Abstract: In one embodiment, a device in a network maintains a plurality of network paths for a media session. The device identifies a subset of data for the media session as requiring redundancy. The device sends a packet in the identified subset of data for the media session as redundant packets via two or more of the plurality of network paths for the media session. The device sends a particular packet outside of the identified subset of data for the media session non-redundantly via one of the plurality of network paths for the media session.

Abstract: A web conferencing operator can enable participants to share multimedia content in real-time despite one or more of the participants operating from behind a middlebox via network address translation (NAT) traversal protocols and tools, such as STUN, TURN, and/or ICE. In NAT traversal, participants share a transport addresses that the participants can use to establish a joint media session. However, connectivity checks during NAT traversal can expose a media distribution device hosted by the web conferencing operator to various vulnerabilities, such as distributed denial of service (DDoS) attacks. The web conferencing operator can minimize the effects of a DDoS attack during the connectivity checks at scale and without significant performance degradation by configuring the middlebox to validate incoming requests for the connectivity checks without persistent signaling between the web conference operator and the middlebox.

Abstract: The disclosed technology addresses the need in the art for a detecting an unauthorized participant in a multiparty conferencing session. A system is configured to join a conferencing session, obtain a roster for the conferencing session via a Session Initiation Protocol (SIP) channel, and generate a roster hash value based on the roster. The system may further receive a reference hash value from a key management server and compare the reference hash value with the roster hash value. The system may determine that the roster is invalid when the reference hash value does not match the roster hash value.

Abstract: In one embodiment, a computing device determines that a vehicle has been in an accident. The computing device also receives virtual black box data having a finite time period of recorded data from sensors that were in an operating mode during the finite time period prior to the accident, as well as a stream of data from sensors that changed to an accident mode in response to the accident. The computing device may then coordinate the virtual black box data and the stream of data for distribution to accident-based services. In another embodiment, a computing device determines identities of vehicle occupants. In response to an accident at a location, the device further determines one or more emergency services responsive to the accident at the location. As such, the device may then provide access to medical records of the occupants to devices associated with the determined emergency services.

Abstract: A communication session is established between at least a first endpoint and a second endpoint, either or both of which is behind at least one network device in a network that performs network address translation. Candidate path information is obtained that indicates candidate paths in the network through which the communication session can traverse, taking into account, network address translation occurring in the network. The candidate path information is analyzed against training data and data about conditions observed on one or more candidate paths for the communication session with a machine learning-based interface selection process to produce path recommendation information indicating whether one or more candidate paths should or should not be used for the communication session between the first endpoint and the second endpoint. The path recommendation information is supplied to an endpoint in the communication session.

Abstract: An example method includes establishing a communication session between a first participant and a second participant, programming, via a control plane, a stream classifier which is to process packets associated with the communication session with classification logic. The method includes receiving a first packet at the stream classifier and, when the communication session requires recording, applying the classification logic at the stream classifier to route the first packet into a chosen service function path that includes a recording service function which reports media quality data to the control plane. Based on the media quality data, the classification logic is updated to cause a migration of the communication session to a new chosen service function path.

Abstract: An example method is provided and includes receiving a relay address allocation request from an endpoint, the relay address allocation request comprises a unique session identifier that identifies a conference session joined by the endpoint for media streaming; determining a relay candidate comprising a relay transport address for allocating to each endpoint of the conference session having the unique session identifier. Further, the method includes mapping the relay candidate with the unique session identifier and sending a relay address allocation response that comprises at least the relay candidate mapped with the unique session identifier. The method further includes receiving a single copy of one or more media stream packets from the conference controller and relaying the one or more media stream packets via the relay transport address identified by the unique session identifier to each of the one or more endpoints in the session having the unique session identifier.

Abstract: In one embodiment, a method includes receiving content in a first format at a first interface at an adaptive bit rate client, playing the content received at the first interface at the adaptive bit rate client, monitoring network conditions at the first interface, receiving the content in a second format at a second interface at the adaptive bit rate client, and upon identifying a change in the network conditions at the first interface, switching from playing the content received on the first interface to playing the content received at the second interface at the adaptive bit rate client. An apparatus and logic are also disclosed herein.

Abstract: A media distribution network device connects to an online collaborative session between a first participant network device, a second participant network device, and a security participant network device. The security participant network device is configured to decrypt packets of the online collaborative session to apply security polices to the packets. An encrypted packet is received at the media distribution network device. The encrypted packet is received from the first participant network device containing data to be distributed as part of the online collaborative session. The encrypted packet is distributed to the security participant network device prior to distributing the encrypted packet to the second participant network device.

