Abstract: Disclosed are various embodiments for providing multi-factor authentication credentials. In one embodiment, in response to a request from an application, a notification is generated in a notification area of a display. Entry of a user approval is facilitated via the notification. In response to receiving the approval, a security credential is transferred to the application. In another embodiment, the security credential may be shown in the notification area so that a user may enter it in a form field of the application.

Abstract: Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the devices. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. Additional security information regarding the trustworthiness of the computer program may be displayed on the primary display device of the computing device. The display of the security information is triggered by a user of the computing device submitting a request through a secure mechanism, where the request is unobservable and inaccessible to programs executing on the computing device. Additional secure mechanisms, such as a unique user interface for displaying the security information, can be utilized to ensure the authenticity of the displayed security information.

Abstract: Representations of authentication objects are provided for selection via an interface. An authentication object may be generated to include information obtained from one or more sensors of a device. A selected authentication object may contain information sufficient for authentication with a corresponding system. The interface may provide multiple representations of authentication objects that are usable with different service providers. The interface, executed by a first device, may be configured to authenticate a second device.

Abstract: Systems, methods, and computer-readable media related to configuration of multiple browser applications to control the functionality of the browser application as at least some content is accessed are provided. The configuration of a server-based browser application and a client-based browser application can be controlled programmatically such that browser configuration can be validated and controlled by at least some content providers. Additionally, the configuration and subsequent processing of content provided by an authenticating content provider can be implemented in a manner to limit content access functionality.

Abstract: Systems, methods, and computer-readable media related to configuration of browser applications executed on client computing device to control the functionality of the browser application as at least some content is accessed. The configuration of the browser application can be controlled programmatically such that the browser configuration can be validated and controlled by at least some content providers. Additionally, the configuration and subsequent processing of content provided by an authenticating content provider can be implemented in a manner such that users of a client computing device and other applications on the client computing device may not have access to modify or otherwise interfere with the operation of the browser software application.

Abstract: An access control application for mobile devices is provided. The access control application may be configured to generate a set of security tasks based at least in part on information corresponding to a user's interactions with the mobile device. An unlock screen of the mobile device may be triggered and security tasks from the generated set of security tasks may be displayed through a user interface of the mobile device. The user's response to the security tasks may be obtained and a confidence score may be calculated, based at least in part on the response. The access control application may then determine, based at least in part on the score and one or more attributes of the environment, whether to unlock the mobile device or prompt the user to provide an additional response to another security task.

Abstract: A manufacturer of computing equipment may generate a signature for computing equipment by measuring various attributes of the computing equipment, such as the impedance across circuits included in the computing equipment. Verification equipment may be provided to a recipient of the computing equipment. The verification equipment may be configured to generate a signature of the computing equipment over a physical connection between the verification equipment and the computing equipment. A determination may be made whether the computing equipment has been tamper with based at least in part on the signature generated by the manufacturer and the signature generated by the recipient.

Abstract: Disclosed are various embodiments for verifying the authenticity of machine-readable identifiers, such as quick response (QR) codes or other identifiers. After data is received corresponding to a machine-readable identifier, environmental data may be acquired with respect to an environment of the machine-readable identifier. The authenticity of the machine-readable identifier may be verified based at least in part on the environmental data. In some embodiments, a verification request may be sent to a trusted authority.

Abstract: Disclosed are various embodiments for a computing device with an integrated authentication token. The computing device includes first circuitry having a processor and a memory and providing general-purpose computing capability. The computing device also includes second circuitry configured to generate data. The first circuitry is incapable of determining the data due to a separation from the second circuitry, and the first and second circuitry may be in a single enclosure.

Abstract: Techniques for maintaining potentially compromised authentication information for a plurality of accounts may be provided. An individual piece of authentication information may be associated with one or more tags that indicate access rights with respect to requestors that also provide and maintain other potentially compromised authentication information. A subset of the potentially compromised authentication information may be determined based on the one or more tags in response to a request from a requestor for the potentially compromised authentication information. In an embodiment, the subset of the potentially compromised authentication information may be provided to the requestor.

