A method for learning potential correlation of data structures and fields across multiple disparate data sources. The method automatically identifies relationships that exist in multiple data sources to facilitate a data broker that can return the “shortest-path-to-data”. The method includes communicating with a data lake that integrates access to data stored in a plurality of different data sources. The method next includes correlating, via the data lake, data fields in data sets across the plurality of different data sources to identify relationships across the plurality of different data sources. A request to access data is obtained, and the method determines that data for the request is stored in two or more data sources of the plurality of different data sources, selects a particular data source of the two or more data sources and retrieves the data for the request from the particular data source.
Techniques and systems described herein relate to monitoring executions of computer instructions on computing devices based on observing and generating a control flow directed graph. The techniques and systems include determining an observation phase for a process or application on a computing device. During the observation phase, CPU telemetry is determined and used to generate a control flow directed graph. After the control flow directed graph is generated, a hash table associated with frequently traversed execution paths is generated. A monitoring phase may be entered where transfers of instruction pointers are monitored based on the control flow directed graph to identify invalid transfers. The frequently traversed execution paths may be identified based on the hash table and be identified as valid if the hash value corresponds to the table.
Techniques for optimizing routing decisions based on security metrics within a network environment are described herein. In some cases, by using various security metrics, such as encryption indicators, attestation indicators, secureness metrics, and reliability metrics, an exemplary system can assess the security level and reliability of network paths. These metrics may provide valuable insights into the trustworthiness and integrity of participating nodes and links and enable informed decision-making regarding path selection.
The method disclosed herein manages and generates enterprise-policy compliant guest credentials for connectivity to one or more enterprise networks. The method may include receiving a request from a guest user device to connect to a first network provided by an enterprise. The method may further comprise determining that the guest user device is authorized to access the first network when the access by the guest user is subject to a movement and roaming policy. A first credential may be provisioned for the guest user to access the first network that is consistent with the movement and roaming policy. Prior to receiving a second request to connect to a second network of the enterprise from the guest user device, provisioning a second credential, consistent with the movement and roaming policy, to the guest user.
Techniques for ultra-short-term resource forecasting for a network device are described. A selection of a time series algorithm from a set of time series algorithms for determining capacity right-sizing of a local resource is received, the is selection based at least in part on current local traffic conditions. Based on current local traffic conditions, parameter values to be used in the algorithm are determined, the parameters are associated with the time series algorithm selection. A number of data points for input to the time series algorithm are determined, the data points are a sequence of values representing an amount of the local resource used by the network device at a point in time and are collected at predetermined time intervals. Based on a calculation of the time series algorithm using the number of data points and parameter values, the right-size capacity of the local resource for the network device is determined and provided.
H04L 41/147 - Network analysis or design for predicting network behaviour
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
Backup communication paths can be determined for use by different circuits of a network in the event of a failure of active communication paths. The disclosed backup path determination techniques can reduce contention in which multiple circuits share a backup path. Contention metrics are determined for communication paths in the network. The contention metrics are used to determine a communication path for contention reduction. A circuit that uses the communication path as a backup path is selected, and the backup path of the selected circuit is modified to avoid the communication path. Contention metrics can then be recalculated, and contention reduction techniques can be repeated until a desired convergence point is reached.
Described herein are systems and methods for optimizing energy efficiency in a network utilizing a control plane or other network administration device or software suite. The control plane continuously monitors end-to-end network paths and collects real-time data about network topology, traffic patterns, and connected devices. By analyzing the collected network data, the control plane identifies power needs for network nodes and generates energy saving recommendations or instructions tailored to each node's specific capabilities. Network nodes can subscribe to the energy efficiency service provided by the control plane, receive network usage data, and execute energy saving operations based on the recommendations. The control plane dynamically updates the energy saving recommendations in response to changes in network conditions, enabling network nodes to optimize their energy efficiency without compromising network performance and availability. These updates can be based on current network conditions but can be generated from historical data and/or machine learning processes.
In one embodiment, a method comprises: obtaining a plurality of results for a corresponding plurality of independent tests performed on a corresponding plurality of services in a computer network, the plurality of results comprising one or more determined pathways through the computer network; determining a specified subset selection regarding the plurality of results, the specified subset selection corresponding to at least two independent service-related tests; combining a portion of the plurality of results into an aggregated results subset according to the specified subset selection; generating a graphical representation visualization of the aggregated results subset, the graphical representation visualization illustrating a plurality of specific pathways through the computer network corresponding to the aggregated results subset; and providing, to a graphical user interface, the graphical representation visualization of the aggregated results subset, the graphical user interface providing for further specification of the specified subset selection regarding the plurality of results.
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
H04L 41/0681 - Configuration of triggering conditions
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
A system and method are provided for detecting malicious messages using a two-step Bayesian approach. A discrimination engine determines for each of the messages a first score and a second score. The first score represents a likelihood that the respective messages are malicious messages, and the second score represents a likelihood that they were generated by a machine learning (ML) method, such as a large language model (LLM). Using a combination of these two scores, message with a high probability of being malicious message are discriminated and marked as such. For example, messages for which the first and second scores exceed respective thresholds are marked as suspicious.
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
10.
CATEGORIZING PARTICIPANT CONTRIBUTION OF CONFERENCES
A non-transitory computer-readable medium has instructions that, when executed by one or more processors, cause the one or more processors to perform operations that include receiving a contribution provided by a participant in a video session and/or audio session, determining whether a type of the contribution is a question or a comment, storing the contribution and its type, determining whether a total quantity of received contributions exceeds a threshold, classifying each received contribution into an appropriate category of a plurality of categories in response to determining the total quantity of received contributions exceeds the threshold, and outputting the received contributions and their categories for display to one or more additional participants in the video session and/or audio session.
Techniques and architecture are described for eliminating double encryption in zero-trust network access authenticated sessions. The techniques include an endpoint client-based proxy of a network receiving, from a browser, a request to access a protected private service. The endpoint client-based proxy pauses access of the browser to the protected private service and establishes a transport layer security (TLS) connection between the endpoint client-based proxy and a zero-trust network access (ZTNA) gateway. The ZTNA gateway determines whether the protected private service uses a secure transport mechanism and establishes either a null cipher encrypted tunnel between at least the endpoint client-based proxy and the ZTNA gateway or a non-null cipher encrypted tunnel between at least the endpoint client-based proxy and the ZTNA gateway. The endpoint client-based proxy resumes access of the browser to the protected private service.
A method, computer system, and computer program product are provided for responding to user queries. A plurality of metadata objects are extracted from a plurality of knowledge artifacts in a database. A portion of the plurality of metadata objects is encrypted using homomorphic encryption to generate a plurality of encrypted embeddings, wherein each encrypted embedding relates to content of a knowledge artifact. A plurality of encrypted similarity scores are received that are generated by processing a query, received from a user, against the plurality of encrypted embeddings. The plurality of encrypted similarity scores are decrypted. A particular knowledge artifact is identified based on the decrypted plurality of similarity scores. A response is provided to the user based on the particular knowledge artifact.
Devices, systems, methods, and processes for managing network devices through generated predictions and associated confidence levels are described herein. Networks within a floorplan can be operated at full capacity all day in an inefficient way when not adjusted due to traffic patterns and seasonality changes. Data related to the topology of the network, along with historical data can be utilized to generate predictions of various network needs. For example, the overall network throughput capacity needs may be predicted for a series of points in the future. An associated confidence level can be generated as well including one or more confidence intervals. These can be utilized to select a future need for the network and generate a corresponding sustainable network configuration for the network devices and/or their transceivers that can provide sufficient network needs while minimizing the overall power used. This can be automated over time once trust has been established.
