Jesper Johansson

A variety of different mobile computing devices, such as a laptop, tablet or smartphone, may be used in a mixed set of computing environments. At least some of the computing environments may be hostile computing environments where users of the mobile computing devices may be exposed to unknown risks. Furthermore, the mobile computing devices may be unable to determine if a network in a particular computing environment is in fact the network the mobile device determines it to be. A beacon device… Show more

A variety of different mobile computing devices, such as a laptop, tablet or smartphone, may be used in a mixed set of computing environments. At least some of the computing environments may be hostile computing environments where users of the mobile computing devices may be exposed to unknown risks. Furthermore, the mobile computing devices may be unable to determine if a network in a particular computing environment is in fact the network the mobile device determines it to be. A beacon device may be attached to a network and provide mutual authentication for mobile devices in the computing environment. The beacon device may be paired with the mobile devices in order to generate secret information useable in mutual authentication of the mobile device and the beacon device. Show less

Disclosed are various embodiments for provisioning account credentials via a trusted channel. An account configuration manager automatically determines a credential reset format that is associated with an account. The account configuration manager then automatically requests a security credential reset for the account using the credential reset format. A security credential communication is received via a trusted channel of communication that is linked to the account for reset purposes. The… Show more

Disclosed are various embodiments for provisioning account credentials via a trusted channel. An account configuration manager automatically determines a credential reset format that is associated with an account. The account configuration manager then automatically requests a security credential reset for the account using the credential reset format. A security credential communication is received via a trusted channel of communication that is linked to the account for reset purposes. The account configuration manager parses the security credential communication to determine a security credential for the account.
Show less

Representations of authentication objects are selectable through a user interface, such as through a drag and drop operation. When an authentication object is selected by a user, a corresponding authentication object (e.g., in the form of an authentication claim) is transmitted to s system for authentication. The authentication object may contain information that is sufficient for authentication with the system and the information may include an attestation to the state of a computing… Show more

Representations of authentication objects are selectable through a user interface, such as through a drag and drop operation. When an authentication object is selected by a user, a corresponding authentication object (e.g., in the form of an authentication claim) is transmitted to s system for authentication. The authentication object may contain information that is sufficient for authentication with the system and the information may include an attestation to the state of a computing environment from which the authentication object is transmitted.
Show less

Representations of authentication objects are provided for selection via an interface. An authentication object may be generated to include information proving possession of a user of an item, such as a one-time password token or a physical trait. A selected authentication object may contain information sufficient for authentication with a corresponding system. The interface may provide multiple representations of authentication objects that are usable with different service providers.

One or more cooperative network servers establish connections with a plurality of access points to form a cooperative network. The plurality of access points may be operated by a plurality of different individuals. Incentives such as reciprocal usage, remuneration, and so forth may encourage participants to join the cooperative network. Data may be passed from an originating device through the access point to a datacenter, which may transfer the data to another datacenter which sends the data… Show more

One or more cooperative network servers establish connections with a plurality of access points to form a cooperative network. The plurality of access points may be operated by a plurality of different individuals. Incentives such as reciprocal usage, remuneration, and so forth may encourage participants to join the cooperative network. Data may be passed from an originating device through the access point to a datacenter, which may transfer the data to another datacenter which sends the data to another access point which ultimately provides the data to a destination device. The transfer between datacenters may use a high capacity backbone which may provide lower latency, reduced data transfer cost, and so forth.
Show less

Techniques are described for determining a priority order for generating, serving, or rendering components of content such as a web page. Behavioral data may be collected from user devices, the behavioral data describing user interactions with components of the content during previous presentations of the content on the user devices. Based on the behavioral data, a score may be determined for one or more of the components, the score based on component dwell times, component presentation… Show more

Techniques are described for determining a priority order for generating, serving, or rendering components of content such as a web page. Behavioral data may be collected from user devices, the behavioral data describing user interactions with components of the content during previous presentations of the content on the user devices. Based on the behavioral data, a score may be determined for one or more of the components, the score based on component dwell times, component presentation frequency, or other information. A priority order for the components may be based on the determined scores, and the components may be generated, served, or rendered in the priority order.
Show less

Disclosed are various embodiments that facilitate bootstrapping authentication of a user at a first device using a second device. The second device is authenticated for access to a user account via a first security credential. A second security credential is received by the second device. The second security credential is then sent to the first device. Subsequently, the second security credential is received from the first device, and the first device is authenticated for access to the user… Show more

Disclosed are various embodiments that facilitate bootstrapping authentication of a user at a first device using a second device. The second device is authenticated for access to a user account via a first security credential. A second security credential is received by the second device. The second security credential is then sent to the first device. Subsequently, the second security credential is received from the first device, and the first device is authenticated for access to the user account. The second device includes visual cues to indicate a network page is legitimate, while the first device excludes visual cues to indicate the network page is legitimate.
Show less

Disclosed are various embodiments for correlating a first use case-specific entity identifier with a second use case-specific entity identifier. A chained entity identifier corresponds to the first use case-specific entity identifier. The chained entity identifier can include the second use case-specific entity identifier cryptographically wrapped by a use case-specific key. The second use case-specific entity identifier can be received from the chained entity identifier. The second use… Show more

Disclosed are various embodiments for correlating a first use case-specific entity identifier with a second use case-specific entity identifier. A chained entity identifier corresponds to the first use case-specific entity identifier. The chained entity identifier can include the second use case-specific entity identifier cryptographically wrapped by a use case-specific key. The second use case-specific entity identifier can be received from the chained entity identifier. The second use case-specific entity identifier can be correlated to the first use case-specific entity identifier.
Show less

Disclosed are various embodiments for obtaining policy data specifying decoy data eligible to be inserted within a response to an access of a data store. The decoy data is detected in the response among a plurality of non-decoy data based at least upon the policy data. An action associated with the decoy data is initiated in response to the access of the data store meeting a configurable threshold.

Disclosed are various embodiments for a behavior-based identity system that recognizes and/or authenticates users based at least in part on determining stored behavioral events. For example, stored behavioral events may have been observed previously at a client or have been predefined by an authenticated user. Multiple behavioral events expressed by the client relative to a network site are recorded. The behavioral events may correspond to data that a user has elected to share, and the user may… Show more

Disclosed are various embodiments for a behavior-based identity system that recognizes and/or authenticates users based at least in part on determining stored behavioral events. For example, stored behavioral events may have been observed previously at a client or have been predefined by an authenticated user. Multiple behavioral events expressed by the client relative to a network site are recorded. The behavioral events may correspond to data that a user has elected to share, and the user may opt-in or opt-out of the behavior-based identity system. A comparison is performed between the multiple observed behavioral events and the stored behavioral events associated with a user identity. An inverse identity confidence score as to whether the user identity does not belong to a user at the client is generated based at least in part on the comparison.
Show less

Disclosed are various embodiments relating to bootstrapping user authentication. A first security credential is received for a user account from a user. A first application is then authenticated with another computing device using the first security credential. After authenticating the first application, a bootstrap request is then sent to the other computing device for a second security credential to authenticate a second application without using the first security credential. The bootstrap… Show more

Disclosed are various embodiments relating to bootstrapping user authentication. A first security credential is received for a user account from a user. A first application is then authenticated with another computing device using the first security credential. After authenticating the first application, a bootstrap request is then sent to the other computing device for a second security credential to authenticate a second application without using the first security credential. The bootstrap request specifies a bootstrap session identifier. The second security credential is then received from the other computing device.
Show less

Disclosed are various embodiments that perform confidence-based authentication of a user. An identification of a user account is obtained from a user, and a minimum confidence threshold is determined. Multiple authentication challenges are presented to the user. Responses are obtained from the user to a subset of the challenges, with each response having a corresponding authentication point value. A confidence score is generated for the user, where the confidence score is increased by the… Show more

Disclosed are various embodiments that perform confidence-based authentication of a user. An identification of a user account is obtained from a user, and a minimum confidence threshold is determined. Multiple authentication challenges are presented to the user. Responses are obtained from the user to a subset of the challenges, with each response having a corresponding authentication point value. A confidence score is generated for the user, where the confidence score is increased by the respective authentication point values of the correct responses. The user is authenticated as being associated with the user account in response to determining that the confidence score meets the minimum confidence threshold.
Show less

A client negotiates multiple cryptographic keys with a server. One of the cryptographic keys is used to encrypt communications that the server can decrypt. Another of the cryptographic keys is used to encrypt communications that, while sent to the server, are not decryptable to the server. The server is configured to forward communications that it is unable to decrypt to another computer system having an ability to decrypt the communications.

