Abstract: Direct Anonymous Attestation, DAA, involves a Signer entity using a credential supplied by an Issuer to attest its possession of a particular characteristic to a Verifier without the identity of the Signer being revealed. Security and performance improvements are disclosed where DAA is performed using a non-degenerate, computable, bilinear map with the credential being a CL-LRSW signature on a secret known only to the Signer.

Abstract: First data to be sent by a first party to a second party is encrypted using an encryption key string formed using at least a hash value generated using second data and a secret, shared with a trusted party, that serves as identification of the first party. The second data comprises, for example, one or more conditions that serve as identifiers of the second party, and a hash-value element generated by hashing the first data. The encrypted first data and the encryption key string is made available to the second party which forwards the encryption key string to the trusted party with a request for the corresponding decryption key. The trusted party carries out at least one check on the basis of data contained in the encryption key string and, if this at least one check is satisfactory, provides a decryption key to the second party.

Abstract: A client/server system has a client platform adapted to provide restricted use of data provided by a serve. The client platform comprises a display, secure communications means, and a memory containing image receiving code for receiving data from a server by the secure communication means and for display of such data. The client platform is adapted such that the data received from a server is used for display of the data and not for an unauthorised purpose. A server adapted to provide data to a client platform for restricted use by the client platform comprises a memory containing image sending code for providing an image of data executed on the server, and secure communications means for secure communication of images of data to a client platform. The server is adapted to determine that a client platform is adapted to ensure restricted use of the data before it is sent by the image sending code.

Abstract: A trusted authority delegates authority to a device. This delegation of authority is effected by providing a yet-to-be completed chain of public/private cryptographic key pairs linked in a subversion-resistant manner. The chain terminates with a penultimate key pair formed by public/private data, and a link towards an end key pair to be formed by an encryption/decryption key pair of an Identifier-Based Encryption, IBE, scheme. The private data is securely stored in the device for access only by an authorized key-generation process that forms the link to the end key pair and is arranged to provide the IBE decryption key generated using the private data and encryption key. This key generation/provision is normally only effected if at least one condition, for example specified in the encryption key, is satisfied. Such a condition may be one tested against data provided by the trusted authority and stored in the device.

Abstract: A data provider provides and proves an association between a first data value A and a second data value B. The data provider computes evidence E of an association between A and B and ensures that a verifier has A, B and E. The data provider then runs an interactive proof with the verifier to convince the verifier that the evidence is valid evidence of an association between A and B, but without enabling the verifier to provide proof of the validity of the evidence to a third party.

Abstract: A first computing entity provides evidence to a second computing entity to demonstrate that the first computing entity has a trusted configuration specification that is one of a set of such specifications agreed between the computing entities. This evidence comprises a computed commitment, made using (but not revealing) the configuration specification of the first computing entity, and a ring signature generated using a plurality of keys where each such key is generated using the commitment and one of the trusted configuration specifications. The second computing entity verifies the ring signature in order to convince itself that the configuration specification of the first computing entity is in the set.

Abstract: In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications. In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’.

Abstract: A method and apparatus is provided of protecting sensitive data input via an input device of a processing platform from a data logger, the sensitive data being user account data intended for a remote application. To protect the sensitive data, the data is used as a password in a secure, password-authenticated key agreement protocol executed between a security entity and the remote application, the security entity being installed in the input device or in secure communication therewith. In one preferred embodiment the input device is a keyboard and the security entity is a unit installed in the keyboard and selectively operable in a pass-through mode and a security mode.

Abstract: Computer apparatus comprising a receiver for receiving an integrity metric for a computer entity via a trusted device associated with the computer entity, the integrity metric having values for a plurality of characteristics associated with the computer entity; a controller for assigning a trust level to the computer entity from a plurality of trust levels, wherein the assigned trust level is based upon the value of at least one of the characteristics of the received integrity metric.

Abstract: A method of protecting from modification computer apparatus comprising a plurality of functional modules by monitoring the configuration of functional modules within the computer apparatus. The method comprises: storing a module configuration of the computer apparatus; and checking the actual module configuration against the stored module configuration, and inhibiting function of the computer apparatus if the actual module configuration does not satisfactorily match the stored module configuration. Advantageously, the module configuration is stored on a security token, such as a smart card.

Abstract: A method of updating a data entry stored on a data storage unit, the data entry including data elements that are unique to the data storage unit and the data entry, the method comprising the steps of generating at the data storage unit an update request including the data entry for transmission to an authority authorised to update the data entry, extracting at the authority the unique data elements from the update request and verifying the authenticity of the data storage unit and data entry from the unique data elements, generating an updated data entry including a further data element unique to the updated data entry and derived from the updated data and transmitting the updated data entry to the data storage unit, and storing the updated data entry on the data storage unit.

