Abstract: Methods and systems provide for reducing privacy leaks in DNS request by using a private DNS service. The private DNS service provides for matching a level of privacy provided by a type of communication protocol to a level of privacy desired or required for a particular client communication. When the DNS service determines that an intended communication protocol does not supply at least the level of privacy desired for a particular communication, the private DNS service may initiate the creation of a connection with the desired level of privacy.

Abstract: A service monitors password and username use while maintaining username and password privacy by receiving a hash of a username, a hash of a password, and a host name and comparing the received hashes against a database of associated host names and hashes of usernames and passwords. When the comparison determines that the hash of the new password meets certain conditions, e.g., no hash in the database matches the hash of the new password, then the new password may be allowed and the service informs the security component accordingly.

Abstract: The security of network connections on a computing device is protected by detecting and preventing compromise of the network connections, including man-in-the-middle (MITM) attacks. Communications are intercepted by a client-side proxy before being sent to a recipient designated by an application. The intercepted communication is inspected, and a first connection is determined to be used to send the communication based on the inspection. Finally, before the communication is sent via the first connection, an action is performed by the client-side proxy resulting in an indication that the first connection is compromised. The action may include comparing data associated with the first connection to data associated with known compromised connections. In various embodiments, additional security responses may subsequently be performed by the client-side proxy based on the indication that the first connection is compromised.

Abstract: Methods and systems provide for context-based adaptation of extended reality images on a display. Image data may be received from one or more cameras of the system, which may also receive extended reality images to be displayed in addition to the image data. The image data from the cameras may be monitored by a guide software component. In response to detecting a real element from the image data, the extended reality images may be modified to emphasize the real element in the displayed image data and deemphasize previously-displayed XR images.

Abstract: A mobile communications device is provided with a tagging module that tags outgoing communications. Upon receiving the tagged communication, a communications provider requests from a registered owner service identified in the tag whether the mobile communications device identified in the tag is registered with the registered owner service. Upon receiving confirmation from the registered owner service that the mobile communications device is registered with the service, the communications provider provides information regarding the location of the mobile communications device to the registered owner service.

Abstract: The method disclosed herein provides for performing user authentication and maintaining user authentication and access to a second device based on the user maintaining control of a first device. The user's continued control may be based on determining the user's continued possession of the first device from the authentication to a pairing with the second electronic device which then causes a second security component executing on the second electronic device to change the second electronic device to an unlocked state.

Abstract: An operating system of a mobile device defines an interface for an MDM to ensure security of the device. A private personal MDM (PPMDM) instead interfaces with the operating systems and one or more enterprise MDMs (EMDM) implement security policies through the PPMDM subject to user control. Data may be flagged as associated with an EMDM based on source or location to enable deletion due to theft or disassociation with an enterprise. Blocks or threat detection according to an EMDM policy may be reported to an EMDM in a non-invasive manner.

Abstract: Systems and Computer Readable Media for enabling methods for multi-party authorization including a security component determining that a request for the performance of an action on a computing device is from a first party. The security component initiates transmissions to the computing device of first and second information indicating knowledge of first and second secrets provisioned on the computing device. The computing device, upon verifying the knowledge of first and second secrets, then permits the requested action.

Abstract: A method is provided for evaluating the usage of a mobile communications device that itself provides access to a resource. In the method, a detected usage of the mobile communications device is compared to a stored usage pattern of an authorized user. When a measure associated with the difference between the detected usage and the stored usage pattern exceeds a threshold, it is concluded that the mobile communications device is being used by an unauthorized user. In response to this conclusion, a restriction is placed on an ability of the mobile communications device to access the resource.

Abstract: Methods and systems provide for preventing a false report of a compromised connection even though a security component receives an indication a connection is compromised, and the security component, by default, would report a compromised connection. In the method, the security component determines that captive portal authentication is enabled for a computing device. The security component requests a response from a server over a connection, with the response indicating that the connection is compromised. However, because captive portal authentication is enabled, the security component does not report the connection as being compromised.

