公开(公告)号：US11627498B2

公开(公告)日：2023-04-11

申请号：US17148146

申请日：2021-01-13

Applicant: Cisco Technology, Inc.

Inventor： Malcolm M. Smith ,  Jerome Henry ,  Mark Grayson ,  Robert E. Barton ,  Bart A. Brinckman

IPC: H04L9/40 ,  H04W28/24 ,  H04W12/69 ,  H04W8/22 ,  H04W12/06 ,  H04W84/12

Abstract: Embodiments herein describe techniques for dynamically negotiating an SLA between a roaming device and a VN in an identity federation. Instead of an IDP having to individually negotiate with a VN to decide on an SLA before a user device roams to the VN, the parties can dynamically negotiate the SLA after the user device has detected the VN (but before the device is permitted to connect or associate with the VN). In one embodiment, when a roaming user device comes within wireless range of a VN, the roaming device receives an advertisement from the VN that indicates the current SLA (or SLAs) offered by the VN. The roaming device can compare this offered SLA to a stored SLA in an identity profile the device received from the IDP to determine whether to accept the offer. In another embodiment, the SLA is instead negotiated between VN and the IDP.

公开(公告)号：US11558287B2

公开(公告)日：2023-01-17

申请号：US16791507

申请日：2020-02-14

Applicant: Cisco Technology, Inc.

Inventor： Louis Gwyn Samuel ,  Mark Grayson

IPC: H04L45/30 ,  G06Q10/06

Abstract: Techniques are described to provide for the ability to combine policies in a manner that utilized policy purposes to generate a combined policy. In one example, a method includes obtaining, at a network entity of a network, a plurality of policies, wherein each policy is associated with a policy purpose defined by a policy originator; combining the plurality of policies by the network entity to generate a combined policy, wherein the combining is performed based on a ranking of policy purposes; and enforcing the combined policy at one or more policy enforcement entities of the network for one or more packet flows communicated between a client and the network.

公开(公告)号：US11502988B2

公开(公告)日：2022-11-15

申请号：US17248364

申请日：2021-01-21

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Mark Grayson ,  Bart A. Brinckman

IPC: H04L45/74 ,  H04L61/50 ,  H04L101/622

Abstract: A method includes linking, at an access node, a first media control access (MAC) address of a device to an identifier of the device to establish a communication session between the access node and the device and during the communication session, receiving, at the access node, an indication of a change of the first MAC address to a second MAC address. The method also includes linking, at the access node, the second MAC address to the first MAC address and the identifier and receiving, at the access node, a communication from the device using the second MAC address while maintaining the communication session.

公开(公告)号：US11483279B2

公开(公告)日：2022-10-25

申请号：US16850081

申请日：2020-04-16

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Oliver James Bull ,  Louis Gwyn Samuel ,  Srinath Gundavelli

IPC: H04L45/24 ,  H04L47/20 ,  H04L61/4511 ,  G06F9/54 ,  H04L41/0893 ,  H04L69/326

Abstract: Techniques are described to provide multipath mobility via Domain Name System-as-an-Authoritative Source (DNS-AS) techniques. In one example, a method includes obtaining, by a multipath policy decision element, a plurality of multipath policy recommendations for an application, wherein the plurality of multipath policy recommendations are obtained from one or more multipath policy recommendation elements; combining the plurality of multipath policy recommendations to generate a policy enforcement decision, wherein the policy enforcement decision identifies, at least in part, one or more network paths that are to be utilized for one or more packet flows associated with the application, wherein each of the one or more network paths is associated with an access type; and enforcing the policy enforcement decision for one or more packet flows associated with the application.

公开(公告)号：US11438824B2

公开(公告)日：2022-09-06

申请号：US17022744

申请日：2020-09-16

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Jerome Henry ,  Bart A. Brinckman ,  Matthew Stephen MacPherson

IPC: H04W48/02 ,  H04M15/00 ,  H04W24/10 ,  H04W8/18 ,  H04W12/06 ,  H04W4/24 ,  H04W12/082 ,  H04W8/12

Abstract: Presented herein are techniques to facilitate wireless authorization based on in-line assurance and tariffing information. In one example, a method may include obtaining, by a home network, a request to authorize access of a roaming subscriber for a visited network; determining whether the request includes visited network charging information and visited network metric information; based on determining that the request includes the visited network charging information and the visited network metric information, determining whether one or more visited network metrics satisfy one or more threshold metrics for the roaming subscriber; and based on determining that the one or more visited network metrics satisfy the one or more threshold metrics for the roaming subscriber, authorizing access of the roaming subscriber for the visited network.

