Abstract: Classifiers may be used to analyze a valid certificate received from an unverified entity in an attempt to establish a secure connection with the unverified entity. The classifiers may determine a probability that the certificate is being used improperly by an unauthorized third party. An action may be taken based on the probability, such as allowing the unverified entity to establish a secure connection, blocking the unverified entity from establishing a secure connection, etc. The classifiers may be trained by employing machine learning techniques on a collection of valid, authorized certificates. Additionally, or alternatively, received certificates may be sampled for further analysis based on the probability and/or predefined sampling percentages.

Abstract: Classifiers may be used to analyze a valid certificate received from an unverified entity in an attempt to establish a secure connection with the unverified entity. The classifiers may determine a probability that the certificate is being used improperly by an unauthorized third party. An action may be taken based on the probability, such as allowing the unverified entity to establish a secure connection, blocking the unverified entity from establishing a secure connection, etc. The classifiers may be trained by employing machine learning techniques on a collection of valid, authorized certificates. Additionally, or alternatively, received certificates may be sampled for further analysis based on the probability and/or predefined sampling percentages.

Abstract: Techniques and systems for authentication with an untrusted root between a client and a server are disclosed. In some aspects, a client may connect to a server. The server and client may initiate a secure connection by exchanging certificates. The server may accept a client certificate having an untrusted root that does not chain up to a root certificate verifiable to the server certificate authority. In further aspects, the server may enable the client to associate an untrusted certificate with an existing account associated with the server. The client certificate may be hardware based or generated in software, and may be issued to the client independent of interactions with the server.

Abstract: Instructions are received to open an eXtensible Markup Language (XML) document. The XML document is searched to locate a processing instruction (PI) containing an entity. The entity, by example, can be a href attribute, a URL, a name, or a character string identifying an application that created an HTML electronic form associated with the XML document. A solution is discovered using the entity. The XML document is opened with the solution. The solution includes an XSLT presentation application and an XML schema. The XML document can be inferred from the XML schema and portions of the XML document are logically coupled with fragments of the XML schema. The XSLT presentation application is executing to transform the coupled portions of the XML document into the HTML electronic form containing data-entry fields associated with the coupled portions. Data entered through the data-entry fields can be validated using the solution.

Abstract: Tool(s) enabling installation of a solution are described. These tool(s) may follow appropriate security precautions to contain possibly dangerous code in a data file's solution even when the solution is installed from a local source, such as when a user is offline. These tool(s) determine what level of security is appropriate for a data file's solution based on the original source of the solution. The tool(s) may also and/or instead enable a user to edit a data file without the user having to discover or deploy a solution application governing the data file.

Abstract: An efficient protocol for retrieving cryptographic evidence may be selected by evaluating a local policy and a number of relevant factors. Furthermore, updated cryptographic evidence may be prefetched during a time period in which there is a low volume of requests for cryptographic evidence. This low volume time period may be defined, approximately, as an overlapping window in which both a first cryptographic evidence publication and a second cryptographic evidence publication are valid.

Abstract: Techniques and systems for authentication with an untrusted root between a client and a server are disclosed. In some aspects, a client may connect to a server. The server and client may initiate a secure connection by exchanging certificates. The server may accept a client certificate having an untrusted root that does not chain up to a root certificate verifiable to the server certificate authority. In further aspects, the server may enable the client to associate an untrusted certificate with an existing account associated with the server. The client certificate may be hardware based or generated in software, and may be issued to the client independent of interactions with the server.

Abstract: Instructions are received to open an eXtensible Markup Language (XML) document. The XML document is searched to locate a processing instruction (PI) containing an entity. The entity, by example, can be a href attribute, a URL, a name, or a character string identifying an application that created an HTML electronic form associated with the XML document. A solution is discovered using the entity. The XML document is opened with the solution. The solution includes an XSLT presentation application and an XML schema. The XML document can be inferred from the XML schema and portions of the XML document are logically coupled with fragments of the XML schema. The XSLT presentation application is executing to transform the coupled portions of the XML document into the HTML electronic form containing data-entry fields associated with the coupled portions. Data entered through the data-entry fields can be validated using the solution.

Abstract: A system and method that enables a user to edit a data file offline is described. This system and method can enable a user to edit a data file without the user having to discover or deploy a solution application governing the data file. For security, this system and method can deploy a solution application within a sandbox, thereby limiting the operations the solution application can perform.

Abstract: Instructions are received to open an eXtensible Markup Language (XML) document. The XML document is searched to locate a processing instruction (PI) containing an entity. The entity, by example, can be a href attribute, a URL, a name, or a character string identifying an application that created an HTML electronic form associated with the XML document. A solution is discovered using the entity. The XML document is opened with the solution. The solution includes an XSLT presentation application and an XML schema. The XML document can be inferred from the XML schema and portions of the XML document are logically coupled with fragments of the XML schema. The XSLT presentation application is executing to transform the coupled portions of the XML document into the HTML electronic form containing data-entry fields associated with the coupled portions. Data entered through the data-entry fields can be validated using the solution.

Abstract: Tool(s) enabling installation of a solution are described. These tool(s) may follow appropriate security precautions to contain possibly dangerous code in a data file's solution even when the solution is installed from a local source, such as when a user is offline. These tool(s) determine what level of security is appropriate for a data file's solution based on the original source of the solution. The tool(s) may also and/or instead enable a user to edit a data file without the user having to discover or deploy a solution application governing the data file.

Abstract: A user can edit an XML data file offline without the user having to discover or deploy a solution for the XML data file. A processing instruction (PI) in the XML data file is read to determine the solution's origin. The PI contains an entity that can be a href attribute that points to a URL, a name, a target having a character string identifying the application that created an electronic form associated with the XML data file, or a href attribute and at least one of a PI version and a product version. Security precautions for executing the solution based on the solution's origin are determined and the solution is silently installed from a source other than the solution's origin within a sandbox enforcing the security precautions. Deployment within a sandbox limits the operations that the solution application can perform.

Abstract: A system and method that enables a user to edit a data file offline is described. This system and method can enable a user to edit a data file without the user having to discover or deploy a solution application governing the data file. For security, this system and method can deploy a solution application within a sandbox, thereby limiting the operations the solution application can perform.

Abstract: An encrypted file system (EFS) and an underlying file transfer protocol to permit a client to encrypt, decrypt, and transfer file(s) resident on a server are disclosed. A user at a client computer can open, read, and write to encrypted files, including header information associated with encrypted files, and can add users to or remove users from an encrypted file.

Abstract: An update process is used to update root certificates in a root certificate store of a client computer, maintaining the integrity of the existing root certificates as well as any new root certificates. In accordance with certain aspects, the integrity of a certificate trust list identifying one or more root certificates is verified. The root certificate store of the client computer is modified in accordance with the certificate trust list if the integrity of the certificate trust list is verified.

Abstract: An update process is used to update root certificates in a root certificate store of a client computer, maintaining the integrity of the existing root certificates as well as any new root certificates. In one embodiment, the root certificate store is updated by adding root certificates to the store, removing root certificates from the store, or modifying usage restrictions of root certificates in the store. A cryptographically signed message including a certificate trust list, as well as any new root certificates to be added to the root certificate store, is accessed by an update root control to update the root certificates in the root certificate store. The update root control verifies the integrity of the message, and thus the integrity of the certificate trust list contained therein. Once such integrity is verified, the update root control proceeds to update the root certificate store in accordance with the information in the certificate trust list.