Abstract: Various embodiments relate to a method performed by a processor of a computing system. An example method includes generating a symmetric content encryption key. Content is encrypted using the content encryption key to generate cipher text. A hash of the cipher text is generated. Each of the hash and the content encryption key is signcrypted using each of a signcrypting party public key, a signcrypting party private key and a recipient public key to generate a signcrypted envelope message. The cipher text is embedded in a component of the signcrypted envelope message. The signcrypted envelope message is transmitted to a recipient. The recipient can unsigncrypt the signcrypted envelope message using each of the recipient public key, a recipient private key, and the signcrypting party public key to retrieve the content encryption key and hash of the cipher text. The recipient can decrypt the cipher text using the content encryption key.

Abstract: This disclosure provides systems, methods and apparatus, including computer programs encoded on computer storage media, for multi-link aggregation in wireless communications. In one aspect, an apparatus includes a multi-link operation device configured to generate and output for transmission a message indicating a mapping of each of a plurality of traffic identifiers (TIDs) to one or more parameters associated with each of a plurality of wireless links. In some aspects, another apparatus may obtain a message via at least one of a plurality of wireless links indicating a mapping of each of a plurality of TIDs to one or more parameters associated with each the plurality of wireless links, obtain a sequence of packets associated with at least one of the plurality of TIDs via one or more of the plurality of wireless links, and process the sequence of packets based on the mapping indicated via the message.

Abstract: A processor may segment a media key block into two or more subsets. Each of the two or more subsets may be respectively associated with a particular group of receivers, and each receiver of the particular group of receivers may be in a blockchain network. The processor may receive, from a first receiver, a request for permission to process the media key block. The processor may identify which of the two or more subsets that the first receiver is associated. The processor may provide a media key block value to the first receiver.

Abstract: A verifier device in one embodiment is configured to communicate over one or more networks with a client device and a server device. The verifier device participates in a three-party handshake protocol with the client device and the server device in which the verifier device and the client device obtain respective shares of a session key of a secure session with the server device. The verifier device receives from the client device a commitment relating to the secure session with the server device, and responsive to receipt of the commitment, releases to the client device additional information relating to the secure session that was not previously accessible to the client device. The verifier device verifies correctness of at least one characterization of data obtained by the client device from the server device as part of the secure session, based at least in part on the commitment and the additional information.

Abstract: A method for leveraging a universal credential in an access control system according to one embodiment includes generating, by a cloud system, a CBOR web token for user access to at least one electronic lock, wherein the CBOR web token includes a group tag associated with a set of access rights for a group of users and a cryptographic signature, transmitting the CBOR web token to a user mobile device, receiving, by a first electronic lock, the CBOR web token from the user mobile device for access to a passageway secured by the first electronic lock, verifying an authenticity of the cryptographic signature of the CBOR web token and that the group tag of the CBOR web token is associated with a group authorized to access the passageway secured by the first electronic lock, and unlocking a lock mechanism in response to the verifications.

Abstract: Systems and methods are provided for a network appliance comprising a plurality of virtual private network nodes operating on the network appliance, each virtual private network node being configurable to connect to selectable virtual private network end points in an on-demand computing network. A web interface is configured to connect a client device to the network appliance and to identify a selected virtual private network end point, where the client device is connected to a particular one of the virtual private network nodes and the particular virtual private network node is connected to the selected virtual private network end point based on interactions with the web interface.

Abstract: A secret key is communicated to a receiver system. A one-time pad is generated using the secret key and a counter. An encrypted message is generated by performing an XOR operation on a first message using the one-time pad. The encrypted message and the counter are sent to the receiver system.

Abstract: A method for providing a personal data storage service between a first user who is a data provider and a second user who is a data requester by using a smart contract based on a first layer and a privacy layer and a storage layer based on a second layer is provided. The method has an effect of generating encoded subject data made by encoding subject data by using a random key as an encryption key generated through a data provider terminal, to thereby prevent the personal storage service provider from decoding the subject data. Further, the method has another effect of saving the storage for use in PDS service, since there is no need to generate each of encoded encryption key and encoded subject data in line with each of data requester even if the number of data requesters increase by implementing using a proxy re-encryption technology.

Abstract: This invention relates generally to methods and apparatus for providing secure services using a mobile device, and in particular for securely making transactions, such as payments, using mobile phones and smartphones.

