公开(公告)号：US20240064125A1

公开(公告)日：2024-02-22

申请号：US18501275

申请日：2023-11-03

Applicant: Cisco Technology, Inc.

Inventor： Roberto Muccifora ,  Domenico Ficara ,  Amine Choukir ,  Anirban Karmakar ,  Vincent Cuissard ,  Sudhir Kumar Jain

IPC: H04L61/5061 ,  H04L61/5053

CPC classification number: H04L61/5061 ,  H04L61/5053 ,  H04W88/02

Abstract: Techniques are provided that rotate a device address used to identify a wireless client device on a wireless network. The wireless client device and at least one network infrastructure component identify a plurality of device addresses associated with the wireless client device. In some embodiments, the plurality of device addresses are generated via a corresponding plurality of invocations of a stateful random number generator, such as a cryptographically secure pseudorandom number generator.

公开(公告)号：US11855961B2

公开(公告)日：2023-12-26

申请号：US17329827

申请日：2021-05-25

Applicant: Cisco Technology, Inc.

Inventor： Roberto Muccifora ,  Domenico Ficara ,  Amine Choukir ,  Anirban Karmakar ,  Vincent Cuissard ,  Sudhir Kumar Jain

IPC: H04L61/5061 ,  H04L61/5053 ,  H04W88/02

CPC classification number: H04L61/5061 ,  H04L61/5053 ,  H04W88/02

Abstract: Techniques are provided that rotate a device address used to identify a wireless client device on a wireless network. The wireless client device and at least one network infrastructure component identify a plurality of device addresses associated with the wireless client device. In some embodiments, the plurality of device addresses are generated via a corresponding plurality of invocations of a stateful random number generator, such as a cryptographically secure pseudorandom number generator.

公开(公告)号：US20230221961A1

公开(公告)日：2023-07-13

申请号：US17571906

申请日：2022-01-10

Applicant: Cisco Technology, Inc.

Inventor： Thomas Vegas ,  Domenico Ficara ,  Anirban Karmakar ,  Giacomo Trifilo ,  Amine Choukir

IPC: G06F9/38

CPC classification number: G06F9/3861 ,  G06F9/3867

Abstract: This disclosure describes techniques for performing a remote front-drop of data for recovery after a pipeline stall. The techniques include using a receiver-side dropping strategy that is driven from the sender-side. Components of a pipeline determine whether a pipeline is operating within specified latency constraints (e.g., experiencing a pipeline stall). Upon detecting a pipeline stall, the sending device is notified of the stall. Once the sending device is notified of the pipeline stall, the sending device can determine what action(s) to perform to address the pipeline stall. For example, the sending device may instruct one or more components of the pipeline to discard already sent data that has not been processed. This allows the older data to be dropped on the stalled pipeline while keeping the more recently sent data.

公开(公告)号：US20230198990A1

公开(公告)日：2023-06-22

申请号：US17552394

申请日：2021-12-16

Applicant: Cisco Technology, Inc.

Inventor： Roberto Muccifora ,  Domenico Ficara ,  Amine Choukir ,  Ugo Mario Campiglio ,  Shree Murthy ,  Stephen M. Orr

IPC: H04L9/40 ,  H04L61/5038 ,  H04L45/74 ,  H04L101/622

CPC classification number: H04L63/102 ,  H04L63/0876 ,  H04L61/5038 ,  H04L63/104 ,  H04L45/74 ,  H04L2101/622

Abstract: Group identity assignment and policy enforcement may be provided. A User Defined Network Identifier (UDN ID) defining a group of client devices may be received. Next, a client identifier (ID) associated with a source client device that is associated with the group of client devices may be received. The UDN ID and the client ID may be encoded in an Extended Local Identifier (ELI) Media Access Control (MAC) address associated with the source client device. A source MAC address of a packet received from the source client device may then be substituted with the ELI MAC address. Then the packet may be forwarded.

公开(公告)号：US11665544B2

公开(公告)日：2023-05-30

申请号：US17147319

申请日：2021-01-12

Applicant: Cisco Technology, Inc.

Inventor： Ugo Mario Campiglio ,  Amine Choukir ,  Roberto Muccifora ,  Domenico Ficara ,  Sachin Dinkar Wakudkar

IPC: H04L9/40 ,  H04W12/06 ,  H04W12/069 ,  H04W12/71 ,  H04W12/041 ,  H04W12/033

CPC classification number: H04W12/069 ,  H04W12/033 ,  H04W12/041 ,  H04W12/71

Abstract: A method for providing multicast frames in a Multi-Dwelling Unit (MDU) is provided herein. An Access Point (AP) can receive a join request from a first client device. The AP can generate a Group Master Key (GMK) from the Pre-Shared Key (PSK) associated with a Basic Service Set (BSS) that includes the first client device. The AP can then derive a Group Transient Key (GTK) from the GMK. The AP may then send the GTK to the first client device. Thereinafter, the AP can send multicast frames to the first client device encrypted by the GTK. The first client device can decrypt the multicast frames with the GTK. However, a second client device, that does not share the PSK, may receive the multicast frame but cannot decrypt the multicast frames.

