公开(公告)号：US20200053169A1

公开(公告)日：2020-02-13

申请号：US16100830

申请日：2018-08-10

Applicant: Cisco Technology, Inc.

Inventor： Selvaraj Mani ,  Shwetha Subray Bhandari ,  Rakesh Reddy Kandula ,  Saiprasad Muchala ,  Swapna Gopalkrishna Shingre ,  Srinivasu Angadala

IPC: H04L29/08 ,  G06F17/30 ,  H04L29/12 ,  H04L29/06

Abstract: In one embodiment, a service configured to execute on trusted participant devices authenticates network service devices each having identifying information and one or more offered services, and creates an entry into a secure digital ledger for each authenticated network service device and associated offered services, each entry based on the identifying information and the one or more offered services for a corresponding network service device. Upon receiving an advertisement for an advertised service from an advertising device attached to a given trusted participant device, the service then requests and may receive an authentic ledger entry from the secure digital ledger for the advertised service. In response to either validating or failing to validate authenticity of the advertised service based on the authentic ledger entry, registration at the given trusted participant device of the advertised service for the received advertisement from the advertising device may either be permitted or denied, respectively.

公开(公告)号：US10237079B2

公开(公告)日：2019-03-19

申请号：US15479738

申请日：2017-04-05

Applicant: Cisco Technology, Inc.

Inventor： Selvaraj Mani ,  Swapna Yelamanchi ,  Amarender Musku ,  Rakesh Reddy Kandula ,  Deep Preet Singh ,  Shwetha Subray Bhandari ,  Shrirang Arvind Bage

IPC: H04L12/12 ,  H04L29/08 ,  H04L29/12

Abstract: In one embodiment, a sleep proxy device identifies one or more services offered by a first node in the network. The sleep proxy device announces the one or more identified services to a second node in the network on behalf of the first node. The sleep proxy device intercepts an attempt by the second node to use the one or more services offered by the first node. The sleep proxy device causes the first node to switch from a low power state to an awake state, based on the intercepted attempt.

公开(公告)号：US10305879B2

公开(公告)日：2019-05-28

申请号：US15582647

申请日：2017-04-29

Applicant: Cisco Technology, Inc.

Inventor： Selvaraj Mani ,  Deep Preet Singh ,  Mahendra Kumar Samarya

IPC: G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  H04L29/06 ,  H04L29/12 ,  H04L29/08

Abstract: In one embodiment, a server receives an authentication request from a device in a computer network, and authenticates the device. Then, upon receiving a service announcement from the authenticated device, the server determines authenticity of the service announcement from the authenticated device, and redistributes the service announcement into the computer network only when the service announcement from the authenticated device is an authentic service announcement.

公开(公告)号：US20180316655A1

公开(公告)日：2018-11-01

申请号：US15582647

申请日：2017-04-29

Applicant: Cisco Technology, Inc.

Inventor： Selvaraj Mani ,  Deep Preet Singh ,  Mahendra Kumar Samarya

IPC: H04L29/06 ,  H04L29/12 ,  H04L29/08

CPC classification number: H04L63/08 ,  H04L61/1511 ,  H04L61/1541 ,  H04L67/16

Abstract: In one embodiment, a server receives an authentication request from a device in a computer network, and authenticates the device. Then, upon receiving a service announcement from the authenticated device, the server determines authenticity of the service announcement from the authenticated device, and redistributes the service announcement into the computer network only when the service announcement from the authenticated device is an authentic service announcement.

公开(公告)号：US11451560B2

公开(公告)日：2022-09-20

申请号：US16808114

申请日：2020-03-03

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners ,  Selvaraj Mani ,  Eliot Lear

IPC: H04L12/00 ,  H04L9/40 ,  H04L61/5014 ,  H04L101/686

Abstract: Systems, methods, and computer-readable media are disclosed for measurement of trustworthiness of network devices prior to their configuration and deployment in a network. In one aspect of the present disclosure, a method for pre-configuration of network devices includes receiving, at a dynamic host configuration server, a first request from a network device for configuration data, the configuration data including at least an IP address; sending, by the dynamic host configuration server, a second request to the network device for attestation information; verifying, by the dynamic host configuration server, the network device based on the attestation information; and assigning, by the dynamic host configuration server, the configuration data to the network device upon verifying the network device.

