Abstract: A request is received to perform an action for a domain of a name service, wherein the name service is implemented using at least a first blockchain network and a second blockchain network different from the first blockchain network. A determination is made whether the domain is managed on the first blockchain network or the second blockchain network including by using a domain registry of the second blockchain network. The action for the domain is caused to be performed based on the determination of whether the domain is currently managed on the first blockchain network or the second blockchain network.

Abstract: Described herein are methods and systems for improved domain name resolution/routing. Routing data associated with domain names (e.g., websites) may be cached by a Domain Name System (DNS) based on historical domain name queries. The historical domain name queries may be analyzed to determine a ranking (e.g., popularity) for the domain names at multiple time intervals throughout a day, week, etc. Routing data for the highest ranked domain names during one or more time intervals may be cached for a period(s) of time corresponding to the one or more time intervals (e.g., times during which those domain names are most popular).

Abstract: Methods, systems, and computer-readable storage media for requesting, from a domain name system (DNS) server within an enterprise network, an IP address for a DNS name associated with a computing device, receiving the IP address, storing the IP address in a speculative DNS cache, the speculative DNS cache being operable to store IP addresses for a set of DNS names including the DNS name, providing, by the speculative DNS cache, a refresh period for the IP address, and determining that the refresh period of the IP address has tolled, and in response, refreshing the IP address in the speculative DNS cache.

Abstract: Provided are methods and systems for data distribution over a network. A device can capture content. The device can be configured to publish the content so that other devices in a network can access the content. The publishing device can indicate to other devices on the network that the content is available for use. In response, the publishing device can receive requests for the content from the other devices. When sending a request, a requesting device can include viewing parameters that indicate capabilities of the requesting device. The publishing device can create one or more data layers that comprise the content based on the viewing parameters of requesting devices. The publishing device can also determine a transmission path to the various requesting devices and transmit the one or more data layers along the transmission path.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for container image or host deduplication in vulnerability management systems. For instance, a method may include: obtaining source data from at least one source, wherein the source data includes a plurality of assets and/or findings; extracting data bits for each asset or finding from the source data; determining a first asset or finding concerns a first container image or first host based on the data bits for the first asset or finding; in response to determining the first asset or finding concerns the first container image or first host, obtaining a container image dataset or a search structure; determining whether the data bits match any of the plurality of sets of values of the container image dataset or the search structure; and, based on a match result, generating or updating records for the first container image or the first host.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for container image or host deduplication in vulnerability management systems. For instance, a method may include: obtaining source data from at least one source, wherein the source data includes a plurality of assets and/or findings; extracting data bits for each asset or finding from the source data; determining a first asset or finding concerns a first container image or first host based on the data bits for the first asset or finding; in response to determining the first asset or finding concerns the first container image or first host, obtaining a container image dataset or a search structure; determining whether the data bits match any of the plurality of sets of values of the container image dataset or the search structure; and, based on a match result, generating or updating records for the first container image or the first host.

Abstract: An example system includes: a set of sensors, each sensor having a programmable address; a set of microcontrollers, each microcontroller paired with one sensor from the set of sensors; a controller configured to: enable an operational state of the set of sensors to uniquely address each sensor in the set of sensors by sequentially, for each microcontroller in the set of microcontrollers, causing the microcontroller to activate the sensor paired with the microcontroller and assigning a unique address to the activated sensor; scan the set of sensors using the unique address of each sensor to obtain data detected by the sensor.

Abstract: A system and method for performing a secure data transfer between computing devices comprise registering a resource-constrained computing device with a cloud-based computer. A client computing device generates session state information regarding the client computing device in an electronic communication exchange with at least one remote computing device. An identifier provides a location of the session state information stored at a cloud-based computer. A machine-readable code associated with the identifier is displayed for querying the cloud for the stored session state information. The resource-constrained computing device uses the machine-readable code to retrieve the session state information. The resource-constrained computing device uses the session state information to join the electronic communication exchange.

