Technologies for providing a multi-tenant local breakout switching and dynamic load balancing include a network device to receive network traffic that includes a packet associated with a tenant. Upon a determination that the packet is encrypted, a secret key associated with the tenant is retrieved. The network device decrypts a payload from the packet using the secret key. The payload is indicative of one or more characteristics associated with network traffic. The network device evaluates the characteristics and determines whether the network traffic is associated with a workload requesting compute from a service hosted by a network platform. If so, the network device forwards the network traffic to the service.

A method comprising receiving, by a one-time pad (OTP) hub, from a first user of a computer network, a communication encrypted with an OTP associated with said first user, wherein said communication is intended for a second user; encrypting, by said hub, said communication with an OTP associated with said second user; decrypting, by said hub, said communication with an OTP associated with said first user; and delivering said communication to said second user.

The present inventions, in one aspect, are directed to systems and circuitry for and/or methods of establishing communication having one or more pairing facilitator-intermediary devices (for example, a network connected server) to enable or facilitate pairing and/or registering at least two devices (e.g., (i) a portable biometric monitoring device and (ii) a smartphone, laptop and/or tablet) to, for example, recognize, interact and/or enable interoperability between such devices. The pairing facilitator-intermediary device may responsively communicates information to one or more of the devices (to be paired or registered) which, in response, enable or facilitate such devices to pair or register. The present inventions may be advantageous where one or both of the devices to be paired or registered is/are not configured (e.g., include a user interface or certain communication circuitry that is configured or includes functionality) to pair devices without use of a facilitator-intermediary device.

A relay device transfers a plurality of original data fragments corresponding to a plurality of secret sharing values of original data to a plurality of secure computation devices, transfers, to each of the secure computation devices, a request to send a result fragment based on a secure computation result corresponding to any one of the original data fragments, and transfers the result fragment. The relay device controls timing with which the original data fragments are transferred and timing with which the request to send is transferred.

A key broker monitors network traffic metadata and determines which decryption keys are required at one or more packet brokers in order to decrypt relevant traffic required by various network monitoring devices. The key broker retrieves the required keys from a secure keystore distributes them, as needed, to the network packet brokers, and dynamically updates the decryption keys stored in the network packet brokers in response to changes in network traffic.

Systems, methods, and computer-readable media are provided for performing secure frame encryption as a service. For instance, a network device can receive a first request for encrypting a first media stream associated with a first endpoint. In response to the first request, the network device can obtain a first encryption key for encrypting the first media stream associated with the first endpoint. The network device can receive, from the first endpoint, a first plurality of media frames corresponding to the first media stream and encrypt each of the first plurality of media frames using the first encryption key to yield a first plurality of encrypted media frames. The network device can packetize the first plurality of encrypted media frames into a first plurality of data packets for transmission to a second endpoint.

Methods and systems for automating execution of a workflow by integrating security applications of a distributed system into the workflow are provided. In embodiments, a system includes an application server in a first cloud, configured to receive a trigger to execute the workflow. The workflow includes tasks to be executed in a device of a second cloud. The application server sends a request to process the task to a task queue module. The task queue module places the task request in a queue, and a worker hosted in the device of the second cloud retrieves the task request from the queue and processes the task request by invoking a plugin. The plugin interacts with a security application of the device of the second cloud to execute the task, which yields task results. The task results are provided to the application server, via the worker and the task queue module.

A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. Prior to initiating a network connection between the network appliance and the server, the network appliance accesses a server certificate issued by the server. In response to a determination, based on application of a policy to the server certificate, not to decrypt data transmitted between the client device and the server, the network appliance establishes only a single connection between the network appliance and the server. The network appliance transmits encrypted data between the client device and the server over the single connection.

A method comprising receiving, by a one-time pad (OTP) hub, from a first user of a computer network, a communication encrypted with an OTP associated with said first user, wherein said communication is intended for a second user; encrypting, by said hub, said communication with an OTP associated with said second user; decrypting, by said hub, said communication with an OTP associated with said first user; and delivering said communication to said second user.

Described embodiments provide systems and methods for establishing an end-to-end cryptographic context. A service node may be located intermediary between a client and server which provides a service to the client. At least one network device may be located intermediary between the service node and the server. The service node may obtain information for validating the service. The service node may establish an end-to-end cryptographic context between the service node and server through the network device(s). A first network device of the network device(s) may share a cryptographic context with the service node, which existed prior to establishment of the end-to-end cryptographic context. The service node may transmit a message to the network device encrypted using the first cryptographic context. The encrypted message may inform the first network device to pass through traffic that is encrypted using the end-to-end cryptographic context.