Patents by Inventor Abhishek Dhammawat
Abhishek Dhammawat has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11271831Abstract: Techniques that provide proactive and intelligent packet capturing are described herein. In one embodiment, a method includes storing information associated with a plurality of user equipment (UE) sessions of a plurality of UEs within a mobile network; detecting an anomaly associated with at least one UE session of at least one UE based, at least in part, on the information stored for the at least one UE session; and activating a trace for the at least one UE session based, at least in part, on detecting the anomaly associated with the at least one UE session, wherein activating the trace comprises capturing packet information for a data packet flow associated with the at least one UE session at one or more data-path network elements of a plurality of data-path network elements within the mobile network.Type: GrantFiled: January 15, 2020Date of Patent: March 8, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Santosh Ramrao Patil, Abhishek Dhammawat, Gary Boon
-
Patent number: 11246011Abstract: Techniques are described herein for providing cellular access of a user-defined network. In one example, a user plane function of a cellular network obtains, from a control plane function of the cellular network, an indication that a first user equipment is attempting to connect to a user-defined network via the cellular network. The user plane function joins a multicast group configured to include a second user equipment connected to the user-defined network via a wireless local area network. The user plane function obtains a multicast packet that is transmitted between the first user equipment and the second user equipment and that is addressed to the multicast group, and converts the multicast packet to a unicast packet.Type: GrantFiled: September 29, 2020Date of Patent: February 8, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Mahesh Satyanarayana, Abhishek Dhammawat
-
Patent number: 11240661Abstract: A secure Simultaneous Authentication of Equals (SAE) anti-clogging mechanism may be provided. A public key of an access point may be provided from the access point to a client attempting to connect with a network via the access point. The access point may receive from the client a first anti-clogging token and a public key of the client. The first anti-clogging token may be generated by the first client using a shared secret based on a private key of the client and the public key of the access point and a multiplier. The access point may generate a second anti-clogging token using a shared secret based on a private key of the access point and the public key of the client and the multiplier. The access point may then verify the first anti-clogging token and the second anti-clogging token match to authenticate the client.Type: GrantFiled: September 3, 2019Date of Patent: February 1, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Abhishek Dhammawat, Mansi Jain
-
Patent number: 11129022Abstract: A wireless network environment includes a plurality of access points, a wireless local area network (WLAN) controller, and a plurality of client devices. The client devices attempt to authenticate with the WLAN controller to gain access to wireless services provided by the WLAN controller and/or the access points. To authenticate with the WLAN controller, the WLAN controller obtains a request to establish a wireless network connection from one or more of the client devices. The WLAN controller then provides a response to the request. The response indicates whether the WLAN controller supports performing password-mapped simultaneous authentication of equals (SAE). The WLAN controller then obtains a message including a password-mapped identifier from the client device. The WLAN controller then establishes a connection with the client device based on the password obtained with password-mapped identifier mapping at WLC.Type: GrantFiled: November 19, 2018Date of Patent: September 21, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Abhishek Dhammawat, Sudhir Kumar Jain, Mansi Jain
-
Publication number: 20210204125Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.Type: ApplicationFiled: March 17, 2021Publication date: July 1, 2021Applicant: Cisco Technology, Inc.Inventors: Abhishek Dhammawat, Mansi Jain
-
Patent number: 10966087Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.Type: GrantFiled: November 15, 2018Date of Patent: March 30, 2021Assignee: CISCO TECHNOLOGY, INC.Inventors: Abhishek Dhammawat, Mansi Jain
-
