Jane J Jin

US Patent:

6381646, Apr 30, 2002

Filed:

Nov 3, 1998

Appl. No.:

09/186214

Inventors:

Shujin Zhang - San Mateo CA
Jane Jiaying Jin - San Jose CA
Jie Chu - Los Altos CA
Maria Alice Dos Santos - Redwood City CA
Shuxian Lou - San Jose CA

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G06F 1516

US Classification:

709227, 709244, 709245, 709249

Abstract:

Multiple simultaneous network connections from a single PPP connection may be accomplished. A primary PPP connection is established between a user and a first network. A first real network address for the user is then received, the first real network address assigned by the first network. Then, the gateway may establish a secondary network session between a gateway and a second network, receiving a second real network address assigned by the second network. Additional network connections may be added as secondary network sessions. Network address translation is then performed on packets traveling between the user and any of the secondary network sessions, but not on packets traveling between the user and the primary PPP connection. This allows for connection to multiple networks without disturbing the primary PPP session and also allows for the utilization of applications which may not be used with network address translation on the primary PPP session.

US Patent:

6396833, May 28, 2002

Filed:

Dec 2, 1998

Appl. No.:

09/204639

Inventors:

Shujin Zhang - San Mateo CA
Xi Xu - Milpitas CA
Maria Alice Dos Santos - Redwood City CA
Jane Jiaying Jin - San Jose CA
Jie Chu - Los Altos CA
Shuxian Lou - San Jose CA

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

H04L 1256

US Classification:

370392, 370401

Abstract:

A gateway is provided which routes a packet sent from a user to the connected network which would maximize the chances that the packet arrives at its destination in the quickest way possible. This is accomplished by extracting a source address from the packet; searching through one or more per-user routing tables to find a per-user routing table corresponding to the source address, the per-user routing table containing a list of currently accessible networks for the user and the range of network addresses corresponding to the currently accessible networks; extracting a destination address from the packet; traversing the entries of the matching per-user routing table, looking for a range of network addresses containing the destination address; routing the packet to a matching network if the destination address is contained within one of the ranges of network addresses for the currently accessible networks; and routing the packet to a default network if the destination address is not contained within one of the ranges of network addresses for the currently accessible networks. The gateway may also avoid the drawbacks of using hops in transporting packets to a destination by looking up the destination network in a table, each entry in the table having a router network address corresponding to each network currently accessible; establishing a tunneling session to the matching router network address; and forwarding the packet to the router network address through the tunneling session.

US Patent:

6490289, Dec 3, 2002

Filed:

Nov 3, 1998

Appl. No.:

09/186213

Inventors:

Shujin Zhang - San Mateo CA
Jane Jiaying Jin - San Jose CA
Jie Chu - Los Altos CA
Maria Alice Dos Santos - Redwood City CA
Shuxian Lou - San Jose CA

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

H04C 1266

US Classification:

370401, 709227

Abstract:

Multiple simultaneous network connections from a single PPP connection may be accomplished by utilizing a gateway in the following manner. A first network connection is established between the gateway and a first network. A first real network address for the user is then received, the first real network address assigned by the first network. Then, the gateway may establish a network session between the gateway and a second network and receive a second real network address for the user, the second real network address assigned by the second network. A virtual network address may be assigned to the user for network address translation purposes. Additional network connections may be added in a similar manner. Network address translation is then performed on packets traveling between the user and any of the network sessions. This allows each of the simultaneous network connections to gain the benefits of network address translation.

US Patent:

6643782, Nov 4, 2003

Filed:

Jun 14, 2001

Appl. No.:

09/882256

Inventors:

Jane Jiaying Jin - San Jose CA
Jie Chu - Los Altos CA
Maria Alice Dos Santos - Redwood City CA
Shuxian Lou - San Jose CA
Xi Xu - Milpitas CA
Shujin Zhang - San Mateo CA

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

G06F 932

US Classification:

713201

Abstract:

A method for providing single step log-on access for a subscriber to a computer network. The computer network is differentiated into public and private areas. Secure access to the private areas is provided by a Service Selection Gateway (SSG) Server, introduced between a conventional Network Access Server (NAS) and an Authentication Authorization and Accounting (AAA) Server. The SSG Server intercepts and manipulates packets of data exchanged between the NAS and the AAA Server to obtain all the information it needs to automatically log the user on when the user logs on to the NAS. An authorized user is thus spared the task of having to re-enter username and password data or launch a separate application in order to gain secure access to private areas of the network.

