Abstract: In a wireless communications network, the presence of a wireless local area network in a cell segment is determined. An identifier of the wireless local area network in the cell segment is sent to at least one mobile station in the cell segment to enable the at least one mobile station to hand off to the wireless local area network. Optionally, information identifying geographic boundaries of cell segments and the wireless local area network can be sent to the at least one mobile station.

Abstract: A cell phone is disclosed for acquiring information to be transmitted to a receiving facility and for transmitting such thereto. A capture device captures information from an external source. A processor is provided for associating with the captured information a representation of the date and time of the capture of the information, such that the representation of the date and time information in association with the captured information forms augmented captured information. The processor also places the augmented captured information in association with subscriber information in a transmission of the augmented captured information to a receiving facility requiring such subscriber information. A transmitter transmits the transmission including the augmented captured information and the subscriber information to the receiving facility.

Abstract: This disclosure relates to, among other things, systems and methods for authenticating a device with a network carrier using secure hardware and software systems. Embodiments disclosed herein may provide for a hybrid SIM implementation that uses both trusted software and hardware. A hybrid SIM implementation consistent with aspects of the disclosed embodiments may leverage a relatively small amount of trusted hardware in conjunction with secure software to perform SIM-related operations. In various embodiments, such a hybrid solution may provide a SIM implementation that is more secure than solutions implemented by software alone, while still relating retaining some of the benefits of software solutions including improved update flexibility and/or carrier portability.

Abstract: A method for providing a notary service for a file is provided. The method includes steps in which: (a) when a notary service request for a specific file is obtained, a server generates, by using a hash function, or supports the generation of, a message digest of the specific file; and (b) if a predetermined condition is satisfied, the server registers, in a database, or supports the registration of, a representative hash value or a value obtained by processing the representative hash value, the representative hash value being generated by calculating at least one neighboring hash value that matches a specific hash value, wherein the specific hash value is a hash value of the result of encrypting the message digest with a private key of a specific user and a private key of the server.

Abstract: An electromechanical locking system includes one or more moveable locking elements and one or more actuators configured to move each of the one or more moveable locking elements between positions. The system includes an interface configured to receive information from a keycard, a processor, and a computer-readable storage medium. The processor causes the interface to scan the keycard and detect one or more features of the keycard when the keycard is detected by the interface, identify a first code that corresponds to the detected features of the keycard, apply functions to the first code to yield a second code that represents one of the plurality of positions for each of the one or more moveable locking elements, and cause the actuator to move the one or more movable locking elements to the one or more positions that correspond to the second code.

Abstract: Providing verification of the identity of a digital entity may include including receiving information and a public key of the digital entity, the information having been previously attested to in an attestation transaction stored within a centralized or distributed ledger at an attestation address, the centralized or distributed ledger providing a record of transactions. The system may derive an attestation address using the information and the public key of the digital entity. The system may verify the existence of the attestation transaction at the attestation address in the centralized or distributed ledger and verify that the attestation transaction has not been revoked. The processor associated with the user may receive a cryptographic challenge nonce signed by the digital entity's private key; and may verify the digital entity's identity with the cryptographic challenge nonce signed by the digital entity's key.

Abstract: An electronic device includes a processor and a memory functionally connected to the processor. The electronic device acquires user's biometric information through a biometric sensor, determines virtual biometric information corresponding to the acquired biometric information, and transmits the virtual biometric information to an external electronic device through communication circuitry. The electronic device may include the biometric sensor, the communication circuitry, and the memory may be electrically connected to the biometric sensor and the communication module and store instructions to be executed by the processor.

Abstract: Disclosed are various examples for facilitating distribution of an authentication code to installation of managed applications. An identity certificate is sent to a device by installing a configuration profile on the client device. The configuration profile includes the identity certificate. A management service can also initiate installation of a managed application. The identity certificate can be used to authenticate the client device so that an authentication key can be provided to the managed application.

Abstract: A method and system including a display; a memory storing processor-executable process steps; and a processor to execute the processor-executable process steps to cause the system to: receive a first request at a server; generate a first dataset and a second dataset at the server, wherein the second dataset is encrypted; transmit the first and second dataset to a client; receive at the server a second request and the encrypted dataset, wherein the second request includes a request to execute an action with at least one data element in the first data set; and in response to receipt of the second request and encrypted dataset, decrypt the encrypted dataset to validate the second request. Numerous other aspects are provided.

