Abstract: Techniques are provided for controlling access entitlement for networking device data. In one example, a geographic location of a networking device is determined. A request to access data associated with the networking device is obtained from a user device. A user parameter of a user associated with the user device is determined. An access policy that controls access to the data based on the geographic location of the networking device and the user parameter is identified. The request to access the data is permitted or denied based on the geographic location of the networking device, the user parameter, and the access policy.

Abstract: An authorization device obtains a registration request associated with an end device, the registration request including a new randomized media access control (MAC) address associated with the end device; determines whether the end device is authorized to use the new randomized MAC address; transmits a message to the end device with a first randomly generated number when it is determined that the end device is authorized to use the new randomized MAC address; obtains integrity information associated with the end device, the first integrity information being computed based on the first randomly generated number; transmits a request to a validation system to validate the end device based on the first integrity information; obtains an indication that the end device is validated; determines policies associated with the end device when it is determined that the end device is validated; and applies the policies to the end device.

Abstract: Differentiated service in a federation-based access network is provided by receiving, with a request for access to a wireless network offering at least a two different service levels based on user identities, a set of user credentials from a User Equipment (UE); forwarding, for authentication, the set of user credentials to an identity provider in an identity federation with the wireless network, wherein the identity provider is independent from the wireless network; in response to determining that the set of user credentials indicate a realm known to be associated with a given service level, providing network access to the UE according to the given service level; and in response to determining that the given service level is not a highest service level in the wireless network, transmitting a list of preferred realms to the UE that are associated with higher service levels than the given service level.

Abstract: A method comprises, at a wireless network controller of wireless access points through which wireless client devices that are wireless communicate with the controller: upon receiving, from a wireless client device, a dynamic host configuration protocol (DHCP) request having a media access control (MAC) address, determining whether the wireless client device rotated its MAC address from a previous MAC address to the MAC address; when the wireless client device rotated its MAC address, forwarding, to a DHCP service, the DHCP request with a notification of a MAC address rotation to cause the DHCP service to reassign a previously assigned Internet Protocol (IP) address to the wireless client device; and upon receiving, from the DHCP service, a DHCP offer asserting the previously assigned IP address, forwarding the DHCP offer to the wireless client device.

Abstract: Adaptive guard interval calibration may be provided. A computing device may receive a first plurality of delay spread values. Each of the first plurality of delay spread values may respectively comprise an amount of time between when each of a respective first plurality Access Points (APs) receives a first tuning symbol from a first calibrating AP and when each of the respective first plurality APs receives a final multipath reflection of the first tuning symbol. Next, a first Guard Interval (GI) may be determined based on the first plurality of delay spread values. The first calibrating AP may then be provisioned with the first GI.

Abstract: Techniques and apparatus for managing a message relaying system are described. One technique includes an access point (AP) detecting a first signal and a second signal from a computing device. A validation of the first signal is performed based on parameters of the first signal and the second signal. After the validation, information associated with the first signal is transmitted to a computing system. In another technique, the computing system may designate one of multiple APs reporting information regarding first signals as a primary reporting AP and designate the remaining APs as secondary reporting APs. The computing system may instruct the secondary reporting APs to refrain from reporting information regarding first signals to the computing system.

Abstract: Parallel Redundancy Protocol (PRP) using non-overlapping Resource Unit (RU) groupings may be provided. A first computing device may associate to a first Access Point (AP) at a virtual Media Access Control (MAC) address. Next, the first computing device may associate to a second AP at the virtual MAC address. Then data from a data frame may be replicated to a first one or more RUs in a channel. The first one or more RUs may be assigned to the first AP. Data from the data frame may then be replicated to a second one or more RUs in the channel. The second one or more RUs may be assigned to the second AP and may not overlap the first one or more RUs.

Abstract: Roaming validation for Access Network Providers (ANPs), and particularly to protecting communications between Stations (STAs) and ANPs while providing roaming validation for ANPs may be provided. An ANP may first register a roaming federation system. The ANP may determine a roaming message based on subscription features of the network, and the ANP may request signing of the roaming message by the roaming federation system. The ANP may receive the signed roaming message from the roaming federation system and send the signed roaming message to a STA. The ANP may then receive a request to connect to the network from the STA and initiate a connection for the STA.

Abstract: Techniques for identifying a trusted SSID for a wireless network are disclosed. Prior to establishing a connection with a wireless network, a first network message is received from a first access point (AP) identifying a first service set identifier (SSID) associated with a first wireless network, a second network message is received from a second AP identifying a second SSID associated with a second wireless network, and a visual similarity is determined between a first visual representation of the first SSID and a second visual representation of the second SSID. The second SSID is designated as suspicious based on the determined visual similarity.

Abstract: Rotation of a wireless client device address is based on an encryption key and a nonce value. Key information and nonce value information are shared between a wireless client device and a network infrastructure component over a secure communication channel. The wireless client device encrypts the nonce value using the key information and encodes the encrypted value as a device address. The wireless client device then identifies itself via a source address value in a message transmitted over a wireless network. Upon receiving the message, the network infrastructure component decrypts information derived from the source address value and compares the resulting data to the nonce value. If a match is identified, the network infrastructure identifies the wireless client device as a source of the message. In some embodiments, the nonce value is updated with each rotation to provide for improved entropy of generated device addresses.

