216 results about "Administrative domain" patented technology

A packet forwarding method for optimizing packet traffic flow across communications networks and simplifying network management. The invention provides look-up-free and packet-layer-protocol transparent forwarding of multi-protocol packet traffic among Layer-N (N=2 or upper in the ISO OSI model) nodes. The invention enables flexible and efficient packet multicast and anycast capabilities along with real-time dynamic load balancing and fast packet-level traffic protection rerouting. Applications include fast and efficient packet traffic forwarding across administrative domains of Internet, such as an ISP's backbone or an enterprise virtual private network, as well as passing packet traffic over a neutral Internet exchange facility between different administrative domains.

A Next Generation Network (NGN) resource management system and method includes a network topology discovery mechanism at the scale of an administrative domain. Information about nodes and links, such as bandwidth, delay, jitter, name and description of devices is collected and stored in a database by way of a protocol. The protocol is notifications-based, which involves each node device (e.g., a switch, router etc.) notifying its presence to its neighboring node.

A method is disclosed for managing network resources in multiple administrative domains. According to the method, a user is authenticated in a first administrative domain. A token is generated for the user that identifies the user as being assigned a role. The token is configured to identify the user by the role to a component of a second administrative domain. When the user requests a resource of the second administrative domain, its component examines the token and the role to determine whether to grant access to the resource. As a result, the second administrative domain may grant the user access to its resources without re-authenticating the user in the second administrative domain.

Systems and methods for determining whether networked system migrations are successful are disclosed. In accordance with one method, a first set of properties of the networked system on a source platform in a first administrative domain is determined. Further, the method includes transferring the networked system to a destination platform in a second administrative domain. In addition, a second set of properties of the transferred system on the destination platform is determined, where the first and second sets of properties include functional properties and at least one of: performance properties, security properties or reliability properties. The method also includes outputting an indication that the transfer of the system to the destination platform is successful in response to determining that one or more of the properties of the second set are equivalent to corresponding properties of the first set.

System and method are disclosed for bridging a point-to-point network such as a Bluetooth scatternet with a shared medium network such as an Ethernet LAN. The scatternet is connected to the LAN via a network access point (NAP). Data packets sent from the LAN to the scatternet are filtered at the NAP to eliminate unnecessary data packets from being sent to the scatternet. Only certain ones of the data packets are forwarded between the LAN and the scatternet. An inter-NAP protocol is used to exchange messages where two or more NAPs are connected to the LAN. Broadcast loops are prevented from occurring in the scatternet and the LAN by defining Administrative domains and NAP service areas (NAPSAs), and controlling the borders thereof according to a broadcast type of the data packets.

System and method are disclosed for bridging a point-to-point network such as a Bluetooth scatternet with a shared medium network such as an Ethernet LAN. The scatternet is connected to the LAN via a network access point (NAP). Data packets sent from the LAN to the scatternet are filtered at the NAP to eliminate unnecessary data packets from being sent to the scatternet. Only certain ones of the data packets are forwarded between the LAN and the scatternet. An inter-NAP protocol is used to exchange messages where two or more NAPs are connected to the LAN. Broadcast loops are prevented from occurring in the scatternet and the LAN by defining Administrative domains and NAP service areas (NAPSAs), and controlling the borders thereof according to a broadcast type of the data packets.

A global manager computer generates management instructions for a particular managed server within an administrative domain according to a set of rules. A global manager computer identifies a traffic midpoint device through which the provider managed server provides a service to a user device. The global manager determines a relevant rule from the set of rules that is applicable to communication between the provider managed server and the user device and generates a backend rule that is applicable to communication between the provider managed server and the traffic midpoint device. The global managed generates a backend function-level instruction including a reference to an actor-set authorized to communicate with the provider managed server to use the service. The global manager sends the backend function-level instruction to the provider managed server to configure the provider managed server to enforce the backend rule on communication with the actor-set including the traffic midpoint device.

Management instructions for a particular managed server within an administrative domain are generated according to an administrative domain-wide management policy that comprises a set of one or more rules. The administrative domain includes a plurality of managed servers. A determination is made regarding which rules within the set of rules are relevant to the particular managed server. Function-level instructions are generated based on the rules that were determined to be relevant. A determination is made regarding which managed servers within the plurality of managed servers are relevant to the particular managed server. The function-level instructions and information regarding the managed servers that were determined to be relevant are sent to the particular managed server. The particular managed server uses the function-level instructions and information regarding the managed servers to configure a management module so that the configured management module implements the administrative domain-wide management policy.

Methods of avoiding or minimizing cost of stateful connections between application servers (ASs) and S-CSCF nodes in an IMS network with multiple domains. S-CSCF service logic is provided and connected to a co-located AS. The IMS includes a network operator administration domain and an MVNO service domain, and the S-CSCF logic and AS are maintained in the same domain, e.g., the MVNO or network operator domain.

The present invention describes how a trusted network routing authority, such as a VoIP inter-exchange carrier or clearinghouse can provide routing and secure access control across multiple network domains with a single routing and admission request. This technology can improve network efficiency and quality of service when an Internet Protocol (IP) communication transaction, such as a Voice over IP (VoIP), must be routed across multiple devices or administrative domains. This technology defines the technique of performing multiple route look-ups at the source of the call path to determine all possible routes across intermediate domains to the final destination. The VoIP inter-exchange carrier or clearinghouse then provides routing and access permission tokens for the entire call path to the call source.

