A request to establish an encrypted media stream is received, by an edge server, for a Web Real-Time Communication (WebRTC) communication session between a first browser, and a second browser or gateway. The edge server is a boundary device between a first network and a second network. The edge server retrieves a tenant identifier for the encrypted media stream. The tenant identifier can identify a specific company or enterprise. In response to receiving the tenant identifier for the encrypted media stream for the WebRTC communication session, a list of one or more Quality-of-Service (QoS) parameters associated with the tenant is retrieved. For example, the list of QoS parameters may be based on a Service Level Agreement (SLA). The edge server dynamically sends a message to configure the second network to support the list of one or more QoS parameters associated with the tenant.

A device may receive encrypted traffic associated with a secure session. The device may determine, based on the encrypted traffic, information associated with an offload service to be applied to the encrypted traffic associated with the secure session. The information associated with the offload service may indicate whether the encrypted traffic is permitted to bypass inspection by one or more security services. The device may selectively permit the encrypted traffic, associated with the secure session, to bypass inspection by the one or more security services based on the information associated with the offload service.

Systems, methods, and non-transitory computer-readable storage media for a non-replayable communication system are disclosed. A first device associated with a first user may have a public identity key and a corresponding private identity. The first device may register the first user with an authenticator by posting the public identity key to the authenticator. The first device may perform a key exchange with a second device associated with a second user, whereby the public identity key and a public session key are transmitted to the second device. During a communication session, the second device may transmit to the first device messages encrypted with the public identity key and/or the public session key. The first device can decrypt the messages with the private identity key and the private session key. The session keys may expire during or upon completion of the communication session.

The disclosure details the implementation of a tunneling client access point (TCAP) that is a highly secure, portable, power efficient storage and data processing device. The TCAP tunnels data through an access terminal's (AT) input/output facilities. In one embodiment, the TCAP connects to an AT and a user employs the AT's user input peripherals for input, and views the TCAP's activities on the AT's display. This enables the user to observe data stored on the TCAP without it being resident on the AT, which can be useful to maintain higher levels of data security. Also, the TCAP may tunnel data through an AT across a communications network to access remote servers. The disclosure also teaches a plug-n-play virtual private network (VPN).

A hash value provides for a time-stamp for a piece of data upon verification. Providing the hash value includes deriving one-time signing keys of signer's one-time signing key hash chain by a one-way function of a secret key of the signer and a function of an index of the one-time signing key, and providing the hash value for the piece of data by a hash function including the piece of data and the derived one-time signing key. An electronic device having a processor arranged to implement a functional module for deriving a one-time signing key and providing a hash value for a piece of data by a hash function including the piece of data and the derived one-time signing key is also disclosed. The functional module is arranged to perform the method. A computer program for implementing the method on the electronic device is also disclosed.

Embodiments of the present invention include determining whether a cryptographic certificate can be trusted. A cryptographic certificate is received at a client device. The client device performs a first check on a first set of attributes of the cryptographic certificate. In addition, the client device sends the cryptographic certificate to a central verification server, which performs a second check on a second set of attributes of the cryptographic certificate. In the case that the first set of attributes passes the first check, and the second set of attributes passes the second check, the client device determines that the cryptographic certificate can be trusted.

A method is provided for delegating behavior of a smart contract associated with a blockchain to code that is not part of the blockchain. A system directs execution by a virtual machine of the smart contract. During execution of the smart contract, the smart contract sends to a cryptlet container service, via a cryptodelegate, a request to delegate a behavior to a cryptlet that executes on an attested host. During execution the cryptlet container service identifies a host for executing code of the cryptlet in an appropriate cryptlet container. The cryptlet container service directs the identified host to execute the code of the cryptlet to perform the delegated behavior. After the delegated behavior is performed, the cryptlet container service receives from the cryptlet a response to the requested behavior. The cryptlet container service sends the response to the smart contract on the blockchain that is verified by the cryptodelegate.

A system and method for sharing electronic data between participants of a phone conference, such as an online presentation, without a need to exchange passwords to link two devices together for data transfer nor go through a login procedure to access the data resource. To achieve this, the participants use a device or software application that samples the audio of the phone conversation and creates a stream of audio fingerprints. The streams of fingerprints are sent to a matching service on the internet. This matching service finds the fingerprints that correspond to the same conversation among the streams of simultaneous users. Once a match is found with a high enough confidence level, the matching service exchanges identifiers such as public IP addresses and sends those back to the fingerprinting units. When instructed by the user, the units can then proceed to setup a secure data connection.

The present approaches generally relate to the encryption of data within a database in such a way that the encrypted data may still be easily accessed and utilized by an application. The present approach provides the ability to encrypt and decrypt data at an application layer though the data remains in an encrypted state at the database layer and when in transit.

In some aspects, the disclosure is directed to methods and systems for providing coordinative security among network devices across multi-level networks. Shared cryptographic secrets among the network devices are used as the basis for mutual security authentication and peering among these devices. The cryptographic secrets can be embedded in the SoC devices for these devices or dynamically generated based on unique identification information and attributes of these SoC devices. The messages for authentication and peering can be communicated directly among the network devices or indirectly via a cloud security portal entity that acts as a messaging proxy. The mutual authentication and peering process can be carried out coordinately among the network devices and a cloud security portal in a one-to-one mesh relationship, or in a transitive layering relationship, where each network entity authenticates and peers with its direct subordinates in a multi-level network.