Abstract: A method, system and computer program product for facilitating inter-proxy communication via an existing protocol. A proxy receives a message (e.g., request message) using a protocol, such as HTTP. If the proxy determines to add proxy relevant information to the message, then the proxy defines a new message header for the inter-proxy communication, which is added to the existing header section of the message. The proxy relevant information is then added in the newly added message header of the message. The message with the proxy relevant information is then transmitted to a subsequent proxy using the protocol of the underlying request-response transaction. In this manner, inter-proxy communications are enabled via an existing protocol (e.g., HTTP) that is used in the request-response transaction so that proxies can communicate with one another pertaining to matters (e.g., maintenance schedule) unrelated to the original intent of the transaction using the existing protocol (e.g., HTTP).

Abstract: A system and method for automatic IP address range allocation is provided. The system and method include a) storing an availability map of IP addresses including a pointer to a next available IP address range of a first size, b) receiving, from a requestor computer device, a request for an IP address range of the first size, c) selecting the next available IP address range of the first size based on the pointer, d) moving the pointer to another available IP address range of the first size, e) placing the selected IP address range of the first size in a quarantine pool, and f) transmitting, to the requestor computer device, the selected IP address range of the first size.

Abstract: Enhancements described support transparent remote execution of development tool extensions. Compute-intensive extensions may be executed on an extension machine external to a developer machine which runs a user interface renderer of the development tool. User interface extensions may run locally. Instead of sharing a filesystem, the renderer on the developer machine and an extension host and extension(s) on the extension machine may access distinct respective machine filesystems. Instead of spawning debug extension and other extension-support processes locally, the renderer may instruct the extension host or an extension host agent to spawn the processes remotely on the extension machine. Existing extensions and newly created extensions are binary-compatible with single-machine or multi-machine development tool deployments.

Abstract: The disclosed systems and techniques enable data cycling operations for an aliasing system to refresh first and second copies of aliases maintained by an aliasing server and a server that interacts with end-user devices (e.g., an enterprise server). More generally, the disclosed systems and techniques enable an enterprise system to use alias addresses (e.g., email addresses, phone numbers) for users while avoiding storing and managing the users' personal addresses. For example, the enterprise system may forward personal addresses (e.g., received from a user) to a relay or aliasing server configured to generate alias addresses (e.g., alias email addresses or alias phone numbers) based on the personal addresses. The aliasing server may operate as a “middle man” that receives emails, phone calls, or text messages directed to the alias addresses and that forwards the messages to the personal addresses (when appropriate).

Abstract: Systems and methods described herein provide selective synchronization of DNS records. A synchronization data store is synchronized by: obtaining a complete set of domain name system (DNS) records for a first data center; and copying the complete set of DNS records to the synchronization data store. After the synchronization data store is initialized, at a particular time interval, a snapshot of the complete set of DNS records is repeatedly collected. Differences between the copied complete set of DNS records of the synchronization data store and the snapshot of the complete set of DNS records are identified. The synchronization data store is updated with the differences and a determination is made as to whether the differences should be implemented at a second data center. When the differences should be implemented at the second data center, the differences are propagated to the second data center, otherwise they are not.

Abstract: Described is a system for utilizing fully dynamic proxies for data flow during data protection. The system determines threshold parameters for each respective virtual proxy in a plurality of virtual proxies. The system receives virtual machine protection data of each respective virtual proxy. The system detects a current data protection workload experienced by each virtual proxy operating according to its respective threshold parameters and virtual machine protection data. The system identifies at least one under-utilized virtual proxy and at least one over-utilized virtual proxy based on the current data protection workload detected on each virtual proxy. The system causes the at least one under-utilized virtual proxy to receive upcoming backup data flow before the at least one over-utilized virtual proxy.

