Abstract: Methods and systems are provided for sharing information and improving the functioning of devices by blocking potentially harmful communications. In the methods and systems disclosed, a security component on an electronic device may receive a policy. The security component may also receive, from a local device proxy on the electronic device, information pertaining to a communication. The security component may compare the information pertaining to the communication to the policy. The comparison may result in a determination that the communication is potentially harmful. The security component may then instruct the local device proxy to block the communication from proceeding past the local device proxy.

Abstract: A method and system for rendering a stolen mobile communications device inoperative is presented. A determination that the mobile communications device is in a first state is made at a security component on the mobile communications device. A removal of a cryptographic key is affected at the security component on the mobile communications device.

Abstract: A secure network connection is established between a server and a mobile communications device after the creation of a secure network account. The server, while analyzing traffic over the secure network connection identifies a triggering event or condition. In response the server modifies the secure network connection.

Abstract: A method is provided for comparing a usage of a mobile communications device to a stored pattern of usage. When a measure associated with a difference between the usage and the stored usage pattern exceeds a threshold, the mobile communications device is caused to emit a sound encoded with information that may be decoded by another electronic device.

Abstract: An action may be performed in response to a determination of a source of side-loaded software. In one case, the handling of an application on a mobile device may be based on whether the source of the application is trusted or untrusted. If a software application being newly-installed on a mobile device of a user is determined to be untrusted, installation or execution is blocked. In one approach, the determination of the source includes: receiving, from the mobile device, a first application identifier and a first source identifier, each for a first application; sending the first application identifier and the first source identifier over a network to an administrator server; receiving, from the administrator server, a first state designation for the first application; setting a second state designation based on the first state designation; and sending the second state designation to the mobile device.

Abstract: Software applications previously or currently being installed on a plurality of user devices are monitored. In one embodiment, a first set of the installed applications that is signed with a signing identifier of a developer are identified. A report is then sent to the developer that includes an identification of the first set. In another embodiment, the authenticity of a first application is evaluated including determining, based on a respective signing identifier for each of a plurality of applications, that the applications are similar to the first application. A notification is sent to the developer that identifies applications having a signing identifier that is different from the signing identifier of the developer.

Abstract: Context information associated with a mobile communications device and a network connection for the mobile communications device is collected. A security policy is applied to determine whether the security offered by the network connection is appropriate for the context. If the security offered by the network connection is not appropriate for the context, the network connection may be made more secure, less secure, or a different network connection having an appropriate level of security may be used for the data associated with the context.

Abstract: A method is provided for evaluating the usage of a mobile communications device that itself provides access to a resource. In the method, a detected usage of the mobile communications device is compared to a stored usage pattern of an authorized user. When a measure associated with the difference between the detected usage and the stored usage pattern exceeds a threshold, it is concluded that the mobile communications device is being used by an unauthorized user. In response to this conclusion, a restriction is placed on an ability of the mobile communications device to access the resource.

Abstract: A source of side-loaded software is determined. An action may be performed in response to the determination of the source. In one case, the handling of an application on a mobile device may be based on whether the source of the application is trusted or untrusted. If a software application being newly-installed on a mobile device of a user is determined to be untrusted, installation or execution is blocked. In one approach, the determination of the source includes: determining whether a first source identifier of a first application matches a white list of source identifiers or a black list of source identifiers; and sending the first source identifier, a first application identifier, and a signature of authorship for the first application to a different computing device.

Abstract: A method for authorizing a mobile payment transaction is provided that is based on device locations. The method includes receiving, by a server, a request from a point of sale (POS) device to authorize a payment transaction involving a payment facilitating device. In an embodiment, the request includes payment information of the payment transaction and location information of the POS device. When the request is received, an authorizing client device for the payment transaction is identified based on the payment information from the payment facilitating device. The request to authorize the payment transaction is granted when it is determined that the authorizing client device is located within a predetermined distance from the POS device.

Abstract: The method disclosed herein provides for performing device authentication based on the of proximity to another device, such as a key device. When a key device is not near a mobile communications device, an unlock screen is allowed to be presented on a display screen. Based on the mobile communications device receiving a first code to unlock the mobile communications device, the mobile communications device is unlocked in a first mode.

