Abstract: A software defined network service (SDNS) node for altering a logical flow of data packets in a network to accommodate predetermined ordered service chains, comprising a receiver configured to receive an encapsulated data packet comprising a tag via a encapsulated tunnel from another SDNS node, wherein the tag identifies an ordered service chain or a next hop in the ordered service chain, a processor coupled to the receiver and configured to decapsulate the encapsulated data packet, and a transmitter coupled to the processor and configured to forward the decapsulated data packet to a service device attached to the SDNS node when the processor determines, based on the tag, that a service on the service device should be applied to the data packet.

Abstract: A software defined network service (SDNS) node for altering a logical flow of data packets in a network to accommodate predetermined ordered service chains, comprising a receiver configured to receive an encapsulated data packet comprising a tag via a encapsulated tunnel from another SDNS node, wherein the tag identifies an ordered service chain or a next hop in the ordered service chain, a processor coupled to the receiver and configured to decapsulate the encapsulated data packet, and a transmitter coupled to the processor and configured to forward the decapsulated data packet to a service device attached to the SDNS node when the processor determines, based on the tag, that a service on the service device should be applied to the data packet.

Abstract: A software defined network service (SDNS) node for altering a logical flow of data packets in a network to accommodate predetermined ordered service chains, comprising a receiver configured to receive an encapsulated data packet comprising a tag via a encapsulated tunnel from another SDNS node, wherein the tag identifies an ordered service chain or a next hop in the ordered service chain, a processor coupled to the receiver and configured to decapsulate the encapsulated data packet, and a transmitter coupled to the processor and configured to forward the decapsulated data packet to a service device attached to the SDNS node when the processor determines, based on the tag, that a service on the service device should be applied to the data packet.

Abstract: In one embodiment, a method includes electronically prompting, in response to a triggering event, a participant connected to a conference session via a corresponding endpoint device to enter an affirmative response in order to continue attending the conference session. The participant is disconnected from the conference session in the event that the affirmative response is not received within a predetermined time period. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure.

Abstract: An apparatus comprising a processor configured to obtain user biometric recognition data from a first user device, map the user biometric recognition data to an identity, correlate the identity with an active user session previously associated with a second user device, associate the active user session with the first user device, and instruct the first user device to continue the active user session on the first user device.

Abstract: According to one embodiment, a method for removing authentication of a supplicant includes monitoring communication between the supplicant and an authenticator. The method also includes determining, based on the monitored communication, the MAC address for the supplicant and an attachment port of the supplicant to the intermediate network device disposed between the supplicant and the authenticator through which the monitored communication occurs. The method also includes determining that the supplicant no longer has a link connection with the intermediate network device, and in response, sending via the intermediate network device a logoff message having a spoofed source address of the supplicant to the authenticator.

Abstract: A software defined network service (SDNS) node for altering a logical flow of data packets in a network to accommodate predetermined ordered service chains, comprising a receiver configured to receive an encapsulated data packet comprising a tag via a encapsulated tunnel from another SDNS node, wherein the tag identifies an ordered service chain or a next hop in the ordered service chain, a processor coupled to the receiver and configured to decapsulate the encapsulated data packet, and a transmitter coupled to the processor and configured to forward the decapsulated data packet to a service device attached to the SDNS node when the processor determines, based on the tag, that a service on the service device should be applied to the data packet.

Abstract: A system and method for selectively controlling traffic in a network to improve network performance. The system includes a network controller that includes a first control-traffic prioritizer. An Access Point (AP) includes a second control-traffic prioritizer and communicates with the network controller. One or more clients communicate with the AP. The communications behavior of the client is affected by operations of the first control-traffic prioritizer and the second control-traffic prioritizer.

Abstract: Link layer authentication information is supplied by a link layer authentication device to an access router for tracking IP address usage by a client device. The authentication information supplied to the access router includes an authenticated client identifier and a corresponding authenticated link identifier for the client device that attached to the network based on the authenticated link identifier. The access router, in response to receiving a message that specifies the authenticated link identifier and a source IP address, adds the source IP address to a cache entry that specifies the authenticated client identifier and the corresponding authenticated link identifier, and outputs to an audit resource a record that specifies the source IP address and the authenticated link identifier.

Abstract: A method and system is disclosed for creating and tracking network sessions. A request to access a network is received from an entity. The entity is authenticated after the request is received. Authenticated identity information associated with the entity, network address information associated with the entity, and network location information associated with the entity is collected. An information set is created. The information set comprises and binds together the authenticated identity information, the network address information, and the network location information. The information set indicates a present association among the authenticated identity information, the network address information, and the network location information. The information set is stored in a session record in a centralized database. The session record represents a session in which the entity accesses the network. The session record is one of a plurality of session records that are stored in the centralized database.

