Patents by Inventor Ian Foo
Ian Foo has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Method and system for creating software defined ordered service patterns in a communications network
Patent number: 9705702Abstract: A software defined network service (SDNS) node for altering a logical flow of data packets in a network to accommodate predetermined ordered service chains, comprising a receiver configured to receive an encapsulated data packet comprising a tag via a encapsulated tunnel from another SDNS node, wherein the tag identifies an ordered service chain or a next hop in the ordered service chain, a processor coupled to the receiver and configured to decapsulate the encapsulated data packet, and a transmitter coupled to the processor and configured to forward the decapsulated data packet to a service device attached to the SDNS node when the processor determines, based on the tag, that a service on the service device should be applied to the data packet.Type: GrantFiled: February 10, 2015Date of Patent: July 11, 2017Assignee: Futurewei Technologies, Inc.Inventors: Ian Foo, Shree Murthy -
Method and System for Creating Software Defined Ordered Service Patterns in a Communications Network
Publication number: 20150156035Abstract: A software defined network service (SDNS) node for altering a logical flow of data packets in a network to accommodate predetermined ordered service chains, comprising a receiver configured to receive an encapsulated data packet comprising a tag via a encapsulated tunnel from another SDNS node, wherein the tag identifies an ordered service chain or a next hop in the ordered service chain, a processor coupled to the receiver and configured to decapsulate the encapsulated data packet, and a transmitter coupled to the processor and configured to forward the decapsulated data packet to a service device attached to the SDNS node when the processor determines, based on the tag, that a service on the service device should be applied to the data packet.Type: ApplicationFiled: February 10, 2015Publication date: June 4, 2015Inventors: Ian Foo, Shree Murthy -
Method and system for creating software defined ordered service patterns in a communications network
Patent number: 8989192Abstract: A software defined network service (SDNS) node for altering a logical flow of data packets in a network to accommodate predetermined ordered service chains, comprising a receiver configured to receive an encapsulated data packet comprising a tag via a encapsulated tunnel from another SDNS node, wherein the tag identifies an ordered service chain or a next hop in the ordered service chain, a processor coupled to the receiver and configured to decapsulate the encapsulated data packet, and a transmitter coupled to the processor and configured to forward the decapsulated data packet to a service device attached to the SDNS node when the processor determines, based on the tag, that a service on the service device should be applied to the data packet.Type: GrantFiled: December 14, 2012Date of Patent: March 24, 2015Assignee: Futurewei Technologies, Inc.Inventors: Ian Foo, Shree Murthy -
Patent number: 8937888Abstract: In one embodiment, a method includes electronically prompting, in response to a triggering event, a participant connected to a conference session via a corresponding endpoint device to enter an affirmative response in order to continue attending the conference session. The participant is disconnected from the conference session in the event that the affirmative response is not received within a predetermined time period. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure.Type: GrantFiled: March 23, 2007Date of Patent: January 20, 2015Assignee: Cisco Technology, Inc.Inventors: Ian Foo, Jacqueline Munson, Randall B. Baird
-
Publication number: 20140280930Abstract: An apparatus comprising a processor configured to obtain user biometric recognition data from a first user device, map the user biometric recognition data to an identity, correlate the identity with an active user session previously associated with a second user device, associate the active user session with the first user device, and instruct the first user device to continue the active user session on the first user device.Type: ApplicationFiled: March 13, 2013Publication date: September 18, 2014Applicant: FUTUREWEI TECHNOLOGIES, INC.Inventor: Ian Foo
-
Patent number: 8677478Abstract: According to one embodiment, a method for removing authentication of a supplicant includes monitoring communication between the supplicant and an authenticator. The method also includes determining, based on the monitored communication, the MAC address for the supplicant and an attachment port of the supplicant to the intermediate network device disposed between the supplicant and the authenticator through which the monitored communication occurs. The method also includes determining that the supplicant no longer has a link connection with the intermediate network device, and in response, sending via the intermediate network device a logoff message having a spoofed source address of the supplicant to the authenticator.Type: GrantFiled: March 17, 2005Date of Patent: March 18, 2014Assignee: Cisco Technology, Inc.Inventors: Susan M. Sauter, Jason D. Frazier, Ian Foo, Gregory A. Moore, Troy H. Sherman
-
Method and System for Creating Software Defined Ordered Service Patterns in a Communications Network
Publication number: 20140050223Abstract: A software defined network service (SDNS) node for altering a logical flow of data packets in a network to accommodate predetermined ordered service chains, comprising a receiver configured to receive an encapsulated data packet comprising a tag via a encapsulated tunnel from another SDNS node, wherein the tag identifies an ordered service chain or a next hop in the ordered service chain, a processor coupled to the receiver and configured to decapsulate the encapsulated data packet, and a transmitter coupled to the processor and configured to forward the decapsulated data packet to a service device attached to the SDNS node when the processor determines, based on the tag, that a service on the service device should be applied to the data packet.Type: ApplicationFiled: December 14, 2012Publication date: February 20, 2014Inventors: Ian Foo, Shree Murthy -
