Patents by Inventor Stephen Michael Orr
Stephen Michael Orr has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12659235Abstract: Systems and methods for creating user defined network in a network environment is provided. Users are able to create user defined networks which as private logical groups that extend across different wired and wireless networking constructs. A user may use an endpoint (e.g., mobile phone) to create a user defined network, to associate one or more endpoints with the user defined network, and to invite other users to add their endpoints to the user defined network. The user may create a policy for endpoints in the user defined network such as only allowing endpoints associated with the user defined network or restricting types of traffic that can be communicated to endpoints in the user defined network. The user defined network, and associated policies, may be enforced by the infrastructure devices in the network environment.Type: GrantFiled: October 22, 2021Date of Patent: June 16, 2026Assignee: Cisco Technology, Inc.Inventors: Shree N. Murthy, Stephen Michael Orr, Sanjay Kumar Hooda, Sudhir Kumar Jain, Darrin Joseph Miller, Ameet Prakash Kulkarni
-
Publication number: 20260113616Abstract: A method is performed by an access point (AP) configured to operate in a seamless mobility domain that supports seamless roaming of wireless stations (STAs) between APs. The method comprises: encoding, into a first frame, AP pairwise transient key (PTK) rekeying options related to roaming of a STA, wherein the AP PTK rekeying options include one or more of (i) a before-roaming AP PTK rekeying option that indicates a first preference, a first requirement, or a first non-preference for PTK rekeying before the roaming, or (ii) an after-roaming AP PTK rekeying option that indicates a second preference, a second requirement, or a second non-preference for the PTK rekeying after the roaming; and transmitting the first frame to the STA.Type: ApplicationFiled: October 14, 2025Publication date: April 23, 2026Inventors: Binita Gupta, Brian D. Hart, Stephen Michael Orr
-
Publication number: 20260052390Abstract: Methods are provided to determine validity of a MAC address. The methods involve obtaining a media access control (MAC) address validity message that indicates a plurality of valid MAC addresses in the wireless network using a fully-exploded format or a probabilistic data structure and determining whether a MAC address is valid based on the MAC address validity message. Other methods involve obtaining a query regarding a validity of a media access control (MAC) address, determining whether the MAC address is a value included in a data set of expected values of a probabilistic data structure. The data set represents a list of MAC addresses. The other methods involve determining whether the MAC address is valid in the wireless network based on determining whether the MAC address is the value included in the data set and providing a response indicating whether the MAC address is valid.Type: ApplicationFiled: October 28, 2025Publication date: February 19, 2026Inventors: Domenico Ficara, Roberto Muccifora, Robert Edgar Barton, Jerome Henry, Stephen Michael Orr, Amine Choukir
-
Publication number: 20260046626Abstract: Techniques are provided for verifying Access Points (APs) using crowd sourcing. In one example, a STA establishes a first non-verified connection, based on security material, with a source AP in a wireless infrastructure. A target AP in a wireless infrastructure obtains an indication that the STA is attempting to establish a second non-verified connection with the target AP. In response, the target AP establishes the second non-verified connection based on the security material.Type: ApplicationFiled: October 17, 2025Publication date: February 12, 2026Inventors: Jerome Henry, Robert E. Barton, Stephen Michael Orr
-
Patent number: 12532377Abstract: A method comprising: at an access point configured with a first basic service set identifier (BSSID): performing an association process by which one or more wireless stations wirelessly associate to the access point using the first BSSID; and while the one or more wireless stations remain associated to the access point: sending, to the one or more wireless stations, a protected management frame configured to indicate that the access point will rotate from the first BSSID to a second BSSID; after sending, rotating from the first BSSID to the second BSSID while maintaining continuity of association to the one or more wireless stations; and after rotating, communicating with the one or more wireless stations using the second BSSID.Type: GrantFiled: April 1, 2022Date of Patent: January 20, 2026Assignee: CISCO TECHNOLOGY, INC.Inventors: Robert E. Barton, Jerome Henry, Stephen Michael Orr
-
Patent number: 12513524Abstract: Methods are provided to determine validity of a MAC address. The methods involve obtaining a media access control (MAC) address validity message that indicates a plurality of valid MAC addresses in the wireless network using a fully-exploded format or a probabilistic data structure and determining whether a MAC address is valid based on the MAC address validity message. Other methods involve obtaining a query regarding a validity of a media access control (MAC) address, determining whether the MAC address is a value included in a data set of expected values of a probabilistic data structure. The data set represents a list of MAC addresses. The other methods involve determining whether the MAC address is valid in the wireless network based on determining whether the MAC address is the value included in the data set and providing a response indicating whether the MAC address is valid.Type: GrantFiled: February 17, 2022Date of Patent: December 30, 2025Assignee: CISCO TECHNOLOGY, INC.Inventors: Domenico Ficara, Roberto Muccifora, Robert Edgar Barton, Jerome Henry, Stephen Michael Orr, Amine Choukir
-
Patent number: 12513108Abstract: A method comprising: at a multi-link device (MLD) configured for multi-link operation: establishing a first Internet Protocol (IP) stack of a first IP type and configured with a first IP address of the first IP type, wherein the first IP stack is associated to a first MLD media access control (MAC) address of a first station of the MLD; establishing a second IP stack of a second IP type and configured with a second IP address of the second IP type, wherein the second IP stack exists concurrently with the first IP stack and is associated to a second MLD MAC address of a second station of the MLD; and exchanging, with a peer MLD, IP traffic using one or more of (i) the first IP stack and the first MLD MAC address, and (ii) the second IP stack and the second MLD MAC address.Type: GrantFiled: February 29, 2024Date of Patent: December 30, 2025Assignee: CISCO TECHNOLOGY, INC.Inventors: Jerome Henry, Robert Edgar Barton, Stephen Michael Orr, Malcolm Muir Smith
-
Publication number: 20250358620Abstract: Presented herein are techniques to tunnel Pre-Association Security Negotiation (PASN) communications within another PASN protected exchange established with an (initial) access point (AP), thus allowing a station (STA) to establish one or more PASN sessions with one or more other access points (APs) through the initial AP, thereby enabling the STA to pre-establish PASN sessions with multiple APs without leaving its active channel with the initial AP. In at least embodiment, a method may include establishing a first PASN session between a STA and a first AP through initial PASN communications exchanged between the STA and the first AP and performing subsequent PASN communications between the STA and at least one other AP that are facilitated through the first PASN session established between the STA and the first AP to enable at least one subsequent PASN session to be established between the STA and the at least one other AP.Type: ApplicationFiled: March 28, 2025Publication date: November 20, 2025Inventors: Jerome Henry, Stephen Michael Orr
-
Publication number: 20250343781Abstract: Techniques herein facilitate a device address rotation management protocol that may be implemented for a wireless local area network (WLAN), which can be used to influence when wireless client devices or stations may rotate their Media Access Control (MAC) addresses, how to perform such rotations, and/or the like. In one example, a method may include providing, by an access point (AP), a first communication indicating that the AP supports a MAC address rotation management protocol; obtaining, by the AP, a second communication from a wireless station (STA) indicating that the STA intends to perform a MAC address rotation; and transmitting, by the AP, a third communication to influence the MAC address rotation of the STA, the third communication comprising a rotation status indicator and timing information.Type: ApplicationFiled: July 2, 2025Publication date: November 6, 2025Inventors: Jerome Henry, Robert E. Barton, Stephen Michael Orr
-
Publication number: 20250330808Abstract: A method to facilitate roaming in an extended service set (ESS) includes receiving data representative of security capabilities of respective basic service sets affiliated with an extended service set of a wireless local area network, supplying the data representative of security capabilities to respective access points in the respective basic service sets via a distribution network that interconnects respective access points of the respective basic service sets, and sending, from the respective access points, a beacon frame that includes an information element comprising the data representative of the security capabilities of the respective basic service sets affiliated with the extended service set.Type: ApplicationFiled: July 30, 2024Publication date: October 23, 2025Inventors: Anuj Dharap, Stephen Michael Orr, Brian D. Hart
