1705 results about "Network Access Device" patented technology

A network adapter for a synchronous logical ring network operates on existing physical twisted-pair telephone topologies. Information propagates around the logical ring, reaching every device on each revolution around the network. Network devices are full-duplex, transmitting and receiving information on every clock cycle. Network devices arbitrate to be elected the network clock device. By synchronizing all network devices to a single reference clock, and providing fixed frames of information propagating around the network at consistent time intervals, the logical ring network ensures that information propagates from one device to another at consistent time intervals. The fixed-length frames are divided into two independent streams: a data stream for the distribution of real-time continuous digital media streams; and a system command stream for the distribution of system commands.

A computer implemented method and system for managing an audit of one or more network layer devices is provided. An audit management system accessible by a user via a graphical user interface acquires network layer device information of the network layer devices and a configuration file comprising configuration file commands. The audit management system allows creation and/or selection of one or more audit policies for the network layer devices. The audit policies comprise one or more audit rules that define functioning of the network layer devices for one or more compliance policies. The audit management system executes the audit policies for performing the audit of the network layer devices by comparing the configuration file commands of the configuration file with the audit rules of the audit policies, and generates a report comprising information about security and compliance of the network layer devices with the compliance policies based on the audit.

A method and apparatus for concurrently displaying from a single window on a network management station the health status of all network devices and objects of a computer network. The network devices may be categorized according to state or device type, as determined by the network manager. The method and apparatus provides a network manager with the ability to determine the current state of network devices and objects within an enterprise network and invoke further actions such as configuration, performance, fault, and security management tasks. The network manager can drag and drop icons from one network management system application window to another network management system application window to obtain fault information about network devices and objects, thus allowing multiple network management system applications to run concurrently on the same network management station. The network manager is further able to add new network devices and objects by dragging site, folder or device icons from one network management system application window to a second network management system application window for displaying the health status of the new devices. The dragged-in devices are added to the appropriate status panes within the second window according to the method of the present invention.

Systems and methods are disclosed for automatically configuring, managing, and maintaining a network device or VPN using a public network such as the Internet. Initial configuration of a network device or VPN occurs upon a user entering minimal information via a simple HTML page. After receipt of this minimal information, the present invention automatically configures the network device or VPN without user intervention. Thereafter, a user may modify the network device or VPN configuration via an easy-to-use and easy-to-understand graphical user interface. Parameters are presented such that a user simply checks and unchecks boxes, or clicks on radio buttons, to configure network device parameters. Upon completion of the selection, the user clicks on save, and the configuration is automatically modified. In addition, upon a significant change to any network device, the changed network device automatically initiates reconfiguration of the network device or VPN with zero input from a user.

Secure point to point network communications. Secure point to point network communications are accomplished by sending data across a secure link. Trusted partners at the link are matched to each other. To ensure that no un-trusted partners are on the link, authentication is performed. One of the points may be a secure tap. The secure tap authenticates a trusted partner by receiving a hardware embedded encryption key or value derived from the hardware embedded encryption key from the trusted partner. Data sent on the trusted link is encrypted to prevent interception of the data. The secure tap polices the link to ensure that no un-trusted partners are attached to the link and that the trusted partner is not removed from the link. If un-trusted partners are added to the link or trusted partners removed from the link, the secure tap ceases sending data.

A system and method for providing connectivity to a foreign network for a device configured for communication over a home network without reconfiguring the device include intercepting packets transmitted by the device, selectively modifying intercepted packets which are incompatible with the foreign network to be compatible with network settings of the foreign network, and selectively providing network services for the device corresponding to network services available on the home network to reduce the delay associated with accessing the network services from the foreign network, or to provide network services otherwise inaccessible from the foreign network. Network services are provided by or through a configuration adapter connected to the device or to the foreign network. The configuration adapter accommodates incompatibilities resulting from proxy server requests, domain name server requests, and/or outgoing email service requests to provide transparent network access for mobile users without reconfiguration of the users computing device.

A tool for managing a network of interconnected devices. The tool may provide a user with an interface that allows the user to view the type and status of each network device (that is, each device connected to the network), and even the status of the network itself. The tool may alternately or additionally provide a user with services related to the network, such as allowing a user to perform one or more tasks associated with devices in the network.

