Abstract: Systems and methods are described wherein sensor devices for gathering sensor data are in communication with a sensor processing application enabled to receive sensor data and to perform a function such as storing, processing, and redistributing sensor data or processed sensor data. A communication network to which the sensor devices are connected comprises a publish-subscribe broker network including a broker adapted to provide publish-subscribe broker services for entities including the sensor devices and the sensor processing application. A key management application distributes keys to entities that are authorized to send or receive on channels established within the broker network. An authorized subscriber entity connected to the broker network via a broker is enabled to receive data on a specific identified channel by subscribing to the channel and receive published data on the channel published by an authorized publisher entity.

Abstract: Analyzing a set of policies. A goal comprising a particular outcome is received. An analysis object comprising a data structure maintaining information needed to perform an analysis of the goal is defined. The analysis object is configured to limit a number of calculations needed to achieve the goal. Each member of a set of expressions found in the set of policies has an output. The output is the same for each expression. One of the set of expressions is solved. The solved output is cached in the analysis object such that the solved output is associated with each member of the set of expressions. The analysis object is processed to create a set of values that achieves the goal. Processing includes referencing the cache to retrieve the solved output each time a member of the set of expressions is to be solved during processing of the analysis object.

Abstract: The present application relates to the field of communications technologies, and provides a service transmission method, a device, and a system, to resolve a problem that a service of user equipment is interrupted when a user plane network element is faulty. The method includes: obtaining, by a resource management node, an IP address pool; dividing the IP address pool into at least one IP address segment, and determining at least one tunnel endpoint identifier index based on the at least one IP address segment; and allocating the at least one IP address segment and the at least one tunnel endpoint identifier index to at least one user plane network element.

Abstract: Systems, methods, and apparatuses enable deploying and executing a security policy on endpoints in a network. In an embodiment, a security orchestrator determines a set of endpoints in a network and determines transformed endpoints from the determined set of endpoints through an endpoint transformation process. The security orchestrator determines a connectivity vector for at least a first transformed endpoint and a second transformed endpoint, where the connectivity vector includes properties associated with the corresponding transformed endpoint. Using the properties from the connectivity vector of the first transformed endpoint, a security policy is generated and deployed to the first transformed endpoint. Based on a comparison of the connectivity vectors of the first and second transformed endpoints indicating a similarity between the first and second transformed endpoints, the security policy is further deployed to the second transformed endpoint.

Abstract: A proxy server in a cloud-based proxy service receives a secure session request from a client device as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.

Abstract: In one embodiment, a method includes partitioning a block of Internet protocol (IP) addresses into one or more sets of IP addresses. The IP addresses of each set of IP addresses are continuously sequential and corresponds to a geographically-distributed Internet point of presence (PoP). Each of the IP addresses in the block corresponds to one of a number of global services. Each PoP supports one or more of the global services. The method also includes assigning a respective one of the sets of IP addresses to each PoP. A prefix of each set of IP addresses is fixed for each set of IP addresses. The method also includes partitioning each set of IP addresses into a number of subsets of IP addresses. One or more of the subsets of IP addresses each corresponds to a respective global service.

Abstract: A management system includes: a first information-processing apparatus connected with the Internet; and a second information-processing apparatus connected with a local network connected to the Internet via a firewall. The first information-processing apparatus transmits communication information and an installer to a request source that has transmitted an installer request. After the mediation program is installed on the second information-processing apparatus, a specific communication mode in which the firewall allows transmission of a specific command from the first information-processing apparatus to the second information-processing apparatus is started using the communication information. The specific command includes a specific instruction for a device connected with the second information-processing apparatus via the local network. The specific command is generated independently of requests that the second information-processing apparatus transmits.

Abstract: The present application is directed to a distributed system that provides multi-cloud aggregation and that includes a cloud-connector server, cloud-connector nodes, and one or more service-provider nodes that cooperate to provide services that are distributed across multiple clouds. A service-provider node obtains tenant-associated information from a virtual data center in which the service-provider node is installed and provides the tenant-associated information to the cloud-connector server.

