Abstract: A user using a client computer registers with a server computer over a computer network by submitting a biometric scan of a body part of the user. The user commands the client computer to encrypt an electronic file. The client computer generates a private key, encrypts the electronic file and transmits the key to the server computer. The client computer saves the encrypted file. The encrypted file and the key are saved at different physical locations. The owner of the file is able to grant permission to other registered users to unlock the encrypted file.

Abstract: Embodiments disclosed herein relate to methods, systems, and computer programs for verifying that data incorporated into a computer program is current. The methods, systems, and computer programs compare a source identifier status code associated with the data to a current source identifier status code at the location where the data was obtained. The methods, systems, and computer programs include at least one validation function which determines the validity of the data according to selected parameters. If the source identifier status code and current source identifier status code match and the at least one validation function determines the data is valid, an executable computer program incorporating the data and one or more functions is produced as output.

Abstract: A method of controlling the operating mode of a remote device based upon a local user preference setting includes determining a user privacy setting by a user at a local device and storing the user privacy setting. The user privacy setting is conveyed to the remote device and the operational mode of the remote device is modified based upon the transmitted user privacy preference setting. The operational mode of the remote device is returned to the normal operational mode upon meeting a predetermined condition.

Abstract: A storage system and method for command execution ordering by security key are provided. In one example, the storage system has a non-volatile memory, a volatile memory storing a plurality of keys, and a controller with a cache storing a subset of the plurality of keys. The storage system gives priority to a command whose key is stored in the cache in the controller over commands whose keys are stored only in the volatile memory. This avoids transferring a key from the volatile memory to the cache in the controller, thereby improving efficiency of the storage system.

Abstract: Systems, methods, and computer program products for a contactless automated teller machine (ATM) experience receive, from a telephone number, a first short message service (SMS) message including a unique identifier associated with an ATM terminal; in response to receiving the first SMS message, communicate, to the ATM terminal, a first password associated with the telephone number and the unique identifier; receive, from the telephone number, a second SMS message including the first password; verify the first password; in response to verifying the first password, transmit, to the telephone number, a third SMS message including an option to withdraw cash from the ATM terminal; receive, from the telephone number, a fourth SMS message including a selection of the option to withdraw the cash from the ATM terminal; and communicate, to the ATM terminal, a cash dispense command that causes the ATM terminal to dispense the cash.

Abstract: A method and a system for preventing an activity of a malware application in a computer system are provided. The method comprising: receiving at least one artefact of a sandbox environment to be installed in the computer system for simulating the sandbox environment in the computer system; receiving an indication of at least one interaction of a given application with the at least one artefact; analyzing an activity of the given application to detect at least one of a first type event and a second type event triggered thereby after executing the at least one interaction; in response to the analyzing rendering a positive result: identifying the given application as being the malware application; and using data indicative of a digital footprint of the given application in the computer system for further updating the at least one artefact for further preventing the activity of the malware application.

Abstract: A method for initiating a cardless automated teller machine (ATM) transaction via a mobile computing device includes: storing, in a memory of a mobile computing device, at least transaction account data and authentication data; receiving, by an input device of the mobile computing device, at least desired transaction data and authentication information; receiving, by the input device of the mobile computing device, a unique identifier associated with an automated teller machine (ATM); authenticating, by an authentication module of the mobile computing device, the received authentication information based on the stored authentication data; and electronically transmitting, by a transmitting device of the mobile computing device, at least the received desired data and unique identifier and a result of the authentication to an external computing system.

Abstract: A method performed by a device for identifying a network node within a network to which data will be replicated is disclosed. The method comprises encrypting a session key according to an attribute-based encryption scheme; broadcasting the encrypted session key within the network; receiving at least one message encrypted using the session key from at least one network node within the network; and selecting a network node from the at least one network node to which data will be replicated. A further method, a device and a non-transitory machine-readable medium are also disclosed.

Abstract: The present invention concerns a method for secure data classification by a computer platform. A client sends to the platform data to be classified in encrypted form using a first symmetric key. Similarly, a supplier sends to the platform parameters of a classification model in encrypted form using a second symmetric key. The invention uses a homomorphic cryptosystem defined by a public key and a private key. The platform performs a first transcryption step by deciphering the data to be classified in the homomorphic domain and a second transcryption step by deciphering the model parameters in the homomorphic domain. The classification function is then evaluated in the homomorphic domain for providing a classification result encrypted by said public key.

