Abstract: A method of delivering a digital document to an intended recipient at a printout station, such as a fax machine. The method comprises receiving and securely retaining a transmitted document and a transmitted independently verifiable data record such as a digital certificate of the intended recipient at the printout station. A first token, such as a public key, of the intended recipient is obtained, usually from the transmitted information. The method includes requesting proof of the intended recipient's identity at the receiving fax machine using data in the digital certificate of the intended recipient and releasing the document when the intended recipient has proved their identity by use of a second token, such as a private key, that is uniquely related to the first token. The private key may be provided on a portable smart card. Also envelope data encryption techniques may be used to add security to the transmission of the document.

Abstract: A document printout device for receiving and printing out digital documents. The printout device comprises a store of digital certificates, each certificate being associated with a received digital document, and an audit log comprising a list of received document entries. Each entry in the list contains a reference to one of the certificates in the store and a unique identifier associated with a received digital document. The device is arranged to carry out an on-line authentication of a received certificate held in the store of received documents or even to carry out a batch of on-line authentications of received certificates held in the store of received documents.

Abstract: A method of determining the authenticity of a digital document sent by an unknown sender. The method comprises receiving a digital document and an encrypted digest of the document created by the sender using a hash algorithm. The digest is encrypted using a first token, such as a private key, of the sender. The method also comprises obtaining a second token, such as a public key, relating to the first token, decoding the encrypted digest using the second token, using a hash algorithm to create a digest of the document; and comparing the decrypted received digest with the newly created digest to determine the authenticity of the sender and the document. The receiving step may comprise receiving a digital certificate of the sender within which the second token is contained as part of the sender's digital certificate. Also the validity of the sender's certificate can be checked on-line.

Abstract: A distributed storage system for storing at least one credential (46), provided by an issuing authority and relating to an identity (42, 44), is described. The system comprises: a plurality of unique identities (42, 44) each having a local store (40). Each local store (40) securely stores credentials (46) relating to the owner of the identity (42, 44). The system also comprises one or more security certificates (66) provided at each identity (42, 44) for ensuring the authenticity of the credentials (46). The security certificates (66) provide secure references to the issuers of the credentials (46) and this can be used in verifying the origin of each credential (46). The identity can be provided a website or a mobile phone for example.

Abstract: A limited number of different types of event-processing node are provided for use as building blocks in constructing an event-processing system intended to receive and process event information about basic events occurring in a system being monitored, such as a telecommunications system. The event-processing system is constructed by interconnecting selected ones of the nodes into a network. Each event-processing node receives event data items in one or more input streams and processes these event data items to produce an output stream of event data items. Each event data item relates either to a basic event or to a combination of such events and includes event data that is indicative of the nature and time of occurrence thereof in the system being monitored. Generally, certain of the nodes effect processing on the basis of each input event data item taken individually, whilst other of the nodes are responsive to the presence of a predetermined inter-relationship between events represented by event data items.