Abstract: A method includes establishing an application layer transport layer security (ATLS) connection between a network device and a cloud server by sending, from the network device, TLS records in transport protocol (e.g., HTTP) message bodies to the cloud server, the ATLS connection transiting at least one transport layer security (TLS) proxy device, receiving, from the cloud server via the ATLS connection, an identifier for a certificate authority, establishing a connection with the certificate authority associated with the identifier and, in turn, receiving from the certificate authority credentials to access an application service different from the cloud server and the certificate authority, and connecting to the application service using the credentials received from the certificate authority.

Abstract: A method includes establishing an application layer transport layer security (ATLS) connection between a network device and a cloud server by sending, from the network device, TLS records in transport protocol (e.g., HTTP) message bodies to the cloud server, the ATLS connection transiting at least one transport layer security (TLS) proxy device, receiving, from the cloud server via the ATLS connection, an identifier for a certificate authority, establishing a connection with the certificate authority associated with the identifier and, in turn, receiving from the certificate authority credentials to access an application service different from the cloud server and the certificate authority, and connecting to the application service using the credentials received from the certificate authority.

Abstract: In one embodiment, a beacon signal is received from a beacon device. Either a mobile device or a server identifies a beacon authentication value from the beacon signal. Either the mobile device or the server calculates a local verification value from a security algorithm. A comparison of the authentication value to the local verification value is performed, and a location service is provided based on the comparison.

Abstract: In one embodiment, a beacon signal is received from a beacon device. Either a mobile device or a server identifies a beacon authentication value from the beacon signal. Either the mobile device or the server calculates a local verification value from a security algorithm. A comparison of the authentication value to the local verification value is performed, and a location service is provided based on the comparison.

Abstract: In one embodiment, an endpoint elicits a pattern of STUN responses to identify security devices located on a call path. The endpoint then uses address information from the identified security devices to establish an efficient media flow with a remote endpoint. The endpoint can optimize the number of network devices and network paths that process the endpoint's keepalive message. Additionally, the endpoint may request custom inactivity timeouts with each of the identified security devices for reducing bandwidth consumed by keepalive traffic.

Abstract: In one embodiment, an endpoint elicits a pattern of STUN responses to identify security devices located on a call path. The endpoint then uses address information from the identified security devices to establish an efficient media flow with a remote endpoint. The endpoint can optimize the number of network devices and network paths that process the endpoint's keepalive message. Additionally, the endpoint may request custom inactivity timeouts with each of the identified security devices for reducing bandwidth consumed by keepalive traffic.

Abstract: A security policy enables security devices to forward ICE messages. The security policy may use protection tokens to prevent Denial of Service (DoS) attacks. This allows endpoints to use Interactive Connectivity Establishment (ICE) to enable multimedia communications across Network Address Translators (NATs) and other security devices.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with load balancing across multiple network address translation (NAT) instances and/or processors. N network address translation (NAT) processors and/or instances are each assigned a portion of the source address traffic in order to load balance the network address translation among them. Additionally, the address space of translated addresses is partitioned and uniquely assigned to the NAT processors and/or instances such that the identification of the assigned NAT processor and/or instance associated with a received translated address can be readily determined there from, and then used to network address translate that received packet.

Abstract: Authenticating an endpoint using a STUN server includes facilitating a communication session between a first endpoint and a second endpoint over a network. A challenge request is sent to the second endpoint. The challenge request attempts to authenticate the second endpoint and includes an identification. The identification is associated with an expected response identification. A response to the challenge request is received from the second endpoint. The response has an actual response identification. The received response is verified to establish whether the second endpoint is legitimate. The second endpoint is legitimate if the actual response identification includes the expected response identification.

Abstract: The present invention provides a mechanism for categorizing telephone calls and for providing special information about calls that appear on call lists maintained in a telephone. The invention provides for both providing an indication and for providing an action. When an entry on a call list is highlighted (in a conventional manner), pressing one key adds a flag to the entry on the call list to indicate that follow up action is required. Pressing a second key initiates an action such as attaching a reminder so that the user will be reminded to take action later. Pressing a third key will provide a text message balloon indicating information about the call. The flags and text messages can be added by either the called party or the calling party.

