公开(公告)号：US20230208880A1

公开(公告)日：2023-06-29

申请号：US17560599

申请日：2021-12-23

Applicant: Cisco Technology, Inc.

Inventor： Jeffrey G. Schutt ,  Max Pritikin

IPC: H04L9/40 ,  G06F8/65 ,  G06N20/00

CPC classification number: H04L63/20 ,  G06F8/65 ,  G06N20/00

Abstract: A method, computer system, and computer program product are provided for automatically analyzing software packages to identify the degree of differences between compared software packages and to apply security policies. A first software bill of materials for a software package is processed to extract a plurality of components of the software package, wherein the first software bill of materials indicates a first hierarchy of components based on relationships between components. The first hierarchy is compared to a second hierarchy, the second hierarchy corresponding to a second software bill of materials, to determine a degree of difference between the first hierarchy and the second hierarchy. The degree of difference is compared to one or more threshold values. A security policy is applied with respect to the software package according to a comparison of the degree of difference to the one or more threshold values.

公开(公告)号：US09264422B2

公开(公告)日：2016-02-16

申请号：US14248065

申请日：2014-04-08

Applicant: Cisco Technology, Inc.

Inventor： Plamen Nedeltchev ,  Robert T. Bell ,  Max Pritikin

IPC: G06F7/04 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0823 ,  H04L63/0876 ,  H04L63/0892 ,  H04L67/303

Abstract: In one embodiment, a Manufacturer Installed Certificate (MIC) and a personal identification number are sent to a call controller to request a configuration profile. When the configuration file is received, the IP phone is provisioned according to the configuration profile.

Abstract translation: 在一个实施例中，将制造商安装证书（MIC）和个人识别号码发送到呼叫控制器以请求配置简档。 当接收到配置文件时，会根据配置配置文件配置IP电话。

公开(公告)号：US20170353435A1

公开(公告)日：2017-12-07

申请号：US15174350

申请日：2016-06-06

Applicant: Cisco Technology, Inc.

Inventor： Max Pritikin ,  Rafael Mantilla Montalvo ,  Chris Allen Shenefiel

IPC: H04L29/06 ,  H04W4/02

CPC classification number: H04L63/0428 ,  G06F21/44 ,  G06F21/57 ,  G06F2221/2111 ,  G06Q30/018 ,  H04L9/0872 ,  H04L9/3263 ,  H04L63/0823 ,  H04L63/126 ,  H04W4/029

Abstract: A root-of-trust of geolocation is provided for an apparatus that includes a trust anchor module with a cryptographic processor and a secure memory. The apparatus further includes a main processor coupled to the trust anchor module and configured to receive a digital geolocation certificate, the geolocation certificate including information identifying the apparatus, information regarding a physical location of the apparatus, information identifying an authorized entity that has verified the physical location of the apparatus, and a digital signature of the authorized entity. The main processor is further configured to cause the trust anchor module to store the digital geolocation certificate in the secure memory such that the digital geolocation certificate is cryptographically bound to the apparatus. The trust anchor module may also include, or otherwise communicate over a secure channel with, a movement sensor associated with the apparatus.

公开(公告)号：US20200120502A1

公开(公告)日：2020-04-16

申请号：US16281864

申请日：2019-02-21

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Owen Friel ,  Max Pritikin

IPC: H04W12/06 ,  H04W12/08 ,  H04W76/11 ,  H04W12/04 ,  H04W48/18 ,  H04W60/00

Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.

公开(公告)号：US20190149538A1

公开(公告)日：2019-05-16

申请号：US15946003

申请日：2018-04-05

Applicant: Cisco Technology, Inc.

Inventor： Owen Brendan Friel ,  Max Pritikin ,  Cullen Jennings ,  Richard Lee Barnes, II

IPC: H04L29/06

Abstract: A method includes establishing an application layer transport layer security (ATLS) connection between a network device and a cloud server by sending, from the network device, TLS records in transport protocol (e.g., HTTP) message bodies to the cloud server, the ATLS connection transiting at least one transport layer security (TLS) proxy device, receiving, from the cloud server via the ATLS connection, an identifier for a certificate authority, establishing a connection with the certificate authority associated with the identifier and, in turn, receiving from the certificate authority credentials to access an application service different from the cloud server and the certificate authority, and connecting to the application service using the credentials received from the certificate authority.

公开(公告)号：US20150381375A1

公开(公告)日：2015-12-31

申请号：US14816206

申请日：2015-08-03

Applicant: Cisco Technology, Inc.