Abstract: Computer methods and devices for handling requests by using a distributed ledger database. An evaluation of a request is performed based on a first data item comprising first information about a state of a system and on a second data item comprising second information about a proposed action in response to the state of the system. The first and second data items are evaluated to establish whether, given the state of the system, the proposed action is appropriate. A third data item is provided and a fourth data item is accessed. The third data item comprises encrypted first information. The fourth data item comprises information for accessing encrypted information comprised in a first encrypted data item. The first data item is authenticated against the first encrypted data item to establish whether the information in the first data item is compatible with the in-formation in the first encrypted data item.

Abstract: A secure authentication method includes: deriving a distributed LSH value using secret LSH, taking a first distributed feature amount which is a feature amount of user information distributed through a secret distribution method and encrypted LSH parameters as inputs; deriving a distributed hash value using a secret unidirectional function, taking the distributed LSH value and a distributed key as inputs; decoding the hash value by reversing distribution of the distributed hash value; selecting, from a secret hash table storing sets of a hash value as an index and a distributed feature amount as a data string, a set including a hash value matching the decoded hash value; computing, in secret, similarity between the distributed feature amount in the set and the first distributed feature amount; deriving, in secret, a user authentication result based on the similarity computed; and outputting the derived authentication result.

Abstract: A system in one embodiment comprises a first endpoint device that is configured to communicate with a second endpoint device using a given communication protocol. The first endpoint device is configured to monitor a communication session under the given communication protocol and to generate monitoring data associated with the communication session. The first endpoint device is configured to determine that a designated network condition has occurred based at least in part on the monitoring data. The first endpoint device is configured to activate a performance monitoring component based at least in part on the determination that the designated network condition has occurred and to generate performance data utilizing the activated performance monitoring component. The first endpoint device is configured to anonymize and store the performance data.

Abstract: In various example embodiments, a system and method for an electronic commerce file system are provided. In example embodiments, a selection of an item contained in a folder of an electronic commerce file system is received. The item is offered for sale by an electronic commerce provider, and the electronic commerce file system resides locally on a client device. Based on a type of the folder, a set of actions are provided for selection, with the set of actions to be performed with respect to the item. A selection of an action to be performed with respect to the item is received. The action is performed with respect to the item, with the action being performed between the electronic commerce file system and the electronic commerce provider via a network.

Abstract: Anonymizing systems and methods comprising a native configurations database including a set of configurations, a key management database including a plurality of private keys, a processor in communication with the native configurations database and the key management database, and a memory coupled to the processor. The set of configurations includes one or more textual descriptions and one or more ranges, wherein each range includes a contiguous sequence comprised of IP addresses, port numbers, or IP addresses and port numbers. The processor is configured to retrieve the set of configurations from the native configurations database, wherein the set of configurations includes a plurality of objects; retrieve a private key from the key management database; assign a unique cryptographically secure identity to each object; and anonymize the plurality of objects based on the cryptographically secure identities and the private key.

Abstract: Disclosed are various embodiments providing user authentication through registered device communications. An authentication request is received from a client device. A user is authenticated for access to a user account based at least in part on the client device providing the authentication token. The authentication token is generated by the client device or by one or more other computing devices and sent to the client device. The client device encrypts the authentication token based at least in part on a user authenticating factor and stores the encrypted authentication token on the client device.

Abstract: Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key. Example embodiments of systems and methods can be used to provide further authentication and added levels of security for transactions.

Abstract: A method and system for implementing and managing security policies in a cloud environment of enterprises are disclosed. In some embodiments, the method includes creating cloud-independent policies associated with enterprise assets in the cloud environment and sharing the cloud-independent policies across one or more distributed enterprises in the cloud environment. The method also includes translating and enforcing the policies in run-time across the distributed enterprises. The method further includes applying the policies collaboratively in the distributed enterprises based on distributing policy enforcement in the distributed enterprises while centralizing policy operations, where applying the policies includes discovering cloud-based assets of the enterprises and enterprise asset data related to the cloud-based assets and creating, based on the enterprise asset data, at least one graph (organization, user, resource) representing the relationships among the assets.

