Abstract: A method of security monitoring of data files in a computer platform is carried out by a trusted component having a processor and trusted memory area. The method comprises creating one or a plurality of data files in an untrusted memory area of said computing platform, for each created data file, periodically generating a digest data by applying a hash function to each data file, storing the digest data in a trusted memory area and for each file periodically comparing a current digest data of the file with a previously generated digest data of the file. Any differences between a previous and a current digest data indicate that a file in the untrusted memory area has been corrupted.

Abstract: A data structure has within it the following elements: an identification of a data structure type; and a proof that two or more instances of the data structure type are as trustworthy as each other. Methods and devices using such data structures are described.

Abstract: In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications. In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’.

Abstract: A computer apparatus for creating a trusted environment comprising a trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner; a processor arranged to allow execution of a first trust routine and associated first operating environment, and means for restricting the first operating environment access to resources available to the trust routine, wherein the trust routine being arranged to acquire the first integrity metric and a second integrity metric to allow determination as to whether the first operating environment is operating in a trusted manner.

Abstract: The preferred embodiment of the invention comprises a computer system which employs a trusted display processor (260), which has a trusted processor (300) and trusted memory (305, 315, 335, 345) physically and functionally distinct from the processor and memory of the computer system. The trusted display processor (260) is immune to unauthorised modification or inspection of internal data. It is physical to prevent forgery, tamper-resistant to prevent counterfeiting, and has crypto functions (340) to securely communicate at a distance. The trusted display processor (260) interacts with a user's smartcard (122) in order to extract and display a trusted image, or seal (1000), generate a digital signature of the bitmap of a document image and control the video memory (315) so that other processes of the computer system cannot subvert the image during the signing process. The user interacts with the trusted display processor via a trusted switch (135).

Abstract: A computing entity comprises a trusted monitoring component having a first processing means and a first memory means, the trusted monitoring component being a self-contained autonomous data processing unit, and a computer platform having a main processing means and a main memory area, along with a plurality of associated physical and logical resources such as peripheral devices including printers, modems, application programs, operating systems and the like. The computer platform is capable of entering a plurality of different states of operation, each state of operation having a different level of security and trustworthiness. Selected ones of the states comprise trusted states in which a user can enter sensitive confidential information with a high degree of certainty that the computer platform has not been compromised by external influences such as viruses, hackers or hostile attacks.

Abstract: A computing apparatus comprises a plurality of hardware modules (102,104,106) and a shared communication infrastructure (110) by which the modules can communicate with each other in the usual way. In order to increase the level of trust and security in the apparatus, a trusted hardware module (120) is also provided and is connected to the other modules by respective communication paths (122a;122b;122c), distinct from the communication infrastructure, by which each of those modules can communicate directly with the trusted module but cannot communicate directly with any other of the modules. The trusted module can therefore have secure communications, for example of “unsafe” data, with each of the other modules without any of the remaining modules eavesdropping, and the trusted module can route unsafe data between any pair of the other modules, or decline to provide such routing, for example in dependence on policy stored in the trusted module.

Abstract: There is disclosed a computer entity having a trusted component which compiles an event log for events occurring on a computer platform. The event log contains event data of types which are pre-specified by a user by inputting details through a dialogue display generated by the trusted component. Items which can be monitored include data files, applications drivers and the like. The trusted component operates through a monitoring agent which may be launched onto the computer platform. The monitoring agent may be periodically interrogated to make sure that it is operating correctly and responding to interrogations by the trusted component.

Abstract: In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications. In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’.

Abstract: A computer system comprises a processor that is arranged to alter at least one aspect of operation only if a command to alter that at least one aspect is provided by a valid user. For this aspect of operation, a valid user may be a user authenticated by the processor by establishing that the user possesses a secret, or may be a user who satisfies a condition for physical presence at the computer system. However, for a predetermined time after authentication by establishment of possession of the secret has taken place, the processor will not be responsive to the or each such command when issued by a user who is not authenticated by the processor but who satisfies a condition for physical presence at the computer system. This approach is of particular value in the provision of commands to a trusted component of trusted computing apparatus.

