Patents by Inventor Pok Sze Wong
Pok Sze Wong has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20200159380Abstract: The present invention is directed to a novel user interface for displaying event-based data with visual rendering of the chronological arrangement and relationship among various event. The disclosed user interface utilizes a scroll feature for traversing along a time axis with various network related messages and events displayed as panels views along the scroll range. The described user interface framework enables visual displaying of event-based data in an intuitive format that may be rendered across small and large display sizes. The disclosed technology further provides for a depiction of dependencies, cause and effect relationships, data flow, event attributes and chronological ordering in a same view.Type: ApplicationFiled: March 28, 2019Publication date: May 21, 2020Inventors: Jayesh Kantilal Wadikar, Vishv Rohitkumar Brahmbhatt, Shraddha Herlekar, Vivek Prahladbhai Parekh, Pok Sze Wong
-
Publication number: 20200162517Abstract: Systems and methods provide for tracking a device at a network independent of where the device connects to the network. Embodiments can identify that a device associated with a security policy has previously connected to the network. In response, a match is determined between the device and an existing session ID and device tracking information, where the existing session ID and device tracking information are independent of where in the network the device has connected. Based on the match, the security policy is applied to the device.Type: ApplicationFiled: April 24, 2019Publication date: May 21, 2020Inventors: Pok Sze Wong, Venkataramana Ragothaman
-
Patent number: 10212039Abstract: A management server communicates with an authentication server that authenticates endpoints, which are configured to connect wirelessly with access points (APs) controlled by respective ones of a plurality of controllers. Weights for the APs and the controllers are stored. Event logs detailing requests for authentication of the endpoints are received. For each request, roaming conditions for the endpoint that triggered the request are determined. Also, a respective weight of one or more of the AP connected with the endpoint and of the controller that controls the AP is increased by a respective amount depending on whether the roaming conditions are caused by the AP and the controller being improperly configured or properly configured. Identities of ones of the APs and the controllers having weights that exceed one or more weight thresholds each indicative of an improperly configured AP or controller are stored.Type: GrantFiled: February 16, 2017Date of Patent: February 19, 2019Assignee: Cisco Technology, Inc.Inventors: Vivek Santuka, Aaron Troy Woland, Pok Sze Wong, Jesse Ryan Dubois, Kannan Muthusamy
-
Patent number: 10171504Abstract: In one embodiment, a method includes receiving at an enforcement node, a request to access a network from an endpoint, transmitting at the enforcement node, the access request to a policy server, receiving at the enforcement node from the policy server, a dynamic authorization comprising a plurality of ranks, each of the ranks comprising a policy for access to the network by the endpoint, assigning the endpoint to one of the ranks and applying the policy associated with the rank to traffic received from the endpoint at the enforcement node during a communication session between the endpoint and the network, assigning the endpoint to a different rank, and applying the policy associated with the rank to traffic received from the endpoint during the communication session. An apparatus and logic are also disclosed herein.Type: GrantFiled: August 4, 2015Date of Patent: January 1, 2019Assignee: Cisco Technology, Inc.Inventors: Pok Sze Wong, Ramesh Nampelly, Aaron Rodriguez
-
Patent number: 10021141Abstract: A computing device providing a network service to a service area may receive a connection request from a user device and generate a session start request to start a user session in a service domain covering the service area. One or more policy rules may be evaluated to determine whether any rule is applicable to the user device, which includes determining that an authoritative user session has already been established in the service domain. The user session may be established in the service domain for the user device, and at least one permission for access to a controlled network resource may be associated with the user session based on the determination that the authoritative user session has already been established. A request from the user device to access the controlled network resource may be received and access to the controlled network resource may be granted.Type: GrantFiled: June 12, 2017Date of Patent: July 10, 2018Assignee: Cisco Technology, Inc.Inventors: Pok Sze Wong, Ramesh Nampelly
-
Patent number: 9813324Abstract: A server is in communication with a network device that has network connectivity to an endpoint device. The server receives from the network device a packet that includes a Media Access Control (MAC) address of the endpoint device. A determination is made as to whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices. One or more attributes that carry further descriptive information of the endpoint device are extracted from the packet. It is determined based whether the endpoint device can be classified at a level of granularity according to a policy rule. If the endpoint device cannot be classified at the level of granularity, a probe function is dynamically selected based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device.Type: GrantFiled: June 9, 2015Date of Patent: November 7, 2017Assignee: Cisco Technology, Inc.Inventors: Ramesh Nampelly, Pok Sze Wong
