Abstract: A document processing device comprises, an authentication unit adapted to authenticate the user, a history information storage unit adapted to store history information indicating that document data was processed after the document data was stored in a document management server, the history information including identification information for identifying the document data was processed after the document data was stored in a document management server, a user access right judgment unit adapted to judge whether or not the authenticated user has an access right to each document data corresponding to the identification information included in the history information, a display unit adapted to display information for enable a user to select the document data to which the authenticated user has the access right from among the document data corresponding to the identification information included in the history information, and a processing unit adapted to process to the document data selected by the user.

Abstract: A device and a method for the detection and prevention of intrusion into a computer network by detecting and blocking the intrusions before penetration of the network. The method includes a stage for detecting the connections at the central point and before each branch of the network, and a stage for selective filtering of these connections. This selective filtering of the connections includes a stage for automatic recognition of the accessing protocol, independently of the communication port used by the protocol.

Abstract: An optical disc manufacturing apparatus (46) recording a BCA code constituted by plural marks and including a secret code which is modulated in a range capable of recognizing a position in a radial direction of an optical disc and/or a position in a track direction of the plural marks as the BCA code, a BCA history database (44) storing a history including a correspondence between the BCA code of an optical disc (1a) recording the BCA code and the secret code, and a management center (30) reading the BCA code and the secret code recorded on the optical disc so as to compare both on the basis of input of the correspondence between the BCA code and the secret code stored in the BCA history database (44) are employed, whereby an illegally manufactured optical disc (1z) can be easily found by inspecting the recorded BCA code and secret code.

Abstract: A system and method for communicating information between multiple locations. A computer receives, via a network, information signed and/or encrypted at a first location in accordance with a first signing and encryption methodology. The information is decrypted and the signatures of the information are validated using the first signing and/or encrypting methodology. The information is re-signing and/or re-encrypting with a second signing and encryption methodology such that the information can be decrypted and/or its signatures validated at a second location. The information is then transmitted to the second location via a network.

Abstract: A method and apparatus for including network security information in a frame is disclosed. Network security information is included in a secure portion of overhead of a frame. The network security information is configured to facilitate network security. A network device configured to process a frame is also disclosed. The frame includes frame security information and network security information. The frame security information is configured to facilitate securing a portion of overhead of the frame, and the network security information is located in the secure portion of the overhead of the frame and is configured to facilitate network security.

Abstract: A device of applying protection bit codes to encrypt a program for protection is disclosed. The program has a plurality of instructions P (positive integer). The device includes a protection-bit-code generator, a first protection-bit-code location generator and a protection-bit-code insertion unit. The protection-bit-code generator generates a plurality of protection bit codes in accordance with the plurality of instructions of the program, wherein each instruction has a plurality of bits I (positive integer). The first protection-bit-code location generator generates a plurality of insertion positions N (positive integer) for each protection bit code in accordance with processor status when executing the program.

Abstract: A system and method for automatically altering device functionality based on the occurrence of certain predetermined conditions. A link may be established between a device and a trusted server to provide an association between various conditions that may be detected at the device and actions that are to be taken on the device. In particular, software traps can be set up and linked to device functionality such that execution of the trap may automatically disable or enable certain device capabilities. Some aspects of the invention are directed to a system and method for remotely setting software traps for detecting software viruses and, upon execution of the traps, several methods for establishing a quarantine on infected devices.

Abstract: A method and system are provided for centralizing services subscribed to by customers of a service provider for detecting attacks at the customer-end of a communications network. A signal diverter is installed in a signal path carrying inbound communication signals common to subscribed customers and a portion of the collective inbound signals for each customer is diverted to a detection apparatus. Finally, based on parameters for each subscribed customer, a determination is made as to if a subscribed customer is experiencing an attack.

Abstract: A system controls security during operation of a computerized device by enforcing a first security policy during first operational state of the computerized device. Enforcement of the first security policy provides a first level access to resources within the computerized device by processes operating in the computerized device. The system detects a transition operation of the computerized device that occurs during enforcement of the first security policy indicating that operation of the computerized device is transitioning from the first operational state to a second operational state and in response, enforces a second security policy corresponding to the second operational state to provide a level of access to the resources within the computerized device that corresponds to the second operational state during operation of the second operational state. This can be repeated for many different states including boot time, normal runtime, installation, shutdown, and a compromised state.

