Abstract: A computing node in a distributed information security system, wherein the computing node is adapted to communicate with a subset of clients of the distributed information security system, wherein the computing node provides at least one cryptographic service for the clients of the subset, wherein the computing node is provisioned with a plurality of keys for use by said at least one cryptographic service, wherein the computing node is adapted to associate a key from the plurality of keys to a service request for a client according to a deterministic process based on one or more data associated with the client. A distributed information security system comprising a plurality of such nodes is also described, together with a method of providing a cryptographic service at such a computing node.

Abstract: A method of maintaining a secure relationship between a client device and a server is described. The client device receives a first challenge from the server and determines and provides a first response to the first challenge. A cookie is established associated with the secure relationship. This cookie is shared between the client and the server. To establish the secure relationship in a later interaction, the client provides the cookie to the server. The server then provides both the first challenge and a second challenge, to which the client determines a first response and a second response. The client then provides a composite response from which the first response and the second response are derivable by the server, allowing the server to be assured that the secure relationship exists. Each challenge uses a challenge function adapted to provide a fingerprint of the client device. Methods at both client and server, and suitably configured client and server, are also described.

Abstract: A method of providing a secure service at a computing node is described. The secure service is for a requesting party external to the computing node. The following steps take place at the computing node. A service request is received from the requesting party. This service request comprises a request to generate a credential. The credential is then generated, and service-related information is obtained. The credential and the service-related information are encrypted using an encryption process to form an encrypted message part. A service-identifying clear message part is also created, and a message is sent comprising the clear message part and the encrypted message part to the requesting party. Methods of using such a message to validate the credential, and of using such a message to confirm the integrity of service-related information held in the message, are also described, as is computing apparatus adapted to carry out one or more of these methods.

Abstract: A method is described of managing service events in a distributed computing system. The distributed computing system comprises a plurality of computing nodes able to perform a service using a service process. The method takes place at one of the computing nodes. A service event is received or created. This service event is identified by a combination of a node identifier, a time element, and a local counter value. The local counter value represents a number of service events performed by a service process for a user since a last reset. The identified service event is then stored in a service process database according to node identifier and local counter values. The service process database is used to manage service events in the distributed system.

Abstract: A computing node in a distributed information security system, wherein the computing node is adapted to communicate with a subset of clients of the distributed information security system, wherein the computing node provides at least one cryptographic service for the clients of the subset, wherein the computing node is provisioned with a plurality of keys for use by said at least one cryptographic service, wherein the computing node is adapted to associate a key from the plurality of keys to a service request for a client according to a deterministic process based on one or more data associated with the client. A distributed information security system comprising a plurality of such nodes is also described, together with a method of providing a cryptographic service at such a computing node.

Abstract: A method for a computing node to provide a cryptographic key in response to a service request, the method comprising: establishing a key list, wherein the key list comprises key identifiers for a plurality of keys; receiving a service request and identifying that a key is required in response to the service request; and using a deterministic process from data associated with the service request to allocate one of the key identifiers and hence the key associated with said one of the key identifiers to the service request. A suitably configured computing node is also described.

Abstract: A method is described of monitoring a service performed at a computing node. The computing node is one of a plurality of computing nodes in a distributed computing system. Each computing node is adapted to perform at least one service for clients. A monitoring process is adapted to monitor a service process performing the process. In the method, the monitoring process monitors the service process on performance of the service. The monitoring service then provides monitoring information to a monitoring process for another service process. A suitable computing node for performing the service is described, as is a coordinated monitoring service for supporting multiple monitoring services.

Abstract: A method for determining the presence of a human being, comprising: measuring (S6) a movement (MOV) of a first device (4) by a sensor (44) of said first device (4), determining the presence of a human being on the basis of the measured movement (MOV).