Abstract: Bypass zones for a network are identified by generating bypass identifiers that identify the bypass zones from network configuration settings. During call setup the bypass identifier assigned to an endpoint for the call is identified and the bypass identifier assigned to a gateway for the call is identified. A determination is then made as to whether the bypass identifier assigned to the gateway is the same as the bypass identifier assigned to the endpoint. If the bypass identifiers are the same, then a mediation server may be bypassed for the call. If the bypass identifiers are not the same, then the mediation server remains in the media path for the call.

Abstract: The present invention extends to methods, systems, and computer program products for session admission control on SIP trunk legs. Embodiments of the invention permit an administrator to set a bandwidth limit (e.g., in accordance with a defined SLA) on network traffic between a mediation server and a service provider's media termination point. The bandwidth limit enables an enterprise to limit bandwidth utilization on a SIP trunk.

Abstract: Bypass zones for a network are identified by generating bypass identifiers that identify the bypass zones from network configuration settings. During call setup the bypass identifier assigned to an endpoint for the call is identified and the bypass identifier assigned to a gateway for the call is identified. A determination is then made as to whether the bypass identifier assigned to the gateway is the same as the bypass identifier assigned to the endpoint. If the bypass identifiers are the same, then a mediation server may be bypassed for the call. If the bypass identifiers are not the same, then the mediation server remains in the media path for the call.

Abstract: A dynamic network address registration system and method. In one embodiment, the present invention is comprised of a first device which is adapted to communicate over a communications network. The present invention is a also comprised of a second device which is adapted to communicate via a communications network, and, more specifically, is adapted to communicate with the first device via the communications network. The present invention is further comprised of a controller which is adapted to be coupled to the communications network. The controller of the present invention is adapted to store address information for the first device, and to store address information for the second device therein. The controller is further adapted to provide the address information of the second device to the first device such that a communication path can be efficiently established between the first device and the second device via the communications network.

Abstract: A security platform connected to a private network permits access to the private network from a public network (such as the Internet) through a variety of mechanisms. A reverse proxy system operating as part of the security platform provides access to web-enabled applications from a browser connected to the public network. The reverse proxy rewrites requests and responses so that the browser directs requests to the reverse proxy, from which the requests can be directed to the appropriate server on the public network or the private network. Responses come back to the reverse proxy, and are then forwarded to the browser. An SSL tunneling system permits fat clients to access the private network through an SSL connection. The SSL tunneling system employs a server component operating on the security platform and components downloaded to the client computer from the security platform.

Abstract: A security platform connected to a private network permits access to the private network from a public network (such as the Internet) through a variety of mechanisms. A reverse proxy system operating as part of the security platform provides access to web-enabled applications from a browser connected to the public network. The reverse proxy rewrites requests and responses so that the browser directs requests to the reverse proxy, from which the requests can be directed to the appropriate server on the public network or the private network. Responses come back to the reverse proxy, and are then forwarded to the browser. An SSL tunneling system permits fat clients to access the private network through an SSL connection. The SSL tunneling system employs a server component operating on the security platform and components downloaded to the client computer from the security platform.

Abstract: A security platform connected to a private network permits access to the private network from a public network (such as the Internet) through a variety of mechanisms. A reverse proxy system operating as part of the security platform provides access to web-enabled applications from a browser connected to the public network. The reverse proxy rewrites requests and responses so that the browser directs requests to the reverse proxy, from which the requests can be directed to the appropriate server on the public network or the private network. Responses come back to the reverse proxy, and are then forwarded to the browser. An SSL tunneling system permits fat clients to access the private network through an SSL connection. The SSL tunneling system employs a server component operating on the security platform and components downloaded to the client computer from the security platform.

Abstract: A communications network operating in a data cable system that transmits a data over cable media access control (MAC) frame with an Ethernet/ISO8802-3 type packet protocol data unit payload. Time frames for transmission of data over the network are allocated to cable modems and time frames originally allocated to a cable modem for transmission of lower priority data can be utilized to transfer high priority data while aborting the transmission of lower priority data. A high level data link control (HDLC) section is coupled immediately before a cyclical redundancy check (CRC) to indicate that all data packet protocol data units (PDU) that are encapsulated by HDLC flags is high priority data that is not to be discarded and other data is to be abandoned.

Abstract: A communications network system that transmits and receives communication frames that include a transmission status section that indicates a communication frame transmission is aborted. In one embodiment, a transmission status section includes a cyclical redundancy check value that is non-matching with the information in the communication frame. For example, a non-matching cyclical redundancy check value is created by generating a one's compliment of a CRC calculated based upon the information within a communication frame. The communication network includes a wireless network, a wired network (e.g., an Ethernet network) and a data cable system that transmits a data over cable media access control (MAC) frame with an Ethernet/[ISO8802-3] type packet protocol data unit payload.

