Abstract: Disclosed is an offline/online signature system including a key distribution center (KDC) and a signature end, wherein the KDC includes a key generating module, an offline signature module, and a verification module; and the signature end includes an online signature module and a verification module. The key generating module generates a temporary signature required for online signature, and transmits the result to a sensor node for storage. The online signature module generates a signature for a specific message; and the verification module includes a processor and a public key transformation component, wherein the processor transmits the signature to the public key transformation component and determines whether the signature is valid.

Abstract: A medical treatment machine, such as a dialysis machine (e.g., a home dialysis machine, such as a home hemodialysis machine or a home peritoneal dialysis machine) can receive a digital prescription file that defines parameters of a medical treatment to be administered to a patient. The digital prescription file can be prepared and delivered in such a way that the medical treatment machine can confirm that the issuer (e.g., provider) of the digital prescription file is an authorized issuer without having any a priori knowledge of the particular issuer. The digital prescription file can be delivered irrespective of the inherent security (or lack thereof) of the transmission medium in a tamper-evident format using minimal resources necessary to verify the validity of the digital prescription file and its issuer. The digital prescription file may be delivered to the dialysis machine using a network cloud-based connected health system.

Abstract: Methods and apparatus for efficiently storing and accessing secure data are disclosed. The method of storing includes encrypting data utilizing an encryption key to produce encrypted data, performing deterministic functions on the encrypted data to produce deterministic function values, masking the encryption key utilizing the deterministic function values to produce masked keys and combining the encrypted data and the masked keys to produce a secure package. The method of accessing includes de-combining a secure package to reproduce encrypted data and masked keys, selecting a deterministic function, performing the selected deterministic function on the reproduced encrypted data to reproduce a deterministic function value, de-masking a corresponding masked key utilizing the reproduced deterministic function value to reproduce an encryption key, and decrypting the reproduced encrypted data utilizing the reproduced encryption key to reproduce data.

Abstract: An apparatus includes a Base Station (BS) that includes an antenna array and circuitry. The antenna array is configured to transmit downlink transmissions and to receive uplink transmissions. The circuitry is configured to generate secret bits to be used for securing uplink transmissions from legitimate user devices, and to distribute the secret bits over one or more data streams destined to the legitimate user devices, to further generate one or more jamming streams, and to apply to the jamming streams beamforming that directs the jamming streams away from the legitimate user devices, to transmit the data streams and the jamming streams using the antenna array, to receive, via the antenna array, data that was encrypted by a legitimate user device based on the secret bits, and to recover the data by decoding the encrypted data using the secret bits.

Abstract: Providing revocation status of at least one associated credential includes providing a primary credential that is at least initially independent of the associated credential, binding the at least one associated credential to the primary credential, and deeming the at least one associated credential to be revoked if the primary credential is revoked. Providing revocation status of at least one associated credential may also include deeming the at least one associated credential to be not revoked if the primary credential is not revoked. Binding may be independent of the contents of the credentials and may be independent of whether any of the credentials authenticate any other ones of the credentials. The at least one associated credential may be provided on an integrated circuit card (ICC). The ICC may be part of a mobile phone or a smart card.

Abstract: A cryptographic key may be received or generated at a self-encrypting key management service application where the cryptographic key is received from another application provided on a server associated with the self-encrypting key management service application. The cryptographic key may be stored at a secure enclave corresponding to the self-encrypting key management service application. A request for a performance of a cryptographic operation associated with the cryptographic key may be received from the other application provided on the server. The cryptographic key at the secure enclave corresponding to the self-encrypting key management service application may be retrieved. The cryptographic operation may be performed with the cryptographic key to generate an output that is provided to the other application.

Abstract: A mobile device with a disabling feature is disclosed. The method includes activating a mobile device having a timeout feature to disable a function of the mobile device after a set period of time. The period of time may be chosen by a user of the mobile device.

Abstract: Systems and methods for reducing latency through motion estimation and compensation techniques are disclosed. The systems and methods include a client device that uses transmitted lookup tables from a remote server to match user input to motion vectors, and tag and sum those motion vectors. When a remote server transmits encoded video frames to the client, the client decodes those video frames and applies the summed motion vectors to the decoded frames to estimate motion in those frames. In certain embodiments, the systems and methods generate motion vectors at a server based on predetermined criteria and transmit the generated motion vectors and one or more invalidators to a client, which caches those motion vectors and invalidators. The server instructs the client to receive input from a user, and use that input to match to cached motion vectors or invalidators. Based on that comparison, the client then applies the matched motion vectors or invalidators to effect motion compensation in a graphic interface.

