Patents by Inventor William F. SULZEN

William F. SULZEN has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11934525
    Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.
    Type: Grant
    Filed: April 4, 2022
    Date of Patent: March 19, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Patent number: 11924043
    Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. A recipient node in a network environment can receive a neighbor discovery (ND) message from an originating node in the network environment that are both implementing a neighbor discovery protocol. Trustworthiness of the originating node can be verified by identifying a level of trust of the originating node based on attestation information for the originating node included in the ND message received at the recipient node. Connectivity with the recipient node through the network environment can be managed based on the level of trust of the originating node identified from the attestation information included in the ND message.
    Type: Grant
    Filed: November 2, 2021
    Date of Patent: March 5, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Patent number: 11882176
    Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.
    Type: Grant
    Filed: January 24, 2023
    Date of Patent: January 23, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Patent number: 11784808
    Abstract: Systems, methods, and computer-readable media for authenticating access control messages include receiving, at a first node, access control messages from a second node. The first node and the second node including network devices and the access control messages can be based on RADIUS or TACACS+ protocols among others. The first node can obtain attestation information from one or more fields of the access control messages determine whether the second node is authentic and trustworthy based on the attestation information. The first node can also determine reliability or freshness of the access control messages based on the attestation information. The first node can be a server and the second node can be a client, or the first node can be a client and the second node can be a server. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp.
    Type: Grant
    Filed: April 18, 2022
    Date of Patent: October 10, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Patent number: 11652874
    Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.
    Type: Grant
    Filed: July 5, 2022
    Date of Patent: May 16, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Patent number: 11570242
    Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.
    Type: Grant
    Filed: October 12, 2021
    Date of Patent: January 31, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Publication number: 20220394054
    Abstract: Systems, methods, and computer-readable media for discovering trustworthy devices through attestation and authenticating devices through mutual attestation. A relying node in a network environment can receive attestation information from an attester node in the network environment as part of a unidirectional push of information from the attester node according to a unidirectional link layer communication scheme. A trustworthiness of the attester node can be verified by identifying a level of trust of the attester node from the attestation information. Further, network service access of the attester node through the relying node in the network environment can be controlled based on the level of trust of the attester node identified from the attestation information.
    Type: Application
    Filed: August 8, 2022
    Publication date: December 8, 2022
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Publication number: 20220353322
    Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.
    Type: Application
    Filed: July 5, 2022
    Publication date: November 3, 2022
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Patent number: 11451560
    Abstract: Systems, methods, and computer-readable media are disclosed for measurement of trustworthiness of network devices prior to their configuration and deployment in a network. In one aspect of the present disclosure, a method for pre-configuration of network devices includes receiving, at a dynamic host configuration server, a first request from a network device for configuration data, the configuration data including at least an IP address; sending, by the dynamic host configuration server, a second request to the network device for attestation information; verifying, by the dynamic host configuration server, the network device based on the attestation information; and assigning, by the dynamic host configuration server, the configuration data to the network device upon verifying the network device.
    Type: Grant
    Filed: March 3, 2020
    Date of Patent: September 20, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners, Selvaraj Mani, Eliot Lear
  • Patent number: 11411994
    Abstract: Systems, methods, and computer-readable media for discovering trustworthy devices through attestation and authenticating devices through mutual attestation. A relying node in a network environment can receive attestation information from an attester node in the network environment as part of a unidirectional push of information from the attester node according to a unidirectional link layer communication scheme. A trustworthiness of the attester node can be verified by identifying a level of trust of the attester node from the attestation information. Further, network service access of the attester node through the relying node in the network environment can be controlled based on the level of trust of the attester node identified from the attestation information.
    Type: Grant
    Filed: April 3, 2020
    Date of Patent: August 9, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Publication number: 20220239476
    Abstract: Systems, methods, and computer-readable media for authenticating access control messages include receiving, at a first node, access control messages from a second node. The first node and the second node including network devices and the access control messages can be based on RADIUS or TACACS+ protocols among others. The first node can obtain attestation information from one or more fields of the access control messages determine whether the second node is authentic and trustworthy based on the attestation information. The first node can also determine reliability or freshness of the access control messages based on the attestation information. The first node can be a server and the second node can be a client, or the first node can be a client and the second node can be a server. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp.
    Type: Application
    Filed: April 18, 2022
    Publication date: July 28, 2022
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Publication number: 20220222347
    Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.
    Type: Application
    Filed: April 4, 2022
    Publication date: July 14, 2022
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Publication number: 20220174091
    Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. An ARP responder can receive an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment. The ARP responder can build an ARP response including attestation information of the ARP responder. Further, the ARP responder can provide, to the ARP requestor, the attestation information for verifying the ARP responder using the ARP response and the attestation information of the ARP responder.
