Abstract: A data security device for providing a network transport connection via a transparent network proxy that employs different encryption security mediums along a communications session between two endpoints by emulating one of the endpoints at an intermediate node such that the communication session appears as an atomic, secure connection to the endpoints yet provides appropriate security over the end-to-end connection. A sender node sends a connection request to establish a secure communication session with an intended receiver node. A transparent proxy on an intermediate node receives the request and establishes the link employing an encryption mechanism. The transparent proxy establishes a second link with the intended receiver, and applies a second, less expensive encryption mechanism. The transparent proxy combines the two links to form the trusted, secure connection but incurring only the mitigated expense over the second link.

Abstract: A data security device for providing a network transport connection via a transparent network proxy that employs different encryption security mediums along a communications session between two endpoints by emulating one of the endpoints at an intermediate node such that the communication session appears as an atomic, secure connection to the endpoints yet provides appropriate security over the end-to-end connection. A sender node sends a connection request to establish a secure communication session with an intended receiver node. A transparent proxy on an intermediate node receives the request and establishes the link employing an encryption mechanism. The transparent proxy establishes a second link with the intended receiver, and applies a second, less expensive encryption mechanism. The transparent proxy combines the two links to form the trusted, secure connection but incurring only the mitigated expense over the second link.

Abstract: The invention is directed to techniques for processing messages to be transferred from a first network to a second network, the method comprising the steps of receiving a message at a second data communications device coupling the first and second networks, determining that the message is associated with a data path through a first data communications device that couples the first and second networks independently from the second data communications device and processing the message to maintain a connection associated with the message, the connection existing between a first computerized device operating in the first network and a second computerized device operating in the second network.

Abstract: The invention is directed to techniques for providing data distribution that supports auditing. Accordingly, a data communications device receives data from a data provider, the data containing label information. The data communications device filters the data based on the label information contained in the data. Next, the data communications device associates token information with the data whereby the token information enables later audits of transmission of the data traveling through the data communications device. Finally, the data communications device transmits the data and the token information toward a data receiver. Filtering of the data results in certain data being removed and/or directed to a specific data receiver based on labels within the data. The data communications device also inserts a signature into the token in order to identify the data communications device transmitting the data in a manner that cannot be forged.

Abstract: A device for managing secure communications by examining message packets to detect and control the use of encryption keys noninvasively examines an incoming message packet according to typical cryptographic protocols and sequences. If an incoming packet exhibits the use of an encryption key, such as via IKEP, IPsec, or PPTP, the device processes the packet to attempt to find the corresponding encryption key. The device compares the key to a list of known suspect keys to determine a blocked status. If the key is not on the list, a sequence of authorization rules concerning prohibited key usage attempts to determine a result. The authorization rules examine available keying attributes from the message packet, possibly via a remote server, and compute an indication concerning key usage. If the authorization rules are still undeterministic of usage of the key, the device uses a default action.

Abstract: A system provides secure communications between a user operated device and a computerized device. The user operated device transfers an enable security message to the computerized device, and in response, the computerized device sends a first communications enablement message to the user operated device and displays a second communications enablement message on a display of the computerized device for viewing by a user operating the user operated device. The user operated device receives the first communications enablement message from the computerized device and receives the second communications enablement message from the user and establishes a secure communications session between the user operated device and the computerized device using the first communications enablement message and the second communications enablement message. The communications enablement messages can contain key material that enable encryption between the user operated device and the computerized device.

Abstract: The invention is directed to techniques for selecting a resource from several resources to process a request from a client. A client sends the request to a data communications device (e.g., network device or switch), which measures usage information from usage meters associated with each resource (e.g., server). The data communications device then makes a usage estimate for each server of the increase in usage required for that server to process the request from the client. Then the data communications device selects one of the servers depending on the usage estimates required to respond to the client's request. The data communications device can consider other factors such as the current level of usage, past usage, and the increased cost of responding to the request. In addition, the data communications device can consider the peak usage level of each resource already established in a current billing period.

Abstract: Mechanisms and techniques provide a data communications device for inserting an audio tag into a content page during a communications session between a first computerized device and a second computerized device. A data communications device receives a request for a content page from a first computerized device and transfers the request to a second computerized device. The data communications device receives the content page from the second computerized device in response to the request, inserts an audio tag within the content page, and adjusts a connection characteristic associated with the content page to maintain the communications session between the first computerized device and the second computerized device. The data communications device then transfers the content page having the inserted audio tag and modified connection characteristic to the first computerized device.

Abstract: The invention is directed to techniques for maintaining a map of node relationships for a network of nodes (e.g., network of computers). In one example, the map of node relationships represents relationships overlaying and typically different from the network of physical connections among the nodes. Each child node periodically checks in with its parent nodes, and the parent nodes can thus determine when a child node has terminated a relationship with the parent or created a new relationship with a new parent. Changes in relationships propagate upward through the network of nodes so that each node maintains a map of the relationships among the descendants of that node. A root node receives the propagated change relationship information and maintains a map of the entire network and valid pathways through the network.

Abstract: A computer-implemented method and system for DRM brokering and digital asset security transcoding comprising utilizing a broker for converting content from one format into one or more alternative DRM-protected formats for distribution to end-users. The broker operates an escrow system for securing and tracking the content and information about the content and encryption keys associated with a plurality of DRM content formats. The broker further provides a common inter-DRM log format for receiving usage transaction logs and payment logs associated with transcoding and distribution the content in one or more DRM-protected content formats.

