Abstract: A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.

Abstract: A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.

Abstract: Data transmission system for transmitting packets of data from a source workstation (10) to a destination workstation (40) wherein the packets of data are transmitted over at least a first IP network (14) and a second IP network (30) between an ingress node (20) connected to the source workstation in the first network and an egress node (38) connected to the destination workstation in the second network. The system comprises a local reservation server (26) in the first network accessible by the source workstation and a remote reservation server (42) in the second network accessible by the local reservation server. The local reservation server includes connection setup means for setting up a virtual connection meeting a predefined requirement of Quality of Service from the ingress node to the egress node in response to a request from the source workstation and bandwidth request means for requesting additional bandwidth in the second network to the remote reservation server.

Abstract: Data communication system of the type wherein a plurality of contiguous transmission networks constitute an Autonomous System (AS) using the Open Shortest Path First (OSPF) protocol for the exchange of information. The system is divided into several areas including an area 0 or backbone responsible for distributing routing information between the other areas. The backbone is divided into two sub-areas and comprises at least a pair of adjacent splitting routers. The first splitting router is included in one sub-area and the second splitting router is included in the other sub-area. The topological data base of each splitting router is configured to define a high metric for the link between the splitting routers in order to prevent any type of data traffic other than link-state messages (LSA) from being transmitted between the splitting routers.

Abstract: The present invention is directed to a high speed packet switching network and, in particular to a method and system for minimizing the time to establish a connection between an origin and a destination node. Due to high dynamicity of the traffic on transmission links, it is important to select a routing path according to a fully up-to-date information on all network resources. The simpler approach is to calculate a new path for each new connection request. This solution may be very time consuming because there are as many path selection operations as connection set up operations. On another hand, the calculation of paths based on an exhaustive exploration of the network topology, is a complex operation which may also take an inordinate amount of resources in large networks. Many of connections originated from a network node flow to the same destination network node. It is therefore possible to take a serious benefit in reusing the same already calculated paths for several connections towards the same node.

Abstract: Method for transmitting high-priority packets in an IP transmission network based upon the Internet Protocol (IP) wherein low-priority packets or fragments of packets are transmitted between a sender and a receiver and at least a high-priority packet can be transmitted from the sender to the receiver by pre-emption of a low-priority packet or a fragment of packet. The method comprises in the sender, the steps of determining whether a low-priority packet or fragment of packet is being transmitted from the sender to the receiver when a high-priority packet has to be transmitted, setting to 1 a reserved bit within the IP header of the high-priority packet used as a pre-emption indicator if a low-priority packet or fragment of packet is currently transmitted, transmitting the high-priority packet with the pre-emption indicator set to 1 from the sender to the receiver, and resuming the transmission of the low-priority packet or fragment of packet at the end of transmission of the high-priority packet.

Abstract: A method and system of transmitting data frames from a sending unit (10) to a receiving unit (12) in a data transmission network comprising at least a backbone (14) wherein the data are transmitted over high speed links enabling long Maximum Transmission Units (MTU) between an ingress node (18) connected to the sending unit by a first access link (16) and an egress node (22) connected to the receiving node by a second access link (20), with at least one of the first and second access links being a low speed access link requiring the data frames to be segmented into short MTUs between the sending unit and the ingress node and between the egress node and the receiving unit.

Abstract: A method and system of transmitting data frames from a sending unit (10) to a receiving unit (12) in a data transmission network comprising at least a backbone (14) wherein the data are transmitted over high speed links enabling long Maximum Transmission Units (MTU) between an ingress node (18) connected to the sending unit by a first access link (16) and an egress node (22) connected to the receiving node by a second access link (20), with at least one of the first and second access links being a low speed access link requiring the data frames to be segmented into short MTUs between the sending unit and the ingress node and between the egress node and the receiving unit.

Abstract: Header compression system for compressing the header of the data packets of a flow transmitted from an ingress node to an egress node through a data transmission network comprising template creating means, in both ingress node and egress node, adapted for creating the same compression template from a predetermined number of uncompressed data packets at the beginning of the flow respectively transmitted by the ingress node and received by the egress node, and header compression means, in the ingress node, adapted for compressing the header of each packet following the predetermined number of uncompressed data packets before transmitting it through the data transmission network, the compression being achieved by using the compression template.