Abstract: Time Sensitive Network (TSN) Quality of Service (QoS) management may be provided. A number of Transmit Opportunities (TxOPs) to use for transmitting data between an Access Point (AP) and a client device over a wireless link may be received. An initial gate configuration to the AP for transmitting data between the AP and the client device over the wireless link for a transmit period of each cycle of a number of cycles may be provided based on the number of TxOPs. A change in a network condition of the wireless link may be detected. The initial gate configuration for the transmit period in a current cycle of the number of cycles may be adjusted in response detecting the change in the network condition of the wireless link.

Abstract: Federated multi-access edge computing availability notifications may be provided by: transmitting, from a User Equipment (UE) to a node of a wireless network of a federated service, an attach request for the wireless network that includes authentication credentials for an independent identity provider in an identity federation, wherein the independent identity provider is external and independent from the wireless network and used to authenticate the UE to the wireless network; forwarding, from the node to the independent identity provider, the authentication credentials; transmitting, from the independent identity provider to the node, an authentication success message; receiving, at the UE via the node, the authentication success message; transmitting, from the UE to the node, a Multi-access Edge Computing (MEC) query; and receiving, at the UE from the node, a MEC response that identifies MEC resources that are available to the UE.

Abstract: Aspects of the disclosure include a method and associated network device. The method includes authenticating an identity of a user of a client device after the client device is associated with an access network provider. Authenticating the identity of the user comprises receiving, from an identity provider, a credential associated with the identity, and receiving, from the identity provider, information identifying a network-based service to be applied to network traffic with the client device. The method further includes establishing, using the credential and the received information, a secure connection between the access network provider and a service provider that is capable of providing the network-based service. The method further includes receiving network traffic from the service provider. Packets of the network traffic include an assurance value that enables the client device to determine that the network-based service is being provided by the service provider.

Abstract: Spurious beamforming in high density environments can be reduced via transmitting a first signal from a first Access Point (AP) to a first endpoint associated with the first AP via a first beamforming arrangement; in response to identifying that the first beamforming arrangement is pollutive to a second endpoint associated with a second AP: deprecating the first beamforming arrangement; and transmitting a second signal from the first AP to the first endpoint via a second beamforming arrangement, different from the first beamforming arrangement.

Abstract: Cluster formation for networks for Ultra-Wideband (UWB) Time-Difference-of-Arrival (TDoA) networks may be provided. A plurality of anchors may be set to a primary setting. Synchronization messages may then be broadcast by the plurality of anchors. Then the plurality of anchors may send responses to the synchronization messages. A room consensus may be performed to determine probabilities of obstacles between the plurality of anchors. The plurality of anchors may then send proposals of one or more clusters based on the room consensus. One or more clusters may be formed by the plurality of anchors based on the proposals.

Abstract: In one embodiment, a device obtains transaction data regarding a transaction attempted by a client of an online application within the online application. The transaction data is captured by instrumentation code inserted into the online application at runtime. The device identifies, based on the transaction data, traffic in a network associated with the transaction. The device associates, based on the transaction data, a measure of importance with the traffic. The device causes the traffic to be sent by a networking device in the network according to its associated measure of importance.

Abstract: Adapting transmission schedules in a Radio Frequency (RF) environment may be provided. A Central Network Controller (CNC) of a Time Sensitive Network (TSN) may determine that a data path to a client device comprises a wireless link. The CNC of the TSN may generate a proposed transmission schedule for the time sensitive traffic to the client device through the wireless link in response to determining that the data path to the client device comprises the wireless link. The CNC may provide the proposed transmission schedule to a Wireless Network Controller (WLC) of the wireless link. The CNC may receive a confirmation from the WLC that the proposed transmission schedule can be met. The proposed transmission schedule may be configured in response to receiving the confirmation.

Abstract: Rotation of a wireless client device address is based on an encryption key and a nonce value. Key information and nonce value information are shared between a wireless client device and a network infrastructure component over a secure communication channel. The wireless client device encrypts the nonce value using the key information and encodes the encrypted value as a device address. The wireless client device then identifies itself via a source address value in a message transmitted over a wireless network. Upon receiving the message, the network infrastructure component decrypts information derived from the source address value and compares the resulting data to the nonce value. If a match is identified, the network infrastructure identifies the wireless client device as a source of the message. In some embodiments, the nonce value is updated with each rotation to provide for improved entropy of generated device addresses.

Abstract: Per station multi-link time scheduling may be provided. An Access Point (AP) may receive a request from a Multi-Link Device (MLD) to send a plurality of data traffics in a network for a predetermined interval. A Quality of Service (QoS) requirement may be determined for each of the plurality of data traffics. A Traffic Identifier (TID)-to-link assignment may be determined for each of the plurality of data traffics. Determining the TID-to-link assignment may comprise determining a link state of each of a plurality of links envisioned for the MLD for the predetermined interval. Each of the plurality of data traffics may be assigned to one or more of the plurality of links based on the QoS requirement for each of the plurality of data traffics and the link state of each of the plurality of links envisioned for the MLD. The TID-to-link assignment may be sent to the MLD.

Abstract: Best links for wireless clients may be provided. A computing device may receive, from a client device, a request to join a network. Then, in response to receiving the request to join the network, initial characteristics of the client device may be evaluated. Next, an initial plurality of links list may be provided to the client device in response to evaluating the initial characteristics of the client device. Subsequent characteristics of the client device may then be evaluated. An updated plurality of links list may be provided to the client device in response to evaluating the subsequent characteristics of the client device.