Patents by Inventor Pauline Shuen

Pauline Shuen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 7650629
    Abstract: Architecture for providing access to an IEEE 802.1x network. A trust relationship is created between a switch of the network and an access point of the network such that the access point is authorized to communicate over the network. The trust relationship is then extended from the access point to a wireless client requesting connection to the network such that access to the network by said wireless client is authorized.
    Type: Grant
    Filed: January 22, 2008
    Date of Patent: January 19, 2010
    Assignee: Cisco Technology, Inc.
    Inventors: David E. Halasz, Merwyn B. Andrade, Pauline Shuen
  • Patent number: 7607166
    Abstract: A method and apparatus for providing security to factory automation devices in a switched Ethernet network. Traffic between factory automation devices and an Ethernet switch is limited to packets including approved TCP/UDP port numbers and to selected data rates.
    Type: Grant
    Filed: July 12, 2004
    Date of Patent: October 20, 2009
    Assignee: Cisco Technology, Inc.
    Inventors: Kenneth Coley, Pauline Shuen
  • Publication number: 20090235077
    Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.
    Type: Application
    Filed: April 27, 2009
    Publication date: September 17, 2009
    Inventors: Nancy Cam Winget, Mark Krischer, Sheausong Yang, Ajit Sanzgiri, Timothy Olson, Pauline Shuen
  • Patent number: 7590120
    Abstract: A method and apparatus utilized in layer 2 access switches of an Ethernet ring-based network to bridge multicast packets between a multicast VLAN and a selected VLAN coupled to a VLAN trunk port of the layer 2 access switch. The duplication of multicast streams over the ring technology is avoided while maintaining isolation between subscribers.
    Type: Grant
    Filed: November 18, 2005
    Date of Patent: September 15, 2009
    Assignee: Cisco Technology, Inc.
    Inventors: Pauline Shuen, James P. Rivers
  • Patent number: 7558960
    Abstract: A detection-based defense to a wireless network. Elements of the infrastructure, e.g., access points or scanning-only access points, detect intruders by detecting spoofed frames, such as from rogue access points. Access points include a signature, such as a message integrity check, with their management frames in a manner that enables neighboring access points to be able to validate the management frames, and to detect spoofed frames. When a neighboring access point receives a management frame, obtains a key for the access point sending the frame, and validates the management frame using the key.
    Type: Grant
    Filed: January 5, 2005
    Date of Patent: July 7, 2009
    Assignee: Cisco Technology, Inc.
    Inventors: Nancy Cam Winget, Mark Krishcer, Timothy Olson, Pauline Shuen, Ajit Sanzgiri, Sheausong Yang
  • Patent number: 7480258
    Abstract: A cross stack rapid transition protocol is provided for permitting multiple network devices organized as a stack to rapidly transition their ports in response to network changes so as to minimize traffic flow disruptions while avoiding loops. Each switch in the stack has a stack port that connects the switch to another switch in the stack, and a plurality of ports for connecting the switch to other entities of the computer network. Each switch includes a Spanning Tree Protocol (STP) entity that transitions the ports of the switch among a plurality of states including a forwarding state and a blocking state. Each switch also tracks which other switches are members of the switch stack. The stack port of each switch is transitioned to the forwarding state, and a single switch having connectivity to a root is elected to be a Stack Root. One or more other switches may have Alternate Stack Root Ports, that provide alternate paths to the root.
    Type: Grant
    Filed: July 3, 2003
    Date of Patent: January 20, 2009
    Assignee: Cisco Technology, Inc.
    Inventors: Pauline Shuen, Chinying Chaou, Mallikarjuna R. Padavala, Moni Pande, Shyamasundar S. Kaluve
  • Publication number: 20080313724
    Abstract: Embodiments of an N-Port ID virtualization (NPIV) proxy module, NPIV proxy switching system, and methods are generally described herein. Other embodiments may be described and claimed. In some embodiments, login requests are distributed over a plurality of available N-ports to allow servers to be functionally coupled to F-ports of a plurality of fiber-channel (FC) switches. Fiber-channel identifiers (FCIDs) are assigned to the servers in response to the logon requests to provide single end-host operations for each of the servers.
    Type: Application
    Filed: June 13, 2007
    Publication date: December 18, 2008
    Applicant: Nuova Systems, Inc.