Abstract: The invention relates to a method for making a transaction of a contactless application secure, said application (11) being stored in the mobile terminal (10), said transaction taking place between the mobile terminal and a contactless reader (12), said terminal including a security element (14), said method comprising the following steps carried out by the mobile terminal: the application sends (E13) a token representing a piece of sensitive data and a first authentication value relating to the token to the reader, the security element receives (E16) the token and the related first authentication value from the reader, the security element calculates (E17) a second authentication value from the received token and compares the first authentication value with the second authentication value, and sending (E18) the result of the comparison to the reader, said reader cancelling the transaction if the result is negative.

Abstract: Embodiments of the invention relate to efficient methods for authenticated communication. In one embodiment, a first computing device can generate an ephemeral key pair comprising an ephemeral public key and an ephemeral private key. The first computing device can generate a first shared secret using the ephemeral private key and a static second device public key. The first computing device can encrypt request data using the first shared secret to obtain encrypted request data. The first computing device can send a request message including the encrypted request data and the ephemeral public key to a server computer. Upon receiving a response message from the server computer, the first computing device can determine a second shared secret using the ephemeral private key and the blinded static second device public key. The first computing device can then decrypt the encrypted response data from the response message to obtain response data.

Abstract: Method and apparatus for a system to communicate via perfect forward secrecy. A deterministic hierarchy is used to generate public and private keys, offline, on distinct devices, for use with asymmetrical cryptography over an unsecure medium. Because each private key is not transmitted over the unsecure medium, but must be used to de-encrypt the communications, it is very difficult for man-in-the-middle attacks to de-encrypt the communications. Because each private key is generated according to a deterministic hierarchy, a master entity can recreate the private keys and passively monitor the communications while maintaining perfect forward secrecy.

Abstract: Provided is a computer implemented method for performing mutual authentication between an online service server and a service user, including: (a) generating, by an authentication server, a server inspection OTP; (b) generating, by an OTP generator, a verification OTP having the same condition as the server inspection OTP and using the same generation key as an OTP generation key and a calculation condition different from a calculation condition is applied or a generation key different from the OTP generation key is used and the same calculation condition as the calculation condition used for generating the server inspection OTP is applied to generate a user OTP; and (c) generating, by the authentication server, a corresponding OTP having the same condition as the user OTP and comparing whether the generated corresponding OTP and the user OTP match each other to authenticate the service user.

Abstract: Computer systems and methods for improving the security and efficiency of client computers interacting with server computers through an intermediary computer using one or more polymorphic protocols are discussed herein.

Abstract: An embodiment method for retiring a dynamically updatable function includes receiving, by a collector-thread, a registration of the function, wherein the registration indicates to the collector-thread addresses of memory locations for counters that count a number of calls currently being made to a previous version of the function by a plurality of execution threads; reading, by the collector-thread, values of the counters; and when the values of all the counters are zero, deleting, by the collector-thread, the function from a storage medium on a device previously executing the previous version of the function.

Abstract: A device is configured with a trusted platform module (TPM) executing in a trusted execution environment (TEE). Software/firmware updates, user data, applications, etc. are pushed to the device as a payload. The payloads contain a sealed container (e.g., the software/firmware update, user data, applications, etc.), one or more policies, and one or more provisioning code segments corresponding to the one or more policies. The policies are checked by the TPM of the device. If the measurement of the one or more provisioning code segments satisfy the one or more policies, then the sealed container is unsealed by the TPM and released to the device.

Abstract: A system receives an association of first item with first system user, generates first hash value by applying first hash function associated with first system user to first item identifier associated with first item, and sets a bit corresponding to first hash value in array. The system receives an association of second item with second system user, generates second hash value by applying second hash function associated with second user to second item identifier associated with second item, and sets a bit corresponding to second hash value in array. The system receives a request to determine whether third item is associated with first system user, generates third hash value by applying first hash function to third item identifier associated with third item, and outputs message that third item is not associated with first user if a bit corresponding to third hash value is not set in array.

