Abstract: Embodiments include method, systems and computer program products for aggregation and control of remote video surveillance cameras. In some embodiments, an alert may be received from a point of presence (PoP) system. Based on the alert, it may be determined to obtain video data collected from a plurality of PoP systems. A video stream may be generated using the video data, wherein the video stream comprises data identified in the alert. The video stream may be transmitted to a requesting PoP system.

Abstract: Embodiments include method, systems and computer program products for aggregation and control of remote video surveillance cameras. In some embodiments, an alert may be received from a point of presence (PoP) system. Based on the alert, it may be determined to obtain video data collected from a plurality of PoP systems. A video stream may be generated using the video data, wherein the video stream comprises data identified in the alert. The video stream may be transmitted to a requesting PoP system.

Abstract: A surveillance video broker arbitrates access by multiple clients to multiple surveillance video sources. Both clients and sources register with the broker. Each source independently specifies respective clients permitted real-time access to its video and conditions of access, if any. Preferably, the video source is a local surveillance domain having one or more cameras, one or more sensors, and a local controller, the source specifying clients or client groups permitted access, and independently specifying conditions of access for each client or client group, where conditions may include scheduled events, non-scheduled events, such as alarms or emergencies, and/or physical proximity. The broker automatically authorizes real-time access according to pre-specified conditions. Preferably, the broker can also arbitrate alert notifications to the clients based on pre-specified notification criteria.

Abstract: A surveillance video broker arbitrates access by multiple clients to multiple surveillance video sources. Both clients and sources register with the broker. Each source independently specifies respective clients permitted real-time access to its video and conditions of access, if any. Preferably, the video source is a local surveillance domain having one or more cameras, one or more sensors, and a local controller, the source specifying clients or client groups permitted access, and independently specifying conditions of access for each client or client group, where conditions may include scheduled events, non-scheduled events, such as alarms or emergencies, and/or physical proximity. The broker automatically authorizes real-time access according to pre-specified conditions. Preferably, the broker can also arbitrate alert notifications to the clients based on pre-specified notification criteria.

Abstract: A surveillance video broker arbitrates access by multiple clients to multiple surveillance video sources. Both clients and sources register with the broker. Each source independently specifies respective clients permitted real-time access to its video and conditions of access, if any. Preferably, the video source is a local surveillance domain having one or more cameras, one or more sensors, and a local controller, the source specifying clients or client groups permitted access, and independently specifying conditions of access for each client or client group, where conditions may include scheduled events, non-scheduled events, such as alarms or emergencies, and/or physical proximity. The broker automatically authorizes real-time access according to pre-specified conditions. Preferably, the broker can also arbitrate alert notifications to the clients based on pre-specified notification criteria.

Abstract: A processor-implemented method, apparatus, and/or computer program product move Open Systems Interconnection (OSI) layer 4 connections between wirelessly-connected user equipment to a series of cell-towers, wherein an OSI layer 4 connection is extracted out of the underlying cellular protocols at the series of cell-towers. A detection is made that user equipment, which has a broken-out layer 4 connection, has moved from a first cell-tower to a second cell-tower. Traffic for an existing layer 4 connection from the user equipment is tunnelled between the first cell-tower and the second cell-tower. In response to a predetermined trigger event occurring, an ongoing bidirectional flow of data packets is migrated from the user equipment over to layer 4 connections maintained at the second cell-tower. Furthermore, OSI layer 4 connections for all server ports other than the proxied active layer 4 connections that are proxied in the web cache are byte cached.

Abstract: A method is disclosed that includes registering an application with a security information technology element (ITE), where the security ITE includes a secure computing device located within a protection envelope and configured to provide security services for one or more applications. The security ITE also provides a secure processing environment for hosting applications, and includes cryptographic services and hardware acceleration. A security manager within the security ITE is configured to erase data within the protection envelope upon detecting physical tampering.

Abstract: A processor-implemented method, apparatus, and/or computer program product move Open Systems Interconnection (OSI) layer 4 connections between wirelessly-connected user equipment to a series of cell-towers, wherein an OSI layer 4 connection is extracted out of the underlying cellular protocols at the series of cell-towers. A detection is made that user equipment, which has a broken-out layer 4 connection, has moved from a first cell-tower to a second cell-tower. Traffic for an existing layer 4 connection from the user equipment is tunnelled between the first cell-tower and the second cell-tower. In response to a predetermined trigger event occurring, an ongoing bidirectional flow of data packets is migrated from the user equipment over to layer 4 connections maintained at the second cell-tower. Furthermore, OSI layer 4 connections for all server ports other than the proxied active layer 4 connections that are proxied in the web cache are byte cached.

Abstract: A processor-implemented method, apparatus, and/or computer program product move Open Systems Interconnection (OSI) layer 4 connections between wirelessly-connected user equipment to a series of cell-towers, wherein an OSI layer 4 connection is extracted out of the underlying cellular protocols at the series of cell-towers. A detection is made that user equipment, which has a broken-out layer 4 connection, has moved from a first cell-tower to a second cell-tower. Traffic for an existing layer 4 connection from the user equipment is tunnelled between the first cell-tower and the second cell-tower. A predetermined trigger event is identified. In response to the predetermined trigger event occurring, an ongoing bidirectional flow of data packets is migrated from the user equipment over to layer 4 connections maintained at the second cell-tower.

