Abstract: A computer network has a number of resources. One or more trusted localisation provider certifies the location of the resources. Encrypted data is closely associated with a policy package defining privacy policies for the data and metapolicies for their selection. A trusted privacy service enforces the privacy policies. The trusted privacy service is arranged to supply a key to a resource to allow that resource to process data if the trusted privacy service determines from the trusted localisation provider certifying the location and other contextual information of the resource that the privacy policy allows processing of the data on that resource in that location.

Abstract: A method purchasing insurance is provided , the method comprising the steps of entering into a contract of insurance with the insurer based solely on the generalised identity (perhaps created for that particular purpose) that is associated with selected policy attributes (possibly generalised to ranges etc.) or statements that the user's attributes satisfy a policy, such that other attributes, including the real identity of the user, remain unknown to the insurer. The degree of which information is withheld or generalised is based on an assessment of the trustworthiness of the insurer's computer system.

Abstract: A computer network has a number of resources. One or more trusted localization provider certifies the location of the resources. Encrypted data is closely associated with a policy package defining privacy policies for the data and metapolicies for their selection. A trusted privacy service enforces the privacy policies. The trusted privacy service is arranged to supply a key to a resource to allow that resource to process data if the trusted privacy service determines from the trusted localization provider certifying the location and other contextual information of the resource that the privacy policy allows processing of the data on that resource in that location.

Abstract: An apparatus and methods for modifying the security status of a computer component are disclosed. The apparatus represents a plurality of computer components; represents interactions among the plurality of computer components; and allows modification of a security setting associated with at least one of the computer components. The methods disclosed teach depicting a plurality of computer components; depicting interactions among the plurality of computer components; and modification of a security setting associated with at least one of the computer components.

Abstract: In order to facilitate a user's ability to trust a computing environment, a trusted computing device (2) is arranged to challenge other devices in the computing environment and to record a log of the facilities available within the computing environment and an indication of whether those facilities are trustworthy. A new user (40) entering the computing environment can obtain the log from the trusted computing device in order to ascertain the status of the environment. Alternatively any device can hold data concerning platforms in its vicinity and its operation can be authenticated by the trusted device.

Abstract: A computer platform (100) uses a tamper-proof component (120), or “trusted module”, of a computer platform in conjunction with software, preferably running within the tamper-proof component, that controls the uploading and usage of data on the platform as a generic dongle for that platform. Licensing checks can occur within a trusted environment (in other words, an environment which can be trusted to behave as the user expects); this can be enforced by integrity checking of the uploading and license-checking software. Metering records can be stored in the tamper-proof device and reported back to administrators as required. There can be an associated clearinghouse mechanism to enable registration and payment for data.

Abstract: A voice call system and a method and apparatus for identifying a voice caller are disclosed. The system includes a call originator apparatus 10 and a called party apparatus 20. At least one trusted user identity is formed at the call originator apparatus 10, ideally in a trusted platform module 12 configured according to a Trusted Computing Platform Alliance (TCPA) specification. The called party apparatus 20 checks the trusted user identity when establishing a new voice call. Advantageously, an identity of the voice caller using the call originator apparatus is confirmed in a reliable and trustworthy manner, even when the voice call is transported over an inherently insecure medium, e.g. an open computing system like the internet 30. Preferred embodiments of the invention use IP telephony, such as SIP (session initiation protocol) or H.323 standard voice telephony.

Abstract: A storage box includes bulk non-volatile memory storage locations, an input/output unit for connection to a network, and a controller for controlling reading and writing of data from and to the storage locations. A trusted device is physically associated with/incorporated into the controller. At least one of the controller and the trusted device is configured such that in writing data to the memory storage locations, the data are stored in conjunction with a coded identifier which is associated with a person or organization that is authorized to read the data.

Abstract: A client/server system has a client platform adapted to provide restricted use of data provided by a serve. The client platform comprises a display, secure communications means, and a memory containing image receiving code for receiving data from a server by the secure communication means and for display of such data. The client platform is adapted such that the data received from a server is used for display of the data and not for an unauthorised purpose. A server adapted to provide data to a client platform for restricted use by the client platform comprises a memory containing image sending code for providing an image of data executed on the server, and secure communications means for secure communication of images of data to a client platform. The server is adapted to determine that a client platform is adapted to ensure restricted use of the data before it is sent by the image sending code.

Abstract: A computer platform (100) uses a tamper-proof component (120), or “trusted module”, of a computer platform in conjunction with software, preferably running within the tamper-proof component, that controls the uploading and usage of data on the platform as a generic dongle for that platform. Licensing checks can occur within a trusted environment (in other words, an environment which can be trusted to behave as the user expects); this can be enforced by integrity checking of the uploading and license-checking software. Metering records can be stored in the tamper-proof device and reported back to administrators as required. There can be an associated clearinghouse mechanism to enable registration and payment for data.

