Abstract: In a network, a router uses some secret information combined with a cryptographic process in determination of a subnet's routing prefix. Several methods are disclosed, including using an IP suffix for prefix generation and for decryption, maintaining a pool of pseudo prefixes at the router, using public key encryption and symmetric key encryption.

Abstract: In a fast active scanning wireless network apparatus and method for quick determination of available access points, information about a candidate set of available access points is obtained, and a candidate access point is identified from the candidate set. A mobile station then queries the candidate access point with a probe request that designates the candidate access point as a sole responder. The probe request prevents other access points from contending for the medium of communication between the mobile station and the designated sole responder access point by excluding the attempt by other access points to transmit probe responses. The apparatus and method thus increases the probability of a fast and successful probe request from the mobile station and subsequent response from the designated access point. The designated access point may also respond with a probe response of high priority, preventing intervention of communication.

Abstract: Methods, components, and systems for efficient authentication, either through a digital signature or message authentication codes, and verification of a digital stream sent from a source to a receiver via zero or more intermediaries, such that the source or intermediary (or both) can remove certain portions of the data stream without inhibiting the ability of the ultimate receiver to verify the authenticity and integrity of the data received. According to the invention, a source may sign an entire data stream once, but may permit either itself or an intermediary to efficiently remove certain portions of the stream before transmitting the stream to the ultimate recipient, without having to re-sign the entire stream. Applications may include the signing of media streams which often need to be further processed to accommodate the resource requirements of a particular environment. Another application allows an intermediary to choose an advertisement to include in a given slot.

Abstract: In a fast active scanning wireless network apparatus and method for quick determination of available access points (20), information about a candidate set of available access points (20) is obtained, and a candidate access point is identified from the candidate set. A mobile station (10) then queries the candidate access point with a probe request that designates the candidate access point as a sole responder. The probe request prevents other access points from contending for the medium of communication between the mobile station and the designated sole responder access point by excluding the attempt by other access points (20) to transmit probe responses. The apparatus and method thus increases the probability of a fast and successful probe request from the mobile station and subsequent response from the designated access point (20). The designated access point may also respond with a probe response of high priority, preventing intervention of communication.

Abstract: Active scanning method in a wireless network for fast determining available access points (106, 806) using inter-AP (Access Point) communication is described. In the scanning method, a mobile station (102, 802) sends Probe Request for Proxy frame to the current AP (104, 804) serving the mobile station (102, 802). In response to the Probe Request for Proxy frame, the current AP (104, 804) send Proxy Probe Request packet to the appropriate APs (106, 806). In response to the Proxy Probe Request packet, the neighbor APs (106, 806) send Probe Response frame to the mobile station (102, 802) on its operating channel. Since the mobile station (102, 802) moves to the channel being examined after sending the Probe Request for Proxy frame, it receives the Probe Response frame if it is in the coverage area of the neighbor AP (106, 806). The content of Probe Response frame provides the mobile station (102, 802) with the information to be used in handoff decision and network join procedures.

Abstract: A method supports scalable and reliable multicast in a wireless network with a large bandwidth-delay product. In this method, acknowledgement packets from different receivers experiencing the same number of data packets lost are assigned the same time slots. This method can be combined with other loss recovery techniques, such as forward error correction (FEC) recovery, proactive protection, feedback suppression and collision detection. Scalability is achieved as bandwidth usage relates only to the number of packets transmitted, rather than the number of receivers.

Abstract: Cryptographically Protected Prefixes (“CPPs”) are used to create IP addresses, preventing any correlation between a CPP IP address and a host's geographic location. An IP address is subdivided into address prefixes of multiple segments. Each segment is encrypted with a cryptographic key known only to a subset of routers in the access network domain (or Privacy Domain). Therefore, each router obtains the information it needs to forward a packet of information, but not any additional information.

