Abstract: A computer-implemented method for enabling users of social-networking applications to interact using virtual personas may include (1) creating a social-networking identity associated with a user of a social-networking application, (2) creating a plurality of virtual personas that represent different real-life roles of the user as part of the user's social-networking identity, (3) receiving a request to perform at least one networking action that implicates at least one of the user's virtual personas, and then (4) directing the social-networking application to perform the networking action such that the networking action implicates the user's virtual persona without implicating the user's entire social-networking identity. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for updating possession factor credentials may include (1) detecting a request from a user of a service to designate a new object to be used by the service as a possession factor credential in place of a previously designated object, (2) prior to allowing the user to designate the new object, authenticating the user by proofing the identity of the user to verify that an alleged identity of the user is the actual identity of the user and verifying that the proofed identity of the user had possession of the previously designated object, and (3) in response to verifying that the proofed identity of the user had possession of the previously designated object, designating the new object as the possession factor credential. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for collecting thief-identifying information on stolen computing devices may include (1) receiving an indication that a computing device has been stolen, (2) detecting an attempt by a thief of the stolen computing device to access a user account of the thief via the stolen computing device, (3) collecting, based at least in part on detecting the attempt by the thief of the stolen computing device to access the user account of the thief via the stolen computing device, information capable of identifying the thief, and (4) reporting, to a remote computing device, the information capable of identifying the thief. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for predicting the impact of security-policy changes on users may include (1) identifying at least one end-user computing system that may potentially be regulated using a security policy, (2) predicting, prior to activating the security policy on the end-user computing system, how activating the security policy may impact at least one user of the end-user computing system by monitoring at least one behavior of the user on the end-user computing system and by determining how activating the security policy on the end-user computing system may have impacted the behavior, and (3) notifying, based at least in part on predicting how activating the security policy may impact the user, an administrator of the end-user computing system with information that indicates how activating the security policy may impact future user behavior. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for data loss prevention may include (1) identifying a network configured with a data loss prevention system, (2) identifying a file subject to a data loss prevention assessment within the network, (3) identifying an origin of the file, (4) determining that the origin of the file is outside the network, and (5) determining that the origin of the second file does not contain sensitive information intended to be protected by the data loss prevention system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for sharing logs of a child's computer activities with a guardian of the child is disclosed. The method may include determining that a child may be involved in a computer activity on a computing device that is not controlled by a guardian of the child, monitoring the computer activity, creating a log of the computer activity, determining that the guardian of the child is authorized to view the log of the computer activity, and providing the log of the computer activity to the guardian of the child. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for monitoring secure cloud based content are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for monitoring secure cloud based content comprising monitoring, using a browser component, a secure session accessing cloud based content, the monitoring capable of accessing content other than content requested by a user of the browser, identifying content meeting a specified criteria, and performing a specified action based at least in part on the identified content.

Abstract: A computer-implemented method for validating login attempts based on user location may include (1) detecting a login attempt by a user to log into a user account, where the login attempt originates from an atypical location, (2) determining that the atypical location is inconsistent with a pattern of past login locations for the user, (3) retrieving location information that indicates a current location of the user from at least one third-party Internet resource, (4) determining, based on the location information, that the atypical location of the login attempt matches the current location of the user, and (5) trusting that the login attempt legitimately originates from the user based at least in part on the atypical location matching the current location of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An SP's default user authentication is automatically augmented. An access request from a user is redirected from the SP to an authentication augmentation system. The SP also sends an augmentation request. The augmentation system redirects the access request to an IdP, and receives back an authenticated user identity. The default authentication is automatically augmented with additional techniques such as identity proofing and/or multifactor authentication, without the SP or the IdP modifying their code to implement or integrate the augmented authentication. Responsive to successfully authenticating the user according to the additional techniques, an augmented authenticated user identity is redirected to the SP. The augmentation system can use an identity management protocol such as SAML to communicate with the SP and IdP. Authentication performed by a third party and extended to the SP can be augmented, in which case a session id can be used to access third party services.

Abstract: Techniques for avoiding dynamic domain name system (DNS) collisions are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for avoiding dynamic domain name system (DNS) collisions comprising: storing a first location associated with a first client device, a second location associated with a second client device, and a third location associated with a network, receiving, from the first client device, a first notification indicating an Internet Protocol (IP) address via the network, receiving, from the second client device, a second notification indicating the IP address via the network, determining a most likely owner of the network between the first client device and the second client device based on the first location, the second location, and the third location, and applying a content filtering policy associated with the first client device when the first client device is determined to be the most likely owner.

