Abstract: For example, an Access Point (AP) may be configured to transmit measurement requests to a plurality of wireless communication stations (STAs) in a Basic Service Set (BSS) of the AP; to process measurement reports from the plurality of STAs in the BSS, wherein a measurement report from a STA includes reported measurements of the STA with respect to one or more wireless communication channels; to determine a selected wireless communication channel for the BSS based on the measurement reports from the plurality of STAs in the BSS; and to trigger a channel switch to switch an operational channel of the BSS to the selected wireless communication channel.

Abstract: A method for secure communication between a local area network and a wide area network includes integrating a NAT functionality in a firewall associated with the local area network, wherein the NAT functionality is suitable to translate the source port of outgoing data packets with a NAT port value obtained by adding to a NAT offset value the value of the session ED used in a session database. When reply data packets coming from the wide area network are received by the firewall, the session ID is extracted from the NAT port value and is used for directly pointing to the session database, thus reducing the time required to recognize the session.

Abstract: A method for secure communication between a local area network and a wide area network includes integrating a NAT functionality in a firewall associated with the local area network, wherein the NAT functionality is suitable to translate the source port of outgoing data packets with a NAT port value obtained by adding to a NAT offset value the value of the session ED used in a session database. When reply data packets coming from the wide area network are received by the firewall, the session ID is extracted from the NAT port value and is used for directly pointing to the session database, thus reducing the time required to recognize the session.

Abstract: A novel and useful virtual private network (VPN) mechanism and related security association processor for maintaining the necessary security related parameters to perform security functions such as encryption, decryption and authentication. A security association database (SAD) and related circuitry is adapted to provide the necessary parameters to implement the IPSec group of security specifications for encryption/decryption and authentication. Each security association (SA) entry in the database comprises all the parameters that are necessary to receive and transmit VPN packets according to the IPSec specification.

Abstract: A novel and useful dynamic packet filter that can be incorporated in a hardware based firewall suitable for use in portable computing devices such as cellular telephones and wireless connected PDAs adapted to connect to the Internet. The invention performs dynamic packet filtering on packets received over an input packet stream. The dynamic filter checks dynamic protocol behavior using information extracted from the received packet. Sessions are created and stored in a session database to track the state of communications between the source and destination. Recognition of a session is accelerated by use of a hash table to quickly determine the corresponding session record in the session database. Session related data is read from the session database and the received packet is checked against a set of rules to determine whether to allow or deny the packet.

Abstract: A novel and useful virtual private network (VPN) mechanism and related security association processor for maintaining the necessary security related parameters to perform security functions such as encryption, decryption and authentication. A security association database (SAD) and related circuitry is adapted to provide the necessary parameters to implement the IPSec group of security specifications for encryption/decryption and authentication. Each security association (SA) entry in the database comprises all the parameters that are necessary to receive and transmit VPN packets according to the IPSec specification.

Abstract: A novel and useful dynamic packet filter that can be incorporated in a hardware based firewall suitable for use in portable computing devices such as cellular telephones and wireless connected PDAs that are adapted to connect to the Internet. The invention performs dynamic packet filtering on packets received over an input packet stream. The dynamic filter checks dynamic protocol behavior using information extracted from the received packet. Sessions are created and stored in a session database to track the state of communications between the source and destination. Recognition of a session is accelerated by use of a hash table to quickly determine the corresponding session record in the session database. Session related data is read from the session database and the received packet is checked against a set of rules for determination of whether to allow or deny the packet.