Patent application number | Description | Published |
20160119838 | EFFICIENT ROAMING OF MOBILE CLIENTS - The present disclosure discloses a method and a network device for efficient mobile client device roaming in a wireless local area network with multiple access points. Specifically, a network device determines a first received signal strength value for a first set of signals transmitted between a client device and a first access point during a first time period; and, determines a second received signal strength value for a second set of signals transmitted between a client device and the access point during a second time period. Based on the first and the second signal strength values, the network device computes a change in signal strength value corresponding to wireless communication between the client device and the first access point. Based on the change in signal strength value, the network device selects the access point from a plurality of access points for providing network access to the client device. | 04-28-2016 |
20160127475 | Leak-Proof Classification for an Application Session - The present disclosure discloses a system and method for classifying an application session for forwarding or refrain from forwarding to a client. Generally, classifying an application session includes: receiving a first request from a client device at a first network device; transmitting, by the first network device, a second request to obtain classification information corresponding to the first request; forwarding, by the first network device, the first request from the client device prior to receiving the classification information corresponding to the first request; receiving, by the first network device, the classification information corresponding to the first request; receiving, by the first network device, a first response corresponding to the forwarded first request; and based on the classification information, forwarding or refraining from forwarding the first response to the client device. | 05-05-2016 |
Patent application number | Description | Published |
20150319042 | Virtual Local Area Network Mismatch Detection in Networks - The present disclosure discloses a method and network device for providing VLAN mismatch detection in networks. Specifically, a network device monitors a plurality of packets received by a first device from a second device to identify a first set of VLAN identifiers indicated by at least one of the plurality of packets. The network device receives from a third device at least one packet tagged with a particular VLAN identifier, whereas the at least one packet to be forwarded by the first device to the second device. The network device then determines whether the particular VLAN identifier is included in the first set of VLAN identifiers indicated by at least one of the plurality of packets received by the first device from the second device. If the particular VLAN identifier is not included in the first set of VLAN identifiers, the network device presents a notification. | 11-05-2015 |
20160036634 | ZERO TOUCH CONFIGURATION SUPPORT FOR UNNIVERSAL SERIAL BUS MODEM ON A NETWORK DEVICE - The present disclosure discloses a method and a network device for zero touch configuration support for universal serial bus (USB) modem on a network device. Specifically, an access point determines an identifier of a network device connected to the access point, and location information corresponding to the access point. Based at least on the identifier of the network device and the location information corresponding to the access point, the access point selects a particular configuration, of a plurality of configurations, for the network device. Specifically, the particular configuration selected for the network device is suitable for a geographical location associated with the location information. | 02-04-2016 |
20160036794 | DETERMINING WHETHER TO USE A LOCAL AUTHENTICATION SERVER - The present disclosure discloses a method and a system for determining whether to use a local authentication server. Specifically, a first network device executing a first authentication server receives a request for authentication from a client device. The first network device determines whether the client device was previously successfully authenticated by a second authentication server executing on a second network device within a particular period of time. If so, the first network device attempts to authenticate the client device using the first authentication server. Otherwise, the first network device declines the request for authentication from the client device. | 02-04-2016 |
20160119278 | METHOD TO DISTRIBUTE A CENTRALIZED SERVICE - A network device may detect packets being transmitted on a network to obtain detected packets, identify Internet Protocol (IP) addresses corresponding to the detected packets, and identify candidate IP subnets that do not include any IP address in the IP addresses corresponding to the detected packets. A particular IP subnet may be selected from the set of candidate IP subnets for allocation to a set of target devices. A network device may identify a set of candidate Internet Protocol (IP) subnets, select a particular IP subnet from the set of candidate IP subnets, and transmit, to other network devices, an advertisement including an intent to use the particular IP subnet. Responsive to determining that none of the other network devices are using the particular IP subnet, the network device may select the particular IP subnet for allocating to a set of target devices. | 04-28-2016 |