H04L 41/0833 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network energy consumption
H04L 41/083 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for increasing network speed
H04L 41/12 - Discovery or management of network topologies
H04L 41/147 - Network analysis or design for predicting network behaviour
14.
CLIENT-AWARE FLOORPLAN MANAGEMENT WITH PREDICTED CONFIDENCE LEVELS
Devices, systems, methods, and processes for managing network devices through generated predictions and associated confidence levels are described herein. Networks within a floorplan can be operated at full capacity all day in an inefficient way when not adjusted due to traffic patterns and seasonality changes. Data related to the topology of the network, along with historical data can be utilized to generate predictions of various network needs. For example, the overall network throughput capacity needs may be predicted for a series of points in the future. An associated confidence level can be generated as well including one or more confidence intervals. These can be utilized to select a future need for the network and generate a corresponding sustainable network configuration for the network devices and/or their transceivers that can provide sufficient network needs while minimizing the overall power used. This can be automated over time once trust has been established.
Described herein are systems and methods for optimizing energy efficiency in a network utilizing a control plane or other network administration device or software suite. The control plane continuously monitors end-to-end network paths and collects real-time data about network topology, traffic patterns, and connected devices. By analyzing the collected network data, the control plane identifies power needs for network nodes and generates energy saving recommendations or instructions tailored to each node's specific capabilities. Network nodes can subscribe to the energy efficiency service provided by the control plane, receive network usage data, and execute energy saving operations based on the recommendations. The control plane dynamically updates the energy saving recommendations in response to changes in network conditions, enabling network nodes to optimize their energy efficiency without compromising network performance and availability. These updates can be based on current network conditions but can be generated from historical data and/or machine learning processes.
H04L 41/0833 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network energy consumption
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
16.
PPDU FORMAT SUPPORTING VENDOR SPECIFIC PER-USER PARAMETERS
A format for a Physical layer Protocol Data Unit (PPDU) that can be transmitted over a network is disclosed. The PPDU includes one or more bits signaling that vendor-specific (VS) per-user content is present in the PPDU. The PPDU also includes one or more bits signaling a VS language in which the VS per user content is presented. The PPDU further includes bits representing the VS per user content in the VS language. The VS per-user content is arranged in the PPDU to provide individualized VS information for respective users intended to receive the PPDU.
A device may receive, from a computing device, a request for a two-factor authentication of a user. A device may transmit, from a server to the computing device and based on the request, multi-factor authentication data to the computing device. A device may establish a short-distance wireless communication link between the computing device and a registered mobile device. A device may transmit, from the computing device and via the short-distance wireless communication link, encrypted data which is encrypted based on the multi-factor authentication data, to the registered mobile device. A device may receive, at the server and from the registered mobile device, a confirmation that corrected data was decrypted from the encrypted data. A device may provide, based on the confirmation, the user with access to a service via the computing device.
G06F 21/35 - User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
H04W 4/80 - Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
Techniques and architecture are described for eliminating double encryption in zero-trust network access authenticated sessions. The techniques include an endpoint client-based proxy of a network receiving, from a browser, a request to access a protected private service. The endpoint client-based proxy pauses access of the browser to the protected private service and establishes a transport layer security (TLS) connection between the endpoint client-based proxy and a zero-trust network access (ZTNA) gateway. The ZTNA gateway determines whether the protected private service uses a secure transport mechanism and establishes either a null cipher encrypted tunnel between at least the endpoint client-based proxy and the ZTNA gateway or a non-null cipher encrypted tunnel between at least the endpoint client-based proxy and the ZTNA gateway. The endpoint client-based proxy resumes access of the browser to the protected private service.
Techniques for syncing authentication and/or authorization tokens, cookies, and related metadata across different browser instances to enable disparate applications to share a single authentication/authorization ceremony. The techniques may include receiving a policy indicating multiple enterprise-managed applications that are capable of sharing tokens or cookies for user authentication. The techniques may also include receiving a token or a cookie indicating that a user is authenticated to access a first application of the multiple enterprise-managed applications. Based at least in part on the policy, the token or the cookie may be provided to a browser such that a second application of the multiple enterprise-managed applications refrains from causing the user to authenticate for access to the second application.
Techniques for routing service mesh traffic based on whether the traffic is encrypted or unencrypted are described herein. The techniques may include receiving, from a first node of a cloud-based network, traffic that is to be sent to a second node of the cloud-based network and determining whether the traffic is encrypted or unencrypted. If it is determined that the traffic is encrypted, the traffic may be sent to the second node via a service mesh of the cloud-based platform. Alternatively, or additionally, if it is determined that the traffic is unencrypted, the traffic may be sent to the second node via an encrypted tunnel. In some examples, the techniques may be performed at least partially by a program running on the first node of the cloud-based network, such as an extended Berkeley Packet Filter (eBPF) program, and the like.
In one embodiment, a method includes ingesting security tool findings associated with an application and identifying events associated with the application. The method also includes comparing the security tool findings and the events against known attack paths and determining partial attack path matches between the security tool findings and the events and the known attack paths. The method further includes performing a risk analysis of the partial attack path matches and prioritizing the partial attack path matches based on the risk analysis.
Devices and methods are discussed herein to track networked electronic devices during the course of their lifecycles. Each electronic device may be provided with a “green passport” by its manufacturer which contains all relevant information concerning the operation of the device during its lifetime. When a new electronic device is coupled to a network, it may emit a uniform resource identifier (URI) which may be received by a server that may operate as a manager for the green passports of devices within its purview. The manager may download the green passport from the manufacturer's server. The manager may verify the authenticity of the URI and/or the green passport to avoid security threats. The manager may monitor the electronic device and issue notifications throughout its lifecycle. At the end-of-life of the electronic device, the manager may issue sustainable disposable information for the device.
G06Q 10/20 - Administration of product repair or maintenance
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
23.
BRIDGING CONFIGURATION CHANGES FOR COMPLIANT DEVICES
Various implementations disclosed herein provide a mechanism for determining that a configuration status of a compliant device is too far out-of-date, and subsequently bridging the configuration status of the compliant device to the up-to-date configuration data and instructions in response. In various implementations, determination of the configuration status of the compliant device is possible using a single request from the compliant device, which in turn reduces the amount of network traffic and utilization of network resources needed to update the compliant device with the up-to-date configuration data and instructions.
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
A process can include determining respective link state information corresponding to a plurality of links between two or more border routers and a plurality of child nodes of the two or more border routers, the border routers and the child nodes included in a Destination Oriented Directed Acyclic Graph (DODAG) of a Low-Power Lossy Network (LLN). Consensus information indicative of a current status of each border router of the two or more border routers can be determined based on the respective link state information. The consensus information can be used to update an election of one or more active border routers from the two or more border routers to utilize as a virtual DODAG root for the LLN. Traffic directed to the virtual DODAG root can be routed to an active border router of the two or more border routers based on the updated election.
Predicting network throughput and balancing network loads may be provided. Predicting network throughput and balancing network loads can comprise receiving traffic information from a plurality of Access Points (APs). Based on the traffic information, traffic associated with the plurality of APs can be modeled. Based on the modeled traffic, a gain in AP efficiency for one or more APs of the plurality of APs can be modeled when modifying Station (STA) traffic of a STA. A recommendation can be sent to one or more recipient APs of the plurality of APs, wherein the recommendation indicates the gain in AP efficiency for the one or more APs when modifying the STA traffic.
