Abstract: Disclosed are methods for an authentication client, having been authenticated by an authentication server, to leverage the effects of that authentication to implement a new communications password. The authentication client gets a new password from its user. From the new password and from information provided by the authentication server, the authentication client derives a “password verifier.” The password verifier is then shared with the authentication server. The new password itself is never sent to the authentication server, and it is essentially impossible to derive the new password from the password verifier. The authentication client and the authentication server, in parallel, derive a new set of authentication and encryption security keys from the new password and from the password verifier, respectively. This process may be repeated to limit the amount of data sent using any one particular set of security keys and thus to limit the effectiveness of any statistical attacker.

Abstract: A method and system for multicast network transmissions dynamically sets response time parameters for handling negative acknowledgments (NAKs). When the sender receives a NAK for a lost packet, it returns an NAK confirmation (NCF), waits for a back-off time before sending requested repair data, and then waits for a “linger time” during which the sender does not respond to other NAKs for the same lost packet. The back-off time and the linger time are dynamically set according to the position of the requested sequence number in the sender's transmit window such that the back-off time is shorter when the requested data is closer to being flushed out of the transmit window. After receiving the NCF, the receiver waits for a timeout period and resends the NAK if no repair data is received. The timeout period for data receipt is dynamically set according to a statistical average time for receiving repair data from the sender and the estimated sender's transmit window size.

Abstract: A system and method for providing transparent mobility support employs a mobile service in an API layer of an operating system to leverage the capability of a session establishment service that implements the Session Initiation Protocol or the like for locating a remote node for session setup and detecting address change of the remote node. When an application on a correspondent host (CH) wants to communicate with a second application on a mobile host (MH), the mobility service of the CH uses the session establishment service to locate the mobile host and set up a session with it, and then sets up a transport data channel for the session. When the MH changes its network address, the session establishment service of the CH finds out the new address through the operation of the session establishment protocol and reestablishes the session with the MH.

Abstract: A system and method for mobility support handles address changes of a mobile host to provide transparent session continuity without packet overhead or the need for assistance of an agent on the network. When the mobile host changes to a new address, its old address is deprecated. The mobile host sends an address change message to each of its correspondent hosts over a secured control channel and preferably through a tunnel created based on the old and new addresses. Upon receiving the notification, the correspondent host returns an acknowledgment through the control channel and modifies its security filters and transport control parameters corresponding to the connection with the mobile host to use the new address. After receiving the acknowledgment, the mobile host modifies its security filters and transport control parameters for the connection to use the new address. As a result, the connection between the mobile host and the correspondent host has migrated to the new mobile host address.

Abstract: A system and method for wireless network communications provides a “dual-mode” wireless device that operates concurrently as a member of two disjoint wireless networks, such as an infrastructure (“IS”) network and an ad hoc (“AH”) network. The dual-mode device has a wireless controller driver inserted in its networking stack (e.g., the stack comprising of the Network and NDIS drivers) that exposes two virtual wireless network adapters, one for the first wireless network and one for the second wireless network. Each virtual wireless network adapter has an associated queue for queuing packets in the flow for the corresponding wireless network mode. The wireless controller driver controls the switching of the network mode. In one embodiment where the two networks include an IS network and an AH network, the mode switching is triggered by poll signals transmitted by an access point of the IS network.

Abstract: A system and method is provided for coordinating wireless bandwidth usage of a common frequency band by wireless nodes in two disjoint networks, such as an infrastructure (“IS”) network and an ad hoc (“AH”) network. When AH nodes move into the transmission range of an access point of the IS network, they register with the access point and listen to the access point to tell them when they are allowed to transmit data over a given transmission channel. The access point coordinates the bandwidth usage by broadcasting ad hoc mode poll signals to indicate that the ad hoc nodes may transmit over the channel, and sending infrastructure mode poll signals to indicate that a wireless node in the IS network can transmit over the given channel. The access point makes a fraction of the bandwidth available for communications by the wireless AH nodes in its transmission range, while guaranteeing the rest of the bandwidth for wireless nodes in the IS network.

Abstract: A system and method for enabling a zero configuration nomadic wireless and wired computing environment presenting a just works experience is presented. The system examines predefined user preference or profile settings to determine to which of a competing number of wireless networks available it should connect, and what type of authentication should be used for such connection. Nomadic wireless computing between infrastructure wireless networks and ad hoc wireless networks may be accomplished without further user intervention required in an auto mode. Also, both infrastructure only and ad hoc only modes are available through the system of the invention. Further, the user may set a preference for infrastructure or ad hoc modes in the auto mode. With an infrastructure mode preference set, the system will automatically detect and transfer connectivity to a newly available infrastructure wireless network if the user was previously operating off-line or in ad hoc mode.

Abstract: A method and computer product for automatically generating an IP network address that facilitates simplified network connection and administration for small-scale IP networks without IP address servers, such as those found in a small business or home network environment. First, a proposed IP address is generated by selecting a network identifying portion (sometimes known as an IP network prefix) while deterministically generating the host identifying portion based on information available to the IP host. For example, the IEEE 802 Ethernet address found in the network interface card may be used with a deterministic hashing function to generate the host identifying portion of the IP address. Next, the generated IP address is tested on the network to assure that no existing IP host is using that particular IP address. If the generated IP address already exists, then a new IP address is generated, otherwise, the IP host will use the generated IP address to communicate over the network.

Abstract: A method and apparatus are described for enabling a first node, which utilizes a first naming protocol, to obtain an network address of another node from a naming service that does not provide addresses in accordance with the first naming protocol. A network embodying the present invention includes a naming proxy agent. A first node in the network obtains network addresses corresponding to node names according to a first naming protocol, and a second node conducts network naming operations according to a second naming protocol that is incompatible with the first naming protocol. As a result, the first node cannot by itself obtain the address of the second node by means of a node name query under the first naming protocol.However, the naming proxy agent receives a first naming query transmitted by the first node according to the first naming protocol that includes the name of the second node.