Abstract: A computing device configured for wireless communication may effectively control adaptation to channel conditions. The device may be configured to identify and classify conditions impacting performance of a channel so that appropriate adaptations may be made. Interference may be detected by correlating received signal strength and packet errors. High received signal strength correlated to a high packet error rate may signify presence of a source of interference. Once a source of interference is detected, other criteria may be used to determine the nature of the interference so that an adaptation that is minimally disruptive of applications can be selected. Additionally, channel degradation may be predicted by monitoring trends in error rates, including Forward Error Correction rates, and adaptation may be used before packet error rates exceed an unacceptable level.

Abstract: A communication device cognitively monitors interference signals across a communication band so that adaptations for physical and medium access control (MAC) of data packet transmissions are appropriate for a particular interference signal. Characteristics of an interference signal of interest (e.g., bandwidth, power and/or duration relative to an average data packet transmitted over a communication channel of the communication device) are sensed for an appropriate adaptation (e.g., forward error correction, modulation technique, back off, request to send/clear to send protocol, etc.). Patterns for known types of interference sources can be compared so that when recognized an associated adaptation can be used.

Abstract: A computing device configured for wireless communication may effectively control adaptation to channel conditions. The device may be configured to identify and classify conditions impacting performance of a channel so that appropriate adaptations may be made. Interference may be detected by correlating received signal strength and packet errors. High received signal strength correlated to a high packet error rate may signify presence of a source of interference. Once a source of interference is detected, other criteria may be used to determine the nature of the interference so that an adaptation that is minimally disruptive of applications can be selected. Additionally, channel degradation may be predicted by monitoring trends in error rates, including Forward Error Correction rates, and adaptation may be used before packet error rates exceed an unacceptable level.

Abstract: A system is provided for establishing a secure link among multiple users on a single machine with a remote machine. The system includes a subsystem to filter traffic so that traffic from each user is separate. The subsystem generates and associates a Security Association (SA) with at least one filter corresponding to the user and the traffic, and employs the SA to establish the secure link. An Internet Key Exchange module and a policy module may be included to generate and associate the security association, wherein the policy module is configured via Internet Protocol Security (IPSEC).

Abstract: Each node or link of an ad hoc network assists in the distributed allocation of a data channel to increase fairness, even in a multi-hop network, by tracking a measure of link weight for itself and sharing this information over a control channel with neighboring nodes. The metric can be provided over a dedicated control channel, added as a header to data communication on a data channel, or inferred by monitoring data traffic from the neighboring node. The link weight can be adjusted by a link quality factor based on provided or inferred metrics such as transmission rates, ratio of transmission errors, idle time, etc. For multiple flow queues at a subject node, one with a higher transmission rate can be selected for increased fairness. When a packet is received, medium access includes allocating bandwidth, including bonding multiple frequencies that are determined to be available to both nodes.

Abstract: Network devices access a communications network and engage in secure associations with one or more network access points upon authenticating the access points and upon verifying the discovery information that is broadcast by the access point. Once a secure association is created, management frames that are subsequently transmitted between the network devices and the access points and that are used to control the secure association are verified to further enhance the security of the communications network.

Abstract: A policy server program evaluates one or more policy statements based on the group or groups to which a user belongs as well as other conditions. Each policy statement expresses an implementation of the access policy of the network, and is associated with a profile. The profile contains one or more actions that are to be applied to the user. The policy server program determines the identity of the group or groups to which the user belongs by referencing one or more group attributes contained in a user object which is located in a directory on the network. The user object and its group parameters are established when the user is added to the directory, while a policy statement for a group can be created at any time.

Abstract: Systems and methods are provided for transmitting data on a wireless network. Some embodiments provide a technique whereby a type is determined for the transmission, at least one metric is determined for the transmission based at least in part on the transmission type and/or an indication of conditions on the channel on which the transmission is to be performed, at least one transmission parameter to be used in performing the transmission is selected to optimize the at least one metric, and the data is transmitted in accordance with the at least one transmission parameter.

Abstract: The principles of the present invention relate to systems, methods, and computer program products for more efficiently and securely authenticating computing systems. In some embodiments, a limited use credential is used to provision more permanent credentials. A client receives a limited-use (e.g., a single-use) credential and submits the limited-use credential over a secure link to a server. The server provisions an additional credential (for subsequent authentication) and sends the additional credential to the client over the secure link. In other embodiments, computing systems automatically negotiate authentication methods using an extensible protocol. A mutually deployed authentication method is selected and secure authentication is facilitated with a tunnel key that is used encrypt (and subsequently decrypt) authentication content transferred between a client and a server. The tunnel key is derived from a shared secret (e.g., a session key) and nonces.

Abstract: A communication device cognitively monitors interference signals across a communication band so that adaptations for physical and medium access control (MAC) of data packet transmissions are appropriate for a particular interference signal. Characteristics of an interference signal of interest (e.g., bandwidth, power and/or duration relative to an average data packet transmitted over a communication channel of the communication device) are sensed for an appropriate adaptation (e.g., forward error correction, modulation technique, back off, request to send/clear to send protocol, etc.). Patterns for known types of interference sources can be compared so that when recognized an associated adaptation can be used.

