公开(公告)号：US11611875B2

公开(公告)日：2023-03-21

申请号：US17203898

申请日：2021-03-17

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain

IPC: H04W12/06 ,  H04W12/106 ,  H04W12/0431 ,  H04L9/30 ,  H04W84/12 ,  H04W88/08

Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.

公开(公告)号：US20220360578A1

公开(公告)日：2022-11-10

申请号：US17814345

申请日：2022-07-22

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain ,  Sudhir Kumar Jain

IPC: H04L9/40 ,  H04W12/06 ,  H04W12/041 ,  H04W8/24

Abstract: Systems, methods, and computer-readable media are provided for an efficient roaming management method using a single association identifier token for associating with different access points. In one aspect of the present disclosure, a network controller includes memory having computer-readable instructions stored therein and one or more processors. The one or more processors are configured to execute the computer-readable instructions to receive a request from an endpoint to connect to a first access point; generate association identification token (e.g., PMK and PMKID) for the endpoint to connect to the first access point; and distribute the association identification token to a second access point prior to the endpoint attempting to connect to the second access point, the association identification token being used by the second access point to validate a subsequent request by the endpoint to connect to the second access point.

公开(公告)号：US20220217814A1

公开(公告)日：2022-07-07

申请号：US17142914

申请日：2021-01-06

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mahesh Satyanarayana ,  Srinath Gundavelli

IPC: H04W80/10 ,  H04W76/11 ,  H04W76/12 ,  H04L29/08

Abstract: A network function is configured to initiate a bulk session cleanup with a single release request. The network function detects a configuration change to a wireless network system that affects multiple user sessions for multiple user devices. The network function generates a single bulk session release request identifying the affected user sessions and provides the single bulk session release request to at least one other network function responsible for the user sessions.

公开(公告)号：US11271831B2

公开(公告)日：2022-03-08

申请号：US16743147

申请日：2020-01-15

Applicant: Cisco Technology, Inc.

Inventor： Santosh Ramrao Patil ,  Abhishek Dhammawat ,  Gary Boon

IPC: H04L12/26 ,  H04L43/04 ,  H04L41/142 ,  H04L43/0829 ,  H04W72/04 ,  H04L41/147 ,  H04L67/146

Abstract: Techniques that provide proactive and intelligent packet capturing are described herein. In one embodiment, a method includes storing information associated with a plurality of user equipment (UE) sessions of a plurality of UEs within a mobile network; detecting an anomaly associated with at least one UE session of at least one UE based, at least in part, on the information stored for the at least one UE session; and activating a trace for the at least one UE session based, at least in part, on detecting the anomaly associated with the at least one UE session, wherein activating the trace comprises capturing packet information for a data packet flow associated with the at least one UE session at one or more data-path network elements of a plurality of data-path network elements within the mobile network.

公开(公告)号：US11129022B2

公开(公告)日：2021-09-21

申请号：US16194550

申请日：2018-11-19

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Sudhir Kumar Jain ,  Mansi Jain

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/04 ,  H04L9/08 ,  H04L9/32

Abstract: A wireless network environment includes a plurality of access points, a wireless local area network (WLAN) controller, and a plurality of client devices. The client devices attempt to authenticate with the WLAN controller to gain access to wireless services provided by the WLAN controller and/or the access points. To authenticate with the WLAN controller, the WLAN controller obtains a request to establish a wireless network connection from one or more of the client devices. The WLAN controller then provides a response to the request. The response indicates whether the WLAN controller supports performing password-mapped simultaneous authentication of equals (SAE). The WLAN controller then obtains a message including a password-mapped identifier from the client device. The WLAN controller then establishes a connection with the client device based on the password obtained with password-mapped identifier mapping at WLC.

公开(公告)号：US20200280499A1

公开(公告)日：2020-09-03

申请号：US16743147

申请日：2020-01-15

Applicant: Cisco Technology, Inc.

Inventor： Santosh Ramrao Patil ,  Abhishek Dhammawat ,  Gary Boon

IPC: H04L12/26 ,  H04L12/24 ,  H04L29/08 ,  H04W72/04

Abstract: Techniques that provide proactive and intelligent packet capturing are described herein. In one embodiment, a method includes storing information associated with a plurality of user equipment (UE) sessions of a plurality of UEs within a mobile network; detecting an anomaly associated with at least one UE session of at least one UE based, at least in part, on the information stored for the at least one UE session; and activating a trace for the at least one UE session based, at least in part, on detecting the anomaly associated with the at least one UE session, wherein activating the trace comprises capturing packet information for a data packet flow associated with the at least one UE session at one or more data-path network elements of a plurality of data-path network elements within the mobile network.

