Abstract: Methods and systems for using a software gateway to improve enterprise user privacy for network communication data are described. A server executing the software gateway may receive a request for network communication data via several described pathways, including a software client on the client device, a proxy auto-configuration module, and a reverse proxy server. The software gateway may receive the network communication data, which is then forwarded to a proxy server, where the proxy server executes software modules included within the network communication data to generate expanded network data. The software gateway server may then filter the expanded network data by applying a set of content identification rules. Each content identification rule may specify data that is not passed to the client device. Only the portion of the executed network data allowed by the set of content identification rules may then be transmitted back to the software client.

Abstract: Systems, methods, and apparatus related to network security. In one approach, various endpoint devices communicate with a network gateway and/or API mode CASB over one or more networks. All communications by the endpoint devices with remote servers and clouds pass through the network gateway (and/or by cloud service access when using an API mode CASB). The gateway and/or CASB gathers metadata from the endpoint devices and/or network devices. The metadata indicates characteristics of the communications by the endpoint devices on the networks and/or processes running on the endpoint devices. The gateway and/or CASB identifies security risks using at least the metadata, and in response dynamically performs remediation actions for one or more of the networks in real-time to limit or block propagation of a cyber attack associated with one or more of the identified security risks.

Abstract: For increased device security, a security policy manager is used to configure permissions for applications installed on mobile computing devices. In one approach, an evaluation server receives data associated with a context for a computing device. Based on the received data, a policy that is applicable for the current context of the computing device is identified. The identified policy has rules regarding access permissions for software installed on computing devices. The server determines a current policy implemented on the computing device, which includes determining an access permission for software installed on the computing device. The server determines that the access permission for the installed software does not comply with the policy applicable to the current context. Based on this determination, the server revokes the access permission for the installed software.

Abstract: Systems and methods are described for managing personal data on a client computer, in which personal data associated with the client computer is identified by a policy management module. An analysis may be performed for the client computer by a server using fake personal data. To identify applications which may attempt to access the personal data, the fake personal data is tracked for access on the client computer. A policy is then created that disallows access of the personal data by any applications identified by the analysis of the client computer as accessing the fake personal data. The policy is then assigned to the client computer.

Abstract: Methods and systems provide for augmenting images and displayed objects using extended reality (XR) images. Image data may be received that includes real-world image data displayed on a display of the client device, which is monitored by a guide software component, and XR images. A person may be identified from the real-world image data, and, in response to identifying the person, stored information may be retrieved from a record associated with the identified person in a database in communication with the client device. The guide software component may then modify the XR images in response to identifying the person to include the retrieved information associated with the identified person. Additional XR images may be used to provide informative content at spatial anchor locations within the real-world image data.

Abstract: The security of network connections on a computing device is protected by detecting and preventing compromise of the network connections, including man-in-the-middle (MITM) attacks. Communications are intercepted by a client-side proxy before being sent to a recipient designated by an application. The intercepted communication is inspected, and a first connection is determined to be used to send the communication based on the inspection. Finally, before the communication is sent via the first connection, an action is performed by the client-side proxy resulting in an indication that the first connection is compromised. The action may include comparing data associated with the first connection to data associated with known compromised connections. In various embodiments, additional security responses may subsequently be performed by the client-side proxy based on the indication that the first connection is compromised.

Abstract: Security policies are made dependent on location of a device and the location of a device is determined and the appropriate security policy applied without providing the device's location to a server. A device determine its location and identifies a security policy identifier mapped to a zone including the location. The device requests the security policy corresponding to the identifier from a server and implements it. The device may also store a database of the security policies and implement them according to its location. Devices registered for a user evaluate whether locations detected for the devices correspond to impossible travel by the user. Objects encoding geolocation data of a device may be encrypted with a private key of the device and the public key of another to prevent access by an intermediary server.

Abstract: A system providing differentiation of devices for home network microsegmentation and device security status reporting is disclosed. The system gathers characteristic data for devices of a non-organizational network. Based on the characteristic data, the system determines whether the devices are associated with an organizational network. If a device is associated with the organizational network, the system automatically generates a microsegmented organizational network that is separately accessible from the non-organizational network and assigns each device associated with the organizational network to the microsegmented organizational network. The system analyzes communications associated with the devices and may determine a risk score for the non-organizational network based on the communications and/or characteristics of the devices and networks.

Abstract: For increased security, a source is determined for software to be installed on a computing device. In one approach, a side-load server receives, from a mobile device, data regarding an application to be installed on the mobile device. The server determines a source of the application, then sends, to an authenticity server, data regarding the source. The server receives, from the authenticity server, a first state designation for the application. In response to receiving the first state designation, the server sets a second state designation, and sends the second state designation to the mobile device (e.g., to permit or block installation of the application).

