Abstract: A method of updating a data entry stored on a data storage unit, the data entry including data elements that are unique to the data storage unit and the data entry, may begin with generating, at the data storage unit, an update request that includes the data entry for transmission to an authority authorized to update the data entry. The authority then extracts extracting at the authority the unique data elements from the update request and verifies the authenticity of the data storage unit and data entry from the unique data elements. The authority then generates an updated data entry including a further data element unique to the updated data entry and derived from the updated data. The authority then transmits the updated data entry to the data storage unit. The method may then include storing the updated data entry on the data storage unit.

Abstract: A method of verifying the authenticity of a product includes reading data from a data storage device which forms part of the packaging of the product, determining from the data an identity code for the data storage device, a random first identifier allocated to the data storage device by the product manufacturer and a digital signature of a parameter which is based on at least a second identifier not derivable from the data, communicating with the product manufacturer or an entity associated therewith using the random first identifier as a reference, receiving from the product manufacturer or the entity associated therewith the second identifier, and verifying the digital signature using the second identifier.

Abstract: A cryptographic method and apparatus is provided in which an identifier-based encryption process is used to encrypt a message with an identifier string that specifies conditions to be checked by a trusted entity before providing a decrypted form of the encrypted message, or enabling its decryption. A further trusted entity is used to verify the identity of the message sender as indicated by a further identifier string, and to provide the sender with a secret key that the sender uses to generate complimentary signature components. These signature components are sent along with the encrypted message and are used, along with other data including the first identifier string and a public key of the further trusted entity, to authenticate the identity of the message sender.

Abstract: A computer platform is provided that comprises a processor and a cryptographic co-processor coupled to the processor. The computer platform further comprises a platform entity coupled to the processor. The platform entity establishes a secure relationship with the cryptographic co-processor that enables the platform entity to utilize cryptographic functions provided by the cryptographic co-processor.

Abstract: Cryptographic methods are known that involve the computation of a non-degenerate bilinear mapping of first and second elements one of which comprises a secret of a first entity. For a mapping implemented as, for example, a Tate pairing, the mapping is computable by applying a predetermined function to the first and second elements and then exponentiating the result with a known exponent. Improvements in respect of computational loading, size of output, and security are enabled for the first party by arranging for the first entity to carry out only part of the mapping, a second entity being used to complete computation of the mapping. Cryptographic applications using these improvements are also disclosed.

Abstract: The preferred embodiment of the invention comprises a computer system which employs a trusted display processor (260), which has a trusted processor (300) and trusted memory (305, 315, 335, 345) physically and functionally distinct from the processor and memory of the computer system. The trusted display processor (260) is immune to unauthorised modification or inspection of internal data. It is physical to prevent forgery, tamper-resistant to prevent counterfeiting, and has crypto functions (340) to securely communicate at a distance. The trusted display processor (260) interacts with a user's smartcard (122) in order to extract and display a trusted image, or seal (1000), generate a digital signature of the bitmap of a document image and control the video memory (315) so that other processes of the computer system cannot subvert the image during the signing process. The user interacts with the trusted display processor via a trusted switch (135).

Abstract: A quantum key distribution (QKD) method involves the sending of random data from a QKD transmitter to a QKD receiver over a quantum signal channel, and the QKD transmitter and receiver respectively processing the data transmitted and received over the quantum signal channel in order to seek to derive a common random data set. This processing is effected with the aid of messages exchanged between QKD transmitter and receiver over an insecure classical communication channel. The processing concludes with a check, effected by an exchange of authenticated messages over the classical communication channel, that the QKD transmitter and receiver have derived the same random data set. At least some of the other messages exchanged during processing are exchanged without authentication and integrity checking. A QKD transmitter and QKD receiver are also disclosed.

Abstract: A computing platform 20 provides multiple computing environments 24 each containing a guest operating system 25 provided by a virtual machine application 26. Optionally, each computing environment 24 is formed in a compartment 220 of a compartmented host operating system 22. A trusted device 213 verifies that the host operating system 22 and each guest operating system 25 operates in a secure and trusted manner by forming integrity metrics which can be interrogated by a user 10. Each computing environment is isolated and secure, and can be verified as trustworthy independent of any other computing environment.

Abstract: A system comprises a processor which executes an operating system and an application. The system also comprises a keyboard coupled to the processor. The keyboard and application share a shared secret that is used to encode keyboard data provided from the keyboard to the application. The shared secret is not known or accessible to the operating system.

Abstract: A data transfer system comprising a host device and a data transfer device. The host device generates an encryption key based upon information unique to a removable data storage item onto which data are to be stored. The encryption key is then delivered by the host device to the data transfer device. Data to be stored are encrypted by the data transfer device using the encryption key.

Abstract: A cryptographic method and apparatus is provided in which a first party receives and modifies a public key for which there exists a corresponding private key held by a second party. The public key is modified by exponentiating at least one element of the received public key using as exponent a hash of a string that comprises information concerning at least one action to be taken by the second party. The string is made available to the second party to enable the latter to modify its private key to compliment the modified public key. In a preferred embodiment, the method and apparatus are applied to the use of the ElGamal encryption/decryption scheme, with the second party acting as a trusted authority that only releases the decrypted message to a third party if the latter satisfies an identity condition specified in the string.

