公开(公告)号：CA2548229A1

公开(公告)日：2005-07-28

申请号：CA2548229

申请日：2005-01-10

Applicant: CISCO TECH INC

Inventor： SALOWEY JOSEPH ,  MCGREW DAVID A ,  ZHOU HAO ,  CAM-WINGET NANCY ,  JAKKAHALLI PADMANABHA C

IPC: H04L9/14 ,  G06F15/16 ,  H04L9/00 ,  H04L29/06 ,  H04L29/08

Abstract: A method is disclosed for enabling stateless server-based pre-shared secrets . Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that store d the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state informatio n that the client stored. The server decrypts the client state information usi ng the local key. Because each client stores that client's own state informatio n in encrypted form, the server does not need to store any client's state information permanently.

公开(公告)号：IN2862DEN2012A

公开(公告)日：2015-07-24

申请号：IN2862DEN2012

申请日：2012-04-03

Applicant: CISCO TECH INC

Inventor： KRISCHER MARK ,  BURNS JAMES EDWARD ,  CAM-WINGET NANCY ,  TORRES ESTEBAN RAUL

IPC: H04N20060101

Abstract: In an example embodiment described herein is an apparatus comprising a transceiver configured to send and receive data, and logic coupled to the transceiver. The logic is configured to determine from a beacon received by the wireless transceiver whether an associated wireless device sending the beacon supports a protocol for advertising available services from the associated wireless device. The logic is configured to send a request for available services from the associated wireless device via the wireless transceiver responsive to determining the associated wireless device supports the protocol. The logic is configured to receive a response to the request via the wireless transceiver, the response comprising a signature. The logic is configured to validate the response by confirming the signature comprises network data cryptographically bound with service data.

公开(公告)号：AT532356T

公开(公告)日：2011-11-15

申请号：AT08729507

申请日：2008-02-11

Applicant: CISCO TECH INC

Inventor： CAM-WINGET NANCY ,  THOMSON ALLAN

IPC: H04W8/24 ,  H04W88/06

公开(公告)号：CA2548229C

公开(公告)日：2010-05-11

申请号：CA2548229

申请日：2005-01-10

Applicant: CISCO TECH INC

Inventor： CAM-WINGET NANCY ,  ZHOU HAO ,  JAKKAHALLI PADMANABHA C ,  SALOWEY JOSEPH ,  MCGREW DAVID A

IPC: H04L9/14 ,  G06F15/16 ,  H04L9/00 ,  H04L29/06 ,  H04L29/08

Abstract: A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.

公开(公告)号：AU2005204576B2

公开(公告)日：2009-03-19

申请号：AU2005204576

申请日：2005-01-10

Applicant: CISCO TECH INC

Inventor： ZHOU HAO ,  MCGREW DAVID A ,  SALOWEY JOSEPH ,  CAM-WINGET NANCY ,  JAKKAHALLI PADMANABHA C

IPC: H04L9/00 ,  G06F15/16 ,  H04L29/06 ,  H04L29/08

Abstract: A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.

公开(公告)号：WO2015021344A3

公开(公告)日：2015-04-09

申请号：PCT/US2014050260

申请日：2014-08-08

Applicant: CISCO TECH INC

Inventor： KRISCHER MARK ,  KOENIG THOMAS ,  CAM-WINGET NANCY

IPC: H04L29/06 ,  H04L29/12 ,  H04W12/12

CPC classification number: H04L43/16 ,  H04L61/2015 ,  H04L63/1458 ,  H04L2463/141 ,  H04N7/18 ,  H04W12/12

Abstract: In an example embodiment, there is described herein a location based detection technique that determines whether multiple requests from different addresses, such as a Layer 2 MAC (Media Access Control) address and/or layer 3 IP (Internet Protocol) address are being sent form a single device. In particular embodiments, if the device sends more than a predefined threshold number of requests, those requests can be ignored and/or denied.

Abstract translation: 在示例实施例中，这里描述了基于位置的检测技术，其确定是否正在从诸如第2层MAC（媒体访问控制）地址和/或第3层IP（因特网协议）地址的不同地址的多个请求形式 单一设备。 在特定实施例中，如果设备发送超过预定义的阈值数量的请求，则可以忽略和/或拒绝那些请求。

公开(公告)号：WO2007103622A3

公开(公告)日：2008-03-20

申请号：PCT/US2007062278

申请日：2007-02-16

Applicant: CISCO TECH INC

Inventor： CAM-WINGET NANCY ,  ZHOU HAO ,  SAPKOTA BHAWANI

IPC: G06F7/04

CPC classification number: H04L63/102 ,  H04L9/0844 ,  H04L41/0813 ,  H04L41/0886 ,  H04L2209/80 ,  H04W12/04 ,  H04W12/06 ,  H04W12/08 ,  H04W84/12 ,  Y04S40/162

Abstract: A system and method to enable an access point to dynamically provision a WLAN client with a new wireless profile once an association is established based on the infrastructure policy. A client can be directed to use a new profile without the need for pre-configuration and going through another authentication process. The new wireless profile can be provided to the client either during or after association, with or without the protection of link layer security key.

