Abstract: Embodiments relate to generating database sequences in a replicated database environment. An aspect includes providing a group of nodes each hosting an instance of a replicated database, with one node in the group elected as a master node responsible for generating and distributing values for auto-generated values in a column or row of the replicated database. Another aspect includes dividing, by the master node, a sequence space of possible auto-generated values for the column or row into sub-ranges and assigning a sub-range to a particular node in the group of nodes. Another aspect includes distributing, by the master node, values of the assigned sub-range to a particular node of the group of nodes.

Abstract: A flexible wiring board (a first wiring board) includes: an insulating substrate which is flexible; a first terminal which is conductive and is disposed on the insulating substrate; a second terminal which is conductive and is disposed on the insulating substrate; and a no-connection (NC) terminal which is conductive and is disposed on the insulating substrate between the first terminal and the second terminal. The first terminal, the NC terminal, and the second terminal are arranged at a uniform pitch in an arranging direction that is predetermined, and a width of the NC terminal in the arranging direction is smaller than a width of the first terminal in the arranging direction and a width of the second terminal in the arranging direction.

Abstract: Roughly described, a network interface device receiving data packets from a computing device for transmission onto a network, the data packets having a certain characteristic, transmits the packet only if the sending queue has authority to send packets having that characteristic. The data packet characteristics can include transport protocol number, source and destination port numbers, source and destination IP addresses, for example. Authorizations can be programmed into the NIC by a kernel routine upon establishment of the transmit queue, based on the privilege level of the process for which the queue is being established. In this way, a user process can use an untrusted user-level protocol stack to initiate data transmission onto the network, while the NIC protects the remainder of the system or network from certain kinds of compromise.

Abstract: The system is a self-serve platform, which delivers user uploaded media and multimedia files, of varying playback durations, to a client computer connected to a digital display; which is set to receive executions for a scheduled playlist and punctually presents the playback of media and/or multimedia files in said playlist record. The system's included functions for schedule generation, schedule selection, and playlist creation contain unique, and embedded automatic functions, provide the capacity for making scheduling and delivery of media and multimedia files reliable, accessible, and cost efficient.

Abstract: In a routing table of a first system, a routing table entry for a first application is created by a controller application executing in a controller system, the first application intended for relocation, a second application in the set of applications not intended for relocation. At the second system responsive to commencing execution of the first application in the second system at a second time, a mapping entry is created by a controller application, the mapping entry causing the forwarded packet to be delivered to the first application at the second system. Responsive to a notification that the first application is executing in the second system, the routing table entry of the first system is modified by the controller application, the modified entry causing a packet addressed to the first application to be forwarded from the first system to the second system.

Abstract: Methods, apparatuses, and computer readable media for extreme high throughput (EHT) physical layer data rate. An apparatus of an access point (AP) comprising processing circuitry configured to encode an EHT capabilities element, the EHT capabilities element comprising a maximum media access control (MAC) protocol data unit (MPDU) in an aggregated MPDU (A-MPDU) length exponent subfield. The processing circuitry further configured to configure the AP to transmit the EHT capabilities element to a station (STA), and determine a maximum A-MPDU length based on two raised to a power of a constant plus a value of the A-MPDU length exponent subfield. The processing circuitry further configured to encode MPDUs in an A-MPDU, where the A-MPDU is encoded to be less than or equal to the maximum A-MPDU length.

Abstract: The invention relates to a method for storing data of an application running on a virtual machine, in a virtualized storage system corresponding to the emulation of at least one magnetic tape and at least one associated magnetic tape drive, via a data exchange protocol which is TCP/IP.

Abstract: A method for controlling an information processing apparatus includes setting a communication retry condition according to a type of a user operation, and performing communication based on the user operation. If communication based on the user operation has failed, a communication retry is performed based on the set communication retry condition.

