Abstract: A method and apparatus for anticipating communication interruption. If, during an established call between two communication devices, a telecommunication device determines that a communication link to one of the devices will be interrupted, either temporarily or permanently, the device predicts the interruption in the communication link. The device may send a message, as pre-determined by at least one of the communication device, to the communication device of the predicted or pending call drop or interruption. After the interruption the previously established call is resumed. If a reconnection attempt is appropriate, then the device will attempt to reconnect to the dropped device. If a reconnection attempt is not appropriate, or if the reconnection attempt is unsuccessful, the non-dropped communication device is connected, as predetermined by either of the communication devices, to an appropriate connection, such as, to a voice mail.

Abstract: A method and apparatus for anticipating communication interruption. If, during an established call between two communication devices, a telecommunication device determines that a communication link to one of the devices will be interrupted, either temporarily or permanently, the device predicts the interruption in the communication link. The device may send a message, as pre-determined by at least one of the communication device, to the communication device of the predicted or pending call drop or interruption. After the interruption the previously established call is resumed. If a reconnection attempt is appropriate, then the device will attempt to reconnect to the dropped device. If a reconnection attempt is not appropriate, or if the reconnection attempt is unsuccessful, the non-dropped communication device is connected, as predetermined by either of the communication devices, to an appropriate connection, such as, to a voice mail.

Abstract: A method and apparatus for anticipating communication interruption. If, during an established call between two communication devices, a telecommunication device determines that a communication link to one of the devices will be interrupted, either temporarily or permanently, the device predicts the interruption in the communication link. The device may send a message, as pre-determined by at least one of the communication device, to the communication device of the predicted or pending call drop or interruption. After the interruption the previously established call is resumed. If a reconnection attempt is appropriate, then the device will attempt to reconnect to the dropped device. If a reconnection attempt is not appropriate, or if the reconnection attempt is unsuccessful, the non-dropped communication device is connected, as predetermined by either of the communication devices, to an appropriate connection, such as, to a voice mail.

Abstract: A system and method are provided for use in establishing secure end-to-end communication links over a VPN gateway via a network interface unit. Illustrative embodiments include establishing and providing secure communication relationships between users (customers) and companies for e-commerce and other business purposes. Each company's data and linkage to users remaining private and secure from the other participating companies as well as from the general public over the Internet. Login by user with network interface units, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Required authentication exchanges and required encryption key exchanges facilitate the secure communications. Financial arrangements regarding the provisioning and use of network interface units are also disclosed.

Abstract: A system and method are provided for use in establishing secure end-to-end communication links over a VPN gateway via a network interface unit. Illustrative embodiments include establishing and providing secure communication relationships between users (customers) and companies for e-commerce and other business purposes. Each company's data and linkage to users remaining private and secure from the other participating companies as well as from the general public over the Internet. Login by user with network interface units, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Required authentication exchanges and required encryption key exchanges facilitate the secure communications. Financial arrangements regarding the provisioning and use of network interface units are also disclosed.

Abstract: Encryption with keys that form an Abelian group are used in combination with a semi-trusted party that converts queries that are encrypted with the key of a querier to queries that are encrypted with the key of the encrypted database, without knowing the actual keys. In an illustrative embodiment, encryption is done with Bloom filters that employ Pohlig-Hellman encryption. Since the querier's key is not divulged, neither the semi-trusted party nor the publisher of the database can see the original queries. Provision can be made for fourth party “warrant servers”, as well as “censorship sets” that limit the data to be shared.

Abstract: A system and method are provided for use in establishing secure end-to-end communication links over a VPN gateway via a network interface unit. Illustrative embodiments include establishing and providing secure communication relationships between users (customers) and companies for e-commerce and other business purposes. Each company's data and linkage to users remaining private and secure from the other participating companies as well as from the general public over the Internet. Login by user with network interface units, addressing, authentication, and other configuration operations achieved using a web page-based GUI are applied in establishing tunnels from LAN clients to desired VPN destinations. Required authentication exchanges and required encryption key exchanges facilitate the secure communications. Financial arrangements regarding the provisioning and use of network interface units are also disclosed.

Abstract: A distributed transformation network provides delivery of content from a content publisher to a content recipient. Content from the content publisher is received at an entry node of the distributed transformation network and transmitted to a transformation node in the distributed transformation network. The content is transformed according to publisher, recipient or network administrator specifications and transmitting to delivery nodes which deliver the transformed content to the content recipient. The published content may be in an XML-based format and transformed into an XML-related format or any other structured language format as desired in the provided specification.

Abstract: A distributed transformation network provides delivery of content from a content publisher to a content recipient. Content from the content publisher is received at an entry node of the distributed transformation network and transmitted to a transformation node in the distributed transformation network. The content is transformed according to publisher, recipient or network administrator specifications and transmitting to delivery nodes which deliver the transformed content to the content recipient. The published content may be in an XML-based format and transformed into an XML-related format or any other structured language format as desired in the provided specification.