Abstract: A machine learning system for providing automated detection of suspicious digital identifiers is disclosed. The system receives a request to determine if an identifier associated with a resource attempting to be accessed by a device is suspicious. In response to the request, the system selects a machine learning model and loads or computes features associated with the address to facilitate determination regarding suspiciousness of the digital identifier. The system executes the machine learning model utilizing the features to determine whether the digital identifier is suspicious. The determination regarding suspiciousness of the digital identifier is provided to a phishing and content protection classifier to persist the response in a database. The determination may be verified by an expert and may be utilized to prevent access to the resource associated with the identifier and to train the machine learning model to enhance future determinations relating to suspiciousness of digital identifiers.

Abstract: Systems and methods are described for managing personal data on a client computer, in which personal data associated with the client computer is identified by a policy management module. An analysis may be performed for the client computer by a server using fake personal data. To identify applications which may attempt to access the personal data, the fake personal data is tracked for access on the client computer. A policy is then created that disallows access of the personal data by any applications identified by the analysis of the client computer as accessing the fake personal data. The policy is then assigned to the client computer.

Abstract: Events of a calendar are identified and evaluated for confidentiality due to an explicit tag, location, participants, or subject matter. In response, permissions of applications on a device are dynamically reduced. Permissions may include permissions to access sensors such as a microphone and camera. Sensors of other devices such as a voice-processing device or Bluetooth device may be disabled. The risk associated with applications on a device may be evaluated based on permissions, usage, collected data, cloud service provider, location, permissions and usage of other users of the application, and other attributes of the application. The risk may be represented as a risk score used to determine whether to perform a mitigation action.

Abstract: In one approach, a first computing device receives a request from a second computing device. The request is for access by the second computing device to a service provided by a third computing device over a network. In response to receiving the request, the first computing device performs a security evaluation of the second computing device. The evaluation determines a risk level. The first computing device generates, based on the evaluation, a token for the second computing device. The token includes data encoding the risk level. The token is sent to the second computing device and/or third computing device. The sent data is used to configure the service provided to the second computing device.

Abstract: Computer systems and methods to protect user credential against phishing with security measures applied based on determination of phishing risks of locations being visited, phishing susceptibility of users, roles of users, verification of senders of messages, and/or the timing of stages in accessing and interacting with the locations. For example, when a site is unclassified at the onset of being accessed by a user device, security measures can be selectively applied to allow the site to be initially viewed on the user device, but disallow some user interactions to reduce phishing risk. For example, a response to a domain name system (DNS) request can be customized based on a user risk level. For example, a message can be displayed without a profile picture of a contact of a user when the sender of the message appears to be the contact but cannot be verified to be the contact.

Abstract: Methods and systems provide for multi-factor authentication (MFA) of a user to a device or network in which continuous user authentication criteria is used to determine access to encrypted files. After the user is authenticated and provided with access, a continuous user authentication criteria must be fulfilled for that access to the encrypted file to be maintained. When it is determined that the criteria is not satisfied, access to the encrypted file is denied. The criteria may be based on the location of a second computing device with respect to a first computing device. Multiple methods of determining continuity may be employed simultaneously, with access being denied when continuity is fulfilled by none of the methods.

Abstract: A method for locating a mobile device which is not in possession of the owner using an owner verification server. A mobile network operator server sends a message to the owner verification server requesting verification of ownership. The owner verification server retrieves ownership status and transmits a request to the mobile network operator server to transmit location tracking data when the ownership status indicates that the device is not in the owner's possession. The owner verification server forwards the location tracking data to the device owner.

Abstract: The method disclosed herein provides for performing user authentication and maintaining user authentication and access to a second device based on the user maintaining control of a first device. The user's continued control may be based on determining the user's continued possession of the first device from the authentication to a pairing with the second electronic device which then causes a second security component executing on the second electronic device to change the second electronic device to an unlocked state.

Abstract: In one approach, a request for software evaluation is received by an evaluation server from a user device. The request relates to software to be installed on the user device. In response to receiving the request, the evaluation server sends data associated with the software to an authenticity server. The evaluation server receives, from the authenticity server, a result from the evaluation of the software. The evaluation server determines based on the result whether a security threat is associated with the software. In response to determining that there is a security threat, the evaluation server sends a communication to the user device that causes the software to be quarantined.

Abstract: Methods and systems provide for improved security for domain name resolution (DNS) and browsing. User privacy may be improved for client devices by first transmitting authentication information and the domain name to a server. After determining that the requesting security component on the client device is authorized to access a domain resolution service, the domain name is resolved to obtain an internet protocol (IP) address. Classification data is then retrieved from a third-party service for the domain name and/or the IP address. This classification data may then be evaluated against a first policy associated with the client device. When the evaluation indicates the client device is not allowed to access the IP address, the client device is sent information indicating that access is not permitted. When access is permitted, the client device may be sent the IP address and the classification data used for the evaluation.

Abstract: A method for locating a mobile device which is not in possession of the owner using an owner verification server. A mobile network operator server sends a message to the owner verification server requesting verification of ownership. The owner verification server retrieves ownership status and transmits a request to the mobile network operator server to transmit location tracking data when the ownership status indicates that the device is not in the owner's possession. The owner verification server forwards the location tracking data to the device owner.