Abstract: A system for interfacing different types of network communications. In one embodiment, the system includes one or more gateways capable of converting messages from messages that are adapted for a first type of network and/or destination device to messages that are adapted for a second type of network and/or destination device. The second type of network and/or destination device includes a first Voice Over Internet Protocol (VOIP) communications device. A message-analysis module is adapted to employ an address associated with the message to selectively forward the message to one or more of the one or more gateways and/or to a destination device. In a more specific embodiment, the first type of network includes a packet-switched network in communication with the first VOIP phone. The destination device includes a mobile phone in communication with a cellular network.

Abstract: Techniques for security protection of a wireless network are provided. An access point is operated in a first mode. The first mode is a mode of operation that allows access to resources of a network. A security event for a client is detected while operating the access point in the first mode. Then, the access point is changed from the first mode of operation to a second mode of operation. The second mode is a restricted mode of operation that restricts access to resources of the network. Analysis may then be performed to determine if the client is an unauthorized client or valid client.

Abstract: A method, a system, a machine-readable medium, and an apparatus for managing storage on a shared storage space, for example, on an email server, are provided. A plurality of emails is compared. If the content of each of the plurality of emails is the same, then a single copy is stored on the email server. Further, each recipient of the plurality of emails is enabled access to the stored email via a link to the single copy. Additionally, one or more attachments of the plurality of emails are compared. If an attachment is the same in each of the plurality of emails, then it is stored as a single copy. Further, a link is inserted in each of the plurality of emails, enabling access to the attachment from the single copy.

Abstract: Disclosed are apparatus and methods for authenticating a device to access a network through an access control port. In one embodiment, one or more first authentication packets for authenticating a first device or user to access a first network domain via a particular access port of a network device are received, for example, by an access control port. The particular access port is configured to control access for packets attempting to ingress into one or more network domains. When the first device or user is authorized to access the first domain, a first binding between the first device and the first domain is formed. The first binding specifies that the first device is allowed to access the first domain and the first binding is associated with the particular access port of the network device. When a packet is received that is attempting to ingress into the first domain and the ingressing packet matches the first binding, the ingressing packet is allowed to access the first domain.

Abstract: A technique optimizes the distribution of authenticated users among a plurality of broadcast domains, such as virtual local area networks (VLAN). Users are dynamically assigned to different broadcast domains based on various factors, including but not limited to the number of authenticated users already participating in each broadcast domain, the available bandwidth in each broadcast domain, user classes associated with users participating in each broadcast domain, etc. Based on one or more of these factors, authenticated users are optimally distributed (“load balanced”) among the plurality of broadcast domains, thereby reducing the amount of broadcast traffic and configuration within each domain.

Abstract: In one embodiment, a method includes electronically prompting, in response to a triggering event, a participant connected to a conference session via a corresponding endpoint device to enter an affirmative response in order to continue attending the conference session. The participant is disconnected from the conference session in the event that the affirmative response is not received within a predetermined time period. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure.

Abstract: Techniques for security protection of a wireless network are provided. An access point is operated in a first mode. The first mode is a mode of operation that allows access to resources of a network. A security event for a client is detected while operating the access point in the first mode. Then, the access point is changed from the first mode of operation to a second mode of operation. The second mode is a restricted mode of operation that restricts access to resources of the network. Analysis may then be performed to determine if the client is an unauthorized client or valid client.

Abstract: A method and system is disclosed for creating and tracking network sessions. A request to access a network is received from an entity. The entity is authenticated after the request is received. Authenticated identity information associated with the entity, network address information associated with the entity, and network location information associated with the entity is collected. An information set is created. The information set comprises and binds together the authenticated identity information, the network address information, and the network location information. The information set indicates a present association among the authenticated identity information, the network address information, and the network location information. The information set is stored in a session record in a centralized database. The session record represents a session in which the entity accesses the network. The session record is one of a plurality of session records that are stored in the centralized database.

Abstract: A system for interfacing different types of network communications. In one embodiment, the system includes one or more gateways capable of converting messages from messages that are adapted for a first type of network and/or destination device to messages that are adapted for a second type of network and/or destination device. The second type of network and/or destination device includes a first Voice Over Internet Protocol (VOIP) communications device. A message-analysis module is adapted to employ an address associated with the message to selectively forward the message to one or more of the one or more gateways and/or to a destination device. In a more specific embodiment, the first type of network includes a packet-switched network in communication with the first VOIP phone. The destination device includes a mobile phone in communication with a cellular network.

Abstract: A system and method for selectively controlling traffic in a network to improve network performance. The system includes a network controller that includes a first control-traffic prioritizer. An Access Point (AP) includes a second control-traffic prioritizer and communicates with the network controller. One or more clients communicate with the AP. The communications behavior of the client is affected by operations of the first control-traffic prioritizer and the second control-traffic prioritizer.