公开(公告)号：US20230353534A1

公开(公告)日：2023-11-02

申请号：US17731652

申请日：2022-04-28

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Stephen Michael Orr

IPC: H04L61/5076 ,  H04L61/5007 ,  H04L61/5061

CPC classification number: H04L61/5076 ,  H04L61/5007 ,  H04L61/5061

Abstract: A method is provided that is performed for a wireless network that includes one or more wireless client devices that may rotate their media access control (MAC) address used for wireless communication with one or more wireless access point devices in the wireless network. The method includes determining an impact of MAC address rotation by the one or more wireless client devices on operational resources of one or more networking devices or networking processes in a network infrastructure associated with the wireless network. The method further includes scheduling MAC address rotation by the one or more wireless client devices according to the impact on operational resources of the one or more networking devices or networking processes in the network infrastructure.

公开(公告)号：US11540116B2

公开(公告)日：2022-12-27

申请号：US17329819

申请日：2021-05-25

Applicant: Cisco Technology, Inc.

Inventor： Robert E. Barton ,  Jerome Henry ,  Stephen Michael Orr

IPC: H04W8/28 ,  H04L12/46 ,  H04W68/00

Abstract: A network controller provides proactive notification of a wireless client device's address rotation to layer 2 (L2) and/or layer 3 (L3) devices. Traditional methods of device address discovery rely on broadcasting of address queries across a plurality of links until a path to a device having the queried address responds. As device address changes become more frequent in an effort to improve user privacy, traditional methods of address discovery impose a large burden on networks, reducing their performance and efficiency. By proactively propagating address changes to upstream devices, the need for broadcast oriented address discovery techniques is reduced, resulting in improved network performance.

公开(公告)号：US20220386117A1

公开(公告)日：2022-12-01

申请号：US17333463

申请日：2021-05-28

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Stephen Michael Orr ,  Robert E. Barton

IPC: H04W12/0431 ,  H04W12/73 ,  H04W12/03 ,  H04W12/06

Abstract: Rotation of a wireless client device address is based on an encryption key and a nonce value. Key information and nonce value information are shared between a wireless client device and a network infrastructure component over a secure communication channel. The wireless client device encrypts the nonce value using the key information and encodes the encrypted value as a device address. The wireless client device then identifies itself via a source address value in a message transmitted over a wireless network. Upon receiving the message, the network infrastructure component decrypts information derived from the source address value and compares the resulting data to the nonce value. If a match is identified, the network infrastructure identifies the wireless client device as a source of the message. In some embodiments, the nonce value is updated with each rotation to provide for improved entropy of generated device addresses.

公开(公告)号：US20220377554A1

公开(公告)日：2022-11-24

申请号：US17556568

申请日：2021-12-20

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Stephen Michael Orr

IPC: H04W12/08 ,  H04W48/16 ,  H04W76/10 ,  H04W12/03

Abstract: Techniques are provided for verifying Access Points (APs) using crowd sourcing. In one example, a STA establishes a first non-verified connection, based on security material, with a source AP in a wireless infrastructure. A target AP in a wireless infrastructure obtains an indication that the STA is attempting to establish a second non-verified connection with the target AP. In response, the target AP establishes the second non-verified connection based on the security material.

公开(公告)号：US12284520B2

公开(公告)日：2025-04-22

申请号：US17556568

申请日：2021-12-20

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Stephen Michael Orr

IPC: H04W12/08 ,  H04W12/03 ,  H04W12/121 ,  H04W48/16 ,  H04W76/10

Abstract: Techniques are provided for verifying Access Points (APs) using crowd sourcing. In one example, a STA establishes a first non-verified connection, based on security material, with a source AP in a wireless infrastructure. A target AP in a wireless infrastructure obtains an indication that the STA is attempting to establish a second non-verified connection with the target AP. In response, the target AP establishes the second non-verified connection based on the security material.

