The present disclosure includes apparatuses, methods, and systems for secure communication in a traffic control network. An embodiment includes a memory, and circuitry configured to receive a traffic control public key from a traffic control device, wherein the traffic control public key is received in response to providing, to the traffic control device, a request to modify content of the traffic control device, encrypt data corresponding to vehicle information using the traffic control public key, provide, to the traffic control device, the encrypted data to store the data in the traffic control device, and access a network of traffic control devices, including the traffic control device, via the data stored in the traffic control device.

Techniques for providing a secure and verifiable data access logging system are disclosed herein. In some embodiments, a computer system receives an indication of a data request from a client device that is requesting data of one or more users from a data server, stores a request log entry corresponding to the data request in a log file, generates a request token based on the received indication of the data request, transmits the generated request token to the client device, receives a fetch event from the data server that requests a request digest corresponding to the request token and configured to indicate that the request log entry corresponding to the data request is stored in the log file, stores a response log entry corresponding to the received fetch event in the log file, and transmits the request digest to the data server based on the received fetch event.

A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.

The disclosed technology relates to broadcasting encrypted data to multiple receiver devices, where some receiver devices have long-term access to the encrypted data and some receiver devices have a temporary access to the encrypted data. Receivers having long-term access are part of a member group because these member group devices have a master key and the master key enables the member group devices to derive the necessary information to decrypt the encrypted broadcast. In contrast, devices with temporary access possess only a guest key and not master key, without a master key the devices need to receive the guest key from another device to decrypt the broadcast. Access to the encrypted stream can also be based on broadcasting multiple or single diversifiers, where a diversifier can include group identification information to assist in restricting access to the encrypted stream.

Implementations provide for extending an authentication protocol to dynamically create a per user end to end encryption over a multi-hop path for data traffic, which provides an automatic triggering of authentication on each hop of a path when a client joins the network. A device includes a processor that is configured to, in response to receipt of a request for authentication from an end device, perform an authentication protocol to authenticate with an authentication server via an authenticator device. When the authentication protocol is successfully performed, the processor is configured to receive a message indicating that the device was successfully authenticated by the authentication server. The processor is configured to create a pairwise master key (PMK) from the parameters, and derive a pairwise temporary key (PTK) from a key derivation function seeded by the PMK. The processor is configured to encrypt, using the PTK, a message from the end device.

Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that receive a request from a client to log into an application hosted by an application server. A determination is made when the client is authenticated in response to the request. Attribute(s) are extracted from the request, when the determining indicates that the client is authenticated. A first password is generated for the client. A record for the client stored at a global catalog server is identified based on the extracted attributes and the generated first password is injected into the identified record. Credential(s) including at least the generated first password are sent to the application hosted by the application server. This technology advantageously facilitates hosting of applications that support password-based login in networks that do not allow password use even when application servers hosting the applications cannot be steered to particular directory services for authentication.

Secure subscription based vehicle data services are provided. In one embodiment, a device comprises: a non-volatile memory comprising an embedded public key (EPK) that comprises a public key of a public-private key pair associated with a data service system not onboard the vehicle; a protocol that initiates a communication session that includes a session validation sequence that causes a processor to transmit a session request message and validate an authenticity of a session reply request using the EPK; the protocol includes a session initiation sequence that causes the processor to: transmit an initiation request message to the data service system that includes a key derivation key, and apply the key derivation key to a key derivation function to generate a message authentication key. The processor authenticates uplink messages exchanged with a host data service using the message authentication key.

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

A client establishes a network session with a server. The network session is used to establish an encrypted communications session. The client establishes another network session with another server, such as after terminating the first network session. The client resumes the encrypted communications session over the network session with the other server. The other server is configured to receive encrypted communications from the client and forward them to the appropriate server.

A method of protecting WLAN Control Protocol (WLCP) message exchange between a Trusted WLAN Access Gateway (TWAG)(112) of a Trusted WLAN Access Network (TWAN)(110) and a User Equipment (UE)(101) are provided. The method comprises deriving, by an Authentication, Authorization, and Accounting, (AAA) Server(103) of an Evolved Packet Core (EPC) network which is interfaced with the TWAN, and by the UE, a Master Session Key (MSK) and an Extended MSK (EMSK), sending, from the AAA Server to a Trusted WLAN AAA Proxy (TWAP)(113) of the TWAN and an Access Point (AP)(111) of the TWAN, the MSK or a key derived from at least the MSK, and deriving, by the TWAN or by the AAA Server, and by the UE, from the MSK, the EMSK, or the key derived from at least the MSK or the EMSK, a key for protecting the WLCP message exchange.Corresponding devices, computer programs, and computer program products are further provided.