In one embodiment, a method generally includes monitoring network traffic associated with a first network device comprising at least one of a plurality of virtual machines and determining if a parameter exceeds a predefined threshold at the first network device. If the parameter exceeds the predefined threshold, one of the virtual machines is selected to move to a second network device, the second network device selected based on network information, and the virtual machine is moved. An apparatus for resource allocation is also disclosed.

A system and method are described whereby a mobile device controls access to mobile applications based on access conditions associated with a current access network. To prevent mobile applications from running when the access conditions are not suitable, the mobile device includes a policy database used to store a list of access conditions that are inappropriate for launching the installed applications. The access conditions are based on the type of the current access network used by the mobile device for launching or maintaining the requested application session. The access conditions indicate whether the mobile device is currently accessing its home network or roaming on another provider's network. Similarly, the access conditions indicate the type of network access interface used by the current network to provide the data connection necessary to run the requested application. The policy database correlates predetermined actions with the access conditions associated with a given application session.

A method is disclosed for generating a network topology representation based on inspection of application messages at a network device. According to one aspect, a network device receives a request packet, routes the packet to the destination, and extracts and stores correlation information from a copy of the request packet. When the network device receives a response packet, it examines the contents of a copy of the response packet using context-based correlation rules and matches the response packet with the appropriate stored request packet correlation information. It analyzes recorded correlation information to determine application-to-application mapping and calculate application response times. Another embodiment inserts custom headers that contain information used to match a response packet with a request packet into request packets.

In one embodiment, an apparatus includes one or more internal interfaces in communication with one or more network devices in a first network site through a Layer 2 link, an overlay interface in communication through a Layer 3 link with a core network connected to one or more other network sites, and a table mapping addresses for network devices in the other network sites to addresses of edge devices in the same network site as the network device. The apparatus further includes a processor operable to encapsulate a packet received at one of the internal interfaces and destined for one of the network devices in the other network sites, with an IP header including a destination address of the edge device mapped to the destination network device, and forward the encapsulated packet to the core network.

The invention provides a method and system for locally tracking network usage and enforcing usage plans at a client device. In an embodiment of the invention, a unique physical key, or token, is installed at a client device of one or more networks. The key comprises a usage application and one or more access parameters designated the conditions and/or limits of a particular network usage plan. Upon initial connection to the network, the usage application grants or denies access to the network based on an analysis of the current values of the access parameters. Therefore, network usage tracking and enforcement is made simple and automatic without requiring any back-end servers on the network while still providing ultimate flexibility in changing billing plans for any number of users at any time.

Exemplary methods and systems for acquiring network credentials for network access are described. The exemplary method comprises receiving network configuration information from a network device on a communication network, generating a credential request, transmitting the credential request to a credential server over a standard protocol of the network device, receiving the credential request response, and providing a network credential from the credential request response to the network device to access the communication network.

A method is disclosed for carrying out network device provisioning and configuration, and communication of other information to a network device, automatically and in an assured manner. A configuration service receives a request from a network device to provide configuration information. The configuration service retrieves a template representing the configuration from a storage location, e.g., a directory service. The configuration service also retrieves one or more parameter values specific to the device. Device-specific values are instantiated for the generic parameters in the template, based on the retrieved values. The resulting configuration is stored in XML format using XML tags to delimit configuration commands, tested for well-formed-ness, and syntax checked. A reliable transport protocol carries the configuration information to the device. At the device, a configuration agent syntax checks the embedded configuration information, and then applies the configuration information to the device. As a result, automatic network provisioning may be accomplished remotely, without requiring a skilled technician to visit customer premises to carry out configuration. The process may be integrated with an event service to enable multiple devices to concurrently receive re-configuration without special synchronization logic.

An integrated network interface device that supports data exchange in two or more high-speed network data transfer protocols that are based on different standards of network data transfer architectures, wherein an incoming data stream formatted in accordance with a particular network data transfer standard is processed into data not subject to the network data transfer standard to be output for further processing by a host. In one aspect, a network interface device is provided with a set of shared or common protocol independent physical link components that are used to identify the operating protocol of the incoming data, and a set of dynamically or statically re-configurable, shared or common protocol independent data transfer processing components that support data exchange via the physical link components for all the supported protocols, which may include a protocol specific link interface for each supported protocol.

