Abstract: Embodiments relate to a method for enhancing and prioritizing operation technology (OT) control systems in a safety instrumented system (SIS) environment by incorporating safety levels. The method includes receiving network packets associated with OT systems by network interface. From network packets, OT systems associated with safety integrity level (SIL) values are identified. In response to identifying OT control systems associated with SIL values, determining priority levels from SIL values of OT systems. The method includes identifying, among OT control systems, network packets associated with a critical OT system associated with a SIL value having a higher priority level. The critical OT system may be prioritized that comprises encoding the network packets of the critical OT system, with corresponding SIL value. The prioritized critical OT system may be prioritized based on SIL value and classified into a network group associated with a network tag to deliver traffic with higher priority.

Abstract: In one implementation, a method is disclosed comprising: determining, by a process, a network topology of a particular computer network and capabilities of particular devices within the network topology; determining, by the process, a logical framework of the particular computer network; mapping, by the process, access control and segmentation features of the particular devices to the logical framework based on the capabilities of the particular devices; and causing, by the process, mapped access control and segmentation features to be implemented to enforce the logical framework within the network topology.

Abstract: Embodiments relate to a method for enhancing and prioritizing operation technology (OT) control systems in a safety instrumented system (SIS) environment by incorporating safety levels. The method includes receiving network packets associated with OT systems by network interface. From network packets, OT systems associated with safety integrity level (SIL) values are identified. In response to identifying OT control systems associated with SIL values, determining priority levels from SIL values of OT systems. The method includes identifying, among OT control systems, network packets associated with a critical OT system associated with a SIL value having a higher priority level. The critical OT system may be prioritized that comprises encoding the network packets of the critical OT system, with corresponding SIL value. The prioritized critical OT system may be prioritized based on SIL value and classified into a network group associated with a network tag to deliver traffic with higher priority.

Abstract: Embodiments relate to a method for enhancing and prioritizing operation technology (OT) control systems in a safety instrumented system (SIS) environment by incorporating safety levels. The method includes receiving network packets associated with OT systems by network interface. From network packets, OT systems associated with safety integrity level (SIL) values are identified. In response to identifying OT control systems associated with SIL values, determining priority levels from SIL values of OT systems. The method includes identifying, among OT control systems, network packets associated with a critical OT system associated with a SIL value having a higher priority level. The critical OT system may be prioritized that comprises encoding the network packets of the critical OT system, with corresponding SIL value. The prioritized critical OT system may be prioritized based on SIL value and classified into a network group associated with a network tag to deliver traffic with higher priority.

Abstract: In one embodiment, a process discovers network topology information of a particular computer network and creates a plurality of zones of devices in the particular computer network based on the network topology information. The process also discovers network communication activity patterns and endpoints of the particular computer network and creates a plurality of conduits between devices of the particular computer network based on the network communication activity patterns and endpoints of the particular computer network and association of the devices within the plurality of zones as described above.

Abstract: A zero-touch deployment (ZTD) manager receives a first request to issue a first cryptographic token to a constrained device for establishing a communications session between the constrained device and a secured resource. The ZTD manager evaluates identity information corresponding to the constrained device and determines whether the identity information is valid. If so, the ZTD manager returns the first cryptographic token to the constrained device, where it is stored in cache memory. The ZTD manager receives a second request to obtain a second cryptographic token from the secured resource. When the second cryptographic token is provided to the secured resource, the secured resource uses this second cryptographic token to validate the first cryptographic token and to facilitate the communications session with the constrained device.

Abstract: Methods, apparatus, and systems for the process-efficient generation of data records for data communications involving groups or aggregates of user equipment (UE), such as IoT devices, are described. In one illustrative example, for each one of a plurality of UEs associated with a group or aggregation identifier (ID), a request which includes data indicative of a network resource usage event of the UE is received and the data are stored in association with the group or aggregation ID. In response to identifying a predetermined condition, the data indicative of the network resource usage events associated with the group or aggregation ID are aggregated, and a request for generating a data record based on the aggregated data is sent to a data function for generating the data record. The generated data record (e.g. a CDR) may be stored for subsequent retrieval for reporting, analysis, network/communications management, or billing.

