Abstract: The invention relates to a method for routing a bi-directional end-to-end connection between an end subscriber and the domain of a service provider by means of a signalling protocol via an interposed firewall with address transformation device, wherein by means of a security and tunnel device, located in the end-to-end connection between the end subscriber and the firewall with address transformation device in the domain of the end subscriber, and a session border controller, located in the end-to-end connection in the domain of the service provider, a tunnel is set up between the security and tunnel device and the session border controller and a bi-directional data exchange takes place via the tunnel between the end subscriber and the domain of the service provider in the area between the security and tunnel device and the session border controller by means of a tunnel protocol, and also a telecommunication network and a security and tunnel device for this.

Abstract: The invention relates to a protection unit for protecting a packet-based network from attacks, comprising: a signature analyzer for analyzing a packet stream received in a security border node of the packet-based network and for detecting attacks by comparing signatures of the packet stream with a set of signatures of previously identified attacks, an anomaly detector for detecting anomalies in the packet stream, and a signature interference unit for updating the set of signatures when anomalies in the packet stream are detected, the updated set of signatures being subsequently used for performing the signature analysis. A distribution unit distributes at least one signature of the updated set of signatures to at least one further security border node of the packet-based network. The invention also relates to a security border node comprising such a protection unit, a network comprising at least two such protection units, and a corresponding protection method.

Abstract: The invention concerns a computer software product comprising a plurality of peers (2?, 4, 5) adapted to participate in a peer-to-peer network where the computer software product comprises detection means for detecting actual presence information of a peer and where the computer software product comprises retrieval means for retrieving actual information about the peer, where the detection means is located on neighbor partner peer (4) of the peer (5) for detecting continuously whether the peer provides still actual information and the computer software product comprises propagation means for outdating the information about this peer in case of detecting that the peer is not alive. The invention further concerns a network device and a method therefore.

Abstract: A method and system for providing harmonized public security and safety services to multiple public security and safety control centers, the public security and safety control centers being adapted to control terminals over at least one access communication network. The method includes the following steps: providing multiple public security and safety control centers access to a service platform, with the service platform containing an application server layer and a communication layer; upon service request of one of the public security and safety control centers, executing a corresponding application on the application server layer of the service platform, the application generating at least one command to be executed in one of the access communication networks; forwarding the command said the communication layer to the appropriate gateway and executing the command in the access communication network.

Abstract: The invention relates to a protection unit (15) for protecting a packet-based network from attacks, comprising: a signature analyzer (5) for analyzing a packet stream (6) received in a security border node (2a) of the packet-based network (1) and for detecting attacks by comparing signatures of the packet stream (6) with a set of signatures of previously identified attacks, an anomaly detector, in particular a statistical analyzer (7), for detecting anomalies in the packet stream (6), and a signature interference unit (9) for updating the set of signatures when anomalies in the packet stream (6) are detected, the updated set of signatures (12) being subsequently used for performing the signature analysis. A distribution unit (13) distributes at least one signature of the updated set of signatures (12) to at least one further, preferably to each further security border node of the packet-based network (1).

Abstract: A traffic control device (50) for a Quality of Service-aware packet-based network (10) comprises detection means (52) for detecting packet flows in a packet stream (46) by preferably repeatedly performing a data packet inspection on the packet stream (46), the data packet inspection being neither based on signaling information nor on application awareness, determining means (54) for determining a flow parameter, in particular a flow rate, of at least one of the detected packet flows, assignment means (56) for generating assignment information assigning a resource of the packet-based network (10) to the at least one detected packet flow in dependence of the detected flow parameter, and sending means (58) for sending the assignment information to a resource control device (44) for causing the resource control device (44) to allocate the assigned resource. In such a way, reliable and cost-efficient quality of service management in a packet-based network (10) is facilitated.

Abstract: The present invention relates to a method of determining a location of a base station (10) in a wireless communication network (100). The method comprises the step of using the environment (50) of the wireless communication network (100) local to the base station (10) to obtain location information of said base station (10). The invention further relates to a base station in a wireless communication network for performing said method.

Abstract: The invention relates to a method for generating an interactive virtual reality with a network service using interactive media-streaming technology comprising the steps of establishing an action stream session comprising connection handling, quality of service handling, adapting the network environment by demanding network resources and control information, establishing media-streaming path from the service to the client and a user interaction control path in the reverse direction, controlling the network with respect to required quality of service, continuously, generating and transmitting individual media streams to the client (ASC) by embedding interaction into a virtual reality, and extracting and encoding a media stream at the service using a virtual reality description compressed motion picture stream, encoding and transmitting the user's interaction to the service, as well as de-coding and playing the individual media data stream at the client side.

Abstract: The invention concerns a computer software product comprising a plurality of peers (2?, 4, 5) adapted to participate in a peer-to-peer network where the computer software product comprises detection means for detecting actual presence information of a peer and where the computer software product comprises retrieval means for retrieving actual information about the peer, where the detection means is located on neighbour partner peer (4) of the peer (5) for detecting continuously whether the peer provides still actual information and the computer software product comprises propagation means for outdating the information about this peer in case of detecting that the peer is not alive. The invention further concerns a network device and a method therefore.

