Abstract: Methods and systems for detecting and responding to potential SIM-security breach events are described herein. A security application executing on a device may determine if the device has the ability to place calls by querying a baseband processor of the device. When the device does not have the ability to place calls, the application may then determine if an available expected mobile network is accessible (by querying the baseband processor again, in some embodiments). In response to a determination that the available expected mobile network is accessible, an interface is provided to a user asking if the user is deactivating the SIM of the device for a legitimate reason. When an input is not received confirming that the user is deactivating the SIM for a legitimate reason, the security application automatically transmits a notification that a potential SIM-security breach event has occurred.

Abstract: Methods and systems for detecting and responding to potential SIM-security breach events are described herein. A security application executing on a device may determine if the device has the ability to place calls by querying a baseband processor of the device. When the device does not have the ability to place calls, the application may then determine if an available expected mobile network is accessible (by querying the baseband processor again, in some embodiments). In response to a determination that the available expected mobile network is accessible, an interface is provided to a user asking if the user is deactivating the SIM of the device for a legitimate reason. When an input is not received confirming that the user is deactivating the SIM for a legitimate reason, the security application automatically transmits a notification that a potential SIM-security breach event has occurred.

Abstract: Real-time monitoring and alerting of breached security credentials for server-based endpoints is described herein. In various embodiments, a software component (that intercepts outgoing network traffic from a computing device) or a server-based breach monitoring component may receive a request for endpoint data. Credential data may be included in the request. The endpoint and/or the credential data may be compared to credential data linked to a list of compromised endpoints. An alert may be generated for the client device when both a match is detected with credential data of a breach object on the list of compromised endpoints and the breach time field of the breach object is after a previous credentials change for the endpoint. Access to the endpoint may be blocked and/or a change password mechanism may also be displayed to change the user credentials prior to revisiting the endpoint.

Abstract: Methods and systems for annotating and assessing content, including QR codes, using a web page investigator to avoid dangerous scans of such content are described herein. A security module executing on a client device may receive a request for web content. A computer vision model may then scan the requested web content to identify and annotate graphical features on the webpage prior to rendering the web content on a display of the client device. The computer vision model may identify a QR code and transmit information encoded within the QR code to a server executing a phishing and content protection (PCP) engine for analysis. When the identified QR code is indicated to be malicious, the client device may render a modified version of the requested web content to discourage the user from scanning the identified QR code.

Abstract: A method for automated navigational marker detection and association in maritime applications includes providing a camera system equipped with one or more red-green-blue (RGB) cameras for capturing visual data of a surrounding maritime environment in real-time, and then providing a computing unit comprising a neural network-based object detector, a projection mechanism module, and a GPS mapping and chart data integration module. Next, providing a database comprising pre-existing chart data of navigational markers. Next, capturing visual data of the surrounding maritime environment using the camera system. Next, processing the visual data by the computing unit using the neural network-based object detector to identify navigational markers. Next, projecting pixel positions of detected navigational markers into a three-dimensional (3D) coordinate system.

Abstract: Methods and systems for using a software gateway to improve enterprise user privacy for network communication data are described. A server executing the software gateway may receive a request for network communication data via several described pathways, including a software client on the client device, a proxy auto-configuration module, and a reverse proxy server. The software gateway may receive the network communication data, which is then forwarded to a proxy server, where the proxy server executes software modules included within the network communication data to generate expanded network data. The software gateway server may then filter the expanded network data by applying a set of content identification rules. Each content identification rule may specify data that is not passed to the client device. Only the portion of the executed network data allowed by the set of content identification rules may then be transmitted back to the software client.

Abstract: For increased device security, a security policy manager is used to configure permissions for applications installed on mobile computing devices. In one approach, an evaluation server receives data associated with a context for a computing device. Based on the received data, a policy that is applicable for the current context of the computing device is identified. The identified policy has rules regarding access permissions for software installed on computing devices. The server determines a current policy implemented on the computing device, which includes determining an access permission for software installed on the computing device. The server determines that the access permission for the installed software does not comply with the policy applicable to the current context. Based on this determination, the server revokes the access permission for the installed software.

Abstract: Systems and methods are described for managing personal data on a client computer, in which personal data associated with the client computer is identified by a policy management module. An analysis may be performed for the client computer by a server using fake personal data. To identify applications which may attempt to access the personal data, the fake personal data is tracked for access on the client computer. A policy is then created that disallows access of the personal data by any applications identified by the analysis of the client computer as accessing the fake personal data. The policy is then assigned to the client computer.

Abstract: Methods and systems provide for augmenting images and displayed objects using extended reality (XR) images. Image data may be received that includes real-world image data displayed on a display of the client device, which is monitored by a guide software component, and XR images. A person may be identified from the real-world image data, and, in response to identifying the person, stored information may be retrieved from a record associated with the identified person in a database in communication with the client device. The guide software component may then modify the XR images in response to identifying the person to include the retrieved information associated with the identified person. Additional XR images may be used to provide informative content at spatial anchor locations within the real-world image data.

