Abstract: An apparatus and method for performing authenticated communications that includes receiving, by a gateway device, a password associated with an application. The gateway device is in communication with a plurality of access control devices associated with the application. Access to each device in a cluster formed by the gateway device and the plurality of access control devices requires a user authentication associated with the password. The gateway device generates a plurality of different matching pairs of salt values and hash values and deletes the password. In addition, the gateway device transmits different sets of mismatched pairs of the salt values and the hash values to at least two devices of the cluster for storage. The user authentication is based on a salt value and a hash value from the plurality of different matching pairs of salt values and hash values stored at two different devices of the cluster.

Abstract: Aspects of the present disclosure include methods, systems, and non-transitory computer readable media that perform the steps of transmitting a token to a gateway, receiving a response token including an encrypted message, decrypting the encrypted message using a decryption key associated with the token to generate a decrypted message, validating content of the decrypted message, transmitting a certificate request in response to successfully validating the content of the decrypted message, receiving a certificate in response to the request, validating the certificate against a certification authority, and transmitting encrypted data via a secured connection in response to successfully validating the certificate.

Abstract: A system may be configured to perform secure low-latency and low-throughput support of REST APIs in IoT devices. In some aspects, the system may establish a first encrypted communication channel with an application of a management device, receive a certificate signing request including a public key of the application via the private channel, sign the public key of the application using read-only birth secret information to generate first signed certificate, and transmit the first signed certificate vis the private channel. Further, the system may receive an authentication request including a second signed certificate via a second encrypted communication channel, determine that the second signed certificate matches the first signed certificate via the read-only birth secret information, and transmit an application credential to the application via the second encrypted communication channel.

Abstract: A system may be configured to perform enhanced detection of occluded objects in a multiple object detection system. In some aspects, the system may transmit, by an application to an internet of things (IoT) device, an actual representational state transfer (REST) request including a parameter and an application authentication credential for authenticating to the IoT device, determine, based on an expected REST response to the actual REST request, one or more conditional parameters for configuring the IoT device, transmit, without waiting for the expected REST response, a predictive REST request including the one or more conditional parameters, and receive an actual response indicating success of the configuring the IoT device.

Abstract: Aspects of the present disclosure include methods, apparatuses, and computer readable media for controlling access including generating a random string or pseudorandom string, acoustically broadcasting a beacon message comprising the random string or pseudorandom string, acoustically receiving, in response to acoustically broadcasting the beacon message, an authentication message comprising a user identification and an authentication string, obtaining a password associated with the user identification, computing a verification string using the password and the random string or pseudorandom string, verifying the authentication string in the authentication message using the verification string, and transmitting, in response to successfully verifying the authentication string in the authentication message, an unlocking message to the access controlled point to unlock the access controlled point.

Abstract: Aspects of the present disclosure include methods, systems, and non-transitory computer readable media that perform the steps of transmitting a token to a gateway, receiving a response token including an encrypted message, decrypting the encrypted message using a decryption key associated with the token to generate a decrypted message, validating content of the decrypted message, transmitting a certificate request in response to successfully validating the content of the decrypted message, receiving a certificate in response to the request, validating the certificate against a certification authority, and transmitting encrypted data via a secured connection in response to successfully validating the certificate.

Abstract: A system that traverses Web Real-Time Communication (“WebRTC”) data over a tunnel establishes the tunnel between a tunneling client of a user equipment (“UE”) and a tunneling server. The system receives the WebRTC data and encapsulates the WebRTC data into frames. The system detects that one or more of the frames includes media. The system then transmits the frames over the tunnel while, for the frames detected as media, applying enhancement features to the transmitting of the media frames.

Abstract: A system that implements multihoming for real-time communications receives a request to establish a tunnel by a tunneling server with a tunneling client of user equipment, where the request includes two or more network addresses for the tunnel. The system establishes the tunnel and sends a list of the allocated two or more network addresses for the tunnel. The system then receives encapsulated media that corresponds to at least two different network addresses over the tunnel.

Abstract: A system that transmits frames by establishing a tunnel between a tunneling client of a user equipment and a tunneling server enables a redundant header removal functionality for an inner socket of the tunnel. The system receives a frame that includes an Internet Protocol (“IP”) header and removes redundant information from the IP header, the removed redundant information including a source address of the frame. The system transmits the frame with a modified header after the removed redundant information over the inner socket of the tunnel.

Abstract: A system for transmitting encapsulated media over tunnels, in response to a first request from a first application, establishes a first tunnel between a first tunneling client of a user equipment (“UE”) and a tunneling server and establishes a first outer transport layer and a first outer network layer and establishes a local tunneling proxy. Further, the system, in response to a second request from a second application, establishes a second tunnel between the first tunneling client and the tunneling server, where the second request includes a request to use the first outer transport layer and the first outer network layer established in conjunction with the first tunnel, and the second request is forwarded to the tunneling server via the local tunneling proxy.

