Abstract: Methods and systems for using a software gateway to improve enterprise user privacy for network communication data are described. A server executing the software gateway may receive a request for network communication data via several described pathways, including a software client on the client device, a proxy auto-configuration module, and a reverse proxy server. The software gateway may receive the network communication data, which is then forwarded to a proxy server, where the proxy server executes software modules included within the network communication data to generate expanded network data. The software gateway server may then filter the expanded network data by applying a set of content identification rules. Each content identification rule may specify data that is not passed to the client device. Only the portion of the executed network data allowed by the set of content identification rules may then be transmitted back to the software client.

Abstract: For increased device security, a security policy manager is used to configure permissions for applications installed on mobile computing devices. In one approach, an evaluation server receives data associated with a context for a computing device. Based on the received data, a policy that is applicable for the current context of the computing device is identified. The identified policy has rules regarding access permissions for software installed on computing devices. The server determines a current policy implemented on the computing device, which includes determining an access permission for software installed on the computing device. The server determines that the access permission for the installed software does not comply with the policy applicable to the current context. Based on this determination, the server revokes the access permission for the installed software.

Abstract: Systems and methods are described for managing personal data on a client computer, in which personal data associated with the client computer is identified by a policy management module. An analysis may be performed for the client computer by a server using fake personal data. To identify applications which may attempt to access the personal data, the fake personal data is tracked for access on the client computer. A policy is then created that disallows access of the personal data by any applications identified by the analysis of the client computer as accessing the fake personal data. The policy is then assigned to the client computer.

Abstract: Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Abstract: The security of network connections on a computing device is protected by detecting and preventing compromise of the network connections, including man-in-the-middle (MITM) attacks. Communications are intercepted by a client-side proxy before being sent to a recipient designated by an application. The intercepted communication is inspected, and a first connection is determined to be used to send the communication based on the inspection. Finally, before the communication is sent via the first connection, an action is performed by the client-side proxy resulting in an indication that the first connection is compromised. The action may include comparing data associated with the first connection to data associated with known compromised connections. In various embodiments, additional security responses may subsequently be performed by the client-side proxy based on the indication that the first connection is compromised.

Abstract: Methods and systems provide for augmenting images and displayed objects using extended reality (XR) images. Image data may be received that includes real-world image data displayed on a display of the client device, which is monitored by a guide software component, and XR images. A person may be identified from the real-world image data, and, in response to identifying the person, stored information may be retrieved from a record associated with the identified person in a database in communication with the client device. The guide software component may then modify the XR images in response to identifying the person to include the retrieved information associated with the identified person. Additional XR images may be used to provide informative content at spatial anchor locations within the real-world image data.

Abstract: For increased security, a source is determined for software to be installed on a computing device. In one approach, a side-load server receives, from a mobile device, data regarding an application to be installed on the mobile device. The server determines a source of the application, then sends, to an authenticity server, data regarding the source. The server receives, from the authenticity server, a first state designation for the application. In response to receiving the first state designation, the server sets a second state designation, and sends the second state designation to the mobile device (e.g., to permit or block installation of the application).

Abstract: Systems and methods are described for managing personal data on a client computer, in which personal data associated with the client computer is identified by a policy management module. An analysis may be performed for the client computer by a server using fake personal data. To identify applications which may attempt to access the personal data, the fake personal data is tracked for access on the client computer. A policy is then created that disallows access of the personal data by any applications identified by the analysis of the client computer as accessing the fake personal data. The policy is then assigned to the client computer.

Abstract: Events of a calendar are identified and evaluated for confidentiality due to an explicit tag, location, participants, or subject matter. In response, permissions of applications on a device are dynamically reduced. Permissions may include permissions to access sensors such as a microphone and camera. Sensors of other devices such as a voice-processing device or Bluetooth device may be disabled. The risk associated with applications on a device may be evaluated based on permissions, usage, collected data, cloud service provider, location, permissions and usage of other users of the application, and other attributes of the application. The risk may be represented as a risk score used to determine whether to perform a mitigation action.

Abstract: Computer systems and methods to protect user credential against phishing with security measures applied based on determination of phishing risks of locations being visited, phishing susceptibility of users, roles of users, verification of senders of messages, and/or the timing of stages in accessing and interacting with the locations. For example, when a site is unclassified at the onset of being accessed by a user device, security measures can be selectively applied to allow the site to be initially viewed on the user device, but disallow some user interactions to reduce phishing risk. For example, a response to a domain name system (DNS) request can be customized based on a user risk level. For example, a message can be displayed without a profile picture of a contact of a user when the sender of the message appears to be the contact but cannot be verified to be the contact.

