公开(公告)号：AT513403T

公开(公告)日：2011-07-15

申请号：AT04794759

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： CAM WINGET NANCY ,  ZHOU HAO ,  KRISCHER MARK ,  SALOWEY JOSEPH ,  STIEGLITZ JEREMY ,  GILLAI SAAR ,  JAKKAHALLI PADMANABHA

IPC: H04L29/06

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

公开(公告)号：CA2541817A1

公开(公告)日：2005-05-06

申请号：CA2541817

申请日：2004-09-07

Applicant: CISCO TECH INC

Inventor： CAM WINGET NANCY ,  SAPKOTA BHAWANI

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/28 ,  H04L12/56

Abstract: System architecture and corresponding method for securing the transmission of management frame packets on a network (e.g. IEEE 802.11) is provided. Once a trust relationship is created between a transmitter and a receiver on the network such that the transmitter is authorized to communicate over the network, a key and corresponding message integrity check may be generated in order to sign management frame communications via the network. The message integrity check and a replay protection value may be transmitted with the management frame packet. Upon receipt, the message integrity check and replay protection value are authenticated to verify permitted transmission of the management frame packet.

公开(公告)号：CA2520772C

公开(公告)日：2009-09-08

申请号：CA2520772

申请日：2004-05-27

Applicant: CISCO TECH INC

Inventor： CAM WINGET NANCY

IPC: H04L12/28 ,  H04L12/56 ,  H04L29/06 ,  H04W12/06 ,  H04W36/08 ,  H04W84/12

Abstract: A method and system for pre-authenticating a pre-establishing key management on a roaming device (10) prior to reassociation to facilitate fast hand-off in a wireless network is described. For enhanced mobility, both authentication and key establishment is performed prior to reassociation of the roaming device (10) between access points (12). When the roaming device enters in contact with one of the access points, a local authentication is performed between the access point and the roaming device prior to reassociation with the access point to allow for fast hand-offs of the device between access points within the network.

公开(公告)号：AT381842T

公开(公告)日：2008-01-15

申请号：AT03786656

申请日：2003-11-13

Applicant: CISCO TECH INC

Inventor： MEIER ROBERT ,  REBO RICHARD D ,  GRISWOLD VICTOR J ,  SMTIH DOUGLAS A ,  CAM WINGET NANCY

IPC: H04L29/06 ,  H04L12/28 ,  H04W12/06 ,  H04W36/00

Abstract: A method and system for handling roaming mobile nodes in a wireless network. The system uses a Subnet Context Manager to store current Network session keys, security policy and duration of the session (e.g. session timeout) for mobile nodes, which is established when the mobile node is initially authenticated. Pairwise transit keys are derived from the network session key. The Subnet Context Manager handles subsequent reassociation requests. When a mobile node roams to a new access point, the access point obtains the network session key from the Subnet Context Manager and validates the mobile node by computing a new pairwise transient key from the network session key.

公开(公告)号：CA2542161A1

公开(公告)日：2005-05-06

申请号：CA2542161

申请日：2004-09-16

Applicant: CISCO TECH INC

Inventor： CAM WINGET NANCY ,  SAPKOTA BHAWANI

IPC: H04L29/06

Abstract: A method for transmitting multicast messages where a group key is generated for signing the multicast message transmitted on a network. Next, the system establishes a group key name corresponding to the group key. Once the group key name is established, the data packet is transmitted together with the group key name, the group key and the multicast message. Upon receipt, the recipient validates the group key name in the received data packet by comparing the received group key name to a group key name table in order to determine the intended group recipients.

公开(公告)号：CA2543096C

公开(公告)日：2013-01-08

申请号：CA2543096

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： CAM WINGET NANCY ,  KRISCHER MARK ,  FRENKEL ILAN ,  ZHOU HAO

IPC: H04L9/08 ,  H04L9/00 ,  H04L29/06

Abstract: A method and implementation is disclosed for secure communication between two or more parties. A secure tunnel is established between parties using an encryption algorithm. An authentication process is performed between parties over the secured tunnel. The provisioning of credentials is thereafter performed between parties.

