Systems and methods include obtaining a plurality of parameters associated with a host; determining a fingerprint of the host utilizing the plurality of parameters; and providing the fingerprint to cloud service for enrollment and management of the host in the cloud service. The cloud service can include microsegmentation of the host. The cloud service can include any of Internet access for the host and private resource access by the host.

Systems and methods for device identification for management and policy in the cloud, using a combination of several hardware parameters and user's identification to generate a unique identifier for a user device and associated user. IOCTL and Assembly can be used to get the different hardware parameters. All the hardware parameters can then run through a process to generate a fixed size hardware fingerprint. A base64 encoding can be performed to convert it into a string, for consumption of database. The resultant identifier is unique and it is never stored on machine. The application can simply generate it whenever needed. The resultant identifier can used by a service provider to uniquely identify the device even when the device is moving hands or locations. The resultant identifier is never stored, so moving data from one device to another will not result in the same identifier for two devices.

Systems and methods for Transmission Control Protocol (TCP) acknowledgement (ACK) packet suppression are described. In various implementations, these systems and methods may be applicable to low-power communications. For example, a method may include receive an incoming TCP packet at a TCP layer implemented by the communication system; de-encapsulating the incoming TCP packet using a TCP protocol to identify an incoming Secure Sockets Layer (SSL) or Transport Layer Security (TLS) packet; passing the incoming SSL or TLS packet from the TCP layer to an SSL or TLS layer; and signaling, by the SSL or TLS layer to the TCP layer in response to the SSL or TLS layer having received the incoming SSL or TLS packet, that a TCP acknowledgement be suppressed by the TCP layer.

A system for batched User Datagram Protocol (UDP) processing, on a send operation, combines multiple UDP packets into a plurality of packet batches to indicate on a plurality of sockets based at least in part on a packet batch size. Each packet batch is to be indicated to a corresponding one of the plurality of sockets to convey the plurality of packet batches to a network stack. One call is performed for each indicated socket of the plurality of sockets based on the packet batch size to convey each packet batch to the network stack. The network stack performs a single look up operation and a single network security inspection operation once per packet batch. In response to performing the one call, the plurality of packet batches are then sent to a network adapter or an application. The system thereby operates more efficiently and/or is more scalable.

Described is an improved approach to ensure high availability for established sessions (e.g., application layer sessions) over network connections that negotiates and renegotiates encryption keys (e.g., TLS/SSL) at clean boundaries to ensure in-transit data are properly handled during migration of an application (e.g., a reverse proxy server instance). Connected TCP sessions may be handed off to another application (e.g., from existing proxy server to new/upgraded proxy server) and after establishing a new TLS session with a new encryption key, data transfer may be resumed between a client and a server using the new/upgraded application in a client-server architecture.

A system for providing a message-based protocol for multiplexing messages sent via a stream-based connection protocol is provided. A multiplexing system provides high-level sockets of the message-based protocol that interact with low-level sockets of a stream-based connection protocol. The multiplexing system executes in a privilege mode. To send a message, an application uses a high-level socket to provide a request to send the message using the multiplexing system. The multiplexing system selects an available low-level socket from a group of sockets and sends the message via that socket. The message is sent as an atomic operation. If, during the sending of the message, the application requests to send another message, the multiplexing system selects another available low-level socket of the group and sends the other message via the selected low-level socket.

Systems and methods include intercepting traffic on the user device; forwarding the traffic to a cloud-based system for security processing therein; and, responsive to unavailability of the cloud-based system preventing the forwarding, performing local security processing of the traffic at the user device including determining whether the traffic is allowed based on a cache at the user device, forwarding the traffic separate from the cloud-based system when it is allowed, and blocking the traffic when it is not allowed.

A medical device communication method that may be implemented within a variety of medical devices including but not limited to infusion pumps. The method may be implemented with a protocol stack for at least intra-device communication. Embodiments provide connection-oriented, connectionless-oriented, broadcast and multicast data exchange with priority handling of data, fragmentation, and reassembly of data, unique static and dynamic address assignment and hot swap capability for connected peripherals or subsystems.

A standard network protocol layer is integrated in a Web browser by compilation to Webassembly and use of a Websocket. A method for connecting a local client device to a remote computing resource, by establishing a computing session in accordance with a standard protocol includes: executing on the client device a Web browsing application; opening a first tunnel with a server GATEWAY; wherein the opening of the first tunnel between the client device and the GATEWAY commands the opening of a network connection with the remote resource. The Web application executed on the local client calculates data packets in accordance with a standard protocol (RDP or SSH for example) and commands the transmission of the data packets to the remote resource in the native format of said protocol, without transcoding or transformation other than the standard processing of websockets, by way of the server gateway (Proxy websocket) ensuring the transfer without modification of the packet received from the client device, to the remote server.

An electronic device according to various embodiments of the present invention can include a method comprising the steps of: identifying the state of a transport protocol; determining a communication state of the electronic device on the basis of the state of the transport protocol; and changing a network on the basis of the communication state. Other embodiments are also possible.