Abstract: A cryptographic key distribution method, in which coherent light being suitable for optical fiber communication network is used and high security is secured, is provided. A sending end encodes random numbers so that symmetry probability distributions can be obtained at a receiving end, and also sets light intensity and a modulation index of signal light radiating from the sending end so that the SNR of an eavesdropper is less than 2 dB even when said eavesdropper uses a most suitable receiving equipment at the sending end, and also so that the SNR of the receiving end is more than ?10 dB, and transmits signals. The receiving end calculates probability distributions of obtained signals and sets a discrimination threshold value after a set of random numbers was transmitted from the sending end. When the probability distributions have some abnormal states, it is judged that the eavesdropper exists, and distributing the cryptographic key is stopped and a fresh cryptographic key is distributed again.

Abstract: Secure communication is provided for entities in one or more networks. It is determined whether security measures needed for the communication exist between the entities. If such measures do not exist, the security measures are established, and the communication is initiated. The security measures include security bindings including information needed for the secure communication. Security measures are established between entities in one or more networks based on predetermined security requirements and on a determined needed security level. The security level needed may be determined based on whether the entities are in the same network or in different networks and/or on the information being transmitted. Security bindings are established between the entities depending on the information to be transmitted and/or the network to which the entities belong.

Abstract: A system is provided that uses identity-based encryption to support secure communications. Messages from a sender to a receiver may be encrypted using the receiver's identity and public parameters that have been generated by a private key generator associated with the receiver. The private key generator associated with the receiver generates a private key for the receiver. The encrypted message may be decrypted by the receiver using the receiver's private key. The system may have multiple private key generators, each with a separate set of public parameters. Directory services may be used to provide a sender that is associated with one private key generator with appropriate public parameters to use when encrypting messages for a receiver that is associated with a different private key generator. A certification authority may be used to sign directory entries for the directory service. A clearinghouse may be used to avoid duplicative directory entries.

Abstract: Application execution contexts within an untrusted computer system are classified as trusted or untrusted based on respective names assigned to the execution contexts. If an application runs in an untrusted execution context, an operating system within the untrusted computer system prevents the application from initiating a connection with a trusted computer system and accessing sensitive parts of the untrusted computer system. If the application runs in a trusted execution context, the operating system permits the application to initiate a connection with the trusted computer system.

Abstract: A method and system for creation of customized documents over a network as well as for negotiation of contents for documents over a network (e.g., Internet) is disclosed. In one aspect, professional documents can be created in an automated manner. In another aspect, negotiation of documents (or their contents) can be performed in an automated manner. In either case, the customization and/or negotiation is efficient, cost-effective and useful.

Abstract: The present invention relates to a client-server system having a security system for controlling access to application functions. The security system separated from the clients and the application functions routes all incoming requests created by various PVC-devices to a centralized security system providing an authentication component and a security component. The authentication component provides several authentication mechanisms which may be selected by information contained in the client's request. The authentication mechanism may be changed or extended without changing conditions on the client as well on the server or application side. The security component provides a security policy describing security requirements for accessing application functions which may be invoked by the security component. If the selected authentication mechanism succeeds and fulfills the security policy associated to that application function then the application function will be invoked by the security component.

Abstract: Techniques for managing information in a computing environment. Information associated with components of the computing environment is obtained. Then, from at least a portion of the obtained information, a determination is made as to the existence of one or more relationships associated with at least a portion of the components of the computing environment. The determination of the existence of one or more relationships is capable of accounting for a full lifecycle (e.g., including deployment, installation and runtime) associated with at least one component of the computing environment.

Abstract: A computerized process of intelligently inventorying data and managing assets includes the steps of initially inventorying a plurality of hardware, software, and data files on-site by assigning a hexadecimal signature identifying each file in the database, inventorying the files at a subsequent time by repeating the prior step and comparing the previous and current signatures of the files to determine whether any of the files have been changed, comparing the current version of a changed file to the last previous on-site version of the changed file, computing the differences between the two versions by different forward and reverse algorithms to provide a forward delta and a reverse delta, storing the current version and the reverse delta of the changed file on-site while deleting the last previous on-site version of the changed file, permanently storing off-site the forward deltas of each changed file and a baseline copy of each new file, restoring any requested file, if on-site, by recovering the current ver

Abstract: Aspects of the invention include a method and apparatus to transfer data from a peripheral device directly to a disc drive storage system. In one aspect, the disc drive uses a transfer protocol that determines the types, sizes and data location structure for each file. In another aspect, the disc drive includes a file allocation table that stores the file location for the peripheral devices on the disc drive to increase the file transfer efficiency and speed.

Abstract: A method for referencing time-related entries in different files in a planning program for project planning, and for determining and optically reproducing any time delays in the project implementation, with one or more nominal planning entries, which define times or time intervals, being entered in a reference file, until which or within which one or more individual projects are intended to be implemented, with actual entries, which are a measure of the time evolution of the respective individual project implementation, being entered in one or more further individual-project-related files, with the nominal planning entries being used as time reference data, with respect to which the actual entries of one or more individual projects are referenced, and with a time overrun which results or can be predicted on the basis of the actual entries in comparison with the nominal planning entries, of the respective reference nominal planning entry being determined by computation and being reproduced on a display device.

