Abstract: In one embodiment, upon detection of a mobile device within a proximity of a video conference endpoint and authentication of the mobile device at a server managing the video conference endpoint, the server may receive information regarding a camera of the mobile device. The server may then receive the output of the camera from the mobile device. Finally, after receiving the output of the camera, the server may send the output of the camera to the video conference endpoint as part of media to be presented by the video conference endpoint. The server may also send the output of the camera to one or more other endpoints participating in a video conference managed by the server.

Abstract: In one embodiment, methods are described for recovering lost customer premises equipment (CPE) information on a cable modem termination system (CMTS) in the presence of only Dynamic Host Control Protocol Version 6 (DHCPv6) CONFIRM. A CMTS purges routing information for an Internet Protocol Version 6 (IPv6) node, such as a CPE router, in response to detecting an interface reset for the IPv6 node. IPv6 addresses and prefixes information for the IPv6 node is gleaned from a DHCPv6 CONFIRM message received from the IPv6 node. By sending portions of the IPv6 addresses and prefixes information within a DHCPv6 LEASEQUERY message, a DHCPv6 CONFIRM message with an embedded DHCPv6 LEASEQUERY message, or a DHCPv6 CONFIRM message with an Interface-ID option, a reply message can be received that contains the purged routing information for the IPv6 node.

Abstract: A mobile device obtains data to be wirelessly transmitted over a shared spectrum in an uplink channel to a base station. The uplink channel is formatted with a frame/subframe structure with a predetermined timing. The mobile device determines whether the shared spectrum is free for transmission according to a Listen Before Transmit procedure. When the shared spectrum is free for transmission, the mobile device selects a start time in the uplink channel that mitigates interference from other mobile devices in proximity to the mobile device. Beginning at the start time, the mobile device transmits the data over the shared spectrum in the uplink channel to the base station.

Abstract: One embodiment provides a system that facilitates routable prefix queries in a CCN. During operation, the system generates, by a client computing device, a query for one or more indices based on a name for an interest, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. An index indicates a number of the contiguous name components beginning from the most general level that represent a routable prefix needed to route the interest to a content producing device that can satisfy the interest. In response to the query, the system receives the one or more indices, which allows the client computing device to determine a remaining number of name components of the interest name which can be encrypted, thereby facilitating protection of private communication in a content centric network.

Abstract: In one embodiment, a device in a network receives packet arrival information for a packet from a neighbor of the device in the network. The packet arrival information indicates a likelihood of the packet being received by a target node that is moving in the network were the packet forwarded by the neighbor to the target node. The device forwards the packet to the target node based on a determination that the device has a higher likelihood of the packet being received by target node were the packet forwarded by the device to the target node than were the packet forwarded by the neighbor to the target node.

Abstract: Detecting network services based on network flow data is disclosed. Using a networking device, network flow data is obtained for a plurality of endpoints of a telecommunications network. Each endpoint of the plurality of endpoints is uniquely described by data comprising an IP address, a port, and a communication protocol. For each endpoint of a set of at least one endpoint selected from the plurality of endpoints, a plurality of peers of the endpoint is determined by detecting communication between the endpoint and the plurality of peers based on the network flow data. For each peer of a set of peers selected from the plurality of peers, a difference between a number of peers of the endpoint and a number of peers of said each peer is determined based on the network flow data. It is determined if the endpoint is a service based on the difference determined for each peer of the set of peers. Network management is performed based on the determination of whether the endpoint is a service.

Abstract: In one embodiment, a controller instructs an unmanned aerial vehicle (UAV) docked to a landing perch to perform a pre-flight test operation of a pre-flight test routine. The controller receives sensor data associated with the pre-flight test operation from one or more force sensors of the landing perch, in response to the UAV performing the pre-flight test operation. The controller determines whether the sensor data associated with the pre-flight test operation is within an acceptable range. The controller causes the UAV to launch from the landing perch based in part on a determination that UAV has passed the pre-flight test routine.

Abstract: A system for naming a process being monitored that handles a requesting a framework such as a .NET framework. The process may be implemented by a .NET application framework within an IIS web server. The naming system allows for user readable names which are more than just numbers or indexes. The naming system is configured from a single location rather than from multiple locations, making it much easier to configure, change and update.

Abstract: A method for providing authoritative application-based routing and an improved application firewall, as well as a method for application classification, is described. The first embodiment, which provides a method for authoritative application-based routing, comprises tagging packets with an application identifier, and pushing the tagged packets to the network to enable the application identifier to be used in routing and priority decisions. In the second embodiment, a method for improving application firewall comprises using the application identifier to minimize the amount of processing required by the firewall when analyzing packet information.

Abstract: A network security device (NSD) is connected between a network and an endpoint device configured to host a client application. The client application communicates with the network through the network security device using a request-response protocol. The NSD receives from the client application a request destined for the network and that seeks a response from the network. The request has a context header including context information about the client application. The NSD determines whether the client application or a file accessed thereby has a suspicious nature based on the context information. If it is determined that the client application or the file accessed thereby has a suspicious nature, the NSD blocks the request from the network, and sends to the client application a response indicating the block.

