Abstract: Indirect access control is performed between a requestor computing device and a requestee computing device. Peer data is transmitted from the requestor to the requestee that asserts that the requestor is trusted by a peer computing device. It is verified that the requestor has a first degree of trust with the peer. Next degree peer data is received from the peer that asserts that the peer is trusted by a next degree peer computing device. It is verified that the peer has a next degree of trust with the next degree peer. A trust score is calculated for the requestor based on the verification of the peer data and the next degree peer data, and an access level is granted to the requestor based on the trust score.

Abstract: The disclosed computer-implemented method for measuring peer influence on a child may include (i) monitoring computing activity on at least one endpoint device of a child to identify (a) baseline behaviors that indicate expected behavior patterns of the child (b) an unusual behavior of the child that indicates a deviation from the baseline behaviors, (ii) identifying, based at least in part on the monitored computing activity, a peer of the child associated with the unusual behavior, (iii) determining, based at least in part on a comparison between the baseline behaviors and the unusual behavior, a level of influence the peer has on the child, and then (iv) performing a computing security action that prevents the child from engaging in potentially harmful behaviors by providing, to a guardian of the child, the level of influence of the peer. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for using a remote delegate is described. In one embodiment, the method comprising evaluating information that identifies at least one of software packages resident in a client computer or licenses associated with the software packages using a remote delegate and enabling use of a resource at the client computer based on the information through use of the remote delegate.

Abstract: Systems and methods for optimized polling. An example method may comprise: receiving, over a transport layer connection, a first application layer request comprising a payload; storing, by a processing device, the payload in a memory; forwarding the payload to an application layer; receiving, over the transport layer connection, a second application layer request comprising no payload; and forwarding the payload to the application layer.

Abstract: A massive number of long lived connections is migrated between a source and a destination computer. Connection state information concerning each request being processed on each connection is transferred from the source to the destination computer. The source continues to respond to requests on a given connection while transferring corresponding state information. Once state information for a specific connection has been transferred, the connection is switched from the source to the destination. Connections are kept active during the shifting. While shifting traffic on a specific connection, two versions of the connection can be open simultaneously, one to the source and the other to the destination. Traffic on the connection is routed to the source computer until the shift has been completed, after which the connection on the source computer is closed, and traffic is routed to the destination.

Abstract: A method for detecting network intrusion, performed by a processor is provided. The method includes coupling a computing or communication device to a network device and determining a geolocation of the network device. The method includes comparing the geolocation of the network device to an expected value and determining whether to connect to a network based on the comparing. A computer readable media containing instructions and a device are also provided.

Abstract: A system and method for establishing patterns of social behavior for users of mobile devices. An administrator registers a person of interest with a service by identifying a mobile device used by the person of interest and generates one or more rules. The registered mobile device monitors network traffic of other surrounding mobile devices and sends their unique identifiers to the service. The service accesses one or more registries to identify users associated with the other surrounding mobile devices. The service determines whether any rule infractions occur based on one or more of the identified users, distances between the registered mobile device and other surrounding devices, frequencies of occurrences of mobile devices being relatively near and detected time periods. If any rule infractions occur, then the service generates an alert and sends it to the administrator.

Abstract: A computer-implemented method for monitoring the activity of devices within an organization by leveraging data generated by an existing security solution deployed within the organization may include (1) identifying, at a reputation service configured to service reputation requests, at least one external IP address associated with an organization, (2) identifying, within the reputation requests serviced by the reputation service, a plurality of reputation requests that originated from the external IP address associated with the organization, (3) generating, based at least in part on an analysis of the reputation requests that originated from the external IP address associated with the organization, at least one report for the organization that identifies the activity of devices within the organization, and (4) providing the report to the organization to enable the organization to monitor the activity of the devices within the organization.

Abstract: Techniques for mobile geofencing may be realized as a method including: receiving geofence parameters comprising at least one target, wherein the at least one target includes a mobile target; receiving updated position data associated with the mobile target and updating the position of the mobile target in response to the updated position data; monitoring a position of a client device; and determining that the monitored position of the client device transgresses the geofence parameters, wherein the determination includes determining that a distance between the updated position of the mobile target and the monitored position of the client device is greater than a first threshold distance.

