Abstract: Provided in the embodiments of the present disclosure are a method and device for processing a data packet, a storage medium, and an electronic device. The method includes: in a case where a Bit-Forwarding Ingress Router (BFIR) performs Bit Index Explicit Replication (BIER) packet encapsulation and outer Internet Protocol Version 6 (IPv6) packet encapsulation on a data packet, copying an Entropy field in a BIER packet header to a position of a Flow Label field of an outer IPv6 packet, and placing a label value allocated for Virtual Private Network (VPN) data in a position of the original Entropy field in the BIER packet header; and setting a data packet after the BIER packet header, and setting a Proto field in the BIER packet header to a corresponding value indicating a data packet type of the data packet.

Abstract: Techniques for multi-tenant overlays with per-tenant distributed routing are described herein. The techniques may include provisioning an overlay network such that tenants hosted by a forwarding plane of the overlay network are each configured to forward routing protocol packets to a routing control plane of the overlay network and the routing control plane of the overlay network is configured to determine routing paths between each tenant and respective destinations. A routing protocol packet may be sent to the routing control plane by a first tenant. The routing protocol packet may include an indication of a destination that is served by the first tenant. Based on receiving the routing protocol packet, the routing control plane may determine one or more routing paths between the tenants and the destination. Additionally, an indication of the routing path may be sent to the tenants.

Abstract: A packet transmission method and apparatus, a device, and a computer-readable storage medium. An example is used in which the method is applied to a first communication device serving as an intermediate node in a transmission process. The method includes: the first communication device first obtains a first packet; selects, based on a network quality condition corresponding to the first packet, a first physical interface from at least two physical interfaces corresponding to a logical interface to send the first packet. A network quality parameter of the first physical interface corresponds to the network quality condition.

Abstract: A method for obtaining, by a first network device of a pair of network devices, a packet, wherein the packet specifies a source address corresponding to a first client device and a destination address corresponding to a second client device, making a first determination, by the first network device and using the source address and the destination address, that the first network device is not an owner of bidirectional traffic associated with the packet, based on the first determination, transmitting, by the first network device, the packet to a second network device of the pair of network devices, making a second determination, by the second network device, that the second network device is the owner of bidirectional traffic associated with the packet, performing, in response to the second determination and by the second network device, data processing on the packet to generate a processing result.

Abstract: A method performed by a Domain Name System (DNS) name server for providing Segment Routing (SR) Internet Protocol (IP) version 6 (SRv6) information. The method includes receiving a DNS query for an SRv6 resource record (RR) corresponding to a DNS name; determining whether data corresponding to the DNS name comprises the SRv6 RR in response to the DNS query; and transmitting a DNS response, wherein the DNS response comprises the SRv6 RR when the data comprises the SRv6 RR.

Abstract: Techniques for group-based classification and policy enforcement at a network fabric edge for traffic that is being sent to external network destinations are disclosed herein. The techniques may include receiving, at a control plane of a network and from an edge node of the network, a request to provide mapping data associated with sending a packet to a destination. Based at least in part on an address prefix value associated with the destination, the control plane may determine that the destination is located in an external network. Additionally, a group identifier that is associated with the destination may be determined. In this way, an indication of the group identifier may be sent to the edge node such that the edge node may determine, based at least in part on the group identifier, a policy decision for routing the packet to the external network.

Abstract: A method includes: A first transmission unit packs, at a protocol layer of the first transmission unit, to-be-transmitted data of an application layer of the first transmission unit, to generate a data packet. The data packet includes data type information, the data type information indicates an application scenario of the data packet, and the application scenario includes any one of a camera scenario, a display scenario, and a storage scenario. The first transmission unit sends the data packet to a physical layer of the first transmission unit through the protocol layer of the first transmission unit. The first transmission unit sends the data packet to a second transmission unit through the physical layer of the first transmission unit.