Optimizing or otherwise improving sounding intervals may be provided. Improving sounding intervals can include generating predicted Channel State information (CSI) of a Station (STA). A Null Data Packet (NDP) Announcement (NDPA) can be sent to the STA, wherein the NDPA instructs the STA to send compressed CSI. A reference signal is then sent to the STA. Finally, the compressed CSI is received from the STA.
H04B 7/06 - Diversity systems; Multi-antenna systems, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the transmitting station
A status report frame may be provided. First, an Access Point (AP) may associate with a client device. Then the AP may send a status report to the client device in a status report frame comprising a protected management frame.
Techniques for coordinating traffic and performing preemption in multi-link operations are provided. At least a first portion of a first element of data is transmitted by the first network device via a first link. A second element of data is identified by the first network device. The transmission of the first element of data is interrupted by the first network device to transmit the second element of data via the first link. A remaining portion of the first element of data is transmitted by the first network device via a second link.
A computer-implemented method of determining whether to configure a detection comprised within a query is disclosed. The method includes analyzing a query to determine clauses within the query that identify logs relevant to the detection comprised within the query. The method further includes determining a statistical distribution for modeling a likely hit rate of the detection. Additionally, the method includes updating the statistical distribution with information associated with an observed hit rate. Also, the method includes determining a hit rate for the detection using the updated statistical distribution and live telemetry data and computing a confidence score for the detection. Responsive to a determination that the confidence score for the detection is above a predetermined threshold, the method includes maintaining the detection online.
Embodiments of the present disclosure provide techniques for efficiently and accurately performing propagation of search-head specific configuration customizations across multiple individual configuration files of search heads of a cluster for a consistent user experience. The cluster of search heads may be synchronized such that the search heads operate to receive the configuration or knowledge object customizations from one or more clients from a central or lead search head. To reduce the amount of data that is transferred during propagation, the list of configuration or knowledge object customizations maintained in each search head is filtered from the list of the lead search head until a divergence point is determined. Once determined and communicated to the lead search head, the lead search head sends the configuration and knowledge object customization data that is absent from the internal list of the member search head.
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
31.
Integration of cloud-based and non-cloud-based data in a data intake and query system
A software module ingests data into a data intake and query system. At least a portion of the data is cloud data. The software module includes an event type definition that specifies a type of data to be ingested by the software module, a first tag that associates ingested data of the event type with a data model, and a second tag that designates ingested data of the event type as cloud data. The ingested data is stored in a data repository, and subsequently a search query that includes the first tag and the second tag is executed against the data repository, to identify ingested cloud data that satisfies the search query and a first search constraint specified in the data model. A display device is caused to display a visualization based on the identified ingested cloud data that satisfies the search query.
A computing device receives an ingest preview request to preview events to be stored by at least one indexer. Responsive to the ingest preview request, the computing device sends a subscription request to the forwarders. The forwarders receive the subscription request and intercept the events that are being sent to at least one of the indexers. The forwarders then clone matching events to the subscription request and responds to the computing device with the matching events. When the computing device receives the matching events, the computing device adds the matching events to a dispatch directory. The user interface is then populated with events in the dispatch directory.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
A process can include determining a plurality of Network Address Translation (NAT) routes associated with respective edge routers included in a same virtual private network (VPN) for communicating with a software-defined wide area network (SDWAN). A process can include identifying a first subset of the plurality of NAT routes as mapped to a first public NAT address included in a NAT pool associated with the VPN. A process can include tagging each NAT route of the first subset with a tag value indicative of a preferred router for receiving return traffic of the respective NAT route. A process can include routing traffic on a respective NAT route of the plurality of NAT routes based on applying, at an SDWAN controller, a corresponding control policy matching the tag value of the respective NAT route.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
In one embodiment, a device identifies a set of attributes from telemetry data generated by one or more agents regarding an online application accessible via a network. The device provides an interactive display to a user interface that includes options for a user to specify a selection of one or more attributes from the set of attributes and to specify an aggregation function. The device updates the interactive display to show a visualization of the aggregation function applied to the selection of one or more attributes and configures the one or more agents to collect only a subset of the telemetry data based on the selection of the one or more attributes and the aggregation function.
In one embodiment, a device identifies a port associated with a backend probing agent for a cloud-hosted application. The device performs external probing of a path to the cloud-hosted application by sending a probe along the path to the port, to generate external probing results. The device triggers the backend probing agent to generate backend probing results by performing backend probing of a backend service used by the cloud-hosted application. The device causes formation of unified probing results that correlate the external probing results and the backend probing results.
In one embodiment, a device determines whether applications in a messaging system are data producers or data consumers. The device determines workloads of the applications. The device assigns message brokers of the messaging system to the applications based on the workloads of the applications and whether the applications are data producers or data consumers.
In one embodiment, a device obtains telemetry data indicative of a plurality of different types of events that occurred in a network. The device computes event counts for each of the plurality of different types of events within each of a sequence of predefined timespans based on the telemetry data and generates timeseries for each of the plurality of different types of events using the event counts. The device provides display data that causes a user interface to display a selected two or more of the timeseries concurrently.
In one embodiment, a device obtains testing parameters used by a plurality of agents in a network to perform testing with respect to an online application. The device identifies overlapping parameters among the testing parameters and generates a consolidated set of testing parameters for the overlapping parameters. The device configures the plurality of agents such that a singular testing agent performs testing with respect to the online application using the consolidated set of testing parameters instead of multiple testing agents performing testing with respect to the online application using the overlapping parameters.
The present disclosure relates to a photodiode and method of forming the photodiode. The photodiode includes a doped layer and an absorption region positioned on the doped layer. The absorption region includes a base region contacting the doped layer, a first facet region positioned on the base region, and a second facet region positioned on the first facet region. The first facet region includes (i) a first tapered surface and a second tapered surface extending from the base region and (ii) a first step region and a second step region extending laterally from the first tapered surface and the second tapered surface, respectively. The second facet region includes a third tapered surface extending from the first step region and a fourth tapered surface extending from the second step region.
H01L 31/0352 - SEMICONDUCTOR DEVICES NOT COVERED BY CLASS - Details thereof characterised by their semiconductor bodies characterised by their shape or by the shapes, relative sizes or disposition of the semiconductor regions
H01L 31/0232 - Optical elements or arrangements associated with the device
H01L 31/105 - Devices sensitive to infrared, visible or ultraviolet radiation characterised by only one potential barrier or surface barrier the potential barrier being of the PIN type
H01L 31/18 - Processes or apparatus specially adapted for the manufacture or treatment of these devices or of parts thereof
The present disclosure relates to an opto-electrical circuit and a method of forming an opto-electrical circuit. According to an embodiment, a circuit includes a photonic integrated circuit, an intermetal dielectric, an oxide layer, and a first electronic integrated circuit. The intermetal dielectric is coupled to the photonic integrated circuit. The oxide layer is coupled to the intermetal dielectric such that the intermetal dielectric is positioned between the photonic integrated circuit and the oxide layer. The first electronic integrated circuit is positioned within the oxide layer and coupled to the intermetal dielectric. A through oxide via extends through the oxide layer to the intermetal dielectric.
