Abstract: This disclosure is directed to network optimization in a complex joint network for increasing the network utility of the complex joint network. A computing device in the complex joint network may receive a data flow via a complex joint network. The computing device may determine, based on a network template, a mission utility associated with the data flow and a traffic class associated with the data flow. The computing device may control one or more quality of service decisions based at least in part on the mission utility associated with the data flow and the traffic class associated with the data flow.

Abstract: Disclosed herein are embodiments of a cloud data synchronization system enabling an user operating a mobile client device to download mission-specific data sets from a fixed cloud-based server system to a database of the mobile client device, and then use the downloaded data sets independently on the mobile client device when the mobile client device is disconnected from a network connecting to the fixed cloud-based server system. When connectivity to the fixed cloud-based server system is re-established by the mobile client device in an intermittent and bandwidth-limited communication network environment, the fixed cloud-based server system may provide bi-directional data synchronization between records of the fixed cloud-based server system and the mobile client device to update the data sets on the fixed cloud-based server system and the mobile client device while operating in the intermittent and bandwidth-limited communication network environment.

Abstract: This disclosure is directed to monitoring a crypto-partitioned, or cipher-text, wide-area network (WAN). A first computing device may be situated in a plain-text portion of a first enclave behind a first inline network encryptor (INE). A second device may be positioned in a plain-text portion of a second enclave behind a second INE. The two enclaves may be separated by a cipher-text WAN, over which the two enclaved may communicate. The first computing device may receive a data packet from the second computing device. The first computing device may then determine contents of a header of the data packet. The first computing device may, based at least in part on the contents of the header of the data packet, determine a status of the cipher-text WAN.

Abstract: In general, the techniques of this disclosure describe a system for secure serverless authentication. An authenticator node of the system may receive indications of values of authentication factors associated with an entity. The authenticator node may hash the values of the authentication factors to generate double hashed values of the authentication factors. The authenticator node may compare the double hashed values of the authentication factors with trusted authentication information that is encoded in entity credentials associated with the entity. The authenticator node may determine, based at least in part on comparing the double hashed values of the authentication factors with the trusted authentication information, whether the entity is a trusted entity.

Abstract: This disclosure is directed to network optimization in a complex joint network for increasing the network utility of the complex joint network. A computing device in the complex joint network may receive a data flow via a complex joint network. The computing device may determine, based on a network template, a mission utility associated with the data flow and a traffic class associated with the data flow. The computing device may control one or more quality of service decisions based at least in part on the mission utility associated with the data flow and the traffic class associated with the data flow.

Abstract: Disclosed herein are embodiments of a cloud data synchronization system enabling an user operating a mobile client device to download mission-specific data sets from a fixed cloud-based server system to a database of the mobile client device, and then use the downloaded data sets independently on the mobile client device when the mobile client device is disconnected from a network connecting to the fixed cloud-based server system. When connectivity to the fixed cloud-based server system is re-established by the mobile client device in an intermittent and bandwidth-limited communication network environment, the fixed cloud-based server system may provide bi-directional data synchronization between records of the fixed cloud-based server system and the mobile client device to update the data sets on the fixed cloud-based server system and the mobile client device while operating in the intermittent and bandwidth-limited communication network environment.

Abstract: This disclosure is directed to network optimization in a complex joint network for increasing the network utility of the complex joint network. A computing device in the complex joint network may receive a data flow via a complex joint network. The computing device may determine, based on a network template, a mission utility associated with the data flow and a traffic class associated with the data flow. The computing device may control one or more quality of service decisions based at least in part on the mission utility associated with the data flow and the traffic class associated with the data flow.

Abstract: This disclosure is directed to monitoring a crypto-partitioned, or cipher-text, wide-area network (WAN). A first computing device may be situated in a plain-text portion of a first enclave behind a first inline network encryptor (INE). A second device may be positioned in a plain-text portion of a second enclave behind a second INE. The two enclaves may be separated by a cipher-text WAN, over which the two enclaved may communicate. The first computing device may receive a data packet from the second computing device. The first computing device may then determine contents of a header of the data packet. The first computing device may, based at least in part on the contents of the header of the data packet, determine a status of the cipher-text WAN.

Abstract: This disclosure is directed to monitoring a crypto-partitioned, or cipher-text, wide-area network (WAN). A first computing device may be situated in a plain-text portion of a first enclave behind a first inline network encryptor (INE). A second device may be positioned in a plain-text portion of a second enclave behind a second INE. The two enclaves may be separated by a cipher-text WAN, over which the two enclaved may communicate. The first computing device may receive a data packet from the second computing device. The first computing device may then determine contents of a header of the data packet. The first computing device may, based at least in part on the contents of the header of the data packet, determine a status of the cipher-text WAN.

Abstract: Disclosed herein are embodiments of a cloud data synchronization system enabling an user operating a mobile client device to download mission-specific data sets from a fixed cloud-based server system to a database of the mobile client device, and then use the downloaded data sets independently on the mobile client device when the mobile client device is disconnected from a network connecting to the fixed cloud-based server system. When connectivity to the fixed cloud-based server system is re-established by the mobile client device in an intermittent and bandwidth-limited communication network environment, the fixed cloud-based server system may provide bi-directional data synchronization between records of the fixed cloud-based server system and the mobile client device to update the data sets on the fixed cloud-based server system and the mobile client device while operating in the intermittent and bandwidth-limited communication network environment.

