Techniques for cryptographically binding password authentication key exchange (PAKE) information with a manufacturing installed certificate (MIC) during device bootstrapping. An authentication server of a network receives an indication that a client device is attempting to join a network, the indication includes first PAKE information. The authentication server receives a MIC from a client device, wherein the MIC includes a hash of second PAKE information, the second PAKE information associated with the client device and embedded in a n extension of the MIC. The authentication server determines whether the first PAKE information corresponds to the second PAKE information, and if it does the authentication server allows the client device to join the network.
Certain embodiments of the present disclosure are directed towards an optical assembly such as a multiplexers/demultiplexers (MDM). One example optical assembly generally includes: a fiber array configured to provide an optical signal with a plurality of wavelengths; optical wavelength filters configured to separate the plurality of wavelengths into respective optical signals; a lens array configured to receive the respective optical signals from the optical wavelength filters and focus the respective optical signals before reaching an optical interface for a photonic chip; and a birefringent crystal disposed between the lens array and the optical interface.
G02B 6/42 - Coupling light guides with opto-electronic elements
G02B 6/27 - Optical coupling means with polarisation selective and adjusting means
G02B 6/293 - Optical coupling means having data bus means, i.e. plural waveguides interconnected and providing an inherently bidirectional system by mixing and splitting signals with wavelength selective means
3.
AUTOMATIC SERVICE CHAINING OF BI-DIRECTIONAL TRANSIT TRAFFIC
A system facilitates communication between branches of an SD-WAN and a service chain element. A hub node receives a data packet of a flow from a source branch over a VPN segment to be transmitted to a destination branch, extracts flow information from the data packet including VPN segment information to be stored in a flow table before transmitting the data packet to the service chain element over a service chain VPN. Upon return of the data packet from the service chain element, the hub node uses packet tuple information to retrieve the flow information with VPN segment information from the flow table. The hub node can then forward the data packet to the destination branch over the VPN segment. The hub node can generate and store an Auto Service Chaining Key that connects bidirectional flows so that the hub node can apply service-chaining to bidirectional traffic.
This disclosure describes techniques for secure, password-less authentication of a user identity. The techniques include receiving a request related to authentication of a user identity in an embedded browser of the user device. The techniques include sending, to an authentication service, an indication that the authentication of the user identity at the embedded browser is incomplete. In response to the incomplete authentication, the techniques include receiving, from the authentication service, an instruction to continue the authentication with a system browser on the user device. Validation of the user identity may be performed with the system browser of the user device. Device information obtained from the validation of the user identity in the system browser may be sent to the authentication service. In response to the device information from the validation, the authentication of the user identity in the embedded browser may be completed.
In some embodiments, a method of adaptively synchronizing state data, includes updating an in-memory data with at least one current state change, receiving a data subscription request, registering, the data subscription request upon a determination that the data subscription request is valid, identifying one or more data objects associated with the subscription request, retrieving the current version of the one or more data objects, and transmitting the one or more data objects.
Provided herein are techniques to facilitate Border Gateway Protocol (BGP) color-aware routing (CAR) Point-to-Multipoint (P2MP) optimizations. In at least one embodiment, a method may include obtaining a plurality of BGP join requests, each BGP join request being obtained from a corresponding receiver node requesting to join a multicast group and receive traffic provided by the source node, wherein each BGP join request identifies a corresponding intent representing a corresponding level of service for routing the traffic to each corresponding receiver node. The method may further include identifying a highest-ranking intent from among the BGP join requests and transmitting another BGP join request to the source node that includes the highest-ranking intent. The method may further include, upon obtaining traffic from the source node, routing the traffic to each corresponding receiver node according to the corresponding intent associated with each receiver node.
In some embodiments, a device, includes a processor, and a memory communicatively coupled to the processor, wherein the memory includes a material target state programming logic. The logic is configured to receive a material target state, initiate a programming sequence associated with the material target state, execute individual configuration operations, receive a programming outcome report, compile a programming status report, and transmit the programming status report.
A method for resolving an out-of-sync state occurring in a network. The method includes receiving, by a controller, a Minimal Configuration Change Diff (MCCD) associated with the out-of-sync state occurring in the network and determining, by the controller, by traversing the MCCD and at least one configuration node of the MCCD, the closest service instance associated with service meta-data received by the controller, and executing, by the controller, an Out-Of-Bound (OOB) policy associated with a determined closest service instance. Then, redeploying, by the controller, at least one service instance comprising an OOB configuration change based on an executed OOB policy that is associated with the determined closest service instance.
In one embodiment, a method includes supporting a collaboration session and communicating with a first endpoint and a second endpoint. The method also includes obtaining a first break notification that indicates a start of a break, and notifying the first endpoint and the second endpoint of the start of the break. Notifying the first endpoint and the second endpoint of the start of the break includes instructing the first endpoint to enter into a first energy saving mode and instructing the second endpoint to enter into a second energy saving mode. The first endpoint and the second endpoint are notified of an end of the break. Notifying the first endpoint and the second endpoint of the end of the break includes instructing the first endpoint to exit the first energy saving mode and instructing the second endpoint to exit the second energy saving mode.
Provided herein are techniques to facilitate context-aware security for connected vehicles. In at least one embodiment, a method is provided that may include obtaining, by a vehicle server, a location indication including a parked location of a vehicle; identifying, by the vehicle server, at least one external security camera at the parked location of the vehicle that is available to monitor the vehicle; providing, by the vehicle server, a camera indication to the vehicle that identifies an availability of the at least one external security camera that is capable of monitoring the vehicle at the parked location; and obtaining, by the vehicle server, a security mode indication from the vehicle indicating an onboard security monitoring mode for the vehicle based, at least in part, on the camera indication.
An electro-optical device is disclosed. In one aspect, an electro-optical device includes an electrical integrated circuit (EIC) and a photonic integrated circuit (PIC) chiplet bonded face-to-face with the EIC. The PIC chiplet is smaller in size than the EIC. The electro-optical device also includes a fiber array unit (FAU) having an optical fiber optically coupled with the PIC chiplet. Methods of fabricating electro-optical devices are also provided.
Methods involve obtaining a natural language input query related to a technical issue in a network and a natural language description of a set of configuration actions for resolving the technical issue and generating, using a first artificial intelligence (Al) model, a multi-step configuration schema based on the natural language input query and the natural language description of the set of configuration actions. The multi-step configuration schema includes a plurality of configuration actions, each of which is described in a natural language and in a structured form including a function and input parameters for the function. The methods further involve providing the multi-step configuration schema to a second Al model that connects to one or more network devices in the network and executes, on the one or more network devices, the plurality of configuration actions in the multi-step configuration schema to resolve the technical issue in the network.
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
H04L 41/0659 - Management of faults, events, alarms or notifications using network fault recovery by isolating or reconfiguring faulty entities
H04L 41/0806 - Configuration setting for initial configuration or provisioning, e.g. plug-and-play
H04L 41/0816 - Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
13.
