Abstract: Systems and methods are described for configuring a web page using chain of trust. In an example, a web browser can receive a certificate hierarchy from a web server in response to a request for a web page. The web browser can apply a hash algorithm to one or more digital security certificates in the certificate hierarchy. The web browser can send the hash values to a deployment database that stores mappings of known hash values to website configuration settings. The deployment database can respond with the corresponding configuration settings. The web browser can merge the configuration settings and apply them to the web page prior to rendering the web page on a display.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: Systems and methods are described for Uniform Resource Locator (“URL”) pattern-based high-risk browsing and anomaly detection. In an example, a user device can compare URLs in a browser's history to URL patterns in a provided list to identify matches. The user device can calculate a browsing risk score based on the percentage of entries in the browsing history that match each URL pattern and a risk score associated with the URL pattern. Security policies can be enforced at the user device if the browsing risk score exceeds a threshold. The user device can also detect potentially dangerous anomalous browsing behavior. The user device can calculate a deviance score based on variations between recent browsing history and historical browsing behavior at the user device. Security policies can be enforced at the user device if the deviance score exceeds a threshold.

Abstract: Disclosed are various approaches for ensuring application integrity for enterprise resource access. In some examples, risk data for a client device is periodically received from a risk assessment service. The risk data is embedded into integrated data that includes the enterprise resources and the risk data. The integrated data is transmitted to a client device, and the integrated data causes the client device to provide a continuously updated risk user interface element in a user interface that provides the enterprise data.

Abstract: The present disclosure relates to zero trust accessory management. A cryptographic interface application can set a provisioning passcode for the hardware security module. The cryptographic interface application can further set a usage passcode for the hardware security module. The cryptographic interface application can remove an unblock passcode for the hardware security module. The cryptographic interface application can install at least one credential to the hardware security module using the accessory provisioning passcode.

Abstract: Examples for validating the identify of an application in an inter-app communication protocol are described. An attestation payload is obtained from a third party attestation service that is executed remotely from a device on which the application is running. The attestation payload can be validated by another application on the device in order to validate the identity of the application providing the attestation payload.

Abstract: Disclosed are various examples for an application settings module that provides uniform access to diverse types of data, such as mobile device settings. A client device, such as a mobile device, can be configured through execution of program instructions to access a schema file comprising a definition of a plurality of keypaths, where individual ones of the plurality of keypaths uniquely correspond to one of a plurality of device settings and the keypaths are defined in the schema file in association with a plurality of methods. The client device can identify a function invoked using one of the keypaths to read or write a corresponding one of the device settings, whether stored locally or remote, and, in response to the function being invoked, execute a portion of the methods corresponding to the one of the keypaths in the schema file and return a result to a requesting process.

Abstract: Disclosed are various embodiments for cryptographic processing on client devices. A cryptographic service can receive a cryptographic operation request from a client application. The cryptographic operation request can include a key identifier for a private key and data to be cryptographically processed and the cryptographic operation request specifying a cryptographic operation to be performed. A cryptographic provider can then be identified based at least in part on the key identifier for the private key. A request is subsequently sent to the cryptographic provider to perform the cryptographic operation on the data using the private key. A response is then received from the cryptographic provider and sent to the client application.

Abstract: Systems and methods are described for Uniform Resource Locator (“URL”) pattern-based high-risk browsing and anomaly detection. In an example, a user device can compare URLs in a browser's history to URL patterns in a provided list to identify matches. The user device can calculate a browsing risk score based on the percentage of entries in the browsing history that match each URL pattern and a risk score associated with the URL pattern. Security policies can be enforced at the user device if the browsing risk score exceeds a threshold. The user device can also detect potentially dangerous anomalous browsing behavior. The user device can calculate a deviance score based on variations between recent browsing history and historical browsing behavior at the user device. Security policies can be enforced at the user device if the deviance score exceeds a threshold.

Abstract: Examples for validating the identify of an application in an inter-app communication protocol are described. An attestation payload is obtained from a third party attestation service that is executed remotely from a device on which the application is running. The attestation payload can be validated by another application on the device in order to validate the identity of the application providing the attestation payload.

