Abstract: A method including receiving, at an infrastructure device from a first device in a mesh network, a request comprising an encrypted request meshnet packet that includes information requesting the infrastructure device to determine a communication parameter associated with the first device; configuring a transport layer included in a network stack associated with the infrastructure device to decrypt the encrypted request meshnet packet; configuring the transport layer to determine the communication parameter based at least in part on information included in the request; configuring the transport layer to determine a response comprising an encrypted response meshnet packet that includes identification information indicating the communication parameter; and transmitting, by the infrastructure device, the response to the first device is disclosed. Various other aspects are contemplated.

Abstract: A method including receiving, by a second user device, an authentication message indicating that the second user device is to authenticate a first user device with a service provider that provides a service to the first user device; determining, by the second user device, one or more authentication factors associated with authenticating the first user device with the service provider; encrypting, by the second user device, the one or more authentication factors based at least in part on utilizing an encryption key associated with a trusted device included in the first user device; and transmitting, by the second user device, one or more encrypted authentication factors to enable authentication of the first user device with the service provider is disclosed. Various other aspects are contemplated.

Abstract: A method including receiving, at an infrastructure device from a first device in a mesh network, a request requesting the infrastructure device to determine a communication parameter associated with communicating meshnet data with the first device; configuring an intermediate layer included in a network stack associated with the infrastructure device to determine the communication parameter based at least in part on information included in the request; and transmitting, by the infrastructure device, a response indicating the communication parameter to a second device in the mesh network is disclosed. Various other aspects are contemplated.

Abstract: A method including receiving, by an infrastructure device from a first user device, a request to provide a list of available user devices that are available for authenticating the first user device with a service provider; receiving, by the infrastructure device from the first user device, a selection message indicating a selection of a second user device for authenticating the first user device; transmitting, by the infrastructure device to the second user device based on receiving the selection message, an authentication message indicating that the second user device is to authenticate the first user device; receiving, by the infrastructure device from the second user device, one or more encrypted authentication factors associated with authenticating the first user device; and transmitting, by the infrastructure device to the first user device, the one or more encrypted factors associated with authenticating the first user device with the service provider is disclosed.

Abstract: A method including receiving, by a trusted device from a processor, a request to determine a master key to be utilized for encrypting a private key; determining, by the trusted device based at least in part on receiving the request, the master key and a unique identifier that identifies the master key; transmitting, by the trusted device to the processor, the unique identifier; receiving, by the trusted device from the processor, the unique identifier in association with the private key to indicate to the trusted device that the master key, which is identified by the unique identifier, is to be utilized to encrypt the private key; and transmitting, by the trusted device to the processor, an encrypted private key based at least in part on utilizing the master key to encrypt the private key is disclosed. Various other aspects are contemplated.

Abstract: A method including transmitting, by an infrastructure device, a current fingerprint associated with a first instance of a source application; receiving, by the infrastructure device, respective results associated with comparing the current fingerprint with respective verification fingerprints, which are associated with instances of the source application other than the first instance; determining, by the infrastructure device based at least in part on the respective results, a determination result indicating whether the first instance of the source application is to be utilized for transmitting a transmission packet; and transmitting, by the infrastructure device, the determination result to indicate whether the first instance of the source application is to be utilized for transmitting the transmission packet. Various other aspects are contemplated.

Abstract: Systems and methods for malware filtering are provided herein. In some embodiments, a system having one or more processors is configured to: retrieve a file downloaded to a user device; break the downloaded file into a plurality of chunks; scan the plurality of chunks to identify potentially malicious chunks; predict whether the downloaded file is malicious based on the scan of the plurality of chunks; and determine whether the downloaded file is malicious based on the prediction.

Abstract: A method in a virtual private network (VPN) environment, the method including determining, by a processor, first substitute domain information by utilizing a hashing function to hash a first time marker and a string of alphanumeric characters; determining, by the processor, second substitute domain information by utilizing the hashing function to hash a second time marker and the string of alphanumeric characters, the second time marker being different than the first time marker; and transmitting, by the processor, a connection request utilizing the second substitute domain information to reach a VPN service provider based at least in part on determining that the VPN service provider is unreachable via utilization of the first substitute domain information. Various other aspects are contemplated.

Abstract: A method including transmitting, by a transmitting device to a receiving device, a combination of messages including encrypted decoy messages and one or more encrypted content messages; determining, by the receiving device, a cryptographic decryption key based at least in part on unique seed information associated with the transmitting device and the receiving device; and determining, by the receiving device, that a message, included in the combination of messages, is a content message or that the message is a decoy message based at least in part on decrypting the message by utilizing the cryptographic decryption key. Various other aspects are contemplated.

Abstract: A method encrypting, by a user device based on utilizing a first cryptographic key, first factor authentication information that is associated with determining a first authentication factor; encrypting, by the user device, the first cryptographic key based on utilizing an assigned public key associated with the user device; encrypting, by the user device based on utilizing a first master key, an assigned private key associated with the user device; encrypting, by the user device based on utilizing a second cryptographic key, second factor authentication information that is associated with determining a second authentication factor; encrypting, by the user device, the second cryptographic key based on utilizing a second master key; and storing, by the user device, encrypted first factor authentication information and encrypted second factor authentication information in a memory associated with the user device is disclosed. Various other aspects are contemplated.

