Abstract: A buyer (110) wishes to use a payment instrument as part of an online commerce transaction with a seller (120) and it is desired to authenticate that the buyer (110) has authority to use the payment instrument. A separate authentication service (130) determines whether the buyer (110) has access to certain secret information without revealing the secret information to the seller (120). Access to the secret information would verify that the buyer (110) has authority to use the payment instrument. The authentication service (130) informs the seller (120) whether the buyer (110) is authorized to use the payment instrument.

Abstract: Systems and methods for synchronizing verification data in a distributed database including client and server databases. The server database may exchange verification data regarding one-time passwords to multiple client databases. An update to the server database may be initiated based on information stored in the client database by pushing updated verification information from the client database to the server database via an SSL tunnel. An update to the client database may be initiated based on information stored in the server database by pulling updated verification data from the server database to the client database via an SSL tunnel. The client database and the server database may include a two-dimensional data field including the verification data and an associated key identifier, and a site ID. The site ID may include a unique identifier to identify the respective database in which it is included.

Abstract: A method for provisioning a mobile device with a secret to be used as a basis for generating One-Time passwords includes receiving a first request using a first communications method. The first request includes a mobile device identifier. The method also includes sending a credential message using a second communications method. The credential message includes an authentication credential. The method also includes receiving a second request using a third communications method different from the second communications method. The second request includes information based upon the authentication credential sent by the provisioning service. The method also includes sending the secret if the authentication credential in the credential message corresponds to the information based upon the authentication credential in the second request.

Abstract: A method for providing a secret that is provisioned to a first device to a second device includes generating a One-Time Password at the first device using the secret and obtaining an identifier of the secret. The method also includes providing the One-Time Password and the identifier to the second device and sending the One-Time Password and the identifier to a remote provisioning service. The method also includes verifying that the One-Time Password corresponds to the secret, and sending to the second device an encrypted secret and a decryption key for decrypting the encrypted secret. The encrypted secret and the decryption key may be sent using different communications methods. The method also includes decrypting the encrypted secret using the decryption key to provide the secret and storing the secret at the second device.

Abstract: A method of renewing a plurality of digital certificates includes receiving, at a first time, a request from a user to renew a first digital certificate and determining an expiration date for the first digital certificate. The method also includes receiving, at a second time, a request from the user to renew a second digital certificate and determining an expiration date for the second digital certificate. The expiration date for the second certificate is later than the expiration date for the first certificate. The method further includes determining a new expiration date occurring after the first time and the second time and renewing the first digital certificate. An expiration date for the renewed first digital certificate is equal to the new expiration date. Moreover, the method includes renewing the second digital certificate. An expiration date for the renewed second digital certificate is equal to the new expiration date.

Abstract: A method for managing payment of digital certificates includes receiving a request to issue a digital certificate to a subscriber, capturing and saving payment information of the subscriber, performing a first authentication and verification of the subscriber at a first time, and performing at least one additional authentication and verification of the subscriber at least once every authentication period. A long-lived certificate is issued to the subscriber provided the subscriber is authenticated and verified. The long-lived certificate is valid for an expiration period. However, the long-lived certificate is revoked if (1) the additional authentications and verification produce invalid results, or (2) if payment is not received during a payment period. The authentication period is shorter than the expiration period and there are at least a first and a second authentication period within the expiration period. The expiration period is longer than the authentication period.

Abstract: A method for forming a digital certificate includes receiving contact information associated with the digital certificate. The contact information includes at least a name, a mailing address, and an email address. The method also includes receiving billing information associated with the digital certificate and receiving a Certificate Signing Request (CSR) for the digital certificate. The method further includes receiving a first name for use in forming the digital certificate and receiving a second name for use in forming the digital certificate. Moreover, the method includes receiving an indication of a vendor of web server software, receiving an indication of a service period for the digital certificate, and forming the digital certificate. The first name is stored in a Subject field of the digital certificate and the second name is stored in the SubjectAltName extension of the digital certificate.

Abstract: A method of provisioning a first digital certificate and a second digital certificate based on an existing digital certificate includes receiving information related to the existing digital certificate. The existing digital certificate includes a first name listed in a Subject field and a second name listed in a SubjectAltName extension. The method also includes receiving an indication from a user to split the existing digital certificate and extracting the first name from the Subject field and the second name from the SubjectAltName extension of the existing digital certificate. The method further includes extracting the public key from the existing digital certificate, provisioning the first digital certificate with the first name listed in a Subject field of the first digital certificate and the public key, and provisioning the second digital certificate with the second name listed in a Subject field of the second digital certificate and the public key.

Abstract: A method for authenticating a user includes receiving a user identification, confirming the user identification, sending a request to the user to perform a single action on a communication device, creating a session to receive the single action from the communication device, receiving an identifier from the communication device, using the identifier to verify that the user has the communication device, and authenticating the user based on the confirmed user information and the verification that the user has the communication device. The identification can include a username and a password or can be a one time password.

Abstract: A method for passing data from a first processing thread to a second processing thread, wherein the first processing thread produces data to be processed by the second processing thread. The data from the first processing thread may be inserted into objects that in turn are inserted into a queue ob objects to be processed by the second thread. The queue may be a circular array, wherein the array includes a pointer to a head and a pointer to a tail, wherein only the first processing thread modifies the tail pointer and only the second processing thread modifies the head pointer.