Methods and systems are provided for verifying reset of credentials for user accounts. The methods and systems receive a request to change a credential associated with a user account. The user account has account privileges associated with a network service. The methods and systems set the user account to a cool-down status and send a reset notification to one or more trusted access points associated with the user account to inform a valid owner or user of the account that a credential has been… Show more

Methods and systems are provided for verifying reset of credentials for user accounts. The methods and systems receive a request to change a credential associated with a user account. The user account has account privileges associated with a network service. The methods and systems set the user account to a cool-down status and send a reset notification to one or more trusted access points associated with the user account to inform a valid owner or user of the account that a credential has been reset. The methods and systems manage availability of at least a restricted subset of the account privileges for a cool-down time period or until a reset verification is received from a valid owner or user. Show less

Input received into a first component of a user interface is mirrored in another component of the user interface. The first component of the user interface is monitored and changes to the first component are caused to occur in the second component. The first component may be configured to receive user input for an authentication claim.

Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the device. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. If the hardware trust evaluation device determines… Show more

Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the device. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. If the hardware trust evaluation device determines that a program is trustworthy, the trust evaluation device causes the trust indicator to provide a positive indication of the trustworthiness of the computer program to a user of the computing device. If the hardware trust evaluation device determines that a program is not trustworthy, the trust evaluation device causes the trust indicator to provide a negative indication of the trustworthiness of the computer program. Certain functionality might also be restricted in response to determining that a program is not trustworthy.
Show less

Disclosed are various embodiments for assessing risk associated with a software application on a user computing device in an enterprise networked environment. An application rating is generated for the software application based at least in part on application characteristics. A risk analysis for the installation of the application is generated based at least in part on the application rating, the user computing device, and user information.

A client establishes a network session with a server. The network session is used to establish an encrypted communications session. The client establishes another network session with another server, such as after terminating the first network session. The client resumes the encrypted communications session over the network session with the other server. The other server is configured to receive encrypted communications from the client and forward them to the appropriate server.

An unmanned vehicle communicates with other unmanned vehicles. When the unmanned vehicle receives a message from another unmanned vehicle, the unmanned vehicle verifies authenticity of the message. For at least some types of messages, if determined that the message is authentic, the unmanned vehicle updates a set of operations the unmanned vehicle will perform in accordance with information in the message.

Cipher suites and/or other parameters for cryptographic protection of communications are dynamically selected to more closely match the intended uses of the sessions. A server selects and/or determines, for a cryptographically protected communications session, a plurality of supported cipher suites that may be used for communications with the server over an established protected communications session. A selected cipher suites may be a cipher suite that are selected from a plurality of… Show more

Cipher suites and/or other parameters for cryptographic protection of communications are dynamically selected to more closely match the intended uses of the sessions. A server selects and/or determines, for a cryptographically protected communications session, a plurality of supported cipher suites that may be used for communications with the server over an established protected communications session. A selected cipher suites may be a cipher suite that are selected from a plurality of acceptable cipher suites provided to the server, either implicitly or explicitly. The selection of a cipher suite may further require that the cipher suite be mutually acceptable to the server and one or more parties participating in the cryptographically protected communications session such as a client. Show less

Two unmanned vehicles come within communication range of one another. The unmanned vehicles exchange logs of messages each has received. Each of the unmanned vehicles analyzes the messages that it received from the other unmanned vehicle to determine whether any of the received messages warrants changing a set of tasks it was planning to perform. When a message indicates that a task should be changed, the task is updated accordingly.

Disclosed are various embodiments for facilitating the anonymization of unique entity information. A service may send anonymized responses to requests for data from multiple requestors, the data being associated with entity identifiers. The anonymized responses may comprise the data requested in association with anonymous entity identifiers as opposed to the entity identifiers.

A manufacturer of computing equipment may generate a signature for computing equipment by measuring various attributes of the computing equipment, such as the impedance across circuits included in the computing equipment. Verification equipment may be provided to a recipient of the computing equipment. The verification equipment may be configured to generate a signature of the computing equipment over a physical connection between the verification equipment and the computing equipment. A… Show more

A manufacturer of computing equipment may generate a signature for computing equipment by measuring various attributes of the computing equipment, such as the impedance across circuits included in the computing equipment. Verification equipment may be provided to a recipient of the computing equipment. The verification equipment may be configured to generate a signature of the computing equipment over a physical connection between the verification equipment and the computing equipment. A determination may be made whether the computing equipment has been tamper with based at least in part on the signature generated by the manufacturer and the signature generated by the recipient. Show less

Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request… Show more

Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor. Show less

A method for permissions based communication in an example includes receiving an electronic communication from a sender to a recipient at a domain server. The electronic communication may include a permission request for permission to send subsequent electronic communications to the recipient. The electronic communication may be analyzed at the domain server to determine whether to deliver the subsequent electronic communications from the sender to the recipient.

Disclosed are various embodiments for providing multi-factor authentication credentials. For example, a first application may send an authentication request to a first authentication service, where the request specifies a first authentication factor. A second application may generate a user interface upon a display, where the user interface facilitates entry of a user approval. In response to receiving the user approval, the second application may send a second authentication factor to a second… Show more

Disclosed are various embodiments for providing multi-factor authentication credentials. For example, a first application may send an authentication request to a first authentication service, where the request specifies a first authentication factor. A second application may generate a user interface upon a display, where the user interface facilitates entry of a user approval. In response to receiving the user approval, the second application may send a second authentication factor to a second authentication service that acts as a proxy for the first authentication service. In some embodiments, an application may be configured to automatically transfer a one-time password or other authentication factor to a recipient in response to receiving a user approval. Show less

A system and method for generating a signature for a document using an identity verification token. The identity verification token receives a request that includes a set of credential data from a signatory, obtains a document identifier that identifies the document to a service provider, and obtains a token identifier that identifies the identity verification token to the service provider. The identity verification token generates the signature based at least in part on the obtained document… Show more

A system and method for generating a signature for a document using an identity verification token. The identity verification token receives a request that includes a set of credential data from a signatory, obtains a document identifier that identifies the document to a service provider, and obtains a token identifier that identifies the identity verification token to the service provider. The identity verification token generates the signature based at least in part on the obtained document identifier, the received set of credential data, and obtained the token identifier, and provides the signature. Show less

This disclosure is directed to techniques, systems, and apparatuses to provide electronic concierge services and information to one of more users, as well as perform other operations related to planning one or more activities. Concierge services may include providing information about activities, recommending activities, arranging travel, and other related tasks. The electronic concierge may access and use personal information about the user (or group of users) to determine the activities that… Show more

This disclosure is directed to techniques, systems, and apparatuses to provide electronic concierge services and information to one of more users, as well as perform other operations related to planning one or more activities. Concierge services may include providing information about activities, recommending activities, arranging travel, and other related tasks. The electronic concierge may access and use personal information about the user (or group of users) to determine the activities that may be of interest to the user, and possibly to a group of users. The personal information may include transaction history, user settings, past user activity, social network information, and/or other types of information. The electronic concierge may receive other inputs such as a time period to undertake activities, a number of participants, an identity of the participants, and so forth. In some embodiments, the electronic concierge may arrange transportation, purchase tickets, make reservations, and/or provide other assistance. Show less

Techniques for marking or flagging an account as potentially being compromised may be provided. Information about the popularity of passwords associated with a plurality of accounts may be maintained. In an example, an account may be marked as potentially being compromised based at least in part on the information about the popularity of passwords and a password included in a request to change the password associated with the account. A notification indicating that an account has been marked as… Show more

Techniques for marking or flagging an account as potentially being compromised may be provided. Information about the popularity of passwords associated with a plurality of accounts may be maintained. In an example, an account may be marked as potentially being compromised based at least in part on the information about the popularity of passwords and a password included in a request to change the password associated with the account. A notification indicating that an account has been marked as potentially compromised may be generated. Show less

Techniques for providing secure erase of data stored on a storage device may be provided. For example, a storage device comprising a first layer of firmware that is configured to receive access requests for data stored on a storage device may be in communication with a second layer of firmware. The second layer of firmware may be configured to receive, from the first layer of firmware, a request to erase a portion of the data stored on the storage device and verify the first layer of firmware… Show more

Techniques for providing secure erase of data stored on a storage device may be provided. For example, a storage device comprising a first layer of firmware that is configured to receive access requests for data stored on a storage device may be in communication with a second layer of firmware. The second layer of firmware may be configured to receive, from the first layer of firmware, a request to erase a portion of the data stored on the storage device and verify the first layer of firmware before processing the erase request. In an embodiment, upon verifying the first layer of firmware, the second layer of firmware may block subsequent read requests for one or more physical blocks of the storage device that correspond to the portion of the data indicated in the erase request. Show less

Techniques for maintaining and updating authentication information for a plurality of accounts may be provided. In an example a first set of authentication information for the plurality of accounts may be maintained. A second set of authentication information that has been marked as potentially compromised may be received. A third set of authentication information may be generated based on the overlap between the first set of authentication information and the second set of authentication… Show more

Techniques for maintaining and updating authentication information for a plurality of accounts may be provided. In an example a first set of authentication information for the plurality of accounts may be maintained. A second set of authentication information that has been marked as potentially compromised may be received. A third set of authentication information may be generated based on the overlap between the first set of authentication information and the second set of authentication information. The first set of authentication information may be updated based at least in part on one or more security authentication protocols and the third set of authentication information. Show less

A digital content provider is configured to identify, based at least in part on various customer user profiles, digital content that is to be pre-loaded onto one or more customer computing devices in advance of the digital content being available for at least one mode of consumption by the one or more computing devices. The digital content provider may use these user profiles, as well as other external information, to identify one or more customers that are to receive the digital content… Show more

A digital content provider is configured to identify, based at least in part on various customer user profiles, digital content that is to be pre-loaded onto one or more customer computing devices in advance of the digital content being available for at least one mode of consumption by the one or more computing devices. The digital content provider may use these user profiles, as well as other external information, to identify one or more customers that are to receive the digital content. Subsequently, the digital content provider may download the digital content onto each identified customer's one or more computing devices in advance of the at least one mode of consumption becoming available to the customers. Once the mode of consumption is made available, the digital content provider may enable the use of the pre-loaded digital content. Show less

Methods and systems are provided for managing access to a client account related (CAR) resource. When a privilege-constrained (PC) application requests access to an individual client account, a single use authorization (SUA) code is created that is associated with the individual client account. The SUA code is routed to, and returned from, the privilege-constrained (PC) application to authenticate the PC application. The PC application, once authenticated, receives a permitted action token that… Show more

Methods and systems are provided for managing access to a client account related (CAR) resource. When a privilege-constrained (PC) application requests access to an individual client account, a single use authorization (SUA) code is created that is associated with the individual client account. The SUA code is routed to, and returned from, the privilege-constrained (PC) application to authenticate the PC application. The PC application, once authenticated, receives a permitted action token that identifies a limited set of privileges that the PC application is authorized to perform in connection with the CAR resource. The PC application provides the permitted action token to an access service. The access service limits access, by the PC application, to the CAR resource based on the permitted action token. Show less

An access control application for mobile devices is provided. The access control application may be configured to generate a set of security tasks based at least in part on information corresponding to a user's interactions with the mobile device. An unlock screen of the mobile device may be triggered and a security tasks from the generated set of security tasks may be displayed through a user interface of the mobile device. The user's response to the security tasks may be obtained and a… Show more

An access control application for mobile devices is provided. The access control application may be configured to generate a set of security tasks based at least in part on information corresponding to a user's interactions with the mobile device. An unlock screen of the mobile device may be triggered and a security tasks from the generated set of security tasks may be displayed through a user interface of the mobile device. The user's response to the security tasks may be obtained and a confidence score may be calculated, based at least in part on the response. The access control application may then determine, based at least in part on the score and one or more attributes of the environment, whether to unlock the mobile device or prompt the user to provide an additional response to another security task. Show less

A technology is described for making a decision based on identifying without disclosing the identifying information. The method may include receiving a mapping value that represents identifying information that has been converted into a mapping value. A request for data associated with the identifying information may be made by providing the mapping value as a proxy for the identifying information whereby the data associated with the identifying information may be located using the mapping… Show more

A technology is described for making a decision based on identifying without disclosing the identifying information. The method may include receiving a mapping value that represents identifying information that has been converted into a mapping value. A request for data associated with the identifying information may be made by providing the mapping value as a proxy for the identifying information whereby the data associated with the identifying information may be located using the mapping value and returned to a requesting client or service. Show less

Disclosed are various embodiments for a computing device with an integrated authentication token. The computing device includes first circuitry having a processor and a memory and providing general-purpose computing capability. The computing device also includes second circuitry configured to generate a one-time password. The first circuitry is incapable of determining the one-time password due to a separation from the second circuitry, and the first and second circuitry may be in a single… Show more

Disclosed are various embodiments for a computing device with an integrated authentication token. The computing device includes first circuitry having a processor and a memory and providing general-purpose computing capability. The computing device also includes second circuitry configured to generate a one-time password. The first circuitry is incapable of determining the one-time password due to a separation from the second circuitry, and the first and second circuitry may be in a single enclosure. Show less

Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.

Features are disclosed for facilitating remote management of browser add-ons on multiple user computing devices from a centralized add-on management system. A browser application on the user computing devices may include an integrated application programming interface that can be remotely accessed by the add-on management system. In some embodiments, a management add-on or some other object that is separate from or otherwise not integrated with the browsing application may be used to facilitate… Show more

Features are disclosed for facilitating remote management of browser add-ons on multiple user computing devices from a centralized add-on management system. A browser application on the user computing devices may include an integrated application programming interface that can be remotely accessed by the add-on management system. In some embodiments, a management add-on or some other object that is separate from or otherwise not integrated with the browsing application may be used to facilitate the remote management of add-ons. Management of add-ons may include permitting and/or blocking installation and/or execution of particular add-ons on a case-by-case basis. The determination may be based on user permissions, add-on characteristics, observed execution of add-ons, and the like. Show less

Devices such as vehicles, remote sensors, and so forth consume energy during operation. Described herein are systems, devices, and methods for transferring energy from an uncrewed autonomous vehicle to a vehicle such as a car. The uncrewed autonomous vehicle may locate the vehicle at a rendezvous location, and connect with the vehicle while the vehicle moves. Once the uncrewed autonomous vehicle connects to the vehicle, the uncrewed autonomous vehicle may transfer the energy to the vehicle.

Disclosed are various embodiments for managing security credentials. In one embodiment, a request for a security credential is obtained from a client and is stored in association with a user account. Knowledge-based questions are provided to the client in response to the request. At least one of the knowledge-based questions is dynamically generated based at least in part on data associated with the user account. Answers to the knowledge-based questions are obtained from the client. The… Show more

Disclosed are various embodiments for managing security credentials. In one embodiment, a request for a security credential is obtained from a client and is stored in association with a user account. Knowledge-based questions are provided to the client in response to the request. At least one of the knowledge-based questions is dynamically generated based at least in part on data associated with the user account. Answers to the knowledge-based questions are obtained from the client. The security credential is provided to the client based at least in part on the answers Show less

Disclosed are various embodiments for replicating authentication data between computing devices. A computing device monitors a first certificate store located on a first client device for a change in a first state of the first certificate store. The computing device updates a record of the first state of the first certificate store with the change in the first state of the first certificate store, wherein the record is stored in a memory of the computing device. The computing device then… Show more

Disclosed are various embodiments for replicating authentication data between computing devices. A computing device monitors a first certificate store located on a first client device for a change in a first state of the first certificate store. The computing device updates a record of the first state of the first certificate store with the change in the first state of the first certificate store, wherein the record is stored in a memory of the computing device. The computing device then determines that the first state of the first certificate store differs from a second state of a second certificate store located on a second client device. Finally, the computing device sends an update to the second client device, wherein the update comprises a change set representing a difference between the updated record and the second certificate store. Show less

Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the devices. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. Additional security information regarding the… Show more

Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the devices. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. Additional security information regarding the trustworthiness of the computer program may be displayed on the primary display device of the computing device. The display of the security information is triggered by a user of the computing device submitting a request through a secure mechanism, where the request is unobservable and inaccessible to programs executing on the computing device. Additional secure mechanisms, such as a unique user interface for displaying the security information, can be utilized to ensure the authenticity of the displayed security information. Show less

A variety of different mobile computing devices, such as a laptop, tablet or smartphone, may be used in a mixed set of computing environments. At least some of the computing environments may be hostile computing environments where users of the mobile computing devices may be exposed to unknown risks. Furthermore, the mobile computing devices may be unable to determine if a network in a particular computing environment is in fact the network the mobile device determines it to be. A beacon device… Show more

A variety of different mobile computing devices, such as a laptop, tablet or smartphone, may be used in a mixed set of computing environments. At least some of the computing environments may be hostile computing environments where users of the mobile computing devices may be exposed to unknown risks. Furthermore, the mobile computing devices may be unable to determine if a network in a particular computing environment is in fact the network the mobile device determines it to be. A beacon device may be attached to a network and provide mutual authentication for mobile devices in the computing environment. The beacon device may provide a credential store for user device in the computing environment. Furthermore, the beacon device may provide a trusted third-party enabling access to restricted computing resources with requiring users to share their credentials. Show less

An unmanned vehicle determines how to perform a task based at least in part on a message received from another unmanned vehicle. At a later time, the unmanned vehicle detects that the other unmanned vehicle has become untrusted. The unmanned vehicle recalculates how to perform the task such that the recalculation is independent of any messages from the other unmanned vehicle. The unmanned vehicle may also transmit messages to other unmanned vehicles to provide notification of untrustworthiness… Show more

An unmanned vehicle determines how to perform a task based at least in part on a message received from another unmanned vehicle. At a later time, the unmanned vehicle detects that the other unmanned vehicle has become untrusted. The unmanned vehicle recalculates how to perform the task such that the recalculation is independent of any messages from the other unmanned vehicle. The unmanned vehicle may also transmit messages to other unmanned vehicles to provide notification of untrustworthiness of the other unmanned vehicle. Show less

Application developers may develop applications or portions of application that do not have a corresponding user interface. Testing non-user interface elements of an application may require application developers to develop corresponding user interface elements for all or a portion of the executable code included in the application. Developers may test non-user interface elements of an application or library by wrapping the executable code in a sample application managed by a test harness. The… Show more

Application developers may develop applications or portions of application that do not have a corresponding user interface. Testing non-user interface elements of an application may require application developers to develop corresponding user interface elements for all or a portion of the executable code included in the application. Developers may test non-user interface elements of an application or library by wrapping the executable code in a sample application managed by a test harness. The test harness may transmit test operations configured to test the non-user interface elements of the application to the sample application over an inter-process communication channel. The sample application may execute the test and return the results of the test to the test harness using inter-process communication methods. Show less

Disclosed are various embodiments that facilitate bootstrap authentication of a second application by way of a user confirmation via a first application, where the first application is authenticated using trusted credentials. A security credential for a user account is received from a user. A first application is authenticated with an authentication service using the security credential. One or more user actions are received by the first application. The user actions constitute a confirmation… Show more

Disclosed are various embodiments that facilitate bootstrap authentication of a second application by way of a user confirmation via a first application, where the first application is authenticated using trusted credentials. A security credential for a user account is received from a user. A first application is authenticated with an authentication service using the security credential. One or more user actions are received by the first application. The user actions constitute a confirmation of a bootstrap authentication request submitted by a second application. Data encoding the user actions is sent to the authentication service.
Show less

Disclosed are various embodiments of techniques that may be used to improve the reliability of network authentication. A communication session is established between a server computing device and a client computing device. The communication session is established via a network using a credential for a network site. A verifier for the credential is generated, which may be used to confirm the authenticity of the credential. The verifier is provided to the client computing device via the network.

Disclosed are various embodiments for active data, such as active decoy data. The active decoy data includes instructions that, when executed by a particular device, cause the particular computing device to determine whether the particular computing device is a target computing device. The particular computing device initiates a predefined action in response to determining that the particular computing device is not the target computing device. The approaches described herein may also be useful… Show more

Disclosed are various embodiments for active data, such as active decoy data. The active decoy data includes instructions that, when executed by a particular device, cause the particular computing device to determine whether the particular computing device is a target computing device. The particular computing device initiates a predefined action in response to determining that the particular computing device is not the target computing device. The approaches described herein may also be useful in wrapping and distributing digital content. Show less

An unmanned vehicle receives a message from another unmanned vehicle. The recipient unmanned vehicle uses information included with the message to determine whether a quorum of other unmanned vehicles have vetted information in the message. If a quorum of unmanned vehicles have vetted the message, the unmanned vehicle uses the information in the message to determine how to perform one or more operations.

A system and method of verifying a registered contact path associated with a user account is provided. The disclosed techniques utilize a message sent via the registered contact path, wherein the message contains, among other content, a link. The link is instrumented to identify the registered contact path when activated, e.g., by the recipient or otherwise, allowing a determination as to whether the registered contact path is active. User login data for the user account received subsequently… Show more

A system and method of verifying a registered contact path associated with a user account is provided. The disclosed techniques utilize a message sent via the registered contact path, wherein the message contains, among other content, a link. The link is instrumented to identify the registered contact path when activated, e.g., by the recipient or otherwise, allowing a determination as to whether the registered contact path is active. User login data for the user account received subsequently includes a login contact path, and the registered contact path may be further flagged as verified if it is determined that the login contact path and the registered contact path are the same. Show less

Authentication objects are usable to generate other authentication objects. A user associated with a first authentication object has access to a system. The first authentication object is usable to generate a second authentication object that is usable by a second user for access to the system in accordance with access granted to the second user via the second authentication object. The second authentication object may have various restrictions so that the second user does not obtain all access… Show more

Authentication objects are usable to generate other authentication objects. A user associated with a first authentication object has access to a system. The first authentication object is usable to generate a second authentication object that is usable by a second user for access to the system in accordance with access granted to the second user via the second authentication object. The second authentication object may have various restrictions so that the second user does not obtain all access available to the first user. Show less

A customer submits a request for assistance to a customer service. Accordingly, the customer service may access a customer database to obtain one or more customer preferences that can be used to select a service representative. If the customer database does not include these preferences, the customer service may utilize one or more customer attributes to calculate these one or more customer preferences. Subsequently, the customer service may access a service representative database and select a… Show more

A customer submits a request for assistance to a customer service. Accordingly, the customer service may access a customer database to obtain one or more customer preferences that can be used to select a service representative. If the customer database does not include these preferences, the customer service may utilize one or more customer attributes to calculate these one or more customer preferences. Subsequently, the customer service may access a service representative database and select a service representative based at least in part on the one or more customer preferences. The customer service may transmit the request to the selected service representative to enable the service representative to assist the customer. Show less

Distributed split browser content inspection and analysis are described. A server, comprising a browser engine, stores a definition of sets of browser policies. A definition of one or more sets of users is stored. The server stores an association with a respective set of browser policies for the one or more sets of users. A request is received from a client browser associated with a user, wherein the client browser is configured to communicate with the server browser engine. The server… Show more

Distributed split browser content inspection and analysis are described. A server, comprising a browser engine, stores a definition of sets of browser policies. A definition of one or more sets of users is stored. The server stores an association with a respective set of browser policies for the one or more sets of users. A request is received from a client browser associated with a user, wherein the client browser is configured to communicate with the server browser engine. The server determines which set of users the user is associated with. The server identifies a first set of browser policies that is associated with the determined set of users and applies the identified first set of browser policies to the request. A determination is made, for one or more browser processes, which browser processes are to be executed by the server browser engine and which browser processes are to be executed by the client browser. Show less

A secure inter-process communication channel is provided to enable application to share data objects. An application may provide an export file type definition indicating data objects that may be shared with another application. Sharing data object between application may include obtaining the export file type definition from the application and displaying a graphical user interface based at least in part on the export file type definition. Data objects may be selected through the graphical… Show more

A secure inter-process communication channel is provided to enable application to share data objects. An application may provide an export file type definition indicating data objects that may be shared with another application. Sharing data object between application may include obtaining the export file type definition from the application and displaying a graphical user interface based at least in part on the export file type definition. Data objects may be selected through the graphical user interface and provided to another application based at least in part on the selection. Show less

Disclosed are various embodiments for creating and manipulating chained entity identifiers that include multiple use case-specific entity identifiers. Each of the use case-specific entity identifiers may identify a single entity but may differ, as they are use case-specific. Further, each of the use case-specific entity identifiers may be encrypted and/or signed using different use case-specific keys. The use case-specific entity identifiers may be nested or appended within a chained entity… Show more

Disclosed are various embodiments for creating and manipulating chained entity identifiers that include multiple use case-specific entity identifiers. Each of the use case-specific entity identifiers may identify a single entity but may differ, as they are use case-specific. Further, each of the use case-specific entity identifiers may be encrypted and/or signed using different use case-specific keys. The use case-specific entity identifiers may be nested or appended within a chained entity identifier. Show less

A method of using a hardware security module and an adjunct application programming interface to harden tokenization security and encryption key rotation is disclosed. In various embodiments, the method comprises receiving encrypted data at a processor of a computer system, decrypting the encrypted data to cleartext in the processor, and issuing a unique token associated with the data.

A mechanism is provided for representing information, such as binary sequence, in a manner that is easier to read and less likely to generate errors when interacted with by human. A dictionary is seeded with two or more set of words, the words being selected from distinct categories. Symbols may be created by combining words from the distinct categories. A mapping of symbols to corresponding values may then be generated. The generated mapping may be used to translate bit values to symbols and… Show more

A mechanism is provided for representing information, such as binary sequence, in a manner that is easier to read and less likely to generate errors when interacted with by human. A dictionary is seeded with two or more set of words, the words being selected from distinct categories. Symbols may be created by combining words from the distinct categories. A mapping of symbols to corresponding values may then be generated. The generated mapping may be used to translate bit values to symbols and symbols to bit values. Show less

Disclosed are various embodiments for provisioning account credentials via a trusted channel. An identification of an account is received. A security credential reset corresponding to the account is requested. The account is linked to a trusted channel of communication for reset purposes. A security credential communication corresponding to the account is received via the trusted channel of communication. The security credential communication may be parsed to obtain a token.