Abstract: The invention concerns a method of managing real-time services in a packet-based telecommunications network (1) of a plurality of coequal nodes (10 to 14) and a telecommunications network (1) for executing this method. A rule base for each node (10 to 14) is defined in consideration of the capabilities of each node (10 to 14) and/or the capabilities of all other nodes (10 to 14). After receiving information about an event requiring action, one or more of said nodes (10 to 14) determine node-specific action in consideration of said rule base and node-specific aggregated data as reaction to said event. Media data and/or signaling data associated with said real-time services are routed based on the determined action.

Abstract: A method for seamless handover of a multimedia stream session to a roaming terminal. In accordance with the proposed method, a first mediating network element is comprised in a communication path to the roaming terminal. Said first mediating network element first secures a session context of the multimedia stream session for to allow identification of the roaming terminal. Said first mediating network element then observes an address change of the roaming terminal on a media overlay level of the multimedia stream session and subsequently redirects the multimedia stream to the new address. Alternative mediating network elements for replacing the first mediating network element are determined on a control level of the network.

Abstract: A method of forwarding signaling information within a communication network is described. The signaling information is based on a signaling protocol (e.g SIP). A message is generated by encapsulating the signaling information (e.g. I?) according to given definitions (e.g. D). Furthermore, non-signaling information (e.g. R) is added to the message.

Abstract: A method for supporting mobility of at least one mobile telecommunications terminal (5.1-5.3) in operative connection with a telecommunications network (2) having a plurality of telecommunications resources (3.1-3.6) accessible via a plurality of access networks (4.1-4.3) and associated access technologies (4.1a,b-4.3a,b) in operative connection with the telecommunications network (2), wherein the mobile telecommunications terminal (5.1-5.3) is provided with information about access networks (4.1-4.3) and access technologies (4.1a,b-4.3a,b) available at least at its present geographic location for choosing an access to the telecommunications network (2) via one of the respective access networks (4.1-4.3) and associated access technologies (4.1a,b-4.3a,b) in accordance with specifications of at least one telecommunications resource (3.1-3.6) requested by the mobile telecommunications terminal (5.1-5.3), and wherein the information are provided independently of the access networks (4.1-4.

Abstract: The invention relates to a network node (R2, D2), a module therefor and a distribution method. The network node comprises: receiving means (RB) for receiving a data stream (CDS) from a content source, in particular a content server (CS), of the network (NET), encryption means (EM) for individually encrypting said data stream to a subscriber data stream (SDS1, SDS2, SDS3), the encryption being specific to a subscriber terminal (T1, T2, T3) being coupled or able to be coupled with the network, and sending means (SM) for sending the subscriber data stream (SDS1, SDS2, SDS3) to the terminal.

Abstract: The invention concerns a method for providing a connection between two domains (GSPR, LSPR) of contiguous hierarchy of a communication network comprising peers (SP1-SP13, NP1-NP4) by means of at least one dedicated peer (PP1, PP2) whereby said at least one dedicated peer (PP1, PP2) connects said two domains (GSPR, LSPR), controls the access or the traffic flow between said two domains (GSPR, LSPR), acts as a member of said both domains (GSPR, LSPR) and performs the same tasks that are performed by the peers that belong to said two domains (GSPR, LSPR), a dedicated peer, a program module and a communication network therefor.

Abstract: The invention relates to a method for providing location information relating to an emergency call, in which when there exists differing location information, a weighting is made of any available location information and that the location information with the highest ranking is provided for further use, as well as a telecommunications terminal, a server and a computer program product.

Abstract: The present invention relates to a method for providing harmonized public security and safety services to a plurality of public security and safety control centers, said public security and safety control centers being adapted to control terminals over at least one access communication network.

Abstract: The invention relates to a method for routing a bi-directional end-to-end connection between an end subscriber and the domain of a service provider by means of a signalling protocol via an interposed firewall with address transformation device, wherein by means of a security and tunnel device, located in the end-to-end connection between the end subscriber and the firewall with address transformation device in the domain of the end subscriber, and a session border controller, located in the end-to-end connection in the domain of the service provider, a tunnel is set up between the security and tunnel device and the session border controller and a bi-directional data exchange takes place via the tunnel between the end subscriber and the domain of the service provider in the area between the security and tunnel device and the session border controller by means of a tunnel protocol, and also a telecommunication network and a security and tunnel device for this.

Abstract: The invention relates to a method for performing a service or application in a network environment with network elements, which network environment contains a telecommunication network that has at least two network nodes for performing services or applications, all these nodes being equipped with a common layer for service support, wherein, if a particular network node is not equipped such that it can perform a particular service or application, this network node checks with the help of the service support layer whether another network node can perform this service or application and if the other network node can perform this service or application, the first network node passes on the task of performing this service or application to the other network node, which then performs this service or application, as well as a telecommunication network and network nodes for this.

Abstract: The invention refers to a method for preventing attacks on a network server within a call-based-services-environment, preferably a VoIP-environment. The environment comprises a network, the network server connected to the network, a number of user agents connected to the network and means for restricting access to the network server from the network. The call server comprises an attack-detection device for detecting and identifying attacks from the network on the network server. In order to allow fast and reliable protection of the network server against attacks it is suggested that characteristic parameters of the attacks identified are entered into a black-list, the content of the black-list is transmitted via a feedback-path to an attack-prevention-device for controlling the access restricting means, the attack-prevention-device inspects and analyzes traffic directed from the network to the network server and controls the access restricting means.