Abstract: Apparatus to enforce network policy based on identity authentication at a network endpoint device by offloading the authentication to a network attached authentication devices is disclosed. The authentication device may use Statistical Object Identification to perform the authentication. The present disclosure greatly reduces the resources needed by the network endpoint device to perform the authentication and eliminates the topological restrictions found in traditional network appliance based approaches.

Abstract: The present invention provides methods and apparatus to generate a statistical object, the deterministic statistical representation of an original object, using a Deterministic Random Bit Generator (DRBG) (10). Multiple DRBG Statistical Object Generators (10) may be chained together to increase security by using independent security configurations (22) for each DRBG Statistical Object Generator (10).

Abstract: Apparatus to enforce network policy based on identity authentication at a network endpoint device by offloading the authentication to a network attached authentication devices is disclosed. The authentication device may use Statistical Object Identification to perform the authentication. The present disclosure greatly reduces the resources needed by the network endpoint device to perform the authentication and eliminates the topological restrictions found in traditional network appliance based approaches.

Abstract: Apparatus to enforce network policy based on identity authentication at a network endpoint device by offloading the authentication to a network attached authentication devices is disclosed. The authentication device may use Statistical Object Identification to perform the authentication. The present invention greatly reduces the resources needed by the network endpoint device to perform the authentication and eliminates the topological restrictions found in traditional network appliance based approaches.

Abstract: Methods and apparatus for a Secure Time Communication System (10) are disclosed. One embodiment of the invention provides secure and non-interactive communication of clock information over an unsecured communications channel. This communication provides perfect forward secrecy, while detecting and blocking message spoofing, message replay, denial of service and cryptographic performance attacks. This mechanism also bounds the effect of message delay manipulation. The mechanism consists of two components, a filtered time encryptor (16) and a filtered time decryptor (28). The filtered time encryptor (16) produces a message in two parts; a time token followed by an encrypted message body. The time token is used as a filter to detect most attacks and to determine the message key.

Abstract: Apparatus to enforce network policy based on identity authentication at a network endpoint device by offloading the authentication to a network attached authentication devices is disclosed. The authentication device may use Statistical Object Identification to perform the authentication. The present invention greatly reduces the resources needed by the network endpoint device to perform the authentication and eliminates the topological restrictions found in traditional network appliance based approaches.

Abstract: Methods and apparatus for a Secure Time Communication System (10) are disclosed. One embodiment of the invention provides secure and non-interactive communication of clock information over an unsecured communications channel. This communication provides perfect forward secrecy, while detecting and blocking message spoofing, message replay, denial of service and cryptographic performance attacks. This mechanism also bounds the effect of message delay manipulation. The mechanism consists of two components, a filtered time encryptor (16) and a filtered time decryptor (28). The filtered time encryptor (16) produces a message in two parts; a time token followed by an encrypted message body. The time token is used as a filter to detect most attacks and to determine the message key.

Abstract: Methods and apparatus for a Secure Time Communication System (10) are disclosed. One embodiment of the invention provides secure and non-interactive communication of clock information over an unsecured communications channel. This communication provides perfect forward secrecy, while detecting and blocking message spoofing, message replay, denial of service and cryptographic performance attacks. This mechanism also bounds the effect of message delay manipulation. The mechanism consists of two components, a filtered time encryptor (16) and a filtered time decryptor (28). The filtered time encryptor (16) produces a message in two parts; a time token followed by an encrypted message body. The time token is used as a filter to detect most attacks and to determine the message key.

Abstract: A mechanism to activate an original object (12S) so that statistical objects (14S) generated from the original object can be recognized using statistical object identification is disclosed. An object activation agent (48) with a clock (47) and at least one original object (12S) communicates the original object (12S) and time from the clock (47) to an object activation service (50). The object activation service (50) provides and communicates keying information (61) and expiration criterion (63) for at least one of said original objects (12S) back to the object activation agent (48).

Abstract: The present invention provides a mechanism to activate an original object (12S) so that statistical objects (14S) generated from the original object can be recognized using statistical object identification. An object activation agent (48) with a clock (47) and at least one original object (12S) communicates the original object (12S) and time from the clock (47) to an object activation service (50). The object activation service (50) provides and communicates keying information (61) and expiration criterion (63) for at least one of said original objects (12S) back to the object activation agent (48).

