Abstract: A hypoxic training system is provided that dynamically adjusts the oxygen ratio in the gas provided to the user during a hypoxic training session based on the blood oxygen saturation (SPO2) level of the user. During a first training period, the hypoxic training system provides gas according to a first oxygen ratio. When it is determined that the SPO2 level of the user has reached a target SPO2 level, the hypoxic training system may provide a recovery period, during which gas according to a second oxygen ratio is provided to the user. When it is determined that the SPO2 level of the user has fallen more than a predetermined threshold below the target SPO2 level during the recovery period, the hypoxic training system may provide gas according to an increased first oxygen ratio during a subsequent training period.

Abstract: An edge node of an Access/Network Service Provider (ANP) network tracks the delivery into the ANP network of content from Contzzent Providers (CP), and generates accounting sessions with an accounting server. The edge node is provisioned with the IP addresses of known CP servers. A content delivery session, characterized by a CP IP address and a content identifier, such as a Differentiated Service Code Point (DSCP) value, is started upon the source IP address of a packet matching a known CP, and a packet count is incremented for each subsequent packet from the CP with the same content identifier. An accounting session is initiated with an accounting server when the content delivery session is started, and the accounting session is terminated, with the packet count for the session, upon a time-out since the last packet received. Multiple content delivery sessions may be ongoing simultaneously.

Abstract: Methods, network address translation (NAT) devices, network nodes and system for allowing identification of a private device in a public network or treating traffic of a private device in a public network. The NAT may allocate a private IPv4 address to the private device, reserve a block of ports on the public IPv4 address for the private device and send an identification of the block of ports to a network node in the public network. The network node of the public network may receive an identification of a block of ports on the public IPv4 address indicating that the block of ports is reserved for the private device and activate a rule for treating traffic of the private device.

Abstract: Methods, network address translation (NAT) devices, network nodes and system for allowing identification of a private device in a public network or treating traffic of a private device in a public network. The NAT may allocate a private IPv4 address to the private device, reserve a block of ports on the public IPv4 address for the private device and send an identification of the block of ports to a network node in the public network. The network node of the public network may receive an identification of a block of ports on the public IPv4 address indicating that the block of ports is reserved for the private device and activate a rule for treating traffic of the private device.

Abstract: Methods, network address translation (NAT) devices, network nodes and system for allowing identification of a private device in a public network or treating traffic of a private device in a public network. The NAT may allocate a private IPv4 address to the private device, reserve a block of ports on the public IPv4 address for the private device and send an identification of the block of ports to a network node in the public network. The network node of the public network may receive an identification of a block of ports on the public IPv4 address indicating that the block of ports is reserved for the private device and activate a rule for treating traffic of the private device.

Abstract: A method, for use in a data center having tenants, of routing an IPv4 packet over an IPv6 network as an IPv6 packet includes: receiving the IPv4 packet from a first virtual machine associated with a first tenant and addressed to a second virtual machine associated with a second tenant; generating the header of the IPv6 packet to include an IPv6 address determined by applying a reversible transformation to one of: a combination of the IPv4 source address and an identifier of the first tenant, and a combination of the IPv4 destination address and an identifier of the second tenant; generating the payload of the IPv6 packet based on the payload of the received IPv4 packet; generating the IPv6 packet by assembling the generated payload with the generated header of the IPv6 packet; and transmitting the generated IPv6 packet over the IPv6 network to the second virtual machine.

Abstract: Systems and methods provide for authenticating a device. A method for authenticating a device can include receiving, at communications node, a first message, wherein the first message includes a first Extensible Authentication Protocol (EAP) packet which includes an EAP (Identify) ID response and a first destination address; generating, by the communications node, a second message, wherein the second message includes the first EAP ID response and a second destination address which is different from the first destination address; and transmitting, by the communications node, the second message toward the second destination address.

Abstract: A network element in a network is provided. The network element includes a receiver that receives a content request message. The received content request message indicates content to be transmitted to a device. The network element includes a processor in communication with the receiver. The processor generates a modified content request message by inserting identification data into the content request message. The identification data identifies at least one of a plurality of network nodes in the network. The network element includes a transmitter that transmits the modified content request message to a content distribution network server. The receiver further receives a redirect message that is based on the transmitted modified content request message. The redirect message identifies that a one of the plurality of network nodes is a cache location storing the indicated content.

Abstract: An edge node of an Access/Network Service Provider (ANP) network tracks the delivery into the ANP network of content from Contzzent Providers (CP), and generates accounting sessions with an accounting server. The edge node is provisioned with the IP addresses of known CP servers. A content delivery session, characterized by a CP IP address and a content identifier, such as a Differentiated Service Code Point (DSCP) value, is started upon the source IP address of a packet matching a known CP, and a packet count is incremented for each subsequent packet from the CP with the same content identifier. An accounting session is initiated with an accounting server when the content delivery session is started, and the accounting session is terminated, with the packet count for the session, upon a time-out since the last packet received. Multiple content delivery sessions may be ongoing simultaneously.

Abstract: Methods, network address translation (NAT) devices, network nodes and system for allowing identification of a private device in a public network or treating traffic of a private device in a public network. The NAT may allocate a private IPv4 address to the private device, reserve a block of ports on the public IPv4 address for the private device and send an identification of the block of ports to a network node in the public network. The network node of the public network may receive an identification of a block of ports on the public IPv4 address indicating that the block of ports is reserved for the private device and activate a rule for treating traffic of the private device.

