Abstract: A method and apparatus for providing automatic user access authentication of any user who is a member of a set of authorized users of a computer enterprise from any one of a plurality of geographically dispersed user workstations, onto one of a plurality of predetermined local security servers, through the use of a single logon. A person server resident on a local security server compares the user-provided identification information to entries contained in a local authentication database. If the person server finds a match, the user is granted access to the local security server. If the person server does not find a match, the user-provided authentication information is not valid for granting access to the local security server and the person server then searches a network database to determine whether the entered user name is known to the enterprise.

Abstract: A method and system for adaptive network security using intelligent packet analysis are provided. The method comprises monitoring network data traffic. The network data traffic is analyzed to assess network information. A plurality of analysis tasks are prioritized based upon the network information. The analysis tasks are to be performed on the monitored network data traffic in order to identify attacks upon the network.

Abstract: A Computer Authentication System, CASA; a software application which performs file authentication functions in any Microsoft® Windows® registry based computer operating system. The CASA system modifies the manner in which Microsoft® Windows® executes application programs. This modification allows the CASA software to easily specify authentication functions to be performed on executed applications, including, but not limited to virus scanning, security access validation, license auditing, version checking, file change detection, and/or usage logging. CASA operates by altering the Windows® registry so that the CASA application starts before execution of the user specified application, applies authentication functions to the user specified application, and takes appropriate actions based on the results of said authentication.

Abstract: A computer system and method for intercepting, examining, and controlling data streams flowing via transport connections between the transport layer of an operating system and the user application; which operates on a single computer. The system and method preferably operates with a single computer system. All data streams that pass from an external network, through the transport layer of an operating system to the user application or from the user application to the transport layer are intercepted by a network traffic interceptor. The network traffic interceptor processes all data streams for proscribed data that may include viruses, trojan horses, worms, and other hostile algorithms. The processing used by the network traffic interceptor can include monitoring, blocking or destroying data, thereby protecting the single computer system from being infected by hostile algorithms.

Abstract: A method and system for updating anti-intrusion software is provided. In a preferred embodiment, a computer program product updates anti-intrusion software on a computer network which has an anti-intrusion monitor server. The anti-intrusion monitor server recognizes attacks on the computer network in accordance with attack pattern information contained in the anti-intrusion software. The computer program product includes computer code that installs modified attack pattern information onto a central anti-intrusion server, and computer code that transfers the modified attack pattern information from the central anti-intrusion server to the anti-intrusion monitor server using push technology. The result is that newly discovered attack patterns are capable of being rapidly communicated from the central anti-intrusion server to the computer network.

Abstract: A method, apparatus, article of manufacture, and a memory structure for a USB-compliant personal key has been described. The personal key includes an integrated connector design that is simple and easy to manufacture, and allows broken or defective connecting pins to be easily replaced. In the several embodiments disclosed, the personal key also comprises a biometric sensor for authenticating the identity of the user, and visual and aural sensors for providing information to the user.

Abstract: A system and method employs a password rule data provider that provides password generation rule data to a notification device, such as visual display device or audible output device. A password data evaluator, such as a per character password data evaluator, continuously evaluates password character data as its being entered and compares each character to the password generation rule data. A dynamic status data generator dynamically generates password rule status data, such as visual indication of which rule has been met or which rule has not been met as password data is being entered.

Abstract: Virtual Private Networking (VPN) is an emerging technology area enabling e-business on the Internet. A key underlying VPN technology is IP Security (IPsec), a means of providing private (encrypted and authenticated) secure data transmission over public (Internet) networks. The definition of what data to protect ultimately results in IP filter rules, loaded to the operating system kernel. These are used to select the correct IP datagrams and cause each to be processed by the correct IPsec Security Associations. Along with other attributes, a VPN connection can be started, stopped, and monitored. Connection filters which are used to implement VPN connections are dynamic, and must be inserted and deleted within the currently installed set of IP filters (non-VPN related). Since IP filter order is crucial to proper functioning, the basic problem is, where to place these dynamic filters. This filter placement problem has a macro and a micro part.

Abstract: In a security card check type computer security method, it is determined whether a predetermined check condition for checking a right of a security card to use a computer, which stores at least security information enabling the identification of the right of use of computer, is satisfied and a combination key requiring checking is generated. When the combination key is received, check result data with respect to the security card is waited for. The security information of the security card is checked to obtain the check result data. The right of use of computer is controlled depending on the check result data.

Abstract: Features of a data processing system, such as its configuration, are protected utilizing a machine-specific limited-life password. The data processing system includes execution resources for executing a watchdog program, a limited-life value generator, and non-volatile storage that stores a machine-specific value at least partially derived from relatively unique information associated with the data processing system (and preferably also derived from a secret control password). In response to each attempted access to the protected features of the data processing system, the watchdog program generates at least one machine-specific limited-life password from the machine-specific value and a limited-life value generated by the limited-life value generator. The watchdog program allows access to the protected features in response to entry of the machine-specific limited-life password and otherwise denies access.

Abstract: A data processing system and method are described for permitting a server computer system to remotely provide a client computer system's settings password to the client computer system. The client and server computer systems are coupled together utilizing a network. A network settings password is established within the client. The network settings password is required prior to permitting access to system settings included within the client. The client receives the network settings password from the server computer system utilizing the network. Access to the system settings is permitted in response to the receipt of the network settings password. In this manner, the server computer system remotely provides a network settings password to the client computer system.

Abstract: An electronic device and a remote device cooperate to enable a display of an electronic device when a distance between the electronic device and the remote device is less than a transmit range and to disable the display when the distance