Abstract: Methods and systems are disclosed for providing approaches to anonymous application wrapping on a mobile device. The methods and systems may include receiving, by a controller service, a request to associate a first application executing on a client device with the controller service, and obtaining, by the controller service, a first application identifier associated with the first application. The methods and systems may also include receiving, by the controller service from an application service, a request for a first service and a conditional application identifier, and configuring, by the controller service and based on the request for the first service, the first application with a second set of one or more policy instructions used to control the first application.

Abstract: The present disclosure is directed to methods and systems of providing a user-selectable list of disparately hosted applications. A device intermediary to a client and one or more servers may receive a user request to access a list of applications published to the user. The device may communicate to the client the list of published applications available to the user, the list comprising graphical icons corresponding to disparately hosted applications, at least one graphical icon corresponding to a third-party hosted application of the disparately hosted applications, the third party hosted application served by a remote third-party server. The device may receive a selection from the user of the at least one graphical icon. The device may communicate, from the remote third party server to the client of the user, execution of the third party hosted application responsive to the selection by the user.

Abstract: Methods, systems, and computer-readable media for providing an application store are presented. In some embodiments, a request for a software application may be received at an application store. Subsequently, the software application may be configured, at the application store, based on a single sign-on credential. The configured software application then may be provided, by the application store, to at least one recipient device associated with the single sign-on credential.

Abstract: The present disclosure is directed to methods and systems of providing a user-selectable list of disparately hosted applications. A device intermediary to a client and one or more servers may receive a user request to access a list of applications published to the user. The device may communicate to the client the list of published applications available to the user, the list comprising graphical icons corresponding to disparately hosted applications, at least one graphical icon corresponding to a third-party hosted application of the disparately hosted applications, the third party hosted application served by a remote third-party server. The device may receive a selection from the user of the at least one graphical icon. The device may communicate, from the remote third party server to the client of the user, execution of the third party hosted application responsive to the selection by the user.

Abstract: Just in time delivery of a consistent user profile to overlapping user sessions, where a first user session issues a request for a first file of a user profile to a server agent. Upon receiving the request, the server agent retrieves the first file from a base user profile, and just in time delivers the retrieved first file to the first user session. The user, via a second user session executing simultaneously with the first user session, issues a request to the server agent for the first file and a second file of the user profile. Upon receiving the request, the server agent identifies a modified version of the first file in a provisional user profile, retrieves the modified first file from the provisional user profile and the second file from the base user profile, and just in time delivers both files to the second user session.

Abstract: A method for interactive policy evaluation using dynamically generated, interactive resultant sets of policies includes the step of receiving, by a graphical user interface, at least one of: a description of a client requesting access to a resource, a description of the resource, and a description of a method of access requested by the client. The graphical user interface displays at least one policy applicable to the client request for access to the resource. The graphical user interface displays a decision made by applying the at least one policy to the received description.

Abstract: Described herein is an enterprise system including an enterprise social platform associated with an application store platform, which is accessible by a computing device in a secure manner. The enterprise social platform stores information indicating user roles within the enterprise and provides at least one social networking feature to a group of users that are associated based on the roles, where the social networking feature is associated with an enterprise application store. An application catalog system of the enterprise application store platform includes sets of enterprise applications that are available for selection by enterprise users, and the application catalog system provides access to selected enterprise applications.

Abstract: Methods, systems, and computer-readable media for providing an application store are presented. In some embodiments, a request for a software application may be received at an application store. Subsequently, the software application may be configured, at the application store, based on a single sign-on credential. The configured software application then may be provided, by the application store, to at least one recipient device associated with the single sign-on credential.

Abstract: Aspects described herein are directed toward systems, methods, devices, and non-transitory computer-readable media for containerizing a web application and managing its execution. In example implementations, at least a portion of a web application a resource list identified by that web application is retrieved. The portion of the web application and the resources retrieved are cached at a computing device. The application manager intercepts one or more function calls invoked at the cached portion of the web application and processes the function calls intercepted.