Patent application number | Description | Published |
20130103836 | Centralized Configuration with Dynamic Distributed Address Management - The present disclosure discloses a network device and/or method for centralized configuration with dynamic distributed address management. The disclosed network device receives, at a first network node, a range of sub network addresses and a specified size for a sub network. The disclosed network device then divides the range of sub network addresses into a plurality of sub-ranges of sub network addresses based on the specified size. Further, the network device allocates the plurality of sub-ranges of sub network addresses to a plurality of sub networks, and transmits an allocated sub-range of sub network addresses to a corresponding sub network at a second network node through an established secure communication channel. Moreover, the network device can retrieve a profile template that includes the range of sub network addresses and the specified size of the sub network; and create a profile based on the profile template. | 04-25-2013 |
20130201979 | Method and System for Partitioning Wireless Local Area Network - The present disclosure discloses a method and system for partitioning WLAN in order to separate network traffic from different WLANs. Specifically, a network device receives a packet from a client connected to a first network device on an access network. The network device then determines that the received packet is associated with a VLAN that is pre-configured on the first network device based on the access network to which the client is connected. Furthermore, the network device transmits the packet to a MAC layer switching device, which is not configured with the VLAN that is pre-configured on the network device. The packet includes one of a DHCP discovery message, an ARP request message, a unicast message, a multicast message, and a broadcast message. The unicast message will be transmitted to the second network device on the pre-configured VLAN prior to being transmitted to another network device outside the pre-configured VLAN. | 08-08-2013 |
20140082060 | Provisioning Remote Access Points - Provisioning remote access points for use in a telecommunication network. A remote access point contains identity information established during manufacturing; this identity information may be in the nature of a digital certificate. The identity information is stored in the remote access point, and may be stored in a Trusted Platform Module if present. When the remote access node is powered up in unprovisioned state, outside the manufacturing environment, it attempts to establish an internet connection via a first wired interface, and queries a user for information representing the TCP/IP address of its controller via a second wired interface. Once an internet connection is present, and a TCP/IP address has been provided, the remote access point attempts to connect to the controller at that address. Once a connection is established, controller and access point exchange and verify each other's identities. | 03-20-2014 |
20140269648 | Distributed Network Layer Mobility for Unified Access Networks - The present disclosure discloses a method and network device providing distributed network layer mobility for unified access networks. The method eliminates the need for a secure tunnel between a home network device and a foreign network device when a client roams from the home network device to the foreign network device. The disclosed network device receives an association request from a client device in a wireless network; identifies a first wireless virtual local area network (VLAN) that the client device is assigned to; and, allows traffic to or from the client device to be transmitted via the network device on the first wireless VLAN, wherein traffic on at least a second wireless VLAN is transmitted via the network device and segregated from the traffic on the first wireless VLAN. | 09-18-2014 |
20150120864 | NETWORK DEVICE WORKLOAD BALANCING - A method and computer readable medium for network device workload balancing, including: selecting a particular network device for storing client information associated with a client device; subsequent to the client device disassociating with a first network device, receiving, by the particular network device from the first network device, the client information; and responsive to the client device associating with a second network device: transmitting, by the particular network device, the client information to the second network device, where the client device does not associate with the particular network device between associating with the first network device and the second network device. | 04-30-2015 |
20150120911 | METHOD AND SYSTEM FOR NETWORK SERVICE HEALTH CHECK AND LOAD BALANCING - A non-transitory computer readable medium includes instructions which, when executed by one or more network devices, causes performance of operations. The operations include sending, to shared devices, one or more status queries regarding one or more device conditions for each of the shared devices, obtaining responses to the one or more status queries from each of the plurality of shared devices, the responses including the one or more device conditions for each of the shared devices, filtering the shared devices based on the one or more device conditions to obtain a subset of the shared devices, identifying the subset of the shared devices as a set of available shared devices, and transmitting information identifying the set of available shared devices to a client device. | 04-30-2015 |
