Patents by Inventor Stephen Michael Orr

Stephen Michael Orr has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12659235
    Abstract: Systems and methods for creating user defined network in a network environment is provided. Users are able to create user defined networks which as private logical groups that extend across different wired and wireless networking constructs. A user may use an endpoint (e.g., mobile phone) to create a user defined network, to associate one or more endpoints with the user defined network, and to invite other users to add their endpoints to the user defined network. The user may create a policy for endpoints in the user defined network such as only allowing endpoints associated with the user defined network or restricting types of traffic that can be communicated to endpoints in the user defined network. The user defined network, and associated policies, may be enforced by the infrastructure devices in the network environment.
    Type: Grant
    Filed: October 22, 2021
    Date of Patent: June 16, 2026
    Assignee: Cisco Technology, Inc.
    Inventors: Shree N. Murthy, Stephen Michael Orr, Sanjay Kumar Hooda, Sudhir Kumar Jain, Darrin Joseph Miller, Ameet Prakash Kulkarni
  • Publication number: 20260113616
    Abstract: A method is performed by an access point (AP) configured to operate in a seamless mobility domain that supports seamless roaming of wireless stations (STAs) between APs. The method comprises: encoding, into a first frame, AP pairwise transient key (PTK) rekeying options related to roaming of a STA, wherein the AP PTK rekeying options include one or more of (i) a before-roaming AP PTK rekeying option that indicates a first preference, a first requirement, or a first non-preference for PTK rekeying before the roaming, or (ii) an after-roaming AP PTK rekeying option that indicates a second preference, a second requirement, or a second non-preference for the PTK rekeying after the roaming; and transmitting the first frame to the STA.
    Type: Application
    Filed: October 14, 2025
    Publication date: April 23, 2026
    Inventors: Binita Gupta, Brian D. Hart, Stephen Michael Orr
  • Publication number: 20260052390
    Abstract: Methods are provided to determine validity of a MAC address. The methods involve obtaining a media access control (MAC) address validity message that indicates a plurality of valid MAC addresses in the wireless network using a fully-exploded format or a probabilistic data structure and determining whether a MAC address is valid based on the MAC address validity message. Other methods involve obtaining a query regarding a validity of a media access control (MAC) address, determining whether the MAC address is a value included in a data set of expected values of a probabilistic data structure. The data set represents a list of MAC addresses. The other methods involve determining whether the MAC address is valid in the wireless network based on determining whether the MAC address is the value included in the data set and providing a response indicating whether the MAC address is valid.
    Type: Application
    Filed: October 28, 2025
    Publication date: February 19, 2026
    Inventors: Domenico Ficara, Roberto Muccifora, Robert Edgar Barton, Jerome Henry, Stephen Michael Orr, Amine Choukir
  • Publication number: 20260046626
    Abstract: Techniques are provided for verifying Access Points (APs) using crowd sourcing. In one example, a STA establishes a first non-verified connection, based on security material, with a source AP in a wireless infrastructure. A target AP in a wireless infrastructure obtains an indication that the STA is attempting to establish a second non-verified connection with the target AP. In response, the target AP establishes the second non-verified connection based on the security material.
    Type: Application
    Filed: October 17, 2025
    Publication date: February 12, 2026
    Inventors: Jerome Henry, Robert E. Barton, Stephen Michael Orr
  • Patent number: 12532377
    Abstract: A method comprising: at an access point configured with a first basic service set identifier (BSSID): performing an association process by which one or more wireless stations wirelessly associate to the access point using the first BSSID; and while the one or more wireless stations remain associated to the access point: sending, to the one or more wireless stations, a protected management frame configured to indicate that the access point will rotate from the first BSSID to a second BSSID; after sending, rotating from the first BSSID to the second BSSID while maintaining continuity of association to the one or more wireless stations; and after rotating, communicating with the one or more wireless stations using the second BSSID.
