Patents by Inventor Joseph A. Salowey
Joseph A. Salowey has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 7640430Abstract: A Machine Authentication PAC (Protected Access Credential) serves as machine credentials to obtain network access without requiring server storage and management of the additional set of credentials. The first time authentication is performed, user authentication is executed. After the supplicant and server have mutually authenticated each other and satisfied other validations, the supplicant requests a Machine Authentication PAC from the server. The Server randomly generates a cryptographic key (Device Key) and sends it to the supplicant along with an encrypted ticket, comprising the Device Key and other information and encrypted with a key only known to the Server. The supplicant caches the Machine Authentication PAC in its non-volatile memory for future use. When the machine needs to access certain network services before a user is available, the supplicant uses the Machine Authentication PAC to gain authorization for the machine to limited access on the network, without requiring user input.Type: GrantFiled: April 4, 2005Date of Patent: December 29, 2009Assignee: Cisco Technology, Inc.Inventors: Hao Zhou, Joseph Salowey, Nancy Cam Winget
-
Patent number: 7626963Abstract: Methods and apparatus for dynamically generating a set of Mobile IP keys are disclosed. The set of Mobile IP keys is dynamically generated using an existing HLR/AuC authentication infrastructure. This is accomplished, in part, by obtaining an International Mobile Subscriber Identity (IMSI) that uniquely identifies a particular Mobile Node. Once a set of Mobile IP keys is generated from authentication information associated with the IMSI, the Mobile Node may register with its Home Agent using the set of Mobile IP keys.Type: GrantFiled: October 25, 2005Date of Patent: December 1, 2009Assignee: Cisco Technology, Inc.Inventors: Alpesh S. Patel, Kent K. Leung, Joseph A. Salowey, Yu-Cheng Shao
-
Publication number: 20090258649Abstract: In an example embodiment, a technique for automatically controlling radio interfaces of a multi-mode device. Wireless interfaces are enabled or disabled based on the probability of network availability of the interfaces at a current geographical location.Type: ApplicationFiled: April 15, 2008Publication date: October 15, 2009Inventor: Joseph Salowey
-
Publication number: 20090136027Abstract: Described herein in an example embodiment, is a mechanism to distribute and implement secure credentials on a WLAN (wireless local area network) employing radio frequency identification (RFID) tags. Symmetric keys are provisioned to the tag in a manner that allows for optimized re-association and secure announcements. The provisioned keys are derived in a way that enables the controller to operate without having to maintain the key state for every tag. In an example embodiment, the controller generates keys for the RFID tags that are derived from a master key associated with the controller, an identifier assigned to the RFID tag and an address associated with the RFID tag.Type: ApplicationFiled: November 27, 2007Publication date: May 28, 2009Inventors: Joseph SALOWEY, Allan THOMSON
-
Publication number: 20080307234Abstract: In one embodiment, a method for using credentials for a mobile node to protect the transfer of posture data is provided. A network access device receives a message from a mobile node for access to a network. The message includes posture data encrypted using credentials for the mobile node. The credentials may be found in a storage card that is used to identify the mobile node. The network access device determines decryption information for the mobile node. For example, the credentials for the mobile node may be stored in a home location register (HLR) and are retrieved. The posture data is then decrypted using the credentials. The posture data is processed in a network admission control procedure for allowing access to the network. For example, a policy for access to the network may be installed based on the posture data.Type: ApplicationFiled: June 6, 2007Publication date: December 11, 2008Applicant: Cisco Technology, Inc. a California corporationInventors: Joseph Salowey, Parviz Yegani
-
Publication number: 20080282327Abstract: A system that enables network authorization status to be conveyed to the device requesting network services within or outside the scope of an authentication exchange is provided. The authorization status notification or information can be automatically generated or otherwise triggered by a request from the user or device. For instance, a query can be employed to solicit device authorization status related to a particular service or group of services. Additionally, authorization status notification can be automatically triggered based upon a change in the device authorization state.Type: ApplicationFiled: May 6, 2008Publication date: November 13, 2008Applicant: Cisco Technology, Inc.Inventors: Nancy Cam Winget, Joseph A. Salowey, James Edward Burns, Susan Elizabeth Thomson, Hao Zhou
-
Patent number: 7370350Abstract: A method of authenticating a first computing device in communication over a network to a second computing device is disclosed. The first computing device is authenticated to the second computing device using a first authentication mechanism. The first authentication mechanism is based on Extensible Authentication Protocol (EAP) or IEEE 802.1x authentication. Short-term re-authentication data is generated and issued to the first computing device. Later, a request from the first computing device to re-authenticate to the second computing device is received. The first computing device is re-authenticated to the second computing device using a challenge-response mechanism in which the first computing device authenticates itself by presenting the short-term authentication credential to the second computing device. Accordingly, re-authentication proceeds more quickly and with fewer message exchanges.Type: GrantFiled: June 27, 2002Date of Patent: May 6, 2008Assignee: Cisco Technology, Inc.Inventor: Joseph Salowey