Data transfer over an network is effected in a manner that facilitates the use of available communications channels and makes possible enhanced data routing control and monitoring. According to an example embodiment of the present invention, data is transferred over a network having a plurality of communication links. A home (e.g., data source) node coupled to the network supplies data for transfer on the network. A network-distributed application routing controller is implemented at a host server and at the home node, and is configured for controlling the home node for passing data on the network. A data request from a remote network access appliance, such as a laptop or mobile telephone, is received at the host server. In response to the request, the host server implements the network-distributed application routing controller to transfer data from a home node to the remote network access appliance.

A fast authentication and access control method of authenticating a network access device to a communications network having an access point communicating with a remote authentication (home AAA) server for the network access device. The method includes the step of receiving an access request having an authentication credential from the network access device at the access point. The authentication credential includes a security certificate having a public key for the network access device and an expiration time. The security certificate is signed with a private key for the remote authentication server. The access point locally validates the authentication credential by accessing the public key of the remote authentication server from a local database, and checking the signature and expiration time of the security certificate. If the authentication credential is validated at the access point, the access point grants the network access device conditional access to the network by sending an access granted message to the network access device. The access granted message includes a session key encrypted with a public key for the network access device. The session key is stored in a database associated with the access point. The access point contacts the remote authentication server to check a revocation status of the security certificate for the network access device. If the access point receives a message from the remote authentication server that the authentication credential for the network access device has been revoked, it suspends network access for the network access device.

A method and system for load balancing in a network system such as a data-over-cable system. One method includes receiving a first message on a first network device such as a cable modem termination system (“CMTS”) from a second network device and marking the first message with an identifier of a network access device. The method further includes intercepting the first message on a third network device such as a provisioning/access manager prior to any first protocol server such a Dynamic Host Configuration Protocol server receives the first message. When the third network device intercepts the first message, the third network device determines capabilities of the second network device and applies a set of rules to load balance any requests between a plurality of channel pairs. Each charmel pair is associated with at least one capability of a network device and also has a load factor parameter and a threshold value defining a capacity of a channel pair. The third network device assigns the second network device to a predetermined channel pair based on the capabilities of the second network device, a load factor of the channel pair and a capacity of the channel pair.

This disclosure describes methods and systems for synchronizing broadcast and network content, such as web content. It also describes related technology for facilitating linking from broadcast content to related information and e-commerce on a network. One method detailed in this disclosure synchronizes broadcast content with dynamic network content at a network address. This method embeds an identifier in a broadcast, extracts the identifier embedded in broadcast content, and uses the identifier to identify corresponding network content. The method then posts the corresponding network content on a network device located at the network address (e.g., a web page at the URL of the broadcaster). The network device (e.g., web server) is responsive to requests sent to the network address to provide the network content over a network. Using this method, the broadcast content is synchronized with the corresponding network content. This approach enables the content at the broadcaster's fixed web site URL to change dynamically with the broadcast. This approach is transparent to the user, who simply visits the same URL to get more information about current programming or purchase a product currently advertised in current programming.

A multiple key, multiple tiered network security system, method and apparatus provides at least three levels of security. The first level of security includes physical (MAC) address authentication of a user device being attached to the network, such as a user device being attached to a port of a network access device. The second level includes authentication of the user of the user device, such as user authentication in accordance with the IEEE 802.1x standard. The third level includes dynamic assignment of a user policy to the port based on the identity of the user, wherein the user policy is used to selectively control access to the port. The user policy may identify or include an access control list (ACL) or MAC address filter. Also, the user policy is not dynamically assigned if insufficient system resources are available to do so. Failure to pass a lower security level results in a denial of access to subsequent levels of authentication.

Systems that monitor and control energy distribution manage energy distribution or use for Energy Service Providers and end-users. A system includes a publicly or privately accessible distributed network, a network access device, and a management device. The network access device communicates with the management device through the distributed network to control loads at a remote location. The method of monitoring and controlling energy distribution receives data at an on-line Site, processes an application program that evaluates load and market supply data, and initiates power curtailment requests or power curtailment events.

