Abstract: The proposed invention solves the problem of spoofing the origin to create e-mail spam, virus distribution, and other abuse of the electronic mail. In particular, it solves a notoriously dangerous problem of distributing computer viruses via e-mail allegedly sent from friends, colleagues, and well-respected organizations. The proposed invention defines a comprehensive set of mechanisms and apparatus to reasonably ensure that an e-mail message—when received by an e-mail gateway, e-mail relay server, or the destination e-mail server—has originated at the location and sent by a person (or a program) specified in its “From:” field.

Abstract: Methods and apparatus arc provided for user authentication using a Public Key Infrastructure (PKI) in an IP-based telephony environment, such as an IMS network. A user of a user device attempting to access an IP-based telephony network can be authenticated by obtaining one or more private keys of the user from a secure memory associated with the user device; generating an integrity key and a ciphering key; encrypting the integrity key and the ciphering key using a session key; encrypting the session key with a public key of the IP-based telephony network; and providing the encrypted session key, encrypted integrity key and encrypted ciphering key to the IP-based telephony network for authentication. A network-based method is also provided for authenticating a user in an IP-based telephony network.

Abstract: Methods and apparatus are provided for authenticated user-access to Kerberos-enabled applications based on an Authentication and Key Agreement mechanism. A user is first authenticated using an Authentication and Key Agreement mechanism based on a bootstrapping protocol that mutually authenticates the user and one or more servers; and, once the user is authenticated, the user is enabled to derive a session key and is provided with a first ticket to a Ticket Granting Server. The first ticket can establish an identity of the user and include the session key.

Abstract: The invention that addresses the problem of authentication of the transport packet stream (which constitutes a flow within a session), which has been admitted into a managed packet network. Authentication and the subsequent policing of the flows supporting an identified client's authorized service prevent a large class of denial of service attacks described below. Specifically, the invention addresses two different matters: 1) key distribution and management 2) various forms of using a shared key for the authentication of transport packets on the user-to-network-interface (UNI).

Abstract: The present invention specifies the mechanism for supporting end-to-end quality of service (QoS) reservations for an implicit reservations model using a Resource and Admission Control Function (RACF) apparatus. The invention teaches how to implement implicit resource reservations using the open-standard Resource and Admission Control Function (RACF), which is being standardized in ITU-T. Several methods are covered: 1) With a first method, a general distributed approach has been specified. 2) For a second method, the terminating RACF keeps the state of the reservations, so the resulting protocol is relatively simple, robust, and easy to implement. 3) A third method, which can be based on either of the above methods or their combination, starts reservations at both, the terminating and originating RACF ends and works toward the meet-me point.

Abstract: The present invention sets forth a methodology that allows involved processes to partition among themselves a pre-defined set of multi-type resources in a way that all processes end up satisfied with the outcome of the partitioning, and no central mediation for such partitioning is required. One exemplary embodiment of the invention sets forth a method of allocating multiple type resources among a distributed set of processes that includes the steps of selecting a process from the set of processes for partitioning the resources; partitioning the resources at the selected process; sharing results of the partitioning with others of the set of processes, wherein said other processes select a partition from the partitioned resources; the selected process being able to select a partition subsequent to the other processes having selected a partition. The method also repeats the above steps until all currently involved processes are satisfied by a selected partition of available resources.

Abstract: The proposed invention solves the problem of spoofing the origin to create e-mail spam, virus distribution, and other abuse of the electronic mail. In particular, it solves a notoriously dangerous problem of distributing computer viruses via e-mail allegedly sent from friends, colleagues, and well-respected organizations. The proposed invention defines a comprehensive set of mechanisms and apparatus to reasonably ensure that an e-mail message—when received by an e-mail gateway, e-mail relay server, or the destination e-mail server—has originated at the location and sent by a person (or a program) specified in its “From:” field.

Abstract: A method and apparatus for establishing multimedia calls over an intelligent telecommunications network in which the calls are requested through an internetwork of client computers and server computers and the internetwork of client computers and server computers is further connected to the intelligent telecommunications network. The method involves: 1) a caller generating a request for a call utilizing the internetwork to initiate the request; 2) delivering multimedia and/or audiovisual presentations(s) to the caller via the internetwork and/or public switched telephone network (PSTN); and 3) completing a circuit switched telephone call between the caller and a destination user subsequent to the delivery of the presentations(s) wherein the call is placed from within the intelligent network itself. In this manner, one or more multimedia advertisements or other presentations are delivered to the originating caller before completion of the requested call.

Abstract: All existing services that can be offered in one telecommunication network can be offered across networks without changing any existing interfaces and protocols. A mediation access processor (MAP) is provided in a network element located in a first network that is interconnected with a second network. The MAP provides screening, translation and emulation functionality, so that (a) messages transmitted between switches in the first network and SCP's or other application processors in the second network can be properly converted so as to be recognized and understood, (b) changes to the intercommunication arrangements of the switches and the SCP's, such as the protocols that are supported, are not necessary.