Abstract: Described herein are systems, methods, and software to enhance secure communications between computing systems. In one implementation, a private domain name system (DNS) receives a DNS lookup request from a computing system of a plurality of computing systems associated with a private communication group, and forwards the DNS lookup request to a public DNS. The private DNS further receives a public address associated with the DNS lookup request from the public DNS, translates the public address to a private address, and transfers the private address to the requesting computing system.

Abstract: Described herein are systems, methods, and software to enhance secure communications between computing systems. In one implementation, a private domain name system (DNS) receives a DNS lookup request from a computing system of a plurality of computing systems associated with a private communication group, and forwards the DNS lookup request to a public DNS. The private DNS further receives a public address associated with the DNS lookup request from the public DNS, translates the public address to a private address, and transfers the private address to the requesting computing system.

Abstract: The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.

Abstract: The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.

Abstract: The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.

Abstract: The present invention provides a system, method and apparatus for authenticating an Internet Protocol (IP) phone and a user of the IP phone by determining whether the IP phone is an authorized device, and whenever the IP phone is authorized and a trigger condition occurs, determining whether the user of the IP phone is authorized. The user authorization process initiates a call to the IP phone, sends a request for a passcode to the IP phone, sends a message to disable the IP phone whenever the passcode is invalid, and terminates the call. The user authentication process uses an in-band channel and the IP phone does not run a two factor authentication client application during the authentication process.

Abstract: The present invention provides a system, method and apparatus for providing network level and nodal level vulnerability protection in VoIP networks by receiving a communication, filtering the received communication using three or more stages selected from the group comprising a media protection and filtering plane, a policy based filtering plane, a signature based filtering plane, a protocol anomaly detection and filtering plane and a behavioral learning based filtering plane, and either allowing or denying the received communication based the filtering step. The stages are applicable to one or more protocols including SIP, IMS, UMA, H.248, H.323, RTP, CSTA/XML or a combination thereof. In addition, the stages can be implemented within a single device or are distributed across a network (e.g., SIP network, a UMA network, an IMS network or a combination thereof).

Abstract: A system, method and apparatus authenticates and protects an Internet Protocol (IP) user-end device by providing a client-based security software resident on the IP user-end device, authenticating the IP user-end device using the client-based security software and a network security node communicably coupled to the IP user-end device, authenticating a user of the IP user-end device whenever a trigger condition occurs using an in-band channel between the client-based security software and the network security node, and protecting the IP user-end device by: (a) screening incoming IP traffic to the IP user-end device using the client-based security software, and (b) detecting an attack or a threat involving the IP user-end device using the network security node.

Abstract: In one embodiment, a path request message for a new data flow is received at a network node. The path request message indicates resources needed to accommodate the new data flow. The resources needed to accommodate the new data flow are compared to an amount of available resources at the network node. Provided there are sufficient available resources at the network node to accommodate the new data flow, the resources needed to accommodate the new data flow are associated with a held resources state. Subsequently, a reservation request message is received at the network node. The reservation request message requests resources for the new data flow. A determination is made that the requested resources correspond to resources associated with the held resources state. The requested resources are removed from the held resources state and reserved for the new data flow.

Abstract: A system, method and apparatus authenticates and protects an Internet Protocol (IP) user-end device by providing a client-based security software resident on the IP user-end device, authenticating the IP user-end device using the client-based security software and a network security node communicably coupled to the IP user-end device, authenticating a user of the IP user-end device whenever a trigger condition occurs using an in-band channel between the client-based security software and the network security node, and protecting the IP user-end device by: (a) screening incoming IP traffic to the IP user-end device using the client-based security software, and (b) detecting an attack or a threat involving the IP user-end device using the network security node.

Abstract: In one embodiment, a path request message for a new data flow is received at a network node. The path request message indicates resources needed to accommodate the new data flow. The resources needed to accommodate the new data flow are compared to an amount of available resources at the network node. Provided there are sufficient available resources at the network node to accommodate the new data flow, the resources needed to accommodate the new data flow are associated with a held resources state. Subsequently, a reservation request message is received at the network node. The reservation request message requests resources for the new data flow. A determination is made that the requested resources correspond to resources associated with the held resources state. The requested resources are removed from the held resources state and reserved for the new data flow.

Abstract: A technique avoids unnecessary preemption of resource reservations along a requested flow between nodes in a computer network. A node receives priority-based resource reservation requests and determines conditions of reservation eligibility by comparing the requested resources to the amount of available resources at the node. Specifically, the node maintains a “held resources” state where available requested resources are held prior to their being assigned or reserved (confirmed) for the requested flow, such as, e.g., during an initial Resource reSerVation Protocol (RSVP) Path message. The node includes the held resources in calculations of available resources in such a way as to prevent resources from being assigned or reserved if the resources would be subsequently preempted by a request of higher priority, or if an earlier request would first utilize the resources. The node (e.g.

Abstract: The present invention provides a system, method and apparatus for authenticating calls that is a robust Anti-vishing solution. The present invention can identify Caller ID spoofing, verify dialed number to detect man-in-the middle and verify called party against dialed digits to detect impersonation. This solution can handle calls coming from any phone any where with little impact on user experience. Two separate solutions are tailored for smart phones (communication devices capable of running application software) and traditional phones to reduce the impact to user experience while providing robust verification.

Abstract: The present invention provides a system, method and apparatus for authenticating an Internet Protocol (IP) phone and a user of the IP phone by determining whether the IP phone is an authorized device, and whenever the IP phone is authorized and a trigger condition occurs, determining whether the user of the IP phone is authorized. The user authorization process initiates a call to the IP phone, sends a request for a passcode to the IP phone, sends a message to disable the IP phone whenever the passcode is invalid, and terminates the call. The user authentication process uses an in-band channel and the IP phone does not run a two factor authentication client application during the authentication process.

Abstract: The present invention provides a system, method and apparatus for providing network level and nodal level vulnerability protection in VoIP networks by receiving a communication, filtering the received communication using three or more stages selected from the group comprising a media protection and filtering plane, a policy based filtering plane, a signature based filtering plane, a protocol anomaly detection and filtering plane and a behavioral learning based filtering plane, and either allowing or denying the received communication based the filtering step. The stages are applicable to one or more protocols including SIP, IMS, UMA, H.248, H.323, RTP, CSTA/XML or a combination thereof. In addition, the stages can be implemented within a single device or are distributed across a network (e.g., SIP network, a UMA network, an IMS network or a combination thereof).

Abstract: A technique avoids unnecessary preemption of resource reservations along a requested flow between nodes in a computer network. A node receives priority-based resource reservation requests and determines conditions of reservation eligibility by comparing the requested resources to the amount of available resources at the node. Specifically, the node maintains a “held resources” state where available requested resources are held prior to their being assigned or reserved (confirmed) for the requested flow, such as, e.g., during an initial Resource reSerVation Protocol (RSVP) Path message. The node includes the held resources in calculations of available resources in such a way as to prevent resources from being assigned or reserved if the resources would be subsequently preempted by a request of higher priority, or if an earlier request would first utilize the resources. The node (e.g.