Disclosed are various embodiments for management of third-party accounts for users in an organization. Network traffic between a client and a third-party network site under management is inspected. The client is associated with a user in an organization. It is determined whether the network traffic corresponds to a managed account with the third-party network site. It is determined whether the network traffic complies with a rule established by the organization. An action is implemented in… Show more

Disclosed are various embodiments for management of third-party accounts for users in an organization. Network traffic between a client and a third-party network site under management is inspected. The client is associated with a user in an organization. It is determined whether the network traffic corresponds to a managed account with the third-party network site. It is determined whether the network traffic complies with a rule established by the organization. An action is implemented in response to determining that the network traffic does not comply with the rule. Show less

Disclosed are various embodiments relating to bootstrapping user authentication. A first application is authenticated based at least in part on a first security credential received via the first application in a first authentication request. A second security credential is generated. The second security credential is sent to the first application that is authenticated. The second application is authenticated based at least in part on the second security credential being received via the second… Show more

Disclosed are various embodiments relating to bootstrapping user authentication. A first application is authenticated based at least in part on a first security credential received via the first application in a first authentication request. A second security credential is generated. The second security credential is sent to the first application that is authenticated. The second application is authenticated based at least in part on the second security credential being received via the second application. Show less

Disclosed are various embodiments for performing security verifications for dynamic applications. An instance of an application is executed. During runtime, it is determined whether the application is accessing dynamically loaded code from a network site. In one embodiment, the access may be detected via the use of a particular application programming interface (API). In another embodiment, the access may be detected via the loading of downloaded data into an executable portion of memory. A… Show more

Disclosed are various embodiments for performing security verifications for dynamic applications. An instance of an application is executed. During runtime, it is determined whether the application is accessing dynamically loaded code from a network site. In one embodiment, the access may be detected via the use of a particular application programming interface (API). In another embodiment, the access may be detected via the loading of downloaded data into an executable portion of memory. A security evaluation is performed on the dynamically loaded code, and an action is initiated responsive to the security evaluation. Show less

Methods and systems for protecting websites from cross-site scripting are disclosed. A request for a web page comprising a web page element is received from a client. It is determined if the web page comprises a data integrity token for the web page element. It is also determined if a value of the data integrity token matches an expected value. If the web page comprises the data integrity token and if the value matches the expected value, the web page comprising the web page element is sent to… Show more

Methods and systems for protecting websites from cross-site scripting are disclosed. A request for a web page comprising a web page element is received from a client. It is determined if the web page comprises a data integrity token for the web page element. It is also determined if a value of the data integrity token matches an expected value. If the web page comprises the data integrity token and if the value matches the expected value, the web page comprising the web page element is sent to the client. If the web page does not comprise the data integrity token or if the value does not match the expected value, a protective operation is performed. Show less

The states or configurations of peer hosts within a host class may be analyzed and enforced by comparing records of the respective systems' states or configurations to one another and taking steps to address any inconsistencies between the records. In such a manner, the respective systems within the host class may identify, analyze and/or correct any changes in states or configurations of any of the systems, which may have been caused by a malfunction or security breach. The configurations may… Show more

The states or configurations of peer hosts within a host class may be analyzed and enforced by comparing records of the respective systems' states or configurations to one another and taking steps to address any inconsistencies between the records. In such a manner, the respective systems within the host class may identify, analyze and/or correct any changes in states or configurations of any of the systems, which may have been caused by a malfunction or security breach. The configurations may include one or more of a set of data, a version of a software application, a level of permission, a particular operational setting or any other element of operation. The hosts may be defined as peers based on a common location or a common function of each of the systems, or on any other basis, and the records may include any relevant data relating to the states or configurations of each of the systems. Show less

Disclosed are various embodiments for malware detection by way of proxy servers. In one embodiment, a proxy server application generates a browsing history for client devices based at least in part on proxied network resource requests received from the client devices. The proxy server application determines that at least one of the client devices is affected by malware. The proxy server application determines a source of the malware based at least in part on the browsing history or telemetry… Show more

Disclosed are various embodiments for malware detection by way of proxy servers. In one embodiment, a proxy server application generates a browsing history for client devices based at least in part on proxied network resource requests received from the client devices. The proxy server application determines that at least one of the client devices is affected by malware. The proxy server application determines a source of the malware based at least in part on the browsing history or telemetry data received from the client devices. An action is implemented in response to determining the source of the malware. Show less

Uncrewed autonomous vehicles (“UAVs”) may navigate from one location to another location. Described herein are systems, devices, and methods providing countermeasures for threats that may compromise the UAVs. A plurality of UAVs may establish a mesh network to distribute information to one another. A first UAV may receive external data from a second UAV using the mesh network. The external data may be used to confirm or cross-check data such as location, heading, altitude, and so forth… Show more

Uncrewed autonomous vehicles (“UAVs”) may navigate from one location to another location. Described herein are systems, devices, and methods providing countermeasures for threats that may compromise the UAVs. A plurality of UAVs may establish a mesh network to distribute information to one another. A first UAV may receive external data from a second UAV using the mesh network. The external data may be used to confirm or cross-check data such as location, heading, altitude, and so forth. Disagreement between data generated by the first UAV with external data from the second UAV may result in the determination that the first UAV is compromised. Remedial actions may be taken, such as the first UAV may be directed to a safe location to land or park, may receive commands from another UAV, and so forth. Show less

Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request… Show more

Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor. Show less

An access control application for mobile devices is provided. The access control application may be configured to generate a set of security tasks based at least in part on information corresponding to a user's interactions with the mobile device. An unlock screen of the mobile device may be triggered and a security tasks from the generated set of security tasks may be displayed through a user interface of the mobile device. The user's response to the security tasks may be obtained and a… Show more

An access control application for mobile devices is provided. The access control application may be configured to generate a set of security tasks based at least in part on information corresponding to a user's interactions with the mobile device. An unlock screen of the mobile device may be triggered and a security tasks from the generated set of security tasks may be displayed through a user interface of the mobile device. The user's response to the security tasks may be obtained and a confidence score may be calculated, based at least in part on the response. The access control application may then determine, based at least in part on the score and one or more attributes of the environment, whether to unlock the mobile device or prompt the user to provide an additional response to another security task. Show less

An accessory device or rechargeable energy pack includes a rechargeable battery or other energy storage that is rechargeable by way of an external source. Energy stored within the accessory device may be used recharge one or more other load devices, such as portable computers, smart phones, or other apparatus. The accessory device may be configured to estimate operating times for such various load devices based on their own respective, stored energy levels, and to communicate those estimates to… Show more

An accessory device or rechargeable energy pack includes a rechargeable battery or other energy storage that is rechargeable by way of an external source. Energy stored within the accessory device may be used recharge one or more other load devices, such as portable computers, smart phones, or other apparatus. The accessory device may be configured to estimate operating times for such various load devices based on their own respective, stored energy levels, and to communicate those estimates to the load devices or other entities. The accessory device may control an amount of energy delivered to a load device based on estimated energy consumption for a future period of time. Operating times for respective load devices may be increased or managed by way of operations and resources of the accessory device. Show less

Techniques are described for using a credential, such as a user identifier associated with an account on a first service, to create a reusable account on a second service. The account may be initially activated based on the receipt of a passcode sent to the account on the first service. The account may be created with access to a subset of features on the second service. On receiving a password for the account, the account may be modified to access a broader feature set. The account may be… Show more

Techniques are described for using a credential, such as a user identifier associated with an account on a first service, to create a reusable account on a second service. The account may be initially activated based on the receipt of a passcode sent to the account on the first service. The account may be created with access to a subset of features on the second service. On receiving a password for the account, the account may be modified to access a broader feature set. The account may be reusable via a cookie or other token placed on a user device, and reusability may be disabled on detecting possible security risk conditions associated with the user identifier. Show less

Disclosed are various embodiments that perform confidence-based authentication of a user. An identification of a user account is obtained from a user, and a minimum confidence threshold is determined. Multiple authentication challenges are presented to the user. Responses are obtained from the user to a subset of the challenges, with each response having a corresponding authentication point value. A confidence score is generated for the user, where the confidence score is increased by the… Show more

Disclosed are various embodiments that perform confidence-based authentication of a user. An identification of a user account is obtained from a user, and a minimum confidence threshold is determined. Multiple authentication challenges are presented to the user. Responses are obtained from the user to a subset of the challenges, with each response having a corresponding authentication point value. A confidence score is generated for the user, where the confidence score is increased by the respective authentication point values of the correct responses. The user is authenticated as being associated with the user account in response to determining that the confidence score meets the minimum confidence threshold. Show less

