Abstract: A communication network is operated by determining whether a network element can be trusted and configuring a tunnel for traffic associated with the network element based on whether the network element can be trusted operates a communication network.

Abstract: A communication network is operated by determining whether a network element can be trusted and monitoring traffic associated with the network element based on whether the network element can be trusted. At least some of the monitored traffic may be selected for examination based on the degree of trust for the network element. At least some of the monitored and/or examined traffic is selected to be blocked based on the degree of trust for the network element.

Abstract: A communication network is operated by determining whether a network element can be trusted, determining at least one vulnerable network element based on a determination that the network element cannot be trusted, selecting a controllable application on the at least one vulnerable network element, and sending a command to the controllable application to reduce the vulnerability of the at least one vulnerable network element.

Abstract: A determination can be made whether a network element is configured in an authorized manner, e.g., whether the network element is configured with authorized firmware, software, and/or data. In this regard, a determination is made whether the network element can be trusted and to what degree the network element can be trusted. Based on this determination of whether the network element can be trusted, the traffic associated with the network element can be stored and/or logged in a desired manner.

Abstract: Methods, systems, and products are disclosed for detecting encrypted Internet Protocol packet streams. One method selects a subset of observable parameters from a set of observable parameters. The existence of at least one of the observable parameters within the subset is noted within an encrypted stream of packets. The at least one of the observable parameters is observable despite encryption obscuring the contents of the encrypted stream of packets. The type of data within the encrypted stream of packets is inferred using the at least one of the observable parameters.

Abstract: Methods, systems, and devices are disclosed for detecting encrypted Internet Protocol packet streams. The type of data within an encrypted stream of packets is inferred using an observable parameter. The observable parameter is observable despite encryption obscuring the contents of the encrypted stream of packets. A timer is established that maintains settings despite changes in the type of inferred data.

Abstract: Methods, systems, and devices are disclosed for detecting encrypted Internet Protocol packet streams. An encrypted stream of packets is received, with the encryption obscuring the type of data within the stream of packets. The type of data contained within the encrypted stream of packets is inferred using at least one of i) a set of variables comprising at least one of an observable parameter, a threshold value, a range of values, a timer, and an algorithm, and ii) multiple processes. Varying the selection of the variables thwarts hacking attempts, and the multiple processes enhance effectiveness and reliability.

Abstract: Methods, systems, and products are disclosed for detecting encrypted packet streams. One method notes an observable parameter of an encrypted stream of packets. The parameter is observable despite encryption obscuring the contents of the encrypted stream of packets. The type of data within the encrypted stream of packets is inferred from the observable parameter, wherein, despite the encryption, the type of data within the encrypted stream of packets may be inferred.

Abstract: Methods, systems, and devices are disclosed for detecting encrypted Internet Protocol packet streams. A probe stream having a known observable parameter is generated. The observable parameter exhibits a known characteristic of a known type of data encrypted within a stream of packets. The probe stream is communicated to a network element via a communications network. When the probe stream is received by the network element, the network element can compare the known observable parameter to an actual value. Any difference between the known observable parameter and the actual value can be used to correct for network-induced variation and other effects, thus ensuring accurate detection and identification of data types within encrypted streams of packets.

Abstract: Methods, systems, and products are disclosed for specifying a signature for an encrypted packet stream. One method receives the encrypted stream of packets, and encryption obscures the contents of a packet. A signature for insertion into the stream of packets is specified, and the signature identifies a type of data encrypted within the stream of packets. The signature identifies the contents of the packet despite the encryption obscuring the contents.

Abstract: Bandwidth and/or Quality of Service (QoS) may be modified in a Regional/Access Network (RAN) that includes a core network, the RAN facilitating differentiated end-to-end data transport between an enterprise, a Network Service Provider (NSP), and/or an Application Service Provider (ASP) and a customer Premises Network (CPN). Application Programming Interface (API) calls are used at the enterprise, NSP, and/or the ASP to communicate with the RAN to query a resource allocation in the core network that is assigned to the enterprise, NSP, and/or the ASP. API calls are also used at the enterprise, NSP, and/or the ASP to communicate with the RAN to modify the bandwidth and/or the QoS of the resource allocation in the core network that is assigned to the enterprise, NSP, and/or the ASP.

