Patents by Inventor Max Pritikin
Max Pritikin has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20140351581Abstract: In one implementation, a public key infrastructure utilizes a two stage revocation process for a set of data. One stage authenticates or revokes the set of data based on the status of the digital signature and another stage authenticates or revokes the set of data based on the status of an individual signature by the digital certificate. For example, a digital certificate based is assigned a certificate number. A serial number is assigned for a signature for the set of data as signed by the digital certificate. A data transmission, data packet, or install package includes the set of data, the certificate number and the serial number. Therefore, individual instances of the signature may be revoked according to serial number.Type: ApplicationFiled: May 21, 2013Publication date: November 27, 2014Applicant: Cisco Technology, Inc.Inventor: Max Pritikin
-
Publication number: 20140223530Abstract: In one embodiment, a Manufacturer Installed Certificate (MIC) and a personal identification number are sent to a call controller to request a configuration profile. When the configuration file is received, the IP phone is provisioned according to the configuration profile.Type: ApplicationFiled: April 8, 2014Publication date: August 7, 2014Applicant: Cisco Technology, Inc.Inventors: Plamen Nedeltchev, Robert T. Bell, Max Pritikin
-
Patent number: 8732279Abstract: In one embodiment, a Manufacturer Installed Certificate (MIC) and a personal identification number are sent to a call controller to request a configuration profile. When the configuration file is received, the IP phone is provisioned according to the configuration profile.Type: GrantFiled: August 18, 2006Date of Patent: May 20, 2014Assignee: Cisco Technology, Inc.Inventors: Plamen Nedeltchev, Robert T. Bell, Max Pritikin
-
Patent number: 8650394Abstract: According to one aspect, a method for certifying the identity of a network device. The method includes an initial step of coupling the network device to a provisioning device via a physically secure communications link. The provisioning device then certifies the identity of the network device including generating a cryptographic private key for the network device and sending the generated private key to the network device over the physically secure communications link.Type: GrantFiled: November 14, 2011Date of Patent: February 11, 2014Assignee: Cisco Technology, Inc.Inventors: Jan Vilhuber, Max Pritikin
-
Publication number: 20130318343Abstract: A method in an example embodiment includes creating an initial information package for a device in a domain of a network environment when the device is unconfigured. The method further includes communicating the initial information package to a signing authority, receiving an authorization token from the signing authority, and sending the authorization token to the unconfigured device, where the unconfigured device validates the authorization token based on a credential in the unconfigured device. In more specific embodiments, the initial information package includes a unique device identifier of the unconfigured device and a domain identifier of the domain. In further embodiments, the signing authority creates the authorization token by applying an authorization signature to the unique device identifier and the domain identifier. In other embodiments, the method includes receiving an audit history report of the unconfigured device and applying a policy to the device based on the audit history report.Type: ApplicationFiled: May 22, 2012Publication date: November 28, 2013Inventors: Steinthor Bjarnason, Michael H. Behringer, Yves Francis Eugene Hertoghs, Max Pritikin
-
Patent number: 8407464Abstract: In one embodiment, techniques to validate certificates using authentication, authorization, and accounting (AAA) services are provided. A service receives a request from a requester for validation of a certificate. The request may include the certificate associated with the requester. The servicer creates a AAA request that includes the certificate. The AAA request is then sent to the AAA server. A response is then received from the AAA server that includes a result of the certificate validation and also AAA attributes associated with any AAA services performed. The servicer may then validate the proof of possession of the private key or perform other type of authentication calculations after receiving the response from the AAA server if the response indicates the certificate was validated. The servicer can then perform an action based on the certificate validation and AAA attributes.Type: GrantFiled: October 10, 2006Date of Patent: March 26, 2013Assignee: Cisco Technology, Inc.Inventors: Joseph Salowey, Glen Zorn, Max Pritikin
-
Patent number: 8341250Abstract: Systems, methods and other embodiments associated with network device provisioning are described. One example method includes storing a set of device specific identification data in a network device. The example method may also include storing an association between the network device and a set of device specific provisioning data. The example method may also include providing the set of device specific provisioning data to the network device. The set of device specific provisioning data may be provided in response to receiving a provisioning data request from the network device.Type: GrantFiled: May 30, 2009Date of Patent: December 25, 2012Assignee: Cisco Technology, Inc.Inventors: Max Pritikin, David A. McGrew, Jan Vilhuber, Brian E. Weis
-
