Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded.

Abstract: A distributed DSLAM, which comprises a head end subsystem located within a switching facility and a remote subsystem located outside of the switching facility. The head end subsystem is operative for routing streams of data from a data network to the remote subsystem over a communication link, while the remote subsystem is operative for transmitting over a set of local loops analog signals comprising digitally modulated versions of the data. Separating the routing and modem functionality between inside and outside plant facilities reduces heat dissipation in the outside plant, leading to increased reliability. Flow control can be performed in the upstream and downstream directions by transmitting portions of individual packets and withholding other portions of individual packets. This is done instead of withholding the transmission of entire packets. As a result, the perceived impact on video quality, for example, is lessened.

Abstract: Systems and methods are provided for managing user information comprising presence information, wherein authentication of requesting parties is based on public-private key pair encryption and key Domain Name Service (kDNS) infrastructure. Thus, a response to a request for presence information may be dependent on the authentication status of the requesting party. Presence information stored on a presence server or other network element may be stored or updated upon receiving a request from a user which includes the requestors identify, and is signed with the private key of the requestor. After authentication of a user having a registered unique identifier and an associated public key, presence information may be stored or updated, in either encrypted or unencrypted form. Presence information is preferably stored with user specified policy information for managing access to the presence information by other users, e.g.

Abstract: A method for execution in a communication device, which comprises receiving a first data set and a second data set over a first communication path; receiving a series of requests over local communication path different from the first communication path; responding to a first one of the requests by releasing a first response including the first data set over the local communication path; and responding to a second one of the requests by releasing a second response including the second data set over the second communication path.

Abstract: A method for execution in a communication device, which comprises accessing an identifier stored in a memory; receiving a first data set and a second data set over a first communication path; generating a first signature from the identifier and the first data set; generating a second signature from the identifier and the second data set; responding to a first request by releasing a first response including the first signature over a local communication path different from the first communication path; and responding to a subsequent request by releasing a second response including the second signature over the local communication path.

Abstract: A distributed and scalable system for public key registration, distribution and management is provided, comprising a hierarchical key server network providing key address resolution (kDNS) functionality based on a kDNS server hierarchy or a key-DNS server hierarchy and associated protocols. Thus, public-keys of users, such as email recipients, can be searched and retrieved over the internet based on a unique identifier of the user, facilitating secure communication between users in different network domains and organizations.

Abstract: A method that comprises obtaining a currently received signature from a device; obtaining a candidate identifier associated with the device; consulting a database to obtain a set of previously received signatures associated with the candidate identifier; and validating the currently received signature based on a comparison of the currently received signature to the set of previously received signatures associated with the candidate identifier. Also, a method that comprises obtaining a currently received signature from a device; decrypting the currently received signature to obtain a candidate identifier; and a candidate scrambling code; consulting a database to obtain a set of previously received scrambling codes associated with the candidate identifier; and validating the currently received signature based on a comparison of the candidate scrambling code to the set of previously received scrambling codes associated with the candidate identifier.

Abstract: A method for execution by a customer premises receiver, comprising: receiving a signal that carries an original media stream; determining a location of the receiver; obtaining an identifier of an authorized region for the receiver; determining whether said location is contained within said authorized region; if said location is determined to be contained within said authorized region, outputting the original media stream for conveyance to a user; if said location is determined to not be contained within said authorized region, outputting a second media stream that is sufficiently corrupted relative to the original media stream as to degrade the user's viewing experience while being demonstrative of non-malfunctioning of the receiver.

Abstract: A method for execution in a communication device, which comprises receiving a first data set and a second data set over a first communication path; receiving a series of requests over local communication path different from the first communication path; responding to a first one of the requests by releasing a first response including the first data set over the local communication path; and responding to a second one of the requests by releasing a second response including the second data set over the second communication path.

Abstract: A method of regulating traffic flow to customer premises devices (CPDs) reachable via outside plant units (OPUs). The method comprises receiving first packets in a first traffic category via a first interface, the first packets being destined for respective CPDs; receiving second packets in a second traffic category via a second interface, the second packets being destined for respective CPDs; determining a destination OPU for each of the first and second packets. For each particular OPU that is the destination OPU for one or more packets, the packets are buffered and transmitted via an OPU interface for the particular OPU. The destination OPU for a particular packet is determined by identifying the OPU via which the CPD for which the particular packet is destined is reachable. Packet flow via the OPU interface is regulated by prioritizing transmission of first packets over transmission of second packets.

Abstract: A method of routing traffic to customer premises devices (CPDs), each CPD being reachable via a dedicated customer interface (DCI) from among a plurality of DCIs grouped into clusters included in respective outside plant units (OPUs). Packets destined for the CPDs are received. A destination DCI and a destination OPU for each packet is determined. The destination DCI for a particular packet destined for a particular CPD is determined by identifying the DCI via which the particular CPD is reachable. The destination OPU for the particular packet is determined by identifying the OPU that includes the destination DCI. For each particular OPU that is the destination OPU for one or more packets, the packets are buffered and transmitted via an interface for the particular OPU. For each particular DCI that is the destination DCI for one or more packets, tagging each packet with an indication of the particular DCI.