Patent number: 8483191Abstract: A system and method for selectively controlling traffic in a network to improve network performance. The system includes a network controller that includes a first control-traffic prioritizer. An Access Point (AP) includes a second control-traffic prioritizer and communicates with the network controller. One or more clients communicate with the AP. The communications behavior of the client is affected by operations of the first control-traffic prioritizer and the second control-traffic prioritizer.Type: GrantFiled: February 21, 2006Date of Patent: July 9, 2013Assignee: Cisco Technology, Inc.Inventors: William D. Erdman, Jeremy Stieglitz, Patrick Che' Gilbreath, Ian Foo
-
Patent number: 8068414Abstract: Link layer authentication information is supplied by a link layer authentication device to an access router for tracking IP address usage by a client device. The authentication information supplied to the access router includes an authenticated client identifier and a corresponding authenticated link identifier for the client device that attached to the network based on the authenticated link identifier. The access router, in response to receiving a message that specifies the authenticated link identifier and a source IP address, adds the source IP address to a cache entry that specifies the authenticated client identifier and the corresponding authenticated link identifier, and outputs to an audit resource a record that specifies the source IP address and the authenticated link identifier.Type: GrantFiled: August 9, 2004Date of Patent: November 29, 2011Assignee: Cisco Technology, Inc.Inventors: Craig Allen Huegen, Ellis Roland Dobbins, Ian Foo, Robert Eric Gleichauf
-
Patent number: 7930734Abstract: A method and system is disclosed for creating and tracking network sessions. A request to access a network is received from an entity. The entity is authenticated after the request is received. Authenticated identity information associated with the entity, network address information associated with the entity, and network location information associated with the entity is collected. An information set is created. The information set comprises and binds together the authenticated identity information, the network address information, and the network location information. The information set indicates a present association among the authenticated identity information, the network address information, and the network location information. The information set is stored in a session record in a centralized database. The session record represents a session in which the entity accesses the network. The session record is one of a plurality of session records that are stored in the centralized database.Type: GrantFiled: April 28, 2006Date of Patent: April 19, 2011Assignee: Cisco Technology, Inc.Inventors: Ian Foo, Jeremy Stieglitz, Arthur Zavalkovsky, Jeevan S. Patil, Partha Bhattacharya, Jason Frazier, Ellis Roland Dobbins
-
Patent number: 7903639Abstract: A system for interfacing different types of network communications. In one embodiment, the system includes one or more gateways capable of converting messages from messages that are adapted for a first type of network and/or destination device to messages that are adapted for a second type of network and/or destination device. The second type of network and/or destination device includes a first Voice Over Internet Protocol (VOIP) communications device. A message-analysis module is adapted to employ an address associated with the message to selectively forward the message to one or more of the one or more gateways and/or to a destination device. In a more specific embodiment, the first type of network includes a packet-switched network in communication with the first VOIP phone. The destination device includes a mobile phone in communication with a cellular network.Type: GrantFiled: March 24, 2006Date of Patent: March 8, 2011Assignee: Cisco Technologies, Inc.Inventors: Ian Foo, Armin Current, Kenneth Durazzo
-
Patent number: 7788720Abstract: Techniques for security protection of a wireless network are provided. An access point is operated in a first mode. The first mode is a mode of operation that allows access to resources of a network. A security event for a client is detected while operating the access point in the first mode. Then, the access point is changed from the first mode of operation to a second mode of operation. The second mode is a restricted mode of operation that restricts access to resources of the network. Analysis may then be performed to determine if the client is an unauthorized client or valid client.Type: GrantFiled: May 16, 2006Date of Patent: August 31, 2010Assignee: Cisco Technology, Inc.Inventors: Jeevan Patil, Jeremy E. Stieglitz, Shripati Acharya, Ian Foo
-
Patent number: 7650387Abstract: A method, a system, a machine-readable medium, and an apparatus for managing storage on a shared storage space, for example, on an email server, are provided. A plurality of emails is compared. If the content of each of the plurality of emails is the same, then a single copy is stored on the email server. Further, each recipient of the plurality of emails is enabled access to the stored email via a link to the single copy. Additionally, one or more attachments of the plurality of emails are compared. If an attachment is the same in each of the plurality of emails, then it is stored as a single copy. Further, a link is inserted in each of the plurality of emails, enabling access to the attachment from the single copy.Type: GrantFiled: November 15, 2005Date of Patent: January 19, 2010Assignee: Cisco Technology, Inc.Inventors: Ian Foo, Jeremy E. Stieglitz, Frederick J. Baker
-
