Abstract: Examples associated with cryptographic key security are described. One example system includes a secure storage accessible to a basic input/output system (BIOS). A BIOS security module stores an authorization value in a fixed location in the secure storage. The authorization value is stored by the BIOS during a boot of the system. A cryptographic key module reads the authorization value from the fixed location, overwrites the authorization value in the fixed location, and obtains a cryptographic key using the authorization value.

Abstract: An example computing device includes a first storage device storing a firmware. The computing device also includes a second storage device storing an operating system of the computing device. The computing device further includes a processor. The processor is to retrieve a recovery agent from another computing device via the firmware; validate the recovery agent; execute the recovery agent to retrieve recovery data; validate the recovery data; and repair the operating system using the recovery data via the recovery agent.

Abstract: An example computer system includes a memory having a computer program, a set of data containing a cryptographic first hash protected by a code, and a set of trusted security guidelines for operating an electronic device; a trusted platform module device to store a second hash associated with the computer program; a trusted application computing agent to establish that a hardware initialization sequence of the electronic device is trusted upon matching the first hash with the second hash; and a controller to operate the computer program on the electronic device according to the set of trusted security guidelines.

Abstract: Examples associated with presence identification are described. One example includes detecting a presence identifier broadcast by a mobile device. The mobile device belongs to a user. A portion of the presence identifier is generated based on a one-time password seed. The portion of the presence identifier is provided to an identification server. Identifying information associated with the user is received from the identification server. The identification server uses the portion to identify the user based on the one-time password seed. An action is performed based on the identifying information.

Abstract: A computer program product for providing notifications to a user of an intrusion into firmware includes, in one example, non-transitory computer readable medium including computer usable program code embodied therewith to, when executed by a processor, detect intrusion to the firmware of a computing system during runtime in a system management mode.

Abstract: Examples associated with heartbeat signal verification are disclosed. One example includes verifying a provisioning key using a trusted key. The provisioning key is received from a remote device via an intermediary process. An intermediate key provided by the intermediary process is verified using the provisioning key. A session identifier encrypted using the intermediate key and provided to the intermediary process. A first heartbeat signal is received from intermediary process. The heartbeat signal is generated based on the session identifier.

Abstract: An example computing device includes a first storage device storing a firmware. The computing device also includes a second storage device storing an operating system of the computing device. The computing device further includes a processor. The processor is to retrieve a recovery agent from another computing device via the firmware; validate the recovery agent; execute the recovery agent to retrieve recovery data; validate the recovery data; and repair the operating system using the recovery data via the recovery agent.

Abstract: In an example, a method includes pairing a first electronic device and a data relay apparatus associated with a second electronic device to establish a secure wireless communication link therebetween. Each of the first electronic device and the data relay apparatus may be associated with an identifier and a verifier, each verifier being to verify the identifier of the other of the first electronic device or data relay apparatus. The pairing may include mutual verification of an identifier using the verifier, establishing shared key data and using the shared key data to establish a shared secret value for use in determining a derived key.

Abstract: Examples associated with certificate analysis are disclosed. One example periodically analyzing a secure socket layer certificate chain between a client device and a server device. The client device may perform this periodic analysis. In response to detecting an unexpected certificate in the secure socket layer certificate chain, a responsive action is taken.

Abstract: An example computer system includes a memory having a computer program, a set of data containing a cryptographic first hash protected by a code, and a set of trusted security guidelines for operating an electronic device; a trusted platform module device to store a second hash associated with the computer program; a trusted application computing agent to establish that a hardware initialization sequence of the electronic device is trusted upon matching the first hash with the second hash; and a controller to operate the computer program on the electronic device according to the set of trusted security guidelines.

Abstract: Examples herein disclose a processor-based computing system. The system comprises at least one processor, a non-volatile memory comprising a basic input output system (BIOS), wherein the BIOS creates a data structure and sets up at least one verification software component executed by the processor, a controller communicatively linked to the at least one verification software component, and a memory comprising a system management memory coupled to the at least one processor and code which is executable by the processor-based system to cause the processor to validate the BIOS during a runtime of the processor-based system using the at least one verification software component and the controller.

