Abstract: A service implemented at a first isolated virtual network of a provider network is added to a database of privately-accessible services. Configuration changes that enable network packets to flow between the first isolated virtual network and a second isolated virtual network without utilizing a network address accessible from the public Internet are implemented. Service requests originating at the second isolated virtual network are transmitted to the first isolated virtual network via private pathways of the provider network. Metrics corresponding to service requests directed from the second isolated network to the service are collected and provided to the respective owners of one or both isolated virtual networks.

Abstract: This invention is directed to a communication processing apparatus that secures a safe connection from a non-IP-connection device to an IP-connection cloud (server). This communication processing apparatus includes a first connection unit that connects devices, a second connection unit that connects to servers, a switching unit that switches connections of the devices and the servers between the first connection unit and the second connection unit, a determiner that determines whether connection of a device to the first connection unit is permitted or unpermitted, and a connection controller that controls the switching unit in accordance with a determination result from the determiner.

Abstract: An information management device includes a memory and a processor configured to receive an access request to information related to individual, the access request including designation of a first data table including first information related to the individual and a second data table including second information related to the individual, perform, in accordance with whether the first data table and the second data table include a same key, determination of whether the individual is identified based on a combination of the first information and the second information to be included in a response to the access request, and perform a stop of output of the response when it is determined that the individual is identified based on the combination.

Abstract: Implementations generally relate to systems, apparatuses, and methods for a residential sensor device platform. In some implementations, a system includes a plurality of sensor devices. Each sensor device of the plurality of sensor devices communicates with a wireless router and with other sensor devices of the plurality of sensor devices. Each sensor device includes one or more sensors operative to sense conditions in a living space and includes one or more processors. The one or more processors operative to perform operations comprising determining one or more conditions in the living space, wherein at least one condition of the one or more conditions is associated with activity in the living space. The one or more processors are further operative to perform operations comprising sharing, with the other sensor devices, information associated with the one or more conditions.

Abstract: Systems and methods for managing a global virtual network connection between an endpoint device and an access point server are disclosed. In one embodiment the network system may include an endpoint device, an access point server, and a control server. The endpoint device and the access point server may be connected with a first tunnel. The access point server and the control server may be connected with a second tunnel.

Abstract: A system for centralized monitoring and control of Internet of Things (IoT) devices comprises an abstraction module development utility and an IoT device management system. The abstraction module development utility determines one or more device-specific user interface (UI) interactions for performing an action for each of a plurality of different IoT device types and generates an abstraction module for each of the different IoT device types. The IoT device management system is configured to generate one or more non-device-specific API calls for performing the action with respect to a particular IoT device, determine an IoT device type from among the plurality of different IoT device types for the particular IoT device, and direct the one or more non-device-specific API calls for performing the action to the abstraction module for the determined IoT device type for execution against the particular IoT device.

Abstract: A method for receiving, at a communications station which has a plurality of antennas, messages from a plurality of users in wireless communication with the communications station, comprising the steps of: (i) receiving, from the users, using the plurality of antennas, time-slotted information chunks formed from the messages of the users, wherein the information chunks are free of any encoded user-identifiers representative of the users transmitting the messages; (ii) after receiving all of the information chunks, estimating vectors representative of respective communication channels between the antennas and the users based on the received information chunks; (iii) grouping the information chunks based on the estimated vectors to form clusters of the information chunks respectively associated with the users; and (iv) recovering the messages of the users from the clusters of the information chunks.

Abstract: A method for parallel processing of a data stream is provided. In the method, a processing task is received. The processing task is configured to process a data stream that includes a plurality of segments. A split operation is subsequently performed on the data stream to split the plurality of segments into N sub-streams, where each of the N sub-streams includes one or more segments of the plurality of segments, and the N is a positive integer. Further, N sub-processing tasks are performed on the N sub-streams to generate N processed sub-streams. A merge operation is performed on the N processed sub-streams to generate a merged output data stream. The merged output data stream is identical to an output data steam that is generated when the processing task is applied directly to the data stream without the split operation.

