Abstract: Example aspects include techniques for efficient updates in IoT event driven architectures. These techniques may include receiving, from a source application via a publish/subscribe broker service a first block using a first IoT messaging session, the first block including a first portion of a file and a first plurality of communication parameters, and transmitting a first acknowledgement corresponding to the first block, the first acknowledgement approving a proposed parameter of the first plurality of communication parameters. Further, the techniques may include receiving, based on the proposed parameter, from the source application via the publish/subscribe broker service, a second block using a second IoT messaging session, the second block including a second portion of the file and a second plurality of communication parameters, and transmitting a second acknowledgement corresponding to the second block.

Abstract: Example implementations include a method, system, and computer-readable medium, comprising collecting environment information by a first reader device configured to control access to a first secure area via ultrasound communications. The implementations further include determining first input information based on the environment information, the first input information. Additionally, the implementations further include determining, via a machine learning model, access intention information identifying the first secure area or a second secure area as an object of interest based on the first input information and second input information, wherein the second input information is associated with a second reader device that controls access to the second secure area and is co-located with the first reader device. Additionally, the implementations further include providing, based on the access intention information, access to one of the first secure area or the second secure area.

Abstract: An apparatus and method for performing authenticated communications that includes receiving, by a gateway device, a password associated with an application. The gateway device is in communication with a plurality of access control devices associated with the application. Access to each device in a cluster formed by the gateway device and the plurality of access control devices requires a user authentication associated with the password. The gateway device generates a plurality of different matching pairs of salt values and hash values and deletes the password. In addition, the gateway device transmits different sets of mismatched pairs of the salt values and the hash values to at least two devices of the cluster for storage. The user authentication is based on a salt value and a hash value from the plurality of different matching pairs of salt values and hash values stored at two different devices of the cluster.

Abstract: A system may be configured to perform secure low-latency and low-throughput support of REST APIs in IoT devices. In some aspects, the system may establish a first encrypted communication channel with an application of a management device, receive a certificate signing request including a public key of the application via the private channel, sign the public key of the application using read-only birth secret information to generate first signed certificate, and transmit the first signed certificate vis the private channel. Further, the system may receive an authentication request including a second signed certificate via a second encrypted communication channel, determine that the second signed certificate matches the first signed certificate via the read-only birth secret information, and transmit an application credential to the application via the second encrypted communication channel.

Abstract: Aspects of the present disclosure include methods, apparatuses, and computer readable media for controlling access including generating a random string or pseudorandom string, acoustically broadcasting a beacon message comprising the random string or pseudorandom string, acoustically receiving, in response to acoustically broadcasting the beacon message, an authentication message comprising a user identification and an authentication string, obtaining a password associated with the user identification, computing a verification string using the password and the random string or pseudorandom string, verifying the authentication string in the authentication message using the verification string, and transmitting, in response to successfully verifying the authentication string in the authentication message, an unlocking message to the access controlled point to unlock the access controlled point.

Abstract: An apparatus and method for performing authenticated communications that includes receiving, by a gateway device, a password associated with an application. The gateway device is in communication with a plurality of access control devices associated with the application. Access to each device in a cluster formed by the gateway device and the plurality of access control devices requires a user authentication associated with the password. The gateway device generates a plurality of different matching pairs of salt values and hash values and deletes the password. In addition, the gateway device transmits different sets of mismatched pairs of the salt values and the hash values to at least two devices of the cluster for storage. The user authentication is based on a salt value and a hash value from the plurality of different matching pairs of salt values and hash values stored at two different devices of the cluster.

Abstract: Aspects of the present disclosure include methods, systems, and non-transitory computer readable media that perform the steps of transmitting a token to a gateway, receiving a response token including an encrypted message, decrypting the encrypted message using a decryption key associated with the token to generate a decrypted message, validating content of the decrypted message, transmitting a certificate request in response to successfully validating the content of the decrypted message, receiving a certificate in response to the request, validating the certificate against a certification authority, and transmitting encrypted data via a secured connection in response to successfully validating the certificate.

Abstract: A system may be configured to perform secure low-latency and low-throughput support of REST APIs in IoT devices. In some aspects, the system may establish a first encrypted communication channel with an application of a management device, receive a certificate signing request including a public key of the application via the private channel, sign the public key of the application using read-only birth secret information to generate first signed certificate, and transmit the first signed certificate vis the private channel. Further, the system may receive an authentication request including a second signed certificate via a second encrypted communication channel, determine that the second signed certificate matches the first signed certificate via the read-only birth secret information, and transmit an application credential to the application via the second encrypted communication channel.

Abstract: A system may be configured to perform enhanced detection of occluded objects in a multiple object detection system. In some aspects, the system may transmit, by an application to an internet of things (IoT) device, an actual representational state transfer (REST) request including a parameter and an application authentication credential for authenticating to the IoT device, determine, based on an expected REST response to the actual REST request, one or more conditional parameters for configuring the IoT device, transmit, without waiting for the expected REST response, a predictive REST request including the one or more conditional parameters, and receive an actual response indicating success of the configuring the IoT device.

