Abstract: The presently disclosed embodiments are directed to representing network performance information using a network map by partitioning a graphical affordance representing a network element in the network map into segmented sections in accordance with a temporal encoding scheme to encode temporal information in the network map. The segmented sections are encoded using a performance encoding scheme to identify a level of performance associated with the segmented sections so that the network map depicts a performance of the network element over time.

Abstract: A method of report caching includes recording a user ID, a timestamp including at least a connection date and at least one SQL query associated with a report requested by a user from the database system for each connection of the user to the database system over a predetermined period. A plurality of intervals is defined in the predetermined period. Retrieved are instances of the user ID associated with connections of the user to the database system during at least a threshold number of the intervals based on a position that a current date associated with a current connection of the user to the database system occupies in a current interval. The at least one SQL query is executed to generate the report from the database system on the current date before request for the report from the user. The report is stored in a cache for user's retrieval.

Abstract: The present invention includes a method, a system, and a computer readable medium for establishing a connection between hosts in a computer network with the connection configured for symmetrical forward and reverse routing. The method uses the following steps. First, a first host local routing table to route a packet from a first host to a first gateway according to a routing protocol. Next, the first gateway local routing table routes the packet from the first gateway to a first access router. After that, a first access router local routing table routes the packet from the first access router to a second access router. Then, a second access router local routing table routes the packet from the second access router to a second gateway. Finally, a second gateway local routing table routes the packet from the second gateway router to a second host.

Abstract: A method for validating an electronic payment by a credit/debit card in a transaction system. The method includes registering a purchase of an article by a buyer using a credit/debit card associated with at least one PIN code, checking that the at least one PIN code is associated with the number of said credit/debit card provided by said buyer to said seller terminal, checking, by said electronic payment center, whether or not said at least one PIN code is valid, and one of: after the at least one PIN code is found to be valid, checking, by said electronic payment center, whether the electronic payment center has received a pre-validation from a third party; after the at least one PIN code is found to be valid, contacting a third party via a communication network and requesting that the third party validate the purchase; and after the at least one PIN code is found to be valid, contacting a third party via a communication network and requesting said at least one PIN code from the third party.

Abstract: Virtual Private Network (VPN) dedicated to a customer using a physical transmission network based upon Multi-Protocol Label Switching (MPLS) technology including a plurality of Provider (P) devices and a plurality of Provider Edge (PE) devices, the customer owning at least two specific Customer Edge (CE) devices amongst a plurality of CE devices, a specific CE device being attached to a specific PE device and enabling the customer to gain access to any other CE device belonging to the same VPN, by the intermediary of PE devices to which are attached the CE devices. The VPN comprises several billing zones (10, 12, 14) being each defined by the application of a single flat rate.

Abstract: Method of gaining secure access from a host (13) to Intranet resources provided by at least a content server (18) in a data transmission system wherein the host is connected to the content server through a gateway (17). Such a method consists in generating and sending at predetermined transmission instants from either the host or the gateway verification messages wherein each verification message contains a signature which depends upon the data exchanged between the host and the gateway since the preceding verification message, the host and the gateway also called peer devices having at their disposal same algorithm defining which of them sends a verification message at each of the predetermined instants.

Abstract: Data transmission system based upon the Internet protocol (IP) comprising a private transmission network (18) and a public transmission network or the like (16) interconnected by a network address translation device NAT (12) wherein at least a workstation WS (10) connected to said private transmission network has to establish a communication with a peer device (14) connected to the public transmission network, the local IP address of each data packet from the workstation WS being translated into a NAT address used to provide the route through the public transmission network. The system includes a registration server (19) connected to the public transmission network for registering the local IP address corresponding to the NAT address and providing the correspondence between the NAT address and the local IP address to the peer device in order for this one to replace in the IP header of each data packet received by the peer device, the NAT address by the local IP address.

Abstract: Header compression system for compressing the header of the data packets of a flow transmitted from an ingress node to an egress node through a data transmission network comprising template creating means, in both ingress node and egress node, adapted for creating the same compression template from a predetermined number of uncompressed data packets at the beginning of the flow respectively transmitted by the ingress node and received by the egress node, and header compression means, in the ingress node, adapted for compressing the header of each packet following the predetermined number of uncompressed data packets before transmitting it through the data transmission network, the compression being achieved by using the compression template.

