Abstract: A system and method for defeating SYN attacks are provided. When the number of packets received by a server is above the capacity of the server, the server assumes that a SYN attack is in progress. The server randomly drops SYN packets without processing them. The percentage of SYN packets dropped is increased while the load on the server exceeds capacity, and decreased while the load on the server does not exceed capacity. Under attack conditions, a percentage of TCP connections are still maintained.

Abstract: Capability checking to examine a computing device's capabilities to determine if the device supports a software defined radio to communicate according to a specific wireless protocol. Applicants have appreciated that as the reliance on software defined radio increases, numerous potential options may be available to a user for performing wireless communication. Applicants have appreciated the desirability of providing the ability to discover the capabilities of a user's computer to determine whether it is capable of supporting one or more wireless protocols.

Abstract: A computing device operating according to a frequency division multiplexed protocol in which communication occurs over a signal formed from a plurality of sub-channels selected from anywhere in a frequency spectrum. A computing device may select sub-channels cognitively by using information about sub-channels previously deemed suitable or unsuitable by that computing device or other computing devices. A described technique for determining sub-channel suitability includes analyzing radio frequency energy in the sub-channel to detect signals generated by another computing device or high noise levels. Information may also be used to cognitively select sub-channels to be analyzed, such as by first selecting for analysis previously-used sub-channels.

Abstract: A method and system for authenticating a message is described, in which the message contains a network address, at least a portion of which is a digital fingerprint. Embedded in the message is data, such as a code, that indicates the size of the digital fingerprint. A device receiving the message uses the size data and, for example, the public key of the sender to attempt to reproduce the digital fingerprint. If successful, the device receiving the message verifies the identity of the sender.

Abstract: A method for detecting and repairing cloud splits in a distributed system such as a peer-to-peer (P2P) system is presented. Nodes in a cloud maintain a multilevel cache of entries for a subset of nodes in the cloud. The multilevel cache is built on a circular number space, where each node in the cloud is assigned a unique identifier (ID). Nodes are recorded in levels of the cache according to the distance from the host node. The size of the cloud is estimated using the cache, and cloud-split tests are performed with a frequency inversely proportional to the size of the cloud. Cloud splits are initially detected by polling a seed server in the cloud for a node N having an ID equal to the host ID+1. The request is redirected to another node in the cloud, and a best match for N is resolved. If the best-match is closer to the host than any node in the host's cache, a cloud split is presumed.

Abstract: A firewall acts as a transparent gateway to a server within a private network by initiating an unsolicited challenge to a client to provide authentication credentials. After receiving the client's credentials, the firewall verifies the authentication credentials and establishes a secure channel for accessing the server. Data destined for the server from the client may be forwarded through the firewall using the secure channel. The firewall may sign, or otherwise indicate that data forwarded to the server is from a client that the firewall has authenticated. The firewall also may provide some level of authentication to the client. While connected to the server, the client may access other servers external to the private network without having the data associated with the other servers pass through the private network. The firewall reduces configuration information that a client otherwise must maintain to access various private network servers.

Abstract: A method for use in a peer-to-peer communication system to ensure valid connections are made in a secure manner includes the steps of receiving an address record for a peer node which includes an ID certificate. The ID certificate is validated and checked to verify that the ID certificate has not expired. Further, the method determines if the node from whom the address record was received is to be trusted, and the number of instances of the IP address included in the certificate is already stored in cache. When the foregoing are completed successfully, i.e. the certificate is valid, not expired, has been supplied by a trusted neighbor, and does not point to an IP address that already exists for different ID's multiple times, the method opportunistically verifies ownership of the ID certificate at the peer node's IP address. That is, the verification of ownership only occurs when the advertiser of the ID is the owner of that ID (or when the ID is to be used).

Abstract: A system for signaling an application when a requested data rate and Quality of Service cannot be achieved using OFDM wireless data transmission, and the application proceeds by either renegotiating QoS and data rate, or waiting until they requested rate and QoS are met.

Abstract: Guest user are enabled to access network resources through an enterprise network using a guest user account. A guest user account may be created for a guest for a limited time. Guest account credentials of the guest account may be provided to the guest to use the guest account using any of a variety of techniques described herein, for example, by scanning a guest access card, credit card or mobile telephone of guest user, and providing the guest account credentials to the user based on the information obtained. A guest access management server may be configured to generate and maintain guest accounts, authenticate guest users, and track and log guest activity. A VLAN technology may be used to separate guest traffic from host enterprise traffic on the host enterprise network. After a guest user is authenticated, communications to and from the guest user may be routed to a guest VLAN.

Abstract: Guest user are enabled to access network resources through an enterprise network using a guest user account. A guest user account may be created for a guest for a limited time. Guest account credentials of the guest account may be provided to the guest to use the guest account using any of a variety of techniques described herein, for example, by scanning a guest access card, credit card or mobile telephone of guest user, and providing the guest account credentials to the user based on the information obtained. A guest access management server may be configured to generate and maintain guest accounts, authenticate guest users, and track and log guest activity. A VLAN technology may be used to separate guest traffic from host enterprise traffic on the host enterprise network. After a guest user is authenticated, communications to and from the guest user may be routed to a guest VLAN.

