Abstract: Disclosed are various embodiments for managing security credentials for an authentication management client on a client device. In one non-limiting example, a computing device is configured to receive an authentication request from an authentication management client of a client and determine an affinity of the authentication management client based at least in part on the authentication request. The computing device is configured to determine that the authentication management client is supported based at least in part on the affinity. The computing device is configured to generate a session for the authentication management client based at least in part on a security credential being received from the authentication management client.

Abstract: Disclosed are various embodiments for resetting security credentials for an authentication management client on a client device. In one non-limiting example, the authentication management client is configured to receive encrypted account data associated with a user from an authentication management service and decrypt the encrypted account data using a master security credential. The decrypted account data is stored as client account data associated with the client device. The authentication management client is configured to receive a request to reset a plurality of security credentials in the client account data. At least one of the plurality of security credentials in the client account data are reset.

Abstract: Disclosed are various embodiments for resetting security credentials for an authentication management client on a client device. In one non-limiting example, the authentication management client is configured to receive encrypted account data associated with a user from an authentication management service and decrypt the encrypted account data using a master security credential. The decrypted account data is stored as client account data associated with the client device. The authentication management client is configured to receive a request to reset a plurality of security credentials in the client account data. At least one of the plurality of security credentials in the client account data are reset.

Abstract: Disclosed are various embodiments for account management using a portable data store. In one embodiment, an authentication client is stored in a portable data store. In response to receiving a master security credential from the user, the authentication client decrypts encrypted account data stored in the portable data store. The authentication client detects that a network site is being accessed. The authentication client automatically provides a corresponding security credential to the network site.

Abstract: Disclosed are various embodiments for account management using a portable data store. In one embodiment, an authentication client is stored in a portable data store. In response to receiving a master security credential from the user, the authentication client decrypts encrypted account data stored in the portable data store. The authentication client detects that a network site is being accessed. The authentication client automatically provides a corresponding security credential to the network site.

Abstract: Disclosed are various embodiments for sharing network site account information among multiple users. Account information for a network site account is received from a first user at a first client. An indication is received from the first user that the account information is to be shared with a second user. The second user is authenticated at a second client. The account information is transferred to the second client.

Abstract: Disclosed are various embodiments for automated detection of multi-user computing devices such as kiosks, public terminals, and so on. Network resource requests are obtained from a client computing device. It is determined whether the client computing device is a multi-user system based at least in part on whether the network resource requests embody characteristics associated with multi-user systems. The resulting classification is stored and may be used to customize generation of requested network resources.

Abstract: Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the device. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. If the hardware trust evaluation device determines that a program is trustworthy, the trust evaluation device causes the trust indicator to provide a positive indication of the trustworthiness of the computer program to a user of the computing device. If the hardware trust evaluation device determines that a program is not trustworthy, the trust evaluation device causes the trust indicator to provide a negative indication of the trustworthiness of the computer program.

Abstract: Disclosed are various embodiments for facilitating streaming of media content. Video content is retrieved over a network from one or more client devices capturing video content. Data items associated with the plurality of video content are also retrieved. A list order for the plurality of video content is determined according to at least a portion of the retrieved data items, and a user interface is encoded for display where the user interface contains a plurality of items corresponding to the plurality of video content, the items being positioned within the user interface according to the list order.

Abstract: Disclosed are various embodiments for sharing network site account information among multiple users. Account information for a network site account is received from a first user at a first client. An indication is received from the first user that the account information is to be shared with a second user. The second user is authenticated at a second client. The account information is transferred to the second client.

Abstract: Aspects related to the secure transfer and use of secret material are described. In one embodiment, public vendor and provider keys are provided to a customer and encrypted secret material is received in return. The encrypted secret material may include a customer secret material encrypted by the public vendor and provider keys. The encrypted secret material is imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret material of the customer, as the customer secret material is decrypted and stored within the trusted execution environment but is not accessed by the provider in an unencrypted form. In turn, the provider may receive various instructions to perform cryptographic operations on behalf of the customer, and those instructions may be performed by the trusted execution environment.

