Abstract: Disclosed herein are systems, methods, and computer-readable media for enabling multi-factor authentication (MFA) for an Internet Of Things (IoT) device. In one aspect, a method includes receiving a network connection request from the IoT device to connect to a network. In one aspect, the method includes fetching authentication information for the device in response to the request. In one aspect, the method includes authenticating the device to the network. In one aspect, the method includes in response to the authentication of the device to the network, establishing a network connection between the IoT device and the network. In one aspect, the method includes applying the MFA policy. In one aspect, the method includes after successful compliance with the MFA policy establishing a session between the device and the application over the network.

Abstract: A method of transmitting an encrypted data packet includes, with a processor, in response to receiving the encrypted data packet, executing an extended Berkeley packet filter (eBPF) application at an express data path (XDP) hook point located within a kernel space, determining whether the encrypted data packet is to be processed via a trusted application (TA) within a trusted execution environment (TEE) based on an analysis by the eBPF application, and identifying application intelligence data defining packet forwarding decisions based on a manner in which the encrypted data packet is processed.

Abstract: In one embodiment, a method herein comprises: establishing, by a process, a virtual private network connection (VPN connection) with a particular VPN gateway; requesting, by the process, observability monitoring through the particular VPN gateway, wherein requesting results in a controller being informed about the particular VPN gateway and a domain of the particular VPN gateway; receiving, by the process, test specifics from the controller based on the particular VPN gateway and the domain of the particular VPN gateway; and executing, by the process, one or more tests to the particular VPN gateway based on the test specifics.

Abstract: Methods and a system described herein manage the power of IoTs and smart devices operating on a wireless network. When an access point coupled to the network receives a low power indication from a battery-powered IoT or smart device, it may take several actions in response. In one case, it extends the target wake time to become longer and longer to preserve the device's battery. In addition, the device changes its operation to conserve power. In another case, it provides power over the wireless network to the wireless device. The access point restores the target wake time when the device returns to a power-ok condition. The device resumes operation according to the parameters in effect before the low power condition occurs.

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for participating in a meeting through an application provider using application-specific network slices. A method includes transmitting a request to a mobile network operator (MNO) for setup of a data connection with a device for a meeting provided by an application provider; receiving allowed network slices for the data connection that are generated by the MNO for the meeting; identifying a network slice from the allowed network slices for the meeting based on one or more characteristics specific to the meeting; and establishing the data connection with the mobile network operator based on the network slice.

Abstract: In one embodiment, an illustrative method herein may comprise: determining, by a process, a tenant-specific policy for creation of low-code applications; dynamically computing, by the process and based on the tenant-specific policy and one or more parameters associated with a particular low-code application to be created, one or more injectable low-code tasks for the particular low-code application; determining, by the process, a plurality of selected injectable low-code tasks from the one or more injectable low-code tasks; and creating, by the process, the particular low-code application by injecting the plurality of selected injectable low-code tasks into the particular low-code application for execution.

Abstract: A call is conducted with a first device of a user, the first device lacking captions capability. A second device of the user is identified for receiving captions for the call from among a plurality of second devices of the user based on one or more from a group of distances of the second devices to a location of the first device, display quality of the second devices, status of the second devices, and user preferences for the second devices. An identified second device is joined to the call to receive the captions during the call conducted with the first device.

Abstract: Presented herein are techniques to facilitate dynamic virtual background image selection for a video collaboration session. In one example, a method may include storing each of a plurality of virtual background images for a first user of a video collaboration system in association with one or more keywords; and upon initiation of a video collaboration session for the first user, automatically providing a first virtual background image for the first user based, at least in part, on at least one of, a first context keyword for the session matching at least one keyword stored in association with the first image or scheduling information associated with the session. In one instance, the method automatically providing a second virtual background image for the first user based on a second context keyword obtained from a transcript of the session that matches at least one keyword stored in association with the second image.

Abstract: A method of transmitting an encrypted data packet includes, with a processor, in response to receiving the encrypted data packet, executing an extended Berkeley packet filter (eBPF) application at an express data path (XDP) hook point located within a kernel space, determining whether the encrypted data packet is to be processed via a trusted application (TA) within a trusted execution environment (TEE) based on an analysis by the eBPF application, and identifying application intelligence data defining packet forwarding decisions based on a manner in which the encrypted data packet is processed.

Abstract: Disclosed are systems, apparatuses, methods, and computer-readable media for participating in a meeting through an application provider using application-specific network slices. A method includes transmitting a request to a mobile network operator (MNO) for setup of a data connection with a device for a meeting provided by an application provider; receiving allowed network slices for the data connection that are generated by the MNO for the meeting; identifying a network slice from the allowed network slices for the meeting based on one or more characteristics specific to the meeting; and establishing the data connection with the mobile network operator based on the network slice.

