Abstract: A method for automatically encrypting files is disclosed. In some cases, the method may be performed by computer hardware comprising one or more processors. The method can include detecting access to a first file, which may be stored in a primary storage system. Further, the method can include determining whether the access comprises a write access. In response to determining that the access comprises a write access, the method can include accessing file metadata associated with the first file and accessing a set of encryption rules. In addition, the method can include determining whether the file metadata satisfies the set of encryption rules. In response to determining that the file metadata satisfies the set of encryption rules, the method can include encrypting the first file to obtain a first encrypted file and modifying an extension of the first encrypted file to include an encryption extension.

Abstract: A system and method of low-power cryptography is disclosed involving a computing device with an audio jack that communicates with a token plugged into the audio jack. Data is passed between the computing device and token over audio channels; power for all functions necessary for the token to operate as disclosed is also supplied by the computing device to the token over an audio channel. The token may be used as an identity and authentication security factor, for secure external key exchange, or direct encryption of small payloads.

Abstract: A digital medium environment includes an asset processing application that performs editing of a watermarked asset. An improved asset editing method implemented by the asset processing application comprises receiving a watermarked asset, receiving edits to the watermarked asset, storing metadata corresponding to the edits together with an asset identification (ID), communicating the metadata and asset ID, applying edits using the metadata to an unwatermarked version of the asset retrieved using the asset ID, adding a watermark back to the edited asset, and providing the edited, watermarked asset.

Abstract: Communications by a device in a private network to a site operating outside of the network can be programmatically inspected. Unstructured data, including messages and application content, originating from outside of the network may be dynamically converted to structured data that can be tagged. Interactions and activities can be monitored and processed differently according to internal policies and/or business rules. For example, at least a portion of the structured data can be modified prior to forwarding to the device, access by the device to at least a portion of the structured data can be blocked or limited, access by the device to one or more features associated with the structured data can be blocked or limited, etc.

Abstract: The invention relates to a technique of pairing a device (10-12) with a co-ordinating entity (20) of a private wireless network (1). The co-ordinating entity obtains an identifier of the device to be paired and a temporary network identifier specific to the device. The co-ordinating entity then configures itself on standby awaiting the device identified on the temporary network. The device to be paired transmits a request for association with the temporary network to the co-ordinating entity on the temporary network. The co-ordinating entity verifies that the device that transmitted the request for association corresponds to the device identified and then transmits to it on the temporary network an encryption key associated with the private wireless network and an identifier of the private network, then instructs a toggling of the device from the temporary network to the private wireless network.

Abstract: Disclosed are a service locking method, apparatuses and systems thereof. The method includes: receiving a locking request including identification information of a designated service and an identifier of an operating terminal, the designated service being a service of performing a sensitive operation to network virtual property; and sending an authentication request containing the identification information of the designated service and the identifier of the operating terminal to an authentication server, and locking the designated service upon receiving successful authentication information from the authentication server.

Abstract: A system and method whereby permission is accessed that is to be revoked for an application. The permission involves access to private data of a user via an API of an OS. It is determined, in the application, program point(s) involving access to the private data of the user via the API. For each selected one of the program point(s), code in the application is rewritten to replace a source statement, at the selected program point, that accesses the private data with another statement that allocates a mock object or value based on a type of an actual value returned by the source statement. The mock object or value does not expose the private data of the user. The application with the rewritten code is packaged as an output application able to be subsequently executed by the user, and is output for use by the user.

Abstract: In one embodiment, a method includes establishing a first session between a first computing device and a second computing device, when the first computing device does not have connectivity to a credential manager; proxying a request to the credential manager from the second computing device on behalf of the first computing device and receive in the second computing device a first keyless ticket encrypted to the first device and a second keyless ticket encrypted to the second device; providing the second keyless ticket from the second computing device to the first computing device; and enabling communication between the first and second computing devices according to the first and second keyless tickets. Other embodiments are described and claimed.

Abstract: Methods and apparatus related to performance of telemetry, data gathering, and failure isolation using non-volatile memory are described. In one embodiment, a Non-Volatile Memory (NVM) controller logic stores data in a portion of an NVM device. The portion of the NVM device is determined based at least in part on a type or an identity of a sender of the data. Also, the data is encrypted in accordance with a public key provided by the sender. Other embodiments are also disclosed and claimed.

Abstract: Methods and devices for thwarting code and control flow based attacks on software. The source code of a subject piece of software is automatically divided into basic blocks of logic. Selected basic blocks are amended so that their outputs are extended. Similarly, other basic blocks are amended such that their inputs are correspondingly extended. The amendments increase or create dependencies between basic blocks such that tampering with one basic block's code causes other basic blocks to malfunction when executed.

