Abstract: Apparatuses, methods, systems, and program products are disclosed for distributed license encryption and distribution. An apparatus includes a processor and a memory that stores code executable by the processor. The code is executable to select a license token from a pool of available license tokens associated with available digital licenses in response to a license request from a first device. The license token includes information identifying second devices where segments of a digital license associated with the license token are stored. The segments are encrypted using encryption keys for one or more participants. The code is executable to re-encrypt the segments of the digital license for the selected license token using an encryption key for the first device and send the license token to the first device where it is used to request the segments from the second devices, decrypt the segments, and reconstruct the digital license.

Abstract: In one aspect, an embedded controller (EC) in a device may receive a firmware update for another component in the device and determine whether the firmware update has been previously applied at the component. If the firmware update has not been previously applied, the EC may assign an identifier to the firmware update and digitally sign the identifier. The EC may then provide the firmware update and the digitally-signed identifier to the component so that the component may apply the firmware update.

Abstract: Apparatuses, methods, and program products are disclosed for operating a camera sense mode. One apparatus includes a processor, a camera, and a memory that stores code executable by the processor. The code is executable by the processor to determine, by use of the processor, whether the camera is set to a camera sense mode. The camera sense mode is a mode of the camera configured to use the camera as a sensor. The code is executable by the processor to, in response to the camera being set to the camera sense mode: analyze images captured by the camera, using a sensing application, to determine information related to the images; and inhibit applications separate from the sensing application from accessing images captured by the camera.

Abstract: Systems and methods are disclosed for generating a key based on at least one hardware component identifier for hardware of a first device and/or at least one piece of firmware code of the first device. The key may then be stored at a storage area accessible to the first device via hypertext transfer protocol secure (HTTPS) communication and the key may also be used to encrypt storage of the first device. Booting of the first device may then be facilitated based on HTTPS communication with a second device and using an extensible firmware interface (EFI) file and/or an IMG file stored at the second device. Then subsequent to at least partially facilitating the booting of the first device and based on verifying authentication credentials, the key may be transmitted to the first device to decrypt the storage of the first device.

Abstract: Apparatuses, methods, and program products are disclosed for proof of work based authentication. One apparatus includes a processor and a memory that stores code executable by the processor. The code is executable by the processor to determine, by use of the processor, a set of computer-based attributes corresponding to a first device. The code is executable by the processor to compute a proof of work based on the set of computer-based attributes. The code is executable by the processor to transmit the proof of work and the set of computer-based attributes to a second device for authentication based on the proof of work and the set of computer-based attributes.

Abstract: In one aspect, a first device may include at least one processor and storage accessible to the at least one processor. The storage may include instructions executable by the at least one processor to receive, from a second device, a partial hash of a domain name. The instructions may also be executable to use the partial hash and a probabilistic data structure to identify an Internet protocol (IP) address associated with the domain name. Responsive to identifying the IP address, the instructions may be executable to transmit the IP address to the second device.

Abstract: In one aspect, an embedded controller (EC) in a device may receive a firmware update for another component in the device and determine whether the firmware update has been previously applied at the component. If the firmware update has not been previously applied, the EC may assign an identifier to the firmware update and digitally sign the identifier. The EC may then provide the firmware update and the digitally-signed identifier to the component so that the component may apply the firmware update.

Abstract: In one aspect, a first device may include at least one processor and storage accessible to the at least one processor. The storage may include instructions executable by the at least one processor to receive, from a second device, a partial hash of a domain name. The instructions may also be executable to use the partial hash and a probabilistic data structure to identify an Internet protocol (IP) address associated with the domain name. Responsive to identifying the IP address, the instructions may be executable to transmit the IP address to the second device.

Abstract: Apparatuses, methods, and program products are disclosed for operating a camera sense mode. One apparatus includes a processor, a camera, and a memory that stores code executable by the processor. The code is executable by the processor to determine, by use of the processor, whether the camera is set to a camera sense mode. The camera sense mode is a mode of the camera configured to use the camera as a sensor. The code is executable by the processor to, in response to the camera being set to the camera sense mode: analyze images captured by the camera, using a sensing application, to determine information related to the images; and inhibit applications separate from the sensing application from accessing images captured by the camera.

Abstract: An approach is provided that receives a password that corresponds to a user identifier. A number of hashing algorithms are retrieved with the specific hashing algorithms that are retrieved being based on the received user identifier. The password is hashed using each of retrieved hashing algorithms resulting in a number of hash results. The hash results are combined with the combining of the hash result eventually resulting in a combined hash result. An expected hash result that corresponds to the user identifier is retrieved and compared to the combined hash result. The password is verified based on the results of the comparison.

