349 results about "CAC protocol" patented technology

A method is described of automatically locating and connecting a mobile wireless communications device to a packet-switched network such as the Internet. An Internet Protocol (IP) packet from a terminal on the network, destined for receipt by the mobile device, is received at a home agent acting as a gateway or router linking the packet switched network to a second network, such as LAN, coupled to a wireless communications network. The home agent transmits an access-request message to an authentication server. The access-request message includes a destination IP address associated with the mobile device found in the IP packet. The authentication server responsively issues an access-accept message to the home agent if the mobile device is authorized to receive the IP packet. The access-accept message comprises (a) information uniquely identifying said device, such as the IMSI/ESN number for the device, and (b) information identifying a network to use to locate said device. The home agent issues a message containing the information uniquely identifying the device to a mobile node location server. The mobile node location server maintains a table mapping IP addresses for a plurality of mobile communication devices to information uniquely identifying the devices. In the event that the mobile node location server does not find an IP address for the device in the table, the device is paged via the wireless communications network. In response to the page, the mobile device dials into the wireless communications network and second network and initiates a connection to the packet switched network whereby the IP packet is transmitted to the device.

A method of finding a mobile wireless communications device when an Internet Protocol (IP) packet from a remote user is sent to the device over an IP network. The mobile device does not have to register with the IP network in order to receive the IP. The method comprises the steps of receiving the IP packet at a home agent associated with a wireless communications network. The IP packet includes an IP address assigned to the device. If there is no current mobility binding record for the mobile device, instead of dropping the packet the home agent sends an access-request packet, containing the IP address, to an authentication server. The authentication server, e.g., a RADIUS server, maintains a table mapping the IP address for the device to an identification number uniquely associated with the device, such as the device's International Mobile Subscriber Identity number. The authentication server sends an access-accept packet to the home agent in the event that the device is authorized to receive the IP packet, in which case the access-accept packet includes the identification information. The home agent uses the identification number to locate, page and automatically connect the wireless device to the IP network via an InterWorking Unit (IWU) configured as a IP network access server.

Clients that are connected on a private network and which are assigned a private IP address that is not routable on the Internet can connect to the Internet through a router/server that includes a network address translator (NAT). For outgoing packets, the NAT translates the client's private source IP address and generalized port number (GPN) to the NAT's global IP address and GPN. For incoming packets sent to the NAT's global IP address and GPN, the NAT translates the global destination IP address and GPN to the client's private IP address and GPN. For protocols which cannot be directly supported by the NAT, such as those in the IPSec security protocol suite, the NAT is extended by creating in the NAT's translation table an entry that associates, for a specific unsupported protocol, a client's private IP address and GPN, the NAT's global IP address and GPN, and a foreign address on the Internet, that is valid until a specified or default expiration time. Outgoing packets from the client to that foreign address and incoming packets from that foreign address to the NAT's global IP address and GPN are translated according to the entry until the entry expires. In associations with these translations to outgoing and incoming packets, the client implements any Application Layer Gateway (ALG) that would otherwise be implemented at the NAT. Further, at the client, outgoing packets are modified before being transmitted so as to pre-compensate for the effects of the translations. Incoming packets at the client from the NAT are similarly modified so as to post-compensate for the effects of the translations. For the IPSec protocol, these modification include adjusting the checksum in the TCP or UDP header to account for IP address and TCP or UDP port number translations.

A virtual L2TP/VPN tunnel network as well as a system and method for automatic discovery of VPN tunnels, such as L2TP tunnels, and other layer-2 services using a method such as one based on the spanning tree protocol are disclosed. The method for automatic discovery of layer-2 services across a network of layer-2 devices generally comprises transmitting an advertisement message on each tunnel of each layer-2 device, the advertisement message containing information for generating a spanning tree based on spanning tree algorithm, receiving advertisement message on the tunnels of each layer-2 device, and processing the received advertisement messages to generate a spanning tree topology of the network of layer-2 devices whereby each layer-2 device in the network automatically discovers layer-2 services of other layer-2 devices on the network. The transmitting is preferably repeated at predetermined configurable intervals.

A protection CMTS is available to immediately service a cable modem should that modem's service from a working CMTS fail for any reason. To speed the service transfer (cutover) from the working CMTS to the protection CMTS, the cable modem may preregister with the protection CMTS well before the cutover becomes necessary. The cable modem's registration with both the working CMTS and the protection CMTS preferably employs a single IP address, so that the cable modem need not obtain a new IP address during cutover. While the cable modem may register with both the working CMTS and the protection CMTS, the devices are designed or configured so that only the working CMTS injects a host route for the cable modem into the appropriate routing protocol. Only after cutover to the protection CMTS does the protection CMTS inject its host route.