-
Patent number: 12401642Abstract: Methods are provided that support media access control (MAC) address rotation (RCM) by generating a passcode for associating a user defined network by one or more endpoint devices instead of using MAC addresses for their respective device identity. In these methods, a computing device obtains a registration request for establishing a user defined network (UDN) and generates a unique UDN identifier and a unique passcode associated with the unique UDN identifier. The unique passcode enables an authentication of one or more endpoint devices to connect to the UDN. The authentication is independent of the MAC address of a respective endpoint device. The computing device provides the UDN identifier and the unique passcode such that the UDN identifier and the unique passcode are for connecting the one or more endpoint devices to the UDN.Type: GrantFiled: July 1, 2022Date of Patent: August 26, 2025Assignee: CISCO TECHNOLOGY, INC.Inventors: Shree N. Murthy, Stephen Michael Orr
-
Patent number: 12363069Abstract: Techniques herein facilitate a device address rotation management protocol that may be implemented for a wireless local area network (WLAN), which can be used to influence when wireless client devices or stations may rotate their Media Access Control (MAC) addresses, how to perform such rotations, and/or the like. In one example, a method may include providing, by an access point (AP), a first communication indicating that the AP supports a MAC address rotation management protocol; obtaining, by the AP, a second communication from a wireless station (STA) indicating that the STA intends to perform a MAC address rotation; and transmitting, by the AP, a third communication to influence the MAC address rotation of the STA, the third communication comprising a rotation status indicator and timing information.Type: GrantFiled: October 29, 2024Date of Patent: July 15, 2025Assignee: CISCO TECHNOLOGY, INC.Inventors: Jerome Henry, Robert E. Barton, Stephen Michael Orr
-
Publication number: 20250225276Abstract: Presented herein are techniques to obfuscate privacy related fields of a data unit. A data unit that includes a header and a data payload is obtained. An encryption operation is performed on the data unit to encapsulate the data payload and at least a portion of the header in an encrypted payload. A frame that includes the encrypted payload is wirelessly transmitted.Type: ApplicationFiled: December 16, 2024Publication date: July 10, 2025Inventors: Domenico Ficara, Ugo Mario Campiglio, Jerome Henry, Javier I. Contreras Albesa, Stephen Michael Orr
-
Secure distribution of cryptographic keys and policy attributes based on geographic trusted location
Patent number: 12355867Abstract: Techniques for ensuring that geographic location specific security policies are enforce for an agent or agent device. An Agent service of an agent device accesses an Agent Authentication Service for a key to initiate one or more functions of the agent device. The Agent Authentication Service determines the location of the agent device and determines whether the agent device is within an approved geographic location based on geographic location specific security policies. If the agent device is within the approved geographic location, the Agent Authentication Services accesses a Key Management Service for a cryptographic key and delivers the cryptographic key to the Agent. If the Agent Authentication Service determines that the Agent device is outside of the approved location, access to the cryptographic key is denied.Type: GrantFiled: February 28, 2023Date of Patent: July 8, 2025Inventors: Kapildeep Singh Bakshi, Craig Thomas Hill, Raymond Allan Blair, Michael Alan Kowal, Steven M. Carter, Stephen Michael Orr -
Publication number: 20250220428Abstract: Techniques are provided for verifying Access Points (APs) using crowd sourcing. In one example, a STA establishes a first non-verified connection, based on security material, with a source AP in a wireless infrastructure. A target AP in a wireless infrastructure obtains an indication that the STA is attempting to establish a second non-verified connection with the target AP. In response, the target AP establishes the second non-verified connection based on the security material.Type: ApplicationFiled: February 24, 2025Publication date: July 3, 2025Inventors: Jerome Henry, Robert E. Barton, Stephen Michael Orr
-
