Abstract: Examples herein describe systems and methods for on-device, application-specific compliance enforcement. An example method can include receiving, at a user device, an application having a compliance engine. The user device can also store a compliance rule that applies to the received application. The compliance rule can specify a condition and a remedial action for the application. The user device can execute the application. The application can determine, using the compliance engine within the application, whether the condition is present. The determination can be made regardless of whether the device has internet or cellular connectivity. Based on determining that the condition is present, the application can perform the remedial action.

Abstract: Various examples for application management detection are described. In one example, depending upon whether an installation token includes a unique token value, a client device can determine whether an application is managed or unmanaged. Additionally, the client device can determine whether the application is managed or unmanaged based on whether a keychain installation token includes a unique token value, a value of a keychain installation token, and a value of a launched flag for the application. Using the concepts described herein, an unmanaged application can proceed to execute with limited functionality, present a notification that it should be reinstalled by the management service, stop executing, or take other measures.

Abstract: Disclosed are various embodiments for monitoring network usage by client devices and enforcing compliance rules related thereto. A management component of a client application can be provided to identify a first function call made in the source code of the client application to invoke a media player function on the client device associated with a playback of media content received over a carrier network. The first function call can be replaced with a second function call that, when invoked during an execution of the client application, causes a device to identify a size of the media content received by the client device over the carrier network; communicate the size of the media content received by the client device to a remote computing service; and provide the media content for playback on the client device.

Abstract: Aspects of providing single sign on (SSO) sessions are described. An access interval key is generated using an access code as a seed to a key derivative function. The access interval key is encrypted using a public key of an SSO-enabled application to generate an encrypted access interval key for a sign on session. The sign on session is established by storing the encrypted access interval key in a memory location of an SSO session map shared by SSO-enabled applications.

Abstract: To extend a sign on session among applications, an inter-application workflow request can be initiated from a first to a second application. The workflow request can identify one or more memory locations in a shared memory for secure data transfer between the applications. The first application can then monitor the memory locations for the presence of a public key stored in shared memory by the second application in response to the workflow request. Once the public key is present in the shared memory, the first application can retrieve and use it to encrypt an access interval key. The encrypted access interval key can then be stored in the shared memory for retrieval by the second application. The access interval key is associated with a sign on session of the first application, and the second application can retrieve and decrypt it to extend the sign on session to the second application.

Abstract: To establish a sign on session among single sign on (SSO)-enabled applications, a user can be prompted by an application for an access code. An access interval key can be generated using a key derivative function based on the access code. The access interval key can be considered a session key, and it can be used during a valid SSO session to decrypt a master key stored in a shared memory. In turn, the master key can be used to encrypt and decrypt the contents of the shared memory. To securely distribute the access interval key among the SSO-enabled applications during a current session, individual SSO-enabled applications can each store a public key in the shared memory. The access interval key can then be encrypted, respectively, by the public keys of the SSO-enabled applications and stored in the shared memory to be retrieved securely by the SSO-enabled applications.

Abstract: Systems and methods are provided for providing control instructions to a pilot in the event of a loss of control of primary flight surfaces of an aircraft. The control instructions are determined using an emergency flight controller for receiving a pilot input, the emergency flight controller being in operable communication with at least one sensor for sensing aircraft parameters. The emergency flight controller is configured to determine target thrusts for the multiple engines and a target stabilizer position for the trimmable stabilizer on the basis of pilot input and sensed aircraft parameters. A guidance module is configured to provide instructions to a pilot as to how to control the engine thrusts toward the thrust targets and as how to control the trimmable stabilizer towards the target trimmable stabilizer position.

Abstract: An apparatus may determine the quality of a fencing blade. The apparatus may include an electrical current source; a fencing blade to be tested for quality; two electrical cables, each connected between the electrical current source and the fencing blade so as to cause current from the current source to travel through at least a portion of the fencing blade; and a magnetic field sensor in sufficient proximity to the fencing blade so as to enable the magnetic field sensor to detect a magnetic field generated by the fencing blade when the current passes through the fencing blade.

Abstract: A hand air pump with air accumulation function includes a control valve with a valve block and a control lever switchable between a first operation mode where the plunger assembly is allowed to pump compressed air into an air accumulation tank for accumulation, and a second operation mode where the air accumulation tank is opened to discharge the accumulated compressed air for inflating an attached tire and the plunger assembly is allowed to pump compressed air directly into the attached tire.

