Abstract: Improved virtualized application performance is provided through disabling of unnecessary functions, such as unnecessary encryption and decryption operations. An example method performed by a hypervisor includes the steps of obtaining a request from a first virtual machine to perform one or more of encrypting and decrypting of a communication between the first virtual machine and a second virtual machine; determining when the first and second virtual machines execute on a same host as the hypervisor; and in response to the first and second virtual machines executing on the same host: processing the communication without performing the one or more of encrypting and decrypting of the communication, wherein the hypervisor initiates an encryption of further communications between the first virtual machine and the second virtual machine in response to at least one of the first virtual machine and the second virtual machine being moved from the same host.

Abstract: Improved virtualized application performance is provided through disabling of unnecessary functions, such as unnecessary encryption and decryption operations. An example method performed by a hypervisor includes the steps of obtaining a request from a first virtual machine to perform one or more of encrypting and decrypting of a communication between the first virtual machine and a second virtual machine; determining when the first and second virtual machines execute on a same host as the hypervisor; and in response to the first and second virtual machines executing on the same host: processing the communication without performing the one or more of encrypting and decrypting of the communication, wherein the hypervisor initiates an encryption of further communications between the first virtual machine and the second virtual machine in response to at least one of the first virtual machine and the second virtual machine being moved from the same host.

Abstract: Improved virtualized application performance is provided through disabling of unnecessary functions, such as unnecessary encryption and decryption operations. An example method performed by a hypervisor includes the steps of obtaining a request to one or more of encrypt and decrypt a communication between a first virtual machine and a second virtual machine; determining if the first and second virtual machines execute on a same host as the hypervisor (e.g., by evaluating a context of the communication); and processing the communication without encrypting or decrypting the communication if the first and second virtual machines execute on the same host. Lawful Interception is performed by forwarding an unencrypted version of the communication to an authorized agency.

Abstract: Improved virtualized application performance is provided through disabling of unnecessary functions, such as unnecessary encryption and decryption operations. An example method performed by a hypervisor includes the steps of obtaining a request to one or more of encrypt and decrypt a communication between a first virtual machine and a second virtual machine; determining if the first and second virtual machines execute on a same host as the hypervisor (e.g., by evaluating a context of the communication); and processing the communication without encrypting or decrypting the communication if the first and second virtual machines execute on the same host. Lawful Interception is performed by forwarding an unencrypted version of the communication to an authorized agency.

Abstract: Techniques for enabling improved electronic mail handling in communication networks include a method of handling an electronic mail message in an electronic mail system. The method includes establishing a secure connection between a client of a message sender and a server of a message recipient in the electronic mail system. The method also includes participating in an authentication exchange to verify the identity of the message sender. The method further includes the message sender depositing an electronic mail message with the server of the message recipient upon successful verification of the identity of the client of the message sender.

Abstract: The present invention sets forth a methodology that allows involved processes to partition among themselves a pre-defined set of multi-type resources in a way that all processes end up satisfied with the outcome of the partitioning, and no central mediation for such partitioning is required. One exemplary embodiment of the invention sets forth a method of allocating multiple type resources among a distributed set of processes that includes the steps of selecting a process from the set of processes for partitioning the resources; partitioning the resources at the selected process; sharing results of the partitioning with others of the set of processes, wherein said other processes select a partition from the partitioned resources; the selected process being able to select a partition subsequent to the other processes having selected a partition. The method also repeats the above steps until all currently involved processes are satisfied by a selected partition of available resources.

Abstract: In a communication network, assume a first computing device is an end user device, a second computing device is a gateway server, and a third computing device is an application server. A method comprises the following steps. The second computing device authenticates one or more packets received from the first computing device. The second computing device marks the one or more packets with a first-layer identity before routing the one or more packets toward the third computing device such that the third computing device is able to authenticate the one or more packets from the first computing device by confirming an association between the first-layer identity and a second-layer identity. For example, the first-layer identity may comprise a link layer identity assigned to the first computing device and the second-layer identity may comprise an application layer identity assigned to the first computing device.

Abstract: In a communication network wherein a first computing device represents a resource owner and a second computing device represents a resource requestor, the resource owner detects an occurrence of an event, wherein the event occurrence represents a request to access one or more resources of the resource owner stored in a resource residence. The resource owner sends an authorization token to the resource requestor in response to the event occurrence, the authorization token serving as a proof of authorization delegated by the resource owner to be presented by the resource requestor to the resource residence so as to permit the resource requestor to access the one or more requested resources stored in the resource residence.

Abstract: Techniques are disclosed for enabling improved electronic mail handling in communication networks. For example, a method of handling an electronic mail message in an electronic mail system comprises the following steps. A secure connection is established between a client of a message sender and a server of a message recipient in the electronic mail system. An authentication exchange is employed to verify the identity of the message sender. The message sender deposits an electronic mail message with the server of the message recipient upon successful verification of the identity of the client of the message sender.