Disclosed are various embodiments for a computing device with an integrated authentication token. The computing device includes first circuitry having a processor and a memory and providing general-purpose computing capability. The computing device also includes second circuitry configured to generate a one-time password. The first circuitry is incapable of determining the one-time password due to a hardware, communicative, and/or electrical separation, and the first and second circuitry are in… Show more

Disclosed are various embodiments for a computing device with an integrated authentication token. The computing device includes first circuitry having a processor and a memory and providing general-purpose computing capability. The computing device also includes second circuitry configured to generate a one-time password. The first circuitry is incapable of determining the one-time password due to a hardware, communicative, and/or electrical separation, and the first and second circuitry are in a single enclosure. Show less

A computing device monitors the energy level of a rechargeable battery, from which the device draws operating power. Historic usage data is used to estimate the time remaining in a present operating period, such as a workday, as well as to estimate the battery level required to provide power during that period of time. A user is then presented with information regarding the status of the battery, as well as charging time and required battery level estimates. Information regarding charging… Show more

A computing device monitors the energy level of a rechargeable battery, from which the device draws operating power. Historic usage data is used to estimate the time remaining in a present operating period, such as a workday, as well as to estimate the battery level required to provide power during that period of time. A user is then presented with information regarding the status of the battery, as well as charging time and required battery level estimates. Information regarding charging stations within publically or otherwise user-accessible venues near to the present location of the computing device is accessed and presented to the user. Reservations may be made for a charging port within a selected venue, an order may be placed for goods or services available at that venue, or other actions may be performed. Show less

Described in this disclosure is an input transformative device having an input side and an output side. The input transformative device may be configured to transfer a touch input at an input location on the input side to one or more output locations on the output side. The output side of the input transformative device may be positioned proximate to a touch sensor of a user device. The touch sensor may then detect the touch input of the user as occurring at the one or more output locations… Show more

Described in this disclosure is an input transformative device having an input side and an output side. The input transformative device may be configured to transfer a touch input at an input location on the input side to one or more output locations on the output side. The output side of the input transformative device may be positioned proximate to a touch sensor of a user device. The touch sensor may then detect the touch input of the user as occurring at the one or more output locations, rather than the input location. Interconnection between the input side and the output side may be predetermined and used to secure user input to the touch sensor. The interconnection pattern of inputs to outputs of the input transformative device may be fixed or reconfigurable. In some implementations, input using the input transformative device may be used to authenticate the user. Show less

Disclosed are various embodiments for automated detection of multi-user computing devices such as kiosks, public terminals, and so on. Network resource requests are obtained from a client computing device. It is determined whether the client computing device is a multi-user system based at least in part on whether the network resource requests embody characteristics associated with multi-user systems. The resulting classification is stored and may be used to customize generation of requested… Show more

Disclosed are various embodiments for automated detection of multi-user computing devices such as kiosks, public terminals, and so on. Network resource requests are obtained from a client computing device. It is determined whether the client computing device is a multi-user system based at least in part on whether the network resource requests embody characteristics associated with multi-user systems. The resulting classification is stored and may be used to customize generation of requested network resources. Show less

Automated provisioning of hosts on a network with reasonable levels of security is described in this application. A certificate management service (CMS) on a host, one or more trusted agents, and a public key infrastructure are utilized in a secure framework to establish host identity. Once host identity is established, signed encryption certificates may be exchanged and secure communication may take place.

Disclosed are various embodiments that facilitate bootstrapping authentication of a user at a first device using a second device. The second device is authenticated for access to a user account via a first security credential. A second security credential is received by the second device. The second security credential is then sent to the first device. Subsequently, the second security credential is received from the first device, and the first device is authenticated for access to the user… Show more

Disclosed are various embodiments that facilitate bootstrapping authentication of a user at a first device using a second device. The second device is authenticated for access to a user account via a first security credential. A second security credential is received by the second device. The second security credential is then sent to the first device. Subsequently, the second security credential is received from the first device, and the first device is authenticated for access to the user account. Show less

Disclosed are various embodiments for an authentication manager. The authentication manager performs a certificate validation for a network site. If the certificate validation is successful, the authentication manager automatically provides a security credential to the network site.

Disclosed are various embodiments for identifying a table of non-decoy data matching a set of criteria. Decoy data is inserted into the table of non-decoy data. The decoy data is detected in a result comprising the decoy data, the result generated in response to an access of the data store. An alarm is generated based at least upon the result.

Disclosed are various embodiments for centrally managed use case-specific entity identifiers. An identifier translation service receives an identifier translation request from a requesting service. The request specifies a first use case-specific entity identifier, which is specific to a first use case. An actual entity identifier is obtained by decrypting the first use case-specific entity identifier. A second use case-specific entity identifier is generated based at least in part on encrypting… Show more

Disclosed are various embodiments for centrally managed use case-specific entity identifiers. An identifier translation service receives an identifier translation request from a requesting service. The request specifies a first use case-specific entity identifier, which is specific to a first use case. An actual entity identifier is obtained by decrypting the first use case-specific entity identifier. A second use case-specific entity identifier is generated based at least in part on encrypting the actual entity identifier. The second use case-specific entity identifier is sent to the requesting service in response to the identifier translation request. Show less

This patent relates to increasing customer privacy by anonymizing customer identifiers when transmitting data between services. Before this invention, services provided data using customer identifiers (e.g., ID_1). However, use of customer identifiers may allow services to correlate and aggregate customer data, potentially compromising customer privacy. For example, if a content server sends data to one service using ID_1 and data to a different service using ID_1, the two services can… Show more

This patent relates to increasing customer privacy by anonymizing customer identifiers when transmitting data between services. Before this invention, services provided data using customer identifiers (e.g., ID_1). However, use of customer identifiers may allow services to correlate and aggregate customer data, potentially compromising customer privacy. For example, if a content server sends data to one service using ID_1 and data to a different service using ID_1, the two services can correlate the customer identifier(based on ID_1) and aggregate private data about the customer (e.g., their purchase history). This invention solves this problem by using different anonymized customer identifiers for different services. For example, the content server can send data to one service using one anonymous identifier and send data to another service using a different anonymous identifier (only the content server knows that both anonymous identifiers really relate to the same customer). Since the two anonymous identifiers are different, the services cannot collaborate to aggregate the customer data. Show less

This patent relates to increasing customer security through the use of an easy-to-use two factor-based authentication mechanism. An authentication object manager application provides icons representing various service providers. The authentication object manager is used in a two-factor authentication operation, where an icon is dragged and dropped into a location on the screen of a first device in order to enable a second device to perform an operation that requires interaction with a… Show more

This patent relates to increasing customer security through the use of an easy-to-use two factor-based authentication mechanism. An authentication object manager application provides icons representing various service providers. The authentication object manager is used in a two-factor authentication operation, where an icon is dragged and dropped into a location on the screen of a first device in order to enable a second device to perform an operation that requires interaction with a corresponding service provider. Show less

This patent is related to a decentralized system for securely distributing keys for encryption/decryption. A secure key distribution server (SKDS) determines the identity of a requesting server without use of a shared secret by resolving the fully qualified domain name (FQDN) to a network address for the requesting server and comparing it with the network address of a key request. A credential string may also be used as part of the identification. Once the identity is established, keys may… Show more

This patent is related to a decentralized system for securely distributing keys for encryption/decryption. A secure key distribution server (SKDS) determines the identity of a requesting server without use of a shared secret by resolving the fully qualified domain name (FQDN) to a network address for the requesting server and comparing it with the network address of a key request. A credential string may also be used as part of the identification. Once the identity is established, keys may be securely distributed. The SKDS may also be implemented in a peer-to-peer configuration. The SKDS also includes an auto-credential-accept feature in which the first credential string that is received from the requesting server is accepted and stored on the SKDS, eliminating the need for an administrator to initialize a starting credential map. Show less

This patent relates to increasing customer security and privacy by using service-specific customer identifiers in place of actual customer identifiers within multiple services of an organization. A service translates between types of service-specific customer identifiers. The service-specific customer identifier is generated by encrypting an actual customer identifier using a service-specific key. Access to the service-specific key can be controlled by a broker service.

