Abstract: A hierarchical-context area network includes a first, level-one, context area network, a second, level-one, context area network, and a third, level-two, context area network, wherein the first context area network is allocated a first shared IP address in a first range, the first context area network includes a first VPN server having a second IP address in the first range, the second context area network is allocated a second shared IP address in a second range, the second context area network includes a second VPN server having a fourth IP address in the second range, communication between the first VPN server and the second VPN server is unavailable via context area networks other than via a data link layer network established between the first VPN server and the second VPN server via the third context area network.

Abstract: A VPN connection request is received from a user device. Two or more VPN servers are associated with a single entry Internet Protocol (IP) address. The two or more VPN servers includes a first VPN server and a second VPN server. The single entry IP address is transmitted to the user device. A secure VPN connection is established between the user device and the first VPN server using the single entry IP address. The secure VPN connection is switched to the second VPN server when the first VPN server becomes unavailable such that the secure VPN connection remains intact and the user device continues to communicate via the single entry IP address.

Abstract: The disclosure generally pertains to the use of a set of dynamically modifiable rules for a computing and communications system. An example method of use involves a first computing device applying a first set of dynamically modifiable rules for operating upon data. The first computing device detects a data activity that violates the first set of dynamically modifiable rules and conveys to a second computing device a request to modify the first set of dynamically modifiable rules. The second computing device may have an authority to autonomously grant permission to modify the first set of dynamically modifiable rules without human intervention. The first computing device may receive from the second computing device, an approval to modify the first set of dynamically modifiable rules, and may start applying a second set of dynamically modifiable rules that is a modified version of the first set of dynamically modifiable rules.

Abstract: A hierarchical-context area network includes a first, level-one, context area network, a second, level-one, context area network, and a third, level-two, context area network, wherein the first context area network is allocated a first shared IP address in a first range, the first context area network includes a first VPN server having a second IP address in the first range, the second context area network is allocated a second shared IP address in a second range, the second context area network includes a second VPN server having a fourth IP address in the second range, communication between the first VPN server and the second VPN server is unavailable via context area networks other than via a data link layer network established between the first VPN server and the second VPN server via the third context area network.

Abstract: Adaptive online system access control includes obtaining, by a system access control monitor of a client system, from a network interface unit of the client system, a protocol data unit sent to the client system by an external device, wherein the protocol data unit is associated with a communication context. Obtaining the protocol data unit includes, prior to other components of the client system accessing the protocol data unit, identifying, as a current access score for the protocol data unit, a sum of a previous access score associated with the communication context and a modifier value determined for the protocol data unit, and responsive to determining that the current access score is less than an access threshold value, preventing the other components of the client system from accessing the protocol data unit.

Abstract: A hierarchical-context area network includes a first virtual private network infrastructure context area network for a first virtual private network infrastructure context area in a first virtual private network infrastructure context level that includes a first virtual private network server, a second virtual private network infrastructure context area network for a second virtual private network infrastructure context area in the second virtual private network infrastructure context level that includes a second virtual private network server, wherein the first virtual private network server receives a protocol data unit from a client device and identifies the second virtual private network server, in accordance with a routing control policy defined by the hierarchical-context area network, as a current point of egress for transporting the protocol data unit through the hierarchical-context area network to send to an external device.

Abstract: A computer generates a first encrypted message by encrypting an unencrypted message for decryption at a receiving device. The computer couples the first encrypted message with addressing data associated with the receiving device to generate a coupled message. The computer generates a second encrypted message by encrypting the coupled message for decryption at a data transmission service. The computer transmits the second encrypted message via the data transmission service to enable the receiving device to read the unencrypted message.

Abstract: Adaptive online service access control includes obtaining, by a system access control monitor of a client system, a message from the client system to an external system, prior to transmission of the message, wherein the message is associated with a communication context, in response to obtaining the message, determining, by the system access control monitor, a current access score as a sum of a previous access score associated with the communication context and a modifier value determined for the message, and in response to determining, by the system access control monitor, that the current access score is less than an access threshold value, preventing transmission of the message.

Abstract: Operating a hierarchical-context area network includes receiving a first protocol data unit from an end user device via a virtual private network tunnel by a first virtual private network server, obtaining the first protocol data unit from the first virtual private network server, by a second virtual private network server as a current point of egress for transporting the first protocol data unit through the hierarchical-context area network, identifying, by the second virtual private network server, available data transport pathways for transporting the first protocol data unit through the hierarchical-context area network, pseudo-randomly identifying, by the second virtual private network server, an available data transport pathway from the available data transport pathways as a current data transport pathway, and sending, by the second VPN server, to the external device, via the data transport pathway, the first protocol data unit.

