公开(公告)号：AU2004231612C1

公开(公告)日：2010-05-20

申请号：AU2004231612

申请日：2004-04-16

Applicant: CISCO TECH INC

Inventor： REBO RICHARD D ,  WINGET NANCY CAM ,  GRISWOLD VICTOR J ,  MEIER ROBERT ,  SMITH DOUGLAS

IPC: H04L29/06 ,  H04L12/28 ,  H04W12/06 ,  H04W36/00

Abstract: A method and system for handling roaming mobile nodes in a wireless network. The system uses a Subnet Context Manager to store current Network session keys, security policy and duration of the session (e.g. session timeout) for mobile nodes, which is established when the mobile node is initially authenticated. Pairwise transit keys are derived from the network session key. The Subnet Context Manager handles subsequent reassociation requests. When a mobile node roams to a new access point, the access point obtains the network session key from the Subnet Context Manager and validates the mobile node by computing a new pairwise transient key from the network session key.

公开(公告)号：AU2004310323A1

公开(公告)日：2005-05-26

申请号：AU2004310323

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： KRISCHER MARK ,  ZHOU HAU ,  FRENKEL ILAN ,  WINGET NANCY CAM

IPC: H04L9/00 ,  H04L9/08 ,  H04L29/06

Abstract: A method and implementation is disclosed for secure communication between two or more parties. A secure tunnel is established between parties using an encryption algorithm. An authentication process is performed between parties over the secured tunnel. The provisioning of credentials is thereafter performed between parties.

公开(公告)号：AU2004297933A1

公开(公告)日：2005-06-23

申请号：AU2004297933

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： KRISCHER MARK ,  JAKKAHALLI PADMANABHA ,  STIEGLITZ JEREMY ,  ZHOU HAO ,  GILLAI SAAR ,  WINGET NANCY CAM ,  SALOWEY JOSEPH

IPC: H04L29/06

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

公开(公告)号：AU2004307715A1

公开(公告)日：2005-05-06

申请号：AU2004307715

申请日：2004-09-07

Applicant: CISCO TECH INC

Inventor： WINGET NANCY CAM ,  SAPKOTA BHAWANI

IPC: H04L12/24 ,  H04L12/28 ,  H04L12/56 ,  H04L29/06

Abstract: System architecture and corresponding method for securing the transmission of management frame packets on a network (e.g. IEEE 802.11) is provided. Once a trust relationship is created between a transmitter and a receiver on the network such that the transmitter is authorized to communicate over the network, a key and corresponding message integrity check may be generated in order to sign management frame communications via the network. The message integrity check and a replay protection value may be transmitted with the management frame packet. Upon receipt, the message integrity check and replay protection value are authenticated to verify permitted transmission of the management frame packet.

公开(公告)号：AU2004231612B2

公开(公告)日：2009-11-19

申请号：AU2004231612

申请日：2004-04-16

Applicant: CISCO TECH INC

Inventor： REBO RICHARD D ,  WINGET NANCY CAM ,  GRISWOLD VICTOR J ,  MEIER ROBERT ,  SMITH DOUGLAS

IPC: H04L29/06 ,  H04L12/28 ,  H04W12/06 ,  H04W36/00

Abstract: A method and system for handling roaming mobile nodes in a wireless network. The system uses a Subnet Context Manager to store current Network session keys, security policy and duration of the session (e.g. session timeout) for mobile nodes, which is established when the mobile node is initially authenticated. Pairwise transit keys are derived from the network session key. The Subnet Context Manager handles subsequent reassociation requests. When a mobile node roams to a new access point, the access point obtains the network session key from the Subnet Context Manager and validates the mobile node by computing a new pairwise transient key from the network session key.

公开(公告)号：AU2003295466B2

公开(公告)日：2009-07-23

申请号：AU2003295466

申请日：2003-11-13

Applicant: CISCO TECH INC

Inventor： REBO RICHARD D ,  SMTIH DOUGLAS A ,  GRISWOLD VICTOR J ,  MEIER ROBERT ,  WINGET NANCY CAM

IPC: H04L12/28 ,  H04L29/06 ,  H04W12/06 ,  H04W36/00

Abstract: A method and system for handling roaming mobile nodes in a wireless network. The system uses a Subnet Context Manager to store current Network session keys, security policy and duration of the session (e.g. session timeout) for mobile nodes, which is established when the mobile node is initially authenticated. Pairwise transit keys are derived from the network session key. The Subnet Context Manager handles subsequent reassociation requests. When a mobile node roams to a new access point, the access point obtains the network session key from the Subnet Context Manager and validates the mobile node by computing a new pairwise transient key from the network session key.

