公开(公告)号：US11979391B2

公开(公告)日：2024-05-07

申请号：US17814345

申请日：2022-07-22

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain ,  Sudhir Kumar Jain

IPC: H04L9/40 ,  H04W8/24 ,  H04W12/041 ,  H04W12/06

CPC classification number: H04L63/0807 ,  H04W8/24 ,  H04W12/041 ,  H04W12/06

Abstract: Systems, methods, and computer-readable media are provided for an efficient roaming management method using a single association identifier token for associating with different access points. In one aspect of the present disclosure, a network controller includes memory having computer-readable instructions stored therein and one or more processors. The one or more processors are configured to execute the computer-readable instructions to receive a request from an endpoint to connect to a first access point; generate association identification token (e.g., PMK and PMKID) for the endpoint to connect to the first access point; and distribute the association identification token to a second access point prior to the endpoint attempting to connect to the second access point, the association identification token being used by the second access point to validate a subsequent request by the endpoint to connect to the second access point.

公开(公告)号：US11678402B2

公开(公告)日：2023-06-13

申请号：US17142914

申请日：2021-01-06

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mahesh Satyanarayana ,  Srinath Gundavelli

IPC: H04W80/00 ,  H04W80/10 ,  H04L67/14 ,  H04W76/12 ,  H04W76/11

CPC classification number: H04W80/10 ,  H04L67/14 ,  H04W76/11 ,  H04W76/12

Abstract: A network function is configured to initiate a bulk session cleanup with a single release request. The network function detects a configuration change to a wireless network system that affects multiple user sessions for multiple user devices. The network function generates a single bulk session release request identifying the affected user sessions and provides the single bulk session release request to at least one other network function responsible for the user sessions.

公开(公告)号：US20230017423A1

公开(公告)日：2023-01-19

申请号：US17375765

申请日：2021-07-14

Applicant: Cisco Technology, Inc.

Inventor： Ravi Kiran Guntupalli ,  Srinath Gundavelli ,  Abhishek Dhammawat

IPC: H04W76/10 ,  H04W48/20 ,  H04W68/00

Abstract: Disclosed are embodiments that leverage a central control plane of a managed 5G network service architecture across multiple serviced tenants by deploying tenant specific user plane function (UPF) and gNB components within tenant managed compute infrastructure. To enable this architecture, the disclosed embodiments assign gNBs and UPF instances to specific tenants and communicate those assignments to core components. Policies can be defined and applied to specific tenants from the central control plane. Inbound data routing to a specific tenant is accomplished by referencing a data store in the control plane that identifies which gNBs are assigned to a tenant associated with the incoming data. Those gNBs are then paged to service the incoming data.

公开(公告)号：US11553371B2

公开(公告)日：2023-01-10

申请号：US17084150

申请日：2020-10-29

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Srinath Gundavelli ,  Mahesh Satyanarayana

IPC: H04W28/02 ,  H04W28/24 ,  H04W76/20

Abstract: In one illustrative example, a user plane function (UPF) may detect initial traffic for an application for a user equipment (UE) for which no current dedicated Quality of Service (QoS) flow is established. In response, the UPF may send, to a control plane function, a message which indicates a request for creating a dedicated QoS Flow for traffic for the application for the UE. The message may include flow metadata and an application identifier obtained in detecting the initial traffic. A QoS Flow may then be created for the traffic based on a selected QoS policy associated with the application identifier. Subsequently, the UPF may determine that a measured time period of traffic inactivity for the QoS Flow is outside a limit set by a threshold. Based on the determining, the UPF may send, to the control plane function, a message which indicates a request for deleting the QoS Flow.