    Type: Grant
    Filed: April 1, 2022
    Date of Patent: January 20, 2026
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Robert E. Barton, Jerome Henry, Stephen Michael Orr
  • Patent number: 12513524
    Abstract: Methods are provided to determine validity of a MAC address. The methods involve obtaining a media access control (MAC) address validity message that indicates a plurality of valid MAC addresses in the wireless network using a fully-exploded format or a probabilistic data structure and determining whether a MAC address is valid based on the MAC address validity message. Other methods involve obtaining a query regarding a validity of a media access control (MAC) address, determining whether the MAC address is a value included in a data set of expected values of a probabilistic data structure. The data set represents a list of MAC addresses. The other methods involve determining whether the MAC address is valid in the wireless network based on determining whether the MAC address is the value included in the data set and providing a response indicating whether the MAC address is valid.
    Type: Grant
    Filed: February 17, 2022
    Date of Patent: December 30, 2025
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Domenico Ficara, Roberto Muccifora, Robert Edgar Barton, Jerome Henry, Stephen Michael Orr, Amine Choukir
  • Patent number: 12513108
    Abstract: A method comprising: at a multi-link device (MLD) configured for multi-link operation: establishing a first Internet Protocol (IP) stack of a first IP type and configured with a first IP address of the first IP type, wherein the first IP stack is associated to a first MLD media access control (MAC) address of a first station of the MLD; establishing a second IP stack of a second IP type and configured with a second IP address of the second IP type, wherein the second IP stack exists concurrently with the first IP stack and is associated to a second MLD MAC address of a second station of the MLD; and exchanging, with a peer MLD, IP traffic using one or more of (i) the first IP stack and the first MLD MAC address, and (ii) the second IP stack and the second MLD MAC address.
    Type: Grant
    Filed: February 29, 2024
    Date of Patent: December 30, 2025
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Jerome Henry, Robert Edgar Barton, Stephen Michael Orr, Malcolm Muir Smith
  • Publication number: 20250358620
    Abstract: Presented herein are techniques to tunnel Pre-Association Security Negotiation (PASN) communications within another PASN protected exchange established with an (initial) access point (AP), thus allowing a station (STA) to establish one or more PASN sessions with one or more other access points (APs) through the initial AP, thereby enabling the STA to pre-establish PASN sessions with multiple APs without leaving its active channel with the initial AP. In at least embodiment, a method may include establishing a first PASN session between a STA and a first AP through initial PASN communications exchanged between the STA and the first AP and performing subsequent PASN communications between the STA and at least one other AP that are facilitated through the first PASN session established between the STA and the first AP to enable at least one subsequent PASN session to be established between the STA and the at least one other AP.
    Type: Application
    Filed: March 28, 2025
    Publication date: November 20, 2025
    Inventors: Jerome Henry, Stephen Michael Orr
  • Publication number: 20250343781
    Abstract: Techniques herein facilitate a device address rotation management protocol that may be implemented for a wireless local area network (WLAN), which can be used to influence when wireless client devices or stations may rotate their Media Access Control (MAC) addresses, how to perform such rotations, and/or the like. In one example, a method may include providing, by an access point (AP), a first communication indicating that the AP supports a MAC address rotation management protocol; obtaining, by the AP, a second communication from a wireless station (STA) indicating that the STA intends to perform a MAC address rotation; and transmitting, by the AP, a third communication to influence the MAC address rotation of the STA, the third communication comprising a rotation status indicator and timing information.
    Type: Application
    Filed: July 2, 2025
    Publication date: November 6, 2025
    Inventors: Jerome Henry, Robert E. Barton, Stephen Michael Orr
  • Publication number: 20250330808
    Abstract: A method to facilitate roaming in an extended service set (ESS) includes receiving data representative of security capabilities of respective basic service sets affiliated with an extended service set of a wireless local area network, supplying the data representative of security capabilities to respective access points in the respective basic service sets via a distribution network that interconnects respective access points of the respective basic service sets, and sending, from the respective access points, a beacon frame that includes an information element comprising the data representative of the security capabilities of the respective basic service sets affiliated with the extended service set.
