Abstract: A relay node may detect conflicts regarding media access control (MAC) addresses. A source node may send a request to the relay node. The request may be a request to establish communications with a target node. The source may send, to the relay node, an indication of the MAC address of the source node. The source node may receive a reject message from the relay node. The reject message may comprise an indication of a conflict associated with the MAC address of the source node.

Abstract: The present disclosure proposes network elements, methods at the network elements for facilitating reuse of IP address, a telecommunications system comprising the network elements. The method at a first network element for facilitating reuse of an IP address at multiple UEs comprising a first UE comprises: transmitting, to a second network element, a first request message associated with the first UE, the first request message comprising the IP address and a first indicator which, in conjunction with the IP address, uniquely identifies the first UE.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may determine that one or more communications with a base station are to be transmitted or received via a relay UE. The one or more communications may include at least one of hybrid automatic repeat request feedback, a retransmission, or a control communication. The UE may transmit or receive the one or more communications via the relay UE. Numerous other aspects are provided.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network. The systems and methods described herein may improve response times for client queries and also protect the DNS resolving system from DNS related cyber attacks.

Abstract: The disclosure describes methods and arrangements for caching encrypted content. Embodiments of the described inventions make use of a middle box to serve encrypted content rather than requiring a server to answer each request for content with a separate and distinct response, thereby allowing a network to operate effectively and efficiently even when serving encrypted content that looks different each time it is requested.

Abstract: Systems and methods are provided for facilitating a discreet connection between a user and a service. A system includes a service for a user to connect to without any detectable direct contact with the service. A first reverse proxy connection is configured to receive a connection from the user to set up the discreet connection, where an invitation indicating a mechanism for accessing the first reverse proxy connection is provided to the user. Access credentials are transmitted to the user over the first reverse proxy connection, the access credentials including an address for accessing a second reverse proxy connection, the first reverse proxy connection being deleted following delivery of the access credentials. The second reverse proxy connection facilitates the discreet connection between the user and the service without any detectable direct contact with the service.

Abstract: A network device may receive a border gateway protocol (BGP) flow specification route associated with creation of an overlay network slice in a network, and may create a new routing instance based on the BGP flow specification route. The network device may associate interfaces defined by the BGP flow specification route with virtual private network (VPN) members, and may determine VPN parameters based on the BGP flow specification route. The network device may advertise the VPN parameters within the network to cause the network to generate the overlay network slice.

Abstract: The present disclosure is directed toward systems, methods, and non-transitory computer readable media for generating contextual hubs for organizing and presenting web-accessible content from third-party sources. In particular, the systems described herein can organize and manage within a contextual hub. For instance, the disclosed systems may perform actions on tabs based on analyzing usage signals associated with the tabs. Furthermore, the disclosed systems can organize contextually related content within contextual hubs. The disclosed systems may also facilitate collaboration between users within a contextual hub by synchronizing interactions with content within a contextual hub.

Abstract: This application relates to a distributed software-defined network (“DSDN”) for dynamically configuring and managing a wireless communication network. A plurality of DSDN nodes are connected to each other via a plurality of communication paths. Each communication path directly connects two DSDN nodes. Each DSDN node can provide DSDN configurations across diverse and disparate networks by normalizing its data plane network traffic through translation and packet encapsulation. Furthermore, the DSDN node can provide an architecture tolerant of network interruptions and network system fluctuations. For example, in the case of any one of the DSDN node's network interruptions from other DSDN nodes, the DSDN can provide network reconfiguration using network configuration rules stored in a control plane of each DSDN node.

Abstract: Presented herein are techniques to facilitate providing slice attribute information to a user equipment (UE) for one or more slice types with which the user equipment is allowed to establish one or more session(s). In one example, a method may include obtaining, by a network element, a registration request for connection of a UE to a mobile network; performing an authentication for connection of the UE to the mobile network; and upon successful authentication, providing, by the network element, a registration response to the UE, wherein the registration response identifies one or more network slice types with which the UE is authorized to establish a session and the registration response identifies one of: attribute information for each of the one or more network slice types or network location information from which attribute information for each of the one or more network slice types is to be obtained.

Abstract: Described herein are methods and systems for improved domain name resolution/routing. Routing data associated with domain names (e.g., websites) may be cached by a Domain Name System (DNS) based on historical domain name queries. The historical domain name queries may be analyzed to determine a ranking (e.g., popularity) for the domain names at multiple time intervals throughout a day, week, etc. Routing data for the highest ranked domain names during one or more time intervals may be cached for a period(s) of time corresponding to the one or more time intervals (e.g., times during which those domain names are most popular).

