Abstract: A security system with methodology for defending against security breaches of peripheral devices is described. In one embodiment, for example, a method is described for protecting a computer from security breaches involving devices that may be attached to the computer, the method comprises steps of: when a device is first attached to the computer, specifying authorization information indicating that the device is allowed to communicate with the computer; detecting detachment of the device from the computer; updating the authorization information to indicate that the device is no longer authorized to communicate with the computer; and upon reattachment of the device, blocking communication with the device while the device remains unauthorized, thereby preventing a security breach involving the device.

Abstract: A computer-implemented system providing Web-based royalty processing and reporting is described. In one embodiment, for example, a computer-implemented method of the present invention for automatic identification of media items subject to royalty obligations, includes steps of: receiving sales input from a user comprising media items subject to royalty obligations; parsing the sales input to extract for each media item a set of fields characterizing that media item; deriving a plurality of signatures for each media item, based on different combinations of the fields for that media item; comparing the derived signatures for each media item against a database storing signatures of known media items; based on the comparison, automatically identifying media items present in the sales input; and reporting the automatically identified media items to the user.

Abstract: A computing environment with methods for monitoring access to an open network such as the Internet, is described. The system includes one or more client computers, each operating applications (e.g., Netscape Navigator or Microsoft Internet Explorer) requiring access to an open network, such as a WAN or the Internet, and a router or other equipment that serves a routing function (e.g., a cable modem) for the client computers. A centralized security enforcement module on the router maintains access rules for the client computers and verifies the existence and proper operation of a client-based security module on each client computer. The router-side security module periodically sends out a router challenge via Internet broadcast to the local computers on the network. If the client-side security module is installed and properly operating, the client-side security module responds to the router challenge. The responses received by the router-side security module are maintained in a table.

Abstract: A security system with methodology for interprocess communication control is described. In one embodiment, a method for controlling interprocess communication is provided that includes steps of: defining rules indicating which system services a given application can invoke; trapping an attempt by a particular application to invoke a particular system service; identifying the particular application that is attempting to invoke the particular system service; and based on identity of the particular application and on the rules indicating which system services a given application can invoke, blocking the attempt when the rules indicate that the particular application cannot invoke the particular system service.

Abstract: A security system with methodology providing verified secured individual end points is described.

Abstract: System and methodology for intrusion detection and prevention is described. In one embodiment, for example, a method is described for detecting and preventing network intrusion, the method comprises steps of: defining intrusion descriptions specifying exploits that may be attempted by malicious network traffic, the intrusion descriptions indicating specific applications that may be targeted by individual exploits; for a particular application participating in network communication, deriving a subset of the intrusion descriptions specifically applicable to that particular application; using the subset of the intrusion descriptions specifically applicable to that application, monitoring network traffic destined for the particular application for detecting an attempted network intrusion; and if a network intrusion is detected, blocking network traffic destined for the particular application determined to comprise an exploit.

Abstract: A database system with methodology for generating bushy nested loop join trees is described. In one embodiment, for example, an improved method is described for optimization of a query requesting data from a database, the method comprises steps of: generating a left deep operator tree for returning data requested by the query based on traversing a left deep operator tree search space; transforming the left deep operator tree into a semantically correct structure for returning data requested by the query; and building a query execution plan for returning data requested by the query based on the semantically correct structure.

Abstract: A development system with methodology providing optimized message parsing and handling is described. In one embodiment, for example, a computer-implemented method is described for improved processing of certain types of messages, the method comprises steps of: loading metadata at design time, the metadata characterizing a particular message type; based on the metadata, automatically generating source code for creating runtime components highly optimized for the particular message type; compiling the source code into the runtime components, for deployment in a runtime environment; and at runtime, processing messages of the particular message type with the runtime components, so that messages are processed in a manner that is highly optimized for the particular message type.

Abstract: A secured database system with built-in antivirus protection is described. In one embodiment, for example, a method of the present invention is described for securing a database system, the method comprises steps of: provisioning storage from a storage device, for storing database information; generating an encryption key so that the database information is stored on the storage device in an encrypted manner; generating a decryption key for decrypting the database information stored on the storage device, wherein access to the decryption key is controlled by the database system based on user privileges; receiving a request from a user for access to the database information; determining whether the user has been granted sufficient privileges to access the database information; if the user has been granted sufficient privileges, automatically decrypting the database information to provide the access; and otherwise denying the request if the user has not been granted sufficient privileges.

