Abstract: The invention is that of systems and methods for communications between one or more networks and subsequently network devices configured with a networking application for processing network based communications when the devices are on different logical and physical networks. The methods herein involve translation of remote IP addresses of LAN devices to addresses comprising headend network prefixes, to allow for LAN extension of remote to headend networks and communications between devices on the disparate networks. Data packets from a remote LAN interface are transferred to an outbound interface once translated, then forwarded via a formed bridged tunnel link to a headend network device. A server comprising a local LAN and outbound interface is further configured with a NAT module for IP address translation and an optional security module for additional authenticity verification of remote devices attempting to penetrate the headend network.

Abstract: The invention is that of systems and methods for controllerless and distributed network connections to servers on a network by remote clients seeking their services. The invention comprises a central database where servers within a server group identified by a group name may post unique identifiers (UIDs) for retrieval and reposting by group clients configured with the group name, which may query the central database for server connection information such as uptime, downtime, and congestion in order to select a server for a preferential connection based on an overall posture as determined by the group client. In some embodiments, one server of the group is a “dummy server” that may aggregate and selectively transmit server information from other servers in the group, or other devices, and post it to the central database. The methods described herein eliminate a separate controller and thereby a single point of failure (SPOF).

Abstract: The invention is that of systems and methods for controllerless and distributed network connections to servers on a network by remote clients seeking their services. The invention comprises a central database where servers within a server group identified by a group name may post unique identifiers (UIDs) for retrieval by group clients configured with the group name, which may query the central database for server connection information such as uptime, downtime, and congestion in order to select a server for a preferential connection based on an overall availability profile as determined by the group client. In some embodiments, one server of the group is a “dummy server” that may aggregate and selectively transmit server information from other servers in the group, or other devices, and posts it to the central database for client access. The methods described herein eliminate a separate controller and thereby a single point of failure (SPOF).

Abstract: The invention is that of systems and methods for controllerless and distributed network connections to servers on a network by remote clients seeking their services. The invention comprises a server database where servers within a server group identified by a groupname may post unique identifiers (UIDs) for retrieval by group clients configured with the groupname, which may query the server database for server connection information such as uptime, downtime, and congestion in order to select a server for a preferential connection based on an overall availability profile as determined by the group client. The methods described herein eliminate a separate controller and thereby eliminate the single point of failure (SPOF) represented by connection controllers and load balancers in a network as are common in the current state of the art.

Abstract: The invention is that of systems and methods to reduce or eliminate network resource exposure to unauthorized network users. The methods described herein are designed to only permit authenticated remote network device access to central network services based on the content of requests from remote network devices seeking access. A system as described herein is configured with conditional access grantor and request modules located on central and remote networks, respectively. A conditional access grantor module dynamically configures a central network firewall or equivalent to permit or deny access from the specific devices on the remote network. A database is provided for storing of remote device details or parameters supplied by the grantor module and required for connection thereby to the central network.

Abstract: The invention is that of systems and methods for controllerless and distributed network connections to servers on a network by remote clients seeking their services. The invention comprises a server database where servers within a server group identified by a groupname may post unique identifiers (UIDs) for retrieval by group clients configured with the groupname, which may query the server database for server connection information such as uptime, downtime, and congestion in order to select a server for a preferential connection based on an overall availability profile as determined by the group client. The methods described herein eliminate a separate controller and thereby eliminate the single point of failure (SPOF) represented by connection controllers and load balancers in a network as are common in the current state of the art.

Abstract: The invention is that of systems and methods for communications between one or more networks and subsequently network devices configured with a networking application for processing network based communications when the devices are on different logical and physical networks. The methods herein involve translation of remote IP addresses of LAN devices to addresses comprising headend network prefixes, to allow for LAN extension of remote to headend networks and communications between devices on the disparate networks. Data packets from a remote LAN interface are transferred to an outbound interface once translated, then forwarded via a formed bridged tunnel link to a headend network device. A server comprising a local LAN and outbound interface is further configured with a NAT module for IP address translation and an optional security module for additional authenticity verification of remote devices attempting to penetrate the headend network.

Abstract: The invention described herein is that of systems and methods for agentless identity-based authentication of network-enabled devices for control of network traffic to and from each device based on identity. The invention leverages X.509 certificates associated with network devices and comprises at least one querying device in communication with at least target device and optionally at least one intermediate device, such as but not limited to a switching device that can interface with the target device and enable the querying device to query the target device to obtain an X.509 certificate and any extensions, then dictate switching actions, which may be carried out by the querying device according to instructions provided by a switching module residing on the querying device or located external to the querying device. The systems and methods described herein are suitable for validation of the identities of fixed application devices to prevent unauthorized network access.