Abstract: Embodiments of the present disclosure relate to a method and apparatus for detecting traffic. The method includes: acquiring traffic information of at least two dimensions of a target IP; determining whether the traffic information of the at least two dimensions contains traffic information exceeding an abnormal traffic threshold of a corresponding dimension of the target IP; and in response to determining that the traffic information of the at least two dimensions contains the traffic information exceeding the abnormal traffic threshold of the corresponding dimension, determining that the traffic of the target IP is abnormal.

Abstract: Network scaling techniques for HCI and/or heterogeneous storage clusters. The techniques are based on the use of cluster-wide logical networks and IP port abstractions. Each logical network represents a pool of IP addresses having a common set of properties. Each logical network has an associated type and a corresponding set of protocols that define its purpose. Each IP port abstraction is associated with physical and/or virtual network objects inherently visible to a storage administrator. Each IP port abstraction functions as a target for assignment of an IP address from a pool of IP addresses represented by a logical network. The IP port abstractions are backed by underlying heterogeneous network objects but have unified sets of capabilities. Network scaling can be implemented by applying one or more IP addresses represented by one or more logical networks to selected sets of IP port abstractions backed by underlying heterogeneous network objects.

Abstract: Disclosed herein are systems and methods for connecting a Domain Name System (DNS) secure resolution protocol. In one aspect, an exemplary method comprises, by a protection module, determining a DNS query from a client, determining a fulfillment of at least one condition for connecting the DNS secure resolution protocol, wherein the at least one condition is obtained from a database, and connecting the DNS secure resolution protocol for the client when the at least one condition for connecting the DNS secure resolution protocol is fulfilled.

Abstract: There is disclosed in one example a digital video camera, including: an analog picture element; an analog-to-digital converter (ADC) to digitize input from the analog picture element; a three-dimensional (3D) scanner; compiling logic to compile the digitized input into a video stream; and insertion logic to insert interstitial 3D scene data into the video stream.

Abstract: The embodiments herein describe a CDN that uses revalidation to force edge servers to refresh their cached objects (i.e., download new copies of the objects from the origin data center). Revalidation can be used by edge servers to determine whether an object currently cached at the edge servers has been updated or changed in the origin data center. The embodiments herein leverage revalidation to perform a forced refresh to force the edge servers to refresh their cached object, regardless whether those cached objects match the objects stored in the origin data center. A forced refresh can be used when there is a network connection that may have caused the cached objects to become corrupted. Moreover, the forced refresh can be performed in batches so as not to overwhelm the network and computing resources in the CDN.

Abstract: A process for improving network performance in systems that utilize secure domain name system (DNS) schemes. Encrypted DNS requests from devices in a local area network (LAN), such as a home or office, are submitted to a local proxy which stores cached DNS records. The proxy decrypts or examines at least a portion of the DNS request in order search for a matching record in its storage. Matching records are retrieved, encrypted, and supplied to the requesting device to satisfy the DNS request. If the proxy does not contain a matching record, the DNS query is encrypted and submitted to an external DNS server for resolution. The matching record can optionally be saved by the proxy prior to being supplied to the requesting device.

Abstract: In some examples, a method also includes identify, using the callback query, a callback record. The method also includes providing, responsive to the callback query, the payload callback data of the callback record from a query interface to a callback client. The callback query includes a polling number, and the method further includes using the polling number to identify the callback record, detecting that the polling number corresponds to a last record number for callback records associated with the webhook channel identifier, and performing a call termination action responsive to the detecting of the correspondence between the polling number and the last record number for the callback records associated with the webhook channel identifier.

Abstract: Systems and techniques for location independent website filtering using bifurcated domain name system are described herein. A domain name system (DNS) request may be received. A unique device identifier may be received for the requesting device. The ISP may provide external network services to the services gateway. The DNS service provider may maintain a website filtering policy. The DNS request may be forwarded to the DNS service of the ISP. The DNS service of the ISP may respond with a DNS resolution. An access control request may be forwarded to the DNS service provider external to the ISP. A website filtering policy associated with the device identifier may be used to determine website access. The DNS service provider external to the ISP may respond with a grant/block status. Based on the returned grant/block status, the services gateway may respond to the requesting device with the DNS resolution or access denial.

