公开(公告)号：US20160057170A1

公开(公告)日：2016-02-25

申请号：US14932108

申请日：2015-11-04

Applicant: Cisco Technology, Inc.

Inventor： Pok Sze Wong

IPC: H04L29/06 ,  G06F21/31

CPC classification number: H04L63/20 ,  G01S1/725 ,  G06F21/10 ,  G06F21/31 ,  G06F21/62 ,  G06F21/6218 ,  H04B7/18593 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/107 ,  H04L63/108

Abstract: An access control module in an enterprise computing network receives contextual information of a first active network session at a first network endpoint and contextual information of a second active network session at a second network endpoint. The access control module is configured to evaluate the contextual information of one or more of the first or second network sessions based on one or more network policies to determine a policy action for enforcement on at least one of the first or second network endpoints.

Abstract translation: 企业计算网络中的访问控制模块在第一网络端点处接收第一活动网络会话的上下文信息，并在第二网络端点处接收第二活动网络会话的上下文信息。 访问控制模块被配置为基于一个或多个网络策略来评估第一或第二网络会话中的一个或多个的上下文信息，以确定用于在所述第一或第二网络端点中的至少一个上执行的策略动作。

公开(公告)号：US20140208388A1

公开(公告)日：2014-07-24

申请号：US13748893

申请日：2013-01-24

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Pok Sze Wong ,  Paul Forbes Bigbee

IPC: H04L29/06

CPC classification number: H04L63/105 ,  H04L63/02 ,  H04L63/08 ,  H04L63/10

Abstract: A notification is received that a network device in a computing network has blocked a service request directed towards a network resource of the computing network. A determination is made, based on authentication information associated with one or more of a network endpoint that transmitted the service request and a user at the network endpoint, as to whether the user should be notified of a reason that the network device blocked the service request. If it is determined that the user should be notified, a notification summarizing the reason that the network device blocked the service request is transmitted to the network endpoint.

Abstract translation: 接收到计算网络中的网络设备已经阻止了针对计算网络的网络资源的服务请求的通知。 基于与发送服务请求的网络端点与网络端点的用户的一个或多个相关联的认证信息，确定用户是否应被通知网络设备阻止服务请求的原因， 。 如果确定应该通知用户，则将网络设备阻止服务请求的原因总结的通知传送到网络端点。

公开(公告)号：US20200162517A1

公开(公告)日：2020-05-21

申请号：US16393680

申请日：2019-04-24

Applicant: Cisco Technology, Inc.

Inventor： Pok Sze Wong ,  Venkataramana Ragothaman

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/24

Abstract: Systems and methods provide for tracking a device at a network independent of where the device connects to the network. Embodiments can identify that a device associated with a security policy has previously connected to the network. In response, a match is determined between the device and an existing session ID and device tracking information, where the existing session ID and device tracking information are independent of where in the network the device has connected. Based on the match, the security policy is applied to the device.

公开(公告)号：US20140181290A1

公开(公告)日：2014-06-26

申请号：US13721326

申请日：2012-12-20

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Pok Sze Wong

IPC: H04L29/08

CPC classification number: H04L63/20 ,  G01S1/725 ,  G06F21/10 ,  G06F21/31 ,  G06F21/62 ,  G06F21/6218 ,  H04B7/18593 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/107 ,  H04L63/108

Abstract: An access control module in an enterprise computing network receives contextual information of a first active network session at a first network endpoint and contextual information of a second active network session at a second network endpoint. The access control module is configured to evaluate the contextual information of one or more of the first or second network sessions based on one or more network policies to determine a policy action for enforcement on at least one of the first or second network endpoints.

Abstract translation: 企业计算网络中的访问控制模块在第一网络端点处接收第一活动网络会话的上下文信息，并在第二网络端点处接收第二活动网络会话的上下文信息。 访问控制模块被配置为基于一个或多个网络策略来评估第一或第二网络会话中的一个或多个的上下文信息，以确定用于在所述第一或第二网络端点中的至少一个上执行的策略动作。

公开(公告)号：US20200159380A1

公开(公告)日：2020-05-21

申请号：US16368569

申请日：2019-03-28

Applicant: Cisco Technology, Inc.

Inventor： Jayesh Kantilal Wadikar ,  Vishv Rohitkumar Brahmbhatt ,  Shraddha Herlekar ,  Vivek Prahladbhai Parekh ,  Pok Sze Wong

IPC: G06F3/0485 ,  G06F3/0484 ,  G06F3/0481

Abstract: The present invention is directed to a novel user interface for displaying event-based data with visual rendering of the chronological arrangement and relationship among various event. The disclosed user interface utilizes a scroll feature for traversing along a time axis with various network related messages and events displayed as panels views along the scroll range. The described user interface framework enables visual displaying of event-based data in an intuitive format that may be rendered across small and large display sizes. The disclosed technology further provides for a depiction of dependencies, cause and effect relationships, data flow, event attributes and chronological ordering in a same view.

公开(公告)号：US09723026B2

公开(公告)日：2017-08-01

申请号：US14795264

申请日：2015-07-09

Applicant: Cisco Technology, Inc.

Inventor： Pok Sze Wong ,  Ramesh Nampelly

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/10 ,  H04L65/1003

Abstract: A computing device providing a network service to a service area may receive a connection request from a user device and generate a session start request to start a user session in a service domain covering the service area. One or more policy rules may be evaluated to determine whether any rule is applicable to the user device, which includes determining that an authoritative user session has already been established in the service domain. The user session may be established in the service domain for the user device, and at least one permission for access to a controlled network resource may be associated with the user session based on the determination that the authoritative user session has already been established. A request from the user device to access the controlled network resource may be received and access to the controlled network resource may be granted.

