Abstract: A mobile router is configured for optimized utilization of reverse routing headers, to specify a path between an originating mobile router and a home agent. Reverse routing headers enable each mobile router within the path to the home agent to specify its care of address, enabling the home agent to establish a bidirectional tunnel to the originating mobile router via the corresponding mobile router. The mobile router selectively updates the reverse routing header in a received packet by inserting the source address value of the received packet into the reverse routing header and inserting its corresponding care of address into the source address field, based on whether the mobile router lacks a routing table entry that specifies reachability of a most recent entry in the reverse routing header via the source address value. The mobile router also may request the originating mobile router to increase the reverse routing header size.

Abstract: A method for tracing communications includes receiving trace criteria from a first remote element and determining whether a call signaling message matches the trace criteria. The method includes attaching a trace tag to the call signaling message, if the call signaling message matches the trace criteria. The method further includes transmitting the call signaling message to a second remote element.

Abstract: Techniques for dynamically distributing short messages include storing action data and parameter data. Action data indicates actions for forwarding a short message and includes an action to bypass a short message service center (SMSC). Parameter data indicates parameters in network protocol headers for a short message. Provider input data is received that indicates a special value set and a special action set. The special value set includes a value for a corresponding special parameter set that includes a parameter from the parameter data. The special action set includes an action to be performed if an actual value set matches the special value set. When a particular short message is received, it is determined whether an actual value set based on the particular short message matches the special value set. If so, then the short message is processed according to the special action set.

Abstract: A packet fiber node is described for use in an access network such as, for example, a cable network. The packet fiber node may differ from convention RF fiber nodes deployed in a cable network in that the packet fiber node is configured to communicate with the Head End of the network using baseband optical signals rather than frequency modulated optical signals. According to a specific embodiment of the present invention, one or more packet fiber nodes may be deployed in a cable network to service a plurality of different subscriber groups which are serviced by a single, conventional RF fiber node.

Abstract: Disclosed is a system and method for distributing connections among a plurality of servers at an Internet site. All connections are made to a single IP address and a local director selects the server from among the plurality of servers which is to receive the connection. Thus, the DNS server is not relied upon to distribute connections, and the connection distribution scheme is not avoided when DNS is bypassed. In one embodiment, a session distribution scheme is implemented such that connections are distributed to the server in the group of servers which has the fewest connections of the group. In other embodiments, other session distribution schemes which route connections based on the predicted response times of the servers or according to a round robin scheme are used.

Abstract: A method for establishing a secure connection between two network devices, such as a source end host and a destination end host, is disclosed. An initiator peer that sends network traffic on behalf of the source end host sends to a responder peer a first description of network traffic that is to be protected. In response, the initiator peer receives a second description of network traffic that is to be protected from the responder peer. The initiator peer then derives a third description of network traffic that is mutually acceptable to both the initiator peer and the responder peer. The third description of the network traffic is based on the first description of network traffic and the second description of the network traffic. The third description of network traffic is derived by finding the largest common subset of proxies from the first and second descriptions of network traffic.

Abstract: A method for tracing communications includes receiving trace criteria from a first remote element and determining whether a call signaling message matches the trace criteria. The method includes attaching a trace tag to the call signaling message, if the call signaling message matches the trace criteria. The method further includes transmitting the call signaling message to a second remote element.

Abstract: Methods and apparatus are provided for determining characteristics associated with routes in fibre channel networks. Techniques are provided for inserting time stamp information into frames transmitted from a source to a destination and back to the source. Time stamp information allows a supervisor associated with a source to determine characteristics such as round trip times, latency between hops, and connectivity to a destination for specific routes.

Abstract: A method is disclosed for adaptively coupling processing components in a distributed system. In one aspect, a second component requests an interaction with a first component by sending a service access request to access a first service of the first component. The service access request specifies parameters relating to a proposed level of coupling between the first component and the second component. The second component receives a service response from the first component; the service response specifies counter-proposed parameters relating to a proposed level of coupling between the first component and the second component. The second component determines whether the service response indicates that the first service may be provided. If so, then an agreed-upon level of coupling is established between the first component and second component, and the components interact to receive the service. The level of coupling among the components may be re-negotiated at any time by exchanging values in a coupling context.

Abstract: A mechanism for providing strong anti-replay protection at a security gateway in a network for protection against an attacker duplicating encrypted packets. The mechanism assigns a unique sequence number to each encrypted packet and a time stamp. A receiving security gateway rejects packets that have a duplicative sequence number or that is too old to protect itself against replay attacks. Each security gateway checks off the sequence numbers as they are received knowing that the sending security gateway assigns sequence numbers in an increasing order. The receiving security gateway remembers the value of the highest sequence number that it has already seen as well as up to N additional sequence numbers. Any packet with a duplicative sequence number is discarded. In addition to the sequence number, each packet also has an associated time stamp that corresponds to an epoch during which it should be received. If the packet is received after the epoch has expired, the packet is rejected.