Abstract: A system and method for dynamic generation and display of play data for a media is provided. One or more sets of object data may be associated with the media. One or more media-object bindings between the one or more sets of object data and the media may be formed and stored in one or more databases. The one or more sets of object data may include data about an aspect displayed during at least the portion of the media. One or more object-object associations between the one or more sets of object data and one or more named objects of a metadata reference container, which may maintain a common schema based on commonly experienced characteristics, may be formed and stored the one or more databases. Play data may be dynamically generated based on the one or more media-object bindings and/or one or more object-object associations.

Abstract: The disclosure relates to detecting vulnerabilities in managed client devices. A system determines whether a vulnerability scan of a computing device is required to be performed. The system installs a vulnerability detection component in the computing device in response to determining that the vulnerability scan is required to be performed. The system requests the vulnerability detection component to perform the vulnerability scan of the computing device. The system transmits a result of the vulnerability scan to a remote management service for the computing device.

Abstract: Broadband communications devices and methods operate with at least two separate communication paths between the devices and the network, such as the Internet. The broadband devices and methods receive data concurrently over the communication paths or separately. The bandwidth is increased when the separate communication paths are combined. The broadband devices employ packetized data with Voice over Internet Protocol (VoIP) technologies combined with RF communications technologies.

Abstract: Methods, systems, and devices for wireless communications are described. In some examples, a base station or other network entity may allocate uplink resources to UEs, or groups of UEs, that are subsequently reallocated. For example, a base station may determine a reallocation of uplink resources and issue a cancellation or preemption indication that may correspond to at least a portion of the previously-allocated resources (e.g., as allocated to particular UEs). UEs may be configured to monitor for cancellation or preemption indications, and based on received cancellation or preemption indications, UEs may determine whether or not to proceed with an uplink transmission using their previously-allocated uplink resources.

Abstract: Systems and methods are disclosed for determining a topology of a network comprising a plurality of intermediary devices and intermediary paths. One method includes transmitting probes having a TTL value with a destination set to a destination device; receiving, for each probe transmitted, a response including an IP address of a responding device; determining whether more than one responding device has responded to the probes; determining whether more than one responding device has been found for two previous transmissions of probes when more than one responding device has responded to the probes; and transmitting, for each more than one responding device, probes having a decreased TTL value with a destination set to one of the IP addresses of the more than one responding devices, when more than one responding device has been found for two previous transmissions.

Abstract: Different cloud software applications may be efficiently integrated in a secure manner, by providing each system with a dedicated Integration Setup URL/Endpoint. This endpoint can be derived from the base URL together with an Integration Setup User Interface (UI). Security is afforded through verification of certain properties. Cryptographically secured customer identification (via public key certificates) can ensure that customer A does not connect to systems of customer B. Also, business type information or landscape/zone can be referenced assign a tenant to a software variant (development, test, production). This prevents, e.g., a development system of type A from accidentally being connected to a production system of type B. Integration setup may be triggered per an integration scenario from one of the two affected endpoints, or from a separate (e.g., central) system. The configuration may be written on both sides with reasonable defaults, with the double confirmation ensuring compliance and security.

Abstract: Methods, systems, and media for dynamically separating Internet of Things (IoT) devices in a network are provided. In accordance with some embodiments of the disclosed subject matter, a method for dynamically separating IoT devices in a network is provided, the method comprising: detecting a first IoT device in the network; monitoring network communication of the first IoT device; determining device information of the first IoT device based on the monitored network communication; and causing the first IoT device to communicate on a first subnet of a plurality of subnets in the network based on the device information.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for verifying consistency between content of a native application and content of a corresponding resource that is provided separately from the content of the native application.