20150120951 | METHOD AND SYSTEM FOR CONTROLLING ACCESS TO SHARED DEVICES - A non-transitory computer readable medium includes computer readable program code including instructions for subsequent to a client device associating with an access point, receiving a request for a set of allowed shared devices, removing, by the access point and to obtain the set of allowed shared devices, a shared device from a set of shared devices based on a client device user of the client device failing to have a permission required by a device sharing policy of the shared device, and transmitting the set of allowed shared devices to the client device. | 04-30-2015 |
20150222527 | METHOD AND SYSTEM FOR IMPLEMENTING A PRIORITY FOR ACCESS POINTS - A non-transitory computer readable medium includes instructions which, when executed by one or more hardware processors, cause performance of operations including determining a priority level for an Access Point (AP). Subsequent to determining the priority level for the AP, the instructions further cause performance of operations including receiving multiple packets, determining one or more transmission parameters for transmitting the packets based at least in part on the priority level of the AP, and transmitting the packets using the one or more transmission parameters that were determined based at least in part on the priority level of the AP. | 08-06-2015 |
20150236911 | DETECTING CHARACTERISTICS OF A DATA PATH LOOP ON A NETWORK - Methods and systems are described for detecting data path loops between ports on a device in a network system. Data path loops may be detected by first detecting data path loop characteristics exhibited by ports on a device. Upon detection of data path loop characteristics, the existence of a data path loop may be verified through the transmission of a broadcast packet through the potentially loopy ports. By first detecting characteristics of a data path loop and thereafter confirming the presence of a loop, the methods and systems described herein ensure that anomalies in data packet and/or port movement are not the product of configuration changes in the network system, but are instead the result of data path loops. By more intelligently identifying data path loops, false positives may be reduced. | 08-20-2015 |
20150237002 | Centralized Configuration with Dynamic Distributed Address Management - The present disclosure discloses a network device and/or method for centralized configuration with dynamic distributed address management. The disclosed network device receives, at a first network node, a range of sub network addresses and a specified size for a sub network. The disclosed network device then divides the range of sub network addresses into a plurality of sub-ranges of sub network addresses based on the specified size. Further, the network device allocates the plurality of sub-ranges of sub network addresses to a plurality of sub networks, and transmits an allocated sub-range of sub network addresses to a corresponding sub network at a second network node through an established secure communication channel. Moreover, the network device can retrieve a profile template that includes the range of sub network addresses and the specified size of the sub network; and create a profile based on the profile template. | 08-20-2015 |
Patent application number | Description | Published |
20100027480 | Assigning Slots in a Mesh Network - Assigning slots to nodes in a mesh network. Slot numbers are assigned to nodes in a wireless mesh network using a depth-first search combined with information on 2-hop neighborhoods for each node. Assigning slots using 2-hop neighborhood information allows slots to be safely reused. The slot assignment process may take process in parallel using different wireless channels for different subtrees rooted to a controller. Slot assignment may be repeated when the mesh topology changes. Reporting using the slot numbers allows for information from child nodes to be aggregated or filtered at parent nodes. | 02-04-2010 |
20110252237 | Authorizing Remote Access Points - Authorizing remote access points for use in a network: A remote access point contains identity information established during manufacturing; this identity information may be in the nature of a digital certificate which can be used to establish a secure connection between networked entities. After the remote access point is provisioned to communicate securely to a controller using its TCP/IP address provided by a user, the remote access point is put into an un-authorized state by the controller pending further authorization. The user is presented with a secure captive portal page authenticating the end-user. This authorization may be through entering a user name and password, through presenting a certificate, through two-factor methods, or other methods known to the art. User's authentication credentials are verified by the controller. Optionally this verification can be performed using a per-user certificate. After the remote access point has been authorized, the controller marks it verified as a fully functional node, and saves this state. The user performing the authorization is associated with the remote access point, and may be used to monitor the usage and potentially revoke the authorization. The remote access point is provisioned with the current provisioning parameters for the remote access point as configured by the IT administrator for the end user, so that each remote access point can have unique per-user configuration applied. | 10-13-2011 |
