The present disclosure relates to communication sessions between a first node and a plurality of other nodes. Two cryptographic keys are generated. A first cryptographic key is generated (113A) in a first node (10), e.g. Node A. A second cryptographic key is generated (113B) by a second node (22), which is a virtual and temporary node which is executed on a server (20). The second cryptographic key is transmitted to several other nodes (30). The first and second cryptographic keys, which are the same, may then be applied in communication sessions between the first node (10) and the several other nodes (30). Hereby it is made possible to allow for node-to-multinode communication sessions that offer the same, or substantially the same, security as conventional node-to-node communication sessions.

Disclosed herein are systems and methods for a security gateway to process secure network sessions where there is a server certificate validation error. In various embodiments, varying security policies can be applied to the secure network sessions, including intercepting of network data, bypass of the security gateway, or termination of the secure sessions.

Participants of a phone conference can share electronic data without a need to exchange passwords to link two devices nor to login to access data. The invention is resistant to eavesdropping, and provides methods, devices and systems to easily and automatically find, identify and authenticate participants on a computer network for electronic data exchange. Samples of the audio are used to create a stream of audio fingerprints which are sent to a matching service. This matching service finds the fingerprints that correspond to the same conversation, and exchanges identifiers. When instructed by the user, the device can setup a secure data connection.

Disclosed are systems and method for secure transmission of web pages using encryption of their content. An exemplary method comprises: receiving from a remote server, by a processor of a proxy server, a web page requested by a user device; analyzing, by the processor, the received web page to select one or more elements of the web page for encryption based at least upon a list of web page elements predetermined by the proxy server to protect against malware attacks; encrypting the code of the one or more selected elements; generating a script containing the encrypted code of the one or more selected elements; and replacing the code of the one or more selected elements in the web page with the script containing the encrypted code of the one or more selected elements prior to transmitting the web page to the user device.

Described herein are systems, devices, and methods for content delivery on the Internet. In certain non-limiting embodiments, a caching model is provided that can support caching for indefinite time periods, potentially with infinite or relatively long time-to-live values, yet provide prompt updates when the underlying origin content changes. In one approach, an origin server can annotate its responses to content requests with tokens, e.g., placing them in an appended HTTP header or otherwise. The tokens can drive the process of caching, and can be used as handles for later invalidating the responses within caching proxy servers delivering the content. Tokens may be used to represent a variety of kinds of dependencies expressed in the response, including without limitation data, data ranges, or logic that was a basis for the construction of the response.

A method for auditing tags launched within a target mobile application comprises analyzing a network communication generated by a target mobile application to determine if an identifiable tag signature is present within the network communication. An identifiable tag signature can comprise one or more attributes that are associated with the firing of a tag. Based upon a detected tag signature, the method can further comprise determining that a particular tag fired. Further the method can comprise recording information associated with the particular tag. Methods are also provided for inspecting encrypted data traffic and generating reports thereon. Encrypted network communications are intercepted, decrypted using a digital certificate, digital signatures are identified, and reports are generated indicating which digital signatures were found to match tag signatures.

A method operable by a computing device for configuring access for a limited user interface (UI) device to a network service via a local network access point is disclosed. The method comprises the steps of: obtaining from the limited UI device a device identifier via a first out-of-band channel. The device identifier is provided to the network service via a secure network link. A zero knowledge proof (ZKP) challenge is received from the network service. Configuration information is provided to the limited-UI device via a second out-of-band channel, the configuration information including information sufficient to enable the limited-UI device to connect to the local network access point. The ZKP challenge is provided to the limited-UI device via the second out-of-band channel. A secure channel key is received from the network service indicating a successful response from the limited-UI device to the ZKP challenge; and provided to the limited-UI device enabling the limited-UI device to access the network service.

Provided is a process of operating a zero-knowledge encrypted database, the process including: obtaining a request for data in a database stored by an untrusted computing system, wherein the database is stored in a graph that includes a plurality of connected nodes, each of the nodes including: an identifier, accessible to the untrusted computing system, that distinguishes the respective node from other nodes in the graph; and an encrypted collection of data stored in encrypted form, wherein: the untrusted computing system does not have access to an encryption key to decrypt the collections of data, the encrypted collections of data in at least some of the plurality of nodes each include a plurality of keys indicating subsets of records in the database accessible via other nodes in the graph and corresponding pointers to identifiers of the other nodes.

A device may receive encrypted traffic associated with a secure session. The device may determine, based on the encrypted traffic, information associated with an offload service to be applied to the encrypted traffic associated with the secure session. The information associated with the offload service may indicate whether the encrypted traffic is permitted to bypass inspection by one or more security services. The device may selectively permit the encrypted traffic, associated with the secure session, to bypass inspection by the one or more security services based on the information associated with the offload service.

One embodiment relates to a method of updating, by an electronic device of a first user of a tree of data files and/or folders of the first user stored in a storage server configured to implement a re-encryption mechanism, this tree comprising at least one target folder that the first user has authorized a second user to access by providing the storage server with a re-encryption key for this target folder from the first user to the second user.