公开(公告)号：US20210204125A1

公开(公告)日：2021-07-01

申请号：US17203898

申请日：2021-03-17

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain

IPC: H04W12/06 ,  H04W12/106 ,  H04W12/0431

Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.

公开(公告)号：US20200162915A1

公开(公告)日：2020-05-21

申请号：US16194550

申请日：2018-11-19

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Sudhir Kumar Jain ,  Mansi Jain

IPC: H04W12/06 ,  H04W12/04 ,  H04L29/06 ,  H04L9/08

Abstract: A wireless network environment includes a plurality of access points, a wireless local area network (WLAN) controller, and a plurality of client devices. The client devices attempt to authenticate with the WLAN controller to gain access to wireless services provided by the WLAN controller and/or the access points. To authenticate with the WLAN controller, the WLAN controller obtains a request to establish a wireless network connection from one or more of the client devices. The WLAN controller then provides a response to the request. The response indicates whether the WLAN controller supports performing password-mapped simultaneous authentication of equals (SAE). The WLAN controller then obtains a message including a password-mapped identifier from the client device. The WLAN controller then establishes a connection with the client device based on the password obtained with password-mapped identifier mapping at WLC.

公开(公告)号：US20200162907A1

公开(公告)日：2020-05-21

申请号：US16192590

申请日：2018-11-15

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain

IPC: H04W12/06 ,  H04W12/10 ,  H04W12/04

Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.

公开(公告)号：US10567245B1

公开(公告)日：2020-02-18

申请号：US16288578

申请日：2019-02-28

Applicant: Cisco Technology, Inc.

Inventor： Santosh Ramrao Patil ,  Abhishek Dhammawat ,  Gary Boon

IPC: H04L12/26 ,  H04L12/24 ,  H04W72/04 ,  H04L29/08

Abstract: Techniques that provide proactive and intelligent packet capturing are described herein. In one embodiment, a method includes storing information associated with a plurality of user equipment (UE) sessions of a plurality of UEs within a mobile network; detecting an anomaly associated with at least one UE session of at least one UE based, at least in part, on the information stored for the at least one UE session; and activating a trace for the at least one UE session based, at least in part, on detecting the anomaly associated with the at least one UE session, wherein activating the trace comprises capturing packet information for a data packet flow associated with the at least one UE session at one or more data-path network elements of a plurality of data-path network elements within the mobile network.

公开(公告)号：US20160127415A1

公开(公告)日：2016-05-05

申请号：US14534385

申请日：2014-11-06

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Abhishek Dhammawat

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/061 ,  H04L63/0892 ,  H04W12/04 ,  H04W12/06 ,  H04W12/10

Abstract: An example method is provided and may include receiving a DIAMETER-based error over an SWm interface by a first evolved packet data gateway (ePDG) for a user equipment (UE) attempting to connect to the first ePDG; determining an Internet Key Exchange version two (IKEv2) error type corresponding to the DIAMETER-based error; and communicating the IKEv2 error type to the UE over an SWu interface. In some cases, the IKEv2 error type can be included in a notify payload or in a vendor ID payload for an IKE authentication response (IKE_AUTH_RESP) message. By distinguishing the IKEv2 error type, the UE can determine whether the error is a temporary or a permanent type and can determine whether to attempt to connect again to the first ePDG after a period of time or attempt to connect to another ePDG, which can help to reduce unnecessary signaling and provide better connectivity and user experience.