The present disclosure provides techniques for signaling the maximum setup link limit. An access point multi-link device (AP MLD) receives an association request frame from a non-AP station (STA), the association request frame requesting to establish a set of links between the AP MLD and the non-AP STA. The AP MLD determines that accepting the set of requested links would result in a total number of established links exceeding a limit set by the AP MLD for the non-AP STA. In response to the determination, the AP MLD selects a subset of the set of requested links, where the total number of established links does not exceed the limit, and transmits an association response frame to the non-AP STA, the association response frame comprising a status code indicating that at least one requested link is rejected due to exceeding the limit.
In one embodiment, a method may use one or more Representational State Transfer (REST) Application Programming Interfaces (APIs) to receive data associated with a web application from a first user interface (UI) client device. The method may use the one or more REST APIs to determine a stateless operation by performing stateless pre-processing on the data associated with the web application and one or more contextual features associated with the stateless operation. The method may determine an augmented notification by applying an augmentation operation on the one or more contextual features and the stateless operation. The method may determine a stateful operation using the augmented notification. The method may receive a request for an update on the data associated with the web application from a second UI client device. In response to receiving the request, the method may communicate the stateful operation to the second UI client device.
H04L 67/02 - Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database systemDistributed database system architectures therefor
3.
GENERATING MITIGATING RESPONSES TO SECURITY DEFICIENCIES USING GENERATIVE MACHINE LEARNING MODELS
An example method includes receiving an identifier associated with a security deficiency, wherein the security deficiency is associated with a computer system; determining, based on the identifier, text data associated with the identifier; determining a text prompt, wherein the text prompt comprises an instruction segment and the text data, and wherein the instruction segment identifies a mitigating response detection task and an output constraint; providing the text prompt to a generative machine learning model; receiving, from the generative machine learning model, a set of outputs including a first output identifying a first mitigating response and a second output identifying a second mitigating response; determining that the first output satisfies the output constraint; determining that the second output fails to satisfy the output constraint; determining, based on the first output, a final output; and providing the final output using an output interface.
The presently claimed disclosure is directed to methods that may be implemented at a computer. Methods and systems consistent with the present disclosure may include extending protocols associated with authenticating client (i.e. supplicant) devices and with authorizing those supplicant devices to access a wireless network. These methods may include sending data relating to the failure of an authentication and/or an authorization process to a supplicant device attempting to access a wireless network. Methods discussed within may include securely sending failure codes or reasons to a supplicant device that identify why an authentication or authorization process failed. These methods may include sending messages between a supplicant device, an authenticator device, and an authentication and authorization server. After a first failure, the supplicant device may be able to access the wireless network after a reason or code of that failure has been reported to the supplicant device.
In one implementation, a device obtains code generated by a language model-based agent to perform an action of a particular type with respect to a computer network. The device determines one or more parameters to execute the code in a testing environment. The device performs a validation assessment of the code to assess whether it is able to perform actions of the particular type by executing it with the one or more parameters in the testing environment. The device makes, based on the validation assessment, the code available to the language model-based agent to perform a subsequent action of the particular type.
Disclosed herein is a software tool designed to add and place stand-alone UWB anchors to provide a minimum of UWB anchors for accurate UWB ranging. The tool divides an area in which access points are situated into a number of cells and evaluates each cell for coverage. If a cell does not have a minimum number of UWB anchors for accurate UWB ranging, the tool determines that a coverage hole is present. The tool then adds stand-alone UWB anchors to the area to eliminate the coverage holes. The tool adds stand-alone UWB anchors in a number of iterations and selects the iteration with the minimum number of stand-alone UWB anchors that eliminate the coverage holes.
G01S 5/02 - Position-fixing by co-ordinating two or more direction or position-line determinationsPosition-fixing by co-ordinating two or more distance determinations using radio waves
H04W 64/00 - Locating users or terminals for network management purposes, e.g. mobility management
7.
DISTRIBUTED RESOURCE UNIT AND DUAL CLEAR TO SEND IMPLEMENTATION
Managing the implementation of Distributed Resource Unit (DRU) and Dual Clear to Send (CTS) may be provided. Managing the implementation of DRU and Dual CTS comprises disallowing one or more DRU techniques for a spectrum that has a regulatory power limitation and signaling that the one or more DRU techniques are disallowed. Managing the implementation of DRU and Dual CTS can also comprise enabling one or more allowed DRU techniques.
H04W 74/0816 - Non-scheduled access, e.g. ALOHA using carrier sensing, e.g. carrier sense multiple access [CSMA] with collision avoidance
H04L 5/00 - Arrangements affording multiple use of the transmission path
H04W 52/36 - Transmission power control [TPC] using constraints in the total amount of available transmission power with a discrete range or set of values, e.g. step size, ramping or offsets
A generative mediator engine can perform a requested interaction with a conversational agent of a target entity on behalf of a user. An internal conversational platform can identify intents for the requested interaction. An external artificial intelligence engine can perform intent discovery when an intent is not identified above a confidence threshold. A discovered intent unknown to the generative mediator engine can be received from the external artificial intelligence engine and used, with input requirements determined by the generative mediator for the requested interaction, by a dialog generator to generate a sample dialog for the requested interaction. User feedback can be received after review of action items and expected inputs identified from the sample dialog. The generative mediator engine can perform the requested interaction with the conversational agent on behalf of the user and without receiving user intervention during the requested interaction.
An example method includes receiving an identifier associated with a security deficiency, wherein the security deficiency is associated with a computer system; determining, based on the identifier, text data associated with the identifier; determining a text prompt, wherein the text prompt comprises an instruction segment and the text data, and wherein the instruction segment identifies a remediation strategy detection task and an output constraint; providing the text prompt to a generative machine learning model; receiving, from the generative machine learning model, a set of outputs including a first output identifying a first remediation strategy and a second output identifying a second remediation strategy; determining that the first output satisfies the output constraint; determining that the second output fails to satisfy the output constraint; determining, based on the first output, a final output; and providing the final output using an output interface.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
In one embodiment, a method may comprise: instrumenting, by a process, runtime of a software application; detecting, by the process, a reflection call made within the runtime of the software application; determining, by the process and from the reflection call, a reflection target and a reflection caller; comparing, by the process, the reflection target, the reflection caller, and the reflection call against a security policy; and performing, by the process, one or more mitigation actions on the reflection call in response to a violation of the security policy. In another embodiment, a secure audit process first generates the security policy based on approving reflection calls, reflection targets, and reflection callers seen during a runtime of the software application in a secure environment, and then shares the security policy with local instrumentors of the software application to cause enforcement of the security policy against a local runtime of the software application.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/53 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by executing in a restricted environment, e.g. sandbox or secure virtual machine
11.
POLICY MANAGEMENT AND ENFORCEMENT IN A GREEN ELASTIC NETWORK
In one implementation, a device receives one or more constraints from a user interface regarding an acceptable level of performance of a computer network. The device forms, based on the one or more constraints, a policy to control performance of actions in the computer network to reduce its energy consumption. The device determines whether a particular action to reduce energy consumption by the computer network would violate the policy. The device causes performance of the particular action in the computer network, when doing so does not violate the policy.
In one implementation, a device queries an ontology that represents entities in a computer network and their relationships for a particular topology in the computer network. The device computes a mathematical system that represents traffic in the particular topology, based on traffic for only a portion of the particular topology. The device uses the mathematical system to compute traffic in the particular topology for a potential change to the particular topology expected to reduce energy consumption by the computer network. The device causes, based in part on the traffic computed using the mathematical system, the potential change to be made to the computer network.