The present technology involves system, methods, and computer-readable media for establishing mobility of user equipment (UEs) or mobile from congested new radio (NR) cells to un-congested Long-Term Evolution (LTE) cells. For operators that deploy both LTE cells and NR cells, the UEs can move from congested NR cells to un-congested LTE cells but can also be handed back into un-congested NR cells.
Techniques described herein provide procedures for reducing MACsec Key Agreement (MKA)-related traffic and improving resource allocation for MKA protocol through an EVPN environment. Techniques include leveraging Border Gateway Protocol (BGP) signaling for MKA between Provider Edge (PE) routers instead of between Customer Edge (CE) routers, which mitigates both hardware restrictions and scalability challenges with a new Xaas enablement. A new BGP-EVPN route type is defined that can communicate a set of MKA information along with an address destination associated with a provider edge device to establish a BGP MKA session and enable MACsec encryption/decryption at the provider edge device.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
Techniques for generating and utilizing overlay-based Border Gateway Protocol (BGP) Operations, Administration, and Maintenance (OAM) packets to detect issues with an underlay network. The techniques may include receiving, from a BGP peer device via a control plane path, an OAM probe indicating a forwarding path to be used for sending the traffic to a destination associated with a prefix. The techniques may also include determining, based at least in part on the OAM probe, that a next-hop device is incapable of being utilized to forward the traffic to the destination, the next-hop device determined based on an origination of the prefix. The techniques may further include performing a policy-based action based at least in part on determining that the next-hop device is incapable of being utilized to forward the traffic to the destination.
H04L 45/64 - Routing or path finding of packets in data switching networks using an overlay routing layer
H04L 43/0817 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
H04L 43/10 - Active monitoring, e.g. heartbeat, ping or trace-route
Techniques for coordinating traffic and performing preemption in multi-link operations are provided. At least a first portion of a first element of data is transmitted by the first network device via a first link. A second element of data is identified by the first network device. The transmission of the first element of data is interrupted by the first network device to transmit the second element of data via the first link. A remaining portion of the first element of data is transmitted by the first network device via a second link.
H04W 72/566 - Allocation or scheduling criteria for wireless resources based on priority criteria of the information or information source or recipient
H04W 28/06 - Optimising, e.g. header compression, information sizing
45.
PPDU FORMAT SUPPORTING VENDOR SPECIFIC PER-USER PARAMETERS
A format for a Physical layer Protocol Data Unit (PPDU) that can be transmitted over a network is disclosed. The PPDU includes one or more bits signaling that vendor-specific (VS) per-user content is present in the PPDU. The PPDU also includes one or more bits signaling a VS language in which the VS per-user content is presented. The PPDU further includes bits representing the VS per-user content in the VS language. The VS per-user content is arranged in the PPDU to provide individualized VS information for respective users intended to receive the PPDU.
A first packet of a packet flow is received at a classifying network device. The first packet is forwarded from the classifying network device to a firewall network device. An indication that the packet flow is to be offloaded is received at the classifying network device. Data is stored at the classifying network device indicating that the packet flow is to be offloaded. A non-control packet of the packet flow is received at the classifying network device. A determination is made that the non-control packet belongs to the packet flow by comparing data contained in the non-control packet to the stored data. The non-control packet of the packet flow is directed to a processing entity in response to the determining. A control packet of the packet flow is received at the classifying network device. The control packet of the packet flow is directed to the firewall network device.
G06F 16/901 - Indexing; Data structures therefor; Storage structures
H04L 47/2441 - Traffic characterised by specific attributes, e.g. priority or QoS relying on flow classification, e.g. using integrated services [IntServ]
Optimizing or otherwise improving sounding intervals may be provided. Improving sounding intervals can include generating predicted Channel State information (CSI) of a Station (STA). A Null Data Packet (NDP) Announcement (NDPA) can be sent to the STA, wherein the NDPA instructs the STA to send compressed CSI. A reference signal is then sent to the STA. Finally, the compressed CSI is received from the STA.
Predicting network throughput and balancing network loads may be provided. Predicting network throughput and balancing network loads can comprise receiving traffic information from a plurality of Access Points (APs). Based on the traffic information, traffic associated with the plurality of APs can be modeled. Based on the modeled traffic, a gain in AP efficiency for one or more APs of the plurality of APs can be modeled when modifying Station (STA) traffic of a STA. A recommendation can be sent to one or more recipient APs of the plurality of APs, wherein the recommendation indicates the gain in AP efficiency for the one or more APs when modifying the STA traffic.
Aspects described herein include a method of automated grouping of client devices for a user-defined network (UDN). The method includes receiving, from a first client device, an authentication request to join an access provider network. The authentication request includes a unique identifier of the first client device. The method also includes transmitting the unique identifier to a UDN cloud and receiving a first list from the UDN cloud. The first list indicates that the UDN is associated with the unique identifier. The method further includes joining the first client device with a second client device present on the access provider network based on a second list from the UDN cloud. The second list indicates that the UDN is associated with the second device.
This disclosure describes techniques for allowing an organization to manage user identities. In some examples, the management of user identities may be serverless. In some examples, serverless identity management may be enabled through a distributed application on user devices of the organization. The application may generate and/or store information related to the user identities on the user devices. Serverless identity management may further include storing at least some of the information at a location that is easily accessible to the user devices, such as a cloud computing location, while maintaining security for private data. Serverless identity management may therefore provide an organization with greater operational flexibility.
A method is provided that is performed in a wireless network to detect a rogue wireless device. The method comprises detecting a suspect wireless device in the wireless network based on messages transmitted by the suspect wireless device using a first Media Access Control (MAC) address that is also used by a valid wireless device in the wireless network. When a suspect wireless device is detected, the method next includes sending to the valid wireless device in the wireless network a request configured to cause the valid wireless device to change its MAC address. After the valid wireless device has changed its MAC address, the method involves observing messages transmitted by the suspect wireless device in the wireless network. The method then includes determining that the suspect wireless device is a rogue device when the suspect wireless device continues to transmit messages using the first MAC address.
Disclosed herein are systems, methods, and computer-readable media for upgrading vSmart controllers. In one aspect, a method includes an edge router receiving a notification from a vSmart controller that an upgrade to the controller will occur. The notification can be dynamically triggered by a centralized network management system. In some embodiments, the vSmart controller can run as a virtual machine (VM) and maintains a control plane connection with one or more edge routers in an overlay network. In response to the notification, a length of time of an expiry timer in which the edge router attempts to connect to the vSmart controller can be increased, and the edge router can connect to the vSmart controller once the increased length of time has passed.
Techniques are described for storing and processing network data for responding to queries for such network data. Operational network data is separated from configuration network data so that they can be processed and stored separately. A sliding window cache is used to continually, temporarily store network data objects having time stamps falling within the time range of the sliding window cache. Network data objects stored within the sliding window cache are then moved to computer memory for storage and later retrieval. In response to a query for network data, network data objects can be retrieved from the sliding window cache and also from the computer memory based on time stamps of the network data objects and on the time range of the query.
Techniques for generating and utilizing overlay-based Border Gateway Protocol (BGP) Operations, Administration, and Maintenance (OAM) packets to detect issues with an underlay network. The techniques may include receiving, from a BGP peer device via a control plane path, an OAM probe indicating a forwarding path to be used for sending the traffic to a destination associated with a prefix. The techniques may also include determining, based at least in part on the OAM probe, that a next-hop device is incapable of being utilized to forward the traffic to the destination, the next-hop device determined based on an origination of the prefix. The techniques may further include performing a policy-based action based at least in part on determining that the next-hop device is incapable of being utilized to forward the traffic to the destination.