Abstract: In one approach, a first computing device receives a request from a second computing device. The request is for access by the second computing device to a service provided by a third computing device over a network. In response to receiving the request, the first computing device performs a security evaluation of the second computing device. The evaluation determines a risk level. The first computing device generates, based on the evaluation, a token for the second computing device. The token includes data encoding the risk level. The token is sent to the second computing device and/or third computing device. The sent data is used to configure the service provided to the second computing device.

Abstract: Methods and systems provide for multi-factor authentication (MFA) of a user to a device or network in which continuous user authentication criteria is used to determine access to encrypted files. After the user is authenticated and provided with access, a continuous user authentication criteria must be fulfilled for that access to the encrypted file to be maintained. When it is determined that the criteria is not satisfied, access to the encrypted file is denied. The criteria may be based on the location of a second computing device with respect to a first computing device. Multiple methods of determining continuity may be employed simultaneously, with access being denied when continuity is fulfilled by none of the methods.

Abstract: The method disclosed herein provides for performing user authentication and maintaining user authentication and access to a second device based on the user maintaining control of a first device. The user's continued control may be based on determining the user's continued possession of the first device from the authentication to a pairing with the second electronic device which then causes a second security component executing on the second electronic device to change the second electronic device to an unlocked state.

Abstract: In one approach, a request for software evaluation is received by an evaluation server from a user device. The request relates to software to be installed on the user device. In response to receiving the request, the evaluation server sends data associated with the software to an authenticity server. The evaluation server receives, from the authenticity server, a result from the evaluation of the software. The evaluation server determines based on the result whether a security threat is associated with the software. In response to determining that there is a security threat, the evaluation server sends a communication to the user device that causes the software to be quarantined.

Abstract: Methods and systems provide for improved security for domain name resolution (DNS) and browsing. User privacy may be improved for client devices by first transmitting authentication information and the domain name to a server. After determining that the requesting security component on the client device is authorized to access a domain resolution service, the domain name is resolved to obtain an internet protocol (IP) address. Classification data is then retrieved from a third-party service for the domain name and/or the IP address. This classification data may then be evaluated against a first policy associated with the client device. When the evaluation indicates the client device is not allowed to access the IP address, the client device is sent information indicating that access is not permitted. When access is permitted, the client device may be sent the IP address and the classification data used for the evaluation.

Abstract: Methods and systems provide for multi-factor authentication (MFA) of a user to a device or network in which a criteria for maintaining the authentication is based on the presence of the user before a device. After the user is authenticated and provided with access, a continuity criteria (i.e., a measure of the presence of the user before the device) must be fulfilled for that access to be maintained. When it is determined that the continuity requirement is not fulfilled, an aspect of the access is denied. A continuity criteria may be based on the location of a second computing device with respect to a first computing device. And multiple methods of determining continuity may be employed simultaneously, with access being denied when continuity is fulfilled by none of the methods.

Abstract: Methods and systems provide for augmenting images and displayed objects using extended reality (XR) images. Image data may be received that includes real-world image data displayed on a display of the client device, which is monitored by a guide software component, and XR images. A person may be identified from the real-world image data, and, in response to identifying the person, stored information may be retrieved from a record associated with the identified person in a database in communication with the client device. The guide software component may then modify the XR images in response to identifying the person to include the retrieved information associated with the identified person. Additional XR images may be used to provide informative content at spatial anchor locations within the real-world image data.

Abstract: Techniques for providing domain name and URL visual verifications to increase security of operations on a device. The techniques include a visual indicator and/or warning to a user on the user's computing device that a domain or URL requested by the user and the device is unpopular, new, unknown, inauthentic, associated with malware or phishing, or in some other way, risky. The techniques include identifying a domain name in a communication received by a computing device and then determining a popularity ranking and/or an age of the domain name. The device can render, for display on a screen of the device, a visual indicator having the popularity ranking and/or the age of the domain name. Also, the techniques can include identifying a URL in a communication received by a computing device and then rendering, for display on a screen of the device, a visual indicator having the entire URL.

Abstract: The method disclosed herein provides for performing user authentication and maintaining user authentication and access to a first device based on the user maintaining control of the first device. The continued control may be based on determining the user's continued possession of the first device, or determining an acceptable proximity of the user to the first device. The proximity of the user may be determined using a second device associated with the user, or sensors associated with the first device.

Abstract: Data is collected from a set of devices according to a data collection policy. The data is associated with at least one of: device configuration, device state, or device behavior. A norm is established using the collected data. A different data collection policy is established based on the norm. Data is collected from a particular device according to the different data collection policy. The norm is compared to the data collected from the particular device. If there is a deviation beyond a threshold deviation between the norm and the data collected from the particular device, a responsive action is taken.