A security application for a computing device, e.g., a mobile phone, allows generation of a secret according to a unique user input (e.g., user credentials). The secret is stored in a directory such that it is retrievable when the unique user input is received via a user interface of a device on which the security application executes or is coupled with. Responsive to receiving an identifier associated with the secret, the security application prompts, e.g., via a user interface of the mobile phone, entry of the unique user input; and, subsequently, verifies the unique user input. Following such verification, the security application provides the secret for use in encoding a communication with a remote computer-based station. Entry of the user credentials may be required prior to the security application generating the secret, and may be responsive to receipt of an invitation (e.g., from the remote computer-based station) to generate it.

Systems and methods are disclosed for performing location-based authentication using location-aware devices. One method includes: receiving an access request comprising authentication credentials and a first location from a first location-aware device; receiving a second location from a second location-aware device associated with the authentication credentials; and upon determining that the first location and second location are within a pre-determined distance, authenticating the authentication credentials.

Techniques for provisioning access data may include receiving, by a first application installed on a communication device, user input selecting an account to provision to a second application installed on the communication device. The first application may invoke the second application and send a session identifier (ID) to the second application. The second application may send a user ID associated with the second application, a device ID, and the session ID to the first application. The first application may then generate encrypted provisioning request data and send the encrypted provisioning request data to the second application. The second application may send the encrypted provisioning request data to a remote server computer to request access data that can be used to access a resource. The second application may receive the access data provided by the remote server computer based on validation of the encrypted provisioning request data.

Methods and systems are described in which a system provides a user interface to confirm whether to review or take an action associated with an untrusted email. A driver on a device monitors the startup of any processes. Responsive to monitoring, the driver detects an application process that was created that indicates than an application was launched, and notifies a user console about the creation of the application process. The user console determines if the application process is of significance, if so, it injects a monitor library into the process. Once injected into the process, the monitor library detects if the application process receives an action of a user to access a domain that is not identified as trusted. The monitor library notifies the user console of the user's URL-access request.

A universal link to extract and classify log data is disclosed. In various embodiments, a set of candidate data values that match a top level pattern that is common to two or more types of data value of interest is identified. The candidate data values are processed through a plurality of successive filtering stages, each stage of which includes determining which, if any, of said candidates match a more specific pattern associated more specifically with a specific data value type. Candidates, if any, which match the more specific pattern are classified as being of a corresponding specific data type and are removed from the set of candidate data values. A structured data record that associates each candidate data value determined to be of a corresponding one of said types of data value of interest with said corresponding one of said types of data value of interest is generated and stored.

A method of monitoring email use is performed at a server system by monitoring email use in a first email application at a first device distinct from the server system and monitoring email use in a second email application at a second device distinct from the server system. An inconsistency in the monitored email use is detected for a first email that is received by the second device and appears to have been sent from the first device. In response to detecting the inconsistency, the first email is identified as being potentially malicious. At least one of the first and second devices may be notified that the first email is potentially malicious.

Techniques are provided for retroactively identifying malware programs when new signatures become available that later match network traffic previously obtained from the sandbox environment. An exemplary method comprises obtaining a plurality of packet capture files comprising previously captured network communications of malware programs that previously executed in a sandbox environment, wherein each of the packet capture files are associated with a corresponding malware program that generated the network communications; obtaining signatures indicative of at least one malware program; comparing the signatures to the packet capture files; and retroactively identifying a given malware program as malware if a signature matches a given packet capture file associated with the given malware program. A plurality of malware samples that were previously unidentified are optionally correlated with the given malware program based on a scan of additional packet capture files for the signature that matched the given packet capture file.

Aspects of the subject technology relate to systems and methods for remote storage security. An encryption key is generated based at least on data stored locally by a computing device. The encryption key is bound to a context of the computing device. Data is encrypted using the encryption key. The encrypted data and information associated with the binding of the encryption key are provided for transmission to another computing device.

A method for a traffic volume publication system to publish traffic volumes in a road traffic network includes: receiving traffic information including information on a plurality of road segments and original traffic volume data for the road segments at a first timestamp and calculating a first window size for each road segment for the first timestamp; predicting a second window size for a third timestamp subsequent to the first timestamp, either based on the first window size calculated at the first timestamp or based on the first window size and a window size calculated in advance at a second timestamp prior to the first timestamp; determining a privacy budget allocated to the first timestamp based on the first window size and the second window size; and returning noisy traffic volume data which is obtained by inserting noise into the original traffic volume data, based on the determined privacy budget.

A system is configured to authorize client access to an application programming interface (API) of a host device. A proxy is configured to handle network traffic between a host and a client device. The system determines that an API request lacks a form of authentication including a token where the first API request cannot be authenticated. The API request is denied, and a challenge is transmitted to the client device. A subsequent API request from the client device is determined to include a presented token as the form of authentication. The presented token of the second API request is verified based on attributes of the presented token. The system permits the second API request in response to the presented token being verified. An IP-token pair is stored and the permitted second API request is transmitted to the host device for servicing.