    Inventors: Krishna Doddapaneni, Chaitanya Kodeboyina, J.R. Rivers, Pauline Shuen
  • Patent number: 7411915
    Abstract: A method and apparatus for automatically configuring a physical port of a switch with features appropriate to a connection type snoops incoming packets to determine the connection type and executes a port configuration macro installed on the switch to apply appropriate features for the connection type.
    Type: Grant
    Filed: July 21, 2004
    Date of Patent: August 12, 2008
    Assignee: Cisco Technology, Inc.
    Inventors: Christopher Spain, Pauline Shuen, Shashi Kumar, Glen Robert Fisher, Ujjal Bajaj
  • Publication number: 20080134288
    Abstract: Architecture for providing access to an IEEE 802.1x network. A trust relationship is created between a switch of the network and an access point of the network such that the access point is authorized to communicate over the network. The trust relationship is then extended from the access point to a wireless client requesting connection to the network such that access to the network by said wireless client is authorized.
    Type: Application
    Filed: January 22, 2008
    Publication date: June 5, 2008
    Inventors: David E. HALASZ, Merwyn B. Andrade, Pauline Shuen
  • Publication number: 20080123562
    Abstract: Various systems and methods for integrating ring-protocol-compatible devices into network configurations that also include non-ring-protocol-compatible devices are disclosed. One such method, which can be performed by a network node that supports a ring protocol, involves generating a ring protocol packet and sending that ring protocol packet to a neighboring node. The ring protocol packet includes information, and the presence of this information within the packet causes a network device that receives the ring protocol packet to drop the ring protocol packet unless the network device supports a ring protocol. The information can include a reserved address (e.g., in the destination address field of the packet) as well as a ring protocol identifier.
    Type: Application
    Filed: August 15, 2006
    Publication date: May 29, 2008
    Inventors: Lionel Florit, Robert W. Klessig, Francois E. Tallet, Pauline Shuen
  • Patent number: 7370362
    Abstract: Methods and apparatus are disclosed for locating and disabling the switch port of a rogue wireless access point. In one embodiment, a network management device is configured to detect the presence of a rogue access point on a managed wireless network. Once detected, the management device may then instruct a special client, such as a scanning AP, to associate with the rogue access point and send a discovery packet through the rogue access point to network management device. The network management device upon receiving the discovery packet may thereby determine that the rogue access point is connected to a network managed by said network device. The network device may then utilize information contained in the discovery packet to locate the switch port to which the rogue access point is connected, and ultimately disable the switch port to which the rogue access point is connected.
    Type: Grant
    Filed: March 3, 2005
    Date of Patent: May 6, 2008
    Assignee: Cisco Technology, Inc.
    Inventors: Timothy Olson, Pauline Shuen, Ajit Sanzgiri, Nancy Winget, Pejman Roshan
  • Publication number: 20080095160
    Abstract: In one embodiment, receiving a data packet in a data forwarding domain, encapsulating a header to the received data packet, and routing the encapsulated data packet in the data forwarding domain over a distribution tree are provided.
    Type: Application
    Filed: October 24, 2006
    Publication date: April 24, 2008
    Applicant: Cisco Technology, Inc.
    Inventors: Navindra Yadav, James Rivers, Guanaprakasam Pandian, Pauline Shuen, Scott Emery
  • Publication number: 20080084888
    Abstract: In one embodiment, detecting data traffic from a host device in a data forwarding domain, injecting a host route associated with the detected data traffic, and updating a forwarding table associated with the host route are provided.
    Type: Application
    Filed: October 5, 2006
    Publication date: April 10, 2008
    Applicant: Cisco Technology, Inc.
    Inventors: Navindra Yadav, Gnanaprakasam Pandian, James Rivers, Scott Emery, Pauline Shuen, Murali Duvvury
  • Patent number: 7327693
    Abstract: A method for transmitting a message packet from a network device having multiple transmit queues at a precise time flushes all packets previously enqueued in a selected transmit queue and places the message packet in the selected queue. All other transmit queues are also flushed prior to transmitting the message packet to eliminate timing uncertainty due transmission of enqueued packets prior to the transmission of the message packet.
    Type: Grant
    Filed: March 30, 2004
    Date of Patent: February 5, 2008
    Assignee: Cisco Technology, Inc.
