ACCESS POINT NAME (APN)/DATA NETWORK NAME (DNN) BASED AUTO-ANCHORING OF FIFTH GENERATION/NEXT GENERATION TRAFFIC IN WI-FI

Private Third Generation Partnership Project (3GPP) Fifth Generation/next Generation (5G/nG) network environments will have a mix of access technologies, such as Wi-Fi6 and 5G/nG Radio Access Network (RAN) technologies. Techniques presented herein provide for the capability to transport and intelligently anchor 5G/nG data using a Wi-Fi system, which may allow for private 5G/nG onboarding utilizing the Wi-Fi system

SELECTION OF 5G AKMA AUTHENTICATION POLICY AND APPLICATION FUNCTION BASED ON A TENANT IDENTIFIER OBTAINED FROM A USER EQUIPMENT ESIM

AKMA (Authentication and Key Management for Applications) is an authentication mechanism introduced in Third Generation Partnership Project (3GPP) Technical Specification (TS) 33.535, Release 16 (and further enhanced in later releases) that can be used to leverage an operator authentication infrastructure to secure communications between a user equipment (UE) and an Application Function (AF). Proposed herein are techniques to facilitate UE authentication for multi-tenant cloud environments. Broadly, techniques proposed herein provide for using a tenant identifier (ID) associated with the eSIM (electronic or embedded Subscriber Identity Module) of a UE in order to determine/obtain the correct policy that corresponds to a given enterprise identified by the tenant ID. The policy can be used to select appropriate keying material to derive AKMA keys and select an appropriate AF of a multi-tenanted cloud provider that is partnering with a 5G provider to facilitate connection to cloud services of the provider

WORKLOAD IDENTITY MANAGEMENT USING AGENT AND CONTROLLER

Techniques described herein provide for an approach in which an agent provisions a workload with initial credentials based on a workload profile that is learned using a controller. During runtime, when the workload requests a new token using its initial token to interact with peer workloads, an authorization server coordinates with the controller to learn the upstream/downstream peer workloads that will be in the path for the flows the workload will handle. Based on the security posture of those workloads, an appropriate scoped token is returned. This ensures malicious / untrusted workloads in the path cannot re-use or proxy the token

AUTHENTICATION AND KEY MANAGEMENT OF IOT APPLICATIONS WITH EXTENDED WIFI AUTHENTICATION (WIFI AKMA)

Internet of things (IoT) devices frequently apply insufficient authentication mechanisms with their application servers due to the constrained nature of such devices. For example, most IoT devices lack the resources that are necessary to store usernames and passwords, certificates, and keys in a secured manner. The challenge that was described above is solved in a 3rd Generation Partnership Project (3GPP) fifth-generation (5G) wireless environment through the Authentication and Key Management for Applications (AKMA) initiative. However, there is no AKMA-equivalent facility within a WiFi environment. Accordingly, techniques are presented herein that extend the WiFi authentication process to support application server authentication for constrained devices. Aspects of the presented techniques support an exchange of a WiFi key and a key identifier (which may be referred to herein as a KAKMA key and an A-KID) as part of an Extensible Authentication Protocol (EAP) tunnel using a new information element (IE) once an authentication process has successfully completed. Such an exchange allows a station (STA) device to use the key tuple {KAKMA, A-KID} to access any application functions that are grouped with that key identifier (i.e., A-KID) without requiring any further authentication

ENTERPRISE PRIVATE 5G SELF-HEALING NETWORK

With the advent of Internet-of-Things (IoT) devices being utilized in enterprise deployments, industry is heading towards the deployment of Fifth Generation (5G) technologies in enterprise networks with regulators around the globe opening private as well as shared spectrum to facilitate 5G usage. In enterprise private 5G deployments with use-cases such as factory automation, etc. there is need for minimal service disruptions. Additionally, the UE/subscriber session scale will be increased for 5G deployments and the number of applications having critical use-cases with low latency and high bandwidth will also increase. With all these niches and for supporting URLLC use-cases comes the need for radio access network (RAN) and packet core systems to properly function with no service disruption most of the time. Presented herein are techniques to provide a 5G core system (5GC) system as a self-healing network that facilitates network assurance for enterprise private 5G deployments

