公开(公告)号：US10924369B2

公开(公告)日：2021-02-16

申请号：US16682759

申请日：2019-11-13

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar Nainar ,  Lionel Florit ,  Carlos M. Pignataro

IPC: H04L12/26 ,  H04L29/08 ,  H04L12/24

Abstract: Systems, methods, and computer-readable media for Operations, Administration, and Maintenance (OAM) in Internet of Things (IoT) network include an maintaining a list of one or more IoT devices connected to an IoT gateway in the IoT network. At least a subset of the one or more IoT devices are classified as belonging to an active list based on receiving traffic from at least the subset of the one or more IoT devices, and OAM probes are suppressed to at least the subset of the one or more IoT devices in the active list. A message can be received in response to the OAM probe from the at least one IoT device, and upon receiving the message, the at least one IoT device is classified as belonging to the active list.

公开(公告)号：US20210226782A1

公开(公告)日：2021-07-22

申请号：US16749299

申请日：2020-01-22

Applicant: Cisco Technology, Inc.

Inventor： Lionel Florit ,  Scott Roy Fluhrer ,  Amjad Inamdar ,  David Arthur McGrew

IPC: H04L9/08 ,  H04L9/32 ,  G06N10/00 ,  H04L9/30

Abstract: Presented herein are methodologies for establishing secure communications in a post-quantum computer context. The methodology includes receiving, from a first communications device, at a second communications device, a secret seed value, or otherwise obtaining the secret seed value; initializing a session key service with the secret seed value; receiving, from the first communications device, at the second communications device, a pre-shared key identifier; querying the session key service for a pre-shared key corresponding the pre-shared key identifier; receiving, from the session key service, the pre-shared key; deriving a session key based, at least in part, on the pre-shared key; receiving from the first communications device, at the second communications device, data encrypted with the session key; and decrypting the data at the second communications device using the session key.

公开(公告)号：US11381391B2

公开(公告)日：2022-07-05

申请号：US16902081

申请日：2020-06-15

Applicant: Cisco Technology, Inc.

Inventor： Lionel Florit ,  Chennakesava Reddy Gaddam ,  Annu Singh ,  Gaurav Kumar ,  Shwetha Subray Bhandari

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/40

Abstract: A first computing node configures for communication with a second computing node according to a secure Media Access Layer (MAC) layer communication protocol. The first computing node transmits a first message, to the second computing node. The first message includes at least a first indication that the first computing node is capable of communicating according to the secure MAC layer communication protocol based on a pre-shared secret key. The first computing nodes determines to communicate with the second computing node according to the secure MAC layer communication protocol based on one of a pre-shared secret key or a distributed shared key. The first computing node, at least in part based on the determining, transmits a second message to the second computing node according to the secure MAC layer communication protocol based on the one of the pre-shared secret key or the distributed shared key.

公开(公告)号：US20210391984A1

公开(公告)日：2021-12-16

申请号：US16902081

申请日：2020-06-15

Applicant: Cisco Technology, Inc.

Inventor： Lionel Florit ,  Chennakesava Reddy Gaddam ,  Annu Singh ,  Gaurav Kumar ,  Shwetha Subray Bhandari

IPC: H04L9/08 ,  H04L29/06

Abstract: A first computing node configures for communication with a second computing node according to a secure Media Access Layer (MAC) layer communication protocol. The first computing node transmits a first message, to the second computing node. The first message includes at least a first indication that the first computing node is capable of communicating according to the secure MAC layer communication protocol based on a pre-shared secret key. The first computing nodes determines to communicate with the second computing node according to the secure MAC layer communication protocol based on one of a pre-shared secret key or a distributed shared key. The first computing node, at least in part based on the determining, transmits a second message to the second computing node according to the secure MAC layer communication protocol based on the one of the pre-shared secret key or the distributed shared key.

公开(公告)号：US11201921B2

公开(公告)日：2021-12-14

申请号：US16682699

申请日：2019-11-13

Applicant: Cisco Technology, Inc.

Inventor： Lionel Florit ,  William Mark Townsley

IPC: H04L29/08 ,  H04W4/70 ,  H04L12/24 ,  H04L29/06 ,  H04L12/751 ,  H04W4/18

Abstract: Systems, methods, and computer-readable for managing an Internet of Things (IoT) network include identifying an IoT device which is not connected to one or more communication layers of a IoT network, where the IoT network includes one or more intermediate nodes for connecting an IoT application to the IoT device. A virtual device is provided in at least one communication layer of at least one intermediate node, where the virtual device is used for modeling behavior of the IoT device. Using the virtual device as a proxy for the IoT device, operations at the at least one intermediate node while the IoT device is not connected to the at least one layer. The operations can include Operations, Administration, and Maintenance (OAM) functions. The virtual device can be withdrawn or disabled in the at least one intermediate node upon the IoT device establishing connection to the at least one layer.

公开(公告)号：US11909872B2

公开(公告)日：2024-02-20

申请号：US18054219

申请日：2022-11-10

Applicant: Cisco Technology, Inc.

