Abstract: Embodiments of the present invention provide a method, system and computer program product for bot detection for network distributable markup. In accordance with an embodiment of the present invention, a page request for distributed markup can be processed to incorporate embedded fragment within the requested page. For instance, the fragment can include a script enabled to detect human activity within the requested page such as a mouse movement. Alternatively, the fragment can include an extraneous markup artifact. The requested page subsequently can be returned to the requestor and the embedded fragment can be monitored to detect the presence of a bot depending upon the activation of the artifact. For example, where human activity can be detected within the page or where the extraneous markup artifact becomes activated despite the extraneous nature of the artifact, a human requestor can be concluded.

Abstract: A method and apparatus for grouping Light Weight Directory Access Protocol (LDAP) entries for signature generation. In one embodiment, the method includes grouping attributes of one or more repository entries to form a collection of values based on a pre-determined grouping policy. The method further includes generating a digital signature for the collection to authenticate any of the values in the collection.

Abstract: This invention relates to an advertisement machine which provides advertisements to a user searching for desired information within a data network. The machine receives, from a user, a search request including a search argument corresponding to the desired information and searches, based upon the received search argument, a first database having data network related information to generate search results. It also correlating the received search argument to a particular advertisement in a second database having advertisement related information. The search results together with the particular advertisement are provided by the machine to the user.

Abstract: The present invention is a system and method for subscribers to communicate electronically over the internet while meeting HIPAA confidentiality requirements. It entails establishing a secure virtual private network (VPN) or higher level domain and enrolling subscribers. Communications sent between subscribers via the VPN or domain have confidential information attached. Unsecured notifications can be sent to the receiving subscriber directing them to log on to the VPN or domain to retrieve the secured message.

Abstract: In general, techniques are described for managing multiple access policies in a network access control system. An endpoint device may send, to a policy decision point (“PDP”), a request to communicate on a network. When the PDP receives such an access request, the PDP typically identifies a set of access policies to be enforced with regard to the endpoint device and causes the identified access policies to be enforced with regard to the endpoint device. These access policies may specify rights to communicate on networks and/or rights to communicate with server resources and/or endpoint configuration requirements. However, because the endpoint device may issue multiple access requests, conflicting sets of access policies may potentially be enforced with regard to the endpoint device. The techniques described herein ensure that only a consistent set of access policies are enforced with regard to the endpoint device when accessing the network.

Abstract: A mechanism for enabling efficient encryption and integrity validation of network files. When a request to read a file stored in a local network file system is received, the local network file system examines cryptographic attributes associated with the file to determine if the file is encrypted or integrity-verified. If the cryptographic attributes indicate the file is encrypted, the local network file system omits the encryption of the file by the local network file system prior to passing the file to the remote network file system. If the cryptographic attributes indicate the file is integrity-verified, the local network file system omits the integrity-verification of the file by the local network file system prior to passing the file to the remote network file system. The local network file system then transmits the file to the remote network file system.

Abstract: A system, method, and computer program product to automatically eliminate the distribution information available for reconstruction from a disguised dataset. The invention flattens input numerical values into a substantially uniformly distributed dataset, then maps the uniformly distributed dataset into equivalent data in a target distribution. The invention allows the incremental encryption of new values in an encrypted database while leaving existing encrypted values unchanged. The flattening comprises (1) partitioning, (2) mapping, and (3) saving auxiliary information about the data processing, which is encrypted and not updated. The partitioning is MDL based, and includes a growth phase for dividing a space into fine partitions and a prune phase for merging some partitions together.

Abstract: An information processing apparatus is connectable to a user device over a network. The apparatus includes a processor. The processor transmits, in response to reception of a request for a particular item of content, an identification of a security scheme which is applicable to transmission of the particular item of content in accordance with a license policy. When the item of content can be received by the user device in the security scheme, the processor transmits the item of content in the security scheme.

Abstract: The present disclosure describes apparatus, methods, and system for secure access control of an intelligent electronic device (“IED”) by multiple personnel. Within the IED a set of basic permissions is defined. A software program allows a security administrator create specific roles from the basic permissions. The software program can then be used to assign to a user a specific role for one or more specific IEDs. This action creates a set of unique security keys for the user and a unique security file for each IED. When a user accesses an IED the system identifies the user from the security key and determines his/her permissions using the security file. The security key may take the form of a password inputted into the IED, an access device incorporated within the IED, and/or a remote access device positioned proximate the IED or removably positioned in the IED.

