Abstract: A data processing system that supports verifiable IPSec network communication. The data processing system comprises an IPSec network adapter that connects the data processing system to an external network and provides IPSec encryption and routing of IPSec packets. The data processing system also comprises a network adapter verifier, which is a secondary network card that is utilized to verify that IPSec packets being transmitted to the external network by the IPSec network adapter have been encrypted. The network adapter verifier comprises a device driver, which caches a copy of an IP address from a generated IPSec packet prior to the packet being received by the network adapter. The network adapter verifier is connected to the external network and monitors the transmission of packets out to the network connection by the network adapter. The IP identification (ID) of the packets are compared to the captured IP address of the generated IPSec packet.

Abstract: A mechanism is provided for identifying a snooping device in a network environment. A snoop echo response extractor generates an echo request packet with a bogus MAC address that will only be received by a snooping device. The snoop echo response extractor also uses an IP address that will cause the snooping device to respond to the echo request.

Abstract: Administration of search results including displaying by a browser a set of search results from a web search, each search result containing a link to a web page; selecting a search result for exclusion from display, thereby identifying a selected search result, including selecting for exclusion from display search results containing related links, wherein related links include links related to the link in the selected search result; and displaying the search results without the selected search result and without the search results containing related links.

Abstract: A Migration Thin Virtual File System (“MTVLS”) conducts file migration using a thin virtual layer that is size selectable and provides an uninterruptible migration path from the old file system to the new file system without an increase in the time to receive data. The MTVLS selects a file from the source file system, opens a corresponding file in the target system, mounts the thin virtual layer over the source file and the target file, and migrates that data from the source file to the target file.

Abstract: A method, programmed medium and system are provided for using a payment card with an embedded RFID device. In one example, a cellular telephone or other wireless device is used to generate a one-time password (OTP), which is then transmitted by a read-write RFID in the wireless device to the read-write RFID which is embedded within a payment card. The user's phone or other wireless device then activates the writing of the OTP to the RFID of the payment card. The payment card, with the one time password now saved in the card, is then handed to the waiter or store clerk for payment approval and/or further processing. The user's OTP is then read by the merchant's RFID reader and transmitted to an approving agency/server for approval or disapproval of the user's purchase.

Abstract: A mechanism is provided for identifying a snooping device in a network environment. A snoop echo response extractor generates an echo request packet with a bogus MAC address that will only be received by a snooping device. The snoop echo response extractor also uses an IP address that will cause the snooping device to respond to the echo request. Non-snooping devices discard the echo request packet. Upon receiving the response packet, the snooping device is identified.

Abstract: A system includes a processor. The processor is configured to receive network traffic that includes a data block. The processor will generate a unique identifier (UID) for the file that includes a hash value corresponding to the file. The processor will determine whether the file is indicated as good or bad with the previously-stored UID. The processor will call a file-type specific detection nugget corresponding to the file's file-type to perform a full file inspection to detect whether the file is good or bad and store a result of the inspection together with the UID of the file, when the file is determined to be not listed in the previously-stored UIDs. The processor will not call the file-type specific detection nugget when the file's indicator is “good” or “bad” in the previously-stored UIDs. The processor will issue an alert about the bad file when the file's indicator is “bad”.

Abstract: A mechanism for mutual authorization of a secondary resource in a grid of resource computers is provided. When a primary resource attempts to offload a grid computing job to a secondary resource, the primary resource sends a proxy certificate request to the user machine. Responsive to a proxy certificate request, the user machine performs authorization with the secondary resource. If authorization with the secondary resource is successful, the user machine generates and returns a valid proxy certificate. The primary resource then performs mutual authentication with the secondary resource. If the authorization with the secondary resource fails, the user machine generates and returns an invalid proxy certificate. Mutual authentication between the primary resource and the secondary resource will fail due to the invalid proxy certificate. The primary resource then selects another secondary resource and repeats the process until a resource is found that passes the mutual authorization with the user machine.

Abstract: A data processing system for efficiently attaching files to electronic mail message. In a multi-level hierarchical file storage system within the data processing system wherein one or more files may be active, only those files, which are active, are initially proffered as candidates for attachment in response to a user's indicated desire to attach a file to an electronic mail message. If the user fails to select an active file for attachment, the user is prompted to select a file from the multi-level hierarchical file storage system for attachment. After attachment, the electronic mail message and attachment are transmitted.

Abstract: A computer implemented method, apparatus, and computer usable program code for managing e-mail messages. A local copy of the e-mail message is stored on the data processing system for a selected period of time in response to sending an e-mail message to a recipient from a data processing system. A determination is made as to whether the local copy of the e-mail message is present in response to receiving a notification that the recipient is unable to respond. The local copy of the e-mail message is retrieved if the local copy of the e-mail message is present to form a retrieved e-mail message. The retrieved e-mail message is presented.

