Abstract: Disclosed are various examples for an application settings module that provides uniform access to diverse types of data, such as mobile device settings. A client device, such as a mobile device, can be configured through execution of program instructions to access a schema file comprising a definition of a plurality of keypaths, where individual ones of the plurality of keypaths uniquely correspond to one of a plurality of device settings and the keypaths are defined in the schema file in association with a plurality of methods. The client device can identify a function invoked using one of the keypaths to read or write a corresponding one of the device settings, whether stored locally or remote, and, in response to the function being invoked, execute a portion of the methods corresponding to the one of the keypaths in the schema file and return a result to a requesting process.

Abstract: Disclosed are various embodiments for cryptographic processing on client devices. A cryptographic service can receive a cryptographic operation request from a client application. The cryptographic operation request can include a key identifier for a private key and data to be cryptographically processed and the cryptographic operation request specifying a cryptographic operation to be performed. A cryptographic provider can then be identified based at least in part on the key identifier for the private key. A request is subsequently sent to the cryptographic provider to perform the cryptographic operation on the data using the private key. A response is then received from the cryptographic provider and sent to the client application.

Abstract: Systems and methods are described for Uniform Resource Locator (“URL”) pattern-based high-risk browsing and anomaly detection. In an example, a user device can compare URLs in a browser's history to URL patterns in a provided list to identify matches. The user device can calculate a browsing risk score based on the percentage of entries in the browsing history that match each URL pattern and a risk score associated with the URL pattern. Security policies can be enforced at the user device if the browsing risk score exceeds a threshold. The user device can also detect potentially dangerous anomalous browsing behavior. The user device can calculate a deviance score based on variations between recent browsing history and historical browsing behavior at the user device. Security policies can be enforced at the user device if the deviance score exceeds a threshold.

Abstract: Examples for validating the identify of an application in an inter-app communication protocol are described. An attestation payload is obtained from a third party attestation service that is executed remotely from a device on which the application is running. The attestation payload can be validated by another application on the device in order to validate the identity of the application providing the attestation payload.

Abstract: Systems and methods are included for creating an assured record of a user interaction. An application on a user device can receive an agreement. The agreement can include a specification with instructions for assuring the user interaction. The application can pass the agreement to an assured module installed in the application. The assured module can present the agreement to a user in an interface. The assured module can receive user input indicating acceptance or rejection of the agreement. The assured module can generate a confirmation file that confirms the user interaction. The assured module can sign the confirmation file with a digital signature that can be used by other entities to verify the authenticity of the confirmation file.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: Systems and methods are included for creating an assured record of a user interaction. An application on a user device can receive an agreement. The agreement can include a specification with instructions for assuring the user interaction. The application can pass the agreement to an assured module installed in the application. The assured module can present the agreement to a user in an interface. The assured module can receive user input indicating acceptance or rejection of the agreement. The assured module can generate a confirmation file that confirms the user interaction. The assured module can sign the confirmation file with a digital signature that can be used by other entities to verify the authenticity of the confirmation file.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: Embodiments described herein are related to a method for password streaming. The method comprises: upon receiving, at the first device, a first entry corresponding to a password in the password user interface, the first entry adding a first character to the password: adding the first character to an editing placeholder stored in memory of the password user interface; transmitting a command to a password storage component separate from the memory of the password user interface, wherein the command represents the first entry, wherein the password storage component is configured to store the password and edit the password to include the first character based on the command; and overwriting the first character with a first masking character in the editing placeholder based on transmitting the command.

Abstract: Systems and methods are included for creating an assured record of a user interaction. An application on a user device can receive an agreement. The agreement can include a specification with instructions for assuring the user interaction. The application can pass the agreement to an assured module installed in the application. The assured module can present the agreement to a user in an interface. The assured module can receive user input indicating acceptance or rejection of the agreement. The assured module can generate a confirmation file that confirms the user interaction. The assured module can sign the confirmation file with a digital signature that can be used by other entities to verify the authenticity of the confirmation file.

Abstract: Systems and methods are included for creating an assured record of a user interaction. An application on a user device can receive an agreement. The agreement can include a specification with instructions for assuring the user interaction. The application can pass the agreement to an assured module installed in the application. The assured module can present the agreement to a user in an interface. The assured module can receive user input indicating acceptance or rejection of the agreement. The assured module can generate a confirmation file that confirms the user interaction. The assured module can sign the confirmation file with a digital signature that can be used by other entities to verify the authenticity of the confirmation file.

