Abstract: Network resources allocated for particular application traffic are aware of the characteristics of L4+ content to be transmitted. One embodiment of the invention realizes network resource allocation in terms of three intelligent modules, gateway, provisioning and classification. A gateway module exerts network control functions in response to application requests for network resources. The network control functions include traffic path setup, bandwidth allocation and so on. Characteristics of the content are also specified in the received application network resource requests. Under request of the gateway module, a provisioning module allocates network resources such as bandwidth in optical networks and edge devices as well. An optical network resource allocation leads to a provisioning optical route.

Abstract: External resources may be interfaced with a network element using an intelligent interface including an independent processing environment to enable the operational capabilities of the network element to be enhanced. The intelligent interface may serve as an interface to external resources such as network software repositories, storage servers, logging facilities and security services. By providing an intelligent interface, it is possible to interface external resources and enhanced services to the network element while allowing processing requirements to be offloaded to an external device or to the intelligent interface itself, so that the resources of the network element may be more fully utilized to perform network operations such as switching and routing functions. The intelligent interface also enables new resources to be made available to the network element when they are needed. An external communication port of the intelligent interface may be configured to operate using one of the USB standards.

Abstract: A method and apparatus has been shown and described which allows Quality of Service to be controlled at a temporal granularity. Time-value curves, generated for each task, ensure that mission resources are utilized in a manner which optimizes mission performance.

Abstract: A system and method is provided for using an object-oriented interface for network management. An example system and method receives a management information base (MIB) including information related to one or more aspects of a network device, extracts a subset of information from the MIB describing at least one aspect of the network device, and generates a set of object-oriented classes and object-oriented methods corresponding to the subset of information in the MIB. In addition, this system and method interfaces with network management information on a network device, by providing a management information base (MIB) including information related to one or more aspects of a network device, and using a set of object-oriented classes and object-oriented methods that corresponds to the MIB and information related to one or more aspects of the network device.

Abstract: A technique for authenticating network users is disclosed. In one particular exemplary embodiment, the technique may be realized as a method for authenticating network users. The method may comprise receiving, from a client device, a request for connection to a network. The method may also comprise evaluating a security context associated with the requested connection. The method may further comprise assigning the client device one or more access privileges based at least in part on the evaluation of the security context.

Abstract: Network elements that are configured to perform deep packet inspection may be dynamically updated with patterns associated with malicious code, so that malicious code may be detected and blocked at the network level. As new threats are identified by a security service, new patterns may be created for those threats, and the new patterns may then be passed out onto the network in real time. The real time availability of patterns enables filter rules derived from the patterns to be applied by the network elements so that malicious code may be filtered on the network before it reaches the end users. The filter rules may be derived by security software resident in the network elements or may be generated by a filter generation service configured to generate network element specific filter rules for those network elements that are to be implemented as detection points on the network.

Abstract: Extensible resource messaging in a communication network is provided through creation of a flexible, extensible, and secure messaging environment. A client-server architecture may be implemented in which user applications employ messaging clients to send resource requests for network information, allocation and other operations and receive resource responses, and in which network elements, through resource agents, may use messaging servers to accept resource requests and return resource responses. Resource agents in different network domains may interact through the messaging environment and work together to fulfill resource requests. An XML-based messaging mechanism may be built with a defined message format that can provide flexible message contexts. Network resource semantics may be specified using XML schemas so that network resources are expressed as resource-specific XML elements and network updates can be implemented by updating the XML resource schemas.

Abstract: The invention provides a system and method for providing security against unauthorized access to a java enabled network device. The system includes multiple conventional class loaders, code verifiers, security managers, access managers, SAMs, a certificate authority and a policy server. The SAM verifies the authenticity of the entity and either allows a download/access to a device or rejects the download/access to a network device. The certificate authority is a repository for public key certificates and may be a part of the secure network or part of the unsecured network. The policy server is a repository for the rights (privileges) an entity is entitled to on the secure network. The code verifiers verify that the Byte Code is valid java code. The security manager is the conventional security manager. The class loader loads the code to the device and the access manager assigns access levels to each Java thread that is created.