Abstract: Implementations described herein provide a bidirectional tool configured to provide APIs to enable a cross-cluster service handshakes and design and implementation for enabling two or more instances of an application registered to one cluster and other cluster provides for multi environment interaction. Using a common service registration, users can trigger actions on different instances of the application running in different environments such as a development environment, production environment, and the like. Using the common registration, applications can scale by having extra instances running while a centralized service works as central hub were each instance is registered. Moreover, implementations include utilizing a plurality of deployment asset management layers to establish a stateless API instantiated between point-of-delivery server arrays employed to house multiple customers separated by security partitions.

Abstract: An improved traceroute mechanism for use in a label-switched path (LSP) is provided by (a) receiving, by a device in the LSP, an echo request message, wherein the echo request includes a label stack having a least one label, and wherein each of the at least one label has an associated time-to-live (TTL) value; (b) responsive to receiving the echo request, determining by the device, whether or not the device is a penultimate hop popping (PHP) device for the outermost label of the label stack; and (c) responsive to determining that the device is the PHP device for the outermost label of the label stack, (1) generating an echo reply message corresponding to the echo request message, wherein the echo reply message is encoded to indicate that the device is the PHP device for the outermost label of the label stack, and (2) sending the echo reply message back towards a source of the echo request message.

Abstract: The system is a self-serve platform, which delivers user uploaded media and multimedia files, of varying playback durations, to a client computer connected to a digital display; which is set to receive executions for a scheduled playlist and punctually presents the playback of media and/or multimedia files in said playlist record. The system's included functions for schedule generation, schedule selection, and playlist creation contain unique, and embedded automatic functions, provide the capacity for making scheduling and delivery of media and multimedia files reliable, accessible, and cost efficient.

Abstract: A wireless communication device includes a receiver and a transmitter. The receiver is configured to receive a plurality of first frames. The plurality of first frames are multiplexed and transmitted. The transmitter is configured to multiplex and transmit a second frame and a third frame. The second frame includes acknowledgement responses that indicate reception success or failure for at least two of the plurality of first frames.

Abstract: In one embodiment, a device in a network receives in-situ operations administration and management (iOAM) data regarding a plurality of traffic flows in the network. The iOAM data comprises entropy values for the plurality of traffic flows. The device receives network topology information indicative of network paths available in the network. The device generates a machine learning-based entropy topology model for the network based on the received iOAM data and the received network topology information. The entropy topology model maps path selection predictions for the network paths with entropy values. The device uses the entropy topology model to cause a particular traffic flow to use a particular network path.

Abstract: Shared virtual media in a composed system, including generating, in a switch of a fabric of the composed system, a virtual media device; associating media data with the virtual media device; and sending, by the switch, via the fabric, to one or more compute nodes of the composed system, the media data.

Abstract: An example method of routing a packet includes receiving, at a networking device, a first packet storing a first destination address of a first type and a second destination address of a second type. The example method also includes determining whether a mapping between the first and second destination addresses is valid. The example method further includes in response to a determination that the mapping is not valid: obtaining, at the networking device, a second packet storing the first destination address of the first type and a third destination address of the second type, the first destination address operating at a different network layer than the second and third destination addresses; and transmitting, at the networking device, the second packet to a receiver node, the first and third destination addresses being assigned to the receiver node.

Abstract: Threads running in a computer system are managed. Responsive to a thread for an application attempting to acquire a lock to a shared computing resource to perform a task for the application, a determination is made by the computer system as to whether the lock for the shared computing resource was acquired by the thread for the application. An unrelated task for the application assigned by the computer system to the thread in an absence of a determination that the lock was acquired.

Abstract: Systems involving distributed control functions are described herein. Each member or device within the system has responsibility for controlling part of the system's behavior, and includes logic to determine what action, if any, will follow as a response to determining information or receiving information from other members or devices within the system. A change of status of one member of a system may provide a basis for action by another member of the system. Status may be the result of sensing a condition of the environment, sensing the condition of a component, receiving the output of a conventional sensor, and/or sensing the condition of a link between components. In some embodiments, action taken by a member of the system may include collecting data during law enforcement activities.