US Patent:

6917617, Jul 12, 2005

Filed:

Dec 16, 1998

Appl. No.:

09/215630

Inventors:

Jane Jiaying Jin - San Jose CA, US
Jie Chu - Los Altos CA, US
Maria Alice Dos Santos - Redwood City CA, US
Shuxian Lou - San Jose CA, US
Shujin Zhang - San Mateo CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

H04L012/54

US Classification:

37039521, 709223

Abstract:

Certain bits of a packet, such as bits in the IP header of an IP packet, are used to designate the type of service or Quality of Service (QoS) level to be afforded to the packet as it passes through a data communications network. A user entitled to a certain QoS level logs into a service selection gateway SSG. The SSG queries an authentication, authorization and accounting (AAA) server in response to a log-in attempt by the user. Upon authorization, the AAA server returns an access accept signal in addition to an indication from the user's service profile (user profile) as to the QoS level to be afforded the user. While the user is logged in, all packets are routed through the SSG. The SSG sets the certain bits of the packet in accordance with the user's assigned QoS level so that as the packets are routed through the data communications network, they are consistently afforded the assigned Quality of Service level. In another aspect of the invention, on-demand QoS may be provided by the SSG and accounted for by communications with the AAA server.

US Patent:

6966004, Nov 15, 2005

Filed:

Aug 14, 2003

Appl. No.:

10/642534

Inventors:

Jane Jiaying Jin - San Jose CA, US
Jie Chu - Los Altos CA, US
Maria Alice Dos Santos - Redwood City CA, US
Shuxian Lou - San Jose CA, US
Xi Xu - Milpitas CA, US
Shujin Zhang - San Mateo CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

H04L009/32
G06F015/16

US Classification:

713201, 709228

Abstract:

A method for providing single step log-on access for a subscriber to a computer network. The computer network is differentiated into public and private areas. Secure access to the private areas is provided by a Service Selection Gateway (SSG) Server, introduced between a conventional Network Access Server (NAS) and an Authentication Authorization and Accounting (AAA) Server. The SSG Server intercepts and manipulates packets of data exchanged between the NAS and the AAA Server to obtain all the information it needs to automatically log the user on when the user logs on to the NAS. An authorized user is thus spared the task of having to re-enter username and password data or launch a separate application in order to gain secure access to private areas of the network.

US Patent:

6982978, Jan 3, 2006

Filed:

Feb 28, 2002

Appl. No.:

10/086396

Inventors:

Shujin Zhang - San Mateo CA, US
Xi Xu - Milpitas CA, US
Maria Alice Dos Santos - Redwood City CA, US
Jane Jiaying Jin - San Jose CA, US
Jie Chu - Los Altos CA, US
Shuxian Lou - San Jose CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

H04L 12/56

US Classification:

370392, 370401

Abstract:

A gateway is provided which routes a packet sent from a user to a connected network utilizing a per-user routing table. This is accomplished by extracting a source address from the packet; finding a per-user routing table corresponding to the source address, the per-user routing table containing entries corresponding to one or more currently accessible networks for the user and the range of network addresses corresponding to the currently accessible networks; extracting a destination address from the packet; seeking an entry in the matching per-user routing table with a range of network addresses containing the destination address; routing the packet to a matching network if the destination address is contained within one of the ranges of network addresses for the currently accessible networks; and routing the packet to a default network if the destination address is not contained within one of the ranges of network addresses for the currently accessible networks. This allows different users to have access to a different set of networks and allows a user to select the network he wishes to access. The gateway may also guarantee that packet are routed through a particular destination ISP or network by looking up the destination ISP or network in a table, each entry in the table having a router network address corresponding to each network currently accessible; establishing a tunneling session to the matching router network address; and forwarding the packet to the router network address through the tunneling session.

US Patent:

7408940, Aug 5, 2008

Filed:

Dec 28, 2004

Appl. No.:

11/024589

Inventors:

Jane Jiaying Jin - San Jose CA, US
Jie Chu - Los Altos CA, US
Maria Alice Dos Santos - Redwood City CA, US
Shuxian Lou - San Jose CA, US
Shujin Zhang - San Mateo CA, US

Assignee:

Cisco Technology, Inc. - San Jose CA

International Classification:

H04L 12/54

US Classification:

37039521, 709223

Abstract:

Certain bits of a packet, such as bits in the IP header of an IP packet, are used to designate the type of service or Quality of Service (QoS) level to be afforded to the packet as it passes through a data communications network. A user entitled to a certain QoS level logs into a service selection gateway SSG. The SSG queries an authentication, authorization and accounting (AAA) server in response to a log-in attempt by the user. Upon authorization, the AAA server returns an access accept signal in addition to an indication from the user's service profile (user profile) as to the QoS level to be afforded the user. While the user is logged in, all packets are routed through the SSG. The SSG sets the certain bits of the packet in accordance with the user's assigned QoS level so that as the packets are routed through the data communications network, they are consistently afforded the assigned Quality of Service level. In another aspect of the invention, on-demand QoS may be provided by the SSG and accounted for by communications with the AAA server.