Abstract: In one embodiment, a file system of a computing device may receive from a first application a write request to write a file to a storage device of the computing device. The request may include a privacy preference for the file. In response to the write request, the file system may generate privacy metadata corresponding to the privacy preference, associate the privacy metadata to the file, and write the file and the associated privacy metadata to the storage device. The file system may receive from a second application a read request to read the file from the storage device. In response to receiving the read request, the file system may provide the second application access to the file and the associated privacy metadata. The privacy metadata can be configured to be used by the second application to select a distribution policy for the file.

Abstract: In some examples, a system and method for pairing a payment object reader with a point-of-sale (POS) terminal is described herein. The payment object reader includes one or more light indicators configured to display information in an optical pattern of one or more colors, brightness, lightness, and intensities, wherein the light indicators display a first optical pattern representative of an operational status of the payment object reader in a first mode, and a second optical pattern representative of a pairing code in a second mode. A display control component, executed by a processor, is configured to control the light indicators in accordance with the pairing code to generate the second optical pattern, the second optical pattern when shared with the POS terminal enables pairing between the payment object reader and the POS terminal. When paired, the payment object reader allows the POS terminal to accept payments from a customer.

Abstract: A key rotation that results in a first key version associated with a key being replaced by a second key version associated with the same key, wherein the first key version remains associated with the key for decrypting a previously generated ciphertext but not for future encryption requests. The first key version may be associated with a first cryptographic key material and the second key version may be associated with a second cryptographic key material different from the first cryptographic key material.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for referenced access control lists. In one aspect, a method includes accessing an object hierarchy for a plurality of objects, each object being representative of one of a storage location or a file. The object hierarchy includes for each object, a respective node, for each object that is a parent object having a child object, a directed edge connecting the node representing the parent object. In addition, for each object, including metadata that includes an access control list identifier that identifies an access control list for the object and that is owned by an access control list root object. The method including receiving updates to an access control list for particular objects, generating a new access control list, and storing the new access control list identifier in metadata for each object that descends from the particular object.

Abstract: There is provided a computer implemented method encrypting and/or decrypting data, comprising: accessing data for encryption and/or decryption, wherein the data is of a user account of a plurality of user accounts, obtaining an account key in an encrypted state, the account key is obtained from an account key dataset storing at least one encrypted account key for each of the user accounts, providing over the network, the encrypted account key to a key management system(s) (KMS) hosted by a server, receiving over the network, a decrypted account key from the server hosting the KMS(s), wherein the KMS(s) decrypts the encrypted account key using an organization key stored and managed by the KMS(s), storing the decrypted account key in a data storage device set to provide temporary storage for decrypted account keys, and encrypting and/or decrypting the data associated with the user account using the decrypted account key.

Abstract: A system and methods for facilitating secure computing device control and operation. The invention discloses a framework to supply security and policy-based control to computing applications as a software service. Clients running the framework make requests for services whereby they identify the service needed and its required parameters, encrypt and sign them, and send them to the service handler. The service handler decrypts, checks for policy allowance, and then, if allowed, executes the functions. The handler then encrypts and returns the response to the client. The framework allows for an aggregator that collects service requests for any number of clients and manages the distribution to service handlers and communications back to the clients.

Abstract: Various examples are directed to systems and methods for executing a web application with client-side encryption. A web browser can receive a document comprising a plurality of data elements including a secure element that comprises an encrypted value. An extension component may generate a secure container element to replace the secure element. The extension component can also insert a subdocument into the secure container element. The web browser may be configured to prevent web applications from accessing the subdocument. The extension component may also decrypt the encrypted value to generate a clear value and write the clear value to the subdocument. The web browser may render the document using the clear value.

Abstract: A method and system for performing authentication for a backup service provided by a server is provided. The method receives a request for authentication from a client device, the request for authentication including a signature generated using a private key. The method sends a request to obtain a public key corresponding to the private key to the server and receives the public key from the server, the public key being retrieved by the server from a backup of a virtual machine. The method verifies the signature using the public key and generates a token encrypted using the public key, the token enabling the client device to access the server for the backup service. The method sends the token to the client device, the token to be decrypted using the private key by the client device.

Abstract: Embodiments are directed to providing remote healthcare services including remote diagnostics, and facilitating third-party healthcare payments. In one embodiment, a computer system receives an input including authentication credentials from a healthcare entity, and also requests assistance from another healthcare entity. The computer system authenticates the first healthcare entity using the authentication credentials, receives an input including authentication credentials from the other healthcare entity, and authenticates the other healthcare entity using these authentication credentials. The computer system further receives real-time information related to a health condition of a patient, where the real-time health condition information is provided to the second healthcare entity.

Abstract: The systems, devices, and methods discussed herein are directed to a portable communication device, or a user equipment (UE), for obtaining cellular network services with an unassociated cellular network with assistance from a wireless local area network (WLAN). The UE registers with the WLAN, discovers the unassociated cellular network, sends request to a WLAN service provider of the WLAN to obtain cellular network services with the unassociated cellular network, and obtains cellular network services with the unassociated cellular network.

Abstract: The description relates to systems and methods for extending applications. For example, a voice assistant application can be the application to be extended. In an example, a mobile banking application can be the application that provides the extension. For example, a voice assistant might not have capability to conduct fingerprint (or biometric) authentication and bill payment function. An extension point within the voice assistant application that would enable this kind of capability might not exist. The mobile banking application can have a biometric tool for fingerprint authentication capability and a payment tool for a bill payment or money transfer function. Embodiments described herein can involve a deep link from the voice assistant application to the mobile banking application (which does offer fingerprint authentication and bill payment capability). The navigation to the mobile banking application can generate a visual impression at the UI similar or consistent with the voice assistant application.

Abstract: A cloud-based platform encrypts data imported from an organization using respective data encryption keys (DEK). The platform prevents decrypted data of the organization, and the DEK(s) used to encrypt such data, from being persistently retained within the platform. Access to the DEK may be controlled by the organization. Accordingly, the organization may retain control over access to its data, after the data has been exported to the platform. The platform may provide a purge control by which the organization can configure the platform the purge any cached DEK and/or unencrypted data pertaining to the organization.

Abstract: A method for combining different partial data includes providing a secure connection between a connection unit in a first network and an analysis unit a second network, separating original data into at least two items of partial data comprised of analysis data and personal data as first and second partial data that can be assigned to each other by way of assigning information, pseudonymizing the second partial data, transmitting the first partial data and pseudonymized second partial data and the assigning information to the analysis unit, storing the second partial data on the connection unit, providing third partial data on the analysis unit in the form of analyzed first partial data, transmitting the third partial data and the pseudonymized second partial data with the assigning information to the connection unit via the secure connection, and combining the third partial data and the second partial data using the assigning information.

Abstract: Authentication is a key procedure in information systems. Conventional biometric authentication system is based on a trusted third-party server which is not secure. The present disclosure provides a privacy preserving multifactor biometric authentication for authenticating a client without the third-party authentication server. The server receives a plurality of encrypted biometric features from the client, encrypted using Fully Homomorphic Encryption. Further, the server evaluates the plurality of encrypted biometric features to obtain a client identifier value and a plurality of encrypted resultant values. The server encrypts each of the plurality of resultant values based on a time based nonce and the client identifier value. The encrypted authentication tags and the corresponding resultant values are aggregated by the server and transmitted to the client. The client decrypts the resultant value and the authentication tag and transmits to the server.

Abstract: An object blocking method, a terminal, a server, and a storage medium are provided. The method includes: sending, when whether to block a target object cannot be determined according to a first blocking strategy library, feature information of the target object to a server. The feature information instructs the server to generate a target blocking strategy according to the feature information and feed back the target blocking strategy. The method also includes: receiving the target blocking strategy fed back by the server; adding the target blocking strategy to the first blocking strategy library; and performing subsequent object blocking according to the first blocking strategy library added with the target blocking strategy, including: determining whether to block the target object according to the target blocking strategy in the first blocking strategy library.

