A SYSTEM AND METHOD FOR DISTRIBUTING SECURED DATA

TECHNICAL FIELD The present invention relates to a system and method for distributing secured data, and particularly, although not exclusively, to a system and method for distributing secured data objects which are encrypted. BACKGROUND

Transferring information electronically through the Internet or another public telecommunication network (such as wired or wireless telephone services) is a cost- effective solution for distributing information. However, as much of the Internet operates on public infrastructure, sensitive or confidential information sent through the Internet may be accessible to unauthorised parties. To address these security concerns, corporations and other users may choose to encrypt the information before transmitting the data over a public network. One approach is to use encryption software, such as "Zip" programs that offer an encryption routine to encrypt the data before it is transmitted over the public network. Although such encryption software provides some level of security, all such software has a fundamental flaw, in that the

encryption process embeds the decryption key within the encrypted data object itself. As such, it is possible for a hacker to use brute force or other suitable methods to decrypt the data object since the necessary components to decrypt the data object are all integrated within the encrypted object. In addition, encryption and decryption of data objects usually reguires the use of software which must be installed and verified on a user's computer. This increases the cost of purchase and maintenance from the user' s point of view and thereby reduces the market uptake of such encryption and decryption technologies. Moreover, in some instances, the user may be

utilising a computing system which does not possess the necessary software for the encryption and decryption of files . A number of additional challenges are presented when communicating secured data to a mobile computing device. One such challenge is created by the fact that a mobile computing device can fall into the wrong hands much more easily than a desktop computer. If a mobile computing device is lost or stolen after secured data has been opened, contents of the secured data would no longer be secure. Further, if a recipient of the secured data is logged into an application for receiving or using secured data and is reading the contents of the secured data at the time the mobile computing device is lost or stolen, those contents can be easily read. The latter scenario could arise in a military combat situation if a person is attacked while in the process of reading secured data, for example .

SUMMARY OF THE INVENTION

In accordance with a first aspect of the present invention, there is provided a computing device

comprising:

data storage for storing designated information; and a trigger condition detection module arranged to detect a trigger condition;

wherein the computing device is arranged so as to erase at least a portion of designated information stored in the data storage in response to detection of a trigger condition . In one example, the data storage in which the designated information is stored is a volatile data storage type, such as random access memory (RAM) .

The designated information may be confidential information, or information that is otherwise sensitive.

In one example, the trigger condition comprises at least one of the following:

turning off power to the computing device;

putting the computing device into sleep mode;

reading or otherwise using designated information stored in the computing device;

inputting a command into the computing device to erase designated information;

moving the computing device in a particular fashion; using a data item of the designated information for a specific purpose after which the data item is no longer required;

closing a software application associated with receiving or using the designated information;

switching from a software application associated with receiving or using the designated information to another application e.g. taking a phone call on the computing device while using the designated information;

entering a specific geographical area; and

a certain period in time, or during specific

intervals of time.

The invention is not limited to these trigger conditions, and other trigger conditions may be utilised.

The computing device may be configurable so as to erase the at least a portion of designated information when at least one particular trigger condition exists. The computing device may also be configurable to erase certain types of designated information when a trigger condition is detected. In one example, the computing device is arranged to erase the at least a portion of the designated information when at least one particular trigger condition exists, the at least one particular trigger condition being defined in trigger condition data.

The trigger condition data may be created by a creator or sender of the designated information. In this way, the creator or sender of the designated information may exert some control over how a computing device that receives the designated information and the trigger condition data will erase the designated information.

The trigger condition data may be a portion of the designated information, separate to the designated information, or both.

In one example, the computing device is arranged such that a user of the computing device is unable to override the trigger condition data. For example, if a creator of the designated information defines a trigger condition as reading or otherwise using the designated information, then the computing device will erase the designated information after the user has read or otherwise used the designated information regardless of how the user has configured the computing device. It will be appreciated, however, that the user may still configure the computing device to erase the designated information in response to trigger conditions in addition to those defined in the trigger condition data.

It will also be appreciated that the trigger

condition data may be arranged to apply to particular types of designated information, recipients or groups of recipients of the designated information, software applications associated with allowing the user to receive and/or use the designated information, or hardware of the computing device. In this way, trigger condition data may be used to take into account various scenarios at the recipient' s end, for example situations that may not have been known or envisaged by the creator or sender of the designated information. For example, if the computing device of the recipient is a particular type of mobile phone, then the trigger condition data may be arranged to handle trigger conditions that may be applicable to that particular type of mobile phone. The trigger condition data may comprise instructions to erase certain types of designated information when the at least one trigger condition is detected.

The designated information may, for example, include encryptable data and authentication information associated with receiving and/or decrypting the designated

information .

Types of designated information that may be erased by the computing device as defined by the trigger condition data or configuration of the computing device may include, but not be limited to:

the authentication information;

data items of the designated information that are in the process of being used by the user;

all opened designated information;

all designated information within a certain data range ;

all designated information created or modified within a specific interval of time; all designated information created or modified with specified hardware or hardware types, software or software types, or by specified people or groups of people;

all designated information created or modified with hardware or software when located in a specified range of geographical locations; and

all designated information stored in the computing device .

The computing device may be arranged so as to erase authentication information associated with receiving and/or decrypting the designated information as soon as the authentication information has been used and/or is no longer reguired. Erasing the authentication information in this manner is advantageous since, if the computing device is obtained by an unauthorised user, the unauthorised user does not have access to the authentication information and is consequently unable to receive and/or decrypt any further designated information.

The computing device may comprise an accelerometer and be arranged to detect acceleration profiles, wherein the computing device is arranged to perform a

predetermined action in response to detection of a particular acceleration profile.

The predetermined action performed by the computing device may be to log out of or close a software

application associated with receiving or using the designated information, and/or erase at least a portion of the designated information stored on the computing device.

The predetermined action performed by the computing device may include, but not be limited to, the following examples: immediately logging out of the software application associated with receiving or using the designated

information (a quick way to terminate the session) ;

requesting re-entry of a password or passcode before continuing;

erasing any designated information that is in the process of being read;

erasing all opened designated information; and erasing all designated information stored on the computing device.

In one example, the computing device is arranged to compare acceleration profiles of the computing device with acceleration profile data stored on the computing device so as to allow detection of the particular acceleration profiles. The acceleration profile data may also comprise instructions for performing the predetermined action in response to detection of a particular acceleration profile .

The acceleration profile data may be indicative of particular acceleration profiles such as, but not limited to:

dropping the computing device from a height of at least 0.5m (useful in a combat situation where dropping the computing device may indicate being injured or killed) ;

moving the computing device in a figure-of-eight motion;

shaking the computing device back and forth at least twice with a specified minimum acceleration;

rapidly tilting the computing device through an angle of at least 30° and back again, two times in a row;

dropping the computing device from one hand to the other by a height of at least 10 cm, then repeating;

and/or tapping the computing device on a hard surface three times with a maximum force greater than a preset

threshold . The computing device may be configurable by the user so as to define the acceleration profile data and/or the predetermined action performed by the computing device.

The computing device may be arranged to receive the designated information, trigger condition data, and/or acceleration profile data through the Internet.

The computing device may be any appropriate computing device such as a personal computer, a PDA, a mobile device such as a mobile phone or a laptop or tablet computer with network connectivity and/or any suitable device that is capable of establishing a network connection.

The computing device may be arranged to facilitate network communications, such as through the Internet, intranet, VPN or any communication network using an appropriate communication protocol such as Internet

Protocol Version 4 (IPv4) or Version 6 (IPv6) . In accordance with a second aspect of the present invention, there is provided a system for distributing secured data, the system comprising:

a communications interface arranged to facilitate network communications between the system and a computing device of the first aspect of the present invention;

wherein the system is arranged so as to communicate designated information and trigger condition data to the computing device. In one embodiment, the trigger condition data is communicated to the computing device separately to the designated information. In one particular example, the trigger condition data is communicated to the computing device from a first server of the system, and the

designated information is thereafter communicated to the computing device from a second server of the system.

