Craig M Alesso

US Patent:

6466977, Oct 15, 2002

Filed:

May 6, 1999

Appl. No.:

09/306528

Inventors:

Aravind Sitaraman - Santa Clara CA
Craig Michael Alesso - Lake Elmo MN
Charles Troper Yager - Cupertino CA

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G09F 15173

US Classification:

709225, 709223, 709224, 709229, 709239, 713201

Abstract:

In a first aspect of the present invention, a Wholesaler dynamically identifies one of a plurality of AAA services at a remote domain to route an access request to. The AAA service is selected based upon a set of rules applied to information which has been received dynamically from the plurality of AAA services and is indicative of load and status of the plurality of AAA services. In a second aspect of the present invention, a Wholesaler, based upon a Service Level Agreement (SLA) between the Wholesaler and a user, routes the user to one of a plurality of sub-service providers.

US Patent:

6529955, Mar 4, 2003

Filed:

May 6, 1999

Appl. No.:

09/306691

Inventors:

Aravind Sitaraman - Santa Clara CA
Craig Michael Alesso - Lake Elmo MN
Charles Troper Yager - Cupertino CA

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G06F 1300

US Classification:

709225, 709226, 709229, 709224, 709223, 709217

Abstract:

A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of proxied sessions to provide the group of users at the PoP and a dynamic proxy session count corresponding to active proxied sessions currently provided to the group of users at the PoP. The central database contains a maximum number of proxied sessions to provide the group of users over the entire data communications network and a dynamic network-wide proxy session count corresponding to active proxied sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number. The actions may include assessing extra charges, denying access, and sending warning messages to appropriate recipients.

US Patent:

6668283, Dec 23, 2003

Filed:

May 21, 1999

Appl. No.:

09/316538

Inventors:

Aravind Sitaraman - Santa Clara CA
Craig Michael Alesso - Lake Elmo MN
Charles Troper Yager - Cupertino CA

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G06F 1300

US Classification:

709229, 320230

Abstract:

A data communications network with at least one PoP maintains a local cache database associated with each AAA service at the PoP on the data communications network. Each local database contains a group identification such as a domain identification corresponding to a group of users or an FQDN specifying a group of one individual, a maximum number of B-Channels to provide the group of users at the PoP and a dynamic B-Channel session count corresponding to active B-Channel connections currently provided to the group of users at the PoP. Actions are taken when the group attempts to exceed the maximum number of B-Channels by more than a predetermined number. The actions may include assessing extra charges, denying access, and sending warning messages to appropriate recipients. The local database may be synchronized by publishing B-Channel connection and disconnection events to all subscribing local databases. For proxy authentication users, the authentication information is published to the local caches of each AAA service at the PoP upon the first log-in of the user so as to avoid the need to proxy each successive connection authentication to a remote AAA service.

US Patent:

6816901, Nov 9, 2004

Filed:

Jan 31, 2003

Appl. No.:

10/355666

Inventors:

Aravind Sitaraman - Santa Clara CA
Craig Michael Alesso - Lake Elmo MN
Charles Troper Yager - Cupertino CA

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G06F 15173

US Classification:

709225, 709226, 709229, 709224, 709223, 709217

Abstract:

A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of proxied sessions to provide the group of users at the PoP and a dynamic proxy session count corresponding to active proxied sessions currently provided to the group of users at the PoP. The central database contains a maximum number of proxied sessions to provide the group of users over the entire data communications network and a dynamic network-wide proxy session count corresponding to active proxied sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number. The actions may include assessing extra charges, denying access, and sending warning messages to appropriate recipients.

US Patent:

6857019, Feb 15, 2005

Filed:

Feb 27, 2002

Appl. No.:

10/085657

Inventors:

Aravind Sitaraman - Santa Clara CA, US
Craig Michael Alesso - Lake Elmo MN, US
Charles Troper Yager - Cupertino CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G06F015/173

US Classification:

709225

Abstract:

A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of VPN sessions to provide the group of users at the PoP and a dynamic VPN session count corresponding to active VPN sessions currently provided to the group of users at the PoP. The central database contains a maximum number of VPN sessions to provide the group of users over the entire data communications network and a dynamic network-wide VPN session count corresponding to active VPN sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number. The actions may include assessing extra charges, denying access, and sending warning messages to appropriate recipients.

US Patent:

6910067, Jun 21, 2005

Filed:

Jun 20, 2002

Appl. No.:

10/177395

Inventors:

Aravind Sitaraman - Santa Clara CA, US
Craig Michael Alesso - Lake Elmo MN, US
Charles Troper Yager - Cupertino CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G06F013/00

US Classification:

709203, 709217, 709227

Abstract:

A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of VPN sessions to provide the group of users at the PoP and a dynamic VPN session count corresponding to active VPN sessions currently provided to the group of users at the PoP. The central database contains a maximum number of VPN sessions to provide the group of users over the entire data communications network and a dynamic network-wide VPN session count corresponding to active VPN sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number. The actions may include assessing extra charges, denying access, and sending warning messages to appropriate recipients.

US Patent:

7246154, Jul 17, 2007

Filed:

Jun 7, 2002

Appl. No.:

10/165573

Inventors:

Aravind Sitaraman - Santa Clara CA, US
Craig Michael Alesso - Lake Elmo MN, US
Charles Troper Yager - Cupertino CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G06F 15/16

US Classification:

709217, 709245, 709238, 4554321

Abstract:

A method and apparatus for directing data network communications based on the geographic location of the user. One or the other or both of the geographic location of the local telephone access number with which the user is connected to one of a plurality of points of presence (PoPs) and the telephone number that the user is calling from to connect to the PoP is determined. This geographic location is compared to the geographic location of the home of the user. If the geographic locations differ, then it is determined that the user is a roaming user. If the user is a roaming user, then communications to the user over the data communications network are directed based at least in part upon the geographic location of the user.

US Patent:

7493395, Feb 17, 2009

Filed:

Sep 1, 2004

Appl. No.:

10/933101

Inventors:

Aravind Sitaraman - Santa Clara CA, US
Craig Michael Alesso - Lake Elmo MN, US
Charles Troper Yager - Cupertino CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G06F 15/173

US Classification:

709225, 709226, 709227

Abstract:

A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of VPN sessions to provide the group of users at the PoP and a dynamic VPN session count corresponding to active VPN sessions currently provided to the group of users at the PoP. The central database contains a maximum number of VPN sessions to provide the group of users over the entire data communications network and a dynamic network-wide VPN session count corresponding to active VPN sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number. The actions may include assessing extra charges, denying access, and sending warning messages to appropriate recipients.