Inventor： Max Pritikin

IPC: H04L9/32 ,  H04L9/00

CPC classification number: H04L9/3268 ,  H04L9/006 ,  H04L9/3263 ,  H04L63/0823

Abstract: In one implementation, a public key infrastructure utilizes a two stage revocation process for a set of data. One stage authenticates or revokes the set of data based on the status of the digital signature and another stage authenticates or revokes the set of data based on the status of an individual signature by the digital certificate. For example, a digital certificate based is assigned a certificate number. A serial number is assigned for a signature for the set of data as signed by the digital certificate. A data transmission, data packet, or install package includes the set of data, the certificate number and the serial number. Therefore, individual instances of the signature may be revoked according to serial number.

Abstract translation: 在一个实现中，公共密钥基础设施利用一组数据的两阶段撤销过程。 一个阶段基于数字签名的状态来认证或撤销该组数据，另一个阶段基于数字证书的个人签名的状态来认证或撤销该组数据。 例如，基于数字证书的证书号码被分配。 为数字证书签署的数据集分配一个序列号。 数据传输，数据包或安装包包括一组数据，证书号和序列号。 因此，签名的个别实例可以根据序列号被撤销。

公开(公告)号：US20140351581A1

公开(公告)日：2014-11-27

申请号：US13898936

申请日：2013-05-21

Applicant: Cisco Technology, Inc.

Inventor： Max Pritikin

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L9/006 ,  H04L9/3263 ,  H04L63/0823

Abstract: In one implementation, a public key infrastructure utilizes a two stage revocation process for a set of data. One stage authenticates or revokes the set of data based on the status of the digital signature and another stage authenticates or revokes the set of data based on the status of an individual signature by the digital certificate. For example, a digital certificate based is assigned a certificate number. A serial number is assigned for a signature for the set of data as signed by the digital certificate. A data transmission, data packet, or install package includes the set of data, the certificate number and the serial number. Therefore, individual instances of the signature may be revoked according to serial number.

Abstract translation: 在一个实现中，公共密钥基础设施利用一组数据的两阶段撤销过程。 一个阶段基于数字签名的状态来认证或撤销该组数据，另一个阶段基于数字证书的个人签名的状态来认证或撤销该组数据。 例如，基于数字证书的证书号码被分配。 为数字证书签署的数据集分配一个序列号。 数据传输，数据包或安装包包括一组数据，证书号和序列号。 因此，签名的个别实例可以根据序列号被撤销。

公开(公告)号：US10791462B2

公开(公告)日：2020-09-29

申请号：US16281864

申请日：2019-02-21

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Owen Friel ,  Max Pritikin

IPC: H04W12/06 ,  H04W12/08 ,  H04W60/00 ,  H04W12/04 ,  H04W48/18 ,  H04W76/11

Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.

公开(公告)号：US10785809B1

公开(公告)日：2020-09-22

申请号：US15383442

申请日：2016-12-19

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Max Pritikin ,  Eliot Lear ,  Toerless Eckert ,  Nancy Cam-Winget ,  Brian E. Weis

IPC: H04W76/10 ,  H04W40/24 ,  H04L29/08

Abstract: In one embodiment, a device in a network receives node information regarding a plurality of nodes that are to join the network. The device determines network formation parameters based on the received node information. The network formation parameters are indicative of a network join schedule and join location for a particular node from the plurality of nodes. The device generates, according to the network join schedule, a join invitation for the particular node based on the network formation parameters. The join invitation allows the particular node to attempt joining the network at the join location via a specified access point. The device causes the sending of one or more beacons via the network that include the join invitation to the particular node. The particular node attempts to join the network via the specified access point based on the one or more beacons.

公开(公告)号：US10601787B2

公开(公告)日：2020-03-24

申请号：US15174350

申请日：2016-06-06

Applicant: Cisco Technology, Inc.

Inventor： Max Pritikin ,  Rafael Mantilla Montalvo ,  Chris Allen Shenefiel

IPC: H04L29/06 ,  H04W4/029 ,  H04L9/32 ,  G06F21/57 ,  G06F21/44 ,  H04L9/08 ,  G06Q30/00

Abstract: A root-of-trust of geolocation is provided for an apparatus that includes a trust anchor module with a cryptographic processor and a secure memory. The apparatus further includes a main processor coupled to the trust anchor module and configured to receive a digital geolocation certificate, the geolocation certificate including information identifying the apparatus, information regarding a physical location of the apparatus, information identifying an authorized entity that has verified the physical location of the apparatus, and a digital signature of the authorized entity. The main processor is further configured to cause the trust anchor module to store the digital geolocation certificate in the secure memory such that the digital geolocation certificate is cryptographically bound to the apparatus. The trust anchor module may also include, or otherwise communicate over a secure channel with, a movement sensor associated with the apparatus.