公开(公告)号：US10049213B2

公开(公告)日：2018-08-14

申请号：US15130155

申请日：2016-04-15

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Yi Zheng ,  Helder F. Antunes ,  Danyang Raymond Zheng ,  Jack C. Cham ,  Gonzalo Salgueiro ,  Joseph Michael Clarke

IPC: H04L29/06 ,  G06F21/56 ,  H04L29/08

Abstract: In one embodiment, a device in a network joins a fog-based malware defense cluster comprising one or more peer devices. The device and each peer device in the cluster are configured to execute a different set of local malware scanners. The device receives a file flagged as suspicious by a node in the network associated with the device. The device determines whether the local malware scanners of the device are able to scan the file. The device sends an assessment request to one or more of the peer devices in the malware defense cluster, in response to determining that the local malware scanners of the device are unable to scan the file.

公开(公告)号：US09282110B2

公开(公告)日：2016-03-08

申请号：US14091435

申请日：2013-11-27

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Helder Antunes ,  Siddhartha Aggarwal ,  Chintankumar Patel

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/51 ,  G06F21/56 ,  H04W12/12 ,  H04L29/08

CPC classification number: H04L63/1408 ,  B60R25/00 ,  G06F21/51 ,  G06F21/564 ,  H04L9/3247 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/145 ,  H04L67/12 ,  H04L67/2861 ,  H04L2209/84 ,  H04W12/08 ,  H04W12/12

Abstract: In an example embodiment herein, there is provided methods and a system for cloud-assisted threat defense for connected vehicles. A vehicle suitably includes an on-board computer system for operating and/or controlling various systems on the vehicle. The on-board computer system suitably operates in connection with or includes an on-board threat defense module for detecting and protecting against malware attacks and other security threats to the vehicle. In an example embodiment, a cloud-based security component or security cloud assists with the detection and protection against security threats and malware attacks to the vehicle while minimizing the processing load and memory requirements for the on-board threat defense module.

Abstract translation: 在这里的示例性实施例中，提供了用于连接的车辆的云辅助威胁防御的方法和系统。 车辆适当地包括用于在车辆上操作和/或控制各种系统的车载计算机系统。 车载计算机系统适当地与车载威胁防御模块相关或包括用于检测和防止恶意软件攻击和对车辆的其他安全威胁的操作。 在示例实施例中，基于云的安全组件或安全云有助于检测和保护以防止对车辆的安全威胁和恶意软件攻击，同时最小化车载威胁防御模块的处理负载和存储器要求。

公开(公告)号：US08938332B1

公开(公告)日：2015-01-20

申请号：US14024080

申请日：2013-09-11

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Ashok K Moghe ,  Aaron A Lung ,  Min He

IPC: G06F7/00 ,  B60W10/30 ,  B60W50/08

CPC classification number: G05B15/02 ,  B60R16/0231 ,  B60R25/20 ,  B60W10/30 ,  B60W50/08 ,  G07C9/00309 ,  G07C2009/00373 ,  G07C2009/00793 ,  G07C2209/64

Abstract: Controlled startup of devices is based on dynamic statistical predictions. Timely startup of onboard associated vehicle devices is based on dynamic statistical predictions and driver proximity to the vehicle. An apparatus for timely startup includes an interface operatively coupled with a power consuming device and control logic coupled with the interface. The control logic is operable in a first mode to perform processing for determining a presence of a first condition of the vehicle, and to selectively activate the power consuming device of the vehicle, via the interface, responsive to determining the presence of the first condition. The control logic is operable in a second mode to suspend, via the interface, the processing for determining the presence of the first condition of the vehicle. The control logic selectively transitions between the first and second modes in accordance with a stochastic modeling of the presence of the first condition over time.