20120039218 | Assigning Slots in a Mesh Network - Assigning slots to nodes in a mesh network. Slot numbers are assigned to nodes in a wireless mesh network using a depth-first search combined with information on 2-hop neighborhoods for each node. Assigning slots using 2-hop neighborhood information allows slots to be safely reused. The slot assignment process may take process in parallel using different wireless channels for different subtrees rooted to a controller. Slot assignment may be repeated when the mesh topology changes. Reporting using the slot numbers allows for information from child nodes to be aggregated or filtered at parent nodes. | 02-16-2012 |
Patent application number | Description | Published |
20120166515 | Providing and Resolving an IP Address for Swarm-Based Services - Providing and maintaining an IP address for swarm-based services. A swarm is a group of digital devices operating cooperatively on a network, such as a group of wireless access points. Services may be distributed over members of the swarm, with each service having a master which is hosted on one member of the swarm. The master broadcasts a periodic heartbeat, advertising its service and the address of the host member. If a swarm member fails to hear a particular service's heartbeat for a predetermined interval, it broadcasts a message announcing its intent to be master for the service. If the swarm member does not receive any other broadcasts from members indenting to take the role of master for the service, it takes over the role of master for the service and begins broadcasting periodic heartbeats identifying itself as the service master. If multiple swam members broadcast their intent to become master of the same service, a resolution protocol is invoked and one swarm member is selected to be master. In operation, each member of the swarm maintains a table of services and the address of the swarm member hosting the service; this information is obtained from the periodic heartbeats broadcast by each service master. When a swarm member receives a service request, the request is either redirected to the service master, or the request is terminated at the swarm member and handled. | 06-28-2012 |
20120166519 | Provisioning a Swarm - Provisioning access points operating in a swarm. A swarm is a plurality of digital devices, such as access points, connected using a digital network and operating in a cooperative manner. When an access point (AP) is first powered up, it lacks provisioning information such as channel numbers, power levels, SSIDS, security settings, and so on. The process of supplying this information required to get the AP operating as part of a network is called provisioning. An unprovisioned AP in a swarm first attempts to obtain a DHCP address. Once it gets a DHCP address or selects an address such as from the link-address (169.254.xx.xx) group, it advertises a predetermined wireless SSID which is only used for provisioning the swarm. The swarm | 06-28-2012 |
20120243456 | Bridge Mode Firewall Mobility - Mobility of firewall rules for clients moving among bridge AP nodes in a wireless network. APs operate in bridge mode. A wireless client C is associated with a first AP. As part of that association, the first AP establishes and maintains personal firewall rules and state for client C. When wireless client C associates with a second AP in the L2 domain, the second AP sends session request to other APs. This may be in the form of a multicast message. Optionally, the second AP may send a unicast message to the first AP indicating that client C has associated with the second AP. APs receiving the multicast session request message for client C check their tables to see if they have stored firewall or other state for client C. APs having storied firewall or other state for client C send session response messages to the second AP containing stored firewall sessions and other state for client C. When the second AP receives a session response, it sends an acknowledgement to the AP which sent the response. When the AP, such as the first AP, receives the acknowledgement, it may remove all stored state for client C. If the second AP receives session response messages for client C from multiple APs, it acknowledges each, and creates session entries and state using the oldest rules in the session response messages. Flags may be logically ORed together. | 09-27-2012 |
20130003654 | Mesh Node Role Discovery and Automatic Recovery - Embodiments of the present disclosure provide for configuring and managing mesh nodes during occasional failure of mesh nodes or addition of new mesh nodes. The disclosed system first determines whether a mesh node is a mesh portal or a mesh point. If it is a mesh portal, the mesh node will advertise its capacity as a mesh portal to other mesh nodes in the network. If it is a mesh point, the mesh node attempts to automatically recover connection to the wireless mesh network if it identifies a unique wireless network based on its associated network identifier. If more than one network identifiers are discovered, the mesh node delays establishing connection to the wireless mesh network until a selection is received. | 01-03-2013 |