公开(公告)号：US09992625B2

公开(公告)日：2018-06-05

申请号：US15197233

申请日：2016-06-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Abhishek Dhammawat ,  Arun Kavunder

IPC: H04W4/02 ,  H04W64/00 ,  H04J11/00 ,  H04L29/12 ,  H04L29/06 ,  H04W4/00 ,  H04W8/04 ,  H04W12/02 ,  H04W72/04 ,  H04W12/04 ,  H04W12/06 ,  H04W84/12 ,  H04W88/02 ,  H04W88/12 ,  H04W88/16

CPC classification number: H04W4/027 ,  H04J11/00 ,  H04L61/203 ,  H04L61/6022 ,  H04L61/6059 ,  H04L63/0892 ,  H04L63/30 ,  H04L69/16 ,  H04W4/02 ,  H04W4/021 ,  H04W4/029 ,  H04W4/80 ,  H04W8/04 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W48/00 ,  H04W64/00 ,  H04W64/003 ,  H04W64/006 ,  H04W72/0493 ,  H04W84/12 ,  H04W88/02 ,  H04W88/12 ,  H04W88/16

Abstract: An example method is provided and may include retrieving by a user equipment (UE) an access point (AP) Media Access Control (MAC) address for an AP to which the UE is connected; reporting location information for the UE to an evolved Packet Data Gateway over an SWu interface using Internet Key Exchange version 2 (IKEv2) protocol, wherein the location information includes, at least in part, a UE location in GPS coordinates, a service set identifier, the retrieved AP MAC address and cell identity information for the UE; and populating a location database with the location information. The method can include embedding the location information in an identity initiator (Idi) of an IKE Authentication Request (IKE_AUTH_REQ) message using a Network Access Identifier (NAI) and communicating the location information from the ePDG to a PGW over an S2b interface using a private extension information element of GPRS Tunneling Protocol version 2 (GTPv2).

公开(公告)号：US20160316339A1

公开(公告)日：2016-10-27

申请号：US15197233

申请日：2016-06-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Abhishek Dhammawat ,  Arun Kavunder

IPC: H04W4/02 ,  H04W12/04 ,  H04W12/06 ,  H04W8/04 ,  H04W64/00 ,  H04W72/04 ,  H04J11/00 ,  H04W12/02 ,  H04W4/00 ,  H04L29/12 ,  H04L29/06

CPC classification number: H04W4/027 ,  H04J11/00 ,  H04L61/203 ,  H04L61/6022 ,  H04L61/6059 ,  H04L63/0892 ,  H04L63/30 ,  H04L69/16 ,  H04W4/02 ,  H04W4/021 ,  H04W4/029 ,  H04W4/80 ,  H04W8/04 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W48/00 ,  H04W64/00 ,  H04W64/003 ,  H04W64/006 ,  H04W72/0493 ,  H04W84/12 ,  H04W88/02 ,  H04W88/12 ,  H04W88/16

Abstract: An example method is provided and may include retrieving by a user equipment (UE) an access point (AP) Media Access Control (MAC) address for an AP to which the UE is connected; reporting location information for the UE to an evolved Packet Data Gateway over an SWu interface using Internet Key Exchange version 2 (IKEv2) protocol, wherein the location information includes, at least in part, a UE location in GPS coordinates, a service set identifier, the retrieved AP MAC address and cell identity information for the UE; and populating a location database with the location information. The method can include embedding the location information in an identity initiator (Idi) of an IKE Authentication Request (IKE_AUTH_REQ) message using a Network Access Identifier (NAI) and communicating the location information from the ePDG to a PGW over an S2b interface using a private extension information element of GPRS Tunneling Protocol version 2 (GTPv2).

