Abstract: In one embodiment, a gateway device receives, from a centralized broker device, a data-access policy for a given computer network, the data-access policy defining which of one or more accessing entities are granted access to specific elements of data within the given computer network. When the gateway device then receives, from a particular accessing entity, a request for one or more particular elements of data from within the given computer network, it may determine, based on the data-access policy, whether the particular accessing entity has been granted access to each of the one or more particular elements of data of the request. As such, the gateway device may prevent access for the particular accessing entity to any of the one or more particular elements of the data request to which the particular accessing entity has not been granted access.

Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.

Abstract: Embodiments herein describe techniques for testing optical components in a photonic chip using a testing structure disposed in a sacrificial region of a wafer. In one embodiment, the wafer is processed to form multiple photonic chips integrated into the wafer. While forming optical components in the photonic chips (e.g., modulators, detectors, waveguides, etc.), a testing structure can be formed in one or more sacrificial regions in the wafer. In one embodiment, the testing structure is arranged near an edge coupler in the photonic chip such that an optical signal can be transferred between the photonic chip and the testing structure. Moreover, the testing structure has a grating coupler disposed at or near a top surface of the wafer which permits optical signals to be transmitted into, or received from, the grating coupler when an optical probe is arranged above the grating coupler.

Abstract: A method in one embodiment includes intercepting a message in an on-board unit (OBU) of a vehicular network environment between a source and a receiver in the vehicular network environment, verifying the message is sent from the source, verifying the message is not altered, evaluating a set of source flow control policies associated with the source, and blocking the message if the set of source flow control policies indicate the message is not permitted. In specific embodiments, the message is not permitted if a level of access assigned to the source in the set of source flow control policies does not match a level of access tagged on the message. In further embodiments, the method includes evaluating a set of receiver flow control policies associated with the receiver, and blocking the message if the set of receiver flow control policies indicates the message is not permitted.

Abstract: Techniques are presented for defining, for an online conference session, a plurality of pages, which may be preconfigured, based on information received from a moderating participant having administrative privileges for the conference session, each page corresponding to a discussion topic of a text-based conversation. A request is received from the moderating participant to select one of the plurality of pages. After a page has been selected, the selected page is synchronized such that the selected page is displayed to the moderating participant and each of the one or more other participants, and subsequent text-based communications are displayed in the display area of the selected page.

Abstract: An identity management and initialization scheme, along with a naming scheme for a transport stack and its components, facilitates directly addressing each component in the transport stack. During operation, the system receives, by a forwarder, a packet that corresponds to an interest, where the interest includes a name. In response to determining that the interest is destined for a component of a stack of communication modules, the forwarder sends the interest to the destined component based on the name for the interest, where the stack does not require a respective communication module to communicate only with a layer above or below thereof. In response to determining that the interest is not destined for a component of the stack, the forwarder sends the interest to a network element based on the name for the interest. This facilitates directly addressing individual components of the stack.

Abstract: This disclosure pertains to augmenting metadata of a packet destined for service function chaining with application identifier information. The application identifier information can be added to the metadata of a packet service header (or, more specifically, a network service header). The packet can be exported to a statistics collector that can correlate statistical information about the application with statistical information about service functions applied to the packet, as well as other statistical information.

Abstract: A management entity generates for display multiple icons, each icon representing an actor or a resource in a networking environment, and defines a generic security policy by receiving user input in the form of a line drawn between a first icon representing an actor and a second icon representing a resource to control abilities between the actor and the resource. The management entity translates the generic security policy to multiple native security policies each of which is based on a corresponding one of multiple native policy models associated with corresponding ones of multiple security devices, and supply data descriptive of the multiple native security policies to the corresponding ones of the security devices to configure the corresponding ones of the security devices to implement the native security policies.

Abstract: Presented herein is an exemplified system and method that facilitate a point-to-point (P2P) service operation, via EVPN VPWS service tunnels, between customer edge nodes and provider edge nodes in a network infrastructure (e.g., a MPLS infrastructure). In particular, the exemplified system and method employ an EVPN BGP construct that facilitates multiplexing across large number of different physical interfaces, among multiple device manufacturers and vendors, while reducing signaling among the nodes, and being fully supportive of EVPN capabilities. In an embodiment, a method is disclosed that establishes VPWS Service service-tunnels, which is associated with an Ethernet virtual private network (EVPN) Ethernet Auto-Discovery (EAD) route identifies the service tunnel as being a VPWS-ID service, a single tag service, or a double tag service.

Abstract: In one embodiment, command message generation and execution using a machine code-instruction is performed. One embodiment includes a particular machine executing a single machine-code instruction including a reference into a command-message-building data structure stored in memory. This executing the single machine-code instruction includes generating a command message and initiating communication of the command message to a hardware accelerator, including copying command information from the command-message-building data structure based on the reference into the command message. The hardware accelerator receives and executes the command message. In one embodiment, the command message is message-switched from a processor to a hardware accelerator, such as, but not limited to, a memory controller, a table lookup unit, or a prefix lookup unit. In one embodiment, a plurality of threads share the command-message-building data structure.