Abstract: Methods are provided for decentralized key negotiation. One method includes initiating, by a first Internet Key Exchange (IKE) node from among a plurality of IKE nodes, a rekeying process for an Internet Protocol Security (IPSec) communication session established with a client device and serviced by a second IKE node from among the plurality of IKE nodes, and in which a first encryption key is used to encrypt traffic. The method further includes obtaining, by the first IKE node from a key value store, information about the IPSec communication session and performing, by the first IKE node, at least a part of the rekeying process in which the first encryption key is replaced with a second encryption key for the IPSec communication session.

Abstract: [Object] To provide a communication device and a communication method which are capable of achieving both an improvement in reliability of communication in which a frame is transmitted to a plurality of destinations and effective use of wireless communication resources. [Solution] The communication device includes: a communication unit configured to perform communication of a frame. The communication unit transmits a transmission acknowledgment request frame for a transmission acknowledgment response frame including frequency allocation information specifying a transmission frequency of the transmission acknowledgment response frame, and receives the transmission acknowledgment response frame which has undergone frequency division multiplexing, on the basis of the frequency allocation information.

Abstract: A method for processing virtualization of computers that are part of a group into virtual computers is provided. The method includes obtaining relationship data from the computers, where the relationship data identifies parameters used to communicate within the group. Then, the method analyzes utilization parameters for each of the computers of the group. A visual model for proposed virtualization of the group of computers is then generated. The visual model identifies hosting machines designated to define a virtual computer for each of the computers, where the visual model provides a graphical illustration of the group of computers once converted to virtual computers. The method enables adjustment of the proposed virtualization of the group of computers. Then, an execution sequence of virtualization operations to be carried out is generated, if execution of the proposed virtualization is triggered, and the execution sequence is saved to storage and accessed upon execution.

Abstract: Methods, systems, and devices for signal processing and wireless communication are described. For example, a device may include a plurality of antennas operable to transmit and receive communication packets via a plurality of communication protocols and an integrated circuit chip coupled to the plurality of antennas. The integrated circuit chip may comprise a first and a second plurality of processing elements. The first plurality of processing elements may be operable to receive communication packets via a first one of a plurality of communication protocols and process an optimal route. The second plurality of processing elements may be communicatively coupled to the first plurality of processing elements and operable to determine the optimal route to transmit the communication packets from a source device to a destination device based, at least in part, on transmission characteristics associated with at least one of the source or destination devices.

Abstract: Example methods are provided for a host to perform queue filter configuration for multicast packet handling in a software-defined networking (SDN) environment. One example method may comprise the host generating and sending a request to join an outer multicast group address to one or more multicast-enabled network devices; and configuring a queue filter based on the outer multicast group address. In response to detecting an ingress encapsulated multicast packet that includes an outer header addressed to the outer multicast group address, the host may assign the ingress encapsulated multicast packet to a particular NIC queue from the multiple NIC queues based on the queue filter; and retrieving, from the particular NIC queue, the ingress encapsulated multicast packet to generate and send a decapsulated multicast packet to a virtualized computing instance.

Abstract: Techniques for implementing a provisional mode in a multi-mode network device (i.e., a network device that supports at least first and second modes of operation) are provided. According to one embodiment, the network device can receive, while running in the first mode, a request to enter the second mode. In response to the request, the network device can enter a third mode that is a provisional version of the second mode. Then, while running in the third mode, the network device can accept one or more configuration commands or settings for the second mode while simultaneously processing live network traffic according to the first mode.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates beyond 4th-Generation (4G) communication system such as long-term evolution (LTE).

Abstract: A method for functionally secure connection identification during data exchange between two communication subscribers in a communication system, wherein a first subscriber operates as a data provider with a first address identifier and a second subscriber operates as a data requester with a second address identifier, wherein in a request of safety-related data of the first subscriber in a request message, the second subscriber transmits an order number of the data request and its second address identifier and the first subscriber responds with a response message, the second subscriber subsequently checking to determine whether this message contains (i) a second address identifier of the requesting second subscriber, (ii) an order number of the request message of the second subscriber and (iii) the first address identifier of the requested first subscriber, in the event all checking steps are positive, the safety-related data being accepted and otherwise discarded.

