A firmware upgrade method can be applied to a terminal, and include: receiving a broadcast message for broadcasting an updated firmware type sent by a cloud server; sending firmware information matching the firmware type to the cloud server; and receiving a firmware upgrade package corresponding to the firmware information pushed by the cloud server. As a result, the space of the storage medium of the terminal is effectively saved, and the efficiency of firmware upgrade is improved.

A method of authenticating a consumable or detachable element of a continuous inkjet printer comprising: the controller of the printer generating a 1.sup.st item of random information that is dispatched to an authentication circuit of the element; encrypting the 1.sup.st item of information by the authentication circuit using a 1.sup.st encryption algorithm and a 1.sup.st secret key to form a 1.sup.st item of encrypted random information; dispatching the 1.sup.st item of information to the controller; encrypting the 1.sup.st item of information by the controller using a 2.sup.nd encryption algorithm and a 2.sup.nd secret key to form a 2.sup.nd item of encrypted random information; comparing the 1.sup.st item of encrypted random information with the 2.sup.nd encrypted item of random information to authenticate the consumable element; and if the consumable element is authenticated, dispatching at least one part of a 3.sup.rd key, termed the shared key, by the element to the printer.

There is provided mechanisms for handling instances of a trusted execution environment on an execution platform. The trusted execution environment is associated with a secure cryptoprocessor. The secure cryptoprocessor holds a register. The trusted execution environment is configured to read from and write to the register at a given index i. A method is performed by the trusted execution environment. The method comprises checking, upon start of a new instance of the trusted execution environment, status of the register at the given index i, and wherein, when the register at the given index i has its status set to “undefined”, an internal status value is set to a first value, and else, when a value is read from the register at the given index i, the internal status value is set to a second value based on the read value. The method comprises writing the internal status value to the register at the given index i. The method comprises running the new instance. The method comprises, whilst running the new instance, reading a current value from the register at the given index i. The method comprises enabling the new instance to keep running only when the current value equals the internal status value.

A mobile device can detect an idle state and, in response, initiate an access monitoring function to covertly monitor activity involving a human interaction with the mobile device. The covert monitoring is undetectable by a user of the mobile device. The mobile device can then detect a human interaction with the mobile device and, in response, cause the mobile device to covertly capture and log one or more human interactions with the mobile device. An authorized user of the mobile device is enabled to review the log of human interactions with the mobile device.

A computing system and method has a pre-boot operating system stored in an encrypted form according to a first key on a first portion of a non-volatile data storage drive and a main operating system stored in an encrypted form according to a second key on a second portion of the non-volatile data storage drive. A system built in operating system (BIOS) chip is configured to initiate a first authentication process, obtain the first key after successful completion of the first authentication process, load and decrypt the pre-boot operating system into dynamic memory, and cause the pre-boot operating system to run. The pre-boot operating system is configured to initiate a second authentication process, obtain the second key after successful completion of the second authentication process, load and decrypt the main operating system into dynamic memory, and cause the main operating system to run.

In various examples there is a computing device comprising: a first microcontroller comprising a first immutable bootloader and first mutable firmware. The first immutable bootloader uses a unique device secret burnt into hardware of the computing device in order to generate an attestation of the first mutable firmware. The computing device has a second microcontroller. There is second mutable firmware at the second microcontroller. There is a second immutable bootloader at the second microcontroller which sends a measurement of the second mutable firmware to the first immutable bootloader whenever the second microcontroller restarts, such that the first microcontroller is able to include the measurement in the attestation.

An information handling system may include memory circuitry comprising a BIOS and a database including a first set of one or more cryptographic keys usable to authenticate code executable by the BIOS; and a physical storage medium other than the memory circuitry, wherein the physical storage medium includes a custom database including a second set of one or more cryptographic keys usable to authenticate code executable by the BIOS. The information handling system is configured to load a BIOS extension into the BIOS by: determining that the first set of one or more cryptographic keys does not include any key usable to authenticate the BIOS extension; determining that the second set of one or more cryptographic keys includes a particular key usable to authenticate the BIOS extension; authenticating the BIOS extension via the particular key; and in response to the authenticating, loading and executing the BIOS extension.

In illustrative embodiments, systems and methods are disclosed by which keystroke data may be securely delivered to an application executing on a computer. The keystroke data may traverse an atypical data path to the memory space of the application, and may be encrypted along its traversal of such data path, and my further be encrypted when it is delivered into the memory space of the application. The system may include a filter driver that is arranged in a driver stack with a keyboard device driver that ordinarily interacts with the keyboard, and the filter driver may receive keystroke data from the keyboard device driver, encrypt such data, and provide such encrypted data to a body of software instruction that it injected into the memory space of the application. The body of software instructions may, in turn, decrypt the encrypted data and provide the decrypted data to the application.

A new approach is proposed to support software update verification and malicious behavior detection. When a software update package is being delivered by a software vendor to an intended recipient, a software update registry intercepts the software update package and installs the software update on a software update sandbox regardless of the size of the software update package. All behaviors of the software update during unpacking, installation, and post-installation operations are monitored and analyzed by the software update sandbox to verify that there is no malicious behavior or component in the software update package. If the software update is verified to be safe, then the software update package is delivered to the intended recipient for installation. If the software update is determined to be unsafe, then the software update will be blocked.

Embodiments of systems and methods for deriving dependent symmetric encryption keys based upon a type of secure boot using a security processor are described. In some embodiments, a security processor may include: a core; and a memory coupled to the core, the memory having program instructions stored thereon that, upon execution by the core, cause the security processor to: retrieve a first symmetric key based, at least in part, upon a type of secure boot performed to bootstrap an Information Handling System (IHS); and derive a second symmetric key based, at least in part, upon the first symmetric key.