Abstract: Methods and systems for improved and novel encryption that make it difficult or impossible in any practical way to extract data that has been protected on the computing system. A computing device may receive authentication data from a client device. The computing device may generate an encryption key and a corresponding decryption key. The computing device may receive, from the client device, information associated with a timed access window. The computing device may send, to the client device, the encryption key. The computing device may receive, from the client device, a request for the corresponding decryption key. The computing device may calculate that the request for the corresponding decryption key is during the timed access window and send, to the client device, based on the request and the calculation that the request for the corresponding decryption key is during the timed access window, the corresponding decryption key.

Abstract: Systems and methods for implementing a micro firewall in a mobile application are provided here. Firewall logic can be injected or provided to a mobile application. The firewall logic can provide one or more rules for processing network traffic from application programming interfaces (APIs) of the mobile application. The mobile application having the firewall logic can be made available for installation on a mobile device. The mobile application having the firewall logic can be provided or installed on to a mobile device. During execution of the mobile application, the firewall logic of the mobile application can hook a plurality of API calls of the mobile application relevant to network traffic. The firewall logic can apply one or more rules of the firewall logic to process network traffic corresponding to an API call of the plurality of API calls of the mobile application.

Abstract: Systems and method for web control adaptation and hooking for virtual private network integration are provided herein. A client application executing on a client device can modify a scheme support function of a web control application to return a first value in response to a first scheme type. The first value can indicate that the web control application does not support the first scheme type. A custom scheme function can be registered to handle the first scheme type and can intercept requests of the first scheme type. The custom scheme function can transmit the requests to one or more URLs corresponding to one or more applications through a virtual private network (VPN). The custom scheme function can forward, to the web control application for rendering on the client device, the data corresponding to the application retrieved by the custom scheme function through the VPN.

Abstract: In one disclosed method, a computing system determines, on a first occasion, that a first user typed a first sequence of characters including at least a first character followed by a second character, and determines first data that is based at least in part on a first time interval between first and second interactions by the first user with a keyboard while typing the first character and the second character within the first sequence of characters. On a second occasion, the computing system determines that a person typed a second, different sequence of characters including at least the first character followed by the second character, determines second data that is based at least in part on a second time interval between third and fourth interactions by the person with a keyboard while typing the first character and the second character within the second sequence of characters, and determines that the person is the first user based at least in part on the first data and the second data.

Abstract: In one aspect, an example methodology implementing the disclosed techniques includes, by a computing device, splitting a content being displayed on a screen over time into a first plurality of frames and displaying on the screen the first plurality of frames in accordance with a frame rate. Each frame of the first plurality of frames can include a portion of the content such that a composite of the first plurality of frames shows the content. In some cases, the splitting of the content may include applying time decomposition to the content.

Abstract: Methods and systems for improved and novel encryption that make it difficult or impossible in any practical way to extract data that has been protected on the computing system. A computing device may receive authentication data from a client device. The computing device may generate an encryption key and a corresponding decryption key. The computing device may receive, from the client device, information associated with a timed access window. The computing device may send, to the client device, the encryption key. The computing device may receive, from the client device, a request for the corresponding decryption key. The computing device may calculate that the request for the corresponding decryption key is during the timed access window and send, to the client device, based on the request and the calculation that the request for the corresponding decryption key is during the timed access window, the corresponding decryption key.

Abstract: A method may include assigning, to a category, a current email in response to a removal of one or more recipients of the current email, such that the remaining recipients of the current email are part of a same user group. The current email may be a response to a previous email having one or more recipients who are not part of the same user group. Furthermore, a subsequent email responding to the current email and/or is similar to the current email may also be assigned to the same category. One or more actions may be performed based on the current email and the subsequent email being assigned to the category. The actions may be performed to prevent the current email and the subsequent email from being sent to a recipient who is not part of the same user group. Related systems and computer program products are also provided.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to measure one or more environmental factors; convert the one or more environmental factors to entropy values by truncation or rounding of the one or more environmental factors to a selected number of bits; and combine the entropy values to generate an encryption key. The one or more environmental factors may include a location of the computer system, a current date and time, parameters of a network environment to which the computer system is connected, or an identification of a server to which the computer system is connected. The at least one processor is further configured to encrypt and/or decrypt at least a portion of a data file and/or at least a portion of a binary executable application using the encryption key.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to measure one or more environmental factors; convert the one or more environmental factors to entropy values by truncation or rounding of the one or more environmental factors to a selected number of bits; and combine the entropy values to generate an encryption key. The one or more environmental factors may include a location of the computer system, a current date and time, parameters of a network environment to which the computer system is connected, or an identification of a server to which the computer system is connected. The at least one processor is further configured to encrypt and/or decrypt at least a portion of a data file and/or at least a portion of a binary executable application using the encryption key.

Abstract: Systems and methods for implementing a micro firewall in a mobile application are provided here. Firewall logic can be injected or provided to a mobile application. The firewall logic can provide one or more rules for processing network traffic from application programming interfaces (APIs) of the mobile application. The mobile application having the firewall logic can be made available for installation on a mobile device. The mobile application having the firewall logic can be provided or installed on to a mobile device. During execution of the mobile application, the firewall logic of the mobile application can hook a plurality of API calls of the mobile application relevant to network traffic. The firewall logic can apply one or more rules of the firewall logic to process network traffic corresponding to an API call of the plurality of API calls of the mobile application.

