公开(公告)号：US20240388435A1

公开(公告)日：2024-11-21

申请号：US18452276

申请日：2023-08-18

Applicant: Cisco Technology, Inc.

Inventor： Eric A. Voit ,  Yesu Lu ,  Eliot Lear ,  Ashok K. Moghe

IPC: H04L9/32 ,  H04L9/30

Abstract: A computing device connected to a power source via a combined power/data connection obtains an authentication request from the power source. The authentication request includes a freshness mechanism provided by the power source. The computing device signs an authentication response with a private key associated with a verified identity stored on the computing device. The authentication response includes the freshness mechanism. The computing device provides the authentication response to the power source, and receives power from the power source.

公开(公告)号：US11902277B2

公开(公告)日：2024-02-13

申请号：US17235284

申请日：2021-04-20

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Christopher S. Steck ,  Brian Weis

IPC: H04L9/40 ,  H04L9/32

CPC classification number: H04L63/10 ,  H04L9/3263 ,  H04L63/20 ,  H04L63/101

Abstract: Techniques for providing secure modification of manufacturer usage description (MUD) files based on device applications are provided. In one embodiment, a method for secure modification of MUD files may include obtaining a request for one or more applications from a device. The method also includes providing to the device the one or more applications and a certification that includes an updated MUD identifier determined based on the one or more applications requested. The updated MUD identifier is associated with a concatenated MUD file that comprises individual MUD file portions for each of the one or more applications requested. The device is configured to request an updated device identifier using the certification. The updated device identifier includes the updated MUD identifier that is associated with the concatenated MUD file.

公开(公告)号：US11374981B2

公开(公告)日：2022-06-28

申请号：US16746323

申请日：2020-01-17

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Owen Friel

IPC: H04L9/40 ,  G06F8/61 ,  G06F21/57

Abstract: This disclosure describes techniques for providing manufacturer usage description (MUD) solution to automatically update network access policy for client application software. The method may include embedding metadata in the application binary. The metadata may include MUD uniform resource identifiers (URIs) that may point to MUD files describing the application's network access requirements. The MUD files may be hosted by application vendor's MUD servers. The system may include a network policy server that is able discover the MUD URIs. The MUD URIs may be discovered based on extracting the MUD URIs from the metadata and/or being provision with the set of MUD URIs for trusted applications. The method may include enterprise wide policy and individual host policy for implementation of the MUD files.

公开(公告)号：US20200287784A1

公开(公告)日：2020-09-10

申请号：US16296434

申请日：2019-03-08

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear

IPC: H04L12/24 ,  H04L29/12 ,  H04L12/18 ,  H04L29/08

Abstract: In an embodiment, a method comprises at a network device in an enterprise network, selecting one or more time servers used for establishing a timing reference according to a predetermined priority order of selection that begins with determining whether the network device is configured with information indicating one or more time servers to be used. A timing reference is established for the network device based on a selected time server.

公开(公告)号：US10791462B2

公开(公告)日：2020-09-29

申请号：US16281864

申请日：2019-02-21

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Owen Friel ,  Max Pritikin

IPC: H04W12/06 ,  H04W12/08 ,  H04W60/00 ,  H04W12/04 ,  H04W48/18 ,  H04W76/11

Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.

公开(公告)号：US10785809B1

公开(公告)日：2020-09-22

申请号：US15383442

申请日：2016-12-19

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Max Pritikin ,  Eliot Lear ,  Toerless Eckert ,  Nancy Cam-Winget ,  Brian E. Weis

IPC: H04W76/10 ,  H04W40/24 ,  H04L29/08

Abstract: In one embodiment, a device in a network receives node information regarding a plurality of nodes that are to join the network. The device determines network formation parameters based on the received node information. The network formation parameters are indicative of a network join schedule and join location for a particular node from the plurality of nodes. The device generates, according to the network join schedule, a join invitation for the particular node based on the network formation parameters. The join invitation allows the particular node to attempt joining the network at the join location via a specified access point. The device causes the sending of one or more beacons via the network that include the join invitation to the particular node. The particular node attempts to join the network via the specified access point based on the one or more beacons.

公开(公告)号：US20190319953A1

公开(公告)日：2019-10-17

申请号：US15954875

申请日：2018-04-17

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Christopher S. Steck ,  Brian Weis

IPC: H04L29/06 ,  H04L9/32

Abstract: Techniques for providing secure modification of manufacturer usage description (MUD) files based on device applications are provided. In one embodiment, a method for secure modification of MUD files may include obtaining a request for one or more applications from a device. The method also includes providing to the device the one or more applications and a certification that includes an updated MUD identifier determined based on the one or more applications requested. The updated MUD identifier is associated with a concatenated MUD file that comprises individual MUD file portions for each of the one or more applications requested. The device is configured to request an updated device identifier using the certification. The updated device identifier includes the updated MUD identifier that is associated with the concatenated MUD file.

公开(公告)号：US20190110298A1

公开(公告)日：2019-04-11

申请号：US15726961

申请日：2017-10-06

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Brian Weis ,  Richard Lee Barness, II

IPC: H04W72/04 ,  H04W48/04 ,  H04W48/16 ,  H04W88/12 ,  H04W92/10

CPC classification number: H04W72/0493 ,  H04W8/24 ,  H04W12/08 ,  H04W48/04 ,  H04W48/16 ,  H04W88/12 ,  H04W92/10

Abstract: A process for implementing temporary rules for network devices is described. In one embodiment, the process includes a controller receiving a manufacturer usage description (MUD) identifier from a first device. The controller retrieves a MUD file associated with the MUD identifier. The controller registers a device identifier associated with the first device with a delegated controller determined based on the MUD file. The delegated controller is configured to generate a dynamic policy for the first device. The controller receives a dynamic policy from the delegated controller for the first device. The dynamic policy may be configured to permit a communication session between the first device and a second device. The controller forwards the dynamic policy to an access control device in communication with the first device to enable the access control device to permit the communication session between the first device and the second device.

公开(公告)号：US10079799B2

公开(公告)日：2018-09-18

申请号：US14882522

申请日：2015-10-14

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  James Bieda

IPC: H04L29/12 ,  H04L29/06

CPC classification number: H04L61/1511 ,  H04L61/2015 ,  H04L61/6009 ,  H04L63/0236

Abstract: In one embodiment, a caching resolver receives a name server query from an end device for an Internet Protocol (IP) address for a hostname, and determines whether the hostname requested is in an access control list (ACL). In response to the hostname being in the ACL, the caching resolver examines a received response to the name server query for the hostname, wherein the received response contains a particular IP address for the hostname, and adds the particular IP address for the hostname to the ACL. In one embodiment, the ACL is local to the caching resolver, while in another embodiment, adding the particular IP address for the hostname to the ACL comprises sending a message to a remote ACL-maintaining device that maintains the ACL.

公开(公告)号：US20220210192A1

公开(公告)日：2022-06-30

申请号：US17463751

申请日：2021-09-01

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Einar Nilsen-Nygaard

IPC: H04L29/06 ,  H04L29/12

Abstract: At an authentication server, a request for at least a first dynamic host configuration protocol (DHCP) option is received from a client device, and it is determined if the authentication server implements DHCP. Based at least in part on a determination that the authentication server does not implement a DHCP, the operations further include transmitting an application program interface (API) call to a DHCP server associated with the authentication server acting as a DHCP gateway, receiving a response from the DHCP server, and transmitting the response to the client device.