公开(公告)号：US11212318B2

公开(公告)日：2021-12-28

申请号：US16684094

申请日：2019-11-14

Applicant: Cisco Technology, Inc.

Inventor： Selvaraj Mani ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L29/06 ,  H04L9/32 ,  H04L29/12

Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for service discovery and more specifically, for proving trustworthiness of particular service devices and/or mDNS controller/network elements with respect to DNS/mDNS service discovery. Such attestation techniques may implement canary stamps (e.g., tokens or metadata elements containing or reflecting security measures taken at the device).

公开(公告)号：US20200322386A1

公开(公告)日：2020-10-08

申请号：US16684094

申请日：2019-11-14

Applicant: Cisco Technology, Inc.

Inventor： Selvaraj Mani ,  Frank Brockners ,  Shwetha Subray Bhandari

IPC: H04L29/06 ,  H04L9/32 ,  H04L29/12

Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for service discovery and more specifically, for proving trustworthiness of particular service devices and/or mDNS controller/network elements with respect to DNS/mDNS service discovery. Such attestation techniques may implement canary stamps (e.g., tokens or metadata elements containing or reflecting security measures taken at the device).

公开(公告)号：US20200322356A1

公开(公告)日：2020-10-08

申请号：US16808114

申请日：2020-03-03

Applicant: Cisco Technology, Inc.

Inventor： Sujal Sheth ,  Shwetha Subray Bhandari ,  Eric Voit ,  William F. Sulzen ,  Frank Brockners ,  Selvaraj Mani ,  Eliot Lear

IPC: H04L29/06 ,  H04L29/12

Abstract: Systems, methods, and computer-readable media are disclosed for measurement of trustworthiness of network devices prior to their configuration and deployment in a network. In one aspect of the present disclosure, a method for pre-configuration of network devices includes receiving, at a dynamic host configuration server, a first request from a network device for configuration data, the configuration data including at least an IP address; sending, by the dynamic host configuration server, a second request to the network device for attestation information; verifying, by the dynamic host configuration server, the network device based on the attestation information; and assigning, by the dynamic host configuration server, the configuration data to the network device upon verifying the network device.

公开(公告)号：US10693913B2

公开(公告)日：2020-06-23

申请号：US15581455

申请日：2017-04-28

Applicant: Cisco Technology, Inc.

Inventor： Selvaraj Mani ,  Swapna Yelamanchi ,  Amarender Musku ,  Sri Hari Kumaran Masilamani ,  Deep Preet Singh

IPC: H04L29/06 ,  H04L29/08 ,  H04W4/70

Abstract: In one embodiment, a device in a network gathers characteristics of a container application on the device. The device provides the gathered characteristics of the container application for security assessment. The device receives an indication of the security assessment based on the provided characteristics of the container application. The device controls execution of the container application based on the received indication of the security assessment.

公开(公告)号：US10277686B2

公开(公告)日：2019-04-30

申请号：US14812367

申请日：2015-07-29

Applicant: Cisco Technology, Inc.

Inventor： Shwetha Subray Bhandari ,  Pascal Thubert ,  Selvaraj Mani

IPC: H04L29/08 ,  H04L12/741 ,  H04L12/701 ,  H04L12/751

Abstract: In one embodiment, a method comprises generating, by a network device in a network, a Bloom filter bit vector representing services provided by service provider devices in the network; and the network device executing a service discovery operation based on identifying, relative to the Bloom filter bit vector, whether an identified service in a received message is executed in the network.