An apparatus for accessing web pages includes: a communication interface; and a processor communicatively coupled to the communication interface and configured to: receive a web crawler request, from the communication interface, to access a specified web page; select a first selected proxy server from among a plurality of proxy servers; send, via the communication interface, a first access request to the first selected proxy server requesting access to the specified web page; receive, via the communication interface, a response from the selected proxy server corresponding to the first access request; analyze the response from the selected proxy server; select a second selected proxy server from among the plurality of proxy servers in response to determining from the response that the first access request was denied, and send, via the communication interface, a second access request to the second selected proxy server requesting access to the specified web page.

Security system for protecting a vehicle electronic system by selectively intervening in the communications path in order to prevent the arrival of malicious messages at ECUs, in particular at the safety critical ECUs. The security system includes a filter which prevents illegal messages sent by any system or device communicating over a vehicle communications bus from reaching their destination. The filter may, at its discretion according to preconfigured rules, send messages as is, block messages, change the content of the messages, request authentication or limit the rate such messages can be delivered, by buffering the messages and sending them only in preconfigured intervals.

A client application performs certificate pinning as a means of authenticating the identity of a server. A proxy is interposed in the communications path of the client and the hosting server and provides a proxy security certificate to the client. In response to the client extracting a proxy authentication component from the proxy security certificate, operation of the client is paused and a hosting server authentication component is extracted from a hosting server security certificate. The client operation is resumed, providing the extracted hosting server authentication component to the client, in substitution for the proxy authentication component. Based on receiving the extracted hosting server authentication component, the client authenticates the proxy to receive communications directed to the hosting server.

A system provides cloud-based identity and access management. The system receives a request from a client for an identity management service, authenticates the request, and accesses a microservice based on the request. The system determines, based on the request, a tenancy of the client, a tenancy of a user, and a tenancy of a resource. The system retrieves data from the determined tenancies as required to process the request, where the data is retrieved by the microservice using a connection pool that provides connections to the database. The system then performs the identity management service by the appropriate microservice responsible for processing the received request.

A cloud-based multi-tenant system for policy-driven locality route and traffic management is disclosed. The cloud-based multi-tenant system includes a plurality of routes through the cloud-based multi-tenant system to deliver services to a plurality of end user devices. Each route is characterized by one or more of locality and residency. The plurality of routes are specified for a plurality of policies. An application running on an end user device requests a policy chosen from the plurality of policies. A route of the plurality of routes corresponding to the policy, traffic rules, and route maps corresponding to the policy for the end user device are returned. Communication is performed via the route between the application and a cloud service according to the policy. Compliance with the policy is tested for locality and residency, telemetry according to the testing is reported, and the plurality of routes is updated based upon the telemetry.

In one aspect, a computerized method of an application routing service includes the step of using a deep-packet inspection (DPI) technique on a first network flow to identify an applications The method includes the step of storing an Internet-protocol (IP) address and a port number used by the application and an identity of the application in a databases The method includes the step of detecting a second network flow. The method includes the step of identifying the IP address and the port number of the application in the second network flow. The method includes the step of looking up the IP address and the port number in the database. The method includes the step of identifying the application based on the IP address and the port number.

An Internet-connected device, such as a car, refrigerator, or even a laptop can use a second device, such as a cell phone, to support cryptographic operations and communication with token service providers or other processing services requiring pre-provisioned capabilities that may include cryptographic secrets. By removing the need to store personally sensitive data in “Internet of Things” (IoT) devices, a user's personal information and other sensitive financial information may be contained to a relatively small number of devices. This may help prevent theft of goods or services by IoT devices that are not always under the close control of the user.

A computer-implement method comprises: selecting a trusted computing node via smart contract on a blockchain; completing remote attestation of the selected trusted computing node; writing secret information to an enclave of the selected node; causing a thin device to establish a private connection with the selected node without revealing the secret information; and causing the selected node to act as a proxy on the blockchain for the device. Another method comprises: receiving a signed device access request from a device owner; validating, by the verification node, the received request; executing, by a verification node, a smart contract on a blockchain based on the received request; and producing, based on the executed smart contract, an output command to access the device for the device to validate, decrypt and execute.

Aspects of the disclosure relate to dynamically controlling access to linked content in electronic communications. A computing platform may receive, from a user computing device, a request for a uniform resource locator associated with an email message and may evaluate the request using one or more isolation criteria. Based on evaluating the request, the computing platform may identify that the request meets at least one isolation condition associated with the one or more isolation criteria. In response to identifying that the request meets the at least one isolation condition associated with the one or more isolation criteria, the computing platform may initiate a browser mirroring session with the user computing device to provide the user computing device with limited access to a resource corresponding to the uniform resource locator associated with the email message.

A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key.