Abstract: In one embodiment, a first set of one or more control policies at a control server of a network domain may be transmitted to a routing master controller of the network domain, which uses a second set of one or more traffic policies to determine optimal paths for directing traffic through the domain. The routing master controller may then generate a third set of one or more integrated policies based on the first and second sets of policies, e.g., based on the knowledge and policies of both the control server and the routing master controller.

Abstract: A security agent extends the trust barrier, or trust point, from network gateway nodes to end user devices. A security agent operable to scrutinize network traffic executes on the user device and compares QoS marking attempts with the established QoS marking policy in effect. The security agent examines network traffic attributes deterministic of connection attempts by user processes. Attempts to apply inappropriate or disallowed QoS markings, as dictated by the QoS marking policy, are detected and disallowed. Therefore, only user connections consistent with the QoS marking policy are permitted into the network. Network admission control (NAC) mechanisms ensure that the security agent is the only access point from the user device to the secure network, and the security agent communicates the establishment of the trusted access point to the network gateway, thus ensuring that the network gateway may trust service level designations emanating from the user device executing the security agent.

Abstract: In one embodiment, a first set of one or more control policies at a control server of a network domain may be transmitted to a routing master controller of the network domain, which uses a second set of one or more traffic policies to determine optimal paths for directing traffic through the domain. The routing master controller may then generate a third set of one or more integrated policies based on the first and second sets of policies, e.g., based on the knowledge and policies of both the control server and the routing master controller.

Abstract: A system for sending and responding to information requests in a wireless communications network includes a display device, a central processing unit, memory means including random access memory and read-only memory, an input device, and a transmitter/receiver. The random access memory further comprises routines for processing, sending and receiving messages over the wireless network.The present invention also comprises a method for requesting information and a method for responding to requests for information. The preferred method for handling information requests comprises the steps of: monitoring the communications channel for availability; sending an information request over the channel; receiving the information request at each node within the network; preparing responses to the information request at each node; and sending the response to the information request over the channel if it is available.

Abstract: A method and apparatus for decryption using cache storage wherein imported ciphertext is decrypted to produce unencrypted plaintext data. As a communication sequence containing an initialization vector and a block of ciphertext is imported, the initialization vector is applied to a cache and to a decoder. The initialization vector is then compared with other initialization vectors stored in the cache to determine whether the specific initialization vector has previously been received and stored. If the specific initialization vector is found to be stored in the cache, then the PN sequence associated with that initialization vector is written to the decoder, and the stored PN sequence is used to decode the imported ciphertext.If a determination is made that the initialization vector has not been previously received, then the read cache signal instructs the multiplexer to connect the PN generator to the decoder, and the initialization vector is used to generate a new PN sequence.

Abstract: A distributed time synchronization system and method synchronizes nodes within a frequency hopping spread spectrum (FHSS) local area network (LAN) group to a virtual master clock value. Each node system of the present invention comprises a CPU, an input device, a display device, a printer or hard copy device, a given amount of RAM and ROM memory, a data storage device, a local clock, a transmitter/receiver, an antenna, a virtual master clock processor, and a common data bus. The method of the present invention comprises the inclusion of a node's local clock value in a message just prior to transmission over the network, storage of a node's local clock value in RAM after an incoming message has been received, and the calculation of the time delay between the sending node and the receiving node by the virtual master clock processor.

Abstract: A digital encryption structure allows the varying of the computational overhead by selectively reusing, according to the desired level of security, a pseudorandom encoding sequence at the transmitter end and by storing and reusing pseudorandom decoding sequences, associated with one or more transmitters at the receiver end. A public initialization vector is combined with a secret key to produce a deterministic sequence from a pseudorandom number generator. This pseudorandom sequence in turn, is used to convert plaintext to ciphertext. The sequence may be selectively reused by storing the sequence to a transmitter memory cache and iteratively reading the sequence from memory according to a counter which controls the level of security of the encryption system. The ciphertext is decrypted on the receiver end by invertibly combining the ciphertext with the same pseudorandom sequence used by the transmitter to originally encode the plaintext.