Abstract: In one embodiment, a method that receives at a cache server device a request from a client device for a first representation of a content chunk; determines whether the first representation is available at the cache server device; responsive to determining that the first representation is available at the cache server device, provides the first representation to the client device; responsive to determining that the first representation is unavailable at the cache server device, determines whether a congestion-like condition is present in an upstream network; and responsive to determining that the congestion-like condition is present in the upstream network, provides a second representation of the content chunk.

Abstract: Systems, methods, and other embodiments associated with processing secure network traffic are described. One example method includes determining whether a device is a preconfigured member of a group key system. If the device is not a preconfigured member then the method selectively establishes membership in the group key system by requesting membership from a group controller. The example method may also include receiving a set of keys from the group controller and being assigned a role by the group controller. The method may further include processing secure network traffic as an inspection point, a rewriting point, and/or a validation point based on the received set of keys and the assigned role(s).

Abstract: A system for determining security associations using binary output sequences is described. In an example systematic embodiment, a first device is coupled over a network to a second device. Each device includes a processor and an indicator mechanism coupled to the processor. The indicator mechanism is configured to output a binary representation of a security state established between the devices to a user in perceivable proximity to at least one of the devices. A computer readable storage medium is coupled to the processor and includes executable instructions for the processor. The instructions when executed by the processor initiate a security transaction between the devices. The security transaction includes a protocol that uses one or more public keys to establish a security state between the devices. The indicator mechanism then outputs the binary representation to the user based on the established security state.

Abstract: In one embodiment, a method that receives at a cache server device a request from a client device for a first representation of a content chunk; determines whether the first representation is available at the cache server device; responsive to determining that the first representation is available at the cache server device, provides the first representation to the client device; responsive to determining that the first representation is unavailable at the cache server device, determines whether a congestion-like condition is present in an upstream network; and responsive to determining that the congestion-like condition is present in the upstream network, provides a second representation of the content chunk.

Abstract: Systems, methods, and other embodiments associated with processing secure network traffic are described. One example method includes determining whether a device is a preconfigured member of a group key system. If the device is not a preconfigured member then the method selectively establishes membership in the group key system by requesting membership from a group controller. The example method may also include receiving a set of keys from the group controller and being assigned a role by the group controller. The method may further include processing secure network traffic as an inspection point, a rewriting point, and/or a validation point based on the received set of keys and the assigned role(s).

Abstract: Accumulated proof-of-work approaches for protecting network resources against denial-of-service attacks are disclosed. A client computer or other requester is required to perform work, such as repeatedly hashing a message until a specified number of bits is zero, as a condition for accessing a resource. Proof of the work performed by a legitimate requester is accumulated across multiple requests, so that established users of a resource are not penalized when proof-of-work is used to prevent a denial of service attack. Requesters who cannot show accumulated work greater than a specified threshold are required to perform additional work. In certain embodiments, work may be accumulated only within a specified time window, and the threshold may vary according to resource capacity or loading. Proof-of-work values may be communicated between the user and the resource in cookies.

Abstract: A system for determining security associations using binary output sequences is described. In an example systematic embodiment, a first device is coupled over a network to a second device. Each device includes a processor and an indicator mechanism coupled to the processor. The indicator mechanism is configured to output a binary representation of a security state established between the devices to a user in perceivable proximity to at least one of the devices. A computer readable storage medium is coupled to the processor and includes executable instructions for the processor. The instructions when executed by the processor initiate a security transaction between the devices. The security transaction includes a protocol that uses one or more public keys to establish a security state between the devices. The indicator mechanism then outputs the binary representation to the user based on the established security state.

Abstract: Methods and systems of providing security backup services to a home network are described. In one embodiment, the gateway for a home network is registered with a service provider. A network device is enrolled with the home network, and periodically reenrolls. The device detects whether the gateway has been replaced between enrolling and reenrolling, and if it has been replaced, determines whether the new network gateway has been endorsed by the service provider.

Abstract: Group key management techniques are applied to generating pair-wise keys for point-to-point secure communication applications. Nodes participating in a secure communication group each receive a group key and associated policy information. When a first node wishes to establish a secure point-to-point connection to a second node, the first node derives a pairwise key from the group key and policy information, for example, by hashing the group key and information identifying the two nodes. As a result, a pairwise key is generated without exchanging negotiation messages among the two nodes and without expensive asymmetric cryptographic computation approaches.

Abstract: Group key management techniques are applied to generating pair-wise keys for point-to-point secure communication applications. Nodes participating in a secure communication group each receive a group key and associated policy information. When a first node wishes to establish a secure point-to-point connection to a second node, the first node derives a pairwise key from the group key and policy information, for example, by hashing the group key and information identifying the two nodes. As a result, a pairwise key is generated without exchanging negotiation messages among the two nodes and without expensive asymmetric cryptographic computation approaches.

Abstract: In one embodiment, a non-powered, non-ethernet device can be plugged into an ethernet port of a host to transfer data stored on the device to the host.

Abstract: One embodiment of an inventive networking environment includes clients called sending clients because they send network content through a network, and clients called receiving clients because they receive the network content from the sending clients through the network. Both sending clients and receiving clients are “clients” in that they rely on a management server to orchestrate the secure transfer of information from sending clients to receiving clients.

Abstract: Methods and devices for controlling access to a service over a network are described. A credential is provided to a device. The credential indicates the device is enrolled in the network. The credential is stored in non-volatile memory on the device. The credential binds the device to the network and prevents the device from accessing another network. The device presents the credential to a provider, and the provider uses the credential to authenticate and authorize the device. Upon authorization, the device is provided access to the service.

Abstract: Methods and devices allowing distribution of content that resides in a source device on a local area network (LAN) are described. A gateway between the LAN and a wide area network (WAN) receives from a sink device a request for an instance of content. The request is sent over the WAN. Distribution of the item of content within the LAN uses a first digital rights management (DRM) protocol that prevents the item of content from being distributed outside the LAN. For the item of content, the gateway converts from the first DRM protocol to a second DRM protocol that can be used for transmitting content over the WAN. The item of content can then be forwarded to the sink device according to the second DRM protocol.

Abstract: Methods and devices controlling access to content are described. For example, a request to enroll a device is received at a localization hub. The localization hub is associated with a subscriber that is authorized to access the content. A credential is issued to the device. The credential demonstrates that the device is enrolled in the local area network and is authorized to receive the content.

Abstract: Access to content works, or other information, may be granted based upon device capabilities. A content approving network device, or other device, may make a comparison of a device's components with permissions and then determine if access to a content work is allowed based on the comparison. Methods may include asserting capabilities of a device, comparing the capabilities to permissions, and approving access to content based on the capabilities and permissions comparison.