公开(公告)号：US11258779B2

公开(公告)日：2022-02-22

申请号：US16742576

申请日：2020-01-14

Applicant: Cisco Technology, Inc.

Inventor： Malcolm Muir Smith ,  Bart Brinckman ,  Mark Grayson ,  Jerome Henry ,  Matthew Stephen MacPherson

IPC: H04L29/06 ,  H04W12/06

Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.

公开(公告)号：US11234182B1

公开(公告)日：2022-01-25

申请号：US16928471

申请日：2020-07-14

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Sangram Kishore Lakkaraju ,  Mark Grayson ,  Oliver James Bull ,  Louis Gwyn Samuel

IPC: H04W4/00 ,  H04W40/36 ,  H04W36/08 ,  H04W68/00 ,  H04W72/12 ,  H04W76/12 ,  H04W76/11 ,  H04W60/00

Abstract: Techniques are provided for downlink packet replication to support handovers. In one example, downlink packet replication occurs on a fabric node in an S1AP handover scenario. In another example, downlink packet replication occurs on a source Access Point (AP) using a target AP as a secondary AP in an S1AP handover scenario. In yet another example, downlink packet replication occurs on a source AP using packet encapsulation in an S1AP handover scenario. In still another example, downlink packet replication occurs on a source AP in an X2 handover scenario. Similar techniques are provided for any suitable telecommunications/cellular technology.

公开(公告)号：US20210258245A1

公开(公告)日：2021-08-19

申请号：US16791507

申请日：2020-02-14

Applicant: Cisco Technology, Inc.

Inventor： Louis Gwyn Samuel ,  Mark Grayson

IPC: H04L12/725

Abstract: Techniques are described to provide for the ability to combine policies in a manner that utilized policy purposes to generate a combined policy. In one example, a method includes obtaining, at a network entity of a network, a plurality of policies, wherein each policy is associated with a policy purpose defined by a policy originator; combining the plurality of policies by the network entity to generate a combined policy, wherein the combining is performed based on a ranking of policy purposes; and enforcing the combined policy at one or more policy enforcement entities of the network for one or more packet flows communicated between a client and the network.

公开(公告)号：US20210152513A1

公开(公告)日：2021-05-20

申请号：US16850081

申请日：2020-04-16

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Oliver James Bull ,  Louis Gwyn Samuel ,  Srinath Gundavelli

IPC: H04L29/12 ,  H04L12/707 ,  H04L12/813 ,  H04L12/24 ,  H04L29/08 ,  G06F9/54

Abstract: Techniques are described to provide multipath mobility via Domain Name System-as-an-Authoritative Source (DNS-AS) techniques. In one example, a method includes obtaining, by a multipath policy decision element, a plurality of multipath policy recommendations for an application, wherein the plurality of multipath policy recommendations are obtained from one or more multipath policy recommendation elements; combining the plurality of multipath policy recommendations to generate a policy enforcement decision, wherein the policy enforcement decision identifies, at least in part, one or more network paths that are to be utilized for one or more packet flows associated with the application, wherein each of the one or more network paths is associated with an access type; and enforcing the policy enforcement decision for one or more packet flows associated with the application.

公开(公告)号：US20210092645A1

公开(公告)日：2021-03-25

申请号：US16791494

申请日：2020-02-14

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Louis Gwyn Samuel

IPC: H04W28/18 ,  H04W76/15

Abstract: Techniques are described to provide traffic steering and policy combining in a mobile network. In one example, a method includes combining, by a policy function of a network, a user equipment (UE) access policy comprising UE access rules obtained from a UE with a network-based access policy associated with the network to generate a combined access policy, the combined access policy comprising combined access rules; communicating the combined access rules to the UE via a message, wherein the message comprises an indication that indicates that the UE is not allowed to override the combined access rules with the UE access rules; and communicating the combined access rules to a user plane function handling traffic for the UE.