Abstract: A device within the network receives a domain name service (DNS) request for an address of a first resource outside the network, the first resource associated with a security policy of the network. An address of a second resource within the network is returned to the device within the network in response the DNS request, the second resource address having previously been associated with the first resource address. A first encrypted connection is established between the device and the second resource, and a second encrypted connection is established between the second resource and the first resource, to facilitate encrypted communication traffic between the device and the first resource. The encrypted communication traffic passing between the device and the first resource is selectively decrypted and inspected depending on the address of the first resource.

Abstract: The system, method, and computer program product described herein may provide the capability to handle a variety of types of transactions, not just payment transactions. In addition, system, method, and computer program product described herein may provide the capability for users to be able to control the confidentiality of their transactions, for the system to control access to transactions, for the system to be capable of auditing transactions, and to provide accountability of the validating entities.

Abstract: A busbar (21) is provided for electrically connecting a temperature detecting member 40 to adjacent electrode terminals (12A, 12B) of unit cells (11). The busbar (21) is overlapped with the electrode terminals (12A, 12B) of the unit cells (11). The temperature detecting member (40) includes a plate-like heat transfer plate (42) that is overlapped in an area of the busbar (21) other than an area of the busbar (21) that is to be laser-welded to the electrode terminals (12A, 12B) and is attached to the busbar (21) by laser welding.

Abstract: Embodiments of the present invention provide a multi-level authentication system to provide an additional level of authentication using phone application level data. The system extracts application level data and generates a questionnaire based on the extracted application level data. This questionnaire is transmitted to the device of the user by the system to receive an input related to the questionnaire. The system authorizes a request to execute an action upon validating the input received.

Abstract: Systems, devices and processes are described for implementing an access heartbeat role on a hardware security module (HSM) that stores secure data on behalf of a secure data owner. Heartbeat and access credentials are established and distributed by the HSM. Access to the secure data is prevented unless the HSM receives valid heartbeats prior to a time expiration along with a valid access request. Generally, heartbeats are signed messages and include heartbeat credentials. Access requests may also be signed messages and include access credentials. The access credentials may be suspended, revoked or the entire HSM may be zeroized (e.g., plaintext keys erased), dependent upon a failure to receive valid heartbeats in a timely fashion. Heartbeats may be required from multiple entities, in some embodiments. Some example configurable features include heartbeat expiration time, the source of the credentials, the access denial options, and how many sources of distinct heartbeats are required.

Abstract: A method of processing call setup signalling at a telecommunications switch. The telecommunications switch receives call setup signalling, comprising at least a caller ID. The telecommunications switch is connected via a plurality of trunks which connect the telecommunications switch to two or more other telecommunications switches capable of transmitting call setup signalling to the telecommunications switch. The telecommunications switch detects at least one of the plurality of trunks via which the call setup signalling has arrived at said telecommunications switch. The telecommunications switch determines a call handling option to be applied to the incoming call setup signalling based at least in part on the detecting and the caller ID.

Abstract: Several embodiments of systems incorporating memory devices are disclosed herein. In one embodiment, a memory device can include a controller, a main memory operably coupled to the controller, and security hardware operably coupled to the controller and to the main memory. The main memory can include a plurality of memory regions and at least one reserved memory region configured to store genuine backups of memory content stored in the plurality of memory regions. In operation, the security hardware is configured to measure memory content of the plurality of memory regions before startup, shutdown, and reset of the memory device; compare the measured value to an expected value; and direct the controller to replace the memory content with a genuine backup of the memory content stored in the at least one reserved memory region if the measured value and the expected value are not in accord.

Abstract: A method for authenticating a storage device includes sending encrypted host device data from a host device to the storage device for a current authentication session, receiving encrypted storage device specific data and an encrypted first output string from the storage device based on the encrypted host device data sent to the storage device, and authenticating the storage device based on the encrypted storage device specific data and the encrypted first output string from the storage device.

Abstract: Securely exchanging keys to establish secure connections to low powered connected devices (LPCDs), such as smart devices and IoT (Internet Of Things) devices, and mutual authentication between these devices and third party controllers is accomplished via a higher performance machine configured with a dedicated remote service (DRS). A known symmetric pre-shared key (PSK) is used to establish a secure first connection between the LPCD and the DRS using another symmetric key. The DRS can then use asymmetric key exchange to securely send a new symmetric key to the 3P, and send the same new symmetric key to the LPCD using the secure first connection. This facilitates LPCDs to securely establish secure communications with other devices, in particular for control by third party (3P) devices. This also allows authentication of the LPCD with cloud services, and enables a DRS to vouch for associated devices to other DRSs.