-
Publication number: 20080086634Abstract: In one embodiment, techniques to validate certificates using authentication, authorization, and accounting (AAA) services are provided. A service receives a request from a requester for validation of a certificate. The request may include the certificate associated with the requester. The servicer creates a AAA request that includes the certificate. The AAA request is then sent to the AAA server. A response is then received from the AAA server that includes a result of the certificate validation and also AAA attributes associated with any AAA services performed. The servicer may then validate the proof of possession of the private key or perform other type of authentication calculations after receiving the response from the AAA server if the response indicates the certificate was validated. The servicer can then perform an action based on the certificate validation and AAA attributes.Type: ApplicationFiled: October 10, 2006Publication date: April 10, 2008Applicant: Cisco Technology, Inc.Inventors: Joseph Salowey, Glen Zorn, Max Pritikin
-
Publication number: 20080081592Abstract: A method for authenticating an element in a network environment is provided that includes receiving a request for one or more triplets. One or more of the triplets may be associated with an authentication communications protocol that may be executed in order to facilitate a communication session. The method further includes returning one or more of the triplets in response to the request and initiating the communication session in response to the triplets after proper authentication of an entity associated with the request.Type: ApplicationFiled: December 3, 2007Publication date: April 3, 2008Applicant: Cisco Technology, Inc.Inventors: Amitava Das, Michael Wright, Joseph Salowey, William Gossman
-
Patent number: 7346773Abstract: A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.Type: GrantFiled: January 12, 2004Date of Patent: March 18, 2008Assignee: Cisco Technology, Inc.Inventors: Nancy Cam-Winget, Hao Zhou, Padmanabha C. Jakkahalli, Joseph Salowey, David A. McGrew
-
Publication number: 20080065883Abstract: An extensible authentication framework is used in cable networks such as Data Over Cable Service Interface Specification (DOCSIS) cable networks. The authentication scheme allows for centralized authentication of cable modems, as well as authentication of the cable network by cable modems. Additionally, the authentication scheme allows a Cable Modem Termination System (CMTS) to authenticate devices downstream from cable modems, such as Customer Premise Equipment (CPE) devices.Type: ApplicationFiled: August 24, 2006Publication date: March 13, 2008Applicant: CISCO TECHNOLOGY, INC.Inventors: Shengyou Zeng, Jason Frazier, Joshua B. Littlefield, Joseph A. Salowey
-
Patent number: 7310307Abstract: A method for authenticating an element in a network environment is provided that includes receiving a request for one or more triplets. One or more of the triplets may be associated with an authentication communications protocol that may be executed in order to facilitate a communication session. The method further includes returning one or more of the triplets in response to the request and initiating the communication session in response to the triplets after proper authentication of an entity associated with the request.Type: GrantFiled: December 17, 2002Date of Patent: December 18, 2007Assignee: Cisco Technology, Inc.Inventors: Amitava Das, Michael A. Wright, Joseph A. Salowey, William C. Gossman
-
Publication number: 20070288743Abstract: A method is disclosed for enabling stateless server-based pre-shared secrets. Based on a local key that is not known to a client, a server encrypts the client's state information. The client's state information may include, for example, the client's authentication credentials, the client's authorization characteristics, and a shared secret key that the client uses to derive session keys. By any of a variety of mechanisms, the encrypted client state information is provided to the client. The server may free memory that stored the client's state information. When the server needs the client's state information, the client sends, to the server, the encrypted state information that the client stored. The server decrypts the client state information using the local key. Because each client stores that client's own state information in encrypted form, the server does not need to store any client's state information permanently.Type: ApplicationFiled: August 22, 2007Publication date: December 13, 2007Applicant: Cisco Technology, Inc.Inventors: Nancy Cam-Winget, Hao Zhou, Padmanabha Jakkahalli, Joseph Salowey, David McGrew
-
Publication number: 20070220589Abstract: Techniques for validating a first device are provided. A second device receives a first device public key and first device identification information from the first device. Validation of the first device identification information is required for a security process using a security protocol. The second device sends the first device public key and the first device identification information to an AAA server for validation. The AAA server is separate from the second device. The second device receives a response from the AAA server, the response including an indication whether the received first device identification information is validated with stored first device identification information for the first device public key. If the first device identification information is validated, an action for the security process is performed using the security protocol.Type: ApplicationFiled: March 17, 2006Publication date: September 20, 2007Applicant: Cisco Technology, Inc.Inventors: Joseph Salowey, Jan Vilhuber
