Abstract: A method for tracing packets in a communications network directed to tracing a stream of anonymous packets received at a given target host, in order to identify their source, in response, for example, to a Denial-of-Service (“DoS”) attack on the target host. Advantageously, the tracing is performed without reliance on knowledge or cooperation from intervening Internet Service Providers (ISPs) along the path. The method is performed by applying a “burst load” (i.e., a brief but heavy load of transmitted packets) to various elements (i.e., links or routers) in the network and measuring the change in the rate with which the stream of packets arrive at the target. If the rate is substantially altered upon introduction of the burst load, then it may be deduced that the given element is most likely on the path from the source host of the DoS attack to the target host.

Abstract: A multi-stage (e.g., two-stage) packet-based lookup process using a Ternary Content Addressable Memory (TCAM) divided into partitions. The result of a first stage lookup is used to selectively search one of a plurality of TCAM partitions during the second stage. A subset of destination address bits may be used in the first stage to hash to a selected partition for the second stage. Alternatively, a partitioning algorithm segments a routing trie into partitions, and then, either a separate, small TCAM or one of the partitions is used in the first stage to map a prefix of the destination address to one of the TCAM partitions for use in the second stage. The “trie-based” algorithms may advantageously partition the trie such that each second stage partition comprises a substantially contiguous sequence of routing prefixes in a post-order traversal of the routing trie, together with one or more covering prefixes thereof.

Abstract: A method for determining a master ring for an optical communications network having nodes arranged in a plurality of interconnected ring structures. (A master ring is a ring structure which contains every node in the network exactly once, and which also respects the node ordering of every individual ring.) An efficient solution to the master ring problem is provided by advantageously limiting the enumeration process based on the consistency of the enumeration of individual rings with each other. Illustratively, an intersection graph of the network is generated; one or more of the rings is chosen and possible openings of each of these rings are enumerated; and a limited number of possible openings of one or more other (i.e., non-chosen) rings are enumerated such that the enumeration of the possible openings of the other (i.e., non-chosen) rings are consistent therewith.

Abstract: Content on the World Wide Web is made available for downloading by distributing it to cache providers. The content provider is a distinct entity from the cache providers and enters into contractual arrangements in order to benefit from the services provided by the cache providers. The contractual arrangements specify certain rights in cache resources that are bought and sold as commodities, exemplarily through a broker or exchange. An exemplary such right is the right to a stated amount of bandwidth, in a stated time interval, for servicing download requests. Responsive to such contractual arrangements, a redirective element such as a DNS server is programmed to redirect, to one or more cache providers, download requests initially addressed to the content provider.

Abstract: A method and apparatus for network routing in packet-based networks which advantageously takes traffic conditions into account dynamically in determining the “best route” for routing a packet to its intended destination. Illustratively, a potential function is employed whereby hypothetical electrostatic potential values are calculated at each node or link of a network, and the packets are routed in accordance with these potential function values (e.g., in the direction of the lowest neighboring value). The potential function values may be advantageously calculated based on queue lengths at the various nodes (or links) in combination with a minimum-cost distance calculated to the packet's intended destination.

Abstract: A security bar providing improved security from breach is obtained with the use of a fiber optic cable longitudinally inserted in a hollowed out cavity thereof. Monitoring of the security bar to identify attempts at breach thereof may be achieved by connecting an optical light source to one end of the fiber optic cable and a light monitoring device (i.e., an optical receiver) at the other end. In this manner, a breach of the security bar is identified when the optical receiver fails to receive the light generated by the optical light source. In one embodiment, an isolator which consists of a material that is soft enough to absorb a potential shock but hard enough to break or splinter if the security bar is substantially deformed (e.g., wood) surrounds the fiber optic cable.