Publication number: 20120060027Abstract: According to one aspect, a method for certifying the identity of a network device. The method includes an initial step of coupling the network device to a provisioning device via a physically secure communications link. The provisioning device then certifies the identity of the network device including generating a cryptographic private key for the network device and sending the generated private key to the network device over the physically secure communications link.Type: ApplicationFiled: November 14, 2011Publication date: March 8, 2012Inventors: Jan VILHUBER, Max PRITIKIN
-
Patent number: 8095788Abstract: According to one aspect, a provisioning server comprises a configuration module that configures a network device and an identification certification module that certifies the identity of the network device. With use of the provisioning server, the network device does not require configuration with network connectivity in order to obtain its certified identity. In one embodiment, configuration module configures the device for operation at the device's point of deployment in a network. In one embodiment, the identity certification module is configured to generate a digital certificate for the network device and the configuration module is configured to automatically configure the network device based on its digital certificate. The provisioning server is coupled to the network device with a secure communication link. As a result, a more trusted network device is ultimately deployed into its network of operation.Type: GrantFiled: May 23, 2008Date of Patent: January 10, 2012Assignee: Cisco Technology, Inc.Inventors: Jan Vilhuber, Max Pritikin
-
Publication number: 20100306352Abstract: Systems, methods and other embodiments associated with network device provisioning are described. One example method includes storing a set of device specific identification data in a network device. The example method may also include storing an association between the network device and a set of device specific provisioning data. The example method may also include providing the set of device specific provisioning data to the network device. The set of device specific provisioning data may be provided in response to receiving a provisioning data request from the network device.Type: ApplicationFiled: May 30, 2009Publication date: December 2, 2010Applicant: CISCO TECHNOLOGY, INC.Inventors: Max PRITIKIN, David A. McGREW, Jan VILHUBER, Brian E. WEIS
-
Publication number: 20100220856Abstract: In an example embodiment, a key generation system (KGS) is used to generate private pairwise keys between peers belonging to a group. Each member of the group is provisioned with a set of parameters which allows each member to generate a key with any other member of the group; however, no group member can derive a key for pairings involving other group members. The private pairwise keys may be used to derive session keys between peers belonging to the group. Optionally, an epoch value may be employed to derive the private pairwise keys.Type: ApplicationFiled: April 28, 2009Publication date: September 2, 2010Inventors: Johannes Petrus KRUYS, David McGrew, Max Pritikin, Joseph Salowey, Brian Weis
-
Patent number: 7748035Abstract: According to an approach for securely deploying and configuring network devices, a secure introduction connection is established between a network device being deployed and a registrar. The secure introduction connection may conform to a secure communications protocol, such as HTTPS. The registrar provides bootstrap configuration data to the network device over the secure introduction connection. The bootstrap configuration data is used to establish a secure management connection between the network device and a secure management gateway. The secure management connection may conform to a secure communications protocol, such as IPsec or HTTPS. The secure management gateway provides user-specific configuration data and security policy data to the network device over the secure management connection.Type: GrantFiled: April 22, 2005Date of Patent: June 29, 2010Assignee: Cisco Technology, Inc.Inventors: Plamen Nedeltchev, Max Pritikin, Gautam Aggarwal, Pedro J. Leonardo, David Iacobacci
-
Patent number: 7743246Abstract: A method of securely exchanging cryptographic identities through a mutually trusted intermediary is disclosed. Data, which specifies a petitioner's cryptographic identity and a petitioner's resource identifier, is received. Input, which specifies an authority's resource identifier, is received. The petitioner's cryptographic identity and the petitioner's resource identifier are sent to a destination that is associated with the authority's resource identifier. Data, which specifies the authority's cryptographic identity, is received. The authority's cryptographic identity is sent to a destination that is associated with the petitioner's resource identifier.Type: GrantFiled: October 7, 2008Date of Patent: June 22, 2010Assignee: Cisco Technology, Inc.Inventor: Max Pritikin
-
Publication number: 20090037727Abstract: A method of securely exchanging cryptographic identities through a mutually trusted intermediary is disclosed. Data, which specifies a petitioner's cryptographic identity and a petitioner's resource identifier, is received. Input, which specifies an authority's resource identifier, is received. The petitioner's cryptographic identity and the petitioner's resource identifier are sent to a destination that is associated with the authority's resource identifier. Data, which specifies the authority's cryptographic identity, is received. The authority's cryptographic identity is sent to a destination that is associated with the petitioner's resource identifier.Type: ApplicationFiled: October 7, 2008Publication date: February 5, 2009Inventor: Max Pritikin
