A system that provides for the accessing and playing of media files having differing associated rights such as non-DRM media files, purchased and downloaded media files, subscription download files such as tethered downloads, and subscription streamed DRM files. The system also provides a method and user interface for sharing a media collection among computing devices in communication via a network. The system allows access and playback, from each computing device on a network, of all media files in a media collection, regardless of their associated rights.

Systems and methods described herein provide a cyber risk assessment service. A computing device determines weights for techniques of a cyber security framework based on historical industry impact. The computing device associates an enterprise network with an industry identifier, obtains customer risk data for the enterprise network, and normalizes and/or combines the customer risk data to form normalized risk scores. The computing device maps the customer risk data to corresponding techniques in the cyber security framework, generates technique scores based on the mapping and the normalized risk scores, and generates weighted technique scores using some of the weights selected based on the industry identifier. The computing device calculates an overall security score for the enterprise network based on the weighted technique scores, identifies a corrective recommendation for the overall security score, and provides the overall security score and the corrective recommendation for presentation to a user.

An application centric compliance management system includes a computing system that executes a tool to identify a subset of a the resources of a multi-tier computing environment that are used to execute an application, and for each identified resource, obtain one or more application-based compliance policies associated with the application. The tool may then determine whether the resource meets each application-based compliance policy, and when the resource does not meet the application-based compliance policy, generate an alarm that includes information associated with the one unmet application-based compliance policy.

Techniques are provided for dynamically creating index files for streaming media based on a determined chunking strategy. The chunking strategy can be determined using historical data of any of a variety of factors, such as Quality of Service (QoS) information. By using historical data in this manner, index files can be generated using chunking strategies that can improve these factors over time.

An apparatus includes a boundary module that determines if a mobile device is within a secure area. The mobile device includes a computing device capable of connecting to a wireless network. The apparatus includes a download module that downloads a latest version of a file from a secure server to the mobile device in response to the boundary module determining that the mobile device has entered the secure area. The apparatus includes a copy module that copies the file from the mobile device to the secure server in response to the boundary module determining that the mobile device has left the secure area and a deletion module that deletes the file from the mobile device in response to determining that the mobile device has left the secure area and in response to having completed copying the file from the mobile device to the secure server.

In an example, a computing device may an input verification engine (IVE) that provides input verification services within a trusted execution environment (TEE), including a memory enclave. Taking a Java-based Android application as an example, the IVE securely verifies and validates user inputs for sensitive computing applications, without exposing the inputs to external applications. The IVE may be implemented in native C/C++ or similar, or may provide instructions to dynamically provision an enclave and import a minimal Java Virtual Machine (JVM) into the enclave so that the IVE can run in Java. The IVE may also contain binary analysis tools to analyze an input binary to identify and tag portions that receive user input, so that in a binary translation, those portions can be run within the enclave.

A computer-implemented method for managing network security may include identifying a set of trusted Internet domains, identifying traffic information that indicates Internet traffic volume for each trusted Internet domain in the set of trusted Internet domains, and analyzing the traffic information to select, from the set of trusted Internet domains, a subset of trusted Internet domains that each have higher Internet traffic volume than one or more other trusted Internet domains in the set of trusted Internet domains. The method may also include including the selected subset of trusted Internet domains in an Internet domain whitelist. The method may further include configuring a network gateway system to perform a less intensive scan on Internet traffic that originates from an Internet domain identified in the Internet domain whitelist than on traffic that originates from other Internet domains. Various other methods, systems, and computer-readable media are also disclosed.

Embodiments of the invention introduce efficient methods for securely generating a cryptogram by a user device, and validating the cryptogram by a server computer. In some embodiments, a secure communication can be conducted whereby a user device provides a cryptogram without requiring the user device to persistently store an encryption key or other sensitive data used to generate the cryptogram. For example, the user device and server computer can mutually authenticate and establish a shared secret. Using the shared secret, the server computer can derive a session key and transmit key derivation parameters encrypted using the session key to the user device. The user device can also derive the session key using the shared secret, decrypt the encrypted key derivation parameters, and store the key derivation parameters. Key derivation parameters and the shared secret can be used to generate a single use cryptogram key. The cryptogram key can be used to generate a cryptogram for conducting secure communications.

An industrial automation gateway providing an extended web of trust is provided. The industrial automation gateway includes a cloud communication interface coupled with a cloud automation facility, a hardware memory, and a processor coupled with the cloud communication interface and the hardware memory. The cloud automation facility includes a cloud hardware memory storing a cloud root certificate from a first root certificate authority and a subordinate certificate. The hardware memory stores a gateway root certificate from a second root certificate authority and the subordinate certificate. The processor is configured to determine if the subordinate certificate has been certified by the first root certificate authority and the second root certificate authority. The processor is also configured to transfer automation data to the cloud automation facility using the subordinate certificate only if the subordinate certificate has been certified by the first root certificate authority and the second root certificate authority.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for implementing a response to one or more security incidents in a computing network. One of the methods includes identifying a security incident based on detecting one or more indicators of compromise associated with the security incident, comparing the security incident with a predefined ontology that maps the security incident to one or more courses of action, selecting a response strategy that includes one or more of the courses of action, and implementing the response strategy as an automated response.