公开(公告)号：US20150358435A1

公开(公告)日：2015-12-10

申请号：US14486556

申请日：2014-09-15

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Salvatore Valenza ,  Domenico Ficara ,  Roberto Muccifora ,  Leo Caldarola

IPC: H04L29/06 ,  H04L12/939 ,  H04L12/743

CPC classification number: H04L69/22 ,  H04L43/026

Abstract: In one embodiment, a method includes identifying at a network device, a number of items for matching at a hash table, the number of items exceeding matching available with ternary content addressable memory (TCAM) at the network device, defining at the network device, an optimal cyclic redundancy check (CRC) polynomial based on the number of items for matching at the hash table, and generating at the network device, an optimal hash function based on the optimal CRC polynomial to extend packet classification capability at the network device. An apparatus is also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在网络设备处识别用于在散列表处进行匹配的项目的数量，在网络设备处定义的与网络设备上的三元内容可寻址存储器（TCAM）可用的项目数量匹配， 基于用于在散列表处进行匹配的项目的数量的最佳循环冗余校验（CRC）多项式，以及在网络设备处生成基于最佳CRC多项式的最优哈希函数，以在网络设备上扩展分组分类能力。 本文还公开了一种装置。

公开(公告)号：US20250016568A1

公开(公告)日：2025-01-09

申请号：US18892955

申请日：2024-09-23

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Roberto Muccifora ,  Amine Choukir ,  Robert Barton ,  Jerome Henry ,  Arun Khanna

IPC: H04W12/122 ,  H04W12/106 ,  H04W12/73

Abstract: A method is provided that is performed in a wireless network to detect a rogue wireless device. The method comprises detecting a suspect wireless device in the wireless network based on messages transmitted by the suspect wireless device using a first Media Access Control (MAC) address that is also used by a valid wireless device in the wireless network. When a suspect wireless device is detected, the method next includes sending to the valid wireless device in the wireless network a request configured to cause the valid wireless device to change its MAC address. After the valid wireless device has changed its MAC address, the method involves observing messages transmitted by the suspect wireless device in the wireless network. The method then includes determining that the suspect wireless device is a rogue device when the suspect wireless device continues to transmit messages using the first MAC address.

公开(公告)号：US20240348662A1

公开(公告)日：2024-10-17

申请号：US18753432

申请日：2024-06-25

Applicant: Cisco Technology, Inc.

Inventor： Sachin Dinkar Wakudkar ,  Roberto Muccifora ,  FNU Sandesh ,  Shiva Prasad Maheshuni

IPC: H04L9/40

CPC classification number: H04L63/20 ,  H04L63/102

Abstract: Techniques and architecture are described for determining an identity of a client device and utilizing security policies associated with the client device provided by a device identity entity. For example, a tag associated with security policies is created for use in enforcing the security policies by a security policy enforcement entity associated with a cloud network. The techniques and architecture also allow for identification of a particular user on a client device that may be shared by multiple users based at least in part on the user accessing an application. Also, the techniques and architecture described herein provide a generic and agnostic approach to enforcing security policies for users and/or client devices.

公开(公告)号：US12081534B2

公开(公告)日：2024-09-03

申请号：US17444021

申请日：2021-07-29

Applicant: Cisco Technology, Inc.

Inventor： Domenico Ficara ,  Roberto Muccifora ,  Amine Choukir ,  Shree N. Murthy ,  Bart A. Brinckman ,  Mirko Raca

IPC: H04L9/40

CPC classification number: H04L63/0815 ,  H04L63/0876 ,  H04L63/101 ,  H04L63/104

Abstract: Aspects described herein include a method of automated grouping of client devices for a user-defined network (UDN). The method includes receiving, from a client device an authentication request to join an access provider network. The authentication request includes a unique identifier of the client device for a federation-based network. The method further includes transmitting the unique identifier to a UDN cloud, transmitting the authentication request to an identity provider, and receiving, responsive to the identity provider authenticating the authentication request, a list of one or more UDNs from the UDN cloud that are associated with the unique identifier. The method further includes joining the client device with one or more other client devices present on the access provider network listing a same UDN.

公开(公告)号：US12069478B2

公开(公告)日：2024-08-20

申请号：US18325288

申请日：2023-05-30

Applicant: Cisco Technology, Inc.

Inventor： Ugo Mario Campiglio ,  Amine Choukir ,  Roberto Muccifora ,  Domenico Ficara ,  Sachin Dinkar Wakudkar

IPC: H04L9/40 ,  H04W12/033 ,  H04W12/041 ,  H04W12/06 ,  H04W12/069 ,  H04W12/71

CPC classification number: H04W12/069 ,  H04W12/033 ,  H04W12/041 ,  H04W12/71

Abstract: A method for providing multicast frames in a Multi-Dwelling Unit (MDU) is provided herein. An Access Point (AP) can receive a join request from a first client device. The AP can generate a Group Master Key (GMK) from the Pre-Shared Key (PSK) associated with a Basic Service Set (BSS) that includes the first client device. The AP can then derive a Group Transient Key (GTK) from the GMK. The AP may then send the GTK to the first client device. Thereinafter, the AP can send multicast frames to the first client device encrypted by the GTK. The first client device can decrypt the multicast frames with the GTK. However, a second client device, that does not share the PSK, may receive the multicast frame but cannot decrypt the multicast frames.

