A computer system is provided. The computer system includes a memory and a processor. The processor is configured to scan user interface (UI) data representative of a plurality of UI controls; detect a portion of the UI data associated with private information, the portion corresponding to a UI control of the plurality of UI controls; record first session data comprising an obfuscated version of the UI control and unobfuscated versions of other UI controls of the plurality of UI controls; record second session data comprising an unobfuscated version of the UI control; encrypt the second session data to generate encrypted session data; and store the encrypted session data in association with the first session data.

A computer system is provided. The computer system includes a memory and a processor. The processor is configured to scan user interface (UI) data representative of a plurality of UI controls; detect a portion of the UI data associated with private information, the portion corresponding to a UI control of the plurality of UI controls; record first session data comprising an obfuscated version of the UI control and unobfuscated versions of other UI controls of the plurality of UI controls; record second session data comprising an unobfuscated version of the UI control; encrypt the second session data to generate encrypted session data; and store the encrypted session data in association with the first session data.

Disclosed is a 5.sup.th generation (5G) or pre-5G communication system for supporting a data transmission rate higher than that of a 4.sup.th generation (4G) communication system such as long term evolution (LTE). According to various embodiments of the disclosure, provided is a method for operating an access and mobility management function (AMF) in a wireless communication system, comprising the steps of: receiving, from user equipment (UE), a service request including a list of protocol data unit (PDU) sessions to be activated, or a message about a mobility registration update; checking, on the basis of UE context information about the UE, whether identifiers (IDs) of all of always-on PDU sessions are included in the list of PDU sessions to be activated; and, when an omitted always-on PDU session is checked from the list of the PDU sessions to be activated, transmitting, to a session management function (SMF), a Nsmf_PDUSession_UpdateSMContext request message for requesting user plane activation of the omitted always-on PDU session.

Disclosed is a 5.sup.th generation (5G) or pre-5G communication system for supporting a data transmission rate higher than that of a 4.sup.th generation (4G) communication system such as long term evolution (LTE). According to various embodiments of the disclosure, provided is a method for operating an access and mobility management function (AMF) in a wireless communication system, comprising the steps of: receiving, from user equipment (UE), a service request including a list of protocol data unit (PDU) sessions to be activated, or a message about a mobility registration update; checking, on the basis of UE context information about the UE, whether identifiers (IDs) of all of always-on PDU sessions are included in the list of PDU sessions to be activated; and, when an omitted always-on PDU session is checked from the list of the PDU sessions to be activated, transmitting, to a session management function (SMF), a Nsmf_PDUSession_UpdateSMContext request message for requesting user plane activation of the omitted always-on PDU session.

Example security systems for use between at least one upstream router and at least one downstream router, are described. A group or pool of security devices can be used to provide stateful security to bidirectional packet flows between upstream and downstream routers. The packets of the bidirectional flows are forwarded to particular security devices based on a consistent hash ring process. For a given flow, bidirectional state information is synchronized among some, but not all, of the security devices. The security devices among which such bidirectional flow state information is shared are determined using the same consistent hash ring process.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

A service provider network implements seamless scaling via proxy replay of session state. Upon a trigger, such as a determination to scale a server, a scaled server may be spun up and an identifier of the scaled server provided to a first (existing) server. The first server sends the identification of the second server, and session state information for each of the connections between the first server and the request router, to the request router. For each of the connections, the request router establishes a new connection between the request router and the second (scaled) server, and replays the session state information for the connection to the second server. The request router then routes traffic between each existing client connection (e.g., the same existing client connection which carried traffic delivered to the first server) and the corresponding new connection to the second server.

Techniques for recovering from session failures between clients and database servers are described herein. A session may be established between a client and a first database server to handle a database query for the client. A command of the session may be received by the first database server from the client. Data requested by the command may be retrieved. Prior to responding to the command, the data is spooled to a session state stored in a repository of the first database server, and the session state is replicated to one or more additional database servers. The session state stored in the repository of the first database server enables the first database server and client to recover from a failure of the session. The replicated session state enables the additional database server(s) to reestablish the session and respond to the command, instead of the first database server, if the session fails.

A network device may communicate with another network device via a media access control security (MACsec) key agreement (MKA) communication link, wherein an MKA session has been established between the network device and the other network device. The network device may determine that the other network device is unavailable. The network device may cause, based on determining that the other network device is unavailable, an MKA state of the network device to be placed in a paused state. The network device may receive, after causing the MKA state of the network device to be placed in the paused state, a packet from the other network device via the MKA communication link. The network device may determine, based on the packet, that the MKA session has not ended. The network device may continue, based on the MKA session having not ended, the MKA session by reactivating the MKA state.