Abstract: A request is received to perform an action for a domain of a name service, wherein the name service is implemented using at least a first blockchain network and a second blockchain network different from the first blockchain network. A determination is made whether the domain is managed on the first blockchain network or the second blockchain network including by using a domain registry of the second blockchain network. The action for the domain is caused to be performed based on the determination of whether the domain is currently managed on the first blockchain network or the second blockchain network.

Abstract: Methods, systems, and computer-readable storage media for requesting, from a domain name system (DNS) server within an enterprise network, an IP address for a DNS name associated with a computing device, receiving the IP address, storing the IP address in a speculative DNS cache, the speculative DNS cache being operable to store IP addresses for a set of DNS names including the DNS name, providing, by the speculative DNS cache, a refresh period for the IP address, and determining that the refresh period of the IP address has tolled, and in response, refreshing the IP address in the speculative DNS cache.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for container image or host deduplication in vulnerability management systems. For instance, a method may include: obtaining source data from at least one source, wherein the source data includes a plurality of assets and/or findings; extracting data bits for each asset or finding from the source data; determining a first asset or finding concerns a first container image or first host based on the data bits for the first asset or finding; in response to determining the first asset or finding concerns the first container image or first host, obtaining a container image dataset or a search structure; determining whether the data bits match any of the plurality of sets of values of the container image dataset or the search structure; and, based on a match result, generating or updating records for the first container image or the first host.

Abstract: Provided are methods and systems for data distribution over a network. A device can capture content. The device can be configured to publish the content so that other devices in a network can access the content. The publishing device can indicate to other devices on the network that the content is available for use. In response, the publishing device can receive requests for the content from the other devices. When sending a request, a requesting device can include viewing parameters that indicate capabilities of the requesting device. The publishing device can create one or more data layers that comprise the content based on the viewing parameters of requesting devices. The publishing device can also determine a transmission path to the various requesting devices and transmit the one or more data layers along the transmission path.

Abstract: A system and method for performing a secure data transfer between computing devices comprise registering a resource-constrained computing device with a cloud-based computer. A client computing device generates session state information regarding the client computing device in an electronic communication exchange with at least one remote computing device. An identifier provides a location of the session state information stored at a cloud-based computer. A machine-readable code associated with the identifier is displayed for querying the cloud for the stored session state information. The resource-constrained computing device uses the machine-readable code to retrieve the session state information. The resource-constrained computing device uses the session state information to join the electronic communication exchange.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for container image or host deduplication in vulnerability management systems. For instance, a method may include: obtaining source data from at least one source, wherein the source data includes a plurality of assets and/or findings; extracting data bits for each asset or finding from the source data; determining a first asset or finding concerns a first container image or first host based on the data bits for the first asset or finding; in response to determining the first asset or finding concerns the first container image or first host, obtaining a container image dataset or a search structure; determining whether the data bits match any of the plurality of sets of values of the container image dataset or the search structure; and, based on a match result, generating or updating records for the first container image or the first host.

Abstract: An example system includes: a set of sensors, each sensor having a programmable address; a set of microcontrollers, each microcontroller paired with one sensor from the set of sensors; a controller configured to: enable an operational state of the set of sensors to uniquely address each sensor in the set of sensors by sequentially, for each microcontroller in the set of microcontrollers, causing the microcontroller to activate the sensor paired with the microcontroller and assigning a unique address to the activated sensor; scan the set of sensors using the unique address of each sensor to obtain data detected by the sensor.

Abstract: Systems, methods, and apparatuses are described for verification of wireless network connection. A wireless local area network may comprise a client device and a gateway. A data connection, within the wireless local area network, between the client device and the gateway may be verified based on gateway identifiers provided to the client device via data communication channels internal and external the wireless local area network.

Abstract: The described technology is generally directed towards network slicing for private cellular networks (PCNs). Network slicing can be leveraged as described herein to meet security requirements and/or other policies applicable to PCNs. Network slices implemented according to this disclosure can comprise a private network slice, a public network slice, and a public safety network slice. User equipment can be provisioned with slice identifiers for the network slices, and applications at the user equipment can specify an appropriate slice identifier for their network communications. Network equipment can be configured to route application traffic to a specified slice and to allocate network resources according to the specified slice, as well as to implement security and other policies according to the specified slice.

Abstract: The present disclosure provides a message forwarding method and apparatus, a domain name address query method and apparatus, a network address translation device, and a computer-readable medium.

