Abstract: A method and apparatus for enhanced data storage in peer-to-peer (P2P) networks. Users subscribe to a P2P storage network that allows each user to store files on the storage network by swapping blocks of the user's files with blocks from storage of a peer, or peers, on the network. A user desiring to utilize the storage network for a certain data block must take back an equal, or substantially equal, storage block from another peer on the network thereby insuring no net change, or minimal net change, in total storage across the P2P storage network. In addition, the diffusion of data blocks throughout the storage network is employed whereby individual peers swap data blocks on a random basis thereby further enhancing the security of the swapped blocks from direct attacks.

Abstract: A method and apparatus for the operation of a network access server (e.g., at a wireless LAN hotspot) advantageously eliminates the need for dual authentication by an enterprise employee who connects to a Virtual Private Network (VPN) of the enterprise or other enterprise-authenticated host. The need for an enterprise user to have an account with a network access (e.g., a wireless LAN hotspot) service provider and to be billed individually is advantageously eliminated. Specifically, the network access server provides, without authentication, limited access to the Internet—to wit, access to, for example, the VPN gateway(s) of the user's enterprise VPN, or alternatively, access to the VPN gateway(s) of all enterprises which have established a relationship with the service provider. Advantageously, no additional software is required to be resident on the user's terminal (e.g., a laptop computer).

Abstract: A method and apparatus for defending against denial of service (DoS) attacks which employ IP (Internet Protocol) address spoofing. In accordance with an illustrative embodiment of the invention, a carrier offers a “premium” service which comprises marking IP data packets based on whether it has in fact been able to verify the accuracy of the specified IP source address. This marking flag may be implemented with use of a zero/non-zero Type-of-Service (TOS) field value in the IP header, and verification of the source address may be performed with use of a Reverse Path Forwarding (RPF) or other similar such test. The “premium” service is referred to herein as “IP CallerID.

Abstract: A technique for determining whether particular clients within a computer network are universally configured in accordance with the desired network security features of the computer network. A probe is randomly inserted within incoming files, e.g., at a firewall in the computer network. The probe is configured as a function of a particular execution task, e.g. a known virus, such that in a properly configured client the probe will not execute and the firewall does not detect a security breach. However, if the client is misconfigured, i.e., not in compliance with the standard network security features, the probe will execute and trigger an alarm in the firewall indicating that the client is vulnerable to a security breach. Advantageously, a network security administrator can take appropriate action to correct those clients which are misconfigured.

Abstract: A method and system for displaying names of data files in a collection of data files represented by a corresponding symbol. According to one embodiment of the present invention, a user may display a listing of subroutine library files required to execute a particular subroutine. In such an embodiment, the user may enter the subroutine name as the symbol of interest and the system would display the library file containing that subroutine as well as those data files that contain subroutines called by that subroutine of interest. The present invention uses a transitive closure technique to traverse a data structure generated from a database and retrieve the data file list. The transitive closure technique enables the use of a compact database that contains only the data file names, corresponding symbol names, and symbol names of only data files for each data file that are directly related to that data file.

Abstract: A system and method for selectively controlling database access by providing a system and method that allows a network administrator or manager to restrict specific system users from accessing information from certain public or otherwise uncontrolled databases (i.e., the WWW and the Internet). The invention employs a relational database to determine access rights, and this database may be readily updated and modified by an administrator. Within this relational database specific resource identifiers (i.e., URLs) are classified as being in a particular access group. The relational database is arranged so that for each user of the system a request for a particular resource will only be passed on from the local network to a server providing a link to the public/uncontrolled database if the resource identifier is in an access group for which the user has been assigned specific permissions by an administrator. The invention is implemented as part of a proxy server within the user's local network.

Abstract: A system and method for selectively controlling database access by providing a system and method that allows a network administrator or manager to restrict specific system users from accessing information from certain public or otherwise uncontrolled databases (i.e., the WWW and the Internet). The invention employs a relational database to determine access rights, and this database may be readily updated and modified by an administrator. Within this relational database specific resource identifiers (i.e., URLs) are classified as being in a particular access group. The relational database is arranged so that for each user of the system a request for a particular resource will only be passed on from the local network to a server providing a link to the public/uncontrolled database if the resource identifier is in an access group for which the user has been assigned specific permissions by an administrator.