Abstract: One or more VPN tunnels are established in a site-to-site configuration. A VPN transition subnet is defined and associated with each VPN tunnel. Once the VPN tunnel(s) and the LAN(s) have been configured, a per-application VPN policy can be specified for any applications that require site-to-site VPN access. Whenever a new application is launched, a container is created for executing the VM. The VPN management system reads the VPN policy to determine whether the application is permitted to access any VPN tunnels. If the application is permitted to access a VPN tunnel, a vNIC is generated on the VM for the container of the application and/or a new IP address on the vNIC is assigned to the container. The new IP address and/or the new vNIC are then added to the VPN transition subnet associated with the VPN tunnel to enable the application to access the VPN tunnel.

Abstract: A technology is described for a virtual secure region. An example method may include receiving a request for data stored in a secure computing service environment executing on computing resources used to provide a public computing service environment, where the secure computing service environment may be separated from the public computing environment using encryption. In response to the request, a secure region account that corresponds to a public region account may be identified using a translation table that maps the secure region account to the public region account. A storage location for the data may be identified within the secure computing service environment specified by the secure region account, and the data may be obtained from the storage location within the secure computing service environment. The data may then be transferred to the public computing service environment.

Abstract: Content delivery systems and methods are provided. A center node may determine a service domain name to be processed. The center node may obtain configuration parameters corresponding to the service domain name. The center node may generate configuration items based on the obtained configuration parameters. The configuration items may cause a plurality of edge nodes to deploy Hypertext Transfer Protocol Secure (HTTPS) security acceleration for the service domain name. The center node may send, to the edge nodes in the CDN, the configuration items that are based on the corresponding configuration parameters. The configuration item may include comprise a digital certificate providing mode and a back-to-source mode of an origin site. A first configuration parameter may correspond to the digital certificate providing and a second configuration parameter may correspond to a back-to-source mode of the origin site.

Abstract: Biometric authentication, decentralized learning frameworks, and adaptive security protocols and services for a distributed operator terminals network are described. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals. Security scores may be determined by a vendor, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The vendor may use the security scores to determine user privileges or permissions for the operations. The vendor may deliver instructions or messages to the terminals based on the determinations.

Abstract: Generally described, one or more aspects of the present application correspond to techniques for modifying volume encryption status, either by creating an encrypted copy of an unencrypted source volume or by re-encrypting the replica with a different key than the source volume. This can be accomplished using an intermediary transform fleet that stores the encryption key(s) and performs encryption (and decryption, in cases where the source is encrypted). Further, these techniques can implement a state refresh for any client attached to the volume in order to equip the client to handle the different encryption state of the encrypted volume.

Abstract: Described systems and methods allow a selective collection of computer security data from client devices such as personal computers, smartphones, and Internet of Things (IoT) devices. A security application executing on each client device comprises a domain name service (DNS) proxy that tags outgoing DNS messages with a client ID. The DNS server selects a client for to data collection by returning a DNS reply comprising a service activation flag. Some embodiments thus enable a per-DNS-message selectivity of data collection. In some embodiments, subsequent network access requests by the selected clients are re-routed to a security server for analysis.

Abstract: Aspects of the subject disclosure may include, for example, exchanging messages between a back-end-as-a-service network element and a mobile core network processor to obtain a message exchange responsive to a request for providing a mobile device with access to a back-end service of a remote system without requiring a back-end client resident at the mobile device. The messages are exchanged according to protocols operating at layers below layer five of Open Systems Interconnection (OSI) seven-layer model. Responsive to the message exchange, delivery is facilitated of the back-end service of the remote system to the mobile device. Other embodiments are disclosed.

Abstract: Systems and methods for secure communications over broadband datalinks are provided. In certain implementations, a system for providing secure communications through a communication link includes a first communication unit that includes a processing unit that is configured to execute code that causes the first communication unit to verify messages with a firewall as they are received by the first communication unit; remove encapsulation data that encapsulates a message received from a second communication unit; check a digital signature appended to the message received from a second communication unit through a non-secure communication link; perform an integrity check on the message; and when the message is verified through the digital signature and the integrity check, process the message; wherein removal of the encapsulation data and implementation of the firewall is in a first partition and performance of the integrity check and verification of the digital signature is in a second partition.

