A network device decrypts a record, received from a client device, that is associated with an encrypted session between the client device and an application platform. The network device incorporates decrypted record data, from the decrypted record, into a payload field of a transmission control protocol (TCP) packet to be transmitted to another device, identifies a record header in the record, and determines, based on the record header, a record type associated with the decrypted record. Based on the record type, the network device marks the one or more TCP packets as including urgent data by setting a TCP urgent control bit in a header of the one or more TCP packets, and sets a second field, in the header of the TCP packet, to a second value that identifies an end of the urgent data, which corresponds to an end of the decrypted record data in the payload field.

The disclosure is directed to providing content access control in information centric networking (ICN) networks. Methods and systems include hardware and/or software that perform operations for sending to a content provider of an ICN network an access request for content in response to receiving a first content request from a client. The operations also include receiving from the content provider access control information for the content. The operations further include sending to the client a challenge. Additionally, the operations include receiving from the client an authorization of the content provider that includes information obtained by the client from the content provider based on the challenge. Furthermore, the operations include verifying the authorization received from the client using the access control information received from the content provider. Moreover, the operations include sending to the client the content.

In an example, a security service providing system receives a service request for requesting security service for a target flow, determine a security device for providing security service for the target flow and first service configuration information and next-hop information of the security device according to security service information carried in the service request, and configure the first service configuration information and the next-hop information of the security device onto the security device, so that the security device provides security service to the target flow according to the first service configuration information and forwards the target flow according to the next-hop information

Web-filtering operations may be implemented on the user device, rather than on a centralized proxy server, to improve reliability, performance, and/or security of the web-filtering operations. Some or all of the necessary functions related to web-filtering may be performed on the end user device to remove the complexity and security issues inherent with the current methodology. One technique for allowing operation of proxy servers on user devices is to install smart agents on the user device. The smart agents, under control of a management server, may configure the proxy server, issue trust certificates to applications on the device, and/or provide proxy access configuration (PAC) files to applications on the device.

Systems, methods, and apparatus for a virtual transponder utilizing inband commanding are disclosed. In one or more embodiments, a disclosed method comprises receiving, by a payload antenna on a vehicle via a hosted receiving antenna, encrypted hosted commands transmitted from a hosted payload (HoP) operation center (HOC). The method further comprises receiving, by the vehicle, encrypted host commands transmitted from a host spacecraft operations center (SOC). Also, the method comprises reconfiguring a payload on the vehicle according to the unencrypted host commands and/or the unencrypted hosted commands. In addition, the method comprises transmitting, by the payload antenna, payload data to a host receiving antenna and/or the hosted receiving antenna. Additionally, the method comprises transmitting, by a host telemetry transmitter, the encrypted host telemetry to the host SOC. Further, the method comprises transmitting, by a hosted telemetry transmitter, the encrypted hosted telemetry to the HOC via the host SOC.

A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key.

A non-transitory computer readable medium comprising instructions stored thereon, the instructions effective to cause at least one processor to: establish trustworthiness of an application installed on a endpoint, the established trustworthiness is sufficient for an enterprise security infrastructure to treat the application installed on the endpoint and the endpoint as a trusted application and a trusted endpoint; negotiate with the trusted endpoint to determine a traffic inspection method for traffic flows originating at the trusted application that is destined for a service, the traffic inspection method is determined based on at least the trusted application, and the service; and instruct the trusted application of the determined traffic inspection method.

The disclosure provides an approach for cryptographic agility. Embodiments include establishing, by a proxy component associated with a cryptographic agility system, a first secure connection with an application. Embodiments include receiving, by the proxy component, via the first secure connection, a communication from the application directed to an endpoint. Embodiments include selecting, by the cryptographic agility system, a cryptographic technique based on contextual information related to the communication. Embodiments include establishing, by the proxy component, a second secure connection with the endpoint based on the cryptographic technique. Embodiments include transmitting, by the proxy component, a secure communication to the endpoint via the second secure connection based on the communication.

Some embodiments enable distributing data (e.g., recorded video, photographs, recorded audio, etc.) to a plurality of users in a manner which preserves the privacy of the respective users. Some embodiments leverage homomorphic encryption and proxy re-encryption techniques to manipulate the respective data so that selected portions of it are revealed according to an identity of the user currently accessing the respective data.

In one implementation, a method for providing end-to-end communication security for a controller area network (CANbus) in an automotive vehicle across which a plurality of electronic control units (ECU) communicate is described. Such an automotive vehicle can include, for example, a car or truck with multiple different ECUs that are each configured to control various aspects of the vehicle's operation, such as an infotainment system, a navigation system, various engine control systems, and/or others.