Patents by Inventor Ajit Sanzgiri
Ajit Sanzgiri has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20120294316Abstract: In one embodiment, ports of a network device are assigned to virtual service domains (VSDs). The ports are coupled to a virtual Ethernet module (VEM) of the network device. Each VSD is associated with one or more virtual service engines (VSEs) in a particular order. Each VSE is configured to apply a particular service to traffic traversing the VSE. Traffic received at a virtual Ethernet module (VEM) of the network device that is destined for a particular VSD, and is received on a port that has not been assigned to the particular VSD, is forwarded to the particular VSD via the one or more VSEs associated with the particular VSD such that the traffic traverses the one or more VSEs in the particular order.Type: ApplicationFiled: July 25, 2012Publication date: November 22, 2012Applicant: CISCO TECHNOLOGY, INC.Inventors: Srinivas Sardar, Udayakumar Srinivasan, Shankar Ramachandran, Chidambareswaran Raman, Ajit Sanzgiri, Michael R. Smith
-
Patent number: 8274973Abstract: In one embodiment, layer-2 (L2) ports of a network device may each be assigned to a particular virtual service domain (VSD). One or more virtual service engines (VSEs) may also be assigned in a particular order to each VSD, where each VSE is configured to apply a particular service to traffic traversing the VSE between ingress and egress service ports. Interconnecting the L2 ports and the ingress and egress service ports is an illustrative virtual Ethernet module (VEM), which directs traffic it receives according to rules as follows: a) into a destination VSD via the one or more correspondingly assigned VSEs in the particular order; b) out of a current VSD via the one or more correspondingly assigned VSEs in a reverse order from the particular order; or c) within a current VSD without redirection through a VSE.Type: GrantFiled: March 24, 2010Date of Patent: September 25, 2012Assignee: Cisco Technology, Inc.Inventors: Srinivas Sardar, Udayakumar Srinivasan, Shankar Ramachandran, Chidambareswaran Raman, Ajit Sanzgiri, Michael R. Smith
-
Publication number: 20120233453Abstract: In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server.Type: ApplicationFiled: May 25, 2012Publication date: September 13, 2012Applicant: CISCO TECHNOLOGY, INC.Inventors: Etai Lev Ran, Ajit Sanzgiri
-
Publication number: 20120210395Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.Type: ApplicationFiled: April 25, 2012Publication date: August 16, 2012Inventors: Nancy CAM WINGET, Mark KRISHCER, Sheausong YANG, Ajit SANZGIRI, Timothy OLSON, Pauline SHUEN
-
Patent number: 8191144Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.Type: GrantFiled: April 27, 2009Date of Patent: May 29, 2012Assignee: Cisco Technology, Inc.Inventors: Nancy Cam Winget, Mark Krishcer, Sheausong Yang, Ajit Sanzgiri, Timothy Olson, Pauline Shuen
-
Patent number: 8190875Abstract: In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server.Type: GrantFiled: March 22, 2007Date of Patent: May 29, 2012Assignee: Cisco Technology, Inc.Inventors: Etai Lev Ran, Ajit Sanzgiri
-
Publication number: 20120086363Abstract: A method of controlling and managing a plurality of system managers, a plurality of lights and devices, including human interfaces and building automation devices is disclosed. The method includes a system manager collecting data from the plurality of lights and devices. The system manager uses the collected data to determine an adjacency of lights and devices. The system manager dynamically places the plurality of lights and devices into zones and binding human interface devices to the zones, and a dynamically configures the devices to control the zones. The devices perform self-calibration and self-commissioning. The system manager and devices perform ongoing calibration and commissioning. The system manager and devices operate resiliently in case of failure of the system manager, other devices, or software or hardware failures in the devices. The system manager and the devices operate on the collected data to determine usage patterns, and to efficiently manage the plurality of lights and devices.Type: ApplicationFiled: September 5, 2009Publication date: April 12, 2012Inventors: Jonathan Golding, Ajit Sanzgiri
-
Publication number: 20110235645Abstract: In one embodiment, layer-2 (L2) ports of a network device may each be assigned to a particular virtual service domain (VSD). One or more virtual service engines (VSEs) may also be assigned in a particular order to each VSD, where each VSE is configured to apply a particular service to traffic traversing the VSE between ingress and egress service ports. Interconnecting the L2 ports and the ingress and egress service ports is an illustrative virtual Ethernet module (VEM), which directs traffic it receives according to rules as follows: a) into a destination VSD via the one or more correspondingly assigned VSEs in the particular order; b) out of a current VSD via the one or more correspondingly assigned VSEs in a reverse order from the particular order; or c) within a current VSD without redirection through a VSE.Type: ApplicationFiled: March 24, 2010Publication date: September 29, 2011Inventors: Srinivas Sardar, Udayakumar Srinivasan, Shankar Ramachandran, Chidambareswaran Raman, Ajit Sanzgiri, Michael R. Smith
