Abstract: A cryptosystem is described which automatically provides an extra “message recovery” recipient(s) when an encrypted message is generated in the system. The system is typically configured such that the extra recipient or “message recovery agent” (MRA)—an entity which itself has a public key (i.e., a MRA public key)—is automatically added, under appropriate circumstances, as a valid recipient for an encrypted message created by a user. In a corporate setting, for example, the message recovery agent is the “corporate” message recovery agent designated for that company (firm, organization, or other group) and the user is an employee (or member) of that company (or group). In operation, the system embeds a pointer (or other reference mechanism) to the MRA public key into the public key of the user or employee, so that encrypted messages sent to the company's employees from outside users (e.g.

Abstract: The invention provides a method for reducing the memory requirements and CPU cycle consumption of an executing program in a suspended state suspends the program by intercepting the entry points of the program. The contents of the memory occupied by the program and its data objects are then discarded or compressed, wherein the compressed data is stored at another region in the memory. The memory region containing the uncompressed data is then designated as free memory.

Abstract: A system, method and computer program product for automatic response to computer system misuse using active response modules (ARMs). ARMs are tools that allow static intrusion detection system applications the ability to dynamically increase security levels by allowing real-time responses to detected instances of computer misuse. Several classes of ARMs exist which allow them to interface with several types of network elements found within a computing environment (e.g., firewalls, web servers, Kerberos severs, certificate authorities, etc.). The ARMs, once defined, are deployed in a “plug and play” manner into an existing intrusion detection system within a computing environment. A user (e.g., system administrator) may then configure the ARMs by linking them to specific computer misuses.

Abstract: A system and method for data recovery is described. In one embodiment, an encrypting system encrypts a message or file using a secret key (KS) and attaches a key recovery field (KRF), including an access rule index (ARI) and KS, to the encrypted message or file. To access the encrypted message or file, a decrypting system must satisfactorily respond to a challenge issued by a key recovery center. The challenge is based on one or more access rules that are identified by the ARI included within the KRF.

Abstract: A method for updating antivirus files on a computer using push technology is disclosed. In a preferred embodiment, updated virus signature files or other updated antivirus information is loaded onto a central antivirus server, while local push agent software is installed on the client computer. When the user of the client computer is connected to the Internet, the push agent software operates in the background to receive updated antivirus files from the central antivirus server across the Internet, in a manner which is substantially transparent to the user. In another preferred embodiment, antivirus files on a plurality of client computers on a corporate computer network are automatically updated using push technology and automated network installation scripts. A service computer associated with the plurality of client computers receives one or batches of antivirus updates from a central antivirus server across the Internet using push technology.

Abstract: A method and system for custom computer software installation using a standard rule-based installation engine is disclosed. Custom installation parameters are translated into a simplified script language file by a system administrator. An application software package is installed onto a computer using the standard rule-based installation engine, which is executed normally according to commands stored in a rule-based instruction file. The rule-based instruction file has been configured by the provider of the application software package to cause the rule-based installation engine to execute commands according to the simplified script language file. In this manner, the system administrator may achieve flexibility and control over each phase of the software installation process without being required to have a knowledge of the specific language of the rule-based instruction file.

Abstract: The present invention is a system and method for publicly verifying that a session key determined according to a Diffie-Hellman key exchange can be recovered from information associated with a communication encrypted with the session key. More particularly, the present invention provides recovery information and verification information with the encrypted communication. A recovery agent is able to recover the session key using the recovery information. A verifier, using the verification information, is able to verify that the session key can, in fact, be recovered from the recovery information. Neither the recovery information nor the verification information alone reveal any secret or private information. Furthermore, only the recovery agent is able to recover the session key, and he does so without revealing any other private information. Thus, the verification can be performed by any member of the public.

Abstract: A method for protecting a computer operating system from unexpected errors write-protects certain critical system components, thereby preventing corruption by application programs, and handles otherwise fatal program errors and infinite loops outside of the context of a malfunctioning program, permitting the program to be reactivated.

Abstract: A method is provided for detecting computer viruses that infect text-based files. In accordance with a preferred embodiment, a collection of virus signatures reflecting sequences of characters or instructions known to be found in such viruses is maintained on a computer system. A virus detection program is also maintained for the purpose of comparing the contents of computer files to the virus signatures. Upon execution of the virus detection program, whitespace within text-based files is transformed such that each sequence of whitespace characters is replaced by a single whitespace character. Virus signatures of viruses known to infect text files are similarly transformed. A transformed text-based file is then searched for at least one of said virus signatures. The user is alerted to a possible virus infection if any of the virus signatures are found in a file.

Abstract: A file system for data file storage on a block storage device includes signature information embedded within each block allocated to a data file. Such signature information includes a file identification number, a sequence number within the file, and optional file type information. The signature information is used to reconstruct files on the block storage device in the event of damage to data files or critical system areas on the device. The directory structure for the file system is maintained as a self-contained flat database, stored as a B-tree for expedited searching, including full hierarchical pathnames for each directory entry, thereby enhancing the ability to recover files in a low level of the directory hierarchy when a middle level has been damaged.

Abstract: A system and method for identifying and analyzing active channels in an asynchronous transfer mode (ATM) network. The system and method open a plurality of ATM network channels during a time period; automatically monitor each of the plurality of open channels to identify any active channels from among the open channels; and automatically identify the type of traffic transmitted on the open channels. By systematically identifying the active channels in the ATM network, the ATM network analysis device can further analyze the traffic on the active channels. The present invention includes at least three functions: network data detection and capture, active channel determination, and ATM Application Layer (AAL) service type categorization. A network data detector and identifier (DDI) performs the functions of network data detection and capture. The DDI connects to an ATM network and captures, copies, and repeats cells transmitted on the network and copies cells of interest to the DDI for further analysis.

