Abstract: Methods for filtering a file written in Extensible Application Markup Language (XAML) and incrementally returning the logical content contained therein to the environment, e.g., a search engine, are provided. Additionally provided are methods for extracting logical content contained in a XAML file to facilitate searching and/or indexing thereof. The methods provided permit the filtering of files containing only flow-format elements, files containing only elements representing fixed-format pages, and/or files containing both flow-format and elements representing fixed-format pages.

Abstract: Embodiments of the present invention provide a method and apparatus, including a client and security token, for managing cryptographic objects, such as public key cryptography standard (PKCS)#11 objects, in a computer system. A storage table for the cryptographic objects is established including rows for the cryptographic objects and columns corresponding to available attributes capable of being associated with the cryptographic objects. Actual attributes of the cryptographic objects are stored in ones of the plurality of columns corresponding to respective ones of the available attributes. The storage table is extensible such that additional columns are added corresponding to new attributes capable of being associated with the cryptographic objects.

Abstract: A new form of DHTML behaviors, called “Element Behaviors,” wherein a behavior component is bound to an HTML element, and not just attached to the element as with attached behaviors. A special processing instruction is used to import the Element Behavior into a Web page. Upon parsing the Web page, the Element Behavior is initialized as soon as it has been downloaded and parsed. This immediate initialization makes the Element Behavior declaratively available to bind synchronously to the element(s) it is modifying. A viewLink is a feature of Element Behaviors that permits encapsulation of a behavior component file (e.g., an HTC file) so that the structure of the HTC file is transparent to a Web page (“primary document”) to which the HTC file is linked, but the content of the HTC file may be displayed in the primary document.

Abstract: An embodiment generally relates to a method of increasing efficiency in a dynamic linker. The method includes determining a length of a source string and a check segment of the source string and selecting a candidate string from a plurality of strings. The method also includes determining a candidate check segment of the candidate string based on the length of the source string and verifying the source string and the candidate string are identical in response to the check segment of the source string being identical to candidate check segment.

Abstract: An apparatus, method and/or computer-readable medium protects against use of a unity key in a public key infrastructure (PKI). A public key and a private key are acquired according to the PKI. A message is encrypted by the public key to obtain ciphertext. A portion of the ciphertext is compared with a portion of the message. If the portion of the ciphertext is substantially equal to the portion of the message, a larger portion of the ciphertext is compared with a larger portion of the message to determine if the ciphertext is substantially equal to the message. If the ciphertext is substantially equal to the message, the ciphertext is rejected.

Abstract: An embodiment generally relates to a method of increasing user convenience The method includes displaying a log-in user interface and receiving an authentication attempt in the log-in user interface.

Abstract: A server, method and/or computer-readable medium system for secure communication includes a certificate authority for generating certificates signed by the certificate authority and associated public and private keys for a client. The server further includes a directory of client attributes and client virtual attributes. At least one of the client virtual attributes is for, when receiving a query for a client that cannot be located in the directory, requesting the certificate authority to dynamically generate a certificate and associated public and private key for the client, and for storing the dynamically generated certificate and public key as a client attribute in the directory.

Abstract: A server, method and/or computer-readable medium verifies a location factor associated with a token. The server generates a challenge and encrypts the challenge by a key commonly shared by the server and the token, and transmits the encrypted challenge to the token. The token decrypts the encrypted challenge by the commonly shared key and manipulates the challenge by an elliptic curve cryptography (ECC) procedure so that the server can verify that the signed manipulated challenge was generated at the token based upon the ECC public key.

Abstract: An embodiment generally relates to a method of strong encryption. The method includes generating a first cryptographic key based on a random number and generating a second cryptographic key based on a password. The method also includes encrypting private data with the first cryptographic key to arrive at wrapped private data and encrypting the first cryptographic key with the second cryptographic key to arrive at a wrapped first cryptographic key.

Abstract: An embodiment relates generally to a method of binding a token to a user. The method includes receiving a token embedded with an address and inserting the token into a computer. The method also includes connecting to the address stored on the token and binding a user to the token based on information from the address.

Abstract: Described is a method and data structure that enables an object to be specified declaratively within a markup document. The markup document may be XML-based. In accordance with the invention, the object is written based on a mapping. The mapping includes a URL attribute for defining a location for a definition file having assemblies and namespaces where classes are specified. The class name is mapped to the markup document as a tag name. Properties and events of a class are mapped to attributes of the tag associated with the class. The method further includes a method to parse the markup language to create a hierarchy of objects. Attributes that do not map directly to a class are defined with a definition tag. The definition tag is also used to add programming code to a page.

