Abstract: Methods and systems provide for multi-factor authentication (MFA) of a user to a device or network in which a criteria for maintaining the authentication is based on the presence of the user before a device. After the user is authenticated and provided with access, a continuity criteria (i.e., a measure of the presence of the user before the device) must be fulfilled for that access to be maintained. When it is determined that the continuity requirement is not fulfilled, an aspect of the access is denied. A continuity criteria may be based on the location of a second computing device with respect to a first computing device. And multiple methods of determining continuity may be employed simultaneously, with access being denied when continuity is fulfilled by none of the methods.

Abstract: Methods and systems provide for augmenting images and displayed objects using extended reality (XR) images. Image data may be received that includes real-world image data displayed on a display of the client device, which is monitored by a guide software component, and XR images. A person may be identified from the real-world image data, and, in response to identifying the person, stored information may be retrieved from a record associated with the identified person in a database in communication with the client device. The guide software component may then modify the XR images in response to identifying the person to include the retrieved information associated with the identified person. Additional XR images may be used to provide informative content at spatial anchor locations within the real-world image data.

Abstract: Techniques for providing domain name and URL visual verifications to increase security of operations on a device. The techniques include a visual indicator and/or warning to a user on the user's computing device that a domain or URL requested by the user and the device is unpopular, new, unknown, inauthentic, associated with malware or phishing, or in some other way, risky. The techniques include identifying a domain name in a communication received by a computing device and then determining a popularity ranking and/or an age of the domain name. The device can render, for display on a screen of the device, a visual indicator having the popularity ranking and/or the age of the domain name. Also, the techniques can include identifying a URL in a communication received by a computing device and then rendering, for display on a screen of the device, a visual indicator having the entire URL.

Abstract: Historical data is collected from prior risk analysis for applications to be installed or already installed on computing devices. A risk profile is determined for new applications to be installed or already installed on the same and/or different computing devices. The risk profile is determined by comparing or correlating the historical data to data regarding the new applications (e.g., metadata such as package identifier, signer data, name, version). Various remediation actions are determined based on the risk profile.

Abstract: The method disclosed herein provides for performing user authentication and maintaining user authentication and access to a first device based on the user maintaining control of the first device. The continued control may be based on determining the user's continued possession of the first device, or determining an acceptable proximity of the user to the first device. The proximity of the user may be determined using a second device associated with the user, or sensors associated with the first device.

Abstract: Events of a calendar are identified and evaluated for confidentiality due to an explicit tag, location, participants, or subject matter. In response, permissions of applications on a device are dynamically reduced. Permissions may include permissions to access sensors such as a microphone and camera. Sensors of other devices such as a voice-processing device or Bluetooth device may be disabled. The risk associated with applications on a device may be evaluated based on permissions, usage, collected data, cloud service provider, location, permissions and usage of other users of the application, and other attributes of the application. The risk may be represented as a risk score used to determine whether to perform a mitigation action.

Abstract: Data is collected from a set of devices according to a data collection policy. The data is associated with at least one of: device configuration, device state, or device behavior. A norm is established using the collected data. A different data collection policy is established based on the norm. Data is collected from a particular device according to the different data collection policy. The norm is compared to the data collected from the particular device. If there is a deviation beyond a threshold deviation between the norm and the data collected from the particular device, a responsive action is taken.

Abstract: Systems, methods, and apparatus related to network security. In one approach, various endpoint devices communicate with a network gateway and/or API mode CASB over one or more networks. All communications by the endpoint devices with remote servers and clouds pass through the network gateway (and/or by cloud service access when using an API mode CASB). The gateway and/or CASB gathers metadata from the endpoint devices and/or network devices. The metadata indicates characteristics of the communications by the endpoint devices on the networks and/or processes running on the endpoint devices. The gateway and/or CASB identifies security risks using at least the metadata, and in response dynamically performs remediation actions for one or more of the networks in real-time to limit or block propagation of a cyber attack associated with one or more of the identified security risks.

