Abstract: In an example, a method of encryption is described to include generation of a content encryption key and a key encryption key. In that example, the content encryption key is wrapped based on a key wrap operation using the key encryption key and the wrapped content encryption key is encrypted using a policy encryption key. Further in that example, the policy encryption key is encrypted using a public key corresponding to a print apparatus. In an example, a method of decryption is described. The example method of decryption performs recovery of a policy object using a private key corresponding to a print apparatus. In that example, the policy object includes a wrapped key that is unwrapped using a key encryption key to recover a content encryption key usable to decrypt an encrypted electronic document.

Abstract: An example system includes a policy engine to measure a local environmental characteristic and determine whether a security policy is satisfied based on the environmental characteristic. The system also includes a signature engine to generate a partial signature using a share of a shared secret based on the security policy being satisfied.

Abstract: In an example there is provided a method for a set of registered devices that are registered to participate in an authentication protocol, where each registered device has a share of an authentication key. The method comprises generating share data for a share of the authentication key. The share data is communicated from an authorised subset of the registered devices to a device. The share of the authentication key is generated at the device, on the basis of the share data. The share of the authentication key combines with shares of the registered devices to allow the device to participate in the authentication protocol.

Abstract: In an example there is provided a method of issuing a command. A request is received from a device in a set of registered devices, the request comprising a command for execution at a remote device. The request is communicated to the set of registered devices. A response to the request is received from each device in a subset of the set of registered devices. A further request to execute the command, is communicated to the remote device on the basis of the responses. The command executes on the remote device when the subset of devices is an authorised subset of the registered devices.

Abstract: In an example there is provided a method of authenticating a user. An authentication challenge is received in response to a request to authenticate a user. The challenge is distributed to each device from a subset of a set of registered devices. At each device a share of an authentication token is accessed and a partial response to the challenge is generated based on an authentication token and challenge. A response to the challenge is generated by combining the partial responses from the subset of devices, and is communicated to an authenticator. The user is authenticated when the subset of devices is an authorised subset. Every authorised subset of the set of registered devices comprises at least one device from the first group of devices.

Abstract: A network printing system comprising a user device to encrypt a print job using a public key of a user and to transmit the encrypted print job to a print server. The system may further comprise the print server to re-encrypt the encrypted print job using the re-encryption key. The system may further comprise the printer to decrypt the re-encrypted print job using a private key of the printer and print the decrypted print job.

Abstract: In an example, a method includes requesting, from a node associated with a group comprising a plurality of computing devices associated with an access structure defining a set within the group of computing devices, an attestation of a capability of the set; receiving the attestation; and implementing, based on the received attestation, a procedure according to a device capability policy.

Abstract: In an example there is provided a method to certify a cryptographic key. The method comprises accessing an identifier stored at a secure location on the computing device, generating a cryptographic key according to a key generation process and certifying the cryptographic key is authentically generated during the boot process of the computing device, on the basis of the identifier.

Abstract: In an example, a method of encryption is described to include generation of a content encryption key and a key encryption key. In that example, the content encryption key is wrapped based on a key wrap operation using the key encryption key and the wrapped content encryption key is encrypted using a policy encryption key. Further in that example, the policy encryption key is encrypted using a public key corresponding to a print apparatus. In an example, a method of decryption is described. The example method of decryption performs recovery of a policy object using a private key corresponding to a print apparatus. In that example, the policy object includes a wrapped key that is unwrapped using a key encryption key to recover a content encryption key usable to decrypt an encrypted electronic document.

Abstract: An apparatus, being a network entity of a computer network is provided. The apparatus comprises a communication module to receive and to send information on a blockchain. Moreover, the apparatus comprises a query module to obtain from a master chain of the blockchain a rule for a first shard and a second shard of the blockchain with respect to a smart contract. Furthermore, the query module is to obtain information on the smart contract from the first shard or from the second shard depending on the rule. Moreover, the query module is to output the information on the smart contract.

Abstract: A network printing system comprising a user device to encrypt a print job using a public key of a user and to transmit the encrypted print job to a print server. The system may further comprise the print server to re-encrypt the encrypted print job using the re-encryption key. The system may further comprise the printer to decrypt the re-encrypted print job using a private key of the printer and print the decrypted print job.

Abstract: There are disclosed techniques for anonymously accessing to services, e.g., in remote locations. According to a method, an ephemeral identity may be generated. A token associated to the ephemeral identity may be requested. The request may have a signature based on the persistent identity. The requested token may be received. The token may have signature of a token issuer. In case of intention of accessing a service, the token may be submitted.

Abstract: Examples associated with distributed authentication are described. One example includes generating a paired public key and private key associated with a user. The private key is split into a set of shares, which are distributed to a set of devices associated with the user. A challenge is generated to authenticate the user to grant the user access to a resource upon receiving an authenticating response to the challenge. The challenge is distributed to members of the set of devices. Partial responses are received from members of the set of devices and combined into a group signature. The group signature serves as an authenticating response to the challenge when generated from partial responses received from a threshold number of members of the set of devices.

Abstract: Examples associated with distributed authentication are described. One example includes generating a paired public key and private key associated with a user. The private key is split into a set of shares, which are distributed to a set of devices associated with the user. A challenge is generated to authenticate the user to grant the user access to a resource upon receiving an authenticating response to the challenge. The challenge is distributed to members of the set of devices. Partial responses are received from members of the set of devices and combined into a group signature. The group signature serves as an authenticating response to the challenge when generated from partial responses received from a threshold number of members of the set of devices.

Abstract: Examples associated with distributed authentication are described. One example includes generating a paired public key and private key associated with a user. The private key is split into a set of shares, which are distributed to a set of devices associated with the user. A challenge is generated to authenticate the user to grant the user access to a resource upon receiving an authenticating response to the challenge. The challenge is distributed to members of the set of devices. Partial responses are received from members of the set of devices and combined into a group signature. The group signature serves as an authenticating response to the challenge when generated from partial responses received from a threshold number of members of the set of devices.