Abstract: Each node or link of an ad hoc network assists in the distributed allocation of a data channel to increase fairness, even in a multi-hop network, by tracking a measure of link weight for itself and sharing this information over a control channel with neighboring nodes. The metric can be provided over a dedicated control channel, added as a header to data communication on a data channel, or inferred by monitoring data traffic from the neighboring node. The link weight can be adjusted by a link quality factor based on provided or inferred metrics such as transmission rates, ratio of transmission errors, idle time, etc. For multiple flow queues at a subject node, one with a higher transmission rate can be selected for increased fairness. When a packet is received, medium access includes allocating bandwidth, including bonding multiple frequencies that are determined to be available to both nodes.

Abstract: Disclosed are methods for a client, having established one set of security keys, to establish a new set without having to communicate with an authentication server. When the client joins a group, master session security keys are derived and made known to the client and to the group's access server. From the master session security keys, the access server and client each derive transient session security keys, used for authentication and encryption. To change the transient session security keys, the access server creates “liveness” information and sends it to the client. New master session security keys are derived from the liveness information and the current set of transient session security keys. From these new master session security keys are derived new transient session security keys. This process limits the amount of data sent using one set of transient session security keys and thus limits the effectiveness of any statistical attacker.

Abstract: A computing device configured for wireless communication may effectively control adaptation to channel conditions. The device may be configured to identify and classify conditions impacting performance of a channel so that appropriate adaptations may be made. Interference may be detected by correlating received signal strength and packet errors. High received signal strength correlated to a high packet error rate may signify presence of a source of interference. Once a source of interference is detected, other criteria may be used to determine the nature of the interference so that an adaptation that is minimally disruptive of applications can be selected. Additionally, channel degradation may be predicted by monitoring trends in error rates, including Forward Error Correction rates, and adaptation may be used before packet error rates exceed an unacceptable level.

Abstract: A computing device configured for wireless communication may effectively control adaptation to channel conditions. The device may be configured to identify and classify conditions impacting performance of a channel so that appropriate adaptations may be made. Interference may be detected by correlating received signal strength and packet errors. High received signal strength correlated to a high packet error rate may signify presence of a source of interference. Once a source of interference is detected, other criteria may be used to determine the nature of the interference so that an adaptation that is minimally disruptive of applications can be selected. Additionally, channel degradation may be predicted by monitoring trends in error rates, including Forward Error Correction rates, and adaptation may be used before packet error rates exceed an unacceptable level.

Abstract: A system for maintaining network information. The system resides in a network comprising a plurality of sub-networks in communication with one another over a communications backbone. Each sub-network has a router for use in performing communications with other sub-networks. A directory service is linked to the communications backbone and includes a database. The database stores router attribute information that is published by each of the routers. Using a query engine associated with the directory service, meaningful information can be gathered from the database as a function of specified router attribute information.

Abstract: A trust web keying process provides secure peer networking of computing devices on an open network. A device is initially keyed at distribution to an end user or installer with a device-specific cryptographic key, and programmed to respond only to peer networking communication secured using the device's key. The device-specific key is manually entered into a keying device that transmits a re-keying command secured with the device-specific key to the device for re-keying the device with a group cryptographic key. The device then securely peer networks with other devices also keyed with the group cryptographic key, forming a trust web. Guest devices can be securely peer networked with the trust web devices via a trust web gateway.

Abstract: An abstraction module that facilitates security configuration amongst a number of initiators in a manner that there are no conflicts in the security information across all initiators. The abstraction module exposes a common interface that may be used to configure any of the initiators, receives through this common interface an indication that a selected one of the initiators is to be configured to communicate with a selected target device, and retrieves security information from a common database, the database including information that is relevant to configuring security for any of the plurality of initiators. The abstraction module identifies a security configuration for the selected initiator using the retrieved security information and, if the settings would not cause a conflict with any of the other of the initiators, uses the identified security configuration to configure the selected initiator.

Abstract: A computer system attempts to authenticate with a server to gain authorization to access a first network. It is determined by the server that the computer system is not authorized to access the first network. The computer system is given authorization to access a second network for at least the purpose of downloading files (e.g., signup and configuration files) needed to access the first network. A user-interface for receiving user-entered signup information is automatically presented at the computer system. A first schema-based document including user-entered information is transferred to the server. If the server determines that the user-entered information is appropriate, a second-schema document, which includes an indication of authorization to access the first network (e.g., a user-identifier and password), is received. A third schema-based document is executed at the computer system to compatibly configure the computer system for accessing the first network.

Abstract: A trust web keying process provides secure peer networking of computing devices on an open network. A device is initially keyed at distribution to an end user or installer with a device-specific cryptographic key, and programmed to respond only to peer networking communication secured using the device's key. The device-specific key is manually entered into a keying device that transmits a re-keying command secured with the device-specific key to the device for re-keying the device with a group cryptographic key. The device then securely peer networks with other devices also keyed with the group cryptographic key, forming a trust web. Guest devices can be securely peer networked with the trust web devices via a trust web gateway.

Abstract: A policy server program evaluates one or more policy statements based on the group or groups to which a user belongs as well as other conditions. Each policy statement expresses an implementation of the access policy of the network, and is associated with a profile. The profile contains one or more actions that are to be applied to the user. The policy server program determines the identity of the group or groups to which the user belongs by referencing one or more group attributes contained in a user object which is located in a directory on the network. The user object and its group parameters are established when the user is added to the directory, while a policy statement for a group can be created at any time.