Abstract: A method and a system for handling fault messages in a network where a network device publishes fault messages related to the principal cause of the fault. The messages are received by a Network Management System (NMS) that identifies the source of the fault and sends a multicast message to other network devices managed by the NMS. The multicast message comprises information regarding the fault. In response to the multicast message, the other network devices determine whether to publish or drop related fault messages.

Abstract: In one embodiment, a method can include: (i) receiving an incoming probe packet in a network device; (ii) de-encapsulating the incoming probe packet to provide a packet content portion and a drop result portion; (iii) testing the packet content portion against a local access control list (ACL) to determine a local drop result; and (iv) inserting the local drop result and encapsulating an outgoing probe packet.

Abstract: In one embodiment, a method and a system for reducing synchronization of data in a network is disclosed. The method includes generating a string based on the configuration in a first network device. Thereafter, the generated string is hashed to form a first integer. The first integer is used to identify an object. Subsequently, the identified object is utilized for synchronization between the first network device and a second network device. As a result, the need for synchronization of the data is reduced.

Abstract: In one embodiment, mobile nodes may be pre-provisioned with a static home agent address and a static home address. The home agent address may be the same for all the mobile nodes. The home address may be a unique identifier for the mobile node in a network. A registration request from a mobile node may be sent to the home agent address. A load balancer may be configured to receive the registration request at the home agent address. The load balancer is then configured to determine a home agent in the plurality of home agents to send the registration request to. The load balancer determines which home agent to send the request to based on the home address for the mobile node. The load balancer then sends the request to the determined home agent.

Abstract: An apparatus and a method are provided for proxying communications between devices on an IP telephony network. In a preferred embodiment, an appliance comprising a network server and proxy server software includes filtering rules which can be modified to enable proxied communication between an IP phone on a first data network, such as, for example, the internet, and a call processing server located on a second data network. In another embodiment, an appliance comprises a proxy server that proxies call-processing and signaling communications between an authenticated IP phone on a first data network and a call processing server located on a second data network. In another embodiment, the appliance relays voice traffic between IP phones. In another embodiment, the proxy server software operates in a secure mode to permit encryption and decryption of voice and control communications.

Abstract: A method and system has been provided for identifying and processing secure data frames flowing between a source port and a switch port in a network. A data frame from the source port is received at the switch port. The network address of the source port is detected from the data frame. An entry corresponding to the network address of the source port is searched for in a forwarding table. The data frame is identified as a secure or a non-secure data frame on the basis of the entry in the forwarding table. Non-secure data frames are redirected and processed.

Abstract: Techniques for dynamically mapping source video streams of sources to the requested destination video streams based on a policy are provided. The source video streams that are mapped to the destination video streams are changed based on events that cause changes in the mapping based on the policy. The mappings may be managed by a media switch remote from the end device or by an event aware stream router associated with the end device. The mappings are used to display images of participants associated with the source video streams where position changes in images displayed are minimized when events occur.

Abstract: Techniques for security protection of a wireless network are provided. An access point is operated in a first mode. The first mode is a mode of operation that allows access to resources of a network. A security event for a client is detected while operating the access point in the first mode. Then, the access point is changed from the first mode of operation to a second mode of operation. The second mode is a restricted mode of operation that restricts access to resources of the network. Analysis may then be performed to determine if the client is an unauthorized client or valid client.

Abstract: An embodiment of the invention incorporates, or encapsulates, authentication mechanisms into an initiation phase of a transmission protocol session. In a preferred embodiment, Extensible Authentication Protocol (EAP) authentication steps are included in the three-way handshake of a request to establish a Transmission Control Protocol/Internet Protocol TCP/IP) session. An EAP authentication session request can be designated within the standard Transmission Control Protocol (TCP) segment by using unused flags in the segment header. Another way to designate the request is to include a predefined option value in the header.

Abstract: A method, system and apparatus are provided for securely connecting a peripheral device to a processing device in a wireless network. The peripheral device makes a request for access to the processing device, which generates a challenge message and prompts a user to respond. The peripheral device is allowed access to the processing device, based on the user's response. If the user's response validates the challenge message, access is allowed; otherwise it is disallowed.

Abstract: A method, system and apparatus for preventing Denial of Service (DOS) attacks on a device are provided. The method includes determining that the device is receiving DOS attack vectors. The method further includes identifying the attack vector with the highest idle time and removing the identified attack vector. Further, the method includes repeating identifying and removing the identified attack vector until the number of attack vectors falls below a threshold value.

Abstract: The invention relates to load balancing the binding creation on a home agent with a mobile node in an IPV6 network. A home agent serving a prefix learns about load on other home agents and when a home agent address discovery request from a mobile is received by a home agent, the home agent processing the message returns addresses of the least loaded home agent to the mobile node.