Abstract: The invention described herein is that of systems and methods for agentless identity-based authentication of network-enabled devices for control of network traffic to and from each device based on identity. The invention leverages X.509 certificates associated with network devices and comprises at least one querying device in communication with at least target device and optionally at least one intermediate device, such as but not limited to a switching device that can interface with the target device and enable the querying device to query the target device to obtain an X.509 certificate and any extensions, then dictate switching actions, which may be carried out by the querying device according to instructions provided by a switching module residing on the querying device or located external to the querying device. The systems and methods described herein are suitable for validation of the identities of fixed application devices to prevent unauthorized network access.

Abstract: The invention presented herein is a system and method for automatically discovering communication capabilities for direct communication between endpoints across one or more unknown networks, the system comprising: a plurality of network enabled endpoints configured with a module in wireless communication with a management database, the module configured to establish a communication path for direct communication between the network-enabled endpoints, independent of a NAT router.

Abstract: The invention presented herein is a system and method for automatically discovering communication capabilities for direct communication between endpoints across one or more unknown networks, the system comprising: a plurality of network-enabled endpoints configured with a module in wireless communication with a management database, the module configured to establish a communication path for direct communication between the network-enabled endpoints, independent of a NAT router.

Abstract: The invention presented herein is a system and method for automatically discovering communication capabilities for direct communication between endpoints across one or more unknown networks, the system comprising: a plurality of network-enabled endpoints configured with a module in wireless communication with a management database, the module configured to establish a communication path for direct communication between the network-enabled endpoints, independent of a NAT router.

Abstract: The invention presented herein is a system and method for automatically discovering communication capabilities for direct communication between endpoints across one or more unknown networks, the system comprising: a plurality of network enabled endpoints configured with a module in wireless communication with a management database, the module configured to establish a communication path for direct communication between the network-enabled endpoints, independent of a NAT router.

Abstract: The invention presented herein is a system and method for automatically discovering communication capabilities for direct communication between endpoints across one or more unknown networks, the system comprising: a plurality of network enabled endpoints configured with a module in wireless communication with a management database, the module configured to establish a communication path for direct communication between the network-enabled endpoints, independent of a NAT router.

Abstract: The invention presented herein is a system and method for automatically discovering communication capabilities for direct communication between endpoints across one or more unknown networks, the system comprising: a plurality of network enabled endpoints configured with a module in wireless communication with a management database, the module configured to establish a communication path for direct communication between the network-enabled endpoints, independent of a NAT router.

Abstract: The invention presented herein permits split-routing to occur without any changes, modifications, or configuration of the requesting host, network stacks, network architectures and routing and forwarding behavior. The invention is carried out by way of a Module that intercepts the normal and standard DHCP communication between a requesting device and a DHCP server, and substitutes the elements within the server response with the Module's own predefined elements. These substitute elements leverage the behavior of standard protocols to gain desired device network behavior.

Abstract: The invention presented herein permits split-routing to occur without any changes, modifications, or configuration of the requesting host, network stacks, network architectures and routing and forwarding behavior. The invention is carried out by way of a Module that intercepts the normal and standard DHCP communication between a requesting device and a DHCP server, and substitutes the elements within the server response with the Module's own predefined elements. These substitute elements leverage the behavior of standard protocols to gain desired device network behavior.

Abstract: The invention presented herein permits split-routing to occur without any changes, modifications, or configuration of the requesting host, network stacks, network architectures and routing and forwarding behavior. The invention is carried out by way of a Module that intercepts the normal and standard DHCP communication between a requesting device and a DHCP server, and substitutes the elements within the server response with the Module's own predefined elements. These substitute elements leverage the behavior of standard protocols to gain desired device network behavior.

Abstract: Described are techniques for facilitating automated connections between any two devices a plurality of devices—including applications—across disparate and unsecured networks including the Internet. For example, details about a device or application including its unique identity are managed through a master repository in a protocol-agnostic manner. By requiring hosts in a network to maintain communication (bi-directionally) with the repository, the repository acts as an intelligent-management bridge between different devices and sources.

Abstract: The invention presented herein permits split-routing to occur without any changes, modifications, or configuration of the requesting host, network stacks, network architectures and routing and forwarding behavior. The invention is carried out by way of a Module that intercepts the normal and standard DHCP communication between a requesting device and a DHCP server, and substitutes the elements within the server response with the Module's own predefined elements. These substitute elements leverage the behavior of standard protocols to gain desired device network behavior.