H04L 41/12 - Discovery or management of network topologies
H04L 41/0833 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network energy consumption
H04L 41/142 - Network analysis or design using statistical or mathematical methods
H04L 41/147 - Network analysis or design for predicting network behaviour
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
Techniques for monitoring data transport in a network virtualization function (NVF) chain. A path tracing packet is generated having a Midpoint Compressed Data (MCD) to collect path tracing information of the NVF chain. The NVF node is configured to record an MCD containing Wide Local Path Tracing Identification (WL PT ID). The WL PT ID includes a first field having a value that indicates that a non-standard path tracing format is to be used and has a second field that indicates a particular path tracing format to be used. The path tracing packet is passed through the NVF chain and is then received back again after passing through the NVF chain. Data collected by the path tracing packet is analyzed to determine which NVF nodes the path tracing packet passed through, and the amount of time taken for the path tracing packet to pass through, the NVF chain.
H04L 41/122 - Discovery or management of network topologies of virtualised topologies e.g. software-defined networks [SDN] or network function virtualisation [NFV]
H04L 41/0895 - Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
H04L 41/40 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
H04L 43/10 - Active monitoring, e.g. heartbeat, ping or trace-route
14.
DIRECT PROMPT INJECTION THREAT MITIGATION USING PROMPT PROCESSING UNITS
In one implementation, a device identifies a first subject indicated by a prompt to a large language model. The device identifies a second subject indicated by the prompt to the large language model. The device determines whether the first subject and the second subject are mutually opposed subjects. The device prevents the large language model from processing the prompt when the first subject and the second subject are mutually opposed subjects.
In one implementation, a method is disclosed comprising providing a prompt to a large language model to perform a task; determining a likelihood of an outcome of the task changing over a period of time; storing the prompt and the outcome in a cache when the likelihood indicates that the outcome of the task is unlikely to change over the period of time; and returning the outcome from the cache in response to a subsequent prompt asking the large language model to perform the task, in lieu of providing the subsequent prompt to the large language model.
Techniques for determining a tag for a security deficiency (e.g., a security vulnerability and/or exposure) using a generative machine learning model. In examples, a system may perform the following operations: (i) identifying a deficiency identifier associated with the security deficiency, (ii) retrieving one or more texts that correspond to the deficiency identifier, (iii) generating a prompt for a generative model to process the text(s) to detect a tag, (iv) providing the prompt to the generative machine learning model, (v) receiving the output of the machine learning model, (vi) determine whether the output satisfies one or more output constraints (e.g., one or more output constraints specified by format and/or content requirements specified in the prompt), and (vii) if the output satisfies the output constraint(s), determine the tag based on the validated output.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
17.
DISCOVERY OF POWER DEGRADED MODES IN A GREEN ELASTIC NETWORK
In one implementation, a device obtains data regarding a networking entity in a computer network and a set of possible configurations for the networking entity. The device determines a power degraded mode of the networking entity comprising one or more configurations from the set of possible configurations. The device estimates an amount of energy savings associated with activating the power degraded mode of the networking entity. The device causes the power degraded mode of the networking entity to be activated based on the amount of energy savings estimated by the device.
The present disclosure describes an access point that batches roaming requests and responses. The access point includes one or more memories and one or more processors communicatively coupled to the one or more memories. The one or more processors, individually or collectively, perform an operation that includes receiving, from a device, a message comprising (i) a first portion indicating a first target access point and (ii) a second portion indicating a second target access point, based on the first portion indicating the first target access point, communicating, to the first target access point, a first instruction to generate a first pairwise transient key (PTK) for communicating with the device, and based on the second portion indicating the second target access point, communicating, to the second target access point, a second instruction to generate a second PTK for communicating with the device.
Techniques and architecture are described for identifying objects, e.g., resources, across a federation in a network, and more particularly, to identifying objects, e.g., resources, across a federation of access networks, e.g., fabric networks, for extending access of the objects across the federation in a network. More particularly, the techniques and architecture provide for adding global tags to local resources within an access network, e.g., a fabric network. Once a resource has a global tag attached to it, this information is shared with all other fabrics. Each fabric can then build its own view of where global resources are located. A local resource with the same set of global tags may be seen as the same global resource across multiple fabrics. Simply changing global tags attached to a local resource allows for reclassifying local resources. No other configuration change is required.
A Low Power Indoor (LPI) Access Point (AP) Clear channel Assessment (CCA) signaling schemes for seamless preamble puncturing support may be provided. An AP may signal a first indication that the AP supports punctured subchannel CCA. The AP may receive a second indication from a station whether the station supports the punctured subchannel CCA. The AP may determine a nature of association between the AP and the station based on the second indication.
The present disclosure provides techniques for signaling the maximum setup link limit. An access point multi-link device (AR MLD) receives an association request frame from a non-AP station (STA), the association request frame requesting to establish a set of links between the AP MLD and the non-AP STA. The AP MLD determines that accepting the set of requested links would result in a total number of established links exceeding a limit set by the AP MLD for the non-AP STA. In response to the determination, the AP MLD selects a subset of the set of requested links, where the total number of established links does not exceed the limit, and transmits an association response frame to the non-AP STA, the association response frame comprising a status code indicating that at least one requested link is rejected due to exceeding the limit.
An example method includes receiving an identifier associated with a security deficiency, wherein the security deficiency is associated with a computer system; determining, based on the identifier, text data associated with the identifier; determining a text prompt, wherein the text prompt comprises an instruction segment and the text data, and wherein the instruction segment identifies a mitigating response detection task and an output constraint; providing the text prompt to a generative machine learning model; receiving, from the generative machine learning model, a set of outputs including a first output identifying a first mitigating response and a second output identifying a second mitigating response; determining that the first output satisfies the output constraint; determining that the second output fails to satisfy the output constraint; determining, based on the first output, a final output; and providing the final output using an output interface.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
An example method includes receiving an identifier associated with a security deficiency, wherein the security deficiency is associated with a computer system; determining, based on the identifier, text data associated with the identifier; determining a text prompt, wherein the text prompt comprises an instruction segment and the text data, and wherein the instruction segment identifies a remediation strategy detection task and an output constraint; providing the text prompt to a generative machine learning model; receiving, from the generative machine learning model, a set of outputs including a first output identifying a first remediation strategy and a second output identifying a second remediation strategy; determining that the first output satisfies the output constraint; determining that the second output fails to satisfy the output constraint; determining, based on the first output, a final output; and providing the final output using an output interface.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Techniques and apparatus for reducing client detectability via signal strength observation are described. An example technique includes transmitting a first set of frames at a first transmit power level. Each of the first set of frames includes a first set of medium access control (MAC) layer parameters associated with a wireless device. A second transmit power level, different from the first transmit power level, for transmitting a second set of frames is determined. The second set of frames is transmitted at the second transmit power level after transmission of the first set of frames. Each of the second set of frames includes a second set of MAC layer parameters associated with the wireless device and different from the first set of MAC layer parameters.
H04W 52/24 - TPC being performed according to specific parameters using SIR [Signal to Interference Ratio] or other wireless path parameters
H04W 52/26 - TPC being performed according to specific parameters using transmission rate or quality of service QoS [Quality of Service]
H04W 52/36 - Transmission power control [TPC] using constraints in the total amount of available transmission power with a discrete range or set of values, e.g. step size, ramping or offsets
H04W 12/122 - Counter-measures against attacksProtection against rogue devices
25.