Abstract: A system may include a memory and a processor in communication with the memory. The processor may be configured to perform operations that include generating a key pair and encrypting a data credential with a public key to make a data credential secret. The operations may further include storing the data credential secret in a cluster on a host and deploying a workload on the cluster. The operations may also include establishing an empty bundle in the host and generating a pod trusted execution environment.

Abstract: An authentication system, including at least one processor configured to: perform, based on a similarity between input authentication information that has been input and registered authentication information that has been registered, authentication of a user to be authenticated; determine whether there is a possibility that the user is authenticated as another user; acquire, when it is determined that there is the possibility that the user is authenticated as another user, for the input authentication information, a plurality of pieces of processed authentication information processed differently from each other; and determine, when it is determined that there is the possibility that the user is authenticated as another user, whether a predetermined number or more of pieces of processed authentication information are more similar to the registered authentication information than to the input authentication information and perform the authentication based on a result of the determination.

Abstract: A plurality of computing devices are provisioned configured to communicate on a mobile communications network operated, in part, by an edge computing network. The edge computing network is associated with a customer of a computing service provider. The edge computing network comprises computing and storage devices configured to extend computing resources of the computing service provider to the customer of the computing service provider. A selection is received of a SIM provider and a quantity of SIM profiles for enabling the plurality of computing devices to access the mobile communications network. SIM data corresponding to the quantity of SIM profiles is received. The SIM data is encrypted and received over an encrypted channel.

Abstract: Key management for encrypted data. A node, such as a storage device, obtains a shared key to be used in cryptographic operations. The obtaining includes using an identifier of another node, such as a host of the computing environment, and a unique identifier of the shared key to obtain the shared key. The obtained shared key is then used in one or more cryptographic operations.

Abstract: A method encrypting, by a user device based on utilizing a first cryptographic key, first factor authentication information that is associated with determining a first authentication factor; encrypting, by the user device, the first cryptographic key based on utilizing an assigned public key associated with the user device; encrypting, by the user device based on utilizing a first master key, an assigned private key associated with the user device; encrypting, by the user device based on utilizing a second cryptographic key, second factor authentication information that is associated with determining a second authentication factor; encrypting, by the user device, the second cryptographic key based on utilizing a second master key; and storing, by the user device, encrypted first factor authentication information and encrypted second factor authentication information in a memory associated with the user device is disclosed. Various other aspects are contemplated.

Abstract: A computer-implemented method for automatically pairing two devices is disclosed. The computer-implemented method includes detecting a first type of movement from a first device. The computer-implemented method further includes determining that the first device is located within a threshold distance of a second device when the first type of movement from the first device is detected. The computer-implemented method further includes determining whether an auto-pairing policy matches the first type of movement from the first device and the threshold distance between the first and second devices. The computer-implemented method further includes, responsive to determining that the auto-pairing policy matches the first type of movement from the first device and the threshold distance between the first and second devices, automatically pairing the first device and the second device.

Abstract: According to an example aspect of the present invention, there is provided a cryptoprocessor comprising physical unclonable function circuitry comprising at least one physical unclonable function, and at least one processing core configured to process a challenge received from outside the cryptoprocessor by at least deriving a response to the challenge by providing the challenge as input to the physical unclonable function circuitry, using the response as an encryption key to encrypt a second encryption key, and by causing the encrypted second encryption key to be provided to a party which issued the challenge.

Abstract: Intelligent methods of providing online security against hackers, which prevents the hackers from obtaining unauthorized access to secure resources. A first application session established between a first client and a first application of a first host device is detected. The first application is associated with a first plurality of security time limits. A duration of the first application session established between the first client and the first application is monitored. One or more first security actions are executed against the first application session responsive to the duration of the first application session reaching a security time limit of the first plurality of security time limits. One or more second security actions are executed against the first application session responsive to the duration of the first application session reaching another security time limit of the first plurality of security time limits.

Abstract: A method and system for controlling media-content presentation based on user presence and/or user profile. An example method includes a computing system determining a quantity of users present at a media-presentation device, the quantity being at least one. Further, the example method includes, based on the determining, the computing system using the determined quantity of users present at the media-presentation device as a basis to control what media content a media player outputs for presentation by the media-presentation device. For instance, based on the determined quantity of users the computing system could tailor a graphical user interface (GUI) that the media player outputs for presentation by the media-presentation device, such as by tailoring a set of channel options that a channel-selection GUI provides, among other possibilities.