Abstract: Service that is provided by a packet switched network is controlled based on bids from a plurality of consumer equipment. Bids are requested from the consumer equipment. The bids are compared, and service by the packet switched network is controlled based the comparison. Access to the packet switched network may be selectively allowed or denied based on the comparison of the bids. The quality of service that is provided for information packets that are associated with at least some of the consumer equipment and communicated through the packet switched network may be controlled based on the bids.

Abstract: A level of trust is determined for a consumer equipment. Based on the determined level of trust, a level of QoS is controlled for information packets that are associated with the consumer equipment and communicated through a packet switched network and/or access by the consumer equipment to communicate through the packet switched network is controlled. The consumer equipment may be selectively allowed to communicate through the packet switched network based on the determined level of trust and based on available resources of the packet switched network. Access to the packet switched network and allowed QoS for information packets communicated there through may thereby be based on a level of trust of the associated consumer equipment.

Abstract: Consumer equipment that is connected to a packet switched network is verified, and a Quality of Service for communications therewith are controlled based on the verification. Information is hashed to generate a first hash value. The information in a memory of the consumer equipment is hashed to generate a second hash value. The first hash value and the second hash value are compared to generate a verification indication for the consumer equipment. The Quality of Service for information packets that are communicated with the consumer equipment through the packet switched network is controlled based on the verification indication.

Abstract: Methods, systems, and products are disclosed for providing communications services. One method determines a state of an Internet Protocol communications device. The method then reconfigures call routing information based upon the state of the Internet Protocol communications device.

Abstract: Voice over Internet Protocol (VoIP) service is established in a network that that includes a Regional/Access Network (RAN) that facilitates differentiated end-to-end data transport between an Application Service Provider (ASP) and a Customer Premises Network (CPN) that includes Customer Premises Equipment (CPE). Application Programming interface (API) calls are used at the ASP to communicate with the RAN to establish VoIP service for the user having a user selected bandwidth and/or QoS associated therewith.

Abstract: A Regional/Access Network (RAN) receives an application flow control request from a Network Service Provider (NSP) and/or an Application Service Provider (ASP). The application flow control request includes a request to determine bandwidth and/or QoS associated with a subscriber ID. The bandwidth and/or QoS associated with the subscriber ID is determined, and is sent from the RAN to the NSP and/or the ASP.

Abstract: Methods, systems and/or computer program products are provided for managing Quality of Service (QoS) and/or bandwidth allocation in a Regional/Access Network (RAN) having a broadband access server (BRAS) that facilitates differentiated end-to-end data transport between a Network Service Provider (NSP) and/or an Application Service Provider (ASP), and a Customer Premises Network (CPN) that includes a Routing Gateway (RG). In particular embodiments of the present invention, a modify QoS and/or bandwidth allocation message including updated QoS and/or bandwidth information from the NSP and/or ASP is received at the RAN. The BRAS is updated with the QoS and/or bandwidth information and the RG is also updated with the QoS and/or bandwidth information.

Abstract: Data architectures provide for managing Quality of Service (QoS) and/or bandwidth allocation in a Regional/Access Network (RAN) that provides end-to-end transport between a Network Service Provider (NSP) and/or an Application Service Provider (ASP), and a Customer Premises Network (CPN) that includes a Routing Gateway (RG). The data architecture includes a NSP access session record maintained at the RAN that defines QoS and/or bandwidth allocation for an access session, such as a Point-to-Point (PPP) access session, associated with the RG and the NSP. A corresponding NSP access session record is maintained at the NSP associated with the access session. The NSP access session record at the RAN and the corresponding NSP access session record at the NSP both define a QoS and/or bandwidth allocation specified by the NSP associated with the session or both define a QoS and/or bandwidth allocation specified by the RAN.

Abstract: A method of operating a data network may include establishing a data path through the data network between a routing gateway for a subscriber of the data network and a service provider providing a data service. Moreover, the data service may be provided for use at the routing gateway over the data path during a data session. A request may be received from the service provider wherein the request defines a data flow characteristic for the data path between the routing gateway and the service provider providing the data service during the data session. The data flow characteristic may then be transmitted to a node along the data path between the routing gateway and the service provider for enforcement of the data flow characteristic for the data path at the node. More particularly, the data session may be a point-to-point protocol data session. Related methods, data networks, data service providers, routing gateways, and computer program products are also discussed.