Abstract: The present document describes systems and methods that utilize a cryptographic service for establishing a cryptographically protected communication session, such as a TLS connection, between a client computer system and a TLS termination point. The cryptographic service retains cryptographic material associated with a server that is represented by the TLS termination point. The TLS termination point uses the cryptographic service to perform cryptographic operations associated with establishing and maintaining the cryptographically protected communication session. The cryptographic service may be provided by the server itself, a cryptographic server, or a cryptographic accelerator such as an HSM. In some embodiments, the cryptographic service tokenizes unencrypted data to be provided to the TLS termination point. If a cryptographic accelerator is used, the cryptographic accelerator may include facilities to accelerate asymmetric cryptographic operations as well as symmetric cryptographic operations.

Abstract: Disclosed are various embodiments for a social networking behavior-based identity system that employs social networking data that a user has elected to share through an opt-in procedure. An assertion of a user identity is received from a client. It is determined whether the assertion of the user identity specifies a correct security credential. Social networking data identifying a circle of friends is received. It is determined whether the user identity belongs to a user at the client based at least in part on a reputation of one or more members of the circle of friends and whether the assertion of the user identity specifies the correct security credential.

Abstract: A secure messaging system identifies sensitive or restricted content within electronic messages such as E-mail, SMS or MMS text messages, or social network messages, and stores files including such content in a secure folder or bucket. After a first electronic message is identified as including sensitive or restricted content, a file including the sensitive or restricted content is stored in the secure folder or bucket, and a second electronic message including a link to the file or the secure folder or bucket is sent to each of the intended recipients of the first electronic message. When a recipient selects the link, the sensitive or restricted content is provided to the recipient over a secure connection (e.g., an SSL connection) rather than via E-mail. Additionally, recipients of the second electronic message may be authenticated by any method, e.g., an access policy and/or a single or multi-level authentication process.

Abstract: Disclosed are various embodiments for active data that tracks usage. The active data includes instructions that are executable by a computing device. The computing device is scanned to identify characteristics of the computing device. The characteristics of the computing device are utilized to determine whether the usage of the active data is authorized. Data is transmitted to a network service, including identifying information for the particular computing device and data that identifies a deployment of the active data.

Abstract: A mechanism is provided for representing information, such as binary sequence, in a manner that is easier to read and less likely to generate errors when interacted with by human. A dictionary is seeded with two or more set of words, the words being selected from distinct categories. Symbols may be created by combining words from the distinct categories. A mapping of symbols to corresponding values may then be generated. The generated mapping may be used to translate bit values to symbols and symbols to bit values.

Abstract: Disclosed are various embodiments that facilitate bootstrap authentication of a second application by way of a user confirmation via a first application. The first application is authenticated using trusted credentials. A first application is authenticated with an authentication service using the security credential. Text input is sent from the first application to the second application via the network. The text input is sent to a text entry field on the second application.

Abstract: Techniques for maintaining and updating authentication information for a plurality of accounts may be provided. In an example a first set of authentication information for the plurality of accounts may be maintained. A second set of authentication information that has been marked as potentially compromised may be received. A third set of authentication information may be generated based on the overlap between the first set of authentication information and the second set of authentication information. The first set of authentication information may be updated based at least in part on one or more security authentication protocols and the third set of authentication information.

Abstract: Content inspection and analysis are described. A server stores a definition of sets of browser policies. A definition of one or more sets of users is stored. The server stores an association with a respective set of browser policies for the one or more sets of users. A request is received from a client browser associated with a user, wherein the client browser is configured to communicate with the server. The server determines which set of users the user is associated with. The server identifies a first set of browser policies that is associated with the determined set of users and applies the identified first set of browser policies to the request.

Abstract: Many people acquire items such as souvenirs when travelling. This disclosure describes systems and methods for shipping items acquired while travelling. In one implementation, an item is dropped off and a description of the item is provided. The item is delivered to a fulfillment center. A fulfillment center computing system may inspect the item by verifying that the description of the item corresponds to the item. By inspecting the item, the fulfillment center computing system may perform additional services, such as processing a tax refund incurred when item was purchased.

Abstract: Multiple communications that encode data are encrypted for transit from one entity to the other. An entity receiving the communications decrypts at least some of the communications to determine how to process the communications. As part of processing the communications, the entity receiving the communications provides at least some of the encrypted communications to a data storage system without reencrypting those communications.