Abstract: Methods and systems for generating and using a BIOS security display include determining whether a change in a BIOS user setting is associated with security of an information handling system. When the BIOS user setting is associated with security, a security level for the BIOS may be calculated based on weighted security values for BIOS user settings. Security levels for boot phases may also be individually calculated. The security levels may be displayed in the BIOS to the user when the BIOS user setting is changed.

Abstract: Autocompleting into an invite box for purposes of sharing an executable computing resource such as an application or portion thereof. However, the autocomplete is populated with potential sharees of multiple tenants or with identities that are not registered with the tenant directory of the user. Thus, potentially any potentially sharee worldwide may be populated within the list of potential sharees. As the desired potential sharee comes into view, that potential sharee may be selected, and added to a list of one or more selected sharees. At some point, a control may be selected to allow the executable computing resource to be shared with the selected sharees within the list.

Abstract: Aspects include detecting that an extract transform load (ETL) job in an ETL system has been submitted for execution. The ETL job can include an input data storage location and an output data storage location. The ETL job is analyzed to predict whether execution of the ETL job will result in sensitive information being made accessible to an unauthorized user. The analyzing can be based on a sensitivity status of contents of the input data storage location and a data lineage of contents of the output data storage location. The ETL job is prevented from executing based on predicting that execution of the ETL job will result in sensitive information being made accessible to an unauthorized user. Execution of the ETL job is initiated based on predicting that execution of the ETL job will not result in sensitive information being made accessible to an unauthorized user.

Abstract: A method is provided that includes receiving a command for reading out content from a non-transitory recording medium, and identifying first version information indicating a version of a content copyright protection method. The method includes identifying second version information indicating a version of a protocol used in authentication of the host apparatus, and determining whether the authentication is to be approved or not. The method also includes authenticating the host apparatus according to a result of the determination, reading out medium-specific information, and sending the medium-specific information to the authenticated host apparatus. The method further includes reading out the encrypted content and sending the encrypted content to the authenticated host apparatus, wherein the first version information is identified based on disk information that is meta data stored at a beginning of the recording medium formed in a disk shape in the identifying first version information.

Abstract: A security matrix layer between a first and second conductive shorting layers are located within a printed circuit board (PCB) that carries out cryptographic data handling functions. The security matrix layer includes at least two microcapsules each containing one or more reactants. When the security matrix layer is accessed, drilled, or otherwise damaged, the microcapsules rupture and the reactants react to form at least an electrically conductive material. The electrically conductive material contacts and shorts the first and second conductive shorting layers. A monitoring device that monitors whether the first and second conductive shorting layers have shorted detects the short and passes a tamper signal that is received by one or more computer system devices to respond to the unauthorized physical access attempt.

Abstract: The present disclosure generally relates to visually varying an image using parallax image layers, and more specifically, relates to visually varying presentation of an access right displayed on a mobile device to enhance verification of access to resources. The variation of multiple layers of an image may be based on sensor data detected at the mobile device.

Abstract: Techniques include identifying permission polices corresponding to a plurality of identities in a network environment, the permission polices specifying what types of actions the plurality of identities are permitted to take with respect to particular network resources; analyzing information describing activity associated with a first identity from the plurality of identities in the network environment; and automatically developing, based on the analysis of the information, a least-privilege profile for the first identity, the least-privilege profile including permissions corresponding to the particular actions with respect to the particular network resources and excluding permissions that do not correspond to the particular actions with respect to the particular network resources.

Abstract: An approach is provided for securing data in a technical environment. In one embodiment, a processor obtains a first file, which when executed installs a first portion of a second file and an assembly key to assemble the second file. The processor executes this first file and then obtains the second portion of the second file. The processor assembles the second file using the first portion, the second portion, and the assembly key.

Abstract: This disclosure relates to enforcing restrictions on data collected from a first set of systems and disseminated to a second set of systems. For example, enforcing a set of restrictions includes receiving a first trait and a second trait that include data describing a user that has interacted with an online service. The first trait is labelled with a first usage restriction and the second trait is labelled with a second usage restriction different from the first usage restriction. The first trait and the second trait are combined into a segment. The segment preserves labelling of the first trait with the first usage restriction and the second trait with the second usage restriction. Use of the segment is controlled based on the first usage restriction and the second usage restriction.

Abstract: Some implementations may provide a machine-assisted method for determining a trustworthiness of a requested transaction, the method including: receiving, from a relying party, a request to determine a trustworthiness of a particular transaction request, the transaction request initially submitted by a user to access data managed by the relying party; based on the transaction request, summarizing the particular transaction request into transactional characteristics, the transactional characteristics devoid of source assets of the transaction, the source assets including credential information of the user, the credential information of the relying party, or information content of the requested transaction; generating first machine-readable data encoding transactional characteristics of the underlying transaction as requested, the transactional characteristics unique to the particular transaction request; submitting a first inquiry at a first engine to determine an access eligibility of the user submitting the t

Abstract: A network sensor, inserted into a mirror port of a network switch or router, may be configured to monitor the network traffic originating from an embedded device. Metadata in the network traffic may be passively extracted by the network sensor and transmitted to a server in order to monitor and analyze the behavior of the embedded device. The server may employ machine learning to distinguish typical behavior of the embedded device from atypical behavior. Further, code may be injected into the firmware of the embedded device, and the code may be programmed to broadcast a performance beacon whenever certain firmware functions are executed. A collection of the performance beacons may be analyzed at the server to reconstruct an execution path of the embedded device, and machine learning may be applied to determine whether the execution path is typical or atypical.

Abstract: The disclosed computer-implemented method for verifying that operators are human based on operator gaze may include (1) presenting an image to a user of the computing device via a display element of the computing device, (2) tracking the user's gaze as the image is presented to the user, (3) determining, based on an analysis of the user's gaze, that one or more patterns of the user's gaze are consistent with one or more human gaze patterns, and (4) classifying the user as a human in response to determining that the one or more patterns of the user's gaze are consistent with one or more human gaze patterns. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An exemplary system, method and computer-accessible medium can be provided for generating an encrypted reference-based secure-compression of randomly located short sequence reads from a genome(s), which can, for example, including obtaining information related to the randomly located short sequence reads, obtaining second information related to a plurality of reference sequences for the genome(s), generating third information related to a set of edit calls containing location information based on the first and second information using a base-calling procedure and an alignment procedure, and generating the encrypted reference-based secure-compression of the first information based on the third information. The exemplary system, method and computer-accessible medium can facilitate the exemplary chemistry box to generate analog information to be locally and physically separated from informatics box interpreting digital data.

Abstract: A secure communication system utilizes multiple “decoy” data signals to hide one or more true data signals. The true data signal(s) are encrypted, and received at a scrambling unit according to an original set of channel assignments. The channel assignments are optically switched with multiple decoy data signals to form a multi-channel “scrambled” output signal that is thereafter transmitted across a communication system. The greater the number of decoy signals, the greater the security provided to the open-air system. Further security may be provided by encrypting the decoy signals prior to scrambling and/or by utilizing a spatially diverse set of transmitters and receivers. Without the knowledge of the channel assignment(s) for the true signal(s), an eavesdropper may be able to intercept (and, with time, perhaps descramble) the open-air transmitted signals, will not be able to distinguish the true data from the decoys without also knowing the channel assignment(s).

Abstract: A system includes a network interface, at least one processing device, and at least one memory device. The at least one memory device stores instructions that when executed result in initiating creation of a single-use targeted link that provides access to a restricted access data entry system and serves the single-use targeted link through the network interface to a computer system of a targeted user with a time validity constraint. An access request received at the restricted access data entry system through the single-use targeted link is verified as being received within the time validity constraint. A network traffic throttling control reduces network traffic volume received through the single-use targeted link based on determining that the network traffic volume exceeds a traffic volume threshold. An identity control at the restricted access data entry system is applied to confirm entry of at least one identifying characteristic that matches the targeted user.

Abstract: The present disclosure relates to systems and methods for detecting malware. In some embodiments, a method may include detecting, via a processor, a user login event at an application; dynamically comparing, via the processor, the user login event with one or more expected behaviors associated with the application; and determining, via the processor, whether the application is potential malware based at least in part on a result of the comparing.

Abstract: A method and apparatus for controlling document access and application usage using centrally managed rules. The rules are stored and manipulated in a central rule database via a rule server. Policy enforcers are installed on client systems and/or on servers and perform document access and application usage control for both direct user document accesses and application usage, and application program document accesses by evaluating the rules sent to the policy enforcer. The rule server decides which rules are required by each policy enforcer. A policy enforcer can also perform obligation and remediation operations as a part of rule evaluation. Policy enforcers on client systems and servers can operate autonomously, evaluating policies that have been received, when communications have been discontinued with the rule server.

Abstract: Systems and methods for facilitating users to create multi-faceted social media objects (e.g., text, images, videos, etc.) with one public facing front side and multiple secondary facets that have optional privacy controls are provided. Users can scroll down a feed and perform gestures on each social media object to transition them to flipsides to view optionally private content in an intuitive manner. Graphical animations for transitioning from the front side of the social media object to the secondary facets can be simultaneously viewed within the feed interface. This enables a user to create a publicly visible social media object and essentially hide a message on the flipside(s) for selected other users to access. The hidden message may be contextual to the public side.

Abstract: A method may include sending, by a client device, an access request to an authentication server device. The access request may include a request to access an administered resource. The method may include in response to the client device not complying with an administrative policy associated with the administered resource, receiving, from the authentication server device, one or more instructions regarding installation of a client application, receiving, by the client device, a client application in accordance with the instructions, and installing the client application on the client device.

Abstract: Techniques are disclosed for enabling tenant hierarchy information to be migrated directly between different multi-tenant system (e.g., from a shared IDM system to a Nimbula system, or vice versa). A corresponding new tenant is created in a Nimbula system based on a combination of the tenant information and the service information from the shared IDM system. The Nimbula system extracts the tenant name and the service name from a request and asks the shared IDM system to verify that the user actually is a member of the tenant identified by the extracted tenant name. Upon successful authentication of the user, the Nimbula system requests the IDM system for roles that are associated with both the user and the extracted service name. The Nimbula system enable access to the service upon determining whether the requested operation can be performed relative to the specified service based on the roles.