Abstract: Technologies for authenticated audio login by a user of a computing device include generating a security token having a plurality of token characters. The computing device renders the generated security token to a current user of the computing device on an output device of the computing device. The computing device, receives security token audio input from the current user and retrieves, based on the rendered security token, voice profile data of an authorized user of the computing device from a voice profile database. The voice profile database includes voice data based on the authorized user's prior recitation of each token character of a set of token characters from which the security token may be composed. The computing device compares the received security token audio input and the retrieved voice profile data to verify that the current user is the authenticated user and the current user recited the rendered security token.

Abstract: In part, the disclosure relates to an apparatus, system, and method for responding to emergency needs of a user with one or more responses including contacting an emergency contact for a user in response to a biometric identifier. Other responses can include retrieving stored medical information for use by a first responder, insurance provider, medical or healthcare professional, or other user or entity. Emergency data retrieval software can be activated on a per user based upon a biometric scan of the user to trigger one or more data transmission or retrieval events such as medical file retrieval and emergency contacts being automatically called or messaged.

Abstract: We disclose various embodiments that enable a mobile terminal to authenticate a base station before the mobile terminal proceeds to attach to the corresponding network and/or camp on the corresponding cell, e.g., during the initial network selection and attachment or during an idle mode. In an example embodiment, the authentication processing includes the mobile terminal generating and sending to a candidate base station a system query with a nonce. The candidate base station is deemed to be authentic only if the acknowledgement generated and transmitted in response to the system query includes a copy of the nonce properly signed by a digital signature generated using one or more security keys. In some embodiments, the system query may also include a request for GPS coordinates and/or selected system information signed using a digital signature, which the mobile terminal may beneficially use to further strengthen the protection against a spoofing attack.

Abstract: A method may include obtaining a first indicator of a first location of a user at a first time; identifying the user at the first location at the first time; obtaining a second indicator of the first location of the user at the first time; confirming the first location of the user at the first time by comparing the first and second indicator; storing the first record; obtaining a first indicator of a second location of the user at a second time; identifying the user at a second location at the second time; storing a second record, the second record comprising the second indicator of the second location, a second indication of the second time, and a second indication of the identity of the user at the second location at the second time; and linking the first and second records to create an unalterable alibi of the user.

Abstract: The method for assigning a tag (T) with an action for a network device (N) within a network comprising a management server (M), a control device (S) and the network device reads the tag with the control device; the tag transmitting a unique tag ID and a URL to the control device. The control device (S) reads the URL and connects with the management server (M), in case the tag has no action assigned, an action to be performed by the network device (N) is selected for the tag from a list on the control device, the management server is informed about the selected action. The management server stores the selected action in a memory of the management server, and the control device communicates with the network device (N) to inform the network device (N) to perform the action.

Abstract: Some embodiments provide a non-transitory machine-readable medium that stores a program. The program receives a queue message from a computing device. The queue message includes a request to perform a set of actions on a resource in a private network and a security signature generated from an authentication operation. The program also stores the queue message in a message queue for later retrieval when the queue message is determined to be valid based on the security signature. The program further sends the queue message to a queue monitor for the queue monitor to instruct the resource to perform the set of actions. Upon receiving a response associated with the queue message from the queue monitor, the program forwards the response associated with the queue message to the computing device.

Abstract: A method of authenticating a slave device. The method includes initializing, by a host device, a charge retention circuit of the slave device, and receiving, by the host device, an indication of a discharge time of the charge retention circuit. The host device authenticates the slave device based on the received indication of the discharge time of the charge retention device.

Abstract: The migration of identity documents, such as driving licenses, from physical documents to electronic documents creates new problems for those seeking to verify the identity of an individual based upon the electronic document they provide. However, the inventors have established a means of binding electronic documents and electronic representations of physical documents to individuals at issuance of the document(s). Accordingly, the inventors address identity verification by providing to those seeking to verify the individual's identity data allowing them to verify the presented electronic ID document. For example, a police officer requesting a driving license can obtain on their own electronic device through the methods of the invention the issued driving license associated with identifier information on the license provided by the individual. As such tampering with the license to change a name, date of birth, photo etc. will result in a visible mismatch to the police officer in comparing them.