Abstract: An arrangement for performing active malicious web page discovery is provided. The arrangement includes a web monitor module, which is configured to monitor a plurality of potential suspicious unified resource locators (URLs). The arrangement also includes a crawler module, which is configured to download the plurality of potential suspicious URLs. The arrangement further includes a malicious page identifier (MPI), which is configured to verify a set of risk statuses for the plurality of potential suspicious URLs.

Abstract: A traffic management system sniffs data arriving at any point in a system. The sniffer operates to extract certain data from each address. This data could be, for example, the IP address data and the physical address data. The extracted data is then used to access different data bases to determine if matches occur. Time stamps, sequencing and other parameters of each piece of data entering a system are used to control data access.

Abstract: In an Internet fax, to receive an electronic mail document for fax transfer, if a password related to a control command for indicating a facsimile communication function is encrypted and set in the destination field or the main body of the received electronic mail, the encrypted password is decrypted and using the decrypted password, facsimile transfer of the electronic mail document is executed following the control command.

Abstract: A method executed on a server for unlocking digital content includes receiving a message corresponding to a request to access digital content embodied in digital readable form, associated with an electronic representation of a publication, sending a test that is based on the user having physical possession of the publication; receiving and evaluating an answer to the test to determine whether the correct answer was received; and if the answer was correct, providing access to the digital content associated with the electronic representation of the publication.

Abstract: The present invention comprises a novel system for managing changes to a graph of data bearing objects. In one embodiment, an object graph manager object referred to as an editing context is used to identify changes made to data bearing enterprise objects and to notify other interested objects when changes occur. As a result, data bearing objects need not themselves contain code necessary for monitoring changes. In another embodiment of the invention, the editing context is used to provide event-based “undo” capabilities. In another embodiment of the invention, each enterprise object has a primary key that is used to maintain the identification between an enterprise object instance and a corresponding database row. In another embodiment of the invention, multiple levels of editing contexts are used to provide multiple isolated object graphs, each of which allows independent manipulation of the underlying data bearing objects.

Abstract: The invention provides a business platform, a business entity management system, and a software module that can be used in conjunction with the software service framework. The invention mimics actual business relationships between business entities, and uses a software service module to configure the business entities into a network that comprises at least three generations of business entities, wherein role dependent associations mimicking real life business relationships are established between the business entities. The invention provides management of active content in a website and allows modification of the content by different business entities. Control of the active content is determined by precedence of the business entities.

Abstract: Implementations of configuring security mechanisms utilizing a trust system are described. In one implementation, a request to communicate is received at a protected device. Before permission to communicate can be granted, a list of trusted devices is accessed. If information, such as an identity or a secret, associated with the device sending the request to communicate correlates to information found on the list of trusted devices, then communication can be allowed. Otherwise, communication between the device and the protected device can be denied.

Abstract: Differential scanning is disclosed. A scan collection period is determined. A system is monitored to detect object events during the scan collection period, and a scan list may be updated with information regarding objects to be scanned, based on some of the object events. Objects are scanned based on the information in the scan list. Information regarding objects associated with object events occurring outside the scan collection period may be removed from the scan list.

Abstract: A method of managing online communities within an online community management system can include declaratively specifying a taxonomy of online community types, declaratively specifying a plurality of roles for members of online communities, and declaratively specifying a security policy that associates permissions with roles and online community types. A plurality of online community profiles can be maintained. Each online community profile can represent an online community, specify an online community type from the taxonomy, and specify a list of members of that online community as well as an associated role for each member. Access can be provided to a selected online community according to the online community type of the selected online community, a role within the selected online community that is associated with a user attempting to access the selected online community, and the security policy.

Abstract: A method and system for creation of customized documents over a network as well as for negotiation of contents for documents over a network (e.g., Internet) is disclosed. In one aspect, professional documents can be created in an automated manner. In another aspect, negotiation of documents (or their contents) can be performed in an automated manner. In either case, the customization and/or negotiation is efficient, cost-effective and useful.

Abstract: A system and method is disclosed for allowing content providers to protect against widespread copying of their content, while enabling them to give their customers more freedom in the way they use the content. In accordance with one embodiment, content providers identify their content as protected by watermarking the content. Consumers use compliant devices to access protected content. All of a user's compliant devices, or all of a family's devices, can be organized into an authorized domain. This authorized domain is used by content providers to create a logical boundary in which they can allow users increased freedom to use their content.