Dynamic Control of Endpoint Profiling

US 20160366040A1
Filed: 06/09/2015
Published: 12/15/2016
Est. Priority Date: 06/09/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

at a server in communication with a network device that has network connectivity to one or more endpoint devices;

receiving from the network device a packet that includes a Media Access Control (MAC) address of an endpoint device;

determining whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices;

extracting from the packet one or more attributes that carry further descriptive information of the endpoint device;

determining based on the MAC address and the one or more attributes whether the endpoint device can be classified at a level of granularity according to a policy rule;

if the endpoint device cannot be classified at the level of granularity, dynamically selecting a probe function based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device;

obtaining one or more additional attributes from operation of a selected probe function from the dynamically selecting; and

repeating the determining whether the endpoint device can be classified, the dynamically selecting and the obtaining until the endpoint device can be classified at the level of granularity, if possible.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A server is in communication with a network device that has network connectivity to an endpoint device. The server receives from the network device a packet that includes a Media Access Control (MAC) address of the endpoint device. A determination is made as to whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices. One or more attributes that carry further descriptive information of the endpoint device are extracted from the packet. It is determined based whether the endpoint device can be classified at a level of granularity according to a policy rule. If the endpoint device cannot be classified at the level of granularity, a probe function is dynamically selected based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device.

11 Citations

View as Search Results

20 Claims

1. A method comprising:
- at a server in communication with a network device that has network connectivity to one or more endpoint devices;
  
  receiving from the network device a packet that includes a Media Access Control (MAC) address of an endpoint device;
  
  determining whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices;
  
  extracting from the packet one or more attributes that carry further descriptive information of the endpoint device;
  
  determining based on the MAC address and the one or more attributes whether the endpoint device can be classified at a level of granularity according to a policy rule;
  
  if the endpoint device cannot be classified at the level of granularity, dynamically selecting a probe function based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device;
  
  obtaining one or more additional attributes from operation of a selected probe function from the dynamically selecting; and
  
  repeating the determining whether the endpoint device can be classified, the dynamically selecting and the obtaining until the endpoint device can be classified at the level of granularity, if possible.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising sending to the network device a message indicating the selected probe function to use for the endpoint device, and receiving from the network device data collected by the network device based on the selected probe function.
  - 3. The method of claim 1, further comprising sending to the network device a message containing configuration information for the selected probe function.
  - 4. The method of claim 1, wherein the dynamically selecting comprises applying forward and backward inference analysis based on attributes collected on the endpoint device and any remaining ambiguity to be resolved for the endpoint device.
  - 5. The method of claim 4, wherein the repeating is performed until a probe function is selected that can capture a single candidate attribute that resolves any remaining ambiguity for the endpoint device.
  - 6. The method of claim 1, wherein dynamically selecting includes selecting a probe function that uses a particular communication protocol for communicating with the endpoint device based on the one or more attributes obtained for the endpoint device.
  - 7. The method of claim 1, wherein the particular communication protocol is proprietary to a manufacturer of the endpoint device.
  - 8. The method of claim 1, wherein determining further includes determining if there is a match of the one or more attributes in the packet and stored information containing tags associated with particular types of endpoint devices.
  - 9. The method of claim 1, further comprising:
    - analyzing the one or more attributes which indicate that the endpoint device is using a new version of a particular operating system; and
      
      storing information indicating a configuration to recognize the new version of the particular operating system.

10. An apparatus comprising:
- a network interface unit configured to enable communications over a network, including communication with a network device that has network connectivity to one or more endpoint devices; and
  
  a processor coupled to the network interface unit and configured to;
  
  receive from the network device a packet that includes a Media Access Control (MAC) address of an endpoint device;
  
  determine whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices;
  
  extract from the packet one or more attributes that carry further descriptive information of the endpoint device;
  
  determine based on the MAC address and the one or more attributes whether the endpoint device can be classified at a level of granularity according to a policy rule;
  
  if the endpoint device cannot be classified at the level of granularity, dynamically select a probe function based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device;
  
  obtain one or more additional attributes from operation of a selected probe function; and
  
  repeat the operations to determine whether the endpoint device can be classified, dynamically select a probe function and obtain the one or more additional attributes until the endpoint device can be classified at the level of granularity, if possible.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The apparatus of claim 10, wherein the processor is configured dynamically select the probe function by applying forward and backward inference analysis based on attributes collected on the endpoint device and any remaining ambiguity to be resolved for the endpoint device.
  - 12. The apparatus of claim 11, wherein the processor is configured to repeat until a probe function is selected that can capture a single candidate attribute that resolves any remaining ambiguity for the endpoint device.
  - 13. The apparatus of claim 10, wherein the processor is configured to dynamically select a probe function that uses a particular communication protocol for communicating with the endpoint device based on one or more attributes obtained for the endpoint device.
  - 14. The apparatus of claim 10, wherein the processor is configured to determine if there is a match of the one or more attributes in the packet and stored information containing tags associated with particular types of endpoint devices.
  - 15. The apparatus of claim 10, wherein the processor is configured to:
    - analyze the one or more attributes which indicate that the endpoint device is using a new version of a particular operating system; and
      
      store information indicating a configuration to recognize the new version of the particular operating system.

16. A system comprising:
- a network device that has network connectivity to one or more endpoint devices; and
  
  a server in communication with the network device, wherein the server is configured to;
  
  receive from the network device a packet that includes a Media Access Control (MAC) address of an endpoint device;
  
  determine whether at least a portion of the MAC address matches stored information for MAC addresses of known endpoint devices;
  
  extract from the packet one or more attributes that carry further descriptive information of the endpoint device;
  
  determine based on the MAC address and the one or more attributes whether the endpoint device can be classified at a level of granularity according to a policy rule;
  
  if the endpoint device cannot be classified at the level of granularity, dynamically select a probe function based on the one or more attributes extracted from the packet and the MAC address to collect additional data about the endpoint device;
  
  obtain one or more additional attributes from operation of a selected probe function; and
  
  repeat the operations to determine whether the endpoint device can be classified, dynamically select a probe function and obtain the one or more additional attributes until the endpoint device can be classified at the level of granularity, if possible.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the server is configured to configured dynamically select the probe function by applying forward and backward inference analysis based on attributes collected on the endpoint device and any remaining ambiguity to be resolved for the endpoint device.
  - 18. The system of claim 17, wherein the server is configured to repeat until a probe function is selected that can capture a single candidate attribute that resolves any remaining ambiguity for the endpoint device.
  - 19. The system of claim 16, wherein the server is configured to select a probe function that uses a particular communication protocol for communicating with the endpoint device based on one or more attributes obtained for the endpoint device.
  - 20. The system of claim 16, wherein the server is configured to determine if there is a match of the one or more attributes in the packet and stored information containing tags associated with particular types of endpoint devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Wong, Pok Sze, Nampelly, Ramesh

Granted Patent

US 9,813,324 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2101/604   Address structures or formats

H04L 2101/622   Layer-2 addresses, e.g. med...

H04L 41/0806   for initial configuration o...

H04L 43/12   Network monitoring probes

H04L 43/50   Testing arrangements

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 69/22   Parsing or analysis of headers

Dynamic Control of Endpoint Profiling

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic Control of Endpoint Profiling

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links