Abstract: A method for secure printing is presented. A document management system (DMS) is provided within a server computer for storing, displaying and printing a plurality of documents. At least a portion of the documents require authentication information for displaying and printing. A web-based capture protection system is provided that prevents proprietary content displayed on a display device from being screen-captured. The web-based capture protection system is combined with the DMS to augment the DMS with capture protection of displayed documents, including intercepting retrieval requests from a client computer to display documents from the DMS.

Abstract: A method for altering text displayed in a formatted page, including locating a buffer of memory locations containing contents of a formatted page, locating a first text string between two markers within the buffer, the first string being an encrypted text including N characters, replacing the first text string with a second text string within the buffer, the second string being a decrypted text including M characters, where M is less than N, and inserting N-M special fill characters in the N-M unfilled memory locations between the markers within the buffer, so as to avoid the need to move the markers closer together.

Abstract: Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java™ applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides, within a server, firewall or other suitable “re-communicator,” for monitoring information received by the communicator, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information, more suitably by forming a protection agent including the MPC, protection policies and a detected-Downloadable.

Abstract: A method for computer security, including receiving content including potentially malicious executable code (“CODE-A”), intended for downloading at a client computer, scanning CODE-A to derive a profile thereof, determining, based on the derived profile of CODE-A, an appropriate computer account from among a plurality of computer accounts, under which CODE-A may be processed by the client computer, wherein each computer account of the plurality of computer accounts has associated therewith a security context within which an executable run under such account is processed, combining (i) information about the determined computer account name and (ii) CODE-A, with executable wrapper code (“CODE-B”) into combined code (“CODE-C”), and forwarding CODE-C to the client computer for processing. A system and a computer-readable storage medium are also described and claimed.

Abstract: Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java™ applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides, within a server, firewall or other suitable “re-communicator,” for monitoring information received by the communicator, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information, more suitably by forming a protection agent including the MPC, protection policies and a detected-Downloadable.

Abstract: A method for scanning files for security, including receiving an unfamiliar file for scanning, if the determining indicates that the mime type is suitable for analysis, then processing a buffer of file data from the unfamiliar file, including generating a histogram of frequencies of occurrence of bytes within a buffer of file data from the unfamiliar file, excluding a designated set of bytes, and if the generated histogram of frequencies of occurrence of the non-excluded bytes deviates substantially from a reference distribution, then signaling that the unfamiliar file is potentially malicious. A system and a computer-readable storage medium are also described and claimed.

Abstract: A computer gateway for an intranet of computers, including a scanner for scanning incoming files from the Internet and deriving security profiles therefor, the security profiles being lists of computer commands that the files are programmed to perform, a file cache for storing files, a security profile cache for storing security profiles for files, and a security policy cache for storing security policies for client computers within an intranet, the security policies including a list of restrictions for files that are transmitted to intranet computers. A method and a computer-readable storage medium are also described and claimed.

Abstract: A method and system for protecting digital images copied from a video RAM, including the steps of transmitting stored pixel data from a computer memory to a video RAM, identifying protected pixel data within the stored pixel data, modifying the stored pixel data, thereby generating modified pixel data within which individual pixel datum is recognizable as being protected or unprotected, and, in response to pixel data being copied from the video RAM, replacing individual pixel datum copied from the video RAM, that is protected, with substitute pixel datum.

Abstract: A system for appending security information to search engine results, including a search engine for locating, in a computer network, web pages that include at least one designated search term, for issuing a security analysis request to a content security scanner to assess at least one designated web page for potential security risks, and for preparing a search results summary that includes links to the located web pages and security assessments for the located web pages, a client computer communicatively coupled with the search engine for issuing a search request with at least one user designated search term, to the search engine, and for receiving the search results summary from the search engine, and a content security scanner communicatively coupled with the search engine for assessing security of content in at least one designated web page. A method and computer-readable storage media are also described and claimed.

