Abstract: The disclosed computer-implemented method for providing single sign-on capability may include intercepting, during an authentication session with a network resource, a single sign-on request generated by an application executing on a computing device, redirecting the single sign-on request to a separate computing device for execution, receiving, in response to authentication of at least one user credential from the separate computing device, an authentication decision that the separate computing device obtained from an identity provider (IDP) by executing the single sign-on request and injecting the authentication decision received from the separate computing device into the application where the single sign-on request was originally generated to complete the authentication session.

Abstract: The disclosed computer-implemented method for protecting passwords may include (i) intercepting network traffic indicating an attempted login procedure at a workload device to login to a protected resource, (ii) prompting a user, in response to intercepting the network traffic, and at an authentication device that has been registered to the user, to indicate whether to approve the attempted login procedure, (iii) collecting, at the authentication device, a credential for the attempted login procedure that was stored in a protected vault of the authentication device, (iv) providing, by the authentication device to the workload device, an authentication decision based on the collected credential, and (v) injecting, at the workload device, the authentication decision into a browser session to enable the user to complete the attempted login procedure to login to the protected resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Purchasing related activity that is executed on computing devices on a LAN is monitored. Information is identified concerning purchases of IoT devices on the LAN, based on the monitoring of the purchasing related activity. For example, a specific purchase of a specific device (or specific device type) can be identified, or identifying information concerning a purchased device can be inferred, based on monitored purchasing related activity. IoT devices are discovered on the LAN and identified. Identifying a discovered device can further comprise interrogating the discovered device, monitoring activities of the discovered device, and/or analyzing information concerning purchases of IoT devices on the LAN. Gleaned identifying information concerning a discovered device can be used to determine or disambiguate the device's identity.

Abstract: The disclosed computer-implemented method for classifying electronic files may include (i) identifying an electronic file that is being evaluated for importance by a file-categorization system, (ii) collecting, via at least one user-state monitoring device, information about a physical state of at least one user while the user is interacting with the electronic file, (iii) determining, based on the information about the physical state of the user while the user was interacting with the electronic file, whether the user considers the electronic file to be important, and (iv) classifying, by the file-categorization system and based at least in part on determining whether the user considers the electronic file to be important, the electronic file as an important file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems of the present disclosure can detect user activities on endpoint devices based on the interference patterns those actions produce in wireless transmissions between those endpoint devices and another device (e.g., an edge device operating as a web security gateway). A web security gateway sends time-series data describing interference on wireless transmissions sent from, or received by, an agentless endpoint device to a network security service. In response, the network security service uses a machine-learning model to infer a type of an action that occurred on the agentless endpoint device concurrently with the wireless transmissions. The network security service sends an indication of the action type to the web security gateway. The web security gateway applies a network security policy to the action or a network communication associated therewith.

Abstract: The present disclosure includes a method for maintaining a dynamic geofence. The method receives a set of digital IDs and data pairs from a monitored user credential. Each digital ID was received by the monitored user credential as part of a wireless transmission from a node device, and each digital ID includes one or more attributes. The method retrieves a user policy that includes a required attribute and a threshold distance. The method determines whether at least one of the digital IDs includes an attribute matching the required attribute, and verifies any digital id containing the attribute matching the required attribute. The method determines the distance between the monitored user credential and the node device using the data paired with the digital ID, and determines whether the distance between the monitored user credential and the node device is less than the threshold distance.

Abstract: The disclosed computer-implemented method for identifying users may include (i) detecting that a user at an endpoint computing device is connecting to an identity provider, (ii) detecting, after detecting that the user at the endpoint computing device is connecting to the identity provider, that a mobile device has received a second-factor authentication message, (iii) discovering, by a security service, that the user at the endpoint computing device matches a known user profile registered to the mobile device by correlating the user at the endpoint computing device connecting to the identity provider with the mobile device receiving the second-factor authentication message, and (iv) applying a security policy to the user at the endpoint computing device based on the known user profile matched to the user by the security service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are disclosed to predict whether a current location of a mobile device corresponds to a user of that mobile device. To do so, the mobile device may evaluate information from sensors that indicate a current state of the device or device surroundings. Based on the probability, the mobile device may send the current location and the probability to a user of the mobile device, an application on the device, or another party.

Abstract: The disclosed computer-implemented method for validating a user's physical location may include (i) identifying a plurality of sensor-equipped devices that are connected to a local network, wherein the local network is associated with a physical location, (ii) receiving a request to validate that a user is present at the physical location that is associated with the local network, (iii) instructing, in response to receiving the request, the user to interact with at least one sensor-equipped device in the plurality of sensor-equipped devices, (iv) confirming, based on observing a response of the sensor-equipped device, that the user has interacted with the at least one sensor-equipped device, and (v) validating, in response to confirming that the user has interacted with the at least one sensor-equipped device, that the user is present at the physical location. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for certifying geolocation coordinates of computing devices may include (i) receiving, from a client computing device, a set of geolocation coordinates that purport to identify the physical location of the client computing device, (ii) identifying, in response to receiving the geolocation coordinates, at least one cooperating geolocation device that is within physical proximity to the geolocation coordinates provided by the client computing device, (iii) performing a proximity validation check that demonstrates that the client computing device is within physical proximity to the cooperating geolocation device, and (iv) certifying, based on the proximity validation check, the geolocation coordinates as valid geolocation coordinates. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for detecting and preventing phishing phone calls through verified attribute analysis is described. The method may comprise receiving, by a receiving device, a phone call from a sending device and receiving identification data in parallel with the phone call, the identification data describing context of the phone call. The method may then identify an attribute assertion from the identification data. The attribute assertion may comprise a signed attribute of the phone call and may be signed by a trusted authority. The method may comprise determining content of the phone call, analyzing the content of the phone call against the signed attribute, and performing a defined operation based on a result of the analysis of the content against the signed attribute.

