Abstract: Techniques are described for network security. One method includes identifying a network-access boundary associated with a network for a location, generating a credential for the network based at least in part on the identified network-access boundary, receiving a request from a user equipment (UE) to access the network associated with the location, and transmitting the credential associated with the network based at least in part on the network-access boundary.

Abstract: The disclosed method for creating credential vaults that use multi-factor authentication to automatically authenticate users to online services may include (1) detecting a user account for an online service that uses multi-factor authentication comprising a token that generates a cryptographic authentication code, (2) creating a virtual representation of the token that is capable of generating the cryptographic authentication code, (3) storing the virtual representation of the token and a set of credentials for the user account in a credential vault for a user, (4) sending a message to the online service that associates the virtual representation of the token with the user account, (5) authenticating the user to the credential vault, and (6) automating the multi-factor authentication process for the online service by providing the cryptographic authentication code and the set of credentials to the online service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for registering user accounts with multi-factor authentication schemes used by online services may include (1) determining that a user is associated with an account with an online service that allows the user to register the account with an MFA scheme that requests the user to complete multiple authentication steps before being allowed to access the account, (2) identifying, based on an analysis of the online service, at least a portion of the information that is requested by the online service to register the account with the MFA scheme, and (3) providing the requested information to the online service such that the account is registered with the MFA scheme. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems, apparatuses, methods, and computer readable mediums for implementing a flexible call blocking scheme using validated identities and selected attribute sharing. A user may undergo an identity verification process to generate one or more signed attributes associated with the user. When the user initiates a phone call, the user may select which attributes to expose to the callee. In one embodiment, the user's device may prevent the user's phone number from being exposed to the callee. The selected attributes may be sent to the callee, and then the device of the callee may compare the selected attributes to preconfigured rules. If the preconfigured rules indicate the selected attributes of the caller meet one or more criteria, then the call may be allowed to ring the device of the callee. Otherwise, the call may be blocked.

Abstract: The disclosed computer-implemented method for preventing session hijacking may include (1) determining that a user is attempting to complete at least a portion of an authentication session on a first computing system, (2) using input from one or more input devices of the first computing system to obtain environmental context associated with the user's attempt to complete the authentication session, (3) preventing the authentication session from authenticating the user while using the environmental context to determine whether the authentication session is valid, where using the environmental context to determine whether the authentication session is valid includes (a) transmitting the environmental context to a second computing system and (b) requesting an indication of whether, based on an evaluation of the environmental context at the second computing system, the authentication session is valid. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for securing computing devices that are not in users' physical possessions may include (i) taking, at a computing device of a user while the user is in physical possession of the computing device, a first measurement of a biological attribute of the user's body, (ii) taking, at the computing device, a second measurement of the same biological attribute, (iii) analyzing, at the computing device, the second measurement relative to the first measurement to determine that the user is no longer in physical possession of the computing device, and (iv) performing, at the computing device in response to determining that the user is no longer in physical possession of the computing device, a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for system backup are disclosed. In one embodiment, the techniques may be realized as a method including identifying a particular characteristic of a particular modification of a default automated procedure for selecting files to include in an off-site backup, wherein the identifying is based at least in part on an aggregation of data from many client devices as to how each of many users deviated from the default automated selection procedure; receiving a first system profile for a first client device; identifying the particular characteristic in the first system profile; and based on identifying the particular characteristic in the first system profile, applying a modified default automated selection procedure to the first client device, the modified default automated selection procedure including the particular modification identified with the particular characteristic.

Abstract: A method for defeating wireless signal interference hacks is described. The method may include monitoring operations associated with user input of a user into an application on a mobile computing device. The user input may include physical interaction by the user's fingers with the mobile computing device causing signal interference by the fingers with a wireless signal transmitted by the mobile computing device such that a position of the fingers is detectable by a third party receiving the wireless signal. The method may include detecting an information entry event based on the monitored operations, modifying a wireless signal strength of the wireless signal transmitted by the mobile computing device from a standard signal strength level such that the position of the fingers of the user on the mobile computing device is not detectable by the third party receiving the wireless signal in response to detecting the information entry event.

