-
11.发明授权公开(公告)号:US09774452B2
公开(公告)日:2017-09-26
申请号:US14722444
申请日:2015-05-27
Applicant: CISCO TECHNOLOGY, INC.
CPC classification number: H04L9/3213 , H04L9/3247 , H04L41/0809 , H04L63/061 , H04L63/08 , H04L63/0823 , H04L63/0876 , H04L63/20
Abstract: A method in an example embodiment includes creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; and receiving an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment. The method may also include applying a policy to the device based on the audit history report; generating a completed information package, wherein the completed information package includes an authorization token; applying a second signature to the completed information package; and sending the authorization token and the completed information package to the device, the device validating the second signature on the completed information package.
-
公开(公告)号:US12107896B2
公开(公告)日:2024-10-01
申请号:US17560599
申请日:2021-12-23
Applicant: Cisco Technology, Inc.
Inventor: Jeffrey G. Schutt , Max Pritikin
CPC classification number: H04L63/20 , G06F8/65 , G06F21/563 , G06F21/566 , G06F21/577 , G06N3/09 , G06N20/00 , G06F8/71 , G06F21/51
Abstract: A method, computer system, and computer program product are provided for automatically analyzing software packages to identify the degree of differences between compared software packages and to apply security policies. A first software bill of materials for a software package is processed to extract a plurality of components of the software package, wherein the first software bill of materials indicates a first hierarchy of components based on relationships between components. The first hierarchy is compared to a second hierarchy, the second hierarchy corresponding to a second software bill of materials, to determine a degree of difference between the first hierarchy and the second hierarchy. The degree of difference is compared to one or more threshold values. A security policy is applied with respect to the software package according to a comparison of the degree of difference to the one or more threshold values.
-
公开(公告)号:US11601808B2
公开(公告)日:2023-03-07
申请号:US17008330
申请日:2020-08-31
Applicant: Cisco Technology, Inc.
Inventor: Eliot Lear , Owen Friel , Max Pritikin
Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.
-
公开(公告)号:US11025608B2
公开(公告)日:2021-06-01
申请号:US15946003
申请日:2018-04-05
Applicant: Cisco Technology, Inc.
Inventor: Owen Brendan Friel , Max Pritikin , Cullen Jennings , Richard Lee Barnes, II
IPC: H04L29/06 , H04W12/069 , H04W12/0431 , H04W4/50 , H04L12/24
Abstract: A method includes establishing an application layer transport layer security (ATLS) connection between a network device and a cloud server by sending, from the network device, TLS records in transport protocol (e.g., HTTP) message bodies to the cloud server, the ATLS connection transiting at least one transport layer security (TLS) proxy device, receiving, from the cloud server via the ATLS connection, an identifier for a certificate authority, establishing a connection with the certificate authority associated with the identifier and, in turn, receiving from the certificate authority credentials to access an application service different from the cloud server and the certificate authority, and connecting to the application service using the credentials received from the certificate authority.
-
Patent Agency Ranking
公开(公告)号:US09906373B2
公开(公告)日:2018-02-27
申请号:US14816206
申请日:2015-08-03
Applicant: Cisco Technology, Inc.
Inventor: Max Pritikin
CPC classification number: H04L9/3268 , H04L9/006 , H04L9/3263 , H04L63/0823
Abstract: In one implementation, a public key infrastructure utilizes a two stage revocation process for a set of data. One stage authenticates or revokes the set of data based on the status of the digital signature and another stage authenticates or revokes the set of data based on the status of an individual signature by the digital certificate. For example, a digital certificate based is assigned a certificate number. A serial number is assigned for a signature for the set of data as signed by the digital certificate. A data transmission, data packet, or install package includes the set of data, the certificate number and the serial number. Therefore, individual instances of the signature may be revoked according to serial number.
-
公开(公告)号:US09298923B2
公开(公告)日:2016-03-29
申请号:US14017896
申请日:2013-09-04
Applicant: Cisco Technology, Inc.
Inventor: Joseph Salowey , Max Pritikin
CPC classification number: G06F21/57 , G06F21/12 , H04L9/3268
Abstract: In one implementation, software components include an identity of a revocation authority. Prior to loading of the software in a given platform, the revocation authority is checked for any revocation messages. The revocation authority creates software component specific messages for any software components to be revoked, rather than using certificate revocation or individual licenses. The messages include mitigation information, such as instructions for automatically configuring already installed software without requiring an update or change in code.