Abstract: In one embodiment, a method herein comprises: establishing, by a process, a virtual private network connection (VPN connection) with a particular VPN gateway; requesting, by the process, observability monitoring through the particular VPN gateway, wherein requesting results in a controller being informed about the particular VPN gateway and a domain of the particular VPN gateway; receiving, by the process, test specifics from the controller based on the particular VPN gateway and the domain of the particular VPN gateway; and executing, by the process, one or more tests to the particular VPN gateway based on the test specifics.

Abstract: In one example, a home network associated with a user equipment obtains an authentication request to authenticate the user equipment to a serving network. The home network generates an authentication vector of a mobile security protocol. The authentication vector includes an indication that the user equipment is to be authenticated using a multi-factor authentication process. The home network provides the authentication vector to the serving network to prompt a response from the user equipment that is in accordance with the multi-factor authentication process. The home network authenticates the user equipment to the serving network based on the response.

Abstract: A method comprises: at a computer device configured with user applications grouped in multiple virtual desktops hosted on and displayed by the computer device: establishing an online meeting with remote computer devices over a network; responsive to user input, selecting one of the multiple virtual desktops to be a shared virtual desktop, such that all other ones of the multiple virtual desktops become unshared virtual desktops; sharing, with the remote computer devices, the shared virtual desktop, including first user applications of the user applications that are grouped in the shared virtual desktop; and not sharing, with the remote computer devices, any of the unshared virtual desktops and second user applications of the user applications that are grouped in the unshared virtual desktops.

Abstract: A method comprises: at a computer device configured with user applications grouped in multiple virtual desktops hosted on and displayed by the computer device: establishing an online meeting with remote computer devices over a network; responsive to user input, selecting one of the multiple virtual desktops to be a shared virtual desktop, such that all other ones of the multiple virtual desktops become unshared virtual desktops; sharing, with the remote computer devices, the shared virtual desktop, including first user applications of the user applications that are grouped in the shared virtual desktop; and not sharing, with the remote computer devices, any of the unshared virtual desktops and second user applications of the user applications that are grouped in the unshared virtual desktops.

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.

Abstract: A web conferencing operator can enable participants to share multimedia content in real-time despite one or more of the participants operating from behind a middlebox via network address translation (NAT) traversal protocols and tools, such as STUN, TURN, and/or ICE. In NAT traversal, participants share a transport addresses that the participants can use to establish a joint media session. However, connectivity checks during NAT traversal can expose a media distribution device hosted by the web conferencing operator to various vulnerabilities, such as distributed denial of service (DDoS) attacks. The web conferencing operator can minimize the effects of a DDoS attack during the connectivity checks at scale and without significant performance degradation by configuring the middlebox to validate incoming requests for the connectivity checks without persistent signaling between the web conference operator and the middlebox.

Abstract: Systems, methods, computer-readable media, and devices are disclosed for verifying traffic classification. At a first node, a classification to a received packet is designated according to a local model. The classification of the packet by the first node is verified by sending packet information describing the packet to a distributed network comprising multiple nodes, where the packet information includes attributes of the packet. The classification of the packet is verified from receiving results from a second node that, based on the attributes, independently classifies the packet. Based on the verified classification, decentralized information for classifying packets is updated.

Abstract: In one example, a home network associated with a user equipment obtains an authentication request to authenticate the user equipment to a serving network. The home network generates an authentication vector of a mobile security protocol. The authentication vector includes an indication that the user equipment is to be authenticated using a multi-factor authentication process. The home network provides the authentication vector to the serving network to prompt a response from the user equipment that is in accordance with the multi-factor authentication process. The home network authenticates the user equipment to the serving network based on the response.

Abstract: Systems and method handling software vulnerabilities in service meshes can include receiving information on software vulnerabilities from external feeds. From a services catalog which maintains data associated with service instances supported by a service mesh, one or more vulnerable service instances supported by the service mesh are identified. Notifications are provided to sidecar proxies associated with vulnerable service instances. The notifications include criteria such as criticality levels and categories associated with the software vulnerabilities. Based on destination policies for the vulnerable service instances, instructions are provided to the sidecar proxies to trip circuit breakers associated with the vulnerable service instances and thus prevent further access and cascading impact of the software vulnerabilities.

Abstract: Disclosed herein is a distributed ledger method for a fifth-generation (5G) network. A network slice is created in the 5G network and a root block is generated in response, containing parameters of the network slice and contracts between participants in the network slice. A blockID of the root block is transmitted to identified participants in the network slice, who sequentially commit a plurality of new blocks to a blockchain beginning from the root block. The plurality of new blocks comprises auditing information of the network slice, wherein the information is collected by the participants in the network slice. The blockchain is stored in a blockchain network of a plurality of disparate blockchains. Desired auditing information for the network slice is retrieved by using the blockID of the root block to traverse the blockchain beginning at the root block until all blocks with the desired auditing information have been read.