Abstract: The present disclosure provides a computer system (112). The computer system (112) performs a method for encoding user count with a low memory footprint. The method includes a first step of receiving real-time and adaptive frequency of user visibility. Further, the method includes another step of receiving a user device (106) id associated with one or more users (104). Furthermore, the method includes yet another step of encoding the user visibility count. The frequency of the user visibility is the number of times the computer system receives a request from a user device (106). The user device (106) id is a unique string of numbers and letters. The unique string of numbers and letters identifies the user device (106) associated with one or more user (104). The user visibility count is encoded by using one or more data structures and one or more algorithms.

Abstract: Content on a device is encrypted and protected based on a data protection key corresponding to a particular identity of the user of the device. The protected content can then be stored to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user's devices. A data protection key that is used to retrieve the plaintext content from the protected content is maintained by the user's device. This data protection key can be securely transferred to other of the user's devices, allowing any of the user's devices to access the protected content.

Abstract: Single sign-on techniques via an application or browser are described. In one or more implementations, a single instance of entry of authentication information is received that is entered via interaction with an application or browser of a computing device. Responsive to this receipt, the single instance of the entry of authentication information is used by the computing device automatically and without user intervention to cause authentication to obtain access to one or more network services that are accessible via a network by the application and the browser.

Abstract: Data sharing session techniques are described. In one or more implementations, a first user login session is initiated as running in a context of a first user profile of a first user with an operating system of a computing device. A request is received by the operating system to run the first user login session in a context of a second user profile of a second user. The second user profile is associated by the operating system with a shadow login session created within the first user login session of the operating system of the computing device such that interaction of the second user with the operating system is associated with the second user profile and interaction of the first user with the operating system is associated with the first user profile.

Abstract: The techniques and systems disclosed herein pertain to preventing unauthorized access to computing resources by unauthorized persons by deploying biometric security. To implement biometric security, the computing device, possibly by the OS, may obtain samples of one or more biometric factors unique to the owner. The computing device may construct pattern-matching templates corresponding to the biometric samples, which may be stored for later use when a protected resource is requested. Computing resources may be selected for protection by a biometric security mechanism by an authorized user or by other techniques or default settings. Before allowing certain restricted actions, the OS may request that the user provide one of the previously registered biometric samples. If the biometric sample matches the user's stored pattern-matching template, the OS may grant access to the computing resource, otherwise, the OS may deny access to the computing resource.

Abstract: Single sign-on techniques via an application or browser are described. In one or more implementations, a single instance of entry of authentication information is received that is entered via interaction with an application or browser of a computing device. Responsive to this receipt, the single instance of the entry of authentication information is used by the computing device automatically and without user intervention to cause authentication to obtain access to one or more network services that are accessible via a network by the application and the browser.

Abstract: The techniques discussed herein may facilitate user account management while also protecting a user's personally identifiable information (PII). The user's PII is stored in a protected area, such as a secure operating system area. The techniques may also implement a broker process to access a user's PII. The techniques display a user's accounts that are available for use with an application. The techniques further provide for passing a hint to the application upon receiving selection of an account, wherein the hint indicates which user account is selected, without divulging to the application any of the user's PII.

Abstract: Content on a device is encrypted and protected based on a data protection key corresponding to a particular identity of the user of the device. The protected content can then be stored to cloud storage, and from the cloud storage the protected content can be transferred to various other ones of the user's devices. A data protection key that is used to retrieve the plaintext content from the protected content is maintained by the user's device. This data protection key can be securely transferred to other of the user's devices, allowing any of the user's devices to access the protected content.

Abstract: Data sharing session techniques are described. In one or more implementations, a first user login session is initiated as running in a context of a first user profile of a first user with an operating system of a computing device. A request is received by the operating system to run the first user login session in a context of a second user profile of a second user. The second user profile is associated by the operating system with a shadow login session created within the first user login session of the operating system of the computing device such that interaction of the second user with the operating system is associated with the second user profile and interaction of the first user with the operating system is associated with the first user profile.

Abstract: The techniques and systems disclosed herein pertain to preventing unauthorized access to computing resources by unauthorized persons by deploying biometric security. To implement biometric security, the computing device, possibly by the OS, may obtain samples of one or more biometric factors unique to the owner. The computing device may construct pattern-matching templates corresponding to the biometric samples, which may be stored for later use when a protected resource is requested. Computing resources may be selected for protection by a biometric security mechanism by an authorized user or by other techniques or default settings. Before allowing certain restricted actions, the OS may request that the user provide one of the previously registered biometric samples. If the biometric sample matches the user's stored pattern-matching template, the OS may grant access to the computing resource, otherwise, the OS may deny access to the computing resource.

Abstract: The reputation of an executable computer program is checked when a user input to a computing device initiates a program launch, thus triggering a check of a local cache of reputation information. If the local cache confirms that the program is safe, it is permitted to launch, typically without notifying the user that a reputation check has been made. If the local cache cannot confirm the safety of the program, a reputation check is made by accessing a reputation service in the cloud. If the reputation service identifies the program as safe, it returns an indication to the computing device and the program is permitted to be launched, again without notifying the user that a reputation check has been made. If the reputation service identifies the program as unsafe or potentially unsafe, or does not recognize it at all, a warning is displayed to the user.

Abstract: A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e.g., to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource.

Abstract: A context of a principal is built, at a target system controlling access to a resource, independently of the principal requesting access to the resource. An authorization policy is applied, at the target system, to the context to determine whether the principal is permitted to access the resource, and an indication of whether the principal is permitted to access the resource is provided (e.g., to an administrator). Modifications can be made to the context and the authorization re-applied to determine whether a principal having the modified context is permitted to access the resource.

Abstract: The reputation of an executable computer program is checked when a user input to a computing device initiates a program launch, thus triggering a check of a local cache of reputation information. If the local cache confirms that the program is safe, it is permitted to launch, typically without notifying the user that a reputation check has been made. If the local cache cannot confirm the safety of the program, a reputation check is made by accessing a reputation service in the cloud. If the reputation service identifies the program as safe, it returns an indication to the computing device and the program is permitted to be launched, again without notifying the user that a reputation check has been made. If the reputation service identifies the program as unsafe or potentially unsafe, or does not recognize it at all, a warning is displayed to the user.