Abstract: A first packet of a first protocol version type that includes an incoming request for an action to be performed on an identified resource is received from a client at a proxy server as a result of a DNS request resolving to a network address of the proxy server. The proxy server transmits an outgoing request for the action to be performed on the identified resource to a network address of the destination origin server in a second packet that is of the second protocol version type. The proxy server receives a third packet that includes an incoming response from the destination origin server, the third packet being of the second protocol version type. The proxy server transmits a fourth packet to the client, the fourth packet being of the first protocol version type, wherein the fourth packet includes an outgoing response that is based on the incoming response.

Abstract: A method of performing passive packet cross-checking of flooding packets within a multi-node system is disclosed. A first flooding packet is transmitted from a communication node to a first additional communication node of the multi-node system. The first flooding packet causes the first additional communication node to transmit a second flooding packet based on the first flooding packet to the communication node and to a second additional communication node of the multi-node system. A copy of the first flooding packet is stored in a memory cache of the communication node. The second flooding packet is received at the communication node from the first additional communication node. The second flooding packet and the stored copy of the first flooding packet are compared at the communication node, and a status of the first additional communication node is determined based on the comparison.

Abstract: Disclosed is a method includes treating, at an access point, a data flow between a first station and a second station during a first period of time as a non-fast flow. After a condition is met, the method includes marking the data flow as a fastACK flow during a second period of time and during the second period of time, storing data frames in the data flow at the access point to yield stored data frames. Next, the method includes generating a spoofed TCP acknowledgment signal on behalf of the first station and associated with the stored data frames and transmitting the spoofed TCP acknowledge signal to the second station.

Abstract: Disclosed herein are systems and methods for multi-level classification of data traffic flows based on information in a first data packet for a data traffic flow. In exemplary embodiments of the present disclosure, a key can be generated to track data traffic flows by application names and data packet information or properties. Based on these keys, patterns can be discerned to infer data traffic information based on only the information in a first data packet. The determined patterns can be used to predict classifications of future traffic flows with similar key information. In this way, data traffic flows can be classified and steered in a network based on limited information available in a first data packet.

Abstract: Novel tools and techniques might provide for implementing virtual platform media access control (“MAC”) address-based layer 2 and layer 3 network switching. In some embodiments, a method might comprise receiving, at a network node in a network, a data packet having a header comprising a MAC destination address, and routing, with the network node, the data packet over open systems interconnection (“OSI”) model layer 3 or network layer of the network, based at least in part on the MAC destination address in the header of the data packet. The MAC destination address comprises a first portion comprising an organizationally unique identifier (“OUI”) and a second portion comprising an identifier for a destination network interface controller (“NIC”) and/or virtual NIC (“VNIC”), which might be associated either with the same service provider associated with the network node or the network or with a different service provider, content provider, and/or application provider.

Abstract: In one embodiment, a method comprises attaching, by a constrained network device in a data network, to a first parent network device in a tree-based storing mode topology in response to receiving a first advertisement message generated by the first parent network device; outputting to the first parent network device a plurality of routes stored in the constrained network device, the routes identifying destinations reachable via the constrained network device; determining, by the constrained network device, that the first parent network device is encountering saturation of stored routes based on the constrained network device receiving a second advertisement message from the first parent network device; and eliminating, by the constrained network device, the saturation encountered by the first parent network device based on moving at least a portion of the routes from the first parent network device to a second parent network device in the tree-based storing mode topology.

Abstract: Agencies issue multiple devices to personnel for maintaining distinct identities over the course of assigned investigations. To provide flexible capabilities to agencies, a phone is converted for use with multiple attached telephone numbers. Accordingly, a single phone may be used to manage multiple identities over the course of one or more investigations. Using a multiple attached number, a given device can place and receive calls over the network to and from contacts. In addition to providing multiple attached numbers, calls using the multiple attached numbers may be monitored live and recorded to establish evidence.

Abstract: A policy server correlates information from several messages associated with a client device to implement an identity-based network access policy. A network element connected to the client device obtains an authentication message including a first network address from the client device. The network element provides the authentication device to an identity server via a Network Address Translation (NAT) device, which translates the first network address to a second network address. The network element also provides a first message including the first network address to the policy server to request an identity-based policy for network communications of the client device. The network element implements the identity-based policy authorized by the policy server.