Abstract: In general, the techniques of this disclosure describe a computing device that is configured to verify an identity of a user based on authentication factors received from multiple authentication devices. The computing device, which may be configured to operate as a server device, may receive an authentication factor from at least three authentication devices in a group of three or more authentication devices via a guard device. The computing device may determine a probability that the respective user of each respective authentication device is a particular trusted user based on the received authentication factors. If the probability exceeds a threshold authentication probability, the computing device may send an authentication confirmation to a client device.

Abstract: In general, the techniques of this disclosure describe a hub device that is configured to receive data packets from both secured client devices and non-secured client devices. The hub device may send the data packets from the secured client devices to a host device. For the data packets from the non-secured client devices, the hub device may first process the data packets to ensure the integrity of the received non-secure data packets and then send the non-secure data packets to the host device once the hub device determines that the non-secure data packets meet some threshold level of integrity.

Abstract: Disclosed herein are embodiments of a cloud data synchronization system enabling an user operating a mobile client device to download mission-specific data sets from a fixed cloud-based server system to a database of the mobile client device, and then use the downloaded data sets independently on the mobile client device when the mobile client device is disconnected from a network connecting to the fixed cloud-based server system. When connectivity to the fixed cloud-based server system is re-established by the mobile client device in an intermittent and bandwidth-limited communication network environment, the fixed cloud-based server system may provide bi-directional data synchronization between records of the fixed cloud-based server system and the mobile client device to update the data sets on the fixed cloud-based server system and the mobile client device while operating in the intermittent and bandwidth-limited communication network environment.

Abstract: This disclosure is directed to monitoring a crypto-partitioned, or cipher-text, wide-area network (WAN). A first computing device may be situated in a plain-text portion of a first enclave behind a first inline network encryptor (INE). A second device may be positioned in a plain-text portion of a second enclave behind a second INE. The two enclaves may be separated by a cipher-text WAN, over which the two enclaved may communicate. The first computing device may receive a data packet from the second computing device. The first computing device may then determine contents of a header of the data packet. The first computing device may, based at least in part on the contents of the header of the data packet, determine a status of the cipher-text WAN.

Abstract: A method of routing an Internet Protocol (IP) packet from a routing device is provided. The method includes receiving a first IP packet having a first IP header and a first IP data field, the first IP packet having a final destination corresponding to a destination device communicatively coupled to the routing device via a network route including at least two hops between the routing device and the final destination. A second IP packet having a second IP header and a second IP data field is generated. The second IP data field is a copy of the first IP data field, and a destination IP address field in the second IP header includes an IP address of a next hop on the network route. The second IP packet does not include an IP address of the final destination in the second IP header.

Abstract: A method of routing a packet from a routing device includes receiving a first packet having a first header and a first data field. The first header has a final destination corresponding to a destination device communicatively coupled to the routing device via at least two parallel network links. A second packet having a second header and a second data field is sent over the first network link. The second data field is identical to the first data field. A destination address in the second header corresponds to a device on a first of the parallel network links. A third packet having a third header and a third data field is sent over the second network link. The third data field is identical to the first data field. a destination address in the third header corresponds to a device on a second of the parallel network links.

Abstract: This disclosure is directed to monitoring a crypto-partitioned, or cipher-text, wide-area network (WAN). A first computing device may be situated in a plain-text portion of a first enclave behind a first inline network encryptor (INE). A second device may be positioned in a plain-text portion of a second enclave behind a second INE. The two enclaves may be separated by a cipher-text WAN, over which the two enclaved may communicate. The first computing device may receive a data packet from the second computing device. The first computing device may then determine contents of a header of the data packet. The first computing device may, based at least in part on the contents of the header of the data packet, determine a status of the cipher-text WAN.

Abstract: A method of routing an Internet Protocol (IP) packet from a routing device is provided. The method includes receiving a first IP packet having a first IP header and a first IP data field, the first IP packet having a final destination corresponding to a destination device communicatively coupled to the routing device via a network route including at least two hops between the routing device and the final destination. A second IP packet having a second IP header and a second IP data field is generated. The second IP data field is a copy of the first IP data field, and a destination IP address field in the second IP header includes an IP address of a next hop on the network route. The second IP packet does not include an IP address of the final destination in the second IP header.

Abstract: Disclosed herein are embodiments of a cloud data synchronization system enabling an user operating a mobile client device to download mission-specific data sets from a fixed cloud-based server system to a database of the mobile client device, and then use the downloaded data sets independently on the mobile client device when the mobile client device is disconnected from a network connecting to the fixed cloud-based server system. When connectivity to the fixed cloud-based server system is re-established by the mobile client device in an intermittent and bandwidth-limited communication network environment, the fixed cloud-based server system may provide bi-directional data synchronization between records of the fixed cloud-based server system and the mobile client device to update the data sets on the fixed cloud-based server system and the mobile client device while operating in the intermittent and bandwidth-limited communication network environment.

Abstract: This disclosure describes a context aware scalable dynamic network whereby network information concerning network elements in an untrusted (Black) network are gathered by network sensors, stored at a network sensor collector, and sent to another network sensor collector in a trusted (Red) network through a one-way guard. At the Red network, the network information from the Black network may be combined with network information from one or more Red networks. The combined network information may then be used to visualize a cross-domain network topology of both Red and Black networks, and to implement network management functions.