Abstract: Systems and methods utilized to protect data. One method includes maintaining, by one or more processing circuits in a production environment, encrypted data associated with a cryptographic function. The method further includes decrypting, by the one or more processing circuits in the production environment, the encrypted data to generate cleartext data. The method further includes encrypting, by the one or more processing circuits, the cleartext data using a homomorphic encryption function to generate ciphertext data. The method further includes masking, by the one or more processing circuits, the ciphertext data using a masking function to generate alternate ciphertext data. The method further includes decrypting, by the one or more processing circuits, the alternate ciphertext data to generate masked cleartext data and storing, by the one or more processing circuits in a lower environment, the masked cleartext data.

Abstract: A method and a computing apparatus for tracking device utilization are provided. The method includes: obtaining first data that relates to a physical location of a device; obtaining second data that relates to network switch information of the device; obtaining third data that relates to a network activity performed by using the device; using each of the first data, second data, and third data to determine a utilization of the device; and outputting a result of the determination. The first data may include a building identification, a floor number, and/or a seat identification. The second data may include a switch host name, card information, and/or port information. The third data may include a management system into which the device is logged in.

Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.

Abstract: A method of blockchain-based data management of distributed binary objects includes identifying a binary object to be stored in a first data store. The method further includes encrypting, by a processing device, the binary object using a cryptographic function of a blockchain to generate an encrypted binary object. The method further includes storing the encrypted binary object in the first data store. The method further includes storing a reference to the encrypted binary object on the blockchain.

Abstract: A method for validating a message recipient includes: storing, in a memory of a processing server, a device profile, wherein the device profile is related to a mobile computing device and includes at least a device identifier, and token validation data; receiving, by a receiver of the processing server, a data signal from an external system that is encoded with a message packet, wherein the message packet includes at least the device identifier, a device token, and a content message; validating, by a processing device of the processing server, the device token using at least the token validation data; and electronically transmitting, by a transmitter of the processing server, the content message to the mobile computing device.

Abstract: Generating a rights blockchain storing rights of a user, including: receiving an enrollment request and a public key from the user; verifying that the user has a private key corresponding to the public key; generating a user identifier using the public key; and generating and delivering the rights blockchain having a genesis block including the user identifier to the user.

Abstract: A method of storing data allowing a seed value for generating an encryption key to be retrieved is provided. The method comprises obtaining, for each of a plurality of biological data sources, a respective set of biometric data from an authorised user. A respective biometric identifier is generated from each set of biometric data. The biometric identifiers are stored in a database. A plurality of seed portions are generated that are combinable using a function to generate the seed value. Each seed portion is stored in the database in association with a biometric identifier.

Abstract: This disclosure is directed to computing services that provide secure network connections using public-private key-based security for Internet of Things (IoT) devices, such as voice devices, that may have more than a predefined set of users. Device certificates that authorize IoT devices to access a secure network, such as an enterprise network and/or services eternal to an enterprise network are provided. A setup system may cooperate with an IoT device and a subordinate CA to generate a device certificate that allows the IoT device to access a secure enterprise network and services outside of the secure enterprise network. The IoT device may generate a certificate signing request (CSR) which may be signed by a remote subordinate CA to generate the device certificate using a root certificate of an enterprise CA. Systems are also disclosed that renew certificates for the IoT devices prior to their expiration.

Abstract: The present invention discloses an intelligent cloud server for cloud storage information management and encryption. In some embodiments, the intelligent cloud server can save and store documents without the need of first saving them in a local drive for upload. Upon storage, the document can be scanned and classified in a security level according to pre-determined settings and parameters. In some embodiments, depending on the classification, the system can encrypt portions of the document in order to facilitate the sharing and access of information in a secure way. Encryption keys and access to the encrypted portions are only provided upon authentication of the user, network, and/or need, according to corresponding protocols for the information.

Abstract: A method includes sending an encrypted first hash value set to a data provider; receiving an encrypted second hash value set and a double-encrypted first hash value set from the data provider; re-encrypting the received encrypted second hash value set to obtain a double-encrypted second hash value set; calculating an intersection of the double-encrypted first hash value set and the double-encrypted second hash value set to determine one or more shared users shared with the data provider; and recommending or providing a service to the one or more shared users.

