Abstract: A network security system implements connectivity policies of a network environment. The network security system may use a network topology mapping to implement connectivity policies, where the network topology mapping includes sets of security zones, security devices, and zone paths between the security zones via the one or more security devices. The network security system can generate a universal representation of a connectivity policy for the network environment using a universal syntax. Using the network topology mapping, the network security system can identify zone paths between the security zones for implementing the connectivity policy. The network security system can configure security devices along the zone paths in accordance with the connectivity policies. Configuring security devices may include converting some or all of the universal representation of the connectivity policy into a device-specific representation in a native syntax of the security device.

Abstract: A method is provided for geo-location of a wireless target device. The method is able to generate complete statistical information about the target device in the form of a joint probability density function of the target's location. The method includes obtaining time of arrival measurements associated with reception, at a plurality of receiver devices at known or measured locations, of one or more wireless transmissions made by a target device at a location that is unknown. Based on the time of arrival measurements, the method includes computing a joint probability density function that is descriptive of a probability that the target device is within any specified region. The method then involves applying the joint probability density function to a particular specified region to compute the probability that the location of the target device is within the particular specified region.

Abstract: An apparatus comprises a frequency accumulator to produce a frequency ramp, and a symbol modulator to receive symbols and to add to the frequency ramp frequency offsets representative of the symbols, to produce a modulated frequency ramp for a modulated chirp. The apparatus includes a spreading factor controller to control a roll-over rate of the modulated frequency ramp responsive to spreading factor and frequency bandwidth control signals, to control a spreading factor and a frequency bandwidth of the modulated chirp. The apparatus includes a center frequency controller to control a center frequency of the modulated frequency ramp responsive to a center frequency control signal. The apparatus includes a phase accumulator to accumulate frequency samples of the modulated frequency ramp to produce phase samples corresponding to the modulated chirp, and a vector rotator to rotate the phase samples based on an input vector to produce a modulated chirp.

Abstract: A transmitter stores mappings of distinct values of an information signal to corresponding ones of distinct combinations of K chirps taken from M chirps that are different from each other, such that each of the distinct values is mapped to a corresponding one of the distinct combinations of K chirps. The transmitter receives a distinct value among the distinct values of the information signal. The transmitter selects, based on the mappings, a distinct combination of K chirps among the distinct combinations of K chirps that is mapped to the distinct value. The transmitter sums the K chirps of the distinct combination of K chirps to produce a symbol that represents the distinct value. The transmitter modulates the symbol to produce a modulated symbol, and transmits the modulated symbol. A receiver receives a modulated symbol that conveys a distinct value, and recovers the distinct value using stored mappings.

Abstract: An apparatus comprises a frequency accumulator to produce a frequency ramp, and a symbol modulator to receive symbols and to add to the frequency ramp frequency offsets representative of the symbols, to produce a modulated frequency ramp for a modulated chirp. The apparatus includes a spreading factor controller to control a roll-over rate of the modulated frequency ramp responsive to spreading factor and frequency bandwidth control signals, to control a spreading factor and a frequency bandwidth of the modulated chirp. The apparatus includes a center frequency controller to control a center frequency of the modulated frequency ramp responsive to a center frequency control signal. The apparatus includes a phase accumulator to accumulate frequency samples of the modulated frequency ramp to produce phase samples corresponding to the modulated chirp, and a vector rotator to rotate the phase samples based on an input vector to produce a modulated chirp.

Abstract: The present invention provides a cable TV broadband access system with distributed deployment and centralized control, which comprises: a system terminal end, configured to receive and transmit uplink and downlink service data, and receive and respond to access control data and management control data; a system access end, configured to implement data format transformation and data forwarding or processing for said uplink and downlink service data, said access control data and said management control data of said system terminal end, and transmit, receive and respond to management control data of said system access end; a system head end, configured to implement management control and access control for said system access end and said system terminal end, and process, converge and forward said uplink and downlink service data.