Abstract translation: 设备的控制启动是基于动态统计预测。 车载相关车辆设备的及时启动是基于动态统计预测和驾驶员与车辆的接近度。 用于及时启动的装置包括与功率消耗装置可操作地耦合的接口和与该接口耦合的控制逻辑。 控制逻辑可在第一模式中操作以执行用于确定车辆的第一状态的存在的处理，并且响应于确定是否存在第一状况，经由接口来选择性地启动车辆的功率消耗装置。 控制逻辑可在第二模式下操作以经由接口暂停用于确定车辆的第一状况的存在的处理。 控制逻辑根据对随时间推移的第一条件的存在的随机建模，选择性地在第一和第二模式之间转换。

公开(公告)号：US10122695B2

公开(公告)日：2018-11-06

申请号：US14924799

申请日：2015-10-28

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Yi Zheng ,  Helder F. Antunes ,  Marcelo Yannuzzi ,  Gonzalo Salgueiro ,  Joseph Michael Clarke

IPC: H04L29/06 ,  H04L12/26 ,  H04W12/10 ,  H04W4/70

Abstract: In one embodiment, a first device in a network receives information regarding one or more nodes in the network. The first device determines a property of the one or more nodes based on the received information. The first device determines a degree of trustworthiness of the one or more nodes based on the received information. The first device attests to the determined property and degree of trustworthiness of the one or more nodes to a verification device. The verification device is configured to verify the attested property and degree of trustworthiness.

公开(公告)号：US20150365389A1

公开(公告)日：2015-12-17

申请号：US14306440

申请日：2014-06-17

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Helder Antunes ,  Aaron Lung ,  Chintan Patel ,  Ajith Thrivikramannair ,  Akshay Singhal

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/08 ,  H04L9/0833 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/321 ,  H04L63/0281 ,  H04L63/0869 ,  H04L63/0884 ,  H04L67/12 ,  H04L2209/76 ,  H04L2209/84

Abstract: A system authenticates in-vehicle electronic devices having unequal capabilities such as having varying different communication and processing capabilities. A Connected Vehicle Gateway portion of a selected in-vehicle device acts as an onboard authentication proxy and onboard key server functionality for other in-vehicle devices, and serves as an interface between an in-vehicle network and one or more associated external networks, thereby eliminating the need for explicit peer discovery protocol and the requirement of devices to perform key establishment with each individual communication peer. Instead, each in-vehicle device establishes the group keys as a result of its authentication with the onboard key server and uses the group keys to locally generate and update its session keys. The onboard key server selectively obtains the keys from one or more off-board authentication servers and distributes them to selected in-vehicle devices.

Abstract translation: 系统认证具有不同能力的车载电子设备，例如具有不同的通信和处理能力。 所选择的车载设备的连接车辆网关部分用作车载设备的车载认证代理和车载密钥服务器功能，并且用作车载网络和一个或多个相关联的外部网络之间的接口，从而 消除了对显式对等体发现协议的需要，以及设备对每个单独通信对等体执行密钥建立的要求。 相反，每个车载设备作为其与板载密钥服务器的认证的结果来建立组密钥，并且使用组密钥来本地生成和更新其会话密钥。 车载密钥服务器选择性地从一个或多个舷外认证服务器获取密钥并将其分配给所选择的车载设备。

公开(公告)号：US09215228B1

公开(公告)日：2015-12-15

申请号：US14306440

申请日：2014-06-17

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Helder Antunes ,  Aaron Lung ,  Chintan Patel ,  Ajith Thrivikramannair ,  Akshay Singhal

IPC: H04L9/00 ,  H04L29/06 ,  H04L9/08

CPC classification number: H04L63/08 ,  H04L9/0833 ,  H04L9/0861 ,  H04L9/0891 ,  H04L9/321 ,  H04L63/0281 ,  H04L63/0869 ,  H04L63/0884 ,  H04L67/12 ,  H04L2209/76 ,  H04L2209/84

Abstract: A system authenticates in-vehicle electronic devices having unequal capabilities such as having varying different communication and processing capabilities. A Connected Vehicle Gateway portion of a selected in-vehicle device acts as an onboard authentication proxy and onboard key server functionality for other in-vehicle devices, and serves as an interface between an in-vehicle network and one or more associated external networks, thereby eliminating the need for explicit peer discovery protocol and the requirement of devices to perform key establishment with each individual communication peer. Instead, each in-vehicle device establishes the group keys as a result of its authentication with the onboard key server and uses the group keys to locally generate and update its session keys. The onboard key server selectively obtains the keys from one or more off-board authentication servers and distributes them to selected in-vehicle devices.

