Abstract: A system and method are provided for use in establishing secure end-to-end communication links over a VPN gateway via a network interface unit. Illustrative embodiments include establishing and providing secure communication relationships between users (customers) and companies for e-commerce and other business purposes. Each company's data and linkage to users remaining private and secure from the other participating companies as well as from the general public over the Internet. Login by user with network interface units, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Required authentication exchanges and required encryption key exchanges facilitate the secure communications. Financial arrangements regarding the provisioning and use of network interface units are also disclosed.

Abstract: A system and method are provided for use in establishing secure end-to-end communication links over a VPN gateway via a network interface unit. Illustrative embodiments include establishing and providing secure communication relationships between users (customers) and companies for e-commerce and other business purposes. Each company's data and linkage to users remaining private and secure from the other participating companies as well as from the general public over the Internet. Login by user with network interface units, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Required authentication exchanges and required encryption key exchanges facilitate the secure communications. Financial arrangements regarding the provisioning and use of network interface units are also disclosed.

Abstract: A system and method are provided for use in establishing secure end-to-end communication links over a VPN gateway via a network interface unit. Illustrative embodiments include establishing and providing secure communication relationships between users (customers) and companies for e-commerce and other business purposes. Each company's data and linkage to users remaining private and secure from the other participating companies as well as from the general public over the Internet. Login by user with network interface units, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Required authentication exchanges and required encryption key exchanges facilitate the secure communications. Financial arrangements regarding the provisioning and use of network interface units are also disclosed.

Abstract: A system has a switch that allows virtual private networks to be created dynamically. The system includes at least one network. The system also includes a computer having an address. The system also includes a plurality of ports for coupling to the computer. The system also includes a switch that assigns one of the plurality of ports to a private network according to the address of the computer. The switch assigns the port by correlating the address with an address list.

Abstract: A system and method for providing telephony and high-speed data access over a broadband access network, comprising a network interface unit (NIU) coupled to a backup local exchange carrier (LEC) line, the broadband access network coupled to the NIU, an intermediate point-of-presence (IPOP) coupled to the broadband access network, and at least one external access network coupled to the IPOP. The system also provides for a fail-safe mode in which the NIU supports the LEC line for lifeline services.

Abstract: A network interface unit is provided for use intermediate a LAN and a public or private network, or a combination of both, for establishing secure links to a VPN gateway. Login by a LAN client with the network interface unit, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Illustrative network interface units include a DHCP server and provide encryption-decryption and encapsulation-decapsulation of data packets for communication with VPN nodes. Configuration and connection of a client are further enhanced by a built-in DNS server and other functional servers to provide a high degree of autonomy in establishing connections to a desired VPN gateway via an ISP or other public and/or private network links to. The interface unit then performs required authentication exchanges, and required encryption key exchanges.

Abstract: A network interface unit is provided for use intermediate a LAN and a public or private network, or a combination of both, for establishing secure links to a VPN gateway. Login by a LAN client with the network interface unit, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Illustrative network interface units include a DHCP server and provide encryption-decryption and encapsulation-decapsulation of data packets for communication with VPN nodes. Configuration and connection of a client are further enhanced by a built-in DNS server and other functional servers to provide a high degree of autonomy in establishing connections to a desired VPN gateway via an ISP or other public and/or private network links to. The interface unit then performs required authentication exchanges, and required encryption key exchanges.

Abstract: A terminal adapter for guaranteeing the quality of service of both voice and data packets is disclosed. Such quality is ensured by inserting gaps between successive data packets in a stream of multiplexed data and/or voice packets. A gap after a particular data packet is proportional to the size of that particular data packet. In this way, bandwidth is preserved for any voice packets that may have arrived during the transfer of the data packet as well as for any voice packets that arrive during the gap. The unconstrained upstream data bandwidth and the bandwidth used by voice calls may each be estimated by taking a plurality of instantaneous measurements of the available bandwidth and/or taking individual direct measurements. The size of data packets may be limited to a maximum size in order to ensure that time-sensitive voice packets experience only an acceptable delay in queue for transmission.

Abstract: A system has a switch that allows virtual private networks to be created dynamically. The system includes at least one network. The system also includes a computer having an address. The system also includes a plurality of ports for coupling to the computer. The system also includes a switch that assigns one of the plurality of ports to a private network according to the address of the computer. The switch assigns the port by correlating the address with an address list.

Abstract: A system has a switch that allows virtual private networks to be created dynamically. The system includes at least one network. The system also includes a computer having an address. The system also includes a plurality of ports for coupling to the computer. The system also includes a switch that assigns one of the plurality of ports to a private network according to the address of the computer. The switch assigns the port by correlating the address with an address list.

Abstract: A system and method for providing telephony and high speed data access over a broadband access network, comprising a network interface unit (NIU) coupled to a backup local exchange carrier (LEC) line, the broadband access network coupled to the NIU, an intermediate point-of-presence (IPOP) coupled to the broadband access network, and at least one external access network coupled to the IPOP. The system also provides for a fail-safe mode in which the NIU supports the LEC line for lifeline services.

Abstract: A network interface unit is provided for use intermediate a LAN and a public or private network, or a combination of both, for establishing secure links to a VPN gateway. Login by a LAN client with the network interface unit, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Illustrative network interface units include a DHCP server and provide encryption-decryption and encapsulation-decapsulation of data packets for communication with VPN nodes. Configuration and connection of a client are further enhanced by a built-in DNS server and other functional servers to provide a high degree of autonomy in establishing connections to a desired VPN gateway via an ISP or other public and/or private network links to. The interface unit then performs required authentication exchanges, and required encryption key exchanges.

