A method including determining, by a first device in communication with a second device in a mesh network, an instant message to be transmitted to the second device; and encrypting, by the first device, the instant message based at least in part on utilizing a symmetric key negotiated between the first device and the second device; and selectively transmitting, by the first device to the second device, the instant message over a meshnet connection between the first user device and the second user device in the mesh network. Various other aspects are contemplated.

Authentication of a networked device with limited computational resources for secure communications over a network. Authentication of the device begins with the supplicant node transmitting a signed digital certificate with its authentication credentials to a proxy node. Upon verifying the certificate, the proxy node then authenticates the supplicant's credentials with an authentication server accessible over the network, acting as a proxy for the supplicant node. Typically, this verification includes decryption according to a public/private key scheme. Upon successful authentication, the authentication server creates a session key for the supplicant node and communicates it to the proxy node. The proxy node encrypts the session key with a symmetric key, and transmits the encrypted session key to the supplicant node which, after decryption, uses the session key for secure communications. In some embodiments, the authentication server encrypts the session key with the symmetric key.

A system can generate a non-sensitive identifier for sensitive data at a spoke in a hub-and-spoke configuration, wherein the spoke is configured to receive management commands by a hub device of the hub-and-spoke configuration. The system can store an association between the non-sensitive identifier and the sensitive data, resulting in a stored association. The system can send, to the hub device, a first indication of the non-sensitive identifier, and a second indication of a type of data of the sensitive data. The system can receive, from the hub device, a management command identifying the non-sensitive identifier. The system can identify the sensitive data based on the stored association. The system can perform the management command based on the sensitive data.

A SSH (secure shell) public key is received from a client device 120 120 on the enterprise network, and an EMS device 140 is queried based on the SSH public key. Responsive to confirmation of registration from the EMS server, an authentication certificate based on a user and the client device 120 120 is generated. An SSH session is initiated on behalf of the client device 120 120 including submitting the certificate and the SSH public key from the client device 120 120 to the external server.

Systems, methods, and software described herein manage and process application programming interface (API) statistics associated with an API provider. In one implementation, a secure proxy is used to obtain API request information and encrypt at least a portion of the API request information. Once encrypted the API request information is communicated to a monitoring service. The secure proxy is further configured to receive a summary request associated with usage of the API provider and encrypt at least one attribute in the request. The secure proxy also retrieves summary information from the API monitoring service using the request with the at least one encrypted attribute and generates a summary using the summary information.

A first device obtains a public key of a first home device and a first message leaving key that is used to encrypt an offline message between the first device and the first home device; obtains a public key of a second device and a second message leaving key that is used to encrypt an offline message between the first device and the second device; obtains a third message leaving key used to encrypt an offline message between the second device and the first home device; encrypts the public key of the second device and the third message leaving key by using the first message leaving key, to obtain first encrypted information, and requests a server to push the first encrypted information to the first home device; and encrypts the public key of the first home device and the third message leaving key by using the second message leaving key.

An information processing apparatus configured to perform encryption communications using an encryption communication protocol set as a used protocol from among a plurality of encryption communication protocols The information processing apparatus sets a version of the encryption communication protocol to be used for the encryption communications in association with a specific communication destination, and executes, in a case that a communication partner is the specific communication destination and the set version of the encryption communication protocol includes a version of an encryption communication protocol set in the communication partner, the encryption communications with the communication partner using the version of the encryption communication protocol set in the communication partner.

Described in example embodiments herein are techniques for implementing an automated banking machine such as an ATM. An example embodiments, tracks the flow of a note through an ATM. Another embodiment corrects errors detected during a note flow. Some embodiments are in the form of security protocols for communications or other communication protocols, or techniques for monitoring devices operating in the ATM. Yet another example embodiment is directed to security of a currency cassette. Still yet another embodiment is directed to detecting tampering of the ATM's gate and/or shuttle. Yet still another embodiment determines if notes in a shuttle were delivered.

One example method includes a device management system detecting an attempt to access a user account by an unenrolled device. The device management system identifies a first enrolled device of the user account by accessing a signature chain of the user account. The device management system facilitates a transmission of a cryptographically-signed enrollment request from the unenrolled device to the first enrolled device. The first enrolled device is configured to cryptographically validate the enrollment request. The first enrolled device is further configured to generate an encrypted attestation message that indicates that the unenrolled device has been authenticated. The unenrolled device can receive and decrypt the encrypted attestation message based on a passcode being displayed on the first enrolled device. The device management system receives a decrypted attestation message from the unenrolled device and updates the signature chain to include a new sequential record for the unenrolled device.

Systems, methods, and computer-readable media are provided for performing secure frame encryption as a service. For instance, a network device can receive a first request for encrypting a first media stream associated with a first endpoint. In response to the first request, the network device can obtain a first encryption key for encrypting the first media stream associated with the first endpoint. The network device can receive, from the first endpoint, a first plurality of media frames corresponding to the first media stream and encrypt each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames. The network device can packetize the first plurality of encrypted media frames into a first plurality of data packets for transmission to a second endpoint.