A mechanism for an apparatus in a communication network is described. The mechanism comprises receiving, from a second apparatus (A31), a message comprising an IP address of the second apparatus (A31) and an IP address of a user equipment (A11), wherein said user equipment (A11) being connected to said communication network via the second apparatus (A31); determining if a mapping table relating to the IP address of the user equipment (A11) exists or not; retrieving an IP address from the mapping table based on the IP address of the user equipment (A11) in the event the mapping table exists, wherein said IP address being associated with the IP address of the user equipment (A11) in the mapping table; if the IP address of the second apparatus (A31) is different from the retrieved IP address, sending a request to a third network element (A121) identified by the retrieved IP address to obtain TCP connection details and updating the mapping table by associating the IP address of the user equipment (A11) with the IP address of the second apparatus (A31).

Overhead of sending data from one application to another by doing input and output processing can be costly. The present invention provides a method of transmitting data with a low overhead between applications in a multi-tenant runtime environment. The multi-tenant runtime detects a connection between tenants, and then performs low-overhead data transmission mechanisms by cloning data from one tenant space to another tenant space, while keeping the data isolated for two tenants.

An adapter card for managing connections between clients and a network server off-loads the connection management burden from the server. The adapter card includes a memory with an embedded proxy application and a communication protocol stack, a processing unit for executing the application code, a network controller for interfacing with an internetwork, and a bus protocol bridge for interfacing with the internal bus of the network server. The proxy application receives client requests on behalf of the server over relatively slow and unreliable network connections, and submits the requests to the server over fast, reliable bus connections.

Systems and methods implemented by a unified agent application executed on a mobile device, for unified service discovery and secure availability include authenticating a user into a plurality of cloud services including a proxy service and a Virtual Private Network (VPN) service, wherein the proxy service is utilized for Internet traffic and the VPN service is for Intranet traffic; creating and operating a link local network at the mobile device with a virtual network interface and multiple listening sockets; and intercepting traffic at the virtual network interface from one or more client applications on the mobile device and splitting the traffic between the proxy service, the VPN service, and the Internet based on a type of the traffic, a destination, and the one or more client applications.

Systems and methods in a mobile device communicatively coupled to a cloud based security system, the method for detecting and processing in-channel events associated with a network agnostic mobile application, the method includes intercepting outgoing data from the network agnostic mobile application at a tunnel interface on the mobile device; monitoring the outgoing data for network transactions from the network agnostic mobile application to maintain a context of the network transactions and intended responses for every request; transmitting the outgoing data from the tunnel interface to the cloud based security system; and receiving a response from the cloud based security system responsive to the outgoing data and processing any deviation from the intended responses.

Systems and methods implemented in a cloud node in a cloud based security system for network access control of a mobile device based on multidimensional risk profiling thereof include receiving posture data from the mobile device; determining a device fingerprint and a risk index of the mobile device based on the posture data; and, responsive to a request by the mobile device for network resources through the cloud based security system, performing a multidimensional risk analysis based on the device fingerprint and the risk index and allowing or denying the request based on the multidimensional risk analysis.

Disclosed herein are methods, systems, and software for handling secure transport of data between end users and content serving devices. In one example, a method of operating a content server includes identifying a content request from an end user device. The method further includes, responsive to the user request, determining a transmission control protocol window size and a secure layer protocol block size. The method also provides scaling the secure layer protocol block size to match the transmission control protocol window size, and transferring secure layer protocol packets to the end user device using the scaled secure layer protocol block size.

Systems and methods for assigning unique network identifiers in a packet-switched wireless network are provided. A request for a unique network identifier for a wireless device is received. A socket-based unique network identifier, including an IP address and one or more ports, is assigned to the wireless device. The unique network identifier is created by combining an IP address and one or more ports. This allows multiple unique network identifiers to be created from a single IP address, where each unique network identifier consists of the same IP address combined with a different group of one or more ports.

A session management function (SMF) sends, to an access and mobility management function (AMF), at least one first message comprising configuration parameters for a first session between a wireless device and a UPF and a second session, for a packet duplication of the first session, between the wireless device and the UPF. The SMF receives, from the UPF, traffic status information of the UPF. Based on the traffic status information, the SMF sends, to the AMF, a second message for activation of the packet duplication of the first session.

A request to perform an operation associated with a service instance may be received by a processing device. The service instance may have an associated service instance identifier. A proxy instance associated with the service instance may be identified. The proxy instance may perform operations within a secure enclave associated with the processing device. The proxy instance within the secure enclave associated with the processing device may be used to verify that the secure enclave associated with the processing device contains the service instance associated with the service instance identifier. When the verification is successful, the proxy instance within the secure enclave associated with the processing device may be used to send a request to the service instance to perform the operation.