ASSOCIATION IDENTIFIER (AID) ASSIGNMENT FEEDBACK FOR STATIONS
The present disclosure provides techniques for APs to evaluate status updates received from STAs for adaptive AID management. An AP establishes a wireless communications link with a station, generates a list of N AIDs, each of the N AIDs to be used in a corresponding epoch of N epochs associated with an EDP group, transmits to the station in a protected wireless frame, information indicating the list of N AIDs for the station, receives from the station a response frame to the protected wireless frame, where the response frame includes a status code indicating whether the station successfully stored at least a portion of the list of N AIDs, and maintains the wireless communications link with the station based at least in part on the timing information for randomized MAC address rotation for the EDP group, and including using each AID in the list of N AIDs during corresponding epochs.
Techniques and architecture are described that leverage a trusted cryptographic channel by a network controller to authenticate an unfamiliar host key found on a network device when the network controller is attempting to establish a secure connection over a secure channel. The network controller may authenticate an unfamiliar host key found on a network device by using the trusted cryptographic channel to retrieve the network device's host keys directly from the network device when the network controller encounters the unfamiliar host key. Additionally, the network controller may correlate all the audit events available to the network controller with the appearance of the unfamiliar host key and accepting the unfamiliar host key only if the unfamiliar host key is confirmed to be present on the network device and if the audit events indicate that the unfamiliar host key was recently properly installed or generated on the network device.
Methods involve obtaining a natural language input query related to a technical issue in a network and a natural language description of a set of configuration actions for resolving the technical issue and generating, using a first artificial intelligence (AI) model, a multi-step configuration schema based on the natural language input query and the natural language description of the set of configuration actions. The multi-step configuration schema includes a plurality of configuration actions, each of which is described in a natural language and in a structured form including a function and input parameters for the function. The methods further involve providing the multi-step configuration schema to a second AI model that connects to one or more network devices in the network and executes, on the one or more network devices, the plurality of configuration actions in the multi-step configuration schema to resolve the technical issue in the network.
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
An approach to isolate and characterize non-linear distortion attributable, at least in part, to an LPO (Linear Pluggable Optics) module is provided. A method includes receiving, at a linear pluggable optics (LPO) module, a signal from a host, converting, by the LPO module, the signal to an optical signal, isolating nonlinear distortion of the optical signal attributable, at least in part, to the LPO module, determining a portion of the nonlinear distortion that is memoryless, processing the signal to reduce an impact of the portion of the nonlinear distortion that is memoryless and generating a processed signal as a result of the processing, and determining a signal-to-distortion ratio (SDR) level of the processed signal based on a remaining portion of the nonlinear distortion.
A system includes one or more processors configured to receive an encrypted message from a digital network interface, extract one or more identifiers from the encrypted message, determine whether the one or more identifiers at least partially match at least one session identifier associated with a saved session in a secure database, transmit an authentication approval to the digital network interface in response to determining that the one or more identifiers at least partially match the at least one session identifier associated with the saved session in the secure database, and enable access to the network resources via the digital network interface in response to transmitting the authentication approval to the digital network interface.
In one embodiment, a method for policy optimization for cellular network deployment includes determining, by a process, sets of policy mappings for individual subscribers among a plurality of network subscribers in a first network deployment and analyzing, by the process, the sets of policy mappings to determine a plurality of groupings for the individual subscribers. The method further includes assigning, by the process and according to the set of policy mappings and the plurality of groupings, the individual subscribers to at least one network deployment recommendation group among a plurality of network deployment recommendation groups and deploying, by the process, the individual subscribers according to the plurality of network deployment recommendation groups into a second network deployment.
An electro-optical device is disclosed. In one aspect, an electro-optical device includes an electrical integrated circuit (EIC) and a photonic integrated circuit (PIC) chiplet bonded face-to-face with the EIC. The PIC chiplet is smaller in size than the EIC. The electro-optical device also includes a fiber array unit (FAU) having an optical fiber optically coupled with the PIC chiplet. Methods of fabricating electro-optical devices are also provided.
H01L 25/16 - Assemblies consisting of a plurality of individual semiconductor or other solid-state devices the devices being of types provided for in two or more different subclasses of , , , , or , e.g. forming hybrid circuits
G02B 6/12 - Light guidesStructural details of arrangements comprising light guides and other optical elements, e.g. couplings of the optical waveguide type of the integrated circuit kind
H01L 23/00 - Details of semiconductor or other solid state devices
H01L 23/48 - Arrangements for conducting electric current to or from the solid state body in operation, e.g. leads or terminal arrangements
H10B 80/00 - Assemblies of multiple devices comprising at least one memory device covered by this subclass
Traffic Identifier (TID)-to-Link mapping negotiation may be provided. An Access Point (AP) Multi-Link Device (MLD) may maintain an association with a non-AP MLD. The association may include one or more setup links between the AP MLD and the non-AP MLD. The AP MLD may receive a link reconfiguration request frame from the non-AP MLD to add a first link to the one or more setup links of the association. The link reconfiguration request frame may include a requested Traffic-Identifier (TID)-To-Link Mapping (TTLM) for both existing one or more setup links and the first link that is being requested to be added. The AP MLD may generate a link reconfiguration response frame. Ahe AP MLD may send the link reconfiguration response frame to the non-AP MLD.
In various embodiments described herein, a method of dynamic software distribution and synchronization, includes identifying a software state change of a network device, generating a secure manifest configured for the network device, selecting a distribution strategy, propagating the secure manifest and one or more software objects, and receiving a synchronization report.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
22.
AUTONOMOUS COMPUTER NETWORK ROUTE CONFIGURATION BASED ON SCALABLE LINK SPEED METRICS
A network device includes a processor and a non-transitory computer-readable storage medium storing logic executable by the processor to perform operations. The operations include receiving, from a second network device, an advertisement for a subnet and a first value of an inbound path preference attribute of a routing protocol; determining a link speed of a link between the network device and a third network device; determining a second value of the inbound path preference attribute based on the received first value and the determined link speed; advertising the subnet to the third network device in association with the second value of the inbound path preference attribute; and routing a data packet from the third network device to the second network device in accordance with a routing table comprising a routing entry based on the first value of the inbound path preference attribute
In some embodiments described herein, methods for dynamically joining a cloud-managed network fabric can include various steps querying at least one adjacent switch, authenticating with a fabric switch, exchanging network proximity data, obtaining an agent session token from a cloud controller, and establishing a secure connection with the cloud controller.
This disclosure describes techniques for determining an attack technique by monitoring data from devices in a computer network. The method includes receiving monitoring log sets from monitoring systems, determining patterns and weighted probabilities of an attack technique based on the log sets and reliability weights associated with each monitoring system, determining a probability of the attack technique occurring in relation to a device attribute, and determining that the network is affected by the attack technique based on the determined probabilities. The method further includes performing a responsive action based on the determined data.
