841 results about "Network domain" patented technology

An approach for establishing secure multicast communication among multiple event service nodes is disclosed. The event service nodes, which can be distributed throughout an enterprise domain, are organized in a logical tree that mimics the logical tree arrangement of domains in a directory server system. The attributes of the event service nodes include the group session key and the private keys of the event service nodes that are members of the multicast or broadcast groups. The private keys provide unique identification values for the event service nodes, thereby facilitating distribution of such keys. Because keys as well as key version information are housed in the directory, multicast security can readily be achieved over any number of network domains across the entire enterprise. Key information is stored in, and the logical tree is supported by, a directory service. Replication of the directory accomplishes distribution of keys. Event service nodes may obtain current key information from a local copy of the replicated directory.

A method is described for controlling a shared resource for interconnecting two or more network domains being controlled by different Managers. Multiple Managers control the shared resource for the configuration of a segment of a connection between two different domains and the Managers cooperate in order to control dynamically the shared resource. Different network domains can be connected by a network element or by a link between different network elements belonging to the different network domains. In the first case the shared resource is a connection matrix of the network element, in the second case the shared resource includes the connection matrixes of the different network elements and the link between the network elements. A shared connection matrix includes some connection points for performing the cross-connections within the matrix: some connection points are controlled by one Manager, other connection points are controlled by another Manager and some shared connection points are controlled by both Managers. Multiple Managers control the shared resource by reading and writing information stored into a management information base, according to an explicit or implicit mode, or alternatevely by transmitting messages in the network directly between the Managers, according to a signalling protocol.

A virtual router network (VRN) for performing real-time flow measurements (RTFM) is provided. The VRN effectively reduces the number of traffic metering points required thereby simplifying the aggregation and exportation of flow records to a collector. The collector may be service manager in a network management system. The metering points, in a preferred embodiment, are at virtual interfaces (VI) which are edge nodes in VRN. One of the virtual interfaces is selected as a master virtual interface and act as a collector and distributor of flow related information. In one aspect of the invention the VRN is used to provide, non-invasively, per-flow delay monitoring in a communication system.

A secure virtual network platform connects two or more different or separate network domains. When a data packet is received at an end point in one network domain, a determination is made as to whether the data packet should be forwarded outside the virtual network platform, or transmitted via the virtual network to a destination in another network domain connected by the virtual network platform.

A secure virtual network platform connects two or more subnets in different or separate network domains. The secure virtual network can use the under layer physical networks in various domains as an IP forwarding fabric without changing any existing firewalls, security settings, or network topology. A first type of connection across the virtual network involves connecting server groups. A second type of connection across the virtual network involves connecting a server group to a physical network. A third type of connection across the virtual network involves connecting a physical network to another physical network.

Extensible resource messaging in a communication network is provided through creation of a flexible, extensible, and secure messaging environment. A client-server architecture may be implemented in which user applications employ messaging clients to send resource requests for network information, allocation and other operations and receive resource responses, and in which network elements, through resource agents, may use messaging servers to accept resource requests and return resource responses. Resource agents in different network domains may interact through the messaging environment and work together to fulfill resource requests. An XML-based messaging mechanism may be built with a defined message format that can provide flexible message contexts. Network resource semantics may be specified using XML schemas so that network resources are expressed as resource-specific XML elements and network updates can be implemented by updating the XML resource schemas. Secure enhancements may be realized by secure transport, message verification and other means.

Domains are formed in a mobile ad hoc network by exchanging topology update messages among neighboring nodes, each message including the node coverage of the originating node. The node having an optimum coverage of its neighbors becomes a domain lead (DL) node, and nodes within hearing distance or range of the DL node form a network domain. Each domain node, including the DL, selects a set of bridge nodes (BNs) that can link the domain node to nodes in corresponding neighboring domains. All domain lead nodes in the network exchange messages to inform one another of the nodes contained in their respective domains. A node in one domain seeking a route for a message destined to a node in another domain, may send a route discovery (RDisc) message to the DL node of the inquiring node's domain. A responsive route resolution (RRes) message is returned to the inquiring node.

