Abstract: Systems, methods, and computer-readable media are provided for lattice routing across a plurality of routers. An example method can include receiving, by a first router of a lattice including a plurality of routers, an Internet Protocol packet including a source Internet Protocol prefix and an index number, where the plurality of routers of the lattice is indexed in a lattice index, and where the plurality of routers is configured to forward the Internet Protocol packet to routers of the plurality of routers based on the index number, shuffling, by the first router, the source Internet Protocol prefix, determining, by the first router and based on the index number, whether the first router is the egress router, and sending, by the first router, the Internet Protocol packet with a shuffled source Internet Protocol prefix to a next node.

Abstract: The disclosed technology addresses the need in the art for systems and methods of dynamic but stateless NAT encryption and decryption. The disclosed technology provides a robust encryption/decryption algorithm for concurrently obfuscating source and destination IPv6 addresses for SNAP deployments with 100% reversal and zero collisions, thereby providing protection to both the source and destination IPv6 simultaneously.

Abstract: Systems, methods, and computer-readable media are provided for lattice routing across a plurality of routers. An example method can include receiving, by a first router of a lattice including a plurality of routers, an Internet Protocol packet including a source Internet Protocol prefix and an index number, where the plurality of routers of the lattice is indexed in a lattice index, and where the plurality of routers is configured to forward the Internet Protocol packet to routers of the plurality of routers based on the index number, shuffling, by the first router, the source Internet Protocol prefix, determining, by the first router and based on the index number, whether the first router is the egress router, and sending, by the first router, the Internet Protocol packet with a shuffled source Internet Protocol prefix to a next node.

Abstract: The disclosed technology addresses the need in the art for systems and methods of dynamic but stateless NAT encryption and decryption. The disclosed technology provides a robust encryption/decryption algorithm for concurrently obfuscating source and destination IPv6 addresses for SNAP deployments with 100% reversal and zero collisions, thereby providing protection to both the source and destination IPv6 simultaneously.

Abstract: In one aspect, a method of IP obfuscation of a user device includes receiving, over an Extendible Authentication Protocol (EAP) session between a user device and a network access point, location preferences of the user device, generating, based on the location preferences or a network policy, a geohash for the user device, identifying, for the user device, an IP anchor, sending, over the EAP session, the geohash to the user device, and receiving, from the user device, network traffic, wherein the network access point utilizes the geohash and the IP anchor to route the network traffic for the user device and obfuscate IP address of the user device from third-party access.

Abstract: Stateless network address privacy may be provided. A data packing may be received with an obfuscated destination address and an un-obfuscated source address. An un-obfuscated destination address may be determined based on the obfuscated destination address. An obfuscated source address may be determined based on the un-obfuscated source address. The obfuscated destination address may be replaced with the un-obfuscated destination address and the un-obfuscated source address may be replaced with the obfuscated source address. The packet may be forwarded.

Abstract: The disclosed technology addresses the need in the art for systems and methods of dynamic but stateless NAT encryption and decryption. The disclosed technology provides a robust encryption/decryption algorithm for concurrently obfuscating source and destination IPv6 addresses for SNAP deployments with 100% reversal and zero collisions, thereby providing protection to both the source and destination IPv6 simultaneously.

Abstract: Described herein are devices, systems, methods, and processes for determining the geo-positions of access points (APs) in a wireless network. The techniques involve utilizing geo-positioning data including global navigation satellite system (GNSS) measurements, wireless local area network (WLAN) signal measurements, air pressure measurements, preexisting knowledge, or any combination thereof. The GNSS measurements may include pseudo range measurements. The WLAN signal measurements can include time of arrival (ToA), channel state information (CSI), and/or received signal strength indicator (RSSI) measurements. The geo-position of each AP is calculated by applying Bayes' theorem to all available geo-positioning data and selecting the geo-position hypothesis with the highest probability. The geo-positions of the APs can be updated when a new measurement is obtained. The techniques can handle diverse AP deployments including heterogeneous APs with varying sensor capabilities.

Abstract: Stateless network address privacy may be provided. A data packing may be received with an obfuscated destination address and an un-obfuscated source address. An un-obfuscated destination address may be determined based on the obfuscated destination address. An obfuscated source address may be determined based on the un-obfuscated source address. The obfuscated destination address may be replaced with the un-obfuscated destination address and the un-obfuscated source address may be replaced with the obfuscated source address. The packet may be forwarded.

Abstract: In one aspect, a method of IP obfuscation of a user device includes receiving, over an Extendible Authentication Protocol (EAP) session between a user device and a network access point, location preferences of the user device, generating, based on the location preferences or a network policy, a geohash for the user device, identifying, for the user device, an IP anchor, sending, over the EAP session, the geohash to the user device, and receiving, from the user device, network traffic, wherein the network access point utilizes the geohash and the IP anchor to route the network traffic for the user device and obfuscate IP address of the user device from third-party access.

Abstract: In one embodiment, a device in a serial network de-multiplexes a stream of traffic in the serial network into a plurality of data streams. A particular one of the data streams is associated with a particular endpoint in the serial network. The device determines that data from the particular data stream associated with the particular endpoint should be reported to an entity external to the serial network based on an event indicated by the data from the particular data stream. The device quantizes the data from the particular data stream. The device applies compression to the quantized data to form a compressed representation of the particular data stream. The applied compression is selected based on a data type associated with the data. The device sends a compressed representation of the particular data stream to the external entity as Internet Protocol (IP) traffic.

Abstract: Method and system for querying a collection of unstructured and semi-structured documents in a specified database to identify presence of, and provide context and/or content for, keywords and/or keyphrases. The documents are analyzed and assigned a node structure, including an ordered sequence of mutually exclusive node segments or strings. Each node has an associated set of at least four, five or six attributes with node information and can represent a format marker or text, with the last node in any node segment usually being a text node. A keyword (or keyphrase) query is specified, the query is converted to a statement that is recognized and respondeed to by the specified database, and the last node in each node segment is searched for a match with the keyword. When a match is found at a query node, or at a node determined with reference to a query node, the system displays the context and/or the content of the query node.