Abstract: According to embodiments herein e.g. a method performed by a network node unit for managing packet handling in a communications network is provided. The network node unit reads through routing entries in a routing information base. The network node unit performs for one or more routing entries, a hash process on a network address of the routing entry into a hashed network address associated with an identity of a forwarding unit. The network node unit sends information relating to the routing entry to the forwarding unit with the identity thereby partitioning the routing entries to different forwarding units e.g. targeted by a correlated traffic distribution mechanism.

Abstract: A cloud exchange platform includes policy-based routing. Labeling (or tagging) on a multi-tenant virtual private network (VPN) facilitates recognition of active routes for a flow. The tags can be implemented such that flows are treated as having active routes across a multi-tenant VPN to enable a customer to treat flows as having an identifiable active route through the multi-tenant VPN. Thus, for example, BGP can be used as a generalized signaling protocol to carry information about flows through a multi-tenant VPN.

Abstract: A computer-implemented method, a computer system and a computer program product manage network throughput based on weather conditions. The method includes identifying a weather condition from a weather forecast. The weather condition includes a geographic area and a time period. The method also includes collecting historical data associated with the network. The historical data includes the network throughput during a past event. The method further includes determining that the weather condition will lower the network throughput below a threshold based on the network throughput during the past event. Lastly, the method includes dynamically creating software application containers on a server at a time prior to the time period of the weather condition. The software application containers are accessed by a user computing device within the geographic area.

Abstract: The disclosure relates to methods and products for processing stream requests. Upon obtaining the stream requests, an initial TSN scheduling is computed at a CNC based on an initial TSN capability obtained from a dynamic bridge (DB). Then, a loop is started. At each iteration, it is determined, based on information related at least to the last computed TSN scheduling, whether or not to provide information related to an updated TSN capability of the DB to the CNC. If it is decided to provide said information, the CNC computes, based on said information, an updated TSN scheduling. Else, the loop is exited. It is determined, based on at least one computed TSN scheduling, whether to configure the TSN according to one of said at least one computed TSN scheduling or to request an adjustment of at least one stream request.

Abstract: In one embodiments, data communication system include a communication apparatus, which is configured to receive data from different user equipment devices a schedule of time periods, and packetize the data from respective ones of the user equipment devices for respective ones of the time periods into packets, a memory including a plurality of buffers, and a network interface controller configured to receive the packets from the communication apparatus, and scatter respective portions of the data belonging to respective groups of successive ones of the time periods to the buffers, responsively to a static set of steering rules, and timing information of respective ones of the packets, and wherein each respective portion of the data is scattered to the buffers a same scatter pattern.

Abstract: There is herein described a method of transmitting a data packet from a first node to a second node in accordance with a predetermined arrangement between a first party and a second party, the method including receiving information relating to a characteristic of the data packet at a smart contract using the received information relating to a characteristic of the data packet to determine a location at which a change to the data packet occurred.

Abstract: A method is proposed for operating a network with several subscribers in the network. For this purpose, the network has at least one switch (10, 11, 12), at least two terminals and at least one controller. According to the invention, the controller can now communicate with one of the terminals via an application protocol. For this purpose, data is sent and/or received as data packets. In order to be able to schedule the communication, time slots are provided for sending the data packets that are adapted to a maximum possible packet size. For this purpose, the time slots have a start time and an end time so that they can overlap in different branches of the network. To optimize communication time, the packet sizes (5) can be changed. To avoid wasting bandwidth in the network, the time slots are adapted to the packet size accordingly by changing the start times and the end times (6).

Abstract: A method and apparatus for managing buffering of data packets of a network card, a terminal and a storage medium are provided.

Abstract: Systems and methods are provided for performing operations including: retrieving, by one or more processors, a plurality of content items; identifying a list of friends of a user on a messaging application; obtaining reaction data for each friend in the list of friends, the reaction data identifying a set of content items to which respective ones of the friends in the list of friends reacted; selecting, based on the reaction data, a first content item in the plurality of content items that is included in the set of content items to which respective ones of the friends in the list of friends reacted; and presenting the first content item to the user in a presentation arrangement of a graphical user interface.

