Abstract: Methods and systems for providing vendor agnostic captive portal authentication in a network that includes a plurality of network access devices are provided. For instance, one method includes receiving a redirect request for a communication between a first user-terminal and a first network access device, the redirect request including at least one of a vendor-specific item of information of the first network access device and an Internet Protocol (IP) address of the first network access device. The method further includes comparing the at least one of the vendor-specific item of information of the first network access device and the IP address of the first network access device against each of a plurality of entries of a network access device database, and providing the first user-terminal access to a captive portal page in response to an appropriate match.

Abstract: Methods and systems for specifying and enforcing network policies are provided. One method for configuring a network that includes a plurality of heterogeneous network access devices includes creating a network enforcement profile based on at least one enforcement policy, and determining a network access device group of the plurality of heterogeneous network access devices that are capable of managing the enforcement profile. The method further includes providing vendor-specific configuration parameters for at least one network access device of the network access device group so as to cause the network to manage the network enforcement profile, and applying the vendor-specific configuration parameters to the at least one network access device.

Abstract: Methods and systems for providing vendor agnostic captive portal authentication in a network that includes a plurality of network access devices are provided. For instance, one method includes receiving a redirect request for a communication between a first user-terminal and a first network access device, the redirect request including at least one of a vendor-specific item of information of the first network access device and an Internet Protocol (IP) address of the first network access device. The method further includes comparing the at least one of the vendor-specific item of information of the first network access device and the IP address of the first network access device against each of a plurality of entries of a network access device database, and providing the first user-terminal access to a captive portal page in response to an appropriate match.

Abstract: A process, system, and non-transient computer readable medium that provides device automation support for the dynamic activation, authentication, and accounting of network access and network access devices while enabling seamless multi-vendor support for change of authorization through multiple network protocols. The process, system, and non-transient computer readable media also provides security threat remediation that can be automated at the device, network access, traffic inspection, and/or threat protection level by taking action on a device by triggering actions in a bidirectional manner.

Abstract: Methods and systems for providing vendor agnostic captive portal authentication in a network that includes a plurality of network access devices are provided. For instance, one method includes receiving a redirect request for a communication between a first user-terminal and a first network access device, the redirect request including at least one of a vendor-specific item of information of the first network access device and an Internet Protocol (IP) address of the first network access device. The method further includes comparing the at least one of the vendor-specific item of information of the first network access device and the IP address of the first network access device against each of a plurality of entries of a network access device database, and providing the first user-terminal access to a captive portal page in response to an appropriate match.

Abstract: A process, system, and non-transient computer readable medium that provides device automation support for the dynamic activation, authentication, and accounting of network access and network access devices while enabling seamless multi-vendor support for change of authorization through multiple network protocols. The process, system, and non-transient computer readable media also provides security threat remediation that can be automated at the device, network access, traffic inspection, and/or threat protection level by taking action on a device by triggering actions in a bidirectional manner.

Abstract: Methods and systems for providing vendor agnostic captive portal authentication in a network that includes a plurality of network access devices are provided. For instance, one method includes receiving a redirect request for a communication between a first user-terminal and a first network access device, the redirect request including at least one of a vendor-specific item of information of the first network access device and an Internet Protocol (IP) address of the first network access device. The method further includes comparing the at least one of the vendor-specific item of information of the first network access device and the IP address of the first network access device against each of a plurality of entries of a network access device database, and providing the first user-terminal access to a captive portal page in response to an appropriate match.

Abstract: Methods and systems for specifying and enforcing network policies are provided. One method for configuring a network that includes a plurality of heterogeneous network access devices includes creating a network enforcement profile based on at least one enforcement policy, and determining a network access device group of the plurality of heterogeneous network access devices that are capable of managing the enforcement profile. The method further includes providing vendor-specific configuration parameters for at least one network access device of the network access device group so as to cause the network to manage the network enforcement profile, and applying the vendor-specific configuration parameters to the at least one network access device.

Abstract: Systems and methods are described that configure network devices to dynamically (1) download privilege setting definitions from an authentication server to address a currently connected set of client devices associated with these privilege setting definitions and (2) clear privilege setting definitions that are no longer in use by client devices connected to the network device. In particular, a network device may determine if a privilege setting definition associated with a successfully authenticated client device is locally available on the network device and request the privilege setting definition from the authentication server when not locally available. In some situations, the authentication server may selectively transmit update messages to network devices that may be affected by an update to a privilege setting definition such that the network devices may request this updated privilege setting definition for download.

Abstract: Systems and methods are described that configure network devices to dynamically (1) download privilege setting definitions from an authentication server to address a currently connected set of client devices associated with these privilege setting definitions and (2) clear privilege setting definitions that are no longer in use by client devices connected to the network device. In particular, a network device may determine if a privilege setting definition associated with a successfully authenticated client device is locally available on the network device and request the privilege setting definition from the authentication server when not locally available. In some situations, the authentication server may selectively transmit update messages to network devices that may be affected by an update to a privilege setting definition such that the network devices may request this updated privilege setting definition for download.

Abstract: The present disclosure discloses a method and a network device for controlling DHCP pool exhaustion in dynamic network environments. Specifically, a network device determines that a client device is assigned an Internet Protocol (IP) address by a DHCP server. The network device detects that the client device is disconnected from a network associated with the IP address, for example, by receiving a de-association message from the client device; determining that a session or an entry corresponding to the client device has timed out; determining that the client device has failed to respond to one or more messages transmitted to the client device; determining that the client device has connected to another network different than said network; etc. In response, the network device then generates a DHCP release message on behalf of the client device, and transmits the DHCP release message to the DHCP server.