Abstract translation: 一种基于基础设施策略建立关联后，使接入点能够动态地向WLAN客户端提供新的无线简档的系统和方法。 可以指导客户端使用新的配置文件，而不需要进行预配置并进行其他身份验证过程。 可以在关联期间或之后向客户端提供新的无线简档，具有或不具有链路层安全密钥的保护。

公开(公告)号：WO2007111721A9

公开(公告)日：2008-10-23

申请号：PCT/US2006061573

申请日：2006-12-04

Applicant: CISCO TECH INC

Inventor： CAM-WINGET NANCY ,  KRISCHER MARK ,  O'HARA ROBERT B JR

IPC: H04L9/00 ,  G06F17/00 ,  H04W12/06 ,  H04W12/10

CPC classification number: H04W12/06 ,  H04L9/32 ,  H04L41/00 ,  H04L63/08 ,  H04L63/101 ,  H04L63/12 ,  H04L63/123 ,  H04L63/20 ,  H04W12/10 ,  H04W12/12 ,  H04W88/08

Abstract: Methods and systems for use in a wireless client (110) that includes one or more wireless network interfaces for communicating with at least one access point (130) wherein the method enables the wireless client (110) to validate the authenticity and integrity of received management frames, The method includes receiving a protected wireless network management frame from an access point (130) verifying a message integrity check (MIC) appended to the protected wireless network management frame. One or more security policies are then conditionally applied based on a failure to verify the MIC.

Abstract translation: 一种在无线客户端（110）中使用的方法和系统，其包括用于与至少一个接入点（130）通信的一个或多个无线网络接口，其中所述方法使无线客户端（110）能够验证所接收的管理的真实性和完整性 该方法包括从验证附加到受保护的无线网络管理帧的消息完整性检查（MIC）的接入点（130）接收受保护的无线网络管理帧。 然后基于验证MIC的故障有条件地应用一个或多个安全策略。

公开(公告)号：WO2007056646A3

公开(公告)日：2008-03-06

申请号：PCT/US2006060438

申请日：2006-11-01

Applicant: CISCO TECH INC

Inventor： CALHOUN PATRICE R ,  CAM-WINGET NANCY ,  OHARA ROBERT B JR

IPC: H04W28/26 ,  H04W72/04 ,  H04W84/12

CPC classification number: H04W28/26 ,  H04W72/0406 ,  H04W84/12

Abstract: Methods, apparatuses, and systems directed to facilitating the application of pre-allocation policies in a wireless network environment. According: to one implementation of the present invention, a central controller, or other control point in a wireless network infrastructure, applies one or more policies that limit the number of resource pre-allocations a given wireless client may establish with one or more wireless accesses points. In one implementation, the central controller provides a pre-allocation list to a wireless client that is requesting pre-allocation By limiting a wireless client's ability to pre-allocate resources, the central, controller optimally manages the resources of the wireless network. In alternative embodiments, the central controller can terminate pre-allocations between a wireless client and one or more wireless access points to enforce pre-allocation policy on the. wireless network infrastructure.

Abstract translation: 旨在促进在无线网络环境中应用预分配策略的方法，设备和系统。 根据本发明的一个实施方式，无线网络基础设施中的中央控制器或其他控制点应用一个或多个限制给定无线客户端可以用一个或多个无线接入建立的资源预分配数量的策略 点。 在一个实现中，中央控制器向正在请求预分配的无线客户端提供预分配列表。通过限制无线客户端预先分配资源的能力，中央控制器优化地管理无线网络的资源。 在替代实施例中，中央控制器可以终止无线客户端与一个或多个无线接入点之间的预先分配，以便在该无线接入点上执行预分配策略。 无线网络基础设施。

公开(公告)号：WO2008016800A3

公开(公告)日：2008-09-25

申请号：PCT/US2007074130

申请日：2007-07-23

Applicant: CISCO TECH INC

Inventor： CAM-WINGET NANCY ,  ZHOU HAO ,  O'HARA JR ROBERT B ,  CALHOUN PATRICE R ,  STIEGLITZ JEREMY

IPC: H04L9/00

CPC classification number: H04W12/06 ,  H04L63/162 ,  H04L63/20 ,  H04L63/205

Abstract: In one embodiment, a method for facilitating authentication and ease the configuration of authentication includes receiving a credential type selection and selecting one or more authentication types based on the credential type selection and one or more policies set by the administrators. The policies can be pre- configured or dynamically pushed or fetched and updated to the client.

Abstract translation: 在一个实施例中，用于促进认证和简化认证配置的方法包括接收凭证类型选择，并且基于凭证类型选择和由管理员设置的一个或多个策略来选择一个或多个认证类型。 可以将策略预配置或动态推送或提取并更新到客户端。