公开(公告)号：US20230114234A1

公开(公告)日：2023-04-13

申请号：US18066193

申请日：2022-12-14

Applicant: Cisco Technology, Inc.

Inventor： Jerome HENRY ,  Robert E. BARTON ,  Nagendra Kumar NAINAR ,  Carlos M. PIGNATARO ,  Bart A. BRINCKMAN

IPC: H04B17/309 ,  H04W76/15 ,  H04W24/10 ,  H04W24/08

Abstract: Techniques and apparatus for determining quality of experience (QoE) for wireless communications are described. One technique involves transmitting a QoE support message to an access point (AP) within an access network. The QoE support message queries whether the AP supports providing key performance indicators (KPI(s)) indicative of QoE provided by the access network. An indication of whether the AP supports providing the KPI(s) is received in response to the QoE support message. The KPI(s) are received when the AP supports providing the KPI(s). A determination is made whether to communicate with the AP based at least in part on the KPI(s). Communications are then performed in accordance with the determination.

公开(公告)号：US20220385661A1

公开(公告)日：2022-12-01

申请号：US17332589

申请日：2021-05-27

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. PIGNATARO ,  Nagendra Kumar NAINAR ,  Jerome HENRY ,  Robert E. BARTON ,  Bart A. BRINCKMAN

IPC: H04L29/06 ,  H04L9/32

Abstract: Embodiments herein describe disconnecting, by an access node, a first device having a first media access control (MAC) address due to a network violation and receiving, by the access node, information about a second device having a second MAC address different from the first MAC address. In one embodiment, the information is generated by a certificate server based on a token generated by the second device. Further, when the access node determines, based on the information, that the second device is the first device, the access node denies a connection request from the second device.

公开(公告)号：US20210399991A1

公开(公告)日：2021-12-23

申请号：US17334335

申请日：2021-05-28

Applicant: Cisco Technology, Inc.

Inventor： Hendrikus G.P. BOSCH ,  Jeffrey NAPPER ,  Alessandro DUMINUCO ,  Humberto J. LA ROCHE ,  Sape Jurriën MULLENDER ,  Surendra M. KUMAR ,  Louis Gwyn SAMUEL ,  Bart A. BRINCKMAN ,  Aeneas Sean DODD-NOBLE ,  Luca MARTINI

IPC: H04L12/825 ,  H04L12/801 ,  H04L12/715

Abstract: An example method is provided in one example embodiment and may include receiving traffic associated with at least one of a mobile network and a Gi-Local Area Network (Gi-LAN), wherein the traffic comprises one or more packets; determining a classification of the traffic to a service chain, wherein the service chain comprises one or more service functions associated at least one of one or more mobile network services and one or more Gi-LAN services; routing the traffic through the service chain; and routing the traffic to a network using one of a plurality of egress interfaces, wherein each egress interface of the plurality of egress interfaces is associated with at least one of the one or more mobile network services and the one or more Gi-LAN services.

公开(公告)号：US20240171616A1

公开(公告)日：2024-05-23

申请号：US18422994

申请日：2024-01-25

Applicant: Cisco Technology, Inc.

Inventor： Jerome HENRY ,  Robert E. BARTON ,  Carlos M. PIGNATARO ,  Nagendra Kumar NAINAR ,  Malcolm M. SMITH ,  Mark GRAYSON ,  Bart A. BRINCKMAN

IPC: H04L9/40 ,  H04W12/06

CPC classification number: H04L63/205 ,  H04L63/0236 ,  H04L63/105 ,  H04W12/06

Abstract: Differentiated service in a federation-based access network is provided by receiving a set of credentials from a User Equipment (UE) for a wireless network offering a plurality of service levels. In response to determining that the set of credentials indicate a realm associated with a given service level, network access is provided to the UE according to the given service level. In response to determining that the given service level is not a highest service level in the wireless network, a list of one or more preferred realms is transmitted to the UE, where each realm of the list of one or more preferred realms is associated with one or more higher service levels than the given service level.

公开(公告)号：US20230300680A1

公开(公告)日：2023-09-21

申请号：US18187549

申请日：2023-03-21

Applicant: Cisco Technology, Inc.

Inventor： Malcolm M. SMITH ,  Jerome HENRY ,  Mark GRAYSON ,  Robert E. BARTON ,  Bart A. BRINCKMAN

IPC: H04W28/24 ,  H04W12/69 ,  H04W8/22 ,  H04W12/06

CPC classification number: H04W28/24 ,  H04W12/69 ,  H04W8/22 ,  H04W12/06 ,  H04W84/12

Abstract: Techniques for dynamically negotiating a service legal agreement (SLA) between a roaming device and a visited network (VN) in an identity federation. An identity profile provided to a user device by an identity provider (IDP) is accessed by the user device. The identity profile includes a first SLA criteria. An advertisement from the VN indicating one or more SLAs supported by the VN is received at the user device. The advertisement is received before the user device has associated with the VN. The IDP and the VN are part of a same identity federation. It is determined that the SLA supported by the VN satisfies the first SLA criteria. Upon that determination, an acceptance is transmitted by the user device to the VN, and the user device is associated with the VN.