TRANSMISSION COORDINATION BETWEEN BASIC SERVICE SETS
The present disclosure describes a system that coordinates transmissions between BSSs. A first access point assigned to a first basic service set includes a memory and a processor. The memory stores a data structure that includes a first entry. The first entry indicates (i) a second access point assigned to a second basic service set different from the first basic service set, (ii) a first message at the second access point that has not been transmitted. The processor refrains, based on the first entry, from transmitting a second message for a period of time and in response to detecting that the second access point transmitted the first message, updates the first entry to indicate that the first message has been transmitted. The processor also transmits, to the second access point, a third message indicating that the first message has been transmitted.
Techniques and apparatus for facilitating seamless transition of communications within a wireless network during access point (AP) power save operations are described. An example technique includes transmitting a power save schedule for the first AP MLD to a client MLD. The power save schedule indicates time period(s) during which the first AP MLD will perform an AP power save operation. An AP power save notification for the first AP MLD is transmitted to the client MLD and indicates an amount of time after which the first AP MLD will perform the AP power save operation. A determination is made that the client MLD is connected to the first AP MLD within a predetermined amount of time of the AP power save operation. In response to the determination, link(s) for the client MLD are set up on the second AP MLD prior to the AP power save operation.
A method for the real time determination of minimum fibre channel buffer to buffer credits on an inter switch link. In one particular embodiment, a method includes communicating a first frame to a receiving switch with a first timestamp, receiving a second frame with a second and third timestamp, adding a fourth timestamp to the second frame, calculating the round trip link latency time value using the first timestamp, the second timestamp, the third timestamp, and the fourth timestamp, and calculating the minimum number of buffer to buffer credits to be configured on the link to nondisruptively transmit traffic.
Techniques for encoding metadata representing a policy into a QUIC connection ID are described herein. A metadata-aware network including one or more enforcement nodes, a policy engine, and/or a connection datastore may be utilized to enforce a policy and route communications on a QUIC connection. The policy engine may be configured to encode metadata representing one or more network policies into a QUIC source connection ID (SCID) and/or may store a mapping between the SCID and a corresponding destination connection ID (DCID) in the connection datastore. The policy engine may communicate with a QUIC application server and/or one or more QUIC proxy nodes to encode the SCID into a QUIC packet. The enforcement nodes may access the metadata and enforce the policies via a connection ID included in a QUIC header of a QUIC packet or by performing a lookup in the connection datastore using the connection ID.
H04L 61/103 - Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
H04L 61/4511 - Network directoriesName-to-address mapping using standardised directoriesNetwork directoriesName-to-address mapping using standardised directory access protocols using domain name system [DNS]
H04L 67/02 - Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
H04L 67/101 - Server selection for load balancing based on network conditions
H04L 67/1012 - Server selection for load balancing based on compliance of requirements or conditions with available server resources
A Low Power Indoor (LPI) Access Point (AP) Clear channel Assessment (CCA) signaling schemes for seamless preamble puncturing support may be provided. An AP may signal a first indication that the AP supports punctured subchannel CCA. The AP may receive a second indication from a station whether the station supports the punctured subchannel CCA. The AP may determine a nature of association between the AP and the station based on the second indication.
An enhanced vapor chamber heat sink is provided. In one aspect, a heat sink includes a vapor chamber that includes a bottom portion, a top portion spaced from the bottom portion, and a curved connector connecting the bottom portion and the top portion. The bottom portion, the curved connector, and the top portion define a chamber in which a working fluid is received. The heat sink also includes a plurality of fins extending between the bottom portion and the top portion. Further, the heat sink includes a thermal interface material (TIM) layer disposed on the top portion, the curved connector, or both. The heat sink also includes a conducting cover contacting the TIM layer.
Systems and methods are provided for quantum-resistant secure key distribution between a peer and an EAP authenticator by using an authentication server. The systems and methods include receiving requests for a COMMON-SEED and a quantum-safe public key from a peer and an EAP authenticator. The COMMON-SEED is encrypted using the quantum-safe public key of the peer and the quantum-safe public key of the EAP authenticator, and the encrypted COMMON-SEED is sent to the peer along with a request for a PPK_ID from the peer to complete authentication of the peer. The PPK_ID is received from the peer, and the encrypted COMMON-SEED and PPK_ID is sent to the EAP authenticator. A quantum-resistant secure channel is established between the peer and the EAP authenticator when the peer and the EAP authenticator share the same COMMON-SEED and the same PPK-ID.
The present disclosure describes a system that coordinates transmissions between BSSs. A first access point assigned to a first basic service set includes a memory and a processor. The memory stores a data structure that includes a first entry. The first entry indicates (i) a second access point assigned to a second basic service set different from the first basic service set, (ii) a first message at the second access point that has not been transmitted. The processor refrains, based on the first entry, from transmitting a second message for a period of time and in response to detecting that the second access point transmitted the first message, updates the first entry to indicate that the first message has been transmitted. The processor also transmits, to the second access point, a third message indicating that the first message has been transmitted.
Frequency error tracking and lane monitoring techniques for multi-lane optical transceivers are provided. In one aspect, a method includes capturing phase and frequency information recovered by clock-and-data recovery circuits from data traveling along a plurality of lanes of an optical transceiver, with one of the lanes being a master lane; determining a frequency error based on the phase and frequency information of the master lane; outputting, by a tunable oscillator, a reference clock based on the frequency error; and controlling the optical transceiver based on i) a transmitter clock signal generated by a transmitter phase-locked loop (PLL) using the reference clock signal, and ii) a receiver clock signal generated by a receiver PLL using the reference clock signal.
H04B 10/079 - Arrangements for monitoring or testing transmission systemsArrangements for fault measurement of transmission systems using an in-service signal using measurements of the data signal
34.
FAST DIGITAL LANE DROP DETECTION SYSTEM FOR MULTI-LANE DIRECT DETECT TRANSCEIVERS
Lane drop detection techniques for multi-lane optical transceivers are provided. In one aspect, a method includes capturing a phase interpolator (PI) control word for each lane of an optical transceiver; determining a lane difference between a master lane and each non-master lane; calculating a difference associated with each non-master lane, wherein the difference associated with a given non-master lane is calculated as a difference between the lane difference associated with the given non-master lane and a reference lane difference associated with the given non-master lane; upon determining that at least one of the differences has reached a drift threshold, determining that the master lane or one or more of the non-master lanes is invalid based on which of the differences have reached the drift threshold; and performing a control action when the master lane or one or more of the non-master lanes is invalid.
In one implementation, a device obtains an output of a network troubleshooting agent that uses a language model to perform a task in a computer network. The device computes a rating of the output based on how well the language model was able to perform the task. The device forms a ground truth label based on the rating of the output. The device updates the language model of the network troubleshooting agent using the ground truth label.
H04L 41/5074 - Handling of user complaints or trouble tickets
H04L 41/0859 - Retrieval of network configurationTracking network configuration history by keeping history of different configuration generations or by rolling back to previous configuration versions
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
36.
PROVIDING TRANSPARENCY IN LANGUAGE MODEL-BASED NETWORK TROUBLESHOOTING SYSTEMS
In one implementation, a device receives an output of a language model-based troubleshooting agent to perform a task with respect to a computer network. The device determines a level of quality of the output. The device generates an instruction for the language model-based troubleshooting agent, when the level of quality of the output is below a threshold. The device requests that the language model-based troubleshooting agent perform the task using the instruction.
H04L 41/5074 - Handling of user complaints or trouble tickets
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
37.