Abstract: A security information technology element (ITE) is disclosed for secure application and data processing, the security ITE including a physical enclosure defining a protection envelope and a secure computing device disposed within the protection envelope. The security ITE provides security services to applications and a secure processing environment for hosting applications, and includes cryptographic services and hardware acceleration. A security manager within the security ITE is configured to erase data within the protection envelope upon detecting physical tampering.

Abstract: In a mobile data network with a breakout system, when data is broken out, the RLC function is split into two different flows, between the UE and the breakout system and between the breakout system and the RNC. These two flows are processed by different RLC functions that may drift apart and become out of synchronization resulting in errors that diminish the user's quality of experience. Other errors may also occur in communication on these two different flows. The breakout system attempts to correct these errors using data stored locally in communication data structures for the two data flows. If the errors cannot be corrected, the breakout system can initiate an RLC reset into both of these flows to resynchronize the data communication.

Abstract: A security information technology element (ITE) for secure application and data processing, including a physical enclosure defining a protection envelope and a secure computing device disposed within the protection envelope. The security ITE provides security services to applications and a secure processing environment for hosting applications, and includes cryptographic services and hardware acceleration. A security manager within the security ITE is configured to erase data within the protection envelope upon detecting physical tampering.

Abstract: A method includes registering an application with a security information technology element (ITE), the security ITE comprising a secure computing device located within a protection envelope and configured to provide security services for one or more applications. The security ITE provides security services to applications and a secure processing environment for hosting applications, and includes cryptographic services and hardware acceleration. A security manager within the security ITE is configured to erase data within the protection envelope upon detecting physical tampering.

Abstract: A security information technology element (ITE) for secure application and data processing, including a physical enclosure defining a protection envelope and a secure computing device disposed within the protection envelope. The security ITE provides security services to applications and a secure processing environment for hosting applications, and includes cryptographic services and hardware acceleration. A security manager within the security ITE is configured to erase data within the protection envelope upon detecting physical tampering.

Abstract: Software validation is provided for a breakout system having multiple subsystems at the edge of a mobile data network. The software validation utilizes one or more trusted platform modules (TPM) to secure multiple subsystems including virtual machines in the breakout system. Hash values for the software in the various subsystems are placed in Platform Configuration Registers (PCRs) of the TPM. The TPM cryptographically signs quotes, which are a collection of hash values from the PCRs. The breakout system produces an extensible markup language (XML) file with the signed quotes related to the subsystems and sends them to a network management system for verification. The network management system validates the software configured on the breakout system using a public key to access the quotes and compares the values to known good values stored in an inventory record associated with the specific breakout system being validated.

Abstract: Real-time access by a requestor to surveillance video is conditionally pre-authorized dependent on the existence of at least one pre-specified automatically detectable condition, and recorded in a data processing system. A requestor subsequently requests real-time access to the surveillance video (e.g., as a result of an alarm), and if the pre-specified automatically detectable condition is met, access is automatically granted, i.e., without the need for manual intervention. An automatically detectable condition could, e.g., be an alarm condition detected by a sensor at the site of the video surveillance. Alternatively, it could be a locational proximity of the requestor to the site of the video surveillance. Alternatively, it could be a previously defined time interval.

Abstract: A network management system utilizes an element manager at the RNC level to reduce the workload and efficiently manage multiple wireless appliances in a mobile data network. Management communications from the network management system flow through the element manager to all devices under the RNC level appliance hosting the element manager. The element manager provides for fault management, performance monitoring and configuration of the many breakout appliances and reports necessary information back to the network management system.

Abstract: Mobile network services are performed at the edge of a mobile data network in a way that is transparent to most of the existing equipment in the mobile data network. The mobile data network includes a radio access network and a core network. A first service mechanism in the radio access network breaks out data coming from a basestation, and performs one or more mobile network services at the edge of the mobile data network based on the broken out data. A second service mechanism in the core network receives data monitored during attach and Packet Data Protocol (PDP) context activation, and establishes sessions with components in the mobile data network that support charging and policy control for sessions broken out by the first service mechanism.

Abstract: Mobile network services are performed at the edge of a mobile data network in a way that is transparent to most of the existing equipment in the mobile data network. The mobile data network includes a radio access network and a core network. A first service mechanism in the radio access network breaks out data coming from a basestation, and performs one or more mobile network services at the edge of the mobile data network based on the broken out data. A second service mechanism in the core network receives data monitored during attach and Packet Data Protocol (PDP) context activation, and establishes sessions with components in the mobile data network that support charging and policy control for sessions broken out by the first service mechanism.

Abstract: Real-time access by a public authority emergency responder to surveillance video of a privately-controlled source is conditionally pre-authorized dependent on the existence of at least one pre-specified emergency condition, and recorded in a data processing system. A public authority emergency responder subsequently requests real-time access to the surveillance video (e.g., during an emergency), and if the pre-specified emergency condition is met, access is automatically granted, i.e., without the need for manual intervention. A pre-specified emergency condition could, e.g., be an alarm condition detected by a sensor at the site of the video surveillance, or a declared state of emergency, properly declared by an appropriate public official.