公开(公告)号：US20240349046A1

公开(公告)日：2024-10-17

申请号：US18300950

申请日：2023-04-14

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： NILAY SHROFF ,  PIYUSH AGARWAL ,  MOHAN RAM BHADRAVATI RAMAKRISHNA BHAT ,  NARAYANASAMI VIJAYARAGHAVAN ,  SHREEKANTHAYYA HIREMATH

IPC: H04W12/06 ,  H04W12/088

CPC classification number: H04W12/06 ,  H04W12/088

Abstract: Systems and methods are provided for authenticating client devices in microbranch deployment. In response to a client device connecting to a LAN AP, a first client-entry associated with the client device can be created to indicate that the client device is local to the LAN AP. An authentication request can be transmitted to a WAN AP to be forwarded to an authentication server. A second client-entry associated with the client device at the WAN AP can be created based on the authentication request. Upon successful authentication, the second client-entry can be designated as being foreign to the WAN AP based on the first client-entry being local to the LAN AP. Accordingly, data packets from the client device can be analyzed via a first firewall of the LAN AP, while bypassing a second firewall of the WAN AP based on the foreign designation of the second client-entry at the WAN AP.

公开(公告)号：US20230033287A1

公开(公告)日：2023-02-02

申请号：US17387355

申请日：2021-07-28

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： PIYUSH AGARWAL ,  SACHIN GANU ,  MOHAN RAM BHADRAVATI RAMAKRISHNA BHAT

IPC: H04W36/08 ,  H04W12/06 ,  H04W36/30

Abstract: Systems and methods are provided for seamless roaming in a network. First, a client device is authenticated at a first access point of the network. Next, a processor selectively determines, among remaining access points in the network, second access points at which respective precursor keys, such as Pairwise Master Keys R1 (PMK-R1s) are to be computed. The second access points are determined based on any of respective path losses from the first access point to the second access points and respective historical frequencies at which the client device associates at the respective remaining access points. For the second access points, the respective PMK-R1s are computed and transmitted to the second access points to be cached. Next, following a request from the client device to reassociate to a second access point of the second access points, the client device is authenticated at the second access point based on a corresponding PMK-R1.