Disclosed are various embodiments for management of third-party accounts for users in an organization. It is determined whether a user in an organization is to be provided with managed access to a third-party network site. An account may be managed for the user with the third-party network site in response when the user is to be provided with managed access to the third-party network site. A security credential is stored for the managed account. A client computing device associated with the… Show more

Disclosed are various embodiments for management of third-party accounts for users in an organization. It is determined whether a user in an organization is to be provided with managed access to a third-party network site. An account may be managed for the user with the third-party network site in response when the user is to be provided with managed access to the third-party network site. A security credential is stored for the managed account. A client computing device associated with the user is configured to authenticate with the third-party network site using the security credential. The user may be restricted from accessing the security credential. Show less

This patent relates to increasing customer security by changing the expiration of a password based on how easy it would be to guess the password. When a customer is setting a password, the system determines the type of inputs and the symbol set associated with these inputs included in the new password. The system determines an entropy value for each of the inputs and updates the total entropy value for the password as the inputs are received. As the inputs are received, the system dynamically… Show more

This patent relates to increasing customer security by changing the expiration of a password based on how easy it would be to guess the password. When a customer is setting a password, the system determines the type of inputs and the symbol set associated with these inputs included in the new password. The system determines an entropy value for each of the inputs and updates the total entropy value for the password as the inputs are received. As the inputs are received, the system dynamically determines an expiration of the new password based on the updated total entropy value. Show less

This patent relates to increasing customer security by using social networking data to verify user identities. A user’s identity can be confirmed by comparing the overlap of the user’s current circle of friends with a previous circle of friends associated with the identity. A reputation of a member of the user’s current circle of friends can be a factor. For instance, fraudulent users may be associated with disreputable friends. Also, if a single payment instrument (e.g., credit card) has… Show more

This patent relates to increasing customer security by using social networking data to verify user identities. A user’s identity can be confirmed by comparing the overlap of the user’s current circle of friends with a previous circle of friends associated with the identity. A reputation of a member of the user’s current circle of friends can be a factor. For instance, fraudulent users may be associated with disreputable friends. Also, if a single payment instrument (e.g., credit card) has been used to pay for shipments to both a member of the previous circle of friends and a member of the current circle of friends, the identity is likely to belong to the user (since a legitimate credit card of a user is unlikely to be used in shipping to members of a fake circle of friends). Show less

This patent relates to increasing customer security by detecting man-in-the-middle attacks (e.g., where an attacker intercepts network communications between a client and a server and then pretends to be the server as seen by the client). By embedding additional trust information in the traffic following session establishment, the client is able to detect the MITM attack. In one approach, a client detects such attacks by comparing credentials currently presented by the server with credentials… Show more

This patent relates to increasing customer security by detecting man-in-the-middle attacks (e.g., where an attacker intercepts network communications between a client and a server and then pretends to be the server as seen by the client). By embedding additional trust information in the traffic following session establishment, the client is able to detect the MITM attack. In one approach, a client detects such attacks by comparing credentials currently presented by the server with credentials previously presented by the server. The server can include a marking service that covertly provides credentials or other identifiers for verification by the client. For example, a signature may be embedded in traffic from the server to the client that can be used to verify a certificate presented by the server to the client. Show less

This patent relates to increasing the security of databases in a large enterprise. Figuring out whether a request for data is legitimate is difficult because malicious and legitimate requests for data often look the same. This invention identifies malicious activity based on client awareness. The presence of decoy data (e.g., data that would never be retrieved under normal circumstances) outside of the location it was placed may indicate the client is not authorized to access the data… Show more

This patent relates to increasing the security of databases in a large enterprise. Figuring out whether a request for data is legitimate is difficult because malicious and legitimate requests for data often look the same. This invention identifies malicious activity based on client awareness. The presence of decoy data (e.g., data that would never be retrieved under normal circumstances) outside of the location it was placed may indicate the client is not authorized to access the data because they did not avoid/remove the decoy data. When a request for data is received, decoy data is added to legitimate response data, such as by modifying stored data to include decoy data or dynamically adding unstored decoy data to a response. Clients use a map to identify the locations/circumstances in which decoy data may be present, as well as signatures used to identify and remove decoy data when it cannot be avoided. Show less

A technology is described for making a decision based on identifying without disclosing the identifying information. The method may include receiving a mapping value that represents identifying information that has been converted into a mapping value. A request for data associated with the identifying information may be made by providing the mapping value as a proxy for the identifying information whereby the data associated with the identifying information may be located using the mapping… Show more

A technology is described for making a decision based on identifying without disclosing the identifying information. The method may include receiving a mapping value that represents identifying information that has been converted into a mapping value. A request for data associated with the identifying information may be made by providing the mapping value as a proxy for the identifying information whereby the data associated with the identifying information may be located using the mapping value and returned to a requesting client or service. Show less

This patent relates to a simplified application authorization process for mobile devices. Prior to this invention, a customer needed to setup credentials for applications individually. This invention simplifies the process by using a trusted communication channel (e.g., email). When the customer wants to setup credentials for a new app on their mobile device, an account configuration manager automatically requests access to accounts that are linked to the email account, e.g., for password… Show more

This patent relates to a simplified application authorization process for mobile devices. Prior to this invention, a customer needed to setup credentials for applications individually. This invention simplifies the process by using a trusted communication channel (e.g., email). When the customer wants to setup credentials for a new app on their mobile device, an account configuration manager automatically requests access to accounts that are linked to the email account, e.g., for password reset purposes. The phone then receives communications, such as password reset or change emails, for the accounts via the email account and automatically configures the apps with the credentials. For example, the phone can simply tell website.com it wants to authorize [email protected]. Website.com then sends a token to [email protected] with an annotation saying it is an authorization request. The phone receives the email, grabs the token, automatically deletes the email, and sends the token to website.com and is authorized for a certain period of time. Show less

This patent relates to increasing customer security by using a behavior-based authentication system that authenticates a customer based on the customer’s interactions with a web site matching a preconfigured sequence of interactions. The preconfigured sequence of interactions are determined by the customer and stored in association with the customer’s identity profile. For example, when an individual attempts to gain access to secure data or a secure web site, the individual’s interactions… Show more

This patent relates to increasing customer security by using a behavior-based authentication system that authenticates a customer based on the customer’s interactions with a web site matching a preconfigured sequence of interactions. The preconfigured sequence of interactions are determined by the customer and stored in association with the customer’s identity profile. For example, when an individual attempts to gain access to secure data or a secure web site, the individual’s interactions are tracked and compared to the preconfigured sequence of interactions for the customer’s identity. Based on that comparison, the system will determine a degree of confidence as to whether the current individual is actually an authorized customer. Some examples of customer interactions that are tracked include executing particular search queries, mouse movements, accessing particular web sites, accessing particular portions of a website, selecting a particular item to purchase, etc. Show less

This patent relates to increasing customer security by protecting websites from cross-site scripting exploits. Cross-site scripting (XSS) is an epidemic which hurts Amazon's reputation since it allows hackers to obtain valuable customer data which results in our customers loosing trust in us. When a web page is generated, a data integrity token with a particular checksum value is added to particular elements of the web page. The checksum value is generated based on a request for the web… Show more

This patent relates to increasing customer security by protecting websites from cross-site scripting exploits. Cross-site scripting (XSS) is an epidemic which hurts Amazon's reputation since it allows hackers to obtain valuable customer data which results in our customers loosing trust in us. When a web page is generated, a data integrity token with a particular checksum value is added to particular elements of the web page. The checksum value is generated based on a request for the web page. Before the web page is sent to a client, any web page element that lacks the data integrity token or the correct checksum is subjected to protective or remedial action. Show less

This patent relates to a risk-based login time out. Instead of having a fixed sign-in duration (e.g., 30 minutes), this patent determines the sign-in duration based on the risk to the user of performing the operation. The operations that are riskier are recorded in a blacklist. For example, risker operations, such as entering a credit card could have a time-out of 15 minutes, while less sensitive operations, such as searching order history and initiating returns, could have a time-out of 30… Show more

This patent relates to a risk-based login time out. Instead of having a fixed sign-in duration (e.g., 30 minutes), this patent determines the sign-in duration based on the risk to the user of performing the operation. The operations that are riskier are recorded in a blacklist. For example, risker operations, such as entering a credit card could have a time-out of 15 minutes, while less sensitive operations, such as searching order history and initiating returns, could have a time-out of 30 minutes. Show less

This patent relates to a service that authenticates customers over the phone. For example, Amazon may want to authenticate customers as Amazon customers over the phone. This invention relates to a service that can be offered to other merchants and website owners to authenticate Amazon customers over the phone without allowing the website owners to directly access Amazon’s customer database to verify the customer details. For example, assume merchant.com allows customers to login with Amazon… Show more

This patent relates to a service that authenticates customers over the phone. For example, Amazon may want to authenticate customers as Amazon customers over the phone. This invention relates to a service that can be offered to other merchants and website owners to authenticate Amazon customers over the phone without allowing the website owners to directly access Amazon’s customer database to verify the customer details. For example, assume merchant.com allows customers to login with Amazon credentials and the customer wants to talk to a customer service agent at merchant.com. To authenticate the customer, the customer service agent temporarily transfers the call to an interactive voice response (IVR) system that asks the customer a few challenge questions (e.g., when was your last purchase on Amazon.com). Once the IVR system verifies customer information against Amazon’s database, the IVR system transfers the call back to the customer service agent and provides them with the customer ID for the calling customer and confirmation of authentication. The customer service agent can then help the Amazon customer with their question. Show less

