In one embodiment, a method comprises: receiving, by a root network device providing a DAG topology in a low power and lossy network (LLN), one or more multicast registration messages from an LLN device and identifying distinct properties of the LLN device; receiving, by the root network device, one or more multicast address group identifiers of one or more multicast streams to which the LLN device has subscribed, and associating the one or more multicast address group identifiers with the distinct properties; receiving a multicast message specifying one of the multicast address group identifiers; and generating, by the root network device, a directed multicast message having a multi-dimensional addressing data structure comprising a selected one of the distinct properties and the one multicast address group identifier, causing parent network devices in the DAG topology to selectively retransmit based on determining a child network device has the selected one distinct property.

In one embodiment, a method comprises: receiving, by a root network device providing a DAG topology in a low power and lossy network (LLN), one or more multicast registration messages from an LLN device and identifying distinct properties of the LLN device; receiving, by the root network device, one or more multicast address group identifiers of one or more multicast streams to which the LLN device has subscribed, and associating the one or more multicast address group identifiers with the distinct properties; receiving a multicast message specifying one of the multicast address group identifiers; and generating, by the root network device, a directed multicast message having a multi-dimensional addressing data structure comprising a selected one of the distinct properties and the one multicast address group identifier, causing parent network devices in the DAG topology to selectively retransmit based on determining a child network device has the selected one distinct property.

Computing devices and method for performing a secure neighbor discovery. A local computing device transmits an encrypted local node identifier and an encrypted local challenge to a remote computing device. The remote computing device generates a local challenge response based on the local challenge; and transmits an encrypted remote node identifier and an encrypted local challenge response to the local computing device. The local computing device determines that the received local challenge response corresponds to an expected local challenge response generated based on the local challenge. The remote computing device further transmits an encrypted remote challenge. The local computing device generates a remote challenge response based on the remote challenge; and transmits an encrypted remote challenge response to the remote computing device. The remote computing device determines that the received remote challenge response corresponds to an expected remote challenge response generated based on the remote challenge.

Computing devices and method for performing a secure neighbor discovery. A local computing device transmits an encrypted local node identifier and an encrypted local challenge to a remote computing device. The remote computing device generates a local challenge response based on the local challenge; and transmits an encrypted remote node identifier and an encrypted local challenge response to the local computing device. The local computing device determines that the received local challenge response corresponds to an expected local challenge response generated based on the local challenge. The remote computing device further transmits an encrypted remote challenge. The local computing device generates a remote challenge response based on the remote challenge; and transmits an encrypted remote challenge response to the remote computing device. The remote computing device determines that the received remote challenge response corresponds to an expected remote challenge response generated based on the remote challenge.

Embodiments include methods for a gateway device to selectively forward messages in a wireless mesh network. Such methods include receiving, over one of a plurality of network interfaces of the gateway device, a message published to a group address or a virtual address and retrieving, from a database accessible by the gateway device, unicast addresses of all communication devices identified by the group address or the virtual address. Such methods include, based on determining that all communication devices addressed by the retrieved unicast addresses are serviced by the gateway device, sending the received message on all network interfaces that correspond to the communication devices addressed by the retrieved unicast addresses; and based on determining that not all communication devices addressed by the retrieved unicast addresses are serviced by the gateway device, sending the received message on all network interfaces except for the network interface over which the message was received.

Embodiments include methods for a gateway device to selectively forward messages in a wireless mesh network. Such methods include receiving, over one of a plurality of network interfaces of the gateway device, a message published to a group address or a virtual address and retrieving, from a database accessible by the gateway device, unicast addresses of all communication devices identified by the group address or the virtual address. Such methods include, based on determining that all communication devices addressed by the retrieved unicast addresses are serviced by the gateway device, sending the received message on all network interfaces that correspond to the communication devices addressed by the retrieved unicast addresses; and based on determining that not all communication devices addressed by the retrieved unicast addresses are serviced by the gateway device, sending the received message on all network interfaces except for the network interface over which the message was received.

An Internet of Things (IoT) network composite object includes a device owner with name server and sub-object list, sub-objects, and a blockchain recording the sub-objects. An IoT network composite object includes a device owner with composite object type name server, and blockchain. An IoT network coalition group includes coalition group name server, coalition group member list, and blockchain. An IoT network apparatus includes device identity generator, message publisher, network applier, device describer, and packer sender. An IoT network apparatus includes a device registrar to register device to first network through a portal to second network, device joiner, token requester, and authentication request sender. An IoT network apparatus includes an identity verifier to verify the identity of an authentication request, and an authentication request response returner. An IoT network apparatus including a caller entity credential issuer, an object entity provisioner, credential presenter, and access control list policy applier.

An Internet of Things (IoT) network composite object includes a device owner with name server and sub-object list, sub-objects, and a blockchain recording the sub-objects. An IoT network composite object includes a device owner with composite object type name server, and blockchain. An IoT network coalition group includes coalition group name server, coalition group member list, and blockchain. An IoT network apparatus includes device identity generator, message publisher, network applier, device describer, and packer sender. An IoT network apparatus includes a device registrar to register device to first network through a portal to second network, device joiner, token requester, and authentication request sender. An IoT network apparatus includes an identity verifier to verify the identity of an authentication request, and an authentication request response returner. An IoT network apparatus including a caller entity credential issuer, an object entity provisioner, credential presenter, and access control list policy applier.

Techniques and technologies for an IP address management (IPAM) system to monitor the usage of IP addresses across regions in one or more networks of resources. The IPAM system may be used to allocate IP addresses to resources in networks and track what IP addresses are being used by resources or available for allocation. The IPAM system may periodically obtain usage information that indicates actual, current IP address usage by the resources in the networks, identify differences between the current IP address usage and an inventory maintained by the IPAM service, and reconcile the differences. Additionally, the IPAM system may further respond to network administrator queries about their resource and IP address usage. Further, the IPAM system may emit various utilization metrics to the network administrators which may be tied to alarms or alerts around non-compliant resources or IP addresses.

Techniques and technologies for an IP address management (IPAM) system to monitor the usage of IP addresses across regions in one or more networks of resources. The IPAM system may be used to allocate IP addresses to resources in networks and track what IP addresses are being used by resources or available for allocation. The IPAM system may periodically obtain usage information that indicates actual, current IP address usage by the resources in the networks, identify differences between the current IP address usage and an inventory maintained by the IPAM service, and reconcile the differences. Additionally, the IPAM system may further respond to network administrator queries about their resource and IP address usage. Further, the IPAM system may emit various utilization metrics to the network administrators which may be tied to alarms or alerts around non-compliant resources or IP addresses.