Abstract: Methods, systems, and storage media for generating polls in an end-to-end encrypted messaging platform are disclosed. Exemplary implementations may: initiate, by an initiator, a poll comprising a poll name, an ending time, and response choices; generate a message to a group of users regarding the poll; for each user of the group of users, generate a key pair comprising a chain key and a signature key; receive, from a user of the group of users, a selection comprising at least one of the response choices; and cause display of the selection through the poll.

Abstract: A method for providing a mutual-liking-based chat service is disclosed. A method by which a server provides a chat service, according to an embodiment of the present invention, may comprise the steps of: receiving mutual liking scores between users from user terminals; calculating a summed score for each of other users by summing a liking score which a first user has assigned to each of the other users and a liking score assigned from each of the other users, if a special chat room opening request of the first user among the users is received; selecting a second user corresponding to the highest score from among the summed scores; and opening a special chat room between the first user and the second user.

Abstract: A communication management system manages the exchange of messages between devices using different communication networks and/or protocols. A sender device may transmit a message (e.g., a short message service “SMS” message) to a destination associated with a traditional “landline” phone number. The message may be delivered over a traditional landline phone network. The communication management system can receive the message via the phone network, process the message, and provide the message to one or more electronic devices over a packet switched network, such as a local area network or the Internet. The electronic devices may use chat-based application software to process and display the message, provide robust message handline functionality, and facilitate responses to the message.

Abstract: An information processing device includes a processor, in which the processor accepts designation of a message, and presents a document used by a user within a period determined from a time when at least one of a designated message and a message related to the designated message has been transmitted, as a document related to the designated message.

Abstract: The subject technology retrieves, by a client device from a storage device, first image data captured by the client device at a previous time. The subject technology receiving first metadata corresponding to a selected image processing operation. The subject technology generates second image data based on the first metadata and the image processing operation performed on the first image data. The subject technology generates second metadata comprising information related to the image processing operation, the second metadata including a first identifier associated with the first image data, and second identifier associated with the second image data. The subject technology generates a message comprising the second metadata, the second image data, and the first image data.

Abstract: Systems, methods, and computer program products for adaptively splitting electronic chats are provided. One embodiment includes receiving an electronic chat comprising a set of electronic chat messages, each of the electronic chat messages in the set of electronic chat messages having a timestamp; determining a set of time gaps between the electronic chat messages from the set of electronic chat messages; determining a set of models that model the set of time gaps, selecting an optimum model from the set of models; based on selecting the single Gaussian distribution as the optimum model, determining that the electronic chat comprises a single electronic chat, and storing the set of electronic chat messages as the single electronic chat.

Abstract: A method is described for managing the receipt of a message sent by a transmitting device via a communication network, the message being intended to be reproduced and being capable of being searched for among a plurality of received messages. The method includes receiving a message comprising a datum representative of a message with conditional display, the message only being displayed if it is the result of a search.

Abstract: A first request to create a content template for messages to be sent via communications channels via a software-as-a-service (SaaS) platform is received via a first application programming interface (API) call. The first request specifies elements of the content template in a first format. The content template comprising the elements in the first format is created based on the first request. The first format is translatable to channel-specific formats corresponding to the communication channels. The content template in the first format is stored at the SaaS platform.

Abstract: Embodiments of the present application relate to the field of communications, and provide a method for accessing a network, a media gateway, an electronic device and a storage medium. The present application provides a method for accessing a network, applied to a media gateway, including: establishing a private media channel between a client and a target platform; and binding the private media channel to a user public network transmission resource corresponding to the client, and obtaining a media link between the client and the target platform to perform media communication between the target platform and the client via the media link; the user public network transmission resource is obtained after converting a local transmission resource of the client by a network address translation (NAT) device.

Abstract: Implementations described and claimed herein provide systems and methods for serving content over a network. In one implementation, a method of serving content is provided. The method includes maintaining a first address record associated with serving a resource and a second address record associated with serving the same resource. The first address record is further associated with a first protocol for a first device capable of serving the resource. Similarly, the second address record is associated with a second protocol, different from the first protocol, for a second device, distinct from the first device, capable of serving the resource. The method further includes providing, in response to at least one resolution request for the resource, the first address record and the second address record.