20130201978 | Method and System for Partitioning Wireless Local Area Network - The present disclosure discloses a method and system for partitioning WLAN in order to separate network traffic from different WLANs. Specifically, a network device receives a packet from a client connected to a first network device on an access network. The network device then determines that the received packet is associated with a VLAN that is pre-configured on the first network device based on the access network to which the client is connected. Furthermore, the network device transmits the packet to a MAC layer switching device, which is not configured with the VLAN that is pre-configured on the network device. The packet includes one of a DHCP discovery message, an ARP request message, a unicast message, a multicast message, and a broadcast message. The unicast message will be transmitted to the second network device on the pre-configured VLAN prior to being transmitted to another network device outside the pre-configured VLAN. | 08-08-2013 |
20130268660 | Providing and Resolving an IP Address for Swarm-Based Services - According to one embodiment of the disclosure, a non-transitory computer readable medium (CRM) comprising instructions, which when executed by one or more hardware processors, causes performance of operations comprising: listening, by a first digital device in a group of digital devices, for any advertisement for a particular service; responsive to the first digital device not receiving any advertisement for the particular service for a predetermined period of time: transmitting, by the first digital device, a first advertisement for the particular service; and providing, by the first digital device, the particular service. | 10-10-2013 |
20150038188 | Task Processing and Resource Sharing in a Distributed Wireless System - The present disclosure discloses a system and method for task processing and resource sharing in a distributed wireless system. The system includes a processor and a memory storing instructions that, when executed, cause the system to: identify a plurality of nodes in a distributed wireless system, each node of the plurality of nodes associated with a radio frequency neighborhood, the radio frequency neighborhood of one node including one or more other nodes that hear beacons from the one node; assign a task to the plurality of nodes; split the task into a plurality of subtasks; assign the plurality of subtasks to the plurality of nodes; receive a plurality of subtask processing results from the plurality of nodes; and combine the plurality of subtask processing results to generate a task processing result for the task. | 02-05-2015 |
20150117420 | Communicating with a Distribution System via an Uplink Access Point - The present disclosure discloses a system and method for communicating with a distribution system via an uplink access point. The system includes a processor and a memory storing instructions that, when executed, cause the system to: receive, at a first network device, an original packet from a client device; identify a source MAC address of the original packet as a MAC address of the client device; identify an IP address of the original packet as an IP address of the client device; generate a modified packet from the original packet by changing the source MAC address from the MAC address of the client device to a MAC address of the first network device; preserve the IP address in the modified packet to be the IP address of the client device; and forward the modified packet from the first network device to a second network device. | 04-30-2015 |
Patent application number | Description | Published |
20100062415 | Pathogen Detection Biosensor - The invention described herein provides methods for the detection of target particles, such as pathogens, soluble antigens, nucleic acids, toxins, chemicals, plant pathogens, blood borne pathogens, bacteria, viruses and the like. Also described is an emittor cell comprising a receptor, wherein the receptor can be an antibody or an Fc receptor, and an emittor molecule for the detection of a target particle in a sample wherein the target particle to be detected is bound by one or more receptors on the emittor cell. Also provided are optoelectronic sensor devices for detecting a target particle in a sample, including in a plurality of samples. | 03-11-2010 |
20120225423 | PATHOGEN DETECTION BIOSENSOR - The invention described herein provides methods for the detection of target particles, such as pathogens, soluble antigens, nucleic acids, toxins, chemicals, plant pathogens, blood borne pathogens, bacteria, viruses and the like. Also described is an emittor cell comprising a receptor, wherein the receptor can be an antibody or an Fc receptor, and an emittor molecule for the detection of a target particle in a sample wherein the target particle to be detected is bound by one or more receptors on the emittor cell. Also provided are optoelectronic sensor devices for detecting a target particle in a sample, including in a plurality of samples. | 09-06-2012 |