Abstract: A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of proxied sessions to provide the group of users at the PoP and a dynamic proxy session count corresponding to active proxied sessions currently provided to the group of users at the PoP. The central database contains a maximum number of proxied sessions to provide the group of users over the entire data communications network and a dynamic network-wide proxy session count corresponding to active proxied sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number.

Abstract: A method and apparatus for providing computer network access points the capability for multiple-level accounting. A gateway device located at the access point is capable of generating Internet protocol accounting start and stop requests based on various events that need to be accounted for when a user accesses a network. These events include the user account logon, the service establishments and the Point to Point protocol (PPP) connections between the gateway device and public and private domains within the network. The counter is capable of tracking the duration of sessions and connections and the byte-count associated with the specified session or connection. The gateway device communicates with an accounting server which stores the accounting requests and matches start requests with subsequent stop requests.

Abstract: A data transfer interface for importing data from a source system to a target system, including a source data adapter having an attribute definition transcriber for generating transcribed data, and a target data adapter having a data format converter for converting the transcribed data from a first format to a second format. The data transfer interface may include a data validator to ensure that the user data selected for importation is valid before the data is transcribed. The source data adapter and the target data adapter may be configured for use with a communications architecture that allows the source data adapter and the target data adapter to receive and transmit user data as events on a data communications network.

Abstract: A method and apparatus for providing management and maintenance to a node within a data communications network and to the composite data communications network. A network management application is started on a host which may be located at a network operation center. The management application is in communication with network nodes and services through adapters. A master daemon located at a node is activated. The master daemon starts a control adapter running on the node and if the control adapter fails the master daemon restarts the control adapter. The control adapter is capable of starting and stopping all services running on the node. Signals are communicated between the management application, the node and the services by way of adapters. Signaling provides for the exchange of useful event data related to the nodes and services running on the nodes.

Abstract: A data communications network with at least one PoP maintains a local cache database associated with each AAA service at the PoP on the data communications network. Each local database contains a group identification such as a domain identification corresponding to a group of users or an FQDN specifying a group of one individual, a maximum number of B-Channels to provide the group of users at the PoP and a dynamic B-Channel session count corresponding to active B-Channel connections currently provided to the group of users at the PoP. Actions are taken when the group attempts to exceed the maximum number of B-Channels by more than a predetermined number. The actions may include assessing extra charges, denying access, and sending warning messages to appropriate recipients. The local database may be synchronized by publishing B-Channel connection and disconnection events to all subscribing local databases.

Abstract: A method for providing remote management and maintenance of a node or service within a data communications network that is activated by the data communications network management system's receipt of signals of an abnormal condition at a node or service or failure to receive operational status signals from a node or service. A control adapter running on a node within a Point of Presence is started. The control adapter is capable of starting all service adapters associated with all services running on the node. Operational status signals and abnormal condition signals are transmitted from the control adapter and service adapters on to an information bus. If a network management control host receives abnormal condition signals, notification is sent to a remote system administrator that alerts of an error experienced by a node or service.

Abstract: A device for processing network access requests responsive to more than one network access protocol comprises a protocol layer responsive to a client access request based on a first protocol, a gateway layer in communication with the protocol layer including at least one protocol handler for processing access requests and a state manager having more than one set of process states required for each network access method, and an inbound filter state object in communication with the gateway layer that is responsive to at least one protocol handler and is invoked to filter attribute data in the access request packets.

Abstract: An address is allocated to a host device which is selected to obtain network access from any access point within a given communications system, while maintaining a settings configuration scheme that is consistently applied to the communications network for the user regardless of the access point used by the user.

Abstract: A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of proxied sessions to provide the group of users at the PoP and a dynamic proxy session count corresponding to active proxied sessions currently provided to the group of users at the PoP. The central database contains a maximum number of proxied sessions to provide the group of users over the entire data communications network and a dynamic network-wide proxy session count corresponding to active proxied sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number.

Abstract: A gateway is provided which resolves a DNS request in a manner that minimizes the time and bandwidth required to conduct a DNS search as well as increases the chances that a DNS request will be answered for systems in which the gateway is connected to more than one network simultaneously.

Abstract: A method for providing remote management and maintenance of a node or service within a data communications network that is activated by the data communications network management system's receipt of signals of an abnormal condition at a node or service or failure to receive operational status signals from a node or service. A control adapter running on a node within a Point of Presence is started. The control adapter is capable of starting all service adapters associated with all services running on the node. Operational status signals and abnormal condition signals are transmitted from the control adapter and service adapters on to an information bus. If a network management control host receives abnormal condition signals, notification is sent to a remote system administrator that alerts of an error experienced by a node or service.