Abstract: A method for network communication includes receiving from a first network a data packet having a header specifying a first source address in the first network and a destination address in a second network and looking up the first source address in a network address translation (NAT) table. Upon finding, in response to looking up the first source address, that the first source address is not listed in the NAT table, an entry is added to the NAT table specifying a corresponding second source address in the second network. One or more additional first source addresses that are not listed in the NAT table are predictively selected, and one or more further entries are added to the NAT table specifying one or more second source addresses in the public network corresponding to the one or more additional first source addresses.

Abstract: A system and method for implementing a high speed link between a mobile cache and an edge cache. For example, one embodiment of a system comprises: a mobile cache deployed on a vessel/vehicle, the mobile cache to store multimedia content to be provided to passengers on the vessel/vehicle; a first network device including a first plurality of wireless network antennas communicatively coupled to the mobile cache; an edge cache deployed at a designated location at which the vessel/vehicle is expected; a second network device including a second plurality of wireless network antennas communicatively coupled to the edge cache; wherein upon arrival at the designated location, each of the first plurality of wireless network antennas is paired with at least one of the second plurality of wireless network antennas to establish a plurality of simultaneous wireless links to exchange multimedia content between the edge cache and the mobile cache.

Abstract: The disclosed apparatus may include (1) flagging, at a packet filter within a network device, a packet to be discarded instead of passed to a processing unit within the network device, (2) determining that the packet is part of a set of related packets that includes at least one additional packet destined at least intermediately for the network device, (3) identifying, by monitoring incoming packets received at the packet filter, the additional packet within the set of related packets, and then (4) discarding, due to the additional packet being included within the set of related packets, the additional packet instead of passing the additional packet to the processing unit. Various other apparatuses, systems, and methods are also disclosed.

Abstract: A method for communication in a WLAN includes onboarding, authenticating, and configuring respective BSSs of multiple access points in a multi-AP network. Respective cryptographic keys are generated for the multi-AP agents in the network by carrying out a handshaking procedure between the multi-AP controller and the multi-AP agents over the backhaul network. Upon detecting a predefined rekeying event in communications between the multi-AP controller and any given multi-AP agent, a new cryptographic key is generated for the given multi-AP agent by repeating the handshaking procedure, and applying the new cryptographic key in encrypting and authenticating messages following the rekeying event.

Abstract: A wireless network-based voice communication security protection method, which enables VoWiFi (Voice over Wi-Fi) to verify and prevent potential risks in communication, and secures the environment of network communications that can be verified by a user device. A real-time user interface indicates security and quality of the current network call and provides advice on when to cancel a call. A telecommunications provider side interface checks if the user's network communication environment is safe, and provides real-time recommendations to the user regarding the security status of the call. The user device side self-check interface and the telecommunications provider side detection interface simultaneously detect whether or not the user's network communication environment is secure.

Abstract: Proxying Session Initiation Protocol (SIP) communications in a load balancing device. An outgoing SIP message is received from a session border controller device. The received outgoing SIP message comprises a routing control parameter in the form of a Uniform Resource Identifier (URI). The received outgoing message comprises one or more additional outgoing routing control parameters different to the URI. The one or more additional outgoing routing control parameters have been originated at the session border controller device to control one or more outgoing routing characteristics at the load balancing device. The one or more additional outgoing routing control parameters are extracted from the received outgoing SIP message. The outgoing SIP message is forwarded to a peer device using the one or more outgoing routing characteristics on the basis of the one or more extracted outgoing routing control parameters.

Abstract: This application discloses a routing information sending method and apparatus. The method includes: receiving, by a first network node, routing information sent by a second network node, and determining the routing information corresponds to a tenant identifier; and then determining, by the first network node, that a third network node belongs to a tenant corresponding to the tenant identifier, and sending the routing information to the third network node in response to determining that the third network node belongs to the tenant corresponding to the tenant identifier.