Abstract: Disclosed are examples that relate to monitoring network usage by client devices and enforcing compliance rules related thereto. In various examples, a system can intercept a network call in transit from a client application to an operating system of a client device, wherein the network call is configured to cause a content provider to transmit content to the operating system over a carrier network, and wherein the network call is further configured to cause the operating system to transmit the content to the client application; can modify the configuration of the network call such that the network call causes the operating system to transmit the content to the management component; can receive the content from the operating system; can analyze the content for network usage; can create a network usage analysis; and, can provide the content to the client application.

Abstract: Disclosed are examples of managing access sessions for a computing device. In some examples, a key is generated using a code obtained through a user interface. The key decrypts data stored in a data store of a client device. The key is decrypted using a boot time that represents a latest time the client device was booted. The key is stored in secured storage that is accessible by the at least one application based on a developer certificate.

Abstract: A hand air pump with air accumulation function includes a control valve with a valve block and a control lever switchable between a first operation mode where the plunger assembly is allowed to pump compressed air into an air accumulation tank for accumulation, and a second operation mode where the air accumulation tank is opened to discharge the accumulated compressed air for inflating an attached tire and the plunger assembly is allowed to pump compressed air directly into the attached tire.

Abstract: Disclosed are examples of managing access sessions for a computing device. In some examples, a key is generated using a code obtained through a user interface. The key decrypts data stored in a data store of a client device. The key is decrypted using a boot time that represents a latest time the client device was booted. The key is stored in secured storage that is accessible by the at least one application based on a developer certificate.

Abstract: To establish a sign on session among single sign on (SSO)-enabled applications, a user can be prompted by an application for an access code. An access interval key can be generated using a key derivative function based on the access code. The access interval key can be considered a session key, and it can be used during a valid SSO session to decrypt a master key stored in a shared memory. In turn, the master key can be used to encrypt and decrypt the contents of the shared memory. To securely distribute the access interval key among the SSO-enabled applications during a current session, individual SSO-enabled applications can each store a public key in the shared memory. The access interval key can then be encrypted, respectively, by the public keys of the SSO-enabled applications and stored in the shared memory to be retrieved securely by the SSO-enabled applications.

Abstract: To extend a sign on session among applications, an inter-application workflow request can be initiated from a first to a second application. The workflow request can identify one or more memory locations in a shared memory for secure data transfer between the applications. The first application can then monitor the memory locations for the presence of a public key stored in shared memory by the second application in response to the workflow request. Once the public key is present in the shared memory, the first application can retrieve and use it to encrypt an access interval key. The encrypted access interval key can then be stored in the shared memory for retrieval by the second application. The access interval key is associated with a sign on session of the first application, and the second application can retrieve and decrypt it to extend the sign on session to the second application.

Abstract: Disclosed are examples of managing access sessions for a computing device. In some examples, a computing device obtains a key and timeout data from secured storage. The computing device determines whether an access session has expired based on the timeout data. Responsive to determining that the access session has expired, the computing device erases the key from the secured storage.

Abstract: Disclosed are various embodiments for monitoring network usage by client devices and enforcing compliance rules related thereto. A management component of a client application can be provided to identify a first function call made in the source code of the client application to invoke a media player function on the client device associated with a playback of media content received over a carrier network. The first function call can be replaced with a second function call that, when invoked during an execution of the client application, causes a device to identify a size of the media content received by the client device over the carrier network; communicate the size of the media content received by the client device to a remote computing service; and provide the media content for playback on the client device.

Abstract: Various examples for application management detection are described. In one example, depending upon whether an installation token includes a unique token value, a client device can determine whether an application is managed or unmanaged. Additionally, the client device can determine whether the application is managed or unmanaged based on whether a keychain installation token includes a unique token value, a value of a keychain installation token, and a value of a launched flag for the application. Using the concepts described herein, an unmanaged application can proceed to execute with limited functionality, present a notification that it should be reinstalled by the management service, stop executing, or take other measures.

Abstract: The detection of whether a local application is managed by a management service is described. In one example, depending upon whether an installation token includes a unique token value, detection logic can determine whether an application is managed or unmanaged based on additional factors. The additional factors include whether a keychain installation token includes a unique token value, the value of the keychain installation token, and a value of a launched flag for the application. Various combinations of those factors and the identification of either a managed or unmanaged status for the application are described. Using the concepts described herein, an unmanaged application can proceed to execute with limited functionality, present a notification that it should be reinstalled by the management service, stop executing, or take other measures.

Abstract: Systems herein can recommend files to users based on meeting information. The system can include a secure email gateway that forwards meeting invitations to an email server and a content server. The system can extract invitee information, meeting timing information, and an attachment from the meeting invitation. During a time period based on the meeting timing information, the content server can cause a managed content application on an invitee's user device to visually identify the attachment as a recommended file. This can allow the user to locate and access relevant files for a meeting, including files that are not attached to the meeting invite, at one location.