Abstract: A method for obtaining an encryption/authentication key uses multiple return channels over which to send parts of the key, which parts are then combined to form the actual key. A method includes receiving an open request for a first key which is a trusted key wrapped in a public key. The open request includes an authentication request value that identifies the open request as a verified setup directory service, the public key, an email address and a specified out-of-band channel. The server sends a first reply sent directly back with a first half of the first key offset by a unique value and wrapped using the public key. The second reply is sent via email which includes a second half of the first key offset by the first half of the first key. The third reply is sent over the out-of-band channel, which includes the unique value.

Abstract: This disclosure provides systems, methods, and computer program products for secure transfer of security domains across shared media. A secure domain interface is associated with a security domain. The secure domain interface receives a secure network data packet and appends a first data frame. A security interface receives the internal data packet and appends a second data frame to the internal data packet. The second data frame generates an open network data frame securely including payload and routing information from the secure network data packet. The security interface receives open network data frames, authenticates and extracts internal data packets, and routes internal data packets to the secure domain interface. The secure domain interface receives internal data packets, authenticates and extracts secure network data packets, and routes secure network data packets to secure network devices in the security domain.

Abstract: A system implements a QKD-secured logon widget. The system generates a first random quantum key using a first random measurement basis; transmits over a fiber optic network, a first random quantum key to a device, encrypts a logon widget instruction set using the first random quantum key and a first encryption algorithm, resulting in an encrypted message. The system then transmits the encrypted message, and the device receives a second random quantum key from the system, and measures the second random quantum key using a second random measurement basis, where the second random measurement basis is compared to the first random measurement basis, resulting in a comparison basis result. The system uses the comparison basis result to determine a level of anomalies present in the second random quantum key and a shared key, and, based on the level of anomalies, determines whether to render a logon widget at the device.

Abstract: This document presents a system and method for defining and controlling lights, audio systems, and any other home automation device by connection with an exterior network access port. The exterior network access is accomplished by pairing all network capable devices with a known intermediate network maintained by a master control unit. After association with the known intermediate network, the exterior network SSID and passkey are provided to the master control unit and then transmitted to each network capable device. The network capable devices connect to the exterior network by replacing the intermediate SSID and passkey information with the exterior network information.

Abstract: Disclosed are methods and apparatus for isolating a connection between a client machine and a remote desktop application running on a virtual machine (VM), the remote desktop application providing a virtual desktop to the client machine. The VM is configured to execute the remote desktop application and one or more other applications. The connection between the client machine and the remote desktop application, for exchanging remote desktop protocol data, is provided by using a first virtual network interface card (VNIC) on the VM, where the first VNIC is exclusively accessible by the remote desktop application and inaccessible to the one or more other applications. Another connection between a remote server and one of the one or more other applications is provided using a second VNIC on the VM, in response to the remote desktop application receiving an indication from the virtual desktop to execute the one application.

Abstract: A data structure is provided for use as a positive list in a device, including an entry for each permitted communication partner of the device having a first identifier that explicitly identifies the communication partner, a value of a predetermined certificate field that identifies a certificate as explicitly associated with the communication partner, and a respective check value from at least one certificate of a communication partner that explicitly identifies the certificate. A method for updating the positive list for certificates from permitted communication partners of a device comprises the method steps of receiving a new certificate from a communication partner in the device, checking whether the positive list has an entry having an identifier of the communication partner and a value of a predetermined certificate field from the new certificate.

Abstract: An information processing system includes a first information processing terminal which can be connected to an external network and a second information processing terminal which receives data from the external network through the first information processing terminal. The first information processing terminal stands by in a sleep mode, and when a predetermined condition is satisfied, it cancels the sleep mode and transmits data from the external network to the second information processing terminal.

Abstract: An example method is provided for a source device to perform discovery of a path maximum transmission unit (PMTU) of a path between the source device and a destination device in a communications network. The method may comprise configuring and sending a request message to the destination device via an intermediate device on the path. The request message may be configured to have a size of an estimated PMTU of the path, to cause a reply message to be received from the destination device or at least one report message to be received from the intermediate device, and to include a flag that allows fragmentation of the request message.