公开(公告)号：US20230007050A1

公开(公告)日：2023-01-05

申请号：US17305235

申请日：2021-07-01

Applicant: Cisco Technology, Inc.

Inventor： Jerome HENRY ,  Robert E. BARTON ,  Carlos M. PIGNATARO ,  Nagendra Kumar NAINAR ,  Malcolm M. SMITH ,  Mark GRAYSON ,  Bart A. BRINCKMAN

IPC: H04L29/06 ,  H04W12/06

Abstract: Differentiated service in a federation-based access network is provided by receiving, with a request for access to a wireless network offering at least a two different service levels based on user identities, a set of user credentials from a User Equipment (UE); forwarding, for authentication, the set of user credentials to an identity provider in an identity federation with the wireless network, wherein the identity provider is independent from the wireless network; in response to determining that the set of user credentials indicate a realm known to be associated with a given service level, providing network access to the UE according to the given service level; and in response to determining that the given service level is not a highest service level in the wireless network, transmitting a list of preferred realms to the UE that are associated with higher service levels than the given service level.

公开(公告)号：US20220337629A1

公开(公告)日：2022-10-20

申请号：US17301928

申请日：2021-04-19

Applicant: Cisco Technology, Inc.

Inventor： Robert E. BARTON ,  Bart A. BRINCKMAN ,  Jerome HENRY ,  Carlos M. PIGNATARO ,  Nagendra Kumar NAINAR ,  Matthew MACPHERSON

IPC: H04L29/06

Abstract: A method includes receiving, at an access node of a local network, a connection request from a device and in response to the connection request, establishing a connection with an identity provider. The device, the access node, the local network, and the identity provider are members of an identity federation. The method further includes receiving an indication that the device previously violated a network policy of a network different from the local network and after the device is authenticated with the identity provider, determining, by the access node and based on the indication, whether to allow the device to communicate over the access node.

公开(公告)号：US20240250946A1

公开(公告)日：2024-07-25

申请号：US18623817

申请日：2024-04-01

Applicant: Cisco Technology, Inc.

Inventor： Carlos M. PIGNATARO ,  Nagendra Kumar NAINAR ,  Jerome HENRY ,  Robert E. BARTON ,  Bart A. BRINCKMAN

IPC: H04L9/40 ,  H04L9/32

CPC classification number: H04L63/10 ,  H04L9/3236 ,  H04L9/3263 ,  H04L63/0876

Abstract: Embodiments herein describe disconnecting, by an access node, a first device having a first media access control (MAC) address due to a network violation and receiving, by the access node, information about a second device having a second MAC address different from the first MAC address. In one embodiment, the information is generated by a certificate server based on a token generated by the second device. Further, when the access node determines, based on the information, that the second device is the first device, the access node denies a connection request from the second device.

公开(公告)号：US20230247427A1

公开(公告)日：2023-08-03

申请号：US18297136

申请日：2023-04-07

Applicant: Cisco Technology, Inc.

Inventor： Jerome HENRY ,  Robert E. BARTON ,  Bart A. BRINCKMAN

IPC: H04W12/08 ,  H04W12/06 ,  H04W36/00 ,  H04W60/06 ,  H04W76/11 ,  H04W12/0431

CPC classification number: H04W12/08 ,  H04W12/06 ,  H04W36/0022 ,  H04W60/06 ,  H04W76/11 ,  H04W12/0431

Abstract: Techniques for trusted roaming between identity federation based networks. A first wireless access point (AP) receives a roaming request from a wireless station (STA), to roam from the first AP to a second AP. The first AP is associated with a first access network provider (ANP), the second AP is associated with a second ANP, and the first ANP is different from the second ANP. Authentication information relating to the STA is transmitted from the first ANP to the second ANP using a trusted connection. The trusted connection was previously established between the first ANP and the second ANP based on a query to an identity federation to which both the first and second ANP belong. The STA is de-associated from the first AP. The STA is re-associated at the second AP using the transmitted authentication information.

公开(公告)号：US20230021627A1

公开(公告)日：2023-01-26

申请号：US17443287

申请日：2021-07-23

Applicant: Cisco Technology, Inc.

Inventor： Jerome HENRY ,  Louis G. SAMUEL ,  Mark GRAYSON ,  Bart A. BRINCKMAN ,  Robert E. BARTON ,  Carlos M. PIGNATARO ,  Nagendra Kumar NAINAR ,  Matthew MACPHERSON

IPC: H04W12/08 ,  H04W12/69 ,  H04W12/06 ,  H04L29/06

Abstract: Federation policy exchange is provided in response to receiving a sharing query from an Access Point (AP) indicating that an associated wireless network supports federated identities with data sharing, determining whether the sharing query is within sharing preferences; and in response to determining that the sharing query is within the sharing preferences, transmitting, to the AP, a positive response for identity sharing that authorizes collection and sharing of identity data with at least one entity identified in a sharing policy for the associated wireless network. In various embodiments, federation policy exchange includes transmitting a support notification, via an AP, indicating support for federated identities with data sharing within a wireless network associated with the AP; and in response to receiving a first identify sharing preference from a User Equipment (UE) that indicates that negotiation is preferred, transmitting a sharing policy for the wireless network to the UE.