Abstract: A system, method, apparatus and machine-readable medium for stashing an information packet, received by a network interface device, are provided. The method includes i) extracting information from the received information packet; ii) determining the stashing size of the information packet; and iii) stashing the information packet, based on the determined size. The information can be extracted from the layer-2, layer-3 and layer-4 headers and trailers of the information packet. Dynamic stashing results in an enhanced performance of the communication systems.

Abstract: Disclosed are systems and methods for storage device access control initiated by a non-linear editor (NLE). In one embodiment, a storage device access controller can include: a storage device configured to store clips, such as audio, graphics, or video clips, arranged in frames; an NLE coupled to the storage device for requesting one or more of the clips; and a buffer engine coupled to the storage device and the NLE. The buffer engine can include: buffers for storing data from the storage device; a data index for indicating a location of data in a clip on the storage device; and a reader configured to control an access of the data using the data index in response to one or more parameters. Embodiments of the present invention can provide for improved data access performance from a disk where the data is requested in clip form from an NLE.

Abstract: A sensing system for sensing conditions or characteristics associated with a process or thing. The sensing system includes one or more energy converters and a sensor, which are coupled to the process or thing. A node is coupled to the sensor and the energy-converter, and the node is powered by output from the energy converter. In a more specific embodiment, the node includes a controller that implements one or more routines for selectively powering a wireless transmitter of the node based on a predetermined condition. The predetermined condition may specify that sensor output values are within a predetermined range or are below or above a predetermined threshold. Alternatively, the predetermined condition may specify that electrical energy output from the energy converter is below a predetermined threshold. A remote computer may be wirelessly connected to node and may include software and/or hardware that is adapted to process information output by the sensor and relayed to the computer via the node.

Abstract: A method, system and apparatus for filtering data packets through an integrated network security device are provided. Various security operations are performed on the data packets belonging to a network connection while they pass through the integrated network security device in a communication network. A classification engine is applied to the first packet of the connection. The result of this filtering is stored in a per-connection control key, and determines which of the security operations must be applied to each of the data packets of the connection. These security operations may be prioritized and re-ordered, based on the rate at which they detect and drop malicious data packets.

Abstract: In on embodiment, techniques for providing alerts to a user when a communication frequency pattern between a user and a contact has not occurred during a pre-determined amount of time are provided. Communication records between the contact and the user can be analyzed to determine if the communication frequency pattern with the contact during the pre-determined amount of time does not meet pre-determined criteria. For example, the criteria may be generate an alert if communications do not occur in the last month, generate an alert if less than five communications occur in the last six months, or any other communication pattern. Also, the content of a communication may be analyzed to determine if a certain topic has been discussed. If a certain topic has not been discussed during the pre-determined amount of time, an alert may also be generated reminding the user that the topic has not been discussed.

Abstract: In one embodiment, a method can include: (i) performing an initial authentication with a mobile device in an access gateway, the access gateway being a point of attachment; (ii) forwarding a first message from the mobile device to an edge proxy; (iii) receiving a second message from the edge proxy; and (iv) returning a modified version of the second message to the edge proxy for a final authentication of the mobile device.

Abstract: The present invention provides an apparatus for protecting a device from water damage. The apparatus is capable of being repeatedly opened and then hermetically sealed even when the device has a wire that must be extended outside of the apparatus. The present invention comprises a housing having at least two members that, when juxtaposed and clamped, form a dry interior region. More specifically, each member includes a pair of gaskets that together define the dry interior region and substantially form a hermetic seal about a pouch or container. The apparatus includes a portal through which the wire may extend from a device inside the pouch or container to the outside and a slide mechanism that adjust a gasket around the wire to maintain the dry interior region. The slide mechanism forms a hermetic seal around the wire so that the opening in the pouch from which the wire extends is hermetically sealed. If no wire is present, the slide mechanism may be adjusted to maintain the hermetic seal.

Abstract: A threshold-based approach is used to assign tasks to servers in a server farm. A “number of connections” count or “connection rate” is maintained for an active server and when the count achieves a first value a wake up signal is sent to a next (inactive) server to alert the inactive server to become active and periodic keep alive signals are initiated. When the number of connections next reaches a second, higher value, subsequent requests for connections are sent to the newly active server. Variations of this approach allow for servers and their associated processes and devices to be handled in clusters for power management scaling efficiency. Servers can be placed in the inactive mode when the number of connections reaches a lower threshold. Other criteria can be used to determine activation of servers, processors or other devices or processes. Other types of resource use monitoring can also be used with this invention.