Abstract: Methods and systems for proximity-based access control include determining whether a distance from a first mobile device to each of one or more safe mobile devices falls below a threshold distance; determining whether a number of safe mobile devices within the threshold distance exceeds a safe gathering threshold with a processor; and activating a safe gathering policy in accordance with the safe gathering threshold that decreases a security level in the first mobile device.

Abstract: Systems for proximity-based access control include a proximity module configured to determine whether a distance from a first mobile device to each of one or more safe mobile devices falls below a threshold distance; a policy engine comprising a processor configured to determine whether a number of safe mobile devices within the threshold distance exceeds a safe gathering threshold; and a security module configured to activate a safe gathering policy in accordance with the safe gathering threshold that decreases a security level in the first mobile device.

Abstract: Methods and systems for proximity-based access control include determining whether a distance from a first mobile device to each of one or more safe mobile devices falls below a threshold distance; determining whether a number of safe mobile devices within the threshold distance exceeds a safe gathering threshold with a processor; and activating a safe gathering policy in accordance with the safe gathering threshold that decreases a security level in the first mobile device.

Abstract: Systems for enabling an application to track provenance include an instrumented application binary on a client device. Overwritten library call instructions provide library calls to one or more instrumented libraries that invoke a provenance layer to track data operations. The provenance layer is configured to catch and log data events performed by the instrumented application.

Abstract: A method for tracking provenance information includes catching and logging data events performed by an instrumented application at a provenance layer. Overwritten library call instructions provide library calls to one or more instrumented libraries that invoke the provenance layer to track data operations. A provenance log is created that includes the logged data events.

Abstract: Improved descriptive query techniques are provided. More particularly, techniques are provided for specifying and processing descriptive queries for data providers grouped into provider kinds with hierarchical containment relationships. The query may include arbitrary boolean combinations of arbitrary tests on the values of attributes of the data providers.

Abstract: Systems for enabling an application to track provenance include an application analysis module configured to analyze an application binary to discover injection points for provenance tracking code; and an instruction alteration module configured to overwrite instructions in the application binary at the injection points to create an instrumented application. The overwritten instructions link the application binary to one or more instrumented libraries that invoke a provenance layer to track data operations.

Abstract: Methods and systems for enabling an application to track provenance information include analyzing an application binary to discover injection points for provenance tracking code; overwriting instructions in the application binary at the injection points to create an instrumented application, where the overwritten instructions link the application binary to one or more instrumented libraries that invoke a provenance layer to track data operations; and deploying the instrumented application on a client device.

Abstract: A method, system, apparatus and computer programs are disclosed to process content for an enterprise. The method includes reviewing, using at least one enterprise policy, content that is to be sent through a data communications network to a public service to determine if the content comprises secure data and, in response to identifying secure data, modifying the content to be sent to the public service such that a presence of secure data will be visually imperceptible when the content is rendered at the public service. The step of modifying can include steganographically embedding the secure data or a link to the secure data in a container such as image data.

Abstract: A method, system, apparatus and computer programs are disclosed to process content for an enterprise. The method includes reviewing, using at least one enterprise policy, content that is to be sent through a data communications network to a public service to determine if the content comprises secure data and, in response to identifying secure data, modifying the content to be sent to the public service such that a presence of secure data will be visually imperceptible when the content is rendered at the public service. The step of modifying can include steganographically embedding the secure data or a link to the secure data in a container such as image data.

Abstract: An example includes intercepting one or more activities performed by an application on a computing device. The intercepting uses an instrumentation layer separating the application from an operating system on the computing device. The one or more activities are compared with one or more anomaly detection policies in a policy configuration file to detect or not detect presence of one or more anomalies. In response to the comparison detecting presence of one or more anomalies, indication(s) of the one or more anomalies are stored. Another example includes receiving indication(s) of anomaly(ies) experienced by an application on computing device(s) and analyzing the indication(s) of the anomaly(ies) to determine whether corrective action(s) should be issued. Responsive to a determination corrective action(s) should be issued based on the analyzing, the corrective action(s) are issued to the computing device(s). Methods, program products, and apparatus are disclosed.