Abstract translation: 在一个实现中,软件组件包括撤销授权的身份。 在给定平台上加载软件之前,检查撤销权限是否有任何撤销消息。 撤销权限为要撤销的任何软件组件创建软件组件特定消息,而不是使用证书吊销或单个许可证。 消息包括缓解信息,例如用于自动配置已安装软件的指令,而不需要更新或更改代码。
-
17.发明申请SYSTEM AND METHOD FOR ENABLING UNCONFIGURED DEVICES TO JOIN AN AUTONOMIC NETWORK IN A SECURE MANNER 审中-公开用于启用不受控制的设备在安全管理器中加入自动网络的系统和方法公开(公告)号:US20150280916A1
公开(公告)日:2015-10-01
申请号:US14722444
申请日:2015-05-27
Applicant: CISCO TECHNOLOGY, INC.
CPC classification number: H04L9/3213 , H04L9/3247 , H04L41/0809 , H04L63/061 , H04L63/08 , H04L63/0823 , H04L63/0876 , H04L63/20
Abstract: A method in an example embodiment includes creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; and receiving an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment. The method may also include applying a policy to the device based on the audit history report; generating a completed information package, wherein the completed information package includes an authorization token; applying a second signature to the completed information package; and sending the authorization token and the completed information package to the device, the device validating the second signature on the completed information package.
Abstract translation: 示例实施例中的方法包括为尝试加入网络环境的网络域的设备创建初始信息包; 将初始信息包传送给签字机构; 向所述设备发送由所述签名机构生成的授权令牌,其中所述设备基于所述设备中的凭证来验证所述授权令牌; 以及接收所述设备的审计历史报告,其中所述审计历史报告包括关于所述设备加入所述网络环境的先前尝试的信息。 该方法还可以包括基于审计历史报告向设备应用策略; 生成完成的信息包,其中完成的信息包包括授权令牌; 对完成的信息包应用第二签名; 并将所述授权令牌和完成的信息包发送到所述设备,所述设备在完成的信息包上验证所述第二签名。
-
公开(公告)号:US09118486B2
公开(公告)日:2015-08-25
申请号:US13898936
申请日:2013-05-21
Applicant: Cisco Technology, Inc.
Inventor: Max Pritikin
CPC classification number: H04L9/3268 , H04L9/006 , H04L9/3263 , H04L63/0823
Abstract: In one implementation, a public key infrastructure utilizes a two stage revocation process for a set of data. One stage authenticates or revokes the set of data based on the status of the digital signature and another stage authenticates or revokes the set of data based on the status of an individual signature by the digital certificate. For example, a digital certificate based is assigned a certificate number. A serial number is assigned for a signature for the set of data as signed by the digital certificate. A data transmission, data packet, or install package includes the set of data, the certificate number and the serial number. Therefore, individual instances of the signature may be revoked according to serial number.
Abstract translation: 在一个实现中,公共密钥基础设施利用一组数据的两阶段撤销过程。 一个阶段基于数字签名的状态来认证或撤销该组数据,另一个阶段基于数字证书的个人签名的状态来认证或撤销该组数据。 例如,基于数字证书的证书号码被分配。 为数字证书签署的数据集分配一个序列号。 数据传输,数据包或安装包包括一组数据,证书号和序列号。 因此,签名的个别实例可以根据序列号被撤销。
-
公开(公告)号:US20140223530A1
公开(公告)日:2014-08-07
申请号:US14248065
申请日:2014-04-08
Applicant: Cisco Technology, Inc.
Inventor: Plamen Nedeltchev , Robert T. Bell , Max Pritikin
IPC: H04L29/06
CPC classification number: H04L63/0823 , H04L63/0876 , H04L63/0892 , H04L67/303
Abstract: In one embodiment, a Manufacturer Installed Certificate (MIC) and a personal identification number are sent to a call controller to request a configuration profile. When the configuration file is received, the IP phone is provisioned according to the configuration profile.
Abstract translation: 在一个实施例中,将制造商安装证书(MIC)和个人识别号码发送到呼叫控制器以请求配置简档。 当接收到配置文件时,会根据配置配置文件配置IP电话。
-
-
-
-
-
-
-
-
Search Results
19
records
(took 0.021 seconds)
