公开(公告)号：AT513403T

公开(公告)日：2011-07-15

申请号：AT04794759

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： CAM WINGET NANCY ,  ZHOU HAO ,  KRISCHER MARK ,  SALOWEY JOSEPH ,  STIEGLITZ JEREMY ,  GILLAI SAAR ,  JAKKAHALLI PADMANABHA

IPC: H04L29/06

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

公开(公告)号：AU2004297933B2

公开(公告)日：2010-01-07

申请号：AU2004297933

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： KRISCHER MARK ,  JAKKAHALLI PADMANABHA ,  STIEGLITZ JEREMY ,  ZHOU HAO ,  GILLAI SAAR ,  WINGET NANCY CAM ,  SALOWEY JOSEPH

IPC: H04L29/06

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

公开(公告)号：CA2543231A1

公开(公告)日：2005-06-23

申请号：CA2543231

申请日：2004-07-19

Applicant: CISCO TECH INC

Inventor： WEBB MICHAEL J ,  RYAN PHILIP J ,  KRISCHER MARK

IPC: H04L12/28 ,  H04L12/46 ,  H04L12/56 ,  H04L49/9015 ,  H04W12/02

Abstract: A method of wirelessly transmitting or receiving a packet of information, and an apparatus to wirelessly transmit or receive a packet of information. In the case of transmitting, the method includes streaming a data element, including at least some of the contents of the packet, over a network link during transmit time. In the case of receiving, the method includes streaming a data element, including at least some of the contents of the received packet, over a network link during receive time. The transmitting or receiving is by a station (101) of a wireless network and the streaming is to or from the station from or to a network device (329) coupled to the station by the network link.

公开(公告)号：AU2004297923A1

公开(公告)日：2005-06-23

申请号：AU2004297923

申请日：2004-07-19

Applicant: CISCO TECH INC

Inventor： RYAN PHILIP J ,  KRISCHER MARK ,  WEBB MICHAEL J

IPC: H04L12/28 ,  H04L12/56 ,  H04L29/06 ,  H04W12/02 ,  H04W28/14 ,  H04W76/02

Abstract: A method of wirelessly transmitting or receiving a packet of information, and an apparatus to wirelessly transmit or receive a packet of information. In the case of transmitting, the method includes streaming a data element, including at least some of the contents of the packet, over a network link during transmit time, including encrypting the data element during the streaming in real time prior to the transfer over the network link. In the case of receiving, the method includes streaming a data element, including at least some of the contents of the received packet, over a network link during receive time, including decrypting the data element during the streaming in real time after to the transfer over the network link. The transmitting or receiving is by a station of a wireless network and the streaming is to or from the station from or to a network device coupled to the station by the network link.

公开(公告)号：WO2007111721A9

公开(公告)日：2008-10-23

申请号：PCT/US2006061573

申请日：2006-12-04

Applicant: CISCO TECH INC

Inventor： CAM-WINGET NANCY ,  KRISCHER MARK ,  O'HARA ROBERT B JR

IPC: H04L9/00 ,  G06F17/00 ,  H04W12/06 ,  H04W12/10

CPC classification number: H04W12/06 ,  H04L9/32 ,  H04L41/00 ,  H04L63/08 ,  H04L63/101 ,  H04L63/12 ,  H04L63/123 ,  H04L63/20 ,  H04W12/10 ,  H04W12/12 ,  H04W88/08

Abstract: Methods and systems for use in a wireless client (110) that includes one or more wireless network interfaces for communicating with at least one access point (130) wherein the method enables the wireless client (110) to validate the authenticity and integrity of received management frames, The method includes receiving a protected wireless network management frame from an access point (130) verifying a message integrity check (MIC) appended to the protected wireless network management frame. One or more security policies are then conditionally applied based on a failure to verify the MIC.

Abstract translation: 一种在无线客户端（110）中使用的方法和系统，其包括用于与至少一个接入点（130）通信的一个或多个无线网络接口，其中所述方法使无线客户端（110）能够验证所接收的管理的真实性和完整性 该方法包括从验证附加到受保护的无线网络管理帧的消息完整性检查（MIC）的接入点（130）接收受保护的无线网络管理帧。 然后基于验证MIC的故障有条件地应用一个或多个安全策略。

公开(公告)号：WO2006091944A3

公开(公告)日：2008-01-17

申请号：PCT/US2006006923

申请日：2006-02-27

Applicant: CISCO TECH INC ,  WINGET NANCY CAM ,  KRISCHER MARK ,  OLSON TIMOTHY S ,  YANG SHEAUSONG

Inventor： WINGET NANCY CAM ,  KRISCHER MARK ,  OLSON TIMOTHY S ,  YANG SHEAUSONG

IPC: H04M1/66 ,  H04W12/06 ,  H04W12/12 ,  H04W40/24 ,  H04W84/12 ,  H04W84/18

CPC classification number: H04W12/12 ,  H04L63/0492 ,  H04L63/107 ,  H04L63/1408 ,  H04L63/1466 ,  H04W12/06 ,  H04W40/246 ,  H04W84/12 ,  H04W84/18

Abstract: In a wireless local area network, a method for detecting the presence of an unauthorized device comprises: detecting the presence of neighboring devices from which management frames can be sent; saving a representation of each neighboring device present; receiving a management frame purporting to be from one of the detected device; determining that the received management frame was sent by an unauthorized device; and indicating the presence of the unauthorized device.