Abstract: An online system receives third party hashes for a plurality of targeted users and generates local hashes for one or more local users of the online system. The online system identifies as matched users those local users with local hashes that match those of the third party hashes. The online system generates one or more inferred identifiers for each of the one or more local users, the inferred identifiers being of the same type as the local unique identifiers, and the inferred identifiers generated based on characteristics of each corresponding local user. The online system identifies as inferred matched users at least one of the local users that have local hashes of corresponding inferred identifiers that match a third party hash of a third party unique identifier. The online system provides, to a third party system, a selection including the matched users and a selection including the inferred matched users.

Abstract: A trusted caller ID authority receives registration data from a first communication device. The first communication device is authenticated by the trusted caller ID authority using the registration data and an authentication object is provided to the first communication device. A second communication device receives a call and the authentication object from the first communication device. The second communication device sends a validation request to the trusted caller ID authority that includes the authentication object. Validation information associated with the first communication device is provided to the second communication device. The validation information includes registration and authentication status of the first communication device.

Abstract: A mobile communication device including a wireless transceiver and a controller is provided. The wireless transceiver performs wireless transmission and reception to and from a service network. The controller determines whether the service network is an Isolated E-UTRAN Operation for Public Safety (IOPS) network, and transmits a first ATTACH REQUEST message including an IOPS indicator to the service network via the wireless transceiver in response to the service network being an IOPS network. Also, the controller receives a first ATTACH ACCEPT message including encrypted mapping information from the service network via the wireless transceiver, and transmits a first ATTACH COMPLETE message to the service network via the wireless transceiver.

Abstract: An example method is provided for a computing device to select an authentication source. The method may comprise receiving a request to authenticate a user account and determining multiple authentication sources that are capable of processing the request. The multiple authentication sources may be associated with respective performance indicators. The method may also comprise selecting a particular authentication source to process the request, wherein the particular authentication source is selected from the multiple authentication sources based on the performance indicators. The method may further comprise processing the request using the particular authentication source to authenticate the user account.

Abstract: Cryptographically protected communications sessions are established using a distributed process. A server proxies handshake messages to another computer system that negotiates a cryptographically protected communications session with the client. When the client and other computer system complete negotiation of the session, the other computer system provides a set of session keys to the server. The server then uses the session keys to communicate with the client over the cryptographically protected communications session.

Abstract: Cryptographically protected communications sessions are established using a distributed process. A load balancer proxies handshake messages to a first computer system that negotiates a cryptographically protected communications session with the client. When the client and first computer system complete negotiation of the session, the first computer system provides a set of session keys to a second computer system, through the load balancer or another channel. The second computer system then uses the session keys to communicate with the client over the cryptographically protected communications session.

Abstract: The systems and methods described herein allow consumers to lock or unlock their credit files at multiple credit bureaus in real-time or near real-time. The service may allow a consumer to provide identifying information, such as a personal identifier to lock or unlock credit files at a plurality of credit bureaus over a network. Upon receiving the personal identifier, the system may use the personal identifier to translate the identifier into a plurality of access codes for respective credit bureaus, for example by accessing a data structure, such as a database or table, that stores a personal identifier and access codes that are associated with a consumer. The system may then use the access codes to automatically initiate locking or unlocking of credit files for the consumer at the respective credit bureaus.

Abstract: Methods of extending capabilities of authenticated code modules (ACM) with minimal increase in code size comprises defining an authenticated code module (ACM) extension module using an entry of a Firmware Interface Table (FIT). The FIT contains a starting address of the ACM extension module that is located outside of a protected boot block. Based on the ACM extension module having been authenticated, the ACM and the ACM extension module may be processed together.

Abstract: An electronic switching system for generating correlation identify (ID) with respect to a client in order to thereby establish, integrate and communicate to a server (lean server or nano server) within a cloud environment (e.g. Inswit™ Cloud). A service location identification module for identifying and generating a service location identity with respect to a remote client. A source ID generating module for generating a correlation ID/source ID based on the service location identify in order to serialize the payload and establish a connection with the server. The electronic switching system proposed herein operates external to the cloud environment by effectively generating the correlation identity with respect to a client device accessing the server in a cloud environment. The system also switches, integrates and executes client communications to an appropriate server in the cloud environment using the correlation ID.