Abstract: A SYN packet bandwidth Distributed Denial-of-Service (DDoS) attack is defended against by intercepting and identifying SYN packets in a “DDoS gateway” advantageously positioned at the edge of the network to be protected (e.g., one hop upstream from the protected link), and by queuing these intercepted SYN packets in a separate queue from other TCP packet queues. Edge per-flow queuing is employed to provide isolation among individual TCP connections sharing the link. A fair scheduling algorithm such as round robin scheduling is used to ensure that SYN packets (such as those generated as part of a SYN bandwidth attack) cannot overwhelm the egress link in the presence of other TCP packets.

Abstract: A method for exchanging routing information between I-BGP routers within an autonomous system (AS) advantageously enables a solution to both persistent route oscillation problems and transient route oscillation problems which may occur when using I-BGP in a given AS. Conventional I-BGP protocol techniques are extended by enabling I-BGP speakers (e.g., routers) to communicate a set of possible best paths to a given destination, rather than communicating only a single best path, to each of their I-BGP peers within the given AS. Specifically, a plurality of possible best paths to a destination are communicated (where there are in fact more than one) from an I-BGP speaker in a given AS to its I-BGP peers (within the given AS), for each neighboring AS that provides any such paths (i.e., routes to the destination).

Abstract: Radio Frequency Identification (RFID) tags and an antenna grid are used for automatic determination of cable connections. An RF antenna grid is advantageously employed on a device having a plurality of device ports (e.g., cable connection points) which may, for example, be physically organized in a two-dimensional arrangement. Then, when RFID tags are fixed to one or more cable ends, it can advantageously be determined which of the one or more cables are connected to which of the ports on the device. The RF antenna grid may comprise a plurality of individual antennas which are advantageously multiplexed such that a single RFID reader can handle the sensing for all antennas. Also, opposing ends of a given cable may be advantageously provided with RFID tags having related ID codes such that connections which exist between two connected ports of the device may be easily and efficiently determined.

Abstract: A method and apparatus for reducing the number of write operations during route updates in router forwarding engines eliminates “excess” (i.e., “redundant”) writes to the routing trie. One or more writes are “redundant” with respect to another write if the timestamp of the other write is the same as or later than (by an amount less than a given threshold) the timestamp of each of the one or more writes, and if the state of the routing trie after the other write has been applied is equivalent whether or not any of the one or more writes have also been applied. Excess writes may be advantageously eliminated when routes are either added to or withdrawn from the routing trie, and deleted subtrees may be advantageously cached for subsequent re-addition thereto.

Abstract: A method and apparatus for controlling the pump powers of a broadband DWDM optical system using Raman amplification which determines pump settings that are advantageously directed to minimizing the peak-to-peak ripple of the channel powers with respect to a given per-channel target. The illustrative method and apparatus first formulates a linear programming optimization problem, and then solves the formulated linear program in order to derive a new set of pump powers to be applied to the Raman amplification pumps. In accordance with the principles of the invention, the formulated linear programming optimization problem advantageously includes one or more “virtual” channels in addition to the actual channels used in the optical transmission system. The linear program may be solved with use of any conventional linear programming solution technique, such as, for example, the simplex method.

Abstract: A security bar providing improved security from breach is obtained with the use of a plurality of free rolling inner bars. Illustratively, three inner rolling bars, arranged in a triangular relationship, are provided inside a cylindrically hollowed out outer bar, thereby ensuring that no inner bar can be attacked simultaneously from opposing sides thereof. The inner bars may be surrounded with a ring of ball bearings to provide for their ability to roll freely in place with respect to the outer bar. Electronic monitoring of the security bar identifies attempts to breach the security bar.

Abstract: A signal detection technique for multiple-input multiple-output (MIMO) communications systems embodied in a method and apparatus for detecting a plurality of transmitted signals with use of a plurality of receiving antennas. An iterative procedure decodes one of a plurality of transmitted signals at each iteration using an intermediate matrix at each iteration to determine the transmitted signal to be decoded. The intermediate matrix for each successive iteration is advantageously computed in a recursive manner with use of a Schur complement operation performed based on the inverse of a modified version of the intermediate matrix used in the previous iteration.

