Abstract: Communications methods, apparatus and systems for detecting a status condition indicative of a failure of a media processing entity and providing media redirection to increase media resource function availability. One embodiment of the present invention is a method that includes directing, by a first Session Border Controller (SBC), a first media call flow of a first call through a first media content processing entity to a second SBC, detecting, at one of said first or second SBCs, a status condition indicative of a failure condition for the first media content processing entity, and redirecting, by the SBC that detects the status condition indicative of a failure condition, the first media call flow for the first call so that the first media call flow passes through a second media content processing entity instead of through the first media content processing entity without terminating the first call.

Abstract: The present invention relates to communications methods, apparatus and systems for correlating registrations with subsequent requests for service, e.g., calling or other services or active calls. In one embodiment requests and corresponding registrations are determined through a method of operating a session border controller (SBC) which includes the assignment of a registration instance identifier by the SBC to each registration request, sending a first message including the registration instance identifier to each user device in response to each registration request, and determining if subsequent requests correspond to the registration instance based on the registration instance identifier being included in subsequent requests. In another embodiment, after a SBC switchover, the new SBC forks a mid-dialog request received for a first call to all active registered devices having the same address of record and determines based on the responses which device has an active dialog corresponding to the first call.

Abstract: A method includes establishing a first session (e.g., a Wi-Fi call) via a first connection to a first network, where the connection to the first network is provided by a first receiver of the mobile device, and monitoring a characteristic of the first connection to the first network. The method includes determining whether the characteristic satisfies a threshold. When the characteristic does not satisfy the threshold, the method includes activating a second receiver of the mobile device, establishing a second connection to a second network, and initiating a handover procedure to transfer the first session from the first network to the second network. The second connection to the second network is provided by the second receiver of the mobile device. As a result of the handover procedure, the first session may be merged with or transferred to a second session (e.g., a cellular call) provided via the second network.

Abstract: Methods and apparatus for authenticating a user equipment device (UE) requesting services through a session border controller (SBC) are described. In some embodiments the SBC stores the challenge and response for a successfully authenticated UE and uses this information to authenticate the UE when the UE seeks access to a service, e.g., establishing a new TCP connection. In some other embodiments, in response to receiving an Invite request from a UE requesting service the SBC generates and sends a Registration request to an authentication entity on behalf of the UE to trigger an authentication process. If the UE is authenticated the SBC allows service access, e.g., allows a call to proceed, otherwise denies service to the UE.

Abstract: Systems and methods which provide enhanced call handling for special called numbers, such as emergency dispatch numbers, are disclosed. An enhanced call handling application of embodiments monitors a native calling application to determine if a call attempt has been made with respect to a number for which enhanced call handling is provided and makes one or more determinations with respect to the success of the attempt. When it is determined that the call attempt was not successful or may not have otherwise been satisfactory to the user, the enhanced call handling application of embodiments operates to facilitate initiating the call via an alternative network, such as by prompting the user regarding initiating the call via the alternative network or by autonomously initiating the call via the alternative network.

Abstract: Methods and apparatus for processing and using TCP packets to communicate RTP packets are described. Head of line blocking is avoided by operating a TCP packet processing module to output RTP packet data to an application irrespective of whether or not a preceding TCP packet was received. Since output of packet data to an application using RTP packets is not delayed when there is a missing TCP packet, head of line blocking is avoided. RTP packet data is subjected to pattern matching in order to identify and process RTP packets in the case where RTP header information such as packet length information is missing due to the failure to receive a TCP packet. The methods are particularly well suited for the communication of audio and/or video by devices operating behind firewalls which block UDP or other types of packets other than TCP packets.

Abstract: Communications methods, apparatus and systems for conserving Media Resource Function (MRF) resources by identifying streams of sessions, for example, non-real time streams, which can be routed to avoid use of MRF resources. An exemplary embodiment includes receiving by a SBC a session initiation request from a first device directed to a second device for a session including a plurality of streams; establishing a plurality of routes to the second device, said routes including at least a first route and a second route, the first route not including a media content processing entity and the second route including a media content processing entity; identifying from the streams for the session a first set of streams; said first set of streams including one or more streams that do not require media content processing; and routing one or more of the streams of the first set of streams via the first route.