Abstract: A multi-layer resource control stack based system may generate an availability indication for multiple domains supported by the resource control stack and send the indication to a client node. The client node may respond with a selection of a domain. The client node may also indicate a compute resource to be managed by the resource control stack. In response to the selection from the client node, the resource control stack may initiate a virtual representation of the domain. The client node may interact with the virtual representation to receive recommendations, utilization data, and control information relevant to the compute resource and within a subject area associated with the domain.

Abstract: Techniques for transferring data between a host system and a remote system over a network are disclosed. A large command with associated data to be transmitted is divided into segments. Each segment is encapsulated in a network transport unit that includes a corresponding segment identifier for the segment. The network transport units for the segments are then submitted for transmission between the host system and the remote system using multiple network paths. A system receiving the network transport units for the segments reassembles the command with associated data based on the corresponding segment identifiers in the network transport units.

Abstract: A method including receiving at a buffer at least a portion of an incoming frame, holding in the buffer the at least a portion of the frame received at the buffer, keeping in the buffer the at least a portion of the frame held in the buffer after transmission of the incoming frame by transmission circuitry responsive to receiving a signal at the buffer indicating that the at least a portion of a frame held in the buffer should be kept, and clearing from the buffer the at least a portion of a frame held in the buffer responsive to receiving a signal to the buffer indicating that the at least a portion of the frame held in the buffer should be cleared. Related methods and apparatus are also described.

Abstract: Systems, apparatuses, and methods for implementing a distributed global ordering point are disclosed. A system includes at least a communication fabric, sequencing logic, and a plurality of coherence point pipelines. Each coherence point pipeline receives transactions from the communication fabric and then performs coherence operations and a memory cache lookup for the received transactions. The global ordering point of the system is distributed across the outputs of the separate coherence point pipelines. Device-ordered transactions travelling upstream toward memory are assigned sequence numbers by the sequencing logic. The transactions are speculatively issued from the communication fabric to the coherence point pipelines. Speculatively issuing the transactions to the coherence point pipelines may cause the transactions to pass through the distributed global ordering point out of order. Control logic on the downstream path reorders the transactions based on the assigned sequence numbers.

Abstract: Techniques for detecting root cause for transaction degradation using causal Bayesian networks are disclosed. In some embodiments, various states associated with an application comprising transactions and components are determined, wherein the determined states are associated with the application transactions and components. The determined states are used as input to build a Bayesian network whose nodes represent application transactions and components. A root cause set comprising one or more application components that is associated with a transaction degradation is inferred by traversing the Bayesian network.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing blockchain data under a trusted execution environment (TEE). One of the methods includes receiving, by a blockchain node, a request to execute one or more software instructions in a TEE executing on the blockchain node; determining, by a virtual machine in the TEE, data associated with one or more blockchain accounts to execute the one or more software instructions based on the request; traversing, by the virtual machine, a global state of a blockchain stored in the TEE to locate the data; and executing, by the virtual machine, the one or more software instructions based on the data.

Abstract: Various embodiments replicate and index fragments of a stream of time-associated data. In one embodiment, a stream endpoint application receives a first fragment of a stream of time-associated data from a producer via a network using an application-layer protocol. The stream endpoint application determines a producer timestamp from the first fragment. The stream endpoint application sends at least one acknowledgment to the producer via the network using the application-layer protocol. The stream endpoint application indexes the first fragment and sends the first fragment to a destination.

Abstract: Systems and methods are provided to transmit a data encoded power signal to addressable devices. A data signal includes address and command data that varies between logical states. A controller provides a low loss rectified power signal. The controller further provides data within the power signal by forming a positive polarity rectified power waveform corresponding to data in a first state and a negative polarity rectified waveform signal corresponding to data in a second state using substantially loss-less circuitry.

