Abstract: A digital storage system for storing digital documents, the system comprising a trusted storage service provider including an encryption module for encrypting a digital document prior to storage thereof using an encryption key generated using a random number generator, remote archive storage sites for storing the encrypted item of data, and a corporate key store for storing an n-bit decryption key (which maybe the same as the encryption key or maybe different, but mathematically related thereto) for use in decrypting a document if required, the system further comprising a key degrading module for progressively degrading said decryption key by periodically discarding or changing at least one bit at a time thereof.

Abstract: A method for encrypting data comprising deriving a public key using a first data set that defines an instruction; encrypting a second data set with the public key; providing the encrypted third data set to a recipient; providing the public key to a third party such that on satisfaction of the instruction the third party provides an associated private key to the recipient to allow decryption of the encrypted second data set.

Abstract: A method for encrypting data comprising dividing a first data set into a second data set and a third data set; deriving a first value using the second data set as an input into a polynomial equation; deriving a second value using the third data set as an input into the polynomial equation; deriving a first encryption key associated with a first party; deriving a second encryption key associated with a second party; encrypting the first value with the first encryption key; encrypting the second value with the second encryption key.

Abstract: A method for encrypting data comprising deriving a public key using a first data set provided by a second party; encrypting a second data set with the public key; providing the encrypted third data set to the second party; providing the public key to a third party to allow validation of the first data set such that on validation of the first data set the third party provides an associated private key to the second party to allow decryption of the encrypted second data set.

Abstract: A method and apparatus that allows renewal of encoded data in a long-term storage. Original user data 200 is encrypted to form encrypted data 211 which can be accessed using one or more encryption secrets 213 stored separately, and optionally validated using context data 212. At renewal, the encrypted data 211, the context data 212, and the or each encryption secret 213 are combined to form a first encryption layer 210 and the first encryption layer 210 is itself encrypted to form the encrypted data 221 of an immediately succeeding second encryption layer 220. The encrypted data 221 of this second encryption layer 220 is accessible with a renewed encryption secret 223, and optionally is validated by context data 222 such as a time stamp and trusted signature. The method may be repeated recursively, forming third and subsequent encryption layers 230 at each renewal.

Abstract: A tamper evident electronic module comprises an electronic component, a tamper evident sheet, and encapsulant material.

Abstract: A tamper-evident and/or tamper-resistant electronic module comprising an electronic component embedded in an encapsulant material and at least one thin sheet of frangible material contacting and overlying said encapsulant material and overlying said component, said sheet being sufficiently thin that it is likely to crack or break if an attempt is made to drill or cut through it with a laser drill.

Abstract: A storage medium carrying data content has an electronically readable modification-resistant identifier for distinguishing that medium from other storage media. The medium stores a digital signature associated with a data content portion carried by the storage medium. The identifier read from the storage medium generates the digital signature. The identifier and digital signature enable verification of storage of the data content on an authorized storage medium in an authorized manner.

Abstract: A hand-held, self-contained motor-driven trenching device (100) for cutting a slit or trench within a substrate is based on a chain-saw motor unit together with a purpose-built attachment. An unmodified chain-saw drive unit provides both motive force and a holder, although purpose-built units may employ other forms of motive power. A chain-driven reduction drive matches the chain-saw drive sprocket (101) speed to a suitable toothed digging chain cutting speed; the reduction drive being coupled to a sprocket wheel (102) aligned at one end of a sturdy, hardened steel blade (106) over which a heavy roller chain (200) bearing soil-cutting teeth (203) is pulled. The resulting trench is about 30-35 mm wide, up to 1 metre deep, and of indefinite length. The invention provides an optimised solution to a need for burying narrow cables, fibre-optic conduits, water pipes, and the like well into the ground.

Abstract: A method of informing the user of a portable computing device of the facilities available at an accommodation being visited, comprising compiling a list and communicating a copy of the list to the portable computing device, for example by use of a smart card readable by the portable computing device. The list preferably gives the location of the facilities, protocols for using the facilities and any digital permissions required to access the facilities. In another embodiment, the smart card may also provide access to a hotel room. In another embodiment, digital permissions may be timed to correspond to the duration of the visit.

Abstract: A mobile communication device, such as a mobile phone (3), which comprises a processor which is configured to process requests for authorisation of use of a credential, such as a credit card, and the processor causes the device to emit a signal, such as an audible intermittent tone, the characteristics of which are indicative of the deemed importance of a particular use of the credential.