Abstract: A user has a plurality of user identities, e.g., a Google ID, an IMS ID, a PBX phone number, a Lync ID, etc., corresponding to different domains and/or different autonomous systems. A presence aggregation interworking function (PAIF) device aggregates presence state information corresponding to the same user and different non-Lync IDs, formats the aggregated information into a Lync compatible format, and communicates the aggregated formatted presence state information to a Lync Presence server. The Lync Presence server may, and sometimes does, further aggregates the aggregated presence state information received from the PAIF, corresponding to the user, with presence state information from a device using a Lync ID, corresponding to the same user. The Lync presence server distributes the aggregated presence state information to other devices, which have expressed an interest in receiving presence state information corresponding to the user.

Abstract: The present invention relates to methods, systems and apparatus for mitigating denial of service attacks. One exemplary embodiment in accordance with the invention is a method of operating a communication system including the steps of receiving at a first device packets of a first packet flow; sending, from the first device, control information to a switch through which packets of the first packet flow pass or to a control device which controls the switch, the control information including a mask corresponding to a range of expected packet values to be used for determining which packets in the first packet flow should be dropped.

Abstract: Methods and apparatus for aggregating and distributing contact information for a user with multiple user identifiers in a plurality of domains. In one embodiment a set of user identifiers corresponding to a first user includes a first user identifier corresponding to a first domain and a second user identifier corresponding to a second domain. A request is made using the first user identifier for contacts associated in the first domain with the first user identifier and a request is made using the second user identifier, for contacts associated in the second domain with the second user identifier. An aggregated contact list corresponding to the first user is generated from a first contact list received from the first domain and from a second contact list received from the second domain. In some embodiments the aggregated contact list and associated user presence information is distributed to the first and second domains.

Abstract: The present invention relates to communications methods, apparatus and systems for correlating registrations with subsequent requests for service, e.g., calling or other services or active calls. In one embodiment requests and corresponding registrations are determined through a method of operating a session border controller (SBC) which includes the assignment of a registration instance identifier by the SBC to each registration request, sending a first message including the registration instance identifier to each user device in response to each registration request, and determining if subsequent requests correspond to the registration instance based on the registration instance identifier being included in subsequent requests. In another embodiment, after a SBC switchover, the new SBC forks a mid-dialog request received for a first call to all active registered devices having the same address of record and determines based on the responses which device has an active dialog corresponding to the first call.

Abstract: A method includes establishing a first session (e.g., a Wi-Fi call) via a first connection to a first network, where the connection to the first network is provided by a first receiver of the mobile device, and monitoring a characteristic of the first connection to the first network. The method includes determining whether the characteristic satisfies a threshold. When the characteristic does not satisfy the threshold, the method includes activating a second receiver of the mobile device, establishing a second connection to a second network, and initiating a handover procedure to transfer the first session from the first network to the second network. The second connection to the second network is provided by the second receiver of the mobile device. As a result of the handover procedure, the first session may be merged with or transferred to a second session (e.g., a cellular call) provided via the second network.

Abstract: Methods and apparatus for supporting secure packet communications, e.g., SRTP, which use implicit index numbers for synchronization and sequencing of received packets. The secure communications methods and apparatus having an adaptive index learning mode of operation and a non-adaptive index learning mode of operation. The adaptive index learning mode of operation being used to determine a correct estimated sequence number roll over counter number and the implicit index number for one of a plurality of secure packets received when an adaptive index learning process condition is satisfied.