Abstract: The system receives a list of one or more name prefixes associated with an original name, wherein the original name corresponds to an original root manifest that indicates a set of original content objects and includes a set of content object hash (COH) values for the indicated set of original content objects, and wherein the original root manifest is registered with a tracking service. Based on a name prefix from the list, the system receives the original root manifest and selects a peer node that stores one or more of the original content objects. The system determines which original content objects are stored at the selected peer node and generates an interest for an original content object, wherein the name for the interest includes the name prefix, and wherein the third interest includes a COH value for an original content object stored at the selected peer node.

Abstract: An object-forwarding device can block a malicious Content Object from being inserted into an Interest's reverse path over a named data network. During operation, the device can receive a Content Object via a first interface, and can perform a lookup operation in a Pending Interest Table (PIT) to identify a PIT entry for an Interest associated with the Content Object. The device then determines, from the PIT entry, an egress interface used to forward the Interest. If the device determines that the egress interface of the PIT entry matches the first interface for the Content Object, the device forwards the Content Object via a return interface specified in the PIT entry. On the other hand, if the egress interface of the PIT entry does not match the first interface for the Content Object, the device can block the Content Object.

Abstract: One embodiment provides a system that facilitates forwarding of packets with variable length names. During operation, the system receives a packet with a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level. The system performs a longest prefix match lookup by selecting an entry from a first data structure of entries. The entries indicate a name component, forwarding information for the name component, and a plurality of entry identifiers that chain an entry to another entry. If a size of the name component is less than or equal to a predetermined threshold, the system selects an entry based on the name component. If the size is greater, the system selects an entry based on a compressed key which can be a hash of the name component. The system also resolves collisions associated with the selected entry.

Abstract: One embodiment provides a system that facilitates a content requesting device to handle a potential timeout event. During operation, the system receives, by a content producing device, a packet that corresponds to a first Interest message from a content requesting device, where the first Interest includes a name. Responsive to determining that additional time is required to generate a matching Content Object for the first Interest, the system generates a notification message which indicates a time period after which a second Interest is to be sent out by the content requesting device. The name for the second Interest can be the same as the name for the first Interest or a new name as indicated in the notification message. The system transmits the notification message to the content requesting device, thereby facilitating the content requesting device to handle a potential timeout event.

Abstract: One embodiment of the present invention provides a system for ranking content popularity in a content-centric network (CCN) content cache. During operation, the system receives an interest in a piece of content stored in the content cache, services the interest by accessing the piece of content, updates a service rate associated with the piece of content, updates system-wide service rate statistics, and determines a popularity level associated with the piece of content based on the updated service rate and the updated system-wide service rate statistics.

Abstract: One embodiment of the present invention provides a system for delivering a content piece over a network using a set of reconstructable objects. During operation, the system obtains a metadata file that includes a set of rules; generates the set of reconstructable objects for the content piece based on the set of rules included in the metadata file; cryptographically signs the set of reconstructable objects to obtain a set of signed reconstructable objects; and delivers, over the network, the set of signed reconstructable objects along with the metadata file to a recipient, thereby enabling the recipient to extract and store a copy of the content piece and then to reconstruct the set of signed reconstructable objects from the stored copy of the content piece and the metadata file.

Abstract: An object-forwarding device can block a malicious Content Object from being inserted into an Interest's reverse path over a named data network. During operation, the device can receive a Content Object via a first interface, and can perform a lookup operation in a Pending Interest Table (PIT) to identify a PIT entry for an Interest associated with the Content Object. The device then determines, from the PIT entry, an egress interface used to forward the Interest. If the device determines that the egress interface of the PIT entry matches the first interface for the Content Object, the device forwards the Content Object via a return interface specified in the PIT entry. On the other hand, if the egress interface of the PIT entry does not match the first interface for the Content Object, the device can block the Content Object.

