公开(公告)号：US12244695B2

公开(公告)日：2025-03-04

申请号：US18050083

申请日：2022-10-27

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ruiyao Yang ,  David Wilson ,  Zhou Wang ,  Youhe Zhang ,  Feng Ding

IPC: H04L9/40 ,  H04L9/08 ,  H04L9/32

Abstract: A process includes accessing a first message that is sent from an access point device. The first message includes data representing a second message that is sent by a client device. The second message is part of an exchange of messages between the client device and the access point device associated with authentication of the client device and a derivation of a first key used to encrypt and decrypt data communicated between the client device and the access point device. The second message includes a first message integrity check value. The process includes identifying, based on the second message, a pre-shared key corresponding to the client device. The identification of the pre-shared key includes determining a second message integrity check value based on a candidate pre-shared key of a plurality of candidate pre-shared keys; comparing the second message integrity check value with the first message integrity check value; and based on a result of the comparison, selecting the given candidate pre-shared key as the pre-shared key. The process includes determining a user role based on the pre-shared key. The process includes causing a third message to be sent to the access point device, where the third message includes data representing the pre-shared key and data representing the user role.

公开(公告)号：US20250168157A1

公开(公告)日：2025-05-22

申请号：US18516180

申请日：2023-11-21

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Feng Ding ,  Hao Lu ,  Youhe Zhang

IPC: H04L9/40

Abstract: In some examples, a network device receives, from an orchestration server, a name for use in obtaining a certificate. The network device sends, to a certificate enrollment server, a certificate request comprising the name, and receives, from the certificate enrollment server, a response to the certificate request, the response including information of the certificate that is based on the name in the certificate request. The network device detects that an authentication server is unavailable for an authentication procedure for a client coupled to the network device. Based on detecting that the authentication server is unavailable, the network device uses the certificate based on the name in the certificate request as part of the authentication procedure between the network device and the client.

公开(公告)号：US20240146512A1

公开(公告)日：2024-05-02

申请号：US18050083

申请日：2022-10-27

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Ruiyao Yang ,  David Wilson ,  Zhou Wang ,  Youhe Zhang ,  Feng Ding

IPC: H04L9/08 ,  H04L9/32

CPC classification number: H04L9/0825 ,  H04L9/085 ,  H04L9/3242

Abstract: A process includes accessing a first message that is sent from an access point device. The first message includes data representing a second message that is sent by a client device. The second message is part of an exchange of messages between the client device and the access point device associated with authentication of the client device and a derivation of a first key used to encrypt and decrypt data communicated between the client device and the access point device. The second message includes a first message integrity check value. The process includes identifying, based on the second message, a pre-shared key corresponding to the client device. The identification of the pre-shared key includes determining a second message integrity check value based on a candidate pre-shared key of a plurality of candidate pre-shared keys; comparing the second message integrity check value with the first message integrity check value; and based on a result of the comparison, selecting the given candidate pre-shared key as the pre-shared key. The process includes determining a user role based on the pre-shared key. The process includes causing a third message to be sent to the access point device, where the third message includes data representing the pre-shared key and data representing the user role.