Abstract: Techniques are disclosed for optimally scheduling computations that involve multiple factors, the cost of evaluations and probabilities of success of which are known. For example, a methodology is provided for determining an optimal schedule of a multi-factor test in sub-quadratic time. While the methodology has wide ranging application, we illustrate a particular applicability to a security application involving multi-factor authentication in a cloud computing environment, as well as applicability to the contact center agent scheduling.

Abstract: Techniques are disclosed for enabling operators of communication networks to provide one or more identity services such as, for example, an authentication service. For example, in a communication network, assume that a first computing device is a client device, a second computing device is an application server, and a third computing device is a server under control of an operator of the communication network. A method may comprise the following steps.

Abstract: Techniques are disclosed for optimally scheduling computations that involve multiple factors, the cost of evaluations and probabilities of success of which are known. For example, a methodology is provided for determining an optimal schedule of a multi-factor test in sub-quadratic time. While the methodology has wide ranging application, we illustrate a particular applicability to a security application involving multi-factor authentication in a cloud computing environment, as well as applicability to the contact center agent scheduling.

Abstract: The invention that addresses the problem of authentication of the transport packet stream (which constitutes a flow within a session), which has been admitted into a managed packet network. Authentication and the subsequent policing of the flows supporting an identified client's authorized service prevent a large class of denial of service attacks described below. Specifically, the invention addresses two different matters: 1) key distribution and management 2) various forms of using a shared key for the authentication of transport packets on the user-to-network-interface (UNI).

Abstract: Techniques are disclosed for efficient authentication of an end user device at an application server of a communication network. For example, wherein it is assumed that, in a communication network, a first computing device is an end user device, a second computing device is a gateway server, and a third computing device is an application server, a method comprises the following steps. The second computing device authenticates one or more packets received from the first computing device. The second computing device marks the one or more packets with a first-layer identity before routing the one or more packets toward the third computing device such that the third computing device is able to authenticate the one or more packets from the first computing device by confirming an association between the first-layer identity and a second-layer identity. For example, the first-layer identity may comprise a link layer identity assigned to the first computing device (e.g.

Abstract: In a communication network wherein a first computing device represents a resource owner and a second computing device represents a resource requestor, the resource owner detects an occurrence of an event, wherein the event occurrence represents a request to access one or more resources of the resource owner stored in a resource residence. The resource owner sends an authorization token to the resource requestor in response to the event occurrence, the authorization token serving as a proof of authorization delegated by the resource owner to be presented by the resource requestor to the resource residence so as to permit the resource requestor to access the one or more requested resources stored in the resource residence.

Abstract: A method and apparatus for supporting end-to-end quality of service (QoS) reservations for an implicit reservations model are provided. The invention teaches how to implement implicit resource reservations using the open-standard Resource and Admission Control Function (RACF). A request for resources for a given reservation between an originating and a terminating point in a network is received. A central controller for that domain processes the request for a given domain to determine whether routes for said reservation are available and whether necessary bandwidth for said reservation is available. An implicit reservation and a release of the bandwidth are respectively accomplished with a specific number of messages. If the routes and bandwidth are available, the reservation for the given domain is confirmed and the reservation request is passed to another central controller for a next domain having resources required to satisfy the reservation request.

Abstract: Techniques are disclosed for enabling operators of communication networks to provide one or more identity services such as, for example, an authentication service. For example, in a communication network, assume that a first computing device is a client device, a second computing device is an application server, and a third computing device is a server under control of an operator of the communication network. A method may comprise the following steps.

Abstract: The proposed invention solves the problem of spoofing the origin to create e-mail spam, virus distribution, and other abuse of the electronic mail. In particular, it solves a notoriously dangerous problem of distributing computer viruses via e-mail allegedly sent from friends, colleagues, and well-respected organizations. The proposed invention defines a comprehensive set of mechanisms and apparatus to reasonably ensure that an e-mail message—when received by an e-mail gateway, e-mail relay server, or the destination e-mail server—has originated at the location and sent by a person (or a program) specified in its “From:” field.

Abstract: A method and apparatus for establishing additional channels for a call between multi-task user terminals. A multi-task call (MTC) signaling module is used to receive requests for the addition or release of additional channels for a call. Through a signaling network, the module has access to the switches of a hybrid network for interconnecting edge switches connectable to MTC terminals. The MTC signaling module controls establishment or release of the connections between links of the paths through the hybrid network. Advantageously, an MTC terminal through its MTC signaling module can control the addition or release of channels through the hybrid network.

Abstract: The present invention specifies the mechanism for supporting end-to-end quality of service (QoS) reservations for an implicit reservations model using a Resource and Admission Control Function (RACF) apparatus. The invention teaches how to implement implicit resource reservations using the open-standard Resource and Admission Control Function (RACF), which is being standardized in ITU-T. Several methods are covered: 1) With a first method, a general distributed approach has been specified. 2) For a second method, the terminating RACF keeps the state of the reservations, so the resulting protocol is relatively simple, robust, and easy to implement. 3) A third method, which can be based on either of the above methods or their combination, starts reservations at both, the terminating and originating RACF ends and works toward the meet-me point.