Abstract: An action is permitted to be performed on a computing device only after the action has been confirmed by two or more authorized and/or authenticated parties. A security component receives a request from to initiate an action on a computing device. Before the action is allowed to be initiated on the computing device the security component requires the authentication of first and second parties or authorizations from first and second parties, or both the authentications of and authorizations from first and second parties. After receiving the required authorizations and/or successfully performing the required authentications, the security component allows the requested action to be initiated on the computing device.

Abstract: A source of side-loaded software is determined. An action may be performed in response to the determination of the source. In one case, the handling of an application on a mobile device may be based on whether the source of the application is trusted or untrusted. If a software application being newly-installed on a mobile device of a user is determined to be untrusted, installation or execution is blocked. In one approach, the determination of the source includes: determining whether a first source identifier of a first application matches a white list of source identifiers or a black list of source identifiers; and sending the first source identifier and a first application identifier for the first application to a different computing device.

Abstract: Mobile devices typically have some form of audio capabilities designed to be operated by the device's user, for example to place phone calls; however, if a device is misplaced or stolen, the user may wish to operate those audio capabilities remotely. Methods are provided for detecting that a security event has occurred on a portable electronic device and then establishing an audio transmission between the device and one or more clients, and in some embodiments, sending a command to initiate the audio transmission. The detection of a security event may be based on, for example, detecting that the device has been turned on, detecting movement of the device, detecting that an incorrect password has been entered, the device camera has been used, contacts have been added or deleted, the SIM card as been removed or replaced, application programs have been installed or uninstalled from the device, or uncharacteristic behavior has been detected.

Abstract: An analysis including a comparison is performed of first and second applications and a determination is made regarding whether the first is a counterfeit version of the second application, or vice-versa. Based on the analysis and comparison, and based on an assessment of the first application, an assessment of the second application may be generated.

Abstract: In many cases, it is desirable to remotely install a software application on a mobile device that performs a function without requiring user intervention on the device, such as in the case where a device is lost or stolen. In one embodiment, a method implemented on the mobile device after installation of the software includes: determining an identifier for a computing device associated with the user; performing a function of the mobile device to obtain information regarding the mobile device; and sending the information for delivery to the computing device using the identifier. In one embodiment, software can be remotely installed on a device that, when installed, locates the device and transmits the location to an email address associated with the device so that a user can recover the device if it is lost or stolen.

Abstract: The method disclosed herein provides for performing device security corrective action based on loss of proximity to another device, such as a key device. While a mobile communication device is locked, a mobile communication device determines whether or not a key device is within a specified distance. If the key device is not within the specified distance from the mobile communication device, a notification may be displayed on the mobile communication device. If a user responds to the notification, the user may prevent or alter the mobile communication device from performing at least one device security corrective action. If, however, the user does not respond to the notification within a specified time period, the at least one device security corrective action is performed on the mobile communication device.

Abstract: The security and convenience of a mobile communication device is enhanced based on a separate key device. If the key device is near the mobile communication device, the mobile communication device may be automatically unlocked without the user having to input an unlock code. The mobile communication device may be automatically unlocked into a first mode having a first level of functionality. If the user inputs a correct unlock code, the mobile communication device may be unlocked into a second mode having a second level of functionality, greater than the first level of functionality.

Abstract: A method for protecting privacy and enhancing security on an electronic device is provided. When sensor information associated with at least one user input action is collected by a sensor in an electronic device hosting a plurality of applications, the method includes intercepting a request to access the sensor information from a requesting application of the plurality of applications, and controlling access to the sensor information associated with the at least one user input action based on the requesting application. By controlling access to the sensor information, leakage of sensitive or secure information to a malicious background application is minimized and privacy and security are enhanced.

Abstract: Methods for assessing the current security state of a mobile communications device to determine access to specific tasks is presented. A security component on a server is configured to receive a request to access services from a mobile communications device for a specific task. The security component on the server is further configured to determine whether a security state for the mobile communications device is acceptable for access to the services. Based on the security state for the mobile device being determined to be acceptable for access to the services, access to the services is granted and a determination is whether the security state is acceptable for access to the specific task requested. Based on the security state being determined to be acceptable for access to the specific task requested, access to the specific task requested is granted by the server security component.

