Patents by Inventor Eliot Lear
Eliot Lear has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11902277Abstract: Techniques for providing secure modification of manufacturer usage description (MUD) files based on device applications are provided. In one embodiment, a method for secure modification of MUD files may include obtaining a request for one or more applications from a device. The method also includes providing to the device the one or more applications and a certification that includes an updated MUD identifier determined based on the one or more applications requested. The updated MUD identifier is associated with a concatenated MUD file that comprises individual MUD file portions for each of the one or more applications requested. The device is configured to request an updated device identifier using the certification. The updated device identifier includes the updated MUD identifier that is associated with the concatenated MUD file.Type: GrantFiled: April 20, 2021Date of Patent: February 13, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Eliot Lear, Christopher S. Steck, Brian Weis
-
Patent number: 11888898Abstract: At an authentication server, a request for at least a first dynamic host configuration protocol (DHCP) option is received from a client device, and it is determined if the authentication server implements DHCP. Based at least in part on a determination that the authentication server does not implement a DHCP, the operations further include transmitting an application program interface (API) call to a DHCP server associated with the authentication server acting as a DHCP gateway, receiving a response from the DHCP server, and transmitting the response to the client device.Type: GrantFiled: September 1, 2021Date of Patent: January 30, 2024Assignee: Cisco Technology, Inc.Inventors: Eliot Lear, Einar Nilsen-Nygaard
-
Patent number: 11601808Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.Type: GrantFiled: August 31, 2020Date of Patent: March 7, 2023Assignee: Cisco Technology, Inc.Inventors: Eliot Lear, Owen Friel, Max Pritikin
-
Patent number: 11451560Abstract: Systems, methods, and computer-readable media are disclosed for measurement of trustworthiness of network devices prior to their configuration and deployment in a network. In one aspect of the present disclosure, a method for pre-configuration of network devices includes receiving, at a dynamic host configuration server, a first request from a network device for configuration data, the configuration data including at least an IP address; sending, by the dynamic host configuration server, a second request to the network device for attestation information; verifying, by the dynamic host configuration server, the network device based on the attestation information; and assigning, by the dynamic host configuration server, the configuration data to the network device upon verifying the network device.Type: GrantFiled: March 3, 2020Date of Patent: September 20, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners, Selvaraj Mani, Eliot Lear
-
Publication number: 20220210192Abstract: At an authentication server, a request for at least a first dynamic host configuration protocol (DHCP) option is received from a client device, and it is determined if the authentication server implements DHCP. Based at least in part on a determination that the authentication server does not implement a DHCP, the operations further include transmitting an application program interface (API) call to a DHCP server associated with the authentication server acting as a DHCP gateway, receiving a response from the DHCP server, and transmitting the response to the client device.Type: ApplicationFiled: September 1, 2021Publication date: June 30, 2022Inventors: Eliot Lear, Einar Nilsen-Nygaard
-
Patent number: 11374981Abstract: This disclosure describes techniques for providing manufacturer usage description (MUD) solution to automatically update network access policy for client application software. The method may include embedding metadata in the application binary. The metadata may include MUD uniform resource identifiers (URIs) that may point to MUD files describing the application's network access requirements. The MUD files may be hosted by application vendor's MUD servers. The system may include a network policy server that is able discover the MUD URIs. The MUD URIs may be discovered based on extracting the MUD URIs from the metadata and/or being provision with the set of MUD URIs for trusted applications. The method may include enterprise wide policy and individual host policy for implementation of the MUD files.Type: GrantFiled: January 17, 2020Date of Patent: June 28, 2022Assignee: Cisco Technology, Inc.Inventors: Eliot Lear, Owen Friel
-
Patent number: 11283831Abstract: In one embodiment, a device in a network inserts a profile tag into an address request sent by an endpoint node in the network to a lookup service. The lookup service is configured to identify one or more addresses with which the endpoint node is authorized to communicate based on a profile for the endpoint node associated with the inserted profile tag. The device receives an address response sent from the lookup service to the endpoint node that indicates the set of one or more addresses with which the endpoint node is authorized to communicate. The device determines whether a communication between the endpoint node and a particular network address is authorized using the set of one or more addresses with which the endpoint node is authorized to communicate. The device blocks the communication based on a determination that the particular network address is not in the set of one or more addresses with which the endpoint node is authorized to communicate.Type: GrantFiled: May 24, 2019Date of Patent: March 22, 2022Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Eric Levy-Abegnoli, Eliot Lear, Brian E. Weis