Abstract: Systems, methods, and products for identifying IP mass hosts and determining whether they are good or bad. One embodiment is a method including selecting a first candidate IP address, identifying a set of domains hosted at the IP address, and identifying registrants of the domains. A number of unique ones of the registrants is determined and if the number of unique registrants exceeds a threshold number, the candidate IP address is deemed an IP mass host. Otherwise, the candidate IP address is deemed not to be an IP mass host. For an IP mass host, domains that have bad reputations are identified, and it is determined whether the bad domains comprise at least a threshold percentage of the total hosted domains. If the IP mass host has at least the threshold percentage of bad domains, the IP mass host is deemed a bad mass host.

Abstract: Example methods are provided for a destination host to implement a firewall in a virtualized computing environment that includes the destination host and a source host. The method may comprise receiving, via a physical network interface controller (PNIC) of the destination host, an ingress packet sent by the source host. The ingress packet may be destined for a destination virtualized computing instance that is supported by the destination host and associated with a destination virtual network interface controller (VNIC). The method may further comprise retrieving a PNIC-level firewall rule associated with the destination virtualized computing instance, the PNIC-level firewall rule being applicable at the PNIC and generated by based on a VNIC-level firewall rule applicable at the destination VNIC. In response to determination that the PNIC-level firewall rule blocks the ingress packet from passing through, the ingress packet may be dropped such that the ingress packet is not sent to the destination VNIC.

Abstract: Described are techniques for grouping user profiles onto Virtual Private Networks (VPNs) including a computer-implemented method comprising creating a user profile at a VPN manager and associating the user profile with a set of demographically similar user profiles based on characteristics of the user profile. The computer-implemented method further comprises assigning the user profile to least one VPN server that is associated with the set of demographically similar user profiles. The computer-implemented method further comprises providing encrypted internet access to a device associated with the user profile via the at least on VPN server. The computer-implemented method further comprises transmitting resources to the device associated with the user profile via the at least one VPN server, where the resources are customized for the set of demographically similar user profiles.

Abstract: A method including configuring a virtual private network (VPN) server, having established VPN connections with one or more user devices, aggregate amounts of VPN data communicated with a host device; configuring the VPN server to determine difference amounts indicating differences in the aggregate amounts of VPN data; configuring the VPN server to determine average aggregate amounts of VPN data; configuring the VPN server to determine a largest average aggregate amount, from among the average aggregate amounts, as an average threshold level; and configuring the VPN server to selectively transmit a notification to the one or more devices indicating that the one or more user devices is to manage transmission of data from the one or more user devices based at least in part on a result of comparing the average threshold level with an observed average aggregate amount. Various other aspects are contemplated.

Abstract: A method including receiving, by a device from a virtual private network (VPN) server, a notification indicating that the device is to manage transmission of data from the device to the VPN server, the notification being received based at least in part on a determination that an observed average aggregate amount of VPN data communicated with a host device satisfies an average threshold level associated with an aggregate amount of VPN data communicated with the host device; and managing, by the device, transmission of the data from the device to the VPN server based at least in part on receiving the notification. Various other aspects are contemplated.

Abstract: A cloud exchange platform includes policy-based routing. Labeling (or tagging) on a multi-tenant virtual private network (VPN) facilitates recognition of active routes for a flow. The tags can be implemented such that flows are treated as having active routes across a multi-tenant VPN to enable a customer to treat flows as having an identifiable active route through the multi-tenant VPN. Thus, for example, BGP can be used as a generalized signaling protocol to carry information about flows through a multi-tenant VPN.

Abstract: One example may include forwarding a request sent outside a VPN server, via a client device, to access a second communication network detected by the client device, and the client device is communicating with the VPN server over a first communication network, responsive to receiving a captive portal, forwarding, via the client device, authentication information to obtain access to the second communication network, and the authentication information is not forwarded to the VPN server, and receiving data, by the client device, from a remote server over a bonded connection including a first connection provided by the first communication network bonded with a second connection provided by the second communication network to form the bonded connection.