公开(公告)号：US20240064125A1

公开(公告)日：2024-02-22

申请号：US18501275

申请日：2023-11-03

Applicant: Cisco Technology, Inc.

Inventor： Roberto Muccifora ,  Domenico Ficara ,  Amine Choukir ,  Anirban Karmakar ,  Vincent Cuissard ,  Sudhir Kumar Jain

IPC: H04L61/5061 ,  H04L61/5053

CPC classification number: H04L61/5061 ,  H04L61/5053 ,  H04W88/02

Abstract: Techniques are provided that rotate a device address used to identify a wireless client device on a wireless network. The wireless client device and at least one network infrastructure component identify a plurality of device addresses associated with the wireless client device. In some embodiments, the plurality of device addresses are generated via a corresponding plurality of invocations of a stateful random number generator, such as a cryptographically secure pseudorandom number generator.

公开(公告)号：US11855961B2

公开(公告)日：2023-12-26

申请号：US17329827

申请日：2021-05-25

Applicant: Cisco Technology, Inc.

Inventor： Roberto Muccifora ,  Domenico Ficara ,  Amine Choukir ,  Anirban Karmakar ,  Vincent Cuissard ,  Sudhir Kumar Jain

IPC: H04L61/5061 ,  H04L61/5053 ,  H04W88/02

CPC classification number: H04L61/5061 ,  H04L61/5053 ,  H04W88/02

Abstract: Techniques are provided that rotate a device address used to identify a wireless client device on a wireless network. The wireless client device and at least one network infrastructure component identify a plurality of device addresses associated with the wireless client device. In some embodiments, the plurality of device addresses are generated via a corresponding plurality of invocations of a stateful random number generator, such as a cryptographically secure pseudorandom number generator.

公开(公告)号：US20230198990A1

公开(公告)日：2023-06-22

申请号：US17552394

申请日：2021-12-16

Applicant: Cisco Technology, Inc.

Inventor： Roberto Muccifora ,  Domenico Ficara ,  Amine Choukir ,  Ugo Mario Campiglio ,  Shree Murthy ,  Stephen M. Orr

IPC: H04L9/40 ,  H04L61/5038 ,  H04L45/74 ,  H04L101/622

CPC classification number: H04L63/102 ,  H04L63/0876 ,  H04L61/5038 ,  H04L63/104 ,  H04L45/74 ,  H04L2101/622

Abstract: Group identity assignment and policy enforcement may be provided. A User Defined Network Identifier (UDN ID) defining a group of client devices may be received. Next, a client identifier (ID) associated with a source client device that is associated with the group of client devices may be received. The UDN ID and the client ID may be encoded in an Extended Local Identifier (ELI) Media Access Control (MAC) address associated with the source client device. A source MAC address of a packet received from the source client device may then be substituted with the ELI MAC address. Then the packet may be forwarded.

公开(公告)号：US11665544B2

公开(公告)日：2023-05-30

申请号：US17147319

申请日：2021-01-12

Applicant: Cisco Technology, Inc.

Inventor： Ugo Mario Campiglio ,  Amine Choukir ,  Roberto Muccifora ,  Domenico Ficara ,  Sachin Dinkar Wakudkar

IPC: H04L9/40 ,  H04W12/06 ,  H04W12/069 ,  H04W12/71 ,  H04W12/041 ,  H04W12/033

CPC classification number: H04W12/069 ,  H04W12/033 ,  H04W12/041 ,  H04W12/71

Abstract: A method for providing multicast frames in a Multi-Dwelling Unit (MDU) is provided herein. An Access Point (AP) can receive a join request from a first client device. The AP can generate a Group Master Key (GMK) from the Pre-Shared Key (PSK) associated with a Basic Service Set (BSS) that includes the first client device. The AP can then derive a Group Transient Key (GTK) from the GMK. The AP may then send the GTK to the first client device. Thereinafter, the AP can send multicast frames to the first client device encrypted by the GTK. The first client device can decrypt the multicast frames with the GTK. However, a second client device, that does not share the PSK, may receive the multicast frame but cannot decrypt the multicast frames.

公开(公告)号：US11140043B2

公开(公告)日：2021-10-05

申请号：US16576387

申请日：2019-09-19

Applicant: Cisco Technology Inc.

Inventor： Amine Choukir ,  Roberto Muccifora ,  Antonio Trifilo ,  Domenico Ficara ,  Vincent Cuissard ,  Salvatore Valenza

IPC: H04L12/24 ,  H04W12/06 ,  H04L29/12 ,  H04W84/12

Abstract: A method is provided in a wireless local area network controller in a wireless communication network. The wireless communication network includes one or more virtual networks identified with virtual network IDs, VNIDs. A request is received from a wireless client to onboard onto the network and the wireless client is mapped to an onboarding VNID. The onboarding VNID is associated with an onboarding virtual network that does not require an authentication of the wireless client. An Internet Protocol address assignment is forwarded to the wireless client. The wireless client is remapped from the onboarding VNID to the destination VNID after authenticating the wireless client. The wireless client maintains the assigned IP address after moving from the onboarding VNID to the destination VNID. Access to the wireless client on a virtual network identified by the destination VNID is provided via the assigned IP address.