-
Publication number: 20070220598Abstract: The innovation discloses an AAA-based key/credential distribution system and methodology that is enhanced for establishing a trust relationship between an end device and network application servers which are known at the time of end device authentication. This enhancement can reduce the complexity of key distribution while increasing performance and computational efficiency. By using information that is typically accessible to an AAA server with respect to which instance of a service a client should use based upon load, location, etc., the subject innovation can proactively distribute credentials to an end device. This proactive distribution enables the end device to directly prompt authentication with a network entity.Type: ApplicationFiled: June 16, 2006Publication date: September 20, 2007Applicant: CISCO SYSTEMS, INC.Inventors: Joseph Salowey, Shengyou Zeng
-
Publication number: 20070217610Abstract: A system and method is provided for authenticating access in a mobile wireless network. The system and method comprise exchanging an extensible authentication protocol (EAP) packet with an access terminal over a high rate packet data radio link and a signaling interface through a radio access network, encapsulating the EAP packet in an authentication authorization and accounting (AAA) packet, and sending the AAA packet to an authentication server for authentication.Type: ApplicationFiled: May 19, 2006Publication date: September 20, 2007Inventors: Parviz Yegani, Joseph Salowey, Jayaraman Iyer, Anand Oswal
-
Publication number: 20070180229Abstract: A method is disclosed for communicating a security credential within a network device authentication conversation. An authenticator that is coupled to a supplicant through a network performs a first message conversation resulting in creating a security context that is known to the authenticator and the supplicant. A second message conversation is initiated. The second message conversation is cryptographically protected using the same security context. A security credential is provided to the supplicant in the second message conversation. The second message conversation and first message conversation are then concluded. Specific embodiments can bootstrap digital certificates, public/private key pairs, and other credentials to supplicants, in-band, within an EAP-SIM or EAP-AKA conversation and without initiating a new session or exchanging special-purpose keys to protect distribution of the credentials.Type: ApplicationFiled: January 9, 2007Publication date: August 2, 2007Inventors: Joseph Salowey, William Gossman
-
Publication number: 20070101406Abstract: Automatically re-authenticating a computing device seeking access to a network or a resource. A method comprises forwarding a request received from the computing device to an authentication device to enable the authentication device to authenticate the computing device using a full-authentication mechanism. State information related to authenticating the computing device is created from authenticating the computing device. The state information is received and stored. For example, an authenticator device that forwarded the initial authentication request from the computing device to the authentication device receives and stores the state information. The computing device is re-authenticated using the stored state information without again contacting the authentication device.Type: ApplicationFiled: October 18, 2005Publication date: May 3, 2007Inventors: Arthur Zavalkovsky, Alexey Kobozev, Joseph Salowey, Ilan Frenkel
-
Publication number: 20070091843Abstract: Methods and apparatus for dynamically generating a set of Mobile IP keys are disclosed. The set of Mobile IP keys is dynamically generated using an existing HLR/AuC authentication infrastructure. This is accomplished, in part, by obtaining an International Mobile Subscriber Identity (IMSI) that uniquely identifies a particular Mobile Node. Once a set of Mobile IP keys is generated from authentication information associated with the IMSI, the Mobile Node may register with its Home Agent using the set of Mobile IP keys.Type: ApplicationFiled: October 25, 2005Publication date: April 26, 2007Inventors: Alpesh Patel, Kent Leung, Joseph Salowey, Yu-Cheng Shao
-
Patent number: 7171555Abstract: A method is disclosed for communicating a security credential within a network device authentication conversation. An authenticator that is coupled to a supplicant through a network performs a first message conversation resulting in creating a security context that is known to the authenticator and the supplicant. A second message conversation is initiated. The second message conversation is cryptographically protected using the same security context. A security credential is provided to the supplicant in the second message conversation. The second message conversation and first message conversation are then concluded. Specific embodiments can bootstrap digital certificates, public/private key pairs, and other credentials to supplicants, in-band, within an EAP-SIM or EAP-AKA conversation and without initiating a new session or exchanging special-purpose keys to protect distribution of the credentials.Type: GrantFiled: May 29, 2003Date of Patent: January 30, 2007Assignee: Cisco Technology, Inc.Inventors: Joseph Salowey, William Gossman