Abstract: A method and apparatus are provided for generating a cryptographic key from multiple data sets each related to a respective association of a trusted party and user identity. The cryptographic key is, for example, one of an encryption key, a decryption key, a signature key and a verification key, and is preferably generated by applying Tate or Weil bilinear mappings to the data sets. At least two of the data sets may relate to different user identities and/or different trusted authorities. Where multiple trusted authorities are involved, these authorities may be associated with different elements to which the bilinear mapping can be applied, each trusted authority having an associated public key formed from its associated element and a secret of that trusted authority.

Abstract: A computer platform is provided that comprises a processor and a cryptographic co-processor coupled to the processor. The computer platform further comprises a platform entity coupled to the processor. The platform entity establishes a secure relationship with the cryptographic co-processor that enables the platform entity to utilize cryptographic functions provided by the cryptographic co-processor.

Abstract: An RSA cryptographic method and system is provided in which a sender encrypts a message (m) using a public modulus n, and an encryption exponent e that is a function of a sender-chosen string. This function is such that the values of e generated by it will not be coprime. In a preferred embodiment, a recipient receives the encrypted message and subjects it to a modulo-n blinding operation. The resultant blinded encrypted message is then made available to a trusted authority which decrypts it using a decryption exponent d based on the sender-chosen string and private data associated with the public modulus; however, the blinding applied to the message prevents the trusted authority from reading the message. The decrypted, but still blinded, message is passed back to the recipient who cancels the blinding to recover the message.

Abstract: A method for generating a data transaction ID for an interaction between first and second units, the method comprising: the first data unit generating a first data item as a function of a first time data element, the first time data element being representative of a first time value, and transmitting the first data item to the second data unit; the second data unit generating a second data item as a function of the received first data item and transmitting the second data item to the first data unit; and the first data unit generating a third data item as a function of the second data item and a second time data element, the second time data element being representative of a second time value, wherein the third data item comprises a transaction ID unique to the interaction between the first and second data units.

Abstract: First data to be sent by a first party to a second party is encrypted using an encryption key that is formed using at least a hash value generated by a keyed hash of at least one condition that typically serves as an identifier of an intended recipient of the first data. The encrypted first data is provided to a data recipient who requests a decryption key from the trusted party. The trusted party is responsible for verifying that the recipient meets the specified conditions before providing the decryption key. A valid decryption key is only provided if the correct conditions have been supplied to the trusted party.

Abstract: An authenticated encryption method and apparatus are described in which plaintext data is encrypted, using a secret key, to form ciphertext data. A message authentication code, MAC, is also formed in dependence on a combination of the ciphertext data and data characteristic of the plaintext data. The ciphertext data and the MAC are then output, for example, for storage to a storage medium. In a preferred embodiment a block cipher operating in GCM mode is adapted to cause the stored message authentication code to be dependent on the plaintext data.

Abstract: The preferred embodiment of the invention comprises a computer system which employs a trusted display processor (260), which has a trusted processor (300) and trusted memory (305, 315, 335, 345) physically and functionally distinct from the processor and memory of the computer system. The trusted display processor (260) is immune to unauthorised modification or inspection of internal data. It is physical to prevent forgery, tamper-resistant to prevent counterfeiting, and has crypto functions (340) to securely communicate at a distance. The trusted display processor (266) interacts with a user's smartcard (122) in order to extract and display a trusted image, or seal (1000), generate a digital signature of the bitmap of a document image and control the video memory (315) so that other processes of the computer system cannot subvert the image during the signing process. The user interacts with the trusted display processor via a trusted switch (135).

Abstract: Cryptographic methods are known that involve the computation of a non-degenerate bilinear mapping of first and second elements one of which comprises a secret of a first entity. For a mapping implemented as, for example, a Tate pairing, the mapping is computable by applying a predetermined function to the first and second elements and then exponentiating the result with a known exponent. Improvements in respect of computational loading, size of output, and security are enabled for the first party by arranging for the first entity to carry out only part of the mapping, a second entity being used to complete computation of the mapping. Cryptographic applications using these improvements are also disclosed.

Abstract: Systems and methods for adapting images for substantially optimal presentation by heterogeneous client display sizes are described. In one aspect, an image is modeled with respect to multiple visual attentions to generate respective attention objects for each of the visual attentions. For each of one or more image adaptation schemes, an objective measure of information fidelity (IF) is determined for a region R of the image. The objective measures are determined as a function of a resource constraint of the display device and as a function of a weighted sum of IF of each attention object in the region R. A substantially optimal adaptation scheme is then selected as a function of the calculated objective measures. The image is then adapted via the selected substantially optimal adaptation scheme to generate an adapted image as a function of at least the target area of the client display.