公开(公告)号：US20240422202A1

公开(公告)日：2024-12-19

申请号：US18817942

申请日：2024-08-28

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Stephen Michael Orr

IPC: H04L9/40 ,  H04L61/50 ,  H04L101/622 ,  H04W12/00

Abstract: Techniques are provided for client-driven Randomized and Changing Media Access Control (MAC) address (RCM) mechanisms. In one example, a wireless client is configured to wirelessly communicate with a wireless network. The wireless client obtains data relating to a level of security for one or more MAC addresses of the wireless client. Based on the data, the wireless client computes a score that represents the level of security for the one or more MAC addresses. Using the score, the wireless client determines when or how frequently to rotate the one or more MAC addresses. Based on determining when or how frequently to rotate the one or more MAC addresses, the wireless client rotates the one or more MAC addresses.

公开(公告)号：US20240388581A1

公开(公告)日：2024-11-21

申请号：US18789099

申请日：2024-07-30

Applicant: Cisco Technology, Inc.

Inventor： Shree N. Murthy ,  Stephen Michael Orr

IPC: H04L9/40

Abstract: Methods are provided that support media access control (MAC) address rotation (RCM) by generating a passcode for associating a user defined network by one or more endpoint devices instead of using MAC addresses for their respective device identity. In these methods, a computing device obtains a registration request for establishing a user defined network (UDN) and generates a unique UDN identifier and a unique passcode associated with the unique UDN identifier. The unique passcode enables an authentication of one or more endpoint devices to connect to the UDN. The authentication is independent of the MAC address of a respective endpoint device. The computing device provides the UDN identifier and the unique passcode such that the UDN identifier and the unique passcode are for connecting the one or more endpoint devices to the UDN.

公开(公告)号：US20240291639A1

公开(公告)日：2024-08-29

申请号：US18115718

申请日：2023-02-28

Applicant: Cisco Technology, Inc.

Inventor： Kapildeep Singh Bakshi ,  Craig Thomas Hill ,  Raymond Allan Blair ,  Michael Alan Kowal ,  Steven M. Carter ,  Stephen Michael Orr

IPC: H04L9/08 ,  H04L9/14 ,  H04L9/32 ,  H04L9/40 ,  H04W12/64

CPC classification number: H04L9/083 ,  H04L9/08 ,  H04L9/14 ,  H04L9/321 ,  H04L9/40 ,  H04W12/64

Abstract: Techniques for ensuring that geographic location specific security policies are enforce for an agent or agent device. An Agent service of an agent device accesses an Agent Authentication Service for a key to initiate one or more functions of the agent device. The Agent Authentication Service determines the location of the agent device and determines whether the agent device is within an approved geographic location based on geographic location specific security policies. If the agent device is within the approved geographic location, the Agent Authentication Services accesses a Key Management Service for a cryptographic key and delivers the cryptographic key to the Agent. If the Agent Authentication Service determines that the Agent device is outside of the approved location, access to the cryptographic key is denied.

公开(公告)号：US11991144B2

公开(公告)日：2024-05-21

申请号：US17731335

申请日：2022-04-28

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert Edgar Barton ,  Stephen Michael Orr ,  Malcolm Muir Smith

IPC: H04L61/2596 ,  H04L61/251 ,  H04L61/5069 ,  H04L69/14

CPC classification number: H04L61/2596 ,  H04L61/251 ,  H04L61/5069 ,  H04L69/14

Abstract: A method comprising: at a multi-link device (MLD) configured for multi-link operation: establishing a first Internet Protocol (IP) stack of a first IP type and configured with a first IP address of the first IP type, wherein the first IP stack is associated to a first MLD media access control (MAC) address of a first station of the MLD; establishing a second IP stack of a second IP type and configured with a second IP address of the second IP type, wherein the second IP stack exists concurrently with the first IP stack and is associated to a second MLD MAC address of a second station of the MLD; and exchanging, with a peer MLD, IP traffic using one or more of (i) the first IP stack and the first MLD MAC address, and (ii) the second IP stack and the second MLD MAC address.

公开(公告)号：US20240089731A1

公开(公告)日：2024-03-14

申请号：US18519285

申请日：2023-11-27

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Stephen Michael Orr ,  Robert E. Barton

IPC: H04W12/0431 ,  H04W12/03 ,  H04W12/06 ,  H04W12/73

CPC classification number: H04W12/0431 ,  H04W12/03 ,  H04W12/06 ,  H04W12/73

Abstract: Rotation of a wireless client device address is based on an encryption key and a nonce value. Key information and nonce value information are shared between a wireless client device and a network infrastructure component over a secure communication channel. The wireless client device encrypts the nonce value using the key information and encodes the encrypted value as a device address. The wireless client device then identifies itself via a source address value in a message transmitted over a wireless network. Upon receiving the message, the network infrastructure component decrypts information derived from the source address value and compares the resulting data to the nonce value. If a match is identified, the network infrastructure identifies the wireless client device as a source of the message. In some embodiments, the nonce value is updated with each rotation to provide for improved entropy of generated device addresses.

