Abstract: A method, apparatus, and computer instructions for authorizing a user to access grid resources. A request is received from the user to access a resource on the data processing system. This request includes a certificate. An authentication process is performed using the certificate when the request is received. In response to successfully authenticating the user in the authentication process, a first host name for the certificate is requested from a trusted source. A reply containing the first host name is received. Access to the resource is provided if the first host name returned by the trusted source matches a second host name for the user from which the request originated.

Abstract: A method, system, and computer program product provides on-access anti-virus scanning of data files, which can be performed without introducing significant performance degradation and provides delayed file write operation scanning upon interception of a file write operation. A method of detecting a malware comprises the steps of intercepting a file access operation of the a process to a file, in response to the intercepting, waiting a time interval between the intercepting and scanning the file for a malware, and scanning the file for the malware, after waiting the time interval, wherein the process is associated with an application program and wherein the file access operation is a file write operation.

Abstract: An electronic security scheme and security system for a communications network facilitates the preventing of unauthorized access to an internal resource of an entity's internal computer system. A server includes a first set of ports for communication between an external communications network and the server. The server has a second set of ports for communications between an internal communications network and the server. A first firewall is interposed between the server and the external communications network. The first firewall is coupled to the first set of ports to provide at least one interconnection between the first set of ports and the external communications network. A second firewall is interposed between the server and the internal communications network. In one embodiment, the second firewall is coupled to the second set of ports to provide in a nonnegative integer number of interconnections between the second of set ports and the internal communications network.

Abstract: An information processing apparatus, an information processing method, and an information providing medium are provided. Encrypted information, an encrypted first key for decrypting the encrypted information, and a second key for decrypting the first key are processed to store the information in a storage medium. To be more specific, cross certification is executed with the storage medium, the first key is decrypted by the second key, the decrypted first key is encrypted, and the decrypted first key and the encrypted information are stored in the storage medium. The novel constitution prevents unauthorized replication of information by use of a low-cost, general-purpose semiconductor memory.

Abstract: The present invention is a system and method for shortening response time and reducing resource utilization in an electronic advertising and customer enquiry system, operating in an interactive communications and distributed database environment. The system is designed to enable customers (01) to easily find product and service offerings that match their requirements for immediate local accessiblity (A1), as well as the customer's (01) specific product desires. Where a perfect match does not exist, slightly less satisfactory solutions are offered. Such product offerings and customer (01) desires have static and dynamic characteristics that effect their electronic publication, enquiry, matching, and subsequent response.

Abstract: A method for anti-piracy protection of a software application by obfuscation of the execution of portions of the applications code is described. The method includes providing a language specification and library to implement the functions of the language, providing a compiler to translate the language into byte codes, and providing an interpreter to execute the byte codes using the library. The method further includes providing the language specifications, library, compiler, interpreter, and instructions to a software publisher, where the software publisher embeds the library and interpreter in the application to be protected, and selects and prepares application code segments for processing into byte codes by the compiler. The application is then executed using the embedded library and interpreter, where the execution of the application is obfuscated by the use of byte codes.

Abstract: Framing transmit encoded output data begins by determining a scrambling remainder between scrambling of an input code word in accordance with a 1st scrambling protocol and the scrambling of the input code word in accordance with an adjustable scrambling protocol. The processing continues by adjusting the adjustable scrambling protocol based on the scrambling remainder to produce an adjusted scrambling protocol. The processing then continues by scrambling the input code word in accordance with the 1st scrambling protocol to produce a 1st scrambled code word. The processing continues by scrambling the input code word in accordance with the adjusted scrambling protocol to produce a scrambled partial code word. The processing continues by determining a portion of the 1st scrambled code word based on the scrambling remainder. The process then continues by combining the scrambled partial code word with the portion of the 1st scrambled code word to produce the transmit encoded output data.

Abstract: A method and system for storing and retrieving spatial data objects from a spatial database is discussed. The system stores multi-dimensional objects within the database by determining their position in a multi-tiered coordinate system. One each object has been assigned to a particular coordinate, the object is further assigned to one of many overlapping sections within the coordinate system. Each object is assigned to a particular section of the coordinate system depending on its overall size and position.

Abstract: Retrieval software and add-on collection software are integrated to provide a computer user information on add-ons attempting to instantiate, or alternatively, install, on the user's computer system. The retrieval software, i.e., software for locating and retrieving information from networked information services, uses information from data the collection software, i.e., software capable of collecting information about add-ons that exist via the World Wide Web, can retrieve on an add-on to create a record of status information on the add-on. The retrieval software displays this record of status information to the computer user. The retrieval software can also use information collected on an add-on to generate a recommendation identification for the add-on. The recommendation identification is an indication of what the retrieval software suggests the computer user should do with the add-on, e.g., allow its instantiation or deny its instantiation, or, alternatively, allow or block its installation.