Abstract: A method for authorizing a mobile payment transaction is provided. The method includes receiving, by a server, a request to authorize a payment transaction which originates from a point of sale (POS) module. In an embodiment, the request includes payment information of the payment transaction and location information of the POS module. When the request is received, an authorizing client device for the payment transaction is identified based on the payment information and a disposition of the request to authorize the payment transaction is determined based on whether the authorizing client device is located within a predetermined proximity to the POS module.

Abstract: The security of network connections on a computing device is protected by detecting and preventing compromise of the network connections, including man-in-the-middle (MITM) attacks. Active probing and other methods are used to detect the attacks. Responses to detection include one or more of displaying a warning to a user of the computing device, providing an option to disconnect the network connection, blocking the network connection, switching to a different network connection, applying a policy, and sending anomaly information to a security server.

Abstract: Data is collected from a set of devices according to a data collection policy. The data is associated with device configuration, device state, or device behavior. A norm is established using the collected data. A different data collection policy is established based on the norm. Data is collected from a particular device according to the different data collection policy. The norm is compared to the data collected from the particular device. If there is a deviation outside of a threshold deviation between the norm and the data collected from the particular device, a response is initiated.

Abstract: Security is enhanced for a user of a mobile communications device by monitoring device usage and modifying an operational context for device usage. By monitoring current activities of the mobile communications device, a current context for operation of the mobile communications device is identified, and the current context indicates that a first activity is scheduled to be performed by a first resource. However, upon determining that the first resource may not be sufficient to perform the first activity, an alternative resource for performing the first activity is identified, and the current context is modified to substitute the alternative resource for the first resource in order to perform the first activity.

Abstract: Methods are provided for determining an enterprise risk level, for sharing security risk information between enterprises by identifying a security response by a first enterprise and then sharing the security response to a second enterprise when a relationship database profile for the first collection indicates the security response may be shared. Methods are also provided for determining whether to allow a request from an originating device where the request may have been initiated by a remote device.

Abstract: Methods and systems are provided for sharing security risk information between collections of computing devices, such as mobile communications devices, to improve the functioning of devices associated with the collections. The methods and systems disclosed may share security risk information by identifying a security risk response by a first collection and then providing the security risk response to a second collection when a relationship database profile for the first collection indicates the security response may be shared with the second collection. Methods and systems are also provided for determining whether to allow a request from an originating device where the request may have been initiated by a remote device.

Abstract: A system and method for coordinating security components, including: determining, by an application executing on a client device, a need to perform a sharable functional task; identifying a first security component and a second security component installed on the client device and capable of performing variations of the sharable functional task, where variations of the sharable functional task are functionally overlapping and not identical; identifying a set of characteristics characterizing the first security component and the second security component; selecting the second security component as a primary security component for performing a variation of the sharable functional task based on the set of characteristics; delegating, by one or more processors, performance of the sharable functional task to the primary security component; and instructing the processors to cause functionality associated with the first security component to be at least partially suspended.

Abstract: Security is enhanced for a user of a mobile communications device by monitoring and controlling resource usage. First information associated with each of a plurality of mobile communications devices is collected, including configurations and settings for applications, components, resources and external resources for each mobile communications device. The collected information is used to identify an application, component, resource or external resource that is currently active on two of the mobile communications devices. Second information is transmitted to the first of the two mobile communications devices to reduce or terminate usage of the identified application, component, resource or external resource on the first mobile communications device.

Abstract: The method disclosed herein provides for performing device security corrective action based on loss of proximity to another device, such as a key device. While a mobile communication device is locked, a mobile communication device determines whether or not a key device is within a specified distance. If the key device is not within the specified distance from the mobile communication device, a notification may be displayed on the mobile communication device. If a user responds to the notification, the user may prevent or alter the mobile communication device from performing at least one device security corrective action. If, however, the user does not respond to the notification within a specified time period, the at least one device security corrective action is performed on the mobile communication device.