Abstract: The disclosed computer-implemented method for providing assistance to users in emergency situations may include (i) detecting that a user of an endpoint device is involved in an emergency situation, (ii) identifying an individual capable of assisting the user in the emergency situation by (a) locating an additional endpoint device that is nearby the endpoint device of the user and (b) determining that the additional endpoint device asserts an attribute of the individual that indicates the individual is qualified to assist the user involved in the emergency situation and is verified by a trusted third party, and (iii) enabling the individual to assist the user involved in the emergency situation by providing information about the emergency situation from the endpoint device of the user to the additional endpoint device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for enabling calls to bypass call-blocking functions may include (1) transmitting, from the computing device that is configured with a call-blocking function, a token to an additional device owned by an individual who is to be allowed to bypass the call-blocking function of the computing device, (2) receiving, by the computing device, a request from an unknown device to initiate a call to the computing device that would be blocked by the call-blocking function, (3) determining that the request to initiate the call includes the token, and (4) enabling the call from the unknown device to the computing device to bypass the call-blocking function in response to determining that the request includes the token. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for verifying that operators are human based on operator gaze may include (1) presenting an image to a user of the computing device via a display element of the computing device, (2) tracking the user's gaze as the image is presented to the user, (3) determining, based on an analysis of the user's gaze, that one or more patterns of the user's gaze are consistent with one or more human gaze patterns, and (4) classifying the user as a human in response to determining that the one or more patterns of the user's gaze are consistent with one or more human gaze patterns. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for automatically adjusting user access permissions based on beacon proximity may include (1) identifying a network-enabled device that is attempting to access a network resource that is protected by a security policy, where the security policy identifies an access level at which one or more devices may access the network resource when the devices are within range of the short-range wireless signal from the secure beacon, (2) determining that the network-enabled device is within range of the short-range wireless signal from the secure beacon, and (3) establishing, according to the security policy, the access level at which the network-enabled device is allowed to access the network resource based at least in part on the network-enabled device being within range of the short-range wireless signal. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting cloning of security tokens may include (i) logging, at an authentic security token, one-time-use security codes that are derived at the authentic security token from a shared secret that is stored at the authentic security token, (ii) logging, at a validation server, one-time-use security codes that are derived from the shared secret and received at the validation server, (iii) determining that the authentic security token has been cloned by determining that the one-time-use security codes logged at the validation server include at least one additional one-time-use security code that is not included in the one-time-use security codes logged at the authentic security token, and (iv) performing a security action in response to determining that the authentic security token has been cloned. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Ongoing analytics streams are received over time from mobile computing devices. An analytics stream comprises data corresponding to monitored activity that occurred on the originating mobile computing device. Dynamic, personalized knowledge based authentication questions are generated from analytics stream data. In response to an authentication request from a user, the user is prompted to answer a given number of current dynamic, personalized knowledge based authentication questions.

Abstract: Techniques for user authentication are disclosed. In one embodiment, the techniques may be realized as a method including during registration of a user, receiving a first captured image of a physical key having a blade; identifying from the captured image a plurality of features associated with the blade of the physical key; associating the identified plurality of features with the user as key feature data; in response to a subsequent access request by the user requiring authorization of the user, prompting the user to present the physical key; receiving a second captured image in response to prompting the user; analyzing the second image to determine if the key feature data is represented in the second image; and in response to determining that the key feature data is represented in the second image, authorizing the user's access request.

Abstract: A computer-implemented method for detecting public networks may include (1) calculating, based on packet information collected from a set of client devices, a count of unique client devices communicating with a local area wireless network over a period of time, (2) determining that the count of unique client devices exceeds a predefined security threshold number of unique client devices, (3) estimating, based on determining that the count of unique client devices exceeds the predefined security threshold number, that the local area wireless network corresponds to a public wireless network, (4) receiving a request for information indicating whether the local area wireless network corresponds to a public wireless network, and (5) transmitting, in response to the request, a network packet indicating that the local area wireless network has been flagged as the public wireless network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for efficiently establishing secure mobile device communication for location-aware applications. A beacon device broadcasts encrypted packets. Each of the packets includes an indication of a respective time of broadcast. A mobile computing device, such as a smartphone, receives a packet that is broadcast from the beacon device. The mobile computing device determines the packet corresponds to a particular location-aware application and sends the packet to a server. The server determines an expected latency for the received packet based at least in part on crowdsourcing, which includes latencies of other packets sent from the same location. If the server determines the latency of the received packet is not within an expected range, the server considers the packet to be invalid.

Abstract: Techniques for mobile geofencing may be realized as a method including: receiving geofence parameters comprising at least one target, wherein the at least one target includes a mobile target; receiving updated position data associated with the mobile target and updating the position of the mobile target in response to the updated position data; monitoring a position of a client device; and determining that the monitored position of the client device transgresses the geofence parameters, wherein the determination includes determining that a distance between the updated position of the mobile target and the monitored position of the client device is greater than a first threshold distance.

Abstract: The disclosed computer-implemented method for managing encryption keys for single-sign-on applications may include (1) receiving, from an identity service, notification of a request to access encrypted data on a cloud service, the notification including a session key for encrypting and decrypting a master key for decrypting cloud service keys, (2) deriving the master key, (3) decrypting, using the master key, a cloud service key for decrypting data on the cloud service, (4) storing the master key, encrypted using the session key, (5) receiving an additional notification of an additional request to access encrypted data on an additional cloud service, the notification including the session key, (6) without again obtaining the authentication element from the user, decrypting the master key, and (7) decrypting, using the master key, an additional cloud service key for decrypting data on the additional cloud service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for image-based encryption of cloud data may include (1) identifying a user account for a cloud data store, wherein the cloud data store stores at least one secret to be secured by encryption on behalf of the user account, (2) receiving an image file to be used at least in part to generate a cryptographic element to be used for encrypting the secret, the cryptographic element capable of being re-created when the image file is provided again at a later time, (3) using at least one cryptographic function, generating the cryptographic element based at least in part on the image file, and (4) securing the secret by encrypting the secret using the cryptographic element. Various other methods, systems, and computer-readable media are also disclosed.