Abstract: In an arrangement where users are connected to an ISP through a bank of modems, a time-out threshold is then selected for the user based on the user's connection pattern. The threshold is varied dynamically in response to access patterns, in an attempt to trade the benefit accrued by using the ISP's modem and phone line for a shorter period of time, against the inconvenience to the user from having to reestablish a connection to the ISP. Specifically, the time interval between the last disconnection by the user and the time of reconnection is evaluated, and when this time interval is shorter than a preselected threshold, then the time-out threshold is increased. When this time interval is longer than the preselected threshold, then the time-out threshold is decreased. Typically, when the time-out threshold is decreased, it is decreased by a significantly smaller amount that the amount by which it is increased, when it is increased.

Abstract: A network interface unit is provided for use intermediate a LAN and a public or private network, or a combination of both, for establishing secure links to a VPN gateway. Login by a LAN client with the network interface unit, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Illustrative network interface units include a DHCP server and provide encryption-decryption and encapsulation-decapsulation of data packets for communication with VPN nodes. Configuration and connection of a client are further enhanced by a built-in DNS server and other functional servers to provide a high degree of autonomy in establishing connections to a desired VPN gateway via an ISP or other public and/or private network links to. The interface unit then performs required authentication exchanges, and required encryption key exchanges.

Abstract: In an arrangement where users are connected to an ISP through a bank of modems, a time-out threshold is then selected for the user based on the user's connection pattern. The threshold is varied dynamically in response to access patterns, in an attempt to trade the benefit accrued by using the ISP's modem and phone line for a shorter period of time, against the inconvenience to the user from having to reestablish a connection to the ISP. Specifically, the time interval between the last disconnection by the user and the time of reconnection is evaluated, and when this time interval is shorter than a preselected threshold, then the time-out threshold is increased. When this time interval is longer than the preselected threshold, then the time-out threshold is decreased. Typically, when the time-out threshold is decreased, it is decreased by a significantly smaller amount that the amount by which it is increased, when it is increased.

Abstract: Techniques employed in packet networks for transferring a packet across subnetworks with different namespaces. When a packet enters a given subnetwork and has a destination in a subnetwork with a different namespace, the given subnetwork encapsulates the packet by adding a header which specifies a decapsulator in the namespace. When the packet arrives at the decapsulator, the decapsulator strips the header and provides the packet to a subnetwork with a different namespace. A particular use of the technique is in a network used for broad-band interactive service. The network has two sub-networks. The first subnetwork is a TV channel which functions as a high-bandwidth forward channel and the second subnetwork is a packet network accessible via a public modem pool which functions as a lower-bandwidth return channel. The encapsulator establishes a connection with the public modem pool and receives an address in the second subnetwork which is temporarily associated with the connection.

Abstract: Including a coupler that is connected to the customer's line provides a capability for routing calls that are destined to different called numbers to a single customer line. The coupler includes a module for detecting called number ID signals received at the customer line, a switch interposed between the customer's line and port to which customer premises equipment may be connected, and circuitry for detecting when the customer premises equipment goes off hook. The coupler can also be embedded within the customer premises equipment. Alerting signals are applied to the port to which the customer premises equipment may be connected based on the called number ID signals and on the off hook state of the port to which the customer premises equipment may be connected. In some embodiments, the alerting signals also depend on additional criteria. Also, the alerting signals may be provided by the customer's line, or generated within the coupler.

Abstract: Techniques employed in packet networks for transferring a packet across subnetworks with different namespaces. When a packet enters a given subnetwork and has a destination in a subnetwork with a different namespace, the given subnetwork encapsulates the packet by adding a header which specifies a decapsulator in the namespace. When the packet arrives at the decapsulator, the decapsulator strips the header and provides the packet to a subnetwork with a different namespace. A particular use of the technique is in a network used for broad-band interactive service. The network has two sub-networks. The first subnetwork is a TV channel which functions as a high-bandwidth forward channel and the second subnetwork is a packet network accessible via a public modem pool which functions as a lower-bandwidth return channel. The encapsulator establishes a connection with the public modem pool and receives an address in the second subnetwork which is temporarily associated with the connection.

Abstract: A system to deliver data at very high data transmission speeds to many units in a distributed processing system simultaneously. A distributed processing system is supplied with a local area network (LAN) which is connected to each unit of the distributed processing system. Each unit is also equipped with a LAN interface card so that it may receive messages (and send messages if necessary) between itself and the system supplying the data. Speed of data delivery is increased to the speed of the LAN, which may be many times greater than is currently possible.

Abstract: A system and method which delivers data at very high data transmission speeds to many locations simultaneously. A SCANS system is supplied with a satellite uplink communication module which transmits data to an earth orbiting satellite. The satellite then retransmits the data over a wide geographical area. Each receiving location is equipped with a small satellite dish to receive data from the satellite. Advantageously, the satellite dish is connected to a work station in the switching office which then processes the received data and delivers all information in a form that is ready for use by the modules' switching office. Errors during data transmission are noted for further processing. After the data is broadcast from the beginning to the end, the SCANS system pauses for a brief interval during which time each receiving station performs error detection, error correction, and other recovery procedures on the data it just received.