Abstract: Embodiments described include systems and methods for incorporating a watermark in an audio output. An embedded browser, which is executable on one or more processors of a client device, may detect an audio data stream from a network application accessed via the embedded browser. A watermarking engine of the embedded browser intercepts the audio data stream responsive to detecting the audio data stream. The watermarking engine incorporates a digital signal corresponding to a watermark into the audio data stream, prior to being produced as an audio output by an audio speaker. The watermarking engine causes the watermark to be present in the audio output produced by the audio speaker, the watermark configured to be inaudible by a human and recordable by an audio recording device.

Abstract: Systems and methods for using an overlay with a network application for receiving user satisfaction information are provided. A client application on a client device establishes, for a user, a session with a network application via an embedded browser within the client application. The client application determines, at a point of an interaction with a user interface of the network application to present an overlay for requesting information from the user on user satisfaction with respect to the network application. The client application identifies the overlay from a plurality of overlays to present based at least on the network application. The client application presents, via the embedded browser, the overlay over the user interface of the network application. The client application stores, to a data storage service of the first entity, information received from the user of the first entity via the overlay about the interaction with the network application.

Abstract: Embodiments described include systems and methods for generating and displaying live tiles for network applications. A small icon or thumbnail-like visual, referred to generally as a “live tile” or “tile”, may be provided via a user interface to a user, with the tile displaying key relevant information from the application or network resource, without the user having to launch the complete application or manually access the resource. The contents of the live tile may be periodically and automatically updated, including performing authentication processes necessary to access the application or resource.

Abstract: Embodiments described include systems and methods for generating and displaying live objects for network applications. Live objects may be created from applications (apps) that are served from and/or hosted on one or more servers, such as web applications and software-as-a-service (SaaS) applications, and shared with one or more recipients. The objects may be loaded or accessed as if they were normal network applications, and the recipients may see the latest or “live” version of content as shown to the live object creator, including user- or device-specific data of the creator, under full access policy control, without requiring access to credentials of the live object creator.

Abstract: In some aspects, a method for mediation of a screenshot capture by a client application based on policy includes identifying, by a client application on a client device, a policy for mediating one or more screenshots of content displayed via the client application. An embedded browser within the client application accesses a network application of one or more servers. The method further includes intercepting, by the client application, a request to capture a screenshot of at least a portion of the network application being displayed, determining, by the client application, one or more mediation actions to perform on the screenshot responsive to the policy, performing, by the client application, the one or more mediation actions on the screenshot, and providing, by the client responsive to the request, the screenshot resulting from the one or more mediation actions.

Abstract: Embodiments described include systems and methods for providing peer-to-peer caching among client applications. A cache coordinator is configured to receive a first request to register an object stored in a cache by a first client application including a first embedded browser. The first embedded browser obtains the object via a session established by the first embedded browser with a first network application on a server of a second entity. The cache coordinator is configured to store a location of the first client application and a hash of the object. The cache coordinator is configured to receive a second request from a second client application. The second request requests the location of the object among peer client applications. The cache coordinator is configured to communicate identification of the location of the first client application to the second client application for retrieving the object from the cache of the first client application.

Abstract: Embodiments described include systems and methods for multiple users to provide input on an input element of a network application. A first client application may establish, for a first user, a first session of a network application via a first embedded browser within the first client application. A second client application may establish, for a second user, a second session of the network application via a second embedded browser within the second client application. The first client application may communicate an invite to the second user to collaborate on an input element of a user interface displayed in the first embedded browser. The second client application may provide, responsive to acceptance of the invite, a second user interface for the second user to enter input into the input element. One of the first or the second client applications may display input received in the input element.

Abstract: Systems and methods for latency masking via prefix caching, by providing a recorded output of launch of a network application to a client device from a point closer to client device, or with lower latency than output of the actual network application can be provided to the client device. The resulting user experience is that of instant or near-instant launch of the application, avoiding network delays communicating with the application server or processing delays from instantiation of virtual machines or other resources to provide the network application.

Abstract: Systems and methods for providing a privacy screen to a network application accessed via an embedded browser of a client application are described. The method includes establishing, by a client application on a client device, a session to a network application hosted on a third party server. The client application includes an embedded browser for accessing the network application. The method further includes identifying, by the client application, a policy for providing a privacy screen to one or more portions of the network application, detecting, by the embedded browser, that the one or more portions of the network application are to be rendered on a display of the client device, and displaying a privacy screen including one or more masks displayed over at least the one or more portions of the network application rendered on the display of the client device via the embedded browser.

Abstract: Embodiments described include systems and methods for reusing content across a plurality of network applications. A client application establishes sessions with the network applications via an embedded browser. The client application identifies a plurality of content provided as input to each of the network applications and stores the plurality of content to storage. The client application determines a point in a first user interface of a first network application in which input from content of the plurality of content is available as input. The embedded browser provides a second user interface from which to select at least a first content of the plurality of content stored in storage from a second network application as input to the first user interface of the first network application. The embedded browser receives, as input to the first user interface, the selection via the second user interface of the first content.