    Inventors: James P. Rivers, Pauline Shuen
  • Patent number: 7325246
    Abstract: Architecture for providing access to an IEEE 802.1x network. A trust relationship is created between a switch of the network and an access point of the network such that the access point is authorized to communicate over the network. The trust relationship is then extended from the access point to a wireless client requesting connection to the network such that access to the network by said wireless client is authorized.
    Type: Grant
    Filed: January 7, 2002
    Date of Patent: January 29, 2008
    Assignee: Cisco Technology, Inc.
    Inventors: David E. Halasz, Merwyn B. Andrade, Pauline Shuen
  • Publication number: 20070288613
    Abstract: Various systems and methods are disclosed for providing support for responding to location protocol queries within a network node. One such method involves associating a location with a network identity by associating a network port with a network identity and also associating the network port with the location. The association between the network port and the network identity is created in response to a network identity, which can include an IP address, being assigned to a device coupled to the network port by an identity protocol such as DHCP. The packet is sent in response to detecting a request for the device's location. The method can be performed by various devices, including a first hop node coupled to the device, a location server, and an identity server.
    Type: Application
    Filed: June 8, 2006
    Publication date: December 13, 2007
    Inventors: Pradeep S. Sudame, Shree N. Murthy, Jie Cheng Jiang, Pauline Shuen
  • Publication number: 20070116014
    Abstract: A method and apparatus utilized in layer 2 access switches of an Ethernet ring-based network to bridge multicast packets between a multicast VLAN and a selected VLAN coupled to a VLAN trunk port of the layer 2 access switch. The duplication of multicast streams over the ring technology is avoided while maintaining isolation between subscribers.
    Type: Application
    Filed: November 18, 2005
    Publication date: May 24, 2007
    Inventors: Pauline Shuen, James Rivers
  • Publication number: 20070047472
    Abstract: Various systems and methods for implementing virtual ports within ring networks are disclosed. For example, one method involves allocating a logical port that corresponds to a first port and a second port and instantiating a spanning tree protocol instance. The first port and the second port are both assigned to a first ring network. The spanning tree protocol instance selectively blocks the logical port; however, the spanning tree protocol instance is unable to block the first port independently of blocking the second port. Events (e.g., link failures and recoveries) that occur within the ring network are communicated to spanning tree by transitioning the state of the logical port in response to receiving a ring protocol control packet. The spanning tree protocol instance initiates a bridge protocol data unit (BPDU) exchange from the logical port in response to a transition in the state of the logical port.
    Type: Application
    Filed: September 2, 2005
    Publication date: March 1, 2007
    Inventors: Lionel Florit, Robert Klessig, Pauline Shuen, Francois Tallet
  • Publication number: 20070047471
    Abstract: Various systems and methods for implementing virtual ports within ring networks are disclosed. For example, one method involves allocating a logical port that corresponds to a first port and a second port and instantiating a spanning tree protocol instance. The first port and the second port are both assigned to a first ring network. The spanning tree protocol instance selectively blocks the logical port; however, the spanning tree protocol instance is unable to block the first port independently of blocking the second port. Events (e.g., link failures and recoveries) that occur within the ring network are communicated to spanning tree by transitioning the state of the logical port in response to receiving a ring protocol control packet. The spanning tree protocol instance initiates a bridge protocol data unit (BPDU) exchange from the logical port in response to a transition in the state of the logical port.
    Type: Application
    Filed: August 30, 2005
    Publication date: March 1, 2007
    Inventors: Lionel Florit, Robert Klessig, Pauline Shuen, Francois Tallet
  • Publication number: 20060262798
    Abstract: This invention provides for an apparatus and method to isolate ports on layer 2 switches on the same VLAN to restrict traffic flow. The apparatus comprises a switch having said plurality of ports, each port configured as a protected port or a non-protected port. An address table memory stores an address table having a destination address and port number pair. A forwarding map generator generates a forwarding map which is responsive to a destination address of a data packet. The method for isolating ports on a layer 2 switch comprises configuring each of the ports on the layer 2 switch as a protected port or a non-protected port. A destination address on an data packet is matched with a physical address on said layer 2 switch and a forwarding map is generated for the data packet based upon the destination address on the data packet.
    Type: Application
    Filed: July 26, 2006
    Publication date: November 23, 2006
    Inventors: Monica Joshi, Pauline Shuen