Abstract: Disclosed systems and methods include an Internet of Things (IoT) SuperAgent/Gateway for controlling remote communication with an IoT proximal network comprising one or more IoT devices. The presence of an IoT user device in the IoT proximal network is detected. The remote communication is disabled if the IoT user device is present in the IoT proximal network and if the remote communication criteria for disabling the remote communication are met. The remote communication is enabled if the IoT user device is not present in the IoT proximal network and if the remote communication criteria for enabling the remote communication are met. The remote communication includes remote access of the one or more of the IoT devices by the IoT user device, as well as, remoting notifications from the one or more the IoT devices to the IoT user device.

Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for encrypting and securely storing session data during a browser session using a session-based cryptographic key. The session data may be decrypted during the browser session or other browser sessions using the session-based cryptographic key or other backwards compatible session-based cryptographic keys. In addition, session-based cryptographic keys may be shared among browser sessions to enable encrypted session data to be decrypted across page refreshes and browser tabs.

Abstract: An instant messaging (IM) service interacts with IM clients operating on computing devices to implement an extensible platform with which individual composer applications (“apps”) may interact to support a variety of different messaging user experiences for users of respective local and remote devices. Each IM client exposes an application programming interface for utilization by a local composer app to package content that the IM service then transparently transports to a remote device. An IM client on the remote device provides the package to an identified associated remote composer app that can unpack the content and use it to support the app's customized messaging experience for the remote user. The composer app also provides a preview of the experience supported by the packaged content that the clients on the respective local and remote devices may utilize in a messaging history and/or as a launching point to the composer app's user experience.

Abstract: Methods and systems for changing dispersed storage error encoding parameters of sets of encoded data slices relating to portions of a data file involve determining one or more dispersed storage error encoding parameters are to be changed, selecting one or more changes to the dispersed storage error encoding parameters, and applying the changes to the parameters. The parameters include an error coding number and a decode threshold. Changes can include normalizing the parameters of the portions of a data file. Determining changes are to be made may be based on read processing performance, expiration of a time frame or based on a request. Changes can be selected based a lookup, a request, received parameters, a history of read performance, read processing performance, data type, an owner of the data file and a data size. Changes can include adding slices, deleting slices and re-encoding of data.

Abstract: An approach is proposed that contemplates system and method to configure firewall rules of a VPN gateway of a protected network so that users of devices in the protected network can access Internet securely via a captive network. First, the proposed approach enables the VPN gateway to probe the captive network with an HTTP request to discover a captive portal of the captive network. After the captive portal is discovered, one or more firewall rules of the VPN gateway are added so that network traffic from the devices in the protected network are redirected to the captive portal for authentication. Once the users are authenticated and a VPN tunnel is established between the VPN gateway and a remote VPN tunnel terminal, the firewall rules previously added are removed from the VPN gateway and all network traffic from the devices in the protected network are routed over the VPN tunnel.

Abstract: Computer program products, methods, systems, apparatuses, and computing entities are provided for enforcing usage of a canonical model. For example, machine-automatable artifacts that express the canonical model using a set of metadata constraints and a set of transformation rules can be received from a canonical model artifact repository. These machine-automatable artifacts can be converted into language-specific bindings and applications can subsequently utilize those language-specific bindings to enforce conformity to the canonical model.

Abstract: Retrieving and sending electronic signatures. A document requiring a signature is sent in an electronic message such as an electronic mail or text message from a computing device of a sender to a mobile communication device of the signor. The signor selects or clicks on a hyperlink within the message to launch a browser on the mobile communication device and download an application to the mobile communication device. The application executes to allow the signor to touch a screen of the mobile communication device and generate a signature that is incorporated into the document and transmitted back to the sender. In certain embodiments, an electronic tax return is sent from a sender computer to a client mobile communication device, the signor generates a touch screen signature, and the signed tax return is transmitted to the sender for filing with a tax authority.

Abstract: A method performed by an authentication server in a home network of a UE for obtaining a subscription permanent identifier, SUPI. The method comprises: receiving a SUCI which comprises an encrypted part in which at least a part of the SUPI is encrypted, and a clear-text part which comprises a home network identifier and an encryption scheme identifier that identifies an encryption scheme used by the UE to encrypt the SUPI in the SUCI; determining a de-concealing server to use to decrypt the encrypted part of the SUCI; sending the SUCI to the de-concealing server; and receiving the SUPI in response. Methods performed by a UE and a de-concealing server are also disclosed. Furthermore, UEs, de-concealing servers, authentication servers, computer program and a memory circuitry are also disclosed.