Abstract: The security of network connections on a computing device is protected by detecting and preventing compromise of the network connections, including man-in-the-middle (MITM) attacks. Communications are intercepted by a client-side proxy before being sent to a recipient designated by an application. The intercepted communication is inspected, and a first connection is determined to be used to send the communication based on the inspection. Finally, before the communication is sent via the first connection, an action is performed by the client-side proxy resulting in an indication that the first connection is compromised. The action may include comparing data associated with the first connection to data associated with known compromised connections. In various embodiments, additional security responses may subsequently be performed by the client-side proxy based on the indication that the first connection is compromised.

Abstract: For increased security, a source is determined for software to be installed on a computing device. In one approach, a side-load server receives, from a mobile device, data regarding an application to be installed on the mobile device. The server determines a source of the application, then sends, to an authenticity server, data regarding the source. The server receives, from the authenticity server, a first state designation for the application. In response to receiving the first state designation, the server sets a second state designation, and sends the second state designation to the mobile device (e.g., to permit or block installation of the application).

Abstract: Systems and methods are described for managing personal data on a client computer, in which personal data associated with the client computer is identified by a policy management module. An analysis may be performed for the client computer by a server using fake personal data. To identify applications which may attempt to access the personal data, the fake personal data is tracked for access on the client computer. A policy is then created that disallows access of the personal data by any applications identified by the analysis of the client computer as accessing the fake personal data. The policy is then assigned to the client computer.

Abstract: In one approach, a first computing device receives a request from a second computing device. The request is for access by the second computing device to a service provided by a third computing device over a network. In response to receiving the request, the first computing device performs a security evaluation of the second computing device. The evaluation determines a risk level. The first computing device generates, based on the evaluation, a token for the second computing device. The token includes data encoding the risk level. The token is sent to the second computing device and/or third computing device. The sent data is used to configure the service provided to the second computing device.

Abstract: Computer systems and methods to protect user credential against phishing with security measures applied based on determination of phishing risks of locations being visited, phishing susceptibility of users, roles of users, verification of senders of messages, and/or the timing of stages in accessing and interacting with the locations. For example, when a site is unclassified at the onset of being accessed by a user device, security measures can be selectively applied to allow the site to be initially viewed on the user device, but disallow some user interactions to reduce phishing risk. For example, a response to a domain name system (DNS) request can be customized based on a user risk level. For example, a message can be displayed without a profile picture of a contact of a user when the sender of the message appears to be the contact but cannot be verified to be the contact.

Abstract: Methods and systems provide for multi-factor authentication (MFA) of a user to a device or network in which continuous user authentication criteria is used to determine access to encrypted files. After the user is authenticated and provided with access, a continuous user authentication criteria must be fulfilled for that access to the encrypted file to be maintained. When it is determined that the criteria is not satisfied, access to the encrypted file is denied. The criteria may be based on the location of a second computing device with respect to a first computing device. Multiple methods of determining continuity may be employed simultaneously, with access being denied when continuity is fulfilled by none of the methods.

Abstract: The method disclosed herein provides for performing user authentication and maintaining user authentication and access to a second device based on the user maintaining control of a first device. The user's continued control may be based on determining the user's continued possession of the first device from the authentication to a pairing with the second electronic device which then causes a second security component executing on the second electronic device to change the second electronic device to an unlocked state.

Abstract: In one approach, a request for software evaluation is received by an evaluation server from a user device. The request relates to software to be installed on the user device. In response to receiving the request, the evaluation server sends data associated with the software to an authenticity server. The evaluation server receives, from the authenticity server, a result from the evaluation of the software. The evaluation server determines based on the result whether a security threat is associated with the software. In response to determining that there is a security threat, the evaluation server sends a communication to the user device that causes the software to be quarantined.

Abstract: Methods and systems provide for improved security for domain name resolution (DNS) and browsing. User privacy may be improved for client devices by first transmitting authentication information and the domain name to a server. After determining that the requesting security component on the client device is authorized to access a domain resolution service, the domain name is resolved to obtain an internet protocol (IP) address. Classification data is then retrieved from a third-party service for the domain name and/or the IP address. This classification data may then be evaluated against a first policy associated with the client device. When the evaluation indicates the client device is not allowed to access the IP address, the client device is sent information indicating that access is not permitted. When access is permitted, the client device may be sent the IP address and the classification data used for the evaluation.

Abstract: Methods and systems provide for multi-factor authentication (MFA) of a user to a device or network in which a criteria for maintaining the authentication is based on the presence of the user before a device. After the user is authenticated and provided with access, a continuity criteria (i.e., a measure of the presence of the user before the device) must be fulfilled for that access to be maintained. When it is determined that the continuity requirement is not fulfilled, an aspect of the access is denied. A continuity criteria may be based on the location of a second computing device with respect to a first computing device. And multiple methods of determining continuity may be employed simultaneously, with access being denied when continuity is fulfilled by none of the methods.

Abstract: Methods and systems provide for augmenting images and displayed objects using extended reality (XR) images. Image data may be received that includes real-world image data displayed on a display of the client device, which is monitored by a guide software component, and XR images. A person may be identified from the real-world image data, and, in response to identifying the person, stored information may be retrieved from a record associated with the identified person in a database in communication with the client device. The guide software component may then modify the XR images in response to identifying the person to include the retrieved information associated with the identified person. Additional XR images may be used to provide informative content at spatial anchor locations within the real-world image data.