Abstract: Embodiments of proxy authentication and indirect certificate chaining are described herein. In an implementation, authentication for a client occurs via a proxy service. Proxy service communicates between client and server, and caches security tokens on behalf of the client. In an implementation, trustworthiness of certificate presented to a client to establish trust is determined utilizing a signed data package which incorporates a plurality of known certificates. The presented certificate is verified without utilizing root certificates installed on the client device.

Abstract: Exchanging information in a multi-site authentication system. A network server receives, from an authentication server, a request by a client computing device for a service provided by the network server along with an authentication ticket. The authentication ticket includes: a session key encrypted by a public key associated with the network server, message content encrypted by the session key, and a signature for the encrypted session key and the encrypted message content. The signature includes address information of the network server. The network server identifies its own address information in the signature to validate the signature included in the authentication ticket and verifies the authentication ticket content based on the signature included in the authentication ticket. The network server decrypts the encrypted session key via a private key associated with the second network server and decrypts the encrypted message content via the decrypted session key.

Abstract: An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications.

Abstract: An integrated authentication service is described which may receive a bundled request from one or more clients. One or more of the described techniques may be utilized to provide, in response to a single bundled request, a token for proof of identity and a certificate for establishing secure communications.

Abstract: Method for providing an interface to a function that manages a plurality of entities. Computer-executable instructions receive a request to implement a change in configuration data. The configuration data is stored in a memory area and relates to an operation of one or more entities. In response to the received request, computer-executable instructions identify a plurality of the entities affected by the change and implement the change for the identified plurality of entities in accordance with the function.

Abstract: Exchanging information in a multi-site authentication system. A network server receives, from an authentication server, a request by a client computing device for a service provided by the network server along with an authentication ticket. The authentication ticket includes: a session key encrypted by a public key associated with the network server, message content encrypted by the session key, and a signature for the encrypted session key and the encrypted message content. The signature includes address information of the network server. The network server identifies its own address information in the signature to validate the signature included in the authentication ticket and verifies the authentication ticket content based on the signature included in the authentication ticket. The network server decrypts the encrypted session key via a private key associated with the second network server and decrypts the encrypted message content via the decrypted session key.

Abstract: A security protocol for use in a multi-site authentication system. After authenticating a user, an authentication server generates a ticket including information associated with the user. The authentication server encrypts content of the ticket using a symmetric key shared with an affiliate server. The affiliate server has a public key that the authentication server uses to encrypt the shared key. The authentication server has private key for creating a signature on the ticket. The affiliate server decrypts the shared key with its private key and then decrypts the content of the ticket using the decrypted shared key. The affiliate server validates the signature with the authentication server's public key.

Abstract: A system and method for retrieving certificate of trust information for a certificate validation process. Fetching servers periodically retrieve certificate revocation lists (CRLs) from servers maintained by various certificate issuers. The revoked certificate data included in the retrieved CRLs are stored in a central database. An authentication server receives a request from a client for access to a secure service and initiates a validation process. The authentication server retrieves revoked certificate data from the central database and compares the retrieved revoked certificate data to certificate of trust information received from the client along with the request. The authentication server denies access to the secure information if the certificate of trust information matches revoked certificate data from the central database, allows access if the certificate of trust information does not match revoked certificate data from the central database.

Abstract: Securely roaming private data from one client computer to another in a network. A home client application generates a first key in response to a password, and encrypts designated private data as a function of the first key. A server receives and stores the encrypted private data. A roaming client application generates the first key in response to the password, and decrypts encrypted private data transferred from the server to obtain the private data. The invention further provides users the ability to retrieve encrypted private from the server even when the user cannot remember the password associated with the first key. Also, the server has no knowledge of the private data or the keys.

Abstract: Embodiments of multi-user web service sign-in client side components are presented herein. In an implementation, the currently authenticated user account of a first application of a client is transferred to another application of a client. In another implementation, a common credential store is used to share data for a plurality of user accounts associated with a client between a plurality of applications of the client, and for the applications to output multi-user interfaces having portions corresponding to the plurality of accounts.

Abstract: A system and method for expanding recurring calendar events such that the retrieval of recurring calendar appointments is expedited. A recurring appointment is saved as a data structure including a recurrence pattern. When a recurring appointment is saved by a client that has sufficient processing and memory resources to perform the computations necessary to expand recurring appointments (i.e., a thick client), a background thread is notified. The background thread increases its priority to normal when idle processing capacity is available and calls a routine requesting calendar information for a defined time period. The routine causes the expansion of the data structure into the individual instances of the recurring appointment for a defined time period, and the individual instances are saved for later retrieval. A later query from a client without sufficient processing and memory resources to perform the calculations necessary to expand recurring appointments (i.e.

Abstract: A system and method for expanding recurring calendar events such that the retrieval of recurring calendar appointments is expedited. A recurring appointment is saved as a data structure including a recurrence pattern. When a recurring appointment is saved by a client that has sufficient processing and memory resources to perform the computations necessary to expand recurring appointments (i.e., a thick client), a background thread is notified. The background thread increases its priority to normal when idle processing capacity is available and calls a routine requesting calendar information for a defined time period. The routine causes the expansion of the data structure into the individual instances of the recurring appointment for a defined time period, and the individual instances are saved for later retrieval. A later query from a client without sufficient processing and memory resources to perform the calculations necessary to expand recurring appointments (i.e.

Abstract: A security protocol for use in a multi-site authentication system. After authenticating a user, an authentication server generates a ticket including information associated with the user. The authentication server encrypts content of the ticket using a symmetric key shared with an affiliate server. The affiliate server has a public key that the authentication server uses to encrypt the shared key. The authentication server has private key for creating a signature on the ticket. The affiliate server decrypts the shared key with its private key and then decrypts the content of the ticket using the decrypted shared key. The affiliate server validates the signature with the authentication server's public key.

Abstract: A method for calculating all event occurrences defined by an event expression in a specified time window. An event expression comprises add rules, delete rules and modify rules, each of which define a set of rule occurrences. The rules are separated into three groups and the occurrences generated by the grouped rules are sorted in any desired manner such that the earliest occurrence of each group is available for processing. A heap sort algorithm represents one suitable sorting technique. The earliest add rule occurrence is retrieved from the sorted add group occurrences and is compared with the earliest modify and delete rule occurrences taken from the sorted modify and delete group occurrences, respectively. Based on priority rules applied to the add, modify, and delete rule occurrences during the comparison process, it may be determined that the add rule occurrence represents a valid event occurrence that satisfies the event expression.