Abstract: A system, comprising an authentication module to generate a challenge to authenticate a user, the challenge to be distributed to members of a set of verifying parties; and grant the user access to a resource upon receiving an authenticating response to the challenge; and a combiner module to receive partial responses from members of the set of verifying parties upon verification of the user by each member, the verification made using a provided contextual identifier of the user; based on the partial responses reaching a threshold number of responses, combine the partial responses to obtain a combined response, and provide the combined response to the authentication module as an authenticating response to the challenge.

Abstract: A cluster enrollment system remote to a device cluster performs a cluster enrollment process according to a cluster enrollment policy to determine whether a target device is authenticated to join the device cluster.

Abstract: In an example, a computing device includes a processor which in a reimaging operation of the computing device, may determine if a backup image to be used in the reimaging operation is available from a memory device connected to a local area network of the computing device. When the backup image is available from the memory device, the processor may acquire the backup image over the local area network. When the backup image is not available from the memory device, the processor may determine if a backup image is available from a wide area network of the computing device.

Abstract: A system, comprising an authentication module to generate a challenge to authenticate a user, the challenge to be distributed to members of a set of verifying parties; and grant the user access to a resource upon receiving an authenticating response to the challenge; and a combiner module to receive partial responses from members of the set of verifying parties upon verification of the user by each member, the verification made using a provided contextual identifier of the user; based on the partial responses reaching a threshold number of responses, combine the partial responses to obtain a combined response, and provide the combined response to the authentication module as an authenticating response to the challenge.

Abstract: In an example, a tangible machine-readable medium includes instructions which, when executed on at least one processor, cause the at least one processor to obtain an attestation public key bound to an identity associated with a root of trust of a platform. The instructions further cause the at least one processor to obtain a trusted time stamp associated with data collection by the platform. The instructions further cause the at least one processor to generate a signed measurement based on a trusted input as a nonce.

Abstract: According to aspects of the present disclosure, there is provided methods and devices for verifying integrity of a remote device, including a method comprising generating a first nonce value, transmitting the first nonce value, receiving a message from the remote device, the message comprising measurements of a configuration of the remote device and a cryptographic signature based on a private key of a public-private key pair of the remote device and a second nonce value, determining that the second nonce value was generated based on the first nonce value, and verifying the cryptographic signature based on the second nonce value and a public key of the public-private key pair of the remote device.

Abstract: In an example there is provided a method of issuing a command. A request is received from a device in a set of registered devices, the request comprising a command for execution at a remote device. The request is communicated to the set of registered devices. A response to the request is received from each device in a subset of the set of registered devices. A further request to execute the command, is communicated to the remote device on the basis of the responses. The command executes on the remote device when the subset of devices is an authorised subset of the registered devices.

Abstract: Examples associated with process verification are described. One example includes a process operating in a general operating environment of the system. From an isolated environment, a protection module modifies the behavior of the process by modifying data associated with the process while the process is in operation. The protection module verifies whether the behavior of the process has changed in accordance with the modification. The protection module takes a remedial action upon determining the process has been compromised.

Abstract: In an example there is provided a method of authenticating a user. An authentication challenge is received in response to a request to authenticate a user. The challenge is distributed to each device from a subset of a set of registered devices. At each device a share of an authentication token is accessed and a partial response to the challenge is generated based on an authentication token and challenge. A response to the challenge is generated by combining the partial responses from the subset of devices, and is communicated to an authenticator. The user is authenticated when the subset of devices is an authorised subset. Every authorised subset of the set of registered devices comprises at least one device from the first group of devices.

Abstract: A network printing system comprising a user device to encrypt a print job using a public key of a user and to transmit the encrypted print job to a print server. The system may further comprise the print server to re-encrypt the encrypted print job using the re-encryption key. The system may further comprise the printer to decrypt the re-encrypted print job using a private key of the printer and print the decrypted print job.

Abstract: In an example, a method includes requesting, from a node associated with a group comprising a plurality of computing devices associated with an access structure defining a set within the group of computing devices, an attestation of a capability of the set; receiving the attestation; and implementing, based on the received attestation, a procedure according to a device capability policy.

Abstract: A network printing system comprising a user device to encrypt a print job using a public key of a user and to transmit the encrypted print job to a print server. The system may further comprise the print server to re-encrypt the encrypted print job using the re-encryption key. The system may further comprise the printer to decrypt the re-encrypted print job using a private key of the printer and print the decrypted print job.

Abstract: According to aspects of the present disclosure, there is provided methods and devices for enrolling a device into a network, including a device comprising a secure storage comprising a device identifier and a public key, and a controller configured to: retrieve a proof-of-ownership certificate comprising a cryptographic binding between the device identifier and an owner identifier based on a secret key corresponding to the stored public key, authenticate the proof-of-ownership certificate based on the stored device identifier and public key, establish an authenticated communication channel with a device manager based on the authenticated proof-of-ownership certificate, and receive setup information from the device manager to enrol the device on the network.

Abstract: There is disclosed a method for encrypting data representing a rendering task, the method comprising segmenting the data to form multiple variably sized segments, wherein each segment comprises a payload, and a footer portion comprising at least a footer size section indicating the size of a footer encoding the size of a subsequent segment, and encrypting each segment using data associated with that segment and the rendering task.

Abstract: An apparatus is disclosed. The apparatus may comprise a storage medium to store: a first data structure to receive a first plurality of numerical identifiers, each numerical identifier of the first plurality of numerical identifiers corresponding to a respective signal received during a first defined time interval; and a second data structure to receive a second plurality of numerical identifiers, each numerical identifier of the second plurality of numerical identifiers corresponding to a respective signal received during a second defined time interval, wherein the first defined time interval is earlier in time than the second defined time interval. The apparatus may comprise a processor.

Abstract: Examples associated with process verification are described. One example includes a process operating in a general operating environment of the system. From an isolated environment, a protection module modifies the behavior of the process by modifying data associated with the process while the process is in operation. The protection module verifies whether the behavior of the process has changed in accordance with the modification. The protection module takes a remedial action upon determining the process has been compromised.