-
Patent number: 7849499Abstract: In one embodiment, detecting a wireless network access request, forwarding data associated with the detected wireless network access request to a first multipoint Generic Routing Encapsulation (mGRE) tunnel, receiving authentication information associated with the detected wireless network access request, receiving authentication status information for the detected wireless network access request, and forwarding data associated with the detected wireless network access request to a second multipoint Generic Routing Encapsulation (mGRE) tunnel connected to a predetermined internet protocol (IP) subnet when the received authentication status information includes a successful authentication, are provided.Type: GrantFiled: August 21, 2007Date of Patent: December 7, 2010Assignee: Cisco Technology, Inc.Inventors: Bhanu Gopalasetty, Ajit Sanzgiri, Chia Tsai, Jun Xie
-
Patent number: 7616613Abstract: Enhanced tunnel communication mode creation, management and tuning in a network that includes wireless access points (APs) and user authentication. Tunnels can be dynamically managed to adapt to the changing topology of a network with APs. User devices such as mobile phones, laptop computers, personal digital assistants, or other devices can be added or dropped from an assigned AP. APs, routers, switches or other devices can also be added, removed, or modified in their network characteristics. Special control is also provided for IP multicast, Dynamic Host Configuration Protocol (DHCP), Address Resolution Protocol (ARP) and other network features.Type: GrantFiled: November 19, 2004Date of Patent: November 10, 2009Assignee: Cisco Technology, Inc.Inventors: Ajit Sanzgiri, Douglas Gourlay
-
Publication number: 20090235077Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.Type: ApplicationFiled: April 27, 2009Publication date: September 17, 2009Inventors: Nancy Cam Winget, Mark Krischer, Sheausong Yang, Ajit Sanzgiri, Timothy Olson, Pauline Shuen
-
Patent number: 7558960Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.Type: GrantFiled: January 5, 2005Date of Patent: July 7, 2009Assignee: Cisco Technology, Inc.Inventors: Nancy Cam Winget, Mark Krishcer, Timothy Olson, Pauline Shuen, Ajit Sanzgiri, Sheausong Yang
-
Publication number: 20090055900Abstract: In one embodiment, detecting a wireless network access request, forwarding data associated with the detected wireless network access request to a first multipoint Generic Routing Encapsulation (mGRE) tunnel, receiving authentication information associated with the detected wireless network access request, receiving authentication status information for the detected wireless network access request, and forwarding data associated with the detected wireless network access request to a second multipoint Generic Routing Encapsulation (mGRE) tunnel connected to a predetermined internet protocol (IP) subnet when the received authentication status information includes a successful authentication, are provided.Type: ApplicationFiled: August 21, 2007Publication date: February 26, 2009Applicant: Cisco Technology, Inc.Inventors: Bhanu Gopalasetty, Ajit Sanzgiri, Chia Tsai, Jun Xie
-
Publication number: 20080235508Abstract: In one embodiment, a method for providing secure communications using a proxy is provided. The proxy negotiates with a client and a server to determine a session key to use with communications between the client and the proxy and between the proxy and the server. Encrypted data may then be received from the client at the proxy. The proxy can decrypt the encrypted data for processing using the session key. In one embodiment, the decrypted data is not altered. The proxy then sends the encrypted data that was received from the client to the server without re-encrypting the data that was decrypted. Because the proxy did not alter the data in its processing of the decrypted data and the same session key is used between communications for the proxy and the server, the encrypted data stream that was received from the client can be forwarded to the server.Type: ApplicationFiled: March 22, 2007Publication date: September 25, 2008Applicant: Cisco Technology, Inc. (a California corporation)Inventors: Etai Lev Ran, Ajit Sanzgiri
-
Patent number: 7411925Abstract: Embodiments of the present invention provide for switchover from an active processor to a standby processor in a route processor system. An up-to-date copy of information used by a supervisor process at the active processor is ensured by determining necessary event states. One type of event state includes message requests, processing and replies. Three basic types of communication between three different entities (blade, wireless domain services (WDS) and supervisor) are governed by three types of communication protocols: WLCCP between a blade and WDS, LCP between a supervisor and a blade, and checkpoint-type messages between two supervisors.Type: GrantFiled: November 12, 2004Date of Patent: August 12, 2008Assignee: Cisco Technology, Inc.Inventors: Vijay Nain, Chia Tsai, Ajit Sanzgiri
