公开(公告)号：US20240195812A1

公开(公告)日：2024-06-13

申请号：US18062967

申请日：2022-12-07

Applicant: Cisco Technology, Inc.

Inventor： Shree Narasimha Murthy ,  Arun G Khanna ,  Sri Gundavelli

IPC: H04L9/40 ,  H04L67/12

CPC classification number: H04L63/104 ,  H04L63/08 ,  H04L67/12

Abstract: Disclosed herein are systems, methods, and computer-readable media for dynamic user device access to a user defined network (UDN) group. A request from a user device to access an end device is received from an application on the user device, where the request includes a credential and the end device is associated with multiple end devices within a private group with access to a set of services. A user device identity of the user device is dynamically added to the private group (e.g., UDN group) based on authenticating the user device based on the credential being associated with the private group. A change of authorization is sent to a controller to include the user device within the private group, and the user device is granted access to the set of services.

公开(公告)号：US20250071831A1

公开(公告)日：2025-02-27

申请号：US18816893

申请日：2024-08-27

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Bart A. Brinckman ,  Shree Narasimha Murthy

IPC: H04W76/11 ,  H04W76/12 ,  H04W76/15 ,  H04W84/12

Abstract: A client device identifier for dual-Wi-Fi connections may be provided. First, it may be determined that a client device has associated over a first link having a first Media Access Control (MAC) address. Next, from the client device over the first link, a first management frame may be received that identifies a MAC address of a second link associated with the client device. Then, based on information in the first management frame, it may be determined that the first link and the second link are associated with the client device.

公开(公告)号：US20250080474A1

公开(公告)日：2025-03-06

申请号：US18241079

申请日：2023-08-31

Applicant: Cisco Technology, Inc.

Inventor： Shree Narasimha Murthy ,  Sanjay Kumar Hooda ,  Sonal Prem Kumar Chhabria

IPC: H04L47/74 ,  H04L41/0604 ,  H04L47/80

Abstract: Techniques that include a network that is configured in the first mode of a reactive mode to respond to a client attempting to access an endpoint of the network by providing information to be sent to a map server and by checking whether at least an IP address associated with the client corresponds to a registration produced for the client by a wireless controller. Further, the network is configured in a second mode of a proactive mode to determine based on a count maintained by a wireless controller of a number of client IP addresses whether to allow access or not to allow access to one or more clients to the network.

公开(公告)号：US20240396945A1

公开(公告)日：2024-11-28

申请号：US18791151

申请日：2024-07-31

Applicant: Cisco Technology, Inc.

Inventor： Shree Narasimha Murthy ,  Sanjay Kumar Hooda ,  Prakash C. Jain ,  Roberto Mitsuo Kobo ,  Rajagopal Venkatraman

IPC: H04L9/40 ,  G06F9/455 ,  H04L61/5007 ,  H04L61/5014

Abstract: Techniques for analyzing traffic originating from a host device in a wireless network to identify one or more virtual machines (VMs) running on the host device and connected to the network via the host device in bridge mode. When a VM is created in bridge mode behind a host device, the traffic originated by the VM will have the source Media Access Layer (MAC) address of the host device. According to techniques described herein, devices and/or components associated with the network may profile the traffic to identify an address of the VM, such as by analyzing dynamic host configuration protocol (DHCP) packets to determine the Internet Protocol (IP) address of the VM. Once the IP address and the MAC address of the VM is known, the components and/or devices may apply security policies to the VM that may be different than security policies applied to the host device.

公开(公告)号：US20240380576A1

公开(公告)日：2024-11-14

申请号：US18453744

申请日：2023-08-22

Applicant: Cisco Technology, Inc.

Inventor： Stephen M Orr ,  Shree Narasimha Murthy

IPC: H04L9/08 ,  H04L9/40

Abstract: A system and method are provided for generating group encryption keys for a global group and a private group to encrypt wireless messages between an access point and a station. The private group key is based on a unique private group identifier. The global group key and the private group key are sent from the access point to one or more stations via an M3 message as part of a 4-way handshake or as part of a 2-way group key handshake. The global group key is used for encrypted broadcast or multicast messages with an entire group, whereas the private group key is used for encrypted broadcast or multicast messages with a private group that is a subset of the entire group.