公开(公告)号：US20210360400A1

公开(公告)日：2021-11-18

申请号：US17090169

申请日：2020-11-05

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Ugo Mario Campiglio ,  Amine Choukir ,  Sachin Dinkar Wakudkar ,  Javier Ignacio Contreras Albesa ,  Jerome Henry

IPC: H04W12/06 ,  H04W12/04 ,  H04W12/00

Abstract: Presented herein are techniques to manage a wireless local area network. A method includes defining a plurality of geographical zones corresponding to a geographical area that is serviced by a common service set identifier for a wireless local area network, assigning a pre-shared key to a mobile station based on the plurality of geographical zones, wherein the pre-shared key is associated with predetermined policies for a user of the mobile station, associating a media access control address of the mobile station with the pre-shared key, and controlling access of the mobile station to the wireless local area network based on the predetermined policies.

公开(公告)号：US11140043B2

公开(公告)日：2021-10-05

申请号：US16576387

申请日：2019-09-19

Applicant: Cisco Technology Inc.

Inventor： Amine Choukir ,  Roberto Muccifora ,  Antonio Trifilo ,  Domenico Ficara ,  Vincent Cuissard ,  Salvatore Valenza

IPC: H04L12/24 ,  H04W12/06 ,  H04L29/12 ,  H04W84/12

Abstract: A method is provided in a wireless local area network controller in a wireless communication network. The wireless communication network includes one or more virtual networks identified with virtual network IDs, VNIDs. A request is received from a wireless client to onboard onto the network and the wireless client is mapped to an onboarding VNID. The onboarding VNID is associated with an onboarding virtual network that does not require an authentication of the wireless client. An Internet Protocol address assignment is forwarded to the wireless client. The wireless client is remapped from the onboarding VNID to the destination VNID after authenticating the wireless client. The wireless client maintains the assigned IP address after moving from the onboarding VNID to the destination VNID. Access to the wireless client on a virtual network identified by the destination VNID is provided via the assigned IP address.

公开(公告)号：US12267207B2

公开(公告)日：2025-04-01

申请号：US18623438

申请日：2024-04-01

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Amine Choukir ,  Salvatore Valenza ,  Vincent Cuissard

IPC: H04L41/0806 ,  H04L41/0853 ,  H04L41/0893

Abstract: A system and a method to dynamically reprovision network devices may include a first network device configured to reprovision a second network device in accordance with a specific location of the second network device in a predefined area. The first network device may be configured to sense the second device at the specific location in the predefined area, identify reprovisioning parameters associated with the specific location, and provide the reprovisioning parameters to the second network device. In turn, the second network device may be configured to perform one or more roles associated with the specific location in the predefined area based at least in part upon information in the reprovisioning parameters.

公开(公告)号：US20250039040A1

公开(公告)日：2025-01-30

申请号：US18623438

申请日：2024-04-01

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Amine Choukir ,  Salvatore Valenza ,  Vincent Cuissard

IPC: H04L41/0806 ,  H04L41/0853 ,  H04L41/0893

Abstract: A system and a method to dynamically reprovision network devices may include a first network device configured to reprovision a second network device in accordance with a specific location of the second network device in a predefined area. The first network device may be configured to sense the second device at the specific location in the predefined area, identify reprovisioning parameters associated with the specific location, and provide the reprovisioning parameters to the second network device. In turn, the second network device may be configured to perform one or more roles associated with the specific location in the predefined area based at least in part upon information in the reprovisioning parameters.

公开(公告)号：US12192770B2

公开(公告)日：2025-01-07

申请号：US17731689

申请日：2022-04-28

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Roberto Muccifora ,  Amine Choukir ,  Robert Barton ,  Jerome Henry ,  Arun Khanna

IPC: H04W12/122 ,  H04W12/106 ,  H04W12/73

Abstract: A method is provided that is performed in a wireless network to detect a rogue wireless device. The method comprises detecting a suspect wireless device in the wireless network based on messages transmitted by the suspect wireless device using a first Media Access Control (MAC) address that is also used by a valid wireless device in the wireless network. When a suspect wireless device is detected, the method next includes sending to the valid wireless device in the wireless network a request configured to cause the valid wireless device to change its MAC address. After the valid wireless device has changed its MAC address, the method involves observing messages transmitted by the suspect wireless device in the wireless network. The method then includes determining that the suspect wireless device is a rogue device when the suspect wireless device continues to transmit messages using the first MAC address.