Abstract: Systems and methods are included for creating an assured record of a user interaction. An application on a user device can receive an agreement. The agreement can include a specification with instructions for assuring the user interaction. The application can pass the agreement to an assured module installed in the application. The assured module can present the agreement to a user in an interface. The assured module can receive user input indicating acceptance or rejection of the agreement. The assured module can generate a confirmation file that confirms the user interaction. The assured module can sign the confirmation file with a digital signature that can be used by other entities to verify the authenticity of the confirmation file.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: Systems and methods are included for creating an assured record of a user interaction. An application on a user device can receive an agreement. The agreement can include a specification with instructions for assuring the user interaction. The application can pass the agreement to an assured module installed in the application. The assured module can present the agreement to a user in an interface. The assured module can receive user input indicating acceptance or rejection of the agreement. The assured module can generate a confirmation file that confirms the user interaction. The assured module can sign the confirmation file with a digital signature that can be used by other entities to verify the authenticity of the confirmation file.

Abstract: A method, system and computer-readable storage medium for controlling access to application data associated with an application configured on a computing device.

Abstract: Embodiments described herein are related to a method for password streaming. The method comprises: upon receiving, at the first device, a first entry corresponding to a password in the password user interface, the first entry adding a first character to the password: adding the first character to an editing placeholder stored in memory of the password user interface; transmitting a command to a password storage component separate from the memory of the password user interface, wherein the command represents the first entry, wherein the password storage component is configured to store the password and edit the password to include the first character based on the command; and overwriting the first character with a first masking character in the editing placeholder based on transmitting the command.

Abstract: Systems and methods are included for creating an assured record of a user interaction. An application on a user device can receive an agreement. The agreement can include a specification with instructions for assuring the user interaction. The application can pass the agreement to an assured module installed in the application. The assured module can present the agreement to a user in an interface. The assured module can receive user input indicating acceptance or rejection of the agreement. The assured module can generate a confirmation file that confirms the user interaction. The assured module can sign the confirmation file with a digital signature that can be used by other entities to verify the authenticity of the confirmation file.

Abstract: Systems and methods are included for creating an assured record of a user interaction. An application on a user device can receive an agreement. The agreement can include a specification with instructions for assuring the user interaction. The application can pass the agreement to an assured module installed in the application. The assured module can present the agreement to a user in an interface. The assured module can receive user input indicating acceptance or rejection of the agreement. The assured module can generate a confirmation file that confirms the user interaction. The assured module can sign the confirmation file with a digital signature that can be used by other entities to verify the authenticity of the confirmation file.

Abstract: A method of controlling access to data on a first electronic device, the method comprising steps of establishing a shared encryption key with a first software application instance running on a second electronic device, receiving a ‘begin session’ command sent by the first software application instance and responsive to the ‘begin session’ command, creating a storage location in a data store of the electronic device, obtaining a data encryption key, receiving data, encrypting the data using the data encryption key and storing the encrypted data in the storage location, receiving an ‘end session’ command sent by the first software application instance and responsive to the ‘end session’ command, discarding the shared encryption key, and deleting the encrypted data from the storage location.

Abstract: The disclosure provides for presenting programs in a scripting language. Examples include receiving a data stream containing computer executable instructions in an interpreted language; generating a verification code; publishing, on a media, the data stream and the verification code; reading, using a sensor, the published data stream and verification code at a reader node; receiving user input; based at least on the verification code or the received user input, determining permission to execute, by the reader node, the computer executable instructions; and based at least on determining that execution is permitted by the reader node, executing at least a portion of the computer executable instructions using an interpreted language execution environment on the reader node. For some examples, the media includes a matrix barcode (e.g., a QR code) or a smart card. Some examples leverage a remote verification node and/or a remote library of executable functions.

Abstract: Disclosed are various examples for an application settings module that provides uniform access to diverse types of data, such as mobile device settings. A client device, such as a mobile device, can be configured through execution of program instructions to access a schema file comprising a definition of a plurality of keypaths, where individual ones of the plurality of keypaths uniquely correspond to one of a plurality of device settings and the keypaths are defined in the schema file in association with a plurality of methods. The client device can identify a function invoked using one of the keypaths to read or write a corresponding one of the device settings, whether stored locally or remote, and, in response to the function being invoked, execute a portion of the methods corresponding to the one of the keypaths in the schema file and return a result to a requesting process.