Abstract: Automatic network configuration includes obtaining, by a virtual private network service provider infrastructure system, ranking data for data transport pathways between the virtual private network service provider infrastructure system and an external system, wherein a respective data transport pathway from the data transport pathways includes a respective exit node in the virtual private network service provider infrastructure system in communication with a respective entry node in the external system, wherein obtaining the ranking data includes obtaining at least a portion of the ranking data by testing a service provided by the external system via the entry node, and allocating, by the virtual private network service provider infrastructure system, a data transport pathway from the data transport pathways to a communication session, wherein the data transport pathway is a highest-ranking data transport pathway in the ranking data.

Abstract: A computer generates a first encrypted message by encrypting an unencrypted message for decryption at a receiving device. The computer couples the first encrypted message with addressing data associated with the receiving device to generate a coupled message. The computer generates a second encrypted message by encrypting the coupled message for decryption at a data transmission service. The computer transmits the second encrypted message via the data transmission service to enable the receiving device to read the unencrypted message.

Abstract: A virtual private network (VPN) tunnel is established between a user device and a VPN gateway. The VPN gateway transmits first packets received from the user device to a first exit VPN server. A first subset of the first packets is transmitted by the first exit VPN server to a first target and a second subset of the first packets is transmitted by the first exit VPN server to a second target. A second exit VPN server that is different from the first exit VPN server is identified based on the first packets. Second packets are received by the VPN gateway from the user device. At least a subset of the second packets are transmitted to the second exit VPN server for forwarding to the second target.

Abstract: A computer generates a first encrypted message by encrypting an unencrypted message for decryption at a receiving device. The computer couples the first encrypted message with addressing data associated with the receiving device to generate a coupled message. The computer generates a second encrypted message by encrypting the coupled message for decryption at a data transmission service. The computer transmits the second encrypted message via the data transmission service to enable the receiving device to read the unencrypted message.

Abstract: A method including transmitting, by a user device to an infrastructure device prior to establishing a virtual private network (VPN) connection with a VPN server, service information indicating one or more VPN services to be received by the user device after establishing the VPN connection with the VPN server; receiving, by the user device from the infrastructure device, information associated with the VPN server that is selected by the infrastructure device to provide the one or more VPN services to the user device based at least in part on the service information; and establishing, by the user device based at least in part on utilizing the information associated with the VPN server, the VPN connection with the VPN server to receive the one or more VPN services is disclosed. Various other aspects are contemplated.

Abstract: A method and system for a VPN setup in which one of the peers' outgoing traffic is dynamically rerouted to exit VPN servers based on infrastructure or user requirements without losing the initial connection state or leaking unencrypted network traffic is described. One exemplary embodiment describes a method for a client to change their routing to multiple server locations. Another exemplary embodiment describes a method for the entry VPN servers to reroute traffic based on strategic traffic analysis.

Abstract: A method in a first virtual private network (VPN) server associated with clustering a plurality of VPN servers in a clustered network, the method including receiving, from a VPN service provider (VSP) control infrastructure, VPN data associated with a user device having an established VPN connection with the clustered network; and communicating, utilizing key information, the VPN data with the user device during the established VPN connection. Various other aspects are contemplated.

Abstract: A method for configuring a protocol in a virtual private network (VPN) service environment, the method including receiving, from a user device, device information associated with operation of the user device during an established VPN connection; configuring, based at least in part on the device information, a given VPN protocol from among a plurality of VPN protocols for utilization during the established VPN connection; and transmitting, to the user device, information associated with the given VPN protocol to enable the user device and a VPN server to utilize the given VPN protocol during the established VPN connection. Various other aspects are contemplated.

Abstract: A method for configuring a protocol in a virtual private network (VPN) service environment, the method including receiving, from a user device, device information associated with operation of the user device during an established VPN connection; determining, based at least in part on the device information, a given VPN protocol from among a plurality of VPN protocols for utilization during the established VPN connection; and transmitting, to the user device, information associated with the given VPN protocol to enable the user device and a VPN server to utilize the given VPN protocol during the established VPN connection. Various other aspects are contemplated.

Abstract: A method for configuring a protocol in a virtual private network (VPN) service environment, the method including receiving, from a user device, device information associated with operation of the user device during an established VPN connection; configuring, based at least in part on the device information, a given VPN protocol from among a plurality of VPN protocols for utilization during the established VPN connection; and transmitting, to the user device, information associated with the given VPN protocol to enable the user device and a VPN server to utilize the given VPN protocol during the established VPN connection. Various other aspects are contemplated.

Abstract: A method for configuring a protocol in a virtual private network (VPN) service environment, the method including receiving, from a user device, device information associated with operation of the user device during an established VPN connection; determining, based at least in part on the device information, a given VPN protocol from among a plurality of VPN protocols for utilization during the established VPN connection; and transmitting, to the user device, information associated with the given VPN protocol to enable the user device and a VPN server to utilize the given VPN protocol during the established VPN connection. Various other aspects are contemplated.