Abstract: A technique for scheduling distribution of a content file within a content delivery network and a content delivery network adapted to perform the same are disclosed. The technique comprise scheduling distribution of the content file based on delivery location, service time of content requests, and cache server hierarchy. Preferably, a multicasting tree for delivering each content file is dynamically established in the content delivery network based on location and service time considerations.

Abstract: There is provided a system for resolving a proxy server name for a web browser request issued by a user device in a network. The user device has a browser configured with the proxy server name. The system includes a Domain Name System (DNS) server and a web server. The DNS server generates a private Internet Protocol (IP) address associated with the user device in response to a non-resolvable DNS query from the user device that specifies the proxy server name, and creates a one-to-one mapping that relates the private IP address to the proxy server name. The web server receives a web browser request from the user device. The web browser request has been redirected to the web server and has an original destination IP address equal to the private IP address. The web server identifies the proxy server name from the private IP address using the one-to-one mapping.

Abstract: A remote site downloading system is disclosed in which a local computer establishes a session with a content server, and a content file and geographic destination drive are selected. The local computer is typically on a first access network and the user wishes to have the file downloaded to a geographic drive, i.e., a remote site computer whose location and other properties are mapped in a mapping file on the local computer. The geographic drive is usually on a different access network in a dynamic location such as a hotspot or a fixed location such as broadband cable or DSL. The local computer is specially programmed to allow selection of the geographic target drive, pack information comprising cookies and a URL, and sends it to the remote geographic drive computer, where it may act as a proxy to cause downloading from the content server to the geographic drive on the remote site computer.

Abstract: The invention provides a method for improving the security of a mobile terminal in a WLAN environment by installing two shared secrets instead of one shared secret, the initial session key, on both the wireless user machine and the WLAN access point during the user authentication phase. One of the shared secrets is used as the initial session key and the other is used as a secure seed. Since the initial authentication is secure, these two keys are not known to a would be hacker. Although the initial session key may eventually be cracked by the would be hacker, the secure seed remains secure as it is not used in any insecure communication.

Abstract: A method and apparatus for managing a session key for allowing a mobile terminal to access a wireless local area network (WLAN). The invention provides for establishing a first secure channel between an access point and a virtual operator, and suggesting a session key to the virtual operator from the access point. A second secure channel is established between the virtual operator and a user, and the session key is sent to the user via the second secure channel upon successful user authentication. The mobile terminal accesses the WLAN using the session key.

Abstract: Disclosed is a method of dynamical frequency selecting for a basic service set established by a main wireless device in a wireless local area network. The method comprises steps of a determining step for determining whether a new channel to be used by said BSS is needed; a scanning step conducted by said main wireless device for scanning all channels based on a random priority to detect whether other adjacent BSSs are existing and performing DFS concurrently; a measuring step conducted by said main wireless device based on the scanning result for exisitn operational BSSs for measuring channel quality of a plurality of channels; selecting one channel based on the channel quality parameters. The present invention advantageously provides a dynamic frequency selection method without any modification for the IEEE 802.11 standard, or any requirement for the implementation of the wireless stations.

Abstract: A mechanism to improve the security and access control over a network, such as a wireless local area network (“WLAN”), that takes advantage of web browser interactions without requiring explicit separate communication session between a hot spot network and a service provider network. The method comprises receiving a request to access the WLAN from a mobile terminal (MT)/client disposed within a coverage area of the WLAN. The access point (AP) of the network associates a session ID and randomized number with an identifier associated with the MT and stores data mapping the session ID to the identifier of the MT and randomized number. The local server transmits an authentication request in the form of a web page, which includes the session ID and randomized number, to the MT.

Abstract: Secure access by a mobile wireless terminal of a wireless telephony network is achieved by having a Home Location Register store the terminal's temporary and permanent identities. Upon accessing the network following initial registration, the terminal sends a temporary identity to a Serving GPRS Support Node (SGSN). If no serving node in the network knows the terminal, the terminal need not sent its permanent identity in clear as was previously required. Rather, the serving node need only query the HLR since the HLR can map the terminal's temporary identity to its permanent identity. In this way, the permanent identity of the mobile wireless terminal remains secure.

Abstract: The Quality of Service (QoS) level/service level within a wired network associated with a wireless Local Area Network (LAN) is controlled by assigning to each incoming information frame a Virtual Local Area Network (VLAN) number in accordance with the QoS level/service level determined for that frame. The frame is then routed in the network in accordance with the VLAN number to assure that the path(s) carrying the frame have the requisite characteristics, such as bandwidth, to satisfy the determined QoS level/service level.

Abstract: A method for descrambling secure content received over a network is disclosed. The method is operable at a receiving device (150) located at a remote site in communication with a network (140) for receiving a first information item scrambled using an encrypting key (Pu) known by the remote site, descrambling the first information item using a corresponding decrypting key, wherein the information item includes an access code (CAC) and a content key (Kc), receiving a second information item, scrambled using the content key after a server, (120) hosting the second information verifies the access code (CAC) and descrambling the second information item using the content key (Kc).