Abstract: In a first aspect of the present invention, a Wholesaler dynamically identifies one of a plurality of AAA services at a remote domain to route an access request to. The AAA service is selected based upon a set of rules applied to information which has been received dynamically from the plurality of AAA services and is indicative of load and status of the plurality of AAA services. In a second aspect of the present invention, a Wholesaler, based upon a Service Level Agreement (SLA) between the Wholesaler and a user, routes the user to one of a plurality of sub-service providers.

Abstract: Service requests, which are used to properly process a network access request received from a client, are processed by routing the service requests between at least two service component instances according to a load balancing algorithm. Load balancing includes: calculating a first ticket amount and a second ticket amount; assigning the first ticket amount to a first instance and the second ticket amount to a second instance; using a selection scheme to select an instance having a ticket amount greater than a threshold amount to process a service request; decrementing the ticket amount corresponding to the instance selected; and scheduling the instance selected to receive a service request. The present invention may further include distinguishing between operable and inoperable instances, providing ticket amounts that are not based on performance ratings to inoperable instances, and providing ticket amounts that are based on performance ratings to operable instances.

Abstract: A data communications network with a plurality of PoPs maintains a local database associated with each PoP and a central database somewhere on the data communications network. The local database contains a group identification such as a domain identification corresponding to a group of users, a maximum number of VPN sessions to provide the group of users at the PoP and a dynamic VPN session count corresponding to active VPN sessions currently provided to the group of users at the PoP. The central database contains a maximum number of VPN sessions to provide the group of users over the entire data communications network and a dynamic network-wide VPN session count corresponding to active VPN sessions currently provided to the group of users on the entire data communications network. Actions are taken when the group attempts to exceed either the local maximum number of sessions or the network-wide maximum number of sessions by more than a predetermined number.

Abstract: An address is allocated to a host device which is selected to obtain network access from any access point within a given communications system, while maintaining a network bandwidth management scheme that is consistently applied to a user's network bandwidth usage regardless of the access point used by the user. This is accomplished using a communications network having a at least one access point coupled to a first router which is configured to forward packets at a forwarding rate based on a source address contained in each of the packets. A user profile is assigned to each subscriber belonging to an access point. Each user profile includes a pool identifier which corresponds to a forwarding rate used by the router for packets corresponding to the subscriber.

Abstract: A method and apparatus for managing dynamic IP address allocation in a data communications network having a point of presence, a network access device associated with said point of presence, and user connections to users formed through the network access device. The system includes a protocol gateway in communication with the network access device, an authentication, authorization and accounting (AAA) server in communication with the protocol gateway, a dynamic IP allocation server in communication with the protocol gateway, a local memory in communication with the protocol gateway; and a local memory publisher, which periodically publishes the contents of the local memory over an information bus so that the contents may be received by subscribing entities.

Abstract: Network access requests, which may based on different access methods, are processed by using a protocol gateway that insulates the processing of the access requests from the specialized protocols required to obtain the necessary services required for the different access methods supported. In a first aspect of the present invention, this includes using a protocol handler that is responsive to the network protocol used by the access request. The protocol handler performs a set of steps necessary for responding to the access request. If the steps include procuring a state service, a state object is used to obtain the state service, insulating the protocol handler from having to communicate with a provider of the state service, such as a service component. Upon completion of the steps defined within the set of steps, the protocol handler denies or grants network access.

Abstract: A gateway is provided which resolves a DNS request in a manner that minimizes the time and bandwidth required to conduct a DNS search as well as increases the chances that a DNS request will be answered for systems in which the gateway is connected to more than one network simultaneously.

Abstract: The present invention is a method and apparatus for providing the owners of domain sites on a computer network or the owners of private remotely accessible intra networks the capability to force authorized users to disconnect from any open connections to other public or private domains or networks before a connection with the owners domain or network can be established. This forced sequential access of a specified domain or network is accomplished by inserting a sequential-only attribute into the service profile for a specified user. Upon the user initiating a log-on sequence through an access point, the user's service profile is pulled from a memory bank and an assessment is made as to whether or not the sequential-only attribute exists for the desired specified domain or network to be accessed.

Abstract: A single database maintained centrally hosts both proxy service data and authentication, authorization and accounting (AAA) data. Data is then copied to storage used locally by each system when both systems are instantiated. Therefore the ISP/Telco need not maintain two different data bases. A protocol gateway (PGW) is used to determine if the incoming user is a wholesale or retail user. The PGW filters the domain portion of the access request to locate a remote AAA service. If one such service is found, the PGW routes the communication via the proxy service to proxy it to the remote AAA service. The returned packet from the remote AAA service is then searched for an IP address to be assigned to the incoming user. If one is not found the PGW obtains a dynamically allocated IP address from a DHCP server (using an IP-Pool-ID if supplied in the returned packet from the remote AAA service). The same mechanism is used to forward accounting event packets from the NAS to the remote AAA server.