Abstract: A method for a WLAN-enabled device to access to a network is provided, including the following steps. An intelligent terminal device acquires a key KEY1, encrypts, by using the KEY 1, access information of a wireless access device that is known by the intelligent terminal device, and then transmits the access information as well as the unique identification information. WLAN-enabled device sniffs and acquires the unique identification information and the encrypted access information, generates the KEY1 based on the unique identification information and a preset key material, and decrypts the encrypted access information by using the KEY1 to obtain the access information. The present invention further relates to a WLAN-enabled device for implementing the method and an intelligent terminal device.

Abstract: Disclosed herein is a method for security of an identifier of a user equipment (UE) used when a network connection is established in a wireless communication system, which may include: requesting, to a mobile network operator (MNO), a temporary key used to encrypt the identifier and a ticket for authenticating an authority to access the identifier; receiving the temporary key and the ticket from the MNO; verifying a validity of the ticket; transmitting the ticket to a pseudonym certification authority (PCA) when the ticket is valid; receiving, from the PCA, a subpool which corresponds to the ticket and is encrypted with the temporary key, wherein the encrypted subpool includes a pair of the identifier and the encryption key; and receiving, from the PCA, a subpool which corresponds to the ticket and is encrypted with the temporary key, wherein the encrypted subpool includes a pair of the identifier and the encryption key; and acquiring the identifier by decrypting the encrypted identifier subpool using the tem

Abstract: Disclosed herein is a system for enabling secure data storage into a third party managed electronic vault that provides users with a secure location to store important documents, information, and data including but not limited to various forms of personal identifiable information. The system features an interface that dynamically secures, encrypts, and protects data related to transmission, storage, and retrieval, as well as management components that regulate and authenticate access to the contents of the electronic safe deposit boxes (and subdivisions thereof) in the electronic vault. In addition, the system features comprehensive logic for completing and/or auto-filling forms, tracking and/or facilitating renewals of expiring credentials, providing reminders of important dates and events, managing multi-step processes, automatically adjusting security and authentication requirement based on one or more factors, and guiding and suggesting complimentary activities and considerations for detected user events.

Abstract: In an embodiment, a system is provided in which the private key is managed in hardware and is not visible to software. The system may provide hardware support for public key generation, digital signature generation, encryption/decryption, and large random prime number generation without revealing the private key to software. The private key may thus be more secure than software-based versions. In an embodiment, the private key and the hardware that has access to the private key may be integrated onto the same semiconductor substrate as an integrated circuit (e.g. a system on a chip (SOC)). The private key may not be available outside of the integrated circuit, and thus a nefarious third party faces high hurdles in attempting to obtain the private key.

Abstract: Upon receiving a new CRL, a device with a large storage capacity in an authentication system detects another device connected to a controller to which this device is connecting, and determines whether or not to transmit the new CRL depending on the magnitude of the storage capacity of the device that has been detected.

Abstract: Secure communications between services or components of a cloud computing system, are facilitated by generating at a first service provided by a first computing entity of a cloud computing system, a request for computing resources, generating at the first computing entity a digital data signature based at least on the request, using a private key associated with the first service; and inserting the digital data signature within an HTTP header associated with the request. A computer data network is used to communicate the request to a second service. The second service extracts the digital data signature and uses a public key to validate the digital data signature.

Abstract: A computer-based method for communicating liability acceptance for payment card transactions is provided. The method uses a computer device including a processor and a memory. The method includes receiving, by the processor, a transaction authorization request message for a payment card transaction having a default-liable party. The transaction authorization request message includes a shifted-liability acceptance indicator identifying a different party to the transaction that accepts liability for the payment card transaction. The method also includes authorizing the payment card transaction based at least in part on the shifted-liability acceptance indicator. The shifted-liability acceptance indicator changes the liability for the payment card transaction from the default-liable party to the different party accepting liability.

Abstract: In one embodiment, a computing device includes at least one hardware processor to execute instructions, a network interface to enable communication with a second computing device and a third computing device, and at least one storage medium. Such medium may store instructions that when executed by the computing device enable the computing device to request delegation of a key provisioning privilege for the second computing device from the third computing device via a parent-guardian delegation protocol comprising a three-party key distribution protocol with the second computing device and the third computing device, the three-party key distribution protocol having interposed therein a two-party authenticated key exchange protocol between the computing device and the third computing device. Other embodiments are described and claimed.