-
Publication number: 20170279856Abstract: A computing device providing a network service to a service area may receive a connection request from a user device and generate a session start request to start a user session in a service domain covering the service area. One or more policy rules may be evaluated to determine whether any rule is applicable to the user device, which includes determining that an authoritative user session has already been established in the service domain. The user session may be established in the service domain for the user device, and at least one permission for access to a controlled network resource may be associated with the user session based on the determination that the authoritative user session has already been established. A request from the user device to access the controlled network resource may be received and access to the controlled network resource may be granted.Type: ApplicationFiled: June 12, 2017Publication date: September 28, 2017Inventors: Pok Sze Wong, Ramesh Nampelly
-
Patent number: 9723026Abstract: A computing device providing a network service to a service area may receive a connection request from a user device and generate a session start request to start a user session in a service domain covering the service area. One or more policy rules may be evaluated to determine whether any rule is applicable to the user device, which includes determining that an authoritative user session has already been established in the service domain. The user session may be established in the service domain for the user device, and at least one permission for access to a controlled network resource may be associated with the user session based on the determination that the authoritative user session has already been established. A request from the user device to access the controlled network resource may be received and access to the controlled network resource may be granted.Type: GrantFiled: July 9, 2015Date of Patent: August 1, 2017Assignee: Cisco Technology, Inc.Inventors: Pok Sze Wong, Ramesh Nampelly
-
Patent number: 9614874Abstract: An access control module in an enterprise computing network receives contextual information of a first active network session at a first network endpoint and contextual information of a second active network session at a second network endpoint. The access control module is configured to evaluate the contextual information of one or more of the first or second network sessions based on one or more network policies to determine a policy action for enforcement on at least one of the first or second network endpoints.Type: GrantFiled: November 4, 2015Date of Patent: April 4, 2017Assignee: Cisco Technology, Inc.Inventor: Pok Sze Wong
-
Publication number: 20170041343Abstract: In one embodiment, a method includes receiving at an enforcement node, a request to access a network from an endpoint, transmitting at the enforcement node, the access request to a policy server, receiving at the enforcement node from the policy server, a dynamic authorization comprising a plurality of ranks, each of the ranks comprising a policy for access to the network by the endpoint, assigning the endpoint to one of the ranks and applying the policy associated with the rank to traffic received from the endpoint at the enforcement node during a communication session between the endpoint and the network, assigning the endpoint to a different rank, and applying the policy associated with the rank to traffic received from the endpoint during the communication session. An apparatus and logic are also disclosed herein.Type: ApplicationFiled: August 4, 2015Publication date: February 9, 2017Applicant: CISCO TECHNOLOGY, INC.Inventors: Pok Sze Wong, Ramesh Nampelly, Aaron Rodriguez
-
Publication number: 20170013016Abstract: A computing device providing a network service to a service area may receive a connection request from a user device and generate a session start request to start a user session in a service domain covering the service area. One or more policy rules may be evaluated to determine whether any rule is applicable to the user device, which includes determining that an authoritative user session has already been established in the service domain. The user session may be established in the service domain for the user device, and at least one permission for access to a controlled network resource may be associated with the user session based on the determination that the authoritative user session has already been established. A request from the user device to access the controlled network resource may be received and access to the controlled network resource may be granted.Type: ApplicationFiled: July 9, 2015Publication date: January 12, 2017Inventors: Pok Sze Wong, Ramesh Nampelly
-
Publication number: 20160366040Abstract: A server is in communication with a network device that has network connectivity to an endpoint device. The server receives from the network device a packet that includes a Media Access Control (MAC) address of the endpoint device. A determination is made as to whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices. One or more attributes that carry further descriptive information of the endpoint device are extracted from the packet. It is determined based whether the endpoint device can be classified at a level of granularity according to a policy rule. If the endpoint device cannot be classified at the level of granularity, a probe function is dynamically selected based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device.Type: ApplicationFiled: June 9, 2015Publication date: December 15, 2016Inventors: Ramesh Nampelly, Pok Sze Wong
-
Publication number: 20160057170Abstract: An access control module in an enterprise computing network receives contextual information of a first active network session at a first network endpoint and contextual information of a second active network session at a second network endpoint. The access control module is configured to evaluate the contextual information of one or more of the first or second network sessions based on one or more network policies to determine a policy action for enforcement on at least one of the first or second network endpoints.Type: ApplicationFiled: November 4, 2015Publication date: February 25, 2016Inventor: Pok Sze Wong
-
Patent number: 9210169Abstract: An access control module in an enterprise computing network receives contextual information of a first active network session at a first network endpoint and contextual information of a second active network session at a second network endpoint. The access control module is configured to evaluate the contextual information of one or more of the first or second network sessions based on one or more network policies to determine a policy action for enforcement on at least one of the first or second network endpoints.Type: GrantFiled: December 20, 2012Date of Patent: December 8, 2015Assignee: Cisco Technology, Inc.Inventor: Pok Sze Wong
-
Patent number: 8910250Abstract: A notification is received that a network device in a computing network has blocked a service request directed towards a network resource of the computing network. A determination is made, based on authentication information associated with one or more of a network endpoint that transmitted the service request and a user at the network endpoint, as to whether the user should be notified of a reason that the network device blocked the service request. If it is determined that the user should be notified, a notification summarizing the reason that the network device blocked the service request is transmitted to the network endpoint.Type: GrantFiled: January 24, 2013Date of Patent: December 9, 2014Assignee: Cisco Technology, Inc.Inventors: Pok Sze Wong, Paul Forbes Bigbee
-
Patent number: 8898757Abstract: An example embodiment of the present invention provides processes relating to the authentication, by an authentication server, of a supplicant/user for access to a network. In one particular implementation, an authentication server receives a request for access from a supplicant, which request is forwarded to the authentication server by an authenticator that controls a port to the network. The authentication server scores various authentication methods, based on configured preferences, currently cached credentials, and the availability of a networked credential store as measured by a link-state monitor. The authentication server then negotiates an agreed authentication method with the supplicant, using a preferred order resulting from the scores.Type: GrantFiled: December 6, 2012Date of Patent: November 25, 2014Assignee: Cisco Technology, Inc.Inventors: Pok Sze Wong, Thomas Alan Parker
-
Publication number: 20140208388Abstract: A notification is received that a network device in a computing network has blocked a service request directed towards a network resource of the computing network. A determination is made, based on authentication information associated with one or more of a network endpoint that transmitted the service request and a user at the network endpoint, as to whether the user should be notified of a reason that the network device blocked the service request. If it is determined that the user should be notified, a notification summarizing the reason that the network device blocked the service request is transmitted to the network endpoint.Type: ApplicationFiled: January 24, 2013Publication date: July 24, 2014Applicant: CISCO TECHNOLOGY, INC.Inventors: Pok Sze Wong, Paul Forbes Bigbee
-
Publication number: 20140181290Abstract: An access control module in an enterprise computing network receives contextual information of a first active network session at a first network endpoint and contextual information of a second active network session at a second network endpoint. The access control module is configured to evaluate the contextual information of one or more of the first or second network sessions based on one or more network policies to determine a policy action for enforcement on at least one of the first or second network endpoints.Type: ApplicationFiled: December 20, 2012Publication date: June 26, 2014Applicant: CISCO TECHNOLOGY, INC.Inventor: Pok Sze Wong
-
Publication number: 20130097679Abstract: An example embodiment of the present invention provides processes relating to the authentication, by an authentication server, of a supplicant/user for access to a network. In one particular implementation, an authentication server receives a request for access from a supplicant, which request is forwarded to the authentication server by an authenticator that controls a port to the network. The authentication server scores various authentication methods, based on configured preferences, currently cached credentials, and the availability of a networked credential store as measured by a link-state monitor. The authentication server then negotiates an agreed authentication method with the supplicant, using a preferred order resulting from the scores.Type: ApplicationFiled: December 6, 2012Publication date: April 18, 2013Inventors: Pok Sze Wong, Thomas Alan Parker