Abstract: An approach is provided that allows an administrator to set a new password at a wireless access point, such as a traditional WAP or a wireless router. The wireless access point creates a message that includes the new password. The message is encrypted using the old password that was previously set for the wireless network. The encrypted message is wirelessly transmitted from the wireless access point to the active client devices (those clients currently accessing the wireless network). The clients decrypt the message using the old password that was previously provided to the clients. The clients retrieve the new password from the message. The clients construct a new message that is encrypted using the new password. The new message is wirelessly transmitted from the clients to the wireless access device and serves as an acknowledgement.

Abstract: Authentication operations are performed within a CORBA-compliant environment with client applications using the JAAS programming model. A client application obtains an interoperable object reference (IOR) for a target object on a remote server that is protected within a security domain. After the client application invokes the target object, an object request is generated, and a request-level interceptor obtains the IOR for the target object and extracts an identifier for the security domain from the IOR. If a credential for the security domain is not in the current execution context of the client application, i.e., the current JAAS subject in the JAAS programming model, then the request-level interceptor performs an authentication operation with the security domain on behalf of the client application, receives an authentication credential, and places the authentication credential into the execution context of the client application.

Abstract: Methods and systems are provided for dynamically altering the capabilities of a software application in response to a request from a user to perform an action in the application. Based on the user's security role, the software application is reconfigured by either granting access to the user to an existing component of the application, or if no suitable component is available, adding an external vendor component to the software application which is suitable for performing the requested action.

Abstract: A computer implemented method, apparatus, and computer usable program code for mail notification. Physical mail is received in a mailbox. The physical mail includes an identifier indicating information about the physical mail. A presence of the physical mail is detected in the mailbox. The identifier is read in response to detecting the presence of the physical mail. A notification is sent to a mail recipient including the information in response to reading the identifier.

Abstract: Methods and systems are provided for dynamically altering the access capabilities to the data resources for users of a computer based application. The access capabilities are defined by a dynamic role that specifies which of the resources a user may access, and a set of permissions associated with the dynamic role to define. New dynamic roles may be created when additional resources and components are added to an application. Methods and systems are provided for creating new dynamic roles to temporarily access resources, and for deleting a dynamic role after it is no longer needed.

Abstract: A system and method that allows an administrator to set a new password at a wireless access point, such as a traditional WAP or a wireless router. The wireless access point creates a message that includes the new password. The message is encrypted using the old password that was previously set for the wireless network. The encrypted message is wirelessly transmitted from the wireless access point to the active client devices (those clients currently accessing the wireless network). The clients decrypt the message using the old password that was previously provided to the clients. The clients retrieve the new password from the message. The clients construct a new message that is encrypted using the new password. The new message is wirelessly transmitted from the clients to the wireless access device and serves as an acknowledgement.

Abstract: Methods, systems, and media are disclosed for managing a resource managed by a mbean server having an mbean. One embodiment includes receiving a request by the application, wherein the request constitutes an action a user seeks to perform on the resource, and adding a number of instance identifier fields to an mbean descriptor file associated with the mbean. Further, the embodiment includes populating the number of instance identifier fields with an equivalent number of properties from an objectname of the resource, thereby producing a populated mbean descriptor file that identifies the resource among resources. Further still, the embodiment includes reading the mbean descriptor file after the populating, and determining, based on the reading, whether the user has an authority to perform the request. If authority exists, then an mbean method performs the action on the resource, and filters the obtained results to coincide with the user's authority.

Abstract: A method and system for providing security protection to Common Object Request Broker Architecture (CORBA) objects located on a server. An EJB shadow object is created for the CORBA object. The EJB shadow object invokes an EJB security mechanism on behalf of the CORBA object, thus protecting the CORBA object from unauthorized object requesters. In a preferred embodiment, requesters are categorized and identified by their roles in the enterprise. Only those requesters having a proper role are authorized to access the requested object.

Abstract: A meta-data driven method and apparatus to manage configurations of coexisting heterogeneous subsystems. The present invention recognizes that schemas evolve incrementally from version to version. In a preferred embodiment, the present invention employs two stages: an identification specification stage, to identify and/or specify any changes in a heterogeneous distributed system, and a configuration validation stage, to implement and/or validate the changes thus identified or specified. In the first stage, the identification specification stage, the present invention programmably compares the next version of the schema from its previous version. This allows meta-data to be created that describes how a schema component evolves from version to version. In addition, a user may specify what appears in the schema.

Abstract: Methods, systems, and media to automatically deploy an, e.g., a JS2EE file between environments are disclosed. Embodiments include hardware and/or software for selecting one or more applications in an original system for export. The applications along with their corresponding application data, configuration data, and descriptor files, are compressed into one or more archive files such as Enterprise Archives (EARs). Variable configuration data associated with the target environment is identified so the values of the variable configuration data can be adapted for the target environment. Then, the target environment is adapted for installation of the application and the application is installed in the target environment. Advantageously, this deployment of the application may reduce the chance of user error, require less J2EE knowledge and script maintenance, and complete faster than deployments effected manually.

