In some embodiments, a system is a reverse-proxying HTTP cache server that handles user session management and dynamically forwards requests to origin/backend servers based on the content being requested. It caches data from origin servers in order to reduce the stress placed on each origin server. It uses encrypted authorization tokens to handle session management and is able to modify origin data on-the-fly in order to inject per-client authorization information into the data stream. It can enforce maximum concurrent session limits, user bans, limit exemptions, and time-limited live content previews.

Disclosed herein are systems and techniques for using a content delivery network to perform various functions within a digital advertising ecosystem, in ways that yield technological benefits such as improved security, efficiency, and speed (for example, reduction in publisher load times). As one specific example, a content delivery network can be used for the creation of electronic tokens for user identity protection between demand side platforms, supply side platforms, content creators (for example, advertisers), and publishers.

A pre-shared key (PSK) updating method is disclosed. A first communication apparatus stores a first PSK for processing, within an aging periodicity of the first PSK, a packet exchanged between the first communication apparatus and a second communication apparatus. The first communication apparatus may receive, within the aging periodicity of the first PSK, a first protocol packet that is sent by the second communication apparatus and includes a first PSK key material for generating a second PSK. The second PSK is for processing, within an aging periodicity of the second PSK, a packet exchanged between the first communication apparatus and the second communication apparatus.

Systems, apparatuses, and methods are described for adjusting capacity in a networking environment. A networking system comprising clients, servers, load balancers, and/or other devices may expand and contract network capacity as needed. When expanding network capacity, load balancers may instruct client devices to connect to servers that are part of the expanded network. When network capacity is reduced, a server and/or a load balancer my instruct client devices to close a connection with a first server and establish a connection with a second server. Client devices may seamlessly begin using the connection with a second server without having to wait for a connection timeout with the first server.

A provisioning control apparatus configured to be coupled to a provisioning equipment server electrically connectable with one or more electronic devices for provisioning the electronic devices with security sensitive provisioning data. The provisioning control apparatus includes a processor configured to generate a group context for sharing the group context with a first further provisioning control apparatus for creating a group of provisioning control apparatuses. The processor is configured to assign an identity to the first further provisioning control apparatus. The identity of the first further provisioning control apparatus is indicative of the provisioning control apparatus and the first further provisioning control apparatus. The processor is configured to generate the security sensitive provisioning data based on the group context. The provisioning control apparatus includes a communication interface configured to provide the security sensitive provisioning data to the provisioning equipment server.

A provisioning control apparatus is configured to be coupled to a provisioning equipment server, wherein the provisioning equipment server is electrically connectable with one or more electronic devices for provisioning the electronic devices with security sensitive provisioning data. The provisioning control apparatus includes a processor configured to generate a group context for sharing the group context with a first further provisioning control apparatus for creating a group of provisioning control apparatuses. The group context includes a group private key, a certificate for the group private key and a group encryption key used for encryption and/or decryption and the first further provisioning control apparatus is configured to be coupled to the provisioning equipment server. The processor is configured to generate the security sensitive provisioning data based on the group context. The provisioning control apparatus includes a communication interface configured to provide the security sensitive provisioning data to the provisioning equipment server.

A provisioning control apparatus is configured to be coupled to a provisioning equipment server electrically connectable with one or more electronic devices for provisioning the electronic devices with security sensitive provisioning data. The provisioning control apparatus includes a processor configured to generate a group context for creating a group of provisioning control apparatuses. The processor is further configured to generate the security sensitive provisioning data based on the group context. The provisioning control apparatus includes a communication interface configured to provide the security sensitive provisioning data to the provisioning equipment server. The communication interface is configured to provide the group context to a security server for generating a proxy provisioning control apparatus on the security server. The proxy provisioning control apparatus is configured to provide the group context to a first further provisioning control apparatus for enrolling the first further provisioning control apparatus for the group of provisioning control apparatuses. The first further provisioning control apparatus is configured to be coupled to the provisioning equipment server.

Techniques for re-establishing secure application sessions using an abbreviated authentication process are disclosed. A plurality of servers each use a deterministic process to independently generate a symmetric key. A client initiates an application session with one of the servers using a full authentication process. Before the connection is terminated, the server generates a session ticket, including security parameters negotiated during the full authentication process, and encrypts the session ticket with the symmetric key. Another server receives the session ticket and decrypts the session ticket using the symmetric key to initiate an abbreviated authentication process that is less costly than the full authentication process. The client and the server establish a secure communication channel based on successful completion of the abbreviated authentication process.

Sensitive information can be managed using a trusted platform module. For example, a system can encrypt target information using a cryptographic key to generate encrypted data. The system can also receive an encrypted key from a trusted platform module, where the encrypted key is a version of the cryptographic key that is encrypted using a public key stored in the trusted platform module. The system can then transmit the encrypted data and the encrypted key to a remote computing system, for example to store the encrypted data and the encrypted key on the remote computing system. Using these techniques, the target information may be secured and stored in remote locations.

A system and method for providing payments is disclosed. A method can include establishing a wireless link between a mobile device and a merchant device. After an instruction is displayed on the mobile device, a combination of a first type of input and a second type of input are received on the mobile device, first type of input including at least one button press of a physical button and the second type of input received from a user to confirm a payment for the purchase. Based on the inputs, payment data is retrieved from a memory of the mobile device. The method includes receiving the payment data at the merchant device to make the purchase, wherein receiving the payment data, via the wireless link, at the merchant device to make the purchase is performed according to a protocol for communicating the payment data to the merchant device.