Abstract: The present disclosure relates to methods, devices, and computer-readable media. In an example there is disclosed a method comprising detecting a state of a computing device, the computing device comprising at least one component. The method may further comprise comparing the detected state with a certified state of the device, the certified state indicating an expected state of the device as certified by a trusted authority. The method may further comprise, in response to the detected state and the certified state being different, identifying a component as a source of the difference and checking, by the trusted authority, whether the component is legitimate or not. The method may further still comprise, in response to the component being legitimate, certifying the difference and updating the certified state.

Abstract: An example system with a pre-OS (Operating System) environment, the pre-OS environment includes a private memory that is isolated from a processor of the system. The pre-OS environment also includes an embedded controller (EC) coupled to the private memory, where the EC includes an embedded key. The EC is to execute instructions to generate an encryption key based on the embedded key; generate a signature key; obtain data; produce an integrity-verification tag based on a hash of the obtained data, where the hash employs the signature key; encrypt the obtained data based on the encryption key; store the encrypted data in the private memory; and store the integrity-verification tag in the private memory in association with the stored encrypted data.

Abstract: A method for regulating modification of a distributed digital ledger at a node comprises controlling access to a cryptographic key used to enable modification of the distributed digital ledger according to a policy maintained by at least one owner of the distributed digital ledger.

Abstract: A method for providing a set of certificates encoding authorisations, the method comprising processing respective ones of multiple authorisation requests at a trusted signing authority apparatus to verify respective digital signatures applied to the requests, the multiple authorisation requests received over a first communication link between the trusted signing authority apparatus and an administration apparatus, validating one or more authorisation request parameters of respective ones of the authorisation requests, generating a certificate encoding an authorisation at the trusted signing authority apparatus and transmitting the generated certificate to the administration apparatus or a requesting apparatus over a second communication link.

Abstract: An apparatus includes a solid-state a solid-state non-volatile computer memory; and a controller coupled to the memory. The controller to: generate a data set including a tag that indicates that the data set is valid; write the data set into a block of the memory, wherein the block includes multiple addressable locations set to a common first binary value before the write; generate a subsequent data set including a tag that indicates that the subsequent data set is valid; update the tag of the written data set to indicate that the written data set is invalid, wherein the update includes setting an addressable location corresponding to the tag to second binary value different from the first binary value; write the subsequent data set to addressable locations in the block of memory other than the addressable locations of the invalid data set.

Abstract: In an example there is provided a method of issuing a command. A request is received from a device in a set of registered devices, the request comprising a command for execution at a remote device. The request is communicated to the set of registered devices. A response to the request is received from each device in a subset of the set of registered devices. A further request to execute the command, is communicated to the remote device on the basis of the responses. The command executes on the remote device when the subset of devices is an authorised subset of the registered devices.

Abstract: The disclosure provides a method for verifying authenticity of a component in a product. The method may comprise collecting data relating to a characteristic of the component. The method may further comprise comparing the data to a profile for the component. The profile may comprise an expected characteristic for the component. The method may further comprise determining whether the collected data matches the expected characteristic. The disclosure further provides an apparatus and program.

Abstract: A controller for a fulfilment service operation is described in which the controller, before initiating fulfilment of the job, operates to determine if an authorised user is present at a fulfilment service device and to determine if the user intends to remain attendant at the fulfilment service device for the duration of fulfilment of the job. If the user moves away from the fulfilment service device, the controller operates to pause the job. If the user remains away from the fulfilment service device for a period of time, the controller operates to cancel the job.

Abstract: Secure code image delivery may include encrypting, using an invariant content encryption key, an invariant portion of a code image for a set of electronic devices to generate an encrypted invariant potion of the code image. A first variant of a variant portion of the code image may be encrypted using a first variant content encryption key to generate a first encrypted variant portion. A second variant of a variant portion of the code image may be encrypted using a second variant content encryption key to generate a second encrypted variant portion. A code image bundle may be generated including the encrypted invariant portion, the first encrypted variant portion, and the second encrypted variant portion.