-
Publication number: 20210288962Abstract: Techniques for providing secure modification of manufacturer usage description (MUD) files based on device applications are provided. In one embodiment, a method for secure modification of MUD files may include obtaining a request for one or more applications from a device. The method also includes providing to the device the one or more applications and a certification that includes an updated MUD identifier determined based on the one or more applications requested. The updated MUD identifier is associated with a concatenated MUD file that comprises individual MUD file portions for each of the one or more applications requested. The device is configured to request an updated device identifier using the certification. The updated device identifier includes the updated MUD identifier that is associated with the concatenated MUD file.Type: ApplicationFiled: April 20, 2021Publication date: September 16, 2021Inventors: Eliot Lear, Christopher S. Steck, Brian Weis
-
Patent number: 11115266Abstract: In an embodiment, a method comprises at a network device in an enterprise network, selecting one or more time servers used for establishing a timing reference according to a predetermined priority order of selection that begins with determining whether the network device is configured with information indicating one or more time servers to be used. A timing reference is established for the network device based on a selected time server.Type: GrantFiled: March 8, 2019Date of Patent: September 7, 2021Assignee: CISCO TECHNOLOGY, INC.Inventor: Eliot Lear
-
Publication number: 20210226995Abstract: This disclosure describes techniques for providing manufacturer usage description (MUD) solution to automatically update network access policy for client application software. The method may include embedding metadata in the application binary. The metadata may include MUD uniform resource identifiers (URIs) that may point to MUD files describing the application's network access requirements. The MUD files may be hosted by application vendor's MUD servers. The system may include a network policy server that is able discover the MUD URIs. The MUD URIs may be discovered based on extracting the MUD URIs from the metadata and/or being provision with the set of MUD URIs for trusted applications. The method may include enterprise wide policy and individual host policy for implementation of the MUD files.Type: ApplicationFiled: January 17, 2020Publication date: July 22, 2021Applicant: Cisco Technology, Inc.Inventors: Eliot Lear, Owen Friel
-
Patent number: 11025628Abstract: Techniques for providing secure modification of manufacturer usage description (MUD) files based on device applications are provided. In one embodiment, a method for secure modification of MUD files may include obtaining a request for one or more applications from a device. The method also includes providing to the device the one or more applications and a certification that includes an updated MUD identifier determined based on the one or more applications requested. The updated MUD identifier is associated with a concatenated MUD file that comprises individual MUD file portions for each of the one or more applications requested. The device is configured to request an updated device identifier using the certification. The updated device identifier includes the updated MUD identifier that is associated with the concatenated MUD file.Type: GrantFiled: April 17, 2018Date of Patent: June 1, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Eliot Lear, Christopher S. Steck, Brian Weis
-
Publication number: 20200396608Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.Type: ApplicationFiled: August 31, 2020Publication date: December 17, 2020Inventors: Eliot Lear, Owen Friel, Max Pritikin
-
Publication number: 20200322356Abstract: Systems, methods, and computer-readable media are disclosed for measurement of trustworthiness of network devices prior to their configuration and deployment in a network. In one aspect of the present disclosure, a method for pre-configuration of network devices includes receiving, at a dynamic host configuration server, a first request from a network device for configuration data, the configuration data including at least an IP address; sending, by the dynamic host configuration server, a second request to the network device for attestation information; verifying, by the dynamic host configuration server, the network device based on the attestation information; and assigning, by the dynamic host configuration server, the configuration data to the network device upon verifying the network device.Type: ApplicationFiled: March 3, 2020Publication date: October 8, 2020Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners, Selvaraj Mani, Eliot Lear
-
Patent number: 10791462Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.Type: GrantFiled: February 21, 2019Date of Patent: September 29, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Eliot Lear, Owen Friel, Max Pritikin
-
