Abstract: A method, system, and computer program product for identifying network appliances on a network which includes a processor configured to intercept network communications from one or more devices between a first network and a second network. The processor may store the information about each connection in a database, the information including a Client Id and a destination address. The processor may query the database for a list of all destination addresses which were attempted to be contacted for each Client Id and generate metadata for each Client Id. The processor may analyze each Client Id, the associated metadata for each Client Id, and the destination addresses associated with each Client Id using one or more rules in a device identification tree and assign a device label to each Client Id of the one or more devices.

Abstract: A method, system, and computer program product for privacy and security policy delivery which includes a processor configured to store one or more compatibility modules in a memory of a computing device. The one or more compatibility modules being a security policy defining a set of specific access rules for a destination endpoint. The processor may receive a user selection of one of the one or more compatibility modules. The user selection may be received from a user device on a first network. The processor may install the selected compatibility module on the computing device. The processor may receive a user request from the user device for the destination endpoint. The destination endpoint may be associated with one or more domains on a second network. The processor may analyze the one or more domains using the security policy of the selected compatibility module.

Abstract: Exemplary embodiments provide for rate limiting access to data endpoints which includes a processor configured to monitor network traffic between one or more devices on a first network and a second network. The processor may receive a first data endpoint request from one of the one or more devices and compare the first data endpoint request to a ledger of one or more data endpoints. The ledger may have a rate limit associated with the one or more data endpoints which defines a threshold number of requests allowed for the one or more data endpoints. In response to the first data endpoint request matching one or more of the data endpoints on the ledger, the processor may block the first data endpoint request when the data endpoint request exceeds the threshold number of requests allowed for the matching data endpoint on the ledger.

Abstract: A method for asynchronous side channel cipher renegotiation includes: establishing, by a first computing device, a first communication channel and a second communication channel with a second computing device, where the first communication channel is an encrypted tunnel and packages exchanged using the encrypted tunnel are encrypted using a first cipher; receiving, by a receiver of the first computing device, a renegotiation request from the second computing device using the second communication channel, where the renegotiation request includes at least a password value and a relative time; generating, by a processor of the first computing device, a second cipher using at least an encryption protocol and the password value; receiving, by the receiver of the first computing device, a new encrypted packet from the second computing device using the first communication channel; and decrypting, by the processor of the first computing device, the new encrypted packet using the second cipher.

Abstract: A method, system, and computer program product for filtering domain requests which includes a processor configured to detect an initiation of a browser application on a user device on a first network. The processor may transmit a polling request to a specified endpoint. The specified endpoint may be enforced by a network monitoring device on the first network. The processor may receive a payload including a unique network device identifier from the specified endpoint, The processor may generate, a user notification alerting the user they are connected to the network monitoring device. The processor may monitor browser communications between a user device on a first network and a second network. The processor may receive a domain request from the user device and filter the domain request.

Abstract: A method, system, and computer program product for rate limiting access to data endpoints which includes a processor configured to monitor network traffic between one or more devices on a first network and a second network. The processor may receive a first data endpoint request from one of the one or more devices and compare the first data endpoint request to a ledger of one or more data endpoints. The ledger may have a rate limit associated with the one or more data endpoints which defines a threshold number of requests allowed for the one or more data endpoints. In response to the first data endpoint request matching one or more of the data endpoints on the ledger, the processor may block the first data endpoint request if the data endpoint request exceeds the threshold number of requests allowed for the matching data endpoint on the ledger.

Abstract: A method for asynchronous side channel cipher renegotiation includes: establishing, by a first computing device, a first communication channel and a second communication channel with a second computing device, where the first communication channel is an encrypted tunnel and packages exchanged using the encrypted tunnel are encrypted using a first cipher; receiving, by a receiver of the first computing device, a renegotiation request from the second computing device using the second communication channel, where the renegotiation request includes at least a password value and a relative time; generating, by a processor of the first computing device, a second cipher using at least an encryption protocol and the password value; receiving, by the receiver of the first computing device, a new encrypted packet from the second computing device using the first communication channel; and decrypting, by the processor of the first computing device, the new encrypted packet using the second cipher.

Abstract: A method, system, and computer program product for rate limiting JavaScript functions which includes a processor configured to monitor network traffic between one or more devices on a first network and a second network. The processor may receive a data endpoint request from one of the one or more devices and a JavaScript function request from the data endpoint. The processor may compare the JavaScript function request to a ledger. The ledger may have a rate limit associated with one or more JavaScript functions for a plurality of data endpoints. The processor may compare the first data endpoint request to the rate limit associated with the matching data endpoint on the ledger The processor may determine the rate limit associated with the data endpoint for the JavaScript function request has been exceeded, log he JavaScript function request in the ledger, and block the JavaScript function request.

Abstract: A method for uniquely identifying a network client or application based on a transport layer security (TLS) handshake includes: storing, in a computing device, a list of cipher suites and a list of supported curves; intercepting, by the computing device, a data packet transmitted to as part of the TLS handshake; filtering, by the computing device, cipher suites included in the list of cipher suites from the data packet; filtering, by the computing device, supported curves included in the list of supported curves from the data packet; building, by the computing device, a data string using data in the data packet remaining after filtering; generating, by the computing device, a signature value by hashing the data string; and identifying, by the computing device, a network client or application using the generated signature value.

Abstract: A method for uniquely identifying a network client or application based on a transport layer security (TLS) handshake includes: storing, in a computing device, a list of cipher suites and a list of supported curves; intercepting, by the computing device, a data packet transmitted to as part of the TLS handshake; filtering, by the computing device, cipher suites included in the list of cipher suites from the data packet; filtering, by the computing device, supported curves included in the list of supported curves from the data packet; building, by the computing device, a data string using data in the data packet remaining after filtering; generating, by the computing device, a signature value by hashing the data string; and identifying, by the computing device, a network client or application using the generated signature value.