The system may also be arranged so as to communicate acceleration profile data to the computing device, for example by a creator or sender of the designated

information. In one example, the acceleration profile data is communicated to the computing device as part of the designated information. It will be appreciated, however, that the acceleration profile data may be communicated to the computing device separately to the designated

information, and may be communicated along with the trigger condition data.

In accordance with a third aspect of the present invention, there is provided a method of distributing secured data, the method comprising the steps of:

storing designated information in a data storage of a computing device;

detecting a trigger condition;

erasing at least a portion of designated information stored in the data storage in response to detection of a trigger condition.

In accordance with a fourth aspect of the present invention, there is provided a computer program arranged when loaded into a computing device to instruct the computing device to operate in accordance with the computing device of the first aspect.

In accordance with a fifth aspect of the present invention, there is provided a computer readable medium having a computer readable program code embodied therein for causing a computing device to operate in accordance with the computing device of the first aspect. In accordance with a sixth aspect of the present invention, there is provided a data signal having a computer readable program code embodied therein to cause computing device to operate in accordance with the computing device of the first aspect.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the present invention will now be described, by way of example, with reference to the accompanying drawings in which:

Figure 1 is a schematic diagram of a system for distributing secured data in accordance with one

embodiment of the present invention;

Figure 2 is a block diagram of a system for securing data in accordance with one embodiment of the present invention;

Figure 3 is a block diagram of a system for

distributing secured data in accordance with an embodiment of the present invention; and

Figure 4 is a flow diagram of a method of

distributing secured data in accordance with an embodiment of the present invention. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Referring to Figure 1, there is illustrated a system for distributing secured data. Components of the system may be implemented by one or more electronic circuits, computers or computing devices having an appropriate logic, software, hardware or any combination thereof programmed to operate with the computing devices. The computer may be implemented by any computing architecture, including a stand-alone PC, client/ server architecture, "dumb" terminal/mainframe architecture, or any other appropriate architecture. In some embodiments, the computing device is also appropriately programmed to implement the invention.

Referring to Figure 1 there is shown a schematic diagram of a system for accessing secured data which in this embodiment comprises a server 100. The server 100 comprises suitable components necessary to receive, store and execute appropriate computer instructions . The components may include a processing unit 102, read-only memory (ROM) 104, random access memory (RAM) 106,

input/output devices such as disk drives 108, input devices 110 such as an Ethernet port, a USB port, etc, a display 112 such as a liquid crystal display, a light emitting display or any other suitable display, and communication links 114. The server 100 includes

instructions that may be included in ROM 104, RAM 106 or disk drives 108 and may be executed by the processing unit 102. There may be provided a plurality of communication links 114 which may variously connect to one or more computing devices such as servers, personal computers, terminals, wireless or handheld computing devices. At least one of a plurality of communication links 114 may be connected to an external computing network through a telephone line, optical fibre, wireless connection or other type of communication.

The server 100 may include storage devices such as a disk drive 108 which may encompass solid state drives, hard disk drives, optical drives or magnetic tape drives. The server 100 may also use a single disk drive or multiple disk drives. The server 100 may also have a suitable operating system which resides on the disk drive 108 or in the ROM 104. The system has a database 120 residing on a disk or other storage device which is arranged to store at least one data record relating to data used by the server 100 to provide the function of the system for accessing secured data. The database 120 is in communication with an interface 122, which is implemented by computer software residing on the server 100. The interface 122 provides a means by which a user may input commands, instructions or requests to the server 100 for execution or processing. The interface 122 may be implemented with input devices such as keyboards, mouse or, in another example embodiment the interface 122 may be arranged to receive inputs, requests or data through a network connection, including Ethernet, Wi-Fi, Fire-wire, USB or the like.