Abstract: Automatic onboarding of a device onto a cellular network may be provided through a Wireless Local Area Network (WLAN). Subsequent to a device connecting to a first network (e.g., the WLAN), information associated with the device and the first network may be received. One or more tags may be generated and an intent profile may be defined for the device based on the received information, where the intent profile may indicate at least a second network (e.g., the cellular network) that the device is enabled to connect with and one or more policies associated with the connection. The tags and intent profile may be transmitted to a service provider platform, and an onboarding profile template identified using the tags and the intent profile may be received from the service provider platform. The onboarding profile template may be provided to the device to enable connection to the second network.

Abstract: A zero-touch deployment (ZTD) manager receives a first request to issue a first cryptographic token to a constrained device for establishing a communications session between the constrained device and a secured resource. The ZTD manager evaluates identity information corresponding to the constrained device and determines whether the identity information is valid. If so, the ZTD manager returns the first cryptographic token to the constrained device, where it is stored in cache memory. The ZTD manager receives a second request to obtain a second cryptographic token from the secured resource. When the second cryptographic token is provided to the secured resource, the secured resource uses this second cryptographic token to validate the first cryptographic token and to facilitate the communications session with the constrained device.

Abstract: In one embodiment, an illustrative method herein may comprise: detecting, by a device, a new asset in a network with a media access control address; monitoring, by the device, the new asset to learn one or more contextual attributes of the new asset in the network; generating, by the device, a profile of the new asset based on the media access control address and the one or more contextual attributes; and using, by the device, the profile to define access and control over the new asset in the network.

Abstract: Methods, apparatus, and systems for the process-efficient generation of data records for data communications involving groups or aggregates of user equipment (UE), such as IoT devices, are described. In one illustrative example, for each one of a plurality of UEs associated with a group or aggregation identifier (ID), a request which includes data indicative of a network resource usage event of the UE is received and the data are stored in association with the group or aggregation ID. In response to identifying a predetermined condition, the data indicative of the network resource usage events associated with the group or aggregation ID are aggregated, and a request for generating a data record based on the aggregated data is sent to a data function for generating the data record. The generated data record (e.g. a CDR) may be stored for subsequent retrieval for reporting, analysis, network/communications management, or billing.

Abstract: Methods, apparatus, and systems for the process-efficient generation of data records for data communications involving groups or aggregates of user equipment (UE), such as IoT devices, are described. In one illustrative example, for each one of a plurality of UEs associated with a group or aggregation identifier (ID), a request which includes data indicative of a network resource usage event of the UE is received and the data are stored in association with the group or aggregation ID. In response to identifying a predetermined condition, the data indicative of the network resource usage events associated with the group or aggregation ID are aggregated, and a request for generating a data record based on the aggregated data is sent to a data function for generating the data record. The generated data record (e.g. a CDR) may be stored for subsequent retrieval for reporting, analysis, network/communications management, or billing.

Abstract: Automatic onboarding of a device onto a cellular network may be provided through a Wireless Local Area Network (WLAN). Subsequent to a device connecting to a first network (e.g., the WLAN), information associated with the device and the first network may be received. One or more tags may be generated and an intent profile may be defined for the device based on the received information, where the intent profile may indicate at least a second network (e.g., the cellular network) that the device is enabled to connect with and one or more policies associated with the connection. The tags and intent profile may be transmitted to a service provider platform, and an onboarding profile template identified using the tags and the intent profile may be received from the service provider platform. The onboarding profile template may be provided to the device to enable connection to the second network.

Abstract: Automatic onboarding of a device onto a cellular network may be provided through a Wireless Local Area Network (WLAN). Subsequent to a device connecting to a first network (e.g., the WLAN), information associated with the device and the first network may be received. One or more tags may be generated and an intent profile may be defined for the device based on the received information, where the intent profile may indicate at least a second network (e.g., the cellular network) that the device is enabled to connect with and one or more policies associated with the connection. The tags and intent profile may be transmitted to a service provider platform, and an onboarding profile template identified using the tags and the intent profile may be received from the service provider platform. The onboarding profile template may be provided to the device to enable connection to the second network.