Abstract: There are many times when a secret needs to be used in a distributed computing system—these are often held in security tokens, such as smart cards. It may be desirable for another device, such as a computer platform, to act in place of the security token as the repository of a secret, particularly for operations within a distributed computing system. Within the distributed computing system there is located a trusted entity, physically and logically resistant to unauthorized modification—this may be a trusted device located within a specific computing platform. This contains validation information which can be communicated to the security token. The security token then carries out a validation process on this validation information—if successful, the security token then provides a secret to the trusted device for use within the distributed computing system. The trusted device may be required to use this secret only for a specified period of time, or for a specific purpose or task.

Abstract: A method and system is provided for operatively associating a signing key with a software component of a computing platform. The computing platform includes a trusted device and on start-up first loads a set of software components with each component being measured prior to loading and a corresponding integrity metric recorded in registers of the trusted device. The system stores a key-related item in secure persistent storage, the key-related item being either the signing key or authorisation data for its use. The trusted device is arranged to enable a component of the software-component set to obtain the key-related item, this enabling only occurring when the current register values correspond to values only present prior to loading of components additional to those of the software-component set. Certificate evidence is provided indicating that the signing key is operatively associated with a component of the software-component set.

Abstract: A security method and apparatus is provided in which a trusted authority is arranged to read in identity data from a memory device presented by an individual. This identity data comprises both biometric data of a specific individual ,and additional identity data concerning the same individual. The trusted authority uses the biometric data as a biometric reference for comparison with biometric characteristics of the individual presenting the memory card in order to determine whether the latter is the individual represented by the biometric data. The trusted authority uses the additional identity data or matching data, together with private data of the trusted authority, to generate a decryption key. This decryption key is apt to decrypt data encrypted using both an encryption key string comprising the additional identity data of the specific individual and public data of the trusted authority.

Abstract: A method for a provider to provide and prove an association between a first data value A and a second data value B, including: computing evidence E of the form E=H(A?B)k*(p?1)/q mod?, where H is a secure hash function, E is an evidence of an association between A and B; ensuring that the verifier has A, B and E; and running an interactive proof with the verifier to convince the verifier that the evidence is valid and that the provider knows the value of k without disclosing the value of k to the verifier.

Abstract: A digital signature method and apparatus is provided in which a first party with a first public/private key pair forms an ambiguous signature on subject data using at least the private key of the first key pair, a keystone initially only known to the first party, and the public key of at least one other public/private key-pair. This signature is ambiguous in that a signature-checking party can only verify that the signature is in the set comprising a signature created by the first party and a respective signature created by the possessor of the private key of the or each of the key pairs the public key of which was used in creating the signature. Revelation of the keystone renders the signature unambiguous. Such an ambiguous signature can be used to implement a fair exchange of signatures between any number of parties, with the exchanged signatures being ambiguous signatures until revelation of the initial signer's keystone.

Abstract: A first party has a first and a second cryptographic key. A second party has a third and a fourth cryptographic key, the fourth cryptographic key being derived from the first and third cryptographic keys thereby providing an association between the parties. To enable a third party to verify the existence of an association between the first and second parties, the second party generates a number that in association with the second cryptographic key, the third cryptographic key and the fourth cryptographic key define a first cryptographic parameter, a second cryptographic parameter and a third cryptographic parameter respectively. By using these parameters and the second and third cryptographic keys, the third party can verify if the first and second parties are associated.

Abstract: To control access to target data whilst relieving the data provider of policing obligations, the data provider provides the target data in encrypted form to a requesting party as part of a data set with which first and second trusted authorities are associated in a non-subvertible manner. Recovery of the target data in clear by the party requires the first trusted authority to verify that a specific individual is a professional accredited with it, the second trusted authority to verify that a particular organisation is accredited with it, the particular organisation to verify that the specific individual is engaged by it, and at least one of the particular organisation and the first trusted authority to verify that the party is the specific individual. Various ways of encrypting the target data are provided, the preferred ways being based on Identifier-Based Encryption schemas.

Abstract: A data transfer device for transferring data to a removable data storage item. The data transfer device receives content data to be stored to the removable data storage item, encrypts the content data using an encryption key, and transforms at least one of predetermined reference data and the encryption key. The data transfer device also encrypts the transformed predetermined reference data using the encryption key or encrypts the predetermined reference data using the transformed encryption key, and then stores the encrypted content data and the encrypted transformed/predetermined reference data to the removable data storage item.

Abstract: Direct Anonymous Attestation involves a Signer using a credential supplied by an Issuer to anonymously prove to a Verifier, on the basis of a public key of the Issuer, the Issuer's attestation to the Signer's membership of a particular group. To facilitate membership revocation, the Issuer updates the public key at intervals, and also effects a complementary updating to the Signer's credential unless the Signer has ceased to be a legitimate group member. A non-updated credential is inadequate to enable the Signer to prove its Issuer attested group membership to a Verifier on the basis of the updated Issuer public key.