Abstract: Systems, apparatus, and methods of managing the lifecycle of a digital token are described. In an example, while the digital token is being generated, the digital token or the underlying digital asset can be compared to other digital tokens and/or digital assets to determine similarity thereto. Based on the similarity, a program code interface (e.g., smart contract, an application programming interface—API, RPC, etc.) can be determined and an API call can be made to execute a program code. The execution can indicate whether the digital token creation process can be completed. If so, the digital token is recorded. Thereafter, its use or the use of the underlying digital asset can be monitored, whereby this monitoring can apply similarity processing. If a use thereof is determined or if a use of a similar digital token or similar digital asset is determined, notifications can be generated and sent.

Abstract: A system and method for controlling authorization to a protected entity are provided. The method includes: receiving an access request for access to the protected entity, wherein the access request is received from a client device; in response to the access request, causing the client device to perform an admission process that includes performing at least one game; monitoring a distributed database to identify at least one admission transaction designating admission criteria; determining if the admission criteria satisfy a set of conditions for accessing the protected entity; identifying, on the distributed database, completion results of the at least one game, wherein whether the admission criteria satisfies the set of conditions for accessing the protected entity is determined based on the results of the at least one game; and granting access to the protected entity by the client device when the admission criteria satisfies the set of conditions.

Abstract: A data storage device comprising a non-volatile storage medium configured to store user data, a data port configured to transmit data between a host computer system and the data storage device, a data security indicator, and a controller. The controller is configured to selectively control access of the host computer system to the user data based on security configuration data of the data storage device. The controller is further configured to respond to the occurrence of one or more operations, the operations being any of: (i) a data access operation requested or performed, by the host computer system, on the data storage device to access the storage medium via the data port; and (ii) a security control operation requested or performed, by an external device, on the data storage device to store, retrieve or update the security configuration data of the data storage device.

Abstract: An asynchronous and concurrent transaction processing method with high-performance oriented to a permissioned blockchain belongs to the field of blockchain technologies. The method designs two processing schemes for abort transactions, namely, additional submission of unnecessary abort transactions that are serializable and delayed centralized processing of long-conflict-chain transaction aggregation. In order to avoid the instability of system transaction processing performance caused by single point failure, the method designs a multi-node round robin consensus strategy. In addition, an inter-node auxiliary concurrency acceleration scheme is designed, which can improve the transaction performance of the whole of the system only by upgrading some of node devices in the system.

Abstract: A method for accessing a private key is provided. The method includes storing, by a first device, the private key and an associated public key, generating an access token, sending to a second device, the access token, sending, to a first server, an address relating to a decentralized identifier and the access token, sending, by the first server, to a ledger, a request for getting a decentralized identifier along with the decentralized identifier address. By way of the method a solution is provided for accessing, by a first server to be accessed from a second device, based on a decentralized identifier readable from a ledger, a second server, as a proxy to a first device. It allows for authenticating a first device to a first server while keeping the private key only at the first device side (and not at the second device side).

Abstract: Systems and methods are provided for validating components of an Information Handling System (IHS). During factory provisioning of the IHS, an owner certificate is stored that specifies an identity of a motherboard installed during manufacture of the IHS. The owner certificate is signed by a certificate authority of an owner of the IHS that retains capabilities for specifying the use of boot code provided by successive renters of the IHS. A renter certificate is also stored that specifies an identity of a chassis to which the motherboard is installed during manufacture of the IHS. Upon a transfer of control or ownership of the IHS, boot code operations by the security processor identify a motherboard and chassis in use by the IHS and utilize the motherboard and chassis certificates to validate that the identified motherboard and chassis are the same motherboard and chassis installed during manufacture of the IHS.

Abstract: The disclosed technology relates to receiving an executable function from a client device, wherein the executable function is to be executed on a function as a service (FaaS) platform. Upon performing a verification and validation process on the received executable function prior to runtime, it is determined when to execute the received executable function based on based on one or more execution initiation techniques upon performing. The verified and validated executable function is executed at the runtime on the FaaS platform based on the determination.

