公开(公告)号：US20220394054A1

公开(公告)日：2022-12-08

申请号：US17818147

申请日：2022-08-08

申请人： Cisco Technology, Inc.

发明人： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC分类号： H04L9/40

摘要： Systems, methods, and computer-readable media for discovering trustworthy devices through attestation and authenticating devices through mutual attestation. A relying node in a network environment can receive attestation information from an attester node in the network environment as part of a unidirectional push of information from the attester node according to a unidirectional link layer communication scheme. A trustworthiness of the attester node can be verified by identifying a level of trust of the attester node from the attestation information. Further, network service access of the attester node through the relying node in the network environment can be controlled based on the level of trust of the attester node identified from the attestation information.

公开(公告)号：US11438151B2

公开(公告)日：2022-09-06

申请号：US16750786

申请日：2020-01-23

申请人： Cisco Technology, Inc.

发明人： Eric Voit ,  Peter Panburana

IPC分类号： H04L9/08 ,  H04L9/32 ,  G06F9/455

摘要： The present technology discloses a method for enriching local crypto-processor queries with software-defined networking augmented information, comprising sending, from a virtual machine installed on a physical host, a request for trust verification data; augmenting, by an identity verification system on the physical host, the request for trust verification data with encrypted information from an external entity; receiving, at a trusted processor module on the physical host, the request for trust verification data; receiving, at the virtual machine, the trust verification data; and assessing, at the virtual machine, a state of the physical host based on the trust verification data.

公开(公告)号：US20220094559A1

公开(公告)日：2022-03-24

申请号：US17542142

申请日：2021-12-03

申请人： Cisco Technology, Inc.

发明人： Shwetha Subray Bhandari ,  Eric Voit ,  Jesse Daniel Backman ,  Robert Stephen Rodgers ,  Joseph Eryx Malcolm

IPC分类号： H04L9/32 ,  G06F21/72 ,  G06F21/57 ,  H04L29/06 ,  H04L9/08

摘要： A methodology for requesting at least one signed security measurement from at least one module is provided. The methodology includes receiving the at least one signed security measurement from the at least one module; validating the at least one signed security measurement; generating a signed dossier including all validated signed security measurements in a secure enclave, the signed dossier being used by an external network device for remote attestation of the device.

公开(公告)号：US11196634B2

公开(公告)日：2021-12-07

申请号：US16728323

申请日：2019-12-27

申请人： Cisco Technology, Inc.

发明人： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC分类号： H04L12/24 ,  H04W84/18 ,  H04L12/721 ,  H04L12/751 ,  H04W40/24

摘要： Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. A recipient node in a network environment can receive a neighbor discovery (ND) message from an originating node in the network environment that are both implementing a neighbor discovery protocol. Trustworthiness of the originating node can be verified by identifying a level of trust of the originating node based on attestation information for the originating node included in the ND message received at the recipient node. Connectivity with the recipient node through the network environment can be managed based on the level of trust of the originating node identified from the attestation information included in the ND message.

公开(公告)号：US20200322145A1

公开(公告)日：2020-10-08

申请号：US16784025

申请日：2020-02-06

申请人： Cisco Technology, Inc.

发明人： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC分类号： H04L9/08 ,  H04L29/06 ,  H04L9/32

摘要： Systems, methods, and computer-readable media for authenticating access control messages include receiving, at a first node, access control messages from a second node. The first node and the second node including network devices and the access control messages can be based on RADIUS or TACACS+ protocols among others. The first node can obtain attestation information from one or more fields of the access control messages determine whether the second node is authentic and trustworthy based on the attestation information. The first node can also determine reliability or freshness of the access control messages based on the attestation information. The first node can be a server and the second node can be a client, or the first node can be a client and the second node can be a server. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp.

公开(公告)号：US20200322143A1

公开(公告)日：2020-10-08

申请号：US16750786

申请日：2020-01-23

申请人： Cisco Technology, Inc.