Abstract: In an example there is provided a method of authenticating a user. An authentication challenge is received in response to a request to authenticate a user. The challenge is distributed to each device from a subset of a set of registered devices. At each device a share of an authentication token is accessed and a partial response to the challenge is generated based on an authentication token and challenge. A response to the challenge is generated by combining the partial responses from the subset of devices, and is communicated to an authenticator. The user is authenticated when the subset of devices is an authorised subset. Every authorised subset of the set of registered devices comprises at least one device from the first group of devices.

Abstract: A network printing system comprising a user device to encrypt a print job using a public key of a user and to transmit the encrypted print job to a print server. The system may further comprise the print server to re-encrypt the encrypted print job using the re-encryption key. The system may further comprise the printer to decrypt the re-encrypted print job using a private key of the printer and print the decrypted print job.

Abstract: A method and system are disclosed. The method comprises receiving, by a mobile computing device, from an output device communicatively coupled to the mobile computing device, location data defining an identity of the output device and/or a location of the output device; generating, by the mobile computing device, response data defining an identity of the mobile computing device and defining the identity of the output device and/or the location of the output device based on the output data; generating, by the mobile computing device, authentication data to authenticate the response data; and outputting, by the mobile computing device, the response data and the authentication data for communication to a remote computer located remotely of the mobile computing device.

Abstract: In an example, a method includes requesting, from a node associated with a group comprising a plurality of computing devices associated with an access structure defining a set within the group of computing devices, an attestation of a capability of the set; receiving the attestation; and implementing, based on the received attestation, a procedure according to a device capability policy.

Abstract: In an example there is provided a method to certify a cryptographic key. The method comprises accessing an identifier stored at a secure location on the computing device, generating a cryptographic key according to a key generation process and certifying the cryptographic key is authentically generated during the boot process of the computing device, on the basis of the identifier.

Abstract: In one example in accordance with the present disclosure, a computing device is described. The computing device includes an encryption device to encrypt, using an encryption key, a document to be rendered. A generating device generates multiple shares of a decryption key using a secret-sharing scheme. A threshold number of the multiple shares allows decryption of the document. A transmit device transmits different shares of the multiple shares to different devices. The document is rendered when the threshold number of multiple shares are rejoined at a rendering device.

Abstract: A method for determining a connection status of a device to a cable within a network environment is provided. The method comprises obtaining a signal from a non-data carrying wire of the cable by a detector that is digitally isolated from data transmitted in a data carrying wire of the cable within the network environment, modifying the signal transmitted by the non-data carrying wire to the device and evaluating the modified signal to determine a connection status of the device to the cable.

Abstract: A method of operating a service provider server and a computing device to provide anonymous service access. For the service provider server, the method comprises: receiving a service message from a computing device; and determining whether to send a service response message, and if so sending a service response message. The service message includes a pseudonym associated with the computing device, service data and a signature on the pseudonym generated by either the service provider server or an identity manager. The service response message is broadcast by the service provider server or transmitted to the identity manager.

Abstract: An example system with a pre-OS (Operating System) environment, the pre-OS environment includes a private memory that is isolated from a processor of the system. The pre-OS environment also includes an embedded controller (EC) coupled to the private memory, where the EC includes an embedded key. The EC is to execute instructions to generate an encryption key based on the embedded key; generate a signature key; obtain data; produce an integrity-verification tag based on a hash of the obtained data, where the hash employs the signature key; encrypt the obtained data based on the encryption key; store the encrypted data in the private memory; and store the integrity-verification tag in the private memory in association with the stored encrypted data.

Abstract: A method comprising: receiving, by a blockchain maintainer, a client request for a cryptographic token, the cryptographic token to allow the client to access a particular service from a service provider; processing, by the blockchain maintainer, the request using a blockchain smart contract to determine if the client request is valid; if the client request is determined to be valid, including the client request in the blockchain; generating, by a token issuer, the requested cryptographic token in response to inclusion of the valid client request in the blockchain; and issuing the generated cryptographic token to the client.

Abstract: According to aspect of the disclosure, there are provided methods and apparatus for connecting a peripheral device to a computer system, including an apparatus for interfacing with a peripheral device, the apparatus comprising a port configured to couple to the peripheral device, a processor, a memory coupled to the processor and comprising a software module comprising instructions that when executed on the processor protect the device from a peripheral device coupled to the port, and a hardware security controller coupled to the port, the hardware security controller configured to monitor execution of the software module by the processor and to disable the port in response to determining that the software module is not executing.