    Type: Application
    Filed: February 15, 2022
    Publication date: June 2, 2022
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, William F. Sulzen, Frank Brockners
  • Patent number: 11343091
    Abstract: Systems, methods, and computer-readable media for authenticating access control messages include receiving, at a first node, access control messages from a second node. The first node and the second node including network devices and the access control messages can be based on RADIUS or TACACS+ protocols among others. The first node can obtain attestation information from one or more fields of the access control messages determine whether the second node is authentic and trustworthy based on the attestation information. The first node can also determine reliability or freshness of the access control messages based on the attestation information. The first node can be a server and the second node can be a client, or the first node can be a client and the second node can be a server. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp.
    Type: Grant
    Filed: February 6, 2020
    Date of Patent: May 24, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Patent number: 11321465
    Abstract: Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for establishing and/or maintaining a trustworthy encrypted network session. An example method can include sending, via a server and using a cryptographic security protocol, a message associated with establishing an encrypted network session; receiving a response from a client device; identifying a level of trust of the client device based on the response; determining whether to perform a next step in the cryptographic security protocol based on the level of trust, wherein the cryptographic security protocol comprises at least one of a Secure Shell (SSH) protocol, a Transport Layer Security (TLS) protocol, a Secure Sockets Layer (SSL) protocol, and an Internet Protocol Security (IPsec) protocol.
    Type: Grant
    Filed: January 24, 2020
    Date of Patent: May 3, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Patent number: 11277442
    Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. An ARP responder can receive an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment. The ARP responder can build an ARP response including attestation information of the ARP responder. Further, the ARP responder can provide, to the ARP requestor, the attestation information for verifying the ARP responder using the ARP response and the attestation information of the ARP responder.
    Type: Grant
    Filed: December 12, 2019
    Date of Patent: March 15, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, William F. Sulzen, Frank Brockners
  • Publication number: 20220070251
    Abstract: A verifier peer system transmits a request to an application of another peer system to obtain integrity data of the application. In response to the request, the verifier peer system obtains a response that includes kernel secure boot metrics of the other peer system and integrity data of the application and of any application dependencies. If the verifier peer system determines that the response is valid, the verifier peer system evaluates the integrity data and the kernel secure boot metrics against a set of Known Good Values to determine whether the integrity data and the kernel secure boot metrics are valid. If the integrity data and the kernel secure boot metrics are valid, the verifier peer system determines that the other peer system is trustworthy.
    Type: Application
    Filed: October 12, 2021
    Publication date: March 3, 2022
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Publication number: 20220060384
    Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. A recipient node in a network environment can receive a neighbor discovery (ND) message from an originating node in the network environment that are both implementing a neighbor discovery protocol. Trustworthiness of the originating node can be verified by identifying a level of trust of the originating node based on attestation information for the originating node included in the ND message received at the recipient node. Connectivity with the recipient node through the network environment can be managed based on the level of trust of the originating node identified from the attestation information included in the ND message.
    Type: Application
    Filed: November 2, 2021
    Publication date: February 24, 2022
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Patent number: 11196634
    Abstract: Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. A recipient node in a network environment can receive a neighbor discovery (ND) message from an originating node in the network environment that are both implementing a neighbor discovery protocol. Trustworthiness of the originating node can be verified by identifying a level of trust of the originating node based on attestation information for the originating node included in the ND message received at the recipient node. Connectivity with the recipient node through the network environment can be managed based on the level of trust of the originating node identified from the attestation information included in the ND message.
    Type: Grant
    Filed: December 27, 2019
    Date of Patent: December 7, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Sujal Sheth, Shwetha Subray Bhandari, Eric Voit, William F. Sulzen, Frank Brockners
  • Patent number: 11171786
    Abstract: A secure bus for pre-placement of device capabilities across a set of cryptoprocessors may be provided. A first cryptoprocessor may receive a key corresponding to a second cryptoprocessor and it may receive an object in response to the object being instantiated on the second cryptoprocessor. Next, the first cryptoprocessor may use the key to determine that the second cryptoprocessor signed the object. The first cryptoprocessor may then store the object in the first cryptoprocessor in response to determining that the second cryptoprocessor signed the object. Then the first cryptoprocessor may receive a request for the object and provide a response to the request.
    Type: Grant
    Filed: March 21, 2019
    Date of Patent: November 9, 2021
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Eric Voit, David C. Lapier, William F. Sulzen, Pagalavan Krishnamoorthy