Abstract: Permission control and management for messaging application bots is described. A method can include providing a messaging application, on a first computing device associated with a first user, to enable communication between the first user and another user, and detecting, at the messaging application, a user request. The method can also include programmatically determining that an action in response to the user request requires access to data associated with the first user, and causing a permission interface to be rendered in the messaging application, the permission interface enabling the first user to approve or prohibit access to the data associated with the first user. The method can include accessing the data associated with the first user and performing the action in response to the user request, upon receiving user input from the first user indicating approval of the access to the data associated with the first user.

Abstract: A registration apparatus generates shares by secret sharing of a character string with a plurality of modulus and sends the shares to a plurality of server apparatuses to be stored therein. A retrieval apparatus sends shares generated by secret sharing of a retrieval character string with the plurality of modulus to the plurality of server apparatuses. The plurality of server apparatuses execute a subroutine for shares of the each registration character string stored in a storage unit and for each of the plurality of modulus, reconstruct an execution result, and determine whether or not to return the shares of the registration character string stored in the storage unit as a retrieval result. A retrieval apparatus reconstructs shares returned from the plurality of server apparatuses and obtains a retrieval result in which the retrieval character string hits, from the reconstructed result by the Chinese remainder theorem.

Abstract: An image sensor system, including: an image sensor, a readout circuit, and a timing control circuit. The image sensor includes a plurality of diodes, and one of the plurality of diodes outputs a sensing current when a photon is detected. The readout circuit is coupled to the image sensor and arranged to selectively operate in at least a first mode and a second mode. The timing control circuit is coupled to the readout circuit and is arranged to determine if a coding condition is fit according to an input signal and generate a control signal when the coding condition is fit, wherein the input signal input signal includes a plurality of bits serially input to the timing control circuit, and each bit of the plurality of bits corresponds to each pulse of a clock signal respectively.

Abstract: Techniques for establishing mutual authentication of software layers of an application are described. During initialization of the application, the software layers execute a binding algorithm to exchange secrets to bind the software layers to one another. During subsequent runtime of the software application, the software layers execute a runtime key derivation algorithm to combine the secrets shared during initialization with dynamic time information to generate a data encryption key. The software layers can then securely transfer data with each other by encrypting and decrypting data exchanged between the software layers using the dynamically generated data encryption key.

Abstract: Disclosed in some examples are methods, systems, and machine readable mediums for secure end-to-end digital communications involving mobile wallets. The result is direct, secure, in-band messaging using mobile wallets that may be used to send messages such as payments, requests for money, financial information, or messages to authorize a debit or credit.

Abstract: The disclosure relates to a method for transmitting data and to a corresponding method for receiving data. According to the disclosure, in the method for transmitting data, a cryptographic processing operation is performed on the data to be transmitted, after this data has been pre-subdivided into blocks of data, and a tag representing each block of encrypted data is computed. The tag is then transmitted in such a way that a hacker in not able to reproduce a correct transmission of tags. The method of reception, for its part, ensures that when an incorrect tag is received (because of a hacking attempt), the processing of the data blocks is not immediately stopped but a differential processing is implemented in order to jam an attempt to analyze the behavior of the receiver.

Abstract: A technique for hiding topological information in a message that leaves a trusted network-domain is presented. The message pertains to a subscriber session and comprises a Fully Qualified Domain Name (FQDN) of a message originator. The originator is located in a first network domain, and the message is directed towards a destination in a second network domain. A method aspect comprises the steps of receiving the message, determining the FQDN comprised in the message and determining an identifier associated with the message. The identifier comprises at least one of a subscriber identifier, a session identifier and a destination identifier. Further, the method comprises applying a cryptographic operation on the FQDN and the identifier, or on information derived therefrom, to generate a cryptographic value. The message is then processed by substituting at least a portion of the FQDN with the cryptographic value prior to forwarding the message towards the second network domain.

Abstract: A system and method that generate digests for data transactions provide non-repudiation of collected data. Meta data based on the Data DNA modeling are collected for all data transactions in a system. The digest of the data transactions is encrypted. A digest is also generated for user sessions and time periods. The digests are recorded as part of Data DNA records and can be used for validation of data transactions in the system.

Abstract: A communication system for providing secure point-to-point communication comprising a communication network, a first client device and a second client device configured to communicate with each other via communication network, wherein each of the first and second client devices is adapted to run a selected communication application using a communication service provided by the communication network to communicate with each other, wherein the communication application which provides the highest communication service security level is selected from a group of communication applications using communication services with different communication service security levels and being available on the first and second client devices.

