Abstract: Systems and methods are provided for quantum-resistant secure key distribution between a peer and an EAP authenticator by using an authentication server. The systems and methods include receiving requests for a COMMON-SEED and a quantum-safe public key from a peer and an EAP authenticator. The COMMON-SEED is encrypted using the quantum-safe public key of the peer and the quantum-safe public key of the EAP authenticator, and the encrypted COMMON-SEED is sent to the peer along with a request for a PPK_ID from the peer to complete authentication of the peer. The PPK_ID is received from the peer, and the encrypted COMMON-SEED and PPK_ID is sent to the EAP authenticator. A quantum-resistant secure channel is established between the peer and the EAP authenticator when the peer and the EAP authenticator share the same COMMON-SEED and the same PPK-ID.

Abstract: Systems and methods are provided for quantum-resistant secure key distribution between a peer and an EAP authenticator by using an authentication server. The systems and methods include receiving requests for a COMMON-SEED and a quantum-safe public key from a peer and an EAP authenticator. The COMMON-SEED is encrypted using the quantum-safe public key of the peer and the quantum-safe public key of the EAP authenticator, and the encrypted COMMON-SEED is sent to the peer along with a request for a PPK ID from the peer to complete authentication of the peer. The PPK ID is received from the peer, and the encrypted COMMON-SEED and PPK ID is sent to the EAP authenticator. A quantum-resistant secure channel is established between the peer and the EAP authenticator when the peer and the EAP authenticator share the same COMMON-SEED and the same PPK-ID.

Abstract: Systems and methods are provided for quantum-resistant secure key distribution between a peer and an EAP authenticator by using an authentication server. The systems and methods include receiving requests for a COMMON-SEED and a quantum-safe public key from a peer and an EAP authenticator. The COMMON-SEED is encrypted using the quantum-safe public key of the peer and the quantum-safe public key of the EAP authenticator, and the encrypted COMMON-SEED is sent to the peer along with a request for a PPK_ID from the peer to complete authentication of the peer. The PPK_ID is received from the peer, and the encrypted COMMON-SEED and PPK_ID is sent to the EAP authenticator. A quantum-resistant secure channel is established between the peer and the EAP authenticator when the peer and the EAP authenticator share the same COMMON-SEED and the same PPK-ID.

Abstract: According to one or more embodiments of the disclosure, a device obtains, from a service connector of a first organization, event data for an event regarding shipment of one or more physical assets between organizations. The device identifies, based on the event data, a response policy associated with the event. The device identifies, based on the response policy, a second organization that is affected by the event. The device sends a notification regarding the event to a service connector of the second organization to initiate a corrective action for the event.

Abstract: A method is provided for quantum-resistant secure key distribution between a peer and an extendible authentication protocol (EAP) authenticator by using an authentication server. The method may include receiving requests for a COMMON-SEED and a McEliece public key from a peer and an EAP authenticator by an authentication server using an EAP method, encrypting the COMMON-SEED using the McEliece public key of the peer and the McEliece public key of the EAP authenticator by the authentication server, and sending the encrypted COMMON-SEED from the authentication server to the peer along with a request for a PPK_ID from the peer using the EAP method to complete authentication of the peer. The method may also include receiving the PPK_ID from the peer using the EAP method, where the PPK_ID is from a key pair consisting of PPK_ID and PPK obtained from a first SKS server in electrical communication with the peer based upon the encrypted COMMON-SEED.

Abstract: Presented herein are methodologies for establishing secure communications in a post-quantum computer context. The methodology includes receiving, from a first communications device, at a second communications device, a secret seed value, or otherwise obtaining the secret seed value; initializing a session key service with the secret seed value; receiving, from the first communications device, at the second communications device, a pre-shared key identifier; querying the session key service for a pre-shared key corresponding the pre-shared key identifier; receiving, from the session key service, the pre-shared key; deriving a session key based, at least in part, on the pre-shared key; receiving from the first communications device, at the second communications device, data encrypted with the session key; and decrypting the data at the second communications device using the session key.

Abstract: A first computing node configures for communication with a second computing node according to a secure Media Access Layer (MAC) layer communication protocol. The first computing node transmits a first message, to the second computing node. The first message includes at least a first indication that the first computing node is capable of communicating according to the secure MAC layer communication protocol based on a pre-shared secret key. The first computing nodes determines to communicate with the second computing node according to the secure MAC layer communication protocol based on one of a pre-shared secret key or a distributed shared key. The first computing node, at least in part based on the determining, transmits a second message to the second computing node according to the secure MAC layer communication protocol based on the one of the pre-shared secret key or the distributed shared key.

Abstract: A first computing node configures for communication with a second computing node according to a secure Media Access Layer (MAC) layer communication protocol. The first computing node transmits a first message, to the second computing node. The first message includes at least a first indication that the first computing node is capable of communicating according to the secure MAC layer communication protocol based on a pre-shared secret key. The first computing nodes determines to communicate with the second computing node according to the secure MAC layer communication protocol based on one of a pre-shared secret key or a distributed shared key. The first computing node, at least in part based on the determining, transmits a second message to the second computing node according to the secure MAC layer communication protocol based on the one of the pre-shared secret key or the distributed shared key.

Abstract: Systems, methods, and computer-readable for managing an Internet of Things (IoT) network include identifying an IoT device which is not connected to one or more communication layers of a IoT network, where the IoT network includes one or more intermediate nodes for connecting an IoT application to the IoT device. A virtual device is provided in at least one communication layer of at least one intermediate node, where the virtual device is used for modeling behavior of the IoT device. Using the virtual device as a proxy for the IoT device, operations at the at least one intermediate node while the IoT device is not connected to the at least one layer. The operations can include Operations, Administration, and Maintenance (OAM) functions. The virtual device can be withdrawn or disabled in the at least one intermediate node upon the IoT device establishing connection to the at least one layer.

