Abstract: Restricted execution contexts are provided for untrusted content, such as computer code or other data downloaded from websites, electronic mail messages and any attachments thereto, and scripts or client processes run on a server. A restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria. Whenever a process attempt to access a resource, a token associated with that process is compared against security information of that resource to determine if the type of access is allowed. The security information of each resource thus determines the extent to which the restricted process, and thus the untrusted content, has access. In general, the criteria used for setting up restrictions for each untrusted content's process is information indicative of how trusted or untrusted the content is likely to be.

Abstract: The disclosed system uses a challenge-response authentication protocol for datagram-based remote procedure calls. Using a challenge-response authentication protocol has many advantages over using a conventional authentication protocol. There are two primary components responsible for communication using the challenge-response protocol: a challenge-response protocol component on the client computer (client C-R component) and a challenge-response protocol component on the server computer (server C-R component). In order to start a session using the challenge-response protocol, the client C-R component first generates a session key. The session key is used by both the client C-R component and the server C-R component for encrypting and decrypting messages. After creating the session key, the client C-R component encrypts a message containing a request for a remote procedure call and sends it to the server C-R component. In response, the server C-R component sends a challenge to the client C-R component.

Abstract: Restricted execution contexts are provided for untrusted content, such as computer code or other data downloaded from websites, electronic mail messages and any attachments thereto, and scripts or client processes run on a server. A restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria. Whenever a process attempt to access a resource, a token associated with that process is compared against security information of that resource to determine if the type of access is allowed. The security information of each resource thus determines the extent to which the restricted process, and thus the untrusted content, has access. In general, the criteria used for setting up restrictions for each untrusted content's process is information indicative of how trusted or untrusted the content is likely to be.

Abstract: An improved computer network security system and method wherein access to network resources is based on information that includes the location of the connecting user. In general, the less trusted the location of the user, the more the access rights assigned to the user are restricted. A discrimination mechanism and process determines the location of a user with respect to categories of a security policy, such as to distinguish local users, intranet users and dial-up users from one another. Based on information including the location and the user's credentials, an access token is set up that may restrict the user's normal access in accordance with the security policy, such as to not restrict a user's processes beyond the user-based security information in the user's normal access token, while further restricting the same user's access to resources when connecting via a dial-up connection.

Abstract: A method and mechanism for interprocess communication between a thread of a client application and a thread of a server application. The mechanism includes a server listening thread and a client listening thread. The client thread sends a request to a server listening thread, and the server listening thread places the request in a message queue associated with the server thread. The request is received at the server thread and dispatched to a remote procedure for processing. Reply data received back from the remote procedure is sent to the client listening thread. The client listening thread notifies the client thread when the reply is received and gives the reply to the client thread.

Abstract: A method and system for delayed registration of a remote protocol for communicating between a client computer system and a server computer system. The server computer system has a communications process that registers a plurality of protocols. When the client process needs to communicate with the server process, it sends a request to the communications process along with an indication of the protocols that it supports. The communications process selects a protocol that is supported by both the client computer system and the server computer system and directs the server process to register that protocol. The communication process provides the server endpoint for that protocol to the client process which can then communicate directly with the server process.

Abstract: A method and mechanism for efficiently handling connections in a computer system between client sockets and data sockets of a server. The server includes a receive-any thread having a socket mask associated therewith to listen for new connection requests and for activity on data sockets handled thereby. The server further includes receive-direct threads associated with at least some of the data sockets for handling data communication. When a receive-direct connection has no activity for a period of time, the connection is migrated to a receive-any connection. When a receive-any connection becomes active, the connection is migrated to a receive-direct connection if a receive-direct thread is available.

Abstract: The procedure for Over-The-Air Parameter Administration (OTAPA) utilizes the over-the-air programming protocol and procedures which support the Over-The-Air Service Provisioning (OTASP) feature in accordance with established industry standards (TIA/EIA/IS-683). The mobile phone is programmed with a service option for changing the NAM parameters including an identification number for this option. The network base station sends a message to the mobile phone using the identification number and, if the mobile phone has OTAPA capability, it responds indicating support. The base station then transmits message telling the mobile station to proceed to the Traffic Channel and inquires whether the encryption mode is enabled, proceeding with the OTAPA only if the encryption mode is enabled. Once on the Traffic Channel, a Parameter Change Code (PCC) is sent. If the PCC is verified by the mobile unit, the base station proceeds to update the parameters and store the updated parameters into the phone's memory.

Abstract: The base station of a wireless communications network determines what features a mobile station will support, then downloads information to the mobile station which will notify the mobile station of which network features are available and how they may be accessed in the local network. Specifically, the base station provides the features codes that are required to access the network features. The base station may also inquire into what features the mobile station supports. Each of these communications may take place over the combination of the Paging Channel/Access Channel, collectively, the Control Channel, or the Traffic Channel. With the downloaded information, the mobile station user may select a desired feature using the method to which he or she is accustomed, i.e., either by selecting a menu location or by entering a familiar sequence of keystrokes. The mobile station's internal processor converts the entered values into the feature codes corresponding to the selected features within the network.

Abstract: A method is disclosed for operating a mobile station (10) that includes the steps of (a) storing in the mobile station a SPC derived at least in part from a multi-bit secret pattern that is stored in the mobile station for use in a mobile station authentication process; (b) entering a SPC into the mobile station; (c) comparing in the mobile station the entered SPC to the stored SPC; and (d) only if the entered SPC and the stored SPC are found to be equal, enabling a desired function to be performed. The multi-bit secret pattern is preferably an A-key, and the SPC is preferably a checksum derived from an algorithmic combination of the A-key and an electronic serial number of the mobile station. The SPC may also be derived from at least one further mobile station parameter, such as the mobile station identification number (MIN) or the international mobile station identity (IMSI).

Abstract: A computer-implemented method selects a desired copy of a particular interface in a computer system that includes a client computer and a server computer. The method includes, at the server computer, annotating the desired copy of the interface with an identifier, and, at the client computer, selecting the desired copy of the interface based on the associated identifier. The annotating and selecting steps may be implemented using the RPC protocol.