公开(公告)号：US12250538B2

公开(公告)日：2025-03-11

申请号：US18519285

申请日：2023-11-27

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Stephen Michael Orr ,  Robert E. Barton

IPC: H04W12/0431 ,  H04W12/03 ,  H04W12/06 ,  H04W12/73

Abstract: Rotation of a wireless client device address is based on an encryption key and a nonce value. Key information and nonce value information are shared between a wireless client device and a network infrastructure component over a secure communication channel. The wireless client device encrypts the nonce value using the key information and encodes the encrypted value as a device address. The wireless client device then identifies itself via a source address value in a message transmitted over a wireless network. Upon receiving the message, the network infrastructure component decrypts information derived from the source address value and compares the resulting data to the nonce value. If a match is identified, the network infrastructure identifies the wireless client device as a source of the message. In some embodiments, the nonce value is updated with each rotation to provide for improved entropy of generated device addresses.

公开(公告)号：US20240388565A1

公开(公告)日：2024-11-21

申请号：US18785258

申请日：2024-07-26

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Stephen Michael Orr

IPC: H04L61/5038 ,  H04L101/622 ,  H04W84/12

Abstract: Techniques herein facilitate a device address rotation management protocol that may be implemented for a wireless local area network (WLAN), which can be used to influence when wireless client devices or stations may rotate their Media Access Control (MAC) addresses, how to perform such rotations, and/or the like. In one example, a method may include providing, by an access point (AP), a first communication indicating that the AP supports a MAC address rotation management protocol; obtaining, by the AP, a second communication from a wireless station (STA) indicating that the STA intends to perform a MAC address rotation; and transmitting, by the AP, a third communication to influence the MAC address rotation of the STA, the third communication comprising a rotation status indicator and timing information.

公开(公告)号：US20240163089A1

公开(公告)日：2024-05-16

申请号：US17984617

申请日：2022-11-10

Applicant: Cisco Technology, Inc.

Inventor： Ugo Mario Campiglio ,  Jerome Henry ,  Stephen Michael Orr

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0866 ,  H04L9/0838 ,  H04L9/3242

Abstract: Methods that support deterministic random media access control (MAC) address rotation that allows sharing of an address identity with a trusted wireless network infrastructure by generating a next address based on a previously used address and a seed obtained from a previous association with the trusted network infrastructure. In these methods, a computing device obtains a request for a secure connection of an endpoint device to a wireless network. The computing device performs an access authentication for the secure connection and establishes the secure connection of the endpoint device to the wireless network based on successfully performing the access authentication, in which cryptographic information for encrypting one or more network messages is generated. The computing device further generates a subsequent device address for a subsequent secure connection of the endpoint device to the wireless network, based on a current device address obtained from the request and the cryptographic information.

公开(公告)号：US11962567B2

公开(公告)日：2024-04-16

申请号：US17536628

申请日：2021-11-29

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Stephen Michael Orr

IPC: H04L61/5014 ,  H04L101/622

CPC classification number: H04L61/5014 ,  H04L2101/622

Abstract: A method comprises, at a wireless network controller of wireless access points through which wireless client devices that are wireless communicate with the controller: upon receiving, from a wireless client device, a dynamic host configuration protocol (DHCP) request having a media access control (MAC) address, determining whether the wireless client device rotated its MAC address from a previous MAC address to the MAC address; when the wireless client device rotated its MAC address, forwarding, to a DHCP service, the DHCP request with a notification of a MAC address rotation to cause the DHCP service to reassign a previously assigned Internet Protocol (IP) address to the wireless client device; and upon receiving, from the DHCP service, a DHCP offer asserting the previously assigned IP address, forwarding the DHCP offer to the wireless client device.

公开(公告)号：US20240080297A1

公开(公告)日：2024-03-07

申请号：US18507349

申请日：2023-11-13

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Stephen Michael Orr

IPC: H04L61/5076 ,  H04L61/5007 ,  H04L61/5061

CPC classification number: H04L61/5076 ,  H04L61/5007 ,  H04L61/5061

Abstract: A method is provided that is performed for a wireless network that includes one or more wireless client devices that may rotate their media access control (MAC) address used for wireless communication with one or more wireless access point devices in the wireless network. The method includes determining an impact of MAC address rotation by the one or more wireless client devices on operational resources of one or more networking devices or networking processes in a network infrastructure associated with the wireless network. The method further includes scheduling MAC address rotation by the one or more wireless client devices according to the impact on operational resources of the one or more networking devices or networking processes in the network infrastructure.