Abstract: Embodiments herein provide a method for generating multiple IP addresses in a wireless network by a system (100). The method includes receiving user request to generate multiple IP addresses of at least one network element. Further, the method includes retrieving the IP address template corresponding to the at least one network element from a database (120) based on the user request, wherein the IP address template comprises a plurality of network parameters corresponding to positionally encoded bits of an IP schema. Further, the method includes generating the multiple IP addresses of the at least one network element based on the set of user defined labels, the count of the multiple of IP addresses of the at least one network element, the IP address template and the IP schema. Further, the method includes displaying the generated multiple IP addresses of the at least one network element.

Abstract: Embodiments of the present disclosure provide a method, system and device for content delivery network (CDN) scheduling, and a storage medium. The method includes: acquiring CDN data in real time from a CDN node device to generate a CDN index system; acquiring metropolitan area network, MAN, data in real time from a MAN to generate a MAN index system; generating a CDN node load intelligent image based on the CDN index system, and generating an intra-region scheduling algorithm through artificial intelligence, AI, training and algorithm optimization; generating a CDN region load intelligent image based on the CDN index system and the MAN index system, and generating an inter-region scheduling algorithm through the AI training and the algorithm optimization; and determining a CDN scheduling policy according to the intra-region scheduling algorithm and the inter-region scheduling algorithm, and executing the CDN scheduling policy.

Abstract: This disclosure describes a container management tool of a container management service of a service provider network that operates a first container in a network mode associated with a software generated namespace generated by the container management tool. The container management tool determines a location of the software generated namespace and adds a link to a desired, e.g., existing application network namespace to the software generated namespace. The container management tool, using an application namespace creation script, generates a name for the desired application network namespace. The service provider network executes one or more first applications in the first container, wherein executing the one or more first applications in the first container comprises the first container accessing the software generated namespace and following the link to the desired application network namespace.

Abstract: Systems, methods, and software are included herein to manage domain name system (DNS) requests to DNS servers. In one implementation, a computing device joins a local network and identifies a connection to a first DNS server associated with the local network. The computing device further implements first DNS rules based on the connection to the first server and monitors when a second DNS server is available using the local network. When the second DNS server becomes available, the computing device implements second DNS rules in place of the first DNS rules, wherein the second DNS rules direct DNS requests to the second DNS server in place of the first DNS server.

Abstract: A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets.

Abstract: A system and method for accessing data to meet disparate security, integrity, and latency requirements includes multiple databases instantiated in the system with different performance attributes. The system receives a data access request from a client application. The system determines one or more data access requirements associated with the data access request and identify a database or set of databases that conform to those requirements. The system then submits the data access request to the identified databases and returns the result to the client application. The system may determine a data integrity threshold for the data access request, and submit the data access request to two or more databases simultaneously.

Abstract: Examples described herein include systems and methods for dynamically determining a server for enrollment with a management system. An example method can include receiving user input at an application executing on a user device, such as a portal application that provides access to and authentication for other applications through a catalogue of application icons. If the user input includes a first URL but that URL produces an error when used in conjunction with extensions associated with a management server, the application can automatically use extensions associated with an application-support server. The application can then retrieve a second URL from the application-support server and use it for performing enrollment steps at the management server. The enrollment steps can include authenticating the user at an identity service and determining the user's group ID for enrollment, for example.

Abstract: Disclosed herein are system, method, apparatus, and computer program product embodiments for dynamic mitigation of CGN IPv4 address provisioning for network gateways when adverse conditions are in effect. A network gateway may be provisioned with a shared WAN IP address from a pool of IP addresses designated for Carrier Grade Network Address Translation (CGN) and configured to detect the occurrence of an adverse condition for a connection provisioned the shared WAN IP address. Upon detecting an adverse condition, the network gateway may send a request for a new IP address to a DHCP server configured to recognize flags indicating an adverse condition. The DHCP server may then provision the gateway with a new public IP address.

Abstract: A document tracking method, a gateway device, and a server, where the gateway device intercepts a first data flow from a first terminal device in an internal network to a second terminal device in an external network, inserts a first Uniform Resource Locator (URL) into a first document in the first data flow to obtain a second data flow that includes a second document, and sends the second data flow to the second terminal device.

Abstract: Systems and methods for securely and remotely storing data in a remote, distributed redundant array of independent drives (RAID) is provided. RAID storage is accomplished through a series of mapped drives, non-routable Internet protocol (IP) addresses, and routable IP addresses. In addition, authorization to access a RAID controller, network address translation (NAT) system, and domain name system (DNS) system may all be separated, increasing security and allowing storage to be securely distributed among a variety of dispersed storage locations.

