Abstract: The disclosure is directed to securely bootstrapping devices in a network environment. Methods and systems include hardware and/or operations for receiving, based on an identifier provisioned at a relying entity, instances of a security credential of an information system, wherein the instances are associated with respective certifying entities. The operations also include verifying the authenticity of the instances of the security credential using information of the certifying entities provisioned at the relying entity. The operations further includes determining matches between the instances of the security credential. Additionally, the operations include determining based on the matches that a first instance of the security credential satisfies a policy provisioned at the relying entity. Further, the operations include verifying the authenticity of information requested from the information system using the first instance of the security credential.

Abstract: The disclosure is directed to securely bootstrapping devices in a network environment. Methods and systems include hardware and/or operations for receiving, based on an identifier provisioned at a relying entity, instances of a security credential of an information system, wherein the instances are associated with respective certifying entities. The operations also include verifying the authenticity of the instances of the security credential using information of the certifying entities provisioned at the relying entity. The operations further includes determining matches between the instances of the security credential. Additionally, the operations include determining based on the matches that a first instance of the security credential satisfies a policy provisioned at the relying entity. Further, the operations include verifying the authenticity of information requested from the information system using the first instance of the security credential.

Abstract: End-to-end user anonymity is provided in electronic commerce or other types of online transactions through the use of an intermediary. An intermediary machine, which may be implemented in the form of a set of servers or other type of computer system, receives communications from a consumer or other user, and generates and maintains an alias for that user. Connections between the user machine and any online vendor or other web site are implemented through the intermediary using the alias. When the user desires to make a purchase from a given online vendor, the intermediary may present the user with a number of options. For example, the user may be permitted to select a particular payment card number and real destination address as previously provided to the intermediary. The intermediary then communicates with the online vendor and supplies intermediary payment information, e.g.