In one embodiment, a method includes receiving non-Internet Protocol (IP) traffic from one or more non-IP traffic sources. The method also includes terminating the non-IP traffic and re-originating the non-IP traffic as first IP traffic in accordance with one or more software-defined networking in a wide area network (SD-WAN) protocols. The method further includes communicating the first IP traffic to an SD-WAN link in accordance with one or more SD-WAN policies.

A network device may receive, from a user equipment, a dataset identifying: applications utilized by the user equipment, network protocol types associated with the applications, and network addresses associated with the applications. The network device may segregate the dataset based on the network protocol types and to generate a segregated dataset. The network device may determine, based on the segregated dataset, a policy that causes particular application traffic associated with a particular network protocol type to be allocated to a particular network slice of the network. The network device may cause the policy to be provided to the user equipment to cause the user equipment to allocate the particular application traffic associated with the particular network protocol type to the particular network slice of the network.

Hosting one or more web applications and providing local device capabilities to the one or more web applications. One or more second applications are hosted within a first application. A call from the one or more second applications is performed to a device abstraction layer of the first application. Such a performed call comprises a request to access a capability of a local device. Upon receiving the call, the device abstraction layer verifies that the performed call is permitted. In response to the first application verifying that the performed call is permitted, the one or more second applications is permitted to access the capability of the local device that was requested.

A method for determining a Quality of Service (QoS) policy can be based on requested bandwidth. The method may initially receive a connection request which includes a requested bandwidth that corresponds to an application. The method may then determine a policy for an application data flow associated with the application based on the connection request. A bandwidth designation, which is based on the requested bandwidth, may be assigned to the application data flow based on the determined policy. Finally, the policy and the bandwidth designation may be provided so that a bearer can be assigned.

A method of queuing network traffic events on a client terminal. The method comprises monitoring, in run time, a plurality of network traffic events triggered by a plurality of applications executed on a client terminal, extracting a plurality of network traffic event characteristics of each of the plurality of network traffic events, classifying each one of the plurality of network traffic events according to a respective the plurality of network traffic event characteristics, clustering the plurality of network traffic events in a plurality of clusters according to the classifying, and managing an opening a plurality data connections between the client terminal and a network such that the content of each cluster of the plurality of clusters is transmitted in another of the plurality data connections.

A mobile device app may be provided with a communications registry describing network-based resources with which the app would like to communicate, including Internet Protocol (IP) addresses and Universal Resource Locators URLs of the network-based resources, for example. A local firewall on the mobile device allows the app to only communicate with the defined network-based resources in the communications registry. A user is presented with the communications registry prior to accepting download or installation. The user is thus alerted to which external resources are necessary to operate the app and which ones are not. Users would be warned when requested communication permissions are overly broad or relate to known threat locations. A threat score may be provided to users for self-mitigation.

Disclosed are systems, methods, and non-transitory computer-readable storage media for automatically updating a hybrid web application. In some implementations, a computing device can be configured with a hybrid application that includes a native layer and a web view. The native layer can provide access to native features of the computing device while the web view can provide web client features, such as graphical user interfaces and server communication functionality. When the hybrid application is invoked, the native layer can load a resource bundle from local storage. The resource bundle can include the web code needed to present the web view graphical user interface, manage application data, and/or facilitate communication with the web server. To update the hybrid application, the application can download an updated resource bundle from the web server and reload the web code from the resource bundle.

A system and method for sharing resources among application modules includes receiving, on an application including a plurality of modules, a resource from a server; determining a storage position identifier corresponding to an identifier of the resource and indicative of a storage position in a database for storing resources dedicated for the application; and storing the resource in the database based on the determined identifier for sharing among the plurality of modules.

Various approaches for allocating resources to an application having multiple application components, with at least one executing one or more functions, in a serverless service architecture include identifying one or more pods having multiple containers organized as a cluster in a container system capable of executing the function(s); identifying one or more routing paths in the serverless service architecture, the routing path being associated with one or more serverless execution entities capable of executing the function(s) thereon; determining (i) traffic information on the routing path(s), (ii) a cost or a performance characteristic associated with a computer resource bundle for the pod(s), and/or (iii) a cost or a performance characteristic associated with the serverless execution entity(entities); and based thereon, determining whether to (i) terminate execution of the function(s) on the pod(s) and (ii) cause execution of the function(s) on the serverless execution entity (entities).

A communication apparatus includes a bandwidth calculation part that calculates a bandwidth for each application, a change rate calculation part that calculates a bandwidth change rate for each application based on the bandwidth for each application presently calculated and the bandwidth for each application previously calculated, and a policy selection part that selects a policy to be applied to communication traffic between a server and a terminal based on the calculated bandwidth change rate for each application.