Disclosed are systems, methods, and non-transitory computer-readable storage media for managing content item collections. For example, in embodiment, a client device may receive first user input selecting a content item collection. The client device may generate a graphical user interface for presenting the content item collection. The content item collection may include one or more tiles. Each tile may correspond to a content item embedded into the content item collection and stored by a content management system. The client device may present the content item collection including the one or more tiles. The client device may present, within each of the one or more tiles, an image representing the corresponding content item.

This disclosure describes a computer implemented method for receiving authentication credentials identifying a user; identifying computing systems for which the user is authorized access to; and transmitting tokens granting access to the identified computing systems. In some embodiments, no two tokens of the transmitted tokens grants access to the same one of the identified computing systems. The user typically has access to a management tool configured to manage the transmission of the received tokens to the corresponding computing systems, thereby granting the user the ability to have seamless access to any of the computing systems associated with the user's authenticated identity.

A method by a network device for dynamically detecting emotional states of a user operating a client end station to interact with an application. The method includes receiving information regarding user inputs received by the client end station from the user while the user interacted with the application during a particular time period and determining an emotional state of the user based on analyzing the information and information regarding user inputs received by the client end station from the user while the user interacted with the application during one or more previous time periods that together with the particular time period form a time window.

Searching encrypted data using encrypted contexts by performing at least the following: configuring a first encryption context that allows access to a first encrypted field, configuring a second encryption context that allows access to a second encrypted field, assigning the first encryption context to a first role and the second encryption context to a second role, assigning the first role to a first user account to allow the first user account to access the first encrypted field, assigning the second role to a second user account to allow the second user to access the second encrypted field, receiving a query request associated with the first user account for a search term, wherein the query request includes instructions to search for an unencrypted version of the search term and a first encrypted value of the search term that is based on the first encryption context.

Systems and methods can enable select virtual session capabilities on a user device configured to access a virtual session, which is an instance of a virtual machine. The user device can receive and forward to a gateway sever, a request to launch a virtual session. Based on the virtual session launch request, the gateway server can obtain a compliance profile determined from operational data. The gateway can permit user device access a virtual session hosted on a virtual machine (“VM”) server. The VM server can use the compliance profile and security data from the user device to determine a risk profile of the user device. The virtual session can be configured at the VM server based on the risk profile so as to allow access to a subset of available applications and functions within the applications for the virtual session.

In an embodiment, a method includes registering applications and network services for notification of an out-of-band introduction, and using the out-of-band introduction to bootstrap secure in-band provisioning of credentials and policies that are used to control subsequent access and resource sharing on an in-band channel. In another embodiment, an apparatus implements the method.

Methods and systems for detecting undesirable computer files based on scanning and analysis of information contained within an associated digital certificate chain are provided. According to one embodiment, a file having associated therewith a certificate chain is received. A type and structure of the file are identified. A location of the certificate chain is determined based on the identified type and structure. A signature of the file is formed by extracting a targeted subset of information from the certificate chain. The file is evaluated by comparing the signature with a set signatures having a known desirable or undesirable status. The file is classified based on a result of the evaluating into a category of multiple categories, including one indicative of an associated file being an undesired file or a file suspected of being undesired. The file is handled in accordance with a policy associated with the category.

A method for applying policies to an email message includes receiving, by an inbound policy module in a protected network, message metadata of an email message. The method also includes determining, based on the message metadata, whether receiving the email message in the protected network is prohibited by at least one metadata policy. The method further includes blocking the email message from being forwarded to the protected network if receiving the email message in the protected network is prohibited by the metadata policy. In specific embodiments, the method includes requesting scan results data for the email message if receiving the email message in the protected network is not prohibited by one or more metadata policies. In further embodiments, the method includes receiving the scan results data and requesting the email message if receiving the email message in the protected network is not prohibited by one or more scan policies.

A technology is provided for using a multi-factor authentication process to access services in a computing service environment. One or more policies can be defined for allowing access to one or more services and/or resources associated with a service provider environment according to an authenticated identity. A device, detected by a voice-capturing endpoint within a defined geographical location, may be authenticated according to a unique identification (ID). Voice data received from the voice-capturing endpoint can be authenticated. The authenticated identity can be established according to the authenticated device and the authenticated voice data. A command, received via a voice command from the voice-capturing endpoint, may be issued with the authenticated identity to access the one or more services and/or resources associated with the service provider environment according to the plurality of policies.

The present invention relates to a method for contactlessly establishing a coupling between a medical apparatus (e.g., a hemodialysis apparatus or a peritoneal dialysis apparatus) and a remote control apparatus. An optical coupling signal is exchanged between the involved communication entities, in order to establish bijective, data-processing coupling between the remote control apparatus and the medical apparatus. Only after successful coupling is a remote control procedure initiated for remote control of the medical apparatus.