Abstract: A method for producing a suspension, emulsion or dispersion of de-agglomerated particles (advantageously submicron-sized particles) of pyrithione salts comprising contacting agglomerated pyrithione salt particles with a de-agglomerating agent to produce the desired de-agglomerated pyrithione salt particles. Also disclosed is a method for making de-agglomerated submicron-sized particles of pyrithione salts comprision a heating step. Also disclosed are the particles made by the above methods and compositions comprising the particles and a base medium.

Abstract: Performing security sensitive operations with an application security model. Security agnostic code is executed. The security agnostic code is identified as not having authorization to perform a security sensitive operation. Executing the security agnostic code includes calling code identified as security safe critical code. In response to the security agnostic code calling the security safe critical code, the security safe critical code is executed. The security safe critical code includes functionality for performing validity checks. Executing the security safe critical code includes performing an validity check for the security agnostic code. When the security agnostic code passes the validity check, code identified as security critical code is called. In response to the security safe critical code calling the security critical code, the security critical code is executed. The security critical code is authorized to perform the security sensitive operation.

Abstract: A method for providing single sign-on (SSO) user names for Web cookies in a multiple user information directory environment. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated.

Abstract: A system for providing single sign-on (SSO) user names for Web cookies. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name provided by the disclosed system is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated.

Abstract: A system for providing single sign-on (SSO) user names for Web cookies in a multiple user information directory environment. SSO access to multiple applications is supported in situations where multiple user information directories are deployed, and users may be known by multiple identifiers. Convenient specification is enabled for which of a user's multiple names is to be used in an SSO Web cookie that is passed from application to application to enable SSO operation. The user's SSO Web cookie user name is fully separated conceptually from the user's effective name for any given application within the SSO environment. The SSO Web cookie user name provided by the disclosed system is specified independently from the effective name by which the user is known when operating in the Web application that writes the SSO Web cookie back to the user's computer system. Use of an administratively supplied user name in the SSO Web cookie is facilitated.

Abstract: The subject disclosure pertains to a domain identification system, comprising a principal that has a key and a mnemonically meaningless identifier, the mnemonically meaningless identifier is used to identify the component in a networked environment. The mnemonically meaningless identifier can be bound to the public key by a binding. The component may be part of a neighborhood of components, and each member component knows the members' binding.

Abstract: A workflow, enterprise, and mail-enabled application server and platform supports distributed computing and remote execution of web applications. Lotus Domino online services (DOLS) is used by a web site administrator to configure Internet Notes (iNotes) clients to auto download from server, thus providing iNotes clients with web access using HTTP with various browsers, and with local processing and replication. A local run time model comprises a hierarchy of models including object data store model, security model, indexing model, replication model, agent workflow model and mail model. DOLS provides a layered security model that allows flexibility for controlling access to all or part of an application. The highest level of security is managed through a database access control list (ACL). Further refinements within the security model provide access to specific documents, and their views, forms or folders, and include read access lists, write access lists, form access lists and readers and authors fields.

Abstract: A method for producing a suspension, emulsion or dispersion of de-agglomerated particles (advantageously submicron-sized particles) of pyrithione salts comprising contacting agglomerated pyrithione salt particles with a de-agglomerating agent to produce the desired de-agglomerated pyrithione salt particles. Also disclosed is a method for making de-agglomerated submicron-sized particles of pyrithione salts comprision a heating step. Also disclosed are the particles made by the above methods and compositions comprising the particles and a base medium.

Abstract: A method for producing a suspension, emulsion or dispersion of de-agglomerated particles (advantageously submicron-sized particles) of pyrithione salts comprising contacting agglomerated pyrithione salt particles with a de-agglomerating agent to produce the desired de-agglomerated pyrithione salt particles. Also disclosed is a method for making de-agglomerated submicron-sized particles of pyrithione salts comprision a heating step. Also disclosed are the particles made by the above methods and compositions comprising the particles and a base medium.

Abstract: The present invention relates to non-spherical and/or non-platelet pyrithione particles. Also disclosed is a method for producing non-spherical and/or non-platelet particles of pyrithione salts, comprising reacting pyrithione acid or a water-soluble salt of pyrithione and a water-soluble polyvalent metal salt in the presence of an ionic surfactant composition at temperature from about 20° C. to about 60° C. and at a pH from 4-9 to produce non-spherical and/or non-platelet particles of pyrithione salts. The present invention further relates to particles made by the above methods and products, such as shampoos, soaps, and skin-care medicaments made using these particles.

Abstract: A system in which an encrypted data file can be protected, accessed, and maintained by a plurality of users using cryptographically hashed passwords. The system provides for the creation in memory for each authorized user of a cryptographically hashed password as an entry in an unencrypted header file. The system compares an authorized user's cryptographically hashed password against a corresponding set of cryptographically hashed passwords in memory to determine whether the user is allowed access to the protected data file. The passwords are cryptographically one-way hashed with a “salt” value in such a way as to make reconstruction of original passwords by an unintended party virtually impossible, because the passwords never exist in memory in an unhashed state. Furthermore, the passwords are cryptographically “one-way” hashed so as not to be reconstructible.

