Abstract: A computer-implemented method for securely sharing cloud-service credentials within a network of computing devices may include (i) identifying, by a central computing device, a set of networked devices, (ii) encrypting, by the central computing device, at least one user credential for a cloud service, (iii) dividing, by the central computing device, a decryption key for decrypting the user credential into a set of fragments such that a minimum number of fragments, as defined by a security policy, is required to decrypt the user credential, and (iv) securing the user credential by distributing the set of fragments of the decryption key from the central computing device to the set of networked devices in compliance with the security policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for performing human-verification procedures may include (1) detecting, at a computing device, an attempt to access a computing resource that is to be protected from being accessed by automated bots, (2) in response to detecting the attempt to access the computing resource, presenting, on the computing device, an audiovisual display that is configured to produce at least one expected reaction from human users, the expected reaction being characterized by an expected facial expression, (3) while the audiovisual display is being presented, monitoring facial expressions of any user that is currently using the computing device, and (4) determining whether the attempt to access the computing resource was performed by a human user or an automated bot based at least in part on a comparison between the monitored facial expressions and the expected facial expression. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems, apparatuses, methods, and computer readable mediums for utilizing smart components to monitor connected devices. In one embodiment, a system includes a computing device and a covering device which covers at least a portion of the computing device. The computing device includes one or more input/output (I/O) interfaces. The covering device may be a smart cover, a security screen protector, or other type of smart covering component. The covering device intercepts, via a first I/O interface, a signal generated by the computing device. The covering device analyzes the signal to determine if a security policy is being violated. The covering device performs a security action responsive to determining that a security policy is being violated. In one embodiment, the covering device covers a display of the computing device and the covering device utilizes photoresistor technology to read the display of the computing device on a pixel-by-pixel basis.

Abstract: Purchasing related activity that is executed on computing devices on a LAN is monitored. Information is identified concerning purchases of IoT devices on the LAN, based on the monitoring of the purchasing related activity. For example, a specific purchase of a specific device (or specific device type) can be identified, or identifying information concerning a purchased device can be inferred, based on monitored purchasing related activity. IoT devices are discovered on the LAN and identified. Identifying a discovered device can further comprise interrogating the discovered device, monitoring activities of the discovered device, and/or analyzing information concerning purchases of IoT devices on the LAN. Gleaned identifying information concerning a discovered device can be used to determine or disambiguate the device's identity.

Abstract: The disclosed computer-implemented method for analyzing emotional responses to online interactions may include (1) identifying an online interaction of a user, (2) detecting an emotional response of the user to the online interaction by monitoring one or more emotional indicators of the user during the online interaction and determining, based on an evaluation of the one or more emotional indicators, that the emotional response of the user is outside an expected range, and (3) performing a security action in response to determining that the user's emotional response is outside the expected range. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for preventing addictive application usage may include (i) identifying a user of a software application, (ii) monitoring the user's habits in relation to accessing the software application, (iii) determining that the user's habits indicate potentially addictive behavior relative to a baseline behavior in relation to accessing the software application, and (iv) automatically executing an application control action in response to determining that the user's habits indicate potentially addictive behavior. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for creating validated identities for dependent users may include (1) identifying both a validated user of an identity validation service who has a previously validated identity and a dependent user who cannot create a new validated identity via the identity validation service, (2) enabling, via a graphical user interface displayed on the computing device, the validated user to create the new validated identity for the dependent user in response to determining that the validated user has the previously validated identity, (3) linking the new validated identity for the dependent user to the previously validated identity of the validated user, and (4) generating a token that represents the new validated identity for the dependent user and that comprises a link to the previously validated identity of the validated user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for enforcing access-control policies may include (i) identifying streaming content that is being transmitted from a media server to a media playback system, (ii) determining that a supervised user is within exposure range of the media playback system and could be exposed to the streaming content, (iii) receiving a sample of the content from a sampling system that is remote from the media playback system, (iv) identifying an access-control policy that defines a content-access restriction for the supervised user, (v) determining, based on an analysis of the sample of the content, that the access-control policy applies to the content, and (vi) in response to determining that the access-control policy applies to the content, enforcing the access-control policy by applying the content-access restriction to the streaming content. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for mediating information requests may include (1) detecting, at the information-managing device, a request for the information-managing device to provide at least one element of personal information to a requesting device that is within physical proximity of the information-managing device, (2) evaluating, based at least in part on an attribute of the request, whether the request for the element of personal information is appropriate, and (3) performing a security action that responds to the request in a manner that is commensurate to the appropriateness of the request for the element of personal information. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for managing encryption keys for single-sign-on applications may include (1) receiving, from an identity service, notification of a request to access encrypted data on a cloud service, the notification including a session key for encrypting and decrypting a master key for decrypting cloud service keys, (2) deriving the master key, (3) decrypting, using the master key, a cloud service key for decrypting data on the cloud service, (4) storing the master key, encrypted using the session key, (5) receiving an additional notification of an additional request to access encrypted data on an additional cloud service, the notification including the session key, (6) without again obtaining the authentication element from the user, decrypting the master key, and (7) decrypting, using the master key, an additional cloud service key for decrypting data on the additional cloud service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for guiding users to network-enabled devices may include (i) monitoring network communications within a wireless network, (ii) determining, based on monitoring network communications transmitted over the wireless network that involve a network-enabled device connected to the wireless network, that an end user requires guidance to a physical location of the network-enabled device, (iii) deriving the physical location of the network-enabled device in three-dimensional space, and (iv) guiding, by a user interface, the end user to the physical location of the network-enabled device in three-dimensional space. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods of administering computer activities based upon user emotional intelligence are provided. One method may include receiving a user request for a computer activity and sensing emotional context data associated with the user, such as voice stress analysis of use a communication, eye motion, pupil dilation, mood and stress changes, sporadic user movement, and video contexts indicating micro-expressions (i.e. anxiety, anger, amusement, and the like). The method may further include retrieving a policy associated with the requested computer activity and applying the sensed emotional context data to the policy. In response to policy permission, the system may enable full or restricted access to the requested computer activity based upon the sensed emotional context. In the alternative, in response to policy violation, the system may deny access to the computer activity. The system may solicit feedback such that parental or third party controls may be established using emotional intelligence.