Abstract: A source device permits a user of a remote device to access a protected file on the source device when the user of the remote device has a right to access the protected file. The user locates the protected file on the source device using the remote device and accesses the protected file using a media player on the remote device. The media player constructs a path by which the source device streams the protected file. The remote device responds to an authentication request from the source device that the user of the remote device has a right to access the protected file. The user is authenticated to confirm that the user of the remote device has a right to access the protected file. The protected file is streamed to the remote device via a path constructed by the remote device.

Abstract: A method for securing a communication between a peer node and an intermediary peer node in a peer-to-peer network comprises the peer node generating a secured communication request to the intermediary peer node. The intermediary peer node authenticates the peer node in response to the secured communication request. The intermediary peer node issues a signed certificate of authority upon successful authentication.

Abstract: A method and system are provided for preventing network service shutdowns resulting from denial of service (DOS) attacks. First, parameters are monitored corresponding to network elements carrying communication signal traffic in a communications network, and, based on the parameters, if a DOS attack is indicated, performing the following for each instance of communication signal traffic: accessing data structures for data relating to protected communication signal traffic, and, based on the data, determining if the communication signal traffic is designated as protected. Finally; based on the determination, cleaning and forwarding each protected communication signal to its respective destination.

Abstract: This invention is directed to a system and method for tracing and monitoring feature usage in a document processing environment. More particularly, this invention is directed to a system and method for tracking and monitoring the use of features, services, or functions available to users on document processing devices. The usage information is provided to an administrator or other authorized user in a format that is easily readable and usable.

Abstract: A system for preventing spoofing to use a service provided on a network. The system holds correlation between a first identifier used by a user of a service provided on a network for first authentication for permitting a user to make connection to the network and a second identifier used for second authentication for permitting the user to use a service, holds correlation between a third identifier assigned to the user permitted to make connection to the network and the first identifier of the user, and checks the correlation between the second identifier and the third identifier contained in the packet for the second authentication.

Abstract: A method and system for identifying whether an electronic communication is likely to be unwanted by the recipient is provided. A trust system relies on a trust provider, such as a sending domain, to indicate whether an electronic communication is likely to be unwanted. The sending domain may assign its trust level to the electronic communications based on various factors. Upon receiving the electronic communication and the trust level assigned by the sending domain, the receiving domain may determine whether to forward the electronic communication to the recipient based on the trust level. If a sending domain consistently provides trust levels that are accurate assessments of whether electronic communications are unwanted, then the receiving domain learns to trust the trust levels assigned by the sending domain.

Abstract: An apparatus for communicating, including a communicating unit that enables the apparatus to communicate with a communications counterparty via the communicating unit. The communicating unit includes a unit for providing an individual certificate that is a digital certificate being provided with information identifying the apparatus for communicating in order to receive an authentication by the communications counterparty when communicating, and a unit for communicating when having been authenticated with the individual certificate by the communications counterparty. The apparatus further includes at least one storage area for storing the individual certificate and a common certificate that is a digital certificate not being provided with apparatus identifying information, in a replacement component as a minimum unit enabled for replacement.

Abstract: In a first aspect of the invention, method for classifying characters within a character string entered via a keyboard device includes logging interrupts, checking a time between interrupts, checking an interrupt duration and classifying the characters within the character string based upon the time between interrupts and the interrupt duration. In a second aspect of the invention, a method for protecting against timing attacks against a trusted path mechanism includes employing a multithreaded process with a first thread to prevent any timing Trojan horses from running, running the first thread in a loop at a first priority and preventing unprivileged processes from obtaining a priority higher than the first priority.

Abstract: Systems and/or methods (“tools”) are described that enable encrypted media files to be sent without revocation lists while permitting the encrypted media files to be passed to trusted entities. The tools may also ensure continuation of protection when media files are passed between different protection systems.

Abstract: A method for offloading a secure protocol handshake. The method includes establishing a connection between a host system and a remote peer, and determining whether the secure protocol handshake is offloaded to a network interface card (NIC). When the secure protocol handshake is offloaded to the NIC, an offload request is sent to offload the secure protocol handshake, where the offload request includes a value of at least one cryptographic key. The method further includes performing cryptographic operations associated with the secure protocol handshake using the value of at least one cryptographic key to obtain at least one secret key, and returning a status of the secure protocol handshake to the host system.

Abstract: A method for detecting changes to a production location is provided. The method includes receiving a selection of a portion of the production location that is to be protected and identifying a larger portion of the production location that contains the selected portion of the production location. Upon identifying the larger portion, a routine is created for evaluating the identified larger portion of the production location for changes. That routine is performed in order to detect changes to the production location.