Abstract: One disclosed method involves causing, by a computing system, installation of at least a first application and a second application, determining, by the computing system, first application data indicative of modifications occurring in response to installation of the first application, determining, by the computing system, second application data indicative of modifications occurring in response to installation of the second application, and processing the first application data and the second application data to generate a set of application policies to control use of the first application and the second application at a user device.

Abstract: A backend computing system may receive first data from a first computing system, where the first data may be an encrypted version of second data that has been generated at the first computing system based on a command at the first computing system. The backend computing system may identify a second computing system different than the first computing system based on a status of the second computing system, and may send the first data to the second computing system to enable the second computing system to decrypt the first data and perform a function with respect to the second data. In some embodiments, the first computing system may generate padded data by adding data to the second data, and send the padded data to the backend computing system. In some embodiments, the first computing system may send random data to the backend computing system.

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. A computing device may receive from an identity provider a token authenticating that a user of a client device is at a first location. The computing device may determine, based on the token, one or more labels for a session associated with the user. Each label of the one or more labels is associated with a corresponding security group. Based on the one or more labels, the user of the client device may be granted access to sensitive data.

Abstract: A backend computing system may receive first data from a first computing system, where the first data may be an encrypted version of second data that has been generated at the first computing system based on a command at the first computing system. The backend computing system may identify a second computing system different than the first computing system based on a status of the second computing system, and may send the first data to the second computing system to enable the second computing system to decrypt the first data and perform a function with respect to the second data. In some embodiments, the first computing system may generate padded data by adding data to the second data, and send the padded data to the backend computing system. In some embodiments, the first computing system may send random data to the backend computing system.

Abstract: A server includes a virtual machine to execute a remote graphics generation protocol. Execution of the remote graphics generation protocol determines a protection label to be inserted within a bitmap that is to be transmitted for display on a client machine associated with the virtual machine, and determines at least one optimization technique to be performed on the bitmap. A determination is made on if the at least one optimization technique, if performed, alters the at least one protection label when inserted within the bitmap. The protection label is inserted within the bitmap.

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. A computing device may receive from an identity provider a token authenticating that a user of a client device is at a first location. The computing device may determine, based on the token, one or more labels for a session associated with the user. Each label of the one or more labels is associated with a corresponding security group. Based on the one or more labels, the user of the client device may be granted access to sensitive data.

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. During authentication, context information for the client device, such as device type, device location, etc., may be determined. A computing device in the system may receive data indicating the context information, such as data indicating that the user is at a particular location and/or is of a particular device type. One or more labels for a session associated with the user of the client device may be determined based on the data indicating the context information. The computing device may generate an authentication certificate comprising one or more labels. Based on the certificate, one or more access groups for the user of the client device may be determined, and the user of the client device may be granted or denied access to one or more resources according to the access group(s).

Abstract: A server includes a virtual machine to execute a remote graphics generation protocol. Execution of the remote graphics generation protocol determines a protection label to be inserted within a bitmap that is to be transmitted for display on a client machine associated with the virtual machine, and determines at least one optimization technique to be performed on the bitmap. A determination is made on if the at least one optimization technique, if performed, alters the at least one protection label when inserted within the bitmap. The protection label is inserted within the bitmap.

Abstract: A server includes a hardware platform, a hypervisor platform, and a virtual machine operating as an independent guest computing device. The virtual machine executes a remote graphics generation protocol to generate a bitmap to be transmitted for display on a client machine associated with the virtual machine, determine a protection label to be inserted within the bitmap, and determine an optimization technique to be performed on the bitmap. The remote graphics generation protocol also determines if the optimization technique, if performed, alters the protection label. If yes, then the protection label is inserted within the bitmap without performing the optimization technique. If no, then the optimization technique is performed and the protection label is inserted within the bitmap.

Abstract: A server includes a hardware platform, a hypervisor platform, and a virtual machine operating as an independent guest computing device. The virtual machine executes a remote graphics generation protocol to generate a bitmap to be transmitted for display on a client machine associated with the virtual machine, determine a protection label to be inserted within the bitmap, and determine an optimization technique to be performed on the bitmap. The remote graphics generation protocol also determines if the optimization technique, if performed, alters the protection label. If yes, then the protection label is inserted within the bitmap without performing the optimization technique. If no, then the optimization technique is performed and the protection label is inserted within the bitmap.

Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Components used to implement fast smart card logon may also be used to implement a federated full domain logon. A virtual smart card credential, which may be ephemeral, may be issued based on the acceptance of an external authentication event. Example external authentication events include logon at a Security Assertion Markup Language (SAML) Identity Provider, smart card authentication over TLS or SSL, and alternative authentication credentials such as biometrics or one-time password (OTP) without AD password. Moreover, the certificate operation interception components from fast smart card logon may be used to enable interaction with the virtual smart card without fully emulating a smart card at the PC/SC API level.

Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server device used for authentication and the client device. These operations may include fetching a user certificate from the smart card or signing data. Fast smart card logon may also improve security by optionally avoiding PIN (or other credential) transmission over networks, and to enable single sign on from an authentication event (e.g., Secure Sockets Layer (SSL) or Transport Layer Security (TLS) authentication) using a smart card to the domain logon without resorting to PIN caching.

Abstract: Methods and systems for granting or denying a client device access to one or more resources in a remote computing environment are described herein. During authentication, context information for the client device, such as device type, device location, etc., may be determined. A computing device in the system may receive data indicating the context information, such as data indicating that the user is at a particular location and/or is of a particular device type. One or more labels for a session associated with the user of the client device may be determined based on the data indicating the context information. The computing device may generate an authentication certificate comprising one or more labels. Based on the certificate, one or more access groups for the user of the client device may be determined, and the user of the client device may be granted or denied access to one or more resources according to the access group(s).

Abstract: Methods and systems are disclosed for providing approaches to enterprise authentication via third party authentication support. The methods and systems may include transmitting, by a computing device to an authentication device, a request to authenticate a client device application via a forms login protocol, and transmitting, by the computing device to the client device application, a first credential form retrieved from an authentication device generated by an extension device. The methods and systems may also include receiving, by the computing device from the client device application, a first authentication credential, and transmitting, by the computing device to the authentication service via the extension device, the first authentication credential.

Abstract: A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature.

Abstract: Aspects described herein are directed toward systems, methods, devices, and non-transitory computer-readable media for containerizing a web application and managing its execution. In example implementations, at least a portion of a web application a resource list identified by that web application is retrieved. The portion of the web application and the resources retrieved are cached at a computing device. The application manager intercepts one or more function calls invoked at the cached portion of the web application and processes the function calls intercepted.

Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Components used to implement fast smart card logon may also be used to implement a federated full domain logon. A virtual smart card credential, which may be ephemeral, may be issued based on the acceptance of an external authentication event. Example external authentication events include logon at a Security Assertion Markup Language (SAML) Identity Provider, smart card authentication over TLS or SSL, and alternative authentication credentials such as biometrics or one-time password (OTP) without AD password. Moreover, the certificate operation interception components from fast smart card logon may be used to enable interaction with the virtual smart card without fully emulating a smart card at the PC/SC API level.

Abstract: Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server device used for authentication and the client device. These operations may include fetching a user certificate from the smart card or signing data. Fast smart card logon may also improve security by optionally avoiding PIN (or other credential) transmission over networks, and to enable single sign on from an authentication event (e.g., Secure Sockets Layer (SSL) or Transport Layer Security (TLS) authentication) using a smart card to the domain logon without resorting to PIN caching.

Abstract: Methods and systems are disclosed for providing approaches to enterprise authentication via third party authentication support. The methods and systems may include transmitting, by a computing device to an authentication device, a request to authenticate a client device application via a forms login protocol, and transmitting, by the computing device to the client device application, a first credential form retrieved from an authentication device generated by an extension device. The methods and systems may also include receiving, by the computing device from the client device application, a first authentication credential, and transmitting, by the computing device to the authentication service via the extension device, the first authentication credential.

Abstract: A method of authentication and accessing resources is provided. A client device may send a request to a proxy device to access a resource, such as an enterprise resource. The proxy device may authenticate with one or more servers associated with the resource. During authentication, the proxy device may receive a request for a signature controlled by the client device. In response, the proxy device may send a request to the client device for the signature. The request may also include context information that identify a data structure of authentication information exchanged (or to be exchanged) during the authentication session. If the client device verifies the context information, the client device may send the requested signature.