Abstract: Validation data, such as an image selected by a merchant, is rendered on a mobile device of a customer to provide the merchant confirmation that payment for an item submitted through the mobile device of the customer was in fact received by the merchant. The merchant may establish an account on a network-accessible computing device (e.g., in the “cloud”) that includes the validation data. The customer authorizes payment to the merchant from the mobile device using the network connectivity of the mobile device. When the payment is received by the merchant, the network-accessible computing device sends the validation data to the customer's mobile device. The merchant may be confident that he or she has in fact received an electronic payment from the customer when the validation data is presented on the mobile device. Techniques to prevent reuse and copying of the validation data are also discussed.

Abstract: Disclosed are various embodiments for managing accounts for network sites. In one embodiment, account information is automatically removed from a client when a logout is performed. In another embodiment, encrypted account information and an authentication client that decrypts the account information are stored upon a portable data store that is removably attached to a computing device. In yet another embodiment, a first user may indicate that account information is to be shared with a second user.

Abstract: Disclosed are various embodiments for management functions relating to security credentials. Account data, which includes multiple security credentials for multiple network sites for a user, is stored in an encrypted form. A request to temporarily change the account data is obtained from a client. The request specifies a master security credential for accessing the account data. In response to the request, the multiple security credentials for the account data are changed to a single temporary security credential, as specified by a user. After an expiration period expires, the multiple security credentials are automatically reset to a plurality of different security credentials.

Abstract: Aspects related to the secure transfer and use of secret material are described. In one embodiment, public vendor and provider keys are provided to a customer and encrypted secret material is received in return. The encrypted secret material may include a customer secret material encrypted by the public vendor and provider keys. The encrypted secret material is imported into a trusted execution environment and decrypted with private provider and vendor keys. In this manner, a provider of cryptographic processes is not exposed to the secret material of the customer, as the customer secret material is decrypted and stored within the trusted execution environment but is not accessed by the provider in an unencrypted form. In turn, the provider may receive various instructions to perform cryptographic operations on behalf of the customer, and those instructions may be performed by the trusted execution environment.

Abstract: Disclosed are various embodiments for management functions relating to security credentials. Account data, which includes multiple security credentials for multiple network sites for a user, is stored in an encrypted form. A request to temporarily change the account data is obtained from a client. The request specifies a master security credential for accessing the account data. In response to the request, the multiple security credentials for the account data are changed to a single temporary security credential, as specified by a user. After an expiration period expires, the multiple security credentials are automatically reset to a plurality of different security credentials.

Abstract: Disclosed are various embodiments for automated detection of multi-user computing devices such as kiosks, public terminals, and so on. Network resource requests are obtained from a client computing device. It is determined whether the client computing device is a multi-user system based at least in part on whether the network resource requests embody characteristics associated with multi-user systems. The resulting classification is stored and may be used to customize generation of requested network resources.

Abstract: Disclosed are various embodiments for recovery and other management functions relating to security credentials which may be centrally managed. Account data, which includes multiple security credentials for multiple network sites for a user, is stored by a service in an encrypted form. A request for the account data is obtained from a client. The request specifies a security credential for accessing the account data. The account data is sent to the client in response to determining that the client corresponds to a preauthorized client and in response to determining that the security credential for accessing the account data is valid.

Abstract: Disclosed are various embodiments for automated detection of multi-user computing devices such as kiosks, public terminals, and so on. Network resource requests are obtained from a client computing device. It is determined whether the client computing device is a multi-user system based at least in part on whether the network resource requests embody characteristics associated with multi-user systems. The resulting classification is stored and may be used to customize generation of requested network resources.

Abstract: Disclosed are various embodiments that employ metadata to map stored client data to form fields and other data consumers. Data items are requested by a data consumer, such as a web form. Metadata is obtained that includes a mapping of standardized data items to the requested data items. The requested data items are generated based at least in part on the mapping and the standardized data items.