Abstract: A vehicle system includes a master ECU and a general ECU. The general ECU attaches a digital signature to transmission data including data (for example, a digest value of a program) and transmits the transmission data to the master ECU. The master ECU verifies the digital signature and the data and, when both the digital signature and the data are valid, determines that the general ECU is valid. The master ECU attaches a digital signature to transmission data including data of the master ECU and a session key and transmits the transmission data to the general ECU. The general ECU verifies the digital signature and the data and, when both the digital signature and the data are valid, the general ECU uses the session key included in the transmission data as a common key when performing subsequent communications.

Abstract: FIDO (“Fast IDentity Online”) authentication processes and systems are described. In an embodiment, a FIDO information systems (IS) computer system receives a FIDO authentication request for a transaction from a user device, which includes user data and user device authenticator data. The FIDO IS computer system then verifies the user data and user device authenticator data, selects a FIDO-certified server, transmits the FIDO authentication request to the selected FIDO server, and receives a challenge message from the selected FIDO-certified server. The FIDO IS computer system next transmits the challenge message to the user device, receives a FIDO authentication response, transmits the FIDO authentication response to the selected FIDO-certified server, receives an authentication result from the FIDO-certified server, and transmits the authentication result to the user device.

Abstract: A method, system and computer program product for ensuring PKI key pairs are operatively installed within a secure domain of a security token prior to generating a digital certificate. The public key component of the PKI key pair is incorporated into a digital certificate which is returned to the security token for storage. The arrangement included herein incorporates the use of a critical security parameter to ensure a chain of trust with an issuing entity such as a registration authority. Furthermore, the arrangement does not require security officer or system administrator oversight during digital certificate generation as the critical security parameter provides a sufficient level of trust to ensure that digital certificate generation is being performed in conjunction with a designated security token rather than a rogue application. Lastly, separate inventive embodiments allow alternate communications and verification arrangements to be implemented.

Abstract: An authenticated session with a remote system is established and identified through an authentication token for the session. During that session, a resource is accessed requiring additional authentication beyond what the authentication token was originally authorized for. Out-of-band processing from the existing session performs the additional authentication and permission from the authentication token are upgraded to include permissions for accessing the resource during the session. The resource is accessed during the session with the authentication token having the upgraded permissions.

Abstract: In a general aspect, a random seed value may be used in a key encapsulation process for multiple recipients. An error vector derivation function is applied to a combination of the random seed value and an additional value, including an identifier of a recipient, to produce an error vector. A plaintext value for the recipient is obtained based on the random seed value. The error vector and the plaintext value are used in an encryption function to produce a ciphertext for the recipient. A pseudorandom function is applied to the random seed value to produce a pseudorandom function output that includes a symmetric key, and the symmetric key is used to generate an encrypted message for the recipient based on an unencrypted message. The ciphertext for the recipient and the encrypted message are provided for transmission in a communication network.

Abstract: A system may transmit, to a first entity, data to indicate an association between the first entity and a public key, wherein the public key is to be used to establish a cryptographically protected communications session between the first entity and a second entity, receive the data in response to a request to verify the association, and transmit, to the second entity, an indication that the data is valid. The system may be a cryptography service that is partially by the first and second entities. A partially trusted system can a computer system that is trusted in some respects but not trusted in other respects. A partially trusted cryptography service may be trusted to generate digital signatures and verify authenticity of digital signatures, but not trusted with access to a cryptographic key that can be used to access a cryptographically protected communications between a first entity and a second entity.

Abstract: An object is to provide information more suited to the needs of the user by appropriately controlling timing with which information is provided to the user and the contents of the information. An electronic money server receives log data, identifies a store ID by searching a payment terminal DB by using a payment terminal ID of the log data as a key, checks a breakdown data providing store flag of a store DB (B) by using the store ID as a key, and, if a store is not a store providing the breakdown data, identifies the location of the store by searching a store DB (A) by using the store ID as a key. The electronic money server 2 acquires e-mail which conforms to the identified location by searching an e-mail (A) DB by using the identified location as a key. For example, it is information on a discount which is offered in a nearby store.

Abstract: Technologies for anonymous context attestation and threat analytics include a computing device to receive sensor data generated by one or more sensors of the computing device and generate an attestation quote based on the sensor data. The attestation quote includes obfuscated attributes of the computing device based on the sensor data. The computing device transmits zero knowledge commitment of the attestation quote to a server and receives a challenge from the server in response to transmitting the zero knowledge commitment. The challenge requests an indication regarding whether the obfuscated attributes of the computing device have commonality with attributes identified in a challenge profile received with the challenge. The computing device generates a zero knowledge proof that the obfuscated attributes of the computing device have commonality with the attributes identified in the challenge profile.

