Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for proximity-based access. In some implementations, a computing device detects an attempt to access the computing device while the computing device is in a secured state. In response to detecting the attempt to access the computing device, the computing device sends a first message to a server system over a network. After sending the message, the computing device receives a second message from the server system over the network, the second message comprising authentication data for the computing device. The computing device determines that a mobile device that was previously designated as an authentication factor for accessing the computing device is located within a predetermined level of proximity of the computing device, and the computing device grants access to the computing device.

An operating system of a mobile device defines an interface for an MDM to ensure security of the device. A private personal MDM (PPMDM) instead interfaces with the operating systems and one or more enterprise MDMs (EMDM) implement security policies through the PPMDM subject to user control. Data may be flagged as associated with an EMDM based on source or location to enable deletion due to theft or disassociation with an enterprise. Blocks or threat detection according to an EMDM policy may be reported to an EMDM in a non-invasive manner.

The subject technology provides systems and methods for logging data access by applications. A first process executing on an electronic device may receive an access request from a second process executing on the electronic device. The access request may include a request to access data corresponding to a protected data category. Subsequent to receiving the access request, the first process may determine whether the second process is authorized to access the data. In response to determining that the second process is authorized to access the data, the first process may grant the second process access to the data, and then generate and store log data corresponding to the access of the data by the second process.

In connection with a data distribution architecture, client-side “deduplication” techniques may be utilized for data transfers occurring among various file system nodes. In some examples, these deduplication techniques involve fingerprinting file system elements that are being shared and transferred, and dividing each file into separate units referred to as “blocks” or “chunks.” These separate units may be used for independently rebuilding a file from local and remote collections, storage locations, or sources. The deduplication techniques may be applied to data transfers to prevent unnecessary data transfers, and to reduce the amount of bandwidth, processing power, and memory used to synchronize and transfer data among the file system nodes. The described deduplication concepts may also be applied for purposes of efficient file replication, data transfers, and file system events occurring within and among networks and file system nodes.

The disclosed technology is generally directed to device security in an IoT environment. For example, such technology is usable in IoT security. In one example of the technology, a set of security rules that is associated with an expected condition of at least one IoT device is stored. IoT data associated with the at least one IoT device is received. The IoT data may be aggregated data that includes at least two different types of data. A determination is made, based on the IoT data, as to whether the set of security rules has been violated. An alert is selectively sent based on the determination.

A device implementing a system for responding to a voice request includes a processor configured to receive a voice request, the device being associated with a user account, and determine, based on the voice request, a confidence score that the voice request corresponds to a voice profile associated with the user account. The processor is further configured to select, based at least in part on a content of the voice request and the confidence score, a request domain from among plural request domains for responding to the voice request, and provide for a response to the voice request based on the selected request domain.

Techniques are described for generating and presenting a digital document for a transfer. A check service may generate the digital document based on provided check data. The digital document may be stored on a user device and presented to a recipient, for example through the display of the user device. The digital document may also be provided to the recipient in an email or other type of communication. The check service may generate a digital watermark to include on the digital document. The watermark may be unique to the particular document, and may be algorithmically generated based on data that is associated with the particular document, such as a serial identifier, a transaction identifier, an amount, a user identifier of the sender, etc. The digital watermark may be regenerated when the recipient presents the document for payment, to confirm document validity.

A method, system, and/or apparatus for automatically monitoring for possible infection or other physical health concerns, such as from Covid-19. The method or implementing software application uses or relies upon location information available on the mobile device from any source, such as cell phone usage and/or other device applications. The method and system automatically uses and/or learns user location and activity patterns and determines and infection risk that can be communicated as a warning to community members.

There is provided a computer implemented method for accessing a resource at a computing device, as well as for controlling access to a resource by a computing device. The computing device receives a policy indicating a set of conditions under which access to the resource is permitted, determines whether each of the conditions are initially present based on an output of one or more sensors of the device, and monitors the one or more sensors to detect a change in the presence of one or more of the conditions. In response to detecting the change in the presence of one or more of the conditions, the computing device determines whether each of the conditions are present. In response to determining that each of the conditions is present, access to the resource is enabled. If at least one of the conditions is not present, access to the resource is prevented.

An information processing apparatus for configuring a first device and a second device connectable thereto includes an interface and a memory that stores: location information indicating a predetermined location at which the devices are to be installed, first information indicating an initial setting for the first device, and second information indicating an initial setting for the second device. The apparatus further includes a processor configured to, upon receipt of a first request including location information from the first device, authenticate the first device by comparing a location indicated by the location information with the predetermined location, when the authentication is successful, control the interface to transmit the first information to the first device, and upon receipt of a second request from the first device after the initial setting for the first device has been set, control the interface to transmit the second information to the first device.