With reference to Figure 2, there is illustrated a block diagram of an embodiment of a system for securing data. In this embodiment, the system is implemented with a server 200 arranged to be connected to a communication network such as the Internet, Intranet, VPN or any communication network using an appropriate communication protocol such as Internet Protocol Version 4 (IPv4) or Version 6 (IPv6) or any other version which enables the server 200 to communicate with other computing or

communication devices 204, 206 via the communication network. The server 200 may have the same configuration as the system of Figure 1 described above. The server 200 is arranged to receive an encryption request 202 from a sender computing device 204 operated by a user, data sender, processor or controller wanting to encrypt a data object for transmission to another

recipient user 206, computer, processor or controller. In this example embodiment, the encryption request 202 may contain information relating to the data object that is to be encrypted by the sending computing device 204. This information may include, but not be limited to:

1- Filenames of any files to be encrypted;

2- File size, dates, properties, permissions

settings and other attributes;

3- The identity of the recipient 206 of the file;

4- The access permissions of the recipient 206;

5- The address or reference of the recipient 206; and

6- Any other information relating to the security settings or the data object that is to be encrypted which may be reguired to encrypt the file .

Once the encryption reguest 202 is received by the server 200, the server 200 is arranged to generate a key which can be used to encrypt the data object. The key 208 may then be sent to the sender computing device 204 which has sent the encryption request 202 to the server 200. Once received, the key 208 is then used by the computing device 204 to encrypt the data object such that an encrypted data object 210 is generated.

Preferably, the encryption process on the computing device operates by encrypting the data object 210 such that the key 208 is not in any way integrated into the encrypted data object 210. As a result, the encrypted data object 210 cannot be decrypted by a hacker or malicious party who is able to obtain an authorized copy of the encrypted data object 210 since the encrypted data object 210 itself is unable to provide the necessary information (e.g. the key 208) for the hacker to decrypt the file. This embodiment is advantageous in that the encrypted data object 210 is highly secured since the key 208 needed to decrypt the file is not incorporated within the object 210 itself.

After the data object is encrypted, the sender computing device 204 may then be operated by its user, processor or controller to send the encrypted data object 210 to a recipient 206 via the server 200. Alternatively, as the encrypted data object 210 is now secured, it may be sent through a public or private computer network, or provided to the recipient in the form of digital media such as CDs, DVDs, Blu-Rays, USB storage or the like.

Preferably, in some situations, some form of security consideration is still put into practice with the

transmission of the encrypted data object 210 for best practice . Once the recipient user 206 receives the encrypted data object 210, the recipient user 206 may then contact the server 200 with a request to retrieve the necessary keys to decrypt the data object 210. In one embodiment, the server 200 enforces an authentication process 212 on the recipient 206 by checking and validating the identity of the recipient 206 prior to providing a key 214 to the recipient. The authentication process 212 may include a login/password check, a biometric check, a time delayed validation process, a telephone code check, a pass key check, an IP address check or a combination of one or more of these checks .

After the recipient user 206 is authenticated by the server 200 and is authorized to decrypt the data object 210, a key 214 may be provided to the recipient user 206 to decrypt the file. In one example embodiment, the recipient user 206 is given a key 214 which only decrypts certain portions of the encrypted data object 210 such that only portions of the data may be released to the recipient user 206. In another embodiment, the decryption of the data is restrictive such that certain usage permissions are enforced on the recipient 206. In these examples, it may be necessary to encrypt the data object with necessary information for third party software to control and enforce these permission settings. Examples of these third party software includes Secure Word™ or Adobe Acrobat™ reader which have permission controls capable of limiting the manipulation of a data file.

Alternative embodiments of a system for securing data are also described in WO2009/079708 which is incorporated herein by reference. These embodiments are advantageous in that the encryption key 208 which can be used to decrypt an encrypted object is transmitted separately from the encrypted data object 210. As such, the encrypted data object 210 may be transmitted in a less secure but more convenient channel. Even in the event that the encrypted data object 210 is copied by an unauthorised user, the object cannot be easily decrypted with known methods of decryption since the key 208 is not within the encrypted object .

