公开(公告)号：WO2023004405A1

公开(公告)日：2023-01-26

申请号：PCT/US2022/074035

申请日：2022-07-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： HENRY, Jerome ,  SAMUEL, Louis G. ,  GRAYSON, Mark ,  BRINCKMAN, Bart A. ,  BARTON, Robert E. ,  PIGNATARO, Carlos M. ,  NAINAR, Nagendra Kumar ,  MACPHERSON, Matthew

IPC: H04W12/69 ,  H04W12/02 ,  H04L9/40 ,  H04W12/084

Abstract: Federation policy exchange is provided in response to receiving a sharing query from an Access Point (AP) indicating that an associated wireless network supports federated identities with data sharing, determining whether the sharing query is within sharing preferences; and in response to determining that the sharing query is within the sharing preferences, transmitting, to the AP, a positive response for identity sharing that authorizes collection and sharing of identity data with at least one entity identified in a sharing policy for the associated wireless network. In various embodiments, federation policy exchange includes transmitting a support notification, via an AP, indicating support for federated identities with data sharing within a wireless network associated with the AP; and in response to receiving a first identify sharing preference from a User Equipment (UE) that indicates that negotiation is preferred, transmitting a sharing policy for the wireless network to the UE.

公开(公告)号：WO2021126649A1

公开(公告)日：2021-06-24

申请号：PCT/US2020/064175

申请日：2020-12-10

Applicant: CISCO TECHNOLOGY, INC.

Inventor： SAMUEL, Louis, Gwyn ,  GUNDAVELLI, Srinath ,  BULL, Oliver, James ,  GRAYSON, Mark ,  LAKKARAJU, Sangram, Kishore ,  MURTHY, Shree, N.

IPC: H04L29/06 ,  H04W28/02 ,  H04W12/033 ,  H04W12/08 ,  H04L12/4633 ,  H04L12/4641 ,  H04L47/20 ,  H04L63/0272 ,  H04W28/0268 ,  H04W60/00 ,  H04W76/11 ,  H04W76/12 ,  H04W76/16 ,  H04W8/08 ,  H04W80/02

Abstract: Techniques are described for integrating cellular access within an enterprise fabric. In one example, a method includes obtaining, by a cellular termination function via a cellular access point, a request from a client for data plane connectivity via a network, wherein the cellular access point is registered within the network and is in communication with a first switch of the network; obtaining, by the cellular termination function, cellular policy information and enterprise policy information for the client; obtaining, by the cellular termination function, an Internet Protocol (IP) address for the client; and establishing data plane connectivity for the client with the network via the cellular access point, the first switch of the network, and a second switch of the network based, at least in part, on the IP address for the client, wherein the second switch connects the network with one or more data networks.

公开(公告)号：WO2018231590A1

公开(公告)日：2018-12-20

申请号：PCT/US2018/036092

申请日：2018-06-05

Applicant: CISCO TECHNOLOGY, INC.

Inventor： PATIL, Santosh Ramrao ,  GRAYSON, Mark ,  PULARIKKAL, Gangadharan Byju

IPC: H04L12/707

Abstract: An example method is provided in one example embodiment and may include receiving, at a packet data network gateway (PGW), a packet associated with an Internet Protocol (IP) flow of a user equipment (UE); identifying a routing rule associated with the IP flow, wherein the routing rule comprises routing access information that identifies whether the IP flow can be routed across a plurality of access networks using weighted link aggregation; and selecting a particular access network to facilitate communications for the IP flow of the UE based on the routing rule. In some cases, the selecting can include assigning the IP flow of the UE to a bearer established for the UE for the particular access network.

公开(公告)号：WO2018009344A1

公开(公告)日：2018-01-11

申请号：PCT/US2017/038766

申请日：2017-06-22

Applicant: CISCO TECHNOLOGY, INC.

Inventor： BULL, Oliver James ,  GRAYSON, Mark

IPC: H04W16/14 ,  H04W88/08

Abstract: A method is provided in one example embodiment and may include configuring a slice identity for each of a plurality of virtual radio access network (vRAN) slices, wherein each vRAN slice comprises functionality to perform, at least in part, one or more radio protocol operations on subscriber traffic; configuring an allotment of radio resources that can be utilized by each vRAN slice of the plurality of vRAN slices; receiving, by a slice manager, a subscriber profile identity (SPID) for a subscriber; and mapping the SPID for the subscriber to a particular vRAN slice of the plurality of vRAN slices. The method can further include communicating the mapping for the subscriber to the particular vRAN slice to which the SPID is mapped. The method can further include communicating the allotment of radio resources that can be utilized by the particular vRAN slice to the particular vRAN slice.