This patent relates to cross site request forgery (CSRF) protection. In a CSRF attack, a malicious script forces the user’s in-session browser to perform a known, repeatable action on the affected website without the user’s knowledge. This patent describes using state information for CSRF mitigation. Each submission requiring authentication includes a state identifier (ID), which is compared to a corresponding secure state ID stored in a secure location that can only be accessed by code… Show more

This patent relates to cross site request forgery (CSRF) protection. In a CSRF attack, a malicious script forces the user’s in-session browser to perform a known, repeatable action on the affected website without the user’s knowledge. This patent describes using state information for CSRF mitigation. Each submission requiring authentication includes a state identifier (ID), which is compared to a corresponding secure state ID stored in a secure location that can only be accessed by code executing in the same security context (e.g., domain) as the site to which the request is made. If the received state ID is valid and matches the secure state ID, the submission is processed. Otherwise, the user is prompted to confirm the prior submission. A subsequent confirmation submission confirming the prior submission and containing the proper state ID can be processed. If no such confirmation is received, the submission is not processed. A third party generating the fraudulent submission will be unable to confirm the prior submission. Show less

This patent relates to increasing security by providing an out-of-band authentication mechanism for email messages. When a customer receives an email from a sender purporting to be an organization (e.g., Amazon.com), the customer can forward the email to that organization (e.g., [email protected]). The organization can use authentication data, such as outgoing message logs or authentication keys to determine if the email message is authentic. The organization will then inform the customer of… Show more

This patent relates to increasing security by providing an out-of-band authentication mechanism for email messages. When a customer receives an email from a sender purporting to be an organization (e.g., Amazon.com), the customer can forward the email to that organization (e.g., [email protected]). The organization can use authentication data, such as outgoing message logs or authentication keys to determine if the email message is authentic. The organization will then inform the customer of the authenticity of the email. In cases where the email is not authentic, the organization may provide the customer with a location to read the original email content. Show less

This patent relates to increasing the security of databases in a large enterprise. Figuring out whether a request for data is legitimate is difficult because malicious and legitimate requests for data often look the same. This invention uses decoy data (e.g., data that would never be retrieved under normal circumstances) to spot malicious requests for data. When a request for data is received, decoy data is added to legitimate response data, such as by modifying stored data to include decoy… Show more

This patent relates to increasing the security of databases in a large enterprise. Figuring out whether a request for data is legitimate is difficult because malicious and legitimate requests for data often look the same. This invention uses decoy data (e.g., data that would never be retrieved under normal circumstances) to spot malicious requests for data. When a request for data is received, decoy data is added to legitimate response data, such as by modifying stored data to include decoy data or dynamically adding unstored decoy data to a response. Sentinels distributed through the network then look for the decoy data as it traverses the network. If the decoy data is detected, outside of defined network boundaries, an alarm is generated to notify the appropriate people of a possible data breach. Show less

This patent relates to increasing the security of a large scale computing environment (e.g., Amazon’s internal network) where end-users might have malicious, unpatched, or otherwise vulnerable software running on their computers. The invention automates risk-assessment and compliance reporting by creating a “risk profile” for the different software on the users’ computers based on a rating of the software (e.g., behavior of the software), the user’s computer (e.g., does it store sensitive… Show more

This patent relates to increasing the security of a large scale computing environment (e.g., Amazon’s internal network) where end-users might have malicious, unpatched, or otherwise vulnerable software running on their computers. The invention automates risk-assessment and compliance reporting by creating a “risk profile” for the different software on the users’ computers based on a rating of the software (e.g., behavior of the software), the user’s computer (e.g., does it store sensitive data), and the user (e.g., job function). Show less

A method of using a hardware security module and an adjunct application programming interface to harden tokenization security and encryption key rotation is disclosed. In various embodiments, the method comprises receiving encrypted data at a processor of a computer system, decrypting the encrypted data to cleartext in the processor, and issuing a unique token associated with the data.

A user password is obfuscated using a first obfuscation algorithm and stored. A security module receives a password from a user a first time and, in response thereto, obfuscates the password using a second obfuscation algorithm and stores the obfuscated password. The security module subsequently receives the password from the user a second time. In response thereto, the security module obfuscates the password using the second algorithm a second time and compares the results of the obfuscation… Show more

A user password is obfuscated using a first obfuscation algorithm and stored. A security module receives a password from a user a first time and, in response thereto, obfuscates the password using a second obfuscation algorithm and stores the obfuscated password. The security module subsequently receives the password from the user a second time. In response thereto, the security module obfuscates the password using the second algorithm a second time and compares the results of the obfuscation with the stored password obfuscated using the second algorithm. If the results of the obfuscation and the stored password obfuscated using the second algorithm match, the security module replaces the stored password obfuscated using the first algorithm with the password obfuscated using the second algorithm. The operations are performed transparently to the user associated with the password. Show less

This patent relates to increasing customer privacy by anonymizing customer identifiers when transmitting data between services. Before this invention, services provided data using customer identifiers (e.g., ID_1); however, use of customer identifiers may allow services to correlate and aggregate customer data, potentially compromising customer privacy. This invention solves this problem by using different anonymized customer identifiers for different services. For example, the content… Show more

This patent relates to increasing customer privacy by anonymizing customer identifiers when transmitting data between services. Before this invention, services provided data using customer identifiers (e.g., ID_1); however, use of customer identifiers may allow services to correlate and aggregate customer data, potentially compromising customer privacy. This invention solves this problem by using different anonymized customer identifiers for different services. For example, the content server can send data to one service using one anonymous identifier and send data to another service using a different anonymous identifier (only the content server knows that both anonymous identifiers really relate to the same customer). Since the two anonymous identifiers are different, the services cannot collaborate to aggregate the customer data. Show less

Disclosed are various embodiments for an authentication manager. A security credential is generated based at least in part on a security credential specification associated with a network site. The security credential and a domain name associated with the network site are stored. The security credential is provided to the network site when a domain name associated with a trusted certificate provided by the network site matches the stored domain name.

Cross Site Request Forgery (CSRF) and other types of fraudulent submission in an electronic environment can be mitigated using state information that typically is already maintained for various users. Each submission requiring authentication includes a state identifier (ID). The state ID is compared to corresponding a state ID submitted in a relatively secure format, such as in a secure token or cookie. If the state ID matches a state ID in the secure token received from the user, and the state… Show more

Cross Site Request Forgery (CSRF) and other types of fraudulent submission in an electronic environment can be mitigated using state information that typically is already maintained for various users. Each submission requiring authentication includes a state identifier (ID). The state ID is compared to corresponding a state ID submitted in a relatively secure format, such as in a secure token or cookie. If the state ID matches a state ID in the secure token received from the user, and the state ID is valid, the submission is processed. Otherwise an interstitial page, including the state ID and a secure token, is generated to prompt the user to confirm the submission. A subsequent confirmation submission will contain the proper state ID and the new cookie, and can be processed. If no confirmation is received from the user with a valid state ID, the submission is not processed. Show less

Disclosed are various embodiments that perform confidence-based authentication of a user. A request from a user is obtained, where the request pertains to an operation on a network site. An authentication duration for the user is determined, based on a risk to the user of performing the operation. A determination is made whether a current session associated with the user has expired, based on the authentication duration. The operation requested by the user is performed in response to the… Show more

Disclosed are various embodiments that perform confidence-based authentication of a user. A request from a user is obtained, where the request pertains to an operation on a network site. An authentication duration for the user is determined, based on a risk to the user of performing the operation. A determination is made whether a current session associated with the user has expired, based on the authentication duration. The operation requested by the user is performed in response to the determination that the current session associated with the user has expired. Show less

This patent relates to ancillary displays usable with an electronic device having a primary display. The ancillary display may include a dual hinge to allow the ancillary display to act as a cover for a portion of the primary display of the electronic device. Furthermore, the ancillary display may include magnetic connectors designed to provide a mechanical coupling with the electronic device and a pathway for transmission of data and/or power between the ancillary display and the electronic… Show more

This patent relates to ancillary displays usable with an electronic device having a primary display. The ancillary display may include a dual hinge to allow the ancillary display to act as a cover for a portion of the primary display of the electronic device. Furthermore, the ancillary display may include magnetic connectors designed to provide a mechanical coupling with the electronic device and a pathway for transmission of data and/or power between the ancillary display and the electronic device. Show less