Abstract: Systems, devices, and methods related to a Deep Learning Accelerator and memory are described. For example, an integrated circuit device may be configured to execute instructions with matrix operands and configured with random access memory. A computing device running a compiler can interact and/or probe an integrated circuit device to identify hardware characteristics of the integrated circuit device in performing matrix computations. The compiler can generate and optimize a result of compilation from a description of an artificial neural network based at least in part on the hardware characteristics of the integrated circuit device. The result of compilation can include first data representative of parameters of the artificial neural network and second data representative of instructions executable by the integrated circuit device to generate an output of the artificial neural network based on the first data and an input to the artificial neural network.

Abstract: Telemetry monitoring of BGP prefixes in a network topology. A method includes receiving a route for a network topology and determining whether the route corresponds with an existing route stored on a route store. The method includes determining whether any network routing paths have been modified between the existing route and the route in response to determining the route corresponds with the existing route. The method includes generating a path configuration key for each of the at least one network routing path in response to determining at least one network routing path was modified between the existing route and the route.

Abstract: Systems and methods include receiving data associated with monitoring network communication traffic associated with a plurality of network devices; analyzing network communication flows of the plurality of network devices to group similar network devices together; analyzing patterns, frequency, relevance, and origination of words in the network communication traffic to auto-label the plurality of network devices; and assigning one or more words to any of a given network device and a group of similar network devices.

Abstract: A method including retrieving, by a device associated with a virtual private network (VPN) server from a read-only device, an initial operating system associated with the VPN server providing VPN services; transmitting, by the device based at least in part on executing the initial operating system, a first request to an infrastructure device for a VPN operating system to enable the VPN server to provide the VPN services; receiving, by the device from the infrastructure device based at least in part on transmitting the request, the VPN operating system; and executing, by the device, the VPN operating system to provide the VPN services is disclosed. Various other aspects are contemplated.

Abstract: A method, a system and a computer program manage a single sign on (SSO) session by an identity provider for a plurality of services. The method includes managing, by an identity provider, information on the SSO session via a cookie based protocol, and persisting a list of services of relying parties participating in same SSO session information in one session cookie and a plurality of temporary state cookies with randomly generated names. Whereby the list of session services are represented with a bit mask representation within the cookies and, whereby the plurality of temporary state cookies can be consolidated into one state cookie.

Abstract: A system comprising: at least one hardware processor; and a non-transitory computer-readable storage medium having stored thereon program instructions, the program instructions executable by the at least one hardware processor to: receive, by a routing hub in a computer network, from an origin node, a communication intended to a destination node, wherein said communication is encrypted with a one-time pad (OTP) associated with said origin node, apply, by said routing hub, to said communication, a customized OTP configured to simultaneously (i) encrypt said communication with said OTP associated with said destination node, and (ii) decrypt said communication with said OTP associated with said origin node, and deliver said communication to said destination node for decrypting said communication with said OTP associated with said destination node.

Abstract: This application relates to message sending and receiving methods and apparatuses, and a communication system. A control plane CP device in a communication system in which a CP and a user plane UP are separated generates a first message, where the first message includes route information and a control indication for the route information, and the route information is associated with a UP device. The CP device sends the first message to the UP device, so that the UP device updates the route information based on the control indication, where the first message is a packet forwarding control protocol PFCP message. Based on the technical solutions provided herein, interaction on routing control between the CP device and the UP device in a communication system architecture in which a CP and a UP are separated may be implemented.

Abstract: A system designed for increasing network communication speed for users, while lowering network congestion for content owners and ISPs. The system employs network elements including an acceleration server, clients, agents, and peers, where communication requests generated by applications are intercepted by the client on the same machine. The IP address of the server in the communication request is transmitted to the acceleration server, which provides a list of agents to use for this IP address. The communication request is sent to the agents. One or more of the agents respond with a list of peers that have previously seen some or all of the content which is the response to this request (after checking whether this data is still valid).

Abstract: The present disclosure describes a system and method for deconflicting locally administered medium access control addresses (LAMAs). An apparatus includes a memory and a processor communicatively coupled to the memory. The processor receives a request for a client device to use a LAMA and determines that the LAMA is reserved for future use by a first access point. The processor also transmits to the client device a message denying connectivity to the client device using the LAMA.

Abstract: The present application describes a system and method for passively collecting DNS traffic data as that data is passed between a recursive DNS resolver and an authoritative DNS server. The information contained in the collected DNS traffic data is used to generate a virtual authoritative DNS server, or a zone associated with the authoritative DNS server, when it is determined that the authoritative DNS server has been compromised.