Abstract: A system and method update client computers of various end users with software updates for software products installed on the client computers, the software products manufacturered by diverse, unrelated software vendors. The system includes a service provider computer system, a number of client computers and software vendor computer systems communicating on a common network. The service provider computer system stores in an update database information about the software updates of the diverse software vendors, identifying the software products for which software updates are available, their location on the network at the various software vendor computer systems, information for identifying in the client computers the software products stored thereon, and information for determining for such products, which have software updates available. Users of the client computers connect to the service provider computer and obtain a current version of portions of the database.

Abstract: A system and method for managing scarce computer system memory resources has three aspects. A first aspect allows large data structures to be replaced by a pointer that causes an intentional fault to occur. The fault is trapped, and the invention interposes the required data. A second aspect associates data structures with both the task and the module that own the structure. The structure can be eliminated from memory when both the owning task and the owning module have terminated. A third aspect utilizes swapping techniques to maintain multiple local data areas for multiple tasks.

Abstract: An Internet computer system with methods for dynamic filtering of hypertext tags and content is described. The system includes one or more Web clients, each operating a Web browser (e.g., Netscape Navigator or Microsoft Internet Explorer) with an Internet connection to one or more Web servers. Each client includes, interposed between its browser and communication layer, a Filter module of the present invention which traps and processes all communications between the browser and the communication layer. The Filter module, which implements client-side methodology at each individual Web client for dynamic filtering of hypertext tags and content, includes an output stream, a processing loop, a Filter method, and an input stream. During system operation, the Web browser generates multiple requests for retrieving content. More particularly, particular content is retrieved by a fetch or GET command (e.g., using HTTP protocol) transmitted to a target server from the client-side communication layer (e.g.

Abstract: A method for improving the availability of global DOS memory under Microsoft Windows has two primary aspects. First, upper memory blocks are linked to the global heap to increase the amount of global DOS memory available. Second, a reserved area of global DOS memory is maintained to prevent generic memory requests from being fulfilled therefrom. Valid requests for global DOS memory are intercepted to ensure that they are able to be allocated out of global DOS memory or the reserved area. Taken in conjunction, the two aspects of the invention substantially decrease the probability that unavailability of global DOS memory will result in application or system failure.

Abstract: A method for superimposing attributes on files stored in a hierarchically organized file system, having at least one file and at least one directory, is disclosed. The method initializes an attribute data base (ADB) with one or more entries having a path descriptor referencing a file in a hierarchical database, an attribute, and an attribute association option describing how the attribute is associated with the file referenced by the path descriptor. The method simplifies maintaining systems employing file attributes to describe files by using the hierarchy of the file system to superimpose attributes on the files. The method provides for handling explicit, implicit, and static associations of attributes with files in the file hierarchy. The method is invoked by a file manager, such as an attribute supplying file hierarchy (ASFH), which resides in the operating system of a computer system having a processor, memory, and a system bus for passing data between the processor and memory.

Abstract: A method for updating antivirus files on a computer using push technology is disclosed. In a preferred embodiment, updated virus signature files or other updated antivirus information is loaded onto a central antivirus server, while local push agent software is installed on the client computer. When the user of the client computer is connected to the Internet, the push agent software operates in the background to receive updated antivirus files from the central antivirus sever across the Internet, in a manner which is substantially transparent to the user. In another preferred embodiment, antivirus files on a plurality of client computers on a corporate computer network are automatically updated using push technology and automated network installation scripts. A service computer associated with the plurality of client computers receives one or batches of antivirus updates from a central antivirus server across the Internet using push technology.

Abstract: A system and method for allowing computer programs to directly access various features of a virus scanning engine is disclosed. In one embodiment of the invention, the system includes a module for instantiating an object to act as an interface between the computer program and the virus scan engine, a module for setting properties of the object that are associated with the desired feature of the virus scan engine to be accessed, a module for invoking a method of the object, the invocation resulting in access to the desired feature of the virus scan engine, and a module for examining properties of the object after the desired feature of the virus scan engine has been accessed.

Abstract: A method and system for custom computer software installation using a standard rule-based installation engine is disclosed. Custom installation parameters are translated into a simplified script language file by a system administrator. An application software package is installed onto a computer using the standard rule-based installation engine, which is executed normally according to commands stored in a rule-based instruction file. The rule-based instruction file has been configured by the provider of the application software package to cause the rule-based installation engine to execute commands according to the simplified script language file. In this manner, the system administrator may achieve flexibility and control over each phase of the software installation process without being required to have a knowledge of the specific language of the rule-based instruction file.

Abstract: A system and method for data escrow cryptography are described. An encrypting user encrypts a message using a secret storage key (KS) and attaches a data recovery field (DRF), including an access rule index (ARI) and KS, to the encrypted message. The DRF and the encrypted message are stored in a storage device. To recover KS, a decrypting user extracts and sends the DRF to a data recovery center (DRC) that issues a challenge based on access rules (ARs) originally defined by the encrypting user. If the decrypting user meets the challenge, the DRC sends KS in a message to the decrypting user. Generally, KS need not be an encryption key but could represent any piece of confidential information that can fit inside the DRF. In all cases, the DRC limits access to decrypting users who can meet the challenge defined in either the ARs defined by the encrypting user or the ARs defined for override access.