发明人： Eric Voit ,  Peter Panburana

IPC分类号： H04L9/08 ,  H04L9/32 ,  G06F9/455

摘要： The present technology discloses a method for enriching local crypto-processor queries with software-defined networking augmented information, comprising sending, from a virtual machine installed on a physical host, a request for trust verification data; augmenting, by an identity verification system on the physical host, the request for trust verification data with encrypted information from an external entity; receiving, at a trusted processor module on the physical host, the request for trust verification data; receiving, at the virtual machine, the trust verification data; and assessing, at the virtual machine, a state of the physical host based on the trust verification data.

公开(公告)号：US11960607B2

公开(公告)日：2024-04-16

申请号：US17547084

申请日：2021-12-09

申请人： Cisco Technology, Inc.

发明人： Eric Voit ,  Einar Nilsen-Nygaard ,  Frank Brockners ,  Pradeep Kumar Kathail

IPC分类号： G06F21/57

CPC分类号： G06F21/57 ,  G06F2221/033

摘要： This disclosure describes techniques for selectively placing and maintaining sensitive workloads in subsystems that achieve a minimum level of trustworthiness. An example method includes identifying at least one trustworthiness requirement associated with an application and transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem. A response indicating the at least one trustworthiness characteristic is received from the first subsystem. The example method further includes determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem.

公开(公告)号：US11956273B2

公开(公告)日：2024-04-09

申请号：US17818147

申请日：2022-08-08

申请人： Cisco Technology, Inc.

发明人： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC分类号： H04L9/40

CPC分类号： H04L63/162 ,  H04L63/083 ,  H04L63/0853 ,  H04L63/126 ,  H04L63/1433

摘要： Systems, methods, and computer-readable media for discovering trustworthy devices through attestation and authenticating devices through mutual attestation. A relying node in a network environment can receive attestation information from an attester node in the network environment as part of a unidirectional push of information from the attester node according to a unidirectional link layer communication scheme. A trustworthiness of the attester node can be verified by identifying a level of trust of the attester node from the attestation information. Further, network service access of the attester node through the relying node in the network environment can be controlled based on the level of trust of the attester node identified from the attestation information.

公开(公告)号：US11924043B2

公开(公告)日：2024-03-05

申请号：US17517622

申请日：2021-11-02

申请人： Cisco Technology, Inc.

发明人： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC分类号： H04L41/12 ,  H04L45/00 ,  H04L45/02 ,  H04W40/24 ,  H04W84/18

CPC分类号： H04L41/12 ,  H04L45/02 ,  H04L45/26 ,  H04W40/246 ,  H04W84/18

摘要： Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. A recipient node in a network environment can receive a neighbor discovery (ND) message from an originating node in the network environment that are both implementing a neighbor discovery protocol. Trustworthiness of the originating node can be verified by identifying a level of trust of the originating node based on attestation information for the originating node included in the ND message received at the recipient node. Connectivity with the recipient node through the network environment can be managed based on the level of trust of the originating node identified from the attestation information included in the ND message.

公开(公告)号：US11909872B2

公开(公告)日：2024-02-20

申请号：US18054219

申请日：2022-11-10

申请人： Cisco Technology, Inc.

发明人： Amjad Inamdar ,  Lionel Florit ,  Eric Voit ,  Sujal Sheth ,  Chennakesava Reddy Gaddam

IPC分类号： H04L9/08 ,  H04L9/30

CPC分类号： H04L9/0852 ,  H04L9/0827 ,  H04L9/0869 ,  H04L9/304

摘要： Systems and methods are provided for quantum-resistant secure key distribution between a peer and an EAP authenticator by using an authentication server. The systems and methods include receiving requests for a COMMON-SEED and a quantum-safe public key from a peer and an EAP authenticator. The COMMON-SEED is encrypted using the quantum-safe public key of the peer and the quantum-safe public key of the EAP authenticator, and the encrypted COMMON-SEED is sent to the peer along with a request for a PPK_ID from the peer to complete authentication of the peer. The PPK_ID is received from the peer, and the encrypted COMMON-SEED and PPK_ID is sent to the EAP authenticator. A quantum-resistant secure channel is established between the peer and the EAP authenticator when the peer and the EAP authenticator share the same COMMON-SEED and the same PPK-ID.