Abstract: A system and method for distributed function discovery with third party responses in a peer-to-peer network to facilitate efficient use of bandwidth and resources are disclosed. The method for secure automatic selection of a designated service provider in a peer-to-peer network generally comprises broadcasting a digitally signed election initiating packet containing a value for at least one criteria by a sending node, awaiting response time-out period expiry or receipt of a response election packet, broadcasting a digitally signed election result packet indicating the sending node is the designated service provider if response time-out period expiry occurs prior to receipt of a response election packet, and awaiting for, verifying, and storing election result in an election result broadcast if receipt of a response election packet occurs prior to expiry of response time-out period.

Abstract: A source computer 2 having a copy of a computer file that it is desired to download to a plurality of target computers issues broadcast messages via a computer network linked to those target computers. The broadcast messages indicate the availability of the computer file for download and include a download qualifying parameter. The download qualifying parameter is used by receiving target computers to determine whether or not they qualify to attempt a download from the source computer in response to the received broadcast message. Only those target computers that do qualify attempt a download. The source computer monitors how many target computers make a download attempt in response to a particular broadcast message and adjusts the download qualifying parameters in subsequent broadcast messages so that the target computers progressively download the new computer file without overloading the source computer.

Abstract: A system, method and computer program product are provided for scanning application program data utilizing a mobile communication device. Included is an application program installed on a mobile communication device capable of communicating via a wireless network. Such application program is adapted for performing tasks utilizing the mobile communication device. Associated therewith is a scanning subsystem in communication with the application program for scanning application data relating to the tasks performed by the application program. In use, the application program communicates information relating to the application data to the scanning subsystem to facilitate the scanning by the scanning subsystem.

Abstract: One embodiment of the present invention provides a system that automatically generates a valid behavior specification for use in an intrusion detection system for a computer system. The system operates by receiving an exemplary set of system calls that includes positive examples of valid system calls, and possibly negative examples of invalid system calls. The system automatically constructs the valid behavior specification from the exemplary set of system calls by selecting a set of rules covering valid system calls. This set of rules is selected to cover all positive examples in the exemplary set of system calls without covering negative examples. Moreover, the process of selecting a rule for the valid behavior specification involves using an objective function that seeks to maximize the number of positive examples covered by the rule while seeking to minimize the number of possible system calls covered by the rule.

Abstract: A system and method for distributed function discovery with third party responses in a peer-to-peer network to facilitate efficient use of bandwidth and resources are disclosed. The method for facilitating distributed function discovery in a peer-to-peer network generally comprises receiving a broadcast request for a service function from a peer client at a peer server, locating information regarding a location remote to the peer server having the requested service function using a stored list of service functions locally stored at the peer server, and responding to the peer client with a response containing the location remote to the peer server if information on the requested service function is located.

Abstract: A system, method and computer program product are provided for efficient on-access computer virus scanning of files. Initially, a process for accessing files is identified. Thereafter, virus detection actions are selected based at least in part on the process. The virus detection actions are then performed on the files.

Abstract: A system, method and computer program product are provided for monitoring voice application calls over a network. Initially, a first leg of a voice application call is identified. Next, a unique key is created based on the first leg of the voice application call utilizing a first session object. Further, a second leg of the voice application call is identified. Another unique key is created based on the second leg of the voice application call utilizing a second session object. In use, both the first and second session objects are associated with a single application object.

Abstract: A platform-independent system and associated method are provided for use with a mobile communication device. Included is a mobile communication device capable of communicating via a wireless network. Such mobile communication device includes an operating system installed thereon. Associated therewith is a platform-independent scanning subsystem in communication with the operating system of the mobile communication device for scanning purposes. Further provided is a platform-independent application program interface for interfacing the operating system and the scanning subsystem. The platform-independent application program interface includes an abstract library for porting the platform-independent scanning subsystem to the mobile communication device and associated operating system.

Abstract: A computer virus scanning system is described in which during the scanning operation a measurement value indicative of the amount of data processing performed is calculated and this measurement value used to trigger breaks in the virus scanning operation. The triggered breaks can be used to perform a determination as to whether or not the virus scanning operations should be early terminated. One possibility is to measure the total size of the data processed during the virus scanning operation and calculate a ratio of this compared to the size of the computer file being virus scanned. If this calculated ratio exceeds a predetermined threshold, then virus scanning may be terminated. Another possibility is to associate a complexity value with each of a plurality of tests applied in the virus scanning operation. A total for these complexity values may be used to trigger the breaks and also to trigger early termination upon exceeding of respective threshold levels.

