Abstract: Methods are provided which involve obtaining information about a distributed ledger instance associated with an enterprise and generating at least one announcement that advertises a presence of the distributed ledger instance based on the information. The methods further involve providing the at least one announcement to one or more network devices associated with other distributed ledger instances to provide visibility of the distributed ledger instance to the other distributed ledger instances.

Abstract: The present disclosure is directed to migrating network traffic from a licensed spectrum to an unlicensed spectrum within the same radio access technology (RAT). In one aspect, a method includes identifying a user device connected to a cellular wireless access technology, over a licensed spectrum; determining whether a condition for switching network traffic associated with the user device to an unlicensed spectrum is triggered; in response to determining that the condition is triggered, determining an unlicensed spectrum to move the network traffic to, the unlicensed spectrum being within a same cell as the licensed spectrum or in a different cell compared to a cell in which the licensed spectrum is; and migrating at least a portion of the network traffic to the unlicensed spectrum while maintaining network connectivity of the user device over the cellular wireless access technology.

Abstract: This disclosure describes techniques for performing domain name system (DNS) support on public resolvers. For instance, an electronic device may send a query to a local DNS resolver. The electronic device may then receive an answer from the local DNS resolver that includes a pattern. Using the answer, the electronic device may generate a DNS packet that includes at least the answer and a query for a first Internet Protocol (IP) address associated with a first IP version, such as IPv6. The electronic device may then send the DNS packet to a public DNS resolver. Using the DNS packet, the public DNS resolver may generate a synthesized IP address associated with the first IP version. For example, the public DNS resolver may identify a second IP address associated with a second IP version, such as IPv4, and generate the synthesized IP address using the second IP address and the answer.

Abstract: The present disclosure describes systems and methods for associating a client device with an edge server. The method includes receiving by each of a plurality of cloud servers a signal from a client device requesting a resource provided by the plurality of cloud servers. Each of the cloud servers then calculates a distance between each cloud server and the client device, and an approximate location of the client device may be determined based on the calculated distance and the known location of the cloud servers. Using the approximate location of the client device, at least one of a plurality of edge servers that are located within a predetermined distance of the client device is identified by the cloud server, and the cloud server or client device may choose one of the identified edge servers through which the client device may be associated to communicate with the cloud server.

Abstract: A quantum resistant method is provided for supporting user equipment (UE) roaming across APs/eNBs/gNBs belonging to various Wireless LAN Controllers (WLCs) in enterprise 5G and WiFi co-located deployments. The method may include initializing a SKS server in an electrical communication with a master WLC with a random post-quantum common secret seed (PQSEED) to generate a post-quantum pre-shared key (PQPSK) and a respective PQPSK-ID. The method may also include sending an encrypted PQSEED along with a PQPSK-ID to a second WLC. The method may further include joining AP (WiFi) to the master WLC using a CAPWAP/DTLS protocol. The method may further include sending the PQPSK-ID from the master WLC to the UE in an EAP success packet when the UE is associated with the AP (WiFi).

Abstract: Systems, methods, and computer-readable media are provided for performing secure frame encryption as a service. For instance, a network device can receive a first request for encrypting a first media stream associated with a first endpoint. In response to the first request, the network device can obtain a first encryption key for encrypting the first media stream associated with the first endpoint. The network device can receive, from the first endpoint, a first plurality of media frames corresponding to the first media stream and encrypt each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames. The network device can packetize the first plurality of encrypted media frames into a first plurality of data packets for transmission to a second endpoint.

Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.

Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.

Abstract: Zero-trust dynamic discovery in provided by identifying a plurality of endpoints, including targets and initiators, connected to a software defined network, wherein the targets are provided on the software defined network according to a network addressable memory standard that lacks a native discovery service; grouping the targets into a plurality of target groups and the initiators into a plurality of initiator groups; and in response to receiving a discovery request from a given initiator grouped in a given initiator group of the plurality of initiator groups, returning addressing information for a target group of the plurality of target groups associated with the given initiator group in a security policy configuration for the software defined network.

