Network security by integrating mutual attestation

    公开(公告)号:US11934525B2

    公开(公告)日:2024-03-19

    申请号:US17712499

    申请日:2022-04-04

    CPC classification number: G06F21/57 H04L9/0869 H04L9/3213

    Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.

    DISCOVERING TRUSTWORTHY DEVICES USING ATTESTATION AND MUTUAL ATTESTATION

    公开(公告)号:US20220394054A1

    公开(公告)日:2022-12-08

    申请号:US17818147

    申请日:2022-08-08

    Abstract: Systems, methods, and computer-readable media for discovering trustworthy devices through attestation and authenticating devices through mutual attestation. A relying node in a network environment can receive attestation information from an attester node in the network environment as part of a unidirectional push of information from the attester node according to a unidirectional link layer communication scheme. A trustworthiness of the attester node can be verified by identifying a level of trust of the attester node from the attestation information. Further, network service access of the attester node through the relying node in the network environment can be controlled based on the level of trust of the attester node identified from the attestation information.

    VERIFICATION OF IN-SITU NETWORK TELEMETRY DATA IN A PACKET-SWITCHED NETWORK

    公开(公告)号:US20220329606A1

    公开(公告)日:2022-10-13

    申请号:US17846381

    申请日:2022-06-22

    Abstract: Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

Patent Agency Ranking