Abstract: Guest user are enabled to access network resources through an enterprise network using a guest user account. A guest user account may be created for a guest for a limited time. Guest account credentials of the guest account may be provided to the guest to use the guest account using any of a variety of techniques described herein, for example, by scanning a guest access card, credit card or mobile telephone of guest user, and providing the guest account credentials to the user based on the information obtained. A guest access management server may be configured to generate and maintain guest accounts, authenticate guest users, and track and log guest activity. A VLAN technology may be used to separate guest traffic from host enterprise traffic on the host enterprise network. After a guest user is authenticated, communications to and from the guest user may be routed to a guest VLAN.

Abstract: A multiuser scheme allowing for a number of users, sets of user, or carriers to share one or more channels is provided. In the invention, the available channel bandwidth is subdivided into a number of equal-bandwidth subchannels according to standard OFDM practice. The transmitter is informed by an application that it needs to transmit data a particular rate. The transmitter determines the minimum number of subchannels and maximum energy (or noise) threshold for each subchannel necessary to achieve that data rate and selects a set of subchannels matching those requirements. The subchannels need not be contiguous in the spectrum or belong to the same channel. Once the transmitter has selected the required number of subchannels, it begins transmitting simultaneously on those subchannels across the entire bandwidth used by those subchannels.

Abstract: A system for selecting a modulation scheme and an error correction coding scheme for each subchannel in an OFDM system based on the energy detected on that subchannel.

Abstract: A computer system is configured to verify a connection to a web site. The computer system includes a user interface programmed to receive a uniform resource locator and a call sign associated with the web site. The computer system also includes a validator module programmed to calculate a hash value based on the uniform resource locator, a public key associated with the web site, and a salt, and the validator being programmed to compare the hash value to the call sign to verify the connection to the web site.

Abstract: Mechanisms that allow IPv4 and IPv6 clients to communicate with reduced server workload. The IPv4 client initiates communication by routing an IPv4 message to a server. The server sends a similar IPv6 message to the IPv6 client. A relay intercepts the IPv6 response, generates an IPv4 response, and forwards that IPv4 response to the IPv4 client if the NAT is a cone NAT. Otherwise, the relay sends the IPv4 response to the server. The server includes the IPv4 address of the relay in the response and sends the response to the IPv4 client. The IPv4 client then communicates with the IPv6 client using the relay. The IPv6 client may also initiate communication with the IPv4 client by sending an IPv6 message to the relay where it is queued.

Abstract: Appropriate determinations in a series of tests, which transition from more passive tests to more active tests, control the admission of data streams onto a network data path. More passive tests can include promiscuous mode and packet-pair tests. When the results of more passive tests indicate a reduce likelihood of a data stream causing a network data path to transition into a congested state, the network data path can be actively probed to make a more precise determination on the likelihood of congestion. A train of diagnostic data packets is transmitted at a diagnostic data transfer rate having a significantly reduced chance of causing congestion. A train of target data packets is transmitted at a requested application transfer data rate. The number of target data packets received within a specified delay threshold is compared to the number of diagnostic data packets receive with the delay threshold.

Abstract: Discovery of services between devices is provided prior to establishing a connection between devices, including wireless-enabled devices or devices that are communicatively coupled to wireless access points or other wireless communication devices. Discovering services prior to establishing a connection may facilitate finding a desired service. The services that may be discovered may be, for example, print services, camera services, PDA services or any other suitable services. Services may be discovered using 802.11, Bluetooth, UWB or any other suitable wireless technology. An information element is used to wirelessly convey information related to a service and/or information related to service discovery.

Abstract: A method to negotiate computer settings in advance is presented. A prediction is made to determine if the computer setting will be needed, and if needed, whether a value outside of a normal range of values will be needed. A value for the computer setting that is outside of the normal range of values is determined and the value is set to the outside value. A value within the normal range of values is used if it was predicted that there is no need for a value outside of the normal range of values.

Abstract: Applicants have discovered that error detection techniques, such as Forward Error Correction techniques, may be used to predict the degradation below a certain threshold of an ability to accurately convey information on a communication channel, for example, to predict a failure of the communication channel. In response, transmission and/or reception of information on the channel may be adapted, for example, to prevent the degradation below the threshold, e.g., prevent channel failure. Predicting the degradation may be based, at least in part, on data transmission error information corresponding to one or more blocks of information received on the channel and may include determining an error rate pattern over time. Based on these determinations, the degradation below the threshold may be predicted and the transmission and/or reception adapted. Adapting may include initiating use of a different error encoding scheme and/or using an additional communication channel to convey information.

Abstract: Systems and methods are disclosed for adapting a communication system to varying conditions. Using some form of discovery protocol, the communication standards supported by at least two communicants are determined. Each communicant may then periodically monitor the quality of the channel established by the communication standard and dynamically select a set of one or more communication standards to use for communicating. Further, when communicants share common non-standard parameterized implementations of communication standards, changes to the protocols which the communication standards comprise can be used to add options for a more dynamic response to changing conditions than is possible when adhering only to an established communication standard.