Abstract: Detection, identification, and control of application behavior dealing with malware, security risks, data privacy, or resource usage can be difficult in an era of complex, composite software applications composed of multiple components. Software applications are analyzed to determine their components and to identify the behaviors associated with each of the components. Components can also be analyzed with respect to similarity of previously known components. Behaviors can include use of personal identifying information or device information, or any actions that can be taken by applications on the device, including user interface displays, notifications, network communications, and file reading or writing actions. Policies to control or restrict the behavior of applications and their components may be defined and applied. In one embodiment this can include the identification of advertising networks and defining policies to permit various opt-out actions for these advertising networks.

Abstract: User activity on a mobile device is monitored and collected, and a resource usage model is constructed. The resource usage model describes a set of contexts in which the mobile device, and is the basis for determining a first exhaustion point for a resource. Based on the monitored activity, a prediction of a second exhaustion point for the resource time is made. If the second exhaustion point is prior to the first exhaustion point, usage of the resource is reduced.

Abstract: Embodiments are directed to a system and method for authenticating a user of a client computer making a request to a server computer providing access to a network resource through an authentication platform that issues a challenge in response to the request requiring authentication of the user identity through a reply from the client computer, determining one or more items of context information related to at least one of the user, the request, and the client computer, and determining a disposition of the request based on the reply and the one or more items of context information. The reply includes a user password and may be provided by an authorizing client device.

Abstract: A graphical user interface for improved text character entry is disclosed. In some embodiments, the graphical user interface may be displayed on a mobile communications device. The graphical user interface may display a message field, a soft keyboard, and at least one visual foveal echo field. The message field may display text characters of a message being authored by a user interacting with the soft keyboard. The visual foveal echo field may be placed adjacent to a soft keyboard row and contain a portion of the message being authored by the user.

Abstract: This disclosure is directed to a system and method for providing advisement about applications on mobile communication devices such as smartphones, netbooks, and tablets. A server gathers data about mobile applications, analyzes the applications, and produces an assessment that may advise users on a variety of factors, including security, privacy, battery impact, performance impact, and network usage. The disclosure helps users understand the impact of applications to improve the experience in using their mobile device. The disclosure also enables a server to feed information about applications to other protection systems such as application policy systems and network infrastructure. The disclosure also enables advisement about applications to be presented in a variety of forms, such as through a mobile application, as part of a web application, or integrated into other services via an API.

Abstract: A method and apparatus for providing cross device notifications. A cross notification component is provided in multiple devices. In some devices, the cross notification component is at least configured to transmit notices to other devices, and to receive responses to its notice transmissions. In some devices, the cross notification component is at least configured to receive the notices transmitted by other devices, and to generate and transmit responses to received notices.

Abstract: Disclosed herein is a system and method for efficiently gathering information about applications for mobile communications devices (e.g., smartphones, netbooks, and tablets) and using that information to produce assessments of the applications. To gather information, a server may send a request for application data to a mobile communications device. In response, the server may receive some but not all of the first-requested application data. The server may then a second request for application data to a second mobile communications device that also has access to the application. The server may receive application data from the second mobile communications device, and store the received first- and second-requested application data. The server then uses the stored application data to assess the application.

Abstract: Client and user activity in an application or a browser are monitored to determine whether potential actions will result in a server being contacted. A DNS request to resolve the server's host name is generated to ensure the server's IP address is cached and available.

Abstract: Security is enhanced for a user of an electronic device by providing a method for managing user login behavior. When an entered password that is different from a defined password is received, the method includes identifying alternative characters for at least one character of the entered password based on a location of a key corresponding to the character of the entered password on a keyboard used to enter the password. When the alternative characters are identified, a variation of the entered password is generated by replacing a character of the entered password with an alternative character of the character. When information relating to the variation matches information relating to the defined password, the entered password is determined to be valid.

Abstract: A method for evaluating security during an interactive service operation by a mobile communications device includes launching, by a mobile communications device, an interactive service configured to access a server over a network during an interactive service operation, and generating a security evaluation based on a plurality of trust factors related to a current state of the mobile communications device, to a security feature of the application, and/or to a security feature of the network. When the security evaluation is generated, an action is performed based on the security evaluation.

Abstract: A system and method for using file system events to trigger a security scan. A file system watches all writable directory paths for defined file system events on files in the watched paths. Upon occurrence of a watched event, the file is scanned using known security methods. A data structure stores events and can be used to update and track events. Cookies can be used to correlate MOVE events. A timer can be used to avoid repetitive scanning after discrete WRITE events.