Abstract: The invention is directed to techniques for providing data distribution that supports auditing. Accordingly, a data communications device receives data from a data provider, the data containing label information. The data communications device filters the data based on the label information contained in the data. Next, the data communications device associates token information with the data whereby the token information enables later audits of transmission of the data traveling through the data communications device. Finally, the data communications device transmits the data and the token information toward a data receiver. Filtering of the data results in certain data being removed and/or directed to a specific data receiver based on labels within the data. The data communications device also inserts a signature into the token in order to identify the data communications device transmitting the data in a manner that cannot be forged.

Abstract: A computer-implemented method and system for DRM brokering and digital asset security transcoding comprising utilizing a broker for converting content from one format into one or more alternative DRM-protected formats for distribution to end-users. The broker operates an escrow system for securing and tracking the content and information about the content and encryption keys associated with a plurality of DRM content formats. The broker further provides a common inter-DRM log format for receiving usage transaction logs and payment logs associated with transcoding and distribution the content in one or more DRM-protected content formats.

Abstract: Internet services are differentiated by including user-reflexive data with a user request. The user-reflexive data may specify a quality of service to be accorded the return data and also billing information to improve detail of bills for billed Internet services. The user-reflexive data is included with the user request and data transmission is adjusted accordingly. Alternatively, the user-reflexive data is sent out-of-band.

Abstract: The invention is directed to techniques for providing data distribution that supports auditing. Accordingly, a data communications device receives data from a data provider, the data containing label information. The data communications device filters the data based on the label information contained in the data. Next, the data communications device associates token information with the data whereby the token information enables later audits of transmission of the data traveling through the data communications device. Finally, the data communications device transmits the data and the token information toward a data receiver. Filtering of the data results in certain data being removed and/or directed to a specific data receiver based on labels within the data. The data communications device also inserts a signature into the token in order to identify the data communications device transmitting the data in a manner that cannot be forged.

Abstract: A client device establishes a first tunnel connection or tunnel, through a public network, with a first gateway of a private network and establishes, through the tunnel connection, a data connection with a destination device within the private network. The first gateway monitors or analyzes the geographic locations of the gateways associated with the private network relative to geographic location of the destination device associated with the data connection. Based upon such the monitoring, the first gateway transmits information to the client device relating to establishment of a second tunnel connection or tunnel with a second gateway of the private network. The client device establishes the second tunnel connection with the second gateway and establishes a data connection with the destination device through the second gateway.

Abstract: A method for identifying an expected configuration environment defined by configuration parameters typically employed by a user, and seamlessly applying the configuration environment to subsequent network transaction requests of the user, regardless of the network access point from which the transaction request emanates, provides remote network access according to the expectations of the user. Each user has an independent configuration environment stored in a memory accessible by a data communications device. The data communications device identifies a connection as emanating from a particular user, and applies the corresponding configuration environment from the memory to network transaction requests from the user. In this manner, the user perceives the same treatment by the network when connecting in the home office as well as via a remote connection such as from a hotel, airport, or cybercafe.

Abstract: A method and apparatus for routing a data request in a content delivery network receives a Hypertext Protocol (HTTP) format client data request and redirects the client data request to a file transfer protocol such that the data is transferred to the client in the file transfer protocol rather than HTTP. The redirection from HTTP, for example, to FTP or some other fileserver protocol outsources the load on the content engines while taking advantage of well-established methods of data handling and security. In addition, the network can dynamically be provisioned to handle a data load. In one embodiment, WCCP and HTTP redirection methods are used separately or in combination to provide a distributed file system in which client's requests benefit from content routing prior to interacting (via a file protocol) with a file server.

Abstract: Mechanisms and techniques provide a system that provides stream data to a client by monitoring operation of a stream control protocol such as RTSP associated with stream data transmitted between a client and a first stream server. The system detects a stream change event related to transmission of the stream data between the client and the first stream server and identifies a relative position within the stream data based on the operation of the stream control protocol. The system then establishes transmission of the stream data between the client and a second stream server starting at the relative position in the stream data. The system provides for mid-stream failover for the transmission of stream data such as real-time data with minimal perceptible loss of stream data by the client.

Abstract: A control signal is provided to a video data acquisition system that generates video data. In response to receiving the control signal, the video data acquisition system modifies at least a portion of the video data to produce an output signal. Authenticity of the output signal from the video data acquisition system is verified by checking that the video data includes modifications according to the control signal. If the video data does not include such modifications, it is known that the video data acquisition system needs to be checked for tampering or system failures.

Abstract: A data security device for providing a network transport connection via a transparent network proxy that employs different encryption security mediums along a communications session between two endpoints by emulating one of the endpoints at an intermediate node such that the communication session appears as an atomic, secure connection to the endpoints yet provides appropriate security over the end-to-end connection. A sender node sends a connection request to establish a secure communication session with an intended receiver node. A transparent proxy on an intermediate node receives the request and establishes the link employing an encryption mechanism. The transparent proxy establishes a second link with the intended receiver, and applies a second, less expensive encryption mechanism. The transparent proxy combines the two links to form the trusted, secure connection but incurring only the mitigated expense over the second link.