Patent application number | Description | Published |
20090034557 | METHOD AND SYSTEM FOR DYNAMIC SECURED GROUP COMMUNICATION - A system and method directed to carrying out dynamic secured group communication is provided. The method includes obtaining a first packet that includes a first header. The first header includes a first source address of a first source node of a first network, and a first destination address of a first destination node of the first network. The method also includes forming a frame that includes the first header in encrypted form, combining the first header and the frame to form a second packet, and forming a second header. This second header includes a second source address of a second source node of a second network, and a second destination address of a second destination node of the second network. The method further includes encapsulating the second packet with the second header to form a third packet, and communicating the third packet into the second network from the second source node for termination to the second-destination node. | 02-05-2009 |
20090310614 | System and Method for Establishment of a Multiprotocol Label Switching (MPLS) Tunnel - In one embodiment, a method for receiving a request from a first interface to establish a session with at least a second interface in a communication network is provided. The request is transmitted to an application layer signaling device via an application layer signaling protocol dialog, wherein the application layer signaling protocol dialog is configured to facilitate communication between the first interface and the application layer signaling device. The method further includes communicating parameters for establishing a session tunnel to a first edge router via the application layer signaling protocol dialog, wherein the first edge router is configured to dynamically establish the session tunnel between the first edge router and at least a second edge router, wherein the second edge router is positioned proximate to the at least second interface in the communication network. | 12-17-2009 |
20110164752 | Detection of Stale Encryption Policy By Group Members - Various techniques that allow group members to detect the use of stale encryption policy by other group members are disclosed. One method involves receiving a message from a first group member via a network. The message is received by a second group member. The method then detects that the first group member is not using a most recent policy update supplied by a key server, in response to information in the message. In response, a notification message can be sent from the second group member. The notification message indicates that at least one group member is not using the most recently policy update. The notification message can be sent to the key server or towards the first group member. | 07-07-2011 |
20120060029 | METHOD AND SYSTEM FOR DYNAMIC SECURED GROUP COMMUNICATION - A system and method directed to carrying out dynamic secured group communication is provided. The method includes: obtaining a first packet that includes a first header; forming a frame that includes the first header in encrypted form; combining the first header and the frame to form a second packet and forming a second header; encapsulating the second packet with the second header to form a third packet, and communicating the third packet into the second network from the second source node for termination to the second-destination node. The first header includes a first source address of a first source node of a first network, and a first destination address of a first destination node of the first network. The second header includes a second source address of a second source node of a second network, and a second destination address of a second destination node of the second network. | 03-08-2012 |
20120263434 | Per-Subscriber Adaptive Bit Rate Stream Management Method - Consistent with embodiments of the present invention, a system may be provided to provide per-subscriber stream management comprising: a client capable of receiving a playlist containing a subset of segments associated with a video asset; a video application server to request subscriber state information and to build state representations in a subscriber database on a per-subscriber basis; a media segmenter capable of providing the video asset in multiple bit rates; a subscriber state manager capable of managing the current state of one or more subscribers in a subscriber database; and a stream manager capable of requesting the assignment of bandwidth from a wireless infrastructure on a per-subscriber basis. | 10-18-2012 |
20130132498 | Content Distribution Through Blind-Cache Instantiation - A slave resource router may receive a client request. The slave resource router may be the nearest representation of an Anycast IP address in a network to a client sending the client request in the network. The slave resource router may then determine that the slave resource router has been authorized to cache content for a delivery service corresponding to the client request. Next, the slave resource router may determine that content corresponding to the client request is cached locally in a blind cache. Then the slave resource router may provide the client with the content from the blind cache. | 05-23-2013 |
20150019750 | Unique Subscriber States for Adaptive Stream Management - Consistent with embodiments of the present invention, a system may be provided to provide per-subscriber stream management comprising: a client capable of receiving a playlist containing a subset of segments associated with a video asset; a video application server to request subscriber state information and to build state representations in a subscriber database on a per-subscriber basis; a media segmenter capable of providing the video asset in multiple bit rates; a subscriber state manager capable of managing the current state of one or more subscribers in a subscriber database; and a stream manager capable of requesting the assignment of bandwidth from a wireless infrastructure on a per-subscriber basis. | 01-15-2015 |
Patent application number | Description | Published |
20100034207 | ENFORCING THE PRINCIPLE OF LEAST PRIVILEGE FOR LARGE TUNNEL-LESS VPNs - Techniques for secure communication in a tunnel-less VPN are provided. A key server generates and provides, to each VPN gateway, different, yet mathematically-related keying material. A VPN gateway receives distinct keying material for each designated address block (e.g., subnet) behind the VPN gateway. In response to receiving a packet from one a source host whose address falls within one of the designated address blocks, the VPN gateway identifies the appropriate keying material. The VPN gateway determines an identifier for the address block that includes the destination address. The identifier and the identified keying material are used to generate a key. The VPN gateway encrypts the packet with the key and forwards the encrypted packet to the destination host. | 02-11-2010 |
20100154028 | MIGRATING A NETWORK TO TUNNEL-LESS ENCRYPTION - A method comprises, in a network comprising VPN gateway devices configured only for plaintext data communication, configuring a policy server with a security policy including DO NOT ENCRYPT statements temporarily overriding PERMIT statements defining which packets should be encrypted; selecting one sub-group of the VPN gateway devices in which tunnel-less encryption is not configured; configuring of the VPN gateway devices in the sub-group for tunnel-less encryption by: configuring each device in a passive mode of operation in which the device is configured to receive either encrypted packets or plaintext packets matching encryption policy; configuring local DO NOT ENCRYPT statements matching traffic that is currently being converted to ciphertext; removing, from the access control list of the policy server, DO NOT ENCRYPT statements referring to protected LAN CIDR blocks behind the VPN gateway devices in the selected sub-group; configuring the sub-group to send encrypted packets by removing, from each of the VPN gateway devices in the selected sub-group, the local DO NOT ENCRYPT statements for the CIDR blocks currently being converted and protected by the selected sub-group; repeating the configuring each of the VPN gateway devices in the selected sub-group for tunnel-less encryption, and the configuring the sub-group to send encrypted packets, for each other one of the sub-groups; and removing the passive mode on each of the VPN gateway devices. | 06-17-2010 |