Abstract: Disclosed are various embodiments that facilitate bootstrap authentication of a second application by way of a user confirmation via a first application, where the first application is authenticated using trusted credentials. A security credential for a user account is received from a user. A first application is authenticated with an authentication service using the security credential. One or more user actions are received by the first application. The user actions constitute a confirmation of a bootstrap authentication request submitted by a second application. Data encoding the user actions is sent to the authentication service.

Abstract: Disclosed are various embodiments for active data, such as active decoy data. The active decoy data includes instructions that, when executed by a particular device, cause the particular computing device to determine whether the particular computing device is a target computing device. The particular computing device initiates a predefined action in response to determining that the particular computing device is not the target computing device. The approaches described herein may also be useful in wrapping and distributing digital content.

Abstract: Existing infrastructure for processing credit card transactions at point-of-sale (POS) devices is leveraged to provide secure and convenient payment with a mobile device. A mobile transaction infrastructure that is integrated with the credit card interchange network receives information from the mobile device and passes this information to a gateway provider or a payment processor. By combining information from both the mobile device and the POS device, this backend infrastructure can uniquely identify a transaction and appropriately charge an account associated with the user of the mobile device. The transaction may be matched with the mobile device be based on location, time, transaction charge, and/or other factors.

Abstract: Techniques for providing friction-free transactions using geolocation and user identifiers are described herein. These techniques may ascertain a user's location based on a location of a mobile device. A transaction between the user and a merchant may be completed with zero or minimal input from the user based on the geolocation of the mobile device and the user identifiers. In some implementations, a transaction initiated earlier is completed when the mobile device arrives at the merchant. Additionally, a parent-child or similar relationship may be established between multiple devices. Security on the mobile device based may be provided by biometric identification and calculation of variance from regular movement patterns. Advertisements may be sent to the mobile device based on bids from merchants near to the mobile device. Promotions may be sent to the mobile device when more than a threshold number of mobile devices are located at the same merchant.

Abstract: Techniques for providing friction-free transactions using geolocation and user identifiers are described herein. These techniques may ascertain a user's location based on a location of a mobile device. A transaction between the user and a merchant may be completed with zero or minimal input from the user based on the geolocation of the mobile device and the user identifiers. In some implementations, a transaction initiated earlier is completed when the mobile device arrives at the merchant. Additionally, a parent-child or similar relationship may be established between multiple devices. Security on the mobile device based may be provided by biometric identification and calculation of variance from regular movement patterns. Advertisements may be sent to the mobile device based on bids from merchants near to the mobile device. Promotions may be sent to the mobile device when more than a threshold number of mobile devices are located at the same merchant.

Abstract: The techniques described herein provide software testing of a candidate version of software. In some examples, an interceptor intercepts at least one production request to a production version of the software and issues the production request to a shadow proxy service as a shadow request. The shadow proxy service causes the at least one shadow request to be processed by the candidate version of the software being validated and an authority version of the software being used to validate the candidate version. The shadow proxy service may then compare and/or analyze at least one candidate response to the shadow request from the candidate version and at least one authority response to the shadow request from the authority version. A dashboard service may provide at least some of the resulting information and issue a request the shadow proxy service to replay at least one of the shadow requests.

Abstract: Disclosed are various embodiments relating to bootstrapping user authentication. A first security credential is received for a user account from a user. A first application is then authenticated with another computing device using the first security credential. After authenticating the first application, a bootstrap request is then sent to the other computing device for a second security credential to authenticate a second application without using the first security credential. The bootstrap request specifies a bootstrap session identifier. The second security credential is then received from the other computing device.

Abstract: Techniques for providing friction-free transactions using geolocation and user identifiers are described herein. These techniques may ascertain a user's location based on a location of a mobile device. A transaction between the user and a merchant may be completed with zero or minimal input from the user based on the geolocation of the mobile device and the user identifiers. In some implementations, a transaction initiated earlier is completed when the mobile device arrives at the merchant. Additionally, a parent-child or similar relationship may be established between multiple devices. Security on the mobile device based may be provided by biometric identification and calculation of variance from regular movement patterns. Advertisements may be sent to the mobile device based on bids from merchants near to the mobile device. Promotions may be sent to the mobile device when more than a threshold number of mobile devices are located at the same merchant.

Abstract: Disclosed are various embodiments relating to bootstrapping user authentication. A first application is authenticated based at least in part on a first security credential received via the first application in a first authentication request. A second security credential is generated. The second security credential is sent to the first application that is authenticated. The second application is authenticated based at least in part on the second security credential being received via the second application.

Abstract: Techniques are described for dynamically enabling or disabling portions of an executing software module based on control data. During compilation of source code for a software module, switching instructions may be generated to enable the conditional bypassing of executable instructions for one or more functions described in the source code. In some cases, the switching instructions may be generated for the public functions of a software module. During execution of the software module, the switching instructions may trap a call to a function and dynamically determine whether to execute the function based on the value of control data corresponding to the function. A user interface may be presented to enable an operator to set the control data to enable or disable the execution of one or more functions.

