Abstract: Secure network communications via a firewall device are provided between a first device and a second device, where an encryption parameter is shared by the devices. A data packet sent by the first device may then be copied within the firewall device, so that the copy of the data packet can be decrypted within a portion of the firewall device. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted. Thereafter, the original data packet can be forwarded to its originally intended recipient.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.

Abstract: Header compression system for compressing the header of the data packets of a flow transmitted from an ingress node to an egress node through a data transmission network comprising template creating means, in both ingress node and egress node, adapted for creating the same compression template from a predetermined number of uncompressed data packets at the beginning of the flow respectively transmitted by the ingress node and received by the egress node, and header compression means, in the ingress node, adapted for compressing the header of each packet following the predetermined number of uncompressed data packets before transmitting it through the data transmission network, the compression being achieved by using the compression template.

Abstract: A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

Abstract: Certain exemplary embodiments provide a method for converting data packets based upon IPv4 protocol into data packets based upon IPv6 protocol, said method comprising converting any data packet based upon the IPv4 protocol into a data packet based upon the IPv6 protocol before transmitting it to an IP switched network using information provided by an external server, and converting any data packet based upon the IPv6 protocol provided by said IP switched network into a data packet based upon the IPv4 protocol before transmitting it to a first or second workstation.

Abstract: Header compression system for compressing the header of the data packets of a flow transmitted from an ingress node to an egress node through a data transmission network comprising template creating means, in both ingress node and egress node, adapted for creating the same compression template from a predetermined number of uncompressed data packets at the beginning of the flow respectively transmitted by the ingress node and received by the egress node, and header compression means, in the ingress node, adapted for compressing the header of each packet following the predetermined number of uncompressed data packets before transmitting it through the data transmission network, the compression being achieved by using the compression template.

Abstract: Header compression system for compressing the header of the data packets of a flow transmitted from an ingress node to an egress node through a data transmission network comprising template creating means, in both ingress node and egress node, adapted for creating the same compression template from a predetermined number of uncompressed data packets at the beginning of the flow respectively transmitted by the ingress node and received by the egress node, and header compression means, in the ingress node, adapted for compressing the header of each packet following the predetermined number of uncompressed data packets before transmitting it through the data transmission network, the compression being achieved by using the compression template.

Abstract: A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

Abstract: A method for operating a node in a computer network is disclosed, where the network is made up of nodes connected by links. The method has the steps: determining an alternate path for one or more links; reserving resources for the alternate path; and rerouting traffic on the alternate path in case of a link failure. The alternate path may be periodically updated. A plurality of alternate paths may be maintained. The alternate paths may not have any links in common. User traffic may be rerouted substantially simultaneously to each link of the alternate path in the event of failure of a primary path.

Abstract: A method and system for enabling interconnection of VPNs is disclosed. An interconnection device manages an interconnection process at one or more facilities including, for example, a gateway device. The gateway device has information relating to a plurality of VPNs, and may facilitate interconnection between devices on at least two of the VPNs by determining that one device is in fact a member of a first one of the VPNs, and by forwarding connection parameters of the first VPN to the second VPN on an as-needed basis. In this way, the gateway allows interconnection without the need for a completely centralized decision-making process, and does so independently of the type of device and/or VPN(s) being used. Moreover, the gateway may implement only those VPN parameters needed by both VPNs to communicate with one another with a desired level of security, thereby simplifying the routing and forwarding processes associated with the actual communication occurring via the interconnection.

Abstract: A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

Abstract: Method for transmitting high-priority packets in an IP transmission network based upon the Internet Protocol (IP) wherein low-priority packets or fragments of packets are transmitted between a sender and a receiver and at least a high-priority packet can be transmitted from the sender to the receiver by pre-emption of a low-priority packet or a fragment of packet. the method comprises in the sender, the steps of determining whether a low-priority packet or fragment of packet is being transmitted from the sender to the receiver when a high-priority packet has to be transmitted, setting to 1 a reserved bit within the IP header of the high-priority packet used as a pre-emption indicator if a low-priority packet or fragment of packet is currently transmitted, transmitting the high-priority packet with the pre-emption indicator set to 1 from the sender to the receiver, and resuming the transmission of the low-priority packet or fragment of packet at the end of transmission of the high-priority packet.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.

Abstract: Certain exemplary embodiments provide a method for converting data packets based upon IPv4 protocol into data packets based upon IPv6 protocol, said method comprising converting any data packet based upon the IPv4 protocol into a data packet based upon the IPv6 protocol before transmitting it to an IP switched network using information provided by an external server, and converting any data packet based upon the IPv6 protocol provided by said IP switched network into a data packet based upon the IPv4 protocol before transmitting it to a first or second workstation.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus. scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.

Abstract: A method and system of transmitting data frames from a sending unit (10) to a receiving unit (12) in a data transmission network comprising at least a backbone (14) wherein the data are transmitted over high speed links enabling long Maximum Transmission Units (MTU) between an ingress node (18) connected to the sending unit by a first access link (16) and an egress node (22) connected to the receiving node by a second access link (20), with at least one of the first and second access links being a low speed access link requiring the data frames to be segmented into short MTUs between the sending unit and the ingress node and between the egress node and the receiving unit.

Abstract: Certain exemplary embodiments provide a method for converting data packets based upon IPv4 protocol into data packets based upon IPv6 protocol, said method comprising converting any data packet based upon the IPv4 protocol into a data packet based upon the IPv6 protocol before transmitting it to an IP switched network using information provided by an external server, and converting any data packet based upon the IPv6 protocol provided by said IP switched network into a data packet based upon the IPv4 protocol before transmitting it to a first or second workstation.

Abstract: A method is given for sharing reserved bandwidth between a plurality of connections issuing from a port of a node. A connection bandwidth is determined for each connection of the plurality of connections. An aggregate bandwidth is determined for all connections of the plurality of connections issuing from the port, the aggregate bandwidth being less than a sum of the connection bandwidth for all connections. The aggregate bandwidth is compared with a maximum access rate for the port, and in the event that the aggregate bandwidth does not exceed the maximum access rate, reserving the aggregate bandwidth for the port.

Abstract: A method and system for reserving a virtual connection from a source workstation to a destination workstation. Packets of data are transmitted over a network between an ingress node of the source workstation and an egress node of the destination workstation. In accordance with the method of the present invention, a reservation request is delivered from the source workstation to a reservation server. The reservation server includes a user database for storing the identification of each user allowed to access to the reservation server and also stores the rights of each user. The reservation server further includes a network database for storing the information describing a network capacity required to set up the virtual connection. A verification is then performed to determine whether or not the reservation request may be validated in view of user information within said source workstation.