Abstract: Various systems and methods are described for implementing cloud-to-edge (C2E) security are disclosed, including systems and methods for the execution of various workloads that are distributed among multiple edge computing nodes. An example technique for managing distributed workloads includes: identifying characteristics of a distributed workload from an execution of the distributed workload, for a distributed workload that is partitioned among multiple computing nodes; evaluating a trust status of the distributed workload in response to a change in the execution of the distributed workload, including verifying resources to execute the distributed workload and verifying security policies associated with the resources; and controlling the execution of the distributed workload among the multiple computing nodes, based on the characteristics and the evaluated trust status.

Abstract: A service coordinating entity device includes communications circuitry to communicate with a first access network, processing circuitry, and a memory device. The processing circuitry is to perform operations to, in response to a request for establishing a connection with a user equipment (UE) in a second access network, retrieve a first Trusted Level Agreement (TLA) including trust attributes associated with the first access network. One or more exchanges of the trust attributes of the first TLA and trust attributes of a second TLA associated with the second access network are performed using a computing service executing on the service coordinating entity. A common TLA with trust attributes associated with communications between the first and second access networks is generated based on the exchanges. Data traffic is routed from the first access network to the UE in the second access network based on the trust attributes of the common TLA.

Abstract: Various systems and methods for establishing network connectivity and onboarding for Internet of Things (IoT) devices and trusted platforms, including in Open Connectivity Foundation (OCF) specification device deployments, are discussed. In an example, a zero touch owner transfer method includes operations of: receiving a first request from a new device for network access to begin an onboarding procedure with a network platform; transmitting credentials of a first network to the new device, the first network used to access a rendezvous server and obtain onboarding information associated with the network platform; receiving a second request from the new device for network access to continue the onboarding procedure; and transmitting credentials of a second network to the new device, as the new device uses the second network to access the onboarding server of the network platform and perform or complete the onboarding procedure with the network platform.

Abstract: Various systems and methods for network optimization or bandwidth conservation may use plugin migration or mirroring to access a plugin utilizing a first network protocol in the cloud. A cloud-based plugin allows for routing optimization to leverage resource directory from the first network protocol to provide discovery or access to the plugin. The plugin may be used when a device operating the first network protocol communicates with a device operating a second, different, network protocol.

Abstract: Various systems and methods for establishing network connectivity and onboarding for Internet of Things (IoT) devices and trusted platforms, including in Open Connectivity Foundation (OCF) specification device deployments, are discussed. In an example, a zero touch owner transfer method includes operations of: receiving a first request from a new device for network access to begin an onboarding procedure with a network platform; transmitting credentials of a first network to the new device, the first network used to access a rendezvous server and obtain onboarding information associated with the network platform; receiving a second request from the new device for network access to continue the onboarding procedure; and transmitting credentials of a second network to the new device, as the new device uses the second network to access the onboarding server of the network platform and perform or complete the onboarding procedure with the network platform.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for secure, low end-user effort computing device configuration. In some examples the IoT device is configured via a user's computing device over a short range wireless link of a first type. This short range wireless communication may use a connection establishment that does not require end-user input. For example, the end user will not have to enter, or confirm a PIN number or other authentication information such as usernames and/or passwords. This allows configuration to involve less user input. In some examples, to prevent man-in-the-middle attacks, the power of a transmitter in the IoT device that transmits the short range wireless link is reduced during a configuration procedure so that the range of the transmissions to and from the user's computing device are reduced to a short distance.

Abstract: Various systems and methods for implementing intent-based cluster administration are described herein. An orchestrator system includes: a processor; and memory to store instructions, which when executed by the processor, cause the orchestrator system to: receive, at the orchestrator system, an administrative intent-based service level objective (SLO) for an infrastructure configuration of an infrastructure; map the administrative intent-based SLO to a set of imperative policies; deploy the set of imperative policies to the infrastructure; monitor performance of the infrastructure; detect non-compliance with the set of imperative policies; and modify the administrative intent-based SLO to generate a revised set of imperative policies that cause the performance of the infrastructure to be compliant with the revised set of imperative policies.

Abstract: Various systems and methods for implementing intent-based orchestration in heterogenous compute platforms are described herein. An orchestration system is configured to: receive, at the orchestration system, a workload request for a workload, the workload request including an intent-based service level objective (SLO); generate rules for resource allocation based on the workload request; generate a deployment plan using the rules for resource allocation and the intent-based SLO; deploy the workload using the deployment plan; monitor performance of the workload using real-time telemetry; and modify the rules for resource allocation and the deployment plan based on the real-time telemetry.

Abstract: Various systems and methods for reactive intent-driven end-to-end (E2E) orchestration are described herein.

Abstract: Various systems and methods for implementing reputation management and intent-based security mechanisms are described herein.

Abstract: System and techniques for radio resource scheduling are described herein. A network request may be received at a first network interface of a gateway device. Here, the network request includes an information request to multiple devices connected to the gateway device via a second network interface. A transmission schedule may be created for the multiple devices that is contention free. The transmission schedule may be propagated to the multiple devices. Information responsive to the information request may be received from the multiple devices according to the transmission schedule. The network request may be fulfilled with the information.

