A digital optical data network system for improving information security in Passive Optical Networks (“PON”) by providing virtual information separation in the router, such as a premise router, or routers interfacing the entire PON, such as by utilizing virtual routing and forwarding, thus allowing safe data traffic between multiple carriers, service providers accessing the PON and multiple end users on the PON such as tenants in a building, employees of a business entity, or subscribers in a residential community.

A method is provided that includes receiving, at a media device and from a client device, a request for a temporary identifier for a group chat session, and provisioning, by the media device, the temporary identifier based on a device identifier of the media device. The media device provides the temporary identifier to the client device. The media device receives from a server an invitation to join the group chat session, where the invitation is directed to the temporary identifier, and the media device joins the group chat session.

Mechanisms for split tunneling are provided. The mechanisms identify user devices and determine that communications for a first device of the user devices are to be tunneled. These mechanisms also receive a DNS request from a second device of the user devices, modify the DNS request to request meta information corresponding to a domain identified in the DNS request, and send the DNS request to a DNS server. The mechanisms further receive a response to the DNS request, wherein the response includes the meta information, determine that communications for the second device are not to be tunneled based at least in part on the meta information, and cause the communications for the first device to be tunneled and the communications for the second device to not be tunneled.

Systems and methods for maintaining privacy of security protocol parameters are provided. A node receives an encrypted packet and determines if the Security Parameters Index (SPI) value has been updated. The node can modify its stored SPI value(s) accordingly and process the encrypted packet.

Systems and methods for controlling the exposure of data privacy elements are provided. The systems and methods may generate an artificial profile model. The artificial profile model may include a constraint for generating new artificial profiles. A signal may be received indicating that a computing device is requesting access to a network location. One or more data privacy elements associated with the computing device can be detected. An artificial profile can be determined for the computing device. The artificial profile may be usable to identify the computing device. The one or more data privacy elements may be automatically modified according to the constraint included in the artificial profile model. The method may include generating a new artificial profile for the computing device. The new artificial profile may include the modified one or more data privacy elements. The new artificial profile may mask the computing device from being identified.

The disclosed computer-implemented method for protecting user data privacy against anti-tracking evasion techniques for web trackers may include (i) detecting hypertext markup language (HTML) associated with a website displayed in a browser application, (ii) identifying one or more elements in the HTML capable of executing web tracking code from the website, (iii) determining, based on information describing scripting programming code responsible for embedding the HTML elements in the website, a presence of a hidden web tracking script, and (iv) performing a security action that protects against a potential invasion of user data privacy by preventing the hidden web tracking script from executing the web tracking code in the browser application. Various other methods, systems, and computer-readable media are also disclosed.

A system can generate a non-sensitive identifier for sensitive data at a spoke in a hub-and-spoke configuration, wherein the spoke is configured to receive management commands by a hub device of the hub-and-spoke configuration. The system can store an association between the non-sensitive identifier and the sensitive data, resulting in a stored association. The system can send, to the hub device, a first indication of the non-sensitive identifier, and a second indication of a type of data of the sensitive data. The system can receive, from the hub device, a management command identifying the non-sensitive identifier. The system can identify the sensitive data based on the stored association. The system can perform the management command based on the sensitive data.

Systems and methods for controlling the exposure of data privacy elements are provided. The systems and methods may generate an artificial profile model. The artificial profile model may include a constraint for generating new artificial profiles. A signal may be received indicating that a computing device is requesting access to a network location. One or more data privacy elements associated with the computing device can be detected. An artificial profile can be determined for the computing device. The artificial profile may be usable to identify the computing device. The one or more data privacy elements may be automatically modified according to the constraint included in the artificial profile model. The method may include generating a new artificial profile for the computing device. The new artificial profile may include the modified one or more data privacy elements. The new artificial profile may mask the computing device from being identified.

A method is provided to anonymize the media access control (MAC) address of a client device. The method involves generating a plurality of media access control (MAC) addresses for use by a client device in a network. Policies are defined that determine which one of the plurality of MAC addresses is to be used by the client device. The plurality of MAC addresses allocated for use by the client device are registered with a management entity in the network.

Systems and methods for effectively managing security and privacy measures during a user's connectivity session with a VPN service are provided. The systems and methods use a computer program that introduces a double-NAT feature at the network layer and a temporary hash table containing the minimally necessary temporary data to link two NAT sessions together in a secure manner. The systems and methods avoid including the dynamic management of IP addresses or requiring each client to have an IP address assigned beforehand to avoid compromising the user's identity by hard linking the session traces with the client.