Abstract: The present invention provides a method of data path switching. Embodiments of the method include transmitting a packet from a node in a communication system during hand off of a mobile node from a source access network to a target access network. The packet includes an end marker that indicates that the packet is the last packet to be transmitted during the hand off over a source link between the mobile node and an anchor node via the source access network during the hand off. Embodiments of the method also include switching, at the node, a transmission data path from the source link to a target link between the mobile node and the anchor node via the target access network following transmission of the packet including the end marker.

Abstract: A method is provided for establishing a backup interface among multiple interfaces serving a mobile node, for a handover that is undetectable in advance. The invention methodology operates to cause a Foreign Agent associated with the multiple interfaces to keep a binding record of each of the multiple interfaces for which the mobile node has successfully completed the registration process. A novel Mobile IP extension is also added to facilitate the backup FA binding of the invention methodology.

Abstract: The present invention provides a method of data path switching. Embodiments of the method include transmitting a packet from a node in a communication system during hand off of a mobile node from a source access network to a target access network. The packet includes an end marker that indicates that the packet is the last packet to be transmitted during the hand off over a source link between the mobile node and an anchor node via the source access network during the hand off. Embodiments of the method also include switching, at the node, a transmission data path from the source link to a target link between the mobile node and the anchor node via the target access network following transmission of the packet including the end marker.

Abstract: A method is provided for establishing a backup interface among multiple interfaces serving a mobile node, for a handover that is undetectable in advance. The invention methodology operates to cause a Foreign Agent associated with the multiple interfaces to keep a binding record of each of the multiple interfaces for which the mobile node has successfully completed the registration process. A novel Mobile IP extension is also added to facilitate the backup FA binding of the invention methodology.

Abstract: The secure management of encryption keys is obtained by preventing external access thereto and ensuring that the keys do not leave an encryption unit in their original form. This result is obtained via a facility which (a) generates a unique device encryption key and at least one program encryption key, (b) encrypts the program encryption key using the device encryption key, and (c) stores the result in local memory. Thereafter, responsive to receipt of an indication to encrypt data, the program encryption key is retrieved from memory and is decrypted using the unique device encryption key. The data is then encrypted using the decrypted program encryption key and the encrypted data is stored in a server for distribution to a user who enters a request for the data. When there is a need to transport the latter key to another element, then the program key is encrypted using a symmetrical encryption key that the facility shares with the other element and the result is supplied to that element.

Abstract: In a communication system in which a node may communicate over insecure channels with any of a plurality of terminals and may pass messages from any of the terminals to any other of the terminals, communication is secured by computing a first cryptovariable from information associated with certificates exchanged between the node and a terminal, computing a second cryptovariable from a prior-art public key exchange, and computing a session cryptovariable as a function of the first and second cryptovariables. This can be done asymmetrically, enabling a terminal to verify the security of an unattended node.

Abstract: A security node disposed in the telecommunications network connecting calling and called parties transforms information (which can be voice, data, facsimile, video and other types of calls or messages) encrypted in a first format to (a) encrypted information in a different format or to (b) non-encrypted information, and vice-versa. The node is accessible from any location connected to the network. By routing calls or messages originated by the calling party and destined for the called party via the security node, and providing appropriate control signals to the node, the information may be encrypted only over a portion of the transmission path between the parties, and clear over the remainder of the transmission path. Alternatively, the information may be encrypted in different portions of the path using different encryption algorithms.