Methods and systems for circumventing content blocking systems are disclosed. Example implementations include detecting the presence of an existing blocker that disrupts a first content-type and circumventing the blocker, such that a circumvented first content-type is presented to a user. The method can also include determining that the blocker has adjusted to block the circumvented content, in which case, the method can include disrupting presentation of a second content-type.

A method operable by a computing device for configuring access for a limited user interface (UI) device to a network service via a local network access point is disclosed. The method comprises the steps of: obtaining from the limited UI device a device identifier via a first out-of-band channel. The device identifier is provided to the network service via a secure network link. A zero knowledge proof (ZKP) challenge is received from the network service. Configuration information is provided to the limited-UI device via a second out-of-band channel, the configuration information including information sufficient to enable the limited-UI device to connect to the local network access point. The ZKP challenge is provided to the limited-UI device via the second out-of-band channel. A secure channel key is received from the network service indicating a successful response from the limited-UI device to the ZKP challenge; and provided to the limited-UI device enabling the limited-UI device to access the network service.

Disclosed are hybrid authentication systems and methods that enable users to seamlessly sign-on between cloud-based services and on-premises systems. A cloud-based authentication service receives login credentials from a user and delegates authentication to an on-premises authentication service proxy. The login credentials can be passed by the cloud-based authentication service to the on-premises authentication service proxy, for instance, as an access token in an authentication header. The access token can be a JavaScript Object Notation (JSON) Web Token (JWT) token that is digitally signed using JSON Web Signature. Some embodiments utilize a tunnel connection through which the cloud-based authentication service communicates with the on-premises authentication service proxy. Some embodiments leverage an on-premises identity management system for user management and authentication. In this way, there is no need for a cloud-based system to separately maintain and manage a user identity management system and/or having to sync with an on-premises identity management system.

Multimedia content may be delivered to content consumer devices via a content-delivery network. Encrypted content and cryptography keys for decrypting the content may be distributed from a data center to various nodes of the content-delivery network, each node acting as a semi-independent content-delivery system. Each content-delivery system is capable of delivering received content to end-users and implementing a key-management scheme to facilitate secure content-delivery and usage tracking, even when the content-delivery system is disconnected from the data center. In other words, the disclosed systems and methods facilitate the operation of nodes which may operate in “autonomous mode” when disconnected from a larger content-delivery network, thus maintaining content-delivery capabilities despite having little if any connectivity to external networks.

A method, system, and computer-usable medium are disclosed for, responsive to an attempted connection from a client to a server for establishing communications between the client and the server, redirecting the connection to a proxy and injecting protocol-independent header information into a datagram of the traffic between the client and the server, the protocol-independent header information including information based upon which the proxy enforces a security policy.

Embodiments are described for enhanced security in a switched network using RSA security between hops of a transmission path of a data frame from an origination node to a destination node, via one or more intervening switches. Each switch and node in a switched network can be configured for “RSA security enabled” or “RSA security disabled.” RSA security can be enabled, or disabled, for the whole network. RSA security can be enabled for all switches (but not nodes) or selectively enabled for switches. If two adjacent devices (nodes or switches) have RSA security enabled, then an RSA secure frame is generated to transmit data on that hop of a transmission path between an originating node and destination node. RSA encryption keys can be different for each hop on the transmission path. RSA token seeds can be regenerated periodically to increase the difficulty of learning an encryption key for any hop.

An encryption processing system includes: a first device; second devices; and a third device, wherein the first device generates synthesis keys by selecting public keys of the second devices; generates an intermediate text from confidential texts generated by encrypting secret information by using public keys of the second devices having decryption authority; generates ciphertexts by further encrypting the intermediate text using the synthesis keys; and makes public the ciphertexts, each of the second devices verifies validity of the ciphertexts; generates decryption key fragments by using an own private key; and makes public the decryption key fragments, the third device verifies validity of the decryption key fragments; generates a decryption key by combining decryption key fragments; generates the Intermediate text by decrypting one of the ciphertexts; and makes public the intermediate text, and the second device decrypts the intermediate text using the own private key; and restores the secret information.

An example operation may include one or more of connecting, by a broker node, to a blockchain comprised of an arranger node and a plurality of client nodes, retrieving from the blockchain, by the broker node, a request for information sent by a client node of the plurality of the client nodes, decrypting, by the broker node, the request for the information with a private key of the broker node, extracting, by the broker node, a public key of a client associated with the client node from the decrypted request for the information, selecting, by the broker node, a set of client properties based on the public key of the client, generating, by the broker node, a modified request for information based on the request for the information and the set of the client properties, and sending, by the broker node, the modified request for the information to the arranger node.

Some embodiments are directed to a communication system comprising a one or more clients, a server and a middlebox. The middlebox may access to the multiple short-term server private keys of the server. The middlebox may recover a shared key that is negotiated between server and client by decapsulating encapsulation data using a stored client public key and a server private key from the key storage.

A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure.