Patents by Inventor Jeremy Stieglitz

Jeremy Stieglitz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20060193284
    Abstract: A method, an apparatus, and a carrier medium carrying computer readable code segments to instruct a processor to execute the method. The method is in a wireless network that includes at least one access point. The method includes, from time-to-time, measuring a first set of at least one property of each access point of a set of at least one classified access point of the wireless network. The method further includes re-classifying each access point based on at least one function of a second set of at least one property of the access point, the second set of properties including the first set of properties. The set of at least one access point is classified according to a set of AP classifications, and the re-classifying is into one of the AP classifications.
    Type: Application
    Filed: July 25, 2005
    Publication date: August 31, 2006
    Inventors: Jeremy Stieglitz, Timothy Olson, Pejman Roshan
  • Publication number: 20060185001
    Abstract: A system supplies configuration information, via an EAP protocol, to a remote device trying to access the network. An authentication server performs an authentication exchange by receiving, from a remote device, a connection attempt to access the network. The authentication server performs an authentication exchange with the remote device to allow the remote device access to the network. During the authentication exchange, a configuration selection characteristic associated with the remote device is identified. A device configuration to be applied to the remote device, based on the configuration selection characteristic, is determined. The authentication server provides the determined device configuration to the remote device, via an EAP protocol, to allow the remote device to install the determined device configuration prior to being allowed access to the network.
    Type: Application
    Filed: February 17, 2005
    Publication date: August 17, 2006
    Inventors: Jeremy Stieglitz, Darran Potter, Mark Wilgus
  • Publication number: 20060179307
    Abstract: A method and system for performing pre-authentication across inter-subnets. A pre-authentication request is received by a first access point associated with a first subnet from a mobile node requesting that is requesting pre-authentication with a second access point associated with a second subnet. The request is forwarded by the access point to a first authenticator that is the authenticator for the first subnet. The first authenticator obtains from a root infrastructure node the address for a second authenticator that is the authenticator for the second access point. The first authenticator then pre-authenticates the mobile node with the second authenticator by sending a message to the address for the second authenticator.
    Type: Application
    Filed: February 4, 2005
    Publication date: August 10, 2006
    Inventors: Jeremy Stieglitz, Nancy Cam Winget
  • Publication number: 20060089122
    Abstract: A method and apparatus for managing and balancing wireless access based on centralized information is provided. A request to provide service to a wireless client is received from a first access node in a plurality of access node. An access policy, applicable to the first access node, is selected from a plurality of stored policies. The stored policies may include a variety of rules, such as how many or which wireless clients may be serviced by an access node. A centralized manager, such as an AAA server, may perform the selection of the access policy. A determination is made as to whether to allow the first access node to provide service to the wireless client based on the selected access policy. A message that instructs the first access node whether to provide or deny service to the wireless client is transmitted to the first access node.
    Type: Application
    Filed: October 26, 2004
    Publication date: April 27, 2006
    Inventors: Arthur Zavalkovsky, Jeremy Stieglitz, Ami Schieber
  • Publication number: 20060026671
    Abstract: A method is disclosed for determining the authentication capabilities of a supplicant before initiating an authentication conversation with a client, for example, using Extensible Authentication Protocol (EAP). In one aspect, the method provides for sending, to a supplicant that is requesting access to a computer network subject to authentication of a user of the supplicant, a list of first authentication methods that are supported by an authentication server; receiving, from the supplicant, a counter-list of second authentication methods that are supported by the supplicant; determining how many second authentication methods in the counter-list match the first authentication methods; and performing an authentication policy action based on how many of the second authentication methods match the first authentication methods. Policy actions can include blocking access, re-directing to sources of acceptable authentication methods, granting one of several levels of network access, etc.
    Type: Application
    Filed: August 2, 2004
    Publication date: February 2, 2006
    Inventors: Darran Potter, Jeremy Stieglitz, Andrew Clymer
  • Publication number: 20060026670
    Abstract: A method is disclosed for performing on-demand posture validation for all of multiple clients or supplicants of an authentication system, comprising creating and storing a session list identifying communication sessions relating to supplicants that access a computer network through an access device; receiving input requesting performing posture validation for all the supplicants; determining a time value for starting the posture validation for a particular supplicant identified in the session list; generating and sending to the access device, a request to perform posture validation, wherein the request comprises supplicant identifying information and the time value and instructs the access device to initiate the posture validation for that supplicant only after the time value has expired; and repeating the steps of determining, generating and sending for all supplicants in the session list.
    Type: Application
    Filed: August 2, 2004
    Publication date: February 2, 2006
    Inventors: Darran Potter, Jeremy Stieglitz, Andrew Clymer
  • Publication number: 20050243717
    Abstract: Techniques are provided for controlling access message flow. The techniques include receiving one or more access messages; determining one or more sets of features, one for each access message; receiving a particular access message; determining a particular set of one or more features for the particular access message; determining whether the particular access message satisfies a particular condition based on the particular set of one or more features and the one or more sets of features; and if the particular access message satisfies the particular condition, performing a responsive action based on the particular condition.
    Type: Application
    Filed: April 29, 2004
    Publication date: November 3, 2005
    Inventors: Jeremy Stieglitz, John Zamick
  • Publication number: 20050235341
    Abstract: Techniques are disclosed for dynamically mitigating a noncompliant password. The techniques include obtaining a password from a user when the user attempts to access a service; determining whether the password meets quality criteria; and if the password does not meet the quality criteria, performing one or more responsive actions that relate to accessing the service.
    Type: Application
    Filed: April 16, 2004
    Publication date: October 20, 2005
    Inventors: Jeremy Stieglitz, Darran Potter
  • Publication number: 20050198190
    Abstract: The invention provides techniques for dynamic timeout including the steps of receiving a request from a requestor; determining whether an interim message should be sent to the requestor; and, if the interim message should be sent to the requester, sending to the requestor the interim message referring to the request. Techniques are also provided for dynamic timeout including steps of sending a request to a server; receiving an interim message from the server, where the interim message contains one or more response-related items; and determining whether to change a timeout value based on the one or more response-related items in the interim message.
    Type: Application
    Filed: December 31, 2003
    Publication date: September 8, 2005
    Inventors: Arthur Zavalkovsky, Jeremy Stieglitz
  • Publication number: 20050120213
    Abstract: System architecture and corresponding method for securing communication via a network (e.g. IEEE 802.11) is provided. In accordance with one embodiment, the present system and method protocol, may be suitably configured to achieve mutual authentication by using a shared secret to establish a tunnel used to protect weaker authentication methods (e.g. user names and passwords). The shared secret, referred to in this embodiment as the protected access credential may be advantageously used to mutually authenticate a server and a peer upon securing a tunnel for communication via a network. The present system and method disclosed and claimed herein, in one aspect thereof, comprises the steps of 1) providing a communication implementation between a first and a second party; 2) provisioning a secure credential between the first and the second party; and 3) establishing a secure tunnel between the first and the second party using the secure credential.
    Type: Application
    Filed: December 1, 2003
    Publication date: June 2, 2005
    Applicant: Cisco Technology, Inc.
    Inventors: Nancy Winget, Hao Zhou, Mark Krischer, Joseph Salowey, Jeremy Stieglitz, Saar Gillai, Padmanabha Jakkahalli