公开(公告)号：US20190238580A1

公开(公告)日：2019-08-01

申请号：US16374932

申请日：2019-04-04

Applicant: Cisco Technology, Inc.

Inventor： Steve Epstein ,  Avi Fruchter ,  Moshe Kravchik ,  Yaron Sella ,  Itay Harush

IPC: H04L29/06 ,  G06N20/00 ,  H04L12/28 ,  H04W4/12

CPC classification number: H04L63/1425 ,  G06N20/00 ,  H04L12/2818 ,  H04L12/2825 ,  H04L12/2834 ,  H04L63/0861 ,  H04L63/10 ,  H04L63/1408 ,  H04L63/20 ,  H04L2463/082 ,  H04W4/12

Abstract: A system includes a network gateway in communication with a plurality of servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of network appliances, wherein each one appliance of the plurality of network appliances is associated with one of the plurality of servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of network appliances from one of the servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

公开(公告)号：US09380070B1

公开(公告)日：2016-06-28

申请号：US14600129

申请日：2015-01-20

Applicant: Cisco Technology, Inc.

Inventor： Harel Cain ,  Yaron Sella ,  Michal Devir ,  David Wende

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L12/40 ,  H04L12/4625 ,  H04L63/08 ,  H04L63/1425 ,  H04L67/12 ,  H04L2012/40215

Abstract: In one embodiment, a method implemented on a node connected to a network bus includes: storing one or more message identifiers, the one or more identifiers comprising at least one message identifier identifying the node, the at least one message identifier being included in a message at a time when the message is sent by the node onto the network bus; monitoring network bus traffic, the network bus traffic comprising messages transmitted by the node and by other nodes connected to the network bus; and alerting a processor of the node if a message transmitted on the network bus by at least one of the other nodes is identified as having a message identifier corresponding to the at least one message identifier.

Abstract translation: 在一个实施例中，在连接到网络总线的节点上实现的方法包括：存储一个或多个消息标识符，所述一个或多个标识符包括标识所述节点的至少一个消息标识符，所述至少一个消息标识符被包括在消息中 在消息由节点发送到网络总线上的时间; 监控网络总线流量，网络总线流量包括由节点和连接到网络总线的其他节点发送的消息; 以及如果在所述网络总线上由至少一个其他节点发送的消息被识别为具有与所述至少一个消息标识符相对应的消息标识符，则提醒所述节点的处理器。

公开(公告)号：US09158901B2

公开(公告)日：2015-10-13

申请号：US14082842

申请日：2013-11-18

Applicant: Cisco Technology Inc.

Inventor： David Wachtfogel ,  Yaron Sella

IPC: H04L29/06 ,  G06F21/10

CPC classification number: G06F21/10 ,  G06F2221/0797

Abstract: A system and method for device security is described, the system and method including at least one integrated circuit including a CPU, a key register storing a hardware enabling key, the key including a large number of bits, such that each bit of the large number of bits has a correct value, and if any one bit of the large number of bits is set to an incorrect value the key will not function correctly a combination circuit for performing a function, ƒ, the function ƒ being essential for correct functionality of the CPU, such that the combination circuit is activated by the key, the combination circuit only performing function ƒ if each of the large number of bits of the key is set to the correct value, and there exists no set of intermediate or output bits derived from the large number of bits of the key, which determine if the combination circuit performs function ƒ, the set intermediate or output bits including fewer bits than are included in the key. Related apparatus, methods, and systems are also described.

Abstract translation: 描述了一种用于设备安全性的系统和方法，所述系统和方法包括至少一个集成电路，包括CPU，存储硬件使能密钥的密钥寄存器，包括大量位的密钥，使得大数量的每个位 的位具有正确的值，并且如果大量位的任何一位被设置为不正确的值，则该键将不能正常地用于执行功能的组合电路ƒ，功能ƒ对于正确的功能是必不可少的 CPU，使得组合电路由键激活，组合电路仅执行功能，如果键的大量位中的每一个被设置为正确的值，并且不存在从 键的大量位，其确定组合电路是否执行功能ƒ，所设置的中间或输出位包括比包括在键中的位数少。 还描述了相关装置，方法和系统。

公开(公告)号：US11606366B2

公开(公告)日：2023-03-14

申请号：US16459732

申请日：2019-07-02

Applicant: Cisco Technology, Inc.

Inventor： Yaron Sella ,  Kevin Holcomb ,  Raghuram S. Sudhaakar

IPC: H04L29/06 ,  H04L9/40 ,  H04L12/40 ,  H03M13/09

Abstract: In one embodiment, a sender node in a serial network identifies a message identifier for a packet to be sent by the sender node. The sender node selects a cyclical redundancy check (CRC) initialization vector associated with the message identifier. The sender node generates a CRC value for the packet, based on the selected initialization vector. The sender node sends the packet via the serial network. The sent packet includes the message identifier and the generated CRC value. In turn, a receiver node that receives the packet uses the generated CRC value to authenticate the sender node.

公开(公告)号：US20210365563A1

公开(公告)日：2021-11-25

申请号：US17392869

申请日：2021-08-03

Applicant: Cisco Technology, Inc.

Inventor： Yaron Sella ,  Kevin Holcomb

IPC: G06F21/57 ,  H04L9/06 ,  G06K9/62

Abstract: The secure chain of trust steps to boot-up a computing device are split between the shutdown procedure of the computing device and the boot-up procedure of the computing device to reduce the time required for the computing device to boot-up. The main image associated with a central processing unit of the computing device is validated during the shutdown procedure of the computing device such that the operating system for the central processing unit is available when the computing device receives an action to power on. The boot-up time for the computing device is reduced, which allows the computing device to boot-up within an established time frame.