Abstract: Embodiments of systems and methods for DNS leak prevention and protection, including protection against DNS tunneling attacks, are disclosed herein. In particular, certain embodiments include a local DNS protection agent installed on a system and an associated trusted external DNS protection server. The DNS protection agent prevents DNS leaks from applications on the system such that all DNS requests from the system are confined to requests from the DNS protection agent to the associated DNS protection server. As the DNS leak prevention provided by the DNS protection agent stops applications on the system from circumventing the DNS protection server, all DNS requests originating from the system remain under the control of the DNS protection server and thus desired DNS protection (e.g., as implemented on the DNS protection server) may be maintained. Certain embodiments prevent applications from using certain DNS security protocols, such as DoH and DoT, without going through the DNS protection agent.

Abstract: A system having an off-premises proxy server residing in a cloud computing environment and backend servers residing in an enterprise computing environment are provided. Requests received by the off-premises proxy server for access to a first, non-publicly accessible backend server are routed to a tunnel server which stores the request and waits to be polled by a tunnel agent connected to the first backend server. When the tunnel server is polled, the request is forwarded through an HTTP tunnel to the tunnel agent, which forwards it to the backend server for processing. Responsive information is returned to the tunnel agent, which forwards it through the HTTP tunnel to the tunnel server and returned through the off-premises proxy server to the remote application. Requests for access to a first, publicly accessible backend server are routed by the off-premises proxy server directly to the backend server for processing and return of responsive information.

Abstract: A method, computer system, and a computer program product for data confidentiality is provided. The present invention may include detecting a confidentiality level of data within a source edge. The present invention may include identifying a required safety level of a route of travel based on the detected confidentiality level. The present invention may include selecting the route of travel based on the required safety level and the detected confidentiality level.

Abstract: Embodiments of the present invention provide a centralized for allowing communication and transmission of data between entities and third party entities to securely provide requisitions to users. The system is configured for receiving a requisition request from an entity system, wherein the requisition request is associated with a user, in response to receiving the requisition request, performing one or more data transformations to transform at least a part of data associated with the requisition request, transmitting transformed data associated with the requisition request to an intermediary system, transmitting one or more control signals to the intermediary system to cause the intermediary system to transmit the transformed data associated with the requisition request to one or more third party entities, and determining that the intermediary system received one or more requisitions from the one or more third party entities.

Abstract: A middleware system and corresponding methods are described whereby data communications, either inter-device or intra-device, are coordinated using a set of cryptographic identifiers that correspond to computing elements, such as interfaces, methods, parameters, classes, among others. The cryptographic identifiers are coupled to data messages being sent across the middleware system and processed to indicate adherence to protocol standards and/or to cause transformation of the data messages such that the receiver receives a data message adhering to their acceptable protocol standards.

Abstract: Novel tools and techniques might provide for implementing secure communications for IoT devices. In various embodiments, a gateway or computing device might provide connectivity between or amongst two or more Internet of Things (“IoT”) capable devices, by establishing an IoT protocol-based, autonomous machine-to-machine communication channel amongst the two or more IoT capable devices. For sensitive and/or private communications, the gateway or computing device might establish a secure off-the-record (“OTR”) communication session within the IoT protocol-based, autonomous machine-to-machine channel, thereby providing encrypted machine-to-machine communications amongst the two or more IoT capable devices, without any content of communications that are exchanged amongst the IoT capable devices over the secure OTR communication session being recorded or logged.

Abstract: A first computational device, connected over a network to a second computational device, generates unique datagram distribution information and places it into an unencrypted portion of a plurality of secure IP datagrams comprising a first stream, and sends the plurality of secure IP datagrams over the network to the second computational device. The second computational device is configured to examine each one of the plurality of the secure IP datagrams for the unique datagram distribution information, and uses the unique datagram distribution information to distribute all of the plurality of the secure datagrams to a first one of a plurality of CPU cores comprising the second computational device.