In another embodiment, the server 200 is arranged to provide dummy keys to the sender computing device 204 and the recipient computing device 206. By transmitting and utilising dummy keys in the encryption process, hackers or other malicious parties listening to the transmissions from the server 200 may receive a plurality of keys without any reference or knowledge as to which of the dummy keys can in fact be used to decrypt the data object. The dummy keys may also be integrated with the genuine key such that the permutations between the dummy keys and the genuine keys render it unfeasible or impractical for a hacker to use the data for any meaningful purpose. Although the above provides improvements in

transmitting sensitive information, there is still a danger that the recipient's computing device 206, or parts thereof, may be misplaced or stolen after the encrypted data has been decrypted and stored on the computing device 206. The decrypted data might then be accessed by an unauthorised person. This problem is exacerbated when the recipient's computing device 206 is a mobile computing device, such as a mobile telephone, laptop or tablet computer and/or the recipient is operating in a hostile environment .

For example, a recipient operating in a military combat zone and using a mobile computing device to receive sensitive military information may be attacked while they are accessing the sensitive information. If the mobile computing device is dropped, or otherwise falls into the hands of the opposing forces, then the sensitive military information may be accessible by the opposing forces.

A computing device 300 that is arranged to provide additional security in respect of preventing access to confidential information is illustrated in Figure 3. In general, the computing device 300 is arranged so as to erase designated information, referred to hereinafter as confidential information, stored in the computing device 300 when a trigger condition is detected in accordance with a method 400 as illustrated in Figure 4.

It will be appreciated that, although the designated information is referred to hereinafter as confidential information, the designated information may be any appropriate information, including sensitive information or information of a private nature. In accordance with one embodiment, the method 400 comprises storing 402 confidential information in a data storage of the computing device 300. After detecting 404 a trigger condition, the method 400 comprises erasing 406 at least a portion of confidential information stored in the data storage when or after the trigger condition has been detected.

For example, the computing device 300 may be arranged to detect the computing device 300 falling through a particular height, which may be indicative of the

computing device 300 being dropped, and to erase any confidential information stored in the computing device 300 in response to the computing device 300 being dropped.

In this example, the computing device 300 is a mobile telephone, however it will be appreciated that the computing device may be any appropriate computing device including, but not limited to, a laptop computer, a tablet computer, or any of a variety of telemetry devices including smart electrical meters, airborne military reconnaissance systems and live reporting systems for military personnel .

The computing device 300 is in communication, via a network 302, with a server 304. In this example the network 302 is the Internet, however it will be

appreciated that any appropriate network may be used such as an intranet or a virtual private network, or any communication network using an appropriate communication protocol such as Internet Protocol Version 4 (IPv4) or Version 6 (IPv6 ) .

The computing device 300 comprises a memory 306 arranged to store programs including, for example, a software application for receiving and/or using

confidential information communicated to the computing device 300. The memory 306 may also comprise a volatile memory 308, such as random access memory (RAM), for storing confidential information. The stored programs and any stored confidential information are accessible by a processor 310 for operating the computing device 300.

The computing device 300 also comprises a display 312 to which the processor 306 is arranged to output program related information and the confidential information for viewing by the recipient. The computing device 300 also comprises an input interface 314, in this example a touch screen interface integrated with the display 312, so as to allow the recipient to interact with the computing device 300.

The computing device 300 also comprises a network interface 316 that is controllable by the processor 310 and that is in communication with the network 302 so as to allow the computing device 300 to be in network

communication with the server 304 and to receive

confidential information from the server 304.

The server 304 is arranged so as to communicate confidential information to the computing device 300. In this example, the server 304 is arranged to generate and store a key which can be utilised to encrypt or decrypt a data object. The server 304 may be arranged to receive a request for a key to encrypt a data file after which, when the file is encrypted and is required to be decrypted, the key is then provided to a recipient of the file after the recipient has been authenticated. The server 304 may be connected to a network arranged to allow further computing devices (not shown) operated by users, routines,

processors or the like to connect to the server 304 with requests to generate or obtain a key to encrypt or decrypt a data object. In one embodiment, the server 304 is implemented based on the server 200 described above, or in another embodiment, the server 304 is implemented based on a system for securing data described with reference to WO/2009/079708. The computing device 300 comprises a trigger

detection module, implemented in this example as a software module, arranged so as to detect a trigger condition, such as the aforementioned example of the computing device 300 being dropped. The computing device 300 is arranged, in response to detection of a trigger condition, to erase at least a portion of confidential information stored in the memory 306.