Abstract: Systems, methods, and apparatuses are described for verification of wireless network connection. A wireless local area network may comprise a client device and a gateway. A data connection, within the wireless local area network, between the client device and the gateway may be verified based on gateway identifiers provided to the client device via data communication channels internal and external the wireless local area network.

Abstract: The described technology is generally directed towards network slicing for private cellular networks (PCNs). Network slicing can be leveraged as described herein to meet security requirements and/or other policies applicable to PCNs. Network slices implemented according to this disclosure can comprise a private network slice, a public network slice, and a public safety network slice. User equipment can be provisioned with slice identifiers for the network slices, and applications at the user equipment can specify an appropriate slice identifier for their network communications. Network equipment can be configured to route application traffic to a specified slice and to allocate network resources according to the specified slice, as well as to implement security and other policies according to the specified slice.

Abstract: The present disclosure provides a message forwarding method and apparatus, a domain name address query method and apparatus, a network address translation device, and a computer-readable medium.

Abstract: Embodiments herein provide a method for generating multiple IP addresses in a wireless network by a system (100). The method includes receiving user request to generate multiple IP addresses of at least one network element. Further, the method includes retrieving the IP address template corresponding to the at least one network element from a database (120) based on the user request, wherein the IP address template comprises a plurality of network parameters corresponding to positionally encoded bits of an IP schema. Further, the method includes generating the multiple IP addresses of the at least one network element based on the set of user defined labels, the count of the multiple of IP addresses of the at least one network element, the IP address template and the IP schema. Further, the method includes displaying the generated multiple IP addresses of the at least one network element.

Abstract: Embodiments of the present disclosure provide a method, system and device for content delivery network (CDN) scheduling, and a storage medium. The method includes: acquiring CDN data in real time from a CDN node device to generate a CDN index system; acquiring metropolitan area network, MAN, data in real time from a MAN to generate a MAN index system; generating a CDN node load intelligent image based on the CDN index system, and generating an intra-region scheduling algorithm through artificial intelligence, AI, training and algorithm optimization; generating a CDN region load intelligent image based on the CDN index system and the MAN index system, and generating an inter-region scheduling algorithm through the AI training and the algorithm optimization; and determining a CDN scheduling policy according to the intra-region scheduling algorithm and the inter-region scheduling algorithm, and executing the CDN scheduling policy.

Abstract: This disclosure describes a container management tool of a container management service of a service provider network that operates a first container in a network mode associated with a software generated namespace generated by the container management tool. The container management tool determines a location of the software generated namespace and adds a link to a desired, e.g., existing application network namespace to the software generated namespace. The container management tool, using an application namespace creation script, generates a name for the desired application network namespace. The service provider network executes one or more first applications in the first container, wherein executing the one or more first applications in the first container comprises the first container accessing the software generated namespace and following the link to the desired application network namespace.

Abstract: Systems, methods, and software are included herein to manage domain name system (DNS) requests to DNS servers. In one implementation, a computing device joins a local network and identifies a connection to a first DNS server associated with the local network. The computing device further implements first DNS rules based on the connection to the first server and monitors when a second DNS server is available using the local network. When the second DNS server becomes available, the computing device implements second DNS rules in place of the first DNS rules, wherein the second DNS rules direct DNS requests to the second DNS server in place of the first DNS server.

Abstract: A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets.

Abstract: A system and method for accessing data to meet disparate security, integrity, and latency requirements includes multiple databases instantiated in the system with different performance attributes. The system receives a data access request from a client application. The system determines one or more data access requirements associated with the data access request and identify a database or set of databases that conform to those requirements. The system then submits the data access request to the identified databases and returns the result to the client application. The system may determine a data integrity threshold for the data access request, and submit the data access request to two or more databases simultaneously.

