Abstract: A computer system comprises a first computer entity arranged to encrypt data using an encryption key comprising a time value, and a second computer entity arranged to generate, at intervals, a decryption key using a current time value. The encryption and decryption processes are such that the decryption key generated using a current time value corresponding to that used for the encryption key, is apt to decrypt the encrypted s data.

Abstract: A method of certifying by a certification authority that two or more first digitally signed certificates or identities are held by the same authorised signatory, the method comprising the steps of determining that said two or more identities or digitally signed certificates refer to the same authorised signatory, creating a digital verification certificate including data relating to said two or more identities or first digitally signed certificates and data representative of evidence or facts used to determine that said two or more identities or digitally signed certificates relate to the same authorised signatory, applying a digital signature of the certification authority to said verification certificate, and linking or otherwise associating said verification certificate to said two or more identities or first digitally signed certificates.

Abstract: A computer system comprising a trust engine for determining a trust level associated with a computer node and a policy engine for setting access requirements to a personal profile, from the computer node, based upon the determined trust level of the computer node and respective sensitivity levels associated with sub-components of the personal profile.

Abstract: A software system for installation on computing apparatus (and a method of installing such a software system on computing apparatus), wherein the software system is provided in the form of a software package (10) including a plurality of software components (12), one or more of the software components (12) being provided as a plurality of different implementations (14), the apparatus including an installation engine (20) for installing the software system only a selected one implementation of the or each of the software components having multiple implementations, and a random selector module (22) for selecting one of the plurality of implementations of a software component for installation.

Abstract: A digital storage system for storing digital documents, the system comprising a trusted storage service provider including an encryption module for encrypting a digital document prior to storage thereof using an encryption key generated using a random number generator, remote archive storage sites for storing the encrypted item of data, and a corporate key store for storing an n-bit decryption key (which maybe the same as the encryption key or maybe different, but mathematically related thereto) for use in decrypting a document if required, the system further comprising a key degrading module for progressively degrading said decryption key by periodically discarding or changing at least one bit at a time thereof.

Abstract: A method for encrypting data comprising deriving a public key using a first data set that defines an instruction; encrypting a second data set with the public key; providing the encrypted third data set to a recipient; providing the public key to a third party such that on satisfaction of the instruction the third party provides an associated private key to the recipient to allow decryption of the encrypted second data set.

Abstract: A method for encrypting data comprising dividing a first data set into a second data set and a third data set; deriving a first value using the second data set as an input into a polynomial equation; deriving a second value using the third data set as an input into the polynomial equation; deriving a first encryption key associated with a first party; deriving a second encryption key associated with a second party; encrypting the first value with the first encryption key; encrypting the second value with the second encryption key.

Abstract: A method for encrypting data comprising deriving a public key using a first data set provided by a second party; encrypting a second data set with the public key; providing the encrypted third data set to the second party; providing the public key to a third party to allow validation of the first data set such that on validation of the first data set the third party provides an associated private key to the second party to allow decryption of the encrypted second data set.

Abstract: A method and apparatus that allows renewal of encoded data in a long-term storage. Original user data 200 is encrypted to form encrypted data 211 which can be accessed using one or more encryption secrets 213 stored separately, and optionally validated using context data 212. At renewal, the encrypted data 211, the context data 212, and the or each encryption secret 213 are combined to form a first encryption layer 210 and the first encryption layer 210 is itself encrypted to form the encrypted data 221 of an immediately succeeding second encryption layer 220. The encrypted data 221 of this second encryption layer 220 is accessible with a renewed encryption secret 223, and optionally is validated by context data 222 such as a time stamp and trusted signature. The method may be repeated recursively, forming third and subsequent encryption layers 230 at each renewal.

Abstract: A tamper-evident and/or tamper-resistant electronic module comprising an electronic component embedded in an encapsulant material and at least one thin sheet of frangible material contacting and overlying said encapsulant material and overlying said component, said sheet being sufficiently thin that it is likely to crack or break if an attempt is made to drill or cut through it with a laser drill.