Traffic Identifier (TID)-to-Link mapping negotiation may be provided. An Access Point (AP) Multi-Link Device (MLD) may maintain an association with a non-AP MLD. The association may include one or more setup links between the AP MLD and the non-AP MLD. The AP MLD may receive a link reconfiguration request frame from the non-AP MLD to add a first link to the one or more setup links of the association. The link reconfiguration request frame may include a requested Traffic-Identifier (TID)-To-Link Mapping (TTLM) for both existing one or more setup links and the first link that is being requested to be added. The AP MLD may generate a link reconfiguration response frame. Ahe AP MLD may send the link reconfiguration response frame to the non-AP MLD.
This disclosure describes techniques for secure, password-less authentication of a user identity. The techniques include receiving a request related to authentication of a user identity in an embedded browser of the user device. The techniques include sending, to an authentication service, an indication that the authentication of the user identity at the embedded browser is incomplete. In response to the incomplete authentication, the techniques include receiving, from the authentication service, an instruction to continue the authentication with a system browser on the user device. Validation of the user identity may be performed with the system browser of the user device. Device information obtained from the validation of the user identity in the system browser may be sent to the authentication service. In response to the device information from the validation, the authentication of the user identity in the embedded browser may be completed.
Workload pool management with search time range includes calculating a search time range for a query, relating metadata including the search time range for the query, and comparing predicates in workload rules to the metadata for the query to identify a matching workload rule. Comparing the predicates includes the search time range to search time criteria in the predicates. The query is processed by the workload pools according to the matching workload rule.
A method performed by an access point multi-link device (AP MLD) to coordinate trigger- based uplink transmissions across multiple wireless links from a station MLD (STA MLD). The method involves determining an allocation of groups of frequency subcarriers to be used on each wireless link of the multiple wireless links for simultaneous uplink transmission from the STA MLD to the AP MLD; including, in a single trigger frame or in each of multiple trigger frames, information indicating the allocation of groups of frequency subcarriers to be used on each wireless link of the multiple wireless links; and transmitting the single trigger frame on one wireless link of the multiple wireless links, or the multiple trigger frames simultaneously across the multiple wireless links to the STA MLD.
Techniques for providing a language model with dynamic configuration data for network devices in a network that is then used by the language model to generate network-contextual responses to prompts received at the language model. A network controller may collect configuration data from the network devices where the configuration data includes device configurations of the network devices. The network controller may further receive a prompt from a network operator to which the language model is to respond and identify a relevant device configuration that is contextually relevant to the prompt. Further, the network controller may provide the prompt and the relevant device configuration to the language model, generate, by the language model and using the relevant device configuration, a response to the prompt, and provide the network operator with an indication of the response to the prompt.
H04L 41/0806 - Configuration setting for initial configuration or provisioning, e.g. plug-and-play
H04L 41/0853 - Retrieval of network configurationTracking network configuration history by actively collecting configuration information or by backing up configuration information
H04L 41/40 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using virtualisation of network functions or resources, e.g. SDN or NFV entities
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
H04L 41/084 - Configuration by using pre-existing information, e.g. using templates or copying from other elements
H04L 41/08 - Configuration management of networks or network elements
H04L 41/0895 - Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements
H04L 41/122 - Discovery or management of network topologies of virtualised topologies e.g. software-defined networks [SDN] or network function virtualisation [NFV]
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
H04L 41/5041 - Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service
A wireless device comprises one or more memories and one or more processors communicatively coupled to the one or more memories, where the one or more processors are configured to, individually or collectively, perform operations comprising identifying a flow associated with a stream classification service (SCS) identifier and transmitting an SCS request to an access point (AP). The SCS request comprises information for a plurality of quality of service (QoS) profiles associated with the SCS identifier, and each of the plurality of QoS profiles define a different set of QoS characteristics.
In a mobility domain (e.g., a seamless mobility domain), a roaming counter value is provided to a target access point (AR) which the target AR can use to generate a nonce for encrypting data transmitted to a roaming non-AP multi-link device (MLD). That is, the non-AP MLD may be roaming from a current (or serving) AP to the target AR. The roaming counter is incremented each time the non-AP MLD roams in the mobility domain. Thus, each time the non-AP MLD roams, the updated roaming counter is provided to the new target AP MLD. Because the roaming counter is incremented each times there is a roam, even in a buggy implementation where the same PN is reused, the nonce will be different due to the roaming counter being different.
Combining MBSSID sets, co-hosted BSSID sets, and standalone VAPs into a co-located, co-channel BSSID set to allow for more efficient communication between different members of the co-located, co-channel BSSID set. By combining the members into the co-located, co-channel BSSID set, when a TXOP holder provides transmission time to a co-located, co-channel BSSID set, each of the VAPs in the co-located, co-channel BSSID set receives access to exchange data for a duration of time. When the co-located, co-channel BSSID set indicates to the TXOP holder that the VAPs finished exchanging data, each of the VAPs in the co-located, co-channel BSSID set loses access to send data.
Mechanisms for indicating and negotiating when Stations (STAs) should come out of power save (PS), including which link should come out of PS, may be provided. Enabling a device to make a link available during unavailability on a setup link can include sending to a client device a request to make a second link available when the client device is unavailable on a first link, wherein the client device is configured to switch a Station (STA) associated with the second link from a doze state to an awake state. An indication of an unavailability period on the first link is received, and the client device is communicated with using the second link during the unavailability period. After the unavailability period, the client device is communicated with using the first link.
Irregular unavailability signaling may be provided. An Access Point (AP) may receive an irregular unavailability report from a station. The irregular unavailability report may include a priority associated with upcoming unavailability periods of the station for non-Peer-to-Peer (P2P) traffic and an indication of interruptibility of the P2P traffic in the upcoming unavailability periods. The AP may schedule Transmit Opportunities (TxOPs) of the non-P2P traffic to the station in the upcoming unavailability periods based on the priority associated with upcoming unavailability periods and the indication of interruptibility of the P2P traffic.
H04W 72/566 - Allocation or scheduling criteria for wireless resources based on priority criteria of the information or information source or recipient
A converged Seamless Mobility Domain (SMD) architecture enabling different SMD modes may be provided. A request to roam may be received from a non-Access Point (AP) Multi-Link Device (MLD) to roam from a first AP MLD to a second AP MLD of the converged SMD architecture. The converged SMD architecture can selectively be configured in one of: a distributed SMD mode and a centralized SMD mode. It may be determined that the converged SMD architecture is configured in the distributed SMD mode. An uplink data path to a distribution system for the non-AP MLD through the first AP MLD may be paused during a roaming transition. The non-AP MLD may be connected to the distribution system through first AP MLD. During the roaming transition, the uplink data path to the distribution system for the non-AP MLD may be changed from through the first AP MLD to through the second AP MLD.