MARKET-BASED APPROACH TO ALLOCATE ENERGY-AWARE RIGHTS-TO-OPERATE IN A GREEN ELASTIC NETWORK
In one implementation, a device assigns a budget to a bidding agent associated with a networking entity in a computer network. The device obtains a bid from the bidding agent selected by the bidding agent based on the budget. The device conducts an auction using the bid. The device excludes the networking entity from being eligible for performance of an energy-saving action, based on a result of the auction.
H04L 41/0833 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network energy consumption
38.
SEAMLESS TRANSITION PROCEDURES FOR ACCESS POINT POWER SAVE
Techniques and apparatus for facilitating seamless transition of communications within a wireless network during access point (AP) power save operations are described. An example technique includes transmitting a power save schedule for the first AP MLD to a client MLD. The power save schedule indicates time period(s) during which the first AP MLD will perform an AP power save operation. An AP power save notification for the first AP MLD is transmitted to the client MLD and indicates an amount of time after which the first AP MLD will perform the AP power save operation. A determination is made that the client MLD is connected to the first AP MLD within a predetermined amount of time of the AP power save operation. In response to the determination, link(s) for the client MLD are set up on the second AP MLD prior to the AP power save operation.
In one implementation, a device maintains a digital twin of a computer network. The device determines, based on the digital twin, an action to reduce energy consumption by the computer network. The device validates the action using the digital to ensure that performance of the action in the computer network will result in the computer network still satisfying one or more performance constraints. The device causes performance of the action in the computer network, when the action is deemed valid.
In one implementation, a device identifies an action to be performed in a computer network to reduce energy consumption by the computer network. The device determines whether performance of the action in the computer network will result in a performance degradation in the computer network. The device devises a rerouting strategy for the computer network, when performance of the action in the computer network will result in a performance degradation. The device implements the rerouting strategy in advance of performance of the action in the computer network, to mitigate against the performance degradation.
H04L 41/0833 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network energy consumption
H04L 45/00 - Routing or path finding of packets in data switching networks
41.
IDENTIFYING UNMANAGED CLOUD RESOURCES WITH ENDPOINT AND NETWORK LOGS
Techniques and mechanisms for identifying unmanaged cloud resources with endpoint and network logs and attributing the identified cloud resources to an entity of an enterprise that owns the cloud resources. The process collects data from sources, e.g., endpoint and network logs, with respect to traffic in a computer network and based at least in part on the data, extracts relationships related to the traffic. The process applies rules to the relationships to extract destinations in the computer network that provide cloud resources in a cloud environment, wherein the cloud resources are owned by an enterprise. One or more users or business entities of the enterprise are identified as accessing the cloud resources.
The present disclosure provides techniques to avoid conflicts in vendor¬ specific negotiation by using a protected AID change request. A client device sends an association request to a network device. The client device receives an association identifier (AID) from the network device in response to the association request. The client device determines that the AID conflicts with one or more existing AIDs already assigned to the client device. In response to the determination, the client device sends an AID change request to the network device for a new AID. The client device receives the new AID from the network device, and confirms that the new AID does not conflict with the one or more existing AIDs. In response to the confirmation, the client devices complete a negotiation of one or more vendor¬ specific features with the network device using the new AID.
Managing the implementation of Distributed Resource Unit (DRU) and Dual Clear to Send (CTS) may be provided. Managing the implementation of DRU and Dual CTS comprises disallowing one or more DRU techniques for a spectrum that has a regulatory power limitation and signaling that the one or more DRU techniques are disallowed. Managing the implementation of DRU and Dual CTS can also comprise enabling one or more allowed DRU techniques.
The present disclosure describes an access point that batches roaming requests and responses. The access point includes one or more memories and one or more processors communicatively coupled to the one or more memories. The one or more processors, individually or collectively, perform an operation that includes receiving, from a device, a message comprising (i) a first portion indicating a first target access point and (ii) a second portion indicating a second target access point, based on the first portion indicating the first target access point, communicating, to the first target access point, a first instruction to generate a first pairwise transient key (PTK) for communicating with the device, and based on the second portion indicating the second target access point, communicating, to the second target access point, a second instruction to generate a second PTK for communicating with the device.
Techniques for determining a tag for a security deficiency (e.g., a security vulnerability and/or exposure) using a generative machine learning model. In examples, a system may perform the following operations: (i) identifying a deficiency identifier associated with the security deficiency, (ii) retrieving one or more texts that correspond to the deficiency identifier, (iii) generating a prompt for a generative model to process the text(s) to detect a tag, (iv) providing the prompt to the generative machine learning model, (v) receiving the output of the machine learning model, (vi) determine whether the output satisfies one or more output constraints (e.g., one or more output constraints specified by format and/or content requirements specified in the prompt), and (vii) if the output satisfies the output constraint(s), determine the tag based on the validated output.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Devices and methods for augmented information exchange in wireless network are provided. A network device includes one or more processors and a memory communicatively coupled to the one or more processors. The memory includes a communication logic that is configured to generate a diagnostic request frame comprising one or more subelement fields corresponding to at least one of: a device model, an Operating System (OS) version, a vendor OS version, a service provider version, a power source, or a previous session issue. The communication logic is configured to transmit the diagnostic request frame to a wireless device. The communication logic is configured to receive, from the wireless device, in response to the diagnostic request frame, a diagnostic report frame comprising a set of attributes associated with the one or more subelement fields.
An enhanced vapor chamber heat sink is provided. In one aspect, a heat sink includes a vapor chamber that includes a bottom portion, a top portion spaced from the bottom portion, and a curved connector connecting the bottom portion and the top portion. The bottom portion, the curved connector, and the top portion define a chamber in which a working fluid is received. The heat sink also includes a plurality of fins extending between the bottom portion and the top portion. Further, the heat sink includes a thermal interface material (TIM) layer disposed on the top portion, the curved connector, or both. The heat sink also includes a conducting cover contacting the TIM layer.
Techniques for detecting an impedance-based fault on a wire carrying power in a power delivery system. The techniques involve applying power to a wire of a power delivery system and applying onto the wire a chirp pulse comprising a sequence of waveforms of a plurality of frequencies. A signal is obtained from the wire. An impedance of the signal is analyzed at two or more frequencies of the plurality of frequencies with respect to a reference impedance to determine whether there is an indication of an impedance-based fault associated on the wire, such as a human touching the wire. The power to the wire is disconnected in response to determining an indication of the impedance-based fault.
H02H 5/12 - Emergency protective circuit arrangements for automatic disconnection directly responsive to an undesired change from normal non-electric working conditions with or without subsequent reconnection responsive to undesired approach to, or touching of, live parts by living beings
H02H 3/40 - Emergency protective circuit arrangements for automatic disconnection directly responsive to an undesired change from normal electric working condition, with or without subsequent reconnection responsive to ratio of voltage and current
H02H 1/00 - Details of emergency protective circuit arrangements
H02H 7/26 - Sectionalised protection of cable or line systems, e.g. for disconnecting a section on which a short-circuit, earth fault, or arc discharge has occurred
H02H 11/00 - Emergency protective circuit arrangements for preventing the switching-on in case an undesired electric working condition might result
49.