Abstract: According to one or more embodiments of the disclosure, autonomous mobile sensor movement path simulation with an integrated developer environment (IDE) is shown and described. In one embodiment, a computer operates an Internet of Things (IoT) IDE having a virtualized map view illustrating a locational relationship between objects of an IoT application within a represented physical space, where a mobile sensor is virtually represented within the IoT IDE and is configured with navigation control logic affected by external influences and controlled according to the IoT application. Virtualized external influences may be modelled within the IoT IDE that represent physical external influences within the physical space, and the navigation control logic of the mobile sensor may be operated within the IoT IDE according to the IoT application, the virtually represented mobile sensor configured to navigate within the virtual space based on the navigation control logic reacting to the virtual external influences.

Abstract: A method is provided in one example embodiment and includes communicating a message from a network element to a remote data plane element in order to request a data plane resource for hosting a session for a particular subscriber. The remote data plane element is designated to host a data plane function for a particular mobile network subscriber and the data plane resource comprises at least one of memory space and processor allocation. The method further includes discovering nodes capable of supporting the control plane functions; discovering nodes capable of supporting the data plane functions for the session; and performing a system-specific internal configuration to support separation of the data plane functions and the control plane functions.

Abstract: In one embodiment, a timing slave packet switching device receives a received primary reference clock signal. The timing slave packet switching device communicates a first plurality of packet network synchronization packets over a packet switching network with a remote primary reference clock source and derives an over-network clock based on the first plurality of packet network synchronization packets. A phase offset between the phase of the over-network clock and the phase of the received primary reference clock signal is determined and typically stored in non-volatile storage. Subsequent to said determining the phase offset, the timing slave packet switching device communicates a second plurality of packet network synchronization packets over the packet switching network with the remote primary reference clock source and adjusts the phase of a clock derived from the second plurality of packet network synchronization packets based on the phase offset.

Abstract: Embodiments herein describe using a dual assess point (AP) to establish two access points that both are established by two individual radios (e.g., two 5 GHz radios). Generally, APs experience highly degraded performance when two co-located radios operate within the same band. In one embodiment, AP devices can deploy same band radios using a macro-micro cell approach. Thus, the AP may intelligently hand off client devices between the micro and macro cell in a way that optimizes the system for overall throughput and low packet latency while creating minimal oscillation of clients between cells. The embodiments in this disclosure disclose techniques that direct clients in a manner that optimizes these factors.

Abstract: In an embodiment, a method comprises initiating a monitoring session for a communication path including creating and storing monitoring session state data; sending, to a first responder computer of the communication path, a first request to initiate a first state servlet that is configured to monitor continuously during the monitoring session one or more characteristics of one or more processes that the first responder computer may perform; sending, to the first responder computer, monitoring instructions to monitor the one or more characteristics of the one or more processes; while the monitoring session is active and the first responder computer is in the communication path, receiving and collecting monitored information from the first responder computer; in response to determining that the first responder computer is not in the communication path or that the monitoring session has become inactive, automatically and autonomously ending the monitoring session.

Abstract: A system can include a controller that employs an application interface to create and manage resources for encoding or transcoding an input media asset. The resources can include a media splitter to divide the input media asset into a plurality of media blocks. A media analyzer can analyze separately media content in each of the media blocks to determine respective encoding parameters for each of the media blocks based on a complexity for each of the respective media blocks. A plurality of encoders can encode or transcode, in parallel with each other, each of the media blocks based on the determined encoding parameters to generate an encoded media file in a target format.

Abstract: Presented herein are techniques for filtering pixels during video coding and decoding operations. Similar operations are performed at a video encoder and a video decoder. For a target pixel in a block of a video frame represented by the encoded bit-stream, a value of the target pixel is compared with neighboring pixels to produce a plurality of comparison results. A particular offset value for the target pixel is derived based on the plurality of comparison results. The target pixel is filtered using the particular offset value. This process is performed for some or all of the pixels of blocks of a video frame.

Abstract: Presented herein are techniques for enabling the zero touch deployment of devices having an integrated wireless wide area network (WWAN) interface. In one example, a method includes initializing a device with a WWAN interface such that the device attaches to a WWAN, receiving, via the WWAN interface of the device, a data message that includes encrypted bootstrap configuration information, obtaining a key stored in a subscriber identification module (SIM) card of the WWAN interface, decrypting the encrypted bootstrap configuration information using the key, establishing communication with a remote server using the bootstrap configuration information and obtaining configuration data from the remote server, and performing self-configuration of the device using the configuration data.

Abstract: In one embodiment, a method includes receiving at a virtual controller operating at a network device, global parameters for a plurality of virtual machines located in a first network site and in communication with a second network site through a switch, converting at the virtual controller, the global parameters into global overlay network parameters, and transmitting the global overlay network parameters to the switch for use in automatically creating a global network overlay. The global overlay network parameters define an end-to-end network extending from the virtual machines in the first network site to a plurality of virtual machines in the second network site. An apparatus and logic are also disclosed herein.

Abstract: Presented herein are techniques for orchestrating an update of an on-premises cloud connector from a cloud-based software platform. In particular, a first version of a first cloud connector is running in an active-active configuration across first and second nodes in an on-premises cluster. The first cloud connector is associated with user subscriptions to a first on-premises application and the first cloud connector connects the first on-premises application to a first cloud service hosted at a cloud-based software platform application. The first cloud connector is updated from the first version to a second version on each of the first and second nodes in a sequential manner. The update of the first cloud connector from the first version to the second version is initiated at the cloud-based software platform.