Abstract: Aspects of the present disclosure include methods, apparatuses, and computer readable media for controlling access including generating a random string or pseudorandom string, acoustically broadcasting a beacon message comprising the random string or pseudorandom string, acoustically receiving, in response to acoustically broadcasting the beacon message, an authentication message comprising a user identification and an authentication string, obtaining a password associated with the user identification, computing a verification string using the password and the random string or pseudorandom string, verifying the authentication string in the authentication message using the verification string, and transmitting, in response to successfully verifying the authentication string in the authentication message, an unlocking message to the access controlled point to unlock the access controlled point.

Abstract: Aspects of the present disclosure include methods, systems, and non-transitory computer readable media that perform the steps of transmitting a token to a gateway, receiving a response token including an encrypted message, decrypting the encrypted message using a decryption key associated with the token to generate a decrypted message, validating content of the decrypted message, transmitting a certificate request in response to successfully validating the content of the decrypted message, receiving a certificate in response to the request, validating the certificate against a certification authority, and transmitting encrypted data via a secured connection in response to successfully validating the certificate.

Abstract: A system that traverses Web Real-Time Communication (“WebRTC”) data over a tunnel establishes the tunnel between a tunneling client of a user equipment (“UE”) and a tunneling server. The system receives the WebRTC data and encapsulates the WebRTC data into frames. The system detects that one or more of the frames includes media. The system then transmits the frames over the tunnel while, for the frames detected as media, applying enhancement features to the transmitting of the media frames.

Abstract: A system that implements multihoming for real-time communications receives a request to establish a tunnel by a tunneling server with a tunneling client of user equipment, where the request includes two or more network addresses for the tunnel. The system establishes the tunnel and sends a list of the allocated two or more network addresses for the tunnel. The system then receives encapsulated media that corresponds to at least two different network addresses over the tunnel.

Abstract: A system that transmits frames by establishing a tunnel between a tunneling client of a user equipment and a tunneling server enables a redundant header removal functionality for an inner socket of the tunnel. The system receives a frame that includes an Internet Protocol (“IP”) header and removes redundant information from the IP header, the removed redundant information including a source address of the frame. The system transmits the frame with a modified header after the removed redundant information over the inner socket of the tunnel.

Abstract: A system for transmitting encapsulated media over tunnels, in response to a first request from a first application, establishes a first tunnel between a first tunneling client of a user equipment (“UE”) and a tunneling server and establishes a first outer transport layer and a first outer network layer and establishes a local tunneling proxy. Further, the system, in response to a second request from a second application, establishes a second tunnel between the first tunneling client and the tunneling server, where the second request includes a request to use the first outer transport layer and the first outer network layer established in conjunction with the first tunnel, and the second request is forwarded to the tunneling server via the local tunneling proxy.

Abstract: A system performs tunneling for real-time communications (“RTC”). The system determines a quantity of available tunnels at a tunneling server. The system then determines that the quantity of available tunnels is below a threshold, and that two or more tunnels established with the tunneling server correspond to a user equipment (“UE”). The system indicates to the UE to consolidate the two or more tunnels into a target tunnel within the two or more tunnels, and performs the RTC with the UE over the target tunnel.

Abstract: A system establishes tunnels. In response to a first request from an application, the system establishes a first tunnel between a tunneling client of a user equipment (“UE”) and a tunneling server and establishes a first outer transport layer and a first outer network layer. In response to a second request from the application, the system establishes a second tunnel between the tunneling client and the tunneling server, where the second request includes a request to use the first outer transport layer and the first outer network layer established in conjunction with the first tunnel.

Abstract: A client or user equipment (“UE”) that initiates a plurality of calls using encapsulated media, in response to a first tunnel creation request, from an application associated with a first call, initiates the first call by creating a first tunnel between the client and a server. The UE transmits the encapsulated media associated with the first call over the first tunnel. The UE, in response to a tunnel termination request, from the application, associated with a termination of the first call, waits for an expiration of a predefined persistence period. The UE, in response to a second tunnel creation request, from the application associated with a second call, before the expiration of the predefined persistence period, initiates the second call using the first tunnel. The UE then transmits the encapsulated media associated with the second call over the first tunnel.

Abstract: A system performs tunneling of real-time communications (“RTC”). The system establishes a tunnel between a tunneling client and a tunneling server. The system then receives a packet over the tunnel. The packet is configured according to an outer transport protocol of the tunnel and includes a datagram-based payload and a stream-based header. The system processes the packet according to a datagram-based outer transport protocol based on information in the stream-based header.

Abstract: A system establishes a main tunnel between a tunneling client and a tunneling server using a first socket, the main tunnel including a corresponding tunnel identifier and Internet Protocol (“IP”) address. The system traverses the encapsulated media over the main tunnel during the telecommunication session and then determines that a cloned tunnel is needed for the telecommunication session. The system establishes a cloned tunnel between the tunneling client and the tunneling server using a second socket that has been marked as a cloned tunnel candidate, where the cloned tunnel includes the corresponding tunnel identifier and IP address of the main tunnel. The system then traverses the encapsulated media over the cloned tunnel instead of the main tunnel during the telecommunication session.