A method including receiving, at a first VPN server during an established VPN connection, a first data request and a second data request from a user device; transmitting, by the first VPN server during the established VPN connection, the first data request to a second VPN server and the second data request to a third VPN server; receiving, by the first VPN server from the second VPN server during the established VPN connection, first data associated with the first data request; and receiving, by the first VPN server from the third VPN server during the established VPN connection, second data associated with the second data request, the second exit IP address being different from the first exit IP address. Various other aspects are contemplated.

An example system includes a processor to receive a graph-based masking policy and a composite payload containing a data object to be masked. The processor is to instantiate a masking engine based on the graph-based masking policy. The processor is to execute the masking engine on the composite payload to generate a masked payload comprising a masked data object. The data object to be masked is masked in place such that the resulting composite payload type is maintained. The processor is to output the masked payload.

A technique for hiding topological information in a message that leaves a trusted network-domain is presented. The message pertains to a subscriber session and comprises a Fully Qualified Domain Name (FQDN) of a message originator. The originator is located in a first network domain, and the message is directed towards a destination in a second network domain. A method aspect comprises the steps of receiving the message, determining the FQDN comprised in the message and determining an identifier associated with the message. The identifier comprises at least one of a subscriber identifier, a session identifier and a destination identifier. Further, the method comprises applying a cryptographic operation on the FQDN and the identifier, or on information derived therefrom, to generate a cryptographic value. The message is then processed by substituting at least a portion of the FQDN with the cryptographic value prior to forwarding the message towards the second network domain.

A system for collecting and managing vehicle-generated data from multiple vehicles are provided. The vehicle-generated data is pseudonymized by pseudonymized identifiers, and the pseudonymized vehicle-generated data is collected and managed by a neutral data server operated by an operator who is independent of vehicle manufacturers. Vehicle manufacturers can reestablish the link of the pseudonymized event data with the vehicle that had generated the event data and the vehicle driver.

Disclosed herein is a computer-implemented method of managing sensitive information and the communication thereof. The method comprising: receiving, by a first server from a second server, first sensitive information relating to a user having an account with the second server; receiving, by the first server from a user device, second sensitive information via a data entry page hosted by the first server, wherein the data entry page is configured to receive second sensitive data associated with the user and the second sensitive information is different to the first sensitive information; and associating, by the first server, the first sensitive information with the second sensitive information. The first server and the second server communicate via a first communication channel and the first server and the user device communicate via a second, different communication channel.

The disclosure is directed towards controlling the persistency of information provided to a service worker. A method includes receiving a response that includes response data. The response is received at a security service and was transmitted by a second computing device in response to receiving an information request from a first computing device. The first computing device implements a service worker. Sensitive data included in the response data is identified. The response includes caching instructions that instruct the service worker to cache the sensitive data at the first computing device. In response to identifying the sensitive data, the caching instructions are updated such that any portion of the response data that the updated caching instructions instruct the service worker to cache at the first computing device excludes the sensitive data. The updated response is transmitted to the first computing device and includes the response data and the updated caching instructions.

Embodiments relate to computer systems designed to support and enable a dual obfuscated virtual private network (VPN). A plurality of servers is configured with hardware elements in a hardware layer, and an operatively coupled operating system layer with a first virtual private server (VPS) operatively coupled to a second VPS. The first VPS is configured to generate an OpenVPN certificate and the second VPS is configured to generate a WireGuard certificate. Communication tunnels encrypted with a combination of OpenVPN and WireGuard are created to establish the dual obfuscated VPN.

Described embodiments provide systems and methods for preventing unauthorized access of information from a resource. A device intermediary between a client and a server in a session can receive a first request from the client that includes a first uniform resource locator (URL) of the server. The device may receive a response from the server that includes a second URL. The device may update the response by including a client identifier for the session in a set-cookie field, obfuscating the second URL into a string, and replacing the second URL in the response with the string. The device may receive a second request that includes a candidate client identifier, and a third URL. The device may determine whether the second request is valid, by at least one of: matching the candidate client identifier with the client identifier, and determining whether the second URL is recoverable using the third URL.

The invention allows an invited recipient to enter a security-protected system such as a website without traditional authentication by providing the security-protected system with a pre-arranged host-initiated authentication on behalf of the recipient. An invite message advises the recipient of the invited action, which may be as simple as entering the system or performing a task within the system. The recipient accepts the invitation by affirmatively responding to the invite message which includes the unique code to identify the recipient. Upon receipt of the affirmative response with the unique code from the recipient, the system platform executes algorithms which assess the risk of completing the action with the invited recipient, and if appropriate, provides the authentication to the security-protected system which will allow the recipient to take the invited action without providing additional authentication, such as a password.

Techniques for content inspection in a communication network, including detecting a packet in transit between a first and second endpoint, determining that content of the packet fails a content check, modifying a payload containing the content, adjusting a sequence number to account for the modification, and injecting a response message into a corresponding stream in an opposite direction. The response message may contain information relating to a reason for the rejection.