公开(公告)号：US20240187862A1

公开(公告)日：2024-06-06

申请号：US18440780

申请日：2024-02-13

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Jerome Henry ,  Bart Brinckman ,  Mark Grayson

IPC: H04W12/086 ,  H04W12/06

CPC classification number: H04W12/086 ,  H04W12/06

Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.

公开(公告)号：US11979744B2

公开(公告)日：2024-05-07

申请号：US17443287

申请日：2021-07-23

Applicant: Cisco Technology, Inc.

Inventor： Jerome Henry ,  Louis G. Samuel ,  Mark Grayson ,  Bart A. Brinckman ,  Robert E. Barton ,  Carlos M. Pignataro ,  Nagendra Kumar Nainar ,  Matthew MacPherson

IPC: G06F7/04 ,  H04L9/40 ,  H04W12/06 ,  H04W12/08 ,  H04W12/69

CPC classification number: H04W12/08 ,  H04L63/0815 ,  H04W12/06 ,  H04W12/69

Abstract: Federation policy exchange is provided in response to receiving a sharing query from an Access Point (AP) indicating that an associated wireless network supports federated identities with data sharing, determining whether the sharing query is within sharing preferences; and in response to determining that the sharing query is within the sharing preferences, transmitting, to the AP, a positive response for identity sharing that authorizes collection and sharing of identity data with at least one entity identified in a sharing policy for the associated wireless network. In various embodiments, federation policy exchange includes transmitting a support notification, via an AP, indicating support for federated identities with data sharing within a wireless network associated with the AP; and in response to receiving a first identify sharing preference from a User Equipment (UE) that indicates that negotiation is preferred, transmitting a sharing policy for the wireless network to the UE.

公开(公告)号：US20240080757A1

公开(公告)日：2024-03-07

申请号：US17903326

申请日：2022-09-06

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Jerome Henry

IPC: H04W48/18 ,  H04W8/02 ,  H04W12/06 ,  H04W48/08

CPC classification number: H04W48/18 ,  H04W8/02 ,  H04W12/06 ,  H04W48/08 ,  H04W84/12

Abstract: Presented herein are techniques associated with providing an alternative network indication to a client device in a wireless local area network (WLAN) roaming federation. In one example a method is provided that may include obtaining access network information for each of a plurality of access networks that neighbor a first access network through connection of a client device with the first access network involving a first identity provider profile; determining an alternative access network with which the client device is recommended to seek connection or an alternative identity provider profiles with which the client device is recommended to connect to the first access network; and enabling the client device to initiate a connection with the alternative access network or to re-initiate a connection with the first access network utilizing the alternative identity provider profile.

公开(公告)号：US11871479B2

公开(公告)日：2024-01-09

申请号：US17975750

申请日：2022-10-28

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Sangram Kishore Lakkaraju ,  Mark Grayson ,  Louis Gwyn Samuel ,  Timothy Peter Stammers

IPC: H04W8/04 ,  H04W8/18 ,  H04W8/26 ,  H04W12/06 ,  H04W12/043 ,  H04W92/24 ,  H04W88/06

CPC classification number: H04W8/04 ,  H04W8/18 ,  H04W8/26 ,  H04W12/043 ,  H04W12/06 ,  H04W88/06 ,  H04W92/24

Abstract: Techniques are described to provide for authentication and subscription management that are decoupled from a Home Subscriber Server (HSS). In one example, a method includes providing a device profile at an authentication function, wherein the device profile comprises identification information for a device for a plurality of access types including a first identifier for the device associated with a cellular access and a second identifier for the device associated with a wireless local area network access; obtaining an access request message associated with the device for the cellular access, wherein the access request message comprises the first identifier and an authentication attribute; generating authentication information for authenticating the device for the cellular access based, at least in part, on the authentication attribute; and generating, for transmission, an access accept message for the cellular access, wherein the access accept message comprises the first identifier, the second identifier, and the authentication information.

公开(公告)号：US11856504B2

公开(公告)日：2023-12-26

申请号：US17720484

申请日：2022-04-14

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Jerome Henry ,  Bart A. Brinckman ,  Matthew Stephen MacPherson

IPC: H04W48/02 ,  H04M15/00 ,  H04W24/10 ,  H04W8/18 ,  H04W12/06 ,  H04W4/24 ,  H04W12/082 ,  H04W8/12

CPC classification number: H04W48/02 ,  H04M15/49 ,  H04M15/60 ,  H04M15/66 ,  H04M15/8038 ,  H04W4/24 ,  H04W8/12 ,  H04W8/18 ,  H04W12/06 ,  H04W12/082 ,  H04W24/10

Abstract: Presented herein are techniques to facilitate wireless authorization based on in-line assurance and tariffing information. In one example, a method may include obtaining, by a home network, a request to authorize access of a roaming subscriber for a visited network; determining whether the request includes visited network charging information and visited network metric information; based on determining that the request includes the visited network charging information and the visited network metric information, determining whether one or more visited network metrics satisfy one or more threshold metrics for the roaming subscriber; and based on determining that the one or more visited network metrics satisfy the one or more threshold metrics for the roaming subscriber, authorizing access of the roaming subscriber for the visited network.

公开(公告)号：US20230388288A1

公开(公告)日：2023-11-30

申请号：US18446337

申请日：2023-08-08

Applicant: Cisco Technology, Inc.