Abstract: The example embodiments are directed to an application and a system capable of securely delivering message content to an unintended recipient to enhance the security of message delivery. In an example, the method includes at least one of: receiving an electronic message from a user device, the electronic message including secure content and one or more recipients, determining that a recipient of the electronic message is a member of a project group associated with an organization, and in response, identifying an unintended recipient who is associated with the organization but who is not a member of the project group, and transmitting a notification to a device of the recipient indicating that the secure content is accessible via a device of the unintended recipient instead of transmitting the secure content directly to the device of the recipient.

Abstract: A system provides cloud-based identity and access management. The system receives a request by a web gate for an identity management service for reaching an application, and determines a tenancy from a header value of the request. The system looks up a policy configured to be applied for the tenancy, and applies the policy to the request. The system then sends the request to a microservice based on a result of the applying of the policy to the request, where the microservice performs the identity management service for reaching the application.

Abstract: Methods and systems for securing data are provided. For example, one method includes receiving at an adapter, data with a first type of error protection code from a host memory of a computing device; adding by the adapter a second type of error protection code to the data before removing the first type of error protection code; generating by the adapter, a frame header for the data with a protocol specific protection code and a third type of error protection code, where the third type of error protection code is generated without using any frame header field; encrypting by the adapter, the data, the protocol specific protection code and the third type of error protection code; and transmitting by the adapter, the encrypted data with encrypted protocol specific protection code and encrypted third type of error protection code to a receiving adapter coupled to the adapter by a network link.

Abstract: A TCP connection is established between a client and a server, such that packets communicated across the TCP connection pass through a proxy. Based at least in part on a result of monitoring packets flowing across the TCP connection, the proxy determines whether to split the TCP control loop into two TCP control loops so that packets can be inspected more thoroughly. If the TCP control loop is split, then a first TCP control loop manages flow between the client the proxy and a second TCP control loop manages flow between the proxy and the server. Due to the two control loops, packets can be held on the proxy long enough to be analyzed. In some circumstances, a decision is then made to stop inspecting. The two TCP control loops are merged into a single TCP control loop, and thereafter the proxy passes packets of the TCP connection through unmodified.

Abstract: A computing device such as a network security device receives one or more digital certificates in a certificate chain and generates one or more surrogate digital certificates that form a surrogate certificate chain. A surrogate certificate may be generated using certificate information from a corresponding digital certificate of the received certificate chain. In some cases, the received certificate chain may have a trusted root certificate that is a trust anchor for the received certificate chain and the generated surrogate certificate chain may have a different trusted root certificate that is the trust anchor for the surrogate certificate chain. Cryptographic keys of the certificate chains may be used to establish cryptographically protected communication sessions. The computing device may monitor network traffic utilizing cryptographic keys included in the certificate chains to encrypt data.

Abstract: A method for wireless data transmission, a transmission system, client controllers, and server controllers are described. The method for wireless data transmission includes: establishing management connection, the server controller establishes task management connection among the client controllers respectively; task arrangement, the server controller arranges the wireless data transmission task among the client equipment based on the information of client equipment, which is acquired from the task management connection, each client equipment is coupled with corresponding client controller; task executing, based on the arranged information of wireless data transmission task; establishing data transmission connection among the client controllers; and executing the wireless data transmission task through the data transmission connection. By using the server controllers, the wireless data transmission among client equipment can be accomplished conveniently, without an operating interface.

Abstract: A control system facilitates communication between a plurality of networked services. The control system includes a client agent associated with a first service of the networked services, and a destination agent associated with a second service of the networked services. The client agent includes an injection mechanism that intercepts a network request issued by the first service, transparently injects a token into the network request while the network request is in transit, and automatically transmits the network request to the second service in accordance with one or more security policies associated with the second service. The destination agent includes an interception mechanism that intercepts the network request, extracts the tokens from the network request, and determines whether to forward the network request to the second service.

Abstract: A circuit includes a first processing unit and a second identical processing unit. A first communication bus passes encrypted data between one of a plurality of functions and one or both of the first and second processing units. A selection circuit determines whether the encrypted bus is coupled to the first processing unit, the second processing unit, or both of the first and second processing units.

