This disclosure provides a method, performed in a resource-constrained device 60, for establishing a secure session with a service 800 delivered by a server terminal 80 using a security protocol over a communication network. The resource-constrained device 60 is registered at a management terminal 70. The method comprises receiving, from the server terminal 80, a credential associated with the service 800. The method comprises sending, to the management terminal 70, a service approval request 803. The service approval request 803 comprises an identifier of the service 800 and/or the credential. The method comprises receiving, from the management terminal 70, a response 804. The response 804 comprises an indication that the service 800 is approved, and a security context for a resumption of the secure session. The secure session has been established by the management terminal 70. The method comprises initiating the resumption of the secure session with the service 800 using the security context.

Techniques are provided for using tokenization in conjunction with “behind-the-wall” JWT authentication. “Behind-the-wall” JWT authentication refers to JWT authentication techniques in which the JWT stays exclusively within the private network that is controlled by the web application provider. Because the JWT stays within the private network, the security risk posed by posting the JWT in a client cookie is avoided. However, because JWT is used behind-the-wall to authenticate a user with the services requested by the user, the authentication-related overhead is significantly reduced.

Systems and methods provide for efficiently obtaining biometric signatures for electronically signing digital documents. A digital document having a signature field is provided for display on a general computing device. An instruction to obtain a biometric signature from a mobile computing device is received on the general computing device. A remote signing request is sent to a remote server device. The request can include, among other things, an electronic contact address associated with the mobile computing device. Responsive to receiving the request, a Uniform Resource Identifier (URI) is generated, referencing a dynamic application for obtaining the biometric signature on the mobile computing device. The remote server device obtains the biometric signature via the dynamic application or an incoming electronic message from the mobile computing device via the electronic contact address. The biometric signature is communicated to the client device for association with the signature field of the digital document.

A system for numeric pattern normalization for cryptographic signatures is provided. The system includes a resolving client, and an at least one signature server. The at least one signature server includes at least one processor and non-transitory computer readable media having encoded thereon computer software comprising a set of instructions executable by the at least one processor. The set of instructions may be executed by the signature server to generate a message to be transmitted to a resolving client, normalize the message via numeric pattern normalization, generate a hash value for the normalized message, and generate a cryptographic signature based on the hash value. The signature server may then generate a signed message having the message signed with the cryptographic signature, and transmit the signed message to the resolving client.

Systems, methods, and devices enable a receiver device to determine completeness of low level signaling (LLS) tables received via broadcast transmissions. In various embodiments, broadcast service signaling may include determining whether a received LLS table is a directory table identifying each of a complete set of LLS tables, parsing the directory table, determining whether the directory table is confirmed based at least in part on a digital signature in the directory table, determining whether a complete set of LLS tables is received based at least in part on the identification of each of the complete set of LLS tables in the directory table, and determining available services based at least in part on the complete set of LLS tables before an expiration a repetition time period after receiving the directory table.

A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure.

A transaction system based on a distributed peer-to-peer computer architecture, said system involving transactions generated by users by means of wallets and allowing the transfer of units of account by feeding inputs from outputs, each transaction (called downstream transaction) having an input directly or indirectly referring to an output of an upstream transaction (or several inputs each referring to an output of a respective upstream transaction) and having an output specifying the number of units of account and an address of a recipient. The system comprises means for connecting an input of a downstream transaction to an output of an upstream transaction as a function of matching rules between a code computed on all or part of the content of the downstream transaction and a check code contained in the upstream transaction, or conversely, The system further comprises means for propagating a contract, predetermined at an upstream transaction, to a downstream transaction having an input connected to the output of said upstream transaction, said contract being executable on a context for establishing allocation constraints of the output(s) of the downstream transaction, such allocation being authorized only if the constraints are met.

Systems, methods, and devices enable a receiver device to determine completeness of low level signaling (LLS) tables received via broadcast transmissions. In various embodiments, broadcast service signaling may include generating a directory table identifying one or more LLS tables to be broadcast and sending the directory table in a broadcast stream of the one or more LLS tables. In various embodiments, broadcast service signaling may include calculating a cyclic redundancy check (CRC) code for, generating a hash value for, and/or applying a digital signature to one or more LLS tables in a broadcast stream.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for electronically stamping a document. One of the methods include receiving an electronic stamping instruction, where the electronic stamping instruction comprises a to-be-stamped document and a stamping type. In response to determining that a format of the to-be-stamped document is a predetermined document format and the stamping type is a first stamping type, a first to-be-stamped area of the to-be-stamped document is determined. An electronic stamp corresponding to the to-be-stamped document is identified using an encryption algorithm interface. A first electronically stamped document is generated and include the electronic stamp in the first to-be-stamped area.

A method for securing messages includes obtaining, at a message server, a message for a user of a message service hosted by the message server. The message includes a header and the header includes a digital signature signed by an author of the message and a list of one or more recipients of the message. The method includes determining whether the digital signature by the author is valid and determining, using the list of one or more recipients, whether the user is a declared recipient of the message. When the digital signature by the author is valid and the user is the declared recipient of the message, the method includes delivering the message to a user device of the user. When the digital signature by the author is valid and the user is not the declared recipient of the message, the method includes alerting the user.