A network storage volume stores a first entry in a first-mode storage bucket and a second entry in a second-mode storage bucket, the first-mode storage bucket having first bucket metadata, and the second-mode storage bucket having second bucket metadata. At least one bucket to be purged from the buckets of the network storage volume are selected based at least in part on bucket metadata of the plurality of buckets, where the buckets include the first-mode storage bucket and the second-mode storage bucket. The selected bucket is caused to be purged from the network storage volume.
Techniques for implementing a differential differencing TIA for coherent applications are disclosed. A method includes receiving first and second optical signals from a 90 degree optical hybrid that receives a coherent optical signal, wherein the first and second optical signals each include one pair of sum and difference signals output by the 90 degree optical hybrid, generating, based on the first optical signal and from a first photo diode, a first differential signal, generating, based on the second optical signal and from a second photo diode, a second differential signal, differentially transconducting the first and second differential signals to produce first and second transconducted signals, performing a differencing operation on the first and second differential transconducted signals to produce a combined differential-differencing transconducted signal that is representative of the first optical signal and the second optical signal, and outputting the combined differential transconducted signal as a differential output.
In various embodiments, a natural language (NL) application enables users to more effectively access various data storage systems based on NL requests. The NL application includes functionality for selecting an optimal interpretation algorithm, generating a dashboard, and/or generating an alert based on an NL request. Advantageously, the operations performed by the NL application reduce the amount of time and user effort associated with accessing data storage systems and increase the likelihood of properly addressing NL requests.
In one embodiment, a device performs a detection stage of an automated instrumentation pipeline during which the device detects an application server type by examining a command line of a process of an application. The device performs, based on the application server type, an extraction stage of the automated instrumentation pipeline during which the device extracts application server attributes. The device performs, based on the application server attributes, a naming stage of the automated instrumentation pipeline during which the device forms a naming hierarchy for processes of the application. The detection stage, the extraction stage, and the naming stage of the automated instrumentation pipeline do not have access to a controlled space of the application. The device inserts, based in part on the naming hierarchy, arguments into command lines of processes of the application that cause the processes of the application to be instrumented at runtime.
The present disclosure describes an access point with an adjustable scan radio and a method of operating the access point. The access point operates a scan radio to determine first and second sets of metrics for packets detected by the scan radio with a received signal strength indicator (RSSI) greater than first and second RSSI thresholds, respectively. The access point also operates a service radio to determine a third set of metrics for packets transmitted by the service radio and determines a first weight and a second weight based on the third set of metrics. The access point further applies the first and second weights to the first and second sets of metrics to produce first and second sets of weighted metrics and adjusts the service radio based on the first and second sets of weighted metrics.
A format for a Physical layer Protocol Data Unit (PPDU) that can be transmitted over a network is disclosed. The PPDU includes a field having one or more bits identifying whether a vendor-specific signal field (VS-SIG) is present in the PPDU. When present, the VS-SIG includes one or more bits identifying a vendor-specific language in which vendor-specific data is presented. The VS-SIG also includes one or more bits representing the vendor-specific data in the vendor- specific language.
Various methods, systems, and/or processes are described herein to create more sustainable configurations of wireless Access Points (APs), switches, and other network devices based upon network speed, client demand, among other factors. Clients may wirelessly couple to an AP using a variety of different technologies. The clients may be distributed over these frequency bands in an optimal manner allowing minimum use of transceiver power. The network link speed between the AP and the Ethernet switch may also be dynamically adjusted. These configurations may dynamically change over time as client demand or network traffic increases or decreases. In certain other configurations, the APs may have a higher wireless throughput than the ethemet connections to the network. In these instances, sustainable configurations can be achieved by powering down transceivers, radio chains, and/or processor cores. Traffic and other events may trigger the need for new sustainable configurations to be generated and applied.
H04L 41/0833 - Configuration setting characterised by the purposes of a change of settings, e.g. optimising configuration for enhancing reliability for reduction of network energy consumption
H04W 24/04 - Arrangements for maintaining operational condition
Techniques for symmetric routing in a software-defined wide area network (SDWAN) are disclosed herein. In some aspects, the techniques described herein relate to a method including: determining a first device group, wherein the first device group includes a first router associated with a branch tag and a second router associated with a hub tag; determining a second device group, wherein the second device group includes a third router associated with and a fourth router associated with the hub tag; transmitting a first route advertisement associated with a first route from the first router to the second router to the first router; transmitting a second route advertisement associated with a second route from the first router to the third router to the first router; and preventing transmission of a third route advertisement associated with a third route from the first router to the fourth router to the first router.
Techniques for extending application-aware routing (AAR) policies to enable intelligent routing decisions based on device security posture. The techniques may include receiving, from a client device, traffic that is to be sent over a network to an application and determining a security score associated with the traffic. The security score may be based on a security posture associated with the client device, a security level associated with a connectivity network used by the client device, and the like. The techniques may also include determining, based at least in part on the security score and based at least in part on an application-aware routing policy, a path for sending the traffic to the application.
Devices, systems, methods, and processes for orchestrating and managing various lower-power modes in a variety of network devices within a network are described herein. Various network devices, such as access points may be capable of entering one or more lower-power modes of operation that utilize less electricity to operate. When initiating a lower-power mode, the various clients that the network device has been handling need to be handed off to a sibling AP nearby. However, when exiting these lower-power modes, these devices may need different amounts of time to reboot and/or resume normal operations. Thus, when deciding which clients to re-associate with the waking up network device, various considerations need to be weighed based on client needs and network device capabilities. Thus, a smart environmental controller (SEC) is utilized to coordinate these processes. The SEC can be a specialized device, or a logic distributed remotely or among the network devices.
This document discloses methods and systems for modeling product usage. In one practical application, the systems and methods may be utilized to model product usage based on large volume, machine generated product usage data to optimize product pricing and operations. Specifically, the systems and methods described herein may utilize methods with key components to select the maximum number of dimensions that can be modeled based on the number of data points, use a logarithm kernel function to normalize machine data with long-tailed statistical distributions on different numerical scales, compare a large number of candidate models with different candidate dimensions and different structures, and quantify the amount of change and drift in models over time.
A set of alert records stored in a shared alert data store that is shared amongst a cluster of processing nodes are presented in an interface. From the interface, a request is received to delete an identified alert record from the set of alert records. A delete alert record matching the identified alert record is added to the shared alert data store. The identified alert record is deleted from the shared alert data store responsive to the request. The delete alert record is transmitted to a processing node of the cluster of processing nodes, wherein the processing node deletes a local copy of the identified alert record according to the delete alert record.
Techniques are disclosed for placing content in and applying layers to an extended reality environment. An extended reality (XR) system determines an identifier that is associated with an object viewable within an extended reality environment. The XR system determines a plurality of data structures associated with the identifier, each data structure including a workspace and a dashboard. The XR system generates, using the plurality of data structures, a plurality of extended reality objects for display in the extended reality environment, each extended reality object including a dashboard from the plurality of data structures, where, in the extended reality environment, a first dashboard is visible. The XR system receives an input associated with the extended reality environment. The XR system causes, in response to the input, the second dashboard to be visible.
