Abstract: A service selection gateway (SSG) which enables a service provider to conveniently provide access of the same services to a group of hosts. The service provider may specify the specific services each group of hosts is permitted to access, and the SSG forwards packets from the hosts only to the corresponding specified services. In an embodiment implemented substantially in the form of software, the access information (specifying the server addresses which can be accessed from each group of hosts) is stored in the form of data structures in which the same copy of access information is shared by many (all) hosts in the corresponding group.

Abstract: Systems and methods are disclosed for packet voice conferencing. An encoding system accepts two sound field signals, representing the same sound field sampled at two spatially-separated points. The relative delay between the two sound field signals is detected over a given time interval. The sound field signals are combined and then encoded as a single audio signal, e.g., by a method suitable for monophonic VoIP. The encoded audio payload and the relative delay are placed in one or more packets and sent to a decoding device via the packet network. The decoding device uses the relative delay to drive a playout splitter—once the encoded audio payload has been decoded, the playout splitter creates multiple presentation channels by inserting the transmitted relative delay in the decoded signal for one (or more) of the presentation channels. The listener thus perceives a speaker's voice as originating from a location related to the speaker's physical position at the other end of the conference.

Abstract: A system automatically discovers and maintains geographic location information for entities and devices making up a computer network. The system preferably includes a computing unit and a geographic location generator, such as a Global Positioning System (GPS) receiver. The computing unit includes a location discovery entity and a message generator. The GPS receiver, which is mounted to and in communication with the computing unit, may be augmented with an inertial navigation unit to facilitate the generation of location information inside of buildings where GPS signals can be difficult to receive. The computing unit further includes a network communications facility so that it can communicate with one or more network devices, such as a network switch. The switch includes a location recording/reporting entity and a location database.

Abstract: Mechanisms and techniques provide a system that operates in a data communications device to provide automatic authentication of a client device to a server device. The mechanisms and techniques (i.e., the system) operate to detect a requirement for authentication of a request for data sent from a client device to a server device. In response, the system creates an authentication response in response to detecting the requirement for authentication. The authentication response contains authentication information required by the server device to allow the client device to access data via the server device. The system then automatically inserts the authentication response into the data communications session between the client device and the server device. The authentication response authenticates, to the server device, access to the data by the client device.

Abstract: A system for providing a Virtual Local Area Network (VLAN) by use of an encryption states or encryption keys for identifying a VLAN. A table of data including a VLAN and an associated encryption state or key is provided for assignment of encryption states or keys, for devices in a wireless local area network.

Abstract: Systems and methods are disclosed for performing HyperText Transfer Protocol (HTTP)-like transactions over a point-to-point connection between a client and a server. In one embodiment, the client uses Uniform Resource Locators (URLs) that identify the server by a telephone number that it can be reached at. When a user tries to access such a URL, the telephone number is dialed and a point-to-point connection is established (if it does not already exist) between the client and the server associated with that telephone number. HTTP-like transactions can then take place between the client and server, without the necessity of an Internet Protocol network with gateways, domain name servers, search engines, and network-connected hosts.

Abstract: A method is disclosed for determining the authentication capabilities of a supplicant before initiating an authentication conversation with a client, for example, using Extensible Authentication Protocol (EAP). In one aspect, the method provides for sending, to a supplicant that is requesting access to a computer network subject to authentication of a user of the supplicant, a list of first authentication methods that are supported by an authentication server; receiving, from the supplicant, a counter-list of second authentication methods that are supported by the supplicant; determining how many second authentication methods in the counter-list match the first authentication methods; and performing an authentication policy action based on how many of the second authentication methods match the first authentication methods. Policy actions can include blocking access, re-directing to sources of acceptable authentication methods, granting one of several levels of network access, etc.

Abstract: The invention describes a system and method for arranging to provide power to a power monitor device. The disclosure describes the system and method receiving a request for power for at least one device specified by a power monitor device. The disclosure describes receiving at least one proposal from an entity desiring to supply power according to the request for power. A best proposal of the at least one proposal is determined. And the system and method command the power monitor device to supply power in accordance with the best proposal.

Abstract: Methods, apparatuses and systems directed to partitioning access points into two or more network access layers, such as overlay and underlay network access layers. According to one implementation of the present invention, a wireless network management system partitions a set of wireless access points into an overlay network for low-functionality clients and an underlay network for high-functionality clients. As described in further detail below, each of the overlay and underlay networks provides a class of network service, where each class of network service differs relative to at least one attribute (e.g., type of 802.11 access, data rates, High-Density, Quality-of-Service, encryption, compression, etc.). For didactic purposes, the overlay network is also referred to as the overlay network service layer (NSL) and the underlay network is referred to as the underlay NSL.

