公开(公告)号：US11411942B1

公开(公告)日：2022-08-09

申请号：US16518144

申请日：2019-07-22

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain ,  Sudhir Kumar Jain

IPC: H04L29/06 ,  H04L9/40 ,  H04W8/24 ,  H04W12/06 ,  H04W12/041

Abstract: Systems, methods, and computer-readable media are provided for an efficient roaming management method using a single association identifier token for associating with different access points. In one aspect of the present disclosure, a network controller includes memory having computer-readable instructions stored therein and one or more processors. The one or more processors are configured to execute the computer-readable instructions to receive a request from an endpoint to connect to a first access point; generate association identification token (e.g., PMK and PMKID) for the endpoint to connect to the first access point; and distribute the association identification token to a second access point prior to the endpoint attempting to connect to the second access point, the association identification token being used by the second access point to validate a subsequent request by the endpoint to connect to the second access point.

公开(公告)号：US20210204125A1

公开(公告)日：2021-07-01

申请号：US17203898

申请日：2021-03-17

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain

IPC: H04W12/06 ,  H04W12/106 ,  H04W12/0431

Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.

公开(公告)号：US20200162915A1

公开(公告)日：2020-05-21

申请号：US16194550

申请日：2018-11-19

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Sudhir Kumar Jain ,  Mansi Jain

IPC: H04W12/06 ,  H04W12/04 ,  H04L29/06 ,  H04L9/08

Abstract: A wireless network environment includes a plurality of access points, a wireless local area network (WLAN) controller, and a plurality of client devices. The client devices attempt to authenticate with the WLAN controller to gain access to wireless services provided by the WLAN controller and/or the access points. To authenticate with the WLAN controller, the WLAN controller obtains a request to establish a wireless network connection from one or more of the client devices. The WLAN controller then provides a response to the request. The response indicates whether the WLAN controller supports performing password-mapped simultaneous authentication of equals (SAE). The WLAN controller then obtains a message including a password-mapped identifier from the client device. The WLAN controller then establishes a connection with the client device based on the password obtained with password-mapped identifier mapping at WLC.

公开(公告)号：US20200162907A1

公开(公告)日：2020-05-21

申请号：US16192590

申请日：2018-11-15

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain

IPC: H04W12/06 ,  H04W12/10 ,  H04W12/04

Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.

公开(公告)号：US11611875B2

公开(公告)日：2023-03-21

申请号：US17203898

申请日：2021-03-17

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain

IPC: H04W12/06 ,  H04W12/106 ,  H04W12/0431 ,  H04L9/30 ,  H04W84/12 ,  H04W88/08

Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.

公开(公告)号：US20220360578A1

公开(公告)日：2022-11-10

申请号：US17814345

申请日：2022-07-22

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain ,  Sudhir Kumar Jain

IPC: H04L9/40 ,  H04W12/06 ,  H04W12/041 ,  H04W8/24

Abstract: Systems, methods, and computer-readable media are provided for an efficient roaming management method using a single association identifier token for associating with different access points. In one aspect of the present disclosure, a network controller includes memory having computer-readable instructions stored therein and one or more processors. The one or more processors are configured to execute the computer-readable instructions to receive a request from an endpoint to connect to a first access point; generate association identification token (e.g., PMK and PMKID) for the endpoint to connect to the first access point; and distribute the association identification token to a second access point prior to the endpoint attempting to connect to the second access point, the association identification token being used by the second access point to validate a subsequent request by the endpoint to connect to the second access point.

公开(公告)号：US11129022B2

公开(公告)日：2021-09-21

申请号：US16194550

申请日：2018-11-19

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Sudhir Kumar Jain ,  Mansi Jain

IPC: H04L29/06 ,  H04W12/06 ,  H04W12/04 ,  H04L9/08 ,  H04L9/32

Abstract: A wireless network environment includes a plurality of access points, a wireless local area network (WLAN) controller, and a plurality of client devices. The client devices attempt to authenticate with the WLAN controller to gain access to wireless services provided by the WLAN controller and/or the access points. To authenticate with the WLAN controller, the WLAN controller obtains a request to establish a wireless network connection from one or more of the client devices. The WLAN controller then provides a response to the request. The response indicates whether the WLAN controller supports performing password-mapped simultaneous authentication of equals (SAE). The WLAN controller then obtains a message including a password-mapped identifier from the client device. The WLAN controller then establishes a connection with the client device based on the password obtained with password-mapped identifier mapping at WLC.

公开(公告)号：US11979391B2

公开(公告)日：2024-05-07

申请号：US17814345

申请日：2022-07-22

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain ,  Sudhir Kumar Jain

IPC: H04L9/40 ,  H04W8/24 ,  H04W12/041 ,  H04W12/06

CPC classification number: H04L63/0807 ,  H04W8/24 ,  H04W12/041 ,  H04W12/06

Abstract: Systems, methods, and computer-readable media are provided for an efficient roaming management method using a single association identifier token for associating with different access points. In one aspect of the present disclosure, a network controller includes memory having computer-readable instructions stored therein and one or more processors. The one or more processors are configured to execute the computer-readable instructions to receive a request from an endpoint to connect to a first access point; generate association identification token (e.g., PMK and PMKID) for the endpoint to connect to the first access point; and distribute the association identification token to a second access point prior to the endpoint attempting to connect to the second access point, the association identification token being used by the second access point to validate a subsequent request by the endpoint to connect to the second access point.

公开(公告)号：US11240661B2

公开(公告)日：2022-02-01

申请号：US16559048

申请日：2019-09-03

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain

IPC: H04W12/06 ,  H04W12/10 ,  H04W12/04 ,  H04W80/02 ,  H04L9/32 ,  H04L9/08 ,  H04W12/041

Abstract: A secure Simultaneous Authentication of Equals (SAE) anti-clogging mechanism may be provided. A public key of an access point may be provided from the access point to a client attempting to connect with a network via the access point. The access point may receive from the client a first anti-clogging token and a public key of the client. The first anti-clogging token may be generated by the first client using a shared secret based on a private key of the client and the public key of the access point and a multiplier. The access point may generate a second anti-clogging token using a shared secret based on a private key of the access point and the public key of the client and the multiplier. The access point may then verify the first anti-clogging token and the second anti-clogging token match to authenticate the client.

公开(公告)号：US10966087B2

公开(公告)日：2021-03-30

申请号：US16192590

申请日：2018-11-15

Applicant: Cisco Technology, Inc.

Inventor： Abhishek Dhammawat ,  Mansi Jain

IPC: H04L29/08 ,  H04W12/06 ,  H04W12/106 ,  H04W12/0431 ,  H04L9/30 ,  H04W84/12 ,  H04W88/08

Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.