Abstract: A method includes monitoring, on a computing device, data events corresponding to manipulation of data by an application. The monitoring is performed by a data library service that is embedded in the application. The method includes, in response to the monitoring indicating first data on the computing device is modified by the application, synchronizing, by the computing device under control at least in part of the data library service, second data stored on one or more storage providers in a network with the first data modified by the application and stored on the computing device. Apparatus and computer program products are also disclosed.

Abstract: A group of remote devices executing an omnichannel application are coordinated from a network node. An omnichannel mediator coordinates formation of at least two of said remote devices into an omnichannel cloudlet. A component manager controls which of a plurality of components of said omnichannel application should optimally be placed on which individual devices of said omnichannel cloudlet and how data should flow to individual devices of said omnichannel cloudlet. A replication optimizer optimally coordinates data replication for the group of remote device.

Abstract: A method includes monitoring, on a computing device, data events corresponding to manipulation of data by an application. The monitoring is performed by a data library service that is embedded in the application. The method includes, in response to the monitoring indicating first data on the computing device is modified by the application, synchronizing, by the computing device under control at least in part of the data library service, second data stored on one or more storage providers in a network with the first data modified by the application and stored on the computing device. Apparatus and computer program products are also disclosed.

Abstract: User authentication is provided. At least one of a social network and a business network of each user in a plurality of users is accessed. User history data of each user in the plurality of users is monitored in the at least one of the social network and the business network. Challenge questions requiring a user response are generated based on monitoring the user history data of the users. The user response to a generated challenge question is evaluated. A set of events is triggered based on evaluating the user response.

Abstract: An example includes intercepting one or more activities performed by an application on a computing device. The intercepting uses an instrumentation layer separating the application from an operating system on the computing device. The one or more activities are compared with one or more anomaly detection policies in a policy configuration file to detect or not detect presence of one or more anomalies. In response to the comparison detecting presence of one or more anomalies, indication(s) of the one or more anomalies are stored. Another example includes receiving indication(s) of anomaly(ies) experienced by an application on computing device(s) and analyzing the indication(s) of the anomaly(ies) to determine whether corrective action(s) should be issued. Responsive to a determination corrective action(s) should be issued based on the analyzing, the corrective action(s) are issued to the computing device(s). Methods, program products, and apparatus are disclosed.

Abstract: User authentication is provided. A social network associated with a user of a client device is monitored to determine whether a set of designated users are currently logged in and authenticated to access a secure resource. A video connection is established between the user of the client device and the set of designated users that are currently logged in and authenticated to access the secure resource. In addition, an authentication request screen is sent showing captured video authentication data corresponding to the user of the client device to the set of designated users that are currently logged in and authenticated to access the secure resource.

Abstract: User authentication is provided. A social network associated with a user of a client device is monitored to determine whether a set of designated users are currently logged in and authenticated to access a secure resource. A video connection is established between the user of the client device and the set of designated users that are currently logged in and authenticated to access the secure resource. In addition, an authentication request screen is sent showing captured video authentication data corresponding to the user of the client device to the set of designated users that are currently logged in and authenticated to access the secure resource.

Abstract: A method, system, apparatus and computer programs are disclosed to process content for an enterprise. The method includes reviewing, using at least one enterprise policy, content that is to be sent through a data communications network to a public service to determine if the content comprises secure data and, in response to identifying secure data, modifying the content to be sent to the public service such that a presence of secure data will be visually imperceptible when the content is rendered at the public service. The step of modifying can include steganographically embedding the secure data or a link to the secure data in a container such as image data.

Abstract: A method, system, apparatus and computer programs are disclosed to process content for an enterprise. The method includes reviewing, using at least one enterprise policy, content that is to be sent through a data communications network to a public service to determine if the content comprises secure data and, in response to identifying secure data, modifying the content to be sent to the public service such that a presence of secure data will be visually imperceptible when the content is rendered at the public service. The step of modifying can include steganographically embedding the secure data or a link to the secure data in a container such as image data.