Abstract: A method of categorizing a recent transaction as anomalous includes a) receiving information about a recent transaction and b) accessing information about one or more historical transactions. The one or more historical transactions have at least one party in common with the recent transaction. The method also includes c) determining a similarity value between the recent transaction and a transaction i of the one or more historical transactions and d) determining if the similarity value is greater than or equal to a predetermined threshold value. The method further includes e) if the similarity is greater than or equal to the predetermined threshold value, categorizing the recent transaction as not anomalous or f) if the similarity is less than the predetermined threshold value, determining if there are additional transactions. If there are additional transactions, incrementing counter i and repeating steps c) through f).

Abstract: A method of providing web site verification information to a user includes receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also includes accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further includes transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.

Abstract: A method of publishing a message includes receiving a subscription request at a first remote relay from a first client and transmitting a subscription message from the remote relay to each of a first set of central relays. The method also includes receiving a publication request at a second remote relay from a second client and transmitting a publication message from the second remote relay to a first central relay of the first set of central relays and a second central relay of a second set of central relays. The method further includes determining, at the first central relay, that a target matches at least a portion of a pattern, transmitting the message string from the first central relay to the first remote relay, determining, at the first remote relay, that the target matches at least a portion of the pattern, and transmitting the message string to the first client.

Abstract: Systems and methods for registering a domain, including Internationalized Domain Names (IDNs), including receiving a request to register an IDN and determining a language category of the request. Code points of the request are converted to yield a generalized variant of the IDN. The generalized variant is compared to a stored database of registered IDNs that may include similar generalized variants of the registered IDNs. Based on the comparison, it is determined whether or not to resister the IDN. In the case the that ION registration is allowed the generalized variant of the IDN may be stored in the database to protect against later registration by similar IDNs. Converting the code points of the request may include identifying corresponding code points of variants within the language category, and converting each of the code points of the requested IDN based on a deterministic algorithm applied to the corresponding code points.

Abstract: A method of publishing a publication message includes receiving, at one of a plurality of first relays, a subscription request from a first client and transmitting the subscription request from the one of the plurality of first relays to only one of a plurality of central relays. The method also includes receiving, at another of the plurality of first relays, a publication request from a second client. The publication request includes the publication message. The method further includes transmitting the publication message from the another of the plurality of first relays to all of the plurality of central relays, transmitting the publication message from at least one of the plurality of central relays to the one of the plurality of first relays, and transmitting the publication message from the one of the plurality of first relays to the first client.

Abstract: Incoming data streams are managed by receiving a data stream on at least one network interface card (NIC) and performing operations on the data stream using a first process running several first threads for each network interface card and at least one group of second multiple processes each with an optional group of second threads. The first process and the one or more groups of second multiple processes are independent and communicate via the shared memory. The first threads for each network interface card are different than the group of second threads. The system includes at least one network interface card that receives a data stream, a first processor that runs a first process that uses a plurality of first threads for each network interface card and a second processor that runs at least one group of second multiple processes each with an optional group of second threads. The first process and the one or more groups of second multiple processes are independent and communicate via the shared memory.

Abstract: A method of determining a clustering metric includes receiving a first set of transactions and a second set of transactions. For transaction i of the first set and transaction j of the second set, the method includes (a) determining an intersection set, (b) determining a union set; (c) computing a common linkage between transaction i and transaction j equal to the intersection set divided by the union set, and (d) incrementing index j and repeating steps (a)-(c). The method also includes (e) summing the common linkages between transaction i and the transactions of the second set, (f) normalizing the sum of the common linkages by a number of the second set, and (g) incrementing index i and repeating steps (a)-(f). The method further includes (h) summing the normalized common linkages and (i) normalizing the sum of the normalized common linkages by a number of the first set.

Abstract: A method of computing a similarity between a first transaction having a set of properties and a second transaction having the set of properties includes computing an initial weight for each of the properties of the set of properties and computing a similarity between each of the properties of the first transaction and the properties of the second transaction. The method also includes adjusting the initial weight for each of the properties based on a measure of the commonness of each of the properties of the set of properties, normalizing the adjusted weights, and computing the similarity by summing the products of the normalized adjusted weights and the computed similarities.

Abstract: Systems and methods for scoring a domain including analyzing counter data and information obtained from a web site associated with the domain. Methods may include receiving requests to resolve the domain at an authoritative domain resolution server. A counter may be incremented for the domain based on the received requests. Information may be obtained from a web page associated with the domain. For example, obtaining information from the web page may include obtaining quantitative, qualitative, and/or functional information from the web page, such as link information, a status of network links corresponding to the link information, and associated ratios. The status of link information may include searching for functional details and/or results, such as, domain redirections, domain errors, mirror content, and commonly linked sites. A score may be calculated for the domain based upon the counter data and the information obtained from the web page associated with the domain.

Abstract: A system providing methods for dynamically generating personalized content is described. Specific items of content which may be personalized or customized are identified. Subdirectories are created for each value of such personalized content. Files specific to each value of personalized content are created and placed in these subdirectories. When a user requests a particular web page or item of content, a token is retrieved identifying the personalized content to be generated for that particular user. Personalized content is then dynamically generated by construction of a path to at least one subdirectory containing personalized content. The path to such subdirectory containing personalized content is dynamically constructed based upon the token identifying such personalized content.