Abstract: Technologies are described for retaining configuration information for software applications during upgrades. For example, when an addon software package is deployed to a web application server running a main software platform, the configuration information for the addon software package can be preserved separately (e.g., independent of the common configuration file) and used later to restore the addon configuration information if needed. In some implementations, an addon presence file is used to store an entry for the addon software package. The entry identifies another file containing the configuration information for the addon software package. If the main software platform is upgraded resulting in the common configuration file being overwritten or replaced, then the addon configuration information can be added back to the common configuration file using the preserved configuration information.

Abstract: Techniques are described for sampling across trusted and untrusted distributed components. In accordance with embodiments, a first computing device receives a request from a second computing device, the first request including an operation identifier (ID) and a sampling ID that was generated by transforming a telemetry scope ID from a first value in a first domain to a second value in a second domain. The transformation may serve to anonymize and compress the telemetry scope ID. The first computing device determines whether or not to sample by comparing a ratio between the sampling ID and a size of the second domain with a sampling rate associated with the first computing device. The first computing device records telemetry about its processing of the first request in response to determining to sample and does not record any telemetry about its processing of the first request in response to determining not to sample.

Abstract: Examples include blocking an interface of a sponsor networking device from receiving data packets and receiving at the sponsor networking device an authentication packet from a first networking device. The first networking device is physically connected to the interface. Examples also include automatically setting by the first networking device, a unique local address for the first networking device; receiving, at the sponsor networking device, a local data packet from the first networking device, and translating, by the sponsor networking device, the local data packet to an off-fabric data packet.

Abstract: A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag is enabled to generate a Tag Authentication Cryptogram (TAC) and include the TAC in response to a read request. Accordingly, each response generated by the smart tag will include a different TAC. It follows that interactions between the smart tag and a reading device can be authenticated as unique interactions if the TAC is validated as a unique and correct TAC.

Abstract: Embodiments are directed towards collecting, aggregating and indexing unique and non-unique user data from a plurality of users. The result for a query of this indexed aggregation of user data is provided in a plurality of sub-sets of aggregated user data. Each subset of aggregated user data corresponds to a particular portion of the plurality of users. Also, each of these particular portions of the users is set at least large enough to provide general anonymity for the individual users. User data may be collected by one or more user data suppliers and provided to a user data aggregator. In some embodiments, user data may be collected as unique user data, non-unique user data, or any combination thereof. In some embodiments, user data may be aggregated by zip code, expanded zip code, and/or one or more attributes.

Abstract: The present invention discloses methods and systems for redundantly securing data using an array of independent networks. Methods include the steps of: upon receiving a storage request and secret data for securely storing the secret data, independently requesting random data from each of at least one independent partner network out of an array of at least two independent partner networks; independently receiving the random data from each of at least one independent partner network, wherein respective random data is also stored on a respective independent partner network; cumulatively calculating complementary data as an encrypted form of the secret data with a complement function using the random data; and sending the complementary data to an independent storage partner network for storage, wherein the independent storage partner network is part of the array, and wherein the independent storage partner network is independent from at least one independent partner network.

Abstract: A method and system for bringing together online and offline advertising uses partner-encoded anonymous links that are associated with consumer data. The partner-encoded anonymous links allow processing without personally identifiable information (PII) in a secure environment. Data is matched using identifiers that are encrypted for use in connection with individual match distribution partners. The method and system allows a marketer to utilize offline data to precisely target advertisements without the use of PII, and to perform analytics concerning the use of the online advertisements to more precisely determine the effectiveness of multichannel marketing efforts.

Abstract: An example operation may include one or more of initiating, by a file verification device, verification of a source file or a redacted source file, executing one of a smart contract or chaincode to verify the chameleon hash signature and the auxiliary data hash signature, and providing a notification whether the verification was successful or unsuccessful. In response to initiating verification of the source file, the method further includes the file verification device receiving stored source file segments and stored auxiliary data segments, generating a chameleon hash signature, and generating an auxiliary data hash signature. In response to initiating verification of the redacted source file, the method further includes receiving stored redacted file segments, stored auxiliary data segments, and stored modified auxiliary data, generating a chameleon hash signature, and generating an auxiliary data hash signature.