Abstract: A method and apparatus for controlling audio/video display using a policy is disclosed. In one embodiment, a method for policy-based control of audio/video display including monitoring at least one of at least one audio/video signal input or at least one power outlet using a policy, wherein the policy defines information for controlling audio/video display and in response to a detection of at least one of an audio/video signal or an electrical power, routing the at least one of the audio/video signal or the electrical power according to the policy.

Abstract: A mobile app is provisioned with an identifier of a specific partner of an app provider, on a sandboxed OS on a mobile device. A link to the app provider's website containing the partner ID is received from the partner's website. The user navigates to the provider's website, which writes a cookie containing the partner ID and redirects to an app store. The app is downloaded to the mobile device, and registers itself with the OS as a protocol handler for a provider specific protocol. The app launches the provider's website, which retrieves the partner ID from the cookie, and returns a redirect to the provider specific protocol. The redirect contains the partner ID, and causes the app to execute as the registered protocol handler for the provider specific protocol. The app reads the partner ID from the redirect, and uses it to provide partner specific features.

Abstract: A computer-implemented method for validating login attempts based on user location may include (1) detecting a login attempt by a user to log into a user account, where the login attempt originates from an atypical location, (2) determining that the atypical location is inconsistent with a pattern of past login locations for the user, (3) retrieving location information that indicates a current location of the user from at least one third-party Internet resource, (4) determining, based on the location information, that the atypical location of the login attempt matches the current location of the user, and (5) trusting that the login attempt legitimately originates from the user based at least in part on the atypical location matching the current location of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for determining whether to reschedule tasks on computing devices based on power-availability information for a power grid may comprise: 1) identifying at least one task scheduled to execute on a computing device, 2) receiving power-availability information for the power grid, and then 3) determining, based on the power-availability information, whether to reschedule the task. Corresponding systems and computer-readable media are also disclosed.

Abstract: A computing device categorizes data items as a corporate data items when a first criterion is satisfied and as personal data items when a second criterion is satisfied. The computing device provides identified corporate data items to a first backup system that stores the corporate data items to a corporate data store. The computing device further provides identified personal data items to a second backup system that stores the personal data items to a personal data store.

Abstract: An app runs on a user operated computing device, e.g., a mobile device running a sandboxed operating system. The app requests a session ID from a publisher Idp. The app registers for notifications on the session ID with a notification service. The app directs a browser to navigate to the publisher IdP, and to pass it the secure session ID and an ID of a specific partner. The publisher IdP returns a redirect to a third party IdP used by the specific partner to authenticate users. The browser navigates to the third party IdP, which prompts the user for authentication credentials. The third party Idp uses the credentials to authenticate the user, and redirects the authentication result to the publisher IdP. The publisher IdP sends the app a notification, via the notification service. In response, the app calls the publisher IdP, and receives a secure authentication token.

Abstract: Techniques for determining an optimal connection duration for a connection between a client device and a server across a network are disclosed. In one particular embodiment, the techniques may be realized as a method for determining an optimal connection duration for a connection between a client device and a server across a network comprising: identifying, using the client device, a network access point that communicatively couples the client device to a network; selecting a sever connection time period; initiating the connection between the client device and the server via the network based on the sever connection time period; determining whether a sever connection notification was received from the server within the sever connection time period; and adjusting the sever connection time period based on the determination.

Abstract: A computer-implemented method for detecting illegitimate messages on social networking platforms may include 1) identifying a message sent via a social networking platform, 2) harvesting metadata from the social networking platform that describes a sender of the message, 3) determining, based at least in part on the metadata that describes the sender of the message, that the message is illegitimate, and 4) performing a remediation action on the message in response to determining that the message is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: It is detected whenever the user of the local computer system views online content that provides an entryway to a remote application. When such a detection occurs, data concerning the remote application is collected and transmitted to a central repository. The central repository receives and aggregates such collected data from a plurality of sources. It is detected when the user of the local computer system is being prompted to activate a new remote application, and aggregated data concerning the new remote application is retrieved from the central repository. The aggregated data concerning the new remote application is analyzed, and responsive to the analyzing it is determined whether the new remote application is benign. Responsive to determining that the new remote application is not benign, the new remote application can be blocked, and/or a warning can be output to the user.

Abstract: Computer-implemented methods and systems for simultaneously installing user-input-dependent software packages on multiple devices are disclosed. In one example, an exemplary method for performing such a task may comprise: 1) initiating installation of a software package on each of a plurality of client devices, 2) receiving, from each client device, a visual image generated during installation of the software package that depicts an installation step that requires user input, 3) consolidating the visual images into a consolidated view, 4) displaying, via an installation-management interface, the consolidated view to a user of the computing device, 5) receiving, via the installation-management interface, user input from the user for completing the installation step, and then 6) completing the installation step by sending the user input to each client device.