Abstract: Some embodiments provide a method for an MFE, in a first datacenter, to implement an LN spanning the first datacenter and a set of additional datacenters. The method stores records that each map one or more LN addresses for DCNs belonging to the LN and operating in the first datacenter to a different TEP address. The method stores an additional record that maps addresses for DCNs connected to a particular LFE of the LN and operating in the additional datacenters to a group of TEP addresses corresponding to LN gateways that handle data traffic for the particular LFE between the first datacenter and the additional datacenters. Upon receiving a data message with a destination address corresponding to a DCN connected to the particular LFE and operating in one of the additional datacenters, the method uses the additional record to identify a TEP address for encapsulating the data message.

Abstract: This disclosure describes techniques for validating a replication network. Validation of a replication network may include checking connectivity among components of the replication network, such as paired clusters. The techniques include performing intra-cluster and inter-cluster replication validation checks. The replication validation checks may generate replication validation output. Based at least in part of the replication validation output, user interface data may be sent to a display device for presentation to a user. In this way, connectivity faults within the replication network may be resolved.

Abstract: Systems, methods, and devices for resolving a network address include a Domain Name System (DNS) server configured to receive a request for a resource from a client device, determine a source IP address of the client device based on the information included in the received request, and determine whether the source IP address is included in a source client list. The server may identify a view associated with the source client list, and associate the client with the identified view, in response to determining that the source IP address is included in the source client list. The server may associate the client with a default view in response to determining that the source IP address is not included in the source client list.

Abstract: A system comprising: a plurality of mobile edge caches integrated within a corresponding plurality of mobile environments; a local network manager coupled to each edge cache device in each mobile environment to provide network connectivity to client devices within each mobile environment; a mobile high speed network interface coupled to each mobile edge cache within each mobile environment to establish a high bandwidth link to one or more fixed high speed network interfaces when the mobile environment is within range; a fixed core cache to store content titles owned by a content provider, the content titles to be distributed to the plurality of mobile edge caches, each content title comprising a plurality of title segments; a plurality of fixed edge caches coupled between the fixed core cache and the mobile edge caches; a content distribution manager to cause the title segments to be strategically spread across the fixed edge caches, wherein different fixed edge caches are initially to be provided with differ

Abstract: Techniques for policy-based connection provisioning using Domain Name System (DNS) requests are described herein. The techniques may include receiving policy data associated with one or more headend nodes that manage connections to computing resources. Additionally, the techniques may include receiving a DNS request from a client device to establish a connection between the client device and a first headend node of the one or more headend nodes. The DNS request may include an attribute associated with the client device. A provisioning service may determine that the connection should be established between the client device and the first headend node based at least in part on evaluating the attribute with respect to the policy data. Additionally, the techniques may include sending an internet protocol (IP) address, which is associated with the first headend node, to the client device to facilitate establishment of the connection.

Abstract: Systems and methods are provided for use in identifying synthetic identities. One exemplary method includes receiving a request from a relying party to assess validity of an identity indicated by a user in a network communication between the user and the relying party, where the request includes: identity data associated with the identity indicated by the user, feature data associated with submission of the network communication by the user to the relying party, and a device ID for a communication device associated with the user and used to submit the network communication. The method then includes calculating an assessment metric representative of the validity of the identity indicated by the user based on at least one score derived from the identity data, the feature data, and the device ID, and transmitting the assessment metric to the relying party.

Abstract: The present disclosure disclosed a method and a system for precisely dispatching a request in a content delivery network (CDN), which comprises: a domain name system (DNS) authorized by a CDN of a target website receiving, from a local DNS of a terminal in which a client is located, an IP address of the local DNS and a domain name of the target website of service content requested by the client; finding, in a shared dispatching database, an address of an optimal CDN node server of the target website that is suitable for providing service to the client based on the IP address of the local DNS and the domain name of the target website, returning the found address to the client. The disclosed method and system are able to solve the issue of low processing efficiency in CDN caused by an increase in resolution time needed in a process of IP dispatching and the issue of address error during the dispatching.

