Abstract: In one embodiment, a device may obtain a media topology of nodes involved in a collaboration session. The device may cause each of a plurality of probes to be provisioned to a corresponding node of the nodes involved in the collaboration session to perform a test of a corresponding segment of the media topology, and each of the plurality of probes may be associated to a session identifier of the collaboration session. The device may determine observability information based on results of the plurality of probes for each segment of the media topology, and the results may include an indication of the session identifier. The device may correlate the observability information to the collaboration session based on the indication of the session identifier.

Abstract: In one embodiment, a first deep fusion reasoning engine (DFRE) agent in a network receives first sensor data from a first set of one or more sensors in the network. The first DFRE agent translates the first sensor data into symbolic data. The first DFRE agent applies, using a symbolic knowledge base maintained by the first DFRE agent, symbolic reasoning to the symbolic data to make an inference regarding the first sensor data. The first DFRE agent updates, based on the inference regarding the first sensor data, the knowledge base. The first DFRE agent propagates the inference to one or more other DFRE agents in the network.

Abstract: Differentiated service in a federation-based access network is provided by receiving, with a request for access to a wireless network offering at least a two different service levels based on user identities, a set of user credentials from a User Equipment (UE); forwarding, for authentication, the set of user credentials to an identity provider in an identity federation with the wireless network, wherein the identity provider is independent from the wireless network; in response to determining that the set of user credentials indicate a realm known to be associated with a given service level, providing network access to the UE according to the given service level; and in response to determining that the given service level is not a highest service level in the wireless network, transmitting a list of preferred realms to the UE that are associated with higher service levels than the given service level.

Abstract: An authorization device obtains a registration request associated with an end device, the registration request including a new randomized media access control (MAC) address associated with the end device; determines whether the end device is authorized to use the new randomized MAC address; transmits a message to the end device with a first randomly generated number when it is determined that the end device is authorized to use the new randomized MAC address; obtains integrity information associated with the end device, the first integrity information being computed based on the first randomly generated number; transmits a request to a validation system to validate the end device based on the first integrity information; obtains an indication that the end device is validated; determines policies associated with the end device when it is determined that the end device is validated; and applies the policies to the end device.

Abstract: In one embodiment, an illustrative method herein may comprise: obtaining, by a device, a plurality of indications of errors experienced by a bot performing tasks, wherein each of the plurality of indications includes contextual information of a corresponding error; determining, by the device, correlated errors among the errors experienced by the bot; aggregating, by the device, contextual information of each of the correlated errors into aggregated contextual data; and providing, by the device, the aggregated contextual data with an error notification for a particular correlated error.

Abstract: In one embodiment, a service chain data packet is instrumented as it is communicated among network nodes in a network providing service-level and/or networking operations visibility. The service chain data packet includes a particular header identifying a service group defining one or more service functions, and is a data packet and not a probe packet. A network node adds networking and/or service-layer operations data to the particular service chain data packet, such as, but not limited to, in the particular header. Such networking operations data includes a performance metric or attribute related to the transport of the particular service chain packet in the network. Such service-layer operations data includes a performance metric or attribute related to the service-level processing of the particular service chain data packet in the network.

Abstract: Presented herein are techniques to shield transmissions from being received and the information contained in them recovered by unwanted devices. Multi-user multiple-input multiple-output (MU-MIMO) techniques are employed, and in particular the spatial dimension aspects of those techniques. Shield nodes are controlled to transmit in a way to obscure the downlink streams transmitted by a wireless access point that are intended for a particular client device to anything outside of the shielded area, and also to obscure uplink streams from one or more client devices to the wireless access point to anything outside of the shielded area but allowing the uplink streams to be well received by the wireless access point.

Abstract: Federated multi-access edge computing availability notifications may be provided by: transmitting, from a User Equipment (UE) to a node of a wireless network of a federated service, an attach request for the wireless network that includes authentication credentials for an independent identity provider in an identity federation, wherein the independent identity provider is external and independent from the wireless network and used to authenticate the UE to the wireless network; forwarding, from the node to the independent identity provider, the authentication credentials; transmitting, from the independent identity provider to the node, an authentication success message; receiving, at the UE via the node, the authentication success message; transmitting, from the UE to the node, a Multi-access Edge Computing (MEC) query; and receiving, at the UE from the node, a MEC response that identifies MEC resources that are available to the UE.

Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.

Abstract: Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet.

Abstract: In one embodiment, a service chain data packet is instrumented as it is communicated among network nodes in a network providing service-level and/or networking operations visibility. The service chain data packet includes a particular header identifying a service group defining one or more service functions, and is a data packet and not a probe packet. A network node adds networking and/or service-layer operations data to the particular service chain data packet, such as, but not limited to, in the particular header. Such networking operations data includes a performance metric or attribute related to the transport of the particular service chain packet in the network. Such service-layer operations data includes a performance metric or attribute related to the service-level processing of the particular service chain data packet in the network.

