公开(公告)号：US20220231988A1

公开(公告)日：2022-07-21

申请号：US17248364

申请日：2021-01-21

Applicant: Cisco Technology, Inc.

Inventor： Jerome HENRY ,  Robert E. BARTON ,  Mark GRAYSON ,  Bart A. BRINCKMAN

IPC: H04L29/12 ,  H04L12/741

Abstract: A method includes linking, at an access node, a first media control access (MAC) address of a device to an identifier of the device to establish a communication session between the access node and the device and during the communication session, receiving, at the access node, an indication of a change of the first MAC address to a second MAC address. The method also includes linking, at the access node, the second MAC address to the first MAC address and the identifier and receiving, at the access node, a communication from the device using the second MAC address while maintaining the communication session.

公开(公告)号：US20230059304A1

公开(公告)日：2023-02-23

申请号：US17445295

申请日：2021-08-17

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar NAINAR ,  Robert E. BARTON ,  Carlos M. PIGNATARO ,  Jerome HENRY ,  Bart A. BRINCKMAN

IPC: H04L29/06 ,  H04W36/00 ,  H04W12/06

Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.

公开(公告)号：US20220338010A1

公开(公告)日：2022-10-20

申请号：US17301971

申请日：2021-04-20

Applicant: Cisco Technology, Inc.

Inventor： Jerome HENRY ,  Robert E. BARTON ,  Bart A. BRINCKMAN

IPC: H04W12/08 ,  H04W12/06 ,  H04W12/0431 ,  H04W60/06 ,  H04W76/11 ,  H04W36/00

Abstract: Techniques for trusted roaming between identity federation based networks. A first wireless access point (AP) receives a roaming request from a wireless station (STA), to roam from the first AP to a second AP. The first AP is associated with a first access network provider (ANP), the second AP is associated with a second ANP, and the first ANP is different from the second ANP. Authentication information relating to the STA is transmitted from the first ANP to the second ANP using a trusted connection. The trusted connection was previously established between the first ANP and the second ANP based on a query to an identity federation to which both the first and second ANP belong. The STA is de-associated from the first AP. The STA is re-associated at the second AP using the transmitted authentication information

公开(公告)号：US20220286447A1

公开(公告)日：2022-09-08

申请号：US17249644

申请日：2021-03-08

Applicant: Cisco Technology, Inc.

Inventor： Robert E. BARTON ,  Jerome HENRY ,  Nagendra Kumar NAINAR ,  Carlos M. PIGNATARO ,  Bart A. BRINCKMAN

IPC: H04L29/06

Abstract: Aspects described herein include a method and related network device and computer program product. The method includes authenticating an identity of a user of a client device associated with an access network provider. Authenticating the identity of the user includes receiving, from an identity provider, a credential associated with the identity and information identifying a network-based security service to be provided to the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a security service provider that is capable of providing the network-based security service to the client device.

公开(公告)号：US20220232375A1

公开(公告)日：2022-07-21

申请号：US17248366

申请日：2021-01-21

Applicant: Cisco Technology, Inc.

Inventor： Marcelo YANNUZZI ,  Herve MUYAL ,  Benjamin W. RYDER ,  Marco TRINELLI ,  Bart A. BRINCKMAN

IPC: H04W12/06 ,  H04W76/11 ,  H04W8/20 ,  H04W12/69

Abstract: A method includes receiving, at an access node, a connection request from a device and in response to the connection request, establishing a connection with an identity provider. The device, the access node, the local network, and the identity provider are members of an identity federation. The method also includes, after the device is authenticated with the identity provider, sending or receiving, to or from the identity provider and by the access node, data linking the device to an item and an owner of the device.

公开(公告)号：US20220141714A1

公开(公告)日：2022-05-05

申请号：US17148146

申请日：2021-01-13

Applicant: Cisco Technology, Inc.