Although it will be appreciated that the confidential information can be stored in any part of the memory 306, it is advantageous for the computing device 300 to be arranged so as to only store the confidential information in the volatile memory 308. In this way, any confidential information stored in the volatile memory 308 will be erased when the computing device 300 is powered down.

The trigger detection module may be arranged so as to detect any appropriate trigger condition including, but not limited to:

turning off power to the computing device;

putting the computing device into sleep mode;

reading or otherwise using confidential information stored in the computing device;

inputting a command into the computing device to erase confidential information;

moving the computing device in a particular fashion; using a data item of the confidential information for a specific purpose after which the data item is no longer required;

closing a software application associated with receiving or using the confidential information; switching from a software application associated with receiving or using the confidential information to another application e.g. taking a phone call while using the confidential information;

entering a specific geographical area; and

a certain period in time, or during specific

intervals of time.

The computing device 300 may be configurable so as to erase the at least a portion of confidential information when at least one particular trigger condition exists. For example, the recipient may select one or more trigger conditions for which it is desirable, upon their

detection, for confidential information to be erased.

In addition, or alternatively, the computing device 300 may be configurable to erase certain types of

confidential information when a trigger condition is detected.

It may also be desirable for a third party, such as the creator or sender of the confidential information, to determine trigger conditions for erasing the confidential information and/or to determine certain types of

confidential information to be erased when a trigger condition is detected.

This may be done by specifying trigger condition data that is communicated by the third party to the computing device 300 and is usable by the programs stored therein. In this example, the trigger condition data overrides any settings of the recipient such that the third party controls conditions under which confidential information is erased rather than the recipient. The user may still configure the computing device 300 to erase the

confidential information in response to trigger conditions in addition to those defined in the trigger condition data .

The trigger condition data may be a portion of the confidential information, separate to the confidential information, or both. In one embodiment, the trigger condition data is communicated to the computing device 300 separately to the confidential information. In the example of Figure 3, the trigger condition data is communicated to the computing device 300 from a further server 318 via the network 302, and the confidential information is

thereafter communicated to the computing device from the server 304.

It will also be appreciated that the trigger

condition data may be arranged to apply to particular types of confidential information, recipients or groups of recipients of the confidential information, software applications associated with allowing the user to receive and/or use the confidential information, or hardware of the computing device 300. In this way, trigger condition data may be used to take into account various scenarios at the recipient's end, for example situations that may not have been known or envisaged by the creator or sender of the confidential information. For example, if the

computing device 300 of the recipient is a particular type of mobile phone, then the trigger condition data may be arranged to handle trigger conditions that may be

applicable to that particular type of mobile phone.

The confidential information may, for example, include encryptable data and authentication information associated with receiving and/or decrypting the

confidential information.

Types of confidential information that may be erased by the computing device 300 as defined by the trigger condition data or configuration of the computing device may include, but not be limited to:

the authentication information;

data items of the confidential information that are in the process of being used by the user;

all opened confidential information;

all confidential information within a certain data range ;

all designated information created or modified within a specific interval of time;

all designated information created or modified with specified hardware or hardware types, software or software types, or by specified people or groups of people;

all designated information created or modified with hardware or software when located in a specified range of geographical locations; and

all confidential information stored in the computing device . The computing device 300 may be arranged so as to erase authentication information associated with receiving and/or decrypting the confidential information as soon as the authentication information has been used and/or is no longer required. Erasing the authentication information in this manner is advantageous since, if the computing device 300 is obtained by an unauthorised user, the unauthorised user does not have access to the authentication

information and is consequently unable to receive and/or decrypt any further confidential information.

The computing device 300 may also be arranged so as to store authentication information in the volatile memory 308 such that the authentication information is erased when the computing device 300 is powered down.

In this example, the computing device 300 comprises an accelerometer 320 that is used as an input to the processor 310 so as to allow the computing device 300 to detect acceleration profiles, wherein the computing device 300 is arranged to perform a predetermined action, such as erasing confidential information, in response to detection of a particular acceleration profile.

