Geoffrey C. Stone

Bio: Geoffrey C. Stone is an academic researcher from Alcatel-Lucent. The author has contributed to research in topics: Network packet & Processing delay. The author has an hindex of 5, co-authored 6 publications receiving 441 citations.

Deterministic user authentication service for communication network

Abstract: A user authentication service for a communication network authenticates local users before granting them access to personalized sets of network resources. Authentication agents on intelligent edge devices present users of associated end systems with log-in challenges. Information supplied by the users is forwarded to an authentication server for verification. If successfully verified, the authentication server returns to the agents authorized connectivity information and time restrictions for the particular authenticated users. The agents use the information to establish rules for filtering and forwarding network traffic originating from or destined for particular authenticated users during authorized time periods. An enhanced authentication server may be engaged if additional security is desired. The authorized connectivity information preferably includes identifiers of one or more virtual local area networks active in the network. Log-in attempts are recorded so that the identity and whereabouts of network users may be monitored from a network management station.

Receive processing for dedicated bandwidth data communication switch backplane

Abstract: A dedicated bandwidth switch backplane has efficient receive processing capable of handling highly parallel traffic. Packets must pass a filtering check and a watermark check before the receive port is allowed to release them to a queue. Highly efficient algorithms are applied to conduct the checks on the packets in a way which expedites receive processing and avoids contention. A hybrid priority/port-based arbitration algorithm is used to sequence filtering checks on pending packets. A watermark comparison algorithm performs preliminary calculations on the current packet using “projected” output queue write addresses for each possible outcome of the queueing decision on the preceding packet and using the actual outcome to select from among preliminary calculations to efficiently address the outcome-dependence of the current packet's watermark check on the queueing decision made on the preceding packet. Receive ports are operatively divided into full-write receive ports and selective-write receive ports for delivering their packets to the output queue. On the clock cycles where the selective-write receive port is assigned writing privileges, data is read from the queue, unless the selective-write receive port has indicated it wishes to write to the queue, in which case the selective-write receive port writes to the queue. The full-write receive ports always write data, if available, to the queue on the clock cycles where they are assigned writing privileges.

Self-configuring communication network

Abstract: Methods for configuring, maintaining connectivity in and utilizing an ATM network. Neighboring switches share topology information and enable links to neighboring switches for tag switching. Point-to-point tagged virtual connections are established between switches on the best and next-best paths learned from topology information. Point-to-multipoint tagged virtual connections are established on the spanning tree path. Multiple tag allocation requests are included in a single message to preserve bandwidth. Next-best paths are established to reduce latency in event of link failure. Forwarding operations may be performed in hardware to reduce latency during message forwarding.

Method and apparatus for maintaining packet order integrity in a parallel switching engine

Abstract: A method and apparatus for maintaining packet order integrity in a switching engine wherein inbound packets are forwarded to different ones of parallel processing elements for switching. Order preservation for packets relating to the same conversation is guaranteed by checking for each inbound packet whether a previous packet from the same source is pending at a processing element and, if the check reveals that such a packet is pending, forwarding the inbound packet to the same processing element as the previous packet.

Dedicated bandwidth data communication switch backplane

Abstract: A LAN switch has a backplane matrix in which each controller has a dedicated packet bus for propagating packet data. Each bus has a root interfacing with the transmitting (root) controller and a plurality of leaves interfacing with receiving (leaf) controllers. This configuration enables each controller to simultaneously transmit packet data on the root of a bus and receive packet data off a plurality of leaves of other buses without contention. An efficient filtering and stalling system employed at the receive side of the backplane prevents the highly parallel traffic from causing receive side congestion.

Architecture for distributed computing system and automated design, deployment, and management of distributed applications

Abstract: An architecture and methodology for designing, deploying, and managing a distributed application onto a distributed computing system is described.

Integrated business system for web based telecommunications management

Abstract: The specification discloses a method of doing business over the public Internet, particularly, a method which enables access to legacy management tools used by a telecommunications enterprise in the management of the enterprise business to the enterprise customer, to enable the customer to more effectively manage the business conducted by the customer through the enterprise, this access being provided over the public Internet. This method of doing business is accomplished with one or more secure web servers which manage one or more secure client sessions over the Internet, each web server supporting secure communications with the client workstation; a web page backplane application capable of launching one or more management tool applications used by the enterprise. Each of the management tool applications provide a customer interface integrated within said web page which enables interactive Web/Internet based communications with the web servers; each web server supports communication of messages entered via the integrated customer interface to one or more remote enterprise management tool application servers which interact with the enterprise management tool applications to provide associated management capabilities to the customer.

Role-based navigation of information resources

Abstract: A single secure sign-on gives a user access to authorized Web resources, based on the user's role in the organization that controls the Web resources. The information resources are stored on a protected Web server. A user of a client or browser logs in to the system. A runtime module on the protected server receives the login request and intercepts all other request by the client to use a resource. The runtime module connects to an access server that can determine whether a particular user is authentic and which resources the user is authorized to access. User information is associated with roles and functional groups of an organization to which the user belongs; the roles are associated with access privileges. The access server connects to a registry server that stores information about users, roles, functional groups, resources, and associations among them. The access server and registry server exchange encrypted information that authorized the user to use the resource. The user is presented with a customized Web page showing only those resources that the user may access. Thereafter, the access server can resolve requests to use other resources without contacting the registry server. The registry server controls a flexible, extensible, additive data model stored in a database that describes the user, the resources, roles of the user, and functional groups in the enterprise that are associated with the user.

Virtual private LAN service using a multicast protocol

Abstract: A method for data broadcast over a network includes receiving at a virtual bridge a data packet to be flooded over the network, and passing the data packet from the virtual bridge to a multicast-capable router, along with a broadcast indication. Responsive to the broadcast indication, the router determines a group of destination addresses to which the packet should be multicast, and creates copies of the packet for transmission over the network to the destination addresses in the group.

Computer architecture for managing courseware in a shared use operating environment

Abstract: Methods, devices, and systems are provided in a multi-level computer architecture which provides improved capabilities for managing courseware and other content in a shared use operating environment such as a computer network. In particular, the invention provides a commercial networked instruction content delivery method and system which does not exclude synchronous sharing but is focused on asynchronous sharing. Security means in the architecture provide content property holders with the ability to know how many minutes of use an individual made of licensed material and with increased certainty that their material cannot be used, copied, or sold in usable form unless and until a user site is connected or reconnected to a minute-by-minute counter which is located off the premises of the user. This security link helps protect software and other works which are being sold or licensed to an individual, organization, or entity, and creates income opportunities for owners of such content.