network device performs a second request for the onboarding information. In response to determining that the first initialization of the network device has occurred, the network device performs a bootstrapping operation of the network device. The bootstrapping operation may configure the network device for remote management such that any subsequent configuration obtained remotely is not retained on power loss.

公开(公告)号：US09923725B2

公开(公告)日：2018-03-20

申请号：US15193850

申请日：2016-06-27

Applicant: Juniper Networks, Inc.

Inventor： Kent A. Watsen

IPC: H04L29/06 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L9/3265 ,  H04L9/0861 ,  H04L41/28 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/0823 ,  H04L65/1069 ,  H04L67/42 ,  H04L69/16

Abstract: A network device initiates a transmission control protocol (TCP) connection to establish a TCP session with a management device, and performs, via the TCP session, a secure protocol client/server role reversal for the management device. The network device receives, from the management device, initiation of a secure connection over the TCP session in accordance with a secure protocol, and provides, to the management device, a trusted certificate with an embedded host key that is dynamically generated using a cryptographic processor of the network device, based on the initiation of the secure connection. The network device also establishes the secure connection with the management device based on an authentication of the host key by the management device via the trusted certificate.

公开(公告)号：US10558469B2

公开(公告)日：2020-02-11

申请号：US15439249

申请日：2017-02-22

Applicant: Juniper Networks, Inc.

Inventor： Kent A. Watsen

IPC: H04L29/06 ,  G06F9/445 ,  H04L9/32 ,  H04L12/24

Abstract: A device may receive a digital voucher, a customer certificate, and configuration information for automatically configuring the device. The digital voucher may include a first customer identifier that identifies a customer associated with the device and a device identifier that identifies the device. The customer certificate may include a second customer identifier that identifies the customer and a customer public key associated with the customer. The configuration information may include information that identifies a configuration for automatically configuring the device. The device may validate at least one of the digital voucher, the customer certificate, or the configuration information. The device may configure the device, using the configuration, based on validating at least one of the digital voucher, the customer certificate, or the configuration information.

公开(公告)号：US10027535B1

公开(公告)日：2018-07-17

申请号：US14040593

申请日：2013-09-27

Applicant: Juniper Networks, Inc.

Inventor： Kent A. Watsen

IPC: H04L12/24 ,  G06F9/455 ,  G06F9/445

Abstract: A computer-implemented method for managing device configurations at various levels of abstraction may include (1) receiving a request to transform configuration details of at least one computing device into configuration details for an abstraction of the computing device, (2) using at least one compiler to transform the configuration details of the computing device into configuration details of the abstraction, and (3) returning the configuration details of the abstraction. Various other methods, systems, and computer-readable media are also disclosed.

公开(公告)号：US09600302B2

公开(公告)日：2017-03-21

申请号：US14626382

申请日：2015-02-19

Applicant: Juniper Networks, Inc.

Inventor： Kent A. Watsen

IPC: H04L29/06 ,  G06F9/445 ,  H04L9/32 ,  H04L12/24

CPC classification number: G06F9/44505 ,  H04L9/3247 ,  H04L9/3268 ,  H04L41/0803 ,  H04L41/0886 ,  H04L63/0823 ,  H04L63/12 ,  H04L63/123 ,  H04L63/126

Abstract: A device may receive a digital voucher, a customer certificate, and configuration information for automatically configuring the device. The digital voucher may include a first customer identifier that identifies a customer associated with the device and a device identifier that identifies the device. The customer certificate may include a second customer identifier that identifies the customer and a customer public key associated with the customer. The configuration information may include information that identifies a configuration for automatically configuring the device. The device may validate at least one of the digital voucher, the customer certificate, or the configuration information. The device may configure the device, using the configuration, based on validating at least one of the digital voucher, the customer certificate, or the configuration information.

公开(公告)号：US09380051B2

公开(公告)日：2016-06-28

申请号：US14502269

申请日：2014-09-30

Applicant: Juniper Networks, Inc.

Inventor： Kent A. Watsen

IPC: H04L29/06 ,  H04L12/24

CPC classification number: H04L9/3265 ,  H04L9/0861 ,  H04L41/28 ,  H04L63/029 ,  H04L63/0428 ,  H04L63/08 ,  H04L63/0823 ,  H04L65/1069 ,  H04L67/42 ,  H04L69/16

Abstract: A network device initiates a transmission control protocol (TCP) connection to establish a TCP session with a management device, and performs, via the TCP session, a secure protocol client/server role reversal for the management device. The network device receives, from the management device, initiation of a secure connection over the TCP session in accordance with a secure protocol, and provides, to the management device, a trusted certificate with an embedded host key that is dynamically generated using a cryptographic processor of the network device, based on the initiation of the secure connection. The network device also establishes the secure connection with the management device based on an authentication of the host key by the management device via the trusted certificate.

Abstract translation: 网络设备启动传输控制协议（TCP）连接以建立与管理设备的TCP会话，并且经由TCP会话执行用于管理设备的安全协议客户机/服务器角色反转。 网络设备从管理设备接收根据安全协议通过TCP会话启动安全连接，并且向管理设备提供具有使用密码处理器动态生成的嵌入式主机密钥的可信证书 基于安全连接的启动。 网络设备还通过管理设备经由可信证书，基于对主机密钥的认证来建立与管理设备的安全连接。