Abstract: The invention provides an arrangement for managing a network security application comprising a full management user interface for conducting management operations for the network security application, and a limited management user interface for conducting a limited number of management operations of the full management user interface for the network security application over a wireless remote connection.

Abstract: A method and apparatus for the specification and automatic generation of user interfaces of information system (computer programs) is provided. The method is based in pattern language to specify requirements in an un-ambiguous mode and with precise semantics. The pattern language allows a user interface model to be composed using elements of the pattern language (computer objects in the object oriented programming style) which fully specify the desired user interface. The semantics of the objects in the user interface model have one and only one definition such that user interface model can be validated in a validation process. The validation process eliminates bugs in the final computer program code which is automatically produced from the user interface model.

Abstract: A method for handling dynamic state information used for handling data packets, which arrive at a network element node of a network element cluster, said network element cluster having at least two nodes and each node handling separate sets of data packets. In a node there is maintained 206 a first, node-specific data structure comprising entries representing state information needed for handling sets of data packets handled in said node. In said node there is also maintained 208 a second, common data structure comprising at least entries representing state information needed for handling sets of data packets handled in one other node of said network element cluster. The contents of said common data structure effectively differs from the contents of said node-specific data structure. Data packets are distributed 202, 204 to nodes of the cluster by means of distribution identifiers allocated 200 to nodes.

Abstract: Processing of data packets within a network element cluster having a plurality of network element nodes is described. The network element cluster has a cluster network address common to said plurality of nodes. Distribution decisions are determined for first data packets, a first data packet being a data packet initiating opening of a packet data connection to said cluster network address, according to predetermined criteria. For each node of the network element cluster those first data packets, which are to be processed in said particular node, are selected according to the distribution decisions. Node-specific lists about opened packet data connections for which a node is responsible are maintained, and using these node-specific lists second data packets, which are data packets relating to any opened packet data connection specified in a node-specific list, are processed.

Abstract: A system to automatically gather attribute data about elements such as networks, network interface cards, operating systems, device types, installed software, processes in execution, financial data, etc. in an organization or a designated subset of the organization. Fingerprint files are used, each fingerprint file corresponding to an element of a specific type and each containing a list of attributes that will be found if that element exists in the system. Each fingerprint contains or points to one or more collection instructions which control a data collector process to attempt to gather attribute data. Each fingerprint contains or points to rules that are used to analyze the attribute data gathered to calculate the probability that the element exists. The rules can be fired sequentially, in if-then-else fashion or can be incorporated in a script in loops and with mathematical manipulations, tests and branching for more sophisticated analysis.

Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.

Abstract: The invention relates to methods for selection of packet transmission routes between two network sites in a case, in which the sites are connected to the rest of the network via a plurality of connections each. According to the invention, the source network site is arranged to select which connection is used at the source end and which connection is used at the destination end, and base the selections at least partly on the basis of a round trip time value and a packet success rate value. The selection criteria can advantageously be time dependent.

Abstract: The invention is related to structures used for providing fault tolerance in computer data networks. According to the invention, fault tolerance is achieved by redundancy, i.e. by using at least two network nodes in parallel. The network nodes have at least two physical network interface to a network, only one of which is active during normal operation. In the case of two network nodes being used, both of these have two physical network interfaces to the same network. A first network interfaces on the first node has the same IP and MAC address as one interface on the second node, and the second network interface on the first node has the same IP and MAC address as the other interface on the second node. The IP and MAC addresses of the two interfaces of each node are different, whereby the two nodes provide a first IP address and a corresponding first MAC address, and a second IP address and a corresponding second MAC address.

Abstract: An impulse detector which can detect both low and high levels of impulse noise in a CDMA system is comprised of circuitry to calculate the background noise level in unused codes. Another circuit calculates the average noise power in the unused codes of each spreading interval to output the noise power per spreading interval. This average is continuously averaged over spreading intervals by another circuit which outputs the average background noise power. A comparator compares the noise power in the current spreading interval with the background noise power plus a programmable threshold and generates an erasure indication if the background noise power plus a discrimination threshold is exceeded.

Abstract: The invention relates to methods for transmission of data, more particularly for transmission of data in clustered structures in IP networks. According to the invention, the cluster units are configured to be members of an IP multicast group specific to the cluster. The switch or switches directly connected to the cluster units are arranged to monitor multicast group membership reports from the cluster units, and therefore obtain knowledge about which ports of the switch or switches are connected to cluster units. Advantageously, the switch or switches may also send membership queries to find out, which ports are connected to members of the cluster multicast group. Consequently, when the switch receives a packet with a multicast MAC address and the IP address of the cluster, the switch sends the packet to only those ports to which cluster units are connected, and not to all ports of the switch as according to the prior art.

Abstract: An interleaver for any modem or transmitter which transmits digital data. The interleaver eliminates the iterative divide step of a first prior art method to calculate the final depth of each block and the divide followed by a multiply step of a second prior art method. This is done by calculating the minimum depth, i.e., number of rows, for each 2-D block of data using a divide step and retaining the remainder. The remainder is used to determine how many blocks get an extra row when the burst length and width of each row precludes all blocks from having the same number of rows.

Abstract: For achieving packet authentication according to an applicable security policy between a sending node (903) and a receiving node (902) in a network, the following steps are taken: the transformations occurring to a packet en route between the sending node and the receiving node are discovered dynamically (1003, 1004), the discovered transformations are checked (1004) to be acceptable based on the applicable security policy, and the dynamically discovered, acceptable transformations are compensated for (1004, 1006) before authenticating packets transmitted from the sending node to the receiving node.