Abstract: Features are disclosed for a dynamic security seal indicating a security of an application. A computing device can receive a request to implement a dynamic security seal for an application. The computing device can validate a relationship between an entity and the application and between an image and the application. Based on validating these relationships, the computing device can generate a dynamic security seal. When implemented, the dynamic security seal may display a plurality of faces. A face of the plurality of faces may be the image. The dynamic security seal can sequentially display the plurality of faces based on various criteria.

Abstract: Features are disclosed for a dynamic security seal indicating a security of an application. A computing device can receive a request to implement a dynamic security seal for an application. The computing device can validate a relationship between an entity and the application and between an image and the application. Based on validating these relationships, the computing device can generate a dynamic security seal. When implemented, the dynamic security seal may display a plurality of faces. A face of the plurality of faces may be the image. The dynamic security seal can sequentially display the plurality of faces based on various criteria.

Abstract: A method and system are disclosed for renewing and revoking certificates. In one embodiment, a certificate may include a renewal extension field with renewal information. Multiple sets of renewal information may be recursively embedded. Upon determining that a certificate will shortly expire, a server may determine that the certificate has a renewal extension field with renewal information, and may request a symmetric key from a certificate authority to decrypt the renewal information. The certificate authority may respond by providing a symmetric key, and the server may use the symmetric key to decrypt the renewal information, which may include updated field values for the certificate. If a server requests a symmetric key too early, i.e., too long before a certificate expires, then certificate authority may deny the request, and the server may determine to wait and then try requesting the symmetric key again.

Abstract: The invention comprises a method of auditing an object signing by creating security events throughout the signature process, including a security event that captures the identity of the signer and any anomalies associated with the signing process. The signature process may include multi-factor authentication, a policy engine that establishes the signer's authority and rights, and compliance checks that ensure the object's readiness for signature. The digital certificate used to sign the object may be stored on the cloud, locally, remotely, or on a hardware token.