Abstract: A computerized method for classifying objects in a malware system is described. The method includes detecting behaviors of an object for classification after processing of the object has begun. Data associated with the detected behaviors is collected, and a fuzzy hash for the received object is generated. The generation of the fuzzy hash may include (i) removing a portion of the data associated with the detected behaviors, and (ii) performing a hash operation on a remaining portion of the data associated with the detected behaviors. Thereafter, the fuzzy hash for the received object is compared to a fuzzy hash of an object in a preexisting cluster to generate a similarity measure. The received object is associated with the preexisting cluster in response to determining that the similarity measure is above a predefined threshold value. Thereafter, the results are reported.

Abstract: A method and system are provided for collaboration for sharing patient records on low computing resources on communication devices. The method includes accessing one or more patient data records via a server, where the one or more patient data records are accessed at a first communication device. The method further includes invoking a communication session with one or more second communication devices, where the communication session includes context information of the one or more patient data records. Further, the method includes sending a request to the server, by at least one of the one or more second communication devices, to access the one or more patient data records, where the request includes the context information. Finally, the method includes receiving, at the at least one of the one or more second communication devices, access to the patient data records, where the access is provided during the communication session.

Abstract: A network node receives rules from a plurality of different domain entities. Each domain entity has a different priority level, and each rule defines an action to be performed be a device in response to a predetermined event. The network node prioritizes the rules based on the priority levels of their respective domain entities, checks for conflicts between the prioritized rules, and generates a policy based on the prioritized rules.

Abstract: A system for enabling group permission based file transfer via Light Fidelity (Li-Fi). A first Li-Fi device is configured to transmit encrypted data by illuminating a target location with a first light source. A second Li-Fi device is configured to transmit a key for decrypting the encrypted data by illuminating the target object with a second light source to define a group permission enabled data transfer zone including a merger of the encrypted data and the key. A third Li-Fi device is configured to download the merger of the encrypted data and the key from the group-permission enabled data transfer zone.

Abstract: An information processing device is connected to a plurality of networks and performs information processing. The networks include a control network connected to a control device in a mobile object, an information network connected to an information device in the mobile object, and an external network connected to an external device outside of the mobile object. The information processing device includes firewalls each connected to one of the networks, and a processor connected to each network via the corresponding firewall. The information processing device isolates at least the control network from the other networks.

Abstract: Various embodiments are generally directed to an apparatus, method, and other techniques to maintain user authentications with common trusted devices. If a user is in possession of a first computing device (e.g., a smartphone), an unlocked state of the first trusted device is maintained if the user is using a nearby trusted device (e.g., a computer) within a certain amount of time. If the first trusted device is in a pocket or other container, a longer span of time is granted to the user to register an on-body state.

Abstract: An encryption apparatus includes a setting generator configured to generate an increasing function parameter regarding a predetermined one-way increasing function and a secret key necessary for encryption, and an encryptor configured to generate a first order-preserving encryption area regarding a plaintext using the one-way increasing function where the increasing function parameter is applied, generate a second encryption area regarding the plain text using the secret key, and generate a ciphertext by concatenating the generated first encryption area and the generated second encryption area.

Abstract: A method installs building control software. The method includes the transmission of an identity of a runtime environment from the runtime environment to a software delivery entity. A file is generated by the software delivery entity, wherein the file contains the transmitted identity and the software to be installed or a hash of the software to be installed. The generated file is signed by the software delivery entity by a key of the software delivery entity. The signed file is transmitted from the software delivery entity to the runtime environment. An installation and/or an authorization of the software to be installed in the runtime environment are performed, if and only if the identity of the runtime environment corresponds with the identity that has actually been transmitted in the signed file. Devices for installing the building control software are also discussed.

Abstract: This application discloses a method of using NH and NCC pairs to resolve security issues. It includes: an MME sends a sequence including multiple NH and NCC pairs to S1GW that is calculated to correspond to a UE. After the S1GW receives a UE handover message or a UE bearer switch message from a base station, the S1GW may choose a next unused NH and NCC pair from the sequence sent by the MME and send it to a target base station. In using this application, part of the bearer switch of the UE or the switch of the UE can be terminated at the S1GW or HeNB GW, which reduces impact on the core network and cuts down on the use of system resources.

Abstract: A management system implemented in a cloud computing environment for automatically managing a plurality of Wi-Fi access points in a network can receive information from each of the plurality of Wi-Fi access points. The system can analyze the received information from each Wi-Fi access point to determine at least one operation condition of at least one Wi-Fi access and determine at least one new operation setting for the at least one Wi-Fi access point based on the analyzed information. The system can remotely configure the at least one Wi-Fi access point based on the at least one new operation setting.