Abstract: Systems and methods for reporting performance issues or grievances of network applications on client devices are provided. A first server of a first entity receives, from a client application on a client device, a data package including embedded browser activity of an embedded browser of the client application captured responsive to a capture trigger detected by the client application. The embedded browser activity relates to a network application of a second server of a second entity. The first server identifies, based on the embedded browser activity included in the data package, the network application to which the embedded browser activity corresponds. The first server generates, responsive to a report generation trigger corresponding to the network application, an error report based on the data package. The error report is then transmitted via a connection established between the first server and the one or more second servers corresponding to the network application.

Abstract: A client application installed on a client device may monitor communications flows between embedded browsers of the client application and one or more servers, including enterprise servers and non-enterprise servers, at upper layers of a network stack of the client device including the application layer, session layer, and presentation layer. Communications to different endpoints may be classified as enterprise or non-enterprise, measured, and aggregated to provide disambiguation of enterprise and non-enterprise communications of the device transiting a single communications link (e.g. cellular data connection). Server and network policies may be applied in accordance with the measurements with higher accuracy than policies based on total bandwidth utilized by the device without regard to its classification.

Abstract: In some aspects, a method for using a transparent window to augment an application includes establishing a transparent window to be displayed in synchronization over a first window of an application on a client device. The content of the application in the first window is viewable through the transparent window. The method further includes detecting, by the transparent window, one or more encoded portions of content of the application being displayed in the first window, and displaying, by and in the transparent window, a decoded form of the one or more encoded portions of the content of the application displayed in the first window.

Abstract: Systems and methods discussed for redirection of launch requests for local applications to corresponding remote applications, such as SaaS or network applications provided by an application server, and access of the corresponding remote application via an embedded browser of a client application. A client application executed by a client device may detect a request of a user to launch a local application of the client device. The client application may determine that the local application corresponds to a network application provided by an application server. The client application may intercept the request to launch the local application, responsive to the determination. An embedded browser of the client application may access the network application from the application server, responsive to interception of the request.

Abstract: Embodiments described include systems and methods for management and pre-establishment of network application and secure communication sessions. Session logs may be analyzed to identify an application or secure communication sessions likely to be accessed, and prior to receiving a request to establish the session, an intermediary (e.g. another device such as an intermediary appliance or other device, or an intermediary agent on a client such as a client application) may pre-establish the session, performing any necessary handshaking or credential or key exchange processes. When the session is subsequently requested (e.g. in response to a user request), the system may immediately begin using the pre-established session. This pre-establishment may be coordinated within the enterprise providing load balancing and scheduling of session establishment to prevent large processing loads at any one point in time.

Abstract: Embodiments described include systems and methods of an encrypted cache. An embedded browser of a client application executing on a client device may provide access to a network application accessed via the client application. The embedded browser may detect an event at the client device that causes the network application to send or request application data. The embedded browser may access a copy of the application data from encrypted cache of the embedded browser. The encrypted cache may be maintained for the user and store application data for network application(s) accessed by the user. The embedded browser may use the cached application data for establishing or updating a user interface of the network application for display at the client device.

Abstract: Embodiments described include systems and methods for encoding and decoding data for a network application. A client application may include an embedded browser. The embedded browser may establish a session with a network application. The client application may identify a policy specifying a type of data to encode upon input. The embedded browser may detect the type of data of an input field of the network application being displayed in the embedded browser. The embedded browser may, responsive to the detection and the policy, encode the data inputted into the input field or decode encoded data displayed in the input field.

Abstract: In some aspects, a method for revoking access to a network application on a client device. The method includes establishing, by a client application on a client device responsive to authenticating a user, access to one or more network applications of one or more first servers of a first entity via an embedded browser of the client application, receiving, by the client application, a notification from a second server of a second entity that access for the user to a network application of the one or more network applications is to be revoked, and performing, by the client application responsive to the notification, one or more revoking actions based at least on a policy.

Abstract: Embodiments described include systems and methods for integrating use of a cloud discovery service into a client application for a network application is provided. A client application can establish, for a user, one or more sessions with one or more network applications via an embedded browser within the client application. A request to access a uniform resource locator (URL) from a network application accessed via the embedded browser can be intercepted. The client application can communicate with a cloud discovery service to determine a location for which to send the URL for the user. The cloud service can select the location from a plurality of locations based at least on a context of the user. The client application can receive, from the cloud discovery service, the location for the URL and, responsive to the request, transmit the URL to the location selected by the cloud discovery service.

Abstract: Embodiments described include a method for implementing a privacy policy by a device intermediary to a plurality of clients and one or more servers. The method can include identifying, by a device intermediary to a plurality of clients and one or more servers, network traffic of a user that has not selected an option of a plurality of options of a privacy policy managed by the device. The method can include receiving, by the device, an indicator of a selection by the user of the option from the plurality of options of the privacy policy. The method can include handling, by the device, network traffic of the user according to the selected option of the privacy policy.