公开(公告)号：CA2585881A1

公开(公告)日：2006-05-11

申请号：CA2585881

申请日：2005-10-11

Applicant: CISCO TECH INC

Inventor： CAM WINGET NANCY ,  SMITH DOUGLAS A ,  NORMAN STUART ,  MEIER ROBERT C

IPC: H04J3/16 ,  H04L12/28 ,  H04L12/66 ,  H04L47/80 ,  H04W4/06 ,  H04W28/02 ,  H04W84/12

Abstract: A method for multicast load balancing in a wireless network having a plurality of access points. The method includes setting a maximum Internet protocol multicast bandwidth for the access points, receiving an admissions control request from a client at one of the access points, and determining whether the admissions control request from the client is for an admitted or unadmitted multicast stream at the access point. The access point is responsive to the admissions control request for the admitted multicast stream by servicing the admitted multicast stream and to the admissions control request for the unadmitted multicast stream by servicing the unadmitted multicast stream where the bandwidth required for the unadmitted multicast stream, plus that portion of the access point bandwidth currently used for all existing downlink multicast streams, does not exceed the maximum internet protocol multicast bandwidth for the access point.

公开(公告)号：CA2543096A1

公开(公告)日：2005-05-26

申请号：CA2543096

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： ZHOU HAO ,  FRENKEL ILAN ,  CAM WINGET NANCY ,  KRISCHER MARK

IPC: H04L9/08 ,  H04L9/00 ,  H04L29/06

Abstract: A method and implementation is disclosed for secure communication between two or more parties. A secure tunnel is established between parties using an encryption algorithm. An authentication process is performed between parties over the secured tunnel. The provisioning of credentials is thereafter performed between parties.

公开(公告)号：CA2585881C

公开(公告)日：2011-05-31

申请号：CA2585881

申请日：2005-10-11

Applicant: CISCO TECH INC

Inventor： MEIER ROBERT C ,  NORMAN STUART ,  SMITH DOUGLAS A ,  CAM WINGET NANCY

IPC: H04W28/08 ,  H04L47/80 ,  H04W4/06 ,  H04W28/02 ,  H04W76/00 ,  H04W84/12

Abstract: A method for multicast load balancing in a wireless network having a plurality of access points. The method includes setting a maximum Internet protocol multicast bandwidth for the access points, receiving an admissions control request from a client at one of the access points, and determining whether the admissions control request from the client is for an admitted or unadmitted multicast stream at the access point. The access point is responsive to the admissions control request for the admitted multicast stream by servicing the admitted multicast stream and to the admissions control request for the unadmitted multicast stream by servicing the unadmitted multicast stream where the bandwidth required for the unadmitted multicast stream, plus that portion of the access point bandwidth currently used for all existing downlink multicast streams, does not exceed the maximum internet protocol multicast bandwidth for the access point.

公开(公告)号：DE60318244T2

公开(公告)日：2008-11-06

申请号：DE60318244

申请日：2003-11-13

Applicant: CISCO TECH INC

Inventor： MEIER ROBERT ,  REBO RICHARD D ,  GRISWOLD VICTOR J ,  SMTIH DOUGLAS A ,  CAM WINGET NANCY

IPC: H04L29/06 ,  H04L12/28 ,  H04W12/06 ,  H04W36/00

Abstract: A method and system for handling roaming mobile nodes in a wireless network. The system uses a Subnet Context Manager to store current Network session keys, security policy and duration of the session (e.g. session timeout) for mobile nodes, which is established when the mobile node is initially authenticated. Pairwise transit keys are derived from the network session key. The Subnet Context Manager handles subsequent reassociation requests. When a mobile node roams to a new access point, the access point obtains the network session key from the Subnet Context Manager and validates the mobile node by computing a new pairwise transient key from the network session key.