Abstract: The present invention is directed to a network switch that determines when specific content is hot and directs flow to one or more cache servers. The architecture of the present invention includes a decryption processor for authenticating clients and decrypting and encrypting transaction requests before the transaction requests are routed by the switch.

Abstract: An apparatus collects information stored in a host computer through a network. A correspondence acquirement unit acquires a correspondence between an information identifier of requested information and host identifiers of a plurality of host computers each of which stores the requested information. A first decision unit decides at least one host computer to retrieve the requested information by referring to the correspondence. A second decision unit decides a retrieval method used for each host computer decided by the first decision unit from a plurality of retrieval methods. A retrieval unit indicates retrieval of the requested information based on the retrieval method decided by the second decision unit and each host computer decided by the first decision unit.

Abstract: A system for managing packets incoming to a data router has a local packet memory (LPM) mapped into pre-configured memory units, to store packets for processing, an external packet memory (EPM), a first storage system to store packets in the LPM, and a second storage system to store packets in the EPM. The system is characterized in that the first storage system attempts to store all incoming packets in the LPM, and for those packets that are not compatible with the LPM, relinquishes control to the second system, which stores the LPM-incompatible packets in the EPM.

Abstract: A method for securing the chronological integrity of files prior to archiving of the files, involving an exchange between a client and a Time Source Provider, the method comprising the steps of: the client generating a Public and a Private Key pair; the client generating attributes of the to be archived files; encrypting the client's files utilizing the client's Public Key; transmitting the encrypted data attributes and key signature to said Time Source Provider; the Time Source Provider creating a TimeMap containing the current time, time calibration data, file attributes and client encryption key signature; and the Time Source Provider providing the client data and time map back to the client.

Abstract: A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU's hardware resources so that they can be shared between security functions and other functions performed by the same CPU.

Abstract: In a computer network having a plurality of computer nodes, a directory database (DDB) distributed throughout the network in each of the nodes, the contents of the DDB being maintained consistent or replicated throughout the network in a manner to avoid a single point of failure through the use of one of its nodes having been appointed as master node. The master node has a privileged status as compared to the other nodes. The master node updates each DDB in each node in its network or domain configuration when the configuration changes, such as when a node fails, a network link fails and/or a node is added or removed. A node can be added to or removed from the configuration through the master node or through a non master node. A node can fail under different circumstances in which it may or may not know which node is its master node. A master node can fail and be replaced or can be replaced for other reasons.

Abstract: An apparatus and method for generating pseudo-random cryptographic keys in a cryptographic communications system, whereby, given a common set of initializing configuration data, the pseudo-random cryptographic keys can be duplicatively generated by various independent pseudo-random key generators of the cryptographic communications system. In accordance with the preferred embodiment of the present invention, users of the communications system can each possess an independent pseudo-random key generator to securely communicate with other users also holding independent pseudo-random key generator that share the same initialization configuration data, no matter where the other users are located or whether the users are connected via wire or wireless communication network. The present invention facilitates secure communication without the need to transport decryption keys in advanced, thereby reducing the risk of the secure communication becoming compromised via interception of decryption keys.

Abstract: A method in a node for managing authorized attempts to access the node. A packet is received from a source, wherein the packet includes a first key. A determination is made as to whether the first key matches a second key for the node. The packet is dropped without a response to the source if the first key does not match the second key. Information from the packet is stored in response to this absence of a match. The information is sent to a selected recipient in response to a selected event, which may be, for example, either immediately or in response to polling to see if the information is present.

Abstract: An internal data storage unit stores distributed music data. A copyright management table stores a process right to each music data item. The process right includes a playback right and a right to copy the data to an external storage medium. A control unit refers to the stored process right to determine whether an inputted instruction can be executed. If determining that the instruction can be executed, the control unit supplies a control signal to a playback unit or another relevant process unit. A display unit displays the stored process right based on an operation mode set in a mode storage unit. The playback and copy rights to the data are displayed with icons. If an icon indicating a copyright in use is selected, information is displayed about the external medium to which the data was copied. If the inputted instruction cannot be executed, a warning screen is displayed.

Abstract: An object is authenticated by transmitting a random number to the object. The object has an integrated circuit chip including a memory and encryption circuitry. The memory stores information defining an encryption scheme preassigned to the object. The encryption circuitry reads the memory, and encrypts the random number according to the encryption scheme defined by the information read from the memory to produce encrypted data. The memory cannot be read from any output of the integrated chip, and the chip is constructed so that it is virtually impossible to recover the information contained in the memory by visual inspection, probing, or disassembly of the chip. The object is authenticated by checking whether the encrypted data is a correct result of encrypting the data using the encryption scheme pressigned to the object.

Abstract: A system and method determine whether a called code frame has a requested permission available to it, so as to be able to execute a protected operation. A code frame is contained within a code assembly received from a remote or local resource location. A policy manager generates a permission grant set containing permission grant objects associated with the code assembly. Both the permission grant set and the code assembly are loaded into a runtime call stack for runtime execution of one or more code frames. Calls to other code frames may involve loading additional code assemblies and permission grant sets into the runtime call stack. In order for a called code frame to perform a protected operation, the code frame demands a requested permission from its calling code frame and all code frames preceding the calling code frame on the runtime call stack as part of a stack walk operation.

Abstract: The invention relates to a method for adjusting the data transmission rate in a fieldbus system (10) which is suitable to control safety-critical processes and which comprises at least one subscriber (12, 14) connected to a fieldbus (20), wherein in a first phase the subscriber/subscribers log on at a unit (30/central unit) centrally connected to the fieldbus with a first low data transmission rate. In a second phase the central unit (30) sets the data transmission rate at the subscriber/subscribers (12, 14) to a predetermined higher second value. In a third phase the subscriber/subscribers (12, 14) log on again at the central unit with a higher data transmission rate; and the central unit (30) shuts down the fieldbus (20) if it detects a deviation of the number of subscribers (12, 14) logged on in the first and the third phase.