Abstract: A client-server database system enables persistent client-server database sessions, without modification to a client-side application, a database system, or native client-side database drivers. The client is implemented with a driver manager to facilitate communication between the native database drivers and the database application. The driver manager wraps the native drivers, intercepting queries passed from the database application to the database drivers. The driver manager modifies the queries to form modified queries that direct the database server to render result sets produced from processing the queries persistent at the database server. Upon recovery following a server crash, the driver manager directs the drivers to reestablish a connection with the database server. The driver manager then finds the persistent result set table and, using logged data, returns to the same operation on the result set table just prior to the crash.

Abstract: At a sender site of a secure communication network, a first coherent light pulse sequence is phase modulated with a random bit sequence by a phase modulator, and a second coherent light pulse sequence synchronised to the first coherent light pulse sequence is transformed by an optical transducer to a superposition of coherent states. The outputs of the modulator and the transducer are multiplexed and transmitted over an optical communication link. At a receiver site, a homodyne detector receives the transmitted light pulse sequence and detects a random bit sequence and a superposition of quantum states.

Abstract: The invention relates to a digital integrated apparatus capable of registering and fetching image data, and has an object to solve various problems resulting from the necessity of the user authentication at the time of using the apparatus. Specifically, it is arranged that, the display-input control means 92a classifies the user authentication under the first user authentication in a specific level and the second user authentication in a lower level than the first one, and then judges based on the initial setting whether the result of the second user authentication is valid or not. The first user authentication is based on the attribute of user's personal information including a user registration card Ku, and the second user authentication is based on the user ID and password inputted from the control panel 92. Therefore, it is possible to limit the fetching by using the other person's user ID and password.

Abstract: A method of flattening a structured data document includes the steps of receiving a structured data document. Next, a first data entry is searched for by the system. When the first data entry is found, it is determining if an attribute is defined before the first data entry. When the attribute is defined before the first data entry, a first line containing all open tags before the attribute and the attribute is created. A record indicator is stored on the first line.

Abstract: Retrieving information form from the registry include by creating a registry interface database containing information regarding registry data and uniquely identifying every registry entry for a registry interface. Source header files are generated using information about a program module, such as an application, contained in the registry interface database. The source header files are compiled with the application to generate the application's executable file. During run-time of the application, the registry interface is called by the application to retrieve registry data. If available, the registry interface retrieves the registry data and forwards this information to the application. In the event that the registry data is not available, the registry interface retrieves a default value in place of the registry data and forwards that default data to the application. A policy may be implemented by checking a policy area of the registry for the registry data and invoking the policy.

Abstract: Methods and systems for secured configuration data for a programmable device. One or more memory devices store configuration data that includes one or more configuration bitstreams and associated authentication tags for each configuration bitstream. Each authentication tag is created using the associated configuration bitstream. A programmable device operably connected to the one or more memory devices receives one of the configuration bitstreams. The programmable device uses the associated authentication tag of the configuration bitstream to verify that the configuration bitstream is authentic. The programmable device loads the configuration bitstream if the one of the configuration bitstream is authentic, or may discard it otherwise.

Abstract: Business data flows from one computer system (1) to another (2) and its integrity can be protected by cryptographic means, such as digital signatures. In particular, a source system (1) may use a private key (DSPR) to sign outgoing data, and a destination system (2) may use a public key (DSPU) to verify incoming data. For security purposes all keys should be changed at scheduled times calculated using factors including key lifetime (from which is calculated the key expiry time) and key delivery time. If a key is compromised it needs to be changed at other than the scheduled time, and in general this will result in calculation of a new scheduled key change time. If a DSPR key is delivered to the source system (1) encrypted by a key encryption key (KEK), then change to the KEK key will in general also be needed upon compromise of the DSPR key.

Abstract: The present invention provides a virtual network, sitting “above” the physical connectivity and thereby providing the administrative controls necessary to link various communication devices via an Access-Method-Independent Exchange. In this sense, the Access-Method-Independent Exchange can be viewed as providing the logical connectivity required. In accordance with the present invention, connectivity is provided by a series of communication primitives designed to work with each of the specific communication devices in use. As new communication devices are developed, primitives can be added to the Access-Method-Independent Exchange to support these new devices without changing the application source code. A Thread Communication Service is provided, along with a Binding Service to link Communication Points. A Thread Directory Service is available, as well as a Broker Service and a Thread Communication Switching Service. Intraprocess, as well as Interprocess, services are available.

Abstract: A method for creating an object in a non-persistent memory is proposed. From an instruction code sequence, a first instruction code is read out which effects the execution of a first function which effects the choice of a non-persistent memory as the location for the next object to be created. This object creation is effected by the execution of a second function which is effected by reading out a second instruction code. Furthermore it is proposed to store a pointer to a transient object in the stack memory and to provide a mechanism for writing this pointer to and reading it from a persistent memory.

Abstract: An incremental garbage collector and method of incremental garbage collection useful for systems with real-time requirements, including a method for incrementally scanning multiple program stacks in units of individual stack locations. Methods and system allow the garbage collector to be preempted by the system and then return to garbage collection without rescanning any portion of a partially completed stack.