Abstract: Methods, apparatus, systems and articles of manufacture to prevent illicit proxy communications from affecting a monitoring result are disclosed. An example method includes accessing a log of communications from a proxy. A subnet represented in the log of communications is identified. The subnet is identified as having originated an illicit network communication if the log of communications does not include at least one record matching a signature of a mobile device heartbeat originating from the subnet. A blacklist of subnets not to be serviced by the proxy is generated, the blacklist including the subnet when the subnet is identified as having originated the illicit network communication. The blacklist is provided to the proxy. The blacklist is to prevent a subnet that originated the illicit network communication from affecting the monitoring result.

Abstract: A first information comprising an identification of an encryption algorithm supported by a first component from the first component of a software defined network (SDN) is received at a controller of the SDN. A set of policies and a set of encryption algorithms are sent to the first component. A policy determines a cryptographic operation applicable to a path in the SDN between the first component and a second component of the SDN. The first component comprises an originating point of the path and the second component comprises a destination point of the path.

Abstract: Methods are systems are provided for onboarding network equipment to managed networks. An onboarding controller may be used in authenticating the to-be-onboarded network equipment. The onboarding controller may issue a challenge, which may comprise instructions for making configuration changes to the network equipment. The configuration changes may comprise adding, removing, and/or changing connections within and/or to the network equipment within a local network comprising the network equipment. The onboarding controller may determine whether or not the configuration changes have been made to the network equipment. The determination of configuration changes may be used in verifying the identity and/or location of the network equipment, and/or in determining determine to which managed network the network equipment should be onboarded.

Abstract: A method for identifying network cameras is disclosed. The method includes receiving name of an organization, identifying a range of internet protocol (IP) address associated with the organization, querying each IP address in the range of the IP addresses, receiving a response from the IP addresses in response to the queries, verifying the received response is from a camera by obtaining an image file from the IP address and analyzing the image file, and adding IP address to a list of identified cameras.

Abstract: Certain example embodiments may generally relate to multi-security levels/traffic management across multiple network function instantiations, including virtualized network function instantiations. A method may include configuring a first instantiation of a first network function to provide a first type of security. The method may also include configuring a second instantiation of the first network function to provide a second type of security that is different than the first type of security. The method may further include allocating at least some of the subscriber traffic to the first instantiation.

Abstract: A method includes receiving a retrieval request regarding an encoded key stream slice of a set of encoded key stream slices and an encoded and encrypted data slice of a set of encoded and encrypted data slices. The method further includes partially dispersed storage error decoding the encoded key stream slice to produce a partially decoded key stream vector. The method further includes partially dispersed storage error decoding the encoded and encrypted data slice to produce a partially decoded and encrypted data vector. The method further includes partially decrypting the partially decoded and encrypted data vector in accordance with the encryption function and based on the partially decoded key stream vector to produce a partially decrypted and decoded data vector. The method further includes sending the partially decrypted and encoded data vector to the requesting computing device.

Abstract: A security container of a container environment receives an indication of a new application container connected to a virtual switch of a server, the connection established by a container service providing operating system-level virtualization for each application container. The security container disconnects a first connection from the virtual switch to the application container at the application container. The security container connects the first connection from the virtual switch to the security container. The security container establishes a second connection from the security container to the application container. The security container receives data from the application container. The security container inspects the received data for network security. The security container forwards the received data to an intended destination via the virtual switch.

Abstract: One embodiment is an authentication method comprising on receiving a request from the web browser of the terminal, the request including a user identifier, obtaining authentication data that is associated with the user identifier and that is stored in a database of the internal network, configuring a proxy server authorizing access via the access security entity to the internal network for a determined set of connection parameters, generating a first application from the connection parameters of the set, which application is protected using at least one determined portion of the authentication data and being configured to, on being executed by the web browser, set up a connection between the terminal and the proxy server using the parameters, this being done in response to the at least determined portion of the authentication data being supplied and transmitting the first application to the web browser of the terminal.