Abstract: Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.

Abstract: In one embodiment, a device obtains location data indicative of a location of a mobile system relative to a base station of a wireless network. The device predicts, based on the location data, a drop in received signal strength indicator as the mobile system approaches the base station. The device determines, based on the drop in received signal strength indicator or throughput that will occur as the mobile system approaches the base station. The device prevents the mobile system from communicating with the base station during the ban.

Abstract: Techniques and mechanisms for managing a set of data network nodes in a Network Management System (NMS). In some examples, a network orchestrator receives a first service request to trigger a first service transaction to re-configure the set of data nodes in the data network, and trigger, the first service transaction to re-configure the set of data nodes. In some examples, the network orchestrator receives a second service request to trigger a second service transaction to re-configure the set of data nodes. The orchestrator determines whether the second service transaction conflicts with the first service transaction that is currently running. If the second service transaction does not conflict with the first service, it triggers processing the second service. If the second service transaction does conflict with the first service transaction, it delays from processing the second service transaction.

Abstract: Establishing an expected transmit time at which a network interface controller (NIC) is expected to transmit a next packet. Enqueuing, with the NIC and before the expected transmit time, a packet P1 to be transmitted at the expected transmit time. Upon enqueuing P1, incrementing the expected transmit time by an expected transmit duration of P1. Transmitting at the NIC's line rate and timestamping enqueued P1 with its actual transmit time. Adjusting the expected transmit time by a difference between P1's actual transmit and P1's expected transmit time. Requesting, before completion of transmitting P1, to transmit a P2 at time t(P2). Enqueuing, in sequence, zero or more P0, such that the current expected transmit time plus the duration of the transmission of the P0s at the line rate equals t(P2). Transmitting at the line rate each enqueued P0. Upon enqueuing each P0, incrementing, for each P0, the expected transmit time by the expected transmit duration of the P0.

Abstract: A neural network architecture search may be conducted by a controller to generate a neural network. The controller may perform the search by generating a directed acyclic graph across nodes in a search space, the nodes representing compute operations for a neural network. As the search is performed, the controller may retrieve resource availability information to modify the likelihood of a generated neural network architecture including previously unused nodes.

Abstract: In one embodiment, a method includes transmitting power in a power and data distribution system comprising at least two pairs of wires, negotiating a power level between Power Sourcing Equipment (PSE) and a Powered Device (PD) in the power and data distribution system, transmitting the power at a power level greater than 100 watts, periodically checking each of the wires for a fault, and checking for an electrical imbalance at the wires.

Abstract: Systems, methods, and devices are disclosed for cognitive collaboration systems on a hybrid node. A query is received by a virtual assistant running on a public cloud, and it is determined whether the query pertains to data available on a public cloud resource, or the query pertains to data available on a private cloud resource. When it is determined that the query pertains to the data available on the public cloud resource, the query is interpreted by using a first model trained on at least one machine learning technique on data from the public cloud. When it is determined that the query pertains to the data available on the private cloud resource, the query is interpreted by using a second model trained on at least one machine learning technique on the data from the private cloud.

Abstract: A method, computer system, and computer program product are provided for managing content items, including tracking and/or updating content items. A content item is received from an author. A key is associated with the content item. Based on the key, a user is identified who is presenting the content item in a communication session. In response to determining that the author has updated the content item, the user is notified that an updated version of the content item is available for presentation in the communication session.

Abstract: Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.

Abstract: Wireless dynamic file exchange is provided by, in response to a triggering network condition occurring, initiating an exchange of a parameter file including non-layer two content via a 802.11 message, such as a Generic Advertisement Service (GAS) message between an access point (AP) and a station (STA) connected to the AP; and in response to determining that the exchange was unsuccessful, terminating a connection between the AP and the STA. The parameter file may be sent over several messages and update the parameters for a new session or an existing session. Devices that do not conform to the updated parameters may be disassociated from the AP and re-connect to receive and implement the updated parameters.