Patents by Inventor Bart Brinckman
Bart Brinckman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12659278Abstract: Devices, systems, methods, and processes for filtering of received broadcast packets at access points (APs) connected to a controller. Typically, the APs forward all the received broadcast packets to the controller for processing. Many of these broadcast packets may not be subscribed by any application and thus are dropped by the controller. Thus, both the APs and the controller resources are being wasted in processing the broadcast packets that may eventually be dropped. The controller, therefore, generates a filtering ruleset to drop one or more broadcast packets from the received broadcast packets based on one or more subscriptions from applications. The controller may install the filtering ruleset on the APs, so that only the broadcast packets subscribed by the applications are received by the controller. Further, the controller may run periodic updates on the filtering ruleset to accommodate any new subscriptions, new allow rule or drop rule from the applications.Type: GrantFiled: May 29, 2024Date of Patent: June 16, 2026Assignee: Cisco Technology, Inc.Inventors: Bart Brinckman, Muhammad Shahzad
-
Publication number: 20250294357Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.Type: ApplicationFiled: May 29, 2025Publication date: September 18, 2025Inventors: Jerome Henry, Bart Brinckman, Mark Grayson
-
Patent number: 12389226Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.Type: GrantFiled: February 13, 2024Date of Patent: August 12, 2025Assignee: Cisco Technology, Inc.Inventors: Jerome Henry, Bart Brinckman, Mark Grayson
-
Publication number: 20250234197Abstract: Disclosed are systems, apparatuses, processes, and computer-readable media for automated certificate-based device enrollment system. For example, a disclosed method includes receiving, by a client device, a certificate signed by a certificate authority, the certificate including network credential information associated with a wireless network; in response to enabling a client supplicant, configuring a credential of the client device based on the certificate and the network selection credential information; using the configured credential to trigger the automatic network detection and selection of a wireless network; and authenticating with the wireless network using the credential.Type: ApplicationFiled: November 11, 2024Publication date: July 17, 2025Inventors: Mark Grayson, Bart Brinckman, Edward Thomas Lingham Hardie
-
Publication number: 20250097209Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.Type: ApplicationFiled: December 3, 2024Publication date: March 20, 2025Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson
-
Publication number: 20250097157Abstract: Devices, systems, methods, and processes for filtering of received broadcast packets at access points (APs) connected to a controller. Typically, the APs forward all the received broadcast packets to the controller for processing. Many of these broadcast packets may not be subscribed by any application and thus are dropped by the controller. Thus, both the APs and the controller resources are being wasted in processing the broadcast packets that may eventually be dropped. The controller, therefore, generates a filtering ruleset to drop one or more broadcast packets from the received broadcast packets based on one or more subscriptions from applications. The controller may install the filtering ruleset on the APs, so that only the broadcast packets subscribed by the applications are received by the controller. Further, the controller may run periodic updates on the filtering ruleset to accommodate any new subscriptions, new allow rule or drop rule from the applications.Type: ApplicationFiled: May 29, 2024Publication date: March 20, 2025Inventors: Bart Brinckman, Muhammad SHAHZAD
-
Patent number: 12231421Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.Type: GrantFiled: August 8, 2023Date of Patent: February 18, 2025Assignee: Cisco Technology, Inc.Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson
-
Publication number: 20240187862Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.Type: ApplicationFiled: February 13, 2024Publication date: June 6, 2024Inventors: Jerome Henry, Bart Brinckman, Mark Grayson
-
Patent number: 11943619Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.Type: GrantFiled: July 29, 2021Date of Patent: March 26, 2024Assignee: Cisco Technology, Inc.Inventors: Jerome Henry, Bart Brinckman, Mark Grayson
-
Publication number: 20230388288Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.Type: ApplicationFiled: August 8, 2023Publication date: November 30, 2023Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson
-
Patent number: 11765153Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.Type: GrantFiled: January 7, 2022Date of Patent: September 19, 2023Assignee: Cisco Technology, Inc.Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson
-
Patent number: 11750610Abstract: Various implementations disclosed herein enable controlling access to networks. In various implementations, a method of controlling access to a network is performed by a computing device including one or more processors, and a non-transitory memory. In various implementations, the method includes obtaining an indication that a mobile device having access to a first network utilizing a first radio access technology (RAT) has requested access to a second network utilizing a second RAT. In some implementations, the method includes determining whether the access to the first network satisfies an authentication criterion associated with the second network. In some implementations, the method includes granting the mobile device access to the second network in response to determining that the access to the first network satisfies the authentication criterion associated with the second network.Type: GrantFiled: December 29, 2020Date of Patent: September 5, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Gangadharan Byju Pularikkal, Mark Grayson, Santosh Ramrao Patil, Jerome Henry, Bart Brinckman, Mark Allen Webb
-