Abstract: An access point of a communications network receives a multicast or broadcast packet from a source. The access point converts the multicast or broadcast packet into a unicast packet addressed to a station associated with the access point. The access point then transmits the unicast packet over the communications network from the access point to the station. The access point further may determine a minimum data rate by which the access point may transmit the multicast or broadcast packet to the station and determines an effective unicast rate for transmitting the unicast packet to the station. If the effective unicast rate does not exceed the minimum data rate, the access point does not transmit the unicast packet to the station and transmits the multicast or broadcast packet.

Abstract: A method for unicast packet conversion whereby a unicast packet is received at a receiving node followed by a determination as to whether the destination address is identified in the packet. If the address is identified, then the unicast packets are converted to a multicast packet and forwarded to a connected station. If a destination network address is not identified, then the packet is forwarded to the connected station.

Abstract: The present invention provides a mechanism to activate an original object (12S) so that statistical objects (14S) generated from the original object can be recognized using statistical object identification. An object activation agent (48) with a clock (47) and at least one original object (12S) communicates the original object (12S) and time from the clock (47) to an object activation service (50). The object activation service (50) provides and communicates keying information (61) and expiration criterion (63) for at least one of said original objects (12S) back to the object activation agent (48).

Abstract: A method for unicast packet conversion whereby a unicast packet is received at a receiving node followed by a determination as to whether the destination address is identified in the packet. If the address is identified, then the unicast packets are converted to a multicast packet and forwarded to a connected station. If a destination network address is not identified, then the packet is forwarded to the connected station.

Abstract: An access point of a communications network receives a multicast or broadcast packet from a source. The access point converts the multicast or broadcast packet into a unicast packet addressed to a station associated with the access point. The access point then transmits the unicast packet over the communications network from the access point to the station. The access point further may determine a minimum data rate by which the access point may transmit the multicast or broadcast packet to the station and determines an effective unicast rate for transmitting the unicast packet to the station. If the effective unicast rate does not exceed the minimum data rate, the access point does not transmit the unicast packet to the station and transmits the multicast or broadcast packet.

Abstract: An access point of a communications network receives a multicast or broadcast packet from a source. The access point converts the multicast or broadcast packet into a unicast packet addressed to a station associated with the access point. The access point then transmits the unicast packet over the communications network from the access point to the station. The access point further may determine a minimum data rate by which the access point may transmit the multicast or broadcast packet to the station and determines an effective unicast rate for transmitting the unicast packet to the station. If the effective unicast rate does not exceed the minimum data rate, the access point does not transmit the unicast packet to the station and transmits the multicast or broadcast packet.

Abstract: A method for unicast packet conversion whereby a unicast packet is received at a receiving node followed by a determination as to whether the destination address is identified in the packet. If the address is identified, then the unicast packets are converted to a multicast packet and forwarded to a connected station. If a destination network address is not identified, then the packet is forwarded to the connected station.

Abstract: An access point of a communications network is configured to receive a multicast or broadcast packet from a source. The access point converts the multicast or broadcast packet into a unicast packet addressed to a station associated with the access point. The access point then transmits the unicast packet over the communications network from the access point to the station. The access point further may determine a minimum data rate by which the access point may transmit the multicast or broadcast packet to the station and determines an effective unicast rate for transmitting the unicast packet to the station. If the effective unicast rate does not exceed the minimum data rate, the access point does not transmit the unicast packet to the station and transmits the multicast or broadcast packet.

Abstract: An access point of a communications network receives a multicast or broadcast packet from a source. The access point converts the multicast or broadcast packet into a unicast packet addressed to a station associated with the access point. The access point then transmits the unicast packet over the communications network from the access point to the station. The access point further may determine a minimum data rate by which the access point may transmit the multicast or broadcast packet to the station and determines an effective unicast rate for transmitting the unicast packet to the station. If the effective unicast rate does not exceed the minimum data rate, the access point does not transmit the unicast packet to the station and transmits the multicast or broadcast packet.

Abstract: A method for unicast packet conversion whereby a unicast packet is received at a receiving node followed by a determination as to whether the destination address is identified in the packet. If the address is identified, then the unicast packets are converted to a multicast packet and forwarded to a connected station. If a destination network address is not identified, then the packet is forwarded to the connected station.