A method for communicating a data packet, the method includes receiving a data packet that supports a packet wash operation. The method determines whether the data packet can be forwarded along a network path towards a destination node without any modification. If the data packet cannot be forwarded along the network path towards the destination node without modification, the method determines whether conditions are met for performing the packet wash operation on the data packet. If the conditions are met, the packet wash operation is performed to generate a washed data packet. The packet wash operation generates the washed data packet by modifying a size of a payload of the data packet based on a packet wash specification that associates attributes to a plurality of data payload portions of the payload of the data packet. The washed data packet is forwarded along the network path towards the destination node.

A cloud environment is provided generally having at least one private data center possessing a controller/routing system and nonvolatile mass storage, a plurality of data objects retained in the nonvolatile mass storage, and a public cloud storage service provider linked to the controller/routing system. The public cloud storage service provider possessing a database containing policy decisions and metadata of the plurality of data objects. The private data center is not in possession of the policy decisions and the metadata for the plurality of data objects, rather the public cloud storage service provider is. The private data center in possession of the plurality of data objects, whereas the public cloud storage provider is not. The public cloud storage service provider adapted to be communicatively linked to an end-user computing system by way of the controller/routing system. The data center is independent of the public cloud storage provider.

A cloud environment is provided generally having at least one private data center possessing a controller/routing system and nonvolatile mass storage, a plurality of data objects retained in the nonvolatile mass storage, and a public cloud storage service provider linked to the controller/routing system. The public cloud storage service provider possessing a database containing policy decisions and metadata of the plurality of data objects. The private data center is not in possession of the policy decisions and the metadata for the plurality of data objects, rather the public cloud storage service provider is. The private data center in possession of the plurality of data objects, whereas the public cloud storage provider is not. The public cloud storage service provider adapted to be communicatively linked to an end-user computing system by way of the controller/routing system. The data center is independent of the public cloud storage provider.

Systems and methods include intercepting traffic on a mobile device based on a set of rules; determining whether a connection associated with the traffic is allowed based on a local map associated with an application; responsive to the connection being allowed or blocked based on the local map, one of forwarding the traffic associated with the connection when allowed and generating a block of the connection at the mobile device when blocked; and, responsive to the connection not having an entry in the local map, forwarding a request for the connection to a cloud-based system for processing therein. The cloud-based system is configured to allow or block the connection based on the connection not having an entry in the local map.

Systems and methods include intercepting traffic on a mobile device based on a set of rules; determining whether a connection associated with the traffic is allowed based on a local map associated with an application; responsive to the connection being allowed or blocked based on the local map, one of forwarding the traffic associated with the connection when allowed and generating a block of the connection at the mobile device when blocked; and, responsive to the connection not having an entry in the local map, forwarding a request for the connection to a cloud-based system for processing therein. The cloud-based system is configured to allow or block the connection based on the connection not having an entry in the local map.

Identity access and management (“IAM”) systems with resiliency features and methods related to the same are provided. Two or more identity provider (“IDP”) systems each have a matching copy of user authentication data for users authorized to access the system of an organization. An identity proxy is interposed between user systems and each of the two or more IDP system. The identity proxy routes authentication requests, challenges, and responses between the user systems and the IDP systems based on availability.

A system and a method of emulating a second cloud computing environment on a first cloud computing environment are disclosed herein. The first cloud computing environment includes an innovation platform having a private domain name system. The private domain name system is split between a customer subnet and a private subnet. The customer subnet is limited to communications with only the private subnet. The customer subnet executes an application thereon. The application is targeted for use on the second cloud computing environment.

Methods, apparatus circuitry, and storage media are described for mobile-terminated packet transmissions. In one embodiment, an apparatus of a control plane device configured to operate within an evolved packet network core identifies a first service flow event trigger associated with a first packet data unit (PDU) session and processes a path reselection for a first PDU session in response to the first service flow event trigger, wherein the path reselection determines a new gateway for the first PDU session resulting from the path reselection. Transmission of a change notification to an application server controller associated with the first PDU session is initiated in response to the path reselection. Transmission of a routing update to the new gateway in response to the path reselection is also initiated. In various embodiments, the trigger may be a mobility event, a load balancing event, or operations in association with an application server controller.

Systems and methods are disclosed for enforcing at least one rule associated with a geofence. At least one device is constructed and configured in network communication with a server platform and a database. The server platform defines at least one geofence for a region of interest and specifies at least one rule associated with the at least one geofence, thereby creating a rule-space model for the region of interest. The at least one geofence comprises a multiplicity of geographic designators with each geographic designator assigned with a unique IPv6 address. The at least one device receives at least one notification signal regarding the at least one rule from the at least one server platform and implements the at least one rule when the at least one device is within a predetermined distance from the at least one geofence for the region of interest.

Systems and methods are disclosed for enforcing at least one rule associated with a geofence. At least one device is constructed and configured in network communication with a server platform and a database. The server platform defines at least one geofence for a region of interest and specifies at least one rule associated with the at least one geofence, thereby creating a rule-space model for the region of interest. The at least one geofence comprises a multiplicity of geographic designators with each geographic designator assigned with a unique IPv6 address. The at least one device receives at least one notification signal regarding the at least one rule from the at least one server platform and implements the at least one rule when the at least one device is within a predetermined distance from the at least one geofence for the region of interest.