Abstract: Computer-implemented systems and methods for Forward Error Correction (FEC) at the IP-Layer with adaptive bandwidth overhead minimization in a packet transmission network, the system including an FEC encoder to process IP packets and generate FEC encoded packets and repair packets, an FEC decoder to receive and process the FEC encoded packets and repair packets, and an FEC controller that includes a set of computer-implemented instructions to carry out functions including configuring an FEC algorithm to control FEC encoding and decoding, packet recovery, and retrieve packet transmission statistics, determining if network bandwidth overhead needs adjustment, controlling tuning parameters, and implementing predictive analysis based at least in part on historic data.

Abstract: Disclosed embodiments include computer-based adaptive schedulers, and methods for operating, for adaptively scheduling the flow of packets in a network, the adaptive scheduler including a queue communication module communicating with a queue of packets queued to be sent over the network, an ACK packet receiver module communicating with an ACK packet receiver and receiving information related to the number of ACK packets received by the ACK packet receiver, a transmit window module communicating with a packet transmitter and receiving information related to the number of bytes that can be transmitted and sets a transmit window duration for a packet in the queue to be transmitted and schedules the transmission of the packet in the queue by the packet transmitter and, a time window module that adaptively sets a duration for which the ACK packet receiver module will wait for ACK packets to be received by the ACK packet receiver.

Abstract: A method for migrating a subscriber session from a first authentication, authorization and accounting (AAA) accounting peer to a second AAA accounting peer, where the first AAA accounting peer is stateful. The method includes receiving an accounting start packet from an AAA client application, forwarding the accounting start packet to the first AAA accounting peer, receiving an accounting update or accounting stop packet from the AAA client application; and sending an accounting start packet from the AAA client application to the second AAA accounting peer, in response to a connection failure with the first AAA accounting peer.

Abstract: A method and system that migrates a subscriber session from a first authentication, authorization, and accounting (AAA) authentication server to a second AAA authentication server, where the first AAA authentication server is stateful. The method includes receiving an authenticate session request from a client application, sending (505) the authenticate session request to the first AAA authentication server, detecting (511) connectivity failure with the first AAA authentication server, and sending (513) a reauthentication required message to the client application.

Abstract: A method and system for determining a session count is described. At a user interface a request is received to determine a session count for a time period. Based on the received request, the session count is determined based on unique new session counts corresponding to one or more time intervals included in the time period and carry forward session count corresponding to an initial time interval included in the time period. Finally, the determined session count is displayed at the user interface.

Abstract: A hostname based access configuration system (HNACS) is provided for configuring a host-based firewall to implement firewall policies referencing hostnames. The HNACS defines a hostname based firewall policy (HNFP) referencing a host server using a corresponding hostname instead of an internet protocol (IP) address. The HNACS incorporates the HNFP onto the host-based firewall but renders the HNFP non-implementable on the computing device until a domain name system (DNS) query is generated. If the DNS query includes the hostname in the HNFP, the HNACS determines a mapping between the hostname specified in the DNS query and an IP address corresponding to the hostname (obtained via a DNS response corresponding to the DNS query). Based on the mapping, the HNFP is transformed via an implicit replacement of the hostname in the HNFP with the IP address of the host server, thereby rendering the HNFP executable on the host-based firewall.

Abstract: A point-to-point Virtual Private Network (VPN) tunnel is established for facilitating fully cloaked transmission of a data packet from a source endpoint device to a destination endpoint device. The data packet includes a payload portion, an inner header, and an outer header. An ‘end-to-end key’, a ‘next-hop-destination key’ and a plurality of ‘next-hop’ keys are calculated. The end-to-end key is used at the source endpoint device and the destination endpoint device respectively to encrypt and decrypt the payload portion. The next-hop keys are used to encrypt the inner header during the hop-to-hop communication from one intermediary node to another, along the incrementally constructed path connecting the source endpoint device with the destination endpoint device. The encryption of the payload portion is maintained throughout the hop-to-hop communication regardless of the number of intermediary nodes traversed by the data packet en route to the destination endpoint device.

Abstract: Whenever an IP packet is routed from a source computing device through to a NAT device on the way to a destination computing device, a PCP client transmits a PCP query to a PCP server to determine the external IP address and external port number that have been substituted for the source IP address and source port number previously incorporated within the IP packet. Subsequently, the PCP server responds to the PCP client with the information denoting the mapping between the source IP address-some port number pair and the external IP address-external port number pair. A snooping agent is utilized to firstly snoop on the mapping communicated from the PCP server to the PCP client, and secondly to communicate the mapping information to a policy server incorporating a plurality of predefined firewall rules usable in deducing appropriate PACKET ALLOW/PACKET DROP decisions, based on the mapping information.

Abstract: A method for migrating a subscriber session from a first authentication, authorization and accounting (AAA) accounting peer to a second AAA accounting peer, where the first AAA accounting peer is stateful. The method includes receiving an accounting start packet from an AAA client application, forwarding the accounting start packet to the first AAA accounting peer, receiving an accounting update or accounting stop packet from the AAA client application; and sending an accounting start packet from the AAA client application to the second AAA accounting peer, in response to a connection failure with the first AAA accounting peer.