Abstract: A system for appending security information to search engine results, including a search engine for locating, in a computer network, web pages that include at least one designated search term, for issuing a security analysis request to a content security scanner to assess at least one designated web page for potential security risks, and for preparing a search results summary that includes links to the located web pages and security assessments for the located web pages, a client computer communicatively coupled with the search engine for issuing a search request with at least one user designated search term, to the search engine, and for receiving the search results summary from the search engine, and a content security scanner communicatively coupled with the search engine for assessing security of content in at least one designated web page. A method and computer-readable storage media are also described and claimed.

Abstract: A method for providing textual information in a network environment, the method comprising: receiving a request via a network for text-editable textual information; converting the text-editable textual information into a non-text-editable textual format on line upon receiving the request; and sending the non-text-editable textual information via the network. Network-based systems are also disclosed.

Abstract: A method for protecting digital images distributed over a network, including the steps of receiving a request from a client computer running a network browser, for an original layout page containing references to digital images therein, parsing the original layout page for the references to digital images, generating a modified layout page from the original layout page by replacing at least one of the references to digital images in the original layout page with references to substitute data, and sending the modified layout page to the client computer. A system is also described and claimed.

Abstract: A method for authenticating a software library, including inserting an encrypted checksum into a software library, and in response to loading the software library calculating a checksum of the software library, requesting the encrypted checksum from the library, decrypting the encrypted checksum, and checking whether or not the decrypted checksum agrees with the calculated checksum. A system is also described and claimed.

Abstract: A method for protecting digital images distributed over a network, including the steps of receiving a request from a client computer running a network browser, for an original layout page containing references to digital images therein, parsing the original layout page for the references to digital images, generating a modified layout page from the original layout page by replacing at least one of the references to digital images in the original layout page with references to substitute data, and sending the modified layout page to the client computer. A system is also described and claimed.

Abstract: Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java™ applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides, within a server, firewall or other suitable “re-communicator,” for monitoring information received by the communicator, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information, more suitably by forming a protection agent including the MPC, protection policies and a detected-Downloadable.

Abstract: A method for altering text displayed in a formatted page, including locating a buffer of memory locations containing contents of a formatted page, locating a first text string between two markers within the buffer, the first string being an encrypted text string including N characters, replacing the first text string with a second text string, the second string being a decrypted text string including M characters, where M is less than N, and inserting N?M special fill characters in the N?M unfilled memory locations between the markers, so as to avoid the need to move the markers closer together.

Abstract: A policy-based cache manager, including a memory storing a cache of digital content, a plurality of policies, and a policy index to the cache contents, the policy index indicating allowable cache content for each of a plurality of policies, a content scanner for scanning a digital content received, to derive a corresponding content profile, and a content evaluator for determining whether a given digital content is allowable relative to a given policy, based on the content profile. A method is also described and claimed.

Abstract: A method for providing textual information in a network environment, the method comprising: receiving a request via a network for text-editable textual information; converting the text-editable textual information into a non-text-editable textual format on line upon receiving the request; and sending the non-text-editable textual information via the network. Network-based systems are also disclosed.

Abstract: A method for preventing copying a proprietary digital image data that is rendered within a window displayed on a computer monitor, including providing screen pixel data for rendering on a computer monitor, the screen pixel data including pixel data for a first window having proprietary digital image data therewithin, detecting that a second window is going to be displayed on the computer monitor, determining the position and size of the second window, determining, based on the position and size of the second window, a portion of the screen pixel data wherein the first window is going to be covered by the second window, and replacing the portion of the screen pixel data with substitute pixel data, prior to the second window being displayed. A system is also described and claimed.

Abstract: A computer-based method for generating a Downloadable ID to identify a Downloadable, including obtaining a Downloadable that includes one or more references to software components required by the Downloadable, fetching at least one software component identified by the one or more references, and performing a function on the Downloadable and the fetched software components to generate a Downloadable ID. A system and a computer-readable storage medium are also described and claimed.