Abstract: An electronic device includes a traffic redirect module that creates a traffic sink interface that enables data to be sent to it, without generating an error if an underlying physical link does not exist. To send data over a physical link, a processor of the electronic device creates a network interface to connect to another electronic device using a transport connection over the physical link. If the physical link disconnects, then the processor removes the network interface, and the traffic redirect module redirects data to be sent to the other electronic device to use the traffic sink interface, without indicating that the physical link has disconnected. When the physical link reconnects, or a new physical link to the other electronic device is established, the processor creates a new network interface to connect to the other electronic device using the transport connection over the reconnected or new physical link.

Abstract: Apparatuses, systems, and methods for application aware cellular radio activation/deactivation, e.g., in 5G NR systems and beyond. The UE may receive, while operating in a power savings mode in which a cellular modem of the UE is disabled, inputs associated with an application of the UE. The UE may determine, based on the inputs, to activate the cellular modem to support the application of the UE. The inputs may include an indication of an application state or status, an indication of an application category, an indication of a state or status of an AI assistant of the UE, an indication of whether an application is a session application, an indication of network assertions, an indication of proximity information, an indication of a WiFi state or a WiFi status, and/or indications associated with one or more timers.

Abstract: An electronic device includes a traffic redirect module that creates a traffic sink interface that enables data to be sent to it, without generating an error if an underlying physical link does not exist. To send data over a physical link, a processor of the electronic device creates a network interface to connect to another electronic device using a transport connection over the physical link. If the physical link disconnects, then the processor removes the network interface, and the traffic redirect module redirects data to be sent to the other electronic device to use the traffic sink interface, without indicating that the physical link has disconnected. When the physical link reconnects, or a new physical link to the other electronic device is established, the processor creates a new network interface to connect to the other electronic device using the transport connection over the reconnected or new physical link.

Abstract: A system and method for selecting a network interface for a communication device having at least two radio physical interface, to improve communications by the communication device. A configuration of the communication device is determined, where a first radio physical interface is designated as a primary interface and active, and a second radio physical interface as idle. A networking subsystem of the operating system executes a state machine configured to monitor network conditions and associated performance parameters of the at least two radio physical interfaces, to automatically outrank the second radio physical interface over the first radio physical interface as the primary interface.

Abstract: Techniques are provided for securely routing network traffic data. A kernel routine in a computing device obtains content metadata from the network traffic data associated with an application. The kernel routine can evaluate the content metadata and determine whether security and privacy policies should be applied to the network traffic data associated with the content metadata. The kernel routine can automatically create or identify tags for the content metadata based on intent and context information that is determined by the kernel routine. The tags can be associated with particular security and privacy policies, such as anonymization and encryption.

Abstract: Apparatuses, systems, and methods for a wireless device to perform data stall mitigation. The wireless device may establish, at an HTTP layer of the wireless device, a data connection over a first network interface of the wireless device. The wireless device may compare an available duration of data in a data buffer associated with the data connection to a first threshold and notify, in response to the available duration approaching the first threshold, at least one lower layer of the wireless device of an emergency deadline. At least one lower layer may perform one or more remedial actions to avoid and/or mitigate a data stall.

Abstract: An electronic device includes a traffic redirect module that creates a traffic sink interface that enables data to be sent to it, without generating an error if an underlying physical link does not exist. To send data over a physical link, a processor of the electronic device creates a network interface to connect to another electronic device using a transport connection over the physical link. If the physical link disconnects, then the processor removes the network interface, and the traffic redirect module redirects data to be sent to the other electronic device to use the traffic sink interface, without indicating that the physical link has disconnected. When the physical link reconnects, or a new physical link to the other electronic device is established, the processor creates a new network interface to connect to the other electronic device using the transport connection over the reconnected or new physical link.

Abstract: An electronic device includes a sequence generator module that generates a sequence in a predetermined order based on a traffic class of data to be sent. The sequence is written into a portion of a sequence header of an outgoing data packet that corresponds to the traffic class. A traffic class identifier is also written into a header of the packet that indicates the traffic class of the data. The electronic device sends the packet to another electronic device over one of multiple channels of multiple priorities. The other electronic device determines the traffic class of the data based on the traffic class identifier, extracts the sequence from the portion of the sequence header that corresponds to the traffic class, and compares the sequence to a previously extracted sequence of a previously received packet of the same traffic class to determine whether a replay attack has occurred.

Abstract: Apparatus and methods to support authentication failure handling by network elements and by a wireless communication device when attempting access to services through non-cellular wireless networks by the wireless communication device are disclosed. Error messages received from evolved packet core (EPC) network elements, such as an authentication, authorization, and accounting (AAA) server, are mapped to failure messages provided to wireless communication devices by internetworking equipment, such as an evolved packet data gateway (ePDG). The wireless communication device determines a failures cause based on the failure messages and disallows retry attempts until select criteria are satisfied.

Abstract: Described are methods that allow credentials of a first client station to authenticate a second client station. An exemplary method includes associating a first client station with a second client station, the first client station including credential information, the associating authorizing the second client station to use the credential information, transmitting, by the second client station, an association request to a network, the network utilizing the credential information to authorize a connection, the second client station configured to perform a proxy functionality for requests received from the network to be forwarded to the first client station and responses received from the first client station to be forwarded to the network, determining, by the network, whether the credential information received from the second client station is authenticated and establishing a connection between the second client station and the network using the credential information of the first client station.