Abstract: A tamper evident electronic module comprises an electronic component, a tamper evident sheet, and encapsulant material.

Abstract: A storage medium carrying data content has an electronically readable modification-resistant identifier for distinguishing that medium from other storage media. The medium stores a digital signature associated with a data content portion carried by the storage medium. The identifier read from the storage medium generates the digital signature. The identifier and digital signature enable verification of storage of the data content on an authorized storage medium in an authorized manner.

Abstract: A hand-held, self-contained motor-driven trenching device (100) for cutting a slit or trench within a substrate is based on a chain-saw motor unit together with a purpose-built attachment. An unmodified chain-saw drive unit provides both motive force and a holder, although purpose-built units may employ other forms of motive power. A chain-driven reduction drive matches the chain-saw drive sprocket (101) speed to a suitable toothed digging chain cutting speed; the reduction drive being coupled to a sprocket wheel (102) aligned at one end of a sturdy, hardened steel blade (106) over which a heavy roller chain (200) bearing soil-cutting teeth (203) is pulled. The resulting trench is about 30-35 mm wide, up to 1 metre deep, and of indefinite length. The invention provides an optimised solution to a need for burying narrow cables, fibre-optic conduits, water pipes, and the like well into the ground.

Abstract: A method of informing the user of a portable computing device of the facilities available at an accommodation being visited, comprising compiling a list and communicating a copy of the list to the portable computing device, for example by use of a smart card readable by the portable computing device. The list preferably gives the location of the facilities, protocols for using the facilities and any digital permissions required to access the facilities. In another embodiment, the smart card may also provide access to a hotel room. In another embodiment, digital permissions may be timed to correspond to the duration of the visit.

Abstract: A mobile communication device, such as a mobile phone (3), which comprises a processor which is configured to process requests for authorisation of use of a credential, such as a credit card, and the processor causes the device to emit a signal, such as an audible intermittent tone, the characteristics of which are indicative of the deemed importance of a particular use of the credential.

Abstract: A base station (data safe) is provided for storing data from a portable data storage device, typically a personal digital assistant (PDA). The base station includes a data storage device and a power supply. The PDA downloads data into the storage device and recharges an internal power source from the power supply The data is stored in the base station, as a back-up of the data on the PDA.

Abstract: The present invention discloses a credential transfer method for use on a distributed electronic network (2), the method comprising the steps of a sender (4) communicating to a recipient (6) a credential index (300) comprising an index referring to at least one credential (302), the recipient (6) selecting at least one of the credentials (302) from the index (300) of at least one credential provided by the sender (4), the recipient (6) communicating to the sender (4) an indication of the selected at least one credential (302) and the sender (4) providing to the recipient (6) at least one credential (302) corresponding to the selected at least one credential. A corresponding method of communication, system and digital credential index are also disclosed.

Abstract: The present invention provides a method of communication, the method comprising the steps of a first party (30) communicating to a second party (32) a composite credential (54) across a distributed electronic network (44) which composite credential (54) comprises a plurality of credentials (46-52). A corresponding composite credential is also disclosed.

Abstract: A communication method comprising a personal communication device (2), the personal communication device comprising a memory (8) in which is stored a secret, and a digital device (16) capable of communication with the personal communication device (2), the method comprising the steps of establishing communication between the personal communication device (2) and the digital device (16), and providing the secret from the personal communication device (2) to the digital device (16).

Abstract: A method of delivering a digital document to an intended recipient at a printout station, such as a fax machine. The method comprises receiving and securely retaining a transmitted document and a transmitted independently verifiable data record such as a digital certificate of the intended recipient at the printout station. A first token, such as a public key, of the intended recipient is obtained, usually from the transmitted information. The method includes requesting proof of the intended recipient's identity at the receiving fax machine using data in the digital certificate of the intended recipient and releasing the document when the intended recipient has proved their identity by use of a second token, such as a private key, that is uniquely related to the first token. The private key may be provided on a portable smart card. Also envelope data encryption techniques may be used to add security to the transmission of the document.