Abstract: A disc-shaped information recording medium includes a first recording layer (L0 layer) having (I) a first trial write area (101P-1) for trial write of first trial write information for calibration of the laser beam along the first track path (TP1) from the inner circumference toward the outer circumference and (II) a first recording area for recording the first recording information along a first track path (TP1), in this order from the inner circumference side. Furthermore, the disc-shaped information recording medium includes a second recording layer (L1 layer) having (I) a second trial write area (101P-2) for trial write of second trial write information for calibration of the laser beam along the second track path (TP2) from the outer circumference toward the inner circumference and (II) a second recording area for recording the second recording information along a second track path (TP2), in this order from the inner circumference side.

Abstract: An embodiment of the present invention is a technique to provide a secure authentication of chipset configuration. A first chipset configuration (CC) register set in an input/output (I/O) manageability engine (ME) partition authenticates and controls enabling a CC functionality. The I/O ME partition manages I/O resources shared with a processor in a secure manner. A second CC register set in a processor interface space provides the CC functionality. The second CC register set includes a global enable register having an enable field securely accessible to the I/O ME partition in a read and write-once accessibility and accessible to the processor via the processor interface space in a read-only accessibility.

Abstract: Method and system for maintaining digital signature integrity is provided. The method includes, creating a first electronic signature using a first set of hashing and signing algorithm; creating a second electronic signature using a second set of hashing and signing algorithms different than the first set of hashing and signing algorithms; and storing the document with the first and second electronic signatures.

Abstract: A method that includes initiating a network access request from an access requester on a platform that couples to a network, the network access request made to a policy decision point for the network. The method also includes establishing a secure communication channel over a communication link between the policy decision point and a policy enforcement point on the platform. Another secure communication channel is established over another communication link. The other communication link is between at least the policy enforcement point and a manageability engine resident on the platform. The manageability engine forwards posture information associated with the access requester via the other secure communication channel. The posture information is then forwarded to the policy decision point via the secure communication channel between the policy enforcement point and the policy decision point.

Abstract: Methods and apparatuses for synchronizing the exchange of cryptography information between kernel drivers. A high level application in an electronic system passes a pointer to a base driver. The pointer is a unique identifier for cryptography information, such as a Security Association (SA), that the base driver uses to populate a cryptography information table for performing cryptography operations on secure traffic data packets. If the network interface device and/or its associated driver are reset, the pointer is used to repopulate the cryptography information table with specific cryptography information needed to perform cryptography operations on the data packets.

Abstract: A method and apparatus for scanning exclusively locked files uses a kernel mode driver to scan the operating system's table of applications and identify a handle that owns an exclusive lock for an exclusively locked file. In one embodiment, the kernel mode driver then copies the handle and passes the handle over to a handle list of the anti-virus application requesting access to the exclusively locked file and provides the anti-virus application with the access handle reference number. Armed with the access handle reference number for the copied handle, the anti-virus application can then open the exclusively locked file and scan the exclusively locked file as it would any other file.

Abstract: According to the present invention, techniques, including a method and system, for restoring and/or validating data and/or associated signature log entries are provided. One embodiment of the present invention provides a method for validating a restored message, having an entry generated in a signature log for a message, where the entry includes cryptographic information associated with the message. Next, when said message is lost, the restored message is generated responsive to a request; and the restored message is validated using the signature log. In another embodiment a method for validating a selected log entry by using a signature log having a plurality of recorded log entries is provided. The method includes: computing a cryptographic value for the selected log entry; and determining if the cryptographic value is part of another recorded log entry.

Abstract: End-to-end user anonymity is provided in electronic commerce or other types of online transactions through the use of an intermediary. An intermediary machine, which may be implemented in the form of a set of servers, receives communications from a consumer or other user, and generates and maintains an alias for that user. Connections between the user machine and any online vendor or other web site are implemented through the intermediary using the alias. The intermediary then communicates with the online vendor and supplies intermediary payment information. The online vendor charges the purchase to the intermediary, and redirects the delivery of the goods or services to the destination address provided by the intermediary. The intermediary charges the payment card number of the user, and arranges for the redirection of the delivery to the real user address.

Abstract: Methods and apparatus for providing protection of pre-designed electronic components or modules (“intellectual property”) provided on target hardware devices are described herein. According to various embodiments, the component and the target hardware device include mechanisms for providing a first sequence and a second sequence respectively. While the component is running on the target hardware device, a comparator accesses and compares the first sequence with the second sequence. The comparator may either be included with the component or the target hardware device. If the first and second sequences match, a function of the component is allowed to operate with the target hardware device; otherwise, the function is prevented from operating with the target hardware device. As such, unauthorized use of intellectual property can be controlled.

Abstract: The present invention provides authentication equipment having functions for prevention of erroneous authentication using biometrics data, and which can reduce the burden of registration placed on users.

Abstract: A method to wirelessly configure a wireless device for wireless communication over a secure wireless network includes placing the wireless device to be configured for communication over the secure wireless network within a wireless communication range of an administrator; establishing a secure wireless communication channel between the administrator and the wireless device; and providing to the wireless device via the secure wireless communication channel network credentials needed to communicate over the secure wireless network.