Inventor： Malcolm M. SMITH ,  Jerome HENRY ,  Mark GRAYSON ,  Robert E. BARTON ,  Bart A. BRINCKMAN

IPC: H04W28/24 ,  H04W8/22 ,  H04W12/06 ,  H04W12/69

Abstract: Embodiments herein describe techniques for dynamically negotiating an SLA between a roaming device and a VN in an identity federation. Instead of an IDP having to individually negotiate with a VN to decide on an SLA before a user device roams to the VN, the parties can dynamically negotiate the SLA after the user device has detected the VN (but before the device is permitted to connect or associate with the VN). In one embodiment, when a roaming user device comes within wireless range of a VN, the roaming device receives an advertisement from the VN that indicates the current SLA (or SLAs) offered by the VN. The roaming device can compare this offered SLA to a stored SLA in an identity profile the device received from the IDP to determine whether to accept the offer. In another embodiment, the SLA is instead negotiated between VN and the IDP.

公开(公告)号：US20250016147A1

公开(公告)日：2025-01-09

申请号：US18803058

申请日：2024-08-13

Applicant: Cisco Technology, Inc.

Inventor： Domenico FICARA ,  Roberto MUCCIFORA ,  Amine CHOUKIR ,  Shree N. MURTHY ,  Bart A. BRINCKMAN ,  Mirko RACA

IPC: H04L9/40

Abstract: Aspects described herein include a method of automated grouping of client devices for a user-defined network (UDN). The method includes receiving, from a first client device, an authentication request to join an access provider network. The authentication request includes a unique identifier of the first client device. The method also includes transmitting the unique identifier to a UDN cloud and receiving a first list from the UDN cloud. The first list indicates that the UDN is associated with the unique identifier. The method further includes joining the first client device with a second client device present on the access provider network based on a second list from the UDN cloud. The second list indicates that the UDN is associated with the second device.

公开(公告)号：US20240388910A1

公开(公告)日：2024-11-21

申请号：US18789316

申请日：2024-07-30

Applicant: Cisco Technology, Inc.

Inventor： Jerome HENRY ,  Robert E. BARTON ,  Bart A. BRINCKMAN

IPC: H04W12/08 ,  H04W12/0431 ,  H04W12/06 ,  H04W36/00 ,  H04W60/06 ,  H04W76/11

Abstract: Techniques for trusted roaming between identity federation based networks. A first wireless access point (AP) receives a roaming request from a wireless station (STA), to roam from the first AP to a second AP. The first AP is associated with a first access network provider (ANP), the second AP is associated with a second ANP, and the first ANP is different from the second ANP. Authentication information relating to the STA is transmitted from the first ANP to the second ANP using a trusted connection. The trusted connection was previously established between the first ANP and the second ANP based on a query to an identity federation to which both the first and second ANP belong. The STA is de-associated from the first AP. The STA is re-associated at the second AP using the transmitted authentication information.

公开(公告)号：US20240154947A1

公开(公告)日：2024-05-09

申请号：US18414137

申请日：2024-01-16

Applicant: Cisco Technology, Inc.

Inventor： Nagendra Kumar NAINAR ,  Robert E. BARTON ,  Carlos M. PIGNATARO ,  Jerome HENRY ,  Bart A. BRINCKMAN

IPC: H04L9/40 ,  H04W12/06 ,  H04W36/00

CPC classification number: H04L63/0815 ,  H04L63/04 ,  H04L63/20 ,  H04W12/06 ,  H04W36/0038

Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.

公开(公告)号：US20230036506A1

公开(公告)日：2023-02-02

申请号：US17444021

申请日：2021-07-29

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Roberto MUCCIFORA ,  Amine CHOUKIR ,  Shree N. MURTHY ,  Bart A. BRINCKMAN ,  Mirko RACA

IPC: H04L29/06

Abstract: Aspects described herein include a method of automated grouping of client devices for a user-defined network (UDN). The method includes receiving, from a client device an authentication request to join an access provider network. The authentication request includes a unique identifier of the client device for a federation-based network. The method further includes transmitting the unique identifier to a UDN cloud, transmitting the authentication request to an identity provider, and receiving, responsive to the identity provider authenticating the authentication request, a list of one or more UDNs from the UDN cloud that are associated with the unique identifier. The method further includes joining the client device with one or more other client devices present on the access provider network listing a same UDN.