Abstract: A method for temporarily storing data objects in memory of a distributed system comprising a plurality of servers sharing access to data comprises steps of: reserving memory at each of the plurality of servers as a default data cache for storing data objects; in response to user input, allocating memory of at least one of the plurality of servers as a named cache reserved for storing a specified type of data object; in response to an operation at a particular server requesting a data object, determining whether the requested data object is of the specified type corresponding to the named cache at the particular server; if the data object is determined to be of the specified type corresponding to the named cache, storing the requested data object in the named cache at the particular server; and otherwise, using the default data cache for storing the requested data object.

Abstract: A system providing methodology for consolidation of financial information is described.

Abstract: A database system providing encrypted column data support with decrypt default functionality. In a database system, a method providing automated encryption support for column data comprises steps of: defining Structured Query Language (SQL) extensions for creating and managing column encryption keys and database tables with encrypted column data; receiving an SQL statement specifying creation of a column encryption key; receiving an SQL statement specifying creation of a database table having particular column data encrypted with the column encryption key; receiving an SQL statement specifying a default value to be provided in response to requests for the column data without decrypt permission; in response to a subsequent database operation requesting encrypted column data from a user with decrypt permission, automatically decrypting the column data; and in response to a subsequent database operation requesting the encrypted column data from a user without decrypt permission, returning the default value.

Abstract: A system providing a secure lockbox methodology for protecting sensitive information is described. In one embodiment, the methodology includes steps of receiving input of sensitive information from a user; computing a data shadow of the sensitive information for storage in a repository; based on the data shadow stored in the repository, detecting any attempt to transmit the sensitive information; and blocking any detected attempt to transmit the sensitive information that is not authorized by the user.

Abstract: System providing methodology for optimizing data transfer in a distributed environment is described.

Abstract: A distributed database system providing data and space management methodology. In a distributed system consisting a plurality of servers sharing access to data pages, a method for setting a timestamp indicating when modifications to data pages are made in a non-regressing fashion includes steps of: maintaining a local sequence at each server and an allocation page timestamp on an allocation page; upon allocation of a data page, applying a timestamp to the data page which is greater than the allocation page timestamp; upon modification of a given data page at a particular server, setting the timestamp on the given data page to the greater of the local sequence at the particular server and an existing timestamp already on the given data page; and when data pages are deallocated, adjusting the allocation page timestamp to a value greater than the timestamp value on any deallocated data page.

Abstract: System and methodology for performing Bayesian-based distributed query processing is provided that solves the problem of how to get each server participating in a Bayesian distributed search system to return the same accurate relevance score for different documents. By performing calculations in a two-step process, accurate Bayesian calculation results are obtained whilst distributing the document indexing and query processing.

Abstract: A system and methodology for processing of path based queries is described. In one embodiment, a method for processing a path based query requesting data from a markup language document comprises steps of: parsing the path based query requesting data to generate a query tree corresponding to the path based query; identifying all paths which may be utilized for obtaining data requested by the path based query from the markup language document; creating a transformed query tree to represent all identified paths; generating a query plan for obtaining data requested by the path based query based on the transformed query tree; and executing the query plan to obtain and return the data requested by the path based query.

Abstract: A database system providing SQL extensions for automated encryption and decryption of column data is described. In one embodiment, for example, in a database system, a method is described for providing automated encryption support for column data, the method comprises steps of: defining Structured Query Language (SQL) extensions for creating and managing column encryption keys, and for creating and managing database tables with encrypted column data; receiving an SQL statement specifying creation of a particular column encryption key; receiving an SQL statement specifying creation of a database table having particular column data encrypted with the particular column encryption key; and in response to a subsequent database operation that requires the particular column data that has been encrypted, automatically decrypting the particular column data for use by the database operation.

Abstract: System and methodology providing a secure workspace environment is described. In one embodiment, for example, in a computer system, a method is described for creating a secured workspace within an existing operating system for allowing users to run applications in a secured manner, the method comprises steps of: creating a policy for configuring the secured workspace, the policy specifying how information created during operation of the applications may be accessed; hooking particular functions of the operating system in order to obtain control over the information created during operation of the applications; during operation of the applications, encrypting the information to prevent unauthorized access; in response to a request for access to the information, determining whether the request complies with the policy; and if the request complies with the policy, satisfying the request by providing access to a decrypted copy of the information.

Abstract: A security system providing methodology for cooperative enforcement of security policies during SSL sessions is described. In one embodiment, for example, a method is described for controlling SSL (Secure Sockets Layer) communication, the method comprises steps of: defining rules indicating conditions under which a machine is permitted to participate in an SSL session; trapping an attempt by a particular application running on the machine to participate in an SSL session, by intercepting the particular application's attempt to provide authentication; determining whether the machine complies with the rules; allowing the attempt to succeed when the machine complies with the rules; and otherwise blocking the attempt when the machine does not comply with the rules.