Abstract translation: 在一个示例实施例中提供了一种方法，并且可以包括为多个虚拟无线电接入网络（vRAN）切片中的每一个配置切片身份，其中每个vRAN切片包括用于执行至少在 部分，一个或多个用户业务的无线协议操作; 配置可由所述多个vRAN片中的每个vRAN片利用的无线电资源的分配; 切片管理器接收订户的订户简档标识（SPID） 以及将订户的SPID映射到多个vRAN切片中的特定vRAN切片。 该方法可以进一步包括将订户的映射传送给SPID映射到的特定vRAN切片。 该方法可以进一步包括将可以由特定vRAN切片使用的无线电资源的分配传送给特定vRAN切片。

公开(公告)号：WO2017210216A1

公开(公告)日：2017-12-07

申请号：PCT/US2017/035051

申请日：2017-05-30

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GRAYSON, Mark ,  NUSS, Ziv

IPC: H04W12/04 ,  H04L29/06 ,  H04W84/12 ,  H04W12/06

Abstract: An example method is provided in one example embodiment and may include subscribing to a key distribution service by a plurality of Wi-Fi access points belonging to a same mobility domain; receiving a request from a user equipment to connect to a first Wi-Fi access point of the plurality of Wi-Fi access points belonging to the same mobility domain; determining one or more second Wi-Fi access points of the plurality of Wi-Fi access points belonging to the same mobility domain that neighbor the first Wi-Fi access points; and distributing keying parameters to each of the one or more second Wi-Fi access points. The keying parameters can be associated with 802.11r pairwise master key (PMK) keying parameters.

Abstract translation: 在一个示例实施例中提供了示例方法，并且可以包括由属于相同移动域的多个Wi-Fi接入点订阅密钥分发服务; 接收来自用户设备的连接到属于同一移动域的所述多个Wi-Fi接入点中的第一Wi-Fi接入点的请求; 确定属于与第一Wi-Fi接入点相邻的相同移动域的多个Wi-Fi接入点中的一个或多个第二Wi-Fi接入点; 以及将密钥参数分发给一个或多个第二Wi-Fi接入点中的每一个。 密钥参数可以与802.11r成对主密钥（PMK）密钥参数相关联。

公开(公告)号：WO2011046730A1

公开(公告)日：2011-04-21

申请号：PCT/US2010/050201

申请日：2010-09-24

Applicant: CISCO TECHNOLOGY, INC. ,  GUNDAVELLI, Srinath ,  BROCKNERS, Frank ,  GRAYSON, Mark ,  LEUNG, Kent, K. ,  ANDREASEN, Flemming, S.

Inventor： GUNDAVELLI, Srinath ,  BROCKNERS, Frank ,  GRAYSON, Mark ,  LEUNG, Kent, K. ,  ANDREASEN, Flemming, S.

IPC: H04L29/12

CPC classification number: H04L45/741 ,  H04L12/4633 ,  H04L29/12367 ,  H04L29/12377 ,  H04L61/106 ,  H04L61/2514 ,  H04L61/2517 ,  H04L69/22

Abstract: An example method is provided and includes receiving a packet associated with a flow, determining a tunnel identifier for the flow, and determining a flow identifier for the flow. The method includes associating the flow identifier and the tunnel identifier to an Internet protocol (IP) address to generate a binding to be used for a network address and port translation (NAPT). In other embodiments, a routing decision is executed based on the binding between the identifiers and the IP address. The flow identifier can be a context identifier (CID), and the tunnel identifier can be a softwire tunnel ID. In yet other embodiments, the packet can be tagged as part of an encapsulation operation, which includes providing information about a network location at which the network address and port translation is to be executed.