Abstract: The disclosed computer-implemented method for authenticating a multimedia stream may include generating a metadata transcript based on at least a portion of a multimedia stream and digitally signing the metadata transcript. The method may also include transmitting both the digitally signed metadata transcript and the multimedia stream to a recipient device to enable the recipient device to authenticate the multimedia stream. The recipient device may authenticate the multimedia stream based on a comparison of the digitally signed metadata transcript with an observed metadata transcript. The observed metadata transcript may be locally generated by the recipient device based on the multimedia stream. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for creating application ratings may include (i) determining that a user device has downloaded an application, (ii) monitoring the usage of the application on the user device, (iii) deducing a value of the application based at least in part on the monitored usage, and (iv) creating a rating for the application that indicates the deduced value of the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting suspicious voice calls may include (i) identifying an incoming voice call, (ii) extracting, from audio of the incoming voice call, a plurality of characteristics, (iii) calculating a trustworthiness score of the plurality of the characteristics based on a response by a recipient of the incoming voice call, and (iv) storing the trustworthiness score of the plurality of characteristics in a reputation database that (a) receives a request for the trustworthiness score, the request originating from an additional computing device and including an additional plurality of characteristics extracted from an additional incoming voice call, (b) determines that the additional plurality of characteristics matches the plurality of characteristics, and (c) enables the additional computing device to perform a security action on the additional incoming voice call by sending the trustworthiness to the additional computing device.

Abstract: The disclosed computer-implemented method for identifying untrusted devices in peer-to-peer communication may include (i) collecting first communication protocol MAC addresses and second communication protocol MAC addresses, (ii) determining which of the first communication protocol MAC addresses corresponds to which of the second communication protocol MAC addresses, and (iii) storing correlations between the first communication protocol MAC addresses and the second communication protocol MAC addresses. A correlation between a first communication protocol MAC address and a second communication protocol MAC address may indicate a single device having both addresses. The method may also include (i) detecting a communication on the second communication protocol, (ii) determining whether the detected communication is from an untrusted device, and (iii) performing a security action when the detected communication is from the untrusted device.

Abstract: A user creates dynamic meta-communities that span membership of multiple existing third-party online communities, based on profile attributes. This allows the user to create targeted sub-communities for specific purposes without recreating or duplicating community information. The user can communicate with members of created meta-communities by leveraging the mechanisms provided by the third party online communities.

Abstract: The disclosed computer-implemented method for facilitating negotiation and exchange of information between parties may include (i) receiving, at a backend computing system from an initiating computing device, an attribute of an initiating user of the initiating computing device and a designation of a specified attribute condition, (ii) receiving, at the backend computing system from a responding computing device, an attribute of a responding user of the responding computing device, (iii) determining, at the backend computing system, whether the attribute of the responding user satisfies the specified attribute condition, and (iv) based on the attribute of the responding user satisfying the specified attribute condition, sending, from the backend computing system, the attribute of the responding user to the initiating computing device and the attribute of the responding user to the initiating computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for location validation through physical surroundings is described. In one embodiment, the method includes receiving a location of a user device, transmitting to the user device, a request for additional information, receiving the additional information from the user device in response to the request, the second identifier matching the first identifier, comparing the received additional information with stored data pre-associated with the received location, and verifying the received location based at least in part on the comparing. In some embodiments, the request for additional information includes at least one of a request for a first image captured at a first direction, a request for a second image captured at a second direction, a request for a third image captured at a pre-determined tilt angle, a request for a stream of images captured in a pre-determined pattern, or any combination thereof.

Abstract: The disclosed computer-implemented method for evaluating wireless network connection security may include (i) detecting a wireless network connection from an Internet-of-Things device through sniffing, (ii) automatically selecting the wireless network connection as the wireless network connection to be evaluated in an analysis of network connection security, (iii) performing, in response to the automatic selecting of the wireless network connection as the wireless network connection to be evaluated, the analysis of network connection security to determine whether the wireless network connection is secure, and (iv) automatically reporting, through a physical output of the computing device and in response to performing the analysis of network connection security, a result of the analysis of network connection security to inform a user about the safety of the Internet-of-Things device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for generating memory images of computing devices may include (1) monitoring a computing device to detect changes made to data stored within the computing device, (2) maintaining a log that describes the data changes made by recording, in response to detecting a change made to a portion of data, both a state of the portion of data after the data change occurred and a time at which the data change occurred, (3) detecting an event that triggers generation of an image of the computing device that represents a state of the computing device at a particular point in time, and (4) in response to detecting the event, generating the image of the computing device by incorporating at least a portion of the log of data changes into the image of the computing device. Various other methods, systems, and computer-readable media are also disclosed.