LLM TECHNOLOGY WITH HUMAN INPUT REINFORCEMENT LEARNING FOR SUGGESTING THE FOLLOW UP RESPONSE ACTIONS TO DETECTIONS AND INCIDENTS
A system and method are provided for providing guidance to SOC professionals regarding follow-up response actions to detection incidents. A machine-learning (ML) model is trained to receive incident data for security incidents/detections. The ML model then classifies the incidents/detections and determines thereby follow-on actions. Using the trained ML model to automatically generate follow-on actions enables the Security Operation Center (SOC) to timely triage and remediate a high volume of security incidents/detections. Reinforcement training data is generated based on user feedback generated when the SOC reviews the generated follow-on actions and then responds to the incident. The reinforcement training data is used to update and improve the ML model, allowing the ML model to adapt to evolving security threats and conform to current best practices.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06N 3/006 - Artificial life, i.e. computing arrangements simulating life based on simulated virtual individual or collective life forms, e.g. social simulations or particle swarm optimisation [PSO]
A station (STA) (e.g., a non-AP MLD) in a SMD is described that roams through a target AP (e.g., an AP MLD) in the same SMD as the current AP serving the STA. That is, typically roaming in a SMD is done through the serving AP. However, there are situations when the STA may lose its connection to the serving AP suddenly such as if the STA moves behind a wall or wakes up from a sleep mode in a different location. In those cases, the STA may not be able to transmit the roaming request to its serving AP. The embodiments herein provide techniques for the STA to initiate a roam to a target AP without having to associate with the target AP (assuming the target AP is in the same SMD as the serving AP).
Multi-Access Point (AP) coordinated Service Periods (SPs) may be provided. Flow-set data is determined comprising data for one or more Quality of Service (QoS) flows-sets of one or more clients. The flow-set data is sent to one or more neighboring co-channel APs. Neighbor flow-set data is received comprising data for one or more neighbor QoS flow-sets from at least one of the one or more neighboring co-channel APs. Service Level Agreements (SLAs) are established for the one or more QoS flow-sets and the one or more neighbor QoS flow-sets based on the flow-set data and the neighbor flow-set data. One or more SPs are scheduled for at least one of the one or more QoS flow-sets and the one or more neighbor QoS flow-sets based on the SLAs.
Neighbor Report (NR) enhancement for roaming may be provided. A neighbor Access Point (AP) of a reporting AP may be determined. Whether the neighbor AP belongs to a same Seamless Mobility Domain (SMD) as the reporting AP may be determined. The SMD may include a plurality of AP Multi-Link Devices (MLDs). Each of the plurality of AP MLD may include one or more APs. Same SMD information may be include in an NR element. The same SMD information may include whether the neighbor AP MLD belongs to the same SMD as the reporting AP MLD. The NR element may be provided to a station.
The present disclosure provides techniques to avoid conflicts in vendor-specific negotiation by using a protected AID change request. A client device sends an association request to a network device. The client device receives an association identifier (AID) from the network device in response to the association request. The client device determines that the AID conflicts with one or more existing AIDs already assigned to the client device. In response to the determination, the client device sends an AID change request to the network device for a new AID. The client device receives the new AID from the network device, and confirms that the new AID does not conflict with the one or more existing AIDs. In response to the confirmation, the client devices complete a negotiation of one or more vendor-specific features with the network device using the new AID.
Techniques and apparatus for reducing client detectability via signal strength observation are described. An example technique includes transmitting a first set of frames at a first transmit power level. Each of the first set of frames includes a first set of medium access control (MAC) layer parameters associated with a wireless device. A second transmit power level, different from the first transmit power level, for transmitting a second set of frames is determined. The second set of frames is transmitted at the second transmit power level after transmission of the first set of frames. Each of the second set of frames includes a second set of MAC layer parameters associated with the wireless device and different from the first set of MAC layer parameters.
Devices and methods for augmented information exchange in wireless network are provided. A network device includes one or more processors and a memory communicatively coupled to the one or more processors. The memory includes a communication logic that is configured to generate a diagnostic request frame comprising one or more subelement fields corresponding to at least one of: a device model, an Operating System (OS) version, a vendor OS version, a service provider version, a power source, or a previous session issue. The communication logic is configured to transmit the diagnostic request frame to a wireless device. The communication logic is configured to receive, from the wireless device, in response to the diagnostic request frame, a diagnostic report frame comprising a set of attributes associated with the one or more subelement fields.
SPANNING CONTENT TREE FOR INTELLECTUAL CAPITAL CREATION AND CONFIGURATION COMPLETION FUNCTION THROUGH GENERATIVE ARTIFICIAL INTELLIGENCE PROMPT PIPELINE
Methods for providing spanning content tree for generating on-demand, persona-based, and journey-aware support content using machine learning. The methods involve obtaining input data related to a configuration or an operation of one or more assets in an enterprise network and based on the input data, obtaining network information about the one or more assets of the enterprise network and base support content that includes information about configuring or operating the one or more assets in the enterprise network. The methods further involve performing generative artificial intelligence learning on the base support content using the network information to generate targeted support content specific to the input data and the one or more assets of the enterprise network. The methods further involve providing the targeted support content for changing the configuration or the operation of the one or more assets in the enterprise network.
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
H04L 41/5009 - Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF]
57.
BI-DIRECTIONAL POWER OVER ETHERNET FOR DIGITAL BUILDING APPLICATIONS
A system includes a plurality of network devices comprising a plurality of ports, a power bus connecting the network devices, wherein power is shared between the network devices over the power bus, and a controller for identifying available power and allocating power to the ports. The ports include a plurality of PSE (Power Sourcing Equipment) PoE (Power over Ethernet) ports each operable to transmit power to a device connected to one of the PSE PoE ports, a plurality of PD (Powered Device) PoE ports each operable to receive power from a device connected to one of the PD PoE ports, and a plurality of bi-directional PoE ports each configurable to operate as a PSE PoE port to transmit power to a device connected to one of the bi-directional PoE ports or as a PD PoE port to receive power from the connected device.
This disclosure describes techniques and mechanisms for disclosure describes techniques and mechanisms for optimizing firewall enforcement. The techniques may implement a dynamic detection of Layer 7 processing at one end of the network, alleviating the need to enforce another layer 7 firewall inspection at the other end, thereby saving processing and network resources. The techniques enable firewalls and policies to be statically defined and located in one place.
In one embodiment, a method herein may comprise: causing, for a quality-of-experience evaluation session, one or more network impairments to be injected according to a set of predefined scenarios on application traffic for a plurality of feedback sources that are using a particular application in a computer network; obtaining experience-based feedback from the plurality of feedback sources for the quality-of-experience evaluation session; correlating the experience-based feedback with the one or more network impairments to produce an evaluation result for the quality-of-experience evaluation session; and generating a quality-of-experience-based network policy recommendation for the particular application based on the evaluation result.
H04L 41/5009 - Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF]
In one embodiment, a method herein comprises: computing a plurality of predictions based on session telemetry data for an application, each of the plurality of predictions computed by inputting a particular input of the session telemetry data into a respective machine learning model of a plurality of machine learning models; computing, for each respective feedback of a plurality of collected feedbacks correlated with the session telemetry data, a residual error vector that quantifies a level of mis-prediction of each respective machine learning model as compared to each respective feedback; clustering each residual error vector into one or more clusters based on similarity to thereby identify one or more outlier residual error vectors that are not within any of the one or more clusters; and performing one or more mitigation actions responsive to the one or more outlier residual error vectors.
In one implementation, a device receives, via a user interface, a selection of a labeled training dataset and a selection of an unlabeled training dataset, wherein the unlabeled training dataset is captured from a target domain. The device forms a domain-adapted training dataset by pruning the labeled training dataset based on the unlabeled training dataset. The device trains a machine learning model using the domain-adapted training dataset. The device prunes the machine learning model to form a domain-adapted model for the target domain.