Abstract: A system performs tunneling for real-time communications (“RTC”). The system determines a quantity of available tunnels at a tunneling server. The system then determines that the quantity of available tunnels is below a threshold, and that two or more tunnels established with the tunneling server correspond to a user equipment (“UE”). The system indicates to the UE to consolidate the two or more tunnels into a target tunnel within the two or more tunnels, and performs the RTC with the UE over the target tunnel.

Abstract: A system establishes tunnels. In response to a first request from an application, the system establishes a first tunnel between a tunneling client of a user equipment (“UE”) and a tunneling server and establishes a first outer transport layer and a first outer network layer. In response to a second request from the application, the system establishes a second tunnel between the tunneling client and the tunneling server, where the second request includes a request to use the first outer transport layer and the first outer network layer established in conjunction with the first tunnel.

Abstract: A client or user equipment (“UE”) that initiates a plurality of calls using encapsulated media, in response to a first tunnel creation request, from an application associated with a first call, initiates the first call by creating a first tunnel between the client and a server. The UE transmits the encapsulated media associated with the first call over the first tunnel. The UE, in response to a tunnel termination request, from the application, associated with a termination of the first call, waits for an expiration of a predefined persistence period. The UE, in response to a second tunnel creation request, from the application associated with a second call, before the expiration of the predefined persistence period, initiates the second call using the first tunnel. The UE then transmits the encapsulated media associated with the second call over the first tunnel.

Abstract: A system performs tunneling of real-time communications (“RTC”). The system establishes a tunnel between a tunneling client and a tunneling server. The system then receives a packet over the tunnel. The packet is configured according to an outer transport protocol of the tunnel and includes a datagram-based payload and a stream-based header. The system processes the packet according to a datagram-based outer transport protocol based on information in the stream-based header.

Abstract: A system that performs rate control for real-time communications (“RTC”) establishes a tunnel by a tunneling server with a tunneling client of a user equipment (“UE”). The system receives a request from the UE to enable the rate control for an inner socket of the tunnel, and sends a response back to the UE to indicate that the rate control is enabled for the inner socket. The system then monitors a transmission rate at the inner socket of the tunnel, and drops frames when the monitored transmission rate is greater than a predetermined transmission rate.

Abstract: A system establishes a main tunnel between a tunneling client and a tunneling server using a first socket, the main tunnel including a corresponding tunnel identifier and Internet Protocol (“IP”) address. The system traverses the encapsulated media over the main tunnel during the telecommunication session and then determines that a cloned tunnel is needed for the telecommunication session. The system establishes a cloned tunnel between the tunneling client and the tunneling server using a second socket that has been marked as a cloned tunnel candidate, where the cloned tunnel includes the corresponding tunnel identifier and IP address of the main tunnel. The system then traverses the encapsulated media over the cloned tunnel instead of the main tunnel during the telecommunication session.

Abstract: A system tunnels real-time communications (“RTC”). The system creates a connection between a tunneling client and a signaling server. The connection includes a stream-based tunnel between the tunneling client and a tunneling server and a stream connection between the tunneling server and the signaling server. The system then receives, from the tunneling client, stream traffic encapsulated as datagram traffic within the stream-based tunnel. The system translates the datagram traffic into the stream traffic, and forwards the stream traffic to the signaling server over the stream connection.

Abstract: A system that transmits encapsulated media receives a first request to establish a tunnel with a stream based transport layer, the first request including a tag. The system receives a second request to establish the tunnel with a datagram based transport layer, the second request including the tag. The system establishes the tunnel with the stream based transport layer and receives the encapsulated media over the stream based transport layer. The system establishes the datagram based transport layer for the tunnel in addition to the stream based transport layer and receives the encapsulated media over the datagram based transport layer. The system then releases the stream based transport layer.

Abstract: A client or user equipment (“UE”) that initiates a plurality of calls using encapsulated media, in response to a first tunnel creation request, from an application associated with a first call, initiates the first call by creating a first tunnel between the client and a server. The UE transmits the encapsulated media associated with the first call over the first tunnel. The UE, in response to a tunnel termination request, from the application, associated with a termination of the first call, waits for an expiration of a predefined persistence period. The UE, in response to a second tunnel creation request, from the application associated with a second call, before the expiration of the predefined persistence period, initiates the second call using the first tunnel. The UE then transmits the encapsulated media associated with the second call over the first tunnel.

Abstract: A system is provided that performs multipath support functionality for real-time communications. The system receives a service request to enable multipath support functionality from a tunneling client. The system further creates tunnels using unique physical interfaces. The system further associates the tunnels with a single internal address space comprising internal addresses. The system further sends a service response to the tunneling client, the service response indicating that multipath support functionality has been enabled. The system further distributes media traffic within the tunnels based on dynamic path characteristics.