Abstract: The disclosure presents systems, methods and computer program products relating to an overlay network in a cloud environment. A management machine may manage an overlay network. Machine(s), which may be provided by cloud provider(s), may be added to or removed from the overlay network. Data relating to a machine may be gathered and configuration data may be determined, for example when the machine is being added to the overlay network. A device associated with a user authorized for the overlay network may connect to the overlay network. The overlay network may include one or more secure tunnels wherein a private IP address or public IP address may encapsulate an overlay IP address.

Abstract: A client device requests permission from a network access device to access a network associated with the network access device. The client device sends credentials of a user associated with the client device for authenticating with the network access device. The client device receives from the network access device permission to access the network along with a session certificate and an associated key. The session certificate and the key are associated with the credentials of the user. The client device establishes a network session using the network based on receiving the permission. During the network session, the client device establishes a secure communications channel with a website. The client device authenticates the user to the website by sending the session certificate to the website over the secure communications channel. The client device then receives permission from the website to access contents of the website.

Abstract: A client device requests permission from a network access device to access a network associated with the network access device. The client device sends credentials of a user associated with the client device for authenticating with the network access device. The client device receives from the network access device permission to access the network along with a session certificate and an associated key. The session certificate and the key are associated with the credentials of the user. The client device establishes a network session using the network based on receiving the permission. During the network session, the client device establishes a secure communications channel with a website. The client device authenticates the user to the website by sending the session certificate to the website over the secure communications channel. The client device then receives permission from the website to access contents of the website.

Abstract: An embodiment of the invention incorporates, or encapsulates, authentication mechanisms into an initiation phase of a transmission protocol session. In a preferred embodiment, Extensible Authentication Protocol (EAP) authentication steps are included in the three-way handshake of a request to establish a Transmission Control Protocol/Internet Protocol TCP/IP) session. An EAP authentication session request can be designated within the standard Transmission Control Protocol (TCP) segment by using unused flags in the segment header. Another way to designate the request is to include a predefined option value in the header.

Abstract: A protocol, method, apparatus and computer program product for providing and utilizing a host credential authorization protocol (HCAP) is presented. The protocol is utilized by an AAA server and a posture validation server. The AAA server and the posture validation server are utilized to determine whether a host is allowed access to a device.

Abstract: A protocol, method, apparatus and computer program product for providing and utilizing a host credential authorization protocol (HCAP) is presented. The protocol is utilized by an AAA server and a posture validation server. The AAA server and the posture validation server are utilized to determine whether a host is allowed access to a device.

Abstract: An embodiment of the invention incorporates, or encapsulates, authentication mechanisms into an initiation phase of a transmission protocol session. In a preferred embodiment, EAP authentication steps are included in the three-way handshake of a request to establish a TCP/IP session. An EAP authentication session request can be designated within the standard TCP segment by using unused flags in the segment header. Another way to designate the request is to include a predefined option value in the header.