公开(公告)号：US11902246B2

公开(公告)日：2024-02-13

申请号：US17731652

申请日：2022-04-28

Applicant: Cisco Technology, Inc.

Inventor： Robert Edgar Barton ,  Jerome Henry ,  Stephen Michael Orr

IPC: H04L61/5076 ,  H04L61/5061 ,  H04L61/5007

CPC classification number: H04L61/5076 ,  H04L61/5007 ,  H04L61/5061

Abstract: A method is provided that is performed for a wireless network that includes one or more wireless client devices that may rotate their media access control (MAC) address used for wireless communication with one or more wireless access point devices in the wireless network. The method includes determining an impact of MAC address rotation by the one or more wireless client devices on operational resources of one or more networking devices or networking processes in a network infrastructure associated with the wireless network. The method further includes scheduling MAC address rotation by the one or more wireless client devices according to the impact on operational resources of the one or more networking devices or networking processes in the network infrastructure.

公开(公告)号：US20230353532A1

公开(公告)日：2023-11-02

申请号：US17731335

申请日：2022-04-28

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert Edgar Barton ,  Stephen Michael Orr ,  Malcolm Muir Smith

IPC: H04L61/2596 ,  H04L61/5069 ,  H04L61/5053 ,  H04L61/251

CPC classification number: H04L61/2596 ,  H04L61/5069 ,  H04L61/5053 ,  H04L61/251

Abstract: A method comprising: at a multi-link device (MLD) configured for multi-link operation: establishing a first Internet Protocol (IP) stack of a first IP type and configured with a first IP address of the first IP type, wherein the first IP stack is associated to a first MLD media access control (MAC) address of a first station of the MLD; establishing a second IP stack of a second IP type and configured with a second IP address of the second IP type, wherein the second IP stack exists concurrently with the first IP stack and is associated to a second MLD MAC address of a second station of the MLD; and exchanging, with a peer MLD, IP traffic using one or more of (i) the first IP stack and the first MLD MAC address, and (ii) the second IP stack and the second MLD MAC address.

公开(公告)号：US20230262097A1

公开(公告)日：2023-08-17

申请号：US17673310

申请日：2022-02-16

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Stephen Michael Orr

IPC: H04L9/40 ,  H04L61/50 ,  H04L101/622 ,  H04W12/00

CPC classification number: H04L63/205 ,  H04L61/20 ,  H04L61/6022 ,  H04W12/009

Abstract: Techniques are provided for client-driven Randomized and Changing Media Access Control (MAC) address (RCM) mechanisms. In one example, a wireless client is configured to wirelessly communicate with a wireless network. The wireless client obtains data relating to a level of security for one or more MAC addresses of the wireless client. Based on the data, the wireless client computes a score that represents the level of security for the one or more MAC addresses. Using the score, the wireless client determines when or how frequently to rotate the one or more MAC addresses. Based on determining when or how frequently to rotate the one or more MAC addresses, the wireless client rotates the one or more MAC addresses.

公开(公告)号：US11700527B2

公开(公告)日：2023-07-11

申请号：US17329843

申请日：2021-05-25

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Stephen Michael Orr ,  Shree N. Murthy

IPC: H04W8/26 ,  H04W12/69 ,  H04W12/041 ,  H04W12/06 ,  H04L61/5046

CPC classification number: H04W8/265 ,  H04L61/5046 ,  H04W12/041 ,  H04W12/06 ,  H04W12/69

Abstract: Embodiments are presented for collaborative device address generation between a wireless client device and a network infrastructure component, such as a wireless access point. The wireless client device and network infrastructure component share information to facilitate collaborative generation of a sequence of device addresses. This shared information includes, in some embodiments, key information and moving factor information. The key information and moving factor information is used to generate a token. A sequence of tokens is generated by updating the moving factor as each token is generated. A corresponding sequence of device addresses are then derived based on the sequence of tokens. Since the wireless client device and the network infrastructure device apply equivalent methods to generate respective sequences of addresses, the network infrastructure is able to efficiently identify a source wireless client device when observing a new device address on a wireless network.

公开(公告)号：US20220386110A1

公开(公告)日：2022-12-01

申请号：US17329843

申请日：2021-05-25

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Stephen Michael Orr ,  Shree N. Murthy

IPC: H04W8/26 ,  H04W12/69 ,  H04W12/06 ,  H04L29/12 ,  H04W12/041

Abstract: Embodiments are presented for collaborative device address generation between a wireless client device and a network infrastructure component, such as a wireless access point. The wireless client device and network infrastructure component share information to facilitate collaborative generation of a sequence of device addresses. This shared information includes, in some embodiments, key information and moving factor information. The key information and moving factor information is used to generate a token. A sequence of tokens is generated by updating the moving factor as each token is generated. A corresponding sequence of device addresses are then derived based on the sequence of tokens. Since the wireless client device and the network infrastructure device apply equivalent methods to generate respective sequences of addresses, the network infrastructure is able to efficiently identify a source wireless client device when observing a new device address on a wireless network.