Enabling roaming in a hierarchical architecture having a distributed Seamless Mobility Domain (SMD) of a centralized SMD may be provided. A request to roam to a second AP MLD may be received from a first station associated with a first AP MLD of a hierarchical architecture. The hierarchical architecture may include a distributed SMD including a first centralized SMD. The first centralized SMD may include the first AP MLD. It may be determined that the second AP MLD belongs to the first centralized SMD. In response to determining that the second AP MLD belongs to the first centralized SMD, data exchanges for the first station may be transitioned from links of the first AP MLD to through links of the second AP MLD with the first station remaining associated with the first centralized SMD.
Multi-User Enhanced Distributed Channel Access (MU-EDCA) optimization for High-Density (HD) enterprises may be provided. An observed Enhanced Distributed Channel Access (EDCA) latency Probability Density Function (PDF) based on a plurality of parameters may be determined. Next, a predicted MU-EDCA latency PDF based on the plurality of parameters may be determined. Then MU-EDCA may be enabled when the predicted MU-EDCA latency PDF indicates a better delay bound than the EDCA latency PDF.
Dynamic Bandwidth Expansion (DBE) operation with Dynamic Subband Operation (DSO) may be provided. A computing device may operate in Dynamic Bandwidth Expansion (DBE). Also, the computing device may be operative in Dynamic Subband Operation (DSO). Then the computing device may use DSO over expanded Bandwidth (BW) of DBE for client devices that support DSO and DBE operation.
Devices, systems, methods, and processes for enhancement of security measurement in Open Roaming network are described herein. Typically, in Open Roaming networks access nodes do not have the information whether a user device is a trusted device and accesses the network based on authentication by an Identity Provider (IdP). To address these issues, access nodes may be configured to generate a trust score for the user device based on their monitored activities on the network. The access node may share the trust score with the IdP. The IdP may receive one or more trust scores for the user device and generates a global trust score for the user device. The IdP further shares the global trust score with Identity Federation. During a re-association attempt, a new access node may grant or deny the network access to the user device based on the received global trust score of the user device.
A method to optimize roaming of a wireless client in a wireless local area network includes receiving, at a serving access point (AP), a value indicative of transmit power for at least one neighbor AP, and sending the value indicative of transmit power for the at least one neighbor AP from the serving AP to a wireless client that is associated with the serving AP. The wireless client may then calculate a pathloss between the at least one neighbor AP and the wireless client based on the value indicative of transmit power for the at least one neighbor AP less a downlink RSSI of a Clear to Send (CTS) message received from the at least one neighbor AP, and then estimate an uplink RSSI at the at least one neighbor AP based on a value indicative of transmit power for the wireless client less the pathloss.
An access point computes, for user devices in each group of a plurality of groups of user devices, a plurality of start times of future enhanced data privacy (EDP) epochs during which identifiers from the user devices in each group are to be rotated. Based on the plurality of start times, it is determined that transitory periods will occur at a same time for at least a threshold number of groups of the plurality of groups of user devices. The AP transmits a message to user devices in at least one group of the at least a threshold number of groups instructing the user devices to perform one or more actions to prevent the transitory periods from occurring at the same time.
Privacy-preserving roaming may be provided. Privacy-preserving roaming can include receiving, from a station (STA), a privacy-preserving neighbor report request comprising a privacy-preserving address instead of a Media Access Control (MAC) address. A privacy-preserving neighbor report is determined for the STA comprising a list of one or more recommended access points (APs) for the STA to connect to. The privacy-preserving neighbor report response comprising the privacy-preserving neighbor report is sent to the STA, wherein the STA is configured to connect to one of the one or more recommended APs based on the privacy-preserving neighbor report.
Managing Quality of Service (QoS) policies using real-time traffic analysis, cross-layer feedback, an adaptive policy engine, and security measures may be provided. Managing QoS policies can comprise receiving network data comprising one or more Physical (PHY) layer metrics and one or more Media Access Control (MAC) layer metrics, and determining one or more network conditions based on the network data. An application type of an application is determined by evaluating a packet associated with the application. Then, a QoS mark is set for traffic of the application based on the network conditions and the application type.
H04L 47/2475 - Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
H04L 47/2441 - Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
44.
WIRELESS POWER TRANSFER PROTOCOL FOR AMBIENT POWER DEVICES
A Wireless Power Transfer (WPT) protocol for Ambient Power (AMP) devices may be provided. The WPT protocol can include receiving, from an AMP Station (STA), a frame comprising a device type identifier. One or more charging frame characteristics are determined based on the device type identifier. Next, a charging frame having the one or more charging frame characteristics is transmitted to the AMP STA.
H02J 50/20 - Circuit arrangements or systems for wireless supply or distribution of electric power using microwaves or radio frequency waves
H02J 50/80 - Circuit arrangements or systems for wireless supply or distribution of electric power involving the exchange of data, concerning supply or distribution of electric power, between transmitting devices and receiving devices
Mapping for seamless service quality in mixed network environments may be provided. Network conditions and network traffic types may be determined on a network. Next, a mapping may be created from first parameters to second parameters based on the network conditions and the network traffic types. Then service may be provided on the network based on the mapping.
Managing Low Latency, Low Loss, Scalable Throughput (L4S) traffic may be provided. Managing L4S traffic can include receiving network data comprising one or more Physical (PHY) layer metrics, one or more Media Access Control (MAC) layer metrics, and one or more network layer metrics. Network conditions are determined based on the network data. One or more L4S characteristics are then set based on the network conditions.
Seamless Low Latency, Low Loss, Scalable Throughput (L4S) Quality-of-service (QoS) maintenance during roaming may be provided. A client device may send Fast Transition (FT) protocol messages to an Access Point (AP). Then the client device may receive the FT protocol messages from the AP. At least one of the FT protocol messages may comprise Low Latency, Low Loss, Scalable Throughput (L4S) session parameters.
An example embodiment receives a traffic shape (or information to generate a traffic shape) and produces an entanglement resource distribution schedule for a distributed quantum algorithm or circuit. An embodiment generates a timeline indicating when entanglement resources are needed amongst network nodes in order to perform the distributed quantum circuit. A scheduler generates a collection of entanglement requests to be fulfilled based on the timeline.
Techniques for providing a language model with dynamic configuration data for network devices in a network that is then used by the language model to generate network-contextual responses to prompts received at the language model. A network controller may collect configuration data from the network devices where the configuration data includes device configurations of the network devices. The network controller may further receive a prompt from a network operator to which the language model is to respond and identify a relevant device configuration that is contextually relevant to the prompt. Further, the network controller may provide the prompt and the relevant device configuration to the language model, generate, by the language model and using the relevant device configuration, a response to the prompt, and provide the network operator with an indication of the response to the prompt.
G06F 40/58 - Use of machine translation, e.g. for multi-lingual retrieval, for server-side translation for client devices or for real-time translation
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
50.
