Abstract: Embodiments disclosed herein are directed at applying transformations to computer code residing in original libraries for protection against cyberattacks. For example, the transformations applied on original libraries cause random reorganization of the computer code resulting in a transformed version of an original library. Although a malicious attacker can utilize a known exploit of the original library and launch a cyberattack, such knowledge is of no use on the transformed version of the original library. In some embodiments, the transformed version of the original library is stored in cache memory and shared by multiple executable programs to facilitate efficient memory utilization.

Abstract: Embodiments disclosed herein are directed at applying transformations to computer code residing in original libraries for protection against cyberattacks. For example, the transformations applied on original libraries cause random reorganization of the computer code resulting in a transformed version of an original library. Although a malicious attacker can utilize a known exploit of the original library and launch a cyberattack, such knowledge is of no use on the transformed version of the original library. In some embodiments, the transformed version of the original library is stored in cache memory and shared by multiple executable programs to facilitate efficient memory utilization.

Abstract: Example implementations relate to capturing and/or recovering components of a computing system. A recovery service may receive a recovery script from an external recovery script repository, wherein the recovery script may include a number of actions, each respective action being a capture action or a recovery action. For action in the recovery script, the recovery service may request a recovery agent to perform the action on a component of the computing system.

Abstract: Example implementations relate to capturing and/or recovering components of a computing system. A recovery service may receive a recovery script from an external recovery script repository, wherein the recovery script may include a number of actions, each respective action being a capture action or a recovery action. For action in the recovery script, the recovery service may request a recovery agent to perform the action on a component of the computing system.

Abstract: Data to be output to a removable storage medium is encrypted for sending to an output device by an encryption process based on encryption parameters comprising public data of a trusted party and an encryption key string comprising a policy for allowing the output of the data. The trusted party provides a decryption key to the output device but only after being satisfied that the policy has been met. The decryption key is generated in dependence on the encryption key string and private data of the trusted party. The output device uses the decryption key in decrypting the data to be output. Embodiments are provided that involve multiple policies and trusted parties.

Abstract: A data-handling system (20) is arranged to scan through data it holds for instances of sensitive information as identified by reference (35) to a set of sensitive-information identifiers held by the system. Each identifier identifies one or more items of sensitive information (25) and is so formed or protected as to not reveal any such item. Following an instance of sensitive information being found by the scan, it is replaced by a reference to an instance of the corresponding sensitive-information item (25) held in protected storage (21). As a result, in due course the only instances of, sensitive information held by the system (20) will be those in the protected storage (21).

Abstract: A secure transaction method is provided for publicly-accessible transaction terminals. The method uses quantum key distribution (QKD) between a hand-portable QKD device and a complimentary QKD apparatus incorporated the transaction terminal. After the QKD device has been brought up to the transaction terminal, the QKD device and the complimentary QKD apparatus of the terminal are is used to provide the device and terminal with new secret shared random material. The new secret shared random material is then used to establish a secure classical communication channel between the device and transaction terminal for conducting a transaction. An ATM terminal and POS terminal that use quantum key distribution are also disclosed.

Abstract: A method and device are disclosed for identifying an item of equipment previously selected by a user. At the time the user selects the item of equipment a reading of a biometric characteristic of the user is taken to provide first biometric data that is then stored for access only by the user-selected item. Subsequently, a user-associated device is used to contact an item of equipment and determine whether the contacted item is the user-selected item by checking whether the contacted item can provide biometric data that matches second biometric data known to correspond to the user. Preferably, the device also checks whether the contacted item of equipment is trustable. User-selectable equipment facilitating identification using biometrics is also disclosed.

Abstract: A trusted authority delegates authority to a device. This delegation of authority is effected by providing a yet-to-be completed chain of public/private cryptographic key pairs linked in a subversion-resistant manner. The chain terminates with a penultimate key pair formed by public/private data, and a link towards an end key pair to be formed by an encryption/decryption key pair of an Identifier-Based Encryption, IBE, scheme. The private data is securely stored in the device for access only by an authorized key-generation process that forms the link to the end key pair and is arranged to provide the IBE decryption key generated using the private data and encryption key. This key generation/provision is normally only effected if at least one condition, for example specified in the encryption key, is satisfied. Such a condition may be one tested against data provided by the trusted authority and stored in the device.

Abstract: To regulate access to a service provided by a service provider, a service authoriser generates for each of multiple service time periods a different respective data set comprising private data and related public data. The service provider uses the public data for a current time period and an encryption key string to generate encrypted data which a party wanting to receive the service must decrypt. The service authoriser provides a decryption key to the party after determining that the party is entitled to receive the service for a particular service time period; the decryption key is generated using the aforesaid encryption key string and the private data of the data set for the service period concerned. The party can then decrypt the encrypted data it receives provided that the period for which the data has been encrypted is the same as that for which the decryption key was generated.

Abstract: A method and system is provided for enabling a service provider to limit service access to registered members of a group. The service provider encrypts data using an encryption key string and public data provided by the membership authority, and provides the encrypted data to a party wanting a particular service. To receive the service, the party must decrypt the encrypted data using a decryption key that has been obtained from a group membership authority preferably subsequent to the encrypted data being received by the party. The membership authority provides the decryption key only if the party is a group member, the authority generating the decryption key using the encryption key string and private data used in deriving the public data.