Abstract: Techniques and solutions are provided for performing adaptive database table placement in a non-uniform memory access (NUMA) architecture. The adaptive table placement can occur in response to changing workloads on the NUMA nodes. For example, if a particular NUMA node is saturated, a database table may be moved from the memory of the saturated NUMA node to the memory of another NUMA node that is underutilized. In some cases, an entire database table is moved, while in other cases the database table is partitioned and only part of the table is moved.

Abstract: A system and method are disclosed for making Virtual Private Network (VPN) connections in networks, which currently cannot have VPNs due to technical limitations and some practices by network operators. The system and method are a solution that may be independent of VPN protocols used for making secure connections. The system and method can be used in a public cloud on the internet or a in a private network. The system and method are capable of providing VPN connections “everywhere” and in all connection scenarios.

Abstract: For a multi-tenant environment, some embodiments of the invention provide a novel method for (1) embedding a specific path for a tenant's data message flow through a network in tunnel headers encapsulating the data message flow, and then (2) using the embedded path information to direct the data message flow through the network. In some embodiments, the method selects the specific path from two or more viable such paths through the network for the data message flow.

Abstract: Intelligent connection systems disclosed herein perform autonomous connection mechanisms and provide secure connectors. A mobile device exemplifies one of the embodiments of the autonomous connection mechanism.

Abstract: Techniques for triggering a content-related action based at least in part on an identifier of an access point are described. In an example, a computing device may determine an identifier of an access point based at least in part on a connection between the computing device and the access point. Based at least in part on the identifier, the computing device may access, a profile associated with the access point and may determine, from the profile, a content-related action to perform based at least in part on the connection between the computing device and the access point. The computing device may initiate the content-related action.

Abstract: Various techniques for facilitating communication with and across a clinical environment and a cloud environment are described. For example, a method for authenticating a network device residing in the clinical environment using a token is described. An authentication proxy in the cloud environment can receive a request from a connectivity adapter in the clinical environment and retrieve a security token from an authentication system in the cloud. The connectivity adapter can use the security token to send signed requests to the authentication system.

Abstract: A data packet forwarding method and an apparatus, where the method includes: receiving, by a forwarding device, a first default flow entry of the virtual network from a controller, where the first default flow entry of the virtual network instructs the forwarding device to send a data packet to a specified forwarding device when the forwarding device looks up a first flow table based on a match item of the data packet but no flow entry is hit; receiving, a first data packet from an end system; and when the controller is faulty and the forwarding device looks up the first flow table based on a match item of the first data packet but no flow entry is hit, sending, by the forwarding device, the first data packet to the specified forwarding device using the first default flow entry of the virtual network.

Abstract: The disclosed embodiments generally relate to systems, methods, and apparatus for dynamic context-based electronic offer communication. In one aspect, a computer server is disclosed, comprising: a hardware processor configured to execute instructions stored in a memory to: receive location data from a mobile device; determine a context of the mobile device based on the location data; generate a database query using the determined context; send the generated query to an events database; receive a conditional electronic offer from the events database; determine user data requirements based on the conditional electronic offer; send a request based on the user data requirements to a secure server; receive user data from the secure server; generate an electronic offer communication based on the conditional electronic offer when the user data received from the secure server meets the user data requirements; and send the electronic offer communication to the mobile device.

Abstract: In a storage system that includes a plurality of storage devices configured into one or more write groups, quorum-aware secret sharing may include: encrypting a device key for each storage device using a master secret; generating a plurality of shares from the master secret such that a minimum number of storage devices required from each write group for a quorum to boot the storage system is not less than a minimum number of shares required to reconstruct the master secret; and storing the encrypted device key and a separate share of the plurality of shares in each storage device.

Abstract: A method includes receiving, at a data link layer (layer 2) gateway device configured to connect the physical network to the SDN network, routing data to a computing device, the computing device selected to receive a packet transmitted from the physical network to the SDN network; receiving, from a source element in the physical network, an address request for a layer 2 address of a router element in the SDN network, the address request including a networking layer address of the router element; transmitting, to the source element in response to receiving the address request, a layer 2 address of the router element using the routing data; receiving, from the source element, a routing request to route a packet to a destination element in the SDN network using the layer 2 address; routing, using the routing data, the received packet to the computing device to route to the destination element.

