Abstract: A router includes a management module and a routing module. The routing module can be used to route data around a network. The management module can be used to manage the operation of the routing module, including generating an integrity report for the router, which can be used to generate a trust report for the router. The trust report can include an integrity/trust score for the router. The management module can control the routing module via a secure control interface.

Abstract: A client platform can be verified prior to being granted access to a resource or service on a network by validating individual hardware and software components of the client platform. Digests are generated for the components of the client platform. The digests can be collected into an integrity report. An authenticator entity receives the integrity report and compares the digests with digests stored in either a local signature database, a global signature database in an integrity authority, or both. Alternatively, the digests can be collected and stored on a portable digest-collector dongle. Once digests are either validated or invalidated, an overall integrity/trust score can be generated. She overall integrity/trust score can be used to determine whether the client platform should be granted access to the resource on the network using a policy.

Abstract: A system, device, and method for receiver access control in a multicast communication network uses a policy service to determine whether a subscriber device can be admitted to a multicast group. The subscriber device accesses the multicast communication network via an access device. The access device uses a policy service to obtain a policy decision from a policy server, where the policy decision indicates whether or not the subscriber device can be admitted to the multicast group. The access device enforces the policy decision by admitting the subscriber device to the multicast group if and only if the policy decision indicates that the subscriber device can be admitted to the multicast group.

Abstract: A system, method, and program code are given for secure communication. Multiple geographic cells are arranged in a hierarchical tree having a root node and internal nodes. The root node and each internal node in the tree have an associated node cryptographic key for secure communication with lower nodes in the tree. Each cell is associated with a leaf node of the tree and a cell cryptographic key for secure communications with devices located within the cell. A key management center is at the root node for determining an anticipated cell path of a mobile device from a current cell to a destination cell. The key management center distributes to the mobile device a set of cryptographic keys from the tree. This set contains a minimum number of cryptographic keys necessary to permit secure communications for the mobile device within each cell along the anticipated cell path, but no other cells.

Abstract: An apparatus and method of maintaining a route table within a network device lists data identifying specific routes of interest that have changed. The routes of interest may be within a given set of routes. Specifically, after the given set of routes are registered with the apparatus, it is determined if any of the routes in the given set has changed. Data identifying each route in the given set of routes that has been determined to change then is listed.

Abstract: The invention provides a system and method for providing security against unauthorized access to a java enabled network device. The system includes multiple conventional class loaders, code verifiers, security managers, access managers, SAMs, a certificate authority and a policy server. The SAM verifies the authenticity of the entity and either allows a download/access to a device or rejects the download/access to a network device. The certificate authority is a repository for public key certificates and may be a part of the secure network or part of the unsecured network. The policy server is a repository for the rights (privileges) an entity is entitled to on the secure network. The code verifiers verify that the Byte Code is valid java code. The security manager is the conventional security manager. The class loader loads the code to the device and the access manager assigns access levels to each Java thread that is created.

Abstract: A method and system for registering and automatically retrieving digital-certificates in voice over Internet protocol (VOIP) communications. In accordance with an embodiment of the present invention, the method includes receiving a digital voice call setup request with an associated caller certificate from a caller and determining a location of a called party identified in the digital voice call setup request. The method also includes transmitting the digital voice call setup request with the caller certificate to the called party and receiving a called party acceptance message. The method further includes verifying the called party acceptance message and transmitting the called party acceptance message and a called party certificate to the caller.

Abstract: A method and apparatus for distributing key certificates across PIM-SM routing domains by MSDP messages. A rendez-vous point RP in a PIM-SM domain can have a MSDP peering relationship with other rendez-vous point RP's in other domains. The peering relationship is a transport control protocol (TCP). Each domain has a connection to the MSDP topology through which it can exchange control information with active sources and rendez-vous points RP's in other domains. The normal source-tree building mechanism in PIM-SM is used to deliver multicast data over an internet domain distribution tree.

Abstract: A border network device for transmitting messages between a first multicast domain and a second multicast domain includes a first interface that receives a first domain message from the first domain for delivery to the second domain, a first message converter that converts the received first domain message into a first intermediate message, and an output that forwards the first intermediate message to a receiving second network device in the second domain. The first multicast domain and second multicast domain each respectively have first network devices and second network devices. In preferred embodiments, the first domain message has first domain origin data. Messages with first domain origin data originate from at least one of the first network devices. In a similar manner, the intermediate message includes intermediate data indicating that the intermediate message originated from the border network device.

Abstract: A method and system for registering and automatically retrieving digital-certificates in voice over Internet protocol (VOIP) communications. In accordance with an embodiment of the present invention, the method includes receiving a digital voice call setup request with an associated caller certificate from a caller and determining a location of a called party identified in the digital voice call setup request. The method also includes transmitting the digital voice call setup request with the caller certificate to the called party and receiving a called party acceptance message. The method further includes verifying the called party acceptance message and transmitting the called party acceptance message and a called party certificate to the caller.

Abstract: An apparatus and method, utilized by a receiving node in a multicast for authenticating a message received from a transmitting node, uses tags to determine if the transmitting node is in the multicast. More particularly, a first tag received with the message is located and utilized to determine if the transmitting node is in the multicast. The first tag includes data associated with at least one of the receiving node and the transmitting node. A second tag then is generated if the transmitting node is determined to be in themulticast. Once generated, the second tag is transmitted with the message to a third node in the multicast. Among other things, the second tag includes data indicating that the receiving node is in the multicast.

Abstract: An apparatus and method for limiting unauthorized access to a multicast by one or more members of a subnet reconfigures the multicast if all subnet members participating in the multicast do not reply to a query message. To that end, the apparatus first receives a query message requesting the identity of all subnet members that are participating in the multicast. Upon receipt, the query message is forwarded to each subnet member that is participating in the multicast. Receipt of the message by selected subnet members participating in the multicast causes a reply message to be forwarded. It then is determined if a reply message has been forwarded by all subnet members participating in the multicast.

Abstract: A software system provides security against unauthorized operations initiated by software code supplied by an untrusted source. The allowed operations that are associated with the software code are determined. A thinned interface is generated which permits the software code to successfully call only the allowed operations. The software code is independent of a security environment of the system. The thinned interface operates in at least one version of the security environment. The software code and the thinned interface are activated within the system.

Abstract: A route table providing a list of pointers to checksum values computed across routes of interest to a particular protocol. A method of updating the route table when a route is changed and also updating the checksum values is further described. Updates to the checksum value may be done using an exclusive OR process allowing for relatively fast, incremental updates to the checksum value.

Abstract: A system for mediating delivery of a document from a sending site to a receiving site utilizes respective sending and receiving agents as intermediaries. The document is encrypted by the sending site to produce an encrypted copy that is delivered to the input of the receiving agent. At any time before, during, or after receipt of the encrypted copy at the input, a receiving agent variable is produced that is associated with a decrypting key for decrypting the encrypted document. The receiving agent variable is produced based upon a parameter that is not available to the sending agent. The receiving agent variable is directed to the sending agent after receipt of the encrypted copy at the input of the receiving agent.