Abstract: Presented herein are methodologies for establishing secure communications in a post-quantum computer context. The methodology includes receiving, from a first communications device, at a second communications device, a secret seed value, or otherwise obtaining the secret seed value; initializing a session key service with the secret seed value; receiving, from the first communications device, at the second communications device, a pre-shared key identifier; querying the session key service for a pre-shared key corresponding the pre-shared key identifier; receiving, from the session key service, the pre-shared key; deriving a session key based, at least in part, on the pre-shared key; receiving from the first communications device, at the second communications device, data encrypted with the session key; and decrypting the data at the second communications device using the session key.

Abstract: Systems, methods, and computer-readable media for Operations, Administration, and Maintenance (OAM) in Internet of Things (IoT) network include an maintaining a list of one or more IoT devices connected to an IoT gateway in the IoT network. At least a subset of the one or more IoT devices are classified as belonging to an active list based on receiving traffic from at least the subset of the one or more IoT devices, and OAM probes are suppressed to at least the subset of the one or more IoT devices in the active list. A message can be received in response to the OAM probe from the at least one IoT device, and upon receiving the message, the at least one IoT device is classified as belonging to the active list.

Abstract: Systems, methods, and computer-readable media for Operations, Administration, and Maintenance (OAM) in Internet of Things (IoT) network include an maintaining a list of one or more IoT devices connected to an IoT gateway in the IoT network. At least a subset of the one or more IoT devices are classified as belonging to an active list based on receiving traffic from at least the subset of the one or more IoT devices, and OAM probes are suppressed to at least the subset of the one or more IoT devices in the active list. A message can be received in response to the OAM probe from the at least one IoT device, and upon receiving the message, the at least one IoT device is classified as belonging to the active list.

Abstract: Systems, methods, and computer-readable for managing an Internet of Things (IoT) network include identifying an IoT device which is not connected to one or more communication layers of a IoT network, where the IoT network includes one or more intermediate nodes for connecting an IoT application to the IoT device. A virtual device is provided in at least one communication layer of at least one intermediate node, where the virtual device is used for modeling behavior of the IoT device. Using the virtual device as a proxy for the IoT device, operations at the at least one intermediate node while the IoT device is not connected to the at least one layer. The operations can include Operations, Administration, and Maintenance (OAM) functions. The virtual device can be withdrawn or disabled in the at least one intermediate node upon the IoT device establishing connection to the at least one layer.

Abstract: In one embodiment, a broker device receives device-identifying data to identify a device in a computer network. An ontology associated with the device-identifying data is then identified by the broker device and in response to identifying the ontology, interpretation instructions related to the identified ontology are determined. The broker device receives data from the identified device and interprets the received data based on the interpretation instructions.

Abstract: In one embodiment, a broker device receives device-identifying data to identify a device in a computer network. An ontology associated with the device-identifying data is then identified by the broker device and in response to identifying the ontology, interpretation instructions related to the identified ontology are determined. The broker device receives data from the identified device and interprets the received data based on the interpretation instructions.

Abstract: Various systems and methods for integrating ring-protocol-compatible devices into network configurations that also include non-ring-protocol-compatible devices are disclosed. One such method, which can be performed by a network node that supports a ring protocol, involves generating a ring protocol packet and sending that ring protocol packet to a neighboring node. The ring protocol packet includes information, and the presence of this information within the packet causes a network device that receives the ring protocol packet to drop the ring protocol packet unless the network device supports a ring protocol. The information can include a reserved address (e.g., in the destination address field of the packet) as well as a ring protocol identifier.

Abstract: A method is provided in one example embodiment and includes receiving by a first network element a data packet associated with a subscriber. The method further includes determining a level of radio congestion currently experienced by the subscriber and encapsulating the data packet in accordance with a first protocol, the encapsulating comprising adding a header to the data packet, the header including an extension header that includes a congestion level indicator (“CLI”) indicative of the determined level of radio congestion. The encapsulated data packet is forwarded to a second network element. The extension header further includes an indication of whether the radio congestion currently experienced by the subscriber is in an uplink direction or a downlink direction.

Abstract: Various systems and method of preventing data traffic connectivity between endpoints of a network segment are disclosed. One method involves receiving a segment protocol message from a first segment port within a network segment, which includes a plurality of network devices. In response to receipt of the segment protocol message, which can indicate whether connectivity is present between the segment endpoints via the network segment, a second segment port can be operated in a blocked state. Operating the second segment port in the blocked state prevents data plane connectivity via the network segment.

Abstract: A method is provided in one example embodiment and includes generating a test port in a network environment, positioning the test port on a network element, associating the test port with a bridge domain, and configuring a maintenance point (MP) on the test port. The method further includes using the MP on the test port for connectivity fault management (CFM) operations at a test level.

Abstract: Various systems and methods for implementing virtual ports within ring networks are disclosed. For example, one method involves allocating a logical port that corresponds to a first port and a second port and instantiating a spanning tree protocol instance. The first port and the second port are both assigned to a first ring network. The spanning tree protocol instance selectively blocks the logical port; however, the spanning tree protocol instance is unable to block the first port independently of blocking the second port. Events (e.g., link failures and recoveries) that occur within the ring network are communicated to spanning tree by transitioning the state of the logical port in response to receiving a ring protocol control packet. The spanning tree protocol instance initiates a bridge protocol data unit (BPDU) exchange from the logical port in response to a transition in the state of the logical port.