Abstract: Embodiments of the specification provide a URL abnormal field location method. One exemplary method comprising: obtaining a plurality of URL samples comprising a plurality of abnormal URL samples and a plurality of normal URL samples; for each of the plurality of URL samples, obtaining a plurality of feature vectors representing the plurality of fields of the URL sample; assigning a plurality of training labels to the plurality of feature vectors of each of the plurality of URL samples; obtaining, based on a classifier, a plurality of predicted labels for the plurality of feature vectors of each of the plurality of URL samples; updating the plurality of training labels based on the plurality of predicted labels; training the classifier with the plurality of updated training labels; and deploying the trained classifier to identify an abnormal field in a URL.

Abstract: The embodiments herein relate to an IoT device, a method performed in the IoT device, a network device and a method performed in the network device for securing communication of the IoT device roaming from a home network to a visited network. The method comprising: receiving a request from the IoT device to set up a VPN tunnel; acknowledging the setting up of the VPN tunnel, and routing data received from the IoT device destined for an IoT service provider via the VPN tunnel. This way the encryption/decryption processes are handled by the visited network.

Abstract: The present application is directed a computer-implemented method for enhancing security and preventing cyber-attacks on a network. The method includes a step of receiving, from a user equipment on the network, information including a source IP address and a destination IP address. The method also includes a step of selecting a first VPN server from a VPN service provider based upon a traffic-type of the user equipment. The method also includes a step of creating, via a graphical user interface, a policy to prevent cyber-attacks such that traffic associated with the information of the user equipment is routed to the first VPN server. The method further includes a step of sending the traffic of the user equipment to the VPN server. The method even further includes a step of provisioning the first VPN server to last a predetermined amount of time base on the created policy.

Abstract: A processor core that includes a token generator circuit is to execute a first instruction in response to initialization of a software program that requests access to protected data output by a cryptographic operation. To execute the first instruction, the processor core is to: retrieve a key that is to be used by the cryptographic operation; trigger the token generator circuit to generate an authorization token; cryptographically encode the key and the authorization token within a key handle; store the key handle in memory; and embed the authorization token within a cryptographic instruction that is to perform the cryptographic operation. The cryptographic instruction may be associated with a first logical compartment of the software program that is authorized access to the protected data.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract: Provided is a remote operation system for surveying instruments, capable of making surveying instruments execute a necessary operation even when communication with a management server fails.

Abstract: The disclosure relates generally to methods, systems, and apparatuses for managing network connections. A method may include identifying a first state of a first endpoint connection of a first networked machine and a second state of a second endpoint connection of a second network machine, and confirming the first state and the second state based on expected states for the first networked machine and the second network machine, wherein the expected states comprise a list of expected connections.

Abstract: Techniques applicable to a network orchestration and security platform for a network, such as an industrial control system (ICS) network, are disclosed. Such techniques include, for example, methods to characterize and classify networked industrial devices based upon conversation patterns, generate security zones for ICS networked assets based upon conversation characteristics and patterns, to identify and record ICS networked devices in a non-intrusive way, to create secure conduits between security zones for ICS networked devices with no impact to endpoint hose devices, and systems therefor.

Abstract: A method is provided for establishing a communication session in a communications system. The method includes providing a handshake layer functional block in a first communication peer, and providing a data communication layer functional block separate from the handshake layer functional block in the first communication peer. Functionality of the data communication layer is not duplicated in the handshake layer. If the data communication layer is unable to process a received encrypted message; transmitting, by the data communication layer, a configuration request message to the handshake layer, and transmitting, by the handshake layer, in response to the configuration request message, a set channel state message to enable the data communication layer to process application data after a handshake phase of the protocol session is complete. Then, application data can be communicated through the data communication layer functional block of the first communication peer to a second communication peer.

Abstract: A method is provided for establishing a secure communication session in a communication system. The method includes providing a handshake layer functional block and providing a record layer functional block separate from the handshake layer functional block. Functionality of the record layer functional block is not duplicated in the handshake layer functional block. The record layer functional block of a first communication peer generates an ephemeral key pair. A public key of the ephemeral key pair is transmitted to the handshake layer functional block of a second communication peer via the handshake layer functional block of the first communication peer. A session key is generated from the public key of the second communication peer and a private key of the first communication peer. Messages communicated between the first communication peer and the second communication peer are protected using the session key.

