Systems and methods include a cloud-hosted management plane where an authenticated user can initiate a request to establish a remote session to an edge device. A request may be transmitted to create a secure tunnel between the edge device and the cloud-based management plane. The edge device may receive and use a set of credentials to trigger a web-socket tunnel from the edge device to the cloud-hosted management plane. This connection may be used for management of an edge device(s), troubleshooting edge inferencing, access/use of edge applications, and various other applications.

Described embodiments provide systems and methods for preventing unauthorized access of information from a resource. A device intermediary between a client and a server in a session can receive a first request from the client that includes a first uniform resource locator (URL) of the server. The device may receive a response from the server that includes a second URL. The device may update the response by including a client identifier for the session in a set-cookie field, obfuscating the second URL into a string, and replacing the second URL in the response with the string. The device may receive a second request that includes a candidate client identifier, and a third URL. The device may determine whether the second request is valid, by at least one of: matching the candidate client identifier with the client identifier, and determining whether the second URL is recoverable using the third URL.

Disclosed is a method for execution by a computing device. The method involves establishing a communication channel for communicating with a client device using link-layer encryption, and attempting to authenticate the client device using authentication-layer encryption on top of the link-layer encryption. The method also involves receiving a command from the client device over the communication channel, and if the client device has been authenticated, executing the command. Notably, the link-layer encryption offers some degree of security because network traffic over the communication channel is encrypted, but does not offer adequate protection from all cyber attacks. However, the authentication-layer encryption adds an additional layer of security on top of the link-layer encryption, which can help to avoid or mitigate cyber attacks. In this way, it is possible to avoid or mitigate unauthorized users from having the computing device execute commands, because security is enhanced beyond the link-layer encryption.

A system, method and apparatus for routing traffic in ad-hoc networks. A routing blockchain network processes routing node information proposals received from manager nodes of network clusters. Performance metrics, including content integrity metrics, of one or more nodes in the system are validated using distributed ledger techniques and provided to the manager nodes as updates to each manager node's routing information. The manager nodes further determine routing paths for ad-hoc communication requests based on an authentication record that defines conditions necessary to route traffic streams in association with a particular resource or destination, one of the conditions comprising a minimum content integrity metric. Data may be transmitted in data segments, each data segment associated with a particular original fingerprint. The data segments and associated fingerprints are provided to routing nodes and, ultimately, to a destination node. One or more of the nodes in the routing path performs verification of the integrity of the data segments comparing locally-generated fingerprints to original fingerprints generated by a source node. Fingerprint information may be stored by a fingerprint blockchain network for accountability and tracking purposes.

A distributed computer system for delivering a requested game experience at any venue of a plurality of distributed venues comprises: at each venue: a plurality of local units serving respective gameplay areas of the venue, each local unit coupled to a set of multimedia gaming equipment for delivering a game experience in its gameplay area, and a venue central unit configured to connect to each of the local units of that venue; a booking system for managing game bookings across the plurality of distributed venues, the booking system configured to receive, from a user device, a booking request denoting a requested venue of the plurality of distributed venues, and create a booking in response; and a master central server configured to connect to the session management system and the venue central unit of each venue; wherein the master central server is configured to generate a game session based on the booking, and automatically communicate the game session to the venue central unit of the requested venue, wherein the venue central unit receiving the game session is configured render accessible, to the local unit serving one of the gameplay areas, game details of the game session, and wherein that local unit is configured to deliver the requested game experience within that gameplay area, using its set of multimedia gaming equipment, based on the game details of the game session.

One embodiment of the present invention includes a server machine configured to establish a secure communication channel with a client machine via renewable tokens. The server machine receives a plurality of messages from a client machine over a secure communication channel, where the plurality of messages includes a first message that includes at least two of user authentication data, entity authentication data, first key exchange data, and encrypted message data. The server machine transmits, to the client machine, a second message that includes a master token comprising second key exchange data associated with the first key exchange data and at least one of a renewal time and an expiration time.

Embodiments include devices and methods for providing secure communications between a first computing device and a second computing device are disclosed. A processor of the first computing device may determine in a first application software first security key establishment information. The processor may provide the first security key establishment information to a communication layer of the first computing device for transmission to the second computing device. The processor may receive, in the first application software from the communication layer of the first computing device, second security key establishment information received from the second computing device. The processor may determine a first security key by the first application software based at least in part on the second security key establishment information. The processor may provide the first security key to the communication layer for protecting messages from the first application software to the second computing device.

Systems and methods of a cipher-based system for tracking a patient within a clinical pharmacy workflow, the system includes providing a meshed network having patient devices that communicate patient data with aggregators. The patient devices and aggregators located within the space form a meshed network, the aggregators communicate data to a computer in communication with a cloud-based network. A patient device with a mobile application wirelessly communicates with an internet system in communication with the cloud-based network. Receiving by the computer, information about the user patient device entering the meshed network by wireless tags positioned within the space. Information is obtained by the patient devices during a recognition process by wirelessly transmitting messages between the wireless tags to aggregators, and then wirelessly transmitting information from the aggregators to the computer, the computer communicates with the cloud-based network, the cloud-based network communicates with healthcare administrator systems via jointly defined API interface.

Some embodiments provide a method that collects metrics for one or more paths of a first tunnel implementing a first security association (SA) and for one or more paths of a second tunnel implementing a second SA. The method selects a path based on the collected metrics of the paths of the first and second tunnels. When the selected path belongs to the first tunnel, the method encrypts data transmitted as encrypted payload of the first SA and transmits the encrypted payload in the first tunnel. When the selected path belongs to the second tunnel, the method encrypts data to be transmitted as encrypted payload of the second SA and transmits the encrypted payload in the second tunnel.

A user device is provided. The user device is configured to detect that a user is in a foreign region outside a home region of the user, wherein the user is registered with a home processor located within the home region of the user. The user device provides a recommendation to the user of one or more partner processors located within the foreign region, wherein each of the one or more partner processors has a predetermined association with the home processor. The user device receives a selection of a partner processor selected by the user from the one or more partner processors. The user device authenticates a data processing transaction at the selected partner processor by verifying an identity of the user and initiates the data processing transaction at the selected partner processor after the authentication.