Abstract: The present disclosure discloses a method and network device for using mobile devices with validated user network identity as physical identity proof. Responsive to successfully authenticating a client device for network access, a system generates a network credential for the client device and transmits the network credential to the client device. Further, the system detects that the client device is within a range of a short range wireless device that is associated with a particular physical action. Consequently, the system validates the network credential that the client device possesses. Based on the network credential, the system determines that the client device has permissions for performing the particular physical action, and causes performance of the particular physical action.

Abstract: Systems and methods are described that configure network devices to dynamically (1) download privilege setting definitions from an authentication server to address a currently connected set of client devices associated with these privilege setting definitions and (2) clear privilege setting definitions that are no longer in use by client devices connected to the network device. In particular, a network device may determine if a privilege setting definition associated with a successfully authenticated client device is locally available on the network device and request the privilege setting definition from the authentication server when not locally available. In some situations, the authentication server may selectively transmit update messages to network devices that may be affected by an update to a privilege setting definition such that the network devices may request this updated privilege setting definition for download.

Abstract: A method for processing daily consumption, demand and time of use meter reads for electric, gas, water and other metered entities. The meter reads are collected by any of the well known Automated Meter Reading (AMR) technologies and loaded into a meter data warehouse. At a minimum daily meter reading, reads that are tagged as Good, Stale, Partial, Incomplete and Missing are required for properly identifying usage patterns, applying rules for error patterns and estimating the reads which will provide quality meter reads to the utilities thereby identifying meter problems before they become billing problems. The overall process involves loading the daily meter reads into a database, comparing each meter read against its previous day's read and applying a set of rules that help in validating, editing and estimating (VEE) of this data. The VEE rules that are applied can be broadly classified into five (5) categories.

Abstract: The present disclosure discloses a method and a network device for controlling DHCP pool exhaustion in dynamic network environments. Specifically, a network device determines that a client device is assigned an Internet Protocol (IP) address by a DHCP server. The network device detects that the client device is disconnected from a network associated with the IP address, for example, by receiving a de-association message from the client device; determining that a session or an entry corresponding to the client device has timed out; determining that the client device has failed to respond to one or more messages transmitted to the client device; determining that the client device has connected to another network different than said network; etc. In response, the network device then generates a DHCP release message on behalf of the client device, and transmits the DHCP release message to the DHCP server.

Abstract: The present disclosure discloses a method and network device for using mobile devices with validated user network identity as physical identity proof. Responsive to successfully authenticating a client device for network access, a system generates a network credential for the client device and transmits the network credential to the client device. Further, the system detects that the client device is within a range of a short range wireless device that is associated with a particular physical action. Consequently, the system validates the network credential that the client device possesses. Based on the network credential, the system determines that the client device has permissions for performing the particular physical action, and causes performance of the particular physical action.

Abstract: Methods and apparatus for service continuity in a communication network. A method includes receiving a service in a first network coverage area, detecting entry into a second coverage area, acquiring control signaling information of the second coverage area in response to entering into the second coverage area, establishing traffic channels in the second coverage area while the service is received from the first coverage area, and switching to receive the service on the traffic channels in the second coverage area so that service disruption is minimized. Another method includes receiving a service in a first network coverage area, acquiring control signaling information associated with other coverage areas while in the first coverage area, detecting entry into a second coverage area, establishing traffic channels in the second coverage area, and switching to receive the service on the traffic channels in the second coverage area so that service disruption is minimized.

Abstract: Methods and apparatus for service continuity in a communication network. A method includes receiving a service in a first network coverage area, detecting entry into a second coverage area, acquiring control signaling information of the second coverage area in response to entering into the second coverage area, establishing traffic channels in the second coverage area while the service is received from the first coverage area, and switching to receive the service on the traffic channels in the second coverage area so that service disruption is minimized. Another method includes receiving a service in a first network coverage area, acquiring control signaling information associated with other coverage areas while in the first coverage area, detecting entry into a second coverage area, establishing traffic channels in the second coverage area, and switching to receive the service on the traffic channels in the second coverage area so that service disruption is minimized.

Abstract: In one embodiment, a network architecture includes a plurality of application monitoring modules for monitoring network traffic data in a plurality of network segments. Network monitoring modules include a staging area that receives network traffic data from a packet capture and analysis engine and an indexing area that stores the data in meta-flow tuples with associated measures divided into time interval buckets. Index tables store dimension-based sorted pointers to the storage locations in the data buckets. HyperLock queries collect time aggregated results for measure based operators with respect to a queried dimension. For each value of the queried dimension, the time interval buckets are traversed compiling a partial result that is finally stored in a stack as the time aggregated value. The stored sorted pointers are used to determine the starting location in each bucket with respect to the next value of the queried dimension.

Abstract: A method for processing daily consumption, demand and time of use meter reads for electric, gas, water and other metered entities. The meter reads are collected by any of the well known Automated Meter Reading (AMR) technologies and loaded into a meter data warehouse. At a minimum daily meter reading, reads that are tagged as Good, Stale, Partial, Incomplete and Missing are required for properly identifying usage patterns, applying rules for error patterns and estimating the reads which will provide quality meter reads to the utilities thereby identifying meter problems before they become billing problems. The overall process involves loading the daily meter reads into a database, comparing each meter read against its previous day's read and applying a set of rules that help in validating, editing and estimating (VEE) of this data. The VEE rules that are applied can be broadly classified into five (5) categories.