公开(公告)号：US20220224565A1

公开(公告)日：2022-07-14

申请号：US17148481

申请日：2021-01-13

Applicant: Cisco Technology, Inc.

Inventor： Vincent Cuissard ,  Domenico Ficara ,  Amine Choukir ,  Roberto Muccifora

IPC: H04L12/46 ,  H04W12/06

Abstract: A method for establishing a VPN with a client device is provided. In the method, an AP can receive an access request directed to an OpenRoaming (OR) Service Set Identifier (SSID) from the client device. The AP can send the access request to an OR connector. In response to the access request, the AP may receive an access response from the OR connector. The access response can include an attribute indicating an address to connect to a company Virtual Private Network (VPN) headend. The AP may then use the attribute to establish the VPN connection with the company VPN headend.

公开(公告)号：US20160359728A1

公开(公告)日：2016-12-08

申请号：US14729810

申请日：2015-06-03

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Domenico Ficara ,  Davide Cuda ,  Amine Choukir

IPC: H04L12/721

CPC classification number: H04L45/14 ,  H04L45/02 ,  H04L45/04 ,  H04L63/00

Abstract: Techniques are disclosed for exchanging anonymized information between autonomous systems. In one example, a method comprises accessing an eigenvalue, wherein the eigenvalue is based on topology data associated with the first autonomous system; encoding the eigenvalue into a message; and transmitting, by a network element located in the first autonomous system, the message to an external edge router located in the second autonomous system. A further method can comprise receiving, by a network component located in a first autonomous system, a message, wherein the message comprises an eigenvalue and the message is received from an external network element located in a second autonomous system; accessing another other eigenvalue, the another eigenvalue corresponding to an autonomous system different from the first autonomous system; analyzing the another eigenvalue and the eigenvalue; and executing, by the network element, an action based on the analyzing.

Abstract translation: 公开了用于在自治系统之间交换匿名信息的技术。 在一个示例中，一种方法包括访问特征值，其中特征值基于与第一自治系统相关联的拓扑数据; 将特征值编码成消息; 以及通过位于所述第一自治系统中的网络单元将所述消息发送到位于所述第二自治系统中的外部边缘路由器。 另一方法可以包括通过位于第一自治系统中的网络组件接收消息，其中所述消息包括特征值，并且所述消息是从位于第二自治系统中的外部网络元件接收的; 访问另一个特征值，对应于与第一自治系统不同的自治系统的另一个特征值; 分析另一个特征值和特征值; 并且由网元执行基于分析的动作。

公开(公告)号：US20250097697A1

公开(公告)日：2025-03-20

申请号：US18368997

申请日：2023-09-15

Applicant: Cisco Technology, Inc.

Inventor： Amine Choukir ,  Pascal THUBERT ,  Domenico FICARA ,  Jean-Philippe VASSEUR

IPC: H04W12/0431 ,  H04W76/15 ,  H04W88/04

Abstract: In one embodiment, a method is disclosed comprising monitoring dynamic locations of a plurality of mobile communication devices within a physical area covered by a wireless communication network, wherein keys are distributed to the mobile communication devices at association time; determining that a particular mobile communication device should have a relay for communication with the network based on a first location of the particular mobile communication device and inadequate wireless communication characteristics at the first location; selecting an opportunistic relay device from the mobile communication devices based on a second location of the opportunistic relay device and adequate wireless communication characteristics of the opportunistic relay device within the network and to the first location from the second location; and directing the opportunistic relay device to relay communications for the particular mobile communication device at the first location, wherein the communications are encrypted based on the keys.

公开(公告)号：US20250016568A1

公开(公告)日：2025-01-09

申请号：US18892955

申请日：2024-09-23

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Roberto Muccifora ,  Amine Choukir ,  Robert Barton ,  Jerome Henry ,  Arun Khanna

IPC: H04W12/122 ,  H04W12/106 ,  H04W12/73

Abstract: A method is provided that is performed in a wireless network to detect a rogue wireless device. The method comprises detecting a suspect wireless device in the wireless network based on messages transmitted by the suspect wireless device using a first Media Access Control (MAC) address that is also used by a valid wireless device in the wireless network. When a suspect wireless device is detected, the method next includes sending to the valid wireless device in the wireless network a request configured to cause the valid wireless device to change its MAC address. After the valid wireless device has changed its MAC address, the method involves observing messages transmitted by the suspect wireless device in the wireless network. The method then includes determining that the suspect wireless device is a rogue device when the suspect wireless device continues to transmit messages using the first MAC address.

公开(公告)号：US20240422846A1

公开(公告)日：2024-12-19

申请号：US18817885

申请日：2024-08-28

Applicant: Cisco Technology, Inc.

Inventor： Amine Choukir ,  Robert Barton ,  Anirban Karmakar ,  Domenico Ficara ,  Vincent Cuissard ,  Jerome Henry

IPC: H04W76/15 ,  H04W76/30 ,  H04W80/02

Abstract: A user device connected to a wireless network maintains session persistence through a MAC address change of a user device. The user device establishes a multi-path communication session including a first subflow associated with a first MAC address for the user device. When the user device changes from the first MAC address to a second MAC address. the user device establishes a second subflow of the multi-path communication session. The second subflow is associated with the second MAC address. After establishing the second subflow associated with the second MAC address, the user device ends the first subflow associated with the first MAC address.

