A method of separating identity IPs for identification of applications from the locator IPs for identifying the route is provided. A virtual service layer (VSL) protocol stack uses the IP addresses assigned by network administrators to the application endpoints to support the TCP/IP stack as the identity IP addresses that are not published to the underlay network for routing. On the other hand, the VSL stack uses the IP addresses assigned by the underlay network to the VSL enabled endpoints and VSL enabled routers as the locator IP addresses for routing packets. The VSL stack formats application flow packets with identity headers as identity packet and encapsulates identity packet with the locator header to route the packet. The separation of the identity and locator identifications are used to eliminate the network middleboxes and provide firewall, load balancing, connectivity, SD-WAN, and WAN-optimization, as a part of the communication protocol.

A communication system provides multimedia communications within and between armored ground combat vehicles (GCVs). The system includes client computers within the armored GCVs providing distributed and interconnected multimedia communications among the client computers. The multimedia communication may include a one-to-one communication, a text communication to a group, an audio communication to a group, or a video communication to a group. Logic providing the distributed and interconnected multimedia communications is not located at a single client computer. The client computers display graphical user interfaces (GUIs) enabling soldiers to select parameters of the communication system with some GUIs providing presence discovery among the armored GCVs. One of the plurality of client computers acts as an origination station and other client computers may be configured as receiving communication station(s). The origination communication station may transmit digital communication data to the receiving communication station(s).

A data processing method includes: receiving a connection test packet transmitted by a first client; determining an access address of a second client contained in the connection test packet, and storing the access address of the second client; and transmitting, when a first address storage notification message transmitted by a second gateway is received while receiving a connection data packet transmitted by the first client to the second client, the connection data packet to the second client through the second gateway, so as to establish a communication connection between the first client and the second client according to the connection data packet.

A system and method for providing network and port address translation is provided. A global IP address and a block (chunk) of ports are allocated for each mobile subscriber (MS) on first data connection. Subsequent data connections from the same MS are assigned the same IP address and a new port from this block. The mapping information is communicated, processed, and stored once for the complete block, instead of for every new data connection. This process reduces processing, communication, and storage requirements.

A system and method for providing network and port address translation is provided. A global IP address and a block (chunk) of ports are allocated for each mobile subscriber (MS) on first data connection. Subsequent data connections from the same MS are assigned the same IP address and a new port from this block. The mapping information is communicated, processed, and stored once for the complete block, instead of for every new data connection. This process reduces processing, communication, and storage requirements.

The present invention is directed to communications apparatus, systems, and methods for preventing and/or minimizing session data clipping/loss when using the ICE protocol procedures on a session border controller. An exemplary method embodiment of operating a Session Border Controller (SBC) includes, receiving, at the SBC, an initial offer message from a first user equipment device directed to a second user equipment device, said initial offer message including one or more candidate addresses for the first user equipment device; and establishing a data path between the SBC and the second user equipment device in response to receiving said initial offer message prior to establishing a data session between the first user equipment device and the session border controller.

The present invention is directed to communications apparatus, systems, and methods for preventing and/or minimizing session data clipping/loss when using the ICE protocol procedures on a session border controller. An exemplary method embodiment of operating a Session Border Controller (SBC) includes, receiving, at the SBC, an initial offer message from a first user equipment device directed to a second user equipment device, said initial offer message including one or more candidate addresses for the first user equipment device; and establishing a data path between the SBC and the second user equipment device in response to receiving said initial offer message prior to establishing a data session between the first user equipment device and the session border controller.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

The present invention relates to systems and methods suitable for establishing communication between secure and unsecure devices. In particular, the present invention relates to systems and methods that enables communication between secure and unsecure devices utilizing communication protocols that require implementation over secured connections.