Abstract: A system and method for providing trusted browser verification services. In a preferred embodiment, these services are provided within the context of a four-corner trust model comprising a subscribing customer and a relying customer, engaged in an on-line transaction. The subscribing and relying customers are preferably customers of first and second financial institutions, respectively, that issue to them hardware tokens for their respective private keys and digital certificates. The buyer is preferably provided with a Web browser to conduct electronic transactions. A distinct-trusted verifier or other entity ensures in a verifiable manner that the browser used by the subscribing customer does not contain any code that is not trusted by verifying the digital signatures on each running browser component of the subscribing customer's browser and ensuring that the signature was applied by an entity that is authorized to certify the trustworthiness of the component.

Abstract: A system and method are disclosed for transparently providing certificate validation and other services without requiring a separate service request by either a relying customer or subscribing customer. In a preferred embodiment, after the subscribing customer digitally signs a document (e.g., a commercial document such as a purchase order), it forwards the document to a trusted messaging entity which validates the certificates of both the subscribing customer and relying customer and the respective system participants of which they are customers. If the certificates are valid, the trusted messaging entity appends a validation message to the digitally-signed document and forwards the document to the relying customer. A validation message is also preferably appended to a digitally-signed receipt from the relying customer and transmitted to the subscribing customer. In this way, both the relying customer and subscribing customer obtain certification of their respective counterparty to the transaction.

Abstract: A user is authenticated for a relying computing entity (e.g., an enterprise) through an authentication broker service, wherein a trust relationship exists between the relying computing entity and the authentication broker service. The authentication broker service has a trust relationship with the relying computing entity and the authentication service that issued the identity of the user. The relying computing entity asks the authentication broker service to authenticate the identity of the user. The authentication broker service captures the user's credential (or directs the authentication service to do so) and sends an authentication response (e.g., a token) to the relying computing entity in order to authenticate the identity of the user to the relying computing entity. The relying computing entity verifies the authentication response based on the trust relationship between the relying computing entity and the authentication broker service.

Abstract: A system and method for providing trusted browser verification service are disclosed. In a preferred embodiment, these services are provided within the context of a four-corner trust model comprising a subscribing customer and a relying customer, engaged in an on-line transaction. The subscribing and relying customers are preferably customers of first and second financial institutions, respectively, that issue to them hardware tokens for their respective private keys and digital certificates. The buyer is preferably provided with a Web browser to conduct electronic transactions. A distinct-trusted verifier or other entity ensures in a verifiable manner that the browser used by the subscribing customer does not contain any code that is not trusted by verifying the digital signatures on each running browser component of the subscribing customer's browser and ensuring that the signature was applied by an entity that is authorized to certify the trustworthiness of the component.