    Type: Application
    Filed: July 30, 2024
    Publication date: October 23, 2025
    Inventors: Anuj Dharap, Stephen Michael Orr, Brian D. Hart
  • Patent number: 12401642
    Abstract: Methods are provided that support media access control (MAC) address rotation (RCM) by generating a passcode for associating a user defined network by one or more endpoint devices instead of using MAC addresses for their respective device identity. In these methods, a computing device obtains a registration request for establishing a user defined network (UDN) and generates a unique UDN identifier and a unique passcode associated with the unique UDN identifier. The unique passcode enables an authentication of one or more endpoint devices to connect to the UDN. The authentication is independent of the MAC address of a respective endpoint device. The computing device provides the UDN identifier and the unique passcode such that the UDN identifier and the unique passcode are for connecting the one or more endpoint devices to the UDN.
    Type: Grant
    Filed: July 1, 2022
    Date of Patent: August 26, 2025
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Shree N. Murthy, Stephen Michael Orr
  • Patent number: 12363069
    Abstract: Techniques herein facilitate a device address rotation management protocol that may be implemented for a wireless local area network (WLAN), which can be used to influence when wireless client devices or stations may rotate their Media Access Control (MAC) addresses, how to perform such rotations, and/or the like. In one example, a method may include providing, by an access point (AP), a first communication indicating that the AP supports a MAC address rotation management protocol; obtaining, by the AP, a second communication from a wireless station (STA) indicating that the STA intends to perform a MAC address rotation; and transmitting, by the AP, a third communication to influence the MAC address rotation of the STA, the third communication comprising a rotation status indicator and timing information.
    Type: Grant
    Filed: October 29, 2024
    Date of Patent: July 15, 2025
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Jerome Henry, Robert E. Barton, Stephen Michael Orr
  • Publication number: 20250225276
    Abstract: Presented herein are techniques to obfuscate privacy related fields of a data unit. A data unit that includes a header and a data payload is obtained. An encryption operation is performed on the data unit to encapsulate the data payload and at least a portion of the header in an encrypted payload. A frame that includes the encrypted payload is wirelessly transmitted.
    Type: Application
    Filed: December 16, 2024
    Publication date: July 10, 2025
    Inventors: Domenico Ficara, Ugo Mario Campiglio, Jerome Henry, Javier I. Contreras Albesa, Stephen Michael Orr
  • Patent number: 12355867
    Abstract: Techniques for ensuring that geographic location specific security policies are enforce for an agent or agent device. An Agent service of an agent device accesses an Agent Authentication Service for a key to initiate one or more functions of the agent device. The Agent Authentication Service determines the location of the agent device and determines whether the agent device is within an approved geographic location based on geographic location specific security policies. If the agent device is within the approved geographic location, the Agent Authentication Services accesses a Key Management Service for a cryptographic key and delivers the cryptographic key to the Agent. If the Agent Authentication Service determines that the Agent device is outside of the approved location, access to the cryptographic key is denied.
    Type: Grant
    Filed: February 28, 2023
    Date of Patent: July 8, 2025
    Inventors: Kapildeep Singh Bakshi, Craig Thomas Hill, Raymond Allan Blair, Michael Alan Kowal, Steven M. Carter, Stephen Michael Orr
  • Publication number: 20250220428
    Abstract: Techniques are provided for verifying Access Points (APs) using crowd sourcing. In one example, a STA establishes a first non-verified connection, based on security material, with a source AP in a wireless infrastructure. A target AP in a wireless infrastructure obtains an indication that the STA is attempting to establish a second non-verified connection with the target AP. In response, the target AP establishes the second non-verified connection based on the security material.
