Provided are methods, apparatus, and system for policy based wide area network. A network of network appliances is configured with a policy configuration. Each network appliance is configured to validate each wide area network packet against the policy configuration. The validation can include verifying that the packets meet the SD-WAN network segment requirements and security rules including verifying that the source and destination address of the packet meet the firewall zone requirements. Each wide area network packet contains a policy header that is checked by the sending and receiving network appliance against the policy configuration.

A communication system according to an embodiment includes one or more hardware processors. The one or more hardware processors: transmit, to an external communication system, a cryptographic random number obtained by encrypting a random number; receive verification information for verifying the external communication system, the verification information being generated by the external communication system with the cryptographic random number and attribute information of the external communication system; and perform, by using a cryptographic key based on the random number, communication with the external communication system having been verified with the verification information.

Methods for a server include defining a starting element and an element step size. A pad mapping is applied to a data Random Cipher Pad (RCP) to obtain a Key RCP using each element of the data RCP once in a predetermined non-sequential order. The starting element and the element step size are combined with the data RCP. The data RCP is encrypted using the Key RCP to produce a subsequent data RCP. The subsequent data RCP is transmitted to another computer. Methods for clients include applying a pad mapping to a data RCP to obtain a Key RCP using each element of the data RCP once in a predetermined non-sequential order to develop the Key RCP. The Key RCP is encrypted using the data RCP to produce a subsequent Key RCP. A data structure is encrypted using the data RCP to produce an encrypted data structure.

Particular embodiments described herein provide for an electronic device that can be configured to intercept a process, store execution profiling for the process if the process involves a privileged resource or a privileged operation, and analyze the code involved in each stack frame to determine malicious activity. If the process does not involve a privileged resource or a privileged operation, then the process is not analyzed.

Implementations of the disclosure are directed to proving and creating on a distributed ledger a verifiable transaction record of a transaction between a user associated with user device and an agent associated with agent system, where the identities of the user and agent are hidden. Some implementations are directed to providing for hidden identity of claims where a distributed ledger identity of a user may be masked from an agent.

Networks and methods for use in authenticating messages are provided. One exemplary method generally includes receiving a message from a client, where the message includes a client certificate. The method also includes validating, by an application programming interface (API) gateway, a computing device based on a certificate identifying the computing device as a recognized computing device, and validating, by the API gateway, the client based on the client certificate via a global access manager, separate from the repository. The method further includes causing a security token indicative of the client to be generated, when the computing device and the client are validated, whereby the security token is indicative of the client and permits the message, from the client, to be delivered to one or more backend services.

Methods for a server include defining a starting element and an element step size. A pad mapping is applied to a data Random Cipher Pad (RCP) to obtain a Key RCP using each element of the Data RCP once in a predetermined non-sequential order. The starting element and the element step size are combined with the Data RCP. The Data RCP is encrypted using the Key RCP to produce a subsequent Data RCP. The subsequent Data RCP is transmitted to another computer. Methods for clients include applying a pad mapping to a Data RCP to obtain a Key RCP using each element of the Data RCP once in a predetermined non-sequential order to develop the Key RCP. The Key RCP is encrypted using the Data RCP to produce a subsequent Key RCP. A data structure is encrypted using the Data RCP to produce an encrypted data structure.

Methods for a server include defining a starting element and an element step size. A pad mapping is applied to a data Random Cipher Pad (RCP) to obtain a Key RCP using each element of the Data RCP once in a predetermined non-sequential order. The starting element and the element step size are combined with the Data RCP. The Data RCP is encrypted using the Key RCP to produce a subsequent Data RCP. The subsequent Data RCP is transmitted to another computer. Methods for clients include applying a pad mapping to a Data RCP to obtain a Key RCP using each element of the Data RCP once in a predetermined non-sequential order to develop the Key RCP. The Key RCP is encrypted using the Data RCP to produce a subsequent Key RCP. A data structure is encrypted using the Data RCP to produce an encrypted data structure.

A method, an apparatus, and a computer program product for symmetric stream encryption are provided. An encryption chain is obtained from a real random number generator (RRNG) and stored in memory. A vector key is identified based on numbers obtained from a fast, large period pseudo-random number generator. A set of encryption keys are identified from the encryption chain using the vector key. Strings of clear text are encrypted using the encryption keys.

A method for controlling access of a user to a secondary system. A primary system receives, from a user system connected to the secondary system, first authentication information comprising an encryption of a random string. The encryption of the random string is a user-specific key. Second authentication information is generated from protected secondary authentication data stored in the primary system. Generation of the second authentication information includes applying the user-specific key to the protected secondary authentication data to generate the second authentication information. The second authentication information is provided to the secondary system to enable access of the user to the secondary system.