Systems, methods and computer program products for controlling access to data owned by an application subscriber using two-factor access control and user partitioning are disclosed. In one embodiment, applications are executed on a multi-tenant application platform in which user partitions designate associated users and authentication services for those users. Tenants may subscribe to the applications and may allow access to the subscriptions through designated entry points. Users that are authenticated according to the corresponding user partition and access the application through the designated entry point are allowed to access the application through the tenant's subscription.

A method and system to manage connectivity of a client device in a mesh network including one or more network devices. A first network device determines a first client link cost metric associated with a first connection between the first network device and the client device. The first network device determines a first mesh link cost metric associated with a second connection between the first network device and a destination device. A first total connection cost metric is determined based on the first client link cost metric and the first mesh link cost metric. The first network device identifies a set of total connection cost metrics associated with the one or more network devices and destination device of the network. The first network device executes a connection decision in response to a comparison of the set of total connection cost metrics.

A mesh network protocol, comprising: receiving a packet from a sender, identifying the sender, a prior sender, a flood mode, a time-to-live, and a sequence identifier; marking the recipient as critical if during a full flood period, the recipient is the same as the prior sender, and marking the recipient as non-critical if no packet is received with the recipient the same as the prior sender; rebroadcasting the packet, modified by updating sender with the recipient, and sender as prior sender, decrementing the time to live until expiration, and, the identity of the recipient is different from the identity of the prior sender in full flood mode; or the identity of the recipient is different from the prior sender, and the recipient is critical, in partial flood mode.

Methods, wireless devices and network nodes for avoiding collision between a downlink control channel and a aperiodic channel state information reference signal, aperiodic CSI-RS, are provided. According to some aspects, a method is provided that includes receiving an aperiodic channel state information reference signal, aperiodic CSI-RS, based on an assumption that the aperiodic CSI-RS is not present in physical layer resources corresponding to a downlink control channel set.

Certain aspects of the disclosure are directed to customization of alerts using telecommunications services. A data-communications server is configured to a set of virtual office features including client-specific call routing functions available to remotely-situated client entities based on a subscription. The server is configured to provide to the client entities, a set of instructions written in a first programming language, and to receive from each respective client entity, client-specific sets of control data written in a second programming language. The client-specific sets of control data may specify particular alerts, informational data and/or reminders to be provided to end-users of the respective client entity.

The present invention provides for fabricating virtual networks and allocating request-notifications therein for providing support-services securely and efficiently. In operation, a virtual network is fabricated based on network-registration requests received from plurality of computing devices. Further, a primary data structure representative of registered computing devices categorized into devices offering services and requiring services is generated based on information embedded in network-registration requests. Furthermore, a secondary data structure is generated by sub-categorising categorised computing devices based on information embedded in network-registration requests. Yet further, request-notifications for completing incoming support-requests from registered computing devices requiring services are generated. Subsequently, request-notifications are allocated based on evaluation of one or more computing devices offering services out of plurality of computing devices based on data mapping using primary data structure, secondary data structure, and predefined attributes. Finally, support-information sharing and tracking of request-notifications are enabled based on acceptance of request-notification by evaluated computing devices.

The present invention provides for fabricating virtual networks and allocating request-notifications therein for providing support-services securely and efficiently. In operation, a virtual network is fabricated based on network-registration requests received from plurality of computing devices. Further, a primary data structure representative of registered computing devices categorized into devices offering services and requiring services is generated based on information embedded in network-registration requests. Furthermore, a secondary data structure is generated by sub-categorising categorised computing devices based on information embedded in network-registration requests. Yet further, request-notifications for completing incoming support-requests from registered computing devices requiring services are generated. Subsequently, request-notifications are allocated based on evaluation of one or more computing devices offering services out of plurality of computing devices based on data mapping using primary data structure, secondary data structure, and predefined attributes. Finally, support-information sharing and tracking of request-notifications are enabled based on acceptance of request-notification by evaluated computing devices.

This disclosure describes techniques for software-defined service insertion. The techniques include a method of configuring a network for service insertion. The techniques include processing a master policy correlating an endpoint group pair, of source endpoint group and destination endpoint group, to a service graph. The service graph indicates a template service chain, and the template service chain indicates an ordering of a plurality of services. Processing the master policy includes disaggregating the master policy into at least one location specific policy, each of the at least one location specific policy corresponding to a separate location in the network and including traffic steering directives corresponding to a portion of the plurality of services associated with the separate location. The techniques further include causing each of the at least one location specific policy to be stored in association with the separate location to which that location specific policy corresponds.

This disclosure describes techniques for software-defined service insertion. The techniques include a method of configuring a network for service insertion. The techniques include processing a master policy correlating an endpoint group pair, of source endpoint group and destination endpoint group, to a service graph. The service graph indicates a template service chain, and the template service chain indicates an ordering of a plurality of services. Processing the master policy includes disaggregating the master policy into at least one location specific policy, each of the at least one location specific policy corresponding to a separate location in the network and including traffic steering directives corresponding to a portion of the plurality of services associated with the separate location. The techniques further include causing each of the at least one location specific policy to be stored in association with the separate location to which that location specific policy corresponds.

Systems, methods and computer program products for controlling access to data owned by an application subscriber using two-factor access control and user partitioning are disclosed. In one embodiment, applications are executed on a multi-tenant application platform in which user partitions designate associated users and authentication services for those users. Tenants may subscribe to the applications and may allow access to the subscriptions through designated entry points. Users that are authenticated according to the corresponding user partition and access the application through the designated entry point are allowed to access the application through the tenant's subscription.