-
公开(公告)号:US20240297868A1
公开(公告)日:2024-09-05
申请号:US18659296
申请日:2024-05-09
发明人: David A. Maluf , Srinath Gundavelli , Pascal Thubert , Pradeep Kumar Kathail , Eric Levy-Abegnoli , Eric Voit , Ali Sajassi
IPC分类号: H04L9/40 , H04L61/2521 , H04L61/2539 , H04L61/4511
CPC分类号: H04L63/0421 , H04L61/2525 , H04L61/2539 , H04L61/4511
摘要: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.
-
公开(公告)号:US20240265126A1
公开(公告)日:2024-08-08
申请号:US18621076
申请日:2024-03-28
CPC分类号: G06F21/6218 , G06F16/144 , G06F21/123 , G06F21/57
摘要: Techniques for maintaining geographic-based data privacy rules in networked environments. An example method includes receiving, from a first subsystem, a query for data; receiving, from the first subsystem, an aggregate passport indicating at least one geographic region in which the first subsystem and at least one second subsystem connected to the first subsystem operates; and determining that the at least one geographic region complies with at least one data privacy rule that applies to the entity. Based on determining that the at least one geographic region complies with the at least one data privacy rule that applies to the entity, the example method further includes transmitting, to the first subsystem, at least a portion of the data; and storing an indication that the at least the portion of the data has been shared.
-
公开(公告)号:US20240248992A1
公开(公告)日:2024-07-25
申请号:US18601777
申请日:2024-03-11
IPC分类号: G06F21/57
CPC分类号: G06F21/57 , G06F2221/033
摘要: This disclosure describes techniques for selectively placing and maintaining sensitive workloads in subsystems that achieve a minimum level of trustworthiness. An example method includes identifying at least one trustworthiness requirement associated with an application and transmitting, to a first subsystem, a request for at least one trustworthiness characteristic of the first subsystem and at least one second subsystem connected to the first subsystem. A response indicating the at least one trustworthiness characteristic is received from the first subsystem. The example method further includes determining that the at least one trustworthiness characteristic satisfies the at least one trustworthiness requirement; and causing the application to operate on a mesh comprising the first subsystem and the at least one second subsystem.
-
公开(公告)号:US11838283B2
公开(公告)日:2023-12-05
申请号:US17937935
申请日:2022-10-04
发明人: David Delano Ward , Robert Stephen Rodgers , Andrew Phillips Thurber , Eric Voit , Thomas John Giuli
IPC分类号: H04L9/40
CPC分类号: H04L63/08 , H04L63/126
摘要: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.
-
公开(公告)号:US20230179579A1
公开(公告)日:2023-06-08
申请号:US18104603
申请日:2023-02-01
发明人: David A. Maluf , Srinath Gundavelli , Pascal Thubert , Pradeep Kumar Kathail , Eric Levy-Abegnoli , Eric Voit , Ali Sajassi
IPC分类号: H04L9/40 , H04L61/2521 , H04L61/4511
CPC分类号: H04L63/0421 , H04L61/2525 , H04L61/4511
摘要: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.
-
6.发明授权公开(公告)号:US11570242B2
公开(公告)日:2023-01-31
申请号:US17499731
申请日:2021-10-12
IPC分类号: G06F15/173 , H04L67/104 , H04L9/40 , H04W24/10 , H04L9/32 , H04L61/4511 , H04L67/1001
摘要: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.
-
公开(公告)号:US11489823B2
公开(公告)日:2022-11-01
申请号:US16808966
申请日:2020-03-04
发明人: David Delano Ward , Robert Stephen Rodgers , Andrew Phillips Thurber , Eric Voit , Thomas John Giuli
IPC分类号: H04L9/40
摘要: An enclave manager of a network enclave obtains a request to retrieve configuration information and state information corresponding to compute devices and network devices comprising a network enclave. The request specifies a set of parameters of the configuration information and the state information usable to generate a response to the request. The enclave manager evaluates the compute devices, the network devices, and network connections among these devices within the network enclave to obtain the configuration information and the state information. Based on the configuration information and the state information, the enclave manager determines whether the network enclave is trustworthy. Based on the parameters of the request, the enclave manager generates a response indicating a summary that is used to identify the trustworthiness of the network enclave.
-
公开(公告)号:US20220247757A1
公开(公告)日:2022-08-04
申请号:US17728333
申请日:2022-04-25
发明人: Shwetha Subray Bhandari , Eric Voit , Frank Brockners , Carlos M. Pignataro , Nagendra Kumar Nainar
摘要: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.
-
公开(公告)号:US20220239476A1
公开(公告)日:2022-07-28
申请号:US17659530
申请日:2022-04-18
摘要: Systems, methods, and computer-readable media for authenticating access control messages include receiving, at a first node, access control messages from a second node. The first node and the second node including network devices and the access control messages can be based on RADIUS or TACACS+ protocols among others. The first node can obtain attestation information from one or more fields of the access control messages determine whether the second node is authentic and trustworthy based on the attestation information. The first node can also determine reliability or freshness of the access control messages based on the attestation information. The first node can be a server and the second node can be a client, or the first node can be a client and the second node can be a server. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp.
-
公开(公告)号:US11321465B2
公开(公告)日:2022-05-03
申请号:US16752488
申请日:2020-01-24
摘要: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.
-
-
-
-
-
-
-
-
-
搜索结果
84 条记录 (耗时 0.036 秒)
