Abstract: Methods and systems for routing connections between federated enterprises are provided. More particularly, user location information is stored as part of a first directory accessible to a federation broker. Location information obtained in association with a requested connection is used by the federation broker to access a second directory containing the locations of points of presence within the enterprise that includes the target communication device.

Abstract: Methods and systems for providing a cache of federated routing information on a dynamic domain name server are provided. More particularly, information obtained from a federation broker can be stored in a dynamic domain name server associated with an enterprise for use in connection with requests for communication links originating from communication endpoints included in the enterprise. By providing this cache of information, requests for federated routing information made to the federation broker can be reduced.

Abstract: The present invention provides a new network topology. More specifically, a peer-to-peer network is defined on a virtual private network. The peer-to-peer network comprises a set of specified users within a virtual private network that are allowed to communicate according to predetermined rules enforced by the peer-to-peer network itself. This affords secure communication between the specified users of the peer-to-peer network independent of the virtual private network.

Abstract: Methods and systems for facilitating sign-on procedures in connection with a converged system are provided. An authentication plug-in operates to receive authentication credentials in connection with a request to access an application by a client. The authentication plug-in is capable of operating in different contexts in a converged system. After an initial sign-on, subsequent sign-on requests can be fulfilled by accessing authentication credentials stored in a cache.

Abstract: Disclosed herein is a technique for providing cloud based scaleable videoconferencing infrastructure in a variety of ways. A combination of hardware based conferencing and software emulation of hardware conferencing equipment is disclosed. The disclosed systems and methods include load balancing algorithms and a software control architecture to allow for flexible and elastic scaling of each component individually or as a group. The disclosed systems and methods are also agnostic to the underlying hardware infrastructure utilized for any given conference.

Abstract: The present invention is directed to a virtualization system using a solid-state drive for disaster recovery.

Abstract: A method is provided for authorizing an authenticated user into a teleconference session as a participant that avoids some of the costs and disadvantages of doing so in the prior art. The authorization is a combination of the enterprise user's authentication at work and cryptographic authorization to the teleconference system by the inviter. When a user goes to work and connects with his or her office computer to the network of the user's employer, a secure single sign-on (SSO) access control procedure is executed. In a secure single sign-on (SSO) access control procedure, the user submits authentication information, such as a user name and password, to an identity provider and receives back a credential token when the identity provider determines that the user name/password pair is valid. The credential token is saved on the user's computer and used for further authentication.

Abstract: Methods and systems for routing connections between federated enterprises are provided. More particularly, user location information is stored as part of a first directory accessible to a federation broker. Location information obtained in association with a requested connection is used by the federation broker to access a second directory containing the locations of points of presence within the enterprise that includes the target communication device.

Abstract: Methods and systems for facilitating sign-on procedures in connection with a converged system are provided. An authentication plug-in operates to receive authentication credentials in connection with a request to access an application by a client. The authentication plug-in is capable of operating in different contexts in a converged system. After an initial sign-on, subsequent sign-on requests can be fulfilled by accessing authentication credentials stored in a cache.

Abstract: Methods and systems for providing a cache of federated routing information on a dynamic domain name server are provided. More particularly, information obtained from a federation broker can be stored in a dynamic domain name server associated with an enterprise for use in connection with requests for communication links originating from communication endpoints included in the enterprise. By providing this cache of information, requests for federated routing information made to the federation broker can be reduced.

Abstract: Methods, devices, and systems for automatically controlling the establishment and/or termination of inter-client Data Link Protocol (DLP) communication channels. More specifically, methods, devices, and systems are provided for establishing an inter-client DLP communication channel on demand for communication sessions and terminating the same upon completion of such communication sessions.

Abstract: A method is provided in which a permission for running a system software instance alongside another system software instance is issued on the basis of a first policy rule concerning the operation of a first software application and a second policy rule concerning the execution of second software application.

Abstract: The present invention is directed to an intrusion detection/prevention system that uses application layer event information to identify potential intrusions and notifies remote trusted peers in other enterprise networks of potential intrusions emanating therefrom.

Abstract: An apparatus and methods are disclosed for enabling quality-of-service and call admission control for wireless telecommunications terminals without first submitting a traffic specification. The illustrative embodiment of the present invention is particularly advantageous for IEEE 802.11e networks because the 802.11e standard, which in its currently-drafted form contains provisions for terminals to submit traffic specifications, might not require 802.11e terminals to submit traffic specifications in the finalized 802.11e standard. Proper call admission control and, consequently, quality-of-service for wireless applications therefore might not be universally available to future 802.11e-compliant terminals unless one or more embodiments of the present invention are deployed.

Abstract: Solutions are proposed to enable a seamless handover/handback of a communication between a docked state and an undocked state. The transfer is effected by performing a transfer between a docked persona of a user and an undocked persona of that same user. By utilizing certain SIP transfer mechanisms or H.323 bridged-appearances, in-progress call sessions and media can be sustained during handover and/or handback.

Abstract: Methods, devices, and systems for automatically controlling the establishment and/or termination of inter-client Data Link Protocol (DLP) communication channels. More specifically, methods, devices, and systems are provided for establishing an inter-client DLP communication channel on demand for communication sessions and terminating the same upon completion of such communication sessions.

Abstract: The present invention is directed to a virtualization system using a solid-state drive for disaster recovery.

Abstract: A method is provided in which a permission for running a system software instance alongside another system software instance is issued on the basis of a first policy rule concerning the operation of a first software application and a second policy rule concerning the execution of second software application.

Abstract: A method is provided in which a user registers a Session Initiation Protocol (SIP) address with a server that uses digest access authentication; If the user has another address already registered with the server, the server requests the user name and password for the existing address. The user enters the user name and password into a client application. The client application transmits the user name and password to the registration server as clear text over an encrypted channel. The registration server generates a digest from the received user name and password and compares the generated digest with the digest stored on the registration server for the existing address in order to determine whether the user submitted a valid user name and password. If the generated and stored digests match, the registration server sets the password for the existing email account of the user as the password for the new email.

Abstract: A method is provided for authorizing an authenticated user into a teleconference session as a participant that avoids some of the costs and disadvantages of doing so in the prior art. The authorization is a combination of the enterprise user's authentication at work and cryptographic authorization to the teleconference system by the inviter. When a user goes to work and connects with his or her office computer to the network of the user's employer, a secure single sign-on (SSO) access control procedure is executed. In a secure single sign-on (SSO) access control procedure, the user submits authentication information, such as a user name and password, to an identity provider and receives back a credential token when the identity provider determines that the user name/password pair is valid. The credential token is saved on the user's computer and used for further authentication.