Abstract translation: 提供了示例性方法，并且包括接收与流相关联的分组，确定流的隧道标识符，以及确定流的流标识符。 该方法包括将流标识符和隧道标识符与因特网协议（IP）地址相关联，以生成用于网络地址和端口转换（NAPT）的绑定。 在其他实施例中，基于标识符和IP地址之间的绑定来执行路由决定。 流标识符可以是上下文标识符（CID），隧道标识符可以是软线隧道ID。 在其他实施例中，分组可以被标记为封装操作的一部分，其包括提供关于将要执行网络地址和端口转换的网络位置的信息。

公开(公告)号：WO2023283086A1

公开(公告)日：2023-01-12

申请号：PCT/US2022/035482

申请日：2022-06-29

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GRAYSON, Mark ,  LA ROCHE, Humberto Jose

IPC: H04W16/14

Abstract: System, methods, and computer-readable media for a Neutral Host (NH) operation of a 5G radio, whereby a NH operator receives feedback from hosts and determines to partition Physical Resource Block (PRB) resources. Thus, a NH system is provided that enables a third-party to independently operate other channels, whereby individual physical random access channels (PRACH) are operated by independent hosts. The NH system is able to indicate partitioned resources to individual hosts, including PRACH definition and mutually exclusive set of PRBs partitioned between tenants. The hosts operating in the NH system may be operable to implement their own independent schedulers, incorporating host specific logic, that can be configured with the partitioned resources but which may further operate independently of each other.

公开(公告)号：WO2021146164A1

公开(公告)日：2021-07-22

申请号：PCT/US2021/013040

申请日：2021-01-12

Applicant: CISCO TECHNOLOGY, INC.

Inventor： SMITH, Malcolm Muir ,  BRINCKMAN, Bart ,  GRAYSON, Mark ,  HENRY, Jerome ,  MACPHERSON, Matthew Stephen

IPC: H04L29/06 ,  H04L9/32 ,  H04W12/06 ,  H04W12/08 ,  H04W12/67 ,  H04L29/08 ,  H04W48/00 ,  H04L63/0807 ,  H04L63/0815 ,  H04L63/0892 ,  H04L63/10 ,  H04L63/102 ,  H04L63/205 ,  H04L9/088 ,  H04L9/3213 ,  H04L9/3226 ,  H04L9/3231 ,  H04L9/3263

Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.

公开(公告)号：WO2021126617A1

公开(公告)日：2021-06-24

申请号：PCT/US2020/063924

申请日：2020-12-09

Applicant: CISCO TECHNOLOGY, INC.

Inventor： GUNDAVELLI, Srinath ,  LAKKARAJU, Sangram Kishore ,  GRAYSON, Mark ,  SAMUEL, Louis Gwyn ,  STAMMERS, Timothy Peter

IPC: H04W12/06 ,  H04W12/72 ,  H04L63/083 ,  H04L63/0892 ,  H04W12/043 ,  H04W8/04 ,  H04W8/18 ,  H04W8/26 ,  H04W88/06 ,  H04W92/24

Abstract: Techniques are described to provide for authentication and subscription management that are decoupled from a Home Subscriber Server (HSS). In one example, a method includes providing a device profile at an authentication function, wherein the device profile comprises identification information for a device for a plurality of access types including a first identifier for the device associated with a cellular access and a second identifier for the device associated with a wireless local area network access; obtaining an access request message associated with the device for the cellular access, wherein the access request message comprises the first identifier and an authentication attribute; generating authentication information for authenticating the device for the cellular access based, at least in part, on the authentication attribute; and generating, for transmission, an access accept message for the cellular access, wherein the access accept message comprises the first identifier, the second identifier, and the authentication information.

公开(公告)号：WO2008127877A1

公开(公告)日：2008-10-23

申请号：PCT/US2008/059203

申请日：2008-04-03

Applicant: CISCO TECHNOLOGY, INC. ,  GRAYSON, Mark ,  ROSENBERG, Jonathan, D.

Inventor： GRAYSON, Mark ,  ROSENBERG, Jonathan, D.

IPC: G06F17/30

CPC classification number: H04W12/06 ,  H04W92/10

Abstract: In one embodiment, a method can include: (i) performing an initial authentication with a mobile device in an access gateway, the access gateway being a point of attachment; (ii) forwarding a first message from the mobile device to an edge proxy; (iii) receiving a second message from the edge proxy; and (iv) returning a modified version of the second message to the edge proxy for a final authentication of the mobile device.

Abstract translation: 在一个实施例中，一种方法可以包括：（i）对接入网关中的移动设备执行初始认证，所述接入网关是附着点; （ii）将第一消息从所述移动设备转发到边缘代理; （iii）从边缘代理接收第二消息; 以及（iv）将所述第二消息的修改版本返回给所述边缘代理以进行所述移动设备的最终认证。