Abstract: Disclosed are various embodiments for replicating authentication data between computing devices. A computing device detects a change to a user account made by a first client device associated with the user account. The computing device then determines that a second client device associated with the user account comprises locally stored authentication data that fails to reflect the change. The computing device then sends an update to the second client device.

Abstract: Methods and systems for implementing dynamic rate adjustment for interaction monitoring are disclosed. At an entity, the collection of trace information is initiated according to a first sampling rate. The trace information is indicative of interactions between the entity and one or more additional entities. A second sampling rate is determined based at least in part on information external to the entity. The second sampling rate is determined after the collection of the trace information is initiated at the entity according to the first sampling rate. At the entity, the collection of additional trace information is initiated according to the second sampling rate.

Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.

Abstract: Disclosed are various embodiments for replicating authentication data between computing devices. A computing device monitors a first certificate store located on a first client device for a change in a first state of the first certificate store. The computing device updates a record of the first state of the first certificate store with the change in the first state of the first certificate store, wherein the record is stored in a memory of the computing device. The computing device then determines that the first state of the first certificate store differs from a second state of a second certificate store located on a second client device. Finally, the computing device sends an update to the second client device, wherein the update comprises a change set representing a difference between the updated record and the second certificate store.

Abstract: Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the devices. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. Additional security information regarding the trustworthiness of the computer program may be displayed on the primary display device of the computing device. The display of the security information is triggered by a user of the computing device submitting a request through a secure mechanism, where the request is unobservable and inaccessible to programs executing on the computing device. Additional secure mechanisms, such as a unique user interface for displaying the security information, can be utilized to ensure the authenticity of the displayed security information.

Abstract: Application developers may develop applications or portions of application that do not have a corresponding user interface. Testing non-user interface elements of an application may require application developers to develop corresponding user interface elements for all or a portion of the executable code included in the application. Developers may test non-user interface elements of an application or library by wrapping the executable code in a sample application managed by a test harness. The test harness may transmit test operations configured to test the non-user interface elements of the application to the sample application over an inter-process communication channel. The sample application may execute the test and return the results of the test to the test harness using inter-process communication methods.

Abstract: Disclosed are various embodiments for correlating a first use case-specific entity identifier with a second use case-specific entity identifier. A chained entity identifier corresponds to the first use case-specific entity identifier. The chained entity identifier can include the second use case-specific entity identifier cryptographically wrapped by a use case-specific key. The second use case-specific entity identifier can be received from the chained entity identifier. The second use case-specific entity identifier can be correlated to the first use case-specific entity identifier.

Abstract: Disclosed are various embodiments for network site account management using a proxy server. A request for a secured resource on a network site is generated based at least in part on stored account information in response to receiving an initial request for the secured resource from a client. The request is sent to the network site. The secured resource is sent to the client in response to receiving the secured resource from the network site.

Abstract: A resource owner or administrator submits a request to a permissions management service to create a permissions grant which may include a listing of actions a user may perform on a resource. Accordingly, the permissions management service may create the permissions grant and use a private cryptographic key to digitally sign the created permissions grant. The permissions management service may transmit this digitally signed permissions grant, as well as a digital certificate comprising a public cryptographic key for validating the permissions grant, to a target resource. The target resource may use the public cryptographic key to validate the digital signature of the permissions grant and determine whether a user is authorized to perform one or more actions based at least in part on a request from the user to perform these one or more actions on the resource.

Abstract: Disclosed are various embodiments for creating and manipulating chained entity identifiers that include multiple use case-specific entity identifiers. Each of the use case-specific entity identifiers may identify a single entity but may differ, as they are use case-specific. Further, each of the use case-specific entity identifiers may be encrypted and/or signed using different use case-specific keys. The use case-specific entity identifiers may be nested or appended within a chained entity identifier.