公开(公告)号：WO2006091944A3

公开(公告)日：2008-01-17

申请号：PCT/US2006006923

申请日：2006-02-27

Applicant: CISCO TECH INC ,  WINGET NANCY CAM ,  KRISCHER MARK ,  OLSON TIMOTHY S ,  YANG SHEAUSONG

Inventor： WINGET NANCY CAM ,  KRISCHER MARK ,  OLSON TIMOTHY S ,  YANG SHEAUSONG

IPC: H04M1/66 ,  H04W12/06 ,  H04W12/12 ,  H04W40/24 ,  H04W84/12 ,  H04W84/18

CPC classification number: H04W12/12 ,  H04L63/0492 ,  H04L63/107 ,  H04L63/1408 ,  H04L63/1466 ,  H04W12/06 ,  H04W40/246 ,  H04W84/12 ,  H04W84/18

Abstract: In a wireless local area network, a method for detecting the presence of an unauthorized device comprises: detecting the presence of neighboring devices from which management frames can be sent; saving a representation of each neighboring device present; receiving a management frame purporting to be from one of the detected device; determining that the received management frame was sent by an unauthorized device; and indicating the presence of the unauthorized device.

Abstract translation: 在无线局域网中，用于检测未授权设备的存在的方法包括：检测可以发送管理帧的相邻设备的存在; 保存存在的每个相邻设备的表示; 接收来自检测到的设备之一的管理帧; 确定所接收的管理帧是由未经授权的设备发送的; 并指示未经授权的设备的存在。

公开(公告)号：AU2004297933B2

公开(公告)日：2010-01-07

申请号：AU2004297933

申请日：2004-10-12

Applicant: CISCO TECH INC

Inventor： KRISCHER MARK ,  JAKKAHALLI PADMANABHA ,  STIEGLITZ JEREMY ,  ZHOU HAO ,  GILLAI SAAR ,  WINGET NANCY CAM ,  SALOWEY JOSEPH

IPC: H04L29/06

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

公开(公告)号：AU2003295466C1

公开(公告)日：2010-01-07

申请号：AU2003295466

申请日：2003-11-13

Applicant: CISCO TECH INC

Inventor： REBO RICHARD D ,  SMTIH DOUGLAS A ,  GRISWOLD VICTOR J ,  MEIER ROBERT ,  WINGET NANCY CAM

IPC: H04L12/28 ,  H04L29/06 ,  H04W12/06 ,  H04W36/00

Abstract: A method and system for handling roaming mobile nodes in a wireless network. The system uses a Subnet Context Manager to store current Network session keys, security policy and duration of the session (e.g. session timeout) for mobile nodes, which is established when the mobile node is initially authenticated. Pairwise transit keys are derived from the network session key. The Subnet Context Manager handles subsequent reassociation requests. When a mobile node roams to a new access point, the access point obtains the network session key from the Subnet Context Manager and validates the mobile node by computing a new pairwise transient key from the network session key.

公开(公告)号：AU2004244634B2

公开(公告)日：2009-02-19

申请号：AU2004244634

申请日：2004-05-27

Applicant: CISCO TECH INC

Inventor： WINGET NANCY CAM

IPC: H04L12/28 ,  H04L12/56 ,  H04L29/06 ,  H04W12/06 ,  H04W36/00 ,  H04W36/08 ,  H04W84/12

Abstract: A method and system for pre-authenticating a pre-establishing key management on a roaming device prior to re-association to facilitate fast hand-off in a wireless network is described. For enhanced mobility, both authentication and key establishment is performed prior to re-association of the roaming device between access points. When the roaming device enters in contact with one of the access points, a local authentication is performed between the access point and the roaming device prior to re-association with the access point to allow for fast hand-offs of the device between access points within the network.