Abstract translation: 提供了一种示例性方法，并且可以包括由用户设备（UE）检索用于所述UE所连接的AP的接入点（AP）媒体接入控制（MAC）地址; 通过使用互联网密钥交换版本2（IKEv2）协议的SWu接口将UE的位置信息报告给演进的分组数据网关，其中所述位置信息至少部分地至少部分地包括GPS坐标中的UE位置，服务集标识符， 检索到的用于UE的AP MAC地址和小区标识信息; 并使用位置信息填充位置数据库。 该方法可以包括使用网络接入标识符（NAI）将位置信息嵌入在IKE认证请求（IKE_AUTH_REQ）消息的身份启动器（Idi）中，并且通过使用私有的通过S2b接口将位置信息从ePDG传送到PGW GPRS隧道协议版本2（GTPv2）的扩展信息元素。

公开(公告)号：US20160127371A1

公开(公告)日：2016-05-05

申请号：US14528920

申请日：2014-10-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Abhishek Dhammawat

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/061 ,  H04L63/0892 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10

Abstract: An example method is provided and may include receiving a DIAMETER-based error over an SWm interface by a first evolved packet data gateway (ePDG) for a user equipment (UE) attempting to connect to the first ePDG; determining an Internet Key Exchange version two (IKEv2) error type corresponding to the DIAMETER-based error; and communicating the IKEv2 error type to the UE over an SWu interface. In some cases, the IKEv2 error type can be included in a notify payload or in a vendor ID payload for an IKE authentication response (IKE_AUTH_RESP) message. By distinguishing the IKEv2 error type, the UE can determine whether the error is a temporary or a permanent type and can determine whether to attempt to connect again to the first ePDG after a period of time or attempt to connect to another ePDG, which can help to reduce unnecessary signaling and provide better connectivity and user experience.

Abstract translation: 提供了示例性方法，并且可以包括：针对尝试连接到第一ePDG的用户设备（UE）的第一演进分组数据网关（ePDG）在SWm接口上接收基于DIAMETER的错误; 确定对应于基于DIAMETER的错误的Internet密钥交换版本二（IKEv2）错误类型; 并通过SWu接口将IKEv2错误类型传送给UE。 在某些情况下，IKEv2错误类型可以包含在通知有效载荷中或供应商ID有效载荷中用于IKE认证响应（IKE_AUTH_RESP）消息。 通过区分IKEv2错误类型，UE可以确定错误是临时还是永久类型，并且可以确定是否尝试在一段时间后再次连接到第一个ePDG，或尝试连接到另一个ePDG，这可以帮助 以减少不必要的信令并提供更好的连接和用户体验。

公开(公告)号：US09179436B1

公开(公告)日：2015-11-03

申请号：US14466747

申请日：2014-08-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Abhishek Dhammawat ,  Arun Kavunder

IPC: H04W64/00

CPC classification number: H04W4/027 ,  H04J11/00 ,  H04L61/203 ,  H04L61/6022 ,  H04L61/6059 ,  H04L63/0892 ,  H04L63/30 ,  H04L69/16 ,  H04W4/02 ,  H04W4/021 ,  H04W4/029 ,  H04W4/80 ,  H04W8/04 ,  H04W12/02 ,  H04W12/04 ,  H04W12/06 ,  H04W48/00 ,  H04W64/00 ,  H04W64/003 ,  H04W64/006 ,  H04W72/0493 ,  H04W84/12 ,  H04W88/02 ,  H04W88/12 ,  H04W88/16

Abstract: An example method is provided and may include retrieving by a user equipment (UE) an access point (AP) Media Access Control (MAC) address for an AP to which the UE is connected; reporting location information for the UE to an evolved Packet Data Gateway over an SWu interface using Internet Key Exchange version 2 (IKEv2) protocol, wherein the location information includes, at least in part, a UE location in GPS coordinates, a service set identifier, the retrieved AP MAC address and cell identity information for the UE; and populating a location database with the location information. The method can include embedding the location information in an identity initiator (Idi) of an IKE Authentication Request (IKE_AUTH_REQ) message using a Network Access Identifier (NAI) and communicating the location information from the ePDG to a PGW over an S2b interface using a private extension information element of GPRS Tunneling Protocol version 2 (GTPv2).

Abstract translation: 提供了一种示例性方法，并且可以包括由用户设备（UE）检索用于所述UE所连接的AP的接入点（AP）媒体接入控制（MAC）地址; 通过使用互联网密钥交换版本2（IKEv2）协议的SWu接口将UE的位置信息报告给演进的分组数据网关，其中所述位置信息至少部分地至少部分地包括GPS坐标中的UE位置，服务集标识符， 检索到的用于UE的AP MAC地址和小区标识信息; 并使用位置信息填充位置数据库。 该方法可以包括使用网络接入标识符（NAI）将位置信息嵌入在IKE认证请求（IKE_AUTH_REQ）消息的身份启动器（Idi）中，并且通过使用私有的通过S2b接口将位置信息从ePDG传送到PGW GPRS隧道协议版本2（GTPv2）的扩展信息元素。