公开(公告)号：US20230308876A1

公开(公告)日：2023-09-28

申请号：US18325288

申请日：2023-05-30

Applicant: Cisco Technology, Inc.

Inventor： Ugo Mario Campiglio ,  Amine Choukir ,  Roberto Muccifora ,  Domenico Ficara ,  Sachin Dinkar Wakudkar

IPC: H04W12/069 ,  H04W12/71 ,  H04W12/041 ,  H04W12/033

CPC classification number: H04W12/069 ,  H04W12/71 ,  H04W12/041 ,  H04W12/033

Abstract: A method for providing multicast frames in a Multi-Dwelling Unit (MDU) is provided herein. An Access Point (AP) can receive a join request from a first client device. The AP can generate a Group Master Key (GMK) from the Pre-Shared Key (PSK) associated with a Basic Service Set (BSS) that includes the first client device. The AP can then derive a Group Transient Key (GTK) from the GMK. The AP may then send the GTK to the first client device. Thereinafter, the AP can send multicast frames to the first client device encrypted by the GTK. The first client device can decrypt the multicast frames with the GTK. However, a second client device, that does not share the PSK, may receive the multicast frame but cannot decrypt the multicast frames.

公开(公告)号：US20230300751A1

公开(公告)日：2023-09-21

申请号：US17696343

申请日：2022-03-16

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Amine Choukir ,  Roberto Muccifora ,  Vincent Cuissard ,  Thomas Vegas

IPC: H04W52/02

CPC classification number: H04W52/0235

Abstract: Presented herein are techniques for extending Target Wake Time (TWT) to provide for randomizing and changing media access control (MAC) address (RCM) signaling. According to certain embodiments, a client device operating in a wireless network determines a TWT for the client device. Next, the client device determines that it will change from using a first MAC address to a using second MAC address. Finally, the client device generates, for transmission to an access point device that serves wireless communication in the wireless network, a TWT signaling message. The TWT signaling message indicates the TWT for the client device and the second MAC address.

公开(公告)号：US20220385624A1

公开(公告)日：2022-12-01

申请号：US17329827

申请日：2021-05-25

Applicant: Cisco Technology, Inc.

Inventor： Roberto Muccifora ,  Domenico Ficara ,  Amine Choukir ,  Anirban Karmakar ,  Vincent Cuissard ,  Sudhir Kumar Jain

IPC: H04L29/12

Abstract: Techniques are provided that rotate a device address used to identify a wireless client device on a wireless network. The wireless client device and at least one network infrastructure component identify a plurality of device addresses associated with the wireless client device. In some embodiments, the plurality of device addresses are generated via a corresponding plurality of invocations of a stateful random number generator, such as a cryptographically secure pseudorandom number generator.

公开(公告)号：US20210185533A1

公开(公告)日：2021-06-17

申请号：US16712334

申请日：2019-12-12

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Mirko Raca ,  Lorenzo Granai ,  Leo Caldarola ,  Roberto Muccifora ,  Francisco Sedano Crippa

IPC: H04W12/08 ,  H04W8/00 ,  H04W64/00 ,  H04W12/06

Abstract: In one embodiment, a method in a multi-tenant wireless network comprises determining a first user private network (UPN) for a first device of a first user. The first UPN provides discovery, by the first device, of other devices on the wireless network to a first subset of other devices on the wireless network. The method further comprises determining a second UPN for the first device of the first user. The second UPN provides discovery, by the first device, of other devices on the wireless network to a second subset of other devices on the wireless network. The method further comprises providing discovery of the first subset and second subset of other devices on the wireless network to the first device of the first user. Discovery of the second subset is provided dynamically based on a current location of the first device.

公开(公告)号：US12192770B2

公开(公告)日：2025-01-07

申请号：US17731689

申请日：2022-04-28

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Roberto Muccifora ,  Amine Choukir ,  Robert Barton ,  Jerome Henry ,  Arun Khanna

IPC: H04W12/122 ,  H04W12/106 ,  H04W12/73

Abstract: A method is provided that is performed in a wireless network to detect a rogue wireless device. The method comprises detecting a suspect wireless device in the wireless network based on messages transmitted by the suspect wireless device using a first Media Access Control (MAC) address that is also used by a valid wireless device in the wireless network. When a suspect wireless device is detected, the method next includes sending to the valid wireless device in the wireless network a request configured to cause the valid wireless device to change its MAC address. After the valid wireless device has changed its MAC address, the method involves observing messages transmitted by the suspect wireless device in the wireless network. The method then includes determining that the suspect wireless device is a rogue device when the suspect wireless device continues to transmit messages using the first MAC address.