Abstract: A system and method for providing telephony and high-speed data access over a broadband access network, comprising a network interface unit (NIU) coupled to a backup local exchange carrier (LEC) line, the broadband access network coupled to the NIU, an intermediate point-of-presence (IPOP) coupled to the broadband access network, and at least one external access network coupled to the IPOP. The system also provides for a fail-safe mode in which the NIU supports the LEC line for lifeline services.

Abstract: The present invention is a method and apparatus for counting the number of active hosts behind network address translation boxes. The technique is based on the observation that on many operating systems, the IP header's ID field is a simple counter. By suitable processing of trace data, packets emanating from individual machines can be isolated, and the number of machines determined.

Abstract: Encryption with keys that form an Abelian group are used in combination with a semi-trusted party that converts queries that are encrypted with the key of a querier to queries that are encrypted with the key of the encrypted database, without knowing the actual keys. In an illustrative embodiment, encryption is done with Bloom filters that employ Pohlig-Hellman encryption. Since the querier's key is not divulged, neither the semi-trusted party nor the publisher of the database can see the original queries. Provision can be made for fourth party “warrant servers”, as well as “censorship sets” that limit the data to be shared.

Abstract: A method and apparatus for anticipating communication interruption. If, during an established call between two communication devices, a telecommunication device determines that a communication link to one of the devices will be interrupted, either temporarily or permanently, the device predicts the interruption in the communication link. The device may send a message, as pre-determined by at least one of the communication device, to the communication device of the predicted or pending call drop or interruption. After the interruption the previously established call is resumed. If a reconnection attempt is appropriate, then the device will attempt to reconnect to the dropped device. If a reconnection attempt is not appropriate, or if the reconnection attempt is unsuccessful, the non-dropped communication device is connected, as predetermined by either of the communication devices, to an appropriate connection, such as, to a voice mail.

Abstract: A method and apparatus for anticipating communication interruption. If, during an established call between two communication devices, a telecommunication device determines that a communication link to one of the devices will be interrupted, either temporarily or permanently, the device predicts the interruption in the communication link. The device may send a message, as pre-determined by at least one of the communication device, to the communication device of the predicted or pending call drop or interruption. After the interruption the previously established call is resumed. If a reconnection attempt is appropriate, then the device will attempt to reconnect to the dropped device. If a reconnection attempt is not appropriate, or if the reconnection attempt is unsuccessful, the non-dropped communication device is connected, as predetermined by either of the communication devices, to an appropriate connection, such as, to a voice mail.

Abstract: Encryption with keys that form an Abelian group are used in combination with a semi-trusted party that converts queries that are encrypted with the key of a querier to queries that are encrypted with the key of the encrypted database, without knowing the actual keys. In an illustrative embodiment, encryption is done with Bloom filters that employ Pohlig-Hellman encryption. Since the querier's key is not divulged, neither the semi-trusted party nor the publisher of the database can see the original queries. Provision can be made for fourth party “warrant servers”, as well as “censorship sets” that limit the data to be shared.

Abstract: The present invention permits a network service provider to detect an operational condition—such as congestion—in a packet-switched network and to alleviate such congestion by providing customer incentives to avoid use of the network. The detection mechanism triggers an incentive such as the modification of the user's access charges and the customer can be immediately notified of either the occurrence of the congestion or of information regarding the incentive. Usage of the network during congested periods can be deterred by imposing additional access charges during such periods—similarly, customers can be given a discount to encourage usage during periods of low congestion. An incentive schedule can be tailored to dynamically change the usage patterns of the customers of the network to accommodate the operational conditions in the network.

Abstract: A method and apparatus for a implementing a distributed firewall is described. A packet filter processor receives a packet sent from a first device to a second device. The packet filter processor authenticates an identifier for the packet. For example, authentication could be performed using a cryptographically-verifiable identifier. The packet filter processor determines whether to send the packet to the second device, based on the authentication and a set of policy rules. The packet filter processor sends the packet to the second device in accordance with the determination.

Abstract: The broadband telephony interface is provisioned by receiving information authenticating a provisioning server, establishing a communication channel between the user and the provisioning server over which is transmitted authorization information from the user to the provisioning server, and encrypting and transmitting a cryptographic key associated with the user to the provisioning server. The cryptographic key can be a symmetric key or a public key corresponding to a private key stored in the broadband telephony interface. The cryptographic key can be utilized to generate other keys which are utilized to secure communication channels for the telephony service. The broadband telephony interface advantageously can be implemented as untrusted hardware or software that is installed by a customer.

Abstract: A call between a first network associated with a calling party and a second network associated with a called party is connected. The source address for packets associated with the call arc translated. The packets are sent from the calling party to the called party without the called party receiving the source address that indicates at least one from the group of a logical identity of the calling party and a geographical identity of the calling party.

Abstract: Traffic over a secure link or tunnel is filtered to block packets that do not conform to specified requirements for the tunnel. In one embodiment, a private network, such as an ISP network, includes a filter for blocking packets not associated with an IPSec VPN tunnel. The ISP network and/or one or both of the tunnel endpoints can include monitoring modules for detecting the presence of packets that should have been blocked by the filter.