Abstract: Examples associated with basic input/output system (BiOS) security are described. One example includes detecting a mismatch between an active BiOS setting and a saved BIOS setting. An update previously applied to the active BiOS setting is validated. The update Is applied to the saved BIOS setting creating an updated BIOS setting. The saved BIOS setting is updated when the updated BIOS setting and the active BIOS setting match. The saved BIOS setting is updated to the active BIOS setting. A security action is taken when the updated BiOS setting and the active BiOS setting differ.

Abstract: A computing device includes a processor, a memory coupled to the processor, and a non-transitory computer readable storage medium coupled to the processor that includes instructions, that when executed by the processor, cause the processor to manage a transition between a first operating system and a second operating system. The instructions cause the processor to instantiate a copy-on-write virtual computing system executing a first operating system, delete a second operating system from the non-transitory computer readable storage medium or the memory, copy the first operating system to the non-transitory computer readable storage medium. The instructions can further cause the processor to instantiate the first operating system on the computing device.

Abstract: Examples associated with cryptographic key security are described. One example system includes a secure storage accessible to a basic input/output system (BIOS). A BIOS security module stores an authorization value in a fixed location in the secure storage. The authorization value is stored by the BIOS during a boot of the system. A cryptographic key module reads the authorization value from the fixed location, overwrites the authorization value in the fixed location, and obtains a cryptographic key using the authorization value.

Abstract: Examples associated with basic input/output system (BIOS) up-dates are described. One example method includes system management mode locking a first pre-extensible firmware interface initialization (PEI) region and a driver execution environment (DXE) region of a shared serial peripheral (SPI) chip of a BIOS of a computer. A second PEI region of the shared SPI chip is chipset locked. A record in a system management random access memory associated with a video option read only memory (ROM) is created. The video option ROM is loaded. The first PEI region is updated, and periodic graphical updates regarding the progress of updating the first PEI region are provided using the video option ROM.

Abstract: In one example of the disclosure, an encrypted document and an encryption key for decrypting the encrypted document are received from a computer. Presence data for a printer is received via a first wireless network. A user instruction to print the encrypted document at the printer is received. A credential is received from the printer via the first wireless network, where the credential for communication with the printer via a second wireless network with greater bandwidth than the first wireless network. The encrypted document and the encryption key are sent to the printer, where the printer is to utilize the encryption key to decrypt the encrypted document and is to print the document following decryption.

Abstract: A technique includes sensing energy emitted from an object using an omnidirectional antenna of electronic device and sensing the energy using a unidirectional antenna of the electronic device. The technique includes, based at least in part on the sensing of energy using the omnidirectional antenna and the sensing of the energy using the unidirectional antenna, determining whether an image of the object is displayed in a camera viewfinder of the electronic device. The technique includes selectively causing the electronic device to generate an output based at least in part on the determination.

Abstract: According to an example of accessing a composite document, a request to access a composite document is received. A key associated with a group is fetched, and the key is used to decrypt a part of the composite document comprising an attribute. In the event that the attribute is verified, access to the composite document is provided.

Abstract: According to one example, a first computer system receives at least one request by at least one workflow participant to access a composite document content-part from a second computer system. The first computer system retrieves at least one encrypted bundle from the composite document for the at least one workflow participant, decrypts the encrypted bundle using a private key, and ascertains whether at least one rule retrieved from the decrypted bundle is satisfied. In the event that at least one rule is satisfied, the first computer system releases a token from the decrypted bundle to the second computer system to access the composite document content-part.

Abstract: In one example of the disclosure, an encrypted document and an encryption key for decrypting the encrypted document are received from a computer. Presence data for a printer is received via a first wireless network. A user instruction to print the encrypted document at the printer is received. A credential is received from the printer via the first wireless network, where the credential for communication with the printer via a second wireless network with greater bandwidth than the first wireless network. The encrypted document and the encryption key are sent to the printer, where the printer is to utilize the encryption key to decrypt the encrypted document and is to print the document following decryption.