Abstract: The present disclosure relates to systems and methods for in-transit protocol translation. Specifically, various approaches are described for translating protocols for intermediate networks in a way by which there is no need of support for encapsulation/decapsulation at the end hosts and does not require any changes to end hosts or transit networks. Various embodiments include intercepting traffic between one or more source client devices and a transit network; detecting a first communication protocol used by the one or more source client devices in the traffic; translating the traffic from the first communication protocol to a second communication protocol; and forwarding the traffic to the transit network using the second communication protocol.

Abstract: A method implemented via a cloud-based system for network slicing in a 5G network includes connecting with a device that connects to the 5G network, wherein the cloud-based system includes a plurality of nodes interconnected to one another and including one or more nodes integrated in a user plane of the 5G network; inline monitoring traffic between the device and destinations including any of the Internet, cloud services, private applications, edge compute, Multiaccess Edge Compute (MEC), public/private data centers, and public/private clouds; and enforcing bandwidth control, in the 5G network, to a defined Quality of Service for a slice associated with the device.

Abstract: Systems and methods, in a lightweight connector including a processor communicatively coupled to a network interface, include connecting to a cloud-based system, via the network interface; connecting to one or more of a file share and an application, via the network interface; and providing access to a user device to the one or more of the file share and the application via a stitched connection between the network interface and the user device through the cloud-based system. The systems and methods can further include receiving a query for discovery; and responding to the query based on the one or more of the file share and the application connected thereto.

Abstract: Systems and methods include obtaining log data for a plurality of users of an enterprise where the log data relates to usage of a plurality of applications by the plurality of users; determining i) app-segments that are groupings of application of the plurality of applications and ii) user-groups that are groupings of users of the plurality of users; and providing access policy of the plurality of applications based on the user-groups and the app-segments. The steps can further include monitoring the access policy over time based on ongoing log data, manual verification of the access policy, and incidents where users are prevented from accessing any application; and adjusting the determined based on the monitoring.

Abstract: Systems and methods for selectively exposing Application Programming Interfaces (APIs) dynamically and in a scalable manner include, when a new API is exposed in a microservice, making it accessible via a gateway if it is indicated to be exposed. The present disclosure focused on exposing a range of services behind the API gateway in a scalable, easy to use manner. The present disclosure includes an API gateway that supports a new microservice easily and efficiently as long as it provides metadata. The API gateway dynamically decides which APIs will be exposed via the gateway with filtering per service. Also, the API gateway routes any request made by a user to the gateway back to the intended microservice in a transparent fashion, as well as performing any additional transformations of the request before sending it back to the microservice.

Abstract: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

Abstract: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

Abstract: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

Abstract: Systems and methods for selectively exposing Application Programming Interfaces (APIs) dynamically and in a scalable manner include, when a new API is exposed in a microservice, making it accessible via a gateway if it is indicated to be exposed. The present disclosure focused on exposing a range of services behind the API gateway in a scalable, easy to use manner. The present disclosure includes an API gateway that supports a new microservice easily and efficiently as long as it provides metadata. The API gateway dynamically decides which APIs will be exposed via the gateway with filtering per service. Also, the API gateway routes any request made by a user to the gateway back to the intended microservice in a transparent fashion, as well as performing any additional transformations of the request before sending it back to the microservice.

Abstract: Systems and methods for limiting calls to access a cloud-based system are disclosed. The systems and methods obtain a rate limiting policy including at least one attribute and a counting interval, the at least one attribute including at least one of a username associated with a client, an instance, an organization associated with the client, a resource being requested, a service being requested, a geographical access region, and an Application Programming Interface (API) being requested. The systems and methods also mark an entry, based on the rate limiting policy, in a database for each call the client makes. The systems and methods further enforce the rate liming policy by not processing calls from the client associated with the at least one attribute that are made for a count of calls marked that is beyond the counting interval.

Abstract: Systems and methods for managing configurations of distributed computing services include responsive to an update to a configuration of a service, performing a write to a cryptographically bound journal; validating the write by a plurality of validators; responsive to validation of the write, permanently recording the write in the cryptographically bound journal in a block chain; and providing an update to the cryptographically bound journal to the distributed computing services.