Abstract: A system and method for providing a secure database access from an application program implemented on a client device located in a first to a database located in a second zone, which is outside of the first zone, applying a traditional database access application programming interface, wherein implementing an database access driver on the client device in the first zone and implementing an access proxy in a second zone, which is connected to the database, performing an authentication of a user of the application program via an authentication agent located on the database access driver and an authentication server, delivering a credential from the authentication server to the database access driver in case of a successful authentication, and enabling database access to the user of the application program, if the credential is accepted by the database access proxy.

Abstract: This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.

Abstract: A method of identifying historical snapshots for a virtual machine (VM) is provided. Some example operations include receiving a request for a historical snapshot of a VM, the request indicating an ID for the VM. A detection is made that the ID for the VM in the request received is a new ID assigned to a VM. A determination is made whether the new ID corresponds to a newly created VM or an existing VM that has been previously registered using a previous ID, wherein the determining includes accessing a property of the VM including a use case identifier associated with an instant recovery request for a specific VM. Based on identifying that the new ID corresponds to a newly created VM, a new VM Group (VMG) object is created for the newly created VM corresponding to the new ID.

Abstract: A method according to one embodiment includes determining whether a guest associated with a guest device is authorized to control an access control device based on an access control list, generating a caveated cryptographic bearer token in response to determining the guest is authorized to control the access control device, the caveated cryptographic bearer token including a time-based caveat defining a time limit for control of the access control device, transmitting the caveated cryptographic bearer token to the guest device in response to generating the caveated cryptographic bearer token, transmitting, in response to receiving the caveated cryptographic bearer token, a request including the caveated cryptographic bearer token to control the access control device to the access control device, and authenticating the request based on the received caveated cryptographic bearer token, a base cryptographic bearer token stored on the access control device, and a real-time clock of the access control device.

Abstract: Systems and methods for facilitating communication between applications associated with virtual domains (VDOMs) of a virtualized network device and an external network are provided. According to one embodiment, a sub-interface is created for a physical Ethernet interface of the network device. A unique MAC address is assigned to the sub-interface. An application associated with a first VDOM is bound to the sub-interface. When the first VDOM is operating in transparent mode and an egress packet is received via the sub-interface by an internal switch running on the network device: (i) a forwarding database of the network device is caused to learn an association between a source MAC address of the egress packet and the sub-interface; and (ii) the egress packet is transmitted to the external network device via the physical Ethernet interface without replacing the source MAC address with the unique MAC address of the sub-interface.

Abstract: Systems and methods include, in a first Label Edge Router (LER) in a Multiprotocol Label Switching (MPLS) network, creating a primary tunnel with a second LER; creating a Make Before Break (MBB) tunnel with the second LER for the primary tunnel; prior to switching to the MBB tunnel from the primary tunnel, sending an MPLS request to the second LER via the MBB tunnel and receiving an MPLS response from the second LER via the MBB tunnel indicating successfully creation of the MBB tunnel; switching to the MBB tunnel responsive to the successfully creation of the MBB tunnel; and, prior to tearing down the primary tunnel, checking statistics of the MBB tunnel to ensure traffic has moved to the MBB tunnel from the primary tunnel.

Abstract: The present invention provides for network control of a radio module having a plurality of ports capable of communication with one or more sensing devices across a network, where the radio module may be controlled remotely to obtain information from one or more networked remote sensing devices.

Abstract: A network device may select a candidate entry to remove from a media access control (MAC) table maintained at the network device based on determining that the MAC table is exhausted. The candidate entry may include an identifier for a first virtual local area network (VLAN) associated with the candidate entry. The network device may receive a packet from a source node having a MAC address that does not appear in the MAC table, where the packet may include an identifier for a second VLAN in which the source node is a member. The network device may replace the candidate entry in the MAC table with a new entry corresponding to the source node based on determining that the second VLAN is associated with a greater number of ports than the first VLAN.

Abstract: An apparatus and system for supplying power to different devices at different levels. The apparatus includes an input port for receiving power from an external source. A first converter is provided for converting the input power to a first DC voltage, and a second converter for converting the input power to a second DC voltage. Ethernet ports are provided for supplying, at least in part, the first DC voltage to a first type of device. MoCA ports are provided for supplying, at least in part, the second DC voltage to a second type of device.