Publication number: 20210067961Abstract: A secure Simultaneous Authentication of Equals (SAE) anti-clogging mechanism may be provided. A public key of an access point may be provided from the access point to a client attempting to connect with a network via the access point. The access point may receive from the client a first anti-clogging token and a public key of the client. The first anti-clogging token may be generated by the first client using a shared secret based on a private key of the client and the public key of the access point and a multiplier. The access point may generate a second anti-clogging token using a shared secret based on a private key of the access point and the public key of the client and the multiplier. The access point may then verify the first anti-clogging token and the second anti-clogging token match to authenticate the client.Type: ApplicationFiled: September 3, 2019Publication date: March 4, 2021Applicant: Cisco Technology, Inc.Inventors: Abhishek Dhammawat, Mansi Jain
-
Publication number: 20200280499Abstract: Techniques that provide proactive and intelligent packet capturing are described herein. In one embodiment, a method includes storing information associated with a plurality of user equipment (UE) sessions of a plurality of UEs within a mobile network; detecting an anomaly associated with at least one UE session of at least one UE based, at least in part, on the information stored for the at least one UE session; and activating a trace for the at least one UE session based, at least in part, on detecting the anomaly associated with the at least one UE session, wherein activating the trace comprises capturing packet information for a data packet flow associated with the at least one UE session at one or more data-path network elements of a plurality of data-path network elements within the mobile network.Type: ApplicationFiled: January 15, 2020Publication date: September 3, 2020Inventors: Santosh Ramrao Patil, Abhishek Dhammawat, Gary Boon
-
Publication number: 20200162907Abstract: Authentication with security in wireless networks may be provided. A first confirm message comprising a first send-confirm element and a first confirm element may be received. Next, an Authenticator Number Used Once (ANonce) may be generated and a second confirm message may be sent comprising the ANonce, a second send-confirm element, and a second confirm element. Then an association request may be received comprising a Supplicant Number Used Once (SNonce) and a Message Integrity Code (MIC). An association response may be sent comprising an encrypted Group Temporal Key (GTK), an encrypted Integrity Group Temporal Key (IGTK), the ANonce, and the MIC. An acknowledgment may be received comprising the MIC in an Extensible Authentication Protocol (EAP) over LAN (EAPoL) key frame and a controller port may be unblocked in response to receiving the acknowledgment.Type: ApplicationFiled: November 15, 2018Publication date: May 21, 2020Applicant: Cisco Technology, Inc.Inventors: Abhishek Dhammawat, Mansi Jain
-
Publication number: 20200162915Abstract: A wireless network environment includes a plurality of access points, a wireless local area network (WLAN) controller, and a plurality of client devices. The client devices attempt to authenticate with the WLAN controller to gain access to wireless services provided by the WLAN controller and/or the access points. To authenticate with the WLAN controller, the WLAN controller obtains a request to establish a wireless network connection from one or more of the client devices. The WLAN controller then provides a response to the request. The response indicates whether the WLAN controller supports performing password-mapped simultaneous authentication of equals (SAE). The WLAN controller then obtains a message including a password-mapped identifier from the client device. The WLAN controller then establishes a connection with the client device based on the password obtained with password-mapped identifier mapping at WLC.Type: ApplicationFiled: November 19, 2018Publication date: May 21, 2020Inventors: Abhishek Dhammawat, Sudhir Kumar Jain, Mansi Jain
-
Patent number: 10567245Abstract: Techniques that provide proactive and intelligent packet capturing are described herein. In one embodiment, a method includes storing information associated with a plurality of user equipment (UE) sessions of a plurality of UEs within a mobile network; detecting an anomaly associated with at least one UE session of at least one UE based, at least in part, on the information stored for the at least one UE session; and activating a trace for the at least one UE session based, at least in part, on detecting the anomaly associated with the at least one UE session, wherein activating the trace comprises capturing packet information for a data packet flow associated with the at least one UE session at one or more data-path network elements of a plurality of data-path network elements within the mobile network.Type: GrantFiled: February 28, 2019Date of Patent: February 18, 2020Assignee: Cisco Technology, Inc.Inventors: Santosh Ramrao Patil, Abhishek Dhammawat, Gary Boon
-