CROSS-SYSTEM RESOURCE AUTHORIZATION USING USER CAPABILITIES
Techniques for cross-system resource authorization using user capabilities are disclosed. In an example computer-implemented method, a first system stores capabilities information identifying a set of capabilities configured for a user using a first access management system of the first system. A second system receives a request from the user to perform an action on a resource associated with the second system. The second system identifies the set of one or more capabilities configured for the user using the capabilities information. A second access management system of the second system determines whether the user is authorized to perform the action on the resource based upon the identified set of capabilities configured for the user. Upon determining by the second access management system that the user is authorized to perform the action on the resource, the user is allows to perform the action on the resource.
In some implementations, techniques may include receiving, at a first system, a request from a user for a particular metric computed by a second system. In addition, techniques may include generating a request for the particular metric and associated data. The request can include information identifying the user, and the request is generated in a format that is understandable by the second system. Techniques may include communicating the request to the second system. Moreover, the techniques may include receiving the requested particular metric and the associated data. Also, techniques may include transforming the particular metric and the associated data to a format that is consumable by a dashboard generation system of the first system. Further, techniques may include generating a dashboard for displaying the particular metric and the associated data. In addition, the techniques may include causing the generated dashboard to be displayed on a display device.
This disclosure describes techniques for an email security system to detect and prevent callback phishing attacks included within electronic messages. An email security system may receive an email that is to be delivered to a receiving user. Based on the email metadata, the email security system may determine an intent associated with the email (e.g., whether the email is malicious). In some instances, the email may be associated with an indication of a phone number. Based on the metadata associated with the phone number, the email security system may be configured to determine a reputation associated with the phone number. The email security system may then use the reputation and/or the intent to determine whether the email is associated with a callback phishing attempt. The email security system may then determine whether to transmit the email to the receiving user, or perform a remedial action regarding the email.
According to one or more embodiments of the disclosure, an Open Telemetry runtime profiler is provided. In one embodiment, an illustrative method herein comprises: capturing, by a profiler process for inclusion in a set of observations, runtime metrics of a telemetry agent process on an associated host application; capturing, by the profiler process for inclusion in the set of observations, span information in real-time from the telemetry agent process; intercepting, by the profiler process for inclusion in the set of observations, exceptions caused by or within instrumentation code of the telemetry agent process; and providing, by the profiler process, an interface for sharing the set of observations associated with the telemetry agent process.
Seamless Low Latency, Low Loss, Scalable Throughput (L4S) Quality-of-service (QoS) maintenance during roaming may be provided. A client device may send Fast Transition (FT) protocol messages to an Access Point (AP). Then the client device may receive the FT protocol messages from the AP. At least one of the FT protocol messages may comprise Low Latency, Low Loss, Scalable Throughput (L4S) session parameters.
Managing Low Latency, Low Loss, Scalable Throughput (L4S) traffic may be provided. Managing L4S traffic can include receiving network data comprising one or more Physical (PHY) layer metrics, one or more Media Access Control (MAC) layer metrics, and one or more network layer metrics. Network conditions are determined based on the network data. One or more L4S characteristics are then set based on the network conditions.
Managing Quality of Service (QoS) policies using real-time traffic analysis, cross-layer feedback, an adaptive policy engine, and security measures may be provided. Managing QoS policies can comprise receiving network data comprising one or more Physical (PHY) layer metrics and one or more Media Access Control (MAC) layer metrics, and determining one or more network conditions based on the network data. An application type of an application is determined by evaluating a packet associated with the application. Then, a QoS mark is set for traffic of the application based on the network conditions and the application type.
H04L 47/2408 - Traffic characterised by specific attributes, e.g. priority or QoS for supporting different services, e.g. a differentiated services [DiffServ] type of service
H04L 47/24 - Traffic characterised by specific attributes, e.g. priority or QoS
Multi-User Enhanced Distributed Channel Access (MU-EDCA) optimization for High-Density (HD) enterprises may be provided. An observed Enhanced Distributed Channel Access (EDCA) latency Probability Density Function (PDF) based on a plurality of parameters may be determined. Next, a predicted MU-EDCA latency PDF based on the plurality of parameters may be determined. Then MU-EDCA may be enabled when the predicted MU-EDCA latency PDF indicates a better delay bound than the EDCA latency PDF.
A converged Seamless Mobility Domain (SMD) architecture enabling different SMD modes may be provided. A request to roam may be received from a non-Access Point (AP) Multi-Link Device (MLD) to roam from a first AP MLD to a second AP MLD of the converged SMD architecture. The converged SMD architecture can selectively be configured in one of: a distributed SMD mode and a centralized SMD mode. It may be determined that the converged SMD architecture is configured in the distributed SMD mode. An uplink data path to a distribution system for the non-AP MLD through the first AP MLD may be paused during a roaming transition. The non-AP MLD may be connected to the distribution system through first AP MLD. During the roaming transition, the uplink data path to the distribution system for the non-AP MLD may be changed from through the first AP MLD to through the second AP MLD.
Mechanisms for indicating and negotiating when Stations (STAs) should come out of power save (PS), including which link should come out of PS, may be provided. Enabling a device to make a link available during unavailability on a setup link can include sending to a client device a request to make a second link available when the client device is unavailable on a first link, wherein the client device is configured to switch a Station (STA) associated with the second link from a doze state to an awake state. An indication of an unavailability period on the first link is received, and the client device is communicated with using the second link during the unavailability period. After the unavailability period, the client device is communicated with using the first link.
Privacy-preserving roaming may be provided. Privacy-preserving roaming can include receiving, from a station (STA), a privacy-preserving neighbor report request comprising a privacy-preserving address instead of a Media Access Control (MAC) address. A privacy-preserving neighbor report is determined for the STA comprising a list of one or more recommended access points (APs) for the STA to connect to. The privacy-preserving neighbor report response comprising the privacy-preserving neighbor report is sent to the STA, wherein the STA is configured to connect to one of the one or more recommended APs based on the privacy-preserving neighbor report.
In some implementations, a device obtains topology information regarding communication pathways available between graphics processing units (GPUs) in a network. The device also obtains, via an NVIDIA Collective Communications Library (NCCL) application programming interface (API), data indicative of a communication graph of communications between the graphics processing units during one or more scheduled jobs. The device computes, based on the communication graph and the topology information, a network policy for the network that controls over which path a particular communication is sent between a pair of GPUs. The device implements enforcement of the network policy in the network.
The present technology provides solutions for maintaining communications within a software-defined wide area network (SDWAN) when one or more devices in the SDWAN are isolated from one or more controllers. An example method includes receiving, at a static edge device associated with a static wide area network (WAN) Internet Protocol (IP) address in a data plane of the SDWAN, data from a first device communicating through an edge device of a first Internet service provider (ISP) of the SDWAN, where the first device is associated with a private IP address, associating, by the static edge device, the first device with the private IP address, and communicating, by the static edge device, with the first device at the private IP address. Systems and computer-readable media are also provided.
A troubleshooting trigger may be provided. A first computing device may provide, to a second computing device, data indicating a troubleshooting capability protocol. Next, first computing device may receive, from the second computing device, a troubleshooting request in accordance with the troubleshooting capability protocol. The first computing device may then perform the troubleshooting request in accordance with the troubleshooting capability protocol.