Abstract: Methods, systems, and computer-readable media for providing an application store are presented. In some embodiments, authentication credentials of an administrative user of an application store may be received at the application store. Based on validating the authentication credentials of the administrative user, a mobile service management interface may be provided via the application store. In addition, the mobile service management interface may include at least one control that is configured to allow the administrative user to define one or more policies to be applied to at least one application that is available in the application store.

Abstract: The methods and systems described herein provide for secure implementation of external storage providers in an enterprise setting. Specifically, the present invention provides for allowing the secure use of processes that may transmit files to external storage providers or access files from an external storage provider. In some arrangements, process, such as an untrusted process, may request access to a file. A security agent may intercept the request and encrypt the file. The file can then be transmitted to the external storage provider. A user may subsequently request access to the file. A security agent may intercept a message in connection with this request, determine whether the user is authorized to access the file, and decrypt the file.

Abstract: Methods and systems for disrupting password attacks using compression are described. A user password may be stored on a mobile computing device. The password may be compressed, for example, using a Huffman compression algorithm, and may be subsequently encrypted using a short secret as a key. The user password may be stored as the compressed and encrypted key. The compressed and encrypted password may be stored such that a brute force password attack, for example, using every possible short secret, would reveal too may possible matches to allow an attacker to select the real password.

Abstract: Methods and systems for authenticating users of client devices to allow access of resources and services in enterprise systems are described herein. An authentication device may validate a user based on authentication credentials received from a client device. Validation data stored by the authentication device, and a corresponding access token transmitted to the client device, may be used to authenticate the user for future resource access requests. A user secret also may be stored by the authentication device and used to validate the user for future resource access requests. Additionally, after validating a user with a first set of authentication credentials, additional sets of credentials for the user may be retrieved and stored at an access gateway for future requests to access other services or resources in an enterprise system.

Abstract: Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource.

Abstract: Methods and systems for communicating information between mobile applications are presented. In some embodiments, a mobile device may determine that a plurality of applications are running on the mobile device. The mobile device may determine that each application of the plurality of applications uses a shared passcode to encrypt information about a persistent state. The mobile device may generate a beacon that includes encrypted state information. The mobile device may maintain state information across the plurality of applications beyond the lifetime of any one of the plurality of applications by transmitting the beacon from a first application to a second application before the first application's lifetime is completed.

Abstract: A system for updating and delivering an interactive application delivery store, where the system includes a client computer, a server and an application delivery store executing on the server, the client computer communicating with the server over a communicative connection. A user accesses the application delivery store using the client computer, and subscribes to an application not included in a user profile of the user using the application delivery store. In response to subscribing to the application, the application delivery store verifies user permissions of the user and determines whether the user is permitted to subscribe to the application. Upon determining the user can subscribe to the application, the application delivery store updates the user profile with the application and transmits a stub application to the client computer. The stub application represents the application subscribed to by the user in that the stub application includes a portion of the application.

Abstract: Methods and systems for authenticating users of client devices to allow access of resources and services in enterprise systems are described herein. An authentication device may validate a user based on authentication credentials received from a client device. Validation data stored by the authentication device, and a corresponding access token transmitted to the client device, may be used to authenticate the user for future resource access requests. A user secret also may be stored by the authentication device and used to validate the user for future resource access requests. Additionally, after validating a user with a first set of authentication credentials, additional sets of credentials for the user may be retrieved and stored at an access gateway for future requests to access other services or resources in an enterprise system.

Abstract: Methods and systems for disrupting password attacks using compression are described. A user password may be stored on a mobile computing device. The password may be compressed, for example, using a Huffman compression algorithm, and may be subsequently encrypted using a short secret as a key. The user password may be stored as the compressed and encrypted key. The compressed and encrypted password may be stored such that a brute force password attack, for example, using every possible short secret, would reveal too may possible matches to allow an attacker to select the real password.

Abstract: Methods and systems for disrupting password attacks using compression are described. A user password may be stored on a mobile computing device. The password may be compressed, for example, using a Huffman compression algorithm, and may be subsequently encrypted using a short secret as a key. The user password may be stored as the compressed and encrypted key. The compressed and encrypted password may be stored such that a brute force password attack, for example, using every possible short secret, would reveal too may possible matches to allow an attacker to select the real password.