Abstract: Systems, methods, and computer-readable media are provided for an efficient roaming management method using a single association identifier token for associating with different access points. In one aspect of the present disclosure, a network controller includes memory having computer-readable instructions stored therein and one or more processors. The one or more processors are configured to execute the computer-readable instructions to receive a request from an endpoint to connect to a first access point; generate association identification token (e.g., PMK and PMKID) for the endpoint to connect to the first access point; and distribute the association identification token to a second access point prior to the endpoint attempting to connect to the second access point, the association identification token being used by the second access point to validate a subsequent request by the endpoint to connect to the second access point.

Abstract: A cloud implementation of a persisted storage device, such as a disk, is provided. The implementation supports a variety of features and protocols, in full analogy with a physical storage device such as a disk drive. The present disclosure provides for implementing standard eDrive protocols in the cloud by designing internal disk storage, referred to as a “system area,” in a virtual disk instance that the virtual disk can potentially utilize for a multitude of disk features. This internal storage can be used to implement eDrive protocols, which use the system area to maintain the necessary internal virtual disk state.

Abstract: Provided is a computer-implemented method for authenticating an identification document. The method includes determining, with at least one processor, whether image data associated with the identification document has at least one predetermined indicia. In response to determining that the image data has the at least one predetermined indicia, the method includes determining whether the at least one predetermined indicia corresponds to at least one invalidation mark on the identification document, and, in response to determining that the at least one predetermined indicia corresponds to the at least one invalidation mark, determining, that the identification document is invalid. In response to determining that the identification document is invalid, the method includes preventing or causing the prevention of at least one action from being performed. A system and computer program product for authenticating identification documents are also disclosed.

Abstract: Various examples are directed to systems and methods for detecting vulnerabilities in a web application. A testing utility may direct a plurality of request messages to a web application. The testing utility may be executed at a first computing device and the web application may be executed at a second computing device. The testing utility may determine that a first request message of the plurality of test messages describes a state changing request. The determining may be based at least in part on the first request message and a first response message generated by the web application in response to the first request message. The testing utility may generate a first tampered request message based at least in part on the first request message and direct the first tampered request message to the web application.

Abstract: When a system tries to access a network (e.g., another system, an application, data, or the like) at least two-factor authentication may be used to validate the system. At least one authentication factor may include utilizing authentication credentials of the entity or system accessing the network. At least a second authentication factor may include using an environment hash of the system, which is a representation of the configuration (e.g., hardware, software, or the like) on the system trying to access the network. The environment hash may be compared to hash requirements (e.g., authorized environment hashes, unauthorized environment hashes, or the like) to aid in the validation. The system may only access the network when both the authentication credentials and the environment hashes meet requirements.

Abstract: In an implementation, a shutdown coordinator sends an instruction to a router to no longer assign new sessions to an application instance, where the application instance is to be shut down. The shutdown coordinator sends a request to the application instance to export associated sessions for handover to a new application instance. The shutdown coordinator receives an indication from the application instance that no further requests can be processed by the application instance since all associated sessions have been exported to an external session storage. The shutdown coordinator instructs the router to redirect requests to the application instance to the new application instance. The shutdown coordinator shuts down the application instance. The shutdown coordinator deletes remaining sessions of all associated sessions from the external session storage after a defined timeout period.

Abstract: Various embodiments described herein disclose an endpoint modeling and grouping management system that can collect data from endpoint computer devices in a network. In some embodiments, agents installed on the endpoints can collect real-time information at the kernel level providing the system with deep visibility. In some embodiments, the endpoint modeling and grouping management system can identify similarities in behavior in response to assessing the data collected by the agents. In some embodiments, the endpoint modeling and grouping management system can dynamically model groups such as logical groups, and cluster endpoints based on the similarities and/or differences in behavior of the endpoints. In some embodiments, the endpoint modeling and grouping management system transmits the behavioral models to the agents to allow the agents to identify anomalies and/or security threats autonomously.

Abstract: Methods and systems are provided for supporting efficient and secure “Machine-to-Machine” (M2M) communications using a module, a server, and an application. A module can communicate with the server by accessing the Internet, and the module can include a sensor and/or an actuator. The module, server, and application can utilize public key infrastructure (PKI) such as public keys and private keys. The module can internally derive pairs of private/public keys using cryptographic algorithms and a first set of parameters. A server can authenticate the submission of derived public keys and an associated module identity. The server can use a first server private key and a second set of parameters to (i) send module data to the application and (ii) receive module instructions from the application. The server can use a second server private key and the first set of parameters to communicate with the module.

