Abstract: Disclosed embodiments relate to systems and methods for securely and privately auditing web sessions. Techniques include receiving encrypted browser session data; storing the encrypted browser session data at a server; receiving an audit request associated with the stored encrypted browser session data; retrieving the stored encrypted browser session data based on the audit request; and transmitting the encrypted browser session data to an auditor endpoint device to enable access to the browser session data by the auditor endpoint device.

Abstract: Disclosed embodiments relate to systems and methods for securely and privately auditing web sessions. Techniques include receiving encrypted browser session data; storing the encrypted browser session data at a server; receiving an audit request associated with the stored encrypted browser session data; retrieving the stored encrypted browser session data based on the audit request; and transmitting the encrypted browser session data to an auditor endpoint device to enable access to the browser session data by the auditor endpoint device.

Abstract: Disclosed embodiments relate to systems and methods for securely and privately auditing web sessions. Techniques include receiving, from a browser extension executing on a user endpoint device, encrypted browser session data and an encrypted session key, storing the encrypted browser session data and the encrypted session key; receiving, from an auditor endpoint device, an audit request associated with the stored encrypted browser session data; retrieving the stored encrypted browser session data and the stored encrypted session key based on the audit request; and transmitting at least some of the encrypted browser session data and the encrypted session key to the auditor endpoint device to enable access to the browser session data by the auditor endpoint device.

Abstract: Disclosed embodiments relate to verifying identities based on identity-inherent data that is inaccessible to the system. Techniques include receiving, from a client, an encrypted token, the encrypted token having been encrypted at the client using a cryptographic key created at the client based on identity-inherent data of an identity of the client; wherein the identity-inherent data of the identity is not itself received by the system, and wherein the cryptographic key is accessible only to the client; and storing the encrypted token in association with a hash of a decrypted version of the encrypted token to allow for comparing the stored hash with a created hash and determining whether to verify the identity based on a result of the comparing.

Abstract: Disclosed embodiments relate to verifying identities based on identity-inherent data that is inaccessible to the system. Techniques include receiving, from a client, an encrypted token, the encrypted token having been encrypted at the client using a cryptographic key created at the client based on identity-inherent data of an identity of the client; wherein the identity-inherent data of the identity is not itself received by the system, and wherein the cryptographic key is accessible only to the client; and storing the encrypted token in association with a hash of a decrypted version of the encrypted token to allow for comparing the stored hash with a created hash and determining whether to verify the identity based on a result of the comparing.

Abstract: Disclosed embodiments relate to verifying identities based on identity-inherent data that is inaccessible to the system. Techniques include receiving, from a client, an encrypted token, the encrypted token having been encrypted at the client using a cryptographic key created at the client based on identity-inherent data of an identity of the client; wherein the identity-inherent data of the identity is not itself received by the system, and wherein the cryptographic key is accessible only to the client; and storing the encrypted token in association with a hash of a decrypted version of the encrypted token to allow for comparing the stored hash with a created hash and determining whether to verify the identity based on a result of the comparing.

Abstract: Disclosed embodiments relate to systems and methods for authenticating users of personal computing devices using encoded versions of the temporary and unique codes. Techniques include receiving a first cryptographic key having been created by a personal computing device and corresponding to a second cryptographic key maintained on the personal computing device; associating a user identifier with the first cryptographic key; accessing a temporary and unique code; accessing an encoded version of the temporary and unique code; making available to the personal computing device the encoded version of the temporary and unique code; receiving, from the personal computing device, a signed version of the temporary and unique code, the signed version having been signed by the second cryptographic key; verifying, using the first cryptographic key, the signed version of the temporary and unique code; and determining, based on the verifying, whether to authenticate the user of the personal computing device.

Abstract: Disclosed embodiments include engaging in a control session between a tunneling control service located in a first network and a tunneling control agent located in a second network, identifying a request, from a requesting resource in the first network, to establish a secure remote connection with a target resource in the second network, the target resource having a network address in the second network, sending, from the tunneling control service in the first network to the tunneling control agent in the second network, a request to establish a reverse tunnel between the first network and the second network, transmitting a request for a reverse tunnel connection between a tunneling server in the first network and a tunneling agent in the second network, the tunneling agent being configured to redirect traffic from the reverse tunnel to the target resource at the network address in the second network, and transmitting data traffic from the requesting resource in the first network through the reverse tunnel to

Abstract: Disclosed embodiments include receiving, at a first identity provider configured to authenticate a plurality of network clients, a request from a first network client to establish a connection with an access-restricted network resource, the first network client having been redirected to the first identity provider from a service provider; sending, from the first identity provider to the first network client, a redirect message automatically directing the first network client to authenticate itself at a second identity provider that is separate from the first identity provider; receiving, from the second identity provider, a result of the first network client authenticating itself at the second identity provider; and sending, from the first identity provider and to the service provider, an authentication message based on the result, the authentication message determining whether the first network client is authenticated and is permitted to establish the connection with the access-restricted network resource.

Abstract: Systems and methods are provided for decentralized network address control, including a computer-implemented method for decentralized load balancing for a plurality of network resources. The method can include determining a load characteristic for the first network resource. The load characteristic can be determined by a first load balancing application associated with a first network resource. The method can further include sending a report to a network address resolution resource, based on the determined load characteristic. The network address resolution resource can be configured to also receive reports from other load balancing applications associated with other network resources based on determined load characteristics for the other network resources. Both the first network resource and the other network resources can be associated with a common network resource name.