Abstract: Some embodiments provide a system that allows for the use of direct host return ports (abbreviated “DHR ports”) on managed forwarding elements to bypass gateways in managed networks. The DHR ports provide a direct connection from certain managed forwarding elements in the managed network to remote destinations that are external to the managed network. Managed networks can include both a logical abstraction layer and physical machine layer. At the logical abstraction layer, the DHR port is treated as a port on certain logical forwarding elements. The DHR port transmits the packet to the routing tables of the physical layer machine that hosts the logical forwarding element without any intervening transmission to other logical forwarding elements. The routing tables of the physical layer machine then strip any logical context associated with a packet and forwarding the packet to the remote destination without any intervening forwarding to a physical gateway provider.

Abstract: Computer implementation methods of processing transactions to determine the fraud risk of transactions incorporating card issuer bin and cardholder location associated with a multitude of customers. The artificial intelligence models developed with such information provide an output of likelihood of fraud for payment card transactions. Disclosed are the methods of utilizing aggregated payment card transaction data at the card issuer bin and card holder location level to improve fraud detection. The implementation of the method is demonstrated to have boosted the performance of the developed models in detection of fraudulent payment cards.

Abstract: A method for determining compliance of a logical build in a converged infrastructure is provided. The method includes receiving a logical configuration survey in a predefined format, wherein the logical configuration survey represents a specification for a logical build to be implemented in a converged infrastructure. The method includes collecting data from the converged infrastructure regarding the logical build as implemented in the converged infrastructure, wherein the collecting is performed by an automated data collector. The method includes determining, from the collected data, whether the logical build as implemented complies with the logical configuration survey in the predefined format, wherein the determining is performed by a compliance scan engine.

Abstract: A server sends a key update request for requesting updating of the key, to a client terminal. The client terminal sends, to a key delivery server, a key delivery request for requesting the delivery of a key to the client terminal. The key delivery server delivers a key to the client terminal. The client terminal sends, to the server, a key reception notice indicating that the delivered key was received. The server sends, to the client terminal, a key-use start notice indicating that the client terminal starts data transmission and reception by using the delivered key with a different client terminal from the aforementioned client terminal. The client terminal performs data transmission and reception with the different client terminal by using the delivered key.

Abstract: A computer-implemented reservation method and a corresponding system are utilized for controlling execution of a decision process to maintain data access efficiency upon receipt of a computation inquiry. The method comprises associating to a computer backend machine a configuration file containing at least a decision rule that drives the decision process and that is computed at least from a current value of a statistical indicator and a target value of the statistical indicator; periodically obtaining an updated value of the statistical indicator; upon detection that the updated value is differing from the target value, dynamically updating the configuration file and storing in real-time a recomputed decision rule in the configuration file.

Abstract: A method is provided for establishing a secure communication session in a communications system. The method includes providing a handshake layer functional block and providing a record layer functional block separate from the handshake layer functional block. A first ephemeral key pair is generated by the record layer functional block of a first communication peer. A public key of the first ephemeral key pair is transmitted to a second communication peer. The handshake layer functional block of the first communication peer generates a second ephemeral key pair. A public key of the second ephemeral key pair is transmitted to the second communication peer. The second communication peer generates a third ephemeral key pair. A handshake key is generated from the public key of the second communication peer and a private key of the handshake layer block of the first communication peer.

Abstract: Advanced persistent threats to a mobile device are detected and prevented by leveraging the built-in mandatory access control (MAC) environment in the mobile operating system in a “stateful” manner. To this end, the MAC mechanism is placed in a permissive mode of operation wherein permission denials are logged but not enforced. The mobile device security environment is augmented to include a monitoring application that is instantiated with system privileges. The application monitors application execution parameters of one or more mobile applications executing on the device. These application execution parameters including, without limitation, the permission denials, are collected and used by the monitoring application to facilitate a stateful monitoring of the operating system security environment. By assembling security-sensitive events over a time period, the system identifies an advanced persistent threat (APT) that otherwise leverages multiple steps using benign components.