Abstract: A method includes storing first authentication information and second authentication information, the first authentication information being information for a user to access a first information processing device, the second authentication information including third authentication information and fourth authentication information, the third authentication information being information for the user to access a second information processing device, and the fourth authentication information being information for the user to access a third information processing device; acquiring first index information from the second information processing device based on the third authentication information; acquiring second index information from the third information processing device based on the fourth authentication information; and generating a list including the first index information with a first indication, and the second index information with a second indication different from the first indication.

Abstract: Systems and methods relate generally to device code flows. In an example, a method relating generally to a device code flow is disclosed. In such a method, a personal identification code is generated by a server responsive to input of a user code and associated credentials from a first user device. The personal identification code is sent to a second user device different from the first user device. Input of the personal identification code via the first user device is requested. A challenge is generated using the personal identification code.

Abstract: A method for authenticating a user in a session initiated on a computing device is disclosed herein.

Abstract: A method for issuing a certificate with a specific certificate profile to a plant component of an industrial plant by a certification authority of the industrial plant, wherein an automated check is performed to determine whether the specific certificate profile can be used by the plant component, and whether the specific certificate profile in the industrial plant is assignable to the plant component before a certificate application made by the plant component is transmitted to the certification authority, where the certificate application is transmitted to the certification authority which, in the event of a successful check of the certificate application, issues the requested certificate with the specific certificate profile for the plant component if both checks are successful.

Abstract: Remote desktop protocol (RDP) is a proprietary protocol for controlling machines over a network. In order to overcome certain deficiencies of the protocol a method is disclosed utilized in a zero trust cloud environment, to provide access to a RDP servers utilizing multifactor authorization services which are not natively supported by RDP. This is performed utilizing an RDP client while simultaneously providing an authenticated and secure policy based experience through a zero trust network.

Abstract: An approach is provided for distributed output device credential caching. An output device authenticates a user for accessing the output device. The output device receives a request to access a protected remote resource. The output device determines that credentials, for accessing the protected remote resource, are not stored at the output device. The output device retrieves data that specifies output device peers. The output device obtains the credentials by querying the output device peers specified by the data that specifies the output device peers. The output device verifies that the credentials are currently valid for the protected remote resource. The output device services the request by accessing the protected remote resource using the credentials.

Abstract: A system and method for a patient to initiate and complete a voice-enabled, computerized, symptom-based medical history, at the time the patient is concerned about a medical problem. The interview mimics the real in-office medical interview between a patient and physician, complete with voice audible questions and responses, and is constructed to uncover factual information related to the patient’s current complaint. Once the medical history is complete it is sent to the patient’s physician through the physician’s Electronic Health Record system, the physician is then alerted that history report is waiting, and after reviewing the report, the physician calls the patient for a follow up interview to determine an appropriate next action for the patient.

Abstract: A system and method for security of Internet of things (IoT) devices are discussed. A user of a mobile device, such as a customer of a wireless communication network, may remotely lock an IoT device while concomitantly assigning an ad hoc password to the IoT device that can be subsequently used to unlock the device. Alternatively, an IoT device may self-lock and produce a password in response to detecting its motion. The produced password may be provided to the user of a mobile device and used later to unlock the IoT device.

Abstract: In a display system according to the present disclosure, a server device includes an authentication processor that authenticates a user for use of a file, based on authentication information of the user input at a user terminal and an access information generator that generates first access information for accessing the file if the user is authenticated by the authentication processor for use of the file, and a display device includes a file acquirer that acquires the file from the server device, based on the first access information generated by the access information generator, and a display processor that displays the file acquired by the file acquirer, on the display.

Abstract: Systems and methods are provided for use in monitoring decentralized data structures including identity attributes, through tokenization of the attributes. One example computer-implemented method includes receiving a request associated with a digital identity including multiple attributes and, for each of the attributes in the request, generating a token specific to the attribute, searching for the generated token in a network graph having multiple stored tokens, and identifying one of the multiple stored tokens as a match to the generated token. The computer-implemented method then further includes, for each of the attributes in the request, retrieving additional ones of the multiple stored tokens linked to the identified one of the stored tokens, comparing the retrieved tokens to the generated token, and promoting the request for further action, in response to at least one of the retrieved tokens being inconsistent with the generated token.