Abstract translation: 在无线局域网中，用于检测未授权设备的存在的方法包括：检测可以发送管理帧的相邻设备的存在; 保存存在的每个相邻设备的表示; 接收来自检测到的设备之一的管理帧; 确定所接收的管理帧是由未经授权的设备发送的; 并指示未经授权的设备的存在。

公开(公告)号：WO2007111721A2

公开(公告)日：2007-10-04

申请号：PCT/US2006061573

申请日：2006-12-04

Applicant: CISCO TECH INC

Inventor： CAM-WINGET NANCY ,  KRISCHER MARK ,  O'HARA ROBERT B JR

IPC: H04K1/04 ,  H04W12/06 ,  H04W12/10

CPC classification number: H04W12/06 ,  H04L9/32 ,  H04L41/00 ,  H04L63/08 ,  H04L63/101 ,  H04L63/12 ,  H04L63/123 ,  H04L63/20 ,  H04W12/10 ,  H04W12/12 ,  H04W88/08

Abstract: Methods and systems for use in a wireless client that includes one or more wireless network interfaces for communicating with at least one access point wherein the method enables the wireless client to validate the authenticity and integrity of received management frames. The method includes receiving a protected wireless network management frame from an access point verifying a message integrity check (MIC) appended to the protected wireless network management frame. One or more security policies are then conditionally applied based on a failure to verify the MIC.

Abstract translation: 一种用于无线客户端的方法和系统，包括用于与至少一个接入点进行通信的一个或多个无线网络接口，其中所述方法使无线客户端能够验证所接收的管理帧的真实性和完整性。 该方法包括从验证附加到受保护的无线网络管理帧的消息完整性检查（MIC）的接入点接收受保护的无线网络管理帧。 然后基于验证MIC的故障有条件地应用一个或多个安全策略。

公开(公告)号：WO2015021344A3

公开(公告)日：2015-04-09

申请号：PCT/US2014050260

申请日：2014-08-08

Applicant: CISCO TECH INC

Inventor： KRISCHER MARK ,  KOENIG THOMAS ,  CAM-WINGET NANCY

IPC: H04L29/06 ,  H04L29/12 ,  H04W12/12

CPC classification number: H04L43/16 ,  H04L61/2015 ,  H04L63/1458 ,  H04L2463/141 ,  H04N7/18 ,  H04W12/12

Abstract: In an example embodiment, there is described herein a location based detection technique that determines whether multiple requests from different addresses, such as a Layer 2 MAC (Media Access Control) address and/or layer 3 IP (Internet Protocol) address are being sent form a single device. In particular embodiments, if the device sends more than a predefined threshold number of requests, those requests can be ignored and/or denied.

Abstract translation: 在示例实施例中，这里描述了基于位置的检测技术，其确定是否正在从诸如第2层MAC（媒体访问控制）地址和/或第3层IP（因特网协议）地址的不同地址的多个请求形式 单一设备。 在特定实施例中，如果设备发送超过预定义的阈值数量的请求，则可以忽略和/或拒绝那些请求。

公开(公告)号：WO2006073642A3

公开(公告)日：2007-12-06

申请号：PCT/US2005043638

申请日：2005-12-02

Applicant: CISCO TECH INC

Inventor： CAM WINGET NANCY ,  KRISCHER MARK ,  OLSON TIMOTHY ,  SHUEN PAULINE ,  SANZGIRI AJIT ,  YANG SHEAUSONG

IPC: G06F21/20 ,  G06F21/24 ,  H04L12/24 ,  H04L12/28 ,  H04L12/56 ,  H04L29/06

CPC classification number: H04W12/04 ,  H04L41/00 ,  H04L63/062 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L63/126 ,  H04L63/1408 ,  H04W12/10 ,  H04W12/12 ,  H04W84/12 ,  H04W88/08

Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

Abstract translation: 基于检测的无线网络防御。 基础设施的元件，例如接入点或仅扫描接入点，通过检测欺骗性帧（例如从流氓接入点）来检测入侵者。 接入点包括诸如消息完整性检查之类的签名，以及其管理帧的方式使得邻近接入点能够验证管理帧，并且检测被欺骗的帧。 当相邻接入点接收到管理帧时，获取发送帧的接入点的密钥，并使用密钥验证管理帧。

公开(公告)号：IN2862DEN2012A

公开(公告)日：2015-07-24

申请号：IN2862DEN2012

申请日：2012-04-03

Applicant: CISCO TECH INC

Inventor： KRISCHER MARK ,  BURNS JAMES EDWARD ,  CAM-WINGET NANCY ,  TORRES ESTEBAN RAUL

IPC: H04N20060101

Abstract: In an example embodiment described herein is an apparatus comprising a transceiver configured to send and receive data, and logic coupled to the transceiver. The logic is configured to determine from a beacon received by the wireless transceiver whether an associated wireless device sending the beacon supports a protocol for advertising available services from the associated wireless device. The logic is configured to send a request for available services from the associated wireless device via the wireless transceiver responsive to determining the associated wireless device supports the protocol. The logic is configured to receive a response to the request via the wireless transceiver, the response comprising a signature. The logic is configured to validate the response by confirming the signature comprises network data cryptographically bound with service data.