Abstract: A device management system (1) includes a common certification information acquirer, a certifier, an identification information generator, and a setter. The common certification information acquirer acquires common certification information from a device (10) including a storage for storing the common certification information. The common certification information stored in the storage is shared with another device. The certifier certifies the device (10) based on the common certification information. The identification information generator generates identification information for identification of the device (10) certified by the certifier. The setter sets the identification information to the device (10).

Abstract: Disclosed are systems and methods to deliver location restricted content to devices that do not have a location component, such as a Global Positioning System component. A location aware device may send to a content delivery service, location information determined by a location component of the location aware device and receive, from the content delivery service, an encrypted access token. The location aware device may then send the access token to a non-location aware device that is on a same local area network as the location aware device. The non-location aware device may provide the access token to the content delivery service along with a request for location restricted content. The content delivery service may use the access token provided by the non-location aware device to verify that the non-location aware device is within a defined area for which the requested location restricted content is allowed for presentation.

Abstract: A motor vehicle stores a first one-way hash of a password and an encrypted value from a second one-way hash of the password. A method for authenticating a device with respect to the vehicle includes the following: a PACE procedure is carried out so that the device and the motor vehicle determine the same session key; the motor vehicle generates a communication key on the basis of the session key and the encrypted one-way hash; and the device generates the communication key based on the session key and the second one-way hash.

Abstract: Systems and methods for encryption/decryption based on liveness-verified biometric data that cannot be stolen/spoofed. In various embodiments, the disclosed systems and methods facilitate encryption/decryption of data through controlling access to keys via liveness-verified biometric data. Liveness-verified biometric data may, in various embodiments, be derived from facial features, fingerprints, voice recognition, DNA, etc. Generally, if the liveness and identity of the requesting individual cannot be verified, then the individual will not be permitted to encrypt/decrypt data using the disclosed systems and methods.

Abstract: Systems, computer program products, and methods are described herein for secure access and initiation using a remote terminal.

Abstract: There are provided measures for realization of service level agreements in network slice scenarios joining multiple network capabilities. Such measures exemplarily comprise, as a slice management entity, receiving a network resource combination request, transmitting a request for at least one area base unit fulfilling, receiving, from said area base units repository, area base units fulfilling said at least one predetermined criterion out of stored area base units, generating at least one area base units join, selecting at least one selected area base units join of said at least one area base units join such that a combination of join geographical areas of said at least one selected area base units join covers said slice geographical area, and combining said at least one selected area base units join as a network resource combination.

Abstract: Techniques for facilitating a digital signature occurrence associated with an object transmitted via a communication channel associated with a group-based communication platform. The object may be created by a user within either the group-based communication platform or a third-party application and transmitted to one or more other users associated with the communication channel via the group-based communication platform. The group-based communication platform may be configured to authenticate a digital signature and, based on a verification of the authenticity, associate the digital signature with the object. The group-based communication platform may cause the digital signature to be presented via an interface associated with the communication channel, such as proximate to or viewable in association with the object.

Abstract: In one implementation, a wireless security system premises gateway component includes a first local area wireless communication component adapted to communicate wirelessly with plural wireless security system sensors distributed at a premises; a second local area wireless communication component adapted to communicate wirelessly with a general purpose mobile communications device; a communications interface component adapted to communicate with a wide area communications network that is located remotely of the premises; a security system controller component adapted to communicate with the general purpose mobile communications device to provide state information regarding the security system and to provide control inputs to the security system; and a single gateway housing configured and sized to house the first local area wireless communication component, the second local area wireless communication component, the communications interface component, and the security system controller.

Abstract: A digital file forensic accounting and management system collects forensic data for a digital file that is stored and accounted for in a datastore. The digital files and the associated forensic data may be retrieved from the datastore by a third party to verify the authenticity of the digital file. An interface program is utilized to collect forensic data about a file upon creation of the file and/or when the file is transferred to the datastore. An interface program may be a framework that is operated on a file producing program that a file provider used to create a digital file. An interface program may be an origination driver that is operated on the file providing computer. An interface program may be a directory monitoring program that transfers the digital file and forensic data to the datastore upon saving the file to the monitored directory.