Abstract: Disclosed is an environment including a device (105) for creating a computing system. The device (105) includes circuitry (120), a first network interface (110), and a second network interface (115). The device (105) may be a gateway. The processing circuitry (120) is arranged to receive a system definition pertaining to a first network. The first network may include OCF clients (140), such as a home automation control panel (140B) or a remote monitor (140A). The OCF clients (140) may communicate to the device (105) using OCF conventions. The system definition includes function identifiers and pertains to the first network. The system definition parameterizes the functions via the function identifiers of the system. Preferably, the first network operates in accordance with the OCF (Open Connectivity Foundation) family of standards. The system definition may be an OCF collection. Here, the function identifiers include the resources linked or batched by the OCF collection.

Abstract: System and techniques for device discovery described herein. A gateway device may initiate discovery in a self-organizing network attached to a first network interface of the gateway device. The gateway device may include a second network interface attached to a network that has a discovery protocol different than that of the self-organizing network. A reply from a node in the self-organizing network may be received in response to the discovery. A device class may be extracted from the reply. Here, the device class corresponds to the node and is selected from a set of device classes defined for the network. A mapping between the second network interface and the first network interface based on the device class may be registered. A response to a query from the network may be completed using the mapping.

Abstract: A service coordinating entity device includes communications circuitry to communicate with a first access network, processing circuitry, and a memory device. The processing circuitry is to perform operations to, in response to a request for establishing a connection with a user equipment (UE) in a second access network, retrieve a first Trusted Level Agreement (TLA) including trust attributes associated with the first access network. One or more exchanges of the trust attributes of the first TLA and trust attributes of a second TLA associated with the second access network are performed using a computing service executing on the service coordinating entity. A common TLA with trust attributes associated with communications between the first and second access networks is generated based on the exchanges. Data traffic is routed from the first access network to the UE in the second access network based on the trust attributes of the common TLA.

Abstract: System and techniques for hands-free deployment of geographically linked applications are described herein. A radio transceiver of a vehicle may detect a beacon. Here, the beacon includes an indication that an application linked to a geographical area covered by the beacon is available. The vehicle may establish a secure communications link with an application server corresponding to the beacon and receive, through the secure communications link, an application. Then, the vehicle may execute the application in a protected execution environment without intervention by a user of the vehicle.

Abstract: System and techniques for device discovery described herein. A gateway device may initiate discovery in a self-organizing network attached to a first network interface of the gateway device. The gateway device may include a second network interface attached to a network that has a discovery protocol different than that of the self-organizing network. A reply from a node in the self-organizing network may be received in response to the discovery. A device class may be extracted from the reply. Here, the device class corresponds to the node and is selected from a set of device classes defined for the network. A mapping between the second network interface and the first network interface based on the device class may be registered. A response to a query from the network may be completed using the mapping.

Abstract: A service coordinating entity device includes communications circuitry to communicate with a first access network, processing circuitry, and a memory device. The processing circuitry is to perform operations to, in response to a request for establishing a connection with a user equipment (UE) in a second access network, retrieve a first Trusted Level Agreement (TLA) including trust attributes associated with the first access network. One or more exchanges of the trust attributes of the first TLA and trust attributes of a second TLA associated with the second access network are performed using a computing service executing on the service coordinating entity. A common TLA with trust attributes associated with communications between the first and second access networks is generated based on the exchanges. Data traffic is routed from the first access network to the UE in the second access network based on the trust attributes of the common TLA.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for secure, low end-user effort computing device configuration. In some examples the IoT device is configured via a user's computing device over a short range wireless link of a first type. This short range wireless communication may use a connection establishment that does not require end-user input. For example, the end user will not have to enter, or confirm a PIN number or other authentication information such as usernames and/or passwords. This allows configuration to involve less user input. In some examples, to prevent man-in-the-middle attacks, the power of a transmitter in the IoT device that transmits the short range wireless link is reduced during a configuration procedure so that the range of the transmissions to and from the user's computing device are reduced to a short distance.

Abstract: Various systems and methods for establishing network connectivity and onboarding for Internet of Things (IoT) devices and trusted platforms, including in Open Connectivity Foundation (OCF) specification device deployments, are discussed. In an example, a zero touch owner transfer method includes operations of: receiving a first request from a new device for network access to begin an onboarding procedure with a network platform; transmitting credentials of a first network to the new device, the first network used to access a rendezvous server and obtain onboarding information associated with the network platform; receiving a second request from the new device for network access to continue the onboarding procedure; and transmitting credentials of a second network to the new device, as the new device uses the second network to access the onboarding server of the network platform and perform or complete the onboarding procedure with the network platform.

Abstract: Disclosed is an environment including a device (105) for creating a computing system. The device (105) includes circuitry (120), a first network interface (110), and a second network interface (115). The device (105) may be a gateway. The processing circuitry (120) is arranged to receive a system definition pertaining to a first network. The first network may include OCF clients (140), such as a home automation control panel (140B) or a remote monitor (140A). The OCF clients (140) may communicate to the device (105) using OCF conventions. The system definition includes function identifiers and pertains to the first network. The system definition parameterizes the functions via the function identifiers of the system. Preferably, the first network operates in accordance with the OCF (Open Connectivity Foundation) family of standards. The system definition may be an OCF collection. Here, the function identifiers include the resources linked or batched by the OCF collection.