Abstract: A memory system includes a nonvolatile memory device; and a controller configured to control the nonvolatile memory device, wherein the controller is configured to: receive a system information request including a command and an argument from a host device; determine suitability of the system information request based on a fixed key included in the argument in response to the command; encrypt system information based the argument when the system information request is suitable; and transmit the encrypted system information to the host device.

Abstract: A packet-filtering network appliance such as a threat intelligence gateway (TIG) protects TCP/IP networks from Internet threats by enforcing certain policies on in-transit packets that are crossing network boundaries. The policies are composed of packet filtering rules derived from cyber threat intelligence (CTI). Logs of rule-matching packets and their associated flows are sent to cyberanalysis applications located at security operations centers (SOCs) and operated by cyberanalysts. Some cyber threats/attacks, or incidents, are composed of many different flows occurring at a very high rate, which generates a flood of logs that may overwhelm computer, storage, network, and cyberanalysis resources, thereby compromising cyber defenses.

Abstract: Systems, methods, and computer media for securing software applications are provided herein. The multi-factor fingerprints allow attackers to be distinguished from authorized users and allow different types of attacks to be distinguished. The multi-factor fingerprint can include, for example, a session identifier component, a software information component, and a hardware information component. The different components can be separately compared to components of stored fingerprints to determine whether an application session request is malicious, and if so, what type of attack, such as session cookie theft or a spoofing attack, is occurring.

Abstract: Systems and methods for supporting unauthenticated POST requests include a device arranged intermediary to a client and a server which receives an unauthenticated HTTP POST request from the client for the server. The unauthenticated HTTP POST request may include a body. The device may generate one more data objects for the body of the unauthenticated HTTP POST request. The device may transmit a request to cause an authentication of a user to the client. The request may include the data object(s) to be stored on the client. The device may receive an HTTP GET request including the data object(s) from the client responsive to authenticating the user. The device may generate an authenticated HTTP POST request corresponding to the unauthenticated HTTP POST request using the one or more data objects included in the HTTP GET request. The device may transmit the authenticated HTTP POST request to the server.

Abstract: Systems and methods for discovering data related to information privacy are described. A server computing system may receive data from a first computing system, the first computing system verified to store personal information of customers of an entity. The server computing system may associate a second computing system with the entity based on the data from the first computing system referencing the second computing system. The server computing system may generate a live data map for the entity, the live data map configured to include at least information about whether the first computing system and the second computing system store the personal information of the customers of the entity, the live data map used to search for the personal information in response to personal information verification requests received by the entity.

Abstract: Techniques for secure fast channel change in live content streaming are described. In some embodiments, during content preparation, a packager and/or an encoder encrypts media content items at both the service level (e.g., by encrypting a first portion of the plurality of segments with a service level access key unique to a service) and the channel level (e.g., by encrypting a second portion of the plurality of segments with a channel level access key unique to a channel associated with the service). On the receiving end, a client device (e.g., a media player) requests a service level access key prior to content acquisition. As such, a client can join any channel on a segment protected with the service level key without waiting for a license for that channel first, and the channel license can be acquired in parallel with the content acquisition during channel switching.

Abstract: An approach is provided that identifies Internet of Things (IoT) network anomalies. The approach receives IoT endpoint device data at an attestation entity included in the network. The data is logged to a secured ledger and analyzed. Conditions pertaining to the IoT endpoint devices are analyzed with the analysis being based on a set of network policy data. Based on the analysis, the approach detects network anomalies that correspond to the IoT endpoint devices. These network anomalies and their corresponding IoT endpoint devices are then reported.

Abstract: Methods and systems are presented for detecting and dynamically rate limiting unauthorized attempts to obtain user account information from an online service provider. An online system is configured with a request rate limit and a list of user identifiers associated with accounts at risk of being compromised. The system receives requests, each associated with a user identifier, from one or more devices. The system determines what amount of user identifiers associated with the requests match user identifiers on the list over a period of time. If the amount meets or exceeds a threshold, the system reduces the request rate limit for devices that made a request associated with user identifiers matching those on the list.

Abstract: Systems and methods for selectively disabling anti-replay security checks based on a defined network policy that can override the globally-defined defaults for specific network sessions are provided. A network security device protecting a private network receives a packet associated with a network traffic flow between a source computing device and an internal destination computing device. The network security device identifies an anti-replay policy associated with the network traffic flow and whether the anti-replay policy is intended to override a global anti-replay policy of the network security device. When the identifying is affirmative, the network security device performs one or more anti-replay security checks in accordance with the anti-replay policy. When the identifying is negative, the network security device performs the one or more anti-replay security checks in accordance with the global anti-replay policy.

Abstract: Methods, systems, computer-readable media, and apparatuses method for performing single sign on for a user device to the Internet. User sign-in credentials including an identity token of the user are received by a hosted desktop from the user device, including an indication that the user is attempting to access a website. The website is authorized as a trusted website by a network authorization node, and the website is issued a one-time-use token. A web browser of the hosted desktop receives an application provided by the website to cause the web browser to call the hosted desktop to initiate single sign on. Authenticity of the one-time-use token is requested by a daemon process, and the website's public key is obtained. Upon verifying authenticity of the web site, the identity token of the user is passed to the website, to enable the website to establish single sign on with the user.