Abstract: Systems and methods, in a lightweight connector including a processor communicatively coupled to a network interface, include connecting to a cloud-based system, via the network interface; connecting to one or more of a file share and an application, via the network interface; and providing access to a user device to the one or more of the file share and the application via a stitched connection between the network interface and the user device through the cloud-based system. The systems and methods can further include receiving a query for discovery; and responding to the query based on the one or more of the file share and the application connected thereto.

Abstract: Virtual private access systems and methods implemented in a clientless manner on a user device are disclosed. The systems and methods include receiving a request to access resources from a Web browser on the user device at an exporter in a cloud system. The resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet. The systems and methods also include performing a series of connections between the exporter and i) the Web browser and ii) centralized components to authenticate a user of the user device for the resources. The systems and methods further include, subsequent to authentication, exchanging data between the Web browser and the resources through the exporter. The exporter has a first secure tunnel to the Web browser and a second secure tunnel to the resources.

Abstract: Systems and methods for managing configurations of distributed computing services include responsive to an update to a configuration of a service, performing a write to a cryptographically bound journal; validating the write by a plurality of validators; responsive to validation of the write, permanently recording the write in the cryptographically bound journal in a block chain; and providing an update to the cryptographically bound journal to the distributed computing services.

Abstract: Virtual private access systems and methods implemented in a clientless manner on a user device include receiving a request to access resources from a Web browser on the user device at an exporter in a cloud system, wherein the resources are located in one of a public cloud and an enterprise network and the user device is remote therefrom on the Internet; performing a series of connections between the exporter and i) the Web browser and ii) centralized components including a crypto service, database, cookie store, and Security Assertion Markup Language (SAML) Service Provider (SP) component to authenticate a user of the user device for the resources; and, subsequent to authentication, exchanging data between the Web browser and the resources through the exporter, wherein the exporter has a first secure tunnel to the Web browser and a second secure tunnel to the resources.

Abstract: The invention is directed to techniques for processing order messages exchanged between a client and an order server. The order messages can be for products and services that the customer orders from a vendor. The client provides the input order messages, which contain order commands in a predefined document format, to an order message manager of the order server, which also provides an order message sorter and message processing modules. The order message sorter reads the input document in the input order message to determine a type for the message and then directs the message to a message processing module capable of processing that type of order message. The message processing module processes the input document, obtains data if needed from an order database, and prepares an output document to include in an output order message to be returned to the client.

Abstract: A location-based payer charging system includes a charging database including at least one transportation charge element associated with a transportation provider. A system provider device in the location-based payer charging system is coupled to a network and the charging database. The system provider device is operable to receive first location data from a payer device over the network in response to the payer device entering a first transportation area, and then receive second location data from the payer device over the network in response to the payer device exiting a second transportation area. The system provider device will then determine a payment amount using the first location data, the second location data, and a transportation charge element retrieved from the charging data, and send an instruction to charge the payment amount to a payer account that is associated with the payer device.

Abstract: The invention is directed to techniques for processing order messages exchanged between a client and an order server. The order messages can be for products and services that the customer orders from a vendor. The client provides the input order messages, which contain order commands in a predefined document format, to an order message manager of the order server, which also provides an order message sorter and message processing modules. The order message sorter reads the input document in the input order message to determine a type for the message and then directs the message to a message processing module capable of processing that type of order message. The message processing module processes the input document, obtains data if needed from an order database, and prepares an output document to include in an output order message to be returned to the client.

Abstract: The invention is directed to techniques for processing order messages exchanged between a client and an order server. The order messages can be for products and services that the customer orders from a vendor. The client provides the input order messages, which contain order commands in a predefined document format, to an order message manager of the order server, which also provides an order message sorter and message processing modules. The order message sorter reads the input document in the input order message to determine a type for the message and then directs the message to a message processing module capable of processing that type of order message. The message processing module processes the input document, obtains data if needed from an order database, and prepares an output document to include in an output order message to be returned to the client.

Abstract: In one embodiment, one or more network devices located on a call path for packets destined to a server running applications examines payloads included in the packets to associate different ones of the packets to different ones of the applications. Information about the packets and the associations are used to determine which ones of the applications conform to their respective Service Level Agreements (SLAs).