Claims:
1. A method of securely transferring master keying material between a
master dongSe and a siave dongie,
wherein the siave dongie contains a pubiic key and a private key,
wherein the master dongie contains master keying material, and wherein the master keying material is for ailowing users of the dongles to securely access encrypted data;
the method comprising:
connecting the master dongie and the siave dongie to a data transfer system;
transferring the siave dongie's pubiic key to the master dongie via the data transfer system;
using the siave dongie's pubiic key at the master dongie to encrypt the master keying material and hence produce encrypted master keying material at the master dongie;
transferring the encrypted master keying materiai to the siave dongie via the data transfer system;
decrypting the encrypted master keying material with the siave dongie's private key at the siave dongie; and
storing the master keying material at the siave dongie;
such that a user of any of the dongles can use the master keying material to decrypt data encrypted by the same dongie or the other of the dongles.
2. The method of daim 1 wherein the master keying material is randomly generated when the master dongie is first used, preferably wherein the master keying materia! is generated using a FIPS random number generator,
3. The method of ciaim 1 or 2 wherein, before the step of transferring the siave dongie's public key to the master dongie over the data transfer system, the method may comprise the steps of:
unlocking the master dongie via a master dongie user authentication system, wherein unlocking the master dongie allows the master dongie to send and receive data;

and, in the case where the slave dongle is not factory reset, unlocking the siave dongie via a slave dongle user authentication system, wherein unlocking the siave dongle allows the siave dongle to send and receive data.
4. The method according to any preceding claim, comprising
scrambling the slave dongle's public key using a predeterrnined scrambling
algorithm prior to transferring the slave dongle's public key, and
unscrambling the siave dongle's public key at the master dongle after transferring sfave dongle's public key and prior to encrypting the master keying material.
5. The method according to any preceding claim, wherein the master dongle is a first removable dongle, and wherein the slave dongle is a second removable dongle.
6. The method according to any preceding claim, wherein the siave dongle's private key and the unencrypted master keying material are not transferred to or read by the data transfer system.
7. The method according to any preceding claim, wherein a piurality of slave dongies are provided, each having a respective public key and a respective private key; and
wherein the method comprises, for each slave dongie in turn: transferring the slave dongle's public key to the master dongle; encrypting the master keying material with the slave dongle's public key at
the master dongie;
transferring the encrypted master keying material to the slave dongle; and decrypting the encrypted master keying material with the slave dongle's
private key at the slave dongle.
8. A method of sharing data securely between authorised computing
devices, wherein
a first computing device is connected to a first slave dongie and a second computing device is connected to a second slave dongle,
the first and second slave dongies having been programmed with the same master keying materia! by the method of any preceding claim,

the method comprising: encrypting first data using the first slave dongle with the master keying material stored in the first siave dongie;
transferring the encrypted first data, optionaily across a network, to the second computing devsce;
decrypting the encrypted first data using the second slave dongle; and
transferring the unencrypted first data from the second slave dongle to the second computing device.
9. A system for secureiy transferring master keying materiai between a
master dongie and a siave dongle, the system comprising:
a data transfer system;
a master dongle containing a master processor, and master keying material; and
a slave dongie containing a slave processor, a slave public key and a slave private key;
wherein the data transfer system has a plurality of ports for connecting to the master dongie and to the slave dongle;
the data transfer system being configured to transfer the siave dongie's public key to the master dongie;
the master dongle being configured to encrypt the master keying material using the slave dongie's public key to produce an encrypted master keying material;
the data transfer system being configured to transfer the encrypted master keying material to the slave dongle; and
the slave dongle being configured to decrypt the encrypted master keying material using the slave dongie's private key and to store the master keying material at the slave dongle such that a user of any of the dongles can use the master keying material to decrypt data encrypted by the same dongle or the other of the dongles.
10. The system of claim 9, wherein the master dongle comprises a
master dongle user authentication system, the slave dongie comprises a slave
dongle user authentication system, and/or the data transfer system comprises a
data transfer system user authentication system, wherein the dongles and/or data
transfer system are configured to require an authorisation code input at a

respective user authentication system before allowing transfer of data between the dongles.
11. The system of claims 9 or 10 wherein the master dongle is configured to generate random keying materia! when the master dongte is first used, preferably wherein the master keying materia! is generated using a FIPS random number generator.
12. The system according to any of claims 9 to 11, wherein the siave dongle is configured to scrambie the slave dongie's pubiic key using a predetermined scrambling algorithm prior to transferring the siave dongie's pubiic key, such that the data transfer system transfers a scrambled slave dongie's public key; and
the master dongle contains the scrambling algorithm and is configured fo unscramble the scrambled slave dongie's public key prior to encrypting the master keying material,
13. The system according to any of claims 9 to 12, wherein the system
comprises a plurality of slave dongles, each having a respective public key and a
private key; and
the data transfer system contains at least three ports, wherein one port is for connecfing to the master dongle and the at least two other ports are for connecting to at least two of the plurality of slave dongles;
wherein the system is configured to secureiy transfer the master keying material to each slave dongle in turn.
14. A system for secureiy communicating data between users, the
system comprising;
a first compufing device coupled to a first siave dongle,
a second computing device coupled to a second dongle, wherein the second dongle is a second siave dongle or a master dongle,
wherein the master and slave dongles have been configured using the method according to any of claims 1 to 7 or wherein the master and slave dongles have been configured by the system according to any of claims 9 to 13;

wherein, when the first computing device is used to send first data to the second computing device, the first computing device is configured to send the first data to the first siave dongle,
the first siave dongie is configured to encrypt the first data using the master keying material, and
the first device is configured to send the encrypted first data to the second computing device, optionaiSy via a network, and wherein
the second computing device is configured to receive the first encrypted data and send the first encrypted data to the second dongie,
the second dongie is configured to decrypt the first encrypted data using the master keying material and to send the decrypted first data to the second computer device.
15. The system according to any of claims 13, wherein each dongie is configured to require a user Identification to uniock the dongie for use, preferably wherein each dongie nas a piurality of buttons and the user Identification is a code to be input by pressing the buttons in a predetermined order.
16. The system of claim 13 or 14further comprising a server, wherein each dongie is configured to have an identification and configured to require an authorisation code from the server in order to perform encryption and decryption, and
wherein the server is configured to have a whitelist or a blackiist of dongie identifications such that unauthorised dongles having the master keying material are excluded from communicating with authorised dongles having the master keying material.
17. A dedicated device for securely transferring master keying material
between a master dongie and a siave dongie,
the dedicated device comprising a piurality of ports for connecting to the master dongie and to the siave dongie;
the dedicated device being configured to request a public key from the siave dongie and to transfer the public key to the master dongie, and to request encrypted master keying material from the master dongie and transfer the encrypted master keying material to the siave dongie.