Abstract: A computing device operates a first thread for a first layer of a plurality of layers of an application that are operated by different threads. The computing device maintains a first parameter that is shared by the first layer of the application and a second layer of the application. The second layer is operated by a second thread that is identified by a first address. When the first parameter is locally updated at the first thread, the computing device updates a local copy of the first parameter at the first thread and providing the locally updated first parameter to the second thread by using the first address. When the first parameter is remotely updated at the second thread, the computing device receives the remotely updated first parameter and updating the local copy of the first parameter at the first thread based on the received remotely updated first parameter.

Abstract: Techniques are described herein for transparently connecting to the same light weight machine-to-machine (LwM2M) server using both Internet Protocol (IP)-based and non-IP data delivery (NIDD)-based connectivity using all LwM2M functionality and security modes. The techniques include establishing a connection over a NIDD socket to communicate with an application server using NIDD binding to deliver a datagram destined for a target server. The datagram may be encapsulated in a serialized envelope including an application-level protocol metadata, wherein the metadata representing information corresponding to the target server. The datagram is delivered to the target server over NIDD-based transport.

Abstract: A system for routing Internet-of-Things (IoT) device notifications, or a method therefore are described. For example, a system includes a processor; and computer-readable instructions that, when executed by the processor, cause the system to perform operations including receiving, from a notification customer, preferences for a selection of notifications associated with IoT devices; storing each notification of the notifications in one or more message queues, the message queues being associated with the preferences; and transmitting the selection of the notifications to the notification customer, wherein the selection of notifications comprises a subset of the notifications.

Abstract: A constrained device, such as an Internet of Things (IoT) device, can use a handshake procedure to establish a secure transport session with a server and generate a corresponding client session state. The constrained device can encrypt the client session state into an encrypted client session state, and transmit the encrypted client session state to the server. When the constrained device enters an idle mode, the client session state may be cleared from memory of the constrained device. However, when the constrained device next wakes from the idle mode and re-enters an active mode, the constrained device can retrieve the encrypted client session state from the server. The constrained device can decrypt the encrypted client session state to recover the client session state, and use the recovered client session state to resume the secure transport session instead of establishing a new secure transport session with a new client session state.

Abstract: Techniques are described herein for distributed data stream programming and processing. The techniques include sending a request indicating one or more regions of a program code to access a stream in a stream pool and to execute on a processing node in a processing nodes pool. The techniques also include accessing the stream defined in the one or more regions of the program code to service the request. Thereafter, the processing node is selected to use for execution of the one or more regions of the program code and the processing node executes one or more instances of the one or more regions of the program code.

Abstract: Techniques are described herein for transparently connecting to the same light weight machine-to-machine (LwM2M) server using both Internet Protocol (IP)-based and non-IP data delivery (NIDD)-based connectivity using all LwM2M functionality and security modes. The techniques include establishing a connection over a NIDD socket to communicate with an application server using NIDD binding to deliver a datagram destined for a target server. The datagram may be encapsulated in a serialized envelope including an application-level protocol metadata, wherein the metadata representing information corresponding to the target server. The datagram is delivered to the target server over NIDD-based transport.

Abstract: Described herein are techniques for securely configuring a user device to operate on a wireless carrier network. In embodiments, the techniques may comprise receiving a bootstrapping request associated with a user device that includes at least an identifier for the user device, associating a limited use credential, a long-term use credential, and a communication identifier with the identifier for the user device, upon detecting activation of the identifier for the user device, providing, via a first communication channel related to the communication identifier, the limited use credential to the user device, and providing, via a second communication channel different from the first communication channel, the long-term use credential to the user device, the long-term use credential being cryptographically secured using the limited use credential, wherein the limited use credential is overwritten with a decrypted version of the long-term use credential.

Abstract: Techniques are described herein for transparently connecting to the same light weight machine-to-machine (LwM2M) server using both Internet Protocol (IP)-based and non-IP data delivery (NIDD)-based connectivity using all LwM2M functionality and security modes. The techniques include establishing a connection over a NIDD socket to communicate with an application server using NIDD binding to deliver a datagram destined for a target server. The datagram may be encapsulated in a serialized envelope including an application-level protocol metadata, wherein the metadata representing information corresponding to the target server. The datagram is delivered to the target server over NIDD-based transport.

Abstract: Techniques are described herein for distributed data stream programming and processing. The techniques include sending a request indicating one or more regions of a program code to access a stream in a stream pool and to execute on a processing node in a processing nodes pool. The techniques also include accessing the stream defined in the one or more regions of the program code to service the request. Thereafter, the processing node is selected to use for execution of the one or more regions of the program code and the processing node executes one or more instances of the one or more regions of the program code.

Abstract: A middlebox system that maintains a load balancing configuration in a large scale IoT deployment is provided. The system performs reverse address translation for a first packet of a particular application from a first server to a first client according to a binding structure that couples a source address indicating the first client with (i) a destination addresses indicating the first server and (ii) an application client marker of the first client for the particular application. The system performs reverse address translation for a second packet of the particular application from a second server to the first client by using the application client marker in the binding structure to determine the source address indicating the first client.