Abstract: A method and apparatus for updating the password status of one or more servers in a client/server environment utilizes multiple passwords associated with a client process, including a current password and one or more non-current passwords. Each password has associated therewith a key and a key identifier. If upon an attempted access, a server process challenges the client process with a non-current key identifier, the client process provides the corresponding key associated with the non-current password. Once access to the server is achieved, the key identifier associated with the current password is supplied to the server process by the client process. In a networked server environment, the updated server process may provide the updated key identifier to other server processes which have knowledge of the client profile.

Abstract: A portable medium containing client process identification information for use with a computer system requiring authentication prior to access thereto includes data identifying the client process and a plurality of data sets, each associated with a password, one of the passwords being designated as current. In one embodiment, the medium contains the passwords while in another embodiment, the medium contains keys at least partially derived from the passwords. The computer system with which the portable medium interfaces determines whether any of the data associated with the passwords matches authentication data previously stored in the computer system and associated with the client process. If a match occurs, the client process is allowed to access the system. If the data upon which access is based is not associated with a current password, the computer system will read the data associated with the current password and update its corresponding authentication data associated with the client process.

Abstract: The present invention relates to non-spherical and/or non-platelet pyrithione particles. Also disclosed is a method for producing non-spherical and/or non-platelet particles of pyrithione salts, comprising reacting pyrithione or a water-soluble salt of pyrithione and a water-soluble polyvalent metal salt in the presence of a dispersant at a temperature from about 20.degree. C. to about 60.degree. C. to produce non-spherical and/or non-platelet particles of pyrithione salts. The present invention further relates to particles made by the above methods and products, such as shampoos, soaps, and skin-care medicaments made using these particles.

Abstract: An apparatus for forwarding a data packet from a first link to a second link is disclosed. The apparatus is coupled with a plurality of computer networks through ports on the apparatus. The apparatus maintains a spanning tree list indicating which of the apparatus ports are active. The apparatus receives a packet, and determines if the packet was received from a port that is active. If the packet was received from a port that is not active, the packet is discarded. If the packet is not discarded, the data link source address of the packet is stored in a database within the apparatus for the computer network coupled with the port from which the packet was received. The apparatus then decides, responsive to a contents of a data link destination address field in the packet, whether to forward the packet as a bridge or to forward the packet as a router.

Abstract: In a system in which encrypted information can be protected and maintained by multiple users using passwords in concert, a file with secure data contains both an unencrypted header and an encrypted data portion. The data portion contains both the secured data and a list of hashed passwords and is encrypted with a single file key. The unencrypted file header contains two tables. The first table is a list passwords, where each password is cryptographically hashed using a second, different hashing technique than the hashed passwords in the data portion of the file. The second table is a list of cryptographically hashed combinations of cryptographically hashed passwords, where the combinations correspond to authorized user quorums and the passwords are hashed using the same technique as the passwords stored in the data portion of the file. Each hashed combination on the list is also used as a password key to encrypt the file key.

Abstract: Differential work factor cryptographic method, system, and data structure for reducing but not eliminating the work factor required by an authority to break an encrypted message encrypted with a secret encryption key. The secret key is split into at least two partial keys such that knowledge of a first of the partial keys reduces but does not eliminate the work factor required to break the encrypted message. The first partial key is encrypted using a public key of the authority. The encrypted first partial key is provided with the encrypted message to enable the authority, upon obtaining the message, to decrypt the encrypted first partial key using the authority's private key and to break the message using the first partial key. In preferred embodiments, the first partial key is encrypted with additional information which can be reconstructed by the recipient, such as a hash of the secret encryption key, a hash of the secret key concatenated with a salt, all or part of the salt, and control information.

Abstract: In order to establish a protected channel between a user and a software program running on a computer system, a graphic display unique to the user is displayed along with the normal information entry graphics. A foreign program which might duplicate the overall appearance of the entry graphics cannot display the unique visual display which would appear on the legitimate entry screen of a particular user. Thus, a user looking at his entry screen can tell by the visual display whether the entry screen has been generated by a legitimate program or by a foreign impostor program. Further, since it might be possible for an unauthorized person to surreptitiously observe the unique display pattern on the entry screen of an authorized user, to increase security, a program constructed according to the principles of the invention, changes the visual display as information is entered based on the partially entered information.

Abstract: The present invention relates to a process for producing a gel-free dispersion or solution of copper pyrithione employing at least one surfactant. Also claimed is the dispersion or solution itself, as well as a solid particulate copper pyrithione composition comprising copper pyrithione particles having a particle shape selected from the group consisting of rods, spheres, needles, platelets and combinations thereof, and optionally containing at least a trace amount of a surfactant on the outer surface of at least a portion of said particles.

Abstract: A technique for generating, distributing and maintaining a list of operational nodes in a network using a nonbroadcast communication medium, wherein the nodes first collectively agree on the identity of a designated node. Once the designated node is agreed on, the other nodes periodically send Hello messages to it and the designated nodes compiles a list of operational nodes based in part on the Hello messages it receives, and periodically sends a Hello message to each node on the list. The Hello message from the designated node includes a list of addresses of active neighbor nodes, so that every node periodically receives a list of operational neighbor nodes. The number of messages needed to implement this scheme is proportional to the number of nodes, rather than the square of the number of nodes as in a conventional approach in which each node advised every other node of its presence.