Inventor： Amjad Inamdar ,  Lionel Florit ,  Eric Voit ,  Sujal Sheth ,  Chennakesava Reddy Gaddam

IPC: H04L9/08 ,  H04L9/30

CPC classification number: H04L9/0852 ,  H04L9/0827 ,  H04L9/0869 ,  H04L9/304

Abstract: Systems and methods are provided for quantum-resistant secure key distribution between a peer and an EAP authenticator by using an authentication server. The systems and methods include receiving requests for a COMMON-SEED and a quantum-safe public key from a peer and an EAP authenticator. The COMMON-SEED is encrypted using the quantum-safe public key of the peer and the quantum-safe public key of the EAP authenticator, and the encrypted COMMON-SEED is sent to the peer along with a request for a PPK_ID from the peer to complete authentication of the peer. The PPK_ID is received from the peer, and the encrypted COMMON-SEED and PPK_ID is sent to the EAP authenticator. A quantum-resistant secure channel is established between the peer and the EAP authenticator when the peer and the EAP authenticator share the same COMMON-SEED and the same PPK-ID.

公开(公告)号：US11757630B2

公开(公告)日：2023-09-12

申请号：US17377303

申请日：2021-07-15

Applicant: Cisco Technology, Inc.

Inventor： Amjad Inamdar ,  Lionel Florit ,  Eric Voit ,  Sujal Sheth ,  Chennakesava Reddy Gaddam

IPC: H04L9/08 ,  H04L9/30

CPC classification number: H04L9/0852 ,  H04L9/0827 ,  H04L9/0869 ,  H04L9/304

Abstract: Systems and methods are provided for quantum-resistant secure key distribution between a peer and an EAP authenticator by using an authentication server. The systems and methods include receiving requests for a COMMON-SEED and a quantum-safe public key from a peer and an EAP authenticator. The COMMON-SEED is encrypted using the quantum-safe public key of the peer and the quantum-safe public key of the EAP authenticator, and the encrypted COMMON-SEED is sent to the peer along with a request for a PPK ID from the peer to complete authentication of the peer. The PPK ID is received from the peer, and the encrypted COMMON-SEED and PPK ID is sent to the EAP authenticator. A quantum-resistant secure channel is established between the peer and the EAP authenticator when the peer and the EAP authenticator share the same COMMON-SEED and the same PPK-ID.

公开(公告)号：US20230071333A1

公开(公告)日：2023-03-09

申请号：US18054219

申请日：2022-11-10

Applicant: Cisco Technology, Inc.

Inventor： Amjad Inamdar ,  Lionel Florit ,  Eric Voit ,  Sujal Sheth ,  Chennakesava Reddy Gaddam

IPC: H04L9/08 ,  H04L9/30

Abstract: Systems and methods are provided for quantum-resistant secure key distribution between a peer and an EAP authenticator by using an authentication server. The systems and methods include receiving requests for a COMMON-SEED and a quantum-safe public key from a peer and an EAP authenticator. The COMMON-SEED is encrypted using the quantum-safe public key of the peer and the quantum-safe public key of the EAP authenticator, and the encrypted COMMON-SEED is sent to the peer along with a request for a PPK_ID from the peer to complete authentication of the peer. The PPK_ID is received from the peer, and the encrypted COMMON-SEED and PPK_ID is sent to the EAP authenticator. A quantum-resistant secure channel is established between the peer and the EAP authenticator when the peer and the EAP authenticator share the same COMMON-SEED and the same PPK-ID.

公开(公告)号：US20220345300A1

公开(公告)日：2022-10-27

申请号：US17377303

申请日：2021-07-15

Applicant: Cisco Technology, Inc.

Inventor： Amjad Inamdar ,  Lionel Florit ,  Eric Voit ,  Sujal Sheth ,  Chennakesava Reddy Gaddam

IPC: H04L9/08 ,  H04L9/30

Abstract: A method is provided for quantum-resistant secure key distribution between a peer and an extendible authentication protocol (EAP) authenticator by using an authentication server. The method may include receiving requests for a COMMON-SEED and a McEliece public key from a peer and an EAP authenticator by an authentication server using an EAP method, encrypting the COMMON-SEED using the McEliece public key of the peer and the McEliece public key of the EAP authenticator by the authentication server, and sending the encrypted COMMON-SEED from the authentication server to the peer along with a request for a PPK_ID from the peer using the EAP method to complete authentication of the peer. The method may also include receiving the PPK_ID from the peer using the EAP method, where the PPK_ID is from a key pair consisting of PPK_ID and PPK obtained from a first SKS server in electrical communication with the peer based upon the encrypted COMMON-SEED. The method may also include sending the encrypted COMMON-SEED and PPK_ID from the authentication server to the EAP authenticator, and establishing a quantum-resistant secure channel between the peer and the EAP authenticator, where a message of EAP success is delivered from the EAP authenticator to the peer when the peer and the EAP authenticator share the same COMMON-SEED and the same PPK-ID.

公开(公告)号：US09553945B2

公开(公告)日：2017-01-24

申请号：US14174376

申请日：2014-02-06

Applicant: Cisco Technology, Inc.

Inventor： Samer Salam ,  Lionel Florit

IPC: G06F15/173 ,  H04L29/08 ,  H04L12/24

CPC classification number: H04L67/2809 ,  H04L41/00 ,  H04L41/12

Abstract: In one embodiment, a broker device receives device-identifying data to identify a device in a computer network. An ontology associated with the device-identifying data is then identified by the broker device and in response to identifying the ontology, interpretation instructions related to the identified ontology are determined. The broker device receives data from the identified device and interprets the received data based on the interpretation instructions.

Abstract translation: 在一个实施例中，代理设备接收设备识别数据以识别计算机网络中的设备。 然后由代理设备识别与设备识别数据相关联的本体，并且响应于识别本体，确定与所识别的本体相关的解释指令。 代理设备从所识别的设备接收数据，并且基于解释指令来解释所接收的数据。