Abstract: In a centralized credential management system, website credentials are stored in a vault storage at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.

Abstract: In the present invention, HTML elements are mapped to objects in an object-oriented environment. Classes of objects are defined for each HTML element as well as the HTML document (or page). By providing a one-to-one mapping between each HTML element and object classes, HTML documents can be manipulated programmatically. The properties of each element are stored in instance variables of the associated object. Each object class can include methods to manipulate the HTML element within an HTML document.

Abstract: The present invention provides a method and apparatus for integrating applets running on a client with the application logic for applications running on a server. Instead of using the FORM element available in HTML, individual active applets are available and may be created that obtain user input (e.g. a checkbox, textbox, button, etc.). A hidden applet called the Applet Group Controller is created which handles communication between the applets on the browser and the application logic on the server.

Abstract: The present invention provides a method and apparatus for integrating applets running on a client with the application logic for applications running on a server. Instead of using the FORM element available in HTML, individual active applets are available and may be created that obtain user input (e.g. a checkbox, textbox, button, etc.). A hidden applet called the Applet Group Controller is created which handles communication between the applets on the browser and the application logic on the server.

Abstract: A centralized credential management system includes website credentials that are stored at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.

Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10^Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C?. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C? within a look-ahead window, whose size can be set by a parameter s.

Abstract: The present invention provides a method and apparatus for integrating applets running on a client with the application logic for applications running on a server. The mechanism of the present invention provides two significant advantages over the prior art: the synchronization of state, and the recognition of user actions in the browser including the invocation of the appropriate application logic in the server. Instead of using the FORM element available in HTML, individual active applets are available and may be created that obtain user input (e.g. a checkbox, textbox, button, etc.). A hidden applet called the Applet Group Controller is created which handles communication between the applets on the browser and the application logic on the server. The Applet Group Controller maintains an association with each applet that maintains the keys and values of any parameters and variables for the applet.

Abstract: A method of providing web site verification information to a user includes receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also includes accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further includes transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.

Abstract: In the present invention, HTML elements are mapped to objects in an object oriented environment. Classes of objects are defined for each HTML element as well as the HTML document (or page). By providing a one-to-one mapping between each HTML element and object classes, HTML documents can be manipulated programmatically. The properties of each element are stored in instance variables of the associated object. Each object class can include methods to manipulate the HTML element within an HTML document.

Abstract: The present invention provides a method and apparatus for integrating applets running on a client with the application logic for applications running on a server. Instead of using the FORM element available in HTML, individual active applets are available and may be created that obtain user input (e.g. a checkbox, textbox, button, etc.). A hidden applet called the Applet Group Controller is created which handles communication between the applets on the browser and the application logic on the server.

Abstract: The present invention provides a method and apparatus for integrating applets running on a client with the application logic for applications running on a server. Instead of using the FORM element available in HTML, individual active applets are available and may be created that obtain user input (e.g. a checkbox, textbox, button, etc.). A hidden applet called the Applet Group Controller is created which handles communication between the applets on the browser and the application logic on the server.

Abstract: A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user's browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer.

Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10?Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C?. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C? within a look-ahead window, whose size can be set by a parameter s.

Abstract: A token calculates a one time password by generating a HMAC-SHA-1 value based upon a key K and a counter value C, truncating the generated HMAC-SHA-1 value modulo 10^Digit, where Digit is the number of digits in the one time password. The one time password can be validated by a validation server that calculates its own version of the password using K and its own counter value C?. If there is an initial mismatch, the validation server compensate for a lack of synchronization between counters C and C? within a look-ahead window, whose size can be set by a parameter s.

Abstract: A web site can be authenticated by a third party authentication service. A user designates an authentication device that is a shared secret between the user and the authentication service. A web site page includes a URL that points to the authentication service. The URL includes a digital signature by the web site. When the user receives the page, the user's browser issues a request to the authentication service, which attempts to authenticate the digital signature. If the authentication is successful, it sends the authentication device to the user computer.

Abstract: The present invention provides a method and apparatus for integrating applets running on a client with the application logic for applications running on a server. The mechanism of the present invention provides two significant advantages over the prior art: the synchronization of state, and the recognition of user actions in the browser including the invocation of the appropriate application logic in the server. Instead of using the FORM element available in HTML, individual active applets are available and may be created that obtain user input (e.g. a checkbox, textbox, button, etc.). A hidden applet called the Applet Group Controller is created which handles communication between the applets on the browser and the application logic on the server. The Applet Group Controller maintains an association with each applet that maintains the keys and values of any parameters and variables for the applet.

Abstract: A method for provisioning a device such as a token. The device issues a certificate request to a Certification Authority. The request includes a public cryptographic key uniquely associated with the device. The Certification Authority generates a symmetric cryptographic key for the device, encrypts it using the public key, and creates a digital certificate that contains the encrypted symmetric key as an attribute. The Certification Authority sends the digital certificate to the device, which decrypts the symmetric key using the device's private key, and stores the decrypted symmetric key.

Abstract: The present invention provides a method and apparatus for integrating applets running on a client with the application logic for applications running on a server. The mechanism of the present invention provides two significant advantages over the prior art: the synchronization of state, and the recognition of user actions in the browser including the invocation of the appropriate application logic in the server. Instead of using the FORM element available in HTML, individual active applets are available and may be created that obtain user input (e.g. a checkbox, textbox, button, etc.). A hidden applet called the Applet Group Controller is created which handles communication between the applets on the browser and the application logic on the server. The Applet Group Controller maintains an association with each applet that maintains the keys and values of any parameters and variables for the applet.

Abstract: A method of providing web site verification information to a user includes receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also includes accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further includes transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.

Abstract: A system and method for providing identity protection services. According to an embodiment, a validation server receives over a network a response from a credential associated with a user, the credential response provided by the user in order to authenticate the user to one of a plurality of sites on the network that accepts the credential as a factor for authentication, the validation server verifies the credential response on behalf of the one network site, a fraud detection server receives over the network information in connection with a transaction associated with the user at the one network site, and the fraud detection server evaluates the transaction information for suspicious activity based at least in part on information provided to the fraud detection server in connection with one or more transactions at one or more sites on the network other than the one network site.