Abstract: A method includes obtaining, by one or more processor, data from a virtual network of a tenant and an identifier of the tenant, where the virtual network of the tenant is one of at least two virtual networks in a shared computing environment where the at least two virtual networks overlay a physical network. Based on obtaining the identifier of the tenant, the method includes setting, by one or more processor, the identifier in metadata of the data and based on the identifier in the metadata, identifying, by the one or more processor, a network connection associated with the tenant. The method also includes identifying, by the one or more processor, a policy of the network connection and processing the data with the policy to create processed data and transmitting, by the one or more processor, the processed data through the network connection.

Abstract: In one embodiment, a computing device may execute software from a first portion of memory of the computing device. The computing device may download from a server a new version of the software. The client computing device may receive instructions from the server to request an over-the-air (OTA) download of the new version of the software. The instructions may be an out-of-band message. The new version of the software may be installed into a second portion of memory of the computing device, and the new version of the software is executed from the second portion of memory. The download of the new version of software may be pursuant to a manifest for the download to determine whether the computing device may download the new version of software.

Abstract: Systems and methods for adding digital content associated with a first user account within a content management system to a second user account within the content management system. In various embodiments, the system may be configured to allow a user to add digital content to an account within a content management system associated with the user when the user receives a shared link to access digital content associated with an account within the content management system belonging to another user. The system may be configured to add the digital content to the user account by associating the digital content with the user's account. In various embodiments, the system may be configured to add the digital content to the user's account by creating an entry in a server-side file journal associated with the user's account, where the entry includes one or more file reference strings associated with the digital content.

Abstract: Various embodiments are generally directed to techniques for converting between different cipher systems, such as, for instance, between a cipher system used for a first encryption environment and a different cipher system used for a second encryption environment, for instance. Some embodiments are particularly directed to an encryption engine that supports memory operations between two or more encryption environments. Each encryption environment can use different cipher systems while the encryption engine can translate ciphertext between the different cipher systems. In various embodiments, for instance, the first encryption environment may include a main memory that uses a position dependent cipher system and the second encrypted environment may include a secondary memory that uses a position independent cipher system.

Abstract: Technologies are disclosed for providing developers with rule output indicating that issues are or may be present in the code they are developing. Such rule output can include or be accompanied by guidelines and/or best practices structured to aid developers in becoming aware of and resolving the issues. In one example, this involves identifying the issues, making available a mechanism of further investigating the issues, and providing best practices and/or recommended solutions for the issues. Finally, the technologies disclosed may automate application of the recommended solutions. The notifications and accompanying guidance/automation and the like can be provided at design-time, compile-time, and/or run-time with the notifications and accompanying guidance/automation integrated into editors, compilers, debuggers, and other development environment tools providing true real-time and in situ development experience.

Abstract: A publish-subscribe network includes a network infrastructure configured to support the exchange of data. An intrusion detection system is coupled to the network infrastructure and configured to process signals received from that infrastructure in order to detect malicious attacks on the network infrastructure. The intrusion detection system includes an evaluator that generates a set of indicators based on the received signals. The evaluator models these indicators as stochastic processes, and then predicts an attack probability for each indicator based on a predicted future state of each such indicator. The evaluator combines the various attack probabilities and determines an overall attack level for the network infrastructure. Based on the attack level, the intrusion detection system dispatches a specific handler to prevent or mitigate attacks.

Abstract: Techniques for trust status of a communication session are described. According to various embodiments, different networks cooperate to facilitate routing of communication sessions between different devices. According to various embodiments, a network involved in routing a communication session ascertains whether an authentication status of a communication session is received, and categorizes a trust status of the communication session accordingly.

Abstract: A method for automated authentication of a user VoIP phone supported by a Private Branch eXchange (PBX) configuration server is provided. A VoIP phone or a VoIP supported device is configured for an automated authentication by a vendor. The authentication method does not require manual entry of authentication data by a user. The unique VoIP phone authentication data can be provided by the vendor in a form of a MAC address. Additionally, the vendor can assign a digital certificate (containing public and private encryption keys) signed by the vendor to the VoIP phone. In this case, the VoIP phone vendor serves as a trusted authority. Thus, the VoIP phone automatically connects with the configuration server and the authentication transformation server (ATS) and the address where the VoIP phone sends the authentication data upon connection to the network is determined by the ATS.