Abstract: Methods and systems provide for reducing privacy leaks in DNS request by using a private DNS service. The private DNS service provides for matching a level of privacy provided by a type of communication protocol to a level of privacy desired or required for a particular client communication. When the DNS service determines that an intended communication protocol does not supply at least the level of privacy desired for a particular communication, the private DNS service may initiate the creation of a connection with the desired level of privacy.

Abstract: Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Abstract: An identity broker receives a request for access by a client device to a service provided by a server. In response to the request, the identity broker communicates with the client device to determine whether a security risk is associated with allowing the client device to access data of a service provider. An identifier assigned to the client device is used to identify a user session between the client device and the service provider. Continuous monitoring of the client device is performed to identify any security risks associated with the user session. If a risk is identified, the identifier is used to revoke the user session.

Abstract: Systems and Computer Readable Media for enabling methods for multi-party authorization including a security component determining that a request for the performance of an action on a computing device is from a first party. The security component initiates transmissions to the computing device of first and second information indicating knowledge of first and second secrets provisioned on the computing device. The computing device, upon verifying the knowledge of first and second secrets, then permits the requested action.

Abstract: Methods and systems are provided for providing a mobile communications device with access to a provider with a plurality of security levels. The security state of the device varies according to severity levels of device security events. The mobile communications device generates data regarding security events and provides the data to the provider, which compares that security state to a policy associated with the provider. The mobile communications device is allowed to access to a provider service where the device's current security state meets or exceeds the security state required for the provider service.

Abstract: Applications on a device are assigned scores based on their attributes, update status, and source. A device is a assigned a score based on its attributes and the scores of applications installed thereon. the device score may be combined with an evaluation of user behavior to obtain a user score. The scores may be used to invoke security actions with respect to data and services of an enterprise. Security reports for a network environment may be modified such that the severity of threats accounts for policies and attributes of the environment. Security of a device may be evaluated locally, including the training of a model to identify anomalous authentication or usage behavior. Security of a device may be reduced to a score lacking personal information that may be used by a server to select access controls for a device.

Abstract: A cloud server collects and stores context data from mobile devices. Data collected for a mobile device is compared to the historical data. A security policy is selected for the mobile device based on the comparison. The selected policy is deployed to the mobile device. A status of the deployment is tracked by the cloud server.

Abstract: The method disclosed herein provides for performing user authentication and maintaining user authentication and access to a first device based on the user maintaining control of the first device. The continued control may be based on determining the user's continued possession of the first device, or determining an acceptable proximity of the user to the first device. The proximity of the user may be determined using a second device associated with the user, or sensors associated with the first device.

Abstract: Methods and systems provide for improved security for domain name resolution (DNS) and browsing. User privacy may be improved for client devices by first transmitting authentication information and the domain name to a server. After determining that the requesting security component on the client device is authorized to access a domain resolution service, the domain name is resolved to obtain an internet protocol (IP) address. Classification data is then retrieved from a third-party service for the domain name and/or the IP address. This classification data may then be evaluated against a first policy associated with the client device. When the evaluation indicates the client device is not allowed to access the IP address, the client device is sent information indicating that access is not permitted. When access is permitted, the client device may be sent the IP address and the classification data used for the evaluation.

Abstract: Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Abstract: Systems and methods for coordinating components can include: determining, by a first application executing on a client device, a need to perform a sharable functional task; identifying a first software component installed on the client device and capable of performing a first variation of the sharable functional task; identifying a second software component installed on the client device and capable of performing a second variation of the sharable functional task, wherein the second variation of the sharable functional task is functionally overlapping with and not identical to the first variation; identifying a set of characteristics of both the first software component and the second software component; selecting the second software component for performing the sharable functional task based on the set of characteristics, where the set of characteristics includes at least a version number; and delegating performance of the sharable functional task to the second software component.

Abstract: An identity broker receives a request for access by a client device to a service provided by a server. In response to the request, the identity broker communicates with a client device to determine whether a security risk is associated with allowing the client device to access data of a service provider. If the client device is secure, the identity broker sends an authentication request to an identity provider. After the identity provider authenticates the client device, the identity broker passes the authentication to the server, which establishes a session with the client device to provide the service. The security state of the client continues to be monitored to determine whether access should continue to be permitted to data associated with a service provider.