Abstract: Techniques are described herein for distributed data stream programming and processing. The techniques include sending a request indicating one or more regions of a program code to access a stream in a stream pool and to execute on a processing node in a processing nodes pool. The techniques also include accessing the stream defined in the one or more regions of the program code to service the request. Thereafter, the processing node is selected to use for execution of the one or more regions of the program code and the processing node executes one or more instances of the one or more regions of the program code.

Abstract: Described herein are techniques for securely configuring a user device to operate on a wireless carrier network. In embodiments, the techniques may comprise receiving a bootstrapping request associated with a user device that includes at least an identifier for the user device, associating a limited use credential, a long-term use credential, and a communication identifier with the identifier for the user device, upon detecting activation of the identifier for the user device, providing, via a first communication channel related to the communication identifier, the limited use credential to the user device, and providing, via a second communication channel different from the first communication channel, the long-term use credential to the user device, the long-term use credential being cryptographically secured using the limited use credential, wherein the limited use credential is overwritten with a decrypted version of the long-term use credential.

Abstract: A constrained device, such as an Internet of Things (IoT) device, can use a handshake procedure to establish a secure transport session with a server and generate a corresponding client session state. The constrained device can encrypt the client session state into an encrypted client session state, and transmit the encrypted client session state to the server. When the constrained device enters an idle mode, the client session state may be cleared from memory of the constrained device. However, when the constrained device next wakes from the idle mode and re-enters an active mode, the constrained device can retrieve the encrypted client session state from the server. The constrained device can decrypt the encrypted client session state to recover the client session state, and use the recovered client session state to resume the secure transport session instead of establishing a new secure transport session with a new client session state.

Abstract: A computing device operates a first thread for a first layer of a plurality of layers of an application that are operated by different threads. The computing device maintains a first parameter that is shared by the first layer of the application and a second layer of the application. The second layer is operated by a second thread that is identified by a first address. When the first parameter is locally updated at the first thread, the computing device updates a local copy of the first parameter at the first thread and providing the locally updated first parameter to the second thread by using the first address. When the first parameter is remotely updated at the second thread, the computing device receives the remotely updated first parameter and updating the local copy of the first parameter at the first thread based on the received remotely updated first parameter.

Abstract: A middlebox system that maintains a load balancing configuration in a large scale IoT deployment is provided. The system performs reverse address translation for a first packet of a particular application from a first server to a first client according to a binding structure that couples a source address indicating the first client with (i) a destination addresses indicating the first server and (ii) an application client marker of the first client for the particular application. The system performs reverse address translation for a second packet of the particular application from a second server to the first client by using the application client marker in the binding structure to determine the source address indicating the first client.

Abstract: Systems and methods related to establishing a temporary trusted relationship between a network-based media service and a device that does not have a trusted relationship with the network-based media service are disclosed. In one embodiment, a method of operation of a first device having a trusted relationship with a network-based media service to establish a temporary trusted relationship between the network-based media service and a second device that does not have a trusted relationship with the network-based media service is provided. In one embodiment, the method of operation of the first device includes obtaining a certificate of the second device, generating a temporary token for the second device based on the certificate of the second device, and sending the temporary token for the second device to a server that provides the network-based media service to thereby pre-authorize the second device for temporary media service.

Abstract: Techniques are described herein for distributed data stream programming and processing. The techniques include sending a request indicating one or more regions of a program code to access a stream in a stream pool and to execute on a processing node in a processing nodes pool. The techniques also include accessing the stream defined in the one or more regions of the program code to service the request. Thereafter, the processing node is selected to use for execution of the one or more regions of the program code and the processing node executes one or more instances of the one or more regions of the program code.

Abstract: A system for routing Internet-of-Things (IoT) device notifications, or a method therefore are described. For example, a system includes a processor; and computer-readable instructions that, when executed by the processor, cause the system to perform operations including receiving, from a notification costumer, preferences for a selection of notifications associated with IoT devices; storing each notification of the notifications in one or more message queues, the message queues being associated with the preferences; and transmitting the selection of the notifications to the notification costumer, wherein the selection of notifications comprises a subset of the notifications.

Abstract: A 3rd Generation Partnership Project (3GPP) notification message may be received at a translation application at a core network of a wireless carrier network. The 3GPP notification message may include an indication of a loss of connectivity or a communication failure for an Internet-of-Things (IoT) device. The 3GPP notification message is translated by the translation application into a logically equivalent non-3GPP reachability status communication that indicates the IoT device is unreachable. The non-3GPP reachability status communication is sent by the translation application to a server of the wireless carrier network to trigger the server to queue one or more communication messages that are destined for the IoT device in a server queue. Likewise, another 3GPP notification message may be translated into an additional non-3GPP reachability status communication that causes the release of the one or more communication messages to the IoT device.

Abstract: Techniques are disclosed herein for ensuring convergence of states for reliable message delivery in geographically distributed message queuing systems. The techniques include receiving a message at a local system, in which the message is associated with a new message topic. Further, at least one commutative replicated data type (CRDT) object associated with the message is created, wherein the at least one CRDT object corresponds to a unique message identifier (ID). A new message state corresponding to the message ID and the message topic is entered in a message state table, wherein the message state entry indicates a message state corresponding to the message. At least one CRDT object is recorded in a message queue. Thereafter, a list of subscribers including individual subscribers mapped to the new message topic is resolved from a message destinations object. The message is then delivered to at least one of the individual subscribers.