Abstract: A base station (data safe) is provided for storing data from a portable data storage device, typically a personal digital assistant (PDA). The base station includes a data storage device and a power supply. The PDA downloads data into the storage device and recharges an internal power source from the power supply The data is stored in the base station, as a back-up of the data on the PDA.

Abstract: The present invention discloses a credential transfer method for use on a distributed electronic network (2), the method comprising the steps of a sender (4) communicating to a recipient (6) a credential index (300) comprising an index referring to at least one credential (302), the recipient (6) selecting at least one of the credentials (302) from the index (300) of at least one credential provided by the sender (4), the recipient (6) communicating to the sender (4) an indication of the selected at least one credential (302) and the sender (4) providing to the recipient (6) at least one credential (302) corresponding to the selected at least one credential. A corresponding method of communication, system and digital credential index are also disclosed.

Abstract: The present invention provides a method of communication, the method comprising the steps of a first party (30) communicating to a second party (32) a composite credential (54) across a distributed electronic network (44) which composite credential (54) comprises a plurality of credentials (46-52). A corresponding composite credential is also disclosed.

Abstract: A communication method comprising a personal communication device (2), the personal communication device comprising a memory (8) in which is stored a secret, and a digital device (16) capable of communication with the personal communication device (2), the method comprising the steps of establishing communication between the personal communication device (2) and the digital device (16), and providing the secret from the personal communication device (2) to the digital device (16).

Abstract: A method of delivering a digital document to an intended recipient at a printout station, such as a fax machine. The method comprises receiving and securely retaining a transmitted document and a transmitted independently verifiable data record such as a digital certificate of the intended recipient at the printout station. A first token, such as a public key, of the intended recipient is obtained, usually from the transmitted information. The method includes requesting proof of the intended recipient's identity at the receiving fax machine using data in the digital certificate of the intended recipient and releasing the document when the intended recipient has proved their identity by use of a second token, such as a private key, that is uniquely related to the first token. The private key may be provided on a portable smart card. Also envelope data encryption techniques may be used to add security to the transmission of the document.

Abstract: A document printout device for receiving and printing out digital documents. The printout device comprises a store of digital certificates, each certificate being associated with a received digital document, and an audit log comprising a list of received document entries. Each entry in the list contains a reference to one of the certificates in the store and a unique identifier associated with a received digital document. The device is arranged to carry out an on-line authentication of a received certificate held in the store of received documents or even to carry out a batch of on-line authentications of received certificates held in the store of received documents.

Abstract: A method of determining the authenticity of a digital document sent by an unknown sender. The method comprises receiving a digital document and an encrypted digest of the document created by the sender using a hash algorithm. The digest is encrypted using a first token, such as a private key, of the sender. The method also comprises obtaining a second token, such as a public key, relating to the first token, decoding the encrypted digest using the second token, using a hash algorithm to create a digest of the document; and comparing the decrypted received digest with the newly created digest to determine the authenticity of the sender and the document. The receiving step may comprise receiving a digital certificate of the sender within which the second token is contained as part of the sender's digital certificate. Also the validity of the sender's certificate can be checked on-line.

Abstract: A distributed storage system for storing at least one credential (46), provided by an issuing authority and relating to an identity (42, 44), is described. The system comprises: a plurality of unique identities (42, 44) each having a local store (40). Each local store (40) securely stores credentials (46) relating to the owner of the identity (42, 44). The system also comprises one or more security certificates (66) provided at each identity (42, 44) for ensuring the authenticity of the credentials (46). The security certificates (66) provide secure references to the issuers of the credentials (46) and this can be used in verifying the origin of each credential (46). The identity can be provided a website or a mobile phone for example.

Abstract: A limited number of different types of event-processing node are provided for use as building blocks in constructing an event-processing system intended to receive and process event information about basic events occurring in a system being monitored, such as a telecommunications system. The event-processing system is constructed by interconnecting selected ones of the nodes into a network. Each event-processing node receives event data items in one or more input streams and processes these event data items to produce an output stream of event data items. Each event data item relates either to a basic event or to a combination of such events and includes event data that is indicative of the nature and time of occurrence thereof in the system being monitored. Generally, certain of the nodes effect processing on the basis of each input event data item taken individually, whilst other of the nodes are responsive to the presence of a predetermined inter-relationship between events represented by event data items.