Abstract: The method disclosed herein provides for performing user authentication and maintaining user authentication and access to a first device based on the user maintaining control of the first device. The continued control may be based on determining the user's continued possession of the first device, or determining an acceptable proximity of the user to the first device. The proximity of the user may be determined using a second device associated with the user, or sensors associated with the first device.

Abstract: A method is provided for evaluating the usage of a mobile communications device that itself provides access to a resource. In the method, a detected usage of the mobile communications device is compared to a stored usage pattern of an authorized user. When a measure associated with the difference between the detected usage and the stored usage pattern exceeds a threshold, it is concluded that the mobile communications device is being used by an unauthorized user. In response to this conclusion, a restriction is placed on an ability of the mobile communications device to access the resource.

Abstract: A method for multi-party authorization includes a security component determining that a request for the performance of an action on a computing device is from a first party. The security component initiates transmissions to the computing device of first and second information indicating knowledge of first and second secrets provisioned on the computing device. The computing device, upon verifying the knowledge of first and second secrets, then permits the requested action.

Abstract: Methods and systems provide for reducing privacy leaks in DNS request by using a private DNS service. The private DNS service provides for matching a level of privacy provided by a type of communication protocol to a level of privacy desired or required for a particular client communication. When the DNS service determines that an intended communication protocol does not supply at least the level of privacy desired for a particular communication, the private DNS service may initiate the creation of a connection with the desired level of privacy.

Abstract: Applications on a device are assigned scores based on their attributes, update status, and source. A device is a assigned a score based on its attributes and the scores of applications installed thereon. the device score may be combined with an evaluation of user behavior to obtain a user score. The scores may be used to invoke security actions with respect to data and services of an enterprise. Security reports for a network environment may be modified such that the severity of threats accounts for policies and attributes of the environment. Security of a device may be evaluated locally, including the training of a model to identify anomalous authentication or usage behavior. Security of a device may be reduced to a score lacking personal information that may be used by a server to select access controls for a device.

Abstract: An operating system of a mobile device defines an interface for an MDM to ensure security of the device. A private personal MDM (PPMDM) instead interfaces with the operating systems and one or more enterprise MDMs (EMDM) implement security policies through the PPMDM subject to user control. Data may be flagged as associated with an EMDM based on source or location to enable deletion due to theft or disassociation with an enterprise. Blocks or threat detection according to an EMDM policy may be reported to an EMDM in a non-invasive manner.

Abstract: Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device’s location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Abstract: Computer systems and methods to protect user credential against phishing with security measures applied based on determination of phishing risks of locations being visited, phishing susceptibility of users, roles of users, verification of senders of messages, and/or the timing of stages in accessing and interacting with the locations. For example, when a site is unclassified at the onset of being accessed by a user device, security measures can be selectively applied to allow the site to be initially viewed on the user device, but disallow some user interactions to reduce phishing risk. For example, a response to a domain name system (DNS) request can be customized based on a user risk level. For example, a message can be displayed without a profile picture of a contact of a user when the sender of the message appears to be the contact but cannot be verified to be the contact.

Abstract: Methods and systems provide for receiving an assessment of a full uniform resource locator (URL) in a browser session in advance of the browser accessing the URL, maintaining client privacy in the process using a proxy between the client device and an assessment component on a server. The proxy receives the client identity and a URL. After substituting an arbitrary query identifier for the client identity in the assessment request, the proxy forwards the anonymized assessment request to the assessment component. In return the proxy receives classification data regarding the URL associated with the arbitrary query identifier, which the proxy associates with the client identity and subsequently forwards the classification data to the client.

Abstract: An operating system of a mobile device defines an interface for an MDM to ensure security of the device. A private personal MDM (PPMDM) instead interfaces with the operating systems and one or more enterprise MDMs (EMDM) implement security policies through the PPMDM subject to user control. Data may be flagged as associated with an EMDM based on source or location to enable deletion due to theft or disassociation with an enterprise. Blocks or threat detection according to an EMDM policy may be reported to an EMDM in a non-invasive manner.