Patent number: 9992625Abstract: An example method is provided and may include retrieving by a user equipment (UE) an access point (AP) Media Access Control (MAC) address for an AP to which the UE is connected; reporting location information for the UE to an evolved Packet Data Gateway over an SWu interface using Internet Key Exchange version 2 (IKEv2) protocol, wherein the location information includes, at least in part, a UE location in GPS coordinates, a service set identifier, the retrieved AP MAC address and cell identity information for the UE; and populating a location database with the location information. The method can include embedding the location information in an identity initiator (Idi) of an IKE Authentication Request (IKE_AUTH_REQ) message using a Network Access Identifier (NAI) and communicating the location information from the ePDG to a PGW over an S2b interface using a private extension information element of GPRS Tunneling Protocol version 2 (GTPv2).Type: GrantFiled: June 29, 2016Date of Patent: June 5, 2018Assignee: Cisco Technology, Inc.Inventors: Abhishek Dhammawat, Arun Kavunder
-
Patent number: 9531756Abstract: An example method is provided and may include receiving a DIAMETER-based error over an SWm interface by a first evolved packet data gateway (ePDG) for a user equipment (UE) attempting to connect to the first ePDG; determining an Internet Key Exchange version two (IKEv2) error type corresponding to the DIAMETER-based error; and communicating the IKEv2 error type to the UE over an SWu interface. In some cases, the IKEv2 error type can be included in a notify payload or in a vendor ID payload for an IKE authentication response (IKE_AUTH_RESP) message. By distinguishing the IKEv2 error type, the UE can determine whether the error is a temporary or a permanent type and can determine whether to attempt to connect again to the first ePDG after a period of time or attempt to connect to another ePDG, which can help to reduce unnecessary signaling and provide better connectivity and user experience.Type: GrantFiled: November 6, 2014Date of Patent: December 27, 2016Assignee: CISCO TECHNOLOGY, INC.Inventor: Abhishek Dhammawat
-
Publication number: 20160316339Abstract: An example method is provided and may include retrieving by a user equipment (UE) an access point (AP) Media Access Control (MAC) address for an AP to which the UE is connected; reporting location information for the UE to an evolved Packet Data Gateway over an SWu interface using Internet Key Exchange version 2 (IKEv2) protocol, wherein the location information includes, at least in part, a UE location in GPS coordinates, a service set identifier, the retrieved AP MAC address and cell identity information for the UE; and populating a location database with the location information. The method can include embedding the location information in an identity initiator (Idi) of an IKE Authentication Request (IKE_AUTH_REQ) message using a Network Access Identifier (NAI) and communicating the location information from the ePDG to a PGW over an S2b interface using a private extension information element of GPRS Tunneling Protocol version 2 (GTPv2).Type: ApplicationFiled: June 29, 2016Publication date: October 27, 2016Applicant: CISCO TECHNOLOGY, INC.Inventors: Abhishek Dhammawat, Arun Kavunder
-
Patent number: 9414354Abstract: An example method is provided and may include retrieving by a user equipment (UE) an access point (AP) Media Access Control (MAC) address for an AP to which the UE is connected; reporting location information for the UE to an evolved Packet Data Gateway over an SWu interface using Internet Key Exchange version 2 (IKEv2) protocol, wherein the location information includes, at least in part, a UE location in GPS coordinates, a service set identifier, the retrieved AP MAC address and cell identity information for the UE; and populating a location database with the location information. The method can include embedding the location information in an identity initiator (Idi) of an IKE Authentication Request (IKE_AUTH_REQ) message using a Network Access Identifier (NAI) and communicating the location information from the ePDG to a PGW over an S2b interface using a private extension information element of GPRS Tunneling Protocol version 2 (GTPv2).Type: GrantFiled: September 3, 2015Date of Patent: August 9, 2016Assignee: CISCO TECHNOLOGY, INC.Inventors: Abhishek Dhammawat, Arun Kavunder
-
Publication number: 20160127415Abstract: An example method is provided and may include receiving a DIAMETER-based error over an SWm interface by a first evolved packet data gateway (ePDG) for a user equipment (UE) attempting to connect to the first ePDG; determining an Internet Key Exchange version two (IKEv2) error type corresponding to the DIAMETER-based error; and communicating the IKEv2 error type to the UE over an SWu interface. In some cases, the IKEv2 error type can be included in a notify payload or in a vendor ID payload for an IKE authentication response (IKE_AUTH_RESP) message. By distinguishing the IKEv2 error type, the UE can determine whether the error is a temporary or a permanent type and can determine whether to attempt to connect again to the first ePDG after a period of time or attempt to connect to another ePDG, which can help to reduce unnecessary signaling and provide better connectivity and user experience.Type: ApplicationFiled: November 6, 2014Publication date: May 5, 2016Applicant: CISCO TECHNOLOGY, INC.Inventor: Abhishek Dhammawat
