Patents by Inventor Bart Brinckman

Bart Brinckman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12659278
    Abstract: Devices, systems, methods, and processes for filtering of received broadcast packets at access points (APs) connected to a controller. Typically, the APs forward all the received broadcast packets to the controller for processing. Many of these broadcast packets may not be subscribed by any application and thus are dropped by the controller. Thus, both the APs and the controller resources are being wasted in processing the broadcast packets that may eventually be dropped. The controller, therefore, generates a filtering ruleset to drop one or more broadcast packets from the received broadcast packets based on one or more subscriptions from applications. The controller may install the filtering ruleset on the APs, so that only the broadcast packets subscribed by the applications are received by the controller. Further, the controller may run periodic updates on the filtering ruleset to accommodate any new subscriptions, new allow rule or drop rule from the applications.
    Type: Grant
    Filed: May 29, 2024
    Date of Patent: June 16, 2026
    Assignee: Cisco Technology, Inc.
    Inventors: Bart Brinckman, Muhammad Shahzad
  • Publication number: 20250294357
    Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.
    Type: Application
    Filed: May 29, 2025
    Publication date: September 18, 2025
    Inventors: Jerome Henry, Bart Brinckman, Mark Grayson
  • Patent number: 12389226
    Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.
    Type: Grant
    Filed: February 13, 2024
    Date of Patent: August 12, 2025
    Assignee: Cisco Technology, Inc.
    Inventors: Jerome Henry, Bart Brinckman, Mark Grayson
  • Publication number: 20250234197
    Abstract: Disclosed are systems, apparatuses, processes, and computer-readable media for automated certificate-based device enrollment system. For example, a disclosed method includes receiving, by a client device, a certificate signed by a certificate authority, the certificate including network credential information associated with a wireless network; in response to enabling a client supplicant, configuring a credential of the client device based on the certificate and the network selection credential information; using the configured credential to trigger the automatic network detection and selection of a wireless network; and authenticating with the wireless network using the credential.
    Type: Application
    Filed: November 11, 2024
    Publication date: July 17, 2025
    Inventors: Mark Grayson, Bart Brinckman, Edward Thomas Lingham Hardie
  • Publication number: 20250097209
    Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.
    Type: Application
    Filed: December 3, 2024
    Publication date: March 20, 2025
    Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson
  • Publication number: 20250097157
    Abstract: Devices, systems, methods, and processes for filtering of received broadcast packets at access points (APs) connected to a controller. Typically, the APs forward all the received broadcast packets to the controller for processing. Many of these broadcast packets may not be subscribed by any application and thus are dropped by the controller. Thus, both the APs and the controller resources are being wasted in processing the broadcast packets that may eventually be dropped. The controller, therefore, generates a filtering ruleset to drop one or more broadcast packets from the received broadcast packets based on one or more subscriptions from applications. The controller may install the filtering ruleset on the APs, so that only the broadcast packets subscribed by the applications are received by the controller. Further, the controller may run periodic updates on the filtering ruleset to accommodate any new subscriptions, new allow rule or drop rule from the applications.
    Type: Application
    Filed: May 29, 2024
    Publication date: March 20, 2025
    Inventors: Bart Brinckman, Muhammad SHAHZAD
  • Patent number: 12231421
    Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.
    Type: Grant
    Filed: August 8, 2023
    Date of Patent: February 18, 2025
    Assignee: Cisco Technology, Inc.
    Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson
  • Publication number: 20240187862
    Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.
    Type: Application
    Filed: February 13, 2024
    Publication date: June 6, 2024
    Inventors: Jerome Henry, Bart Brinckman, Mark Grayson
  • Patent number: 11943619
    Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.
    Type: Grant
    Filed: July 29, 2021
    Date of Patent: March 26, 2024
    Assignee: Cisco Technology, Inc.
    Inventors: Jerome Henry, Bart Brinckman, Mark Grayson
  • Publication number: 20230388288
    Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.
    Type: Application
    Filed: August 8, 2023
    Publication date: November 30, 2023
    Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson
  • Patent number: 11765153
    Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.
    Type: Grant
    Filed: January 7, 2022
    Date of Patent: September 19, 2023
    Assignee: Cisco Technology, Inc.
    Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson
  • Patent number: 11750610
    Abstract: Various implementations disclosed herein enable controlling access to networks. In various implementations, a method of controlling access to a network is performed by a computing device including one or more processors, and a non-transitory memory. In various implementations, the method includes obtaining an indication that a mobile device having access to a first network utilizing a first radio access technology (RAT) has requested access to a second network utilizing a second RAT. In some implementations, the method includes determining whether the access to the first network satisfies an authentication criterion associated with the second network. In some implementations, the method includes granting the mobile device access to the second network in response to determining that the access to the first network satisfies the authentication criterion associated with the second network.