Abstract: An authorization prompt issued from a server is detected, and previously-entered account information, is accessed on a user device. A selectable display element corresponding to each set of entered account information is displayed. User selection or actuation of a given display element is received, and the corresponding account information is retrieved and used to log onto the server that issued the authentication prompt.

Abstract: Disclosed are systems and method for secure transmission of web pages using encryption of their content. An exemplary method comprises: receiving from a remote server, by a processor of a proxy server, a web page requested by a user device; analyzing, by the processor, the received web page to select one or more elements of the web page for encryption based at least upon a list of web page elements predetermined by the proxy server to protect against malware attacks; encrypting the code of the one or more selected elements; generating a script containing the encrypted code of the one or more selected elements; and replacing the code of the one or more selected elements in the web page with the script containing the encrypted code of the one or more selected elements prior to transmitting the web page to the user device.

Abstract: A biometric signature system generates a digital signature for electronic documents using biometric information as a secret key. Registration commitment information is generated by performing expansion conversion on a predetermined secret key and embedding the resulting secret key in feature data of biometric information of a user, and a set with a corresponding public key. A pair of one-time secret and public keys is generated for digital signature feature data of the biometric information of the user, and a digital signature for a message is generated using the one-time secret key. A digital signature commitment is generated and a set of the one-time public key and the digital signature is output as the biometric digital signature. The digital signature is verified using the one-time public key. A differential secret key is calculated and a correspondence of the differential secret key, the one-time public key and the public key is verified.

Abstract: The invention relates to a method for authentication of a person previously known by a server to own a telephone having a unique identifier and to possess an access code, which method involves: the server sending (53) an identification code to a terminal on request by the latter via a first network; transferring (57) the identification code to the telephone; the server receiving (59), from the telephone via a second network, the identification code in association with the unique identifier; the server (61) generating a single-use authentication token and sending (63) the latter to the telephone; returning (64) the token to the server; and, in parallel: acquiring (67) via the terminal the access code input by the person; and sending (69) said access code to the server; authentication (71) of the person is obtained by the server if the identification code, the unique identifier, the authentication token and the access code correspond.

Abstract: A novel system, device and method of validation is provided for sensing a biometric such as a fingerprint, where biometric data corresponding to the biometric entity such as a fingerprint is then transmitted to a host configured to perform a plurality of authentication processes to authenticate the biometric data. At least one of the plurality of authentication steps is then validated. Alternatively, a portion of the biometric data may be retained, where biometric data corresponding to the biometric is then transmitted to a host configured to perform a plurality of authentication steps to authenticate the biometric data. At least one of the plurality of authentication steps is then validated.

Abstract: The airplane anti-hijacking system is an access control, alarm, and lockout system that is installed on commercial aircraft for the purpose of preventing unauthorized persons from taking control of the aircraft. The airplane anti-hijacking system is a biometric system that authenticates the identity of the flight crew and automatically monitors the flight operation for anomalies. Should an anomaly occur in-flight, an emergency message is sent via satellite to the appropriate authorities. Upon receipt of an emergency message, airplane anti-hijacking system gives the appropriate authorities the ability to seize control of the aircraft by locking out in-flight control of the operation of the flight controls and operating the aircraft remotely. The airplane anti-hijacking system further comprises a craft control module and a plurality of biometric scanners.

Abstract: A communication device including a non-SIM based client is authenticated for accessing an IMS network. An internet protocol identity is received from the communication device. The internet protocol identity is not associated with a SIM. Authentication information associated with the internet protocol identity is requested and received from the communication device. A determination is made whether the communication device is authenticated based on the internet protocol identity and the authentication information. If the communication device is determined to be authenticated, the communication device is allowed access to the IMS network.

Abstract: A method, system and/or NFC (Near field communication) enabled mobile device is provided for executing an electronic contract on NFC enabled mobile devices. A first contracting party is provided to apply an electronic signature thereof in an electronic contract provided on a first NFC enabled mobile device used by the first contracting party, the electronic signature is applied through a secure element of the first NFC enabled mobile device. The electronically signed contract is transmitted from the first NFC enabled mobile device to a second NFC enabled mobile device used by a second contracting party for providing the second contracting party to apply an electronic signature thereof in the received electronically signed contract from the first NFC enabled mobile device through a secure element in the second NFC enabled mobile device.

