Abstract: An authentication protocol is disclosed for use in enhancing the security of communications between software applications and Internet-based service providers. The protocol incorporates a two level authentication model based on a distribution of authentication responsibilities, wherein the application authenticates users and the service provider authenticates the application. Embodiments of the protocol incorporate public key infrastructure and digital certificate technology. Other embodiments of the present invention pertain to applying a corresponding protocol to peer-to-peer communication scenarios.

Abstract: Systems and methods are disclosed for storing sensitive data in a database, such as an application database or a dedicated application security database or store. In accordance with one aspect of the invention, user passwords are not directly stored in a database; but instead, when a password is entered, a one-way hash of the password phrase is produced for storage and/or comparison purposes. In accordance with another aspect, individual authorized application users are each aligned with their own version of an application-wide security key such that it becomes unnecessary to directly store the key in its original form. The security key is used to process sensitive data. In accordance with another aspect, a user's version of the application-wide security reflects an encryption-based relationship to the user's password. Various embodiments also support flexible access to particular collections of sensitive data based on user account and/or user role information.

Abstract: The present invention discloses methods and systems for providing secure user access to services offered by a service provider to a client application over a network. One embodiment includes receiving an application cookie from the client application and populating a service cookie based on information in the application cookie. Information in the service cookie is utilized as a basis for regulating a provision of services to the client application.

Abstract: Data replication between a headquarters application and one or more client applications is provided. The client applications are generally located remote from the headquarters application and communicate therewith via known methods. A pair of classes is used to generically transfer data selected for replication. New entity types and/or data types can be synchronized without having to rewrite the synchronization application by simply deploying an appropriate data class and manager class for the new entity. Moreover, the prior art worksheet is abstracted, in some aspects, to a simpler form that is more user friendly.

Abstract: Systems and methods are disclosed for storing sensitive data in a database, such as an application database or a dedicated application security database or store. In accordance with one aspect of the invention, user passwords are not directly stored in a database; but instead, when a password is entered, a one-way hash of the password phrase is produced for storage and/or comparison purposes. In accordance with another aspect, individual authorized application users are each aligned with their own version of an application-wide security key such that it becomes unnecessary to directly store the key in its original form. The security key is used to process sensitive data. In accordance with another aspect, a user's version of the application-wide security reflects an encryption-based relationship to the user's password. Various embodiments also support flexible access to particular collections of sensitive data based on user account and/or user role information.

Abstract: An authentication protocol is disclosed for use in enhancing the security of communications between software applications and Internet-based service providers. The protocol incorporates a two level authentication model based on a distribution of authentication responsibilities, wherein the application authenticates users and the service provider authenticates the application. Embodiments of the protocol incorporate public key infrastructure and digital certificate technology. Other embodiments of the present invention pertain to applying a corresponding protocol to peer-to-peer communication scenarios.

Abstract: A gateway server, point of sale device and protocol are provided for processing financial transactions. A public network interface is configured to couple to a public network and communicate financial authorization requests. The financial authorization requests can include, for example, transaction specific data, a merchant store or location invariant and a supplemental header. A gateway processor processes the financial transaction authorization requests and couples to a financial network interface configured to couple to at least one financial network. The gateway provides a response to the point of sale device based upon data received from the financial network and the authorization request.