Abstract: Methods, systems and computer readable mediums are provided for recovering keys. A key transport session key is generated, and a key encryption key is derived based on a server master key and an identification associated with a token. The key transport session key is encrypted with the key encryption key as a first wrapped key transport session key. An encrypted storage session key and an encrypted private key are retrieved from an archive. The encrypted storage session key is decrypted with a server storage key as a storage session key. The encrypted private key is decrypted with the storage session key. The decrypted private key is encrypted with the key transport session key as a wrapped private key. The wrapped private key and the first wrapped key transport session key are forwarded.

Abstract: A computer system, method and/or computer-readable medium provide independent data objects to a token in compressed form. The independent data objects are representative of security information associated with the token. The system includes an interface operable to communicate with a token, and a processor cooperatively operable with the interface. The processor is configured to determine a set of independent data objects that are associated with the token, and to aggregate the set of independent data objects associated with the token into a group. Also, the processor is configured for compressing the group into a unit of contiguous data, and writing the unit of contiguous data to the token via the interface.

Abstract: Embodiments of the present invention provide a method, a client and a token for providing a nonce during a login associated with the token in a multi-user computer system. A login process is activated after token insertion by a request to execute a user privileged operation made by a client application process. If a password provided to the login process by an access requester associated with authorized use of the token is validated in the token, a nonce is generated in the token. The password is passed to the token in a command and the nonce is passed to the client application process in a response to the command. The nonce is used by the client application process or any other additional processes during execution of the user privileged operation. Additional nonces, including those based on security level can be generated and passed to additional client application processes as execution of user privileged operations is requested.

Abstract: An embodiment generally relates to a method of accessing a secure computer. The method includes capturing an authentication state of a security token in response to a verification of user authentication information. The method also includes providing the authentication state to at least one application requiring authentication with the security token and accessing the at least one application.

Abstract: A hybrid tree data structure is suitable for use in scenarios involving intermingled text and user interface elements. Trees of two different types can be combined via one or more proxy nodes. For example, one type can be efficient at processing user interface elements and another can be efficient at processing text. Operations suitable for user interface elements can be efficiently performed on portions of the hybrid tree having user interface elements, and operations suitable for sequential data can be efficiently performed on portions of the hybrid tree having sequential data. The structure is thus suited for representing documents or graphical user interfaces. A hypertext document can be represented via the hybrid tree to enable more efficient searching, navigation, rendering, or editing of the document. Hybrid tree services can be provided by an operating system service.

Abstract: A novel aerial boom system for use atop a vehicle and having linear movement sensors associated with hydraulic cylinders for moving lower and upper booms such that a microprocessor associated with the system can determine the instantaneous position of each boom and coordinate movement of the booms with respect to each other and with the vehicle to prevent undesired contact and to gradually decelerate boom movement as the boom approaches its limits to avoid shock from sudden stop of boom movement. When the novel system is used with a fire fighting vehicle, two variably spaced, independently controllable, fluid discharge nozzles can be used to fight one or two separate and distinct fires simultaneously. A piercing nozzle can be associated with the outer end of the upper boom that is independently controllable in both the vertical plane and in the horizontal direction to enable piercing of a wall independent of boom movement to assist penetration.

Abstract: Methods for filtering a file written in Extensible Application Markup Language (XAML) and incrementally returning the logical content contained therein to the environment, e.g., a search engine, are provided. Additionally provided are methods for extracting logical content contained in a XAML file to facilitate searching and/or indexing thereof. The methods provided permit the filtering of files containing only flow-format elements, files containing only elements representing fixed-format pages, and/or files containing both flow-format and elements representing fixed-format pages.

Abstract: Described is a system, method, and data structure that enables an executable assembly associated with a subclass to be generated from a subclass definition within a markup document. In accordance with the invention, the subclass definition is written based on a schema. The schema may be XML-based. The schema includes a subclass tag for defining a name for the subclass. The name is associated with a type for an object that is instantiated when the executable assembly executes. The schema further includes one or more hints, such as for specifying a programming language to compile the subclass definition, for specifying a superclass from which the subclass derives, for specifying actions to perform when the object becomes instantiated, for creating an event definition and event handler for the subclass, and for specifying a property that becomes a member within the object when the object is instantiated.

Abstract: Methods and systems for preserving unknown markup in a strongly typed environment are described. In but one embodiment, XML-based markup that may contain XML-based elements that are both known and unknown is received. A strongly typed tree that is associated with the known XML-based elements is instantiated and a weakly typed tree that is associated with both the XML-based known and unknown elements is instantiated. The strongly and the weakly typed trees are then correlated in a manner that preserves the unknown XML-based elements.