公开(公告)号：US20230354034A1

公开(公告)日：2023-11-02

申请号：US17731689

申请日：2022-04-28

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Roberto Muccifora ,  Amine Choukir ,  Robert Barton ,  Jerome Henry ,  Arun Khanna

IPC: H04W12/122 ,  H04W12/73 ,  H04W12/106

CPC classification number: H04W12/122 ,  H04W12/73 ,  H04W12/106

Abstract: A method is provided that is performed in a wireless network to detect a rogue wireless device. The method comprises detecting a suspect wireless device in the wireless network based on messages transmitted by the suspect wireless device using a first Media Access Control (MAC) address that is also used by a valid wireless device in the wireless network. When a suspect wireless device is detected, the method next includes sending to the valid wireless device in the wireless network a request configured to cause the valid wireless device to change its MAC address. After the valid wireless device has changed its MAC address, the method involves observing messages transmitted by the suspect wireless device in the wireless network. The method then includes determining that the suspect wireless device is a rogue device when the suspect wireless device continues to transmit messages using the first MAC address.

公开(公告)号：US20230262465A1

公开(公告)日：2023-08-17

申请号：US17674304

申请日：2022-02-17

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Roberto Muccifora ,  Robert Edgar Barton ,  Jerome Henry ,  Stephen Michael Orr ,  Amine Choukir

IPC: H04W12/122

CPC classification number: H04W12/122

Abstract: Methods are provided to determine validity of a MAC address. The methods involve obtaining a media access control (MAC) address validity message that indicates a plurality of valid MAC addresses in the wireless network using a fully-exploded format or a probabilistic data structure and determining whether a MAC address is valid based on the MAC address validity message. Other methods involve obtaining a query regarding a validity of a media access control (MAC) address, determining whether the MAC address is a value included in a data set of expected values of a probabilistic data structure. The data set represents a list of MAC addresses. The other methods involve determining whether the MAC address is valid in the wireless network based on determining whether the MAC address is the value included in the data set and providing a response indicating whether the MAC address is valid.

公开(公告)号：US20230099666A1

公开(公告)日：2023-03-30

申请号：US17487260

申请日：2021-09-28

Applicant: Cisco Technology, Inc.

Inventor： Sachin Dinkar Wakudkar ,  Roberto Muccifora ,  FNU Sandesh ,  Shiva Prasad Maheshuni

IPC: H04L29/06

Abstract: Techniques and architecture are described for determining an identity of a client device and utilizing security policies associated with the client device provided by a device identity entity. For example, a tag associated with security policies is created for use in enforcing the security policies by a security policy enforcement entity associated with a cloud network. The techniques and architecture also allow for identification of a particular user on a client device that may be shared by multiple users based at least in part on the user accessing an application. Also, the techniques and architecture described herein provide a generic and agnostic approach to enforcing security policies for users and/or client devices.

公开(公告)号：US20160182215A1

公开(公告)日：2016-06-23

申请号：US14575832

申请日：2014-12-18

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Salvatore Valenza ,  Domenico Ficara ,  Roberto Muccifora ,  Leo Caldarola ,  Davide Cuda

IPC: H04L7/00 ,  H04L12/417

CPC classification number: H04L12/417 ,  H04L43/0852 ,  H04L47/283

Abstract: In one embodiment, a method includes receiving packets in a flow at a network device in a deterministic network, wherein at least one of the packets is transmitted from a source out of sync due to collision with another flow at the source, analyzing at the network device, the flow to reconstruct a period of the flow, and processing at the network device, the packets according to the period to synchronize the processing of the packets at the network device with the source and remove jitter from the flow. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在确定性网络中的网络设备的流中接收分组，其中至少一个分组是由于与来自源的另一流的冲突而从源不同步传送的，在网络分析 设备，流量重建流量的一段时间，并在网络设备处理，根据周期的数据包，同步处理网络设备上的数据包与源，并从流中删除抖动。 本文还公开了一种装置和逻辑。

公开(公告)号：US09363275B2

公开(公告)日：2016-06-07

申请号：US14109590

申请日：2013-12-17

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Domenico Ficara ,  Salvatore Valenza ,  Roberto Muccifora ,  Leo Caldarola

IPC: G06F17/00 ,  G06N5/02 ,  H04L29/06 ,  G06F9/44

CPC classification number: H04L63/1408 ,  G06F9/4498

Abstract: In one embodiment, a method includes sampling text in a received packet at a network device and analyzing the sampled text using a sampled deterministic finite automata (DFA) to identify matches between a set of regular expressions and the text. The sampled DFA is created with the regular expressions sampled at a sampling rate calculated for the regular expressions using operations including selecting a minimum sampling rate from sampling rates computed for each of the regular expressions based on a minimum length of the text that can match the regular expression. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在网络设备处接收的分组中对文本进行采样，并使用采样的确定性有限自动机（DFA）分析采样的文本，以识别一组正则表达式和文本之间的匹配。 采用采样的DFA进行创建，其中采用以正则表达式计算的采样率采样的正则表达式，其中包括从基于最大长度的文本中选择最小采样率，该采样率基于每个正则表达式计算的采样率， 表达。 本文还公开了一种装置和逻辑。