Abstract: A network element with network element storage and independent intelligence may be configured to provide temporary mass storage to facilitate the transfer of large files across an optical network. The network element may also be provided with intelligence to enable the network element to maintain a higher level understanding of the data flows. Using network element storage enables network elements involved in data transmission across the network to temporarily store data being transferred on the network. This allows parcels of data to be transmitted part way through the network when a complete path through the network is not available. It also allows data to be aggregated at strategic locations on the network, such as at the location of a transmission bandwidth mismatch, to enable the data to be transmitted over the high capacity optical resource at a higher rate, thus more efficiently utilizing the bandwidth on the higher bandwidth resource.

Abstract: Replication of live streaming media services (SMS) in a communication network may be enabled by introducing the streaming media-savvy replication service on a network element, through a number of functions such as client/service registration and classification, packet interception and forwarding, media replication, status monitoring and configuration management. In an embodiment, client requests and server replies of an SMS are intercepted and evaluated by the network element. If the SMS is not streaming through the network element, the replication service registers the SMS and establishes a unique SMS session for the requesting clients. If the SMS is already streaming through the network element, the replication service replicates the streaming media and forwards it to the requesting clients. This reduces bandwidth usage on the links connecting the streaming media server with the network element and reduces the number of client connections to the streaming media provider's servers.

Abstract: A visualization display network is created such that images to be displayed at the visualization presentation center(s) are formatted for direct display on the viewing terminals without requiring significant additional processing at the visualization presentation center. For example, the display terminals at the visualization presentation center may be configured to display signals received in a standard color format such as RGB, and the signals output from the visualization processing center and transported on a switched underlay optical network may be formed in the same color format. A visualization transfer service is provided to reserve resources on the switched underlay optical network and to coordinate visualization events between the visualization processing center, network, and visualization presentation center. Network resources may be scheduled in real time on demand or may be scheduled to be provided at a predetermined optionally under-constrained time.

Abstract: Data may be preconditioned to be transferred on a switched underlay network to alleviate the data access and transfer rate mismatch, so that large files may be effectively transferred on the network at optical networking speeds. A data meta-manager service may be provided on the network to interface a data source and/or data target to prepare a data file for transmission, such as by dividing a large file into multiple pieces and causing those pieces to be stored on multiple storage subsystems. The file may then be read from the multiple storage subsystems simultaneously and multiplexed onto scheduled resources on the network. This enables the high bandwidth transfer resource to be filled by a data transfer without requiring the storage subsystem to be augmented to output the data at the network transfer rate. The file may be de-multiplexed at the data target to one or more storage subsystems.

Abstract: A method and apparatus for resource scheduling on a switched underlay network enables coordination, scheduling, and scheduling optimization to take place taking into account the availability of the data and the network resources comprising the switched underlay network. Requested transfers may be fulfilled by assessing the requested transfer parameters, the availability of the network resources required to fulfill the request, the availability of the data to be transferred, the availability of sufficient storage resources to receive the data, and other potentially conflicting requested transfers. In one embodiment, the requests are under-constrained to enable transfer scheduling optimization to occur. The under-constrained nature of the requests enables requests to be scheduled taking into account factors such as transfer priority, transfer duration, the amount of time it has been since the transfer request was submitted, and many other factors.

Abstract: A resource negotiation service is provided to enable business logic decisions to be made when obtaining switched underlay network resources, to interface business logic with network conditions and schedules. The resource negotiation service may be implemented as a web service or other network service to enable business logic to be used in the selection of available network resources. This may allow policy to be used on both the subscriber side and the network provider side to optimize network resource allocations for a proposed transfer. The policy may include subscriber policy, network policy, and other factors such as current and expected network conditions. The resource negotiation service may include an interface to enable existing subscribers and new customers to obtain switched underlay resources.

Abstract: A software system provides security against unauthorized operations initiated by software code supplied by an untrusted source. The allowed operations that are associated with the software code are determined. A thinned interface is generated which permits the software code to successfully call only the allowed operations. The software code is independent of a security environment of the system. The thinned interface operates in at least one version of the security environment. The software code and the thinned interface are activated within the system.