Abstract: Examples described herein include systems and methods for dynamically determining a server for enrollment with a management system. An example method can include receiving user input at an application executing on a user device, such as a portal application that provides access to and authentication for other applications through a catalogue of application icons. If the user input includes a first URL but that URL produces an error when used in conjunction with extensions associated with a management server, the application can automatically use extensions associated with an application-support server. The application can then retrieve a second URL from the application-support server and use it for performing enrollment steps at the management server. The enrollment steps can include authenticating the user at an identity service and determining the user's group ID for enrollment, for example.

Abstract: Disclosed herein are system, method, apparatus, and computer program product embodiments for dynamic mitigation of CGN IPv4 address provisioning for network gateways when adverse conditions are in effect. A network gateway may be provisioned with a shared WAN IP address from a pool of IP addresses designated for Carrier Grade Network Address Translation (CGN) and configured to detect the occurrence of an adverse condition for a connection provisioned the shared WAN IP address. Upon detecting an adverse condition, the network gateway may send a request for a new IP address to a DHCP server configured to recognize flags indicating an adverse condition. The DHCP server may then provision the gateway with a new public IP address.

Abstract: A document tracking method, a gateway device, and a server, where the gateway device intercepts a first data flow from a first terminal device in an internal network to a second terminal device in an external network, inserts a first Uniform Resource Locator (URL) into a first document in the first data flow to obtain a second data flow that includes a second document, and sends the second data flow to the second terminal device.

Abstract: Systems and methods for securely and remotely storing data in a remote, distributed redundant array of independent drives (RAID) is provided. RAID storage is accomplished through a series of mapped drives, non-routable Internet protocol (IP) addresses, and routable IP addresses. In addition, authorization to access a RAID controller, network address translation (NAT) system, and domain name system (DNS) system may all be separated, increasing security and allowing storage to be securely distributed among a variety of dispersed storage locations.

Abstract: Systems, devices, and methods related to a Deep Learning Accelerator and memory are described. For example, an integrated circuit device may be configured to execute instructions with matrix operands and configured with random access memory. A computing device running a compiler can interact and/or probe an integrated circuit device to identify hardware characteristics of the integrated circuit device in performing matrix computations. The compiler can generate and optimize a result of compilation from a description of an artificial neural network based at least in part on the hardware characteristics of the integrated circuit device. The result of compilation can include first data representative of parameters of the artificial neural network and second data representative of instructions executable by the integrated circuit device to generate an output of the artificial neural network based on the first data and an input to the artificial neural network.

Abstract: Telemetry monitoring of BGP prefixes in a network topology. A method includes receiving a route for a network topology and determining whether the route corresponds with an existing route stored on a route store. The method includes determining whether any network routing paths have been modified between the existing route and the route in response to determining the route corresponds with the existing route. The method includes generating a path configuration key for each of the at least one network routing path in response to determining at least one network routing path was modified between the existing route and the route.

Abstract: Systems and methods include receiving data associated with monitoring network communication traffic associated with a plurality of network devices; analyzing network communication flows of the plurality of network devices to group similar network devices together; analyzing patterns, frequency, relevance, and origination of words in the network communication traffic to auto-label the plurality of network devices; and assigning one or more words to any of a given network device and a group of similar network devices.

Abstract: A method including retrieving, by a device associated with a virtual private network (VPN) server from a read-only device, an initial operating system associated with the VPN server providing VPN services; transmitting, by the device based at least in part on executing the initial operating system, a first request to an infrastructure device for a VPN operating system to enable the VPN server to provide the VPN services; receiving, by the device from the infrastructure device based at least in part on transmitting the request, the VPN operating system; and executing, by the device, the VPN operating system to provide the VPN services is disclosed. Various other aspects are contemplated.

Abstract: A method, a system and a computer program manage a single sign on (SSO) session by an identity provider for a plurality of services. The method includes managing, by an identity provider, information on the SSO session via a cookie based protocol, and persisting a list of services of relying parties participating in same SSO session information in one session cookie and a plurality of temporary state cookies with randomly generated names. Whereby the list of session services are represented with a bit mask representation within the cookies and, whereby the plurality of temporary state cookies can be consolidated into one state cookie.