Abstract: Processing apparatus, such as a trusted platform, is provided with an access-control arrangement for handling a tree-structured hierarchy such as a key hierarchy. The access-control arrangement only permits access to a particular node of the hierarchy upon receiving a reliable indication that a mechanism expected to resist subversion will attempt to enforce appropriate access restrictions on that node. Such a mechanism is, for example, a protected process executing in a benign environment in the apparatus. The indication that the mechanism is in place is provided by a trusted source, such as a hardware root of trust responsible for initiating the mechanism. Access to the particular node opens the way to revealing that node, and any descendants, to the protected process.

Abstract: A computer apparatus for creating a trusted environment comprising a trusted device arranged to acquire a first integrity metric to allow determination as to whether the computer apparatus is operating in a trusted manner; a processor arranged to allow execution of a first trust routine and associated first operating environment, and means for restricting the first operating environment access to resources available to the trust routine, wherein the trust routine being arranged to acquire the first integrity metric and a second integrity metric to allow determination as to whether the first operating environment is operating in a trusted manner.

Abstract: An information security system is disclosed having a considerably simplified access control infrastructure. The number of secrets in a computer system domain is reduced to a minimum, yet individual users may still be identified and access to applications may still be individually controlled. The trusted entity in each of a plurality of platforms (100, 200, 202, 203) of the computer system may store an identity secret of the platform (100, 200, 202, 203) and may be trusted to use that secret in conjunction with an information label only when the platform (100, 200, 202, 203) is running the correct software to provide and/or take part in a particular service associated with that information label.

Abstract: There are many times when a secret needs to be used in a distributed computing system—these are often held in security tokens, such as smart cards. It may be desirable for another device, such as a computer platform to act in place of the security token as the repository of a secret, particularly for operations within a distributed computing system. Within the distributed computing system there is located a trusted entity, physically and logically resistant to unauthorized modification—this may be a trusted device located within a specific computing platform. This contains validation information which can be communicated to the security token. The security token then carries out a validation process on this validation information—if successful, the security token then provides a secret to the trusted device for use within the distributed computing system. The trusted device may be required to use this secret only for a specified period of time, or for a specific purpose or task.

Abstract: A computer platform has a trust mechanism adapted to assure third parties interacting with the computer platform that the computer platform operates according to an indicated specification and a trusted execution area for execution of operations upon data. The trust mechanism guarantees the trusted status of the trusted execution area. In respect of the trusted execution area, privacy of third party data, or of audit of processes carried out on third party data, or of both, can be assured by the trust mechanism. This can in one arrangement be achieved by use of an audit data portal to provide controlled access to audit data.

Abstract: A computing platform for receiving one or more electronic sites or services from a remote target computing platform is adapted to indicate, visually or otherwise, to a user thereof that the target computing platform includes a physically and logically protected computing environment.

Abstract: An audio processing method and apparatus are described for discouraging vocalization or the production of complex sounds. The method comprises the steps, performed in a repeating cycle, of: receiving (74) ambient audio; detecting (74) when the received ambient audio is loud; and broadcasting (84, 92) a burst of output audio so as to mix with the ambient audio, the burst of output audio being timed in dependence upon the detection of loud ambient audio.

Abstract: A trusted service which publishes information describing security attributes of computing platforms in a defined physical area, for use by a visitor to a building, for example, who is unfamiliar with the computing platforms available for use therein. In a preferred embodiment, the system provides only details and/or a list of public keys of genuine trusted computing platforms within the area.

Abstract: A method of investigating misdemeanour within a data processing system is provided. An investigator is given an anonymous authenticated identity on a trusted computing device such that a trustworthy record of transactions can be created. The investigator can participate in the transaction.

Abstract: In order to facilitate a user's ability to trust a computing environment, a trusted computing device (2) is arranged to challenge other devices in the computing environment and to record a log of the facilities available within the computing environment and an indication of whether those facilities are trustworthy. A new user (40) entering the computing environment can obtain the log from the trusted computing device in order to ascertain the status of the environment. Alternatively any device can hold data concerning platforms in its vicinity and its operation can be authenticated by the trusted device.