G06F 3/04815 - Interaction with a metaphor-based environment or interaction object displayed as three-dimensional, e.g. changing the user viewpoint with respect to the environment or object
G06F 3/04883 - Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures for inputting data by handwriting, e.g. gesture or text
G06F 16/955 - Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
G06T 19/00 - Manipulating 3D models or images for computer graphics
68.
PROACTIVE PATH COMPUTATION ELEMENT TO ACCELERATE PATH COMPUTATION
A method performed at a controller of an optical network configured with an optical path comprising a series of fiber spans for forwarding traffic: as a background operation to forwarding the traffic along the optical path, generating and storing precomputed optical paths as alternates to the optical path for path restoration by simulating some number of faults impacting the optical path; upon receiving, from the optical network, a path restoration query that indicates actually failed fiber spans, determining availability of a precomputed optical path that avoids the actually failed fiber spans; and when the precomputed optical path is available, sending, to the optical network, a first descriptor of the precomputed optical path to enable a deployment of the precomputed optical path. The method drastically reduces the time of alternate path research in complex meshed networks.
Aspects of the present disclosure are directed to improving network resource utilization (at edge network devices) as well as at cloud-based processing components of a network, when performing attribute searches on video data captured at the edge devices of the network. In one aspect, a method includes detecting a motion event in a plurality of frames of video data captured using one or more edge devices, generating a motion blob for a subset of the plurality of frames associated with the motion event, processing the motion blob to generate one or more attributes, wherein each of the one or more attributes are identified once in the motion blob, and send the one or more attributes to a cloud processing component.
The present disclosure describes systems and methods for detecting temperature in an electro-optical circuit (e.g., an electro-optical transceiver). According to an embodiment, an electro-optical circuit includes a photonic integrated circuit and an electronic integrated circuit. The photonic integrated circuit includes an optical component and a first resistor positioned by the optical component. The electronic integrated circuit determines a temperature for the optical component based on a first resistance of the first resistor.
G01K 7/18 - Measuring temperature based on the use of electric or magnetic elements directly sensitive to heat using resistive elements the element being a linear resistance, e.g. platinum resistance thermometer
G02F 1/01 - Devices or arrangements for the control of the intensity, colour, phase, polarisation or direction of light arriving from an independent light source, e.g. switching, gating or modulating; Non-linear optics for the control of the intensity, phase, polarisation or colour
Various methods, systems, and/or processes are described herein to create more sustainable configurations of wireless Access Points (APs), switches, and other network devices based upon network speed, client demand, among other factors. Clients may wirelessly couple to an AP using a variety of different technologies. The clients may be distributed over these frequency bands in an optimal manner allowing minimum use of transceiver power. The network link speed between the AP and the Ethernet switch may also be dynamically adjusted. These configurations may dynamically change over time as client demand or network traffic increases or decreases. In certain other configurations, the APs may have a higher wireless throughput than the ethernet connections to the network. In these instances, sustainable configurations can be achieved by powering down transceivers, radio chains, and/or processor cores. Traffic and other events may trigger the need for new sustainable configurations to be generated and applied.
Techniques for determine latency, loss, and liveness performance metrics associated with ECMP routes. The techniques may include determining that a TWAMP probe is to be sent from a first node to a second node along an equal-cost multipath ECMP route. In some examples, the first node may generate a packet for sending the TWAMP probe to the second node. The packet may include information specifying a forward path and reverse path to be traversed by the packet. In examples, the first node may send the packet to the second node along the ECMP route and subsequently receive the packet including telemetry data associated with the second node and a midpoint node of the ECMP route. Based at least in part on the telemetry data, the first node may determine a metric indicative of a performance measurement associated with the ECMP route.
This disclosure describes techniques and mechanisms for performing passive measurement for combined one-way latency, packet loss metrics along with liveness detection using customer data packets ingested at a sink node in hardware for Level 2 and Level 3 VPN services. The customer data packets are sampled and copied for measurement either at source node or sink node. The duplicated measurement packet headers are punted based on the IPV6 destination option type to hardware analytics engine at sink node for analytics that populates histogram bins using the timestamps from the packets. Using the transmitted packets during a period, and received packets in all the bins, packet loss is measured. Based on the packets received status, liveness state is detected by the sink node and notified to the source node.
The disclosed technology relates to a process of dynamically assigning operational parameters for access points within a CBRS (Citizen Broadband Radio Service) network. In particular, the disclosed technology monitors for and detects interference between nearby access points and user equipment devices that may belong to the same enterprise or to different enterprises. Machine learning processes are used to revise the operational parameters that were initially assigned by the Spectrum Access System (SAS). These processes are also used to suggest an updated set of operational parameters to the SAS for the access points. The dynamic assignment reduces interference experienced by the access point with respect to nearby other access points and/or nearby other user equipment. The dynamic assignment aims to improve a quality of communication between the access point and its associated user equipment.
Systems, methods, and computer-readable media are disclosed for dynamically adjusting a configuration of a pre-processor and/or a post-processor of a machine learning system. In one aspect, a machine learning system can receive raw data at a pre-processor where the pre-processor being configured to generate pre-processed data, train a machine learning model based on the pre-processed data to generate output data, process the output data at a post-processor to generate inference data, and adjust, by a controller, configuration of one or a combination of the pre-processor and the post-processor based on the inference data.
A composite connector includes modular data connectors, electrical power connectors, a fluid exchange connector, an alignment feature, and a housing. The modular data connectors include electrical data connectors and optical data connectors and are configured to carry data. The electrical power connectors are configured to carry electrical power, and the fluid exchange connector is configured to carry cooling fluid. The composite connector includes an alignment feature to align the composite connector with a complementary connector. The housing of the composite connector is configured to contain the modular data connectors, the electrical power connectors, the fluid exchange connector, and the alignment feature in a confined physical space.
The present disclosure is directed to managing industrial internet of things end points and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more switches to perform operations comprising: identifying a first end point using a protocol associated with the first end point, determining a classification for the identified first end point based on one or more attributes of the first end point, identifying one or more related end points having the classification in common with the first end point, segmenting the first end point with the identified one or more related end points, and applying one or more policies to the segmented first end point and the one or more related end points.
H04L 41/50 - Network service management, e.g. ensuring proper service fulfilment according to agreements
H04L 47/76 - Admission control; Resource allocation using dynamic resource allocation, e.g. in-call renegotiation requested by the user or requested by the network in response to changing network conditions
H04L 67/12 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Techniques for managing migrations of QUIC connection session(s) across proxy nodes, data centers, and/or private application nodes are described herein. A global key-value datastore, accessible by proxy nodes and/or application nodes, may store mappings between a first QUIC connection, associated with a proxy node and a client device, on the frontend of the proxy node and a second QUIC connection, associated with the proxy node and an application node, on the backend of the proxy node. With the global key-value datastore being accessible by the proxy nodes, when a proxy node receives a QUIC packet on the front end or the back end, the proxy node may determine where to map this connection to on the opposite end. Additionally, with the global key-value datastore being accessible to the application nodes, when an application node receives a QUIC packet, the application node may determine the client device associated with the connection.
H04L 61/103 - Mapping addresses of different types across network layers, e.g. resolution of network layer into physical layer addresses or address resolution protocol [ARP]
H04L 61/4511 - Network directories; Name-to-address mapping using standardised directory access protocols using domain name system [DNS]
H04L 67/02 - Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
H04L 67/101 - Server selection for load balancing based on network conditions
H04L 67/1012 - Server selection for load balancing based on compliance of requirements or conditions with available server resources
The present technology is directed to signaling unreachability of a network device, more specifically, a prefix of the network device in network that utilizes route summarization. A pulse trigger agent can detect an unreachability of at least one Provider Edge (PE) device in a network domain of a network and determine that a route summarization is being used within the network where the unreachability of the at least one PE device is hidden by the route summarization. A pulse distribution agent can transmit a failure message informing other PE devices of the unreachability of the at least one PE device.
