Abstract: Embodiments of proxy authentication and indirect certificate chaining are described herein. In an implementation, authentication for a client occurs via a proxy service. Proxy service communicates between client and server, and caches security tokens on behalf of the client. In an implementation, trustworthiness of certificate presented to a client to establish trust is determined utilizing a signed data package which incorporates a plurality of known certificates. The presented certificate is verified without utilizing root certificates installed on the client device.

Abstract: Systems and methods for providing signatures are described. In an implementation, a system includes a backend configured to generate a plurality of incomplete signatures using an offline portion of an online/offline signature algorithm, storage configured to store the plurality of incomplete signatures and a front end configured to process a plurality of messages using the plurality of incomplete signatures to form a plurality of digital signatures such that each of the messages has a corresponding one of the digital signatures.

Abstract: Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.

Abstract: A human interactive proof (HIP) service is described. In response to a request from a web server, the HIP service generates a HIP challenge and an associated attestation. The web server can then embed the generated HIP challenge in a requested web page. The attestation is used to determine whether or not a user response to the HIP challenge is correct.

Abstract: Enabling dynamic aggregation of content from a plurality of content providers. The invention stores references associated with specific display areas in a document for a particular data source. Responsive to a request for the document, the invention retrieves the references associated with the data source and dynamically inserts the references into the appropriate display area of the document. A client renders the document by obtaining the content associated with the references. In an embodiment, the invention includes a web service for cobranding a login user interface for a user authentication system. The web service places cobranding content provided by an affiliate content provider and sign-in user interface content provided by a user authentication service into different frames of a single web page.

Abstract: A system and method for automatically determining if a computer user is a human or an automated script. Human interactive proofs (HIPs) are currently used to deter automated registration for web services by automated computer scripts. Unfortunately, HIPs entail multiple steps (request service, receive challenge, respond to challenge) that can be burdensome. The system and method of the invention in one embodiment provides a “black-box” to potential users consisting of a challenge generator and a secret key. The challenge is generated for the user and the response can be provided as part of the service request, eliminating the need for a separate challenge from a service provider and response to the challenge.