Abstract: In an example embodiment, a technique that allows a device unable to display a confirmation value and/or unable to receive a keyed data entry to confirm a generated confirmation value with a confirmation value produced by a second device. The confirmation value is output one character at a time. For example, for performing a six digit numerical comparison (NC), each digit is presented one at a time enabling a user to compare the output digit with the corresponding digit output by the second device.

Abstract: Nodes in an Internet Protocol (IP) network receive probe packets configured to travel over particular IP media paths. The probe packets cause the network nodes to send media path reports to a logging system. The media path reports contain information identifying the different nodes in the media path. The logging system can reconstruct the network topology of a particular media path from the media path reports which can then be used for debugging purposes. In one embodiment the probe packets are Resource Reservation Setup Protocol (RSVP) packets configured for media path probing.

Abstract: Techniques for using call history for voice data over a packet-switched network includes receiving call history data that indicates a redirected network identity that served as a target of a particular voice data session from a particular calling party. The redirected network identity is different from both a caller network identity that identifies the particular calling party, and a current target network identity that identifies a current target party of the particular voice data session. A call history display composition is formed that indicates at least that the redirected network identity exists. The call history display composition is presented for viewing by at least one of the particular calling party and the current target party. These technique allow a party to redirected communications to easily call or save the network address of a former target of the call.

Abstract: A system and method for displaying sticky notes on a phone are provided. The system for displaying sticky notes on a phone includes a processing system and a controller. The processing system includes a processor that is coupled to a display icon and user input device, to enter and display the sticky notes on the phone. The controller classifies the entered sticky notes on the basis of the action to be performed on them. These sticky notes may be classified, based on user identification associated with a multi-user phone.

Abstract: A system and method allowing control of VoIP communications by configuring a Network Address Translator (NAT) is provided. In a first NAT configuration, such a port-restricted NAT, peer-to-peer Voice over Internet Protocol (VoIP) communications are permitted between a VoIP originator and a receiver. In a second NAT configuration, such as a symmetrical NAT, peer-to-peer communications are not possible without further cooperation of the NAT. In this manner, an entity that has control of the NAT, such as an ISP, is able to have a degree of control over traffic using network resources such as bandwidth.

Abstract: A system for storing information in a network. The system includes one or more network elements and a message adapted for transfer between the one or more network elements. A mechanism selectively augments the message with information pertaining to a state associated with the one or more network elements. In one embodiment, the system includes space within the message for accommodating one or more state vias containing the state information. One or more computers associated with the one or more network elements are adapted to update the message with state information pertaining to each of the one or more network elements that receives the message via the network.

Abstract: Disclosed are, inter alia, methods, apparatus, computer-storage media, mechanisms, and means associated with load balancing across multiple network address translation (NAT) instances and/or processors. N network address translation (NAT) processors and/or instances are each assigned a portion of the source address traffic in order to load balance the network address translation among them. Additionally, the address space of translated addresses is partitioned and uniquely assigned to the NAT processors and/or instances such that the identification of the assigned NAT processor and/or instance associated with a received translated address can be readily determined there from, and then used to network address translate that received packet.

Abstract: A method for authenticating communication traffic includes receiving a Session Initiation Protocol (SIP) data packet sent over a network from a source address to a destination address, sending an outgoing SIP message to the source address, receiving an incoming SIP message in response to the outgoing SIP message and processing the incoming SIP response message so as to assess authenticity of the received SIP data packet.

Abstract: A system and method for protecting confidential user information employed in an electronic transaction. The system and method provide for associating an expiration time/time period, use or other use-limiting authorization indicator with a credit card or other user information to be transferred to a user information recipient, in conjunction with a product/service payment or other business transaction with a hosted contact center. Embodiments of the invention further provide for forming a limited-use indicator, such as a use-limiting token, by associating a transaction agent indicator and a use-limiting indicator with the user information, and for verifying a limited use indicator received from a contact center agent and determining according to such indicator, in addition to any ordinary verification that might also be conducted, whether the use limitation has been met and whether the transaction should be authorized in accordance with the use limitation.

Abstract: In an example embodiment, a technique that allows a device unable to display a confirmation value and/or unable to receive a keyed data entry to confirm a generated confirmation value with a confirmation value produced by a second device. The confirmation value is output one character at a time. For example, for performing a six digit numerical comparison (NC), each digit is presented one at a time enabling a user to compare the output digit with the corresponding digit output by the second device.