Abstract: Data transmission system based upon the Internet protocol (IP) comprising a private transmission network (18) and a public transmission network or the like (16) interconnected by a network address translation device NAT (12) wherein at least a workstation WS (10) connected to said private transmission network has to establish a communication with a peer device (14) connected to the public transmission network, the local IP address of each data packet from the workstation WS being translated into a NAT address used to provide the route through the public transmission network. The system includes a registration server (19) connected to the public transmission network for registering the local IP address corresponding to the NAT address and providing the correspondence between the NAT address and the local IP address to the peer device in order for this one to replace in the IP header of each data packet received by the peer device, the NAT address by the local IP address.

Abstract: A method and a system for framing variable-length packets in a data communications system are disclosed. The successive variable-length packets carrying users' data, are formed in a stream of chained packets comprising a header. Two CRC's are computed. One over the data and another one over the header however, including also the data CRC of the immediate previous packet, thus chaining successive packets in a steam of such packets. The invention also assumes that encryption is performed independently over header and corresponding CRC's and, on the other hand, over the data of current packet. The invention allows to better adapt the transportation of multi-media users' data in packets of variable-lengths while securing transport by chaining successive packets, thus preventing that accidental or malicious deletion and insertion of packets occur and remain undetected.

Abstract: A method for transmitting data frames with compressed headers in a multiprotocol data transmission network comprising at least one ingress node transmitting data to egress nodes. Each frame of data includes data bytes and a header which defines the transmission protocols.

Abstract: Automatic speed adaptation system in a Local Area Network (LAN) between a hub (10) including a hub adapter (20, 24, 28) and at least a workstation (12, 14, 16) including a workstation adapter (18, 22, 26) for exchanging data over a link connected between the hub adapter and the workstation adapter at a rate based on a frequency which is inversely proportional to the length of the link. Each adapter comprises a clock generator for generating a clock having a frequency between F1 and F2 and processing means for transmitting at least a check frame from the hub adapter to the workstation adapter at a rate based on a frequency VCLK generated by the clock generator under the control of the processing means and selected as being the frequency corresponding to the length of the link, and for transmitting an acknowledge frame from the workstation adapter to the hub adapter thereby ascertaining that the selected frequency is the right frequency resulting in the best quality of transmission.

Abstract: A system for providing prioritized queue management within a data transmission network node that supports different types of data frame traffic is disclosed herein. The system includes a frame buffer for storing an incoming frame that has an identifiable frame type. A queue is pre-associated with the frame type of the incoming frame such that upon arrival of the frame at the network node, the queue stores a location address at which the frame is stored within the frame buffer such that the frame is maintained within the queue. The queue that contains the frame is stored within a frame table. Processing means are provided for determining a time at which the queue forwards the frame from the frame buffer in accordance with a pre-determined sub-queue priority list. The system further includes time metering means associated with the frame for temporally assigning the frame to a virtual sub-queue among multiple virtual sub-queues that are associated with the queue.

Abstract: Disclosed herein is a connection bandwidth management process and system for use in a high speed packet switching network. The network comprises a plurality of switching nodes interconnected through a plurality of communication links. Each of the switching nodes comprises means for switching packets from at least one input link to at least one output link. Each of the output links are coupled to at least one buffer in the switching node for queuing packets before they are transmitted over the output link. Each of the communication links supports the traffic of a plurality of user connections statistically multiplexed over the link. Each user connection is allocated an initial agreed-upon bandwidth through the network, with each of the communication links being possibly oversubscribed.

Abstract: The present invention provides a secure definition of VPNs and configuration of devices that manage or handle these VPNs. The proposed invention provides a method to securely manage the definition of the configuration of the network devices in agreement with the above requirements for customers and providers, and provides, in addition, a method to perform the verification of implemented rules and parameters against stored and certified information. In the proposed method, digital certificates can be employed to define and certify configuration information.

Abstract: A method and system for enabling interconnection of VPNs is disclosed. An interconnection device manages an interconnection process at one or more facilities including, for example, a gateway device. The gateway device has information relating to a plurality of VPNs, and may facilitate interconnection between devices on at least two of the VPNs by determining that one device is in fact a member of a first one of the VPNs, and by forwarding connection parameters of the first VPN to the second VPN on an as-needed basis. In this way, the gateway allows interconnection without the need for a completely centralized decision-making process, and does so independently of the type of device and/or VPN(s) being used. Moreover, the gateway may implement only those VPN parameters needed by both VPNs to communicate with one another with a desired level of security, thereby simplifying the routing and forwarding processes associated with the actual communication occurring via the interconnection.

Abstract: The invention relates to a Universal Serial Bus (USB) with two wireless communication hubs (USB hubs). One of these hubs is connected to a first host computer, and both USB hubs are connected to a plurality of I/O devices. Each USB hub includes a wireless adapter and an antenna connected to the wireless adapter. The wireless adapter of each USB hub comprises a transmitting/receiving unit for transmitting data via the antenna to the wireless adapter of the other USB hub or receiving data via the antenna from the wireless adapter of the other USB hub. The wireless adapter also comprises a wireless dual port, which is automatically configured upstream or downstream when the first host computer is connected to one of the USB hubs.

Abstract: A security system for preventing unauthorized use of a computer device. An extractable security piece includes an extractable main private key and a main PC public key. A PC security area which is a non-extractable part of the computer device includes a PC private key and an extractable main public key, which, together with the keys of the extractable security piece, constitute a Public Key Infrastructure. The extractable security piece and the PC security area include processing means for mutual authentication of the extractable security piece and the PC security area after the extractable security piece, which had been previously removed, has been reinserted in the computer device, thereby enabling the authorized user to access data stored in the computer device.