Abstract: A method including encrypting, by a processor associated with a user device, first factor authentication information associated with determining a first authentication factor; enabling, by the processor, encryption of second factor authentication associated with determining a second authentication factor; detecting, by the processor, an attempt by the user device to access a service to be provided by a service provider; determining, by the processor based at least in part on detecting the attempt, the first authentication factor based at least in part on decrypting the first factor authentication information; determining, by the processor, the second authentication factor based at least in part on enabling decryption of the second factor authentication information; and enabling, by the processor, authentication of the user device with the service provider based at least in part on utilizing the first authentication factor and the second authentication factor is disclosed.

Abstract: A method including receiving, by a first device from a second device in a mesh network, a first status message indicating that the second device is operating in the mesh network as an entry device with respect to the first device or that the first device is operating in the mesh network as an exit device with respect to the second device such that data communicated by the second device outside the mesh network is routed via the first device; and selecting, by the first device based at least in part on the first status message, a third device in the mesh network as an exit device with respect to the first device such that data communicated by the first device outside the mesh network is routed via the third device, the third device being different from the second device. Various other aspects are contemplated.

Abstract: A method including establishing, by a first device, a virtual private network (VPN) connection with a VPN server; establishing, by the first device during the established VPN connection, a meshnet connection with a second device in a mesh network; determining, by the first device, whether the second device is a destination associated with a transmission packet to be transmitted by the first device; and transmitting, by the processor, the transmission packet by utilizing the VPN connection or by utilizing the meshnet connection based at least in part on determining whether the second device is the destination associated with the transmission packet. Various other aspects are contemplated.

Abstract: An administrator creates an access policy for a network resource using an access server. The access policy may specify device characteristics that are needed to access the network resource. These characteristics may relate to the type of user device, the computing environment of the user device, installed applications and versions, installed certificates, and physical characteristics. The access policy for the network resource may be assigned to a user or to groups of users. Later, when the user attempts to access the network resource, an application installed on the user device provides a file containing the characteristics of the user device to the access server. The access server determines whether the characteristics of the file satisfies the access policy associated with the user and network resource, and if so permits access to the network resource. Else, access to the network resource is denied.

Abstract: A method including transmitting, based on verifying first biometric information, a first decryption request including an encrypted first cryptographic key in association with a first identifier to indicate that the encrypted first cryptographic key is to be decrypted by utilizing a first master key; decrypting, based on receiving a decrypted first cryptographic key, first factor authentication information to enable determination of a first factor; transmitting the first factor for authentication; transmitting, based on successful authentication of the first factor and on verifying second biometric information, a second decryption request including an encrypted second cryptographic key in association with a second identifier to indicate that the encrypted second cryptographic key is to be decrypted by utilizing a second master key; decrypting, based on receiving a decrypted second cryptographic key, second factor authentication information to enable determination of a second factor; and transmitting the second

Abstract: An administrator creates an access policy for a network resource using an access server. The access policy may specify device characteristics that are needed to access the network resource. These characteristics may relate to the type of user device, the computing environment of the user device, installed applications and versions, installed certificates, and physical characteristics. The access policy for the network resource may be assigned to a user or to groups of users. Later, when the user attempts to access the network resource, an application installed on the user device provides a file containing the characteristics of the user device to the access server. The access server determines whether the characteristics of the file satisfies the access policy associated with the user and network resource, and if so permits access to the network resource. Else, access to the network resource is denied.

Abstract: A method including transmitting, based on verifying first biometric information, a first decryption request including an encrypted first cryptographic key in association with a first identifier to indicate that the encrypted first cryptographic key is to be decrypted by utilizing a first master key; decrypting, based on receiving a decrypted first cryptographic key, first factor authentication information to enable determination of a first factor; transmitting the first factor for authentication; transmitting, based on successful authentication of the first factor and on verifying second biometric information, a second decryption request including an encrypted second cryptographic key in association with a second identifier to indicate that the encrypted second cryptographic key is to be decrypted by utilizing a second master key; decrypting, based on receiving a decrypted second cryptographic key, second factor authentication information to enable determination of a second factor; and transmitting the second

Abstract: A method including retrieving, by a device associated with a virtual private network (VPN) server from a read-only device, an initial operating system associated with the VPN server providing VPN services; transmitting, by the device based at least in part on executing the initial operating system, a first request to an infrastructure device for a VPN operating system to enable the VPN server to provide the VPN services; receiving, by the device from the infrastructure device based at least in part on transmitting the request, the VPN operating system; and executing, by the device, the VPN operating system to provide the VPN services is disclosed. Various other aspects are contemplated.

Abstract: A method including configuring, by an infrastructure device, a user device to encrypt authentication information associated with authenticating the user device with a service provider, the authentication information including first factor authentication information for determining a first factor and second factor authentication information for determining a second factor; configuring, by the infrastructure device, the user device to detect an attempt to access a service to be provided by the service provider; configuring, by the infrastructure device, the user device to determine, based on detecting the attempt, the first factor based on decrypting the first factor authentication information and the second factor based on decrypting the second factor authentication information; and configuring, by the infrastructure device, the user device to enable authentication of the user device with the service provider based on utilizing the first factor and the second factor. Various other aspects are contemplated.

Abstract: A method including transmitting, by a user device, a connection request to a VPN service provider for obtaining VPN services; receiving, by the user device, a response to the connection request, the response including a custom digest header containing identification information that identifies an existing association between the user device and the VPN service provider; determining, by the user device based at least in part on the identification information, that the response is received from the VPN service provider; authenticating, by the user device, the VPN service provider based at least in part on determining that the response is received from the VPN service provider; and transmitting, by the user device to a VPN server associated with the VPN service provider, a service request for obtaining the VPN services based at least in part on authenticating the VPN service provider is disclosed. Various other aspects are contemplated.