Abstract: A cryptographic system is provided comprising multiple configuration servers (200, 201, 202) arranged to configure multiple network devices (300, 350, 360) for key sharing. Each configuration server comprising a computation unit (220) arranged to compute local key material for the network device from root key material specific to the configuration server and the network device identity number of the network device that is being configured. At least two configuration servers of the multiple configuration servers provide computed local key material to said network device. The network devices are configured to determine a shared key with any one of multiple network devices. A network device comprises a shared key unit (330) arranged to derive a shared key from another network device's identity number and at least two of the multiple local key materials of the network device.

Abstract: A regression on a prime-indexed-prime finite difference generator function is used to predict prime numbers. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims.

Abstract: A private key of a public-private key pair with a corresponding identity is written to an integrated circuit including a processor, a non-volatile memory, and a cryptographic engine coupled to the processor and the non-volatile memory. The private key is written to the non-volatile memory. The integrated circuit is implemented in complementary metal-oxide semiconductor 14 nm or smaller technology. The integrated circuit is permanently modified, subsequent to the writing, such that further writing to the non-volatile memory is disabled and such that the private key can be read only by the cryptographic engine and not off-chip. Corresponding integrated circuits and wafers are also disclosed.

Abstract: Embodiments of the present invention provide a security information configuration method, so as to reduce costs, simplify a security information configuration process, and improve security and reliability of security information configuration. The security information configuration method provided in the embodiments of the present invention includes: generating, by an SoC, an asymmetric key pair; writing a private key into an eFuse of the SoC; encrypting a public key; writing the encrypted public key into a flash memory for storage; generating first digest information according to target software information; making a signature for the first digest information, so as to obtain signature information; and writing the signature information into the flash memory. The embodiments of the present invention further provide a related security verification method and a related chip.

Abstract: Embodiments herein provide, for example, a method that includes downloading a symmetrically encrypted data block from a server, where the encrypted data block comprises a server-stored secondary password; decrypting the encrypted data block with a shared-symmetric key; signing onto at least one of a server or service using the server-stored secondary password; generating a secondary password, where the generated secondary password is different than the server-stored secondary password; and overwriting the server-stored secondary password with the generated secondary password.

Abstract: Clients within a computing environment may establish a secure communication session. Sometimes, a client may trust another client to read, but not modify, a message. Clients may utilize a cryptography service to generate a message protected against improper modification. Clients may utilize a cryptography service to verify whether a protected message has been improperly modified.

Abstract: A communications system comprises first circuitry for receiving and processing a plurality of data streams to associate with each of the plurality of data streams an orthogonal function to cause each of the plurality of data streams to be mutually orthogonal to each other on a link to enable transmission of each of the plurality of data streams on the link at a same time. First quantum key processing circuit generates a secret key for transmissions to second circuitry over the link using a quantum key generation process based on E91 protocol. The first quantum key processing circuit further encoding the plurality of data streams for transmission on the link using the generated secret key based on the E91 protocol. Third circuitry transmits the encoded plurality of data streams on the link.

Abstract: A method for preventing redundant purchases of limited items includes steps for providing a commerce client to a user, receiving (a) financial information of the user and (b) a device identifier from a device the user is using to run the commerce client, the device identifier being based on one or more of user-configurable and non-user-configurable parameters of the user device, determining whether a previous transaction has been made with the device associated with the received device identifier, and disallowing the device from executing further transactions for a predetermined period of time. The method may be executed by an apparatus such as a computer server or stored as a series of instructions on a computer readable medium.

Abstract: A system and method are described in which a document transaction management platform coordinates performance of trust actions across a plurality of trust service providers. For example, a method can include operations such as send a first transaction request, selecting a first trust provider, facilitating performance of a first trust action, sending a second transaction request, selecting a second trust provider, and facilitating performance of a second trust action. Sending the first transaction request can include a first trust action associated with an electronic document. Selecting the first trust provider to execute the first trust action occurs in response to a first user accepting the first transaction request. Performance of the first trust action is facilitated through the first trust provider. Sending the second transaction request can include a second trust action associated with the electronic document.