Abstract: A system for analyzing an environment to identify a security risk, comprising a model engine to generate a model of the environment using multiple components defining adjustable elements of the model and a risk analyzer to calculate multiple randomized instances of an outcome for the environment using multiple values for parameters of the elements of the model selected from within respective predefined ranges for the parameters.

Abstract: A system for analyzing a process, comprising a model engine to generate a model of the environment using multiple components defining adjustable elements of the model and including components representing a process for provisioning and de-provisioning of access credentials for an individual in the environment and a risk analyzer to calculate multiple randomized instances of an outcome for the environment using multiple values for parameters of the elements of the model selected from within respective predefined ranges for the parameters, and to use a results plan to provide data for identifying the security risk using the multiple instances.

Abstract: When sending personal data to a recipient, the data owner encrypts the data using both a public data item provided by a trusted party and an encryption key string formed using at least policy data indicative of conditions to be satisfied before access is given to the personal data. The encryption key string is typically also provided to the recipient along with the encrypted personal data. To decrypt the personal data, the recipient sends the encryption key string to the trusted party with a request for the decryption key. The trusted party determines the required decryption key using the encryption key string and private data used in deriving its public data, and provides it to the requesting recipient. However, the decryption key is either not determined or not made available until the trusted party is satisfied that the associated policy conditions have been met by the recipient.

Abstract: A method for encrypting data comprising deriving a public key using a first data set provided by a second party; encrypting a second data set with the public key; providing the encrypted third data set to the second party; providing the public key to a third party to allow validation of the first data set such that on validation of the first data set the third party provides an associated private key to the second party to allow decryption of the encrypted second data set.

Abstract: A computer system comprises a first computer entity arranged to encrypt data using an encryption key comprising a time value, and a second computer entity arranged to generate, at intervals, a decryption key using a current time value. The encryption and decryption processes are such that the decryption key generated using a current time value corresponding to that used for the encryption key, is apt to decrypt the encrypted s data.

Abstract: A method of communication is such that a first party (30) communicates a composite credential (54) across a distributed electronic network (44) to a second Party (32). The composite credential (54) includes a plurality of credentials (46-52).

Abstract: A method and system is provided for validating software code provided to a user entity by a software provider. In general terms, the user entity encrypts first data, provides it to the software provider, and receives back an indication that the code is valid only if the software provider has been able to correctly decrypt the encrypted first data, such decryption only being possible using an appropriate decryption key provided by a party with rights in the software code. More particularly, the user entity encrypts the first data using, as encryption parameters, both an encryption key string comprising said software code or a representation thereof, and public data of the aforesaid party. A decryption key appropriate for correctly decrypting the encrypted first data is generated from the encryption key string and provided to the software provider only if the software code provided to the user entity is valid.

Abstract: The present invention provides a digital certificate (2, 32), the certificate comprising a credential attribute function (6, 38) associated with a credential attribute property (5, 36), which credential attribute function is embedded in the certificate as an executable file, in which the credential attribute function can determine the value (12, 44) of the credential attribute property at least partly by execution of the executable file. A corresponding method is also disclosed.

Abstract: A method of auditing a communications session by using a secure device comprises: operating a communications protocol in said secure device; and producing an audit record of at least one transaction carried out by said secure device.

Abstract: The present invention provides a digital certificate (2, 32) comprising a plurality of credential attribute properties (6, 36), and a trust function (8, 42) embedded within the certificate as an executable file, which trust function can determine as a function of data (12, 44) available to it a trust value (14, 46) attributable to at least a part of the certificate at least partly by execution of the executable file. A corresponding method of communication is also disclosed.

Abstract: A software system for installation on computing apparatus (and a method of installing such a software system on computing apparatus), wherein the software system is provided in the form of a software package including a plurality of software components, one or more of the software components being provided as a plurality of different implementations, the apparatus including an installation engine for installing the software system only a selected one implementation of the or each of the software components having multiple implementations, and a random selector module for selecting one of the plurality of implementations of a software component for installation.