Abstract: An approach is provided that uses multiple hashing algorithms to verify a password. The approach receives a password that corresponds to a user identifier. A set of hashing algorithms are retrieved with the retrieved set based on the received user identifier so that different user identifiers utilize different sets of hashing algorithms. Hashing the password using each of the hashing algorithms included in the set of algorithms with the hashing resulting in a hash result. An expected hash result that corresponds to the user identifier is retrieved and the approach then verifies the received password by comparing the hash result to the first expected hash result.

Abstract: An approach is provided that receives a password that corresponds to a user identifier. A number of hashing algorithms are retrieved with the specific hashing algorithms that are retrieved being based on the received user identifier. The password is hashed using each of retrieved hashing algorithms resulting in a number of hash results. The hash results are combined with the combining of the hash result eventually resulting in a combined hash result. An expected hash result that corresponds to the user identifier is retrieved and compared to the combined hash result. The password is verified based on the results of the comparison.

Abstract: An approach is provided that uses multiple hashing algorithms to verify a password. The approach receives a password that corresponds to a user identifier. A set of hashing algorithms are retrieved with the retrieved set based on the received user identifier so that different user identifiers utilize different sets of hashing algorithms. Hashing the password using each of the hashing algorithms included in the set of algorithms with the hashing resulting in a hash result. An expected hash result that corresponds to the user identifier is retrieved and the approach then verifies the received password by comparing the hash result to the first expected hash result.

Abstract: Systems and methods are disclosed for generating a key based on at least one hardware component identifier for hardware of a first device and/or at least one piece of firmware code of the first device. The key may then be stored at a storage area accessible to the first device via hypertext transfer protocol secure (HTTPS) communication and the key may also be used to encrypt storage of the first device. Booting of the first device may then be facilitated based on HTTPS communication with a second device and using an extensible firmware interface (EFI) file and/or an IMG file stored at the second device. Then subsequent to at least partially facilitating the booting of the first device and based on verifying authentication credentials, the key may be transmitted to the first device to decrypt the storage of the first device.

Abstract: Apparatuses, methods, systems, and program products are disclosed for distributed license encryption and distribution. An apparatus includes a processor and a memory that stores code executable by the processor. The code is executable to select a license token from a pool of available license tokens associated with available digital licenses in response to a license request from a first device. The license token includes information identifying second devices where segments of a digital license associated with the license token are stored. The segments are encrypted using encryption keys for one or more participants. The code is executable to re-encrypt the segments of the digital license for the selected license token using an encryption key for the first device and send the license token to the first device where it is used to request the segments from the second devices, decrypt the segments, and reconstruct the digital license.

Abstract: Apparatuses, methods, and program products are disclosed for proof of work based authentication. One apparatus includes a processor and a memory that stores code executable by the processor. The code is executable by the processor to determine, by use of the processor, a set of computer-based attributes corresponding to a first device. The code is executable by the processor to compute a proof of work based on the set of computer-based attributes. The code is executable by the processor to transmit the proof of work and the set of computer-based attributes to a second device for authentication based on the proof of work and the set of computer-based attributes.

Abstract: Embodiments of the invention implement one or more power management policies on one or more devices in order intelligently to manage the finite amount of battery power available while maximizing synchronization between connected devices.

Abstract: Systems, methods and products are described that provide secure resume for encrypted drives. One aspect provides a method including: receiving an indication to resume from a suspended state at a computing device; responsive to authenticating a user at one or more input devices, accessing a value in a BIOS derived from authenticating the user at the one or more input devices; responsive to accessing the value, releasing a credential for unlocking one or more encrypted drives; and thereafter proceeding to resume from the suspend state.

Abstract: Systems, methods and products are described that provide secure boot with a minimum number of re-boots. One aspect provides a method including receiving an indication to boot from a power off state at a computing device; responsive to authenticating a user at one or more input devices, releasing a value derived from authenticating the user at the one or more input devices; responsive to releasing the value, unlocking one or more encrypted drives with a previously established alternate credential; and thereafter proceeding to boot from the power off state. By not having to call the non-BIOS software each boot, this minimizes the number of reboots for each boot cycle.

Abstract: The invention broadly contemplates locking methods and arrangements for electronic devices, including laptop personal computing (PC) devices. The invention provides methods and arrangements for authorizing remote devices, such as cellular phones, to control the locking of electronic devices, such as laptop PCs. After receipt of a lock message from an authorized device at a guaranteed buffer, the laptop PC becomes locked such that only an authorized user may enable the functionality of the device.