Abstract: Systems and methods for implementing a micro firewall in a mobile application are provided here. Firewall logic can be injected or provided to a mobile application. The firewall logic can provide one or more rules for processing network traffic from application programming interfaces (APIs) of the mobile application. The mobile application having the firewall logic can be made available for installation on a mobile device. The mobile application having the firewall logic can be provided or installed on to a mobile device. During execution of the mobile application, the firewall logic of the mobile application can hook a plurality of API calls of the mobile application relevant to network traffic. The firewall logic can apply one or more rules of the firewall logic to process network traffic corresponding to an API call of the plurality of API calls of the mobile application.

Abstract: A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to measure one or more environmental factors; convert the one or more environmental factors to entropy values by truncation or rounding of the one or more environmental factors to a selected number of bits; and combine the entropy values to generate an encryption key. The one or more environmental factors may include a location of the computer system, a current date and time, parameters of a network environment to which the computer system is connected, or an identification of a server to which the computer system is connected. The at least one processor is further configured to encrypt and/or decrypt at least a portion of a data file and/or at least a portion of a binary executable application using the encryption key.

Abstract: A system for managing electronic mail (email) from among email recipients may include an email management server configured to store an email reply-impermissible flag for email conversation threads and user devices each associated with a given email recipient from among the email recipients. Each user device may be configured to display a given email having a corresponding email conversation thread associated therewith and communicate an email reply status query message to the email management server for the given email. The email management server may be configured to determine if the email reply-impermissible flag is set for the corresponding email conversation thread based upon the email reply status query message for the given email, and if so, cooperate with a corresponding user device to disable replying to the given email, otherwise cooperate with the corresponding user device to permit replying to the given email.

Abstract: A system for displaying electronic mail (email) metadata may include a display and a memory configured to store emails. The system may also include a processor coupled to the display and the memory. The processor may be configured to extract the email metadata from the emails and associate each email with an icon visually conveying respective email metadata for a corresponding email. The processor may also be configured to determine at least one icon display characteristic for each icon based upon the extracted email metadata and display, on the display, each icon with the at least one icon display characteristic.

Abstract: A method may include assigning, to a category, a current email in response to a removal of one or more recipients of the current email, such that the remaining recipients of the current email are part of a same user group. The current email may be a response to a previous email having one or more recipients who are not part of the same user group. Furthermore, a subsequent email responding to the current email and/or is similar to the current email may also be assigned to the same category. One or more actions may be performed based on the current email and the subsequent email being assigned to the category. The actions may be performed to prevent the current email and the subsequent email from being sent to a recipient who is not part of the same user group. Related systems and computer program products are also provided.

Abstract: Systems and method for web control adaptation and hooking for virtual private network integration are provided herein. A client application executing on a client device can modify a scheme support function of a web control application to return a first value in response to a first scheme type. The first value can indicate that the web control application does not support the first scheme type. A custom scheme function can be registered to handle the first scheme type and can intercept requests of the first scheme type. The custom scheme function can transmit the requests to one or more URLs corresponding to one or more applications through a virtual private network (VPN). The custom scheme function can forward, to the web control application for rendering on the client device, the data corresponding to the application retrieved by the custom scheme function through the VPN.

Abstract: An electronic device may include a memory configured to store applications each associated with an initial identity provider (IDP) address for a remote single sign on (SSO) process. A controller may execute the applications, operate a local IDP server having a localhost IDP address associated therewith, and update the initial IDP address of the applications with the localhost IDP address. The local IDP server may, upon receipt of the request for IDP authentication from an application, determine whether an authentication token from a remote IDP server is stored in the memory, and when so, communicate the authentication token to the application, otherwise, obtain the authentication token from the remote IDP server, store the authentication token in the memory, and communicate the authentication token the given application for IDP authentication to permit the application to perform the remote SSO process.

Abstract: A system for decrypting encrypted data may include a data storage server that may store encrypted data in a server memory, communicate a portion of the encrypted data to a first user device, and generate an access code for decrypting the portion of the encrypted data. The data storage device may also communicate the access code to a second user device. The first user device may display, on a first device display, a visual representation of the portion of the encrypted data. The second user device may acquire the visual representation of the portion of the encrypted data from the first device display, decrypt the portion of the encrypted data based upon the access code and the visual representation, and display the decrypted portion of the encrypted data on a second device display.

Abstract: Systems and method for web control adaptation and hooking for virtual private network integration are provided herein. A client application executing on a client device can modify a scheme support function of a web control application to return a first value in response to a first scheme type. The first value can indicate that the web control application does not support the first scheme type. A custom scheme function can be registered to handle the first scheme type and can intercept requests of the first scheme type. The custom scheme function can transmit the requests to one or more URLs corresponding to one or more applications through a virtual private network (VPN). The custom scheme function can forward, to the web control application for rendering on the client device, the data corresponding to the application retrieved by the custom scheme function through the VPN.

Abstract: Systems and methods for application security are provided herein. A server can receive data from a variety of different sources to perform a security assessment of an application executing on a device. The server can identify security capabilities of first and second instances of the application based on properties of the first and second instances of the application and a plurality of application program interfaces (APIs) corresponding to the first and second instances of the application. The server can determine a difference in security capabilities of the first and second instances of the application. The difference in security capabilities indicating a security vulnerability of the first instance of the application. The server can provide application data to the application executable on the mobile device in response to the difference in security capabilities of the first and second instances of the application being at or above a threshold level.