Abstract: A trusted path device is described which may be used stand alone or may be retrofitted to a users untrusted computer console or workstation so that an untrusted data input may be displayed on an untrusted display and verified by the user, following which the trusted data can be output to an untrusted or trusted device or network. The output may be encrypted or not, by means of an encryption device which may or may not use a ‘one time pad’ key provided from a structured array of retrievable “one time pad” keys having associated uniquely there with, a serial number which itself need not be encrypted but with which the input data and encrypted output data are uniquely associated. Sufficient “one time pad” keys are provided on a commonly available and physically manageable medium so as to allow much simplified key management procedures while still maintaining high levels of correctness and effectiveness of the encryption processes.

Abstract: The disclosure of the current invention describes a method of handling a message or a document to be released external of a secure computer environment. The message or the document is first directed to a trusted sealing device which displays the message or the document to a human user for visual checking. If the message or document is acceptable to the human user, the method associates the message or the document with a seal produced by the trusted sealing device. The message or the document is then directed along with the associated seal to a gateway which deletes portions of the header and checks the validity of the associated seal. If, as a result of this verification, it is determined that the associated seal is validly associated with the message or the document, the method attaches predetermined header portions to the message or document and communicates the message or the document from the secure computer environment.

Abstract: A method and means to control the degree to which the presence of covert information may be reduced, eliminated or corrupted in documents created on a computer device (particularly complex documents) before the document is transmitted outside a secure environment in which the document is created. The process of handling a document in a secure environment comprises the preferred step of displaying the document or a predetermined portion thereof in a manner which conforms to the rule that no pixel of the display is written to more than once for the current portion of the document being displayed.