公开(公告)号：US20250055753A1

公开(公告)日：2025-02-13

申请号：US18732182

申请日：2024-06-03

Applicant: Cisco Technology, Inc.

Inventor： Pablo Garcia del Valle ,  Frank Brockners ,  Tal Maoz ,  Benjamin William Ryder ,  Aviad Rom

IPC: H04L41/0816 ,  H04L41/0894

Abstract: A method for providing a symbiotic network orchestrator utilized to automatically commission edge computing devices on corporate computing networks and edge site computing networks is presented. The method includes receiving an indication of a potential connection of an edge computing device to one or more computing networks associated with the orchestrator. The one or more computing networks includes a corporate computing network and an edge site computing network. The method further includes determining, based on the corporate computing network, the edge site computing network, and a predetermined set of rules, an intent for commissioning the edge computing device, reconfiguring, based on the intent, the corporate computing network and the edge site computing network, and commissioning the edge computing device on one or more of the corporate computing network or the edge site computing network in accordance with the reconfiguring.

公开(公告)号：US11934525B2

公开(公告)日：2024-03-19

申请号：US17712499

申请日：2022-04-04

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: G06F21/57 ,  H04L9/08 ,  H04L9/32

CPC classification number: G06F21/57 ,  H04L9/0869 ,  H04L9/3213

Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.

公开(公告)号：US11924223B2

公开(公告)日：2024-03-05

申请号：US17728333

申请日：2022-04-25

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Eric Voit ,  Frank Brockners ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar

IPC: H04L9/40 ,  H04L69/22

CPC classification number: H04L63/123 ,  H04L63/1425 ,  H04L69/22

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

公开(公告)号：US20240073791A1

公开(公告)日：2024-02-29

申请号：US17896720

申请日：2022-08-26

Applicant: Cisco Technology, Inc.

Inventor： Ajit Thyagarajan ,  Sajini G ,  Rana Ruhi ,  Arun Kumar Subramanian ,  Frank Brockners

IPC: H04W48/16 ,  H04L5/00

CPC classification number: H04W48/16 ,  H04L5/0048 ,  H04W4/70

Abstract: Methods for discovering telemetry retrieval capabilities of telemetry devices. The methods include a computing device obtaining telemetry capability related information for one or more telemetry devices and determining one or more telemetry retrieval methods supported by each of the one or more telemetry devices based on the telemetry capability related information. The methods further include obtaining telemetry data based on the one or more telemetry retrieval methods determined to be supported by a respective telemetry device.

公开(公告)号：US11902139B2

公开(公告)日：2024-02-13

申请号：US17532776

申请日：2021-11-22

Applicant: Cisco Technology, Inc.

Inventor： Atri Indiresan ,  Frank Brockners ,  Akshay Dorwat

IPC: H04L43/12 ,  H04L9/40 ,  H04L43/0823 ,  H04L45/18 ,  H04L41/14

CPC classification number: H04L43/12 ,  H04L41/14 ,  H04L43/0823 ,  H04L45/18 ,  H04L63/1425 ,  H04L63/1458

Abstract: This disclosure describes various methods, systems, and devices related to identifying an issue in a network using a probe packet. An example method includes identifying an expired data packet transmitted in a network and addressed to a destination; generating a probe packet addressed to the destination; and forwarding the probe packet. When the probe packet is received, a report indicating a routing loop in the network can be transmitted to an administrator.

公开(公告)号：US20240048487A1

公开(公告)日：2024-02-08

申请号：US18377712

申请日：2023-10-06

Applicant: Cisco Technology, Inc.

Inventor： Atri Indiresan ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L45/7453 ,  H04L41/0695 ,  H04L47/2483 ,  H04L61/5007

CPC classification number: H04L45/7453 ,  H04L41/0695 ,  H04L47/2483 ,  H04L61/5007

Abstract: This disclosure describes various methods, systems, and devices related to identifying path changes of data flows in a network. An example method includes receiving, at a node, a packet including a first signature. The method further includes generating a second signature by inputting the first signature and one or more node details into a hash function. The method includes replacing the first signature with the second signature in the packet. The packet including the second value is forwarded by the node.

公开(公告)号：US20240012918A1

公开(公告)日：2024-01-11

申请号：US17859693

申请日：2022-07-07

Applicant: Cisco Technology, Inc.

Inventor： Marcelo Yannuzzi ,  Herve Muyal ,  Jean Andrei Diaconu ,  Frank Brockners ,  Carlos Goncalves Pereira

IPC: G06F21/62 ,  G06F9/54

CPC classification number: G06F21/6209 ,  G06F9/543

Abstract: In one embodiment, a device obtains program code of an application that defines annotations denoting a plurality of data types handled by the application. The device determines, for each of the plurality of data types, an association between that data type and a category of sensitive data. The device creates, based on the association for each of the plurality of data types, a protection binding that defines a data handling scope bonded to the association between that data type and its associated category of sensitive data. The device causes data compliance policies to be applied to the application according to its corresponding associations and protection bindings.

公开(公告)号：US11683324B2

公开(公告)日：2023-06-20

申请号：US17846381

申请日：2022-06-22

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Santhosh N ,  Rakesh Reddy Kandula ,  Saiprasad Reddy Muchala ,  Frank Brockners

IPC: H04L9/40 ,  H04L45/00 ,  H04L9/32 ,  H04L9/08

CPC classification number: H04L63/123 ,  H04L9/0869 ,  H04L9/321 ,  H04L45/72 ,  H04L63/0428 ,  H04L63/0435

Abstract: Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

公开(公告)号：US11652874B2

公开(公告)日：2023-05-16

申请号：US17857729

申请日：2022-07-05

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: G06F15/173 ,  H04L67/104 ,  H04L9/40 ,  H04W24/10 ,  H04L9/32 ,  H04L61/4511 ,  H04L67/1001

CPC classification number: H04L67/104 ,  H04L9/3247 ,  H04L61/4511 ,  H04L63/0823 ,  H04L67/1001 ,  H04W24/10

Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.

公开(公告)号：US20220394054A1

公开(公告)日：2022-12-08

申请号：US17818147

申请日：2022-08-08

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners

IPC: H04L9/40

Abstract: Systems, methods, and computer-readable media for discovering trustworthy devices through attestation and authenticating devices through mutual attestation. A relying node in a network environment can receive attestation information from an attester node in the network environment as part of a unidirectional push of information from the attester node according to a unidirectional link layer communication scheme. A trustworthiness of the attester node can be verified by identifying a level of trust of the attester node from the attestation information. Further, network service access of the attester node through the relying node in the network environment can be controlled based on the level of trust of the attester node identified from the attestation information.