Abstract: A relational database has a data file stored separately from a representation of the schema of the relational data in the data file. Schema representation files of several different types are generated by compiling a human-readable script defining the schema. One of the schema files is linked to its corresponding data file by a pointer, so that an application program invoking a database engine can find the schema for processing the data file. Another type of schema file can be included in an application program, so that the application can process the data file via the database engine without accessing any other schema information.

Abstract: Protection is provided for software and data in single and multiple microprocessor system, including, but not limited to, local area networks (LANs), wide area networks (WANs), backplane connected architectures, etc. The data can include databases, streaming data and code. The protection is provided by employing, singly or in combination, obscurant IC coatings, tamper detection and response circuitry, multiple component modules and software code encryption to prevent software from being stolen or altered. The software or data is protected during transport, during downloading into a processor or processor network, and also during execution and storage of code or a database within a host system. The data product resulting from processing within the protecting equipment may be encrypted to be sent safely to external locations were it may be stored or de-encrypted for further use.

Abstract: Methods and systems are provided that facilitate access to a service via a lookup service. A lookup service defines a network's directory of services and stores references to these services. A client desiring use of a service on the network accesses the lookup service, which returns the stub information that facilitates the user's access of the service. The client uses the stub information to access the service.

Abstract: A method and apparatus for retrieving similar or identical textual passages among different documents is disclosed. Normal discourse structures along with textual content attributes are used to encode a known passage with “marker sequences” that give a characterizing “signature” to the passage. The encoded known passage is then evaluated against similarly encoded passages appearing in a database of documents. If it is determined that there is a possible match between the encoded known passage and an encoded passage in a database document, a sequential string search is performed to determine whether the two passages are likely to be similar or identical. If the sequential string search records a probable match between the known passage and the database passage, the database passage is displayed for further review.

Abstract: In a process for ensuring the data integrity of software for influencing operation of a control unit of a motor vehicle, a pair of keys is provided for encrypting and decrypting electronic data. The first key is stored for access by a control unit in the motor vehicle, and software which is to be imported is signed by means of the second key. The signed software is imported into the memory of the control unit and the signature of the software is checked by means of the first key. The signature is accepted if the check has a positive result.

Abstract: In a signature generating method where not necessarily all of a plurality of signature generating devices work together each time to generate signatures, the present invention seeks to correctly and securely reflect data relating to previous signatures. When generating signatures, the data used for the next signature is sent beforehand to the other signature generating devices. Also, when generating signatures, at least one of the devices is used consecutively, thus allowing history data to be shared during signature generation.

Abstract: A method for accessing a home-network in which a home network system linked to a home-gateway that is accessed in relation to a home-portal service, and an apparatus thereof are provided. The method for accessing to a home-network, in a network access method of a network system wherein an open Internet Protocol (IP) address is used for an external network and a private IP address is provided for an internal network resource, the method for accessing to the home-network has the steps of (a) collecting user information and an open IP address from the network system; (b) authenticating an authorized user, who wants to access an internal network resource, based on the user information and open IP address collected in the step (a); and (c) providing the open IP address to the user authenticated in the step (b) so that a virtual network between the authenticated user and the internal network resource that the user wants to use is built.

Abstract: The present invention generally relates to a method and system for retrieving search results. More particularly, the present invention relates to a method and system for retrieving search results concurrently from multiple disparate databases, whether such databases be available through the Web, or other proprietary internal networks. In an exemplary embodiment, the system includes a user interface, a control engine, and a number of translators which are used to communicate with a number of corresponding databases. During exemplary operation, a user uses the user interface to enter search term(s) and other pertinent information relating to his/her search and specify which ones of the databases are to be searched. The search term(s) and other pertinent information are then relayed to the control engine which, in turn, forwards them to the appropriate translators which correspond to the specified databases to be searched.

Abstract: An exemplary embodiment of the invention relates to a computer-based method and system for identifying and resolving manufacturing conflicts across an extended enterprise via a network environment. The system includes a manufacturing enterprise system comprising a host system operating a web server, an applications server, and a database manager; a data storage device in communication with the host system, and at least one terminal for accessing the host system. The manufacturing enterprise system runs on a network that is coupled to the Internet and is accessible to a supplier enterprise system identified with proper permissions. The applications server executes a set of programs for managing the manufacturing enterprise system, including the problem reporting and resolution application of the present invention.

Abstract: A method of determining an encryption key used by two or more parties for encrypted communications in a manner that prohibits any of the parties from forcing the final value of the encryption key. The encryption key is determined based on numbers exchanged by the parties using a key generation function, such as the Diffie-Hellman algorithm. To prevent any party from forcing the final value of the encryption key to a desired value, a first party divides its number into a plurality of parts, which are transmitted incrementally to the another. After transmitting a first part, the first party waits for receipt of at least a part of a second exchanged number from another party before the first party transmits the remaining parts of its exchanged number.