Abstract: A method and system for authorizing communications sent from a sender to a recipient. The authorization system receives a communication sent from a sender to a recipient. The authorization system determines whether that sender is authorized to send communications to that recipient. If the authorization system determines that the sender is not authorized, then the authorization system sends an authorization communication to the sender. The authorization communication requests authorization information from the sender. When the authorization system receives the authorization information, it determines whether the information is correct. If correct, then the authorization system indicates that the sender is authorized and forwards the communication to the recipient. When a subsequent communication sent from the sender to the recipient is received, the authorization system may automatically determine that the sender is authorized and forward the communication to the recipient without re-contacting the sender.

Abstract: A method and system for sharing existing user and group registry information between heterogeneous application servers is provided. The method and system make use of an adapter that communicates with each registry associated with each application server through a registry communication mechanism. In a preferred embodiment, the present invention provides an additional application-specific database to protect application-specific data that is required for each application server's operation but is not part of an existing database registry. Both the application-specific databases and existing user and group definitions in a user and group registry form a new registry abstraction which is required for each application server. As a result, each application server automatically shares user and group definitions with the existing database server. Furthermore, both the database server and each application server maintain a centralized user and group management model across different application domains.

Abstract: A system for controlling communication-access within a computer network, includes an access-prevention device connected in series with a computer's bi-directional network-communication port for preventing the computer from receiving and/or transmitting any communications from and/or to another computer within the network; and a control device for selectively controlling the access-prevention device. Such an access-prevention device including a control terminal for connection to the control device is disposed within a communication-access control apparatus that may be connected between the computer network and the computer. Alternatively, the access-prevention device is disposed within the computer chassis, the modem, an external network-access terminal or a firewall device. The control device includes a manual switch actuator disposed on a chassis containing the access-prevention device, or a remote-control device, or a computer keyboard or a mouse, or a presence detector, or an inactivity detector.

Abstract: An entered signature is compared with registered signature data to calculate an evaluation value, and when the evaluation value for the entered signature is within the allowable range for successful authentication, it is determined whether aging has occurred. When aging is determined to have occurred, a warning message is displayed to urge re-registration of the signature. According to such a configuration, it is possible, when a change in signature is caused by aging, to avoid circumstances in which authentication becomes suddenly impossible.

Abstract: The broadband telephony interface is provisioned by receiving information authenticating a provisioning server, establishing a communication channel between the user and the provisioning server over which is transmitted authorization information from the user to the provisioning server, and encrypting and transmitting a cryptographic key associated with the user to the provisioning server. The cryptographic key can be a symmetric key or a public key corresponding to a private key stored in the broadband telephony interface. The cryptographic key can be utilized to generate other keys which are utilized to secure communication channels for the telephony service. The broadband telephony interface advantageously can be implemented as untrusted hardware or software that is installed by a customer.

Abstract: A method and system for storing and retrieving spatial data objects from a spatial database is discussed. The system stores multi-dimensional objects within the database by determining their position in a multi-tiered coordinate system. One each object has been assigned to a particular coordinate, the object is further assigned to one of many overlapping sections within the coordinate system. Each object is assigned to a particular section of the coordinate system depending on its overall size and position.

Abstract: Systems and methods for providing network access, e.g. Internet access, are described. An architecture includes a host organization network through which network access is provided. The host organization network can be advantageously deployed in public areas such as airports and shopping malls. An authentication/negotiation component is provided for authenticating various users and negotiating for services with service providers on behalf of the system users. The authentication/negotiation component can include one or more specialized servers and a policy manager that contains policies that govern user access to the Internet. An authentication database is provided and authenticates various users of the system. An access module is provided through which individual client computing devices can access the Internet. In one embodiment, the access module comprises individual wireless access points that permit the client computing devices to wirelessly communicate data packets that are intended for the Internet.

Abstract: A method and system is provided wherein a multiple number of non-preauthenticated clients and non-preauthenticated principals are seeking to logon into a Kerberos domain. Normally, such logon operations would be held-up and stopped until any one single client or principal had completed his logon authorization. However, the present system uses an asynchronous message mechanism by which any single non-preauthenticated client or non-preauthenticated principal can complete his initial logon operation without having to wait for another's authenticating logon operation to be completed. A series of asynchronous message mechanisms are provided in which any single client or principal can complete and finalize the authentication of his logon without having to wait for the completion of other requesting clients and principals seeking to logon and be authenticated.

Abstract: A system and method for providing a location-based service from a third party service provider includes encrypting a client's identification information using a public key exchanged with a network location server, wherein the network location server stores a record indicating a location associated with the identification information. The encrypted identification information is transmitted from the client to the third party service provider. The third party service provider transmits a location request to the network location server, the location request including the encrypted identification information received from the client. The third party service provider provides the location-based service according to a response to the location request from the network location server.