The predetermined action performed by the computing device 300 may be to log out of or close the software application associated with receiving or using the confidential information, and/or erase at least a portion of the confidential information stored on the computing device .

The predetermined action performed by the computing device 300 may include, but not be limited to, the following examples :

immediately logging out of the software application associated with receiving or using the confidential information (a quick way to terminate the session) ;

requesting re-entry of a password or passcode before continuing;

erasing any confidential information that is in the process of being read;

erasing all opened confidential information; and erasing all confidential information stored on the computing device 300.

In one example, the computing device 300 is arranged to compare acceleration profiles of the computing device 300 with acceleration profile data stored in the memory 306 of the computing device 300 so as to allow detection of the particular acceleration profiles. The acceleration profile data may also comprise instructions for performing the predetermined action in response to detection of a particular acceleration profile The acceleration profile data may be indicative of particular acceleration profiles such as, but not limited to:

dropping the computing device 300 from a height of at least 0.5m, which may be useful in a combat situation wherein dropping the computing device 300 may be

indicative of the recipient being injured or killed;

moving the computing device 300 in a figure-of-eight motion;

shaking the computing device 300 back and forth at least twice with a specified minimum acceleration;

rapidly tilting the computing device 300 through an angle of at least 30° and back again, two times in a row; dropping the computing device 300 from one hand to the other by a height of at least 10 cm, then repeating; and/or

tapping the computing device 300 on a hard surface three times with a maximum force greater than a preset threshold .

The computing device 300 may be configurable by the user so as to define the acceleration profile data and/or the predetermined action performed by the computing device 300.

The acceleration profile data may be communicated to the computing device 300, for example by a creator or sender of the confidential information in a similar manner to the trigger condition data. In one example, the acceleration profile data is communicated to the computing device as part of the confidential information. In another example, the acceleration profile data is communicated to the computing device 300 separately to the confidential information via the further server 318, and is

communicated along with the trigger condition data.

It will be appreciated that the computing device 300 may be implemented as a computer program arranged, when loaded into a computing device, to instruct the computing device to operate in accordance with the computing device 300 of Figure 3.

It will also be appreciated that the computing device 300 may be implemented as a computer readable medium having a computer readable program code embodied therein for causing a computing device to operate in accordance with the computing device 300 of Figure 3.

It will also be appreciated that the computing device 300 may be implemented as a data signal having a computer readable program code embodied therein to cause a

computing device to operate in accordance with the computing device 300 of Figure 3.

Although not required, the embodiments described with reference to the Figures can be implemented as an

application programming interface (API) or as a series of libraries for use by a developer or can be included within another software application, such as a terminal or personal computer operating system or a portable computing device operating system. Generally, as program modules include routines, programs, objects, components and data files assisting in the performance of particular

functions, the skilled person will understand that the functionality of the software application may be

distributed across a number of routines, objects or components to achieve the same functionality desired herein .

It will also be appreciated that where the methods and systems of the present invention are either wholly implemented by computing system or partly implemented by computing systems then any appropriate computing system architecture may be utilised. This will include stand alone computers, network computers and dedicated hardware devices. Where the terms "computing system" and

"computing device" are used, these terms are intended to cover any appropriate arrangement of computer hardware capable of implementing the function described.

It will be appreciated by persons skilled in the art that numerous variations and/or modifications may be made to the invention as shown in the specific embodiments without departing from the spirit or scope of the

invention as broadly described. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive.

Any reference to prior art contained herein is not to be taken as an admission that the information is common general knowledge, unless otherwise indicated.

Although not required, embodiments described with reference to the Figures can be implemented to operate with any form of communication network operating with any type of communication protocol. Generally, where the underlying communication network or communication protocol includes additional routines, functionalities,

infrastructure or packet formats, the skilled person will understand that the implementation of embodiments

described with reference to the Figures may be modified or optimized for operation with these additional routines, functionalities, infrastructure or packet formats.

Although embodiments of this invention are useful with mobile devices, it will be appreciated that the invention may also be applied with non-mobile devices.