An apparatus that includes a layer of a printed circuit board and a first pair of signal vias and a second pair of signal vias each formed through the layer. The first pair of signal vias includes a first signal via and a second signal via that are offset along a first axis and aligned along a second axis, perpendicular to the first axis. The second pair of signal vias includes a third signal via and a fourth signal via that are offset along the first axis and aligned along the second axis. The pairs of signal vias are offset along the first axis and along the second axis such that a first distance between the third signal via and the first signal via is different from a second distance between the third signal via and the second signal via.
A station (STA) (e.g., a non-AP MLD) in a SMD is described that roams through a target AP (e.g., an AP MLD) in the same SMD as the current AP serving the STA. That is, typically roaming in a SMD is done through the serving AP. However, there are situations when the STA may lose its connection to the serving AP suddenly such as if the STA moves behind a wall or wakes up from a sleep mode in a different location. In those cases, the STA may not be able to transmit the roaming request to its serving AP. The embodiments herein provide techniques for the STA to initiate a roam to a target AP without having to associate with the target AP (assuming the target AP is in the same SMD as the serving AP).
Multi-Access Point (AP) coordinated Service Periods (SPs) may be provided. Flow-set data is determined comprising data for one or more Quality of Service (QoS) flows-sets of one or more clients. The flow-set data is sent to one or more neighboring co-channel APs. Neighbor flow-set data is received comprising data for one or more neighbor QoS flow-sets from at least one of the one or more neighboring co-channel APs. Service Level Agreements (SLAs) are established for the one or more QoS flow-sets and the one or more neighbor QoS flow-sets based on the flow-set data and the neighbor flow-set data. One or more SPs are scheduled for at least one of the one or more QoS flow-sets and the one or more neighbor QoS flow-sets based on the SLAs.
Neighbor Report (NR) enhancement for roaming may be provided. A neighbor Access Point (AP) of a reporting AP may be determined. Whether the neighbor AP belongs to a same Seamless Mobility Domain (SMD) as the reporting AP may be determined. The SMD may include a plurality of AP Multi-Link Devices (MLDs). Each of the plurality of AP MLD may include one or more APs. Same SMD information may be include in an NR element. The same SMD information may include whether the neighbor AP MLD belongs to the same SMD as the reporting AP MLD. The NR element may be provided to a station.
Provided herein are techniques to facilitate software-defined antenna management for a wireless access point of a wireless local area network. In one example, a method may include communicating, by a wireless access point of a wireless local area network to a management service, a request to operate a transmission beam to be produced by the wireless access point using a transmitter and a software-defined antenna of the wireless access point; and obtaining by the wireless access point from the management service, beam configuration information identifying parameters that the wireless access point is to utilize for operation of the transmission beam to be produced by the wireless access point using the transmitter and the software-defined antenna.
H04B 7/06 - Diversity systemsMulti-antenna systems, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the transmitting station
A method to facilitate roaming from a serving Access Point (AP) to a non-collocated AP is described. The method includes detecting, by an Access Point (AP) actor, that a communication metric characterizing communication between the AP actor and a non-AP actor is indicative of reduced communication quality, in response to detecting, sending a request, by the AP actor, to the non-AP actor for a beacon report for respective link metric values for a plurality of non-collocated AP actors, receiving, in response to the request and from the non-AP actor, the beacon report including the respective link metric values for the plurality of non-collocated AP actors, and based on the respective link metric values for the plurality of non-collocated AP actors, sending, by the AP actor, to the non-AP actor, a list of a subset of the plurality of non-collocated AP actors from which the non-AP actor may select to roam.
H04W 8/02 - Processing of mobility data, e.g. registration information at HLR [Home Location Register] or VLR [Visitor Location Register]Transfer of mobility data, e.g. between HLR, VLR or external networks
H04W 76/15 - Setup of multiple wireless link connections
68.
SOFTWARE DEVELOPMENT KIT FOR INTEGRATING APPLICATIONS AND COGNITIVE NETWORKS
In one embodiment, a device provides a software development kit that includes a set of functions for inclusion in an application developed using the software development kit to communicate with a cognitive network service in a network. The cognitive network service receives application telemetry data from the application sent via the set of functions from the software development kit. The cognitive network service uses the application telemetry data from the application and network telemetry from the network as input to a prediction model to predict a quality of experience metric for the application. The cognitive network service provides, based on the quality of experience metric predicted by the prediction model, a configuration change recommendation to the application via the set of functions.
H04L 41/147 - Network analysis or design for predicting network behaviour
H04L 41/0816 - Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
Techniques for detecting an impedance-based fault on a wire carrying power in a power delivery system. The techniques involve applying power to a wire of a power delivery system and applying onto the wire a chirp pulse comprising a sequence of waveforms of a plurality of frequencies. A signal is obtained from the wire. An impedance of the signal is analyzed at two or more frequencies of the plurality of frequencies with respect to a reference impedance to determine whether there is an indication of an impedance-based fault associated on the wire, such as a human touching the wire. The power to the wire is disconnected in response to determining an indication of the impedance-based fault.
A system and method are provided for providing guidance to SOC professionals regarding follow-up response actions to detection incidents. A machine-learning (ML) model is trained to receive incident data for security incidents/detections. The ML model then classifies the incidents/detections and determines thereby follow-on actions. Using the trained ML model to automatically generate follow-on actions enables the Security Operation Center (SOC) to timely triage and remediate a high volume of security incidents/detections. Reinforcement training data is generated based on user feedback generated when the SOC reviews the generated follow-on actions and then responds to the incident. The reinforcement training data is used to update and improve the ML model, allowing the ML model to adapt to evolving security threats and conform to current best practices.
In part, the disclosure relates to a reflective loopback structure comprising a reflector, a first waveguide defining an optical input, a second waveguide defining an optical output; and a merged waveguide structure defining a front surface and a back surface and a first axis. In some embodiments, the reflector disposed at a back surface, the first axis normal to the front surface and the back surface, and the first waveguide and the second waveguide angled relative to each other by an angle θ defined therebetween. In many embodiments, the waveguides extend from the front surface in different directions and each angled relative to the first axis by an angle φ, wherein φ is about θ/2, the optical input in optical communication with the optical output, the reflector in optical communication with the first optical input and the first optical output.
G02B 6/12 - Light guidesStructural details of arrangements comprising light guides and other optical elements, e.g. couplings of the optical waveguide type of the integrated circuit kind
Dynamic channel assignment for 6 GHz radios may be provided. Whether an access point in a network is classified as low power indoor only (LPI only), standard power optional (SP optional), or standard power mandatory (SP mandatory) is determined. The total number of access points in the network and the number of access points classified as SP optional or SP mandatory is determined. If the number of SP optional and SP mandatory access points is more than a determined proportion of the total number of access points, for SP optional and SP mandatory access points, channels having a frequency below a determined power spectral frequency are cut off.
Described herein are systems and methods for enhancing an interface for an information technology (IT) environment. In one implementation, an incident service causes display of a first version of a course of action and obtains input indicative of a request for a new action in the course of action. The incident service further determines suggested actions based at least one the input and causes display of the suggested actions. Once displayed, the incident service obtains input indicative of a selection of at least one action from the suggested actions, and causes display input indicative of a selection of at least one action from the suggested actions.