Abstract: A distributed storage system for storing at least one credential (46), provided by an issuing authority and relating to an identity (42, 44), is described. The system comprises: a plurality of unique identities (42, 44) each having a local store (40). Each local store (40) securely stores credentials (46) relating to the owner of the identity (42, 44). The system also comprises one or more security certificates (66) provided at each identity (42, 44) for ensuring the authenticity of the credentials (46). The security certificates (66) provide secure references to the issuers of the credentials (46) and this can be used in verifying the origin of each credential (46). The identity can be provided a website or a mobile phone for example.

Abstract: There is provided computerised apparatus and a method of converting a financial portfolio strategy into a set of tactics.

Abstract: An operating system for processing multiple tasks, the operating system comprising means for generating the multiple tasks including data indicating a time at which or by which (and/or a frequency at which and/or one or more events in response to which) the task should be processed, means for associating time stamp data with the tasks, said time stamp data being indicative of the date and/or time at which the respective tasks were generated, and means for receiving said tasks for processing at a particular time, determining from the associated time stamp for each task the date and/or time at which said task was generated, determining whether or not the processing of said task at said particular time is consistent with one or more predetermined operating system policies, and causing said task to be processed at said particular time only if such processing is determined to be consistent with said operating system policies.

Abstract: A method of printing a token by printer (5), in which the printer (5) includes a digital identification device (1) configured to generate a series of distinct print job counter numbers and to provide a public key of a cryptographic public key/private key pair. The method includes the steps of sending a printer generated print job counter number and an encryption key to a token issuer (4) the token issuer (4) sending to the printer (5) a message encrypted by the encryption key, the message including the print job counter number and information representative of the token (9) to be printed and the printer (5) decrypting the encrypted message and printing the token using the information representative of the token (9) if the print job counter number is valid.

Abstract: A method and system is provided for validating software code provided to a user entity by a software provider. In general terms, the user entity encrypts first data, provides it to the software provider, and receives back an indication that the code is valid only if the software provider has been able to correctly decrypt the encrypted first data, such decryption only being possible using an appropriate decryption key provided by a party with rights in the software code. More particularly, the user entity encrypts the first data using, as encryption parameters, both an encryption key string comprising said software code or a representation thereof, and public data of the aforesaid party. A decryption key appropriate for correctly decrypting the encrypted first data is provided to the software provider by the party with rights in the software code, only if the software code provided to the user entity is valid.

Abstract: A computer system comprises a computer apparatus that requests a first computer arrangement to provide data to a second computer arrangement in response to the computer apparatus determining that the second computer arrangement has a trusted device.

Abstract: Computer apparatus for accessing by a user an electronic service provided by a remote service provider comprising a receiver for receiving an authorisation policy, wherein the authorisation policy defines access requirements to the electronic service; and a trusted device for determining the users authorisation to access the electronic service based upon the authorisation policy and at least one attribute associated with the user, wherein the trusted device is arranged to inhibit the user accessing the authorisation policy.

Abstract: A long-term digital document storage system, comprising means for receiving one or more digital documents for storage in a storage means, one or more storage sites for storing, in association with the one or more digital documents, metadata defining a data management strategy or “agreement” with respect to the one or more digital documents, the “agreement including one or more “clauses” defining respective constraints to be applied by the storage system to the one or more digital documents, the system further comprising means for configuring the data management strategy or agreement by defining or specifying at least some of the constraints individually according to specific requirements related to said one or more pieces of digital data. As such, the invention is concerned with the fine-grained management of documents within a storage system by the flexible definition and association with a document of a number of clauses (i.e.

Abstract: A computer system comprises a first computer entity arranged to encrypt data using an encryption key comprising a time value, and a second computer entity arranged to generate, at intervals, a decryption key using a current time value. The encryption and decryption processes are such that the decryption key generated using a current time value corresponding to that used for the encryption key, is apt to decrypt the encrypted s data.