Aspects of the present disclosure are directed to on-device firewall and library agents integrated with secure agents on network connected endpoints. The on-device firewall and library agents enable inline analysis and inspection of data packets using protocol fingerprints generated for the data packets using an on-device malware detection engine. In one aspect, a network device includes a driver configured to capture a plurality of data packets received at the network device; and an on-device malware detection engine configured to receive at least a subset of the plurality of packets, and generate a fingerprint for the subset of the plurality of packets, the fingerprint being indicative of whether the plurality of data packets are associated with an external malware communication.
A system and associated methods provide procedures for establishing multicast connections and forwarding multicast content from a source to a subscriber when an ingress provider edge in communication with the subscriber is connected to an egress provider edge device belonging to an EVPN instance, especially in cases where the egress provider edge device is not receiving content from the source. The system configures “backup” provider edge devices belonging to the EVPN instance to temporarily forward the multicast content to the egress provider edge device on behalf of the source, enabling the ingress provider edge device and subscriber to continue to receive the multicast content from the source while the multicast network adjusts to recognize a new egress provider edge device. Methods of establishing connections between the ingress provider edge device and the correct egress provider edge device are also provided to avoid flooding and inefficient content forwarding throughout the network.
Techniques are described herein for assessing and mitigating risk associated with systems and software applications. The techniques may comprise identifying a number of components associated with a system and a number of vulnerability scores corresponding to the number of components, wherein an individual vulnerability score represents a susceptibility of an individual component to a detected threat, and determining a risk score associated with the system as a function of the number of vulnerability scores and a number of times that each component is implemented in the system. The techniques may further comprise identifying one or more updates associated with the number of components, determining, for individual updates, an impact to be attributed to the individual update, identifying a target update having a highest impact on the risk score, and causing the target update to be implemented.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Disclosed are systems, apparatuses, methods, and computer-readable media for adaptive transmit power control threshold recommendations in wireless networks. A method includes: retrieving network usage information from APs associated with a location, wherein the network usage information identifies network consumption information of each wireless device connected to that AP, non-period events, and interrupts, wherein the network usage information from a first AP includes a path loss associated with messages from neighboring APs; determining first TPCs for each AP of the APs associated with the location based on path losses between each AP; simulating network performance using the first TPCs and the network usage information; and measuring network performance information associated at each AP based on the simulation of the network performance; and determining second TPCs for each AP of the APs associated with the location based on the network information.
Techniques for dynamically load balancing traffic based on predicted and actual load capacities of data nodes are described herein. The techniques may include determining a predicted capacity of a data node of a network during a period of time. The data node may be associated with a first traffic class. The techniques may also include determining an actual capacity of the data node during the period of time, as well as determining that a difference between the actual capacity and the predicted capacity is greater than a threshold difference. Based at least in part on the difference, a number of data flows sent to the data node may be either increased or decreased. Additionally, or alternatively, a data flow associated with a second traffic class may be redirected to the data node during the period of time to be handled according to the first traffic class.
In some aspects, the techniques described herein relate to a method including: obtaining, at a network device from a user device, a request for a network session, the request including an indication of a user device profile; determining a traffic identifier to associate with the user device profile; binding the traffic identifier to a network policy to be applied to traffic associated with the user device profile; and providing the traffic identifier to the user device.
Techniques described herein can enable proactive congestion notifications based on service level agreement (SLA) thresholds. The disclosed techniques can be performed at a network router device. The router can monitor network traffic performance measurements of network traffic associated with an SLA. The SLA can be associated with an SLA policy, and the SLA policy can comprise performance thresholds such as loss/latency/jitter thresholds, and a congestion notification policy. The congestion notification policy can comprise a portion, e.g., a fraction or percentage, applicable to the performance thresholds to determine congestion notification thresholds. The router can send a congestion notification in response to a network traffic performance measurement exceeding a congestion notification threshold.
H04L 41/5009 - Determining service level performance parameters or violations of service level contracts, e.g. violations of agreed response time or mean time between failures [MTBF]
H04L 41/0686 - Additional information in the notification, e.g. enhancement of specific meta-data
71.
INTEGRATED GERMANIUM PHOTODIODE WITH SELF-ALIGNED IMPLANT AND ELECTRICAL CONTACT
A photodiode device includes a base layer having a first intermediately doped region and a heavily doped region, a dielectric layer disposed over the base layer, a light absorptive material disposed in the dielectric layer, a first electrode, a coating layer, and a second electrode disposed in the dielectric layer and in communication with the heavily doped region. The light absorptive material has a top and a bottom surface, in which the bottom surface is in contact with the first intermediately doped region. The first electrode includes a side surface and a bottom surface. The coating layer includes an inner surface surrounding the side surface of the first electrode, an outer surface in communication with the dielectric layer, and an end surface in communication with the top surface of the light absorptive material, in which the end surface of the coating layer include a second intermediately doped region.
H10F 30/223 - Individual radiation-sensitive semiconductor devices in which radiation controls the flow of current through the devices, e.g. photodetectors the devices having potential barriers, e.g. phototransistors the devices being sensitive to infrared, visible or ultraviolet radiation the devices having only one potential barrier, e.g. photodiodes the potential barrier being a PIN barrier
H10F 71/00 - Manufacture or treatment of devices covered by this subclass
72.
INTELLIGENT OPEN TELEMETRY EXCEPTION PROCESSING AND REPORTING
According to one or more embodiments of the disclosure, intelligent Open Telemetry exception processing and reporting is provided. In one embodiment, an illustrative method herein comprises: instrumenting a base throwable class of an application; intercepting an exception during runtime of the application based on the exception calling a throwable constructor during the instrumenting; processing the exception to determine one or more features associated with the exception; determining a responsive action to the exception based on the one or more features; and executing the responsive action.
Mapping for seamless service quality in mixed network environments may be provided. Network conditions and network traffic types may be determined on a network. Next, a mapping may be created from first parameters to second parameters based on the network conditions and the network traffic types. Then service may be provided on the network based on the mapping.
A Wireless Power Transfer (WPT) protocol for Ambient Power (AMP) devices may be provided. The WPT protocol can include receiving, from an AMP Station (STA), a frame comprising a device type identifier. One or more charging frame characteristics are determined based on the device type identifier. Next, a charging frame having the one or more charging frame characteristics is transmitted to the AMP STA.
H02J 50/80 - Circuit arrangements or systems for wireless supply or distribution of electric power involving the exchange of data, concerning supply or distribution of electric power, between transmitting devices and receiving devices
H02J 50/40 - Circuit arrangements or systems for wireless supply or distribution of electric power using two or more transmitting or receiving devices
75.
