公开(公告)号：US09264895B2

公开(公告)日：2016-02-16

申请号：US13964236

申请日：2013-08-12

Applicant: Cisco Technology, Inc.

Inventor： Mark Krischer ,  Nancy Cam-Winget ,  Sheausong Yang ,  Ajit Sanzgiri ,  Timothy Olson ,  Pauline Shuen

IPC: H04L29/06 ,  H04W12/04 ,  H04W12/12 ,  H04W12/10 ,  H04L12/24 ,  H04W88/08 ,  H04W84/12

CPC classification number: H04W12/04 ,  H04L41/00 ,  H04L63/062 ,  H04L63/08 ,  H04L63/083 ,  H04L63/123 ,  H04L63/126 ,  H04L63/1408 ,  H04W12/10 ,  H04W12/12 ,  H04W84/12 ,  H04W88/08

Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.

公开(公告)号：US09755943B2

公开(公告)日：2017-09-05

申请号：US13961991

申请日：2013-08-08

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Mark Krischer ,  Tom Koenig ,  Nancy Cam-Winget

IPC: G06F3/00 ,  G06F13/00 ,  G06F13/36 ,  G06F12/14 ,  G06F13/14 ,  H04L12/26 ,  H04N7/18 ,  H04L29/06 ,  H04W12/12 ,  H04L29/12

CPC classification number: H04L43/16 ,  H04L61/2015 ,  H04L63/1458 ,  H04L2463/141 ,  H04N7/18 ,  H04W12/12

Abstract: In an example embodiment, there is described herein a location based detection technique that determines whether multiple requests from different addresses, such as a Layer 2 MAC (Media Access Control) address and/or layer 3 IP (Internet Protocol) address are being sent form a single device. In particular embodiments, if the device sends more than a predefined threshold number of requests, those requests can be ignored and/or denied.

公开(公告)号：US20150042792A1

公开(公告)日：2015-02-12

申请号：US13961991

申请日：2013-08-08

Applicant: Cisco Technology, Inc.

Inventor： Mark Krischer ,  Tom Koenig ,  Nancy Cam-Winget

IPC: H04L12/26 ,  H04N7/18

CPC classification number: H04L43/16 ,  H04L61/2015 ,  H04L63/1458 ,  H04L2463/141 ,  H04N7/18 ,  H04W12/12

Abstract: In an example embodiment, there is described herein a location based detection technique that determines whether multiple requests from different addresses, such as a Layer 2 MAC (Media Access Control) address and/or layer 3 IP (Internet Protocol) address are being sent form a single device. In particular embodiments, if the device sends more than a predefined threshold number of requests, those requests can be ignored and/or denied.

Abstract translation: 在示例实施例中，这里描述了基于位置的检测技术，其确定是否正在从诸如第2层MAC（媒体访问控制）地址和/或第3层IP（因特网协议）地址的不同地址的多个请求形式 单一设备。 在特定实施例中，如果设备发送超过预定义的阈值数量的请求，则可以忽略和/或拒绝那些请求。

公开(公告)号：US20140237247A1

公开(公告)日：2014-08-21

申请号：US14263148

申请日：2014-04-28

Applicant: Cisco Technology, Inc.

Inventor： Nancy C. Winget ,  Hao Zhou ,  Mark Krischer ,  Joseph Salowey ,  Jeremy Stieglitz ,  Saar Gillai ,  Padmanabha Jakkahalli

IPC: H04L29/06 ,  H04L9/08

CPC classification number: H04L63/08 ,  H04L9/0838 ,  H04L63/0435 ,  H04L63/0442 ,  H04L63/0869 ,  H04L63/1458 ,  H04W12/0023 ,  H04W12/02 ,  H04W12/08 ,  H04W12/12

Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.

Abstract translation: 提供了用于通过网络（例如IEEE 802.11）保护通信的系统架构和相应的方法。 根据一个实施例，本系统和方法协议可以被适当地配置为通过使用共享秘密来建立用于保护较弱认证方法（例如，用户名和密码）的隧道来实现相互认证。 在本实施例中被称为受保护的访问凭证的共享秘密可以有利地用于在保护用于经由网络进行通信的隧道的相互认证服务器和对等体之间。 在本文中公开和要求保护的本系统和方法在其一个方面包括以下步骤：1）提供第一方和第二方之间的通信实现; 2）在第一方和第二方之间提供安全证书; 以及3）使用安全证书在第一方和第二方之间建立安全隧道。