Abstract: A communication apparatus connected to a virtual apparatus having an address dispensing function via an access network is provided, wherein the communication apparatus includes a communication confirmation unit configured to perform a communication confirmation between the virtual apparatus and the communication apparatus; and an address dispensing unit configured to dispense an address to a user terminal under control of the communication apparatus when communication between the virtual apparatus and the communication apparatus is not able to be confirmed by the communication confirmation unit, and the address dispensing unit causes the user terminal to forcibly release the address when the communication between the virtual apparatus and the communication apparatus is able to be confirmed by the communication confirmation unit.

Abstract: Disclosed are systems and methods for improving interactions with and between computers in content searching, generating, hosting and/or providing systems supported by or configured with personal computing devices, servers and/or platforms. The systems interact to identify and retrieve data within or across platforms, which can be used to improve the quality of data used in processing interactions between or among processors in such systems. The disclosed systems and methods provide systems and methods for determining and recommending media for a user based on applications associated with a user's device. The disclosed systems and methods further provide a deep-linking feature and/or capability, such that upon a user selecting media from the recommended media, the selected media can be automatically rendered via its native application.

Abstract: Systems and methods are described to enable a DNS service to encode information into a network address to be advertised by the DNS service. Information encoded by a DNS service may include, for example, an identifier of a content set to which the network address corresponds (e.g., a domain name) and validity information, such as a digital signature, that verifies the validity of the network address. On receiving a request to communicate with the network address, a destination device associated with the network address may decode the encoded information within the network address to assist in processing the request. In some instances, the encoded information may be used to identify malicious network transmissions, such as transmissions forming part of a network attack, potentially without reliance on other data, such as separate mappings or contents of the data transmission.

Abstract: A system for detecting leakage of email addresses generates an alias email address that will be used by a user to register with a web service. The alias email address is an alias for a primary email address of the user, and is paired with the web service. The web service is included in a whitelist upon confirmation from the web service that the alias email address has been registered with the web service. Emails that are addressed to the alias email address and from the web service are forwarded to the primary email address. Emails that are addressed to the alias email address but is not from the web service are detected to be suspicious.

Abstract: An edge server of a distributed edge compute and routing service receives a tunnel connection request from a tunnel client residing on an origin server, that requests a tunnel be established between the edge server and the tunnel client. The request identifies the hostname that is to be tunneled. An IP address is assigned for the tunnel. DNS record(s) are added or changed that associate the hostname with the assigned IP address. Routing rules are installed in the edge servers of the distributed edge compute and routing service to reach the edge server for the tunneled hostname. The edge server receives a request for a resource of the tunneled hostname from another edge server that received the request from a client, where the other edge server is not connected to the origin server. The request is transmitted from the edge server to the origin server over the tunnel.

Abstract: Mechanisms for defending a computing system from attack are presented. The mechanisms include: maintaining a round counter that tracks a round number for a local host; determining a location in a graph for each of a plurality of hosts including the local host; determining monitor hosts of the plurality of hosts that are monitoring the local host; determining monitoree hosts of the plurality of hosts that are being monitored by the local host; sending a message to each of the monitor hosts identifying a value of the round counter; forwarding a first set of heartbeat messages from previous monitoree hosts to the monitor hosts; attempting to receive messages from the monitoree hosts; determining whether any messages were not received from the monitoree hosts; and in response to determining that one or more messages were not received from the monitoree hosts, generating an alert.

Abstract: A method for operating a multi-access edge computing (MEC) system includes establishing, between two or more MEC providers, an agreement that defines mutual access policies that specify which MEC platforms and which MEC applications and/or services running on the MEC platforms are allowed to be exposed among each other and/or to other tenants. The MEC platforms are provisioned with appropriate configurations in accordance with the access policies of the agreement. A discovery process is executed for discovering a MEC platform within a MEC stack of another tenant and a communication link is established with the other tenant's MEC platform.

