Some embodiments provide a method for providing access in a scalable manner to resources in a first datacenter to clients operating in one or more public clouds. The method of some embodiments implements with multiple machines a public-cloud proxy to connect clients in the public cloud(s) to a reverse proxy in the first datacenter. For instance, in response to a request to access a first resource in the first datacenter from a first client executing outside of the first datacenter, the method: (1) assigns a first proxy-implementing machine operating outside of the first datacenter to establish a first connection with the first client, (2) assigns a second proxy-implementing machine operating outside of the first datacenter to establish a second connection with the reverse proxy that operates in the first datacenter and that provides access to the first resource, and (3) establishes a third connection between the first and second proxy-implementing machines to forward messages between the first client and the reverse proxy through the first, second, and third connections.

An authentication and encryption protocol is provided that can be implemented within a single clock cycle of an integrated circuit chip while still providing unbreakable encryption. The protocol of the present invention is so small that it can co-exist on any integrated circuit chip with other functions, including a general purpose central processing unit, general processing unit, or application specific integrated circuits with other communication related functionality.

The present disclosure relates to traffic monitoring through one or more access control servers configured for (i) routing server resource request messages to resource server(s), (ii) extracting information identifying a target server resource from data packets corresponding to one or more received server resource request messages, and (iii) selectively transmitting the received server resource request message to a resource server. The security server(s) is configured to receive a server resource request message data extracted from a server resource request message and initiate a first security response, wherein the initiated first security response is dependent on analysis of the server resource request message data. Responsive to identifying an indicator of compromise or that an originating terminal corresponding to the server resource request is identified within a blacklist, the first security response comprises non-transmission of at least one server resource request message by the access control server to a resource server.

Techniques to provide secure access to a service via an unmanaged device are disclosed. In various embodiments, a request from an unmanaged device to access a service is received via a communication interface. A user associated with the request is authenticated at least in part by prompting the user to use a managed device associated with the user to interact with data displayed at the unmanaged device. Access to the service is provided via the unmanaged device at least in part via a virtual browser instance running on a secure node and configured to access the service on behalf of the user and stream data associated with the service to the unmanaged device.

Disclosed is a control method of a control device, the control method including determining whether a movable object is located in a first area using a detection sensor, activating a first mode among operation modes of the control device when it is determined that the movable object is located in the first area, acquiring user confirmation information from a terminal when the first mode is activated wherein the user confirmation information corresponds to user-specific information stored in the terminal and is provided to the terminal by a server before the terminal provides the user confirmation information to the control device, transmitting processing request information based on the user confirmation information to the server so that the server performs processing on the user confirmation information, acquiring a processing result for the user confirmation information from the server, and providing the processing result for the user confirmation information to the terminal.

A method of provisioning UE Route Selection Policy (URSP) rules received from a non-subscribed Stand-alone Non-public Network (SNPN) registered using credentials from a credentials holder (CH) is provided. After a UE register to the non-subscribed SNPN using credentials from the CH, the UE may establish a PDU session for accessing services n the SNPN. Prior to establishing the PDU session, the UE checks the corresponding URSP rules that can be used in the SNPN. If the UE is signaled with URSP rules by the registered non-subscribed. SNPN, UE should store the URSP rules and then apply those URSP rules for PDU session establishment when the UE access the services in the non-subscribed SNPN.

A method and an apparatus for controlling a data access right are disclosed. The method includes: receiving, by a first proxy node, a first request message from a request node, where the first request message includes an identity of the request node and an identifier of to-be-accessed data; determining a first encrypted ciphertext on a blockchain based on the identifier; determining, based on the identity, whether the request node has a right to read the first encrypted ciphertext; and if yes, initiating a right verification request for the request node to at least one second proxy node, and determining, based on a feedback result of the at least one second proxy node, provisioning of the first encrypted ciphertext. A proxy node is added to the blockchain network, so that a data source can freely grant or revoke the right of the request node without modifying a ciphertext, ensuring information security.

The disclosed technology provides solutions for performing rapid authentication and authorization for distributed containerized microservices. In some aspects, a process of the technology can include steps for: associating a service type with a set of microservices or service pods, detecting deployment of a first microservice on a first host, and receiving an authentication and authorization state from a first virtual network edge (VNE) of the first host. In some aspects, the process can further include steps for distributing the authentication state to a second VNE on a second host, wherein the authentication state is configured to facilitate authentication of one or more subsequent microservices instantiated on the second host by the second VNE. Systems and machine readable media are also provided.

A method for integrating third-party encryption managers with cloud services includes receiving, at data processing hardware, an operation request requesting a cryptographic operation on data comprising an encryption operation or a decryption operation. When the operation is an encryption operation, the method includes transmitting a data encryption key associated with the data to a remote entity. The remote entity encrypts the data encryption key with a key encryption key and transmits the encrypted data encryption key to the data processing hardware. When the operation is a decryption operation, the method includes transmitting the encrypted data encryption key to the remote entity which causes the remote entity to decrypt the encrypted data encryption key with the key encryption key and transmit the decrypted data encryption key and transmit to the data processing hardware.

A method of authenticating a secondary communication device based on authentication of a primary mobile communication device is disclosed. Trust is established with the primary mobile communication device by a device authentication server (DAS). The DAS receives an authorization code request from a secondary application operating on the secondary communication device, and transmits an authorization code to the secondary communication device. The DAS receives the authorization code from a primary application operating on the primary mobile communication device. The DAS authorizes the secondary application based on the trust with the primary mobile communication device and the authorization code from the primary application. The DAS transmits a secondary token to the secondary application at the secondary communication device to allow initialization of a communication session from the secondary application on behalf of the primary mobile communication device.