Abstract: Methods and systems for executing a penetration test of a networked system by a penetration testing system so as to determine a method by which an attacker could compromise the networked system, and/or for distributing common sets of data to nodes of a networked system. The methods and systems include identifying network nodes which have shared broadcast domains.

Abstract: A device can receive a request to deploy, on the device, a container associated with a tenant. The request can include information identifying one or more parameters related to the container. The device can configure, for the container, an Internet protocol (IP) address that includes information identifying the tenant with which the container is associated. The IP address can permit the container to be reachable from outside of the device. The device can configure an interface for the container to isolate the container from another container deployed on the device. The other container can be associated with another tenant. The tenant and the other tenant can be different. The device can configure a set of rules related to traffic associated with the container. The device can perform an action related to the container after deploying the container with the IP address, the interface, and the set of rules.

Abstract: A method, system, and computer program product includes receiving, in a booted state of a computing system, a request to load an operating system configuration. The method further includes storing, automatically in response to receiving the request, a digital key to authenticate the operating system configuration. The method further includes restarting the computing system. In response to restarting the computing system and while the computing system is in a pre-boot state, the method includes: validating that the digital key stored is one for a valid operating system configuration; receiving, from a user interface physically coupled to the computing system, a signal confirming the received request; authenticating, in response to receiving the signal, the operating system configuration using the digital key; and booting, in response to the authenticating, the operating system configuration.

Abstract: The disclosed embodiments include encrypted data retrieval systems and methods to provide access to encrypted data. In one of such embodiments, the method includes receiving a request to access encrypted data. The method also includes analyzing the request to determine a credential of a source electronic device seeking to access the encrypted data. The method further includes determining, based on the credential of the source electronic device, a category of the request. In response to determining the category of the request, the method further includes selecting additional credentials with which to authenticate the request. The method further includes providing an indication of the credentials to at least one operator, wherein the at least one operator is authorized to enter the additional credentials to release the encrypted data. In response to receiving the additional credentials, the method further includes transmitting the encrypted data to the source electronic device.

Abstract: A method, system, and computer program product includes receiving, in a booted state of a computing system, a request to load an operating system configuration. The method further includes storing, automatically in response to receiving the request, a digital key to authenticate the operating system configuration. The method further includes restarting the computing system. In response to restarting the computing system and while the computing system is in a pre-boot state, the method includes: validating that the digital key stored is one for a valid operating system configuration; receiving, from a user interface physically coupled to the computing system, a signal confirming the received request; authenticating, in response to receiving the signal, the operating system configuration using the digital key; and booting, in response to the authenticating, the operating system configuration.

Abstract: The disclosed apparatus may include (1) providing a framework that enables a customer entity of a service provider to configure, via a customer portal, a network device of the service provider that directs network traffic of the customer entity, (2) creating, for the customer entity by way of the framework, a virtual network that includes at least a portion of the network device of the service provider, (3) detecting an attempt by the customer entity to configure at least a portion of the virtual network via the customer portal, and then in response to detecting the attempt by the customer entity, (4) performing a configuration operation that configures the portion of the virtual network as directed by the customer entity via the customer portal. Various other apparatuses, systems, and methods are also disclosed.

Abstract: Disclosed embodiments relate to systems and methods for predictable detection in a computing network. Techniques include identifying an activity associated with an identity in the computer network; accessing hierarchical-chained progression states representing timelines defining one or more process flows for operations in the computer network between beginning states and corresponding predictable result states to be controlled; identifying a hierarchical-chained progression state corresponding to the identified activity; automatically predicting a likelihood that the at least one activity will reach the predictable result state corresponding to the identified hierarchical-chained progression state; and implementing a control action for the activity, the identity, or a resource to which the identity is seeking to communicate.

Abstract: Various embodiments provide methods, devices, and non-transitory processor-readable storage media enabling rogue access point detection with a communications device by sending multiple probes via different network connections to a remote server and receiving probe replies. Various embodiments may include a communication device transmitting a first probe addressed to a server via a first network connection and a second probe addressed to the server via a second network connection. Upon receiving a first probe reply from the server via the first network connection and a second probe reply from the server via the second network connection server, the communications device may analyze the received probe replies to determine whether an access point of either the first network or the second network is a rogue access point.

Abstract: Methods and systems for executing a penetration test of a networked system by a penetration testing system so as to determine a method by which an attacker could compromise the networked system, and/or for distributing common sets of data to nodes of a networked system. The methods and systems include identifying network nodes which have shared broadcast domains.

Abstract: A resource generates and provides discovery configuration information to a network appliance. The network appliance validates the discovery configuration information, such as by validating a token within the discovery configuration information, then is configured using at least the discovery configuration information and passes at least a portion of the discovery configuration information to a network disjoint from that which connects the resource and the network appliance. This portion of discovery configuration information may include service advertisement information, routing information for traversing the network topology, and in some embodiments, the validation token.

Abstract: An apparatus includes one or more processor core, trusted key store, memory controller, and a memory module. The memory controller includes an encryption/decryption module that encrypts data being stored to the memory module for a guest OS being executed by the processor core(s) and that decrypts data being read from the memory module for the guest OS. Data owned by the guest OS is encrypted and decrypted by the encryption/decryption module using an encryption key stored by the trusted key store in association with the guest OS. A method encrypts data owned by the guest OS using the encryption key assigned to the guest OS and stores the encrypted data on a memory module, wherein the encrypted data is stored in association with the process identifier of the guest OS, and decrypts the encrypted data using the guest OS encryption key and provides the decrypted data to the guest OS.

Abstract: An API call filtering system filters responses to API call requests received, via a network, from UEs. The API call filtering system is configured to require personalized API call requests wherein each API call (except for some minor exceptions) includes a unique UE identifier (“UEIN”) of the UE making the request. Using the UEIN, the web service or other service protected by the API call filtering system can be secured against excessive request iterations from a set of rogue UEs while allowing for ordinary volumes of requests of requests the UEs, wherein one or more boundaries between what is deemed to be an ordinary volume of requests and what is deemed to be excessive request iterations are determined by predetermined criteria.

Abstract: Embodiments of the present disclosure may be used to securely transmit data between multiple computing devices. Among other things, this can greatly extend the range of data transmissions in comparison to fixed-position wireless beacons and access points.

Abstract: An information communication system has a plug-in stored in a transmitting terminal and a second program stored in a cloud server. The cloud server is configured to communicate with the transmitting terminal and a receiving terminal through the Internet W in a confidential state. The plug-in generates an encryption password 8 for encrypting an attachment file and transmits the encryption password to the cloud server. The second program determines whether or not a receiver e-mail address is registered, generates a first URL information, and transmits the first URL information to the transmitting terminal. The plug-in generates an e-mail including the encrypted attachment file and the first URL information, and the second program returns the encryption password to the receiving terminal when an access to the first URL from the receiver is authenticated.

Abstract: Systems and methods for blind data leak prevention are provided. A first computer can determine if encrypted data matches a rule even without the encryption key used to encrypt the data. The first computer may encrypt the rule with a second encryption key and send the encrypted rule to a second computer, which may then encrypt the rule with the first encryption key—that is inaccessible to the first computer—and send the doubly encrypted rule back to the first computer. The first computer can then partially decrypt the rule using the second encryption key. The second computer can then encrypt data with the first encryption key and send to the first computer. The first computer can then determine if the partially encrypted rule matches the encrypted data.

Abstract: Creation or update of a security context between user equipment and MSC/VLR (Mobile Switching Center/Visitor Location Register) for circuit switched domain services is provided. The creation or update is based on conversion of the security context used in an evolved Universal Terrestrial Radio Access Network (E-UTRAN) in the Mobility Management Entity (MME) to a security context for the circuit switched domain target system and transferring it to a MSC/VLR. When user equipment is moved from E-UTRAN to GSM EDGE Radio Access Network/Universal Terrestrial Radio Access Network (GERAN/UTRAN), a MME does not need to perform authentication and key agreement procedures to establish shared circuit switched security context for the user equipment.

Abstract: A system comprising a wireless entertainment system natively coupled through a network to a primary service provider for providing services, operates on multiple keywords to re-direct processing operations from the native service provider to additional, non-native services which may include online secure data, VPN, and/or VOIP. The system and method may employ sniffing, masking, and spoofing the communications and effectuating alternative communications channels transparent to the primary service provider. A private device includes code operable to transparently couple a remote device to a remote service provider, monitor a communication between the remote device and the remote service provider, and respond to the communications. Some embodiments may include a private service provider, a VPN connection and operations with a telephone service.

Abstract: A network security policy may be implemented at network switches as a set of active packet disposition directives. In a dynamically programmable network, the network switches can be dynamically reprogrammed with new packet disposition directives. A security mediation service permits such dynamic reprogramming as long as the new directives are consistent with the then-current network security policy. The security mediation service evaluates candidate packet disposition directives for conflicts with the currently active security policy, before instantiating the candidate packet disposition directives at the network switches.

Abstract: According to an example, a web page is loaded and description information of the web page and layout information of the web page are generated, the description information of the web page is compared with the layout information of the web page, whether all tag nodes comprised in the description information of the web page are comprised in the layout information of the web page is determined, and it is determined at least one tag node, which being comprised in the description information of the web page and not contained in the layout information of the web page, as hidden content.

Abstract: A method for protecting an integrated circuit against unauthorized access to key registers, wherein functions and/or applications of the integrated circuit are unlocked and/or activated via data stored in key registers, such as during the start-up of the integrated circuit and/or during ongoing operation, where if such a key register is accessed, the data word used to perform the access is compared with specified key data, and if access via a data word deviating from the specified key data is detected, the access is marked as unauthorized, the access marked as unauthorized is then recorded and evaluated, and after the analysis, appropriate protective measures are triggered to prevent further unauthorized access such that a key register method for protecting sensitive data is expanded in a simple manner and hacker attacks are quickly detected and thwarted.