Abstract: A receiving device according to the present invention includes: a packet receiving unit which receives a packet transmitted from a transmitting device which is a communication device transmitting the packet; and a transmitting device information acquiring unit which acquires, from an information providing device storing communication device information which is information concerning the communication device and information used for a purpose other than name resolution for the communication device, the communication device information corresponding to the transmitting device which is a source of the packet.

Abstract: Provided are an information transmission method, a resource allocation method, a terminal device, and a network device. In embodiments of the present invention, a terminal device converts at least one first carrier corresponding to a first address into at least one first carrier corresponding to a first index, converts at least one second carrier corresponding to a second address into at least one second carrier corresponding to a second index, and report the at least one first carrier corresponding to the first index and the at least one second carrier corresponding to the second index to a network device, so that the network device can determine at least one first carrier corresponding to a first address according to the first index and at least one second carrier corresponding to a second address according to the second index.

Abstract: Approaches for multicast routing a group packet that includes a payload and routing information (e.g., a target identifier vector and a target multicast group ID) in a network having multiple cells each comprising a parent node and one or more child nodes include establishing and storing one or more child-node multicast group map tables associated with the child node(s) for each cell; receiving a multicast group packet; determining whether to forward the multicast group packet to the child node(s) based at least in part on the child-node multicast group map table(s) associated therewith and the received target identifier vector; and if so, causing the parent node to forward the multicast group packet to the child node(s).

Abstract: A system for concurrently publishing a current version of a plurality of Domain Name System (DNS) records for a zone of domain name and for storing a next version of the plurality of DNS records for the zone, the system comprising: a record selection module for obtaining registry data associated with the domain name stored in a registry database; a DNS Security (DNSSEC) signing system having a first High Security Module (HSM) of a first vendor for facilitating digital signing of the registry data to generate a first signed DNS record using a first signing key (SK1) and a second HSM of a second vendor for facilitating digital signing of the registry data to generate a second signed DNS record using a second signing key SK2, the SK1 different from the SK2; and a distribution system for coordinating concurrent generation and transmission of the current version and the next version; the distribution system and signing system cooperating to: generate the concurrent version using SK1 to include the first signed DNS

Abstract: A system may select a list of servers in a computer network to perform behavioural profiling, wherein each server is associated with a domain name, the list of servers includes domain name entries, and the list of servers is prioritized according to a popularity value for each server. The system may update the list of servers based on a popularity threshold, partition the computer network into one of: subnetworks or subdomains, and establish a hierarchy along one of: the subnetworks or the subdomains based on the domain name entries in the list of servers. The system may update the popularity value for a server associated with a resolved network address, and may update the hierarchy along one of: the subnetworks or the subdomains based on the popularity value.

Abstract: A vehicular micro cloud includes a set of connected vehicles that are operable to provide computational services to the set of connected vehicles. The disclosure includes embodiments for mobility-oriented data replication in the vehicular micro cloud. In some embodiments, a method includes, for each data set stored by the set of connected vehicles, determining a number of replicas to generate based on one or more mobility-based criteria. The method includes generating instances of replica data that describe the replicas. The method includes, for individual instances of replica data, determining which of the connected vehicles included in the set to use as storage locations for the individual instances of replica data based on the one or more mobility-based criteria. The method includes causing the individual instances of replica data to be stored in the storage locations. For example, the individual instances of replica data are transmitted to the storage locations.

Abstract: Disclosed are non-limiting methods for authenticating devices, comprising receiving a request for a device authentication identifier, transmitting a device authentication request message via a frame embedded in a webpage of a merchant website, the device authentication request message comprising challenge data associated with a challenge, receiving a device authentication response message via the frame embedded in the webpage of the merchant website based on the device authentication request message, the device authentication response message comprising challenge response data associated with a challenge response, transmitting the device authentication identifier message based on the device authentication response message, receiving a transaction request message for a transaction, comprising the device authentication identifier and transaction data associated with the transaction, determining the device score based on the device authentication identifier, and generating, an authorization request message based