Abstract: A wireless Local Area Network (LAN 11) capable of providing “enterprise guest” hosting includes at least one an e-open wireless LAN access point (15) that provides access to both guests and local users. Upon receipt of a request for access, the access point forwards the request to an authentication proxy. The authentication proxy then authenticates the party requesting access in accordance with that party's status (that is, whether the party is a local user or guest). Upon successful authentication, the network routes the traffic from a local user differently as compared to that for a guest. For example traffic from guests goes to gateway for receipt in an external network such as the Internet, whereas traffic from the local user goes to a local network, e.g., a corporate intranet. In this way, the Wireless LAN 11, after ascertaining the status of the party requesting access, can limit guest traffic according to the guest access policy.

Abstract: A method is described for receiving a multicast in user devices in a network issuing a request to join a multicast group, identifying multicast data packets associated with the multicast group, monitoring transmissions of the multicast data packets to determine whether the identified multicast data packets are being transmitted in an already established unicast session and establishing a unicast session and processing multicast data packets if an already established unicast session does not exist A method is described for receiving a multicast transmission in user devices in a network establishing a unicast session with a dedicated terminal, identifying multicast data packets associated with a multicast group, monitoring transmissions of the multicast data packets and processing the multicast data packets by the dedicated terminal.

Abstract: An access arrangement (11) provides secure access by at least one mobile communications device (121–123) by first authenticating the device itself, and thereafter authenticating the traffic therefrom. To authenticate the traffic from the mobile communications device, an authentication server (24) associated with the access arrangement (11) establishes a Wired Equivalent Privacy (WEP) encryption key for both the access arrangement and the mobile communications device. The authentication server provides the WEP encryption key to the device in connection with a command to cause the device to execute a resident ActiveX control to encrypt traffic with the WEP encryption key. Utilizing the Active X control within the mobile communications device to encrypt traffic with the WEP encryption key provides a simple, easy-to-implement method to achieve secure access.

Abstract: A method for improving the security of a mobile terminal in a first communications network environment by redirecting the browser request, embedding a session identification inside an HTTP request and matching two HTTP sessions using such a session identification in the authentication server. The access point processes the web request from the mobile terminal such that a session identification becomes embedded in the universal resource locator. Additionally a mapping between this session identification and the media access control address or the internet protocol address of the mobile terminal is maintained in the WLAN. When the authentication server notifies the access point about the authentication result, the session identification is used to uniquely identify the mobile terminal. All these operations are transparent to the mobile terminal.

Abstract: There is provided a method for managing the downloading and display of a video program using a mobile device in an networking environment that includes a first radio access network and a second radio access network that has a faster transfer rate than the first network. A layer of video program that has been encoded into multiple layers is downloaded via the first or second network. The downloaded video program is displayed at a playback rate that corresponds to a display quality. Excess portion of the downloaded video program that result when a rate at which the video program is displayed are buffered. The number of layers being downloaded and the playback rate at which the video program is displayed are increased to increase the display quality, when the buffered excess portions exceeds a threshold level.

Abstract: An operator of a network (20) dynamically establishes a business relationship with a Billing Agent (26) to enable the network operator to receive reimbursement for access charges incurred by one or more users (121, 122 and 123). To establish such a relationship, the network operator first opens a communications channel to the Billing Agent after which the network operator and Billing Agent verify each other. Following verification, the network operator communicates proposed business terms and conditions, including access charges, to the Billing Agent. In response, the Billing Agent sends to the network operator an acceptance of business terms acceptable to the Billing Agent. After reaching agreement on the terms and conditions, the Billing Agent and network operator will each digitally acknowledge a formal agreement that embodies the agreed upon terms.

Abstract: A system, method, and computer readable medium for enabling roaming of wireless client stations among wireless access points are disclosed. A gateway programmed to receive session data requests is provided in a network, which comprises access points which are programmed to send session data requests to the gateway. The gateway sends session information setting commands to the requesting access point, or sends a session data failure response to the access point.

Abstract: The invention provides an apparatus and a method for improving the control of access by a terminal device in a WLAN environment having an access point for determining whether the device utilizes an IEEE 802.1x protocol by the access point communicating to the device, a packet, whereby if the devices utilizes a IEEE 802.1x protocol the device appropriately responds and otherwise the access point determines that the terminal device protocol does not employ a IEEE 802.1x protocol and selects an authentication mechanism compatible with the terminal device. If the device is not an IEEE 802.1x client, an IP packet filtering is configured to redirect a user HTTP request to a local server, and when the HTTP requests are thereby redirected, the HTTP server presents the terminal device with information specifically related to the browser based authentication.

Abstract: The invention provides a method for improving the security of a mobile terminal in a WLAN environment by installing two shared secrets instead of one shared secret, the initial session key, on both the wireless user machine and the WLAN access point during the user authentication phase. One of the shared secrets is used as the initial session key and the other is used as a secure seed. Since the initial authentication is secure, these two keys are not known to a would be hacker. Although the initial session key may eventually be cracked by the would be hacker, the secure seed remains secure as it is not used in any insecure communication.

Abstract: The invention herein provides an apparatus and a method for automatically configuring an IEEE 802.1x client terminal to provide limited access in a WLAN environment, specifically utilizing the access point to filter traffic associated with the limited access so as to redirect the client terminal's HTTP request to a designated local web server. The web server responds to the client terminal by requesting information required to establish an authorized communication. Thereafter the client terminal provides information required to establish an authorized communication. In the course of the communication the web server sends information such as transmission rates, new user account creation information, authentication method selection, and access user terms and conditions of acceptance, all typically required to establish an authorized access. The client responds with information, required to establish an authorized communication.