-
Patent number: 7451305Abstract: A method of securely exchanging cryptographic identities through a mutually trusted intermediary is disclosed. Data, which specifies a petitioner's cryptographic identity and a petitioner's resource identifier, is received. Input, which specifies an authority's resource identifier, is received. The petitioner's cryptographic identity and the petitioner's resource identifier are sent to a destination that is associated with the authority's resource identifier. Data, which specifies the authority's cryptographic identity, is received. The authority's cryptographic identity is sent to a destination that is associated with the petitioner's resource identifier.Type: GrantFiled: April 10, 2003Date of Patent: November 11, 2008Assignee: Cisco Technology, Inc.Inventor: Max Pritikin
-
Publication number: 20080222413Abstract: According to one aspect, a provisioning server comprises a configuration module that configures a network device and an identification certification module that certifies the identity of the network device. With use of the provisioning server, the network device does not require configuration with network connectivity in order to obtain its certified identity. In one embodiment, configuration module configures the device for operation at the device's point of deployment in a network. In one embodiment, the identity certification module is configured to generate a digital certificate for the network device and the configuration module is configured to automatically configure the network device based on its digital certificate. The provisioning server is coupled to the network device with a secure communication link. As a result, a more trusted network device is ultimately deployed into its network of operation.Type: ApplicationFiled: May 23, 2008Publication date: September 11, 2008Inventors: Jan Vilhuber, Max Pritikin
-
Patent number: 7386721Abstract: According to one aspect, a provisioning server comprises a configuration module that configures a network device and an identification certification module that certifies the identity of the network device. With use of the provisioning server, the network device does not require configuration with network connectivity in order to obtain its certified identity. In one embodiment, configuration module configures the device for operation at the device's point of deployment in a network. In one embodiment, the identity certification module is configured to generate a digital certificate for the network device and the configuration module is configured to automatically configure the network device based on its digital certificate. The provisioning server is coupled to the network device with a secure communication link. As a result, a more trusted network device is ultimately deployed into its network of operation.Type: GrantFiled: March 12, 2003Date of Patent: June 10, 2008Assignee: Cisco Technology, Inc.Inventors: Jan Vilhuber, Max Pritikin
-
Publication number: 20080086634Abstract: In one embodiment, techniques to validate certificates using authentication, authorization, and accounting (AAA) services are provided. A service receives a request from a requester for validation of a certificate. The request may include the certificate associated with the requester. The servicer creates a AAA request that includes the certificate. The AAA request is then sent to the AAA server. A response is then received from the AAA server that includes a result of the certificate validation and also AAA attributes associated with any AAA services performed. The servicer may then validate the proof of possession of the private key or perform other type of authentication calculations after receiving the response from the AAA server if the response indicates the certificate was validated. The servicer can then perform an action based on the certificate validation and AAA attributes.Type: ApplicationFiled: October 10, 2006Publication date: April 10, 2008Applicant: Cisco Technology, Inc.Inventors: Joseph Salowey, Glen Zorn, Max Pritikin
-
Publication number: 20080046735Abstract: In one embodiment, a Manufacturer Installed Certificate (MIC) and a personal identification number are sent to a call controller to request a configuration profile. When the configuration file is received, the IP phone is provisioned according to the configuration profile.Type: ApplicationFiled: August 18, 2006Publication date: February 21, 2008Applicant: CISCO TECHNOLOGY, INC.Inventors: Plamen Nedeltchev, Robert T. Bell, Max Pritikin
-
Publication number: 20060242695Abstract: According to an approach for securely deploying and configuring network devices, a secure introduction connection is established between a network device being deployed and a registrar. The secure introduction connection may conform to a secure communications protocol, such as HTTPS. The registrar provides bootstrap configuration data to the network device over the secure introduction connection. The bootstrap configuration data is used to establish a secure management connection between the network device and a secure management gateway. The secure management connection may conform to a secure communications protocol, such as IPsec or HTTPS. The secure management gateway provides user-specific configuration data and security policy data to the network device over the secure management connection.Type: ApplicationFiled: April 22, 2005Publication date: October 26, 2006Inventors: Plamen Nedeltchev, Max Pritikin, Gautam Aggarwal, Pedro Leonardo, David Iacobacci