公开(公告)号：US20170041343A1

公开(公告)日：2017-02-09

申请号：US14817401

申请日：2015-08-04

Applicant: CISCO TECHNOLOGY, INC.

Inventor： Pok Sze Wong ,  Ramesh Nampelly ,  Aaron Rodriguez

IPC: H04L29/06

CPC classification number: H04L63/20 ,  H04L63/101 ,  H04L63/102 ,  H04L63/105 ,  H04L63/107

Abstract: In one embodiment, a method includes receiving at an enforcement node, a request to access a network from an endpoint, transmitting at the enforcement node, the access request to a policy server, receiving at the enforcement node from the policy server, a dynamic authorization comprising a plurality of ranks, each of the ranks comprising a policy for access to the network by the endpoint, assigning the endpoint to one of the ranks and applying the policy associated with the rank to traffic received from the endpoint at the enforcement node during a communication session between the endpoint and the network, assigning the endpoint to a different rank, and applying the policy associated with the rank to traffic received from the endpoint during the communication session. An apparatus and logic are also disclosed herein.

Abstract translation: 在一个实施例中，一种方法包括在执行节点处接收从端点接入网络的请求，在执行节点向策略服务器发送访问请求，在执行节点从策略服务器接收动态授权 包括多个等级，每个等级包括由端点访问网络的策略，将端点分配给其中一个等级，并且在一个执行节点期间将与该等级相关联的策略应用于在执行节点处从端点接收到的流量 在端点和网络之间的通信会话，将端点分配给不同的等级，以及在通信会话期间将与等级相关联的策略应用于从端点接收的业务。 本文还公开了一种装置和逻辑。

公开(公告)号：US09210169B2

公开(公告)日：2015-12-08

申请号：US13721326

申请日：2012-12-20

Applicant: Cisco Technology, Inc.

Inventor： Pok Sze Wong

IPC: G06F15/173 ,  H04L29/06 ,  G06F21/10 ,  G06F21/62 ,  G06F21/31

CPC classification number: H04L63/20 ,  G01S1/725 ,  G06F21/10 ,  G06F21/31 ,  G06F21/62 ,  G06F21/6218 ,  H04B7/18593 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105 ,  H04L63/107 ,  H04L63/108

Abstract: An access control module in an enterprise computing network receives contextual information of a first active network session at a first network endpoint and contextual information of a second active network session at a second network endpoint. The access control module is configured to evaluate the contextual information of one or more of the first or second network sessions based on one or more network policies to determine a policy action for enforcement on at least one of the first or second network endpoints.

Abstract translation: 企业计算网络中的访问控制模块在第一网络端点处接收第一活动网络会话的上下文信息，并在第二网络端点处接收第二活动网络会话的上下文信息。 访问控制模块被配置为基于一个或多个网络策略来评估第一或第二网络会话中的一个或多个的上下文信息，以确定用于在所述第一或第二网络端点中的至少一个上执行的策略动作。

公开(公告)号：US10212039B1

公开(公告)日：2019-02-19

申请号：US15434859

申请日：2017-02-16

Applicant: Cisco Technology, Inc.

Inventor： Vivek Santuka ,  Aaron Troy Woland ,  Pok Sze Wong ,  Jesse Ryan Dubois ,  Kannan Muthusamy

IPC: H04L12/24 ,  H04L12/26 ,  H04W12/06 ,  H04W88/02 ,  H04W84/12 ,  H04W88/08

Abstract: A management server communicates with an authentication server that authenticates endpoints, which are configured to connect wirelessly with access points (APs) controlled by respective ones of a plurality of controllers. Weights for the APs and the controllers are stored. Event logs detailing requests for authentication of the endpoints are received. For each request, roaming conditions for the endpoint that triggered the request are determined. Also, a respective weight of one or more of the AP connected with the endpoint and of the controller that controls the AP is increased by a respective amount depending on whether the roaming conditions are caused by the AP and the controller being improperly configured or properly configured. Identities of ones of the APs and the controllers having weights that exceed one or more weight thresholds each indicative of an improperly configured AP or controller are stored.

公开(公告)号：US09813324B2

公开(公告)日：2017-11-07

申请号：US14734511

申请日：2015-06-09

Applicant: Cisco Technology, Inc.

Inventor： Ramesh Nampelly ,  Pok Sze Wong

IPC: G06F15/16 ,  H04L12/26 ,  H04L29/06 ,  H04L29/08 ,  H04L12/24 ,  H04L29/12

CPC classification number: H04L43/12 ,  H04L41/0806 ,  H04L43/50 ,  H04L61/6004 ,  H04L61/6022 ,  H04L67/02 ,  H04L67/42 ,  H04L69/22

Abstract: A server is in communication with a network device that has network connectivity to an endpoint device. The server receives from the network device a packet that includes a Media Access Control (MAC) address of the endpoint device. A determination is made as to whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices. One or more attributes that carry further descriptive information of the endpoint device are extracted from the packet. It is determined based whether the endpoint device can be classified at a level of granularity according to a policy rule. If the endpoint device cannot be classified at the level of granularity, a probe function is dynamically selected based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device.