Abstract: A method and apparatus for use in a trusted network environment together or separately employ an implicit attestation that a requesting computing resource is in a trusted state before access to a network resource is granted. The method includes: verifying that a requesting computing resource is in a trusted state; accessing the private key using the released key authorization value; and creating a digital signature for the requesting device from the accessed private key. The apparatus may implement the method.

Abstract: Described are platforms, systems, and methods for actuating transmission control protocol/Internet protocol (TCP/IP) through a method comprises: identifying a computer workload during a handshake process for establishing a network connection with a remote host; configuring, based on the computer workload, one or more TCP/IP parameters of the network connection; and completing the handshake process to establish the network connection with the remote host.

Abstract: In some embodiments, a cyber security method for preventing unauthorized file modification by malicious software and the like, the file accessible to an authorized handler may include: receiving a first access request from a program, the first access request having a first instruction set for modifying data of the file; determining if the file is associated with the authorized handler; processing the first instruction set to produce first modification data; and generating an initial virtual file object comprising the first modification data. In further embodiments, a cyber security method for preventing unauthorized file modification by malicious software and the like, the file accessible to an authorized handler may include: processing an instruction set for modifying a file to produce modification data; generating a virtual file object comprising the modification data; and associating the virtual file object with the file by identifying the file as a sparse file.

Abstract: A method for sharing resource identification includes receiving, at a lookup service, from a first application executing on a particular device associated with a user, a resource identifier (ID) request requesting the lookup service to provide the first application access to a resource ID that identifies the particular device. The method also includes determining, by the lookup service, whether the first application executing on the particular device is authorized to access the resource ID. When the first application is authorized to access the resource ID, the method includes obtaining, by the lookup service, the resource ID and transmitting, by the lookup service, to the first application executing on the particular device, the resource ID.

Abstract: Deep Packet Inspection (DPI) application classification systems and methods are presented to enrich and improve application classification. Specifically, the systems and methods utilize domain and hostname information to enrich the DPI application classification. The systems and methods can include obtaining a packet; determining a hostname associated with the packet; utilizing a main rule to extract a domain from the hostname; and analyzing the domain and the hostname with a plurality of secondary rules based on the domain to deduce an application therefrom.

Abstract: Systems and methods to manage and efficiently perform authorization of multiple proxy clients are disclosed. Furthermore, systems and methods to measure and check whether the web traffic of one or more client devices has reached a permissible limit of web traffic assigned by the proxy service provider. Specifically, a proxy is configured to gather and save authorization information of one or more clients within its memory. Therefore, the proxy server can verify and authorize one or more clients by utilizing the data from its memory. Furthermore, the proxy is configured to measure and report the utilized web traffic of one or more client devices to a messaging platform. In another aspect, systems and methods to check whether one or more client devices have reached a permissible amount of web traffic limit are disclosed.

Abstract: In one or more embodiments, one or more systems, one or more methods, and/or one or more processes may: read a document; determine that the document includes executable instructions; execute the executable instructions of the document; determine if a security agent exists on an information handling system (IHS); if the security agent does not exist on the IHS, corrupt data of the document; if the security agent does exist on the information handling system: generate an array of bytes associated with multiple identifiers of multiple of components of the IHS; determine a first hash value of the array of bytes and the document; retrieve a second hash value from the document; determine if the first hash value matches the second hash value; if the first hash value matches the second hash value, provide the data of the document to an application; and if not, corrupt the data of the document.

Abstract: Methods for validating delivery of content and verifying a delegation of delivery of a content, and corresponding devices and computer program products. A method is proposed for validating a delivery of a content to a client terminal. Such a method includes receiving, by the client terminal, an address, referred to as the received address, in response to a request sent to an address server in order to obtain an address of a delivery server of the content. The request includes a piece of information relating to the delivery server. Such a method further includes receiving, by the client terminal, a piece of information relating to an authentic address associated with the delivery server, the information being sent by a server of the content supplier, and determining the validity of the received address with respect to the authentic address on the basis of the information relating to the authentic address.

Abstract: Disclosed is a checksum generation and validation system and associated methods for dynamically generating and validating checksums with customizable levels of integrity verification. The system receives a file with data points defined with positional values and non-positional values, and differentiates a first set of the data points from a second set of the data points. The system generates a checksum based on a combination of two or more values from the positional values and the non-positional values of each data point from the first set of data points, and further based on exclusion of the positional values and the non-positional values of the second set of data points from the checksum. The system may use the checksum to verify the integrity of the data associated with the first set of data points.

Abstract: Implementations provide automated intrusion alert-based blacklisting with minimal false positives that ignores regular business operations, scalable to accommodate the volume of IDS alerts received by high-traffic internet-accessible networked systems. Implementations identify and block hostile infrastructure IP addresses during the reconnaissance phase based on IDS alert(s). Each IDS alert is automatically reviewed in historical context and triggers IP blocking as necessary. Some implementations maintain TCP/IP handshake records, preventing blocking an IP used to conduct regular business operations on the network that a malicious party has spoofed to avoid identification. Based on the historical context of each IP address within the local network environment, specifically regular business operations traffic versus malicious traffic, the IP address is blocked only if the majority of connections therefrom are malicious.