Patent number: 7539189Abstract: Disclosed are apparatus and methods for authenticating a device to access a network through an access control port. In one embodiment, one or more first authentication packets for authenticating a first device or user to access a first network domain via a particular access port of a network device are received, for example, by an access control port. The particular access port is configured to control access for packets attempting to ingress into one or more network domains. When the first device or user is authorized to access the first domain, a first binding between the first device and the first domain is formed. The first binding specifies that the first device is allowed to access the first domain and the first binding is associated with the particular access port of the network device. When a packet is received that is attempting to ingress into the first domain and the ingressing packet matches the first binding, the ingressing packet is allowed to access the first domain.Type: GrantFiled: October 17, 2006Date of Patent: May 26, 2009Assignee: Cisco Technology, Inc.Inventors: Susan M. Sauter, Jason D. Frazier, Cynthia D. Melter, Gregory Alan Moore, Ian Foo
-
Patent number: 7447166Abstract: A technique optimizes the distribution of authenticated users among a plurality of broadcast domains, such as virtual local area networks (VLAN). Users are dynamically assigned to different broadcast domains based on various factors, including but not limited to the number of authenticated users already participating in each broadcast domain, the available bandwidth in each broadcast domain, user classes associated with users participating in each broadcast domain, etc. Based on one or more of these factors, authenticated users are optimally distributed (“load balanced”) among the plurality of broadcast domains, thereby reducing the amount of broadcast traffic and configuration within each domain.Type: GrantFiled: November 2, 2004Date of Patent: November 4, 2008Assignee: Cisco Technology, Inc.Inventors: Shyamasundar S. Kaluve, Ian Foo, Shyam Murthy, Ramesh Ponnapalli, Rajasekhar Manam
-
Publication number: 20080232277Abstract: In one embodiment, a method includes electronically prompting, in response to a triggering event, a participant connected to a conference session via a corresponding endpoint device to enter an affirmative response in order to continue attending the conference session. The participant is disconnected from the conference session in the event that the affirmative response is not received within a predetermined time period. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure.Type: ApplicationFiled: March 23, 2007Publication date: September 25, 2008Applicant: Cisco Technology, Inc.Inventors: Ian Foo, Jacqueline Munson, Randall B. Baird
-
Publication number: 20070271457Abstract: Techniques for security protection of a wireless network are provided. An access point is operated in a first mode. The first mode is a mode of operation that allows access to resources of a network. A security event for a client is detected while operating the access point in the first mode. Then, the access point is changed from the first mode of operation to a second mode of operation. The second mode is a restricted mode of operation that restricts access to resources of the network. Analysis may then be performed to determine if the client is an unauthorized client or valid client.Type: ApplicationFiled: May 16, 2006Publication date: November 22, 2007Applicant: Cisco Technology, Inc.Inventors: Jeevan Patil, Jeremy E. Stieglitz, Shripati Acharya, Ian Foo
-
Publication number: 20070256122Abstract: A method and system is disclosed for creating and tracking network sessions. A request to access a network is received from an entity. The entity is authenticated after the request is received. Authenticated identity information associated with the entity, network address information associated with the entity, and network location information associated with the entity is collected. An information set is created. The information set comprises and binds together the authenticated identity information, the network address information, and the network location information. The information set indicates a present association among the authenticated identity information, the network address information, and the network location information. The information set is stored in a session record in a centralized database. The session record represents a session in which the entity accesses the network. The session record is one of a plurality of session records that are stored in the centralized database.Type: ApplicationFiled: April 28, 2006Publication date: November 1, 2007Inventors: Ian Foo, Jeremy Stieglitz, Arthur Zavalkovsky, Jeevan Patil, Partha Bhattacharya, Jason Frazier, Ellis Dobbins
-
Publication number: 20070223444Abstract: A system for interfacing different types of network communications. In one embodiment, the system includes one or more gateways capable of converting messages from messages that are adapted for a first type of network and/or destination device to messages that are adapted for a second type of network and/or destination device. The second type of network and/or destination device includes a first Voice Over Internet Protocol (VOIP) communications device. A message-analysis module is adapted to employ an address associated with the message to selectively forward the message to one or more of the one or more gateways and/or to a destination device. In a more specific embodiment, the first type of network includes a packet-switched network in communication with the first VOIP phone. The destination device includes a mobile phone in communication with a cellular network.Type: ApplicationFiled: March 24, 2006Publication date: September 27, 2007Applicant: Cisco Technology, Inc.Inventors: Ian Foo, Armin Current, Kenneth Durazzo
-
Publication number: 20070195742Abstract: A system and method for selectively controlling traffic in a network to improve network performance. The system includes a network controller that includes a first control-traffic prioritizer. An Access Point (AP) includes a second control-traffic prioritizer and communicates with the network controller. One or more clients communicate with the AP. The communications behavior of the client is affected by operations of the first control-traffic prioritizer and the second control-traffic prioritizer.Type: ApplicationFiled: February 21, 2006Publication date: August 23, 2007Applicant: Cisco Technology, Inc.Inventors: William Erdman, Jeremy Stieglitz, Patrick Gilbreath, Ian Foo