Abstract: A system and method for efficiently establishing patterns of behavior for location-aware monitoring applications. An administrator registers a trackable entity with a tracking service by providing identification of at least the trackable entity, a point of origin and a destination. To identify and select paths between the point of origin and the destination, the tracking service accesses crowdsourced information corresponding to the history of movements of trackable entities between the point of origin and the destination. The tracking service identifies intermediate locales along the selected paths and determines an expected duration of stay for each of the intermediate locales based on the history of movements.

Abstract: Systems, apparatuses, methods, and computer readable mediums for implementing a flexible call blocking scheme using validated identities and selected attribute sharing. A user may undergo an identity verification process to generate one or more signed attributes associated with the user. When the user initiates a phone call, the user may select which attributes to expose to the callee. In one embodiment, the user's device may prevent the user's phone number from being exposed to the callee. The selected attributes may be sent to the callee, and then the device of the callee may compare the selected attributes to preconfigured rules. If the preconfigured rules indicate the selected attributes of the caller meet one or more criteria, then the call may be allowed to ring the device of the callee. Otherwise, the call may be blocked.

Abstract: The disclosed computer-implemented method for securing computing devices that are not in users' physical possessions may include (i) taking, at a computing device of a user while the user is in physical possession of the computing device, a first measurement of a biological attribute of the user's body, (ii) taking, at the computing device, a second measurement of the same biological attribute, (iii) analyzing, at the computing device, the second measurement relative to the first measurement to determine that the user is no longer in physical possession of the computing device, and (iv) performing, at the computing device in response to determining that the user is no longer in physical possession of the computing device, a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for defeating wireless signal interference hacks is described. The method may include monitoring operations associated with user input of a user into an application on a mobile computing device. The user input may include physical interaction by the user's fingers with the mobile computing device causing signal interference by the fingers with a wireless signal transmitted by the mobile computing device such that a position of the fingers is detectable by a third party receiving the wireless signal. The method may include detecting an information entry event based on the monitored operations, modifying a wireless signal strength of the wireless signal transmitted by the mobile computing device from a standard signal strength level such that the position of the fingers of the user on the mobile computing device is not detectable by the third party receiving the wireless signal in response to detecting the information entry event.

Abstract: The disclosed computer-implemented method for enabling calls to bypass call-blocking functions may include (1) transmitting, from the computing device that is configured with a call-blocking function, a token to an additional device owned by an individual who is to be allowed to bypass the call-blocking function of the computing device, (2) receiving, by the computing device, a request from an unknown device to initiate a call to the computing device that would be blocked by the call-blocking function, (3) determining that the request to initiate the call includes the token, and (4) enabling the call from the unknown device to the computing device to bypass the call-blocking function in response to determining that the request includes the token. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for providing assistance to users in emergency situations may include (i) detecting that a user of an endpoint device is involved in an emergency situation, (ii) identifying an individual capable of assisting the user in the emergency situation by (a) locating an additional endpoint device that is nearby the endpoint device of the user and (b) determining that the additional endpoint device asserts an attribute of the individual that indicates the individual is qualified to assist the user involved in the emergency situation and is verified by a trusted third party, and (iii) enabling the individual to assist the user involved in the emergency situation by providing information about the emergency situation from the endpoint device of the user to the additional endpoint device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for verifying that operators are human based on operator gaze may include (1) presenting an image to a user of the computing device via a display element of the computing device, (2) tracking the user's gaze as the image is presented to the user, (3) determining, based on an analysis of the user's gaze, that one or more patterns of the user's gaze are consistent with one or more human gaze patterns, and (4) classifying the user as a human in response to determining that the one or more patterns of the user's gaze are consistent with one or more human gaze patterns. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for digitally enforcing computer parental controls may include (i) identifying a parental-control policy that controls a user's computer usage in some way, (ii) determining that the user is using a primary device, which is configured to restrict its usage according to the terms of the parental-control policy, to access a secondary device, which is not configured to restrict its usage according to the terms of the parental-control policy, and (iii) restricting, in response to the determination, the user's access to the secondary device according to the terms of the parental-control policy. Various other methods, systems, and computer-readable media are also disclosed.