Abstract: A network system includes a network edge point configured to provide a terminal with access to a network. The network edge point includes a security policy associated with the terminal, and controls communications between the network and the terminal according to the security policy. The security policy may include a personal filter downloaded from the terminal, a service filter downloaded from a service policy server, and/or a domain filter downloaded from a domain policy server. The terminal may access the network through a second network edge point. The second network edge point may download one or more of the filters from the first network edge point, and control communications between the network and the terminal according to the security policy.

Abstract: Methods, components, and systems for efficient authentication, either through a digital signature or message authentication codes, and verification of a digital stream sent from a source to a receiver via zero or more intermediaries, such that the source or intermediary (or both) can remove certain portions of the data stream without inhibiting the ability of the ultimate receiver to verify the authenticity and integrity of the data received. According to the invention, a source may sign an entire data stream once, but may permit either itself or an intermediary to efficiently remove certain portions of the stream before transmitting the stream to the ultimate recipient, without having to re-sign the entire stream. Applications may include the signing of media streams which often need to be further processed to accommodate the resource requirements of a particular environment. Another application allows an intermediary to choose an advertisement to include in a given slot.

Abstract: Methods, components, and systems for efficient authentication, either through a digital signature or message authentication codes, and verification of a digital stream sent from a source to a receiver via zero or more intermediaries, such that the source or intermediary (or both) can remove certain portions of the data stream without inhibiting the ability of the ultimate receiver to verify the authenticity and integrity of the data received. According to the invention, a source may sign an entire data stream once, but may permit either itself or an intermediary to efficiently remove certain portions of the stream before transmitting the stream to the ultimate recipient, without having to re-sign the entire stream. Applications may include the signing of media streams which often need to be further processed to accommodate the resource requirements of a particular environment. Another application allows an intermediary to choose an advertisement to include in a given slot.

Abstract: In a fast active scanning wireless network apparatus and method for quick determination of available access points, information about a candidate set of available access points is obtained, and a candidate access point is identified from the candidate set. A mobile station then queries the candidate access point with a probe request that designates the candidate access point as a sole responder. The probe request prevents other access points from contending for the medium of communication between the mobile station and the designated sole responder access point by excluding the attempt by other access points to transmit probe responses. The apparatus and method thus increases the probability of a fast and successful probe request from the mobile station and subsequent response from the designated access point. The designated access point may also respond with a probe response of high priority, preventing intervention of communication.

Abstract: The present invention provides a method and system for handoff in a wireless communication network. In one embodiment, a common handoff encryption key is generated by an authentication server and transmitted to a first access point and a second access point. The first access point transmits the handoff encryption key to a wireless terminal. The wireless terminal encrypts output data with the handoff encryption key. When the wireless terminal is associated with the second access point, the second access point decrypts data from the wireless terminal with the handoff encryption key. In a second embodiment, a handoff WEP key generation secret parameter is provided to a first and a second access point. Both access points generate a handoff WEP key as a function of the handoff WEP key generation secret parameter and an address of a wireless terminal. The first access point transmits the handoff WEP key to the wireless terminal.

Abstract: The present invention provides a method and system for handoff in a wireless communication network. In one embodiment, a common handoff encryption key is generated by an authentication server and transmitted to a first access point and a second access point. The first access point transmits the handoff encryption key to a wireless terminal. The wireless terminal encrypts output data with the handoff encryption key. When the wireless terminal is associated with the second access point, the second access point decrypts data from the wireless terminal with the handoff encryption key. In a second embodiment, a handoff WEP key generation secret parameter is provided to a first and a second access point. Both access points generate a handoff WEP key as a function of the handoff WEP key generation secret parameter and an address of a wireless terminal. The first access point transmits the handoff WEP key to the wireless terminal.

Abstract: The present invention provides a method and system for handoff in a wireless communication network. In one embodiment, a common handoff encryption key is generated by an authentication server and transmitted to a first access point and a second access point. The first access point transmits the handoff encryption key to a wireless terminal. The wireless terminal encrypts output data with the handoff encryption key. When the wireless terminal is associated with the second access point, the second access point decrypts data from the wireless terminal with the handoff encryption key. In a second embodiment, a handoff WEP key generation secret parameter is provided to a first and a second access point. Both access points generate a handoff WEP key as a function of the handoff WEP key generation secret parameter and an address of a wireless terminal. The first access point transmits the handoff WEP key to the wireless terminal.