Patent number: 10785809Abstract: In one embodiment, a device in a network receives node information regarding a plurality of nodes that are to join the network. The device determines network formation parameters based on the received node information. The network formation parameters are indicative of a network join schedule and join location for a particular node from the plurality of nodes. The device generates, according to the network join schedule, a join invitation for the particular node based on the network formation parameters. The join invitation allows the particular node to attempt joining the network at the join location via a specified access point. The device causes the sending of one or more beacons via the network that include the join invitation to the particular node. The particular node attempts to join the network via the specified access point based on the one or more beacons.Type: GrantFiled: December 19, 2016Date of Patent: September 22, 2020Assignee: Cisco Technology, Inc.Inventors: Pascal Thubert, Max Pritikin, Eliot Lear, Toerless Eckert, Nancy Cam-Winget, Brian E. Weis
-
Patent number: 10778775Abstract: Presented herein are techniques in which one or more network devices can use information provided by a special purpose network connected device to retrieve a usage profile (i.e., configuration file) associated with the special purpose network connected device. The retrieved usage profile, which includes/describes preselected (predetermined) usage descriptions associated with the special purpose network connected device, can then be used to configure one or more network devices. For example, the predetermined usage descriptions associated with the special purpose network connected device can be instantiated and enforced at a network device or the predetermined usage descriptions can be used for auditing the special purpose network connected device (e.g., monitoring of traffic within the network).Type: GrantFiled: October 25, 2016Date of Patent: September 15, 2020Assignee: CISCO TECHNOLOGY, INC.Inventors: Eliot Lear, Brian Weis, Mordechai Alon
-
Publication number: 20200287784Abstract: In an embodiment, a method comprises at a network device in an enterprise network, selecting one or more time servers used for establishing a timing reference according to a predetermined priority order of selection that begins with determining whether the network device is configured with information indicating one or more time servers to be used. A timing reference is established for the network device based on a selected time server.Type: ApplicationFiled: March 8, 2019Publication date: September 10, 2020Inventor: Eliot Lear
-
Publication number: 20200120502Abstract: This technology uses a bootstrap key (“BSK”) to securely onboard a computing device to a network. A unique BSK associated with an onboarding computing device is used to verify for various deployment models (1) that the computing device has proof the computing device is connecting to the correct wired or wireless network and (2) that the network has proof the computing device is trusted. The BSK may be an associated BSK or an embedded BSK. A computing device receives a signed voucher from the manufacturer authorized signing authority (“MASA”) before the computing device may onboard to a network. The MASA will issue a voucher to a Bootstrapping Remote Secure Key Infrastructure (“BRSKI”) registrar if the registrar proves knowledge of the computing device's BSK to the MASA or the registrar has an established trust relationship with the MASA.Type: ApplicationFiled: February 21, 2019Publication date: April 16, 2020Inventors: Eliot Lear, Owen Friel, Max Pritikin
-
Patent number: 10595320Abstract: A process for implementing temporary rules for network devices is described. In one embodiment, the process includes a controller receiving a manufacturer usage description (MUD) identifier from a first device. The controller retrieves a MUD file associated with the MUD identifier. The controller registers a device identifier associated with the first device with a delegated controller determined based on the MUD file. The delegated controller is configured to generate a dynamic policy for the first device. The controller receives a dynamic policy from the delegated controller for the first device. The dynamic policy may be configured to permit a communication session between the first device and a second device. The controller forwards the dynamic policy to an access control device in communication with the first device to enable the access control device to permit the communication session between the first device and the second device.Type: GrantFiled: October 6, 2017Date of Patent: March 17, 2020Assignee: Cisco Technology, Inc.Inventors: Eliot Lear, Brian Weis, Richard Lee Barnes, II
-
Patent number: 10547503Abstract: Presented herein are techniques in which one or more network devices can use information provided by a special purpose network connected device to retrieve a usage profile (i.e., configuration file) associated with the special purpose network connected device. The retrieved usage profile, which includes/describes preselected (predetermined) usage descriptions associated with the special purpose network connected device, can then be used to configure one or more network devices. For example, the predetermined usage descriptions associated with the special purpose network connected device can be instantiated and enforced at a network device or the predetermined usage descriptions can be used for auditing the special purpose network connected device (e.g., monitoring of traffic within the network).Type: GrantFiled: January 27, 2016Date of Patent: January 28, 2020Assignee: Cisco Technology, Inc.Inventors: Eliot Lear, Nancy Cam-Winget, Brian Weis