Abstract: A system for automatic software production including specification and automatic generation of user interfaces is disclosed. A graphical editor presents diagrams and textual interactive dialogs which are used to enter requirements data defining the desired structure and behaviour of an application program being designed. The requirements data is automatically converted to formal counterparts in a formal language to create a Formal Specification. The Formal Specification is stored in translation structures which are object in memory taking the form of classes which have methods to use the requirements data to articulate source code templates which become source code components in the final output code. A Presentation Model based in a pattern language is used to specify a Presentation Model) using elements of the pattern language as meta-model building blocks which are articulated with requirements data that defines the specifics of the desired user interface.

Abstract: An automated software production system is provided, in which system requirements are captured, converted into a formal specification, and validated for correctness and completeness. In addition, a translator is provided to automatically generate a complete, robust software application based on the validated formal specification, including user-interface code and error handling code.

Abstract: The invention relates to methods for selection of packet transmission routes between two network sites in a case, in which the sites are connected to the rest of the network via a plurality of connections each. According to the invention, the source network site is arranged to select which connection is used at the source end and which connection is used at the destination end, and base the selections at least partly on the basis of a round trip time value and a packet success rate value. The selection criteria can advantageously be time dependent.

Abstract: Methods and/or systems for identifying and/or representing information appliances on a communication system retrieve data sets and store signature data for later identification of individual information systems.

Abstract: A process and apparatus to remotely gather data about cellphone hardware and software configurations and usage. The system uses agents which are resident on the phones and which can be remotely launched by a data collection server by sending a message to a public IP address of the phone and addressed to a special port designated for launch. The agent specifies the launch port and a data collection port upon installation and registration with the cellphone operating system. Data on hardware configuration, software version and phone usage can be gathered. Data collection sessions are established by the data collection server sending a message addressed to the public IP address of the cellphone and the data collection port specified by the agent process upon registration with the operating system. Many alternative embodiments are also disclosed.

Abstract: The invention provides an arrangement for managing a network security application comprising a full management user interface for conducting management operations for the network security application, and a limited management user interface for conducting a limited number of management operations of the full management user interface for the network security application over a wireless remote connection.

Abstract: The practical benefit of the inventive idea results from an assumption that typically, the operational subCAs will not get compromised. Assuming this, a a batch of revocation lists manifesting no revocations can be generated and signed. These pregenerated CRLs (root CRLs) can then be stored outside the high-security vault and, in case of no subCA compromises, published periodically one at a time to the directory system where the PKI clients can automatically fetch them.

Abstract: A method and apparatus for the specification and automatic generation of user interfaces of information system (computer programs) is provided. The method is based in pattern language to specify requirements in an un-ambiguous mode and with precise semantics. The pattern language allows a user interface model to be composed using elements of the pattern language (computer objects in the object oriented programming style) which fully specify the desired user interface. The semantics of the objects in the user interface model have one and only one definition such that user interface model can be validated in a validation process. The validation process eliminates bugs in the final computer program code which is automatically produced from the user interface model.

Abstract: A method for handling dynamic state information used for handling data packets, which arrive at a network element node of a network element cluster, said network element cluster having at least two nodes and each node handling separate sets of data packets. In a node there is maintained 206 a first, node-specific data structure comprising entries representing state information needed for handling sets of data packets handled in said node. In said node there is also maintained 208 a second, common data structure comprising at least entries representing state information needed for handling sets of data packets handled in one other node of said network element cluster. The contents of said common data structure effectively differs from the contents of said node-specific data structure. Data packets are distributed 202, 204 to nodes of the cluster by means of distribution identifiers allocated 200 to nodes.

Abstract: Processing of data packets within a network element cluster having a plurality of network element nodes is described. The network element cluster has a cluster network address common to said plurality of nodes. Distribution decisions are determined for first data packets, a first data packet being a data packet initiating opening of a packet data connection to said cluster network address, according to predetermined criteria. For each node of the network element cluster those first data packets, which are to be processed in said particular node, are selected according to the distribution decisions. Node-specific lists about opened packet data connections for which a node is responsible are maintained, and using these node-specific lists second data packets, which are data packets relating to any opened packet data connection specified in a node-specific list, are processed.

Abstract: A method (400, 610) for handling information about packet data connections arriving at a security gateway element, in order to have in a connection data structure information about packet data connections in accordance with current screening information is presented. In the method, data packet header information about packet data connections in accordance with first screening information is stored (401) in said connection data structure, and updated screening information, said updated screening information forming either by itself or in connection with said first screening information second screening information, is being received (402).

Abstract: The invention relates to methods for controlling of transmission of data in IP networks. According to the invention, the sequence numbers and sending times of transmitted IPSec packets are stored, acknowledgement is sent for every N:th received IPSec packet or after any IPSec packet if T seconds have elapsed after sending a previous acknowledgement packet, the acknowledgement comprising the sequence number of the particular IPSec packet after the reception of which the acknowledgement is sent and the counter values indicating the number of packets and bytes received, and at least the round trip time, packet success rate and throughput value are determined from the reception time of the acknowledgement and the stored sending time associated with the sequence number in the acknowledgement and the counter values indicating the number of packets and bytes received.

