公开(公告)号：US20160277262A1

公开(公告)日：2016-09-22

申请号：US14664752

申请日：2015-03-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Vivek Santuka ,  Aaron Troy Woland ,  Jesse Ryan Dubois ,  Ramesh Nampelly

IPC: H04L12/26

Abstract: In one embodiment, a method includes receiving at a policy server, a request to trace a session at the policy server, tracing the session at the policy server, wherein tracing comprises running the session and identifying access results from the trace, and transmitting the access results from the policy server to a network device requesting the trace. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在策略服务器处接收跟踪策略服务器上的会话的请求，跟踪策略服务器处的会话，其中跟踪包括运行会话并从跟踪中识别访问结果，以及发送访问 从策略服务器到请求跟踪的网络设备的结果。 本文还公开了一种装置和逻辑。

公开(公告)号：US09723026B2

公开(公告)日：2017-08-01

申请号：US14795264

申请日：2015-07-09

Applicant: Cisco Technology, Inc.

Inventor： Pok Sze Wong ,  Ramesh Nampelly

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/10 ,  H04L65/1003

Abstract: A computing device providing a network service to a service area may receive a connection request from a user device and generate a session start request to start a user session in a service domain covering the service area. One or more policy rules may be evaluated to determine whether any rule is applicable to the user device, which includes determining that an authoritative user session has already been established in the service domain. The user session may be established in the service domain for the user device, and at least one permission for access to a controlled network resource may be associated with the user session based on the determination that the authoritative user session has already been established. A request from the user device to access the controlled network resource may be received and access to the controlled network resource may be granted.

公开(公告)号：US20170041343A1

公开(公告)日：2017-02-09

申请号：US14817401

申请日：2015-08-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Pok Sze Wong ,  Ramesh Nampelly ,  Aaron Rodriguez

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/101 ,  H04L63/102 ,  H04L63/105 ,  H04L63/107

Abstract: In one embodiment, a method includes receiving at an enforcement node, a request to access a network from an endpoint, transmitting at the enforcement node, the access request to a policy server, receiving at the enforcement node from the policy server, a dynamic authorization comprising a plurality of ranks, each of the ranks comprising a policy for access to the network by the endpoint, assigning the endpoint to one of the ranks and applying the policy associated with the rank to traffic received from the endpoint at the enforcement node during a communication session between the endpoint and the network, assigning the endpoint to a different rank, and applying the policy associated with the rank to traffic received from the endpoint during the communication session. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在执行节点处接收从端点接入网络的请求，在执行节点向策略服务器发送访问请求，在执行节点从策略服务器接收动态授权 包括多个等级，每个等级包括由端点访问网络的策略，将端点分配给其中一个等级，并且在一个执行节点期间将与该等级相关联的策略应用于在执行节点处从端点接收到的流量 在端点和网络之间的通信会话，将端点分配给不同的等级，以及在通信会话期间将与等级相关联的策略应用于从端点接收的业务。 本文还公开了一种装置和逻辑。

公开(公告)号：US20180247188A1

公开(公告)日：2018-08-30

申请号：US15444753

申请日：2017-02-28

Applicant: Cisco Technology, Inc.

Inventor： Pok Wong ,  Lokesh Ethirajan ,  Amol Borole ,  Ramesh Nampelly

IPC: G06N3/08 ,  H04W48/20 ,  G06F17/30 ,  H04L29/06 ,  G06F17/27

CPC classification number: G06N3/08 ,  G06F16/3344 ,  G06F16/35 ,  G06F17/2735 ,  G06F17/2785 ,  H04L63/105 ,  H04W4/70 ,  H04W48/20

Abstract: In one embodiment, a device in a network extracts words from traffic data for a particular endpoint node in the network. The device determines one or more topical categories associated with the particular endpoint node by applying a machine learning-based topical model to the extracted words. The device identifies one or more similar endpoint nodes in the network based on the determined one or more topical categories associated with the particular endpoint node and on one or more topical categories associated with the one or more similar endpoint nodes. The device determines a device type for the particular endpoint node based on a device type associated with the one or more similar endpoint nodes.

公开(公告)号：US09813324B2

公开(公告)日：2017-11-07

申请号：US14734511

申请日：2015-06-09

Applicant: Cisco Technology, Inc.

Inventor： Ramesh Nampelly ,  Pok Sze Wong

IPC: G06F15/16 ,  H04L12/26 ,  H04L29/06 ,  H04L29/08 ,  H04L12/24 ,  H04L29/12

CPC classification number: H04L43/12 ,  H04L41/0806 ,  H04L43/50 ,  H04L61/6004 ,  H04L61/6022 ,  H04L67/02 ,  H04L67/42 ,  H04L69/22

Abstract: A server is in communication with a network device that has network connectivity to an endpoint device. The server receives from the network device a packet that includes a Media Access Control (MAC) address of the endpoint device. A determination is made as to whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices. One or more attributes that carry further descriptive information of the endpoint device are extracted from the packet. It is determined based whether the endpoint device can be classified at a level of granularity according to a policy rule. If the endpoint device cannot be classified at the level of granularity, a probe function is dynamically selected based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device.

