In an example, there is disclosed a computing apparatus, including: a network interface; one or more logic elements providing a security orchestration server engine operable for: receiving contextual data from a client via a network interface; providing the contextual data to a security orchestration state machine, the security orchestration state machine operable for deriving a policy decision from the contextual data; and receiving the policy decision from the policy orchestration state machine. There is also disclosed one or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions for providing a security orchestration engine, and a method of providing a security orchestration engine.

A device securely accesses data in a memory via an addressing unit which provides a memory interface for interfacing to a memory, a core interface for interfacing to a core processor and a first and second security interface. The device includes a security processor HSM for performing at least one security operation on the data and a remapping unit MMAP. The remapping unit enables the security processor to be accessed by the core processor via the first security interface and to access the memory device via the second security interface according to a remapping structure for making accessible processed data based on memory data. The device provides a clear view on encrypted memory data without requiring system memory for storing the clear data.

Methods, apparatus, and systems for generating and verifying one time passwords in connection with a risk assessment are disclosed. The risk assessment may comprise a client-side risk assessment. The risk assessment may also comprise a server-side risk assessment.

A method comprising: establishing a wireless connection between a first medical device and a second medical device, comprising: receiving, by the first medical device, via a short-range wireless technology protocol, connection information related to the second medical device; and establishing, by the first medical device, a wireless connection with the second medical device based on the connection information.

Access control for shared computing resources in a hierarchical system is provided herein. An as-needed, “lazy evaluation” approach to access control is described in which an effective access control list for a computing resource is determined after a request is received from a user to access the resource. When resources are shared, access control policies are created and stored in association with the shared resource but are not stored in association with hierarchically related lower-level resources. When an access request for a resource is received, access control policies are collected for levels of a computing resource hierarchy that are higher than the hierarchy level of the resource. An effective access control list is determined based on permissions specified in the collected access control policies. The effective access control list represents an effective propagation of access control policies of higher hierarchy levels to the computing resource.

Techniques for mobile devices to subscribe and share raw sensor data are provided. The raw sensor data associated with sensors (e.g., accelerometers, gyroscopes, compasses, pedometers, pressure sensors, audio sensors, light sensors, barometers) of a mobile device can be used to determine the movement or activity of a user. By sharing the raw or compressed sensor data with other computing devices, the other computing devices can determine a motion state based on the sensor data. Additionally, in some instances, the other computing devices can determine a functional state based on the sensor data and the motion state. For example, functional state classification can be associated with each motion state (e.g., driving, walking) by further describing each motion state (e.g., walking on rough terrain, driving while texting).

An image forming apparatus includes multiple network interfaces to be connected to different networks, a management-information storage, a management-information generating unit, and a transmitting unit. The management-information storage stores management information. In accordance with a management information transmission request received via one of the network interfaces, the management-information generating unit extracts information which is to be transmitted through the network interface through which the request has been received, from the management information, and generates transmission management information to be transmitted. The transmitting unit transmits the transmission management information generated by the management-information generating unit, from the network interface through which the request has been received.

A computer-implemented method is described. A first portion and a second portion of a message are received from a user via a user interface of a computer device. Each portion includes one or more letters. The first portion includes initials of a person. The method includes generating a virtual cryptic note. The virtual cryptic note includes the first portion arranged in a first orientation, and the second portion arranged in a second orientation that is rotated relative to the first orientation with the one or more letters of the second portion overlapping the initials of the first portion. The virtual cryptic note can be modified by changing an order of the first portion relative to the second portion or changing the orientation of at least one of the first portion and the second portion. The first portion and the second portion can be encrypted.

Systems and methods for configuring security policies based on security parameters stored in a public or private cloud infrastructure are provided. According to one embodiment, security parameters associated with a first network appliance of an enterprise, physically located at a first site, are shared by the first network appliance with multiple network appliances of the enterprise by logging into an shared enterprise cloud account. The shared parameters are retrieved by a second network appliance of the enterprise, physically located at a second site, by logging into the shared enterprise cloud account. A VPN client configuration is automatically created by the second network appliance that controls a VPN connection between the first and second network appliances based on the shared parameters. The VPN connection is dynamically established based on the shared parameters when the VPN client configuration permits network traffic to be exchanged between the first and second network appliances.

An integrated development environment (IDE) preprocesses a configuration file including security rules. The preprocessing maps object names in the security rules to associated object values based on object definitions for the object names. Responsive to the configuration file being opened in an editor, the IDE provides the editor with access to preprocessing results. Each security rule in the opened configuration file is searched for object names. The IDE links each object name found in the search to an associated object value mapped thereto by the mapping performed during the preprocessing. The IDE receives a selection of an object name in a security rule of the opened configuration file and generates for display the associated object value linked to the selected object name.