公开(公告)号：US20140201516A1

公开(公告)日：2014-07-17

申请号：US13742071

申请日：2013-01-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Steinthor Bjarnason ,  Michael Behringer ,  Yves Hertoghs ,  Toerless Eckert ,  Balaji B. L.

IPC: H04L29/06

CPC classification number: H04L63/04 ,  H04L41/0806 ,  H04L41/28 ,  H04L45/64 ,  H04L63/0428

Abstract: To avoid user error and breaking operations, administration and management (OAM), the control plane for implementing OAM is automatically generated by network devices without user input. This control plane is hidden from the user, preventing any configuration that may bring down the connectivity for OAM.

Abstract translation: 为了避免用户错误和中断操作，管理和管理（OAM），实现OAM的控制平面由网络设备自动生成，无需用户输入。 该控制平面从用户隐藏，防止可能导致OAM连接的任何配置。

公开(公告)号：US09774452B2

公开(公告)日：2017-09-26

申请号：US14722444

申请日：2015-05-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Steinthor Bjarnason ,  Michael H. Behringer ,  Yves Francis Eugene Hertoghs ,  Max Pritikin

IPC: G06F17/00 ,  H04L29/06 ,  H04L9/32 ,  H04L12/24

CPC classification number: H04L9/3213 ,  H04L9/3247 ,  H04L41/0809 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/0876 ,  H04L63/20

Abstract: A method in an example embodiment includes creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; and receiving an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment. The method may also include applying a policy to the device based on the audit history report; generating a completed information package, wherein the completed information package includes an authorization token; applying a second signature to the completed information package; and sending the authorization token and the completed information package to the device, the device validating the second signature on the completed information package.

公开(公告)号：US09391959B2

公开(公告)日：2016-07-12

申请号：US13742071

申请日：2013-01-15

Applicant: Cisco Technology, Inc.

Inventor： Steinthor Bjarnason ,  Michael Behringer ,  Yves Hertoghs ,  Toerless Eckert ,  Balaji B. L.

IPC: H04L29/06 ,  H04L12/715 ,  H04L12/24

CPC classification number: H04L63/04 ,  H04L41/0806 ,  H04L41/28 ,  H04L45/64 ,  H04L63/0428

Abstract: To avoid user error and breaking operations, administration and management (OAM), the control plane for implementing OAM is automatically generated by network devices without user input. This control plane is hidden from the user, preventing any configuration that may bring down the connectivity for OAM.

Abstract translation: 为了避免用户错误和中断操作，管理和管理（OAM），实现OAM的控制平面由网络设备自动生成，无需用户输入。 该控制平面从用户隐藏，防止可能导致OAM连接的任何配置。

公开(公告)号：US20150280916A1

公开(公告)日：2015-10-01

申请号：US14722444

申请日：2015-05-27

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Steinthor Bjarnason ,  Michael H. Behringer ,  Yves Francis Eugene Hertoghs ,  Max Pritikin

IPC: H04L9/32 ,  H04L29/06

CPC classification number: H04L9/3213 ,  H04L9/3247 ,  H04L41/0809 ,  H04L63/061 ,  H04L63/08 ,  H04L63/0823 ,  H04L63/0876 ,  H04L63/20

Abstract: A method in an example embodiment includes creating an initial information package for a device attempting to join a network domain of a network environment; communicating the initial information package to a signing authority; sending an authorization token generated by the signing authority to the device, wherein the device validates the authorization token based on a credential in the device; and receiving an audit history report of the device, wherein the audit history report comprises information regarding previous attempts by the device to join the network environment. The method may also include applying a policy to the device based on the audit history report; generating a completed information package, wherein the completed information package includes an authorization token; applying a second signature to the completed information package; and sending the authorization token and the completed information package to the device, the device validating the second signature on the completed information package.

Abstract translation: 示例实施例中的方法包括为尝试加入网络环境的网络域的设备创建初始信息包; 将初始信息包传送给签字机构; 向所述设备发送由所述签名机构生成的授权令牌，其中所述设备基于所述设备中的凭证来验证所述授权令牌; 以及接收所述设备的审计历史报告，其中所述审计历史报告包括关于所述设备加入所述网络环境的先前尝试的信息。 该方法还可以包括基于审计历史报告向设备应用策略; 生成完成的信息包，其中完成的信息包包括授权令牌; 对完成的信息包应用第二签名; 并将所述授权令牌和完成的信息包发送到所述设备，所述设备在完成的信息包上验证所述第二签名。

公开(公告)号：US20140215580A1

公开(公告)日：2014-07-31

申请号：US13750542

申请日：2013-01-25

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Michael Behringer ,  Yves Hertoghs ,  Bruno Klauser ,  Steinthor Bjarnason

IPC: H04L29/06

CPC classification number: H04L63/105 ,  H04L63/0823 ,  H04L63/20

Abstract: In one implementation, security configuration is automated based on information gathered using autonomic neighbor discovery. The neighbor discovery establishes a realm of trust between neighbors, such as determining that some neighbors may be trusted and others may not be trusted. A dynamic security barrier is created using the trust where devices on the network border protect the entire network. Differences in trust result in differential security configuration.

Abstract translation: 在一个实现中，基于使用自主邻居发现收集的信息来自动安全配置。 邻居发现建立邻居之间的信任领域，例如确定一些邻居可能被信任，而其他邻居可能不被信任。 使用信任来创建动态安全屏障，网络上的设备边界保护整个网络。 信任差异导致差异安全配置。

公开(公告)号：US09043884B2

公开(公告)日：2015-05-26

申请号：US13750542

申请日：2013-01-25

Applicant: Cisco Technology, Inc.

Inventor： Michael Behringer ,  Yves Hertoghs ,  Bruno Klauser ,  Steinthor Bjarnason

IPC: H04L29/06

CPC classification number: H04L63/105 ,  H04L63/0823 ,  H04L63/20

Abstract: In one implementation, security configuration is automated based on information gathered using autonomic neighbor discovery. The neighbor discovery establishes a realm of trust between neighbors, such as determining that some neighbors may be trusted and others may not be trusted. A dynamic security barrier is created using the trust where devices on the network border protect the entire network. Differences in trust result in differential security configuration.

Abstract translation: 在一个实现中，基于使用自主邻居发现收集的信息来自动安全配置。 邻居发现建立邻居之间的信任领域，例如确定一些邻居可能被信任，而其他邻居可能不被信任。 使用信任来创建动态安全屏障，网络上的设备边界保护整个网络。 信任差异导致差异安全配置。