公开(公告)号：US20220385571A1

公开(公告)日：2022-12-01

申请号：US17332264

申请日：2021-05-27

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Srinath Gundavelli

IPC: H04L12/721 ,  H04L12/725 ,  H04L29/08

Abstract: A user plane function (UPF) node may receive a packet for traffic associated with a user equipment (UE). During packet classification, the UPF node may identify that a packet filter for the packet is not found in a packet filter set of an existing Quality of Service (QoS) Flow. In response, the UPF node may configure the packet filter in the packet filter set of the QoS Flow based on a flow tuple of the packet. The UPF node may send, to a control plane function node, a message which indicates a request for adding the flow tuple to the QoS Flow. The message may be for triggering communication of a message which indicates a session modification command for receipt by the UE, for adding an uplink packet filter that is based on the flow tuple for the QoS Flow.

公开(公告)号：US11246011B1

公开(公告)日：2022-02-08

申请号：US17036130

申请日：2020-09-29

Applicant: Cisco Technology, Inc.

Inventor： Mahesh Satyanarayana ,  Abhishek Dhammawat

IPC: H04W4/08 ,  H04W40/02 ,  H04L12/707 ,  H04L12/18

Abstract: Techniques are described herein for providing cellular access of a user-defined network. In one example, a user plane function of a cellular network obtains, from a control plane function of the cellular network, an indication that a first user equipment is attempting to connect to a user-defined network via the cellular network. The user plane function joins a multicast group configured to include a second user equipment connected to the user-defined network via a wireless local area network. The user plane function obtains a multicast packet that is transmitted between the first user equipment and the second user equipment and that is addressed to the multicast group, and converts the multicast packet to a unicast packet.

公开(公告)号：US11240661B2

公开(公告)日：2022-02-01

申请号：US16559048

申请日：2019-09-03

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain

IPC: H04W12/06 ,  H04W12/10 ,  H04W12/04 ,  H04W80/02 ,  H04L9/32 ,  H04L9/08 ,  H04W12/041

Abstract: A secure Simultaneous Authentication of Equals (SAE) anti-clogging mechanism may be provided. A public key of an access point may be provided from the access point to a client attempting to connect with a network via the access point. The access point may receive from the client a first anti-clogging token and a public key of the client. The first anti-clogging token may be generated by the first client using a shared secret based on a private key of the client and the public key of the access point and a multiplier. The access point may generate a second anti-clogging token using a shared secret based on a private key of the access point and the public key of the client and the multiplier. The access point may then verify the first anti-clogging token and the second anti-clogging token match to authenticate the client.

公开(公告)号：US10966087B2

公开(公告)日：2021-03-30

申请号：US16192590

申请日：2018-11-15

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain

IPC: H04L29/08 ,  H04W12/06 ,  H04W12/106 ,  H04W12/0431 ,  H04L9/30 ,  H04W84/12 ,  H04W88/08

Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.

公开(公告)号：US20210067961A1

公开(公告)日：2021-03-04

申请号：US16559048

申请日：2019-09-03

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain

IPC: H04W12/06 ,  H04W12/04 ,  H04L9/08 ,  H04L9/32 ,  H04W80/02

Abstract: A secure Simultaneous Authentication of Equals (SAE) anti-clogging mechanism may be provided. A public key of an access point may be provided from the access point to a client attempting to connect with a network via the access point. The access point may receive from the client a first anti-clogging token and a public key of the client. The first anti-clogging token may be generated by the first client using a shared secret based on a private key of the client and the public key of the access point and a multiplier. The access point may generate a second anti-clogging token using a shared secret based on a private key of the access point and the public key of the client and the multiplier. The access point may then verify the first anti-clogging token and the second anti-clogging token match to authenticate the client.

公开(公告)号：US12156292B2

公开(公告)日：2024-11-26

申请号：US18299400

申请日：2023-04-12

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mahesh Satyanarayana ,  Srinath Gundavelli

IPC: H04W80/00 ,  H04L67/14 ,  H04W76/11 ,  H04W76/12 ,  H04W80/10

Abstract: A network function is configured to initiate a bulk session cleanup with a single release request. The network function detects a configuration change to a wireless network system that affects multiple user sessions for multiple user devices. The network function generates a single bulk session release request identifying the affected user sessions and provides the single bulk session release request to at least one other network function responsible for the user sessions.