Abstract: A computer implemented method, data processing system, and computer program product for discovering an unauthorized router in a network. The process in the illustrative embodiments first obtains a physical address of a suspected router or destination device. A data packet is created which comprises at least a destination media access control field, a destination internet protocol field, and a time-to-live field, wherein the destination media access control field comprises the physical address of the destination device, wherein the destination internet protocol field comprises a bogus internet protocol address, and wherein the time-to-live field comprises a value indicating the data packet has exceeded a time limit. The data packet is sent to the destination device using the physical address in the destination media access control field. If a time exceeded message is received from the destination device, the destination device is determined to be enabled for routing.

Abstract: An apparatus, system and method of executing a monolithic application program successfully on a grid computing system are provided. Before the program is executed on the grid computing system, the program is executed on a computer on which the program has previously been successfully executed. During its execution, the program is monitored to collect its runtime information. The runtime information is provided to the grid computing system. With this information the grid computing system is able to successfully execute the program.

Abstract: A computer implemented method, apparatus, and computer usable program code for screening data packets. A determination is made as to whether a signature of a trusted security element is present in a header of the data packet in response to receiving a data packet. The signature indicates that a previous security action has been performed on the data packet. A security action is performed on the data packet based on the previous security action performed on the data packet in response to the signature of the trusted security element being present.

Abstract: Presenting to a user at a receiving Web station, who is viewing a received Web document or Web page, a very clear picture of which hyperlinks in each Web page are linked to a Web page/document that has already been bookmarked by the user. A system for tracking bookmarking in received Web documents that comprises the combination of apparatus associated with one of the receiving display stations for bookmarking of selected received Web documents to thereby store, as bookmarks, at the receiving display station, direct links to the sources of the Web documents, apparatus associated with this one receiving display station for comparing the stored bookmarks to hyperlinks in each received Web document to determine if the hyperlinks have been bookmarked, and an implementation which, in response to the apparatus for comparing, then visually distinguishes each bookmarked hyperlink in the received displayed Web document.

Abstract: A computer implemented method, apparatus, and computer program product for port scan protection. A reply data packet having a modified transmission control protocol header is generated to form a modified reply data packet, in response to detecting a port scan. The modified reply data packet will elicit a response from a recipient of the modified data packet. The reply data packet is sent to a first Internet protocol address associated with the port scan. A second Internet protocol address is identified from a header of the response to the modified reply data packet. The second Internet protocol address is an actual Internet protocol address of a source of the port scan. All network traffic from the second Internet protocol address may be blocked to prevent an attack on any open ports from the source of the port scan.

Abstract: A security protocol that dynamically implements enhanced mount security of a filesystem when access to sensitive files on a networked filesystem is requested. When the user of a client system attempts to access a specially-tagged sensitive file, the server hosting the filesystem executes a software code that terminates the current mount and re-configures the server ports to accept a re-mount from the client via a more secure port. The server re-configured server port is provided the IP address of the client and matches the IP address during the re-mount operation. The switch to a secure mount is completed in a seamless manner so that authorized users are allowed to access sensitive files without bogging down the server with costly encryption and other resource-intensive security features. No significant delay is experienced by the user, while the sensitive file is shielded from un-authorized capture during transmission to the client system.

Abstract: A system and method for reversing a windows close action is provided. The system retains data corresponding to a window after the window is closed for some period of time. The parameters by which the closed window data is retained is user-configurable. When a window is closed, data corresponding to the closed window is not reclaimed by the operating system. Instead, the operating system notes that the window is no longer being managed by the operating system so that no new messages, or signals, are sent to or from the closed window. In addition, the visual aspects of the closed window are removed from the user's display so that, from the user's perspective, the closed window appears to have been closed as in a traditional GUI operating system. The system further reclaims memory from inactive windows according to user-configurable parameters.

Abstract: A system, apparatus and method of performing e-mail message searches across multiple mailboxes are provided. The system, apparatus and method perform the e-mail message searches across multiple mailboxes by launching a search feature of a currently accessed mailbox where at least one search term for a search is entered. Then, if multiple mailboxes are to be simultaneously searched, each mailbox is identified. The mailboxes are identified by their address, the username and password that are used to access them. Each mailbox is then accessed using the provided address, username and password. After accessing the mailbox, its search feature is launched and the search criteria passed to each launched search feature in order to perform the search. The mailboxes may be further identified by a particular name.

Abstract: Methods, systems, and products are provided for peer-to-peer computer software installation. Embodiments include receiving, by an observing install agent running on an observing host from a test install agent running on a test host, performance information describing the performance of software installed on the test host; determining, by the observing install agent, whether the performance information meets performance criteria for the observing host; and if the performance information meets the performance criteria for the observing host, installing the software on the observing host. In some embodiments, determining, by the observing install agent, whether the performance information meets performance criteria for the observing host is carried out by determining, whether the performance information meets performance criteria for the observing host in dependence upon a rule.

Abstract: A computer implemented method, apparatus, and computer program product for authenticating a user to a network. In response to receiving a request from a user to access a protected resource, the process sends a unique bit sequence into a network connection utilized by the user. Next, the process authenticates the user to access the protected resource in response to receiving a verification that the unique bit sequence was received by an access point that authenticated the user when the user logged on to the network.