Abstract: A method for maintaining handheld computers at a location remote from a home maintenance node containing a maintenance database for at least one of the handheld computers. The method comprising connecting one of the handheld computers to a maintenance node and detecting whether the maintenance node is the home maintenance node for the handheld computer. If the connected maintenance node is not the home maintenance node, the home maintenance node for the handheld computer is located and a maintenance session is opened between the handheld computer and the home maintenance node. The method further includes performing maintenance on the handheld computer.

Abstract: A computer implemented method for localizing Web pages is disclosed. The method includes reading a computer file containing HTML tags and scripts and identifying character strings located between the HTML tags and within the scripts. A modified version of the computer file is generated by replacing the identified character strings with variables. An include file containing the variables and associated character strings is also generated. The method further includes adding a reference to the include file in the modified version of the computer file.

Abstract: A method for controlling access to information from a DNS server having an access control list specifying clients approved to receive an IP address corresponding to a domain name of a target host is disclosed. The method includes receiving a request from a client for an IP address of a domain name at the DNS server and looking up the domain name in an access control list. The client is sent a reply containing the IP address of the domain name if the client is authorized in the access control list to receive the IP address. If the client is not authorized to receive the IP address, the request is denied.

Abstract: The method for reformatting a tag-based code containing at least one corresponding beginning and end tag pair generally includes locating each beginning and end tag of the tag-based code, separating distinct tags and data associated therewith into separate lines, maintaining a tag structure state machine for determining a tag structure corresponding to each line, and delineating each line with a representation of a tag structure corresponding to the line based on the state-machine of the tag structure.

Abstract: Two or more computers acting as firewalls share network state data to enhance throughput performance. A firewall creates a separate common TCP control block (CCB) for each group of TCP connections through the firewall having common endpoints. The CCB is a shared data structure comprising a single microstate shared across the group of TCP connections. Each such individual TCP connection has a TCP control block, which instead of a microstate, contains a pointer to the appropriate CCB. Preferably, each firewall receives CCBs from its peers and stores them. Each firewall preferably adjusts data traffic passing through it based on the CCBs stored within it. By adjusting traffic to reduce or eliminate congestion, throughput is enhanced.

Abstract: A system for notification of a change in condition of an electronic certificate is disclosed. The system includes a certificate server comprising a processor having a computer program comprising a plurality of executable modules that are executable on the processor. A first executable module is for detecting a change in condition of an electronic certificate. A second executable module in the computer program is for notifying a user of the electronic certificate of the change in condition. The computer program may comprise a third module for negotiating a contract, called a certificate action point (CAP), with the certificate user regarding the type of change in condition the second module notifies the certificate user of, the way the second module notifies the certificate user, the diligence with which the second module notifies the certificate user of the change in condition, and a price for notifying the certificate user.

Abstract: A system and method for providing Web-based remote security application client administration in a distributed computing environment is described. A self-extracting configuration file is stored. The self-extracting configuration file contains an executable configuration file that is self-extractable on a target client into an administered security application. An executable control is embedded within an active administration Web page. The executable control is triggered upon each request for the active Web page and causes dynamic Web content to be generated therefrom. A Web portal including the active administration Web page is exported to a browser application independent of a specific operating environment. The executable control is interpreted to facilitate copying of the self-extracting configuration file to the target client.

Abstract: A system, method and computer program product are provided for scanning data utilizing multiple scanning engines. Initially, a request for data to be scanned for viruses is generated utilizing a scanning interface. Thereafter, such request to scan data is sent to a plurality of scanning engines utilizing an engine interface application control module coupled between the scanning interface and the scanning engines. The request is adapted for prompting the scanning engines to scan the data and respond with events upon locating a virus. Such events are then received utilizing an event processor module coupled to the scanning engines and the engine interface application control module for processing the events. The processed events are then sent to the engine interface application control module for being monitored by the scanning interface.

Abstract: A system, method and computer program product are provided for reporting on network analysis. Initially, network traffic information is collected utilizing a plurality of agents installed in computers distributed among a plurality of zones. Next, the network traffic information collected from the agents associated with each zone is received at separate controllers. Next, a report on the network traffic information is sent from one of the controllers to a computer coupled thereto via a network.

Abstract: A library of anti computer virus test drivers is provided with classifications for the drivers which may be used to select the applied drivers in dependence upon which anti computer virus program is using that library. The library is typically shared between a suite of anti computer virus programs. The drivers are also classified with information that allows them to be placed in a priority order for application when scanning. In this way, the drivers that protect against the most threatening viruses may be checked for first and accordingly the highest level of protection achieved if the scanning process is early terminated.

Abstract: A method for detecting possible harmful actions on a handheld computer before they are executed. The method includes monitoring calls to applications resident on the handheld computer and identifying a code associated with a program initiating the call. The action requested by the call is at least temporarily prevented from being performed if the identified code does not correspond to a code associated with data the action is to be performed upon.