Abstract: Method of gaining secure access from a host (13) to Intranet resources provided by at least a content server (18) in a data transmission system wherein the host is connected to the content server through a gateway (17). Such a method consists in generating and sending at predetermined transmission instants from either the host or the gateway verification messages wherein each verification message contains a signature which depends upon the data exchanged between the host and the gateway since the preceding verification message, the host and the gateway also called peer devices having at their disposal a same algorithm defining which of them sends a verification message at each of the predetermined instants.

Abstract: Firewall system for interconnecting a first IP network (10) to a second IP network (16), these networks belonging to two different entities having each a different administration wherein any data packet transmitted/received by the first IP network is filtered by using a first firewall function and any data packet transmitted/received by the second IP network is filtered by using a second firewall function. The system comprises essentially a single firewall device (20) including filtering means (41, 43) performing both first firewall function and second firewall function, a console port (37) enabling the administrator in charge of each IP network to enter filtering rules for updating the associated firewall function and control means (39, 47, 49) interconnecting the console port and the filtering means for transmitting thereto the filtering rules so that each administrator may independently manage the system from the console port.

Abstract: Process for controlling frames transporting data from a transmitting Terminal (DTE 1) to at least a receiving Terminal (DTE 2) through a plurality of consecutive nodes including a start access node (NODE 1) connected to said transmitting Terminal and at least an end access node (NODE 6) connected to said receiving Terminal and intermediary nodes (NODE 2 to NODE 5), with each data frame comprising one or several protocol layers respectively associated with one or several communication protocols of controlling the frame flow at each node; such a process consisting in adding to each data frame a Data Manipulation Layer (DML) defining the parameters necessary for managing the manipulation (compression and/or encryption) of each field of the data frame located after the DML, and adding to each data frame a Control message for transporting a control protocol defining new parameters to be used by some ones nodes for managing the communication flow through the consecutive nodes.

Abstract: Data transmission system comprising a help desk workstation (100) provided with the Telnet client function and connected to a Wide Area Network WAN (115) and to the Public Switched Telephone Network PSTN (130), and a Telnet manageable device (120) not provided with a modem and to which the help desk workstation may gain access by using the Telnet protocol. The system comprises a data processing device (110) provided with the proxy function and being connected to the PSTN and to the Telnet manageable device by the intermediary of a Local Area Network LAN (125), the data processing device including proxy means for completing a first Telnet connection with the help desk workstation through the PSTN and for establishing a second Telnet connection with the Telnet manageable device upon receiving a request from the help desk workstation to gain the Telnet access to the Telnet manageable device.

Abstract: A method and a system of network capacity planning for use in a high speed packet switching network. The network comprises a plurality of switching nodes interconnected through a plurality of communication links, each of the switching nodes comprises means for switching packets from at least one input link to at least one output link. Each of the output links is coupled to at least one buffer in the switching node for queuing packets before they are transmitted over the output link. In each of the switching nodes and for each of the output links, a time distribution of the occupancy of each buffer during a predetermined monitoring time period is measured, and stored in a centralized memory location. Then, the buffer occupancy time distribution data are retrieved from the centralized memory location in all the switching nodes, gathered and stored in a network dedicated server.

Abstract: A method, system or program product for assigning a dual address to a workstation connecting anywhere to an IP data transmission network composed of at least a first Local Area Network (LAN) provided with a home Dynamic Host Configuration Protocol (DHCP) server, a home Domain Name Services (DNS) server and a home registration server; this method comprising: a) off-line registering into the registration server the workstation parameters including a static IP address, and a logon ID and password which have been provided to the user of the workstation, b) connecting the workstation to the IP network, the workstation being configured in DHCP mode, c) providing by the home registration server a dynamic IP address to the workstation, d) calling the home registration server by the workstation to get first the static IP address and, secondly a configuration file for the workstation, and e) configuring automatically the applications to be processed by the workstation with the static IP address or the dynamic IP ad

Abstract: Hardware device for parallel processing a determined instruction of a set of instructions having a same format defining operand fields and other data fields, the execution of this determined instruction being represented as an algorithm comprising a plurality of processes, the processing of which depending on decisions. Such a device comprises means (22-30) for activating the processing of one or several processes (32-38) determined by the operand fields of the instruction, decision macroblocks (12-20) each being associated with a specific instruction of the set of instructions, only one decision marcoblock being selected by the determined instruction in order to determine which are the process(es) to be activated for executing the determined instruction.

Abstract: The present invention is directed to a hardware device for parallel processing a determined instruction of a set of programmable instructions having a same format with an operand field defining the execution steps of the instruction corresponding to the execution of micro-instructions, comprising decision blocks (12—20) being each associated with a specific instruction of the set of programmable instructions, only one decision block being selected by the determined instruction in order to define which are the specific micro-instructions to be processed for executing the determined instruction, activation blocks (22-30) respectively associated with the decision blocks for running one or several specific micro-instructions, only the activation block associated with said selected decision block being activated to run the specific micro-instructions, and a micro-instruction selection block (46) connected to each activation block for selecting the specific micro-instructions to be executed.

Abstract: A method and system for implementing secure communications between a plurality of devices are provided. The method and system generally include the provision of at least one common encryption parameter to each of the plurality of devices, as well as an identification of the plurality of devices to one another. This information can be maintained and shared by interaction of the plurality of devices with a designated server device. In this way, a secure, point-to-point connection between at least two of the plurality of devices can be established.

Abstract: A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a portion of the firewall device may take place. In particular, the portion of the firewall device in which decryption takes place is defined such that contents of the portion are inaccessible to an operator of the firewall device. Thus, scanning of the decrypted copy of the data packet for compliance with a predetermined criterion may take place within the firewall device, without an operator of the firewall device having access to the contents of the data packet to be transmitted.