Multi-layer protection: the complete security architecture
Security that depends on a single mechanism is security that has a single point of failure. Avalw Shield uses five independent layers of protection, each addressing a different threat vector. When one layer is insufficient, the next one activates. Together, they create a defense system with no gaps.
Level 1: Automatic detection and locking
The first line of defense is the simplest and most important: your computer locks when you are not there and unlocks when you return.
Shield continuously monitors the camera for your enrolled face. When it detects that you have left your desk, the screen locks after a configurable grace period. When you sit back down, Shield recognizes your face and unlocks the system in under 200 milliseconds. No password required, no keyboard interaction needed.
This layer eliminates the most common security failure in any workplace: the unlocked, unattended computer. Studies consistently show that employees leave their workstations unlocked for an average of 10 minutes per incident, multiple times per day. Each of those windows is an open invitation for unauthorized access.
What Level 1 prevents
Unauthorized access to an unattended computer. Data theft from an unlocked workstation. Unauthorized software installation. Email access, file browsing, and credential theft while the user is away.
Level 2: Shoulder surfing blur
Level 1 protects your computer when you are away. Level 2 protects it while you are using it.
Shoulder Surfing Guard monitors the camera for faces other than yours. When it detects that someone is looking at your screen, it applies an instant full-screen blur in under 0.3 seconds. The blur makes all text and images completely unreadable. When the unauthorized viewer looks away or leaves, the blur lifts automatically.
This layer addresses a threat that no traditional security tool can handle: someone physically looking at your screen. Firewalls, encryption, and access controls are useless against a pair of eyes. Shoulder Surfing Guard is the only defense that works against visual data theft while the computer is in active use.
How Level 2 operates
Multi-face detection identifies non-enrolled viewers. Contextual analysis determines if the detected face is actually viewing the screen (not just passing in the background). Instant blur activates in under 0.3 seconds. Automatic deblur restores the screen when the viewer leaves.
Level 3: System key blocking
When Shield locks the screen, it does more than display a lock screen. It intercepts and blocks system keyboard shortcuts that could be used to bypass the lock.
Without this layer, an attacker could potentially use key combinations to access the task manager, switch windows, open a command prompt, or force-close the lock screen application. Shield blocks these vectors by intercepting system-level keyboard events before they reach the operating system.
Blocked combinations include:
- Alt+Tab — prevents switching to other open applications behind the lock screen.
- Alt+F4 — prevents closing the Shield lock screen overlay.
- Ctrl+Alt+Del — prevents accessing the Windows security screen.
- Win+D — prevents minimizing all windows to show the desktop.
- Win+R — prevents opening the Run dialog.
- Ctrl+Shift+Esc — prevents opening Task Manager directly.
The keyboard resumes normal function the moment Shield recognizes the enrolled user's face and unlocks the system.
Key blocking is the difference between a lock screen that asks nicely and one that actually prevents access. Shield's lock is not a suggestion. It is a wall.
Level 4: Screenshot audit
Levels 1 through 3 prevent unauthorized access. Level 4 documents it.
When Shield detects specific security events, it silently captures a photograph from the camera along with metadata about the event. These captures are stored locally in an encrypted format and retained for 90 days by default.
Three events trigger automatic capture:
- Unknown face at lock screen. Someone who is not the enrolled user sits at the computer.
- Failed password attempts. Someone tries to guess the password.
- Prolonged blur sessions. Someone persistently tries to view the screen over an extended period.
This creates a complete audit trail of access attempts. You know who tried, when they tried, and how they tried. The captures can be reviewed in Shield's security gallery, filtered by event type and date.
Deterrent effect
The knowledge that access attempts are being documented is itself a powerful deterrent. People behave differently when they know their actions are being recorded. Even without reviewing a single capture, Level 4 reduces the likelihood of unauthorized access attempts.
Level 5: Encryption and local privacy
The final layer is not about preventing external threats. It is about ensuring that Shield itself does not become a vulnerability.
All data that Shield stores, including face enrollment data, security screenshots, and configuration settings, is encrypted on your local drive. This data never leaves your device. There is no cloud sync, no remote backup, no telemetry, and no network communication.
Key privacy guarantees:
- Face data stays local. Your enrollment biometrics are stored in an encrypted format on your drive and never transmitted.
- Camera feed is ephemeral. Video frames are processed in real time and immediately discarded. Shield does not record video.
- Screenshots are owner-only. Security captures can only be viewed by the enrolled user on the local device.
- No internet required. After initial setup, Shield functions entirely offline.
- Automatic cleanup. Old data is permanently deleted according to retention policies.
The best security system is one that does not create new risks. Shield protects your data without collecting it, transmitting it, or storing it where others can reach it.
Covered scenarios
These five layers work together to provide comprehensive protection across every environment where you use your computer.
Open office
High foot traffic, shared spaces, visible screens
Level 1 locks when you leave for meetings. Level 2 blurs when colleagues walk past your desk. Level 3 prevents anyone from bypassing the lock while you're in a meeting. Level 4 documents if someone sits at your workstation. Level 5 keeps all data encrypted on your machine, not on the company network.
Work from home
Family members, visitors, shared living spaces
Level 1 locks when you step away to answer the door. Level 2 blurs if a family member looks at your screen while passing through the room. Level 3 prevents children from accidentally accessing your work through keyboard shortcuts. Level 4 captures any unauthorized face at the lock screen. Level 5 ensures work data remains protected even on a personal device.
Business travel
Airports, hotels, conference venues
Level 1 locks when you leave your laptop at the hotel business center or step away from your gate. Level 2 blurs when the person in the adjacent airport seat glances at your screen. Level 3 prevents anyone from accessing your system in a hotel room. Level 4 documents if someone approaches your laptop while you are away. Level 5 ensures that even if the device is stolen, the biometric and security data remains encrypted.
Coffee shops and coworking spaces
Unfamiliar people, close proximity, no physical security
Level 1 locks the moment you step to the counter. Level 2 blurs when the person at the next table looks over. Level 3 makes the locked screen impervious to casual keyboard exploration. Level 4 captures anyone who approaches while you are ordering. Level 5 keeps everything local, nothing travels over the coffee shop's potentially compromised WiFi.
The architecture principle
Each layer of Shield addresses a fundamentally different threat. No single layer is sufficient by itself. Automatic locking does not help while you are at your desk. Shoulder surfing blur does not help when you are away. Key blocking does not help if there is no lock screen active. Screenshots do not prevent access, they document it. Encryption does not stop visual hacking.
But together, they cover every angle. There is no gap between layers, no scenario where all five fail simultaneously. This is the principle of defense in depth: make an attacker defeat not one mechanism, but five independent ones.