Abstract: A hostname based access configuration system (HNACS) is provided for configuring a host-based firewall to implement firewall policies referencing hostnames. The HNACS defines a hostname based firewall policy (HNFP) referencing a host server using a corresponding hostname instead of an internet protocol (IP) address. The HNACS incorporates the HNFP onto the host-based firewall but renders the HNFP non-implementable on the computing device until a domain name system (DNS) query is generated. If the DNS query includes the hostname in the HNFP, the HNACS determines a mapping between the hostname specified in the DNS query and an IP address corresponding to the hostname (obtained via a DNS response corresponding to the DNS query). Based on the mapping, the HNFP is transformed via an implicit replacement of the hostname in the HNFP with the IP address of the host server, thereby rendering the HNFP executable on the host-based firewall.

Abstract: A method and system that migrates a subscriber session from a first authentication, authorization, and accounting (AAA) authentication server to a second AAA authentication server, where the first AAA authentication server is stateful. The method includes receiving an authenticate session request from a client application, sending (505) the authenticate session request to the first AAA authentication server, detecting (511) connectivity failure with the first AAA authentication server, and sending (513) a reauthentication required message to the client application.

Abstract: A point-to-point Virtual Private Network (VPN) tunnel is established for facilitating fully cloaked transmission of a data packet from a source endpoint device to a destination endpoint device. The data packet includes a payload portion, an inner header, and an outer header. An ‘end-to-end key’, a ‘next-hop-destination key’ and a plurality of ‘next-hop’ keys are calculated. The end-to-end key is used at the source endpoint device and the destination endpoint device respectively to encrypt and decrypt the payload portion. The next-hop keys are used to encrypt the inner header during the hop-to-hop communication from one intermediary node to another, along the incrementally constructed path connecting the source endpoint device with the destination endpoint device. The encryption of the payload portion is maintained throughout the hop-to-hop communication regardless of the number of intermediary nodes traversed by the data packet en route to the destination endpoint device.

Abstract: A method, system and computer program product are envisaged for facilitating encoding ‘configuration information’ corresponding to a software application, within a filename assigned to the software application. The software application is embodied in a ‘computer executable file’, while the corresponding ‘configuration information’ is incorporated into a configuration file. The computer executable file is referenced by a symbolic link, and the symbolic link is assigned a file name. A file path referencing the storage location of the configuration file is created and embedded within the filename. A checksum created on the basis of the filename is also embedded there within. Upon transmission, the symbolic link is accessed by each of the end-point computer devices, which process the symbolic link and access the ‘computer executable file’ and the ‘configuration file’ incorporating configuration information relevant to the ‘computer executable file’.

Abstract: A method and system for determining a session count is described. At a user interface a request is received to determine a session count for a time period. Based on the received request, the session count is determined based on unique new session counts corresponding to one or more time intervals included in the time period and carry forward session count corresponding to an initial time interval included in the time period. Finally, the determined session count is displayed at the user interface.

Abstract: The present disclosure envisages a computer implemented method, a corresponding computer implemented system and a computer program product that envisage inserting the mapping information—including source IP address and source port number—that maps the IP datagram back to its origin endpoint (i.e. the source computing node at which the IP datagram was originally created), into an IP-options field of the corresponding IP datagram. Additionally, the present disclosure envisages anticipating the default behaviour of the Network Address Translation (NAT) device (for instance, a gateway) characterized by replacement of the source IP address and the source port number (mapping information) stored in the IP header of the IP datagram with a translated IP address and translated port number, and facilitating trustful and non-repudiable verification of the source computing node as the creator of the IP datagram, on the destination computer network.

Abstract: Whenever an IP packet is routed from a source computing device through to a NAT device on the way to a destination computing device, a PCP client transmits a PCP query to a PCP server to determine the external IP address and external port number that have been substituted for the source IP address and, source port number previously incorporated within the IP packet. Subsequently, the PCP server responds to the PCP client with the information denoting the mapping between the source IP address-some port number pair and the external IP address-external port number pair. A snooping agent is utilized to firstly snoop on the mapping communicated from the PCP server to the PCP client, and secondly to communicate the mapping information to a policy server incorporating a plurality of predefined firewall rules usable in deducing appropriate PACKET ALLOW/PACKET DROP decisions, based on the mapping information.

Abstract: The present disclosure envisages a computer implemented method, a corresponding computer implemented system and a computer program product that envisage inserting the mapping information—including source IP address and source port number—that maps the IP datagram back to its origin endpoint (i.e. the source computing node at which the IP datagram was originally created), into an IP-options field of the corresponding IP datagram. Additionally, the present disclosure envisages anticipating the default behaviour of the Network Address Translation (NAT) device (for instance, a gateway) characterized by replacement of the source IP address and the source port number (mapping information) stored in the IP header of the IP datagram with a translated IP address and translated port number, and facilitating trustful and non-repudiable verification of the source computing node as the creator of the IP datagram, on the destination computer network.

Abstract: A method, system and computer program product are envisaged for facilitating encoding ‘configuration information’ corresponding to a software application, within a filename assigned to the software application. The software application is embodied in a ‘computer executable file’, while the corresponding ‘configuration information’ is incorporated into a configuration file. The computer executable file is referenced by a symbolic link, and the symbolic link is assigned a file name. A file path referencing the storage location of the configuration file is created and embedded within the filename. A checksum created on the basis of the filename is also embedded there within. Upon transmission, the symbolic link is accessed by each of the end-point computer devices, which process the symbolic link and access the ‘computer executable file’ and the ‘configuration file’ incorporating configuration information relevant to the ‘computer executable file’.