Publication number: 20250184696Abstract: This disclosure describes techniques and mechanisms for enabling an end point to have concurrent access to multiple private groups within a network. For instance, the private groups may correspond to user defined network (UDN) groups. The techniques described herein include mapping identifiers (e.g., device identifiers, flowlabels, application identifiers, UDN group identifiers, etc.). The techniques enable a user device to access a first UDN group using a first application on the user device and a second UDN group using a second application on the user device, such that a user does not have to leave the first UDN group in order to participate in the second UDN group. Moreover, the assignment of a user device to one or more UDN groups is policy driven and the infrastructure ensures that only the relevant data traffic is forwarded to the group members within a particular UDN group.Type: ApplicationFiled: November 30, 2023Publication date: June 5, 2025Inventors: Shree Narasimha Murthy, Srinath Gundavelli, Stephen Michael Orr, Pradeep Kumar Kathail
-
Patent number: 12301535Abstract: A method comprises, at a wireless network controller of wireless access points through which wireless client devices that are wireless communicate with the controller: upon receiving, from a wireless client device, a dynamic host configuration protocol (DHCP) request having a media access control (MAC) address, determining whether the wireless client device rotated its MAC address from a previous MAC address to the MAC address; when the wireless client device rotated its MAC address, forwarding, to a DHCP service, the DHCP request with a notification of a MAC address rotation to cause the DHCP service to reassign a previously assigned Internet Protocol (IP) address to the wireless client device; and upon receiving, from the DHCP service, a DHCP offer asserting the previously assigned IP address, forwarding the DHCP offer to the wireless client device.Type: GrantFiled: January 26, 2024Date of Patent: May 13, 2025Assignee: CISCO TECHNOLOGY, INC.Inventors: Jerome Henry, Robert E. Barton, Stephen Michael Orr
-
Patent number: 12284520Abstract: Techniques are provided for verifying Access Points (APs) using crowd sourcing. In one example, a STA establishes a first non-verified connection, based on security material, with a source AP in a wireless infrastructure. A target AP in a wireless infrastructure obtains an indication that the STA is attempting to establish a second non-verified connection with the target AP. In response, the target AP establishes the second non-verified connection based on the security material.Type: GrantFiled: December 20, 2021Date of Patent: April 22, 2025Assignee: CISCO TECHNOLOGY, INC.Inventors: Jerome Henry, Robert E. Barton, Stephen Michael Orr
-
Patent number: 12278801Abstract: A method is provided that is performed for a wireless network that includes one or more wireless client devices that may rotate their media access control (MAC) address used for wireless communication with one or more wireless access point devices in the wireless network. The method includes determining an impact of MAC address rotation by the one or more wireless client devices on operational resources of one or more networking devices or networking processes in a network infrastructure associated with the wireless network. The method further includes scheduling MAC address rotation by the one or more wireless client devices according to the impact on operational resources of the one or more networking devices or networking processes in the network infrastructure.Type: GrantFiled: November 13, 2023Date of Patent: April 15, 2025Assignee: CISCO TECHNOLOGY, INC.Inventors: Robert Edgar Barton, Jerome Henry, Stephen Michael Orr
-
Patent number: 12250538Abstract: Rotation of a wireless client device address is based on an encryption key and a nonce value. Key information and nonce value information are shared between a wireless client device and a network infrastructure component over a secure communication channel. The wireless client device encrypts the nonce value using the key information and encodes the encrypted value as a device address. The wireless client device then identifies itself via a source address value in a message transmitted over a wireless network. Upon receiving the message, the network infrastructure component decrypts information derived from the source address value and compares the resulting data to the nonce value. If a match is identified, the network infrastructure identifies the wireless client device as a source of the message. In some embodiments, the nonce value is updated with each rotation to provide for improved entropy of generated device addresses.Type: GrantFiled: November 27, 2023Date of Patent: March 11, 2025Assignee: CISCO TECHNOLOGY, INC.Inventors: Jerome Henry, Stephen Michael Orr, Robert E. Barton