Abstract: Packet communication method and system in which a packet destined for a terminal is provided service according to a service table indexed by packet classification and the terminal's power mode. The service table may specify for a connection a predetermined quality of service or discarding the packet. For a power mode having an alerting (i.e., paging) mechanism, the service may include alerting the terminal. The service table may also include a network edge point's own service requests and service requests from terminals, provisioning servers, and handoff sources. For a multicast or broadcast packet, as each terminal may be in a different power mode, the associated service in the service table may therefore be different for each terminal. In that case, the packet is provided with service so that any given terminal is provided with at least the quality of service specified in the service table. Thus, a multicast or broadcast packet is discarded when the service specified for all terminals is “discard.

Abstract: The writing address supply part 210 supplies writing addresses for writing the bits forming bit sequences corresponding to the header H contained in a frame to be transmitted or stored and bit sequences corresponding to the data D, into the operating memory 220. The reading address supply part 230 alternately supplies to the operating memory 220 a plurality of addresses for reading a plurality of continuous bits corresponding to the header H from the operating memory 220, and an address for reading 1 bit corresponding to the data D from the operating memory 220, and reads the bit sequence such that the bits forming the bit sequence corresponding to the header H are scattered and arranged within the bit sequence forming the data D, from the operating memory. In accordance with such an interleaving device, it is possible to individually randomize frames according to their constituent data, and it is possible to transmit the bits that make up such data in a format which is most suited for said data.

Abstract: A method supports scalable and reliable multicast in a wireless network with a large bandwidth-delay product. In this method, acknowledgement packets from different receivers experiencing the same number of data packets lost are assigned the same time slots. This method can be combined with other loss recovery techniques, such as forward error correction (FEC) recovery, proactive protection, feedback suppression and collision detection. Scalability is achieved as bandwidth usage relates only to the number of packets transmitted, rather than the number of receivers.

Abstract: The writing address supply part 210 supplies writing addresses for writing the bits forming bit sequences corresponding to the header H contained in a frame to be transmitted or stored and bit sequences corresponding to the data D, into the operating memory 220. The reading address supply part 230 alternately supplies to the operating memory 220 a plurality of addresses for reading a plurality of continuous bits corresponding to the header H from the operating memory 220, and an address for reading 1 bit corresponding to the data D from the operating memory 220, and reads the bit sequence such that the bits forming the bit sequence corresponding to the header H are scattered and arranged within the bit sequence forming the data D, from the operating memory. In accordance with such an interleaving device, it is possible to individually randomize frames according to their constituent data, and it is possible to transmit the bits that make up such data in a format which is most suited for said data.

Abstract: A method and communication system for supporting dormant mode are described. In one embodiment, the communication system comprises a wireless station operable in a power savings mode and group of access points. Each group of access points comprises one or more access points with at least one group of access points having at least two access points. Ranges for the one or more access points in each of the groups define a paging area for each group, wherein one access point uses a paging channel for paging the wireless station when the wireless station is in the power savings mode and is in the paging area associated with the one access point.

Abstract: Packet communication method and system in which a packet destined for a terminal is provided service according to a service table indexed by packet classification and the terminal's power mode. The service table may specify for a connection a predetermined quality of service or discarding the packet. For a power mode having an alerting (i.e., paging) mechanism, the service may include alerting the terminal. The service table may also include a network edge point's own service requests and service requests from terminals, provisioning servers, and handoff sources. For a multicast or broadcast packet, as each terminal may be in a different power mode, the associated service in the service table may therefore be different for each terminal. In that case, the packet is provided with service so that any given terminal is provided with at least the quality of service specified in the service table. Thus, a multicast or broadcast packet is discarded when the service specified for all terminals is “discard.