Abstract: Communication between program components executing in different virtual machines on the same physical computer may be optimized utilizing various mechanisms. A virtual machine manager may be configured to route network communications between virtual machines on the same physical host through a memory buffer. The virtual machine manager might also be configured to provide a shared memory and/or a shared data structure for enabling data communication between program components executing in different virtual machines on the same physical computing device. Mechanisms might also be implemented in order to prevent inconsistent read and/or write operations from being performed on the shared memory and/or the shared data structure. Mechanisms might also be implemented to minimize copying of a memory buffer, shared memory, and/or shared data structure.

Abstract: Customers receive advertisements or “impressions” related to brick and mortar merchants while accessing online content. The merchants or other entities track which impressions correlate with customers coming to a physical store and conducting a transaction (e.g., making a purchase) by comparing transaction information with information about the customer that is provided by the source of online impressions. In one implementation, the merchant creates a hash from the customer's name and account number on a payment card. This hash is compared with a hash from the impression provider that is generated using the same technique. When a match is found, it is inferred that exposure to the online impression caused the customer to make a purchase at the physical store. Merchants may pay the impression providers an advertising or referral fee based on the matches.

Abstract: Techniques are described for employing precomputed results of applying rules to content items, the rules applicable to determine whether content items may be electronically published. On receiving a request for a content item, rules applicable to the content item may be identified. A datastore of precomputed results of rule application may be accessed to determine whether the datastore includes a result of applying a current or previous version of each rule. If the datastore includes a current result, the current result may be employed in determine whether the content item may be presented. If the datastore includes a previous result, the previous result may be so employed. If the datastore includes a previous result or no appropriate result, a job may be queued to calculate the current result asynchronously relative to the request for the content item.

Abstract: Techniques are described for scheduling data access jobs based on a job dependency analysis. A requested primary data access job is analyzed to determine one or more preliminary data access jobs on which it depends, and an execution duration of each data access job is predicted based on historical data or other factors. A time-sensitive subset of the preliminary data access jobs is determined as the subset of those serially dependent preliminary data access jobs for which there is a minimum time difference between the total predicted execution duration and a requested target completion time. Data access jobs are scheduled with priority given to those preliminary data access jobs in the time-sensitive subset, to enable the primary data access jobs to be completed by the requested target completion times.

Abstract: Disclosed are various embodiments that facilitate bootstrapping authentication of a user at a first device using a second device. The second device is authenticated for access to a user account via a first security credential. A second security credential is received by the second device. The second security credential is then sent to the first device. Subsequently, the second security credential is received from the first device, and the first device is authenticated for access to the user account. The second device includes visual cues to indicate a network page is legitimate, while the first device excludes visual cues to indicate the network page is legitimate.

Abstract: Disclosed are various embodiments that facilitate bootstrapping authentication of a user at a first device using a second device. The second device is authenticated for access to a user account via a first security credential. A second security credential is received by the second device. The second security credential is then sent to the first device. Subsequently, the second security credential is received from the first device, and the first device is authenticated for access to the user account.

Abstract: Techniques for providing friction-free transactions using geolocation and user identifiers are described herein. These techniques may ascertain a user's location based on a location of a mobile device. A transaction between the user and a merchant may be completed with zero or minimal input from the user based on the geolocation of the mobile device and the user identifiers. In some implementations, a transaction initiated earlier is completed when the mobile device arrives at the merchant. Additionally, a parent-child or similar relationship may be established between multiple devices. Security on the mobile device based may be provided by biometric identification and calculation of variance from regular movement patterns. Advertisements may be sent to the mobile device based on bids from merchants near to the mobile device. Promotions may be sent to the mobile device when more than a threshold number of mobile devices are located at the same merchant.

Abstract: Disclosed are various embodiments for identifying a table of non-decoy data matching a set of criteria. Decoy data is inserted into the table of non-decoy data. The decoy data is detected in a result comprising the decoy data, the result generated in response to an access of the data store. An alarm is generated based at least upon the result.

Abstract: Service fleets made up of many pieces of computer hardware may perform computational tasks. Described herein are systems and methods for optimizing costs associated with the computer hardware. In one example, an optimization system indicates an amount of hardware needed such that the service fleet operates at an optimal cost. The amount of hardware may be determined based on hardware cost metric data generated for a service fleet.

Abstract: Disclosed are various embodiments for obtaining policy data specifying decoy data eligible to be inserted within a response to an access of a data store. The decoy data is detected in the response among a plurality of non-decoy data based at least upon the policy data. An action associated with the decoy data is initiated in response to the access of the data store meeting a configurable threshold.