Abstract: Automatic onboarding of a device onto a cellular network may be provided through a Wireless Local Area Network (WLAN). Subsequent to a device connecting to a first network (e.g., the WLAN), information associated with the device and the first network may be received. One or more tags may be generated and an intent profile may be defined for the device based on the received information, where the intent profile may indicate at least a second network (e.g., the cellular network) that the device is enabled to connect with and one or more policies associated with the connection. The tags and intent profile may be transmitted to a service provider platform, and an onboarding profile template identified using the tags and the intent profile may be received from the service provider platform. The onboarding profile template may be provided to the device to enable connection to the second network.

Abstract: Techniques for interface bandwidth management. A wired interface bandwidth is configured for a wired interface of a router. A cellular interface bandwidth is configured for a cellular interface of cellular interfaces of the router. The cellular interface bandwidth includes an uplink bandwidth. One or more instantaneous uplink throughput values for the cellular interface are determined based on one or more uplink throughput per resource block values for the cellular interface. A predicted average uplink throughput for the cellular interface is determined based on the one or more instantaneous uplink throughput values. The uplink bandwidth is dynamically adjusted based on the predicted average uplink throughput determined for the cellular interface of the router.

Abstract: In one illustrated example, automated or semi-automated system operations for Massive IoT (MIoT) deployment may involve the automatic assignment of external IDs, subscriber IDs (e.g. IMSIs), and mobile network IDs (e.g. MSISDNs) to IoT devices of a group, followed by the provisioning of assigned identities at the relevant network nodes and the IoT devices themselves. The process may continue seamlessly with network slice orchestration for the creation of a network slice instance (NSI) and the provisioning of its associated Network Slice Selection Assistance Information (NSSAI) and NSI ID at the relevant network nodes. Network Slice Selection Policies (NSSP) may be derived and sent to a policy function and subsequently to IoT devices of the group. Signaling efficiency may be achieved by performing operations on a group basis.

Abstract: Methods, apparatus, and systems for the process-efficient generation of data records for data communications involving groups or aggregates of user equipment (UE), such as IoT devices, are described. In one illustrative example, for each one of a plurality of UEs associated with a group or aggregation identifier (ID), a request which includes data indicative of a network resource usage event of the UE is received and the data are stored in association with the group or aggregation ID. In response to identifying a predetermined condition, the data indicative of the network resource usage events associated with the group or aggregation ID are aggregated, and a request for generating a data record based on the aggregated data is sent to a data function for generating the data record. The generated data record (e.g. a CDR) may be stored for subsequent retrieval for reporting, analysis, network/communications management, or billing.

Abstract: In one illustrated example, automated or semi-automated system operations for Massive IoT (MIoT) deployment may involve the automatic assignment of external IDs, subscriber IDs (e.g. IMSIs), and mobile network IDs (e.g. MSISDNs) to IoT devices of a group, followed by the provisioning of assigned identities at the relevant network nodes and the IoT devices themselves. The process may continue seamlessly with network slice orchestration for the creation of a network slice instance (NSI) and the provisioning of its associated Network Slice Selection Assistance Information (NSSAI) and NSI ID at the relevant network nodes. Network Slice Selection Policies (NSSP) may be derived and sent to a policy function and subsequently to IoT devices of the group. Signaling efficiency may be achieved by performing operations on a group basis.

Abstract: Methods, apparatus, and systems for the process-efficient generation of data records for data communications involving groups or aggregates of user equipment (UE), such as IoT devices, are described. In one illustrative example, for each one of a plurality of UEs associated with a group or aggregation identifier (ID), a request which includes data indicative of a network resource usage event of the UE is received and the data are stored in association with the group or aggregation ID. In response to identifying a predetermined condition, the data indicative of the network resource usage events associated with the group or aggregation ID are aggregated, and a request for generating a data record based on the aggregated data is sent to a data function for generating the data record. The generated data record (e.g. a CDR) may be stored for subsequent retrieval for reporting, analysis, network/communications management, or billing.