公开(公告)号：US12089089B2

公开(公告)日：2024-09-10

申请号：US17581188

申请日：2022-01-21

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Domenico Ficara ,  Patrick Wetterwald ,  Alessandro Erta ,  Amine Choukir

IPC: H04B10/00 ,  H04B10/114 ,  H04W16/26 ,  H04W16/28 ,  H04W28/16 ,  H04W84/18

CPC classification number: H04W28/16 ,  H04B10/1149 ,  H04W16/26 ,  H04W16/28 ,  H04W84/18

Abstract: In one embodiment, a controller identifies access points forming an overhead mesh of access points in an area, each access point comprising one or more directional transmitters each configured to transmit a beam cone in a substantially downward direction towards a floor of the area. The controller assigns the access points to access point groups. The controller generates communication schedules for the access points such that each access point in an access point group is on a common channel and only one of neighboring directional transmitters of access points in that group is able to transmit at any given time. The controller sends the communication schedules to the access points forming the overhead mesh of access points in the area.

公开(公告)号：US12081534B2

公开(公告)日：2024-09-03

申请号：US17444021

申请日：2021-07-29

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Roberto Muccifora ,  Amine Choukir ,  Shree N. Murthy ,  Bart A. Brinckman ,  Mirko Raca

IPC: H04L9/40

CPC classification number: H04L63/0815 ,  H04L63/0876 ,  H04L63/101 ,  H04L63/104

Abstract: Aspects described herein include a method of automated grouping of client devices for a user-defined network (UDN). The method includes receiving, from a client device an authentication request to join an access provider network. The authentication request includes a unique identifier of the client device for a federation-based network. The method further includes transmitting the unique identifier to a UDN cloud, transmitting the authentication request to an identity provider, and receiving, responsive to the identity provider authenticating the authentication request, a list of one or more UDNs from the UDN cloud that are associated with the unique identifier. The method further includes joining the client device with one or more other client devices present on the access provider network listing a same UDN.

公开(公告)号：US12069478B2

公开(公告)日：2024-08-20

申请号：US18325288

申请日：2023-05-30

Applicant: Cisco Technology, Inc.

Inventor： Ugo Mario Campiglio ,  Amine Choukir ,  Roberto Muccifora ,  Domenico Ficara ,  Sachin Dinkar Wakudkar

IPC: H04L9/40 ,  H04W12/033 ,  H04W12/041 ,  H04W12/06 ,  H04W12/069 ,  H04W12/71

CPC classification number: H04W12/069 ,  H04W12/033 ,  H04W12/041 ,  H04W12/71

Abstract: A method for providing multicast frames in a Multi-Dwelling Unit (MDU) is provided herein. An Access Point (AP) can receive a join request from a first client device. The AP can generate a Group Master Key (GMK) from the Pre-Shared Key (PSK) associated with a Basic Service Set (BSS) that includes the first client device. The AP can then derive a Group Transient Key (GTK) from the GMK. The AP may then send the GTK to the first client device. Thereinafter, the AP can send multicast frames to the first client device encrypted by the GTK. The first client device can decrypt the multicast frames with the GTK. However, a second client device, that does not share the PSK, may receive the multicast frame but cannot decrypt the multicast frames.

公开(公告)号：US11962461B1

公开(公告)日：2024-04-16

申请号：US18357497

申请日：2023-07-24

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Amine Choukir ,  Salvatore Valenza ,  Vincent Cuissard

IPC: H04L41/0806 ,  H04L41/0853 ,  H04L41/0893

CPC classification number: H04L41/0806 ,  H04L41/0853 ,  H04L41/0893

Abstract: A system and a method to dynamically reprovision network devices may include a first network device configured to reprovision a second network device in accordance with a specific location of the second network device in a predefined area. The first network device may be configured to sense the second device at the specific location in the predefined area, identify reprovisioning parameters associated with the specific location, and provide the reprovisioning parameters to the second network device. In turn, the second network device may be configured to perform one or more roles associated with the specific location in the predefined area based at least in part upon information in the reprovisioning parameters.

公开(公告)号：US11930541B2

公开(公告)日：2024-03-12

申请号：US17683833

申请日：2022-03-01

Applicant: Cisco Technology, Inc.

Inventor： Pascal Thubert ,  Domenico Ficara ,  Alessandro Erta ,  Amine Choukir ,  Patrick Wetterwald

IPC: H04W74/08 ,  H04W48/20 ,  H04W72/02

CPC classification number: H04W74/085 ,  H04W48/20 ,  H04W72/02

Abstract: In one embodiment, an access point of an overhead mesh of access points in an area selects a range of client identifiers. The access point sends, via a beam cone transmitted in a substantially downward direction towards a floor of the area, a trigger signal that includes the range of client identifiers and prompts client devices having identifiers in that range to send best effort transmissions towards the overhead mesh. The access point detects a collision between the best effort transmissions of the client devices. The access point adjusts the range of client identifiers so as to avoid future collisions between the best effort transmissions of the client devices.