Abstract: Virtual Private Network (VPN) dedicated to a customer using a physical transmission network based upon Multi-Protocol Label Switching (MPLS) technology including a plurality of Provider (P) devices and a plurality of Provider Edge (PE) devices, the customer owning at least two specific Customer Edge (CE) devices amongst a plurality of CE devices, a specific CE device being attached to a specific PE device and enabling the customer to gain access to any other CE device belonging to the same VPN, by the intermediary of PE devices to which are attached the CE devices. The VPN comprises several billing zones (10, 12, 14) being each defined by the application of a single flat rate.

Abstract: Header compression system for compressing the header of the data packets of a flow transmitted from an ingress node to an egress node through a data transmission network comprising template creating means, in both ingress node and egress node, adapted for creating the same compression template from a predetermined number of uncompressed data packets at the beginning of the flow respectively transmitted by the ingress node and received by the egress node, and header compression means, in the ingress node, adapted for compressing the header of each packet following the predetermined number of uncompressed data packets before transmitting it through the data transmission network, the compression being achieved by using the compression template.

Abstract: A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

Abstract: A method and system for enabling interconnection of VPNs is disclosed. An interconnection device manages an interconnection process at one or more facilities including, for example, a gateway device. The gateway device has information relating to a plurality of VPNs, and may facilitate interconnection between devices on at least two of the VPNs by determining that one device is in fact a member of a first one of the VPNs, and by forwarding connection parameters of the first VPN to the second VPN on an as-needed basis. In this way, the gateway allows interconnection without the need for a completely centralized decision-making process, and does so independently of the type of device and/or VPN(s) being used. Moreover, the gateway may implement only those VPN parameters needed by both VPNs to communicate with one another with a desired level of security, thereby simplifying the routing and forwarding processes associated with the actual communication occurring via the interconnection.

Abstract: A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

Abstract: Method for transmitting high-priority packets in an IP transmission network based upon the Internet Protocol (IP) wherein low-priority packets or fragments of packets are transmitted between a sender and a receiver and at least a high-priority packet can be transmitted from the sender to the receiver by pre-emption of a low-priority packet or a fragment of packet. the method comprises in the sender, the steps of determining whether a low-priority packet or fragment of packet is being transmitted from the sender to the receiver when a high-priority packet has to be transmitted, setting to 1 a reserved bit within the IP header of the high-priority packet used as a pre-emption indicator if a low-priority packet or fragment of packet is currently transmitted, transmitting the high-priority packet with the pre-emption indicator set to 1 from the sender to the receiver, and resuming the transmission of the low-priority packet or fragment of packet at the end of transmission of the high-priority packet.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.

Abstract: Firewall system for interconnecting a first IP network (10) to a second IP network (16), these networks belonging to two different entities having each a different administration wherein any data packet transmitted/received by the first IP network is filtered by using a first firewall function and any data packet transmitted/received by the second IP network is filtered by using a second firewall function. The system comprises essentially a single firewall device (20) including filtering means (41, 43) performing both first firewall function and second firewall function, a console port (37) enabling the administrator in charge of each IP network to enter filtering rules for updating the associated firewall function and control means (39, 47, 49) interconnecting the console port and the filtering means for transmitting thereto the filtering rules so that each administrator may independently manage the system from the console port.

Abstract: A hardware device for processing the tasks of an algorithm of the type having a number of processes the execution of some of which depend on binary decisions has a plurality of task units (10, 12, 14), each of which are associated with a task defined as being either one process or one decision or one process together with a following decision. A task interconnection logic block (16) is connected to each task unit for communicating actions from a source task unit to a destination task unit. Each task unit includes a processor (18) for processing the steps of the associated task when a received action requests such a processing.

Abstract: Certain exemplary embodiments provide a method for converting data packets based upon IPv4 protocol into data packets based upon IPv6 protocol, said method comprising converting any data packet based upon the IPv4 protocol into a data packet based upon the IPv6 protocol before transmitting it to an IP switched network using information provided by an external server, and converting any data packet based upon the IPv6 protocol provided by said IP switched network into a data packet based upon the IPv4 protocol before transmitting it to a first or second workstation.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus. scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.