An access control rule authorizing communication between a plurality of managed servers within an administrative domain is determined. Communication information describing past communication between the plurality of managed servers is obtained. A subset of managed servers from the plurality of managed servers is identified by grouping the plurality of managed servers based on the obtained communication information. A group-level label set is determined to associate with the subset of managed servers. Role labels are determined for managed servers in the subset of managed servers. A managed server is associated with one role label. Based on the group-level label set and the role labels, an access control rule is generated authorizing communication between a first managed server of the subset of managed servers and a second managed server. The access control rule is stored as part of an administrative domain-wide management policy.

A certificate authority selection unit implements a method for selecting one of a plurality of certificate authorities servicing a plurality of administrative domains in a communication system. The method includes: receiving, from an end-entity via an interface, a certificate service request associated with an identifier; selecting, based on the identifier, one of the plurality of administrative domains in the communication system, wherein the plurality of administrative domains are serviced by a plurality of certificate authorities; retrieving a security profile for the end-entity; and selecting, based on the security profile for the end-entity, one of the plurality of certificate authorities to process the certificate service request.

A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS. Responsive to determining that the currently-relevant updated actor-sets are identical to the previously-sent actor-sets, no further action is taken.

The invention discloses an attribute-based access control model and a cross domain access method thereof. The attribute-based access control model comprises a first management domain and a second management domain, and is characterized by comprising certificate servers and attribute management servers. The cross domain access method of the system comprises the following steps: the certificate servers are respectively used for awarding a server certificate for the first management domain and the second management domain; a user downloads an attribute certificate to a local disk for storage by logging on the first management domain; the user submits the attribute certificate to the second management domain; a second access control server verifies the attribute certificate; and the second access control server extracts an attribute value to judge the operation validity of the user. The attribute-based access control model and the cross domain access method thereof of the invention have the obvious advantages that the role of the user and the management domains can be considered as a single attribute of the user, the efficiency problem of user-role-authority valuation under the condition of complex role in a role-based access control (RBAC) model can be effectively solved, and the corresponding access control method is provided for an anonymous user in an open network environment.

The invention provides a method for switching based on route optimization in a local mobile management domain, which is used during switching a mobile node (MN) in the local management domain. The method includes the following steps: when a target MAG detects MN switching is operated, a request for establishing a tunnel is put forward at once to establish a data communication channel between the MN and a source communication node (CN). The method for switching provided by the invention is capable of establishing a data communication channel as soon as possible between the MN and the CN after the MN is switched into a destination MAG, thus decreasing the transmission delay of uplink data in the MN.

System and method are disclosed for bridging a point-to-point network such as a Bluetooth scatternet with a shared medium network such as an Ethernet LAN. The scatternet is connected to the LAN via a network access point (NAP). Data packets sent from the LAN to the scatternet are filtered at the NAP to eliminate unnecessary data packets from being sent to the scatternet. Only certain ones of the data packets are forwarded between the LAN and the scatternet. An inter-NAP protocol is used to exchange messages where two or more NAPs are connected to the LAN. Broadcast loops are prevented from occurring in the scatternet and the LAN by defining Administrative domains and NAP service areas (NAPSAs), and controlling the borders thereof according to a broadcast type of the data packets.

A method and apparatus form and/or define a network topology in a Layer 3 network with a plurality of nodes, where each node has at least one interface. To that end, the method defines a plurality of neighborhoods, and assigns at least one interface of each node to at least one of the neighborhoods. The method also assigns a communication role to each interface so that each communication role is effective relative to one of the plurality of neighborhoods. The method then enables communication between the interfaces of the plurality of nodes as a function of the neighborhoods and the communication roles.

The invention discloses a system and a method for realizing streaming media content services. The invention combines P2P technique with CDN technique, connects a plurality of physical network administrative domains through communication networks and adopts constructing P2P network topology on EMSs in the domains. A DTS is also arranged in the domain, stores all storage content information of the EMSs in the domain and can fast find out the EMS storing certain media content when the searching delay of a DHT is larger. Besides, the DTS stores the information of cross-domain media content, and can fast locate the request to other domains when the media content requested by a user can not be found out in the domain. On one hand, the adoption of the invention resolves the poor expandability problem of the CDN system media capacity and user scale and reduces the effects of the bandwidth and the single point failure of a center node on other nodes in the system; and on the other hand, the arrangement of concentrative catalog servers guarantees the search time of nodes and ensures service quality.

A communication system including a first administrative subsystem and a second administrative subsystem providing group communication service. The system includes a first server for storing group and list management information of subscribers of the first administrative subsystem. The system also includes a second server for storing group and list management information of subscribers of the second administrative subsystem. Further, the system includes an interface for exchanging group and list management information between the first server and the second server. In addition, the system reduces ambiguity in group information management of integrated systems that include two or more administrative domains.

In a resource acquisition system, computing resources are located in different domains, and a resource manager is located in each domain. A scheduler receives a resource acquisition request from a client via a network, and determines at least one administrative domain and transmits to the network a verification request specifying a computing resource and an operation. The resource manager is responsive to the verification request for performing reconfiguration of the specified resource according to the specified operation and verifying that the resource is legitimately reconfigurable, and transmitting back to the scheduler a verification report containing the identifier of the reconfigurable resource. The scheduler is responsive to the verification report for transmitting a reconfiguration request to the resource manager to perform reconfiguration on the verified resource. The scheduler and the resource manager may repeatedly exchange verification requests and verification reports for successively reconfiguring each successive resource according to dependent relationships between computing resources.