Abstract: A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. Prior to initiating a network connection between the network appliance and the server, the network appliance accesses a server certificate issued by the server. In response to a determination, based on application of a policy to the server certificate, not to decrypt data transmitted between the client device and the server, the network appliance establishes only a single connection between the network appliance and the server. The network appliance transmits encrypted data between the client device and the server over the single connection.

Abstract: A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. The network appliance establishes, in response to the communication, a single connection between the network appliance and the server based on application of a policy that causes the network appliance to determine not to decrypt data transmitted between the client device and the server. The network appliance transmits encrypted data between the client device and the server over the single connection.

Abstract: Mitigating multiple authentications for a geo-distributed security service is disclosed. A request to access a web service from a client device is received. The request is redirected to a geo-distributed authentication service including a distributed cache for storing a user's authentication authorization. An authorization token included in a distributed authentication cache cookie and uniform resource locator (URL) for the web service to facilitate secure access to the web service from the client device are returned.

Abstract: A disclosed method performed by a network device can include intercepting cryptographic certificates of host servers received in response to requests for encrypted connections between host servers and user devices, and determining that each encrypted connection is a suspicious connection or a normal connection based on a certificate validation policy. The method can further include causing decryption or metadata analysis of any suspicious encrypted connection and bypassing decryption or metadata analysis of any normal encrypted connection.

Abstract: A network appliance stores a session identifier that uniquely identifies a network communication session between a first device and the network appliance. A first communication is received from the first device over the network communication session. The network appliance also receives from a proxy tool, a second communication that includes a header specifying the session identifier and that includes data generated by the proxy in response to the first communication. The network appliance associates the first communication with the second communication using the session identifier. An encrypted representation of the data generated by the proxy is transmitted to a second device based on the association between the first communication and the second communication.

Abstract: A network appliance receives a communication from a client device that includes a request to establish a network connection to a server. The network appliance establishes, in response to the communication, a single connection between the network appliance and the server based on application of a policy that causes the network appliance to determine not to decrypt data transmitted between the client device and the server. The network appliance transmits encrypted data between the client device and the server over the single connection.

Abstract: A network appliance stores a session identifier that uniquely identifies a network communication session between a first device and the network appliance. A first communication is received from the first device over the network communication session. The network appliance also receives from a proxy tool, a second communication that includes a header specifying the session identifier and that includes data generated by the proxy in response to the first communication. The network appliance associates the first communication with the second communication using the session identifier. An encrypted representation of the data generated by the proxy is transmitted to a second device based on the association between the first communication and the second communication.

Abstract: A handshake procedure to establish a first connection between a client and a server is monitored at an intermediate network device. A request message sent to the server from the client is received at the intermediate network device. The request message includes parameters defining a manner of receiving information from the server. The parameters defining the manner of receiving information from the server are modified to produce modified parameters. A redirect message is sent from the intermediate network device to the client to induce or cause the client to establish a second connection with the server based upon the modified parameters, wherein the redirect message contains the modified parameters.

Abstract: A handshake procedure to establish a first connection between a client and a server is monitored at an intermediate network device. A request message sent to the server from the client is received at the intermediate network device. The request message includes parameters defining a manner of receiving information from the server. The parameters defining the manner of receiving information from the server are modified to produce modified parameters. A redirect message is sent from the intermediate network device to the client to induce or cause the client to establish a second connection with the server based upon the modified parameters, wherein the redirect message contains the modified parameters.

Abstract: A handshake procedure to establish a first connection between a client and a server is monitored at an intermediate network device. A request message sent to the server from the client is received at the intermediate network device. The request message includes parameters defining a manner of receiving information from the server. The parameters defining the manner of receiving information from the server are modified to produce modified parameters. A redirect message is sent from the intermediate network device to the client to induce or cause the client to establish a second connection with the server based upon the modified parameters, wherein the redirect message contains the modified parameters.

Abstract: A disclosed method performed by a network device can include intercepting cryptographic certificates of host servers received in response to requests for encrypted connections between host servers and user devices, and determining that each encrypted connection is a suspicious connection or a normal connection based on a certificate validation policy. The method can further include causing decryption or metadata analysis of any suspicious encrypted connection and bypassing decryption or metadata analysis of any normal encrypted connection.

Abstract: A handshake procedure to establish a first connection between a client and a server is monitored at an intermediate network device. A request message sent to the server from the client is received at the intermediate network device. The request message includes parameters defining a manner of receiving information from the server. The parameters defining the manner of receiving information from the server are modified to produce modified parameters. A redirect message is sent from the intermediate network device to the client to induce or cause the client to establish a second connection with the server based upon the modified parameters, wherein the redirect message contains the modified parameters.

Abstract: Embodiments of the invention are directed to a method and system for conducting fund transfers between a plurality of payment devices using a reader device associated with a mobile device. The plurality of payment devices may be read by the reader device and payment data for the plurality of payment devices may be sent to a payment processing network to perform a funds transfer process. In other embodiments, a plurality of prepaid cards can be read by the reader device and prepaid card data for the plurality of prepaid cards may be sent to the payment processing network to perform a consolidation of the values of the plurality of prepaid cards.