Abstract: A method, system and/or NFC (Near field communication) enabled mobile device is provided for executing an electronic contract on NFC enabled mobile devices. A first contracting party is provided to apply an electronic signature thereof in an electronic contract provided on a first NFC enabled mobile device used by the first contracting party, the electronic signature is applied through a secure element of the first NFC enabled mobile device. The electronically signed contract is transmitted from the first NFC enabled mobile device to a second NFC enabled mobile device used by a second contracting party for providing the second contracting party to apply an electronic signature thereof in the received electronically signed contract from the first NFC enabled mobile device through a secure element in the second NFC enabled mobile device.

Abstract: Transmission of stereo image data may be performed between devices, where a source device receives E-EDID from a sink device via DDC of an HDMI cable. This E-EDID contains information on 3D image data transmission modes supportable by the sink device. Based on information on 3D image data transmission modes from the sink device, the source device selects a predetermined transmission mode from among the 3D image data transmission modes supportable by the sink device. The source device transmits 3D image data in the selected transmission mode to the sink device. The source device transmits information on the transmission mode for the 3D image data, to the sink device by using an AVI InfoFrame packet or the like. The sink device processes the 3D image data received from the source device in accordance with its transmission mode, thereby obtaining left and right eye image data.

Abstract: An electronic device includes a memory configured to store identification information of an information server that is matched with an encryption key; and a controller configured to send, before the electronic device is connected with an external device, a request for network information of the external device to the external device in a network discovery frame encrypted using the encryption key matched with the identification information of the information server, and to receive the network information of the external device from the external device in the encrypted network discovery frame.

Abstract: An apparatus and method for providing a Feistel-based variable length block cipher, which are configured to, when plaintext having a certain bit length is encrypted, generate ciphertext having the same bit length as plaintext, and to decrypt ciphertext into plaintext having the same bit length. The apparatus includes an encryption/decryption key generation unit for generating a number of encryption/decryption keys corresponding to a preset number of rounds, based on a secret key, the length of the secret key, the length of plaintext, and a round constant; an encryption/decryption tweak generation unit for generating an encryption/decryption tweak based on a tweak, a length of tweak, and the length of plaintext; and a ciphertext output unit for outputting ciphertext having length identical to that of plaintext, based on plaintext, the length of the plaintext, the length of the secret key, the encryption/decryption keys, and the encryption/decryption tweak.

Abstract: A computer-implemented method for securing a trusted transaction using a biometric identity verification system comprising a peripheral device, a vendor server, and a verification server. The method may comprise the steps of receiving a biometric indicator at the peripheral device, and forwarding the biometric indicator to the vendor server. The method may further comprise forwarding the biometric indicator to the verification server which may verify the biometric indicator by translating the biometric indicator into an encryption value, and computing an identity verification flag, defined as a pulse upon detecting a match of the encryption value and a stored cypher record. The vendor server may execute the trusted transaction by receiving the pulse signifying a match of the encryption values found by the verification server.

Abstract: An integrated circuit (IC) provisioned for asset protection has a primary circuit portion, such as a microprocessor or system-on-chip, that can be selectively disabled and enabled via an operability control input. The IC includes a secure register to store lock state indicia and unlock criteria, where a signal at the operability control input is responsive to the lock state indicia. In operation, a firmware data store receives and stores firmware code that includes a lock/unlock command, and firmware data that includes an unlock key. An authorization module verifies authenticity of the firmware code. A lock/unlock (LUL) module is operative to write lock state indicia to the secure register based on the lock/unlock command only in response to a positive verification of the authenticity of the firmware code by the authorization module, and to write lock state indicia to the secure register.

Abstract: Verifying the integrity of a received binary object by calculating a first displayable authenticator derived from an input binary object. The first authenticator is then attached to the input binary object, producing a first composite binary object, which is sent to a remote receiver. A second composite binary object is received back from the remote receiver, wherein the second composite binary object includes a received binary object, a received first displayable authenticator, and a second displayable authenticator. A third displayable authenticator is calculated, derived from the second composite binary object, then a display of the first displayable authenticator is compared to a display of the third displayable authenticator, and verification of the integrity of the received binary object is indicated by an exact match between displays of the first and third displayable authenticators.