An ad hoc network organizes itself to provide communications without need for an a priori designated central control mechanism or base stations. Such self-organization is challenging in a multihop ad hoc network having member nodes that are highly mobile and widely distributed. A Synchronous Collision Resolution (SCR) protocol and a Node State Routing (NSR) protocol are well suited to provide efficient ad hoc network organization. SCR is an access protocol that achieves high capacity collision free access using a signaling approach that creates a random cellular-like network after each signaling period. NSR is a routing protocol that uses the dissemination of node states to predict link availability and to assign metrics to those links for the creation of optimized routes. In use, the present invention provides quality of service and supports energy conservation for the mobile nodes.

A mapping function and method for mapping a Signaling System 7 (SS7) telecommunication signaling message from a Signaling Connection Control Part (SCCP) protocol layer to an Internet Protocol (IP) protocol layer in order to transmit the SS7 signaling message over a data network from an origination node to a destination node. The mapping function receives the SS7 signaling message from the SCCP protocol layer by sending and receiving Message Transfer Protocol (MTP) primitives from the mapping function to the SCCP protocol layer. The mapping function then maps the received SS7 signaling message into an IP message by mapping MTP primitives into IP primitives, mapping the SS7 message address into an IP message address, and utilizing a user interface to set IP protocol parameters that cannot be transferred by the SCCP protocol layer. The mapping function then sends the mapped IP message to the IP protocol layer by sending and receiving IP primitives from the mapping function to the IP protocol layer.

SSH sessions and other protocol sessions (e.g., RDP) may be audited using an interceptor embedded within an SSH server or other protocol server. Operations performed over an SSH connection may be controlled, including controlling what files are transferred.

A data packet header including an internet protocol (IP) header, a remote direct memory access (RDMA) header, and a transmission control protocol (TCP) header, wherein the RDMA header is between the IP header and the TCP header.

Methods and apparatus detecting attempts to obtain IP addresses by faking a MAC address in a data portion of an IP address request message are described. In accordance with the present invention, rather than use standard address allocation protocols, e.g., ARP, the DNS DCHP contacts the requesting edge router via a private secure network. The MAC address received in the address request is compared to the MAC addresses stored in the edge routers port/MAC address resolution table. If the MAC address received in the request message cannot be found in the edge router's table which was created from the MAC address included in the message's header, a fraudulent attempt to obtain a MAC address is declared. The fraudulent attempt to obtain an IP address can be reported and steps taken to identify the perpetrator of the fraud.

A wireless office communication system including a multi-protocol wireless internet base station (WIBS) encompassing a base station controller (BSC), a mobile switch controller (MSC) and an ethernet interface module for coupling the WIBS to an existing internet protocol (IP) based network. The interface module provides for coupling the WIBS to an ethernet back-bone, a mobile communication unit and a public switch telephone network (PSTN). In one embodiment the wireless communication system includes wireless signaling logic and media gateway logic to enable the wireless office communication system to handle signal transmission between a mobile terminal and a media gateway. A virtual circuit identity code (VCIC) enables the base station to provide a virtual traffic path (VTP) to link communications between TIA/EIA-634 wireless signaling and media gateway control protocol (MGCP).

A network element that is capable facilitating the routing and accounting of messages between a plurality of network elements that do not share a common signaling application protocol nor a common transport protocol suite. In one embodiment of the present invention, a Multi-Protocol Gateway (MPG) is adapted to receive a signaling message and subsequently translate both the signaling and transport protocol suite prior to message routing. The MPG node is also configured to create and maintain usage and measurements data that may subsequently be used to produce billing records.

The present invention relates to a method and system for Internet Protocol network communications and a use thereof for protecting Internet sites against denial of service attacks on insecure public networks such as the Internet. The method utilizes a multicast address hopping technique which selectively varies the chosen multicast IP address from a set of available multicast addresses according to a predetermined scheme known to the communicating end stations but not to unauthorized end stations. The packets associated with the multicast stream are then communicated on the chosen multicast address. The set of available multicast IP addresses may also be selectively varied according to a secret predetermined scheme known to the transmitter and subscriber end stations, particularly by adding to and dropping from the set of multicast IP addresses in a seemingly random fashion. Using the method of the present invention, potential attackers are prevented from knowing which address to disrupt or monitor for traffic between end stations.

