公开(公告)号：US10778775B2

公开(公告)日：2020-09-15

申请号：US15333313

申请日：2016-10-25

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Brian Weis ,  Mordechai Alon

IPC: H04L29/08 ,  H04L29/12 ,  H04L29/06 ,  H04L12/24

Abstract: Presented herein are techniques in which one or more network devices can use information provided by a special purpose network connected device to retrieve a usage profile (i.e., configuration file) associated with the special purpose network connected device. The retrieved usage profile, which includes/describes preselected (predetermined) usage descriptions associated with the special purpose network connected device, can then be used to configure one or more network devices. For example, the predetermined usage descriptions associated with the special purpose network connected device can be instantiated and enforced at a network device or the predetermined usage descriptions can be used for auditing the special purpose network connected device (e.g., monitoring of traffic within the network).

公开(公告)号：US20180255092A1

公开(公告)日：2018-09-06

申请号：US15446707

申请日：2017-03-01

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Eric Levy-Abegnoli ,  Eliot Lear ,  Brian E. Weis

IPC: H04L29/06 ,  H04L29/12

CPC classification number: H04L63/1458 ,  H04L61/103 ,  H04L61/1511 ,  H04L61/2015 ,  H04L63/10 ,  H04L63/102

Abstract: In one embodiment, a device in a network inserts a profile tag into an address request sent by an endpoint node in the network to a lookup service. The lookup service is configured to identify one or more addresses with which the endpoint node is authorized to communicate based on a profile for the endpoint node associated with the inserted profile tag. The device receives an address response sent from the lookup service to the endpoint node that indicates the set of one or more addresses with which the endpoint node is authorized to communicate. The device determines whether a communication between the endpoint node and a particular network address is authorized using the set of one or more addresses with which the endpoint node is authorized to communicate. The device blocks the communication based on a determination that the particular network address is not in the set of one or more addresses with which the endpoint node is authorized to communicate.

公开(公告)号：US20170111313A1

公开(公告)日：2017-04-20

申请号：US14882522

申请日：2015-10-14

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  James Bieda

IPC: H04L29/12

CPC classification number: H04L61/1511 ,  H04L61/2015 ,  H04L61/6009 ,  H04L63/0236

Abstract: In one embodiment, a caching resolver receives a name server query from an end device for an Internet Protocol (IP) address for a hostname, and determines whether the hostname requested is in an access control list (ACL). In response to the hostname being in the ACL, the caching resolver examines a received response to the name server query for the hostname, wherein the received response contains a particular IP address for the hostname, and adds the particular IP address for the hostname to the ACL. In one embodiment, the ACL is local to the caching resolver, while in another embodiment, adding the particular IP address for the hostname to the ACL comprises sending a message to a remote ACL-maintaining device that maintains the ACL.

公开(公告)号：US20250028376A1

公开(公告)日：2025-01-23

申请号：US18356473

申请日：2023-07-21

Applicant: Cisco Technology, Inc.

Inventor： Amine Choukir ,  Pascal Thubert ,  Domenico Ficara ,  Eliot Lear

IPC: G06F1/28

Abstract: Methods and systems are described herein for detecting deviations from an expected power profile of a device. The method comprises: retrieving a manufacturer usage description (MUD) associated with the device. The MUD includes a power profile associated with the device. An expected power consumption parameter can be determined from the power profile. The method may further comprise monitoring an actual power consumption parameter of the device and comparing the expected power consumption parameter to the actual power consumption parameter. The method may further comprise determining a deviation between the power consumption parameter and the expected power consumption indicated in the power profile, and outputting a notification when the deviation is equal to or greater than a threshold value.

公开(公告)号：US20240388321A1

公开(公告)日：2024-11-21

申请号：US18531823

申请日：2023-12-07

Applicant: Cisco Technology, Inc.