Abstract: A method and system for resolving network address translator (NAT) based internet protocol (IP) subnet address conflicts. In one embodiment of the present invention, a first NAT is used to assign an address to a first device which is coupled to the first NAT. Next, the present embodiment using a second NAT to assign an address to a second device coupled to the second NAT. Additionally, in the present embodiment, the second NAT automatically assigns an address to a link coupling the first NAT and the second NAT. The second NAT then assigns a second address to the second device. The second address is related to the address of the link coupling the first NAT and the second NAT. In so doing, the present invention insures that the second device has a second address associated therewith wherein the second address is different from the address of the first device. As a result, the present embodiment is able to resolve NAT-based subnet address conflicts.

Abstract: A method and system for providing security during use of an intermediate device which represents clients to a central site. In one embodiment of the invention, an intermediate device includes memory. The memory of the intermediate device is adapted to a store a deliverable security applet. Additionally, the intermediate device is configured to download the deliverable security applet to a desired location. The present embodiment also includes a client which is coupled to the intermediate device. The client is adapted to receive the deliverable security applet from the intermediate device when the intermediate device downloads the deliverable security applet to the client. In so doing, the client can be prompted to respond to requests for authentication of the client when the requests for authentication of the client are received by the intermediate device.

Abstract: A network intermediate device interacts with a remote network element and performs the control plane interactions for a communication protocol used on a network segment between the network intermediate device and the destination, and interacts with customer premises equipment CPE to offload data plane transactions according to the protocol normally performed by the network intermediate device to the CPE, without the CPE needing to be aware of the complexities of the protocol involved. By distributing certain recurring packet data processing functions, like appending headers and removing headers, to the endpoints, the packet processing at the network intermediate devices is streamlined and processing bottlenecks are alleviated.

Abstract: An apparatus for converting frame-type transmissions to packet-type transmissions. In one embodiment, the apparatus comprises a medium access controller (MAC) coupled to a packet-based network and multiple packet assembler/disassemblers (PADs). The PADs include a data link layer (DLL) PAD coupled to the MAC, a high level data link control (HDLC) PAD coupled to the DLL PAD, a network layer (NL) PAD coupled to the DLL PAD, and a NL/frame alignment sequence-bit-rate allocation signal (NL/FAS-BAS) PAD coupled to the DLL PAD. Multiple detection units are coupled to respective PADs, wherein each of the plurality of detection units detects a frame-type transmission.

Abstract: A communication protocol designed for managing the communication between peers, such as the point-to-point protocol, includes a signaling channel in frames formatted according to the communication protocol. The signaling channel is utilized by intermediate devices in the access provider network, such as central office switches or other concentration points in the network to facilitate the management of the flow of data traffic in the access providers network. The signaling channel is identified in the intermediate devices and in the end stations, such as customer premises equipment or remote access servers, by a particular value in the Protocol field of the PPP encapsulation format for example. The intermediate device is configured to monitor the protocol field, and when the particular value is recognized, to process the frame at the intermediate device.

Abstract: A constant access ADSL link, or an equivalent connection from a modem to a central office switch is enabled to establish sessions to individual end stations, such as individual Internet service providers. An in-band signaling channel within the Point-to-Point Protocol session employs a connection establishment and tear down protocol for session establishment and tear down to individual end stations with the end station coupled to the ADSL link. Such session establishment and tear down messages are associated with frames having an HDLC-like address of (hex)FF are terminated locally by the concentration/multiplexing equipment at the central office switch or other equipment provided by the telephone network access provider. As a result the session establishment, the access provider's concentration/multiplexing equipment returns a value other than (hex)FF to be used by the end station coupled to the ADSL link, in the HDLC address field to identify data associated with the particular PPP session.

Abstract: Method for improved configuration of a link between an end station and an intermediate device in a network. The intermediate device communicates through the link using a point-to-point protocol, and a lower layer protocol and is capable of translating between the lower layer protocol used by the link and a lower layer protocol used by a portion of the network. The intermediate device detects the lower layer protocol used by the end station and configures the link to use the point-to-point protocol, the lower layer protocol used by the end station, and an asymmetric digital subscriber line (ADSL) protocol. A method including signaling the end station to use on the link a lower layer protocol having a particular relationship with the lower layer protocol used by the portion of the network.

Abstract: In a network having one or more intermediate devices coupled to end stations by respective links, and including a multicast source end station such as a remote access server for an Internet service provider, and a plurality of multicast receiving end stations, such as customer premises equipment CPE, coupled to an intermediate device in the network, a method for distributing multicast distribution functions to the intermediate device is described. The method comprises establishing point-to-point sessions between the source end station and the plurality of receiving end stations according to a communication protocol such as the PPP. Also, a point-to-point session is established between the multicast source end station and the intermediate device by which the source end station feeds multicast messages to the intermediate device that are directed to a set of multicast groups.

Abstract: In a networked videoconferencing system, a receiver with a number of receiving stations receives calls from a number of different calling stations. To get appropriate bandwidth, two calls are connected at the same time from the calling station to one of the receiving stations. The receiver includes an access switch that uses information from the calling station to pair calls together so that two calls from one calling station are routed to the same receiving station, regardless of the order in which the calls are received by the access switch. The access switch can use one or a combination of routing methods including storing all pairs of incoming numbers in a table and/or by using comparisons of similar numbers.