Abstract: Network and/or application resources can be dynamically instantiated based on service attributes and/or network capabilities. In one aspect, a customized and/or localized core slice can be selected that can deliver the requested service with target performance parameters. According to an aspect, dynamic selection, control, and/or management reporting can be provided for core network slices. Moreover, optimal core network slice selection can be performed to reduce network transport costs and efficiently deliver various services using an optimal core slice that matches a service profile being requested by an end user and/or device.

Abstract: A method, a non-transitory computer readable medium, and a system are disclosed for a single sign-on for services. The method includes: receiving, on a computer processor, user identification captured by a biometric device of a user; forwarding, by the computer processor, the user identification to an authentication server; receiving, on the computer processor, a user JSON Web Token (user-JWT), user principle name, active directory domain name, and user domain name password, upon authentication of the user by the authentication server; performing, by the computer processor, an active directory join operation with an active directory using the user principle name, the active directory domain name, and the user domain name password; launching, on the computer processor, a browser that communicates with the authentication server; and receiving, on the computer processor, an HTML page constructed with JavaScript code with clickable icons for provisioned services from the authentication server.

Abstract: An example operation may include one or more of determining, by a file redaction device, redacted segments of a source file, receiving, by a signature update device, the redacted source file segments, a stored trapdoor key, and stored auxiliary data segments, determining modified auxiliary data from the redacted source file segments, the trapdoor key and the auxiliary data segments, executing chaincode to obtain a modified auxiliary data signature and identifiers of the redacted source file segments, and storing the modified auxiliary data signature and identifiers of the redacted source file segments to a shared ledger of a blockchain network. Each stored auxiliary data segment including a random string of data corresponding to a segment of the source file.

Abstract: A client device accesses an online system using an authentication process when it is connected to a public network and not a private network. The client device requests access using an authentication broker via the public network. The authentication broker determines an authentication system and transmits identification information for the client device to the authentication system via the private network. The authentication broker receives an authentication vector generated by the authentication system via the private network, and receives a verification response from the client device via the public network. The verification response corresponds to a verification challenge generated based on the authentication vector by the authentication broker.

Abstract: Implementations of this specification provide a method and an apparatus for creating a blockchain account and verifying blockchain transactions. An example method performed by a blockchain platform includes receiving a transaction, the transaction including at least an initiator field that specifies an account to be created, a receiver field that specifies a pre-determined field value, and a data field that specifies a user-defined key control rule. The user-defined key control rule includes at least one 3-tuple, and each 3-tuple includes a key identifier, an action identifier, and a permission setting. The blockchain platform seals the transaction into a block, and sends the sealed transaction to at least one other full node in the blockchain network.

Abstract: A method for validating data structures includes generating and storing, at each of multiple intervals, a signature for each of multiple data structures, including a parent data structure and a child data structure. The method also includes, in response to a request to validate the child data structure, retrieving active state signatures of the parent and child data structures, and comparing the active state signatures. The method further includes, when the active state signatures are inconsistent, comparing the active state signature of the child data structure to a first prior state signature of the parent data structure; and when the active state signature of the child data structure is consistent with the first prior state signature of the parent data structure, notifying a user that the child data structure is a match for the parent data structure but out of sync therewith.

Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: recording position data for a mobile device over time, the position data being associated to an identifier of the mobile device; outputting to a user an identification code associated to the identifier; receiving input data from a user, the input data including the identification code and user identifying information from a user; responsively to the receiving the input data from a user associating the identification code and the user identifying information; based on the associating processing the position data and user profile data associated to the user identifying information; sending a message to the user based on a result of the processing.

Abstract: Techniques for obtaining electronic signatures via word processing applications are described. One approach utilizes a code module, also referred to as a “markup module,” that executes within a word processing application and that facilitates the preparation of a document for electronic signature. A user can operate the word processing application together with the markup module in order to add signature tag markers to the document and to provide recipient information about intended signers, such as names and email addresses. Once the document has been prepared, the code module transmits the document (including the added signature tag markers) and the recipient information to a digital transaction service. The digital transaction service then manages the signing of the document, such as by notifying the recipient, receiving the recipient's signature and securely storing the signature in association with the document.