Various embodiments are disclosed for a services policy communication system and method. In some embodiments, a network device executes a service controller for a plurality of device groups, in which the service controller includes a capability to securely partition one or more device group database partitions, each device group partition includes service controller system settings, and each device group includes a plurality of communication devices controlled by a virtual service provider.

Systems, methods, and instrumentalities are disclosed to desynchronize transmissions in group-based operations. A group user equipment (UE), e.g., a UE that is a member of a group of UEs, may be in an inactive mode. The group UE may receive a multicast message indicating that the group UE may enter an active mode. For example, the group UE may use the active mode for periodic reporting of its monitoring activity to the network. The multicast message may indicate a mechanism for the group UE to use to send an uplink transmission to the network. The group UE may send the uplink transmission to the network at a transmission time indicated by the mechanism. The transmission time may be desynchronized from other UEs in the group.

A system and method for establishing connection of an IP telephone to a network may include, in response to receiving a registration request from an IP telephone, generating a command to cause network access devices to ping the IP telephone. The command may be communicated to the network access devices. Ping information may be received in response to the network access devices pinging the IP telephone. A network access device may be selected that has the highest quality network access path to the IP telephone. In response to selecting the network access device that has the highest quality network access path, a network address of the selected network access device may be communicated to a network device to enable the IP telephone to communicate with the selected network access device. Credentials may be communicated to the IP telephone to register with the selected network access device.

Each network device includes a monitoring agent configured for generating a notification message based upon an event where device operations exceed prescribed monitored parameters. A troubleshooting resource at the customer premises requests selected device state attributes from the network device and that are forwarded to a data collection resource that serves as an interface to the manufacturer's back-end infrastructure. The troubleshooting system accesses databases that store the configuration information for the affected network device, and uses the configuration information for accessing problem/resolution information. The rules based troubleshooting system, upon correlating the databases for the problem/resolution information, provides a service notification message as a response to the event, and selectively includes the problem/resolution information for the network device.

Provided are techniques and apparatuses for determining the geographic location of a node on a network. In a representative embodiment, a data packet is received over the network from a second node, the data packet including a network identifier for the second node and a Time-To-Live (TTL) field that has a value, with the value of the TTL field for the data packet indicating a maximum additional number of hops that could have been made by the data packet. A probe packet addressed to the network identifier for the second node is then sent, the probe packet also including a TTL field. The initial value for the TTL field of the probe packet is set based on the value for the TTL field of the data packet.

A computer system for allowing proprietary forwarding elements to interoperate with standard control elements in an open network architecture. The computer system comprises a forwarding element that is adapted to perform data forwarding functions in a computer network. A control element is adapted to perform network signaling and control functions in the computer network. The control element is adapted to generate a standardized data set for configuring the forwarding element. An interconnecting element operatively connects the forwarding element to the control element. A forwarding element plugin is integrated with the control element for receiving the standardized data set from the control element, translating the standardized data set into a specialized data set, and transmitting the specialized data set to the forwarding element to configure the forwarding element. The forwarding element utilizes the specialized data set to configure the forwarding element for performing data forwarding in the computer network.

In an example, a network device is configured to generate a first public-private key pair. The network device is configured to receive, over an electronic network, public keys of two or more second public-private key pairs. The network device is configured to generate a digital currency address using the public keys of the two or more second public-private key pairs and a public key of the first public-private key pair.

A method and system for policy provisioning and access managing on a data-over-cable system. One method includes receiving a first message on a first network device such as a CMTS from a second network device and marking the first message with an identifier of a network access device. The method further includes intercepting the first message on a third network device prior to a first protocol network server such as a Dynamic Host Configuration Protocol (“DHCP”) server receives the first message. When the third network device intercepts the first message, the third network device determines the identity of the second network device. Based on the identity of the second network device and using the identifier of the network access device, the third network device manages an assignment of configuration parameters for the second network device.

Methods, systems, and computer program products for dynamic network access device port and user device configuration are disclosed. According to one method, when a user device is connected to a port of a network access device, the type of user device is determined. The type of user device is used to locate a corresponding port configuration policy. The port to which the device is connected is dynamically configured based on the port configuration policy.