Abstract: The disclosure provides a method for verifying authenticity of a component in a product. The method may comprise collecting data relating to a characteristic of the component. The method may further comprise comparing the data to a profile for the component. The profile may comprise an expected characteristic for the component. The method may further comprise determining whether the collected data matches the expected characteristic. The disclosure further provides an apparatus and program.

Abstract: An example computing device includes a user interface, a network interface, a non-volatile memory, a processor coupled to the user interface, the network interface, and the non-volatile memory, and a set of instructions stored in the non-volatile memory. The set of instructions, when executed by the processor, is to perform a hardware initialization of the computing device according to a setting, establish a local trust domain and a remote trust domain, use a local-access public key to issue a challenge via the user interface to grant local access to the setting, and use a remote-access public key to grant remote access via the network interface to remote access to the setting.

Abstract: In Example implementations provide a computer program product to authenticate a set of components associated with a device; the components having associated respective shares (s1..sn) of a private key of a private-key/public key pair (sk,pk); the computer program product comprising: instructions to create a signature from the shares (s1..sn) and a message, m, associated with the components; and instructions to generate authentication data comprising at least the signature for transmitting to an authentication server.

Abstract: According to aspect of the present disclosure there are provided methods and apparatus for printing to a group of printers in a network, including a method comprising provisioning each printing device of the plurality of printing devices with a respective private cryptographic key, defining a first group of printing devices comprising a first subset of the plurality of printing devices, generating a first group public key for the defined first group of printing devices, the first group public key generated based on public cryptographic keys corresponding to the respective private cryptographic keys provisioned to the first subset of the plurality of printing devices, and providing the first group public key to a user.

Abstract: Example implementations provide machine readable storage storing machine executable instructions, arranged, when processed by a processor, for a succeeding generation player device accessing an unassigned share in a secret the instructions comprising C instructions to: (a.) receive an intermediate generation share of a set of intermediate shares, the intermediate generation share being arranged to facilitate access to the unassigned share and the intermediate generation share having been derived by an intermediate generation player device from shares of further shares provided by a set of preceding generation player devices; (b.) receive, from a set of other intermediate generation player devices, a set of other intermediate generation shares of the set of intermediate shares, to facilitate access by the succeeding generation player device to the unassigned share in conjunction with the intermediate generation share; and (c.

Abstract: Secure code image delivery may include encrypting, using an invariant content encryption key, an invariant portion of a code image for a set of electronic devices to generate an encrypted invariant potion of the code image. A first variant of a variant portion of the code image may be encrypted using a first variant content encryption key to generate a first encrypted variant portion. A second variant of a variant portion of the code image may be encrypted using a second variant content encryption key to generate a second encrypted variant portion. A code image bundle may be generated including the encrypted invariant portion, the first encrypted variant portion, and the second encrypted variant portion.

Abstract: A system, comprising an authentication module to generate a challenge to authenticate a user, the challenge to be distributed to members of a set of verifying parties; and grant the user access to a resource upon receiving an authenticating response to the challenge; and a combiner module to receive partial responses from members of the set of verifying parties upon verification of the user by each member, the verification made using a provided contextual identifier of the user; based on the partial responses reaching a threshold number of responses, combine the partial responses to obtain a combined response, and provide the combined response to the authentication module as an authenticating response to the challenge.

Abstract: In an example, a tangible machine-readable medium includes instructions which, when executed on at least one processor, cause the at least one processor to obtain an attestation public key bound to an identity associated with a root of trust of a platform. The instructions further cause the at least one processor to obtain a trusted time stamp associated with data collection by the platform. The instructions further cause the at least one processor to generate a signed measurement based on a trusted input as a nonce.

Abstract: A method for determining a connection status of a device to a cable within a network environment is provided. The method comprises obtaining a signal from a non-data carrying wire of the cable by a detector that is digitally isolated from data transmitted in a data carrying wire of the cable within the network environment, modifying the signal transmitted by the non-data carrying wire to the device and evaluating the modified signal to determine a connection status of the device to the cable.

