Abstract: Various technologies and techniques are disclosed for performing tax calculations. An add-in model is described for developing add-in(s) for performing tax calculations. The add-in(s) calculate taxes for one or more tax authorities for items contained in a transaction being processed by a point of sale application. The add-in model specifies functionality the add-in(s) need to implement before the add-in(s) can be used by the point of sale application. A method for configuring multiple add-ins is described. A first add-in is called to calculate a first partial tax owed and the first partial tax is received back. A second add-in is called to calculate a second partial tax owed and the second partial tax is received back. A total tax is calculated by adding the first partial tax with the second partial tax. A configuration user interface is also provided by the add-in.

Abstract: An authentication protocol is disclosed for use in enhancing the security of communications between software applications and Internet-based service providers. The protocol incorporates a two level authentication model based on a distribution of authentication responsibilities, wherein the application authenticates users and the service provider authenticates the application. Embodiments of the protocol incorporate public key infrastructure and digital certificate technology. Other embodiments of the present invention pertain to applying a corresponding protocol to peer-to-peer communication scenarios.

Abstract: An application program interface to manage gift cards and check authorizations may be described. An apparatus may comprise a point of sale device having a processor coupled to a memory, the memory storing a point of sale host application object, a gift card service add-in object and a check service add-in object. The processor may execute the gift card service add-in object in response to application program interface commands to perform gift card service operations for the point of sale host application object. The processor may execute the check service add-in object to perform check service operations for the point of sale host application service. Other embodiments are described and claimed.

Abstract: Systems and methods are disclosed for storing sensitive data in a database, such as an application database or a dedicated application security database or store. In accordance with one aspect of the invention, user passwords are not directly stored in a database; but instead, when a password is entered, a one-way hash of the password phrase is produced for storage and/or comparison purposes. In accordance with another aspect, individual authorized application users are each aligned with their own version of an application-wide security key such that it becomes unnecessary to directly store the key in its original form. The security key is used to process sensitive data. In accordance with another aspect, a user's version of the application-wide security reflects an encryption-based relationship to the user's password. Various embodiments also support flexible access to particular collections of sensitive data based on user account and/or user role information.

Abstract: Systems and methods are disclosed for storing sensitive data in a database, such as an application database or a dedicated application security database or store. In accordance with one aspect of the invention, user passwords are not directly stored in a database; but instead, when a password is entered, a one-way hash of the password phrase is produced for storage and/or comparison purposes. In accordance with another aspect, individual authorized application users are each aligned with their own version of an application-wide security key such that it becomes unnecessary to directly store the key in its original form. The security key is used to process sensitive data. In accordance with another aspect, a user's version of the application-wide security reflects an encryption-based relationship to the user's password. Various embodiments also support flexible access to particular collections of sensitive data based on user account and/or user role information.

Abstract: An authentication protocol is disclosed for use in enhancing the security of communications between software applications and Internet-based service providers. The protocol incorporates a two level authentication model based on a distribution of authentication responsibilities, wherein the application authenticates users and the service provider authenticates the application. Embodiments of the protocol incorporate public key infrastructure and digital certificate technology. Other embodiments of the present invention pertain to applying a corresponding protocol to peer-to-peer communication scenarios.