Patent number: 11736944Abstract: In one embodiment, a method for providing access to wireless networks may include receiving, by a wireless network access provider from a user device, a request to access a wireless network. The method may include obtaining data representing a policy applicable to the access request, sending the access request, augmented with the policy, to an identity provider associated with the user and having no pre-existing relationship with the access provider, and receiving, from the identity provider, an access request response indicating whether or not the policy is met. The method may include communicating, to the wireless device, an indication that the access request has been accepted, if the policy is met, or an indication that the access request has been rejected, if the policy is not met. The access provider and identity provider may be members of an identity and access federation that communicate over a dynamically established secure connection.Type: GrantFiled: May 25, 2022Date of Patent: August 22, 2023Assignee: CISCO TECHNOLOGY, INC.Inventors: Mark Grayson, Desmond Joseph O'Connor, Malcolm Muir Smith, Bart Brinckman
-
Publication number: 20230237422Abstract: According to one or more embodiments of the disclosure, a device receives, from a client at a first organization, a tracking identifier space allocation request for one or more physical assets. The device identifies, based on the tracking identifier space allocation request, a range of tracking identifiers that are not allocated to one or more other organizations for use. The device sends, to the client at the first organization, a tracking identifier space allocation response that indicates the range of tracking identifiers that are now allocated to the first organization, wherein the first organization, after receiving the tracking identifier space allocation response, sends the one or more physical assets tagged with tracking identifiers from the range of tracking identifiers to a second organization from the one or more other organizations.Type: ApplicationFiled: January 24, 2022Publication date: July 27, 2023Inventors: Marco TRINELLI, Marcelo YANNUZZI, Bart BRINCKMAN
-
Publication number: 20220286856Abstract: In one embodiment, a method for providing access to wireless networks may include receiving, by a wireless network access provider from a user device, a request to access a wireless network. The method may include obtaining data representing a policy applicable to the access request, sending the access request, augmented with the policy, to an identity provider associated with the user and having no pre-existing relationship with the access provider, and receiving, from the identity provider, an access request response indicating whether or not the policy is met. The method may include communicating, to the wireless device, an indication that the access request has been accepted, if the policy is met, or an indication that the access request has been rejected, if the policy is not met. The access provider and identity provider may be members of an identity and access federation that communicate over a dynamically established secure connection.Type: ApplicationFiled: May 25, 2022Publication date: September 8, 2022Inventors: Mark Grayson, Desmond Joseph O'Connor, Malcolm Muir Smith, Bart Brinckman
-
Patent number: 11411958Abstract: In one embodiment, a gateway to a zero trust network applies an access control policy to an endpoint device attempting to access a cloud-based application hosted by the zero trust network. The gateway acts as a reverse proxy between the endpoint device and the cloud-based application, based on the access control policy applied to the endpoint device. The gateway captures telemetry data regarding application traffic reverse proxied by the gateway between the endpoint device and the cloud-based application. The gateway detects an anomalous behavior of the application traffic by comparing the captured telemetry data to a machine learning-based behavioral model for the application. The gateway initiates a mitigation action for the detected anomalous behavior of the application traffic.Type: GrantFiled: January 18, 2019Date of Patent: August 9, 2022Assignee: Cisco Technology, Inc.Inventors: Gangadharan Byju Pularikkal, Santosh Ramrao Patil, Bart Brinckman, Madhusudan Nanjanagud
-
Patent number: 11350279Abstract: In one embodiment, a method for providing access to wireless networks may include receiving, by a wireless network access provider from a user device, a request to access a wireless network. The method may include obtaining data representing a policy applicable to the access request, sending the access request, augmented with the policy, to an identity provider associated with the user and having no pre-existing relationship with the access provider, and receiving, from the identity provider, an access request response indicating whether or not the policy is met. The method may include communicating, to the wireless device, an indication that the access request has been accepted, if the policy is met, or an indication that the access request has been rejected, if the policy is not met. The access provider and identity provider may be members of an identity and access federation that communicate over a dynamically established secure connection.Type: GrantFiled: May 4, 2020Date of Patent: May 31, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Mark Grayson, Desmond Joseph O'Connor, Malcolm Muir Smith, Bart Brinckman
-
Publication number: 20220141665Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.Type: ApplicationFiled: July 29, 2021Publication date: May 5, 2022Inventors: Jerome Henry, Bart Brinckman, Mark Grayson
-
Publication number: 20220131853Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.Type: ApplicationFiled: January 7, 2022Publication date: April 28, 2022Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson
-
Patent number: 11258779Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.Type: GrantFiled: January 14, 2020Date of Patent: February 22, 2022Assignee: CISCO TECHNOLOGY, INC.Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson