Abstract: Systems and methods for secure cloud-based content delivery are disclosed herein. A system for secure cloud-based content delivery can include an administrator device communicatingly connected with a server via a wireless network. The administrator device can: receive a request for check-in information from the server via the wireless network; and transmit check-in information to the server via the wireless network. The system can include a user device communicating connected with the server and with the administrator device. The user device can: receive a launch signal from a content driver of the server; launch a first virtual machine; launch a second virtual machine within the first virtual machine; receive pixel data at the second virtual machine; generate an image from the received pixel data; receive a plurality of user inputs via an input/output subsystem of the user device; and relay the user inputs to the content driver.

Abstract: The present disclosure relates to systems and methods for communicating over a IoT network, including encrypting and decrypting communications of data over the network for providing enhanced security. The following also discloses systems for IoT device initialization, automation, data capture, security, providing alerts, personalization of settings, and other objectives described in the disclosure. Methods of establishing and monitoring IoT network communications is also disclosed.

Abstract: Systems and methods for analyzing security alerts within an enterprise are provided. An enterprise graph is generated based on information such as operational intelligence regarding the enterprise. The enterprise graph identifies relationships between entities of the enterprise and a plurality of security alerts are produced by a plurality of security components of the enterprise. One or more significant relationships are identified between two or more of the plurality of security alerts based on a strength of a relationship identified in the enterprise graph. A significant relationship is utilized to identify a potential security incident between two or more of the security alerts.

Abstract: In one embodiment, a method includes analyzing information received from a first network-enabled device to identify instructions for a second network-enabled device associated with a second user of a social-networking system, the first network-enabled device being associated with a first user of the social-networking system. The method also includes determining (1) that the first user is connected to the second user with respect to a social graph of the social-networking system and (2) that the first user has authorization to provide instructions to the second network-enabled device, where the authorization is based on social-networking information. The method further includes providing the instructions to the second network-enabled device.

Abstract: Provided are control methods of a decryption key storage server, a biometric information storage server, and a matching server in an authentication system.

Abstract: A malware detection system based on stored data that analyzes an electronic message for threats by comparing it to previously received messages in a message archive or to a contacts list. Threat protection rules may be generated dynamically based on the message and contacts history. A message that appears suspicious may be blocked, or the system may insert warnings to the receiver not to provide personal information without verifying the message. Threat checks may look for unknown senders, senders with identities that are similar to but not identical to previous senders or to known contacts, or senders that were added only recently as contacts. Links embedded in messages may be checked by comparing them to links previously received or to domain names of known contacts. The system may flag messages as potential threats if they contradict previous messages, or if they appear unusual compared to the patterns of previous messages.

Abstract: Techniques to facilitate protecting control data used in an industrial automation environment are disclosed herein. In at least one implementation, an encryption key pair is generated for an industrial controller, wherein the encryption key pair comprises a public key and a private key. The private key is stored within a secure storage system of the industrial controller. Controller program content is then encrypted using the public key to generate encrypted controller content. The encrypted controller content is then provided to the industrial controller, and the industrial controller is configured to decrypt the encrypted controller content using the private key and execute the controller program content.

Abstract: A system and method for protecting presented content text from unauthorized perception. A message comprising presentable data defining presentable content is received. A presence of a privacy indication token within the presentable data is determined. Based on determining the presence of the privacy indication token within the presentable data, a presentation privacy filter is applied to presentations of the presentable content.

Abstract: Systems and methods for obtaining authentication vectors issued, for use by a mobile communication terminal, by a Home Location Register (HLR) that serves a cellular communication network independently of any cooperation with the cellular network. Further to obtaining the authentication vectors, a terminal is caused to communicate over a WiFi WLAN using an encryption key derived from the obtained authentication vectors, e.g., per the EAP-SIM or EAP-AKA protocol. Since the encryption key is known, communication from the terminal is decrypted. The authentication vectors may be obtained by (i) an “impersonating” Visitor Location Register (VLR) server that does not serve the cellular network; (ii) an interrogation device which, by imitating a legitimate base station serving the cellular network, solicits the mobile communication terminal to associate with the interrogation device; or (iii) an SS7 probe, which obtains authentication vectors communicated from the HLR server to other entities on the SS7 network.

Abstract: A method, a system, and a computer readable medium for determining a readiness of a computerized network against distributed denial of service (DDoS) attacks are provided herein. The system may include: an interface configured to obtain properties characterizing the computerized network; a knowledge base containing a plurality of rules taking into account DDoS risks and best practice related thereto; and a computer processor configured to: analyze the properties using the knowledge base to yield an analysis; and determine a readiness of the computerized network against DDoS attacks, based on the analysis. In some embodiments, the properties are obtained by analyzing a filled-in questionnaire relating to the computerized network under test. In other embodiments, these properties are automatically derived from databases containing data pertaining to the computerized network.

Abstract: Today's user is facing an ever increasing number of cyber threats from infectious software to scam artist phishing for their passwords and other personal information. Accordingly, a technique is provided to mediate a user's access to electronic resources, which can include malware and sites that trick the user into giving their password. Based on information known about the resource at the time the user accesses it, the technique can warn the user that the resources is suspicious and it is not safe to provide their password. Even if the resource is safe, the technique can warn the user not reuse their password, thereby promoting good password hygiene.

Abstract: A technique includes providing a security monitor to at least detect a penetration attack on a circuit assembly that contains the security monitor. The technique includes inhibiting success of the penetration attack, including flexibly mounting the security monitor to the circuit assembly to allow the security monitor to move in response to the security monitor being contacted during the penetration attack.

Abstract: One or more clients of a service may obtain access to resources of the service using one or more roles. A role may be used to delegate access to resources that a principal normally would not otherwise have access to. Assuming a role may allow a principal to receive a token that provides access to resources according to permission associated with the role. Upon detecting an event in connection with the invalidation of a token associated with a role, a service may perform a workflow in connection with the principal.

Abstract: The present application provides methods and corresponding systems for accessing services on a gaming device which, in certain embodiments, include the step or steps of obtaining at least one item of identity verification data from a user of a gaming device; encrypting the at least one item of identity verification data; comparing the at least one item of encrypted identity verification data received and at least one item of encrypted identity verification data obtained and stored previously on an authentication device; enabling at least one service on the gaming device based on a match between the encrypted identity verification data, the at least one service comprising a wager-type game; and displaying an interface screen comprising graphic objects associated with the wager-type game and at least one selectable element for the user to submit a gaming command and a wagering command during game play.

Abstract: A centralized framework for managing the data encryption of resources is disclosed. A data encryption service is disclosed that provides various services related to the management of the data encryption of resources. The services may include managing application policies, cryptographic policies, and encryption objects related to applications. The encryption objects may include encryption keys and certificates used to secure the resources. In an embodiment, the data encryption service may be included or implemented in a cloud computing environment and may provide a centralized framework for effectively managing the data encryption requirements of various applications hosted or provided by different customer systems. The disclosed data encryption service may provide monitoring and alert services related to encryption objects managed by the data encryption service and transmit the alerts related to the encryption objects via various communication channels.

Abstract: A data frame transmitted over a serial link between a destination network and a source network is received by a computer-implemented system in the destination network. The data frame is compatible with a data link layer protocol and includes a data field. The computer-implemented system in the destination network converts the data frame directly into a format compatible with an application layer protocol, where converting the data frame into the format comprises interpreting received information included in the data field as numerical values rather than executable code. The computer-implemented system in the destination network outputs the numerical values to an application in the destination network.

Abstract: Systems and methods for Internet-of-Things (IoT) gateway tampering detection and management. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory including program instructions stored thereon that, upon execution by the processor, cause the IHS to: identify a priority value for each of a plurality of IoT devices coupled to the IHS, detect an event indicative of physical tampering of the IHS, and initiate an action in response to the detection, wherein the action is based, at least, in part, upon the priority values.

Abstract: One or more clients of a service may obtain access to resources of the service using one or more roles. A role may be used to delegate access to resources that a client normally would not otherwise have access to. A system of the service may be used to detect the occurrence of an event associated with a principal that has assumed a role to obtain a token that enables access to a computing resource. The system may prevent one or more principals from use of the token for future access to the resource, and may update permissions associated with the role to prevent one or more principals from assuming the role.

Abstract: One or more clients of a service may obtain access to resources of the service using one or more roles. A role may be used to delegate access to resources that a client normally would not otherwise have access to. A requestor may make a request to assume an intermediary role and receive a first token that enables assumption of the intermediary role. The requestor, after assuming the intermediary role, may request to assume to assume a destination role and receive a second token that enables the requestor to access one or more computing resources by assuming the destination role.

Abstract: A computer-implemented method for detecting potentially malicious hardware-related anomalies may include (1) profiling a computing environment of at least one hardware component on a computing device, (2) detecting, by comparing the hardware component's profile with an expected profile for the hardware component, at least one anomaly in the hardware component's computing environment, (3) identifying additional suspicious activity on the computing device, and (4) determining, by correlating the additional suspicious activity on the computing device with the anomaly in the hardware component's computing environment, that the anomaly in the hardware component's computing environment is potentially malicious. Various other methods, systems, and computer-readable media are also disclosed.