Abstract: A system and method for efficient certificate authentication management and distribution of large, web scale authentication information. The method includes receiving at a server, security certificate information, said security certificate including a unique certificate identifier. A structured data source, such as an XML file or database is encoded with a unique record for each possible security certificate using the record ID as the security certificate ID. Each unique record includes a record of four bits or less. Owing to the small size of the data source, large amounts of security certificates may be managed and distributed efficiently over a network to one of more private gateways allowing for large scale certificate authentication.

Abstract: A method including receiving, at a virtual private network (VPN) server, an encapsulated packet on one of the ingress addresses wherein the ingress address is associated with the packet information. After processing the packet at the VPN server, the packet source address is transformed to the address of the ingress port before transmitting the packet over a network. The process may be effectuated in the operating system's kernel. The association step may include tracking the ingress port in a data store, or tagging the packet with the ingress address so it can be later used to modify the source address. Transforming may include swapping TCP source and destination port information, changing an IP or TCP header checksum, changing a TCP sequence and acknowledgment number, or changing an IP addresses contained in the data payload.

Abstract: A system and method for disposing, in kernel space, a data plane having instructions operable to encrypt and transfer data over a network. The data plane is coupled to a control plane which resides in user space. The control plane has instructions operable to control the transfer of the encrypted data in kernel space. Certain embodiments include an application programming interface (API), which operates to expose a programming interface for encrypted communications which results in a more efficient data transfer because most of the data processing is done in kernel space.

Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.

Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.