H04L 41/0654 - Management of faults, events, alarms or notifications using network fault recovery
H04L 41/0631 - Management of faults, events, alarms or notifications using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
H04L 41/0686 - Additional information in the notification, e.g. enhancement of specific meta-data
In some embodiments, operational characteristics-based container management may include receiving, by a device and from a container agent executing in a container environment, operational characteristics of an application instance executing in the container environment; determining, by the device and based on the operational characteristics, whether the application instance executing in the container environment is associated with a policy violation for application instances; generating, by the device, a notification of the policy violation when the device determines that the application instance is associated with the policy violation; and causing, by the device, the container environment to perform a mitigation action of the policy violation by the application instance.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Disclosed are systems, apparatuses, methods, and computer-readable media for configuring network groups without software-based processing and management. A method includes: validating veracity of a secure enclave based on a secure identify of the secure enclave using the instructions of a secure enclave predriver stored in a memory integral to a processor; establishing a secure connection with the secure enclave; retrieving at least one authentication key from the secure enclave; retrieving at least a portion of a bootstrapper from a secure storage based on the instructions of the secure enclave predriver; validating a veracity of the bootstrapper based on the at least one authentication key; initializing an external memory using the instructions of the bootstrapper; copying a bootloader from the secure storage into the external memory; validating a veracity of the bootloader based on the at least one authentication key; and executing the bootloader.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
In one embodiment, a method includes generating a security policy and converting the security policy into a chaos hypothesis. The method also includes initiating execution of the chaos hypothesis across a plurality of microservices within a technology stack. The method further includes receiving metrics associated with the execution of the chaos hypothesis across the plurality of microservices within the technology stack.
Systems and methods for providing system wide cyber security policies include providing a unified security policy to a distributed cloud environment that includes cloud, edge, and local infrastructure. The method includes identifying one or more assets and using telemetry and logs associated with the assets to determine one or more paths connecting the one or more assets. Once one or more paths are determined, the method produces a map of the paths and determines the level of compliance for each. The paths are ranked and a user, such as an administrator or CISO, may be informed of the rankings.
Techniques for memory access management in a distributed computing system are described herein. In some aspects, the techniques described herein relate to a method for memory access management in a distributed computing system, where the method includes: receiving a first request to execute a first operation using a distributed architecture and in a uniform memory access (UMA) mode, wherein the distributed architecture comprises a first processor, a first memory that is local to the first processor, and a second memory that is remote to the first processor; subsequent to receiving the first request and a first delay period, transmitting first data associated with the first operation to the first processor, wherein the first data is stored in the first memory; and subsequent to receiving the first request, transmitting second data associated with the first operation to the first processor, wherein the second data is stored in the second memory.
Methods and systems for encoding multi-level pulse amplitude modulated signals using integrated optoelectronics are disclosed and may include generating a multi-level, amplitude-modulated optical signal utilizing an optical modulator driven by first and second electrical input signals, where the optical modulator may configure levels in the multi-level amplitude modulated optical signal, drivers are coupled to the optical modulator; and the first and second electrical input signals may be synchronized before being communicated to the drivers. The optical modulator may include optical modulator elements coupled in series and configured into groups. The number of optical modular elements and groups may configure the number of levels in the multi-level amplitude modulated optical signal. Unit drivers may be coupled to each of the groups. The electrical input signals may be synchronized before communicating them to the unit drivers utilizing flip-flops. Phase addition may be synchronized utilizing one or more electrical delay lines.
H04B 10/516 - Transmitters - Details of coding or modulation
G02B 26/06 - Optical devices or arrangements for the control of light using movable or deformable optical elements for controlling the phase of light
G02B 26/08 - Optical devices or arrangements for the control of light using movable or deformable optical elements for controlling the direction of light
G02F 1/01 - Devices or arrangements for the control of the intensity, colour, phase, polarisation or direction of light arriving from an independent light source, e.g. switching, gating or modulating; Non-linear optics for the control of the intensity, phase, polarisation or colour
G02F 1/21 - Devices or arrangements for the control of the intensity, colour, phase, polarisation or direction of light arriving from an independent light source, e.g. switching, gating or modulating; Non-linear optics for the control of the intensity, phase, polarisation or colour by interference
G02F 1/225 - Devices or arrangements for the control of the intensity, colour, phase, polarisation or direction of light arriving from an independent light source, e.g. switching, gating or modulating; Non-linear optics for the control of the intensity, phase, polarisation or colour by interference in an optical waveguide structure
H04B 10/079 - Arrangements for monitoring or testing transmission systems; Arrangements for fault measurement of transmission systems using an in-service signal using measurements of the data signal
Disclosed are systems, apparatuses, methods, and computer-readable media to address bearer loss during inter-radio access technology (RAT) handovers. A method includes sending a create bearer request for establishing a service for the mobile device using a first connection; receiving a create bearer response message to setup a second connection for the mobile device to continue the service; and, in response to the create bearer response message, sending an update bearer request message to provide the mobile device with the QoS information associated with the second connection, the QoS information allowing the mobile device to verify an existing QoS flow to continue the service after the handover. In some cases, a user equipment (UE) may delete a mapping between a QoS information when a previous message does not include an evolved packet core (EPC) bearer indicator (EBI) that identifies QoS policies.
Systems and techniques are provided for synchronizing DHCP snoop information. In some examples, a method can include, performing, by a first PE device from a plurality of PE devices, DHCP snooping of a first plurality of DHCP messages between a DHCP client and a DHCP server, wherein the plurality of PE devices is part of an ethernet segment for multihoming the DHCP client. In some aspects, the method includes determining, based on snooping the first plurality of DHCP messages, an association between an IP address corresponding to the DHCP client and a MAC address corresponding to the DHCP client. In some examples, the method includes sending, by the first PE device to at least one other PE device from the plurality of PE devices, a first route advertisement that includes the association between the IP address corresponding to the DHCP client and the MAC address corresponding to the DHCP client.
Disclosed herein are systems, methods, and computer-readable media for increasing security of devices that leverages an integration of an authentication system with at least one corporate service. In one aspect, a request is received from a user device to authenticate a person as a particular user by the authentication system. A photo of the person attempting to be authenticated as the particular user is captured. Nodal points are mapped to the captured photo of the person attempting to be authenticated, and the nodal points from the photo are compared against a reference model for facial recognition of the particular user. It is then determined whether the nodal points match the reference model for the particular user. The present technology also includes sending a command to the user device to send data to identify the person, and/or a location of the user device.
In one embodiment, an access policy enforcement service receives a user authentication request from an end-user device. The access policy enforcement service identifies a telemetry collection intent from the user authentication request. The access policy enforcement service determines a monitoring policy based on the telemetry collection intent identified from the user authentication request. The access policy enforcement service configures, according to the monitoring policy, one or more telemetry collection agents to collect telemetry for traffic associated with the end-user device.
In one embodiment, a device determines one or more key-value pairs associated with observability data for an online application, and searches the observability data for events corresponding to the one or more key-value pairs. The device also builds a responsive event list with the events corresponding to the one or more key-value pairs within the observability data and sorts the responsive event list by associated timestamps to provide the responsive event list as a sequence of transactional milestones reached by one or more users of the online application.