Abstract: Certain exemplary embodiments provide a method for converting data packets based upon IPv4 protocol into data packets based upon IPv6 protocol, said method comprising converting any data packet based upon the IPv4 protocol into a data packet based upon the IPv6 protocol before transmitting it to an IP switched network using information provided by an external server, and converting any data packet based upon the IPv6 protocol provided by said IP switched network into a data packet based upon the IPv4 protocol before transmitting it to a first or second workstation.

Abstract: Data transmission system including at least a data transmission network (10, 12), at least a server (29), a plurality of users (16, 18, 20) able to be connected to the server in order to get data from it and at least a user being able to initiate a denial of service attack, the system further including a security network manager (30) and at least a detecting device for detecting abnormal operating conditions with respect to an operation of the system defined by predetermined parameters and transmitting detection messages to the security network manager, the security network manager activating filtering actions upon receiving the detection messages.

Abstract: A method for transmitting data frames with compressed headers in a multiprotocol data transmission network comprising at least one ingress node transmitting data to egress nodes. Each frame of data includes data bytes and a header which defines the transmission protocols.

Abstract: A system for providing prioritized queue management within a data transmission network node that supports different types of data frame traffic is disclosed herein. The system includes a frame buffer for storing an incoming frame that has an identifiable frame type. A queue is pre-associated with the frame type of the incoming frame such that upon arrival of the frame at the network node, the queue stores a location address at which the frame is stored within the frame buffer such that the frame is maintained within the queue. The queue that contains the frame is stored within a frame table. Processing means are provided for determining a time at which the queue forwards the frame from the frame buffer in accordance with a pre-determined sub-queue priority list. The system further includes time metering means associated with the frame for temporally assigning the frame to a virtual sub-queue among multiple virtual sub-queues that are associated with the queue.

Abstract: Disclosed herein is a connection bandwidth management process and system for use in a high speed packet switching network. The network comprises a plurality of switching nodes interconnected through a plurality of communication links. Each of the switching nodes comprises means for switching packets from at least one input link to at least one output link. Each of the output links are coupled to at least one buffer in the switching node for queuing packets before they are transmitted over the output link. Each of the communication links supports the traffic of a plurality of user connections statistically multiplexed over the link. Each user connection is allocated an initial agreed-upon bandwidth through the network, with each of the communication links being possibly oversubscribed.

Abstract: The present invention provides a secure definition of VPNs and configuration of devices that manage or handle these VPNs. The proposed invention provides a method to securely manage the definition of the configuration of the network devices in agreement with the above requirements for customers and providers, and provides, in addition, a method to perform the verification of implemented rules and parameters against stored and certified information. In the proposed method, digital certificates can be employed to define and certify configuration information.

Abstract: A method and system for enabling interconnection of VPNs is disclosed. An interconnection device manages an interconnection process at one or more facilities including, for example, a gateway device. The gateway device has information relating to a plurality of VPNs, and may facilitate interconnection between devices on at least two of the VPNs by determining that one device is in fact a member of a first one of the VPNs, and by forwarding connection parameters of the first VPN to the second VPN on an as-needed basis. In this way, the gateway allows interconnection without the need for a completely centralized decision-making process, and does so independently of the type of device and/or VPN(s) being used. Moreover, the gateway may implement only those VPN parameters needed by both VPNs to communicate with one another with a desired level of security, thereby simplifying the routing and forwarding processes associated with the actual communication occurring via the interconnection.

Abstract: A method for operating a node in a computer network is disclosed, where the network is made up of nodes connected by links. The method has the steps: determining an alternate path for one or more links; reserving resources for the alternate path; and rerouting traffic on the alternate path in case of a link failure. The alternate path may be periodically updated. A plurality of alternate paths may be maintained. The alternate paths may not have any links in common. User traffic may be rerouted substantially simultaneously to each link of the alternate path in the event of failure of a primary path.