Abstract: Methods of and systems for establishing a packet connection between a first application running on a first electronic device located within a local area network (LAN) and a second application running on a second electronic device located outside the LAN. The method comprises: sending, by a messaging client located outside the LAN, a request message to establish a virtual private network (VPN); receiving, by a messaging agent located within the LAN, the request message; causing, by the messaging agent, a VPN client located within the LAN to negotiate, based on the request message, a VPN connection between the VPN client and a VPN server located outside the LAN; assigning, by the VPN server, a network address; provisioning the VPN client with the network address; and commanding the second application to set up the packet connection to the first application based on the network address.

Abstract: A mobile application gateway configured to interconnect mobile communication devices on a cellular network with an enterprise network is provided. The mobile application gateway includes a voice and data signaling gateway configured to provide routing functionalities, service functionalities and admission control. A gateway GPRS support node (GGSN) is configured to establish a secure data session between one or more of the mobile communication devices and the enterprise network by establishing a GPRS tunneling protocol (GTP) tunnel between a carrier-hosted serving GPRS support node (SGSN) and the GGSN.

Abstract: A method for creating a secure network is provided. The method comprises establishing a controller for a plurality of edge nodes in the network; configuring each edge node to perform a discovery operation to discover Network Address Traversal (NAT) information for any NAT device associated with said edge node; and configuring each edge node to transmit any NAT information discovered through said discovery operation to the controller; and configuring the controller to distribute the NAT information received from the plurality of edge node to each edge node.

Abstract: Methods and related systems are presented that relate to automatically avoiding address conflicts when establishing a secure communications link over a public network between a local computer, associated with a local network, and a remote device, located outside the local network. Local network addresses on the local network reserved for use, and a block of local network addresses that do not conflict with the reserved local network addresses, are identified. At least one local network address is selected from the block and assigned as an address of the local device for use in communicating with the remote device securely over the public network. Communication is facilitated with the remote device using the network driver based on the assigned at least one local network address.

Abstract: Embodiments presented herein disclose a VPN service which includes a cluster of VPN appliances that requires only an eventually consistent database to share VPN session data among cluster nodes. Doing so provides a VPN service that can scale both horizontally (i.e., the VPN service can support large numbers of VPN appliances) as well as geographically (i.e., nodes of the cluster do not need to be physically proximate to one another in order to satisfy latency requirements). Thus, the VPN service can provide regional endpoints to VPN clients that do not share common points of failure or administrative burdens.

Abstract: Systems and methods for providing access to a remote network via an external endpoint are provided. A client establishes a secure connection between an external endpoint and a remote network. Transmissions from clients to the external endpoint are supplemented with additional information regarding handling within the remote network, and then transmitted to an internal endpoint within the remote network. The internal endpoint processes the transmission based on the supplemental information and returns a response to the external endpoint. A response is then returned to the client. Access policies may be created by authorized users to establish processing of client transmissions. These policies may be stored and enforced by the internal endpoint or the external endpoint.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for determining whether an endpoint meets compliance standards. The method includes one or more processors receiving an endpoint certificate associated with an endpoint device that is requesting to access a resource, wherein the endpoint certificate includes a device fingerprint. The method further includes one or more processors determining compliance level of the endpoint device. The method further includes one or more processors validating credentials of the endpoint device. The method further includes one or more processors determining whether the endpoint device meets compliance standards based on the endpoint certificate, the determined compliance level, and the credentials of the endpoint device.

Abstract: A network security management system which manages an object node belonging to an intranet, including: an information collecting device, a type determining device and an event management device; the information collecting device being configured to collect domain information, computer name information and account information of each object node which is transmitted when each object node performs a login operation; the type determining device being configured to perform a comparison between the node information received by the information collection device and a node management list to determine a node type belonging to each object node; the event management device being configured to decide whether the object node has an operating privilege, or to give to the object node the operating privilege corresponding to the node type of the object node based on the compared result from the type determining device.

Abstract: The present disclosure relates to methods and systems for accelerating the development and distribution of data science workloads, including a consistent, portable and pre-configured data science workspace for development of data science containers allowing for the creation of a standardized, modular and reusable library of data science containers that can be maintained, extended and reused in a clear and repeatable manner. The containers may be submitted to a build and deployment process that ensures consistency across multiple environments in terms of the application code and the operating system environment. Runtime execution may be managed through the authoring of definitions which detail aspects of how the workload should operate within a certain environment.