Abstract: A system for providing video-on-demand service, broadband internet access and other broadband services over T-carrier systems including a pull multiplexer cherrypicker at the head end is disclosed. The pull multiplexer receives upstream requests and cull out MPEG or other compressed video packets, IP packets and other data packet types to satisfy the requests or to send pushed programming downstream. The downstream can be DSL or HFC. Each customer has a cable modem, DSL modem or a gateway which interfaces multiple signal sources to a LAN to which settop decoders, digital phones, personal computers, digital FAX machines, video cameras, digital VCRs etc. can be attached. Each gateway can coupled the LAN to a DSL line or HFC through a cable modem or a satellite dish through a satellite transceiver. A PSTN and conventional TV antenna interface is also provided.

Abstract: A system to automatically gather attribute data about elements such as networks, network interface cards, operating systems, device types, installed software, processes in execution, financial data, etc. in an organization or a designated subset of the organization. Fingerprint files are used, each fingerprint file corresponding to an element of a specific type and each containing a list of attributes that will be found if that element exists in the system. Each fingerprint contains or points to one or more collection instructions which control a data collector process to attempt to gather attribute data. Each fingerprint contains or points to rules that are used to analyze the attribute data gathered to calculate the probability that the element exists. The rules can be fired sequentially, in if-then-else fashion or can be incorporated in a script in loops and with mathematical manipulations, tests and branching for more sophisticated analysis.

Abstract: This invention provides a method for providing network security services, such as those provided by the IPSEC protocol, through network address translation (NAT). The method is based on determining the transformations that occur on a packet and compensating for the transformations. Because only TCP and UDP protocols work through NATs, the IPSEC AH/ESP packets are encapsulated into UDP packets for transport. Special operations are performed to allow reliable communications in such environments.

Abstract: A system for bidirectional communication of digital data between a central unit and a remote unit wherein the need for tracking loops in the central unit has been eliminated. The central unit transmitter generates a master carrier and a master clock signal which are used to transmit downstream data to the remote units. The remote units recover the master carrier and master clock and synchronize local oscillators in each remote unit to these master carrier and master clock signals to generate reference carrier and clock signals for use by the remote unit receiver. These reference carrier and clock signals are also used by the remote unit transmitters to transmit upstream data to the central unit. The central unit receiver detects the phase difference between the reference carrier and clock signals from the remote units periodically and adjusts the phase of the master carrier and master clock signals for use by the central unit receiver to receive the upstream data.

Abstract: The invention relates to methods for selection of packet transmission routes between two network sites in a case, in which the sites are connected to the rest of the network via a plurality of connections each. According to the invention, the source network site is arranged to select which connection is used at the source end and which connection is used at the destination end, and base the selections at least partly on the basis of a round trip time value and a packet success rate value. The selection criteria can advantageously be time dependent.

Abstract: A nonvolative memory in the form of a flash EEPROM with high density and low cost. A vertical MOS transistor is formed in well etched into a semiconductor substrate, the substrate having a buried layer of doped material of a first conductivity type acting as the channel region. Source and drain regions of this transistor comprise second conductivity type layers doped in the substrate above and below the buried layer. A thin gate oxide or oxide-nitride-oxide (ONO) layer is formed in the well and a floating gate of polysilicon is formed over the gate oxide. A layer of oxide or ONO is formed over the floating gate, and a second polysilicon or metal layer is used to fill the well to form the control gate and word line. A bit line is formed of a layer of metal or polysilicon deposited over an insulating layer on top of the word line and makes contact with the drain of the vertical MOS transistor through a contact window formed adjacent the well.

Abstract: The invention is related to structures used for providing fault tolerance in computer data networks. According to the invention, fault tolerance is achieved by redundancy, i.e. by using at least two network nodes in parallel. The network nodes have at least two physical network interface to a network, only one of which is active during normal operation. In the case of two network nodes being used, both of these have two physical network interfaces to the same network. A first network interfaces on the first node has the same IP and MAC address as one interface on the second node, and the second network interface on the first node has the same IP and MAC address as the other interface on the second node. The IP and MAC addresses of the two interfaces of each node are different, whereby the two nodes provide a first IP address and a corresponding first MAC address, and a second IP address and a corresponding second MAC address.

Abstract: An impulse detector which can detect both low and high levels of impulse noise in a CDMA system is comprised of circuitry to calculate the background noise level in unused codes. Another circuit calculates the average noise power in the unused codes of each spreading interval to output the noise power per spreading interval. This average is continuously averaged over spreading intervals by another circuit which outputs the average background noise power. A comparator compares the noise power in the current spreading interval with the background noise power plus a programmable threshold and generates an erasure indication if the background noise power plus a discrimination threshold is exceeded.