Abstract: Methods and systems are provided for configuring or customizing settings or parameters of different media devices for compatible operations in an automated manner. An exemplary method of configuring a device for presenting media content in conjunction with a second device involves a client device detecting the device on a wireless network, identifying performance characteristics associated with the second device coupled to the device, and automatically configuring the device for operation with the second device via the wireless network and in a manner that is influenced by the performance characteristics associated with the second device. In this regard, one or more configurable parameters or settings maintained at the device and that influence its operation may be modified via the wireless network to correspond to performance characteristics of the second device, thereby facilitating compatible interoperation with the second device.

Abstract: There is provided a method and corresponding device for transmitting a congestion indication to a group of wireless communication devices for synchronized triggering of backoff procedures in the wireless communication devices. A purpose of the synchronized triggering of the backoff procedures may be to enable deferring, in each of the wireless communication devices, transmission of scheduling request(s) until one or more backoff procedures in the considered wireless device is completed. In this way, the proposed technology provides efficient load control related to scheduling requests and/or enables a reduction of the average response time between scheduling request and grant.

Abstract: A virtual network comprising virtual machines executing at a computing environment is implemented. A software defined networking (SDN) appliance is configured to provide a connection to computing resources via a virtual network of a virtual computing environment. The SDN appliance is configured to apply policies of the virtual computing environment to data traffic on the virtual network. The SDN appliance is operable to interact with multiple network devices that are configured to act as a hardware acceleration device for processing data traffic. Virtual addresses are assigned to the network devices. The SDN appliance executes a virtual switch configured to identify data traffic sent to or received from a host and act as a proxy for the network devices and respond on their behalf.

Abstract: A service management system communicates via wide area network with gateway devices located at respective user premises. The service management system remotely manages delivery of application services, which can be voice controlled, by a gateway, e.g. by selectively activating/deactivating service logic modules in the gateway. The service management system also may selectively provide secure communications and exchange of information among gateway devices and among associated endpoint devices. An exemplary service management system includes a router connected to the network and one or more computer platforms, for implementing management functions. Examples of the functions include a connection manager for controlling system communications with the gateway devices, an authentication manager for authenticating each gateway device and controlling the connection manager and a subscription manager for managing applications services and/or features offered by the gateway devices.

Abstract: A machine automation system for controlling and operating an automated machine. The system includes a controller and sensor bus including a central processing core and a multi-medium transmission intranet for implementing a dynamic burst to broadcast transmission scheme where messages are burst from nodes to the central processing core and broadcast from the central processing core to all of the nodes.

Abstract: A system validates the establishment and/or continuation of a connection between two applications over a network using a two-stage process: (1) a local security agent executing on the same source system as the source application validates the connection against a set of policies stored locally on the source system; and (2) a local security agent executing on the same destination system as the destination application validates the connection against a set of policies stored locally on the destination system. The connection is allowed or blocked depending on the outcome of the two-stage validation. Before the validation process, a policy enforcement engine distributes copies of a trusted public certificate to the source and destination local security agents, which extend their local copies of the certificate to enable them to enforce policies without the use of a backend system.

Abstract: Aspects of this disclosure describes techniques for parsing network packets, processing network packets, and modifying network packets before forwarding the modified network packets over a network. The present disclosure describes a system that, in some examples, parses network packets, generates data describing or specifying attributes of the network packet, identifies operations to be performed when processing a network packet, performs the identified operations, generates data describing or specifying how to modify and/or forward the network packet, modifies the network packet, and outputs the modified packet to another device or system, such as a switch.

Abstract: A service management system communicates via wide area network with gateway devices located at respective user premises. The service management system remotely manages delivery of application services, which can be voice controlled, by a gateway, e.g. by selectively activating/deactivating service logic modules in the gateway. The service management system also may selectively provide secure communications and exchange of information among gateway devices and among associated endpoint devices. An exemplary service management system includes a router connected to the network and one or more computer platforms, for implementing management functions. Examples of the functions include a connection manager for controlling system communications with the gateway devices, an authentication manager for authenticating each gateway device and controlling the connection manager and a subscription manager for managing applications services and/or features offered by the gateway devices.