Abstract: A system comprising: at least one hardware processor; and a non-transitory computer-readable storage medium having stored thereon program instructions, the program instructions executable by the at least one hardware processor to: receive, by a routing hub in a computer network, from an origin node, a communication intended to a destination node, wherein said communication is encrypted with a one-time pad (OTP) associated with said origin node, apply, by said routing hub, to said communication, a customized OTP configured to simultaneously (i) encrypt said communication with said OTP associated with said destination node, and (ii) decrypt said communication with said OTP associated with said origin node, and deliver said communication to said destination node for decrypting said communication with said OTP associated with said destination node.

Abstract: This application relates to message sending and receiving methods and apparatuses, and a communication system. A control plane CP device in a communication system in which a CP and a user plane UP are separated generates a first message, where the first message includes route information and a control indication for the route information, and the route information is associated with a UP device. The CP device sends the first message to the UP device, so that the UP device updates the route information based on the control indication, where the first message is a packet forwarding control protocol PFCP message. Based on the technical solutions provided herein, interaction on routing control between the CP device and the UP device in a communication system architecture in which a CP and a UP are separated may be implemented.

Abstract: A system designed for increasing network communication speed for users, while lowering network congestion for content owners and ISPs. The system employs network elements including an acceleration server, clients, agents, and peers, where communication requests generated by applications are intercepted by the client on the same machine. The IP address of the server in the communication request is transmitted to the acceleration server, which provides a list of agents to use for this IP address. The communication request is sent to the agents. One or more of the agents respond with a list of peers that have previously seen some or all of the content which is the response to this request (after checking whether this data is still valid).

Abstract: The present disclosure describes a system and method for deconflicting locally administered medium access control addresses (LAMAs). An apparatus includes a memory and a processor communicatively coupled to the memory. The processor receives a request for a client device to use a LAMA and determines that the LAMA is reserved for future use by a first access point. The processor also transmits to the client device a message denying connectivity to the client device using the LAMA.

Abstract: The present application describes a system and method for passively collecting DNS traffic data as that data is passed between a recursive DNS resolver and an authoritative DNS server. The information contained in the collected DNS traffic data is used to generate a virtual authoritative DNS server, or a zone associated with the authoritative DNS server, when it is determined that the authoritative DNS server has been compromised.

Abstract: A system designed for increasing network communication speed for users, while lowering network congestion for content owners and ISPs. The system employs network elements including an acceleration server, clients, agents, and peers, where communication requests generated by applications are intercepted by the client on the same machine. The IP address of the server in the communication request is transmitted to the acceleration server, which provides a list of agents to use for this IP address. The communication request is sent to the agents. One or more of the agents respond with a list of peers that have previously seen some or all of the content which is the response to this request (after checking whether this data is still valid).

Abstract: Techniques are disclosed for scaling an IP address in overlay networks without using load balancers. In certain implementations, an overlay IP address can be attached to multiple compute instances via virtual network interface cards (VNICs) associated with the multiple compute instances. Traffic directed to the multi-attached IP address is distributed across the multiple compute instances. In some other implementations, ECMP techniques in overlay networks are used to scale an overlay IP address. In forwarding tables used for routing packets, the IP address being scaled is associated with multiple next hop paths to multiple network virtualization devices (NVDs) associated with the multiple compute instances. When a particular packet directed to the overlay IP address is to be routed, one of the multiple next hop paths is selected for routing the packet. This enables packets directed to the IP address to be distributed across the multiple compute instances.

Abstract: A method for playing a video signal of multi-user interaction includes: generating a video playing interface of a live streaming room; switching an operation mode of the video playing interface from a viewer mode to an anchor mode in response to an anchor mode switching instruction, where in the anchor mode, the video playing interface includes a display item of at least one multi-user interaction activity; generating a live streaming instruction for the first multi-user interaction activity in the at least one multi-user interaction activity in response to a trigger operation for a display item corresponding to a first multi-user interaction activity in the at least one multi-user interaction activity; and playing a live streaming video signal of the first multi-user interaction activity in response to the live streaming instruction for the first multi-user interaction activity.

