A key server network device may install, on the key server network device, a new decryption key based on a timer-based key rollover setting and may provide, to peer network devices, messages identifying the new decryption key. The key server network device may utilize an original encryption key, to encrypt traffic, until all of the peer network devices provide acknowledgements of installation of the new decryption key. The key server network device may be configured to utilize the original encryption key based on the timer-based key rollover setting. The key server network device may generate an alarm. The alarm may include information indicating that the key server network device is waiting for the acknowledgements from one or more peer network devices and information identifying the one or more peer network devices.

The disclosure provides an approach for cryptographic agility. Embodiments include establishing, by a proxy component associated with a cryptographic agility system, a first secure connection with an application. Embodiments include receiving, by the proxy component, via the first secure connection, a communication from the application directed to an endpoint. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique based on contextual information related to the communication. Embodiments include establishing, by the proxy component, a second secure connection with the endpoint based on the cryptographic technique. Embodiments include transmitting, by the proxy component, a secure communication to the endpoint via the second secure connection based on the communication.

A technique and system protects documents at rest and in motion using declarative policies and encryption. Encryption in the system is provided transparently and can work in conjunction with policy enforcers installed at a system. A system can protect information or documents from: (i) insider theft; (ii) ensure confidentiality; and (iii) prevent data loss, while enabling collaboration both inside and outside of a company.

A system and method for secure cloud computing. The cloud based processing system comprises a user interface, allowing a user to enter and edit data, a proxy server, and a cloud based processing server. The user interface sends data entered by a user to the proxy server, which sends the encrypted data to the cloud based processing server. The proxy server receives editing commands from the user interface, and sends those commands to the cloud based processing server along with the encrypted data. The cloud based processing server receives the encrypted data and editing commands, applies the editing commands to the encrypted data, and sends the edited encrypted data back to the proxy server.

Managing the loading of third-party tools on a website is described. Configuration is received for loading the third-party tools. An intermediary server receives a request for a page that is hosted at an origin server. The intermediary server retrieves the page and modifies the page including automatically including a third-party tool manager to the retrieved page. The third-party tool manager includes a set of one or more client-side scripts that, when executed by the client network application, collects and transmits information to the intermediary server for loading the third-party tools. The intermediary server loads the third-party tools based on the received information and the configuration. The intermediary server causes event data to be transmitted to third-party tool servers that correspond with the third-party tools.

A network device may receive, from an application on a user device, a first network packet associated with a packet flow. The network device may identify an application identifier of the first network packet, wherein the application identifier identifies the application on the user device. The network device may select, based on the application identifier, a security protocol, wherein the security protocol is associated with at least one of an authentication header (AH) or an encryption algorithm. The network device may selectively apply, to a second network packet associated with the packet flow, at least one of the AH or the encryption algorithm, associated with the security protocol, to generate a protected network packet. The network device may transmit the protected network packet.

A method, computer program product, and computer system for receiving, by a computing device, a plurality of file segments of a file, the plurality of file segments being received individually by the computing device. A first file segment of the file may be scanned to identify the presence of malware within the file segment. The first file segment of the file may be encrypted to create an encrypted file segment in response to identification by the scan of the first file segment that malware is absent from the first file segment. The encrypted file segment of the file may be sent to another computing device before a second file segment of the file is received by the computing device.

Delegating issuance capability to a third-party of fungible digital assets involves a central (e.g., central bank) processor receiving a request to issue fungible digital assets from a third-party node; verifying the request; validating request to issue fungible digital assets from the third-party; approving or rejecting the request; if the request to issue fungible digital assets is approved, creating an issuance authorization message; executing a smart contract clause to add an entity of the third-party node to a list of authorized entities; publishing the issuance authorization message on a blockchain indicating that a third-party node has been added to the list of authorized entities; and publishing a revocation message on the blockchain revoking an authorization granted to the third-party node to issue digital assets.

Described herein are systems, methods, and software to manage replay windows in multipath connections between gateways. In one implementation, a first gateway may receive a packet directed toward a second gateway and identify a path from a plurality of paths to the second gateway. Once identified, the first gateway may increment a sequence number associated with the path and encapsulate the packet with a unique identifier for the path in the header with the incremented sequence number. The first gateway the communicates the encapsulated packet to the second gateway.

Provided herein are systems and methods for sanitizing logged data packets in a distributed system prior to storing them in a remote or third-party data server. Interactions with an application are monitored and values in a data packet are extracted from the interaction. The values are classified based on a classification configuration and respective labels of the values. The values are then sanitized based on the classification to prevent exposure of secure or private data. The sanitized data packets are then logged into the remote data server. The logged data can be used to help resolve events occurring in the application. The classification configuration can be iteratively updated and the interactions repeated to capture data that was previously sanitized to aid in resolution of events. The logged data can also be used in research or analysis, such as for identifying potential improvements to the application.