This disclosure describes techniques and mechanisms for improving blocking and alerting with domain fronting intelligence. The techniques may identify Internet infrastructure that supports domain fronting through passive data collection and active scanning of the data. The results of the active scanning are then used to generate enhanced threat intelligence feeds that associate indicators of compromise with their support of domain fronting. The new feeds are then used to perform more aggressive blocking, raise weak alerts that can be correlated to other alerts, and to create a more secure DNS system by de-prioritizing infrastructure that supports domain fronting for DNS responses.
Provided for herein is an apparatus that includes a layer of a printed circuit board, a first pair of signal vias extending through the layer, a second pair of signal vias extending through the layer, a first plurality of ground vias extending through the layer, and a second plurality of ground vias extending through the layer. Each of the pairs of signal vias are configured to propagate respective signals. The first plurality of ground vias at least partially circumferentially surround a first signal via of the first pair of signal vias, and the second plurality of ground vias at least partially circumferentially surround a second signal via of the second pair of signal vias to reduce interference of electrical fields emitted by the pairs of signal vias. The first plurality of ground vias and the second plurality of ground vias share a common ground via.
In one embodiment, a method uses a web browser to receive an authentication request for an application from an authentication prompt of a client device. The method identifies an authentication protocol associated with web browser of the client device and use the authentication prompt to fetch a first challenge from an authentication service associated with the client device. The method uses the authentication prompt to communicate a subscribe to the authentication service and use a localhost to communicate to the application to provide the first challenge. In response to receiving the first challenge, the method uses one or more native Application Programming Interfaces (APIs) to determine an assertion associated with the authentication request and the authentication protocol. The method validates the assertion associated with the authentication request. In response to determining the assertion is valid, the method approves the authentication request.
The disclosed technology addresses the need in the art for an improved user experience for meetings with at least one holographic meeting participant in a meeting with at least three meeting participants. More specifically, in meetings with at least three meeting participants, there is often an inconsistency in the way a holographic meeting participant is viewed or experienced by other meeting participants. This inconsistency can be caused by inconsistent placement of the holographic meeting participant(s) within the physical meeting room and/or by inconsistent or unnatural behavior of the holographic meeting participant(s). The present technology addresses these aspects resulting in a poor user experience by locating holograms in consistent locations as viewed by multiple physically present meeting participants. Additionally, the present technology applies a consistent behavior for holograms in the physical meeting room such that the multiple physically present meeting participants perceive the hologram to be looking in the same direction.
In one embodiment, a method uses a web browser to receive an authentication request for an application from an authentication prompt of a client device. The method identifies an authentication protocol associated with web browser of the client device and use the authentication prompt to fetch a first challenge from an authentication service associated with the client device. The method uses the authentication prompt to communicate a subscribe to the authentication service and use a localhost to communicate to the application to provide the first challenge. In response to receiving the first challenge, the method uses one or more native Application Programming Interfaces (APIs) to determine an assertion associated with the authentication request and the authentication protocol. The method validates the assertion associated with the authentication request. In response to determining the assertion is valid, the method approves the authentication request.
The present disclosure describes a hierarchical seamless roaming technique. A wireless network includes a first access point device and a second access point device. The first access point device and the second access point device are assigned to a first seamless mobility domain (SMD) and a fast basic service set transition mobility domain (FT MD). The first access point device receives, from a client device, an association request that identifies the FT MD and the first SMD and establishes a first pairwise master key R1 (PMK-R1 ). The first access point device also generates a first pairwise transient key for the client device, and the second access point device establishes, based on the association request identifying the first SMD and the FT MD and based on the second access point device being assigned to the first SMD and the FT MD, a second PMK-R1.
Devices, networks, systems, methods, and processes for standardizing power usage measurement in various devices, components, etc. Measurement methods for power verification in AC or DC input power are often over simplified or done with a method that achieves inaccurate or highly suspect results. Different testing methods for the same device to be verified are often used, resulting in lack of consistency and any sense of accuracy and/or relevance. Part of this problem is the lack of unified electrical measuring and changes in operation based on network usage and ambient temperature. Thus, various embodiments described herein are directed to generating standardized power usage data and charts that can indicate a more accurate power usage level of an apparatus. This can allow for more effective network managing decisions and increase overall network sustainability.
H04L 41/0833 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network energy consumption
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
Described herein are systems and methods for optimizing energy efficiency in a network utilizing a control plane or other network administration device or software suite. The control plane continuously monitors end-to-end network paths and collects real-time data about network topology, traffic patterns, and connected devices. By analyzing the collected network data, the control plane identifies power needs for network nodes and generates energy saving recommendations or instructions tailored to each node's specific capabilities. Network nodes can subscribe to the energy efficiency service provided by the control plane, receive network usage data, and execute energy saving operations based on the recommendations. The control plane dynamically updates the energy saving recommendations in response to changes in network conditions, enabling network nodes to optimize their energy efficiency without compromising network performance and availability. These updates can be based on current network conditions but can be generated from historical data and/or machine learning processes.
In one embodiment, a device receives, via a user interface, a selection of agents in a network. The device detects, based on data from the selection of agents, anomalies in the network. The device determines a probability of an issue in the network based on a number of the selection of agents associated with the anomalies. The device provides, based on the probability, an alert indicative of the issue to the user interface.
H04L 41/0631 - Management of faults, events, alarms or notifications using root cause analysisManagement of faults, events, alarms or notifications using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
86.
ENHANCED BORDER GATEWAY PROTOCOL (BGP) AND/OR INTERIOR GATEWAY PROTOCOL (IGP) FOR ENVIRONMENTALLY SUSTAINABLE ROUTING OVER THE INTERNET
A system and method are provided for using a green score to improve environmental sustainability for routing traffic between and or/within autonomous systems (ASs). Node-level green scores are calculated based on environmental information of the nodes (e.g., locations, router type and electrical consumption, and location-dependent environmental impact of electrical production), and AS-level green scores are based on the node-level green score from the respective ASs. For intra-AS routing, node and adjacency labels are pushed to a headend path computation element client (PCC), and the label switched path (LSP) is determined based on the node-level green scores and the node and adjacency labels. For inter-AS routing, the AS having a better AS-level green score is preferred, when the routes through the respective ASs are equal-cost multi-path (ECMP) routes. Exit nodes between ASs are selected based on the node-level green scores.
In one embodiment, a method receives a secret and a passwordless login request using a credential provider of the client device. The method pairs the credential provider of the client device with a trusted platform module (TPM) associated with a computing device. The method encrypts, using the TPM of the computing device, the secret with a hardware-bound key associated with the computing device. The method receives, from the client device, a push notification associated with the passwordless login request. The method obtains, from the client device, biometric authentication data and a nonce encrypted with a public key. The method validates a proximity of the biometric authentication data and determine a decrypted nonce by decrypting the nonce using a private key associated with the client device. The method validates the decrypted nonce with the secret. In response to determining the decrypted nonce is valid, the method approves the passwordless login request.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
88.
SUPPLEMENTATION OF ACTIVE PROBING WITH INFRASTRUCTURE TELEMETRY DATA
In one implementation, a device identifies an endpoint in a local network configured to execute an endpoint agent that conducts active testing of network paths between the endpoint and one or more target destinations. The device sends a request to an infrastructure agent configured to obtain network telemetry data regarding the endpoint from the local network. The device receives, in response to the request, the network telemetry data. The device provides, to a user interface, an indication of results of the active testing by the endpoint agent based in part on the network telemetry data.
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/0811 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
H04L 43/10 - Active monitoring, e.g. heartbeat, ping or trace-route
89.