Abstract: Examples of computing devices are described herein. In some examples, a computing device may include a controller to generate a key upon boot of the computing device. In some examples, the computing device may include a kernel driver. In some examples, the kernel driver may be to receive the key from a basic input/output system (BIOS) during operating system (OS) boot. In some examples, the kernel driver may be to receive an action request for a BIOS action from an application. In some examples, the kernel driver may be to sign the action request with the key in response to determining that the application is authorized to request the BIOS action. In some examples, the computing device may include the BIOS to perform the BIOS action in response to receiving the signed action request.

Abstract: In an example, a method of encryption is described to include generation of a content encryption key and a key encryption key. In that example, the content encryption key is wrapped based on a key wrap operation using the key encryption key and the wrapped content encryption key is encrypted using a policy encryption key. Further in that example, the policy encryption key is encrypted using a public key corresponding to a print apparatus. In an example, a method of decryption is described. The example method of decryption performs recovery of a policy object using a private key corresponding to a print apparatus. In that example, the policy object includes a wrapped key that is unwrapped using a key encryption key to recover a content encryption key usable to decrypt an encrypted electronic document.

Abstract: An example system includes a policy engine to measure a local environmental characteristic and determine whether a security policy is satisfied based on the environmental characteristic. The system also includes a signature engine to generate a partial signature using a share of a shared secret based on the security policy being satisfied.

Abstract: Instructions may be provided to cause a computing device to receive authorisation data, the authorisation data indicating a policy; output a cryptographic challenge, the cryptographic challenge associated with the computing device and the policy; receive a response to the cryptographic challenge; receive an indication that a hardware change has occurred or a cover of the computing device has been opened; and in response to a determination, based on the received response, that the cryptographic challenge is passed, react to the indication according to the policy.

Abstract: In some examples, a method for generating a low data rate signal for transmission from a first network domain to a second network domain, the second network domain logically separated from the first network domain by a firewall, can include encoding a signal from a first device logically positioned within the first network domain to form a data signal, and transmitting the data signal over an out-of-band communications channel from the first network domain to the second network domain.

Abstract: In an example, a method is described. The method comprises receiving a log comprising information about a computing system. The log is sent by a computing device associated with the computing system. The computing device comprises a first identity bound to a third identity of a certificate authority (CA) and a second identity bound to the first identity. The method further comprises receiving a signature for the log. The method further comprises verifying a certificate indicative of the second identity having been certified. The method further comprises verifying the received signature.

Abstract: According to aspects of the present disclosure, there is provided methods and devices for verifying integrity of a remote device, including a method comprising generating a first nonce value, transmitting the first nonce value, receiving a message from the remote device, the message comprising measurements of a configuration of the remote device and a cryptographic signature based on a private key of a public-private key pair of the remote device and a second nonce value, determining that the second nonce value was generated based on the first nonce value, and verifying the cryptographic signature based on the second nonce value and a public key of the public-private key pair of the remote device.

Abstract: In an example, a method includes obtaining an initial seed, a public parameter associated with a processing apparatus and an indication of a state of the processing apparatus. The method may further include generating, by the processing apparatus, a key corresponding to the state of the processing apparatus. The state of the processing apparatus may be based on a combination of the initial seed, the public parameter and the indication of the state.

Abstract: In an example a method includes retrieving, from a persistent memory, a previously-identified counter value corresponding to an iteration of a prime number generation procedure that previously produced a verified prime number. The method further includes re-generating, using processing circuitry implementing a deterministic prime number calculator and with the previously-identified counter value as an input to the deterministic prime number calculator, the verified prime number.

Abstract: In an example there is provided a method for a set of registered devices that are registered to participate in an authentication protocol, where each registered device has a share of an authentication key. The method comprises generating share data for a share of the authentication key. The share data is communicated from an authorised subset of the registered devices to a device. The share of the authentication key is generated at the device, on the basis of the share data. The share of the authentication key combines with shares of the registered devices to allow the device to participate in the authentication protocol.

Abstract: In an example, a method includes receiving a signed message generated by a computing device associated with a private key and a public key. The signed message includes an input message signed with the private key. The method further includes generating, using processing circuitry, a candidate public key based on the input message and the signed message using a public key recovery procedure. The method further includes determining the public key associated with the computing device based on an indication as to whether or not the candidate public key corresponds to the public key associated with the computing device.