Coarse grained dynamics of the freely cooling granular gas in one dimension

We study the dynamics and structure of clusters in the inhomogeneous clustered regime of a freely cooling granular gas of point particles in one dimension. The coefficient of restitution is modeled as $r_0<1$ or 1 depending on whether the relative speed is greater or smaller than a velocity scale $\delta$. The effective fragmentation rate of a cluster is shown to rise sharply beyond a $\delta$ dependent time scale. This crossover is coincident with the velocity fluctuations within a cluster becoming order $\delta$. Beyond this crossover time, the cluster size distribution develops a nontrivial power law distribution, whose scaling properties are related to those of the velocity fluctuations. We argue that these underlying features are responsible behind the recently observed nontrivial coarsening behaviour in the one dimensional freely cooling granular gas.Comment: 7 Pages, 9 Figure

PROACTIVE EXCHANGE OF DATA BETWEEN CLOUD PROVIDERS VIA CONTROLLER COORDINATION AND TRIGGER DYNAMIC WORKFLOWS

A multi-cloud Software Defined Network (SDN) controller proactively learns insights about subscribers, such as enterprise users, end users, and/or other cloud providers. Based on the learned insights, the multi-SDN controller applies dynamic policies on other cloud provides to which those subscribers are attached to. The multi-cloud SDN controller co-ordinates with various cloud providers, enterprise network controllers, and Internet Service Providers (ISPs) to proactively notify other cloud providers with information about affected users so that those providers can install additional resources at cloud edge/core on the fly. Additionally, the multi-cloud SDN controller facilitates a warm hand off from one cloud region to another cloud region. When the multi-cloud SDN controller learns about an enterprise outage, it proactively notifies other cloud providers of the outage event and the other cloud providers can use this for a warm hand off of session to the region(s) through which the users will be reconnected. The likely regions are derived based on telemetry obtained from multi-cloud SDN controller. The multi-cloud SDN controller also triggers a proactive cleanup of user context of the cloud provider side. The cloud provider cleans up after the connection reset event based on information from the multi-cloud SDN controller, rather than wait on a timeout of the connection

SECURITY CLASSIFICATION BASED QUIC TRAFFIC STEERING IN A SECURE INTERNET GATEWAY (SIG)

The Quick User Datagram Protocol (UDP) Internet Connection (QUIC) protocol is slated to become the next (third) major version of the Hypertext Transfer Protocol (HTTP) – i.e., HTTP/3. As applications transition to QUIC for web traffic, a Secure Internet Gateway (SIG) needs to effectively load balance, proxy, and classify QUIC traffic. Techniques are presented herein that make use of a custom Connection ID (CID) artifact to allow a load balancer to determine, with minimal processing, a target server, and potentially the application that the QUIC flow is serving, in support of steering traffic to the appropriate upstream services. Additionally, techniques are presented herein that leverage an exchange of data over an out-of-band channel in support of the enforcement of Quality of Service (QoS) requirements on an enterprise gateway

RESOURCE-CENTRIC AND CONTEXT AWARE ENHANCED METRIC COLLECTION FOR ENRICHED APPLICATION PERFORMANCE VISIBILITY

In many cloud computing environments, cloud-native applications can be decoupled from the underlying hardware that operates such applications. Presented herein are techniques through which capabilities and metrics collected from a virtual/physical compute resource can be used to identify the presence of different accelerators and their capabilities in real time. The metrics that can be collected from within an application can be extended to include execution context awareness, which may be used to suggest a resource profile for the application. Further, holistic visualization of various metrics can be provided in some instances based on the accelerator from where a service is being executed

Information Retrieval on the World Wide Web

Effective search and retrieval are enabling technologies for realizing the full potential of the Web. The authors examine relevant issues, including methods for representing document content. They also compare available search tools and suggest methods for improving retrieval effectiveness