Aspects of the present disclosure are directed to improving network resource utilization (at edge network devices) as well as at cloud-based processing components of a network, when performing attribute searches on video data captured at the edge devices of the network. In one aspect, a method includes detecting a motion event in a plurality of frames of video data captured using one or more edge devices, generating a motion blob for a subset of the plurality of frames associated with the motion event, processing the motion blob to generate one or more attributes, wherein each of the one or more attributes are identified once in the motion blob, and send the one or more attributes to a cloud processing component.
G06V 20/52 - Surveillance or monitoring of activities, e.g. for recognising suspicious objects
G06F 16/783 - Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content
G06V 10/22 - Image preprocessing by selection of a specific region containing or referencing a pattern; Locating or processing of specific regions to guide the detection or recognition
G06V 10/25 - Determination of region of interest [ROI] or a volume of interest [VOI]
G06V 10/44 - Local feature extraction by analysis of parts of the pattern, e.g. by detecting edges, contours, loops, corners, strokes or intersections; Connectivity analysis, e.g. of connected components
G06V 10/62 - Extraction of image or video features relating to a temporal dimension, e.g. time-based feature extraction; Pattern tracking
G06V 10/764 - Arrangements for image or video recognition or understanding using pattern recognition or machine learning using classification, e.g. of video objects
G06V 10/80 - Fusion, i.e. combining data from various sources at the sensor level, preprocessing level, feature extraction level or classification level
G06V 10/94 - Hardware or software architectures specially adapted for image or video understanding
G06V 20/40 - Scenes; Scene-specific elements in video content
H04N 5/14 - Picture signal circuitry for video frequency region
H04N 7/18 - Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
H04N 21/234 - Processing of video elementary streams, e.g. splicing of video streams or manipulating MPEG-4 scene graphs
H04N 23/61 - Control of cameras or camera modules based on recognised objects
92.
ACTIVE AND PASSIVE MEASUREMENT ON DATA TRAFFIC OF A VIRTUAL PRIVATE NETWORK (VPN) SERVICE
This disclosure describes techniques and mechanisms for performing passive measurement for combined one¬ way latency, packet loss metrics along with liveness detection using customer data packets ingested at a sink node in hardware for Level 2 and Level 3 VPN sendees. The customer data packets are sampled and copied for measurement either at source node or sink node. The duplicated measurement packet headers are punted based on the IPv6 destination option type to hardware analytics engine at sink node for analytics that populates histogram bins using the timestamps from the packets. Using the transmitted packets during a period, and received packets in all the bins, packet loss is measured. Based on the packets received status, liveness state is detected by the sink node and notified to the source node.
A method for file system destinations includes obtaining events for storage on one or more of the storage systems. For each event, the method includes extracting at least one field value from the event, comparing the at least one field value to configurations of the storage systems to identify at least one storage system of the plurality of storage systems having a matching configuration, transmitting the event to an ingest module queue for the at least one storage system, selecting a partition for the event based on the at least one field value to obtain a selected partition, mapping the selected partition to a file using a partition mapping, and appending the event to the file on the at least one storage system.
Techniques for improved networking are provided. An access point (AP) determines an AP duty cycle based at least in part on transmission activity of a station (STA) associated to the AP. The AP duty cycle is signaled via one or more beacon frames transmitted by the AP. The AP exchanges data in accordance with the AP duty cycle, comprising exchanging data with the STA during one or more active periods indicated by the AP duty cycle, and sleeping during one or more inactive periods indicated by the AP duty cycle.
Devices, systems, methods, and processes for conducting sustainability-aware virtual meetings are described herein. When establishing virtual meetings, each of the participants can have various devices, locations, histories, and other data associated with them. This data can be packaged together as a user profile which can be transmitted to a virtual meeting service or a host that can receive the various user profiles and generate a meeting profile that can be utilized to maximize the overall sustainability of the virtual meeting. The meeting profile can include configuration suggestions that can be transmitted out to each corresponding device of the participants to either prompt or automatically adjust one or more settings, features, or other configuration, such as energy-saving features, that can increase the overall sustainability. These conditions can be monitored during the meeting and adjusted dynamically in response to changing conditions. In response, devices can adjust configurations or alter audio/video transmissions.
A method to achieve fast session transfer between radio access technologies. The method includes monitoring radio performance between an access point of a wireless local area network and a user equipment in a wireless local area network, and in response to detecting that the radio performance is below a predetermined threshold, the access point signaling the user equipment to scan for and access a cellular radio service.
A heterogeneous graph learning system generates and analyzes network implementations. The heterogeneous graph learning system includes obtaining information describing multiple network implementations including heterogeneous nodes. The heterogeneous graph learning system also includes generating a one-hop graph connecting a particular node of the heterogeneous nodes with a set of related nodes. The one-hop graph connects the particular node with the set of related nodes via corresponding edges. The heterogeneous graph learning system further includes transforming the one-hop graph into a weighted graph based on a Dynamic Meta Path Transformation (DMPT). In the DMPT, each of the corresponding edges connecting the particular node to a corresponding related node among the set of related nodes is associated with a corresponding weight.
H04L 41/12 - Discovery or management of network topologies
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
98.
ACTIVELY ALIGNED AND REFLOWABLE PLUGGABLE-CONNECTOR FOR PHOTONIC INTEGRATED CIRCUITS
Embodiments herein describe attaching (or bonding) alignment parts to a photonic die so that these alignment parts can then be used to passively align a FAU to the photonic die. In one embodiment, the alignment part (or parts) is aligned to a photonic die using a mounting FAU. The mounting FAU (along with the mated alignment parts) can then be actively aligned to the photonic die. When aligned, the alignment parts can be bonded (e.g., using cured epoxy) to the photonic die. The mounting FAU can then be lifted off, leaving the alignment parts attached to the photonic die. Later, a final product FAU (which may have a different shape than the mounting FAU) can then be passively aligned to the photonic die using the previously mounted alignment part or parts.
Devices, systems, methods, and processes for conducting sustainability-aware virtual meetings are described herein. When establishing virtual meetings, each of the participants can have various devices, locations, histories, and other data associated with them. This data can be packaged together as a user profile which can be transmitted to a virtual meeting service or a host that can receive the various user profiles and generate a meeting profile that can be utilized to maximize the overall sustainability of the virtual meeting. The meeting profile can include configuration suggestions that can be transmitted out to each corresponding device of the participants to either prompt or automatically adjust one or more settings, features, or other configuration, such as energy-saving features, that can increase the overall sustainability. These conditions can be monitored during the meeting and adjusted dynamically in response to changing conditions. In response, devices can adjust configurations or alter audio/video transmissions.
Provided herein are techniques to facilitate conflict management in a shared Open Radio Access Network (O-RAN) architecture. In one instance, a method can be performed by a conflict manager of a near-real-time RAN intelligent controller of a shared RAN including radio unit (RU) nodes provided by a host operator. The method can include obtaining each of a requested radio unit (RU) configuration from each of a distributed unit (DU) node operated by each of a tenant operator and determining whether there are any conflicts among RU configuration parameters for each requested RU configuration. In one instance, upon determining one or more conflicts among the RU configuration parameters for each requested RU configuration, the method may include providing a response to each DU node indicating that each DU node is allowed to configure the plurality of RU nodes using each requested RU configuration in accordance with a modification.