Abstract: The disclosed computer-implemented method for managing encryption keys for single-sign-on applications may include (1) receiving, from an identity service, notification of a request to access encrypted data on a cloud service, the notification including a session key for encrypting and decrypting a master key for decrypting cloud service keys, (2) deriving the master key, (3) decrypting, using the master key, a cloud service key for decrypting data on the cloud service, (4) storing the master key, encrypted using the session key, (5) receiving an additional notification of an additional request to access encrypted data on an additional cloud service, the notification including the session key, (6) without again obtaining the authentication element from the user, decrypting the master key, and (7) decrypting, using the master key, an additional cloud service key for decrypting data on the additional cloud service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for facilitating eye contact during video conferences may include (1) detecting a video conference between a user of a computing device and a remote user of a remote computing device, (2) identifying a location on the computing device's screen where the eyes of the remote user are displayed as part of the video conference, (3) creating a video stream of the user that appears to be taken from the perspective of an imaginary camera located at the eyes of the remote user, and (4) transmitting the video stream of the user to the remote computing device of the remote user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A server receives a data request from a client. The request contains contextual information which can be used at a server/datacenter level for providing the requested data. The server uses the contextual information to prepare a response to the request. The server stores the received contextual information in association with the specific client in a data grid, such that an identifier of the client can be used by any server in the datacenter to access the stored information. Subsequent to the storing of the contextual information in the data grid, a second request from the same client is received by any server with access to the data grid. The second request contains the client identifier, but not the contextual information. The server uses the identifier to access the stored contextual information in the data grid, and uses the contextual information to prepare a response to the second request.

Abstract: The disclosed computer-implemented method for logging out of cloud-based applications managed by single sign-on services may include (1) identifying an attempt by a single sign-on service to log a user out of a set of cloud-based applications, (2) in response to identifying the attempt to log the user out of the set of applications, tracking a logout status of each application within the set of cloud-based applications by, for each application (a) identifying a logout request sent by the single sign-on service to the application and (b) determining whether the application has sent a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application, and (3) determining that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service.

Abstract: A computer-implemented method for automatically synchronizing online communities may comprise identifying login information for a first user account associated with the first online community, accessing the first user account using the login information for the first user account, obtaining information from the first user account, and modifying, based on the information obtained from the first user account, a second user account associated with a second online community. Corresponding systems and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for performing authentication at a network device may include (1) storing, at a network device that handles traffic for at least one endpoint device within a network, an authentication credential associated with a user of the endpoint device, (2) detecting, at the network device, a communication between the endpoint device within the network and a cloud-based application outside the network, (3) determining, at the network device, that access to the cloud-based application is protected by an authentication process, and (4) causing the network device to complete at least a portion of the authentication process for the user by providing the authentication credential associated with the user from the network device to an identity provider of the cloud-based application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for validating login attempts based on user location may include (1) detecting a login attempt by a user to log into a user account, where the login attempt originates from an atypical location, (2) determining that the atypical location is inconsistent with a pattern of past login locations for the user, (3) retrieving location information that indicates a current location of the user from at least one third-party Internet resource, (4) determining, based on the location information, that the atypical location of the login attempt matches the current location of the user, and (5) trusting that the login attempt legitimately originates from the user based at least in part on the atypical location matching the current location of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for applying parental-approval decisions to user-generated content. The method may include receiving, from a child, a request to upload user-generated content to the Internet. The method may also include providing the user-generated content to a guardian of the child and receiving, from the guardian of the child, a decision indicating whether the user-generated content is allowed to be uploaded to the Internet. The method may further include applying the decision of the guardian to the user-generated content. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for updating possession factor credentials may include (1) detecting a request from a user of a service to designate a new object to be used by the service as a possession factor credential in place of a previously designated object, (2) prior to allowing the user to designate the new object, authenticating the user by proofing the identity of the user to verify that an alleged identity of the user is the actual identity of the user and verifying that the proofed identity of the user had possession of the previously designated object, and (3) in response to verifying that the proofed identity of the user had possession of the previously designated object, designating the new object as the possession factor credential. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Method and apparatus for monitoring product purchasing activity on a network are described. In some examples, processing of network traffic in a network is performed. Web content is extracted from the network traffic at a node in the network. A statistical analysis of the web content is performed to detect product purchasing activity. Product attributes associated with the product purchasing activity are extracted. The product attributes are stored in a log implemented in a memory on the network.

Abstract: A computer-implemented method may intercept a file-system call associated with a media file. The computer-implemented method may determine an attribute of the media file. The computer-implemented method may also identify a parental-control policy associated with the attribute of the media file. The computer-implemented method may further apply the parental-control policy to the media file. Various other methods, systems, and computer-readable media are also disclosed.