Inventor： Malcolm Muir Smith ,  Bart Brinckman ,  Mark Grayson ,  Jerome Henry ,  Matthew Stephen MacPherson

IPC: H04L9/40 ,  H04W12/06

CPC classification number: H04L63/0815 ,  H04L63/0807 ,  H04L63/102 ,  H04W12/06

Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.

公开(公告)号：US11818649B2

公开(公告)日：2023-11-14

申请号：US17870148

申请日：2022-07-21

Applicant: Cisco Technology, Inc.

Inventor： Mark Grayson ,  Jerome Henry

IPC: H04W48/02 ,  H04W12/06 ,  H04W4/24 ,  H04M15/00 ,  H04W24/10 ,  H04W8/18 ,  H04W12/082 ,  H04W8/12

CPC classification number: H04W48/02 ,  H04M15/49 ,  H04M15/60 ,  H04M15/66 ,  H04M15/8038 ,  H04W4/24 ,  H04W8/12 ,  H04W8/18 ,  H04W12/06 ,  H04W12/082 ,  H04W24/10

Abstract: Presented herein are techniques to facilitate wireless authorization based on in-line assurance and tariffing information. In one example, a method may include determining, by a roaming subscriber, that a visited network is a chargeable network; querying, by the roaming subscriber, the visited network for charging policies for at least two identity realms; obtaining, by the roaming subscriber, charging policy metadata associated with the charging policies for the at least two identity realms; selecting, by the roaming subscriber, an identity realm through which to connect to the visited network based on the charging policy metadata for the at least two identity realms; and connecting to the visited network using the selected identity realm.

公开(公告)号：US20230362675A1

公开(公告)日：2023-11-09

申请号：US17836235

申请日：2022-06-09

Applicant: Cisco Technology, Inc.

Inventor： Sri Gundavelli ,  Arun G. Khanna ,  Indermeet Singh Gandhi ,  Mark Grayson ,  Pascal Thubert

IPC: H04W24/02 ,  H04W40/24 ,  H04W76/10

CPC classification number: H04W24/02 ,  H04W40/246 ,  H04W76/10 ,  H04W84/12

Abstract: The present disclosure relates to simultaneous operation of Wi-Fi access points in a super cell mode and a standalone mode and controlling connectivity of end terminals thereto. In one aspect, a method includes receiving a configuration for a group of access points operating within a network, the configuration allowing each access point of the group to operate in a super cell mode over a shared frequency channel and a standalone mode over a non-shared frequency channel. The method further includes determining, for an end terminal, whether the end terminal is to connect to the network over the shared frequency channel or the non-shared frequency channel based on a network policy to yield a determination; and controlling connectivity of the end terminal to at least one access point of the group of access points over the shared frequency channel or the non-shared frequency channel based on the determination.

公开(公告)号：US20230345337A1

公开(公告)日：2023-10-26

申请号：US18345074

申请日：2023-06-30

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Indermeet Singh Gandhi ,  Mark Grayson

IPC: H04W36/30 ,  H04W36/00

CPC classification number: H04W36/30 ,  H04W36/0085 ,  H04W84/12

Abstract: Presented herein are techniques to facilitate wireless wide area (WWA) virtualized Radio Access Network (vRAN) (e.g., 5G) to wireless local area (WLA) RAN (e.g., Wi-Fi) steering or WLA RAN to WWA vRAN steering for one or more UE. In one example, a method may include obtaining first performance metrics associated with links of a WWA vRAN (e.g., fronthaul, midhaul, and backhaul links); obtaining second performance metrics associated with links WLA RAN (e.g., backhaul links); and in response to determining that one of the WWA vRAN is experiencing degraded performance based on the first performance metrics or the WLA RAN the second performance metrics, activating a steering event that causes, at least in part, an indication to be communicated to a UE to cause the UE to connect to the WWA vRAN or the WLA RAN that is not experiencing degraded performance.

公开(公告)号：US20230292122A1

公开(公告)日：2023-09-14

申请号：US18318268

申请日：2023-05-16

Applicant: Cisco Technology, Inc.

Inventor： Srinath Gundavelli ,  Indermeet Singh Gandhi ,  Oliver James Bull ,  Louis Gwyn Samuel ,  Mark Grayson

IPC: H04W12/06 ,  H04W12/08 ,  H04W36/14 ,  H04W12/0433 ,  H04W60/04 ,  H04W84/04

CPC classification number: H04W12/06 ,  H04W12/08 ,  H04W36/14 ,  H04W12/0433 ,  H04W60/04 ,  H04W84/04

Abstract: Presented herein are techniques to facilitate fast roaming between a mobile network operator-public (MNO-public) wireless wide area (WWA) access network and an enterprise private WWA access network. In one example, a method is provided that may include generating, by an authentication node, authentication material for a user equipment (UE) based on the UE being connected to a public WWA access network, wherein the public WWA access network is associated with a mobile network operator, and the authentication node and the UE are associated with an enterprise entity; obtaining, by the authentication node, an indication that the UE is attempting to access a private WWA access network associated with the enterprise entity; and providing, by the authentication node, the authentication material for the UE, wherein the authentication material facilitates connection establishment between the UE and the private WWA access network.