Abstract: A router including a memory having instructions stored thereon; and a processor configured to execute the instructions stored on the memory to cause the router to perform at least the following: acquiring a private network data packet from a private network, and attaching identification information to the private network data packet, the identification information indicating via which port of a plurality of ports of the router the private network data packet is acquired; determining whether a bridge mode is set for the port indicated by the identification information of the private network data packet; in response to the determining that the bridge mode is set for the port indicated by the identification information of a first private network data packet acquired, assigning a public network IP address to the first private network data packet; and transmitting the first private network data packet by using the public network IP address.

Abstract: Techniques for analyzing traffic originating from a host device in a wireless network to identify one or more virtual machines (VMs) running on the host device and connected to the network via the host device in bridge mode. When a VM is created in bridge mode behind a host device, the traffic originated by the VM will have the source Media Access Layer (MAC) address of the host device. According to techniques described herein, devices and/or components associated with the network may profile the traffic to identify an address of the VM, such as by analyzing dynamic host configuration protocol (DHCP) packets to determine the Internet Protocol (IP) address of the VM. Once the IP address and the MAC address of the VM is known, the components and/or devices may apply security policies to the VM that may be different than security policies applied to the host device.

Abstract: An apparatus may include a processor. The apparatus may include a memory communicatively coupled to the processor. The apparatus may include a memory control circuit (MCC). The MCC may be configured to define a protected portion of the memory, wherein the protected portion of the memory is configured for read-only access by the processor, increase a size of the protected portion of the memory, and, after the increase in size of the protected portion of the memory, prevent decreases of the size of the protected portion of the memory.

Abstract: Systems and methods for locating server nodes in close proximity to edge devices using georouting. Microservers automatically form a global peer-to-peer network to serve edge functions and content to edge devices. Edge devices use HyperText Transfer Protocol (HTTP) to execute serverless functions or otherwise retrieve data from edge nodes located in close proximity to the HTTP client. Serverless functions are implemented in secure, isolated environment utilizing a blockchain.

Abstract: Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.

Abstract: This application discloses a packet sending method, apparatus, and system, and a storage medium, and relates to the communication field. The method includes: A first device receives a first packet, where the first packet includes a first address prefix, the first device is a border device in a first AS domain, the first address prefix is obtained based on an address prefix advertised by a second device, the second device is located in a second AS domain, the first AS domain is different from the second AS domain, and the first address prefix is used to send a packet to the second device. The first device obtains a second address prefix and identification information of a target flexible algorithm based on the first address prefix, where the second address prefix is used to send a packet to the second device.

Abstract: The system disclosed herein implements an improved anycast routing technique that enables a content delivery network (CDN) to control the load on various points of presence (PoPs), but that also maintains the ability to have requests that would have been sent to an offline PoP be automatically redirected to another PoP. The CDN is able to control the load on the PoPs by configuring content requests to be routed to a particular PoP. For instance, a CDN is configured to assign a subnet of distinct IP addresses to each PoP in a group of PoPs, so that each PoP can announce a unique anycast prefix. The CDN can control when and how these unique anycast prefix are announced to balance load across the PoPs.

Abstract: An example method of propagating fault domain topology information in a distributed container orchestration system includes: receiving, at control plane software executing in a data center, the fault domain topology, which includes tags for a protection group and fault domains for remote sites in communication with the data center; deploying, by a master server of the distributed container orchestration system that executes in the data center, a node pool comprising virtual machines (VMs) executing in servers of the remote sites, the VMs being nodes of the distributed container orchestration system in which containers execute; determining, by a controller of the master server, relationships among the VMs, the servers, the protection group, and the fault domains based on state of resources maintained by the master server; and providing, by the controller, labels to the servers for associating the tags of the protection group and the fault domains to the VMs.