Abstract: Disclosed are methods and apparatus for methods and apparatus for facilitating a secure connection between a first and a second node in a computer network where one or both of the nodes may or may not reside behind a network address translation (NAT) enabled gateway. Embodiments of the present invention provide a seamless integration by providing a uniform solution for establishing secure connections, such as IPSEC, between two nodes irrespective of whether they are behind a NAT-enabled gateway or not. In general, a gateway is operable to receive a request from a remote host for a secure connection to a local host that within the home network of the gateway. The gateway then forwards this received request to a NAT traversal service. The NAT traversal service receives the request and then automatically sends an initiation message to set up a secure session, e.g., performing authentication and exchanging keys.

Abstract: In one embodiment, accounting information for a mobile node operating according to Mobile IP Protocol is updated. A network device that supports Mobile IP composes a request packet for the mobile node. The request packet identifies the mobile node and includes at least one counter associated with accounting information pertaining to the mobile node. The request packet is then sent to a server adapted for performing accounting. The server then logs the accounting information for the mobile node. The server may then send a reply packet to the network device acknowledging logging of the accounting information pertaining to the mobile node. A bill for Mobile IP services may then be generated from the accounting information.

Abstract: A method, system and apparatus are provided for securely connecting a peripheral device to a processing device in a wireless network. The peripheral device makes a request for access to the processing device, which generates a challenge message and prompts a user to respond. The peripheral device is allowed access to the processing device, based on the user's response. If the user's response validates the challenge message, access is allowed; otherwise it is disallowed.

Abstract: According to one embodiment of the invention, a method for managing time-sensitive packetized data streams at a receiver includes receiving a time-sensitive packet of a data stream, analyzing an energy level of a payload signal of the packet, and determining whether to drop the packet based on the energy level of the payload signal.

Abstract: Techniques for implementing a digital signature algorithm in electronic computer hardware include computing the multiplicative inverse of a particular integer modulo a prime modulus by computing a first quantity modulo the prime modulus. The first quantity substantially equals, modulo the prime modulus, the particular integer raised to a power of a second quantity. The second quantity is two less than the prime modulus. The techniques allow an integrated circuit block to compute a modulo multiplicative inverse, such as for signing and verifying digital signatures, using existing blocks of circuitry that consume considerably less area on a chip, and incur fewer developmental costs, than an implementation of an algorithm conventionally used in software.

Abstract: A method for consistent forwarding of data is provided. The method includes storing a plurality of correlations between a set of wireline communication priority levels and a set of wireless communication priority levels. The method further includes receiving data from an application via a wireline communications network. The data is received according to a wireline communication priority level assigned to the data from the set of wireline communication priority levels. The method further includes determining from the set of wireless communication priority levels a wireless communication priority level for the data based at least in part on the wireline communication priority level associated with the data and one or more of the plurality of correlations. The method further includes transmitting the data to a mobile station according to the wireless communication priority level determined for the data.

Abstract: A network architecture that coordinates shared access to a wireless transmission medium while avoiding collisions between simultaneous transmissions even where network nodes cannot hear one another. There is also the capability of readily reconfiguring a wireless network to accommodate new nodes. In one embodiment, there is a hierarchy of master nodes that coordinate wireless transmissions by the other nodes. Since the need for retransmission is minimized, throughput is improved.

Abstract: A selectable source input power supply is disclosed. According to one embodiment, a power supply is provided comprising an input stage including an input connector to couple the power supply to either of an AC input voltage or a DC input voltage, and an actuatable input switch to determine which of the AC input voltage and the DC input voltage is coupled to the power supply, to couple the input stage to an alternating current path in response to a determination that the AC input voltage is coupled to the power supply, and to couple the input stage to a direct current path in response to a determination that the DC input voltage is coupled to the power supply.

Abstract: A mobile router is configured for attaching to a selected router in a clustered network (e.g., a mobile ad hoc network) based on identifying a network topology model of the clustered network from received router advertisement messages that include tree information option fields specifying attributes of the network topology model. The mobile router selects which router advertisement originator to attach to based on correlating the attributes of the router advertisement originators relative to identified priorities, and orders the router advertisement originators within a default router list based on the identified priorities. If the mobile router detects a router from a second clustered network, the mobile router advertises to the attachment router that the second clustered network is reachable, enabling the two clustered networks to communicate using a point-to-point link between the respective attachment routers.

Abstract: A method for communicating data in a network environment is provided that includes receiving a request from an end user for a communications link, the request being used to initiate a communication session. A response is then received that is communicated to the end user in order to establish the communication session, the response being generated by a network node that was selected as a result of a loadbalancing decision. Port-level filtering for the communication session may then be invoked after the response such that separate data and signal pathways are established for selected information associated with the communication session.