A communication system may include a first radio frequency (RF) device configured to generate a Bluetooth Low Energy (BLE) advertisement responsive to an input event, transmit the BLE advertisement in a BLE advertisement burst comprising a number of transmissions in at least one BLE advertising channel, and discontinue transmission of the BLE advertisement after transmission of the BLE advertisement burst. The system may further include a second RF device configured to scan for the BLE advertisement in the at least one BLE advertising channel, and communicate with the first RF device over a BLE data channel responsive to receiving the BLE advertisement.

Information may be managed using blockchains. An access computing device may be configured to access a blockchain network including a plurality of node computing devices that store a respective copy of a plurality of blockchains, each blockchain including a sequence of one or more blocks. The access computing device may manage communication of data between the blockchain network and a user. The access computing device may transmit instructions to a node computing device to generate new blocks in the blockchain associated with new and/or updated transaction.

Secure authentication using attestation tokens and inviolable quotes to validate request origins is performed by systems and platforms. An application programming interface (API) service is hosted via secure enclave of a computing platform container. Requests to a resource system for highly confidential/sensitive information persisted in a data storage, or for computational services, are made through the enclave, which is a source from which requests are trusted. An API call is made from the secure enclave to the resource system to establish a secure communication session based on a signed certificate for the secure enclave that is signed using an encrypted memory of the secure enclave. The API call also includes an attestation token used to validate the secure enclave as the source requesting the information or service via the API call. Confidential/sensitive information is provided to the secure enclave if the API call source is validated by the resource system.

A method, computer system, and computer program product are provided for performing policy enforcement, attestation, and network forensics. A universal reference for a computing entity is obtained, wherein the universal reference identifies one or more components of the computing entity by additional universal references assigned to the one or more components. A hierarchical description of the computing entity is determined by enumerating each additional universal reference of the one or more components and additional sub-components, wherein the hierarchical description exhaustively identifies the components and sub-components of the computing entity. The hierarchical description is analyzed by accessing a database to identify mappings of the one or more additional universal references to the one or more components and sub-components. The one or more components and sub-components identified by the analyzing are assessed to perform one or more of: an inventory task, a policy enforcement task, an attestation task, and a forensics task.

Embodiments of the invention are directed assessing reliability between two computing devices. A distributed database may maintain reliability associations between pairs of computing devices. Each reliability association may indicate a particular device has determined (e.g., locally) that another device is reliable. In order to determine an amount of reliability between a first computing device and a second computing device, an ordered combination of the reliability associations may be determined utilizing the distributed database. The ordered combination of reliability associations may identify a reliability path between the first computing device and the second computing device. An amount of reliability may be determined based on the reliability path. An interaction between the devices may be allowed or restricted based at least in part on the amount of reliability between the computing devices.

A management request is received by a system for carrying out one or more data management operations (including, but not limited to, adding data, merging data or searching for data). The management request is received from a requesting entity. The system comprises a representation database, which comprises at least one secure element. The at least one secure element is a representation of at least one dataset containing confidential data elements stored in at least one database owned or operated by a third party entity. The management request is processed by performing at least one operation, for example by a processing component in the system, on the representation database. In a third step, a processing result is provided, which comprises any suitable information or data content. The processing result is dependent on the contents of the management request.

Decoding includes sensing a packet related to SSL handshake for connecting a SSL between a client and a server after a TCP session has been established between the client and the server in an SSL decoding device. If the packet for an SSL handshake is transmitted in a preset operating system, an SSL between the client and the SSL decoding device and an SSL between the SSL decoding device and the server is established. A TCP session between a virtual client corresponding to the client and a virtual server corresponding to the server is also established. A packet transmitted/received between the virtual client and the virtual server is transmitted when the TCP session is established. If a first SSL packet transferred from the client to the SSL decoding device is received, the SSL packet is decoded and transmitted to the security device and to the server.

Systems and methods for federated privacy management are disclosed. In one embodiment, a method for federated privacy management may include: (1) receiving, at a user management node, and from a client application executing on an electronic device, a device identifier; (2) receiving, by the user management node, and from a second layer node in a multi-layer federated privacy management network, data comprising at least one of browsing data and application data from a web host or a server, wherein the data is in response to an internet protocol request from the client application via a first layer node and the second layer node to the web host or the server, and the data is associated with the device identifier; (3) receiving, at the user management node, a request for the data from the client application using the device identifier; and (4) communicating the data to the client application.

A method is provided for inspecting network traffic. The method, performed in a single contained device, includes receiving network traffic inbound from an external host that is external to the protected network flowing to a protected host of the protected network, wherein the network traffic is transported by a secure protocol that implements ephemeral keys that endure for a limited time. The method further includes performing a first transmission control protocol (TCP) handshake with the external host, obtaining source and destination data during the first TCP handshake, the source and destination data including source and destination link and internet addresses obtained, caching the source and destination data, and using the cached source and destination data to obtain a Layer-7 request from the external host to the protected host and to pass a Layer-7 response from the protected host to the external host.

Techniques for utilizing a Software-Defined-Networking (SDN) controller and/or a Data Center Network Manager (DCNM) and network border gateway switches associated with a multi-site cloud computing network to provide reachability data indicating physical links between the border gateways disposed in different sites of the multi-site network to establish secure connection tunnels utilizing the physical links and unique encryption keys. The SDN controller and/or DCNM may be configured to generate a physical underlay model representing the physical underlay, or network transport capabilities, and/or a logical overlay model representing a logical overlay, or overlay control-plane, of the multi-site network. The SDN controller may also generate an encryption key model representing the associations between the encryption keys and the physical links between the associated network border gateway switches. The SDN controller may utilize the models to determine route paths for transmitting network traffic spanning over different sites of the multi-site network at line speed.