Abstract: A device and method temporally correlates communication types. The method performed by a first electronic device includes receiving a first message in a first communication format from a second electronic device, the first message having first metadata associated therewith. The method includes determining respective second metadata associated with existing conversations. The existing conversations each include a plurality of existing messages in at least one second communication format. The existing messages are a thread in a temporal order. The existing conversations are shown in a single, respective user interface. The method includes determining a correlation between the first message and one of the existing conversations based upon the first and second metadata. The method includes inserting the first message in the existing messages of the one of the existing conversations that maintains the temporal order.

Abstract: Blocking malicious Internet content at an appropriate hierarchical level. In one embodiment, a method may include identifying evidence of security risks in hierarchical levels of an Internet hierarchy. The method may also include generating security risk scores for the hierarchical levels of the Internet hierarchy based on the evidence of security risks. The method may further include identifying a security risk threshold. The method may also include identifying, as an appropriate blocking level, the highest hierarchical level of the Internet hierarchy having a security risk score at or above the security risk threshold. The method may further include blocking a network device from accessing Internet content in the Internet hierarchy at or below the appropriate blocking level.

Abstract: Disclosed herein are hub devices for a machine-to-machine (M2M) communications network that enables multiple communication modes for data source nodes, the hub comprising a processor, a local connectivity system configured to communicate data with the data source nodes via an interface, a data processing and caching system comprising a local memory and configured to receive and store user-defined data routing and processing functions, prioritize the data based on the user-defined functions; and route the prioritized data to the local memory for storage or to the data transmission system for immediate transmission based on the priority, and a data transmission system configured to dynamically assign an M2M upload mechanism to the routed data selected from: a real-time transmission mechanism, a fixed interval mechanism, a data backhaul mechanism, and a user pull mechanism; and transmit the data to a network backhaul link for delivery to a host point.

Abstract: Facilitation of secure network traffic by an application delivery controller is provided herein. In some examples, a method includes: (a) receiving a data packet with information from a client indicating that the client is a trusted source; (b) embedding in the data packet a transmission control protocol (TCP) options header, the TCP options header comprising information including at least a sequence number for a protocol connection; and (c) forwarding the embedded data packet to a server.

Abstract: An entitlement system includes at least two computing devices and a management controller which all include a trusted platform module. Each of the trusted platform modules include a non-volatile storage for storing entitlement records. A management unit of each computing device includes configuration means to enable and disable computing resources of the respective computing device based on entitlement records. The management controller receives ensemble entitlement records in encrypted form and distributes sub-entitlement records in a second encrypted form to the management units of the computing devices.

Abstract: In response to receiving an unknown first session identifier from a client for a first communication session between the client and a server, a Man in the Middle (MitM) computer requests a second session identifier from the server for a second communication session between the server and the MitM computer. The MitM computer generates a third session identifier for a third communication session between the MitM computer and the client. The MitM computer generates a fourth communication session between the server and the client using a combination of the second communication session and the third communication session. In response to receiving an invalid session identifier from the client for a fifth communication session between the client and the server, the MitM computer transmits an instruction, to the client, to flush a session cache in the client to force a full TLS handshake between the client and the server.

Abstract: Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).

Abstract: A utility meter device (1002) including a communications receiver (110) for receiving file fragments for the device, a processing means (150), eg microprocessor, microcontroller, and programmable non-volatile memory means (120), eg flash, EEPROM, for building and storing application and data files from the fragments, and executing a meter application of the device by processing at least one application file and associated data identified by configuration instructions in at least one of the fragments to provide data for reconfiguring a meter through a control interface (1016).

Abstract: An apparatus in one embodiment comprises a plurality of host devices configured to support execution of applications on behalf of one or more tenants of cloud infrastructure. The apparatus further comprises a secure data proxy implemented utilizing at least one of the host devices. The secure data proxy comprises non-persistent storage configured to store data required for execution of at least one of the applications. The data is obtained by the secure data proxy from persistent storage in a storage system external to the cloud infrastructure. The secure data proxy is configured to perform cryptographic operations in conjunction with transfer of the data between the persistent storage of the external storage system and the non-persistent storage of the secure data proxy. The secure data proxy may be further configured to perform deduplication operations in conjunction with transfer of the data between the persistent storage and the non-persistent storage.

Abstract: An example access controller (AC) can receive an encrypted management frame from an access point (AP) associated with the AC, decrypt the encrypted management frame, and send the decrypted management frame to the AP.