Abstract: A security policy process which provides role-based permissions for hierarchically organized system resources such as domains, clusters, application servers, and resources, as well as topic structures for messaging services. Groups of permissions are assigned to roles, and each user is assigned a role and a level of access within the hierarchy of system resources or topics. Forward or reverse inheritance is applied to each user level-role assignment such that each user is allowed all permissions for ancestors to the assigned level or descendants to the assigned level. This allows simplified security policy definition and maintenance of user permissions as each user's permission list must only be configured and managed at one hierarchical level with one role.

Abstract: A method and system that enables cross-border compliance with export restrictions of particular computer technology, including software loaded on a computing device. The computing device is loaded with software, and has a country location device, such as a low-end GPS device. The country location device (country locator) stores the present geographic location of the device in a location register. When the computing device is turned on or the software is activated for operation on the computing device, a security utility of the software compares the value in the register against a list of pre-established locations that are export-restricted. When the value matches (or falls within a range) of one of pre-established locations, the features of the software that are export restricted are automatically disabled.

Abstract: State management (cookie) data is encrypted so that access control data included in the cookie is unable to be modified by the user. A hashing algorithm is performed using various fields in the cookie data and the hash value is encrypted. The hash value is combined with other data such as the user identifier and a time stamp and encrypted to form a cookie value. When a request is received, the cookie data is checked. If the token value is not in the server's cache then the token is authenticated facilitating movement of the client between servers. If the cookie does not exist or is timed out, then the user is authenticated using traditional means.

Abstract: A method and system for providing a declarative trust association model that formalizes the way trust is established and requires corresponding authentication information to be presented in a standard format. Consequently, the application server may provide a guaranteed level of protection. The mechanism of the present invention provides a framework that allows an application server to enforce a trust evaluation and allows reverse proxy security server to assert a client's security identity, as well as other client security credential information. A known trust association interceptor model is extended to allow the reverse proxy security server to assert the authenticated user's security attributes. Such security attributes include, for example, group information, authentication strength, and location (i.e., where does the user enter the request, intranet vs. internet, IP address, etc.,). The security attributes can be used in making authorization decisions.

Abstract: Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource. Further, the embodiment includes locating, based on the request, the resource in a structure having groupings of resources, wherein the groupings include a grouping having the resource. Typically the groupings comprise files having mappings of resources to assigned groups, and each group has an associated authorization table mapping roles or policies to users. Further still, the embodiment includes reading an authorization table associated with the grouping having the resource, and determining whether to grant the access rights for performing the action on the resource.

Abstract: Methods, systems, and media are disclosed for managing a resource managed by a mbean server having an mbean. One embodiment includes receiving a request by the application, wherein the request constitutes an action a user seeks to perform on the resource, and adding a number of instance identifier fields to an mbean descriptor file associated with the mbean. Further, the embodiment includes populating the number of instance identifier fields with an equivalent number of properties from an objectname of the resource, thereby producing a populated mbean descriptor file that identifies the resource among resources. Further still, the embodiment includes reading the mbean descriptor file after the populating, and determining, based on the reading, whether the user has an authority to perform the request. If authority exists, then an mbean method performs the action on the resource, and filters the obtained results to coincide with the user's authority.

Abstract: Methods, systems, and media are disclosed for determining access rights to a resource managed by an application. One embodiment includes receiving a request by the application, wherein the request comprises an action a user seeks to perform on the resource, and locating, based on the request, the resource in both a containment relationship graph and in a structure having groupings of resources, wherein the groupings comprise a grouping having the resource. Further, the embodiment includes traversing a vertex of the containment relationship graph, wherein the vertex comprises a generational resource of the resource, and reading an authorization table associated with a grouping having the generational resource in the groupings. Further still, the embodiment includes determining whether to grant the access rights for performing the action on the resource.

Abstract: A method, apparatus, and computer instructions for securely transferring information in a communications system. Signals are generated by a communications keypad. In response to receiving an input indicating activation of a secure data transfer mode, these signals are converted from the communications keypad into speech signals, and the speech signals are transmitted to a receiving party.

Abstract: A method, apparatus, and computer instructions for securely transferring information in a communications system. Signals are generated by a communications keypad. In response to receiving an input indicating activation of a secure data transfer mode, these signals are converted from the communications keypad into speech signals, and the speech signals are transmitted to a receiving party.

Abstract: Delivering time sensitive email including creating an email message for time-sensitive delivery to a multiplicity of addressees' mailboxes on email servers, including inserting in the email message a data element identifying the message as a message for time-sensitive delivery; assigning delivery time constraints to the message; delivering the message, in accordance with the time constraints and for temporary storage outside the mailboxes, to email servers having addressees' mailboxes; and instructing the servers to place the message in all addressees' mailboxes at approximately the same time.