Abstract: Concepts and technologies disclosed herein are directed to real-time video delivery for connected home (“CH”) applications. According to one aspect of the concepts and technologies, a CH controller (“CHC”) can receive a request for delivery of a video stream captured by a CH video camera to a user device. The CHC can determine availability of a wireline communications link to a wireline network and availability of a wireless communications link to a wireless network over which to deliver the video stream to the user device. In response to determining that the wireline communications link and the wireless communications link are available, the CHC can obtain a wireline performance measurement for the wireline communications link, obtain a wireless performance measurement for the wireline communications link, compare the wireline performance measurement and the wireless performance measurement, and select either the wireline communications link or the wireless communications link based upon the comparison.

Abstract: System utilization related to memory usage can be monitored by storing host memory usage information in the corresponding host physical memory. However, retrieving this information can be a high overhead operation because it involves engaging with the operating system of each host. Moreover, storing memory usage information in the host physical memories can pose a security risk if they also store privileged data. Network interfaces according to the present disclosure provide unobtrusive and secure support for monitoring of network and other system resources such as regions of memory within host physical memories. Implementations according to the present disclosure include a plurality of memory region counters stored on a network interface. Each memory region counter corresponds to one of the memory regions located in a physical memory of a host coupled to the network interface. Each of the counters includes a system utilization metric associated with its corresponding memory region.

Abstract: An unauthorized activity detection method in an onboard network system. The detection method includes determining whether or not a message sent out onto the network is an attack message, saving information relating to the attack message in at least one memory in a case where the message is an attack message, identifying a communication pattern from information relating to the attack message, and determining whether or not the message matches a communication pattern. The determination of whether an attack message and determination of whether matching a communication pattern are executed on each of a plurality of messages received from the network. In the determining of whether an attack message executed on a message received after executing of determining of whether matching a communication pattern, results of the determination of whether an attack message that has already be executed are used.

Abstract: A fog data agent for a connected car includes a connector configured to couple to an on-board diagnostic port of the connected car, a microprocessor, a wireless communication interface coupled to the microprocessor, a cellular communication interface coupled to the microprocessor, a data storage device coupled to the microprocessor, and logic configured to receive data from the on-board diagnostic port, analyzes the data in real-time, and establish a bi-directional communication channel with a remote server via at least one of the wireless communication interface and the cellular communication interface to transmit a subset of the analyzed data to the remote server in response to the data analysis.

Abstract: A gateway device for a fire control system is described herein. The gateway device can comprise a processor and a memory having instructions stored thereon which, when executed by the processor, cause the processor to detect that a network interface of the gateway device is connected to a network, receive data associated with the fire control system, and determine a data management scheme for the gateway device based on the type of detected network interface and the received data.

Abstract: A method for filtering data packets at a firewall system is disclosed that includes receiving a data packet having a plurality of fields at a processor. Determining with the processor whether a precondition exists for one or more of the plurality of fields, where an action is associated with the precondition. Performing the action associated with the precondition on the data packet with the processor if it is determined that the precondition exists for one or more of the plurality of fields. Processing the data packet using a plurality of rules with the processor if it is determined that the precondition does not exist for the one or more of the plurality of fields.

Abstract: A method, article of manufacture, and apparatus for providing a write leases in a distributed file system is discussed. A lease break is received for a file at a client from a metadata server (“MDS”), wherein the client has a write lease for the file. A write buffer is flushed on the client to an object store, wherein the write buffer comprises data objects comprising the file. A metadata request is transmitted from the client to the MDS in connection with flushing the write buffer. A lease extension is received for the write lease from the MDS.