Abstract: Providing data security involves receiving a request message at an intermediate network node. The request message is associated with a number of data packets from a communication device. The intermediate network node determines whether the request message has a satisfactory security hint. If the request message does not have a satisfactory security hint, the intermediate network node performs a security procedure on the data packets. If the request message has a satisfactory security hint, the intermediate network node relies on a security transform present in the data packets and routes the data packets without performing the security procedure.

Abstract: In a system for making a print of a digital image including a computer for storing a digital image data and a printing device for making the print of the digital image data, a method comprises a step of transmitting from the computer to the printing device the digital image data along with information indicative of a location of the digital image data in the computer, a step of making at the printing device the print based on the transmitted digital image data, and a step of adding at the printing device the transmitted information to the print.

Abstract: A security system for a computer system provides one or more security domains. Access to assets registered to the security system is controlled by rights and privileges. Rights are derived from roles, and each user is assigned one or more roles. Privileges are attached to assets, and an appropriate combination of rights and privileges is required before a user is granted the specified type of access to the asset.

Abstract: An originating host (101) splits a software agent into a code unit (103) and a data unit (105) and forwards the data unit (105) to a destination host (107). Once the destination host (107) receives the data unit (105) from the originating host (101), the data unit (105) is combined with a code unit (109), associated with the data unit (105) but not sourced by the originating host (101), forming a destination agent. The destination agent is executed.

Abstract: A cryptographic communication method is provided in which a cryptographic communication is performed by an easy operation even if both enciphered data and unenciphered data are mixed to be handled. In the transmission side, a communication key is used for enciphering data to be transmitted, and in the reception side the same communication key as in the transmission side is used for decoding received data. In the transmission side, an individual key that is different from the communication key is used for enciphering the data to be transmitted, the enciphered data are decoded by using the individual key first, and then the decoded data are enciphered by using the communication key so that the enciphered file can be transmitted.

Abstract: A self-authenticating check authorization system and method includes a check that has standard bank and account information printed on the MICR line, as well as a one-way hash value that is computed based on the standard bank and account information as well as a personal identification code of a customer. The scanned MICR line data is provided to a check verifier, which also receives the personal identification code from the customer. The check verifier performs a hashing algorithm on the received data, and compares the computed hash value to a hash value obtained from the scanned MICR line data. If there is a match, the check is verified; if not, the check is not verified.

Abstract: A system, method and computer program product are provided for preventing an outbreak of malicious code. First, malicious code is identified at a local location on a network. Information relating to the malicious code such as type, context, protocol, severity, reporting server, and IP address, is encrypted at the local location. The encrypted information relating to the malicious code is sent to a plurality of remote locations utilizing the network. Instances of the malicious code are blocked at the remote locations for a predetermined amount of time based on the information.

Abstract: A forensic media key block (MKB) is provided to a clone device, either a software- or hardware-implemented clone, that has gained access to one or more compromised device keys of unknown identity from a set of the device keys in a digital content guard system. Media keys in the forensic MKB are selectively marked as “revoked” and then the ability of the clone to decrypt the MKB to successfully play content is observed. In this way the identity of the compromised key or keys is eventually learned, and the system can then revoke the compromised key or keys system-wide.

Abstract: The present invention relates to a system and method for providing security to Internet hosting sites and mitigating electronic attacks against such sites. The system and method of the present invention provide: adequate Internet connections to the site to prevent connection floodings from intruders; implementation of different types of firewalls and an intrusion detection system to monitor and guard the site from electronic attacks; routing protocols to limit access to Internet hosting sites; continuous transfer of a hosting site from one geographic location to another in the event of an electronic attack against the hosting site or a disaster situation.

Abstract: A watermarking system allowing an appended-type watermark to be easily inserted into a scaled-up/down image without deteriorating the detection accuracy of the appended-type watermark is disclosed. A first scaling factor of an input watermarked image is detected by detecting a copy control watermark from the input watermarked image. It is determined whether a watermark including a second scaling factor is detected from the input watermarked image. When the watermark including the second scaling factor fails to be detected, a second watermark including the first scaling factor is created and embedded into the input watermarked image and further an appended-type watermark is inserted into the input watermarked image. When the watermark including the second scaling factor is detected, the first and second scaling factors are used to calculate a third scaling factor, which is used to detect the appended-type watermark.

Abstract: A repeater amplifier boosts weak control signals on a PLC network, with noise discrimination and signal firewall protection. The AC supply voltage is filtered by a high frequency blocking filter to block external noise signals. Operating power for network signaling devices and the repeater amplifier is derived from the clean AC supply voltage. Noise discrimination and signal firewall protection are provided by amplifying and repeating only those receiver pulse signals that (a) have an analog amplitude that exceeds a predetermined analog threshold value, (b) occur during intervals that control data signal modulation is being applied to the filtered AC supply voltage and (c) occur at a frequency within a predetermined frequency band centered on the transmitted power line carrier (PLC) modulation frequency.