    Type: Grant
    Filed: December 29, 2020
    Date of Patent: September 5, 2023
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Gangadharan Byju Pularikkal, Mark Grayson, Santosh Ramrao Patil, Jerome Henry, Bart Brinckman, Mark Allen Webb
  • Patent number: 11736944
    Abstract: In one embodiment, a method for providing access to wireless networks may include receiving, by a wireless network access provider from a user device, a request to access a wireless network. The method may include obtaining data representing a policy applicable to the access request, sending the access request, augmented with the policy, to an identity provider associated with the user and having no pre-existing relationship with the access provider, and receiving, from the identity provider, an access request response indicating whether or not the policy is met. The method may include communicating, to the wireless device, an indication that the access request has been accepted, if the policy is met, or an indication that the access request has been rejected, if the policy is not met. The access provider and identity provider may be members of an identity and access federation that communicate over a dynamically established secure connection.
    Type: Grant
    Filed: May 25, 2022
    Date of Patent: August 22, 2023
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Mark Grayson, Desmond Joseph O'Connor, Malcolm Muir Smith, Bart Brinckman
  • Publication number: 20230237422
    Abstract: According to one or more embodiments of the disclosure, a device receives, from a client at a first organization, a tracking identifier space allocation request for one or more physical assets. The device identifies, based on the tracking identifier space allocation request, a range of tracking identifiers that are not allocated to one or more other organizations for use. The device sends, to the client at the first organization, a tracking identifier space allocation response that indicates the range of tracking identifiers that are now allocated to the first organization, wherein the first organization, after receiving the tracking identifier space allocation response, sends the one or more physical assets tagged with tracking identifiers from the range of tracking identifiers to a second organization from the one or more other organizations.
    Type: Application
    Filed: January 24, 2022
    Publication date: July 27, 2023
    Inventors: Marco TRINELLI, Marcelo YANNUZZI, Bart BRINCKMAN
  • Publication number: 20220286856
    Abstract: In one embodiment, a method for providing access to wireless networks may include receiving, by a wireless network access provider from a user device, a request to access a wireless network. The method may include obtaining data representing a policy applicable to the access request, sending the access request, augmented with the policy, to an identity provider associated with the user and having no pre-existing relationship with the access provider, and receiving, from the identity provider, an access request response indicating whether or not the policy is met. The method may include communicating, to the wireless device, an indication that the access request has been accepted, if the policy is met, or an indication that the access request has been rejected, if the policy is not met. The access provider and identity provider may be members of an identity and access federation that communicate over a dynamically established secure connection.
    Type: Application
    Filed: May 25, 2022
    Publication date: September 8, 2022
    Inventors: Mark Grayson, Desmond Joseph O'Connor, Malcolm Muir Smith, Bart Brinckman
  • Patent number: 11411958
    Abstract: In one embodiment, a gateway to a zero trust network applies an access control policy to an endpoint device attempting to access a cloud-based application hosted by the zero trust network. The gateway acts as a reverse proxy between the endpoint device and the cloud-based application, based on the access control policy applied to the endpoint device. The gateway captures telemetry data regarding application traffic reverse proxied by the gateway between the endpoint device and the cloud-based application. The gateway detects an anomalous behavior of the application traffic by comparing the captured telemetry data to a machine learning-based behavioral model for the application. The gateway initiates a mitigation action for the detected anomalous behavior of the application traffic.
    Type: Grant
    Filed: January 18, 2019
    Date of Patent: August 9, 2022
    Assignee: Cisco Technology, Inc.
    Inventors: Gangadharan Byju Pularikkal, Santosh Ramrao Patil, Bart Brinckman, Madhusudan Nanjanagud
  • Patent number: 11350279
    Abstract: In one embodiment, a method for providing access to wireless networks may include receiving, by a wireless network access provider from a user device, a request to access a wireless network. The method may include obtaining data representing a policy applicable to the access request, sending the access request, augmented with the policy, to an identity provider associated with the user and having no pre-existing relationship with the access provider, and receiving, from the identity provider, an access request response indicating whether or not the policy is met. The method may include communicating, to the wireless device, an indication that the access request has been accepted, if the policy is met, or an indication that the access request has been rejected, if the policy is not met. The access provider and identity provider may be members of an identity and access federation that communicate over a dynamically established secure connection.
    Type: Grant
    Filed: May 4, 2020
    Date of Patent: May 31, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Mark Grayson, Desmond Joseph O'Connor, Malcolm Muir Smith, Bart Brinckman
  • Publication number: 20220141665
    Abstract: The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.
    Type: Application
    Filed: July 29, 2021
    Publication date: May 5, 2022
    Inventors: Jerome Henry, Bart Brinckman, Mark Grayson
  • Publication number: 20220131853
    Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.
    Type: Application
    Filed: January 7, 2022
    Publication date: April 28, 2022
    Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson
  • Patent number: 11258779
    Abstract: The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request.
    Type: Grant
    Filed: January 14, 2020
    Date of Patent: February 22, 2022
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Malcolm Muir Smith, Bart Brinckman, Mark Grayson, Jerome Henry, Matthew Stephen MacPherson