Abstract: Validation data, such as an image selected by a merchant, is rendered on a mobile device of a customer to provide the merchant confirmation that payment for an item submitted through the mobile device of the customer was in fact received by the merchant. The merchant may establish an account on a network-accessible computing device (e.g., in the “cloud”) that includes the validation data. The customer authorizes payment to the merchant from the mobile device using the network connectivity of the mobile device. When the payment is received by the merchant, the network-accessible computing device sends the validation data to the customer's mobile device. The merchant may be confident that he or she has in fact received an electronic payment from the customer when the validation data is presented on the mobile device. Techniques to prevent reuse and copying of the validation data are also discussed.

Abstract: Implementing a data protection service. One method includes receiving a request to provision a first tenant among a plurality of tenants managed by a single data protection service. A tenant is defined as an entity among a plurality of entities. A single data protection service provides data protection services to all tenants in the plurality of tenants. A first encryption key used to decrypt the first tenant's data at the data store is stored. The first encryption key is specific to the first tenant and thus cannot be used to decrypt other tenants' data at the data store from among the plurality of tenants. Rather each tenant in the plurality of tenants is associated with an encryption key, not usable by other tenants, used at the data store to decrypt data on a tenant and corresponding key basis.

Abstract: A server may bridge between a wide area network, such as the Internet, and a local area network and may process authentication requests from clients on the wide area network. The server may filter the requests to enable specific types of requests to pass, and may forward the requests to a credential server within the local area network and pass any responses back to the client. The server may be configured with some or all of a set of domain services objects, but such objects may be stored in a read only format. The server may further contain a minimum of or no sensitive data such that, if compromised, an attacker may gain little advantage. The client may request evidence of authentication available to devices within the local area network and may use the evidence of authentication to access services made available to the wide area network.

Abstract: A server may bridge between a wide area network, such as the Internet, and a local area network and may process authentication requests from clients on the wide area network. The server may filter the requests to enable specific types of requests to pass, and may forward the requests to a credential server within the local area network and pass any responses back to the client. The server may be configured with some or all of a set of domain services objects, but such objects may be stored in a read only format. The server may further contain a minimum of or no sensitive data such that, if compromised, an attacker may gain little advantage. The client may request evidence of authentication available to devices within the local area network and may use the evidence of authentication to access services made available to the wide area network.