公开(公告)号：US20200220843A1

公开(公告)日：2020-07-09

申请号：US16243733

申请日：2019-01-09

Applicant: Cisco Technology, Inc.

Inventor： Craig Thomas Hill ,  Stephen Michael Orr

IPC: H04L29/06 ,  H04L12/755 ,  H04L9/08

Abstract: A network device configured to communicate with a network executes a security protocol. The security protocol establishes a secure session with a security peer network device, exchanges security protected traffic with the security peer network device over a secure link, detects whether there is a security failure in the secure session, and upon detecting a security failure, signals there is a security failure. The network device also executes a routing protocol. The routing protocol maintains a routing table that includes a route to the security peer over the secure link, routes the security protected traffic along the route, and, upon receiving from the security protocol the signal that there is a security failure, removes the route from the routing table to stop the routing.

公开(公告)号：US20250055831A1

公开(公告)日：2025-02-13

申请号：US18929804

申请日：2024-10-29

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Stephen Michael Orr

IPC: H04L61/5038 ,  H04L101/622 ,  H04W84/12

Abstract: Techniques herein facilitate a device address rotation management protocol that may be implemented for a wireless local area network (WLAN), which can be used to influence when wireless client devices or stations may rotate their Media Access Control (MAC) addresses, how to perform such rotations, and/or the like. In one example, a method may include providing, by an access point (AP), a first communication indicating that the AP supports a MAC address rotation management protocol; obtaining, by the AP, a second communication from a wireless station (STA) indicating that the STA intends to perform a MAC address rotation; and transmitting, by the AP, a third communication to influence the MAC address rotation of the STA, the third communication comprising a rotation status indicator and timing information.

公开(公告)号：US12212542B2

公开(公告)日：2025-01-28

申请号：US18785258

申请日：2024-07-26

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Robert E. Barton ,  Stephen Michael Orr

IPC: H04L61/5038 ,  H04W84/12 ,  H04L101/622

Abstract: Techniques herein facilitate a device address rotation management protocol that may be implemented for a wireless local area network (WLAN), which can be used to influence when wireless client devices or stations may rotate their Media Access Control (MAC) addresses, how to perform such rotations, and/or the like. In one example, a method may include providing, by an access point (AP), a first communication indicating that the AP supports a MAC address rotation management protocol; obtaining, by the AP, a second communication from a wireless station (STA) indicating that the STA intends to perform a MAC address rotation; and transmitting, by the AP, a third communication to influence the MAC address rotation of the STA, the third communication comprising a rotation status indicator and timing information.

公开(公告)号：US20240236656A1

公开(公告)日：2024-07-11

申请号：US18618104

申请日：2024-03-27

Applicant: Cisco Technology, Inc.

Inventor： Robert E. Barton ,  Jerome Henry ,  Stephen Michael Orr

IPC: H04W8/28 ,  H04L12/46 ,  H04W68/00

CPC classification number: H04W8/28 ,  H04L12/4679 ,  H04W68/005

Abstract: A network controller provides proactive notification of a wireless client device's address rotation to layer 2 (L2) and/or layer 3 (L3) devices. Traditional methods of device address discovery rely on broadcasting of address queries across a plurality of links until a path to a device having the queried address responds. As device address changes become more frequent in an effort to improve user privacy, traditional methods of address discovery impose a large burden on networks, reducing their performance and efficiency. By proactively propagating address changes to upstream devices, the need for broadcast oriented address discovery techniques is reduced, resulting in improved network performance.

公开(公告)号：US20240007468A1

公开(公告)日：2024-01-04

申请号：US17856192

申请日：2022-07-01

Applicant: Cisco Technology, Inc.

Inventor： Shree N. Murthy ,  Stephen Michael Orr

IPC: H04L9/40 ,  H04L61/2596

CPC classification number: H04L63/0876 ,  H04L63/10 ,  H04L61/2596

Abstract: Methods are provided that support media access control (MAC) address rotation (RCM) by generating a passcode for associating a user defined network by one or more endpoint devices instead of using MAC addresses for their respective device identity. In these methods, a computing device obtains a registration request for establishing a user defined network (UDN) and generates a unique UDN identifier and a unique passcode associated with the unique UDN identifier. The unique passcode enables an authentication of one or more endpoint devices to connect to the UDN. The authentication is independent of the MAC address of a respective endpoint device. The computing device provides the UDN identifier and the unique passcode such that the UDN identifier and the unique passcode are for connecting the one or more endpoint devices to the UDN.