Abstract: Described embodiments provide systems and methods for securely storing private information of a user on a device of the user. A server may register a mobile device to store credentials of a user thereon, based on authentication of the user of the mobile device. The server may encrypt credentials of the user using a key of the server. The server may send the encrypted credentials to the registered mobile device for storage thereon without the key. The server may send a code to an endpoint device to initiate authentication of the user with use of the mobile device. The server may receive the encrypted credentials from the mobile device in response to the authentication. The server may decrypt the encrypted credentials using an encryption key of the server. The server may send the decrypted credentials to the endpoint device to authenticate the user at the endpoint device.

Abstract: A virtual disk is provided to a computing environment. The virtual disk includes identity information to enable identification of a virtual machine within the computing environment. A size of the virtual disk is increased within the computing environment to enable the virtual disk to act as a storage for the identity information and as a cache of other system data to operate the virtual machine. The virtual machine is booted within the computing environment. The virtual machine is configured to at least access the virtual disk that includes both identity information and caches other system data to operate the virtual machine. Related apparatus, systems, techniques and articles are also described.

Abstract: Systems and methods for scoring audio/video (A/V) sessions may include a first client which identifies an A/V signal for a session of an A/V application between the first client and a second client, and metrics of a network path between the first client and the second client. The first client may determine a first score for the A/V signal by applying one or more features corresponding to the A/V signal to a model trained to generate the first score. The client may generate a session score for the session based on the first score and the metrics of the network path.

Abstract: Described herein are systems and methods for transferring data corresponding to scannable codes. A first device can transmit, responsive to identifying that a user of the first device copied data, an indication to a service that the first device copied the data. The indication can cause the service to enable a second device to paste the data copied from the first device. The first device can receive a request to copy the data from the first device to paste on the second device of the user. The first device can display, responsive to the request, a scannable code corresponding to the copied data to be scanned by a camera of the second device to enable the user of the second device to paste the copied data.

Abstract: Described embodiments provide systems and methods for determining bounce-able machines. One or more processors can be coupled to memory. The one or more processors can identify data associated with a history of actions performed on a plurality of machines. The one or more processors can determine, using the data, a change in performance of the plurality of machines if a sequence of actions were applied to one or more of the plurality of machines. The one or more processors can select a machine of the plurality of machines based on at least on the change in performance of the machine satisfying a threshold. The one or more processors can initiate, responsive to the selection, the sequence of actions on the machine.

Abstract: Described embodiments provide systems and methods for identifying malicious attempts to detect vulnerabilities in an application. At least one processor may determine a mean and a standard variation of character counts of each of a plurality of characters from a plurality of sets of data. The at least one processor may determine a distance metric for each of the characters in each of the sets of data. For a corresponding set of data, the at least one processor may determine a number of outliers to determine whether the corresponding set of data is anomalous.

Abstract: Virtual application and desktop delivery may be optimized by supplying application metadata and user intent to the device between a client and a server hosting resources for the delivery. The data packets used to deliver the virtual application or desktop may be also tagged with references to the application. By supplying the metadata and tagging packets with the metadata, an intermediary network device may provide streams of data packets at the target QoS. In addition, the device may apply network resource allocation rules (e.g., firewalls and QoS configuration) for redirected content retrieved by the client out of band relative to a virtual channel such as the Internet. The network resource allocation rules may differ for different types of resources accessed. The device may also control a delivery agent on the server to modify communication sessions established through the virtual channels based on network conditions.

Abstract: Aspects of the disclosure relate to dynamic crypto key management for mobility in a cloud environment. A computing platform may receive a request to generate a new tenant master key and a new server recovery key. Subsequently, the computing platform may send to a cloud-based key vault server, the new tenant master key and the new server recovery key. The computing platform may send to a tenant database, the encrypted server recovery key. As a result, the computing platform may provision the enrollment servers with the encrypted server recovery key. In some embodiments, the enrollment servers are configured to manage enrollment of policy-managed devices in a policy enforcement scheme and to authenticate with the key update service based on the encrypted server recovery key.

Abstract: Described embodiments provide systems and methods of allocating cloud resources for application deployments. A resource allocator may identify a first metric indicating usage of cloud resources by clients in a first release environment for an application update. The resource allocator may generate, using the first metric, a resource capacity model for predicting usage of the cloud resources by clients in a second release environment for the application update. The resource allocator may determine, using the resource capacity model, a metric predicting the usage of the cloud resources by the clients in the second release environment. The resource allocator may generate instructions to set an allocation of the cloud computing resources for performing deployment of the application update to the second release environment based on the second metric.

Abstract: The present disclosure relates to methods and systems for performing response based cache redirection to a cache proxy. A device intermediary to a plurality of clients and a plurality of servers and in communication with a plurality of cache proxies, receives a request for content from a client. The request is for content from a server of the plurality of servers. The device forwards the request to the server. The device identifies a cache redirection policy that specifies an amount of bytes of a response to buffer to calculate a signature of the content of the response. The device computes the signature of the content of the response based on the amount of bytes of the response received from the server and buffered by the device. The device selects a cache proxy based on the computed signature and forwards the request of the client to the selected cache proxy.