Abstract: In general, techniques are described for configuring and managing virtual networks. For example, a distributed virtual network controller is described that configures and manages an overlay network within a physical network formed by plurality of switches. A plurality of servers are interconnected by the switch fabric, each of the servers comprising an operating environment executing one or more virtual machines in communication via the overlay networks. The servers comprises a set of virtual switches that extends the overlay network as a virtual network to the operating environment of the virtual machines.

Abstract: Methods and related systems are presented that relate to automatically avoiding address conflicts when establishing a secure communications link over a public network between a local computer, associated with a local network, and a remote device, located outside the local network. Local network addresses on the local network reserved for use, and a block of local network addresses that do not conflict with the reserved local network addresses, are identified. At least one local network address is selected from the block and assigned as an address of the local device for use in communicating with the remote device securely over the public network. Communication is facilitated with the remote device using the network driver based on the assigned at least one local network address.

Abstract: A portal application interface can access and provision hosted services configured to operate in a hosted system of a hybrid unified communications system, the hybrid system also including at least one premise-based system. A connection management service (CMS) can store CMS provisioning data in a hosted configuration database of the hosted system in response to a user input via the portal application interface to configure a given premise trunk group of the premise-based system for operation in the hybrid system to provision a session border controller to control at least one connection between the premise trunk group and a hosted trunk group of the hosted system based on the CMS provisioning data. The CMS can update the hosted configuration database to configure the hosted trunk group and cause premise configuration data for the given premise trunk group to be stored in the premise system.

Abstract: Methods, apparatuses, and embodiments related to streaming live video. A celebrity plans to live stream an interaction with a fan to a large number of her fans. The celebrity uses a device to capture and stream live video to her fans. The celebrity selects a fan and begins to interact with the fan, who uses a device to live stream a question. To enable a more natural interaction, the celebrity utilizes a platform with reduced latency of communication. With other platforms, latencies of between 6 to 30 seconds may occur in interactions between the celebrity and the fan. The platform utilizes one or more techniques to achieve reduced latency, such as not performing error checks on the live streamed data, not reordering packets while they are being relayed between devices, etc. A TCP tunnel that utilizes raw sockets is used to enable customized techniques for reducing communication latency.

Abstract: A CNC includes a processor configured to import a VPN-specific service model for a VPN service and map the VPN-specific service model to one or more TE-specific parameters. The CNC includes a memory coupled to the processor and configured to store a mapping between a VPN ID of the VPN service and a tunnel ID of a TE tunnel established for the VPN service. The TE tunnel satisfies the one or more TE-specific parameters.

Abstract: Systems and methods for providing an HA IPsec VPN client. According to one embodiment, an IPsec tunnel is established by a client with a VPN gateway through a first interface. An IP address of the first interface is bound as the local endpoint of the tunnel and the IP address of the VPN gateway is bound as the remote endpoint of the tunnel. Responsive to detection by the client that a second interface of the client machine has been selected to serve as the local endpoint, an IP address of the second interface is bound as the local endpoint. An IP packet is transmitted by the client machine to the VPN gateway by generating an ESP packet including an encrypted form of the IP packet and encapsulating the ESP packet with an outer IP header including the IP address of the second interface.

Abstract: A system, method, and computer program product are provided for sharing data based on a combined bandwidth consumption. In use, a first sharing action is received. Next, a first bandwidth consumption is received. Further, a second bandwidth consumption is received. Additionally, it is determined whether a combination of the first bandwidth consumption and the second bandwidth consumption surpasses a predefined threshold. Lastly, the first sharing action is conditionally allowed based on the determination. Additional systems, methods, and computer program products are also presented.

Abstract: Implementations of the present disclosure involve an apparatus, device, component, and/or method for a networking component for use in creating a virtual secured point-of-sale (POS) transaction over a network. In one embodiment, the networking component is a virtual router that is located logically between a retailer and a payment processing company for processing a POS transaction. To facilitate the POS transaction, the virtual router communicates with one or more virtual private networks (VPNs) to establish secured communication tunnels over which information and network traffic may be broadcast that prevent unauthorized access to the information from an outside source or third party. In this manner, a secured end-to-end security communication tunnel (including encryption of the transmitted data) may be created over a network from the originating point of sale (retailer) to the payment processing company.