Abstract: A communication method and system configured to facilitate integration of complex automation systems composed of disparate components that may run with different processes are distributed over a network or are embedded devices. The system/method allows for a client to rapidly access functionality exposed by a service within a client-service system employing a distributed application structure utilizing an augmented object-oriented model of multiple member types. The system/method allows interconnected nodes to communicate through message passing and remote procedure calling so as to reduce latency within a system composed of distributed resources.

Abstract: A method performed by an Operation and Support System (OSS) node for handling communication between a wireless device and a communication network node in a communication network, which communication network comprises a first radio access node associated with a first gateway and a second radio access node associated with a second gateway. The OSS node determines to initiate a change of an Internet Protocol (IP) address for the wireless device. The OSS node further identifies a session of packets for the wireless device, which session is run over a protocol that supports session continuity even though source or destination IP addresses change in the packets. Furthermore, the OSS node triggers the change of the IP address associated with the first gateway for the wireless device, of packets of the session, to a changed IP address associated with the second gateway.

Abstract: A network security protection method is executed by a network security protection device and includes obtaining at least one of network environment data or threat detection data of a host that is in a protected network and that is connected to the network security protection device, where the network environment data includes an identifier of an operating system, a parameter of the operating system, an identifier of software with a network port access function, or a parameter of the software; and the threat detection data includes a threat type or a threat identifier, where the threat type includes a vulnerability or a malicious program; searching, according to the obtained at least one of network environment data or threat detection data, for corresponding information used to eliminate a security threat in the host; and sending the found information to the host.

Abstract: A secure start system for an autonomous vehicle can include a communications router comprising an input interface to receive a boot-loader to enable network communications with a backend system. The secure start system utilizes a tunnel key from the backend system to establish a private communications session with a backend data vault. The secure start system then retrieves a set of decryption keys from the backend data vault, via the private communications session, to decrypt a plurality of encrypted drives of the autonomous vehicle, which enables one or more functions of the autonomous vehicle.

Abstract: A provider network includes a service that creates virtual private network (VPN) endpoint nodes. Application programming interfaces are available that the creation of VPN endpoint nodes, peer them together, and attach them to respective virtual private networks to thereby establish communication tunnels between pairs of virtual private networks. Each VPN endpoint node may be implemented as a fault tolerant endpoint node in which the node is created as a plurality of virtual machines. Each of the virtual machines is configured from a common machine image that includes software capable of causing the respective virtual machine to configure a tunnel such as an IPSec tunnel. One of the virtual machines, however, is operated in an active mode, while another virtual machine is configured to operate in a standby mode.

Abstract: Systems, methods, and apparatuses are disclosed herein for providing an Individual Service Instance identifier (“I-SID”) translation service for accessing services on different networks. Packets designated for specific services via an I-SID Tag may be received at an edge network device and a lookup may be performed to locate the service on another network via the I-SID corresponding to the service, the I-SID being mapped at another network. The I-SID may be updated with the newly-located I-SID in order for the packet to reach an appropriate service on the other network.

Abstract: A system and method for transparently caching content from multiple content providers.

Abstract: Backups of workloads in a multi-tenant cloud computing environment are efficiently queued and scheduled. A method of backing up workloads for multiple tenants of a cloud computing system, includes the steps of determining a pool of workloads to be backed up during a time window, the workloads including workloads for a first tenant and workloads for a second tenant, placing a backup task for backing up each of the workloads in the pool in a scheduling queue and prioritizing the backup tasks according to backup parameters specified by the tenants, sizes of workload data to be backed up, and hardware constraints of a backup storage device executing the backups, and instructing the backup storage device to execute the backup tasks according to an order of the backup tasks in the scheduling queue.

Abstract: Methods, systems and apparatus for securing credential distribution are disclosed. One method includes receiving, by a wireless device, from a cloud system, that the wireless device is authorized to receive private network credentials, sensing, by the wireless device, a presence of one or more wireless networks, providing, by the wireless device, wireless network information of the sensed presence of the one or more wireless networks to the cloud system, providing, by the wireless device, to the cloud system, a request for private network credentials, wherein the cloud system, receives the private network credentials of the authenticated user, and receiving, by the wireless device, from the cloud system, distribution of the private network credentials, thereby allowing the wireless device to obtain local network access with the private network credentials.