ENABLING ROAMING IN A HIERARCHICAL ARCHITECTURE HAVING A DISTRIBUTED SEAMLESS MOBILITY DOMAIN (SMD) OF A CENTRALIZED SMD
Enabling roaming in a hierarchical architecture having a distributed Seamless Mobility Domain (SMD) of a centralized SMD may be provided. A request to roam to a second AP MLD may be received from a first station associated with a first AP MLD of a hierarchical architecture. The hierarchical architecture may include a distributed SMD including a first centralized SMD. The first centralized SMD may include the first AP MLD. It may be determined that the second AP MLD belongs to the first centralized SMD. In response to determining that the second AP MLD belongs to the first centralized SMD, data exchanges for the first station may be transitioned from links of the first AP MLD to through links of the second AP MLD with the first station remaining associated with the first centralized SMD.
Opportunistic power grant, and specifically to providing opportunistic power grants to Access Points (APs) by an Automated Frequency Coordination (AFC) may be provided. An Access Point may be operating in a low power mode. The AP may connect to a STA and send a token to the STA, wherein the token includes a request for a STA location. The AP may receive the STA location in response. The AP may send the token and the STA location to an AFC. The AP may then receive instructions to operate in a standard power mode from the AFC. The AP may change operation to the standard power mode in response.
Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.
Dynamic Bandwidth Expansion (DBE) operation with Dynamic Subband Operation (DSO) may be provided. A computing device may operate in Dynamic Bandwidth Expansion (DBE). Also, the computing device may operative in Dynamic Subband Operation (DSO). Then the computing device may use DSO over expanded Bandwidth (BW) of DBE for client devices that support DSO and DBE operation.
This disclosure describes techniques and mechanisms to retroactively identifying, classifying, categorizing, and/or remediating campaigns by an email threat defense system. The described techniques may perform a time-series analysis on record data associated with emails and identify campaigns that have bypassed threat detection mechanisms. The described techniques may extract and correlate features of the record data in order to label and determine whether a campaign is malicious. Where the email campaign is malicious, remedial action(s) can occur. Accordingly, the described techniques may remediate false negatives in a network and improve network security.
Fine Time Measurement (FTM) Location Configuration Information (LCI) protection and, specifically, FTM LCI protection with authentication and selective client enablement may be provided. To perform FTM LCI protection, a controller may first obtain a key-pair including a public key and a private key from a Certificate Authority (CA). The controller my determine a venue location where an Access Point (AP) is located. The controller may send a Certificate Signing Request (CSR) with the venue location to the CA. In response to sending the CSR, the controller may receive a public key certificate from the CA, wherein the public key certificate includes the venue location. The AP may receive a request for Location Configuration Information (LCI) from a Station (STA), wherein the LCI includes an AP location. The AP creates a hash of LCI of the AP using the private key and sends the LCI and the hash to the STA.
H04W 12/069 - Authentication using certificates or pre-shared keys
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
One or more aspects of the present disclosure are directed to providing a single hierarchical construct for defining requirements (connectivity parameters) of a service in a service chain. In one aspect, a single construct for identifying a service in a service chain includes a first object identifying at least one path for accessing an instance of the service within a communication network, a second object identifying a respective communication protocol for the at least one path; and a third object identifying at least a transmission specification for the respective communication protocol in the second object, wherein the second object and the third object are embedded within the first object.
A system and method are provided for generating group encryption keys for a global group and a private group to encrypt wireless messages between an access point and a station. The private group key is based on a unique private group identifier. The global group key and the private group key are sent from the access point to one or more stations via an M3 message as part of a 4-way handshake or as part of a 2-way group key handshake. The global group key is used for encrypted broadcast or multicast messages with an entire group, whereas the private group key is used for encrypted broadcast or multicast messages with a private group that is a subset of the entire group.
Techniques are described for using a cloud-based actions service to provide IT and security-related applications with a centralized interface for requesting the performance of a wide range of actions involving third party services and devices. Any application with the ability to send API requests to the actions service can thus request the invocation of actions supported by the service without the need for independent implementations of such actions. Furthermore, the actions service provides a source for a continuously evolving set of actions with only minimal changes needed to applications desiring to use new and updated actions.
Disclosed are systems, apparatuses, methods, and computer-readable media for preventing supervision frame injection attacks in replication networks. A method includes: identifying, by a network device, a trusted network device in a replication network; providing credentials to the trusted network device to validate an identity of the network device; based on authentication of the credential at the trusted network device, receiving security information from the trusted network device that is encrypted with a public key of the network device; and transmitting an onboarding supervision frame encrypted with or signed by the security information, wherein a management device of the replication network updates a trusted peer information based on the onboarding supervision frame.
In some implementations, techniques may include receiving, by a first system, a plurality of logs having events data for a set of events that have occurred at a monitored system. In addition, the techniques may include receiving a first metric and associated data from a second system. The first metric can be computed by the second system based upon observability data. The techniques may include identifying a first portion of the events data that corresponds to the first metric and the associated data. Moreover, the techniques may include generating a dashboard. The first metric and the associated data can be displayed in the dashboard's first section and the first portion of the events data can be displayed in the dashboard's second section. The first section and the second section can be displayed concurrently on the dashboard. The techniques may include causing the dashboard to be displayed on a display device.
In one embodiment, an optoelectronic assembly includes at least one grating coupler and at least one edge coupler in contact with and optically coupled to the at least one grating coupler. The optoelectronic assembly may also include a primary photonic integrated circuit (PIC) to secondary PIC interface using the edge coupler and grating coupler, or edge-to-grating optical coupling.
In one embodiment, dynamic multi-cloud network provisioning is provided by an illustrative method comprising: identifying, by a process, source security groups associated with devices of a computer network; determining, by the process and based on observation of packets sourced from the devices, a set of destinations of the packets sourced from the devices; deducing, by the process, destination security groups associated with the devices based on the set of destinations used in the packets sourced from the devices; identifying, by the process, cloud services currently utilized by the devices based on the source security groups and the destination security groups; and establishing, by the process, a dynamic provisioning configuration for the computer network based on the cloud services currently utilized by the devices in the computer network.
In part, exemplary systems and methods are disclosed for maintaining low voltage and low power in a transimpedance amplifier (TIA). One system includes a sensor (e.g., a photodetector); the TIA; and a dummy TIA. The TIA includes a front end stage, a detector, and a back end stage. In some embodiments, the front end stage is configured to receive a current output from the sensor. In many embodiments, a reading of the detector is used to monitor the current output from the sensor. The back end stage is configured to convert the current to an output voltage in various embodiments. The dummy TIA is coupled to the sensor and diverts the current output from the sensor when the current exceeds a predetermined threshold in some embodiments.
In one implementation, a device extracts event data from logs generated by one or more entities in a computer network that are indicative of events that occurred in the computer network. The device detects, using the event data, a relationship between the events that occurred in the computer network. The device generates, based on the relationship, a prompt for input to a language model. The device provides the prompt to the language model, to generate a summary of the events that occurred in the computer network.
