Abstract: A system including a data plane including a first virtual machine designated as a primary node and a second virtual machine designated as a secondary node, and a lock service configured to control changes in designation of the primary node and the secondary node. The first virtual machine repeatedly issues requests to the second virtual machine or lock service extending designation as the primary node for a first duration. The request is repeatedly issued within a duration shorter than the first duration. The second virtual machine receives an indication of the designation of the first virtual machine as the primary node being extended, issues a request to the lock service to change the designation of the primary node after passage the first duration of time without further indication of first virtual machine being extended as primary node, and receives confirmation from the lock service of the change in designation.

Abstract: A transaction verification process performed by a transaction network operator in communication with a client computing device and a third party provider. A computing device may be equipped with an integrity verification module for verifying the system integrity of the computing device, and a cryptographic module for digitally signing transaction requests. The transaction network operator may verify that transaction requests processed by the third party provider are properly associated with a valid computing device by verifying signatures from the cryptographic module and the integrity verification module. In response to a request from the third party provider, the transaction network operator may verify that the computing device is authorized to complete the transaction by challenging the computing device for proper credentials. The transaction network operator may verify the credentials provided by the client device and indicate to the third party provider that the transaction is valid.

Abstract: A transaction verification process performed by a transaction network operator in communication with a client computing device and a third party provider. A computing device may be equipped with an integrity verification module for verifying the system integrity of the computing device, and a cryptographic module for digitally signing transaction requests. The transaction network operator may verify that transaction requests processed by the third party provider are properly associated with a valid computing device by verifying signatures from the cryptographic module and the integrity verification module. In response to a request from the third party provider, the transaction network operator may verify that the computing device is authorized to complete the transaction by challenging the computing device for proper credentials. The transaction network operator may verify the credentials provided by the client device and indicate to the third party provider that the transaction is valid.

Abstract: A transaction verification process performed by a transaction network operator in communication with a client computing device and a third party provider. A computing device may be equipped with an integrity verification module for verifying the system integrity of the computing device, and a cryptographic module for digitally signing transaction requests. The transaction network operator may verify that transaction requests processed by the third party provider are properly associated with a valid computing device by verifying signatures from the cryptographic module and the integrity verification module. In response to a request from the third party provider, the transaction network operator may verify that the computing device is authorized to complete the transaction by challenging the computing device for proper credentials. The transaction network operator may verify the credentials provided by the client device and indicate to the third party provider that the transaction is valid.

Abstract: A transaction verification process performed by a transaction network operator in communication with a client computing device and a third party provider. A computing device may be equipped with an integrity verification module for verifying the system integrity of the computing device, and a cryptographic module for digitally signing transaction requests. The transaction network operator may verify that transaction requests processed by the third party provider are properly associated with a valid computing device by verifying signatures from the cryptographic module and the integrity verification module. In response to a request from the third party provider, the transaction network operator may verify that the computing device is authorized to complete the transaction by challenging the computing device for proper credentials. The transaction network operator may verify the credentials provided by the client device and indicate to the third party provider that the transaction is valid.

Abstract: An integrity verification process is performed by an integrity verification module of a client computing device. When the computing device is powered-up, but before an operating system is booted, the integrity verification module performs an integrity check of the computing device and gathers integrity verification information to ensure that the system is secure. If the system passes the integrity check, the system boots to a browser session which is capable of communicating with a cryptographic module. In response to a request from a service provider, the computing device retrieves the integrity verification information and signs the integrity verification information using a private key from the cryptographic module and forwards the signed data to the service provider. The integrity of the computing device may then be verified using a known public key of the cryptographic module that is accessible from a trusted third party.

Abstract: An integrity verification process is performed by an integrity verification module of a client computing device. When the computing device is powered-up, but before an operating system is booted, the integrity verification module performs an integrity check of the computing device and gathers integrity verification information to ensure that the system is secure. If the system passes the integrity check, the system boots to a browser session which is capable of communicating with a cryptographic module. In response to a request from a service provider, the computing device retrieves the integrity verification information and signs the integrity verification information using a private key from the cryptographic module and forwards the signed data to the service provider. The integrity of the computing device may then be verified using a known public key of the cryptographic module that is accessible from a trusted third party.

Abstract: A computing device operates in a secure operating mode in response to user selection. Computer hardware is initialized to verify a bootloader of an operating system, and the bootloader verifies the operating system kernel. The kernel then verifies operating-system level executable files. After verification, a limited set of the verified files is loaded into a portion of the memory that is subsequently marked by the kernel as read-only. These files are executed to provide a basic Internet browser session; all other files are identified as non-executable. When the user accesses an authorized website and conducts a transaction that requires a user to provide information, the information is encrypted during transmission of the network. In addition, such information cannot be accessed by other parties since the information provided is not persisted at the computing device.

Abstract: A computing device operates in a secure operating mode in response to user selection. Computer hardware is initialized to verify a bootloader of an operating system, and the bootloader verifies the operating system kernel. The kernel then verifies operating-system level executable files. After verification, a limited set of the verified files is loaded into a portion of the memory that is subsequently marked by the kernel as read-only. These files are executed to provide a basic Internet browser session; all other files are identified as non-executable. When the user accesses an authorized website and conducts a transaction that requires a user to provide information, the information is encrypted during transmission of the network. In addition, such information cannot be accessed by other parties since the information provided is not persisted at the computing device.