Abstract: A method enhances authentication requirements to documents of a document repository based, at least in part, on a security policy associated with a branch under which the documents are organized. The method implements an approval service that is identified in a branch policy. The approval service determines whether a user is authorized to modify documents included in the branch. The method further selectively requires multiple authentications from multiple authentication systems in order to access one or more particular branches in a document repository. Further, the multiple authentication systems are based on separate and independent sets of authentication credentials.

Abstract: Various embodiments enable so-called extended data to be added to a signed digital certificate without having a private key of a Certification Authority available. In at least some embodiments, a request to add extended data to a digital certificate generated by a certificate authority is received from a client device. The digital certificate includes a signed first portion, and an unsigned second portion that includes reserved empty spaces that are reserved for the extended data. The extended data is added to the unsigned second portion. the extended data includes a client ID associated with the client device. The unsigned portion of the digital certificate is signed after the extended data is added.

Abstract: Various embodiments enable so-called extended data to be added to a signed digital certificate without having a private key of a Certification Authority available. In at least some embodiments, a digital certificate can be issued and signed off line by the Certification Authority, and then later extended data can be added and signed using another key, whose public key was earlier embedded and signed in the certificate.

Abstract: A connection component establishes an identity of a person for permitting access to information in a database. Responsive to establishing the identity of the person, the connection component may link an external account to the information in the database for providing a flow of information between the database and the external account.

Abstract: A connection component generates a user interface for display to a patient computing device. The user interface provides the patient computing device with access to hospital visit records of the patient maintained in a hospital database. The user interface may further receive selection of a care provider by the patient for granting the care provider electronic access to the patient's hospital visit records.

Abstract: Various embodiments enable so-called extended data to be added to a signed digital certificate without having a private key of a Certification Authority available. In at least some embodiments, a digital certificate can be issued and signed off line by the Certification Authority, and then later extended data can be added and signed using another key, whose public key was earlier embedded and signed in the certificate.

Abstract: Systems and methods for validating integrity of an executable file are described. In one aspect, multiple partial image hashes are generated, the combination of which represent a digest of an entire executable file. Subsequent to loading the executable file on a computing device, a request to page a portion of the executable file into memory for execution is intercepted. Responsive to intercepting the request, and prior to paging the portion into memory for execution, a validation hash of the portion is computed. The validation hash is compared to a partial hash of the multiple partial image hashes to determine code integrity of the portion. The partial hash represents a same code segment as the portion.

Abstract: A certificate-based encryption mechanism in which a source client does not access the entire certificate corresponding to a destination client when encrypting an electronic message to be sent to the destination client. Instead, the source client only requests a portion of the certificate from a certificate server. That portion includes encryption information, but may lack some or even all of the self-verification information in the certificate. The certificate server preferably performs any validation of the certificate prior to sending the encryption information to the source client. The certificate need not be separately validated by the source client, especially if the certificate server is trusted by the source client.

Abstract: A certificate-based encryption mechanism in which a source client does not access the entire certificate corresponding to a destination client when encrypting an electronic message to be sent to the destination client. Instead, the source client only requests a portion of the certificate from a certificate server. That portion includes encryption information, but may lack some or even all of the self-verification information in the certificate. The certificate server preferably performs any validation of the certificate prior to sending the encryption information to the source client. The certificate need not be separately validated by the source client, especially if the certificate server is trusted by the source client.