Systems and methods are described for determining whether an electronic computing device complies with the security policy for a network. The invention includes receiving an electronic request signal including an electronically encoded request to allow an electronically encoded process operating on an electronic processor of the electronic computer device to establish electronic communication with a specific target electronic device or service operating on the electronic communications and data network; receiving electronically encoded information about the identity of the electronically encoded process, the electronic computing device, or the use of the electronic computing device; receiving electronically encoded policy elements for the security policy; receiving electronically encoded information about the compliance of the electronic computing device; receiving electronically encoded information related to the identity of the principal of the electronic computing device; and determining whether the electronic computing device complies with the security policy.

In general, in an aspect, a method for providing an outbound gateway protection includes provisioning one or more worker gateways located in a first gateway virtual private cloud, the one or more worker gateways sharing configuration data with the controller gateway, provisioning one or more load balancer gateways in one or more client virtual clouds, the one or more client virtual clouds each comprising one or more clients, the one or more load balancer gateways distributing client requests among the worker gateways, assigning groups of the one or more clients to one of the one or more load balancer gateways based on requests from a majority of the worker gateways, and communicating outbound network traffic from the clients via the assigned load balancer gateways.

The disclosure details the implementation of an apparatus, method, and system comprising a portable device configured to communicate with a terminal and a network server, and execute stored program code in response to user interaction with an interactive user interface. The portable device contains stored program code configured to render an interactive user interface on a terminal output component to enable the user the control processing activity on the portable device and access data and programs from the portable device and a network server.

A system that enables end-user devices that operate within different enterprise networks to exchange data with one another. In particular, the disclosed system uses unique IP addresses that are dedicated solely to supporting a predefined communication service between enterprise computer networks, in order to identify and route each data packet according to the communications service. As part of the communications service, the data packets are transmitted, for example, from a first local service provider network hosting a first enterprise network, through a participating backbone service provider network on the public Internet and based on deterministic routing, and to a second local service provider network hosting a second enterprise network. In handling the data packets in this way, the disclosed system creates an Internet wide-area-network (WAN): the data packets are transmitted over the Internet and conceivably over a large geographic distance between enterprise networks.

A UE communicates with a network gateway to access a provisioning device via a provisioning network. The provisioning device uses identification data of the UE to authenticate the UE for a primary network, and provides primary network configuration data to the UE. Using the primary network configuration data, the UE communicates with the network gateway to access the primary network. The primary network configuration data can include data to enable the UE to establish communications with one or more private networks accessible via the primary network.

A device for secure transmission of vehicle data over vehicle datalinks that may be shared with passenger devices and are connected to a publicly shared network is provided. The device comprises a processor embedded within a portion of an Ethernet cable for a vehicle. A plurality of applications resides in the processor and comprises a VPN application, and a VPN address and certificate update application. A first Ethernet transceiver communicates with the processor through the VPN application and also communicates with onboard electronic equipment. A second Ethernet transceiver communicates with the processor through the VPN application and also communicates with an external datalink. The VPN application automatically establishes a VPN when the datalink is available, provides an authentication certificate to verify that the device is a correct and legitimate node, and verifies a VPN hosting certification to determine whether the device is communicating with a correct and legitimate external facility.

In an example embodiment, A PICNEEC is provided. It includes one or more Virtual Customized Rules Enforcer (VCRE) instances, each VCRE instance corresponding to a group of mobile devices and defining a set of policies personalized for the group of mobile devices. Each VCRE is configured to, upon receiving a data packet communicated between a packet-based network and a mobile device in the corresponding group via a radio network, execute one or more policy rules stored in the VCRE instance to the data packet prior to forwarding the data packet. Each VCRE instance is controlled independently of one another via direct accessing of the VCRE instance by a different customer of the mobile network provider.

There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; an operating system including a native internet protocol (IP) stack; and a security agent, including instructions encoded within the memory to instruct the processor to: establish a split virtual private network (VPN) tunnel with a remote VPN service; receive outgoing network traffic; direct a first portion of the outgoing traffic to the VPN tunnel, including determining that the first portion includes an outgoing domain name service (DNS) request; and direct a second portion of the outgoing traffic to the native IP stack.

A network device or system can operate to enable a security pass-through with a user equipment (UE) and further define various virtual functions between a physical access point (pAP) and a virtual AP (vAP) based on one or more communication link parameters (e.g., latency). The security pass-through can be an interface connection that passes through a computer premise equipment (CPE) or wireless residential gateway (GW) without the CPE or GW modifying or affecting the data traffic such as by authentication or security protocol. The SP network device can receive traffic data from a UE through or via the security pass-through from a UE of a community Wi-Fi network at a home, residence, or entity network.

A cloud-based multi-tenant system for policy-driven locality route and traffic management is disclosed. The cloud-based multi-tenant system includes a plurality of routes through the cloud-based multi-tenant system to deliver services to a plurality of end user devices. Each route is characterized by one or more of locality and residency. The plurality of routes are specified for a plurality of policies. An application running on an end user device requests a policy chosen from the plurality of policies. A route of the plurality of routes corresponding to the policy, traffic rules, and route maps corresponding to the policy for the end user device are returned. Communication is performed via the route between the application and a cloud service according to the policy. Compliance with the policy is tested for locality and residency, telemetry according to the testing is reported, and the plurality of routes is updated based upon the telemetry.