-
Publication number: 20160127371Abstract: An example method is provided and may include receiving a DIAMETER-based error over an SWm interface by a first evolved packet data gateway (ePDG) for a user equipment (UE) attempting to connect to the first ePDG; determining an Internet Key Exchange version two (IKEv2) error type corresponding to the DIAMETER-based error; and communicating the IKEv2 error type to the UE over an SWu interface. In some cases, the IKEv2 error type can be included in a notify payload or in a vendor ID payload for an IKE authentication response (IKE_AUTH_RESP) message. By distinguishing the IKEv2 error type, the UE can determine whether the error is a temporary or a permanent type and can determine whether to attempt to connect again to the first ePDG after a period of time or attempt to connect to another ePDG, which can help to reduce unnecessary signaling and provide better connectivity and user experience.Type: ApplicationFiled: October 30, 2014Publication date: May 5, 2016Applicant: CISCO TECHNOLOGY, INC.Inventor: Abhishek Dhammawat
-
Patent number: 9332015Abstract: An example method is provided and may include receiving a DIAMETER-based error over an SWm interface by a first evolved packet data gateway (ePDG) for a user equipment (UE) attempting to connect to the first ePDG; determining an Internet Key Exchange version two (IKEv2) error type corresponding to the DIAMETER-based error; and communicating the IKEv2 error type to the UE over an SWu interface. In some cases, the IKEv2 error type can be included in a notify payload or in a vendor ID payload for an IKE authentication response (IKE_AUTH_RESP) message. By distinguishing the IKEv2 error type, the UE can determine whether the error is a temporary or a permanent type and can determine whether to attempt to connect again to the first ePDG after a period of time or attempt to connect to another ePDG, which can help to reduce unnecessary signaling and provide better connectivity and user experience.Type: GrantFiled: October 30, 2014Date of Patent: May 3, 2016Assignee: CISCO TECHNOLOGY, INC.Inventor: Abhishek Dhammawat
-
Publication number: 20160057728Abstract: An example method is provided and may include retrieving by a user equipment (UE) an access point (AP) Media Access Control (MAC) address for an AP to which the UE is connected; reporting location information for the UE to an evolved Packet Data Gateway over an SWu interface using Internet Key Exchange version 2 (IKEv2) protocol, wherein the location information includes, at least in part, a UE location in GPS coordinates, a service set identifier, the retrieved AP MAC address and cell identity information for the UE; and populating a location database with the location information. The method can include embedding the location information in an identity initiator (Idi) of an IKE Authentication Request (IKE_AUTH_REQ) message using a Network Access Identifier (NAI) and communicating the location information from the ePDG to a PGW over an S2b interface using a private extension information element of GPRS Tunneling Protocol version 2 (GTPv2).Type: ApplicationFiled: September 3, 2015Publication date: February 25, 2016Applicant: CISCO TECHNOLOGY, INC.Inventors: Abhishek Dhammawat, Arun Kavunder
-
Patent number: 9179436Abstract: An example method is provided and may include retrieving by a user equipment (UE) an access point (AP) Media Access Control (MAC) address for an AP to which the UE is connected; reporting location information for the UE to an evolved Packet Data Gateway over an SWu interface using Internet Key Exchange version 2 (IKEv2) protocol, wherein the location information includes, at least in part, a UE location in GPS coordinates, a service set identifier, the retrieved AP MAC address and cell identity information for the UE; and populating a location database with the location information. The method can include embedding the location information in an identity initiator (Idi) of an IKE Authentication Request (IKE_AUTH_REQ) message using a Network Access Identifier (NAI) and communicating the location information from the ePDG to a PGW over an S2b interface using a private extension information element of GPRS Tunneling Protocol version 2 (GTPv2).Type: GrantFiled: August 22, 2014Date of Patent: November 3, 2015Assignee: CISCO TECHNOLOGY, INC.Inventors: Abhishek Dhammawat, Arun Kavunder