Methods and apparatus for traffic enhancement to apply to an application, to be delivered using a QUIC session, between a wireless device and a server. A request to activate a policy for the application between the wireless device and the server is received from the wireless device, the request including an application identifier and an indication to request an enhancement function. In response to the request to activate the policy, an authorization of traffic enhancement with information of a proxy node is transmitted to the wireless device to provide the enhancement function upon the network node identifying the proxy node.

Techniques are described herein that are capable of dynamically failing over authentication traffic to a backup authentication system by a proxy system. An authentication request, which requests authentication of a principal, is received at the proxy system. The authentication request is directed to a primary authentication system. A determination is made, by the proxy system, that the primary authentication system is incapable of providing a valid response to the authentication request. The backup authentication system is caused, by the proxy system, to authenticate the principal using an authentication package received from the primary authentication system by dynamically routing the authentication request to the backup authentication system as a result of the primary authentication system being incapable of providing a valid response to the authentication request.

An electronic device is provided. The electronic device includes communication circuitry and a processor operatively connected to the communication circuitry. The processor may transmit, to a first server, at least one file to be transmitted to another electronic device through the communication circuitry, may receive, from the first server, a message body related to the at least one file, may generate a message by adding, to the message body, information related to at least one file function, and may transmit the message to the other electronic device through the communication circuitry.

A method of processing data in a network is disclosed. The method comprises transmitting, from a first server to a second server, first information characterising a first predefined format according to which first data is stored at a first data store; obtaining, at the second server, mapping information characterising a mapping of the first predefined format onto a second predefined format different to the first predefined format; generating, at the second server, based on the first information and the mapping information, second information for converting data in the first predefined format into data in the second predefined format; transmitting, from the second server to the first server, the second information; and parsing, at the first server, using the second information, the first data stored at the first data store, to generate data in the second predefined format. Apparatuses are also disclosed.

Techniques are described herein for transparently connecting to the same light weight machine-to-machine (LwM2M) server using both Internet Protocol (IP)-based and non-IP data delivery (NIDD)-based connectivity using all LwM2M functionality and security modes. The techniques include establishing a connection over a NIDD socket to communicate with an application server using NIDD binding to deliver a datagram destined for a target server. The datagram may be encapsulated in a serialized envelope including an application-level protocol metadata, wherein the metadata representing information corresponding to the target server. The datagram is delivered to the target server over NIDD-based transport.

Techniques are described herein for transparently connecting to the same light weight machine-to-machine (LwM2M) server using both Internet Protocol (IP)-based and non-IP data delivery (NIDD)-based connectivity using all LwM2M functionality and security modes. The techniques include establishing a connection over a NIDD socket to communicate with an application server using NIDD binding to deliver a datagram destined for a target server. The datagram may be encapsulated in a serialized envelope including an application-level protocol metadata, wherein the metadata representing information corresponding to the target server. The datagram is delivered to the target server over NIDD-based transport.

Embodiments of the present disclosure may provide dynamic and fair assignment techniques for allocating resources on a demand basis. Assignment control may be separated into at least two components: a local component and a global component. Each component may have an active dialog with each other; the dialog may include two aspects: 1) a demand for computing resources, and 2) a total allowed number of computing resources. The global component may allocate resources from a pool of resources to different local components, and the local components in turn may assign their allocated resources to local competing requests. The allocation may also be throttled or limited at various levels.

A segmentation server configures and distributes rules for enforcing a segmentation policy that includes one or more virtual patches. The rules including the virtual patches are enforced by distributed enforcement modules that may execute on host devices or on network devices upstream from the host devices. An enforcement module enforces the rules using traffic filters that filter traffic based on network layer data. To implement a virtual patch, the traffic filters are configured to redirect traffic to or from an application being patched to a transparent application proxy. The transparent application proxy implements an application layer filter that filters traffic based on application layer data to block specific types of traffic associated with a vulnerability addressed by the virtual patch.

A segmentation server configures and distributes rules for enforcing a segmentation policy that includes one or more virtual patches. The rules including the virtual patches are enforced by distributed enforcement modules that may execute on host devices or on network devices upstream from the host devices. An enforcement module enforces the rules using traffic filters that filter traffic based on network layer data. To implement a virtual patch, the traffic filters are configured to redirect traffic to or from an application being patched to a transparent application proxy. The transparent application proxy implements an application layer filter that filters traffic based on application layer data to block specific types of traffic associated with a vulnerability addressed by the virtual patch.

Persistent storage contains a parent table and one or more child tables, the parent table containing: a class field specifying types, and one or more filter fields. One or more processors may: receive a first request to read first information of a first type for a first entity; determine that, in a first entry of the parent table for the first entity, the first type is specified in the class field; obtain the first information from a child table associated with the first type; receive a second request to read second information of a second type for a second entity; determine that, in a second entry of the parent table for the second entity, the second type is indicated as present by a filter field that is associated with the second type; and obtain the second information from a set of additional fields in the second entry.