公开(公告)号：US11042635B2

公开(公告)日：2021-06-22

申请号：US16040727

申请日：2018-07-20

Applicant: Cisco Technology, Inc.

Inventor： Yaron Sella ,  Kevin W. Holcomb ,  Subhasri Dhesikan ,  Raghuram S. Sudhaakar

IPC: G06F21/56 ,  G06F9/4401

Abstract: Many modern devices and machines (e.g., Internet of Things (IoT) devices and connected vehicles (CV)) include wireless interfaces that permit external devices to communicate with the devices and machines. These wireless interfaces can be attacked by malicious actors who can affect the operation of the devices or machines. Embodiments herein describe a user controlled actuator (e.g., a knob, set of buttons, switches, etc.) for responding to a wireless attack. Using the actuator, the user can set a response level depending on the threat. Each threat level can elicit a predefined action or set of actions from a control system in the device or machine.

公开(公告)号：US10397596B2

公开(公告)日：2019-08-27

申请号：US15673438

申请日：2017-08-10

Applicant: Cisco Technology, Inc.

Inventor： Harel Cain ,  Michal Devir ,  Yaron Sella

IPC: G06T1/00 ,  H04N19/132 ,  H04N19/139 ,  H04N19/14 ,  H04N19/174 ,  H04N19/467 ,  H04N19/593 ,  H04N19/52 ,  H04N19/44

Abstract: In one embodiment, a method including dividing a reference mask into a plurality of reference mask divisions, determining a plurality of motion vectors respectively associated with a plurality of slice divisions, wherein the plurality of reference mask divisions respectively correspond to the plurality of slice divisions, modifying a blurring kernel in accordance with the plurality of motion vectors, yielding a plurality of modified blurring kernels that are respectively associated with the plurality of slice divisions, and performing at least one action to yield an altered reference mask, including for the plurality of reference mask divisions and the plurality of modified blurring kernels: convolving a reference mask division with a weighted function of at least a modified blurring kernel associated with a slice division, of the plurality of slice divisions, to which the reference mask division corresponds.

公开(公告)号：US10346258B2

公开(公告)日：2019-07-09

申请号：US15218342

申请日：2016-07-25

Applicant: Cisco Technology, Inc.

Inventor： Yaron Sella ,  Yigal Reiss ,  Len Sundy ,  Yair Mirsky

IPC: G06F17/30 ,  G06F11/14 ,  G06N7/00 ,  G06F21/55 ,  G06F21/56

Abstract: In one embodiment, a method for ransomware-aware file backup is implemented on a computing device and includes: backing up a target population of files from a target file location in a backup transaction, computing a backup delta score for the backup transaction, where the computing comprises comparing backup data from the backup transaction with backup data from a previous backup transaction, determining whether the computer backup delta score exceeds a pre-defined threshold, and upon the computed backup delta score exceeding the pre-defined threshold: determining that the backup transaction is indicative of a ransomware infection, and performing at least one counter-measure in response to the ransomware infection.

公开(公告)号：US10298604B2

公开(公告)日：2019-05-21

申请号：US15256651

申请日：2016-09-05

Applicant: Cisco Technology, Inc.

Inventor： Steve Epstein ,  Avi Fruchter ,  Moshe Kravchik ,  Yaron Sella ,  Itay Harush

IPC: H04L12/28 ,  H04L29/06 ,  G06N99/00 ,  H04W4/12

Abstract: In one embodiment, a system is described, the system including a network gateway in communication with a plurality of original equipment manufacturer (OEM) servers, a household behavior model processor which models a household behavior model based at least on expected usage of each of a plurality of OEM network appliances, wherein each one appliance of the plurality of OEM network appliances is associated with one of the plurality of OEM servers, and behavior of users associated with the network gateway, an anomaly detector which determines, on the basis of the household behavior model, if an anomalous control message which has been sent to one of the plurality of OEM network appliances from one of the OEM servers has been received at the network gateway, and a notification server which sends a notification to an application on an administrator's device upon receipt of the anomalous control message at the network gateway. Related systems, apparatus, and methods are also described.

公开(公告)号：US10123031B2

公开(公告)日：2018-11-06

申请号：US14790028

申请日：2015-07-02

Applicant: Cisco Technology, Inc.

Inventor： Harel Cain ,  Yaron Sella ,  Michal Devir

IPC: H04N19/467 ,  H04N19/593 ,  H04N19/177 ,  H04N19/184 ,  H04N19/61 ,  H04N19/59 ,  H04N19/186 ,  H04N19/174 ,  H04N19/18 ,  H04N19/625 ,  H04N19/176 ,  H04N21/8358

Abstract: In one embodiment, a method, system and apparatus for watermarking MPEG-2 compressed video is described, the method, system and apparatus including detecting a pair of neighboring blocks in a MPEG-2 encoded I-frame, determining if the pair of neighboring blocks have dct_dc_differential fields with different values that are within a given threshold value of each other, and embedding a watermark payload bit in the neighboring blocks as a positive result of the determining, the embedding including ordering dct_dc_differential fields of the neighboring blocks such that ordering the dct_dc_differential fields in a first manner encodes a one bit and ordering the dct_dc_differential fields in a second manner encodes a zero bit. Related embodiments of methods, systems, and apparatuses are also described.