-
Patent number: 7370362Abstract: Methods and apparatus are disclosed for locating and disabling the switch port of a rogue wireless access point. In one embodiment, a network management device is configured to detect the presence of a rogue access point on a managed wireless network. Once detected, the management device may then instruct a special client, such as a scanning AP, to associate with the rogue access point and send a discovery packet through the rogue access point to network management device. The network management device upon receiving the discovery packet may thereby determine that the rogue access point is connected to a network managed by said network device. The network device may then utilize information contained in the discovery packet to locate the switch port to which the rogue access point is connected, and ultimately disable the switch port to which the rogue access point is connected.Type: GrantFiled: March 3, 2005Date of Patent: May 6, 2008Assignee: Cisco Technology, Inc.Inventors: Timothy Olson, Pauline Shuen, Ajit Sanzgiri, Nancy Winget, Pejman Roshan
-
Publication number: 20060200862Abstract: Methods and apparatus are disclosed for locating and disabling the switch port of a rogue wireless access point. In one embodiment, a network management device is configured to detect the presence of a rogue access point on a managed wireless network. Once detected, the management device may then instruct a special client, such as a scanning AP, to associate with the rogue access point and send a discovery packet through the rogue access point to network management device. The network management device upon receiving the discovery packet may thereby determine that the rogue access point is connected to a network managed by said network device. The network device may then utilize information contained in the discovery packet to locate the switch port to which the rogue access point is connected, and ultimately disable the switch port to which the rogue access point is connected.Type: ApplicationFiled: March 3, 2005Publication date: September 7, 2006Inventors: Timothy Olson, Pauline Shuen, Ajit Sanzgiri, Nancy Winget, Pejman Roshan
-
Publication number: 20060114863Abstract: A method for protecting a wireless network against spoofed MAC address attacks. A database is used for storing MAC address and user identity bindings. When a new request to access the network is received, the MAC address and user identity of the request is compared to the stored MAC address and user identity bindings. If a new request has an existing MAC address, but not the corresponding user identity, then the request will be denied. The bindings database contains the MAC Address, User identity bindings for wireless nodes and/or, for wired nodes. The MAC address, User identity bindings contained in the bindings database may be automatically learned or statically configured.Type: ApplicationFiled: December 1, 2004Publication date: June 1, 2006Inventors: Ajit Sanzgiri, Robert Meier, Bhawani Sapkota, Nancy Cam Winget
-
Publication number: 20060002343Abstract: Embodiments of the present invention provide for switchover from an active processor to a standby processor in a route processor system. An up-to-date copy of information used by a supervisor process at the active processor is ensured by determining necessary event states. One type of event state includes message requests, processing and replies. Three basic types of communication between three different entities (blade, wireless domain services (WDS) and supervisor) are governed by three types of communication protocols: WLCCP between a blade and WDS, LCP between a supervisor and a blade, and checkpoint-type messages between two supervisors.Type: ApplicationFiled: November 12, 2004Publication date: January 5, 2006Applicant: Cisco Technology, Inc.Inventors: Vijay Nain, Chia Tsai, Ajit Sanzgiri
-
Publication number: 20050270992Abstract: Enhanced tunnel communication mode creation, management and tuning in a network that includes wireless access points (APs) and user authentication. Tunnels can be dynamically managed to adapt to the changing topology of a network with APs. User devices such as mobile phones, laptop computers, personal digital assistants, or other devices can be added or dropped from an assigned AP. APs, routers, switches or other devices can also be added, removed, or modified in their network characteristics. Special control is also provided for IP multicast, Dynamic Host Configuration Protocol (DHCP), Address Resolution Protocol (ARP) and other network features.Type: ApplicationFiled: November 19, 2004Publication date: December 8, 2005Applicant: Cisco Technology, Inc.Inventors: Ajit Sanzgiri, Douglas Gourlay