The solution herein describes a software module that works in combination with certain hardware (e.g., a particular chipset) to obtain the level of security provided by an HSM. The software module can be implemented on a commodity server. The software module can utilize an HSM or key custodian to obtain cryptographic keys. The cryptographic keys may be stored on the commodity server within a secure memory space managed by the commodity server's chip set. While stored, access to the cryptographic keys may be managed by the chip set. The chip set can ensure that only protected applications associated with the cryptographic keys may access said keys.

Multimedia content may be delivered to content consumer devices via a content-delivery network. Encrypted content and cryptography keys for decrypting the content may be distributed from a data center to various nodes of the content-delivery network, each node acting as a semi-independent content-delivery system. Each content-delivery system is capable of delivering received content to end-users and implementing a key-management scheme to facilitate secure content-delivery and usage tracking, even when the content-delivery system is disconnected from the data center. In other words, the disclosed systems and methods facilitate the operation of nodes which may operate in autonomous mode when disconnected from a larger content-delivery network, thus maintaining content-delivery capabilities despite having little if any connectivity to external networks.

Systems and methods for identifying a device identifier of a computing device using a browser. A proxy executing on a computing device holds open a connection request from a browser and establishes a secure connection between the proxy and a web server. The proxy sends the first user identifier and the device identifier to a web server. The web server stores the first user identifier and the device identifier as an entry in a cache. The proxy then connects with the browser and establishes a secure connection between the browser and the web server via the proxy. The proxy receives and forwards a second user identifier from the browser to the web server. The web server determines that the second user identifier matches the first user identifier, extracts the associated device identifier, and sends the device identifier to the browser via the proxy.

A biometric identification method of an entity including computation of a matching value between biometric data of an entity u and reference biometric data u, by application of a function F to the biometric data. A non-interactive, publicly verifiable computation method is performed wherein representation of the function is obtained by converting an arithmetic circuit into a polynomial representation. A matching value is obtained by evaluating the arithmetic circuit and the reference biometric data as inputs. Proof of correction of the computation execution of the matching values is obtained. Verification of said received proof. The function is encoded with an integer k>1 of a vector of a biometric datum on at least one input wire of the circuit. The function includes at least m scalar products. Evaluation of the circuit is iteratively computed depending on the value of m.

Methods, systems, and devices are provided for authenticating API messages using PKI-based authentication techniques. A client system can generate a private/public key pair associated with the client system and sign an API message using the private key of the private/public key pair and a PKI-based cryptographic algorithm, before sending the signed API message to a server system. The server system (e.g., operated by a service provider) can authenticate the incoming signed API message using a proxy authenticator located in less trusted zone (e.g., a perimeter network) of the server system. In particular, the proxy authenticator can be configured to verify the signature of the signed API message using the public key corresponding to the private key and the same cryptographic algorithm. The authenticated API message can then be forwarded to a more trusted zone (e.g., an internal network) of the server system for further processing.

Systems and methods for identifying whether users should be provided access to online content. Request information related to user requests for content may be obtained. A record indicating whether or not requesting user accounts should be provided access to the online content may be maintained. Whether the requesting user accounts should be provided access to individual pieces of content requested may be determined based on the record. A log may be updated with the request information related to the user requests for content. The request information included in the log may be analyzed to identify one or more of the requesting user accounts that are currently provided access to the online content, but should not be provided access to the online content in the future. The record may be updated based on the analysis of the request information included in the log.

Described herein are systems, devices, and methods for content delivery on the Internet. In certain non-limiting embodiments, a caching model is provided that can support caching for indefinite time periods, potentially with infinite or relatively long time-to-live values, yet provide prompt updates when the underlying origin content changes. In one approach, an origin server can annotate its responses to content requests with tokens, e.g., placing them in an appended HTTP header or otherwise. The tokens can drive the process of caching, and can be used as handles for later invalidating the responses within caching proxy servers delivering the content. Tokens may be used to represent a variety of kinds of dependencies expressed in the response, including without limitation data, data ranges, or logic that was a basis for the construction of the response.

Techniques for utilizing a trusted platform module of a host device are described. According to various embodiments, a client device that does not include a trusted platform module (TPM) may leverage a TPM of a host device to provide trust services to the client device.

An encoding of a cryptographic key is obtained in a form of an encrypted key. Request is provided to a service provider including a fulfillment involving performing a cryptographic operation on data. Upon fulfillment of the request, a response is then received which indicates the fulfillment of the request.

Systems and methods are disclosed for a distributed trading system. The preferred invention offer solutions to problems that arise with High-Frequency Trading and the future of stock market regulation. The use of a distributed object brokered interface to facilitate transactions not only makes the trading faster but also more secure.