A system, method, and computer readable medium for remote access to Internet Protocol television by enabling place shifting utilizing a telephone company network, that comprises, confirming an identity of a remote Internet Protocol enabled device, managing a rate of a data stream to the remote Internet Protocol enabled device based upon the confirmed identity, and transmitting the data stream to the remote Internet Protocol enabled device utilizing a broadband network.

A method and apparatus for transferring data between IP devices (including, but not limited to, Gigabit Ethernet devices) and SCSI or Fibre Channel devices. The device interfaces may be either SCSI, Fibre Channel or IP interfaces such as Gigabit Ethernet. Data is switched between SCSI and IP, Fibre Channel and IP, or between SCSI and Fibre Channel. Data can also be switched from SCSI to SCSI, IP to IP and FC to FC. The port interfaces provide the conversion from the input frame format to an internal frame format, which can be routed within the apparatus. The amount of processing performed by each port interface is dependent on the interface type. The processing capabilities of the present invention permit rapid transfer of information packets between multiple interfaces at latency levels meeting the stringent requirements for storage protocols. The configuration control can be applied to each port on a switch and, in turn, each switch on the network, via an SNMP or Web-based interface, providing a flexible, programmable control for the apparatus.

Control of anonymous file transfer protocol server using exit programs: FTP and anonymous FTP communications are enabled and controlled by operating a server logon exit program to deny or authorize a logon request based on any combination of a user authentication string and/or client network address; and operating a request validation exit program to deny or authorize an action request based on any combination of type of request, user, client network address, and specific data requested.

In an end to end fully internet protocol (IP) enabled network, a dynamic IP address space is used to address mobile hosts in order to facilitate mobility management. The network includes a wireless mobile network having a plurality of base stations each being associated with a portion of the dynamic IP address space. The base stations are operative to allocate dynamic IP addresses from the associated portion of the dynamic IP address space for each authenticated mobile host. Each of the base stations provides translation between the dynamic IP address space and a permanent IP address space so that the dynamic IP address space is transparent from the point of view of the mobile hosts. A gateway provides communicative coupling between the backbone of the wireless mobile network and a wire lined IP network. The gateway also provides translation between the dynamic IP address space and the permanent IP address space.

A generic call server in a hybrid 2G/3G telecommunications network having a plurality of network components that utilize a plurality of different signaling protocols. The call server performs call-control functions and interfaces between any two network components selected from the plurality of components. A Generic Call-control State Machine (GCSM) performs call-control functions that are common to all of the protocols. A plurality of external signaling systems interface between the GCSM and the network components and perform call-control functions that are specific to each protocol. The generic call server may also include a Media Gateway (MGW) Handler that acts as a media signaling protocol handling server and interfaces between the GCSM and a media gateway.

In a mesh communication network, a poll request protocol (PRP) is provided in which a special packet is broadcast by the congested node when it is ready to provide services. The controlling node (usually the more congested node) broadcasts a packet to request poll signals from nodes desiring resources of the controlling node. The contending nodes then have equal chances to request the services of the controlling node by sending poll signals. The controlling node can then arbitrate the requests, determine the most fair and efficient use of its resources, and broadcast a scheduling packet to inform the contending nodes when to inform the contending nodes of controlling node scheduling. The contending nodes then send their packets to the controlling node without lost packets caused by congestion collisions. The controlling node can then send data to the contending nodes also without lost packets.

A residential gateway (RG) for distributing multimedia services to residential and business premises is disclosed. The RG connects multiple communication devices, such as TVs, telephones, computers, security cameras, and utility billing devices, to an Ethernet based metro/access network through either an optic fiber or a coaxial cable. The RG multiplexes upstream data from various communication devices into Ethernet frames according to the said Fixed-bandwidth Multimedia to Ethernet (FibME) protocol, and transmit the Ethernet frames through the link between the RG and the metro network. The RG also distributes the downstream data from the metro network to their corresponding destination devices in real time, also according to the said FibME protocol. The default bandwidth between the residential premise and the metro network is 100 Mbps full duplex. One Gbps or ten Gbps can be implemented based on the same FibME protocol for business applications. A Global Ethernet Addressing System (Global-HEAS) which will simplify the switch for the Ethernet systems is also disclosed.

A communication system utilizes an open system network protocol, such as the Transmission Control Protocol/Internet Protocol (TCP/IP), to transport Intelligent Network signaling messages from an SS7 network to a service provider which is not directly linked to the SS7 network. A gateway/bridge is provided between the SS7 network and a network which operates in accordance with an Internet protocol to transform Internet protocol messages, such as TCP/IP format messages, into SS7 format, and vice versa. In this way, an Internet protocol network may be used to transport Intelligent Network signaling messages between an SS7 network and a non-SS7 network service provider.