公开(公告)号：US20220377042A1

公开(公告)日：2022-11-24

申请号：US17556277

申请日：2021-12-20

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Stephen Michael Orr

IPC: H04L61/5038 ,  H04L101/622

Abstract: Techniques herein facilitate a device address rotation management protocol that may be implemented for a wireless local area network (WLAN), which can be used to influence when wireless client devices or stations may rotate their Media Access Control (MAC) addresses, how to perform such rotations, and/or the like. In one example, a method may include providing, by an access point (AP), a first communication indicating that the AP supports a MAC address rotation management protocol; obtaining, by the AP, a second communication from a wireless station (STA) indicating that the STA intends to perform a MAC address rotation; and transmitting, by the AP, a third communication to influence the MAC address rotation of the STA, the third communication comprising a rotation status indicator and timing information.

公开(公告)号：US10405204B2

公开(公告)日：2019-09-03

申请号：US15581213

申请日：2017-04-28

Applicant: Cisco Technology, Inc.

Inventor： Michael Alan Kowal ,  Stephen Michael Orr ,  Robert Edgar Barton ,  Jerome Henry ,  Malcolm Muir Smith

IPC: H04W24/02 ,  H04W28/02 ,  H04W88/08 ,  H04W28/08

Abstract: Presented herein are techniques for optimizing spectral efficiency in a network. One or more metrics of one or more wireless access points that enable one or more wireless client devices to connect to a wireless network are monitored. The one or more metrics reflect a level of client device activity. Based on the one or more metrics, the level of client device activity is determined to require a change in a number of the one or more wireless access points that are active to serve the one or more wireless client devices. The one or more wireless access points are activated or deactivated to improve a spectral efficiency of the wireless network.

公开(公告)号：US12231395B2

公开(公告)日：2025-02-18

申请号：US18476821

申请日：2023-09-28

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Stephen Michael Orr

IPC: H04L61/5038 ,  H04W84/12 ,  H04L101/622

Abstract: Techniques herein facilitate a device address rotation management protocol that may be implemented for a wireless local area network (WLAN), which can be used to influence when wireless client devices or stations may rotate their Media Access Control (MAC) addresses, how to perform such rotations, and/or the like. In one example, a method may include providing, by an access point (AP), a first communication indicating that the AP supports a MAC address rotation management protocol; obtaining, by the AP, a second communication from a wireless station (STA) indicating that the STA intends to perform a MAC address rotation; and transmitting, by the AP, a third communication to influence the MAC address rotation of the STA, the third communication comprising a rotation status indicator and timing information.

公开(公告)号：US12160452B2

公开(公告)日：2024-12-03

申请号：US17673310

申请日：2022-02-16

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Stephen Michael Orr

IPC: H04L29/12 ,  H04L9/40 ,  H04L61/50 ,  H04W12/00 ,  H04L101/622 ,  H04W8/26 ,  H04W84/12

Abstract: Techniques are provided for client-driven Randomized and Changing Media Access Control (MAC) address (RCM) mechanisms. In one example, a wireless client is configured to wirelessly communicate with a wireless network. The wireless client obtains data relating to a level of security for one or more MAC addresses of the wireless client. Based on the data, the wireless client computes a score that represents the level of security for the one or more MAC addresses. Using the score, the wireless client determines when or how frequently to rotate the one or more MAC addresses. Based on determining when or how frequently to rotate the one or more MAC addresses, the wireless client rotates the one or more MAC addresses.

公开(公告)号：US20240259340A1

公开(公告)日：2024-08-01

申请号：US18591198

申请日：2024-02-29

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert Edgar Barton ,  Stephen Michael Orr ,  Malcolm Muir Smith

IPC: H04L61/2596 ,  H04L61/251 ,  H04L61/5069 ,  H04L69/14

CPC classification number: H04L61/2596 ,  H04L61/251 ,  H04L61/5069 ,  H04L69/14

Abstract: A method comprising: at a multi-link device (MLD) configured for multi-link operation: establishing a first Internet Protocol (IP) stack of a first IP type and configured with a first IP address of the first IP type, wherein the first IP stack is associated to a first MLD media access control (MAC) address of a first station of the MLD; establishing a second IP stack of a second IP type and configured with a second IP address of the second IP type, wherein the second IP stack exists concurrently with the first IP stack and is associated to a second MLD MAC address of a second station of the MLD; and exchanging, with a peer MLD, IP traffic using one or more of (i) the first IP stack and the first MLD MAC address, and (ii) the second IP stack and the second MLD MAC address.