Abstract: Systems and methods which provide resource sharing techniques implementing opportunistic shared resource utilization using dynamic traffic shaping are disclosed. Embodiments implement a multi-part transmission frame generation process in which data packets of various different traffic flows are selected for the transmission frame to fill the frame capacity. For example, scheduling logic may apply traffic shaping logic to select data packet queues from which data packets are to be included in a frame and to initially determine a number of packets to be included in the frame from each selected data packet queue according to the traffic shaping logic. Thereafter, the frame may be analyzed to determine if excess capacity remains. The scheduling logic may then apply traffic shaping logic to the data packet queues to implement an opportunistic scheme for including additional data packets in the frame and thereby fill the excess capacity.

Abstract: Methods and apparatus for detecting and minimizing the effects of Denial Of Service (DOS) attacks in high-speed networks in which packet processing is carried out by multiple processing cores. In one embodiment of the invention a communications method and apparatus detects and deletes denial of service attack packets in a multi-core distributed packet processing system using a lightweight DOS attack packet detection and deletion process.

Abstract: Methods and apparatus for detecting VOIP spoofing attacks in systems that provide communication services over IP networks, for gathering information that can be used for preventing or mitigating future malicious attacks, are described. The methods and apparatus send various signals and check for expected responses. Actual responses and/or lack of responses to signals, e.g., messages, are detected, logged and used for making decisions as well as generating a record for informational purposes and analysis which can facilitate identification of common features of malicious packets and/or messages. The methods are well suited for use in a session border controller.

Abstract: Systems disclosed herein may allocate buffer space using methods, which prevent other resource allocation methods from apportioning the other resources in a way that inhibits system needs from being met. As such, buffer space may be dynamically allocated without impeding other resource allocation by basing the buffer space allocation at least on the traffic priority class that each allocated buffer will handle. Alternatively, buffer space may be dynamically allocated without impeding other resource allocation by basing the buffer space allocation at least on the bandwidth needs of each respective buffer being allocated. Alternatively still, buffer space may be dynamically allocated without impeding other resource allocation by basing the buffer space allocation at least on a function of the traffic priority class that each allocated buffer will handle and the bandwidth needs of each respective buffer being allocated.

Abstract: Methods and apparatus for supporting authentication for session border controller generated autonomous requests are described. In some embodiments, the session border controller stores a response to a challenge being communicated through the session border controller from an entity with authentication credentials, e.g., a user equipment device, to an authenticating entity. The stored response is available to be used by the SBC at a future time in generating an autonomous request that may be able to pass an authentication check by the authenticating entity. In some embodiments, a session border controller, which has received a challenge to a SBC generated autonomous request from an authenticating entity, generates and sends a request triggering signal to an entity with authentication credentials and subsequently uses the received challenge from the entity with authenticating entity to challenge and acquire a response, e.g., a authorization header, that can will satisfy the authenticating entity.

Abstract: Methods and apparatuses, including computer program products, are described for determining expiration time of bindings for NAT devices. A first device receives a first request including a first source IP address/port pair of a first NAT binding, and transmits a response. The first device receives a second request including a second source IP address/port pair of a second NAT binding, and transmits a response. The first device sets a refresh time T1 of the first NAT binding to be shorter than an expected minimum expiration time of the first NAT binding, transmits one or more messages via the second NAT binding where a sending interval time T2 of the second NAT binding is longer than T1, increments T2 when a response is received, and if a response to any of the messages is not received, sets T1 equal to the last T2 value for which a response was received.

Abstract: A client device, e.g., a smartphone including a web browser, requests a call authorization token from a web server, e.g., a web page server. The web server, acting on behalf of a company, whose web page is hosted and whose phone corresponds to the called party, screens incoming requests and decides whether or not to issue an authorization token, e.g., a signed token including an encrypted portion. The web server issues a call authorization token and communicate the issued token to the client device. The client device includes the received issued call authorization token in a signal, e.g., a SIP INVITE signal, which it generates and sends to a session border controller (SBC). The session border controller processes the received authorization token and checks the authorization token to validate the received token. The SBC establishes a communications session if the received token passes the validation check.