Abstract: A computer-implemented method according to one embodiment of the present disclosure includes identifying, by a computer system, an asset associated with a group; detecting a change in an attribute of the asset; and in response to detecting the change in the attribute of the asset, modifying, by the computer system, a configuration setting for a firewall. Among other things, the embodiments of the present disclosure can perform dynamically configure and control security features in response to changes in the computing environment, including asset attribute changes, security events, operational events, user input and environmental changes. Embodiments of the present disclosure thereby help to quickly maintain or change the security posture of a system and maintain the level of compliance with set of predefined security benchmarks or codified best practices.

Abstract: According to one aspect of the present disclosure, there is provided a method that includes: transmitting, by a base station, scheduling information for a first uplink transmission to a user equipment with a first beam; receiving, by the base station, a first transmission of the first uplink transmission from the user equipment; and modifying, by the base station, transmission of an acknowledgment for the first uplink transmission in response to receiving an indication from the user equipment that the first beam has failed.

Abstract: The disclosed system provides for machine-to-machine routing of messages (e.g., text messages, binary information, etc.) between devices (e.g., external applications, IoT devices, etc.) using non-routable identifiers. The systems and methods publish an application programming interface (API) configured to receive (non-routable) identification information of a target device from an external application (e.g., an IoT Service Provider) that calls the API, determines whether a target device associated with the identification information is a subscriber of a telecommunications service provider that provides telecommunications plans to subscribers of the telecommunications service provider, verifies that the external application is authorized to transmit messages to the target device, and translates the non-routable identification information to a mapped device address that can be used to determine a location of the target device so that the message can be delivered to the target device.

Abstract: A network appliance described herein allows the user to selectively forward the flow of packets received through a network port, to a particular egress port. The network appliance creates virtual ports, which can be assigned to the one or more egress ports. The network appliance assigns the flow of packets to the one or more virtual ports in the network appliance. The network appliance decides a forwarding treatment to be applied to the flow of packets, for forwarding the flow of packets to the egress tool ports, based on the virtual port to which the flow of packets is assigned and based on a detected network characteristic. The forwarding treatment can be a decision to drop the flow of packets, or to send the flow of packets to the egress port assigned to the virtual port.

Abstract: A method for IP [=Internet Protocol] communication between a mobile terminal and its correspondent node in a mobile radio network. The method comprises establishing an IP connection between the mobile terminal and its correspondent node. After detecting a period of inactivity in the IP connection, keep-alive messages are sent via the IP connection at predetermined intervals, which are varied. The method comprises monitoring the lengths of several periods of inactivity at which the mobile radio network disconnects the IP connection.

Abstract: A method of maintaining transport address associations in a transport address translation entity connected in series between a first device and a second device is disclosed. The first device can use a first transport protocol to send a first message to cause the transport address translation entity to make a first association of a first public address with a first private address. On receiving a response to the first message from the second device, the first device can use a second transport protocol to send a second message to cause the transport address translation entity to make a second association of a second private address with a second public address and with the second transport protocol. The second message can contain correspondence information that is also contained in the first message and/or in the response to the first message.

Abstract: To accommodate graceful offloading of connections from a port of a network element, thereby allowing the port to be decommissioned, both existing and new connections allocated to that port according to a load balancing protocol are replicated on a backup port. Thereafter, or concurrently therewith, the port is configured to drop acknowledgements of the new connections, and the port is monitored so as to eventually identify an absence of connections thereon. At that time, the port may be decommissioned inasmuch as all new connections will have been established on the backup port and no previously existing connections on the original port will remain.

Abstract: This disclosure provides a method and an apparatus for implementing a composed virtual private network (VPN). The method includes: obtaining a service type and a customer site that are input by a user; determining an access point corresponding to the customer site; determining one or more segment VPNs according to the service type and the access point corresponding to the customer site; obtaining a composed VPN according to the one or more segment VPNs; and outputting an access point list and a segment VPN list of the composed VPN to the user.