Abstract: Described embodiments provide systems and methods selecting one or more applications to launch based in part on features of a file. A device can receive a file from a user of a client device. The device can select, according to a file type of the file, an algorithm to identify one or more features of the file. The device can determine, according to the one or more features, one or more applications to execute the file on the client device. The device can provide, to the user through the client device, a listing of the one or more applications to execute the file.

Abstract: A method for creating and executing a micro-application includes receiving a user selection of a user interface element within a user interface of a primary application. Source code associated with the selected user interface element is parsed to obtain at least one attribute associated with the selected user interface element. Data associated with the selected user interface element is identified based on the source code. A response based on the at least one attribute and the data is generated. A microapp configured to process the response to obtain the data from within the primary application is generated.

Abstract: Techniques are disclosed for providing messaging participant identity leak prevention. An example methodology implementing the techniques includes, receiving, by a computing device, a message from a sender to a recipient via a software application running on the computing device, the software application having a non-confidential messaging view and a confidential messaging view. The method also includes determining a message type of the message, the message type is one of a non-confidential message or a confidential message, and displaying the message in the confidential messaging view of the software application in response to a determination that the message type indicates a confidential message, the confidential messaging view being distinct from the non-confidential messaging view, wherein messaging participant identity information is obfuscated in the display of the message in the confidential messaging view.

Abstract: Described embodiments provide systems and methods for contextual confidence scoring-based access control. The systems and methods can include one or more processors configured to receive a request from the client device to access an item of content. The one or more processors can select a first subset of authentication techniques. The authentication techniques identifiable with a score. The one or more processors can determine that a sum of the scores of the selected first subset of the authentication techniques exceeds a threshold. The one or more processors can transmit, to the client device, one or more authentication requests utilizing the selected first subset of authentication techniques. The one or more processors can provide, responsive to successful authentication by the client device, access to the item of content to the client device.

Abstract: Systems and methods for proactively alerting administrators of upcoming or possible network outages include a server which receives metrics for usage of one or more networks for each workspace application of plurality of workspace applications of a plurality of endpoints across a plurality of different locations of an enterprise. The server may determine a network download speed for each location of the plurality of different locations according to the metrics for each workspace application. The server may generate an alert to be provided to a device of a user associated with a first location of the plurality of different locations responsive to the network download speed for a network of the one or more networks falling below a threshold.

Abstract: Systems and methods for Optical Character Recognition (“OCR”) based anti-spoofing for Unicode homograph. The method comprises: performing operations by a computing device to make an OCR identification on an original electronic address so as to obtain an OCR electronic address; encoding (a) the original electronic address to obtain an encoded access address and (b) the OCR electronic address to obtain an encoded OCR electronic address; comparing the encoded access address to the encoded OCR electronic address; and determining if a Unicode homograph spoofing situation exists based on results of the comparing.

Abstract: Systems and methods for identifying individuals with a user-requested expertise are provided. For example, the system can include a processor configured to receive a user input and extract one or more keywords from the input. The processor can generate search requests based upon the one or more keywords, each search request identifying at least one application programming interface (API) call configured to invoke at least one API function as exposed by a software application. The processor can transmit the search requests to the software applications and receive search responses. The processor can determine a plurality of software application users and a set of associated evidence, each set of associated evidence including user interactions with each of the software applications. The processor can aggregate the evidence into an aggregated data set and configure the aggregated data set as an input to a machine learning classifier for ranking the sets of evidence.

Abstract: Described embodiments provide system and methods for selecting a device via which a client is to connect with a server. A client may identify a server and a plurality of devices intermediary to the client and the server via one of which the client is authenticated to connect to access the server using a certificate. The client may detect that the server is unreachable from the client authenticated to use a first connection via a first device of the plurality of devices using the certificate. The client may select, responsive to detecting that the server is unreachable, a second device of the plurality of devices via which the client is to access the server. The client may authenticate, using the certificate used to authenticate with the first device, the client to establish a second connection with the second device to access the server.

Abstract: Described embodiments provide systems and methods for launching a connection to a resource link from a client device. A device can authenticate the client device for access to a plurality of resource links accessible via one or more servers. The device can provide a list of the plurality of resource links responsive to the authentication, and receive a request from the client device, identifying a first resource link to access. The device can cause first authenticated credentials for the first resource link to be stored on the client device responsive to the request. The first authenticated credentials can correspond to the client device and provide access the first resource link. The client device can be configured to launch a connection to the first resource link from the client device using the first authenticated credentials stored on the client device.

Abstract: Systems and methods for secure sharing of sensitive information in a computing environment. The methods comprise, by a first entity of a first computing environment receiving sensitive information of the first computing environment, receiving a request to share the sensitive information from a second entity of the first computing environment, and determining whether the second entity is a trusted entity included in a list of trusted entities held by a configuration service associated with a second computing environment. If the second entity is not a trusted entity, determining whether the second entity can establish trust by validating a subscription of the second entity with a directory service, and validating a digital certificate corresponding to the second entity with a certificate authority. If the second entity can establish trust or is a trusted entity, sharing the sensitive information with the second entity so as to enable operation of the second entity.