公开(公告)号：US20250112921A1

公开(公告)日：2025-04-03

申请号：US18979272

申请日：2024-12-12

Applicant: Cisco Technology, Inc.

Inventor： Jabir Hamediya Mohammed ,  Reda Haddad ,  Srihari Raghavan ,  Sandesh K. Rao

IPC: H04L9/40

Abstract: Techniques and architecture are described for providing a configurable security posture for a network device using an extended ownership artifact, e.g., an ownership voucher, an ownership certificate, etc., and a security profile mechanism that scales to user needs and desires for security profiles on network devices, i.e., easily and securely customizable on thousands of nodes of a network. The configurable security posture may be achieved using the manufacturer authorized signing authority (MASA) to issue an ownership voucher with a security bit extension to support security profile additions. Using the MASA service, a user may explicitly decide on various security postures of a given network device and may apply that profile across the fixed or modular chassis of a network of network devices.

公开(公告)号：US20240333706A1

公开(公告)日：2024-10-03

申请号：US18127372

申请日：2023-03-28

Applicant: Cisco Technology, Inc.

Inventor： Jabir Hamediya Mohammed ,  Bazil Mohammed Ali ,  Reda Haddad ,  Chennakesava Reddy Gaddam ,  Nishad C M

IPC: H04L9/40

CPC classification number: H04L63/0823 ,  H04L63/102

Abstract: Techniques and architecture are described for verifying real-time ownership of network devices, e.g., routers, switches, etc. The real-time ownership of network devices is verified using the ownership voucher/ownership certificate model, which is useful for device security and protocol security. The techniques and architecture are leveraged on various bases such as, for example, routing, attestation, protocols, management protocols, etc., where a user may enforce the ownership check before making any connection of a network device or even managing the respective network device after it is securely booted.

公开(公告)号：US11985228B2

公开(公告)日：2024-05-14

申请号：US17390272

申请日：2021-07-30

Applicant: Cisco Technology, Inc.

Inventor： Frédéric René Philippe Detienne ,  Reda Haddad ,  Ryan Joseph Jaques

IPC: H04L9/08 ,  H04L9/14 ,  H04L12/46

CPC classification number: H04L9/0825 ,  H04L9/0866 ,  H04L9/14 ,  H04L12/4641

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for configuration payload separation policies. According to at least one example, a method is provided for device function. The method includes: during a boot sequence of a network device, generating a unique key for encrypting and decrypting data; identifying a secure location in the network device for storing the unique key; storing the unique key in the secure location; encrypting a configuration payload with the unique key; storing the encrypted configuration payload in an external non-volatile memory; and, in response to a request to access data within the configuration payload, decrypting the encrypted configuration payload using the unique key.

公开(公告)号：US20230394493A1

公开(公告)日：2023-12-07

申请号：US17830848

申请日：2022-06-02

Applicant: Cisco Technology, Inc.

Inventor： Sandesh K. Rao ,  Reda Haddad ,  Srihari Raghavan ,  Jabir Hamediya Mohammed

IPC: G06Q30/00

CPC classification number: G06Q30/018

Abstract: In one embodiment, methods for mediated transfer of ownership are described. The method may include receiving a request for an ownership voucher from a device, validating an identifier of the device, determining whether to issue the ownership voucher, generating a signed ownership voucher, and sending the signed ownership voucher to the device. In another embodiment, methods for unmediated transfer of ownership are described, including receiving, an ownership voucher associated with a first ownership certificate, determining whether the ownership voucher comprises a signature associated with a manufacturer, based at least in part on determining that the signature of the manufacturer is absent, determining that a second ownership certificate is stored in memory, determining that the second ownership certificate comprises a signature associated with a user, validating the ownership voucher; and based at least in part on the validating, enrolling the first ownership certificate on the network device.

公开(公告)号：US20230370454A1

公开(公告)日：2023-11-16

申请号：US17745417

申请日：2022-05-16

Applicant: Cisco Technology, Inc.

Inventor： Jabir Hamediya Mohammed ,  Reda Haddad ,  Srihari Raghavan ,  Sandesh K. Rao

IPC: H04L9/40

CPC classification number: H04L63/0876 ,  H04L63/102 ,  H04L63/20

Abstract: Techniques and architecture are described for providing a configurable security posture for a network device using an extended ownership artifact, e.g., an ownership voucher, an ownership certificate, etc., and a security profile mechanism that scales to user needs and desires for security profiles on network devices, i.e., easily and securely customizable on thousands of nodes of a network. The configurable security posture may be achieved using the manufacturer authorized signing authority (MASA) to issue an ownership voucher with a security bit extension to support security profile additions. Using the MASA service, a user may explicitly decide on various security postures of a given network device and may apply that profile across the fixed or modular chassis of a network of network devices.