Abstract: A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic.

Abstract: A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic.

Abstract: A system and method for determining in a global network the user network authentication status as the user goes from site to site within the network is provided. Additionally, the system and method provides for transparent or implicit multi-site logon functionality, including automatic introduction from one site to the other using a baseline authentication agency (102). The system and method provides an architecture for a core global network (100) (referred to herein as NET) that incorporates some or all of the following features and components: a set of baseline authentication agencies responsible for the core global network (NET) services, such as login and user-selected service-provider lookup; a shared NET domain and associated DNS records (106) used for cookie (110) sharing, login routing, and the like; and a collection of partner sites (108) accessible via the NET.

Abstract: A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic.

Abstract: The invention provides a method for flexibly, safely, robustly, and efficiently serving user interface pages composed of foreign content supplied by a third-party as well as local content supplied by the first party by allowing the cobrander to serve cobranded page templates. The cobrandee server retrieves the cobranded page templates from cobrander server and inserts the cobrandee contents into the cobranded page templates to generate cobranded Web content pages.

Abstract: A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic.

Abstract: A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic.

Abstract: A system and method for determining in a global network the user network authentication status as the user goes from site to site within the network is provided. Additionally, the system and method provides for transparent or implicit multi-site logon functionality, including automatic introduction from one site to the other using a baseline authentication agency (102). The system and method provides an architecture for a core global network (100) (referred to herein as NET) that incorporates some or all of the following features and components: a set of baseline authentication agencies responsible for the core global network (NET) services, such as login and user-selected service-provider lookup; a shared NET domain and associated DNS records (106) used for cookie (110) sharing, login routing, and the like; and a collection of partner sites (108) accessible via the NET.

Abstract: A system and method for determining in a global network the user network authentication status as the user goes from site to site within the network is provided. Additionally, the system and method provides for transparent or implicit multi-site logon functionality, including automatic introduction from one site to the other using a baseline authentication agency (102). The system and method provides an architecture for a core global network (100) (referred to herein as NET) that incorporates some or all of the following features and components: a set of baseline authentication agencies responsible for the core global network (NET) services, such as login and user-selected service-provider lookup; a shared NET domain and associated DNS records (106) used for cookie (110) sharing, login routing, and the like; and a collection of partner sites (108) accessible via the NET.

Abstract: The invention provides a method for flexibly, safely, robustly, and efficiently serving user interface pages composed of foreign content supplied by a third-party as well as local content supplied by the first party by allowing the cobrander to serve cobranded page templates. The cobrandee server retrieves the cobranded page templates from cobrander server and inserts the cobrandee contents into the cobranded page templates to generate cobranded Web content pages.

Abstract: The invention provides a method for flexibly, safely, robustly, and efficiently serving user interface pages composed of foreign content supplied by a third-party as well as local content supplied by the first party by allowing the cobrander to serve cobranded page templates. The cobrandee server retrieves the cobranded page templates from cobrander server and inserts the cobrandee contents into the cobranded page templates to generate cobranded Web content pages.

Abstract: An identity based service system is provided, in which an identity is created and managed for a user or principal, such that at least a portion of the identity is available to use between one or more system entities. A discovery service enables a system entity to discover a service descriptor, given a service name and a name identifier of the user, whereby system entities can find and invoke the user's other personal web services. The discovery service preferably provides a translation between a plurality of namespaces, to prevent linkable identity information over time between system entities.

Abstract: A solution is provided to monitor Web browsing activity across an Internet based network of affiliated Web sites and to enable the Web sites to detect and to force re-authentication upon users who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period. The network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie. The NATr cookie comprises a set of network-wide activity tracking (NATr) parameters for each registered user. Each of the Web sites maintains a site-specific activity tracking (SATr) cookie which comprises a set of site-specific activity tracking (SATr) parameters for each registered user. The NATr parameters for each user are reset whenever the user authenticates to the network.

Abstract: A method is described for optimizing the user-experienced availability and responsiveness of a replicated authentication system via the use of client-side authentication routing logic. Particular techniques are described for maximizing the authentication system availability and additionally either 1) bounding the user-experienced authentication latency, or 2) minimizing the user-experienced authentication latency.

Abstract: A method and apparatus is provided for invoking authenticated transactions on behalf of a user when the user is not present. For example, the invention allows a subscription to take actions that would otherwise require authentication, such as performing collections from a wallet, when the user is not present. Thus, the invention provides a form of delegation of authority.

Abstract: The invention provides a method for flexibly, safely, robustly, and efficiently serving user interface pages composed of foreign content supplied by a third-party as well as local content supplied by the first party by allowing the cobrander to serve cobranded page templates. The cobrandee server retrieves the cobranded page templates from cobrander server and inserts the cobrandee contents into the cobranded page templates to generate cobranded Web content pages.

Abstract: A method is described for optimizing the user-experienced availability and responsiveness of a replicated authentication system via the use of client-side authentication routing logic. Particular techniques are described for maximizing the authentication system availability and additionally either 1) bounding the user-experienced authentication latency, or 2) minimizing the user-experienced authentication latency.

Abstract: A method and apparatus is provided for detecting spoofed login pages and determining and executing an appropriate course of action to prevent spoofers from obtaining users' login IDs and passwords via the spoofed login pages.

Abstract: A solution is provided to monitor Web browsing activity across an Internet based network of affiliated Web sites and to enable the Web sites to detect and to force re-authentication upon users who have had a period of network-wide inactivity longer than a site-specific maximum allowable inactivity period. The network comprises at least one network authentication server (NAS) which maintains a network-wide activity tracking (NATr) cookie. The NATr cookie comprises a set of network-wide activity tracking (NATr) parameters for each registered user. Each of the Web sites maintains a site-specific activity tracking (SATr) cookie which comprises a set of site-specific activity tracking (SATr) parameters for each registered user. The NATr parameters for each user are reset whenever the user authenticates to the network.