Abstract: A method for bilateral identity authentication over a communication channel provides a secure method for authenticating the identity of the communicating parties and establishing a secret key. Each party computes an authentication challenge based on an exchanged value used in a key generation procedure. The authentication challenge is encrypted to the other party's public key. After receiving an encrypted authentication channel from the other party, each party deciphers the authentication challenge and generates an authentication response based on the authentication challenge. The authentication response includes bits that the challenging party cannot predict in advance to prevent fraudulent use of the authentication response by the challenging party or some other third party. After receiving an authentication response from the other party, each party verifies that the expected authentication response was received.

Abstract: A method and system for performing cryptographic calculations on a bitstring using secret information. A cipher key is manipulated to obtain a modified cipher key. An indicator word is generated that corresponds to the modified cipher key and includes a plurality of indicator bits. A first product is computed with an insecure processor as a function of the bitstring and the modified cipher key. A second product is computed with a secure processor as a function of the bitstring and the indicator. A final product is then computed as a function of the first and second products.

Abstract: A method for identifying betrayers of proprietary data which enables a betrayer, i.e., an authorized subscriber who has disclosed one of his partial keys to a third person without authorization, to be unequivocally identified. A respective subset of encryption keys is assigned to each authorized subscriber according to finite geometric structures and methods such that the necessary characteristic of the k-resilience used for identifying a betrayer is guaranteed. A betrayer search algorithm is used for the unequivocal identification of a betrayer. Coalitions of betrayers may also be unequivocally identified.

Abstract: A system and method for requesting, providing, and displaying data relating to performance of a network is disclosed. In one aspect, the method and system include allowing a user to select the at least one system from which data is requested, identify at least one data type for which data is requested, select a sampling interval for sampling data for the at least one data type, and identify a time period for which data of the at least one data type is requested. In an second aspect, the method and system include receiving the request, retrieving at least one value for the at least one data type if the at least one data type is available on the at least one system, and calculating an average value for the sampling interval. The method and system include saving the average value for the sampling interval in a report and repeating the retrieving, calculating, and saving steps for each sampling interval in the time period.

Abstract: A computer program product and method for installing downloaded software on a client system over a network is described. The product and method include generating an access key by receiving an installation key produced using a random number generated from a seed that is the value of a client system internal clock at the exact moment in time to the millisecond at which a software installation program was run on the client produce the access code by modulo combining the installation key and user name received by the client system.

Abstract: A system for performing visible object determination. Visualization software running on a host processor represents space with a hierarchy of cones, and generates a hierarchy of bounding hulls from a collection of objects by recursively grouping clusters of objects. Each hull node in the hull hierarchy stores parameters which characterize a bounding hull for the corresponding cluster or object. The visualization software searches the cone and hull hierarchies starting with the root cone and the root hull. Before exploring a given cone-hull pair, a normalized cone size for the cone and a normalized hull size for the hull may be computed, and the sizes compared. If the cone size is larger than the hull size, subcones of the cone are explored with respect to the hull. Conversely, if the hull size is larger than the cone size, subhulls of the hull are explored with respect to the cone.

Abstract: The disclosed system, method, and apparatus accesses a secure database containing information needed for minimizing injury, saving lives, and protecting property. Included in the secure database is information on hazardous materials. Upon the receipt of a call for help, emergency response personnel use a communication device to obtain sufficient information for the selection of protective clothing and equipment. Further use of the communication device will provide information on the dangers associated with identified hazardous materials. In an alternate embodiment, the information stored in the secure database includes information on the location of children, the infirm, the elderly, pets or livestock. In a still further alternate embodiment the information in the secure database is used for the submission of pre-incident information or post-incident reports.

Abstract: A real-time sequence-based anomaly detection system is disclosed. In a preferred embodiment, the intrusion detection system is incorporated as part of a software wrapper. Event abstraction in the software wrapper enables the intrusion detection system to apply generically across various computing platforms. Real-time anomaly detection is enabled through the definition of a distance matrix that defines allowable separation distances between pairs of system calls. The distance matrix indirectly specifies known sequences of system calls and can be used to determine whether a sequence of system calls in an event window represents an anomaly. Anomalies that are detected are further analyzed through levenshtein distance calculations that also rely on the contents of the distance matrix.

Abstract: A method and apparatus for ensuring that code being executed by a data processing system conforms to a platform standard. As an example, one embodiment of the present invention validates Pure Java platform standard conformance of Java programs downloaded from a remote server to ensure that they conform to the “Pure Java” standard. This checking can be performed at the time that the program is downloaded across a network firewall and/or at one or more times during the loading and execution of the program.

Abstract: A method and apparatus for integrating event monitoring and management information from a plurality of different event monitoring and management systems are provided. With the method and apparatus, an event management system (EMS) portal is provided which performs the operations for integrating the event information from a plurality of different event management systems in a network. A human user, such as a system administrator, may send a request for event information to the EMS portal. The request may include selections of event management systems, event management tables, and/or fields in the event management tables that are of interest to the user. The EMS portal then uses database clients to query the databases for selected event management systems on the network. The queries request the event information corresponding to the selections in the request submitted by the user to the EMS portal.