Abstract: Methods and systems for implementing dynamic rate adjustment for interaction monitoring are disclosed. At an entity, the collection of trace information is initiated according to a first sampling rate. The trace information is indicative of interactions between the entity and one or more additional entities. A second sampling rate is determined based at least in part on information external to the entity. The second sampling rate is determined after the collection of the trace information is initiated at the entity according to the first sampling rate. At the entity, the collection of additional trace information is initiated according to the second sampling rate.

Abstract: Disclosed are various embodiments that perform confidence-based authentication of a user. An identification of a user account is obtained from a user, and a minimum confidence threshold is determined. Multiple authentication challenges are presented to the user. Responses are obtained from the user to a subset of the challenges, with each response having a corresponding authentication point value. A confidence score is generated for the user, where the confidence score is increased by the respective authentication point values of the correct responses. The user is authenticated as being associated with the user account in response to determining that the confidence score meets the minimum confidence threshold.

Abstract: Disclosed are various embodiments for providing multi-factor authentication credentials. For example, a first application may send an authentication request to a first authentication service, where the request specifies a first authentication factor. A second application may generate a user interface upon a display, where the user interface facilitates entry of a user approval. In response to receiving the user approval, the second application may send a second authentication factor to a second authentication service that acts as a proxy for the first authentication service. In some embodiments, an application may be configured to automatically transfer a one-time password or other authentication factor to a recipient in response to receiving a user approval.

Abstract: Disclosed are various embodiments for providing multi-factor authentication credentials. In one embodiment, in response to a request from an application, a notification is generated in a notification area of a display. Entry of a user approval is facilitated via the notification. In response to receiving the approval, a security credential is transferred to the application. In another embodiment, the security credential may be shown in the notification area so that a user may enter it in a form field of the application.

Abstract: Disclosed are various embodiments that perform confidence-based authentication of a user. An identification of a user account is obtained from a user, and a minimum confidence threshold is determined. Multiple authentication challenges are presented to the user. Responses are obtained from the user to a subset of the challenges, with each response having a corresponding authentication point value. A confidence score is generated for the user, where the confidence score is increased by the respective authentication point values of the correct responses. The user is authenticated as being associated with the user account in response to determining that the confidence score meets the minimum confidence threshold.

Abstract: Described in this disclosure is an input transformative device having an input side and an output side. The input transformative device may be configured to transfer a touch input at an input location on the input side to one or more output locations on the output side. The output side of the input transformative device may be positioned proximate to a touch sensor of a user device. The touch sensor may then detect the touch input of the user as occurring at the one or more output locations, rather than the input location. Interconnection between the input side and the output side may be predetermined and used to secure user input to the touch sensor. The interconnection pattern of inputs to outputs of the input transformative device may be fixed or reconfigurable. In some implementations, input using the input transformative device may be used to authenticate the user.

Abstract: Disclosed are various embodiments for network site account management using a proxy server. A request for a secured resource on a network site is generated based at least in part on stored account information in response to receiving an initial request for the secured resource from a client. The request is sent to the network site. The secured resource is sent to the client in response to receiving the secured resource from the network site.

Abstract: Disclosed are various embodiments for centrally managed use case-specific entity identifiers. An identifier translation service receives an identifier translation request from a requesting service. The request specifies a first use case-specific entity identifier, which is specific to a first use case. An actual entity identifier is obtained by decrypting the first use case-specific entity identifier. A second use case-specific entity identifier is generated based at least in part on encrypting the actual entity identifier. The second use case-specific entity identifier is sent to the requesting service in response to the identifier translation request.

Abstract: Disclosed are various embodiments for network site account management using a proxy server. A first request for a secured resource on a network site is received from a client. It is determined whether stored account information is available for the secured resource. A second request for the secured resource is generated based at least in part on the stored account information in response to determining that the stored account information is available for the secured resource. The second request is sent to a server corresponding to the network site. The secured resource is received from the server, and the secured resource is sent to the client.

Abstract: Use case-specific entity identifiers are disclosed. Entity data associated with an actual entity identifier of an entity is generated. A use case-specific entity identifier is generated based at least in part on encrypting the actual entity identifier using reversible encryption. The entity data, in association with the use case-specific entity identifier, is sent to another service.