    Type: Application
    Filed: February 24, 2025
    Publication date: July 3, 2025
    Inventors: Jerome Henry, Robert E. Barton, Stephen Michael Orr
  • Publication number: 20250184696
    Abstract: This disclosure describes techniques and mechanisms for enabling an end point to have concurrent access to multiple private groups within a network. For instance, the private groups may correspond to user defined network (UDN) groups. The techniques described herein include mapping identifiers (e.g., device identifiers, flowlabels, application identifiers, UDN group identifiers, etc.). The techniques enable a user device to access a first UDN group using a first application on the user device and a second UDN group using a second application on the user device, such that a user does not have to leave the first UDN group in order to participate in the second UDN group. Moreover, the assignment of a user device to one or more UDN groups is policy driven and the infrastructure ensures that only the relevant data traffic is forwarded to the group members within a particular UDN group.
    Type: Application
    Filed: November 30, 2023
    Publication date: June 5, 2025
    Inventors: Shree Narasimha Murthy, Srinath Gundavelli, Stephen Michael Orr, Pradeep Kumar Kathail
  • Patent number: 12301535
    Abstract: A method comprises, at a wireless network controller of wireless access points through which wireless client devices that are wireless communicate with the controller: upon receiving, from a wireless client device, a dynamic host configuration protocol (DHCP) request having a media access control (MAC) address, determining whether the wireless client device rotated its MAC address from a previous MAC address to the MAC address; when the wireless client device rotated its MAC address, forwarding, to a DHCP service, the DHCP request with a notification of a MAC address rotation to cause the DHCP service to reassign a previously assigned Internet Protocol (IP) address to the wireless client device; and upon receiving, from the DHCP service, a DHCP offer asserting the previously assigned IP address, forwarding the DHCP offer to the wireless client device.
    Type: Grant
    Filed: January 26, 2024
    Date of Patent: May 13, 2025
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Jerome Henry, Robert E. Barton, Stephen Michael Orr
  • Patent number: 12284520
    Abstract: Techniques are provided for verifying Access Points (APs) using crowd sourcing. In one example, a STA establishes a first non-verified connection, based on security material, with a source AP in a wireless infrastructure. A target AP in a wireless infrastructure obtains an indication that the STA is attempting to establish a second non-verified connection with the target AP. In response, the target AP establishes the second non-verified connection based on the security material.
    Type: Grant
    Filed: December 20, 2021
    Date of Patent: April 22, 2025
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Jerome Henry, Robert E. Barton, Stephen Michael Orr
  • Patent number: 12278801
    Abstract: A method is provided that is performed for a wireless network that includes one or more wireless client devices that may rotate their media access control (MAC) address used for wireless communication with one or more wireless access point devices in the wireless network. The method includes determining an impact of MAC address rotation by the one or more wireless client devices on operational resources of one or more networking devices or networking processes in a network infrastructure associated with the wireless network. The method further includes scheduling MAC address rotation by the one or more wireless client devices according to the impact on operational resources of the one or more networking devices or networking processes in the network infrastructure.
    Type: Grant
    Filed: November 13, 2023
    Date of Patent: April 15, 2025
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Robert Edgar Barton, Jerome Henry, Stephen Michael Orr
  • Patent number: 12250538
    Abstract: Rotation of a wireless client device address is based on an encryption key and a nonce value. Key information and nonce value information are shared between a wireless client device and a network infrastructure component over a secure communication channel. The wireless client device encrypts the nonce value using the key information and encodes the encrypted value as a device address. The wireless client device then identifies itself via a source address value in a message transmitted over a wireless network. Upon receiving the message, the network infrastructure component decrypts information derived from the source address value and compares the resulting data to the nonce value. If a match is identified, the network infrastructure identifies the wireless client device as a source of the message. In some embodiments, the nonce value is updated with each rotation to provide for improved entropy of generated device addresses.
    Type: Grant
    Filed: November 27, 2023
    Date of Patent: March 11, 2025
    Assignee: CISCO TECHNOLOGY, INC.
    Inventors: Jerome Henry, Stephen Michael Orr, Robert E. Barton