Inventor： Ashok K. Moghe ,  Eric A. Voit ,  Eliot Lear ,  Yesu Lu

IPC: H04B3/54

Abstract: A power source that supplies power to authorized computing devices generates a query requesting the power usage of the computing devices over a predetermined time period. Each computing device receives the query and provides a response with an indication of the measured or estimated power usage during the predetermined time period. The power source adds up the power usage of each authorized computing device to determine a difference between the reported power usage and the power supplied to the authorized computing devices. The power source may mitigate any discrepancy by cutting off power to ports that are providing more power than is being reported as consumed by the authorized computing devices.

公开(公告)号：US11888898B2

公开(公告)日：2024-01-30

申请号：US17463751

申请日：2021-09-01

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Einar Nilsen-Nygaard

IPC: H04L9/40 ,  H04L61/5014

CPC classification number: H04L63/166 ,  H04L61/5014 ,  H04L63/0869 ,  H04L63/0884

Abstract: At an authentication server, a request for at least a first dynamic host configuration protocol (DHCP) option is received from a client device, and it is determined if the authentication server implements DHCP. Based at least in part on a determination that the authentication server does not implement a DHCP, the operations further include transmitting an application program interface (API) call to a DHCP server associated with the authentication server acting as a DHCP gateway, receiving a response from the DHCP server, and transmitting the response to the client device.

公开(公告)号：US11115266B2

公开(公告)日：2021-09-07

申请号：US16296434

申请日：2019-03-08

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear

IPC: H04L12/24 ,  H04L29/08 ,  H04L12/18 ,  H04L29/12

Abstract: In an embodiment, a method comprises at a network device in an enterprise network, selecting one or more time servers used for establishing a timing reference according to a predetermined priority order of selection that begins with determining whether the network device is configured with information indicating one or more time servers to be used. A timing reference is established for the network device based on a selected time server.

公开(公告)号：US20210226995A1

公开(公告)日：2021-07-22

申请号：US16746323

申请日：2020-01-17

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Owen Friel

IPC: H04L29/06 ,  G06F8/61 ,  G06F21/57

Abstract: This disclosure describes techniques for providing manufacturer usage description (MUD) solution to automatically update network access policy for client application software. The method may include embedding metadata in the application binary. The metadata may include MUD uniform resource identifiers (URIs) that may point to MUD files describing the application's network access requirements. The MUD files may be hosted by application vendor's MUD servers. The system may include a network policy server that is able discover the MUD URIs. The MUD URIs may be discovered based on extracting the MUD URIs from the metadata and/or being provision with the set of MUD URIs for trusted applications. The method may include enterprise wide policy and individual host policy for implementation of the MUD files.

公开(公告)号：US20200120502A1

公开(公告)日：2020-04-16

申请号：US16281864

申请日：2019-02-21

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Owen Friel ,  Max Pritikin

IPC: H04W12/06 ,  H04W12/08 ,  H04W76/11 ,  H04W12/04 ,  H04W48/18 ,  H04W60/00

Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.

公开(公告)号：US10595320B2

公开(公告)日：2020-03-17

申请号：US15726961

申请日：2017-10-06

Applicant: Cisco Technology, Inc.

Inventor： Eliot Lear ,  Brian Weis ,  Richard Lee Barnes, II

IPC: H04L12/00 ,  H04W72/04 ,  H04W48/04 ,  H04W92/10 ,  H04W88/12 ,  H04W48/16 ,  H04W12/08 ,  H04W8/24

Abstract: A process for implementing temporary rules for network devices is described. In one embodiment, the process includes a controller receiving a manufacturer usage description (MUD) identifier from a first device. The controller retrieves a MUD file associated with the MUD identifier. The controller registers a device identifier associated with the first device with a delegated controller determined based on the MUD file. The delegated controller is configured to generate a dynamic policy for the first device. The controller receives a dynamic policy from the delegated controller for the first device. The dynamic policy may be configured to permit a communication session between the first device and a second device. The controller forwards the dynamic policy to an access control device in communication with the first device to enable the access control device to permit the communication session between the first device and the second device.