Abstract: A method for distributing a password amongst a plurality of servers for subsequent use in a provably secure multi-server threshold password authentication process. A client, having a password to be authenticated by a plurality of servers, generates an encryption of a function of the password. Then, this encryption is provided to each of the servers for use in subsequent password authentication. In accordance with one illustrative embodiment of the invention, the encryption is of an ElGamal ciphertext of the function g(?C)?1, where ?C is password and g is the generator used to generate the cryptographic keys used for communication between the client and the plurality of servers.

Abstract: A method for calculating an estimate of the clock skew between a sender's clock and a receiver's clock in a packet-based communications network. An adaptive algorithm is employed in which a recursive least squares approach is used to calculate an estimate of the clock skew based on the transmission of a given (i e., the “current”) packet, which estimate is further based on a previous estimate thereof (“a first approximation” thereof). This illustrative process then iterates with each new packet, producing increasingly accurate estimates of the clock skew.

Abstract: A method and apparatus for tracking an object using one or more video cameras together with a plurality of microphones and/or geophones, whereby accurate tracking of the object can be obtained even when the object changes directions as a result of an impact. A tennis ball may be tracked during a tennis match. Prior to and after an impact, the ball is tracked with the use of video cameras, illustratively in accordance with the method disclosed in U.S. Pat. No. 6,233,007. Then, the position of the ball at racket or ground impact is accurately determined by measuring the acoustical waves generated by the ball hitting the racket and/or either the acoustic waves or the elastic (Rayleigh) waves generated by the ball hitting the ground, respectively. Tracking then advantageously continues with use of the video cameras.

Abstract: A method and apparatus for performing discriminative training of, for example, call routing training data (or, alternatively, other classification training data) which improves the subsequent classification of a user's natural language based requests. An initial scoring matrix is generated based on the training data and then the scoring matrix is adjusted so as to improve the discrimination between competing classes (e.g., destinations). In accordance with one illustrative embodiment of the present invention a Generalized Probabilistic Descent (GPD) algorithm may be advantageously employed to provide the improved discrimination.

Abstract: A method and apparatus for determining masked thresholds for a perceptual auditory model used, for example, in a perceptual audio coder, which makes use of a filter bank structure comprising a plurality of filter bank stages which are connected in series, wherein each filter bank stage comprises a plurality of low-pass filters connected in series and a corresponding plurality of high-pass filters applied to the outputs of each of the low-pass filters, and wherein downsampling is advantageously applied between each successive pair of filter bank stages. In accordance with one illustrative embodiment, the filter bank comprises low order IIR filters. The cascade structure advantageously supports sampling rate reduction due to the continuously decreasing cutoff frequency in the cascade. The filter bank coefficients may advantageously be optimized for modeling of masked threshold patterns of narrow-band maskers, and the generated thresholds may be advantageously applied in a perceptual audio coder.

Abstract: A method and apparatus for controlling the pump powers of a broadband DWDM optical system using Raman amplification which determines pump settings that advantageously minimize the peak-to-peak ripple of the channel powers with respect to a given per-channel target. The illustrative method and apparatus first formulates a linear programming optimization problem, and then solves the formulated linear program in order to derive a new set of pump powers to be applied to the Raman amplification pumps. Illustratively, the linear program may be solved with use of any conventional linear programming solution technique, such as, for example, the simplex method.

Abstract: A method and apparatus for detecting the presence of mobile terminals such as cell phones that are in the vicinity of one or more selected locations. The detected devices are identified and such information may then be provided to an application for its use. Specifically, a detector is installed at a selected location or locations for monitoring the transmissions of mobile terminals that come nearby. When such a transmission is detected, information from the base station with which the mobile terminal is communicating provides identification data, and based on timing relationships between the detected transmission and the data received from the base station, the detected mobile terminal may be specifically identified.