A method performed by an access point multi-link device (AP MLD) to coordinate trigger-based uplink transmissions across multiple wireless links from a station MLD (STA MLD). The method involves determining an allocation of groups of frequency subcarriers to be used on each wireless link of the multiple wireless links for simultaneous uplink transmission from the STA MLD to the AP MLD; including, in a single trigger frame or in each of multiple trigger frames, information indicating the allocation of groups of frequency subcarriers to be used on each wireless link of the multiple wireless links; and transmitting the single trigger frame on one wireless link of the multiple wireless links, or the multiple trigger frames simultaneously across the multiple wireless links to the STA MLD.
This disclosure describes techniques and mechanisms for providing initialization vector (IV) uniqueness and extending rekeying windows for network devices that perform secure association sharing in multi-source and multi-destination environments. The techniques may apply to existing hardware of the network devices. The techniques may enable the network devices to execute in a non-XPN mode and establish secure tunnels corresponding to secure association sessions. The techniques may utilize software to partition extra bits included in packet headers. The network devices may perform a process to update a loop count value utilizing a portion of the extra bits, thereby exponentially extending the rekeying windows. Further, by utilizing a portion of the extra bits, the system may ensure IV uniqueness for the secure association session between network devices in the multi-source and multi-destination environment.
The techniques described herein provide a transport mechanism for large-scale exchange of cyber threat intelligence between entities and/or within an entity. Cyber threats evolve rapidly, and entities face challenges in efficiently sharing threat intelligence at “network speed” and applying mitigations across their networks. Existing techniques lack scalability, real-time updates, and coordination among organizations. Moreover, there is no existing technique for large-scale exchange of cyber threat intelligence. Additionally identifying threat data is often performed manually and is subjective. The techniques described herein provide mechanisms that leverage BGP or other routing protocols to facilitate large-scale threat intelligence exchange and mitigation across entities in real-time. The techniques described herein enable entities, including cloud providers, internet service providers, and others, to collaboratively mitigate cyber threats by disseminating real-time confirmed and actionable threat intelligence across their networks.
Devices, systems, methods, and processes for enhancement of security measurement in Open Roaming network are described herein. Typically, in Open Roaming networks access nodes do not have the information whether a user device is a trusted device and accesses the network based on authentication by an Identity Provider (IdP). To address these issues, access nodes may be configured to generate a trust score for the user device based on their monitored activities on the network. The access node may share the trust score with the IdP. The IdP may receive one or more trust scores for the user device and generates a global trust score for the user device. The IdP further shares the global trust score with Identity Federation. During a re-association attempt, a new access node may grant or deny the network access to the user device based on the received global trust score of the user device.
Disclosed is technology for selectively determining whether to duplicate a packet based on factors beyond just the application it is associated with. For example, some methods determine a criticality of the packet by reading a tag stored in a header of the packet. The tag can represent a group to which the user is associated with, e.g., the financial department, and assign a criticality score based on that group and in some cases other factors. The criticality score can be measured against a threshold to determine whether duplication should occur in the next hop. The method therefore selectively determines whether to duplicate a packet, thereby avoiding costly overduplication, while also placing this tag in a header of the packet, which can be read easily and without deep packet inspection.
Devices and methods for floor-level allocation of network devices, for example, access points, are provided. A controller, coupled to multiple switches disposed across one or more floors in a space, receives discovery data and signal data. The discovery data, for example, connectivity discovery protocol data, indicates an association of the switches and multiple access points connected thereto and deployed across the floor(s). The signal data, for example, received signal strength indicator data, is associated with the set of access points. The controller classifies the access points into a set of clusters based on the discovery data and the signal data. The controller determines a sequence of the floors based on the clusters and allocates a floor-level identifier to the access points based on the sequence. The devices and methods optimize indoor localization, for example, in environments where environmental data such as air pressure data may be unreliable or unavailable.
Vibrational energy produced by fans in electronic devices remain largely untapped. To address this, devices, systems, methods, and processes for harnessing the vibrational energy produced by such fans are described herein. The electronic device includes one or more electronic components and a fan tray. The fan tray includes one or more fans and a housing frame that houses the one or more fans. The one or more fans generate an airflow to cool the one or more electronic components and at least one fan of the one or more fans produces a vibration signal when in operation. The fan tray further includes one or more piezoelectric assemblies disposed relative to the housing frame. The one or more piezoelectric assemblies convert the vibration signal into respective electrical signals. The electrical signals can be converted to direct current (DC) to power the one or more electronic devices.
H02N 2/18 - Electric machines in general using piezoelectric effect, electrostriction or magnetostriction producing electrical output from mechanical input, e.g. generators
H05K 7/20 - Modifications to facilitate cooling, ventilating, or heating
H10N 30/50 - Piezoelectric or electrostrictive devices having a stacked or multilayer structure
97.
SIGNALING TO TRANSFER TARGET WAKE TIME AGREEMENTS BETWEEN LINKS WITHIN OR ACROSS MULTI-LINK DEVICES
Embodiments for enabling a non-access point (non-AP) multi-link device (MLD) to transfer one or more existing Target Wake Time (TWT) agreements to a new link either for an AP MLD or across AP MLDs. In at least one embodiment, a computer-implemented method is provided that includes obtaining, from a non-AP MLD that is seeking to roam from a first AP MLD to a second AP MLD, a request to transfer one or more TWT agreements from one or more wireless links of the first AP MLD to one or more wireless links of the second AP MLD; determining whether any of the one or more TWT agreements are accepted for any wireless links of the second AP MLD; and providing a response to the non-AP MLD indicating whether any of the TWT agreements are accepted for the wireless links of the second AP MLD.
An access point computes, for user devices in each group of a plurality of groups of user devices, a plurality of start times of future enhanced data privacy (EDP) epochs during which identifiers from the user devices in each group are to be rotated. Based on the plurality of start times, it is determined that transitory periods will occur at a same time for at least a threshold number of groups of the plurality of groups of user devices. The AP transmits a message to user devices in at least one group of the at least a threshold number of groups instructing the user devices to perform one or more actions to prevent the transitory periods from occurring at the same time.
In a mobility domain (e.g., a seamless mobility domain), a roaming counter value is provided to a target access point (AP) which the target AP can use to generate a nonce for encrypting data transmitted to a roaming non-AP multi-link device (MLD). That is, the non-AP MLD may be roaming from a current (or serving) AP to the target AP. The roaming counter is incremented each time the non-AP MLD roams in the mobility domain. Thus, each time the non-AP MLD roams, the updated roaming counter is provided to the new target AP MLD. Because the roaming counter is incremented each times there is a roam, even in a buggy implementation where the same PN is reused, the nonce will be different due to the roaming counter being different.
A wireless device comprises one or more memories and one or more processors communicatively coupled to the one or more memories, where the one or more processors are configured to, individually or collectively, perform operations comprising identifying a flow associated with a stream classification service (SCS) identifier and transmitting an SCS request to an access point (AP). The SCS request comprises information for a plurality of quality of service (QoS) profiles associated with the SCS identifier, and each of the plurality of QoS profiles define a different set of QoS characteristics.
