Abstract: According to a method, system and computer program product for parsing an encoding, a computing device receives an encoding that includes a first level of indefinite length. The first level includes a second level of indefinite length. In response to instructions of a first instance of a parser, the computing device parses the first level. In response to instructions of a second instance of the parser, the computing device parses the second level. The second instance is invoked by the first instance.

Abstract: The present invention provides a method, apparatus, and computer implemented instructions for executing cryptographic operations. Responsive to a request to perform a cryptographic operation, one (or more) of a software process and a hardware process is selected for performing the cryptographic operation based on a policy which process results with available resources to perform the cryptographic operation to form a selected process. The cryptographic operation is performed using the selected process. Necessary object conversions, which is transparent to the application, is carried out in order to convert objects to usable forms of the selected process(es).

Abstract: In response to initiating a call from a first class to a second class, an instantiation of the second class is initiated. While performing the instantiation of the second class, a class constructor for the second class is called, which determines a codebase for the first class and attempts to verify a digital signature on it. In response to a successful verification, the instantiation of the second class is successfully completed. In response to successfully completing the instantiation of the second class, a codebase for the second class is determined by the first class, and an attempt is made by the first class to verify a digital signature on the codebase for the second class. In response to a successful verification of the digital signature on the codebase for the second class, the call from the instance of the first class to the instance of the second class is performed.

Abstract: According to a method, system and computer program product for parsing an encoding, a computing device receives an encoding that includes a first level of indefinite length. The first level includes a second level of indefinite length. In response to instructions of a first instance of a parser, the computing device parses the first level. In response to instructions of a second instance of the parser, the computing device parses the second level. The second instance is invoked by the first instance.

Abstract: Various aspects of the invention may be found in software that performs mutual authentication between a plurality of interconnected software module. The modules contain security tools that allow for the verifying, authenticating, and/or authorizing of a caller module and an invoked module. Before a caller module invokes another module, the caller performs functions that verify, authenticate, and/or authorize the invoked module. Upon success, the module is invoked. However, upon failure, the module is not invoked. In one case, the calling class uses embedded certificates or keys relating to the invoked class. Upon a possibility of invoking the class, the calling module obtains a digitally signed codebase of the invoked class, and verifies, authenticates, and/or authorizes the code based upon the signature and/or the characteristics of the certificate. Conversely, the invoked class performs similar functionality upon being invoked.

Abstract: A method, apparatus, and computer implemented instructions for managing access to data in a keystore in a data processing system. A request for access to an item of data is received from a requestor, wherein the item of data is encrypted using a key. A determination of whether the requestor is a trusted requestor is made. The key and the item of data are sent to the requestor in response to a determination that the requestor is a trusted requestor.

Abstract: A architecture for implementing PKI technology is described. Individual processing modules responsive to events are initiated. These individual software module building blocks, or “beans” are placed and linked together in an assembly line-like manner. Each bean is responsive to particular events and does one particular action in the scheme. For example, individual beans are responsive to different format PKI requests from a network, and in turn generate an event corresponding to that request. The event is broadcast to other beans that take the event and perform some other operation in the defined process. Other beans include certificate generators, publishers, manipulators, broadcasters to output streams, and also beans that can act as boolean branches. When strung together, the beans form a cohesive PKI schema. The ability to place beans in the flow and remove them allows great flexibility in developing PKI implementations.

Abstract: A architecture for implementing PKI technology is described. Individual processing modules responsive to events are initiated. These individual software module building blocks, or “beans” are placed and linked together in an assembly line-like manner. Each bean is responsive to particular events and does one particular action in the scheme. For example, individual beans are responsive to different format PKI requests from a network, and in turn generate an event corresponding to that request. The event is broadcast to other beans that take the event and perform some other operation in the defined process. Other beans include certificate generators, publishers, manipulators, broadcasters to output streams, and also beans that can act as boolean branches. When strung together, the beans form a cohesive PKI schema. The ability to place beans in the flow and remove them allows great flexibility in developing PKI implementations.

Abstract: A architecture for implementing PKI technology is described. Individual processing modules responsive to events are initiated. These individual software module building blocks, or “beans” are placed and linked together in an assembly line-like manner. Each bean is responsive to particular events and does one particular action in the scheme. For example, individual beans are responsive to different format PKI requests from a network, and in turn generate an event corresponding to that request. The event is broadcast to other beans that take the event and perform some other operation in the defined process. Other beans include certificate generators, publishers, manipulators, broadcasters to output streams, and also beans that can act as boolean branches. When strung together, the beans form a cohesive PKI schema. The ability to place beans in the flow and remove them allows great flexibility in developing PKI implementations.

Abstract: The present invention provides a method, apparatus, and computer implemented instructions for executing cryptographic operations. Responsive to a request to perform a cryptographic operation, one (or more) of a software process and a hardware process is selected for performing the cryptographic operation based on a policy which process results in a available resources to perform the cryptographic operation to form a selected process. The cryptographic operation is performed using the selected process. Necessary object conversions, which is transparent to the application, is carried out in order to convert objects to usable forms of the selected process (es).

Abstract: The present invention discloses an architecture that enables anonymous electronic voting over the Internet using public key technologies. This invention provides a simple yet robust architecture for electronic voting over the unsecured network that is the Internet, using the public and private key pair belonging to the voting entity, not a separate userid and password for each election. In the voting method of the present invention, a voting entity requests a ballot using a public key and a private key belonging to the voting entity. The request is made to a voting mediator. Using a separate public key/private key pair, the voting mediator validates the voting ballot request. After validation of the request, the voting mediator generates an election ballot. The voting mediator sends this ballot to the voting entity. The voting entity casts a vote and sends the ballot to the voting tabulator. The voting tabulator authenticates the ballot and counts the vote.