Abstract: A computer-implemented method includes sending a first request message to a first server associated with a first access network indicative of a request for an indication of whether the first server is configured to support prioritization of tunneled traffic, receiving a first response message from the first server indicative of whether the first server is configured to support prioritization of tunneled traffic, establishing one or more first tunnels with a security service when the first response message is indicative that the first server is configured to support prioritization of tunneled traffic, sending first flow characteristics and a first tunnel identifier to the first server; and receiving the first flow characteristics for each first tunnel from the first server at a first network controller. The first network controller is configured to apply a quality of service policy within the first access network for each tunnel in accordance with the flow characteristics.

Abstract: In one embodiment, a device in a network maintains a plurality of network paths for a media session. The device identifies a subset of data for the media session as requiring redundancy. The device sends a packet in the identified subset of data for the media session as redundant packets via two or more of the plurality of network paths for the media session. The device sends a particular packet outside of the identified subset of data for the media session non-redundantly via one of the plurality of network paths for the media session.

Abstract: A computer-implemented method includes sending a first request message to a first server associated with a first access network indicative of a request for an indication of whether the first server is configured to support prioritization of tunneled traffic, receiving a first response message from the first server indicative of whether the first server is configured to support prioritization of tunneled traffic, establishing one or more first tunnels with a security service when the first response message is indicative that the first server is configured to support prioritization of tunneled traffic, sending first flow characteristics and a first tunnel identifier to the first server; and receiving the first flow characteristics for each first tunnel from the first server at a first network controller. The first network controller is configured to apply a quality of service policy within the first access network for each tunnel in accordance with the flow characteristics.

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.

Abstract: Modern day user applications leverages new communication technologies such as WebRTC, WebEx, and Jabber allow devices to connect and exchange media content including audio streams, video streams, and data stream/channels. The present disclosure describes mechanisms for a Port Control Protocol (PCP) server to provide feedback to PCP clients to enforce certain policies on the transport of such media content for a network. A policy may include a traffic handling policy for enforcing differentiated quality of service characteristics for different types of media streams. Another policy may include a security policy ensuring a data files being transmitted over a data channel from one endpoint travels to a security application via a relay element before the packets reaches another endpoint. The mechanisms are transparent to the endpoints, and advantageously preserve the user experience for these user applications.

Abstract: A Trusted Routing Point (TROP) generates a signaling message that includes an authorization token used to authorize a firewall to open a pinhole. The signaling message contains a first indicator that indicates whether a data field in the signaling message represents a source address of a media flow. The signaling message also includes a second indicator that indicates whether the firewall should derive the source address of the media flow from the data field. The authorization token is generated using a one-way hash function over information that may be included in the signaling message, including the first indicator and the second indicator.

Abstract: An example method is provided and includes communicating a first packet to a network element in order to indicate whether an endpoint can have its power managed by network communications. The first packet includes an Internet protocol (IP) address associated with the endpoint. The method also includes receiving a second packet from the network element to identify whether the endpoint can have its power managed. The endpoint is configured to have its power managed via a port associated with the endpoint. In more specific embodiments, a state associated with the endpoint is used to determine whether to power on, or to power off the endpoint. In other implementations, the endpoint is powered on, or powered off at a specific time based on a policy associated with the endpoint.

Abstract: A Trusted Routing Point (TROP) generates a signaling message that includes an authorization token used to authorize a firewall to open a pinhole. The signaling message contains a first indicator that indicates whether a data field in the signaling message represents a source address of a media flow. The signaling message also includes a second indicator that indicates whether the firewall should derive the source address of the media flow from the data field. The authorization token is generated using a one-way hash function over information that may be included in the signaling message, including the first indicator and the second indicator.

Abstract: A Trusted Routing Point (TROP) generates a signaling message that includes an authorization token used to authorize a firewall to open a pinhole. The signaling message contains a first indicator that indicates whether a data field in the signaling message represents a source address of a media flow. The signaling message also includes a second indicator that indicates whether the firewall should derive the source address of the media flow from the data field. The authorization token is generated using a one-way hash function over information that may be included in the signaling message, including the first indicator and the second indicator.

Abstract: A Trusted Routing Point (TROP) generates a signaling message that includes an authorization token used to authorize a firewall to open a pinhole. The signaling message contains a first indicator that indicates whether a data field in the signaling message represents a source address of a media flow. The signaling message also includes a second indicator that indicates whether the firewall should derive the source address of the media flow from the data field. The authorization token is generated using a one-way hash function over information that may be included in the signaling message, including the first indicator and the second indicator.