Abstract: A method of controlling access to data on a first electronic device, the method comprising steps of establishing a shared encryption key with a first software application instance running on a second electronic device, receiving a ‘begin session’ command sent by the first software application instance and responsive to the ‘begin session’ command, creating a storage location in a data store of the electronic device, obtaining a data encryption key, receiving data, encrypting the data using the data encryption key and storing the encrypted data in the storage location, receiving an ‘end session’ command sent by the first software application instance and responsive to the ‘end session’ command, discarding the shared encryption key, and deleting the encrypted data from the storage location.

Abstract: The disclosure provides for presenting programs in a scripting language. Examples include receiving a data stream containing computer executable instructions in an interpreted language; generating a verification code; publishing, on a media, the data stream and the verification code; reading, using a sensor, the published data stream and verification code at a reader node; receiving user input; based at least on the verification code or the received user input, determining permission to execute, by the reader node, the computer executable instructions; and based at least on determining that execution is permitted by the reader node, executing at least a portion of the computer executable instructions using an interpreted language execution environment on the reader node. For some examples, the media includes a matrix barcode (e.g., a QR code) or a smart card. Some examples leverage a remote verification node and/or a remote library of executable functions.

Abstract: Disclosed are various examples for an application settings module that provides uniform access to diverse types of data, such as mobile device settings. A client device, such as a mobile device, can be configured through execution of program instructions to access a schema file comprising a definition of a plurality of keypaths, where individual ones of the plurality of keypaths uniquely correspond to one of a plurality of device settings and the keypaths are defined in the schema file in association with a plurality of methods. The client device can identify a function invoked using one of the keypaths to read or write a corresponding one of the device settings, whether stored locally or remote, and, in response to the function being invoked, execute a portion of the methods corresponding to the one of the keypaths in the schema file and return a result to a requesting process.

Abstract: The disclosure provides for presenting programs in a scripting language. Examples include receiving a data stream containing computer executable instructions in an interpreted language; generating a verification code; publishing, on a media, the data stream and the verification code; reading, using a sensor, the published data stream and verification code at a reader node; receiving user input; based at least on the verification code or the received user input, determining permission to execute, by the reader node, the computer executable instructions; and based at least on determining that execution is permitted by the reader node, executing at least a portion of the computer executable instructions using an interpreted language execution environment on the reader node. For some examples, the media includes a matrix barcode (e.g., a QR code) or a smart card. Some examples leverage a remote verification node and/or a remote library of executable functions.

Abstract: Embodiments described herein are related to a method for password streaming. The method comprises: upon receiving, at the first device, a first entry corresponding to a password in the password user interface, the first entry adding a first character to the password: adding the first character to an editing placeholder stored in memory of the password user interface; transmitting a command to a password storage component separate from the memory of the password user interface, wherein the command represents the first entry, wherein the password storage component is configured to store the password and edit the password to include the first character based on the command; and overwriting the first character with a first masking character in the editing placeholder based on transmitting the command.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: Systems, methods, and software can be used to provide inter-enterprise data communications between enterprise applications on an electronic device. In some aspects, a method comprises: receiving, by a bridge application executing on an electronic device, an interoperation request for a first enterprise, wherein the interoperation request includes a first token and a second token; sending, from the bridge application to an application of the first enterprise, the first token, wherein the application of the first enterprise executes on the electronic device; receiving, by the bridge application from the application of the first enterprise, a certificate in response to the first token, wherein the certificate is encrypted by the second token; decrypting, by the bridge application, the certificate by using the second token; and validating, by the bridge application, the application of the first enterprise based on the decrypted certificate.

Abstract: A computing device stores a set of executable code comprising first, second and third subsets of data. The first and second subsets of data comprise first and second encrypted data, respectively. Responsive to receipt of first authentication data for authenticating a respective user, the computing device is arranged to decrypt one of the first and second encrypted data to generate decrypted data, and to configure the third subset of data based on the decrypted data. The third subset of data, having been so configured, is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the respective user. Thus an application-level log in is provided.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device. The method comprises: storing data comprising, for each of a plurality of access levels associated with the application, first data indicative of a combination of one or more credentials associated with the respective access level and an access level key corresponding to the respective access level, the access level key being encrypted by the combination of one or more credentials associated with the respective access level; determining, based on the first data, an access level in the plurality of access levels corresponding to a combination of one or more credentials available to the application; decrypting the access level key in the stored data corresponding to the determined access level; and providing access to encrypted application data associated with the application and corresponding to the determined access level.