Abstract: Methods, apparatuses and systems directed to the integration of VLANs and wireless access points operating in a Multiple BSSID mode of operation. According to one implementation of the present invention, a wireless access point dynamically maps an SSID provided by a mobile station to a BSSID based on a VLAN assignment corresponding to the mobile station. In one implementation, the wireless access point learns the correct VLAN/BSSID for a given mobile station, while proxying an authentication session between the mobile station and an authentication server.

Abstract: The present invention provides improved methods and devices for managing network congestion. Preferred implementations of the invention allow congestion to be pushed from congestion points in the core of a network to reaction points, which may be edge devices, host devices or components thereof. Preferably, rate limiters shape individual flows of the reaction points that are causing congestion. Parameters of these rate limiters are preferably tuned based on feedback from congestion points, e.g., in the form of backward congestion notification (“BCN”) messages. In some implementations, such BCN messages include congestion change information and at least one instantaneous measure of congestion. The instantaneous measure(s) of congestion may be relative to a threshold of a particular queue and/or relative to a threshold of a buffer that includes a plurality of queues.

Abstract: A server for authenticating call-out services over a public switched telephone network (PSTN) includes a memory, a port to receive information provided by a caller over the PSTN, the information including ciphertext, and a processor operable to use the information to look-up a value in the memory and to perform a calculation that produces a result utilizing an algorithm. The processor authenticates the caller if the ciphertext matches a set of initial bytes of the result. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims.

Abstract: In a wireless LAN (WLAN), methods, apparatuses and systems directed to facilitating configuration of a wireless network is provided. According to one implementation of the present invention, sensors are used to collect data associated with locations and other properties of access points of the wireless network. The collected data can then be used to assist in automatically configuring one or more aspects of the wireless network. In some implementations, the collected data can be used to dynamically re-configure the wireless network in real time. According to another implementation of the present invention, location computation mechanisms are used to collect data associated with the location of one or more wireless clients, and the data is used to dynamically adjust one or more radio frequency (RF) coverage maps in real time. The revised RF coverage maps can then be used to re-configure one or more operational parameters of the wireless network.

Abstract: A mobile router is configured for attaching to a selected router in a mobile network based on identifying a network topology model of the mobile network from received router advertisement messages that include tree information option fields specifying attributes of the network topology model. The mobile router selects which router advertisement originator to attach to based on correlating the attributes of the router advertisement originators relative to identified priorities, and orders the router advertisement originators within a default router list based on the identified priorities.

Abstract: Approaches for preventing TCP RST attacks and TCP SYN attacks in packet-switched networks are disclosed. In one approach, upon receiving a TCP RST packet, a first endpoint node challenges the second endpoint node in the then-current connection using an acknowledgement message. If the connection is genuinely closed, the second endpoint node responds with a RST packet carrying an expected next sequence value. The first endpoint node takes no action if no RST packet is received. Thus, attacks are thwarted because an attacker does not receive the acknowledgment message and therefore cannot provide the exact expected next sequence value.

Abstract: The invention is directed to techniques for processing order messages exchanged between a client and an order server. The order messages can be for products and services that the customer orders from a vendor. The client provides the input order messages, which contain order commands in a predefined document format, to an order message manager of the order server, which also provides an order message sorter and message processing modules. The order message sorter reads the input document in the input order message to determine a type for the message and then directs the message to a message processing module capable of processing that type of order message. The message processing module processes the input document, obtains data if needed from an order database, and prepares an output document to include in an output order message to be returned to the client.

Abstract: A space-time signal processing system with advantageously reduced complexity. The system may take advantage of multiple transmitter antenna elements and/or multiple receiver antenna elements, or multiple polarizations of a single transmitter antenna element and/or single receiver antenna element. The system is not restricted to wireless contexts and may exploit any channel having multiple inputs or multiple outputs and certain other characteristics. Multi-path effects in a transmission medium cause a multiplicative increase in capacity.

Abstract: Data is stored using multiple selected network nodes in a network based on encoding of the data into multiple distinct encoded data units according to a prescribed encoding operation. The secure encoding operation generates a first prescribed number of encoded data units, whereas merely a second prescribed number of the encoded data units are necessary for recovery of the original data, the second prescribed number being less than the first prescribed number. The encoded data units are distributed among selected network nodes in a network, where any one network node receives less than the second prescribed number to ensure security. A requesting node recovers the original data by requesting the second prescribed number of encoded data units from among the network nodes having stored the respective encoded data units.