A Bluetooth device (702) is disclosed, the Bluetooth device being provisioned with a security credential (710) that is shared with an authentication server (706). The Bluetooth device comprises processing circuitry configured to use a Bluetooth pairing mechanism to establish a pairing with a Bluetooth gateway (704a-c) by establishing a shared secret key with the Bluetooth gateway and to perform an Extensible Authentication Protocol (EAP) authentication method towards the authentication server using the security credential, wherein performing the EAP authentication method comprises using the paired Bluetooth gateway to forward messages to and from the authentication server. The processing circuitry is further configured to bind the pairing established with the paired Bluetooth gateway to the performed EAP authentication method. Also disclosed are a Bluetooth gateway and methods performed by a Bluetooth device and a Bluetooth gateway.

The disclosure relates to a first apparatus comprising at least one processor and at least one memory including computer code for one or more programs, the at least one memory and the computer code configured, with the at least one processor, to cause the apparatus at least to: send (500), to a second apparatus, a request comprising information indicating a list of public land mobile network identifiers identifying a first public land mobile network supported by the first apparatus, and information to derive a second public land mobile network supported by the second apparatus; and receive (502), from the second apparatus, a response comprising information indicating a list of public land mobile network identifiers identifying the second public land mobile network supported by the second apparatus.

A method is disclosed including establishing a browser session in response to receiving a request from a browser application in a public network. The browser session is assigned to a dedicated network service running in a dedicated network name space. Requests received from the browser application are proxied to a dedicated network service. A local web session in the dedicated network service authenticates a user of the browser application for access to at least one private webservice. A security client in the dedicated network service establishes a networking tunnel between the proxy and a remote gateway to the private network, thereby obtaining network access to the private webservice from the dedicated network name space. Within the dedicated network name space, proxied requests addressing the private webservice are forwarded over the networking tunnel to the private network.

Automated processes, computing systems, computing devices and other aspects of a data processing system provide improved reliability in delivering digital media content over the Internet or a similar wide area network without sacrificing data security. Content is initially placed into a secure format (e.g., secure hypertext transport protocol (HTTPS) via transport control protocol (TCP) or the like). Prior to transmission on the network, the secure data packets are encapsulated within connectionless frames, such as user datagram protocol (UDP) frames. The client device that receives the encapsulated packets extracts the underlying secure content from the connectionless frames for further processing. The encapsulation into connectionless data frames permits client and server devices to establish effective streaming sessions while preserving the security of the underlying data.

Disclosed are embodiments for injecting sidecar proxy capabilities into non-sidecar applications, allowing such non-sidecar applications to communicate with a service mesh architecture. In an embodiment, a method comprises receiving a request to instantiate a proxy for a non-sidecar application at a service mesh gateway (SMG). The SMG then instantiates the proxy in response to the request and broadcasts network information of the non-sidecar application to a mesh controller deployed in a containerized environment. Finally, the SMG (via the proxy) transmits data over a control plane that is communicatively coupled to the mesh controller.

Methods in a cloud object store facilitate strong data encryption, customer-management of object (encryption) keys, reductions in latency, globally-distributed object storage, and handling of streamed uploads. A method for encrypting objects stored in a cloud includes encrypting each object with a unique encryption (object) key. The plaintext object keys are generated in advance of uploads. The plaintext object keys can be stored in an object database in the cloud. Alternatively, the plaintext object keys can be provided to a customer's HSM, encrypted, and returned to the cloud, such that encrypted object keys, encrypted by the customer, are stored in the cloud. The cloud can alternatively encrypt the customer's object keys with a master key for the customer, which is then encrypted by the customer's HSM before being stored in the cloud. Proxies are also deployed for efficiently communicating with customer security modules.

The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session.

Provided is an input/output system applied to a network security defense system. A structural encoding unit and an error correction decoding unit are divided. The structure encoding unit is divided into input branch module and an input proxy module; and the error correction decoding unit is divided into an output routing module, an output proxy module, an adjudication branch module, an adjudication proxy module and a voting module. The input branch module is used for duplicating and distributing messages, the arbitration branch module is used for duplicating and distributing data, the voting module is used for performing voting, and the output routing module is used for selecting an output result from processing results of the output proxy module according to a voting result of the voting module.

Predictive rendering (also referred to herein as speculative rendering) is disclosed. The predictive rendering is performed by an endpoint browser in response to a user input made by a user. The predictive rendering is verified using a surrogate browser that is executed on a remote server. The verification can be performed asynchronously.

There is disclosed in one example a gateway apparatus to operate on an intranet, including: a hardware platform; and an access proxy engine to operate on the hardware platform and configured to: intercept an incoming packet; determine that the incoming packet is an access request directed to an access interface of a resource of the intranet; present an access checkpoint interface; receive an authentication input response; validate the authentication input response; and provide a redirection to the access interface of the device.