Abstract: A method and nodes are provided for registering a terminal. The terminal is capable of connecting in two distinct networks. The registration process for the terminal maps an identity and traffic handling policies of the terminal in a first network with an address prefix of the terminal obtained from the second network. The address prefix is obtained from the second network following authorization of the terminal in the first network. As traffic is exchanged between the terminal and a correspondent node while the terminal is accessing the second network, the mapping is used to ensure that policies for the terminal in the first network are applied in the second network.

Abstract: Systems and methods provide for authenticating a device. A method for authenticating a device can include receiving, at communications node, a first message, wherein the first message includes a first Extensible Authentication Protocol (EAP) packet which includes an EAP (Identify) ID response and a first destination address; generating, by the communications node, a second message, wherein the second message includes the first EAP ID response and a second destination address which is different from the first destination address; and transmitting, by the communications node, the second message toward the second destination address.

Abstract: A method and nodes are provided for registering a terminal. The terminal is capable of connecting in two distinct networks. The registration process for the terminal maps an identity and traffic handling policies of the terminal in a first network with an address prefix of the terminal obtained from the second network. The address prefix is obtained from the second network following authorization of the terminal in the first network. As traffic is exchanged between the terminal and a correspondent node while the terminal is accessing the second network, the mapping is used to ensure that policies for the terminal in the first network are applied in the second network.

Abstract: Methods and network node in a network for receiving a network access request related to a subscriber via at least one external network interface and treating the network access request by using at least a first function and second function. A failure indication related to the subscriber is obtained from at least one of the first function or the second function. The network access request is thereafter denied by sending an access result via the external network interface. The access result comprises a cause of failure indicating the at least one of the first function or the second function as a source for the failure. The first and second functions may be, for instance, an AAA function and a DHCP function.

Abstract: Communication nodes, systems and methods are described which provide access screening for services based upon service type description information and policy criteria information associated with an access network. If a requested service is, e.g., banned due to regulatory policies in a geographic region associated with a particular access network, then the requested service shall be denied even if the user has a valid subscription to such requested service via another access network.

Abstract: A method, security system control module and policy server for providing security for Mobile Stations (MSs) in a Packet-Switched Telecommunications System. When an MS accesses the system, its identity is sent to a security system control module that retrieves a security profile associated with the MS. A policy server of the security system control module stores individual security profiles, default security profiles and group security profiles for registered subscribers. Security settings associated with the MS security profile are returned from the policy server to a mobile security manager of the control module, which then determines if they should be propagated in the system. When no previous network access was made in a given time period by an MS having similar security settings, i.e. belongs to the same group security profile, the settings are propagated in the system in order to be enforced, for providing security protection for the MS.

Abstract: A method, security system control module and policy server for providing security for Mobile Stations (MSs) in a Packet-Switched Telecommunications System. When an MS accesses the system, its identity is sent to a security system control module that retrieves a security profile associated with the MS. A policy server of the security system control module stores individual security profiles, default security profiles and group security profiles for registered subscribers. Security settings associated with the MS security profile are returned from the policy server to a mobile security manager of the control module, which then determines if they should be propagated in the system. When no previous network access was made in a given time period by an MS having similar security settings, i.e. belongs to the same group security profile, the settings are propagated in the system in order to be enforced, for providing security protection for the MS.

Abstract: A method and system for seamlessly handing off a Mobile Node (MN) equipped with a Wireless Local Area Network (WLAN) adaptor from a cellular network such as a GRPS/UMTS network to a WLAN network without interrupting the ongoing IP connection/session. When entering a WLAN coverage area, the roaming MN sends mobility information to a WLAN Integration Gateway (WIG) node allowing the WIG node to identify the source Service GPRS Support Node (SGSN). The WIG node contacts the source SGSN to obtain PDP Context information relative to the roaming MN, and establishes a new GTP tunnel with the servicing GGSN in order to complete the handoff. The WIG node may route data traffic for the MN by assigning a new IP address to the MN and by either performing IP-in-IP encapsulation or Network Address Translation (NAT).

Abstract: Methods, systems and arrangements enable an adaptive node selector (e.g., an adaptive domain name server (DNS)) to monitor network nodes and/or links/interfaces therebetween/thereof to facilitate connections to and through network nodes and over network links that are available/up. The adaptive node selector may include a nomenclature-nodal address mapper/filtering data structure in which one or more entries indicate whether network node(s) and/or network link(s) used to route through and/or to the node of the nodal address is/are functioning properly. The adaptive node selector may monitor the network by, for example, polling various elements of the network. In certain embodiment(s), the adaptive node selector may include a location/origin based filter, an event logger for logging various monitored functioning and non-functioning occurrences, and a filter for returning IP address(es) responsive to queries for available/up interfaces/links.

Abstract: A method, system, transmitter and receiver for checking an integrity and authenticity of GPRS Tunnelling protocol (GTP) communications of a GPRS system, wherein for each GTP data packed to be sent, the GTP transmitter generates a sequence number indicative of the GTP data packet number, creates the GTP data packet, and computes a digest value associated to the GTP data packet using a shared secret key and information related to the GTP data packet, such as the entire GTP data packet, the IP packet that encapsulates the GTP data packet or NULL data. The GTP transmitter then sends the GTP data packet to a GTP receiver, which uses the shared secret key and the digest value of the GTP data packet to check the authenticity and integrity of the received data packet.