USING NEGATIVE FEEDBACK LEARNING ON A LANGUAGE MODEL-BASED NETWORK TROUBLESHOOTING AGENT
In one implementation, a device obtains an indication of a failure by a language model-based agent for a computer network to perform a first task requested by a first prompt. The device determines a feedback metric that quantifies how critical the failure is. The device identifies a subsequent prompt for the language model-based agent to perform a new task of a similar type as the first task. The device adjusts, based on the feedback metric, the subsequent prompt to avoid the language model-based agent failing the new task.
H04L 41/0686 - Additional information in the notification, e.g. enhancement of specific meta-data
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
In one embodiment, a method herein may comprise: establishing a prediction of a quality-of-experience measure from session telemetry regarding execution of an application by one or more users, the prediction established based on inputting the session telemetry into a machine learning model trained to extract attributes that drive user-based quality-of-experience feedback; determining one or more attributes of the session telemetry that significantly contributed to the prediction from the machine learning model; mapping the one or more attributes of the session telemetry that significantly contributed to the prediction to a specific failure pattern from a set of known failure patterns; and mitigating the prediction of the quality-of-experience measure based on the specific failure pattern.
In one implementation, a device maintains a graph in which nodes of the graph represent entities in a computer network and edges of the graph represent relations between those entities. The device performs a search of the graph based on a query for input to a language model-based troubleshooting agent for the computer network. The device generates, based on the search, a schema in a particular programming language to answer the query. The device provides the schema to the language model-based troubleshooting agent to generate an answer to the query.
A method to facilitate analysis of wireless communication frames in multi-link operation. The method includes receiving, at a wireless sniffing device, a first frame over a first link, the first link being associated with a first Media Access Control (MAC) address of the a multi-link device (MLD), receiving, at the wireless sniffing device, a second frame over a second link, the second link being associated with a second MAC address of the MLD, generating a mapping between (a) the first MAC address and the second MAC address and (b) a MLD MAC address for the MLD, and supplying the MLD MAC address to a traffic analysis tool along with a copy of at least aspects of the first frame and a copy of at least aspects of the second frame.
A Baseband Management Controller (BMC) operably coupled to a storage controller of a storage unit to determine based on a detected output, a first type of slot coupled to the BMC for emulating when attaching the storage unit of a first type, or a second type of slot for emulating when attaching the storage unit of a second type. Reading a use configuration option associated with configuring logic of the BMC for attaching either the storage unit of the first type or for attaching the storage unit of the second type. Determining whether to directly attach the storage unit of the first type based on a logic of the BMC to a processor or to indirectly attach the storage unit of a second type based on the logic of the BMC to the processor for advertising of at least one slot to be emulated as a U.2 slot.
Provided for herein is an apparatus that includes a layer of a printed circuit board (250), a first pair of signal vias (252) extending through the layer, a second pair of signal vias (254) extending through the layer, a first plurality of ground vias (264) extending through the layer, and a second plurality of ground vias (268) extending through the layer. Each of the pairs of signal vias (252, 254, 256) are configured to propagate respective signals. The first plurality of ground vias (264) at least partially circumferentially surround a first signal via (266) of the first pair of signal vias (252), and the second plurality of ground vias (268) at least partially circumferentially surround a second signal via (270) of the second pair of signal vias (254) to reduce interference of electrical fields emitted by the pairs of signal vias (252, 254, 256). The first plurality of ground vias (264) and the second plurality of ground vias (268) share a common ground via (272).
Techniques and architecture are described for reauthentication of two IPsec peers,, during a key refresh process. The peers may reauthenticate each other based upon a shared secret, which in configurations, is a PPK. In configurations the PPKs are stirred (mixed with DH/ECDH) during key derivation while refreshing the session keys during IKE_v2 and IPsec rekey. This may involve communicating the PPK-ID from a rekey initiator to a rekey responder by adding a PPK_ID payload in the rekey message exchange. This enables stronger quantum safe session keys, when dynamic PPK is used or when the manual PPK is rotated frequently. In configurations, the knowledge of the shared PPK is proved by having both peers exchange authentication payloads signed with a PPK. This involves exchanging a IKEv2 NOTIFY payload "AUTH_PPK" to carry PPK-signed authentication data. This serves the purpose of frequent re-authentication of the peers as part of the key refreshes.
96.
Multi-agent coordination for network anomaly detection, troubleshooting, and remediation using language models
In one implementation, a troubleshooting agent executed by a device receives an indication of an anomaly detected in a network by an anomaly detection agent. The troubleshooting agent uses a language model to determine a root cause of the anomaly. The troubleshooting agent determines whether automated remediation for the root cause is allowed by a policy. The troubleshooting agent provides a remediation request to a remediation agent in the network to remediate the root cause of the anomaly, when the policy allows automated remediation for the root cause.
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
H04L 41/0631 - Management of faults, events, alarms or notifications using root cause analysisManagement of faults, events, alarms or notifications using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
The present disclosure describes a hierarchical seamless roaming technique. A wireless network includes a first access point device and a second access point device. The first access point device and the second access point device are assigned to a first seamless mobility domain (SMD) and a fast basic service set transition mobility domain (FT MD). The first access point device receives, from a client device, an association request that identifies the FT MD and the first SMD and establishes a first pairwise master key R1 (PMK-R1). The first access point device also generates a first pairwise transient key for the client device, and the second access point device establishes, based on the association request identifying the first SMD and the FT MD and based on the second access point device being assigned to the first SMD and the FT MD, a second PMK-R1.
The present disclosure describes a supervisor card that uses guide pins on the backplane connectors in a chassis to determine whether covers are inserted in slots in the chassis. A system includes a backplane connector, a guide pin, a cover, and a processor. The backplane connector is positioned in a slot on a chassis. The guide pin is coupled to the backplane connector. The cover includes a metal clip that engages the guide pin when the cover is inserted into the slot. The processor is electrically coupled to the guide pin and applies a voltage to the guide pin. The processor also determines that the cover is inserted into the slot based on a change in voltage or current in the guide pin.
H01R 13/66 - Structural association with built-in electrical component
H01R 12/73 - Coupling devices for rigid printing circuits or like structures coupling with the edge of the rigid printed circuits or like structures connecting to other rigid printed circuits or like structures
Devices, systems, methods, and processes for conducting sustainability-aware virtual meetings are described herein. When establishing virtual meetings, each of the participants can become inactive during the meeting. This can lead to excess power and storage data being expended that is not needed. For example, when a virtual meeting is configured to end upon all participants leaving, and one participant walks away and becomes inactive, the virtual meeting can continue to be recorded and waste power. Therefore, embodiments described herein can disconnect inactive users. This can be done by monitoring audio and/or video data streams to detect either no audio being recorded or no to little changes occurring in the video data stream. When detected, a prompt may be generated with one or more cancel options. If the prompt is not cancelled within a predetermined amount of time, then the participant is logged out of the virtual meeting.
Devices, systems, methods, and processes for conducting sustainability-aware virtual meetings are described herein. When establishing virtual meetings, each of the participants can have various devices, locations, histories, and other data associated with them. This can create various sustainable attributes at each stage of the virtual meeting. However, the endpoints of the virtual meetings, such as the client and/or server-based devices, are typically most responsible for producing negative environmental outcomes. Therefore, embodiments described herein can focus on the endpoints of virtual meetings and evaluate various endpoint attributes that are related to the sustainability attributes with each endpoint. If the endpoints are found to exceed a sustainability threshold, such as a budget or other amount, a video bit rate associated with the endpoint is reduced. This reduction can be from a high-definition signal to a standard-definition signal. The reduction may also be overridden based on either a prompt or heuristic event.