Abstract: A method, comprising: receiving an encrypted signature from a tag associated with an item; determining a dynamic parameter; obtaining a key based at least in part on the dynamic parameter; decrypting the signature with the key to obtain an identifier; and performing an action related to identification of the item, based on the identifier. Also, a system, comprising: a tag reader configured to receive an encrypted signature from a tag associated with an item; and a processing entity configured to (i) determine a dynamic parameter; (ii) obtain a key based at least in part on the dynamic parameter; (iii) decrypt the signature with the key to obtain an identifier; and (iv) perform an action related to identification of the item, based on the identifier.

Abstract: A signal analysis method extracts transient target signals of known type from a raw data source signal that contains an unknown number of target signals. The method can enhance the analysis of data obtained from in-line oil-debris sensors. The method comprises steps of: defining signatures of the known target signal, and of at least one of the intrinsic noise and interfering signals; performing a mathematical transform that decomposes the raw data into distinct data sets; using the signal signatures to identify and nullify the data sets containing noise and interfering signal signatures; using the target signal signatures to identify the data sets containing target signal components, or may further use a thresholding rule to remove intrinsic noise from said data sets, and finally applying the inverse transform to the processed data sets in order to reconstruct an enhanced output signal.

Abstract: A method involving a communication device, which comprises sending a request to a communication device; receiving a response from the communication device over a local communication path; deriving a received data set from said response; determining at least one data set that had been previously transmitted to the communication device over a wireless portion of a second communication path different from the local communication path; and validating the response based on the received data set and the at least one previously transmitted data set.

Abstract: A social network server executes instructions to implement a method that comprises: establishing a connection to a payable content management server that stores a set of preview items corresponding to payable content items and a location element for each payable content item; rendering the preview items accessible to a computing appliance connected to the social network server; receiving an indication that a particular one of the preview items has been selected using the computing appliance; and forwarding to the computing appliance the location element for the payable content item corresponding to the selected preview item. The location element for the payable content item corresponding to the selected preview item comprises an address of (or a domain name routable to) a designated network entity operated by an organization with which an operator of the payable content management server or the payable content item server has an inter-organizational billing arrangement.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded.

Abstract: A distributed DSLAM, which comprises a head end subsystem located within a switching facility and a remote subsystem located outside of the switching facility. The head end subsystem is operative for routing streams of data from a data network to the remote subsystem over a communication link, while the remote subsystem is operative for transmitting over a set of local loops analog signals comprising digitally modulated versions of the data. Separating the routing and modem functionality between inside and outside plant facilities reduces heat dissipation in the outside plant, leading to increased reliability. Flow control can be performed in the upstream and downstream directions by transmitting portions of individual packets and withholding other portions of individual packets. This is done instead of withholding the transmission of entire packets. As a result, the perceived impact on video quality, for example, is lessened.

Abstract: A distributed DSLAM, which comprises a head end subsystem located within a switching facility and a remote subsystem located outside of the switching facility. The head end subsystem is operative for routing streams of data from a data network to the remote subsystem over a communication link, while the remote subsystem is operative for transmitting over a set of local loops analog signals comprising digitally modulated versions of the data. Separating the routing and modem functionality between inside and outside plant facilities reduces heat dissipation in the outside plant, leading to increased reliability. Flow control can be performed in the upstream and downstream directions by transmitting portions of individual packets and withholding other portions of individual packets. This is done instead of withholding the transmission of entire packets. As a result, the perceived impact on video quality, for example, is lessened.

Abstract: The present invention provides a method and system for secure access to computer equipment. An embodiment includes a secure access controller connected to a link between a transceiver (such as a modem) and the computer equipment. Public and private keys are used by the secure access controller and a remote user. The keys are provided to the secure access controller by an authentication server. Once the transceiver establishes a communication link with the user, the access controller uses these keys to authenticate packets issued by the user to the computer equipment. If the packet is authenticated, the access controller passes the packet to the computer equipment. Otherwise, the packet is discarded.

Abstract: A system and method for access control is provided. In one embodiment, a system includes a computing device connected to an access server that controls the ability of the computing device to access to a computing resource, such as the Internet. The access server connects to an activation server via a network. The activation server is operable to receive a request for to generate a certificate for the computing device from the activation server. The activation server is operable to generate the certificate and embed a unique identifier of the computing device and/or the access server and/or the like inside the certificate. Once generated, the certificate is installed in the computing device. When the computing device initiates a request to access the computing resource, the computing device initially sends the certificate to the access server.