I'm always receiving update requests from numerous vendors. How can I confirm that an update request from Java is authentic?