Technologies for securely providing one or more remote accelerators hosted on edge resources to a client compute device includes a device that further includes an accelerator and one or more processors. The one or more processors are to determine whether to enable acceleration of an encrypted workload, receive, via an edge network, encrypted data from a client compute device, and transfer the encrypted data to the accelerator without exposing content of the encrypted data to the one or more processors. The accelerator is to receive, in response to a determination to enable the acceleration of the encrypted workload, an accelerator key from a secure server via a secured channel, and process, in response to a transfer of the encrypted data from the one or more processors, the encrypted data using the accelerator key.

A system and computer-implemented method for routing an encrypted packet through a cloud enforcement network based on a metadata tag. The cloud enforcement network applies policy and routing attributions or tags outside of the encrypted packet payload in such a way as to not require an inner packet to first be decrypted. Traffic prioritization, data protection, and per application policies are achieved by using such metadata tags for internode routing without the need for DPI or decryption. Furthermore, the metadata itself can also be signed or encrypted depending on the provenance of the data. As such, applying meta-tagging external to an encrypted packet, the payload would not be needed to be decrypted during transit of the packet to express end-to-end policy and routing decisions.

A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

Systems and methods for integrated communication security are described. One aspect includes a clock generator configured to generate a clock signal at a first frequency, and a circuit utilizing the clock signal. The circuit may include a port configured to receive an encryption sequence at the first frequency, and a first unidirectional data path between the port and a memory configured to permit data transfer from the port to the memory. The memory may be configured to access the encryption sequence from the port via the first unidirectional data path and store the data. The circuit may further include a clock divider configured to divide the first frequency by a divisor deriving another clock signal at a second frequency, and an encryption/decryption module configured to read a portion of the encryption sequence from the memory, process input using the portion of the encryption sequence, and generate output responsive to the processing.

A method executed by a dynamic session key acquisition (DSKA) engine residing in a virtual environment includes receiving session decryption information extraction instructions that configure the DSKA engine to obtain session decryption information for at least one communication session involving a virtual machine and obtaining the session decryption information from the virtual machine in accordance with the session decryption information extraction instructions. The session decryption information includes cryptographic keys utilized by an application server instance in the virtual machine to establish the at least one communication session. The session decryption information obtained from the virtual machine is stored and provided to a network traffic monitoring (NTM) agent. The NTM agent utilizes the session decryption information to decrypt copies of encrypted network traffic flows belonging to the at least one communication session involving the virtual machine.

An information processing system includes a first device and a second device. The first device generates first encrypted data by applying a first encryption with respect to the original data stored in a shared storage area, and causing the first encrypted data to be stored in the shared storage area. The second device generates second encrypted data by applying a second encryption with respect to the first encrypted data stored in the shared storage area, and causes the second encrypted data to be stored in the shared storage area. The first device deletes the original data and the first encrypted data from the shared storage area.

Embodiments of the present disclosure provide a method, an electronic device, and a program product implemented at an edge switch for data encryption. For example, the present disclosure provides a data encryption method implemented at an edge switch. The method may include receiving encryption and decryption information for an encryption operation or a decryption operation from a source device. In addition, the method may include encrypting a data packet received from the source device based on encryption information in the encryption and decryption information to generate an encrypted data packet. The method may further include sending the encrypted data packet to a target device indicated by the data packet. The embodiments of the present disclosure can reduce the computing loads of Internet of Things (IoT) devices, clouds, and servers while ensuring encryption performance, and can also reduce the time delay caused by encryption and decryption operations.

Automated processes, computing systems, computing devices and other aspects of a data processing system provide improved reliability in delivering digital media content over the Internet or a similar wide area network without sacrificing data security. Content is initially placed into a secure format (e.g., secure hypertext transport protocol (HTTPS) via transport control protocol (TCP) or the like). Prior to transmission on the network, the secure data packets are encapsulated within connectionless frames, such as user datagram protocol (UDP) frames. The client device that receives the encapsulated packets extracts the underlying secure content from the connectionless frames for further processing. The encapsulation into connectionless data frames permits client and server devices to establish effective streaming sessions while preserving the security of the underlying data.

The embodiments of the present invention are directed to various implementations of a system and/or method for protecting the confidential information that may exist within the contents of electronic communication, such an email or attachment to the e-mail. A system administrator of a secured application according to the embodiments of the present invention can configure various criteria, or combinations of criteria, for triggering the application of one or more e-mail protection functions (EPFs) to be applied to the communication before it is sent; the EPFs may include the encryption of the e-mail or attachment, storing of the e-mail or attachment on a secured server, or otherwise restrict access to the communication by unauthorized recipients.

The present disclosure provides technical solutions related to distributed IPSec gateway. A control plane and a data plane of the IPSec gateway are divided, a plurality of gateway processing nodes may be run in the data plane to process data packets of incoming ESP/AH traffic and/or data packets of outgoing IP traffic. IKE information interaction may be handled in the control plane and the traffic may be steered on each gateway processing node in the data plane.