Abstract: A system designed for increasing network communication speed for users, while lowering network congestion for content owners and ISPs. The system employs network elements including an acceleration server, clients, agents, and peers, where communication requests generated by applications are intercepted by the client on the same machine. The IP address of the server in the communication request is transmitted to the acceleration server, which provides a list of agents to use for this IP address. The communication request is sent to the agents. One or more of the agents respond with a list of peers that have previously seen some or all of the content which is the response to this request (after checking whether this data is still valid).

Abstract: Techniques are disclosed for scaling an IP address in overlay networks without using load balancers. In certain implementations, an overlay IP address can be attached to multiple compute instances via virtual network interface cards (VNICs) associated with the multiple compute instances. Traffic directed to the multi-attached IP address is distributed across the multiple compute instances. In some other implementations, ECMP techniques in overlay networks are used to scale an overlay IP address. In forwarding tables used for routing packets, the IP address being scaled is associated with multiple next hop paths to multiple network virtualization devices (NVDs) associated with the multiple compute instances. When a particular packet directed to the overlay IP address is to be routed, one of the multiple next hop paths is selected for routing the packet. This enables packets directed to the IP address to be distributed across the multiple compute instances.

Abstract: A method for playing a video signal of multi-user interaction includes: generating a video playing interface of a live streaming room; switching an operation mode of the video playing interface from a viewer mode to an anchor mode in response to an anchor mode switching instruction, where in the anchor mode, the video playing interface includes a display item of at least one multi-user interaction activity; generating a live streaming instruction for the first multi-user interaction activity in the at least one multi-user interaction activity in response to a trigger operation for a display item corresponding to a first multi-user interaction activity in the at least one multi-user interaction activity; and playing a live streaming video signal of the first multi-user interaction activity in response to the live streaming instruction for the first multi-user interaction activity.

Abstract: A router including a memory having instructions stored thereon; and a processor configured to execute the instructions stored on the memory to cause the router to perform at least the following: acquiring a private network data packet from a private network, and attaching identification information to the private network data packet, the identification information indicating via which port of a plurality of ports of the router the private network data packet is acquired; determining whether a bridge mode is set for the port indicated by the identification information of the private network data packet; in response to the determining that the bridge mode is set for the port indicated by the identification information of a first private network data packet acquired, assigning a public network IP address to the first private network data packet; and transmitting the first private network data packet by using the public network IP address.

Abstract: Techniques for analyzing traffic originating from a host device in a wireless network to identify one or more virtual machines (VMs) running on the host device and connected to the network via the host device in bridge mode. When a VM is created in bridge mode behind a host device, the traffic originated by the VM will have the source Media Access Layer (MAC) address of the host device. According to techniques described herein, devices and/or components associated with the network may profile the traffic to identify an address of the VM, such as by analyzing dynamic host configuration protocol (DHCP) packets to determine the Internet Protocol (IP) address of the VM. Once the IP address and the MAC address of the VM is known, the components and/or devices may apply security policies to the VM that may be different than security policies applied to the host device.

Abstract: An apparatus may include a processor. The apparatus may include a memory communicatively coupled to the processor. The apparatus may include a memory control circuit (MCC). The MCC may be configured to define a protected portion of the memory, wherein the protected portion of the memory is configured for read-only access by the processor, increase a size of the protected portion of the memory, and, after the increase in size of the protected portion of the memory, prevent decreases of the size of the protected portion of the memory.

Abstract: Systems and methods for locating server nodes in close proximity to edge devices using georouting. Microservers automatically form a global peer-to-peer network to serve edge functions and content to edge devices. Edge devices use HyperText Transfer Protocol (HTTP) to execute serverless functions or otherwise retrieve data from edge nodes located in close proximity to the HTTP client. Serverless functions are implemented in secure, isolated environment utilizing a blockchain.

Abstract: Techniques and architecture are described for protecting non-http and TCP/UDP applications in a zero trust network access (ZTNA)/web virtual private network (VPN) environment by establishing a secure communication channel between a native application and an application server providing an application service. More particularly, the present disclosure describes techniques and architecture that leverage the firewall wherein a thin client on a client device enables a client desktop, establishes a secure channel from a native application, e.g., the client desktop, to the firewall, and acts as a proxy.

Abstract: This application discloses a packet sending method, apparatus, and system, and a storage medium, and relates to the communication field. The method includes: A first device receives a first packet, where the first packet includes a first address prefix, the first device is a border device in a first AS domain, the first address prefix is obtained based on an address prefix advertised by a second device, the second device is located in a second AS domain, the first AS domain is different from the second AS domain, and the first address prefix is used to send a packet to the second device. The first device obtains a second address prefix and identification information of a target flexible algorithm based on the first address prefix, where the second address prefix is used to send a packet to the second device.