Abstract: A computer platform (100) uses a tamper-proof component (120), or “trusted module”, of a computer platform in conjunction with software, preferably running within the tamper-proof component, that controls the uploading and usage of data on the platform as a generic dongle for that platform. Licensing checks can occur within a trusted environment (in other words, an environment which can be trusted to behave as the user expects); this can be enforced by integrity checking of the uploading and license-checking software. Metering records can be stored in the tamper-proof device and reported back to administrators as required. There can be an associated clearinghouse mechanism to enable registration and payment for data.

Abstract: In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications. In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’.

Abstract: A trusted device, physically associated with a network appliance that does not include a CPU, communicates with at least one component of the appliance and is accessible via a network connection to the device for providing a signal indicative of a condition of the appliance. The appliance can be a storage box having bulk non-volatile memory storage locations. The component is an ASIC of a controller of the appliance. The trusted device acquires a true value of an integrity metric of the appliance which is reported by the trusted device to a challenger. The component then provides the root of trust for measurement. The trusted device provides the root of trust for reporting. In a RAID controller assembly, each RAID controller has its own trusted device.

Abstract: Computer apparatus comprising a receiver for receiving an integrity metric for a computer entity via a trusted device associated with the computer entity, the integrity metric having values for a plurality of characteristics associated with the computer entity; a controller for assigning a trust level to the computer entity from a plurality of trust levels, wherein the assigned trust level is based upon the value of at least one of the characteristics of the received integrity metric.

Abstract: When sending personal data to a recipient, the data owner encrypts the data using both a public data item provided by a trusted party and an encryption key string formed using at least policy data indicative of conditions to be satisfied before access is given to the personal data. The encryption key string is typically also provided to the recipient along with the encrypted personal data. To decrypt the personal data, the recipient sends the encryption key string to the trusted party with a request for the decryption key. The trusted party determines the required decryption key using the encryption key string and private data used in deriving its public data, and provides it to the requesting recipient. However, the decryption key is either not determined or not made available until the trusted party is satisfied that the associated policy conditions have been met by the recipient.

Abstract: A trusted computing environment 100, wherein each computing device 112 to 118 holds a policy specifying the degree to which it can trust the other devices in the environment 100. The policies are updated by an assessor 110 which receives reports from trusted components 120 in the computing devices 112 to 118 which identify the trustworthiness of the computing devices 112 to 118.

Abstract: A method for allowing a financial transaction to be performed using a electronic system, the method comprising interrogating an electronic transaction terminal with an electronic security device to obtain an integrity metric for the electronic financial transaction terminal; determining if the transaction terminal is a trusted terminal based upon the integrity metric; allowing financial transaction data to be input into the transaction terminal if the transaction terminal is identified as a trusted terminal.

Abstract: There is disclosed a computer entity having a trusted component which compiles an event log for events occurring on a computer platform. The event log contains event data of types which are pre-specified by a user by inputting details through a dialogue display generated by the trusted component. Items which can be monitored include data files, applications drivers and the like. The trusted component operates through a monitoring agent which may be launched onto the computer platform. The monitoring agent may be periodically interrogated to make sure that it is operating correctly and responding to interrogations by the trusted component.

Abstract: A method of brokering a transaction between a consumer and a vendor by a broker, wherein the consumer, the broker and the vendor are all attached to a public network, the consumer having a secure token containing a true consumer identity. The method comprising the steps of: the consumer obtaining a temporary identity from the broker by using the true consumer identity from the secure token; the consumer selecting a purchase to be made from the vendor; the consumer requesting the purchase from the vendor and providing the temporary identity to the vendor; the vendor requesting transaction authorisation from the broker by forwarding the request and the temporary identity to the broker; the broker matching the temporary identity to a current list of temporary identities, and obtaining the true consumer identity; the broker providing authorisation for the transaction based on transaction details and true consumer identity.

Abstract: In a computing platform, a trusted hardware device (24) is added to the motherboard (20). The trusted hardware device (24) is configured to acquire an integrity metric, for example a hash of the BIOS memory (29), of the computing platform. The trusted hardware device (24) is tamper-resistant, difficult to forge and inaccessible to other functions of the platform. The hash can be used to convince users that that the operation of the platform (hardware or software) has not been subverted in some way, and is safe to interact with in local or remote applications. In more detail, the main processing unit (21) of the computing platform is directed to address the trusted hardware device (24), in advance of the BIOS memory, after release from ‘reset’.