The invention relates to a method for routing Internet traffic. The method generally includes the steps of receiving a packet from multimedia network, allocating a message block header for the packet, wherein the header is used to hold behavior aggregate values for internal router mapping, and queuing and routing the packet to a differentiated services network domain in a manner that ensures a specific QoS.

A CP participated contents delivery system and method, and a CDN DNS server of the system are provided. When a client detects an embedded object while parsing a page received from a web server, the client inquires of a local DNS server about the IP address of a server storing the object. The local DNS server receives the inquiry of the client and inquires of a CDN DNS server about the IP address of the server storing the object. The CDN DNS server selects a server located in proximity to the client from a host server of a CDN provider, which stores the object, and the web server. The selected server transmits the object to the client. Accordingly, the client can rapidly receive the object and a contents provider can promote qualitative contents providing service improvement.

Methods, apparatus, system and computer program are provided for concealing the identity of a network device transmitting a datagram having a network layer header. A unique local identifier and broadcast address are determined in accordance with a next-hop address. A partially encrypted network layer header is determined by encrypting a plurality of identifying portions of the network layer header, where one portion of the network layer header is the unique local identifier. The datagram is encapsulated with another network layer header whose address is set to the broadcast address. The encapsulated datagram can be received and detunneled, and an address of a recipient can be extracted from the network layer header. The datagram is then admitted into a network domain.

A system and method for performing efficient computer virus scanning of transient messages using checksums in a distributed computing environment is described. An incoming message is intercepted at a network domain boundary. The incoming message includes a body storing message content. The message content is parsed from the body and a checksum is calculated over the parsed message content. The checksum is stored in an information file associated with the incoming message in a transient message store. The incoming message is scanned for a presence of at least one of a computer virus and malware to identify infected message contents. The checksum corresponding to each infected message content and an infection indicator is recorded.

An approach for establishing secure multicast communication among multiple multicast proxy service nodes is disclosed. The multicast proxy service nodes, which can be distributed throughout an enterprise domain, are organized in a logical tree that mimics the logical tree arrangement of domains in a directory server system. The attributes of the multicast proxy service nodes include the group session keys that are members of the secure multicast or broadcast groups. Because keys as well as key version information are housed in the directory, multicast security can be achieved over any number of network domains across the entire enterprise. Key information is stored in, and the logical tree is supported by, a directory service. Replication of the directory accomplishes distribution of keys. Multicast proxy service nodes may obtain current key information from a local copy of the replicated directory.

A secure database appliance leverages database security in a consistent framework provides consistent, flexible, and adaptable security using mandatory access controls in addition to user and role based security for access control and accountability. A database system communicatively connected to a plurality of network domains, each network domain having a level of security, the database system comprises at least one database accessible from all of the plurality of network domains, the database comprising data, each unit of data having a level of security and access control security operable to provide access to a unit of data in the database to a network domain based on the level of security of the network domain and based on the level of security of the unit of data.

An inter-networking system and method that provides for access control identifier (ACI) metadata utilization for the life of a session even on unknown networks being traversed, allowing for ACI metadata utilization, reutilization, and modification in both the send and receive paths (bi-directional), and allowing for metadata transport over network segments requiring that ACIs be embedded at different layers of the communications stack.

There is disclosed a method of helping mobile stations such as voice over IP devices to roam between wireless access points, by each access point transmitting the MAC address of a spanning tree algorithm root switch of the local network domain. This MAC address is used by mobile stations to detect if two access points are in a common network domain.

A method system for interfacing a client system in a first network domain with a Provider Link State Bridging (PLSB) network domain. At least two Backbone Edge Bridges (BEBs) of the PLSB domain 20 are provided. Each BEB is an end-point of a connection in the first network domain to the client system and an end-point of at least a unicast path defined within the PLSB domain 20. An inter-node trunk is provided in the PLSB domain 20 for interconnecting the at least two BEBs. A phantom node is defined in the PLSB domain 20. The phantom node has a unique address in the PLSB domain 20 and is notionally located on the inter-node trunk one hop from each of the BEBs. Each of the BEBs is configured such that: an ingress packet received from the client system via the connection in the first network domain is forwarded through a path notionally rooted at the phantom node; and an egress subscriber packet destined for the client system is forwarded to the client system through the connection in the first network domain.