Abstract: The system receives a list of one or more name prefixes associated with an original name, wherein the original name corresponds to an original root manifest that indicates a set of original content objects and includes a set of content object hash (COH) values for the indicated set of original content objects, and wherein the original root manifest is registered with a tracking service. Based on a name prefix from the list, the system receives the original root manifest and selects a peer node that stores one or more of the original content objects. The system determines which original content objects are stored at the selected peer node and generates an interest for an original content object, wherein the name for the interest includes the name prefix, and wherein the third interest includes a COH value for an original content object stored at the selected peer node.

Abstract: One embodiment provides a system that facilitates forwarding of packets with variable length names. During operation, the system receives a packet with a hierarchically structured variable length identifier (HSVLI) which comprises contiguous name components ordered from a most general level to a most specific level. The system performs a longest prefix match lookup by selecting an entry from a first data structure of entries. The entries indicate a name component, forwarding information for the name component, and a plurality of entry identifiers that chain an entry to another entry. If a size of the name component is less than or equal to a predetermined threshold, the system selects an entry based on the name component. If the size is greater, the system selects an entry based on a compressed key which can be a hash of the name component. The system also resolves collisions associated with the selected entry.

Abstract: One embodiment provides a system that facilitates a content requesting device to handle a potential timeout event. During operation, the system receives, by a content producing device, a packet that corresponds to a first Interest message from a content requesting device, where the first Interest includes a name. Responsive to determining that additional time is required to generate a matching Content Object for the first Interest, the system generates a notification message which indicates a time period after which a second Interest is to be sent out by the content requesting device. The name for the second Interest can be the same as the name for the first Interest or a new name as indicated in the notification message. The system transmits the notification message to the content requesting device, thereby facilitating the content requesting device to handle a potential timeout event.

Abstract: Apparatus, methods and logic for vehicles to determine vehicle to vehicle (V2V) safety message transmission rates for transmitting V2V safety messages based on how frequently the vehicles actually need to exchange safety messages, including factors such as vehicle velocities, distances among vehicles, and on how quickly the inter-vehicle distances are closing up. The determined V2V safety message transmission rates are selectively dynamically adjusted in accordance with detected significant changes in one or more of the inter-vehicle distances or inter-vehicle speeds. To avoid needless frequent changes to the transmission rate, statistical modeling techniques including hypothesis testing and sequential change detection are selectively used to more accurately detect significant changes in inter-vehicle distances or inter-vehicle speeds that warrant a change to the message transmission rate.

Abstract: The trustworthiness of vehicle-to-vehicle (V2V) messages received from one or more associated vehicles in the vicinity of a subject vehicle is determined autonomously by a false signal detection system of the subject vehicle. Physical evidence relating to the associated vehicles is collected, and a statistical model is used to perform an analysis of the collected data. A V2V message is received by the system from a first one of the associated vehicles and a trustworthiness level of the message is determined in accordance with a correlation between the received V2V message and the result of the analyzed physical data relating to the first associated vehicle. The correlation may be a comparison of data contained in the received V2V message relative to a result of a stochastic analysis of the physical data. The received V2V message may be any V2V safety message including Emergency Electronic Brake Light (EEBL) messages.

Abstract: The present invention generally relates to a method for describing network events in a service aware network (“SAN”). In addition, the present invention relates to software that performs the method and has a programming model containing protocol libraries, abstract protocol messages declarations, and network events. The method and software enable a user to define basic as well as complex network events in the application, presentation, session, transport and/or network layers of a communication model, which result in internet protocol (“IP”) level triggers or other triggers. Such triggers will result in actions which may be applicable in all layers of a communication model up to the highest layer. As a result, the method and software allow a user to describe a hierarchy of high level network events through a hierarchy of lower level events. In addition, a development system and an apparatus which utilizes the method and software are also provided.

Abstract: A filter in a DOCSIS bridge performs IP Filtering of incoming Ethernet packets in hardware. The filter includes a parser circuit which, in hardware, parses each of the incoming Ethernet packets and then utilizes the parsed information in combination with a content-addressable memory (CAM) that stores filtering information, to filter and route the incoming Ethernet packets. Detailed statistical data may also be generated to provide information on the type of filtering being performed by the DOCSIS bridge.