Abstract translation: 系统认证具有不同能力的车载电子设备，例如具有不同的通信和处理能力。 所选择的车载设备的连接车辆网关部分用作车载设备的车载认证代理和车载密钥服务器功能，并且用作车载网络和一个或多个相关联的外部网络之间的接口，从而 消除了对显式对等体发现协议的需要，以及设备对每个单独通信对等体执行密钥建立的要求。 相反，每个车载设备作为其与板载密钥服务器的认证的结果来建立组密钥，并且使用组密钥来本地生成和更新其会话密钥。 车载密钥服务器选择性地从一个或多个舷外认证服务器获取密钥并将其分配给所选择的车载设备。

公开(公告)号：US20150150124A1

公开(公告)日：2015-05-28

申请号：US14091435

申请日：2013-11-27

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Helder Antunes ,  Siddhartha Aggarwal ,  Chintankumar Patel

IPC: H04L29/06

CPC classification number: H04L63/1408 ,  B60R25/00 ,  G06F21/51 ,  G06F21/564 ,  H04L9/3247 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/145 ,  H04L67/12 ,  H04L67/2861 ,  H04L2209/84 ,  H04W12/08 ,  H04W12/12

Abstract: In an example embodiment herein, there is provided methods and a system for cloud-assisted threat defense for connected vehicles. A vehicle suitably includes an on-board computer system for operating and/or controlling various systems on the vehicle. The on-board computer system suitably operates in connection with or includes an on-board threat defense module for detecting and protecting against malware attacks and other security threats to the vehicle. In an example embodiment, a cloud-based security component or security cloud assists with the detection and protection against security threats and malware attacks to the vehicle while minimizing the processing load and memory requirements for the on-board threat defense module.

Abstract translation: 在这里的示例性实施例中，提供了用于连接的车辆的云辅助威胁防御的方法和系统。 车辆适当地包括用于在车辆上操作和/或控制各种系统的车载计算机系统。 车载计算机系统适当地与车载威胁防御模块相关或包括用于检测和防止恶意软件攻击和对车辆的其他安全威胁的操作。 在示例实施例中，基于云的安全组件或安全云有助于检测和保护以防止对车辆的安全威胁和恶意软件攻击，同时最小化车载威胁防御模块的处理负载和存储器要求。

公开(公告)号：US09380044B2

公开(公告)日：2016-06-28

申请号：US14482052

申请日：2014-09-10

Applicant: Cisco Technology, Inc.

Inventor： Tao Zhang ,  Helder Antunes ,  Aaron Lung ,  Chintan Patel ,  Ajith Thrivikramannair ,  Akshay Singhal

IPC: H04L9/00 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/08 ,  H04L9/0833 ,  H04L63/0464 ,  H04L63/065 ,  H04L63/104 ,  H04L63/105 ,  H04L67/1044 ,  H04L67/28 ,  H04L2209/84

Abstract: A gateway apparatus supports differentiated secure communications among heterogeneous electronic devices. A communication port communicates via communication networks of different types with two or more associated devices having diverse secure communication capabilities. The gateway logic selectively authenticates the associated devices for group membership into a Secure Communication Group (SCG), and selectively communicates Secure Communication Group Keys (SCGKs) to the devices having the diverse secure communication capabilities for selectively generating session keys locally by the associated devices for mutual secure communication in accordance with the group membership of the associated devices in the SCG.

Abstract translation: 网关装置支持异构电子设备之间差异化的安全通信。 通信端口通过具有不同安全通信能力的两个或多个相关联的设备通过不同类型的通信网络进行通信。 网关逻辑选择性地认证相关联的设备以使组成员进入安全通信组（SCG），并且选择性地将安全通信组密钥（SCGK）传送到具有各种安全通信能力的设备，以便由相关设备本地选择性地生成会话密钥， 根据SCG中相关设备的组成员资格进行相互安全的通信。