Abstract: Aspects presented herein relate to methods and devices for graphics processing including an apparatus, e.g., a GPU. The apparatus may obtain an indication of a BVH structure including a plurality of nodes, wherein the BVH structure is associated with geometry data for a plurality of primitives in a scene, wherein each of the plurality of nodes is associated with one or more primitives, where a first level BVH includes a set of first nodes and a second level BVH includes a set of second nodes. The apparatus may also allocate information for a plurality of second nodes in the set of second nodes to at least one first node in the set of first nodes. Further, the apparatus may store the allocated information for the plurality of second nodes in the set of second nodes in the at least one first node in the set of first nodes.

Abstract: In one embodiment, a device obtains transaction data regarding a transaction attempted by a client of an online application within the online application. The transaction data is captured by instrumentation code inserted into the online application at runtime. The device identifies, based on the transaction data, traffic in a network associated with the transaction. The device associates, based on the transaction data, a measure of importance with the traffic. The device causes the traffic to be sent by a networking device in the network according to its associated measure of importance.

Abstract: Methods are provided to perform a name resolution triggered monitoring agent selection for full stack observability. The methods involve obtaining a name resolution request for an enterprise service to be accessed by an endpoint device. A plurality of service instances are configured to provide the enterprise service. The methods further involve determining, based on the name resolution request, a monitoring agent from a plurality of monitoring agents of a monitoring service that monitors performance of the enterprise service and selecting a service instance, from the plurality of service instances, that is associated with the monitoring agent in a name resolution record. The methods further involve providing, to the endpoint device, location information for accessing the service instance and provisioning the monitoring agent to monitor the performance of the enterprise service executed by the service instance for the endpoint device.

Abstract: In one embodiment, a method herein comprises: establishing, by a process, a virtual private network connection (VPN connection) with a particular VPN gateway; requesting, by the process, observability monitoring through the particular VPN gateway, wherein requesting results in a controller being informed about the particular VPN gateway and a domain of the particular VPN gateway; receiving, by the process, test specifics from the controller based on the particular VPN gateway and the domain of the particular VPN gateway; and executing, by the process, one or more tests to the particular VPN gateway based on the test specifics.

Abstract: Presented herein are techniques to facilitate infrastructure and policy orchestration in a shared workspace network environment. In one example, a method may include obtaining, by a service broker, a reservation request from a consumer network for a consumer, wherein the reservation request seeks a reservation to reserve, at least in part, at least one workspace device for the consumer for a workspace for a particular day and a particular time period; based on determining that the at least one workspace device is available, providing a response to the consumer network that includes a first indicator for identifying the reservation of the workspace and at least one second indicator identifying the at least one workspace device; and upon receiving a session request from the consumer network that includes the second indicator, establishing a management tunnel to interconnect the consumer network and the at least one workspace device via the service broker.

Abstract: The present disclosure includes methods, systems, and non-transitory computer-readable media for validating data in a data structure used for forwarding packets by a network device comprising sending a data packet probe identifying a destination and including a segment ID, wherein the segment ID maps to a first interpretation by a receiving router to perform an action on the data packet probe to rewrite a portion of a destination address in a header of the data packet probe, and to redirect the data packet probe to the network device that initiated the data packet probe.

Abstract: Techniques are described for classification-based data security management. The classification-based data security management can include utilizing device and/or data attributes to identify security modes for communication of data stored in a source device. The security modes can be identified based on a hybrid-encryption negotiation. The attributes can include a device resource availability value, an access trust score, a data confidentiality score, a geo-coordinates value, and/or a date/time value. The security modes can include a hybrid-encryption mode. The source device can utilize the hybrid-encryption mode to transmit the data, via one or more network nodes, such as an edge node, to one or more service nodes.

Abstract: This disclosure describes techniques for authentication using wearable devices. An example method includes determining that a user is wearing a secondary device; determining that the secondary device has detected a signal output by a primary device; determining that the user has confirmed an authentication factor output by the primary device; and enabling the user to access a secured resource via the primary device.

Abstract: This disclosure provides systems, devices, apparatus, and methods, including computer programs encoded on storage media, for runtime optimization of the shader execution flow. A graphics processor may obtain instruction execution data associated with a graphics workload, the instruction execution data including graphics data for a set of shader operations. The graphics processor may configure, at a first iteration, at least one predication value based on the instruction execution data including the graphics data for the set of shader operations. The graphics processor may adjust, at a second iteration, an execution flow of the graphics workload based on the configured at least one predication value, the execution flow of the graphics workload including the set of shader operations. The graphics processor may execute or refrain from executing, at the second iteration, each of the set of shader operations based on the adjusted execution flow of the graphics workload.