公开(公告)号：US20170013016A1

公开(公告)日：2017-01-12

申请号：US14795264

申请日：2015-07-09

Applicant: Cisco Technology, Inc.

Inventor： Pok Sze Wong ,  Ramesh Nampelly

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/10 ,  H04L65/1003

Abstract: A computing device providing a network service to a service area may receive a connection request from a user device and generate a session start request to start a user session in a service domain covering the service area. One or more policy rules may be evaluated to determine whether any rule is applicable to the user device, which includes determining that an authoritative user session has already been established in the service domain. The user session may be established in the service domain for the user device, and at least one permission for access to a controlled network resource may be associated with the user session based on the determination that the authoritative user session has already been established. A request from the user device to access the controlled network resource may be received and access to the controlled network resource may be granted.

Abstract translation: 向服务区域提供网络服务的计算设备可以从用户设备接收连接请求，并生成会话开始请求，以在覆盖服务区域的服务域中启动用户会话。 可以评估一个或多个策略规则以确定任何规则是否适用于用户设备，其包括确定在服务域中已经建立了权威用户会话。 可以在用户设备的服务域中建立用户会话，并且基于权威用户会话已经建立的确定，可以将用于访问受控网络资源的至少一个许可与用户会话相关联。 可以接收来自用户设备访问受控网络资源的请求，并且可以授予对受控网络资源的访问。

公开(公告)号：US11200488B2

公开(公告)日：2021-12-14

申请号：US15444753

申请日：2017-02-28

Applicant: Cisco Technology, Inc.

Inventor： Pok Wong ,  Lokesh Ethirajan ,  Amol Borole ,  Ramesh Nampelly

IPC: G06N3/08 ,  H04W48/20 ,  G06F16/35 ,  G06F16/33 ,  H04L29/06 ,  G06F40/30 ,  H04W4/70 ,  G06F40/242

Abstract: In one embodiment, a device in a network extracts words from traffic data for a particular endpoint node in the network. The device determines one or more topical categories associated with the particular endpoint node by applying a machine learning-based topical model to the extracted words. The device identifies one or more similar endpoint nodes in the network based on the determined one or more topical categories associated with the particular endpoint node and on one or more topical categories associated with the one or more similar endpoint nodes. The device determines a device type for the particular endpoint node based on a device type associated with the one or more similar endpoint nodes.

公开(公告)号：US10171504B2

公开(公告)日：2019-01-01

申请号：US14817401

申请日：2015-08-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Pok Sze Wong ,  Ramesh Nampelly ,  Aaron Rodriguez

IPC: H04L29/06

Abstract: In one embodiment, a method includes receiving at an enforcement node, a request to access a network from an endpoint, transmitting at the enforcement node, the access request to a policy server, receiving at the enforcement node from the policy server, a dynamic authorization comprising a plurality of ranks, each of the ranks comprising a policy for access to the network by the endpoint, assigning the endpoint to one of the ranks and applying the policy associated with the rank to traffic received from the endpoint at the enforcement node during a communication session between the endpoint and the network, assigning the endpoint to a different rank, and applying the policy associated with the rank to traffic received from the endpoint during the communication session. An apparatus and logic are also disclosed herein.

公开(公告)号：US10021141B2

公开(公告)日：2018-07-10

申请号：US15620033

申请日：2017-06-12

Applicant: Cisco Technology, Inc.

Inventor： Pok Sze Wong ,  Ramesh Nampelly

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/10 ,  H04L65/1003 ,  H04L65/1066 ,  H04L67/141 ,  H04L67/143

Abstract: A computing device providing a network service to a service area may receive a connection request from a user device and generate a session start request to start a user session in a service domain covering the service area. One or more policy rules may be evaluated to determine whether any rule is applicable to the user device, which includes determining that an authoritative user session has already been established in the service domain. The user session may be established in the service domain for the user device, and at least one permission for access to a controlled network resource may be associated with the user session based on the determination that the authoritative user session has already been established. A request from the user device to access the controlled network resource may be received and access to the controlled network resource may be granted.

公开(公告)号：US20170279856A1

公开(公告)日：2017-09-28

申请号：US15620033

申请日：2017-06-12

Applicant: Cisco Technology, Inc.

Inventor： Pok Sze Wong ,  Ramesh Nampelly

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/10 ,  H04L65/1003

Abstract: A computing device providing a network service to a service area may receive a connection request from a user device and generate a session start request to start a user session in a service domain covering the service area. One or more policy rules may be evaluated to determine whether any rule is applicable to the user device, which includes determining that an authoritative user session has already been established in the service domain. The user session may be established in the service domain for the user device, and at least one permission for access to a controlled network resource may be associated with the user session based on the determination that the authoritative user session has already been established. A request from the user device to access the controlled network resource may be received and access to the controlled network resource may be granted.