Abstract: A computing device providing a network service to a service area may receive a connection request from a user device and generate a session start request to start a user session in a service domain covering the service area. One or more policy rules may be evaluated to determine whether any rule is applicable to the user device, which includes determining that an authoritative user session has already been established in the service domain. The user session may be established in the service domain for the user device, and at least one permission for access to a controlled network resource may be associated with the user session based on the determination that the authoritative user session has already been established. A request from the user device to access the controlled network resource may be received and access to the controlled network resource may be granted.

Abstract: Presented herein are techniques to measure latency associated with packets that are processed within a network device. A packet is received at a component of a network device comprising one or more components. A timestamp representing a time of arrival of the packet at a first point in the network device is associated with the packet. The timestamp is generated with respect to a clock of the network device. A latency value for the packet is computed based on at least one of the timestamp and current time of arrival at a second point in the network device. One or more latency statistics are updated based on the latency value.

Abstract: Establishing an MCEE logical structure relating tenant resources of a tenant site, first non-tenant cloud resources at a first non-tenant cloud site, and second non-tenant cloud resources at a second non-tenant site. Mapping the MCEE logical structure nodes to a segmented end-to-end virtual network structure (E2E-VNS) such that the resources at each node of the MCEE logical structure is in a separate virtual network of the E2E-VNS. Establishing an extension and isolation (EXI) domain in the MCEE logical structure associating at least one node of the tenant resources with at least one node of the first non-tenant cloud and at least one node of the second non-tenant cloud. Connecting for network communications, the E2E-VNS virtual networks of the nodes of the EXI domain for isolation of the resources of the nodes of the EXI domain from the other resources of the MCEE logical structure in an EXI virtual network.

Abstract: In one embodiment, a method includes receiving capability information from an end host at a centralized security matrix in communication with a firewall and a plurality of end hosts, verifying at the centralized security matrix, a trust level of the end host, assigning at the centralized security matrix, a firewall function to the end host based on the trust level and capability information, and notifying the firewall of the firewall function assigned to the end host. Firewall functions are offloaded from the firewall to the end hosts by the centralized security matrix. An apparatus and logic are also disclosed herein.

Abstract: Embodiments disclosed herein generally relate to a dipole antenna having an hourglass shaped coupler. The antenna generally includes two conductive layers, each having a first portion and a second portion of conductive material. The first portion may be connected to a first trace in the first layer, and a width of the first portion flares out from a connection point to the first trace in a first direction. The second portion may be electrically isolated from the first trace and a width of the second portion flares out from a location closest to the first portion in a second direction. In certain embodiments, the second direction is opposite the first direction.

Abstract: An administrator can define or modify one or more service graphs. Next, the administrator can register service appliances along with their device package files with a controller. Then, the controller can establish the capabilities of the service devices, and classify the service devices as legacy or service tag switching (STS) capable devices. Then, the controller can create one or more instances of the service graph, by populating the service nodes into the service graph. Then, the application owner can attach their endpoint groups (EPGs) to the service graphs created by the administrator. Then, a service in the network can be automatically provisioned using the service graph to configure one or more nodes in an associated service chain of the service according to information in the service graph.

Abstract: A system and method for achieving authorization in confidential group communications in terms of an ordered list of data blocks representing a tamper-resistant chronological account of group membership updates. This method permits ad-hoc and decentralized group definition, dynamic and decentralized membership updates, open sharing, tamper resistance, and tracking of membership history. There are many applications of these techniques. One such application is enabling end-to-end encryption of instant messaging, content sharing, and streamed media.

Abstract: One embodiment provides a system in a first node that facilitates efficient packet forwarding. During operation, the system stores, in a storage device in a first node, a static dictionary comprising a mapping between a type and length (TL) string and a byte-aligned compressed replacement string. The system encodes the byte-aligned compressed replacement string based on an encoding technique to generate a bit-aligned encoded replacement string and stores a mapping between the encoded replacement string and the TL string in an encoded dictionary. If the system identifies the TL string in a packet, the system replaces the TL string with the encoded replacement string and transmits the packet to a second node storing the encoded dictionary in a local storage device, thereby facilitating bit-aligned compression of a TL string.

Abstract: Presented herein are zero-downtime upgrade techniques for cloud connector/extension software components. In particular, an on-premises node that runs a first version of a cloud connector software component, receives a second version of the cloud connector software component from a cloud-based software platform. The second version of the cloud connector software component is installed and initialized at the on-premises node such that the first and second versions of the cloud connector software component run in parallel at the on-premises node. Management of the subscriptions of the on-premises services to the cloud-based software platform is then transferred from the first version of the cloud connector software component to the second version of the cloud connector software component.

Abstract: Systems and methods are provided that allow inter-working between communication networks for the delivery of service to mobile nodes. A gateway is provided that communicates with a femto cell to extend service to an area that otherwise does not receive coverage from a service provider. The femto cell is a small scale base station used to provide coverage over a small area (such as a home or business), and connect to a home or enterprise network. The femto cell provides service for a mobile node and a gateway permits communication over a broadband network. The gateway integrates the mobile nodes connecting via a femto cell into the service provider's network. The gateway also allows provisioning of services and applications, control of service levels, and provides seamless handoffs to marco base stations and other types of access technologies such as Wi-Fi.