Abstract: Apparatuses, systems, and methods for a wireless device to perform data stall mitigation. The wireless device may establish, at an HTTP layer of the wireless device, a data connection over a first network interface of the wireless device. The wireless device may compare an available duration of data in a data buffer associated with the data connection to a first threshold and notify, in response to the available duration approaching the first threshold, at least one lower layer of the wireless device of an emergency deadline. At least one lower layer may perform one or more remedial actions to avoid and/or mitigate a data stall.

Abstract: A method, client device and non-transitory computer readable storage medium for connecting to a virtual private network (VPN). A request to connect to a destination identified by a hostname is received from an application executed on the client device and a domain name system (DNS) lookup functionality is performed on the hostname, the DNS lookup functionality returning an address. It is then determined whether the returned address is a redirected address, whether a hypertext transmission protocol secure (HTTPS) probe configured for the hostname fails, or whether the returned address matches a cached route in which a transmission control protocol (TCP) connection establishment is unsuccessful. If any of the returned address is a redirected address, the HTTPS probe fails or the returned address matches the cached route and the TCP connection establishment is unsuccessful, the client device is connected to the VPN.

Abstract: Apparatus and methods to support authentication failure handling by network elements and by a wireless communication device when attempting access to services through non-cellular wireless networks by the wireless communication device are disclosed. Error messages received from evolved packet core (EPC) network elements, such as an authentication, authorization, and accounting (AAA) server, are mapped to failure messages provided to wireless communication devices by internetworking equipment, such as an evolved packet data gateway (ePDG). The wireless communication device determines a failures cause based on the failure messages and disallows retry attempts until select criteria are satisfied.

Abstract: Apparatus and methods to support authentication failure handling by network elements and by a wireless communication device when attempting access to services through non-cellular wireless networks by the wireless communication device are disclosed. Error messages received from evolved packet core (EPC) network elements, such as an authentication, authorization, and accounting (AAA) server, are mapped to failure messages provided to wireless communication devices by internetworking equipment, such as an evolved packet data gateway (ePDG). The wireless communication device determines a failures cause based on the failure messages and disallows retry attempts until select criteria are satisfied.

Abstract: Apparatus and methods to support location specific control to allow and/or disallow access to services through untrusted wireless networks by a wireless communication device are disclosed. One or more network elements obtain a location of the wireless communication device and selectively allow and/or disallow access to one or more cellular network services and/or one or more access point names (APNs) based on the location of the wireless communication device when connecting through an untrusted wireless network.

Abstract: The embodiments set forth techniques for avoiding network connectivity stalls at a mobile computing device. In an idle state, a performance analyzer executing on the mobile computing device is configured to passively analyze high-level network connectivity information to detect any minor issues with the network connectivity being provided by a primary interface (e.g., WiFi). When minor issues are detected, the mobile computing device transitions into an alerted state, where high emphasis is placed on using the WiFi interface and low emphasis is placed on using a secondary interface (e.g., Cellular). In the alerted state, the mobile computing device actively analyzes low-level connectivity information to detect any major issues with the WiFi interface. When major issues are detected, the mobile computing device transitions into a fallback state, where high emphasis is placed on using the Cellular interface and low emphasis is placed on using the WiFi interface.

Abstract: A method, client device and non-transitory computer readable storage medium for connecting to a virtual private network (VPN). A request to connect to a destination identified by a hostname is received from an application executed on the client device and a domain name system (DNS) lookup functionality is performed on the hostname, the DNS lookup functionality returning an address. It is then determined whether the returned address is a redirected address, whether a hypertext transmission protocol secure (HTTPS) probe configured for the hostname fails, or whether the returned address matches a cached route in which a transmission control protocol (TCP) connection establishment is unsuccessful. If any of the returned address is a redirected address, the HTTPS probe fails or the returned address matches the cached route and the TCP connection establishment is unsuccessful, the client device is connected to the VPN.

Abstract: A method, client device and non-transitory computer readable storage medium for connecting to a virtual private network (VPN). A request to connect to a destination identified by a hostname is received from an application executed on the client device and a domain name system (DNS) lookup functionality is performed on the hostname, the DNS lookup functionality returning an address. It is then determined whether the returned address is a redirected address, whether a hypertext transmission protocol secure (HTTPS) probe configured for the hostname fails, or whether the returned address matches a cached route in which a transmission control protocol (TCP) connection establishment is unsuccessful. If any of the returned address is a redirected address, the HTTPS probe fails or the returned address matches the cached route and the TCP connection establishment is unsuccessful, the client device is connected to the VPN.

Abstract: Apparatus and methods to support authentication failure handling by network elements and by a wireless communication device when attempting access to services through non-cellular wireless networks by the wireless communication device are disclosed. Error messages received from evolved packet core (EPC) network elements, such as an authentication, authorization, and accounting (AAA) server, are mapped to failure messages provided to wireless communication devices by internetworking equipment, such as an evolved packet data gateway (ePDG). The wireless communication device determines a failures cause based on the failure messages and disallows retry attempts until select criteria are satisfied.

Abstract: The embodiments set forth techniques for avoiding network connectivity stalls at a mobile computing device. In an idle state, a performance analyzer executing on the mobile computing device is configured to passively analyze high-level network connectivity information to detect any minor issues with the network connectivity being provided by a primary interface (e.g., WiFi). When minor issues are detected, the mobile computing device transitions into an alerted state, where high emphasis is placed on using the WiFi interface and low emphasis is placed on using a secondary interface (e.g., Cellular). In the alerted state, the mobile computing device actively analyzes low-level connectivity information to detect any major issues with the WiFi interface. When major issues are detected, the mobile computing device transitions into a fallback state, where high emphasis is placed on using the Cellular interface and low emphasis is placed on using the WiFi interface.