Abstract: Techniques are presented herein for providing a persistent external Internet Protocol (IP) address for extra-cluster services. One example involves initiating, in a cluster, a first pod with a label that identifies a service. The first pod is configured to provide the service to one or more network entities outside the cluster. The first pod is assigned an IP address configured for communicating outside the cluster. A mapping of the service to the IP address is stored. In response to a determination that the service has been disrupted, a second pod is initiated in the cluster with the label that identifies the service. The second pod is configured to provide the service to the one or more network entities outside the cluster. Based on the mapping and the label that identifies the service, the IP address is assigned to the second pod.

Abstract: Embodiments of the present disclosure relate to a method, an electronic device, and a computer program product for cross-regional data searching. The method includes acquiring a data identifier of target data in response to receiving a searching request for the target data at a first node. The method includes determining, based on the data identifier, a second node storing metadata of the target data, wherein both the first node and the second node are located in a first region, and the metadata includes the data identifier. The method further includes determining, based on the metadata, a third node storing the target data, wherein the third node is located in a second region different from the first region.

Abstract: A device for providing at least one signal color for a level gauge is provided, the device including: a parameterization device configured to provide a signal color for a network of level measuring devices; and a transmission device configured to transmit the provided signal color as signal color data to the network of level measuring devices. A method of providing a signal color for a level measuring device and a nontransitory computer-readable storage medium are also provided.

Abstract: A method and system for implementing domain name services (DNS) is described. In one aspect a query from a user device for access to a particular resource record may be received and forwarded to an authoritative DNS device. A reply to the query may be received from the authoritative DNS device. Information of the reply also may be distributed to other DNS devices.

Abstract: In one embodiment, a method by a site router agent at an edge site comprises determining that a first application instance becomes running on the edge site, where the first application instance is associated with a first unique identifying information, sending a report to a control plane of an edge backend indicating that the first application instance becomes available at the edge site, retrieving a first message from a message router at the edge backend, determining that the first message is destined to the first application instance based on a destination field of the first message, storing the first message into a storage communicatively connected to the site router agent, establishing a network connection with the first application instance, and sending the first message to the first application instance upon establishing the network connection.

Abstract: A method, system, and computer program product for recommending an initial database security model. The method may include identifying a plurality of nodes connected to a security network. The method may also include analyzing security characteristics of each node of the plurality of nodes. The method may also include identifying, from the security characteristics, key factors for each node. The method may also include calculating similarities between each node of the plurality of nodes. The method may also include building a self-organized centerless network across the plurality of nodes by grouping nodes with high similarities based on the similarities between each node, where the self-organized centerless network is a centerless network without a central management server, and includes groups of nodes from the plurality of nodes. The method may also include generating federated security models for the groups of nodes.

Abstract: Dynamic and self-healing optimized traffic rerouting is provided. A system and method are described for determining and implementing optimized traffic routing decision. A route orchestration system monitors network resource performance characteristics information for identifying a traffic redirection triggering event and for determining an optimized traffic control decision based on the network resource performance characteristics information. The decision may include software defined networking (SDN) instructions that may be communicated to one or more network resources (e.g., PE devices, P devices, and/or routers) that may cause traffic to be rerouted the one or more targeted servers. For example, the optimized traffic control decision may be determined to improve load balancing amongst performing servers and other network resources in the network while reducing or minimizing administrative costs.

Abstract: Methods, systems, and computer storage media for providing reduced-latency data operations for data or storage in file systems. The file system implements a set of policies that indicate how data operations are performed. In operation, a request for access to storage of a file system to perform a data operation is received. The file system supports both a bitmap representation and a range-only representation of the storage. A bitmap representation of a region for performing the data operation is communicated because, for certain data operations, the file system operates based on communicating only bitmap representations while restricting access to range-only representations. The range-only representations are a compacted representation of storage of the file system. Based on the bitmap representation of the region, the storage of the file system is accessed. The bitmap representation of the region further includes a bitmap lock that restricts access to storage corresponding to the bitmap representation.