Technologies for performing secure session establishment in remote desktop infrastructure environments are disclosed. A remote desktop client application obtains client candidate network addresses using the Interactivity Connectivity Establishment (“ICE”) protocol and provides the client candidate network addresses to an instance of a remote desktop server application. The instance of the remote desktop server application obtains server candidate network addresses also using the ICE protocol and provides the server candidate network addresses to the remote desktop client application. The remote desktop client application and remote desktop server application evaluate the client network addresses and select a pair of network addresses for establishing a remote desktop networking session using the ICE protocol. The remote desktop client application and remote desktop server establish the network session using a remote desktop protocol over User Datagram Protocol (“UDP”). Additional remote desktop transport channels can be established in a similar fashion.

It is often necessary to securely transfer data, such as authenticators or authorization tokens, between programs running on the same end-user device. The teachings hereof enable the pairing of two programs executing on a given end-user device and then the transfer of data from one program to the other. In an embodiment, a first program connects to a server and sends encrypted data elements. A second program intercepts the connection and/or the encrypted data elements. The second program tunnels the encrypted data elements (which remain opaque to the second program at this point) to a server, using an encapsulating protocol. This enables the server to receive the data elements sent by the first program, decrypt them, and provide them to the second program via return message using control fields of the encapsulating protocol. Once set up, the tunneling arrangement enables bidirectional data transfer.

The disclosure provides a method for testing a network device and an electronic device. The method includes: simulating at least one virtual client, and generating by the virtual client a second request message to be sent based on an existing first request message; sending the second request message to the network device, so that the network device sends the second request message to a simulated virtual server for processing; and receiving a response message for the second request message sent by the network device, in which the response message is sent by the virtual server to the network device.

Layer 7 protocol (non-HTTP) client applications are executed in the browser. The non-HTTP layer 7 protocol client application connects to a compute server that proxies layer 4 packets to the origin network that has the non-HTTP layer 7 protocol service. As an example, an SSH client (a non-HTTP layer 7 protocol) can execute in the browser and the TCP packets (layer 4 packets) are proxied by a compute server to the origin network that has the appropriate SSH server. The non-HTTP layer 7 protocol client application allows users to run commands or otherwise interact with the client as if they were using a native application (one that is not executed within the browser) without any client-side configuration or agent.

An IPsec tunnel request for establishing an IPsec tunnel from a customer router to an anycast IP address of a distributed cloud computing network is received. The same anycast IP address is shared among compute servers of the distributed cloud computing network. A handshake is performed with the customer router from a first compute server including generating security associations for encrypting and decrypting IPsec traffic. The security associations are propagated to each compute server and are used for encrypting and decrypting traffic.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method including receiving, at an infrastructure device from a first device in a mesh network, a request to determine a communication parameter associated with communicating meshnet data with the first device; configuring a transport layer included in a network stack associated with the infrastructure device to determine the communication parameter and to transmit identification information indicating the communication parameter to an application layer included in the network stack; configuring the application layer to determine a response including the identification information; and transmitting, by the infrastructure device, the response to the first device. Various other aspects are contemplated.

A medical device communication method that may be implemented within a variety of medical devices including but not limited to infusion pumps. The method may be implemented with a protocol stack for at least intra-device communication. Embodiments provide connection-oriented, connectionless-oriented, broadcast and multicast data exchange with priority handling of data, fragmentation, and reassembly of data, unique static and dynamic address assignment and hot swap capability for connected peripherals or subsystems.

Technologies for secure I/O include a compute device, which further includes a processor, a memory, a trusted execution environment (TEE), one or more input/output (I/O) devices, and an I/O subsystem. The I/O subsystem includes a device memory access table (DMAT) programmed by the TEE to establish bindings between the TEE and one or more I/O devices that the TEE trusts and a memory ownership table (MOT) programmed by the TEE when a memory page is allocated to the TEE.

A system and method for distributed settlement of a transaction among a plurality of participants without smart contracts is disclosed. The method utilizes a system that includes: a plurality of blockchains each having a plurality of nodes; and a coordinator for transferring messages between the nodes and maintaining status values so that all operations of the transaction are either committed or rolled back. The method includes: receiving a request for the transaction generated from one of the participants; posting the transaction request on a billboard; reading the transaction request by the nodes from the billboard; synchronizing among the participants; receiving transaction votes from the participants to either commit or roll back the request; and executing the transaction based on the transaction votes by either committing transaction or rolling back the request.