Vinod Kumar Dashora

US Patent:

7568217, Jul 28, 2009

Filed:

Mar 20, 2003

Appl. No.:

10/394289

Inventors:

Ranjan Prasad - Fremont CA, US
Vinod Dashora - Mountain View CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G06F 15/16

US Classification:

726 3

Abstract:

A role based access control system is described that assigns roles, which otherwise are mutually exclusive, to users based on detecting designated conditions when the user initiates actions or operations on the network. The assignment of the role to a particular user may be conditional upon one or more such designated conditions occurring. In particular, two roles that are mutually exclusive of one another may be occupied by one user for purpose of performing specified operations upon designated conditions being detected when the user initiates one or more of the specified operations. Business rules specify conditions for assigning the conditional roles.

US Patent:

7792975, Sep 7, 2010

Filed:

Mar 12, 2007

Appl. No.:

11/717504

Inventors:

Vinod Dashora - Fremont CA, US
Subramanian Srinivasan - San Jose CA, US
Sandeep Kumar - Cupertino CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G06F 15/16

US Classification:

709228, 709203, 709227

Abstract:

A networking device comprises an interface configured to receive and transmit data from and to a network; policy data configured to specify, for one or more application-layer messages, a session key that uniquely identifies an application session associated with the application-layer messages; logic encoded in one or more media for execution and when executed operable to receive a particular application-layer message through the interface, generate a particular session key for the particular application-layer message based on the policy data, and provide the particular session key to a message processing function.

US Patent:

8266327, Sep 11, 2012

Filed:

Jun 15, 2006

Appl. No.:

11/455011

Inventors:

Sandeep Kumar - Cupertino CA, US
Rajesh Raman - San Jose CA, US
Vinod Dashora - Fremont CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G06F 15/16
G06F 15/173
H04L 29/06
H04L 9/32

US Classification:

709250, 709223, 709227, 709229, 713156, 713170

Abstract:

A network infrastructure element such as a router or switch performs brokering network user identity and credential information. An application or administrative user can declare a policy for user identity information extraction, authentication and authorization. Based on the policy, the network element extracts user identity information or credentials from a transport-layer message header, application-layer message header, and message body. Based on the policy, the network element performs one or more authentication or authorization operations with the user identity information or credentials. As a result, a network element can broker identity information among incompatible applications and perform identity operations for the applications.

US Patent:

8458467, Jun 4, 2013

Filed:

Apr 5, 2006

Appl. No.:

11/398983

Inventors:

Vinod Dashora - Fremont CA, US
Sandeep Kumar - Cupertino CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

H04L 29/06
G06F 15/16

US Classification:

713167, 713151, 713152, 713153, 713154, 713160, 713165, 713170, 726 1, 726 3, 726 11, 726 12, 726 13, 726 14, 726 26

Abstract:

Application message payload data elements are transformed within a network infrastructure element such as a packet data router or switch. The network element has application message transformation logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer or above; extracting an application message payload from the input application message; identifying one or more first content elements in the application message payload; transforming the first content elements into one or more second content elements of an output application message; and forwarding the output application message to a destination that is identified in the input application message. Transformations performed in the network element can include field reordering, field enrichment, field filtering, and presentation transformation.

US Patent:

8613056, Dec 17, 2013

Filed:

May 26, 2006

Appl. No.:

11/441594

Inventors:

Sandeep Kumar - Cupertino CA, US
Vinod K. Dashora - Fremont CA, US
Subramanian N. Iyer - Santa Clara CA, US
Yuquan Jiang - Fremont CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

H04L 29/06

US Classification:

726 5, 726 13

Abstract:

User credentials are validated within a network infrastructure element such as a packet data router or switch. The network element has authentication and authorization logic for receiving one or more packets representing an input application message logically associated with OSI network model Layer 5 or above; extracting user credentials from the one or more packets; authenticating an identity associated with the user credentials; authorizing privileges to the identity; and forwarding the application message to an intended destination if the identity is successfully authenticated and/or authorized. The authentication and authorization logic in the network element can invoke extension authentication and authorization methods that may be provisioned after the network element is deployed in a networked system.

US Patent:

20090119762, May 7, 2009

Filed:

Mar 6, 2008

Appl. No.:

12/043701

Inventors:

Allan Thomson - Pleasanton CA, US
Matthew Glenn - San Francisco CA, US
Prabandham Madan Gopal - Los Altos CA, US
Vinod Dashora - Fremont CA, US
Neeraj Purandare - San Jose CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

H04L 9/32

US Classification:

726 7

Abstract:

A network access system. In particular implementations, a method includes monitoring, responsive to a network access request of a client, an authentication session between an authentication server and the client, and determining user credential information associated with a user of the client based on one or more messages of the authentication session. The method also includes accessing, using the user credential information, physical entry information indicating a physical location of the user relative to a defined perimeter, and conditionally allowing the client access to a network based on the physical entry information and a successful authentication of the client.

US Patent:

61150398, Sep 5, 2000

Filed:

Mar 14, 1997

Appl. No.:

8/819578

Inventors:

Phillip Earl Karren - Provo UT
Vinod Kumar Dashora - American Fork UT
Bryan Keith Walton - Lindon UT
Ramprasad Siva Golla - San Jose CA
Paul F. MacKay - Provo UT
Allen Clay Tietjen - Springville UT

Assignee:

Novell, Inc. - Provo UT

International Classification:

G06F 314

US Classification:

345335

Abstract:

A method and apparatus for creating a non-native display is disclosed. A display application is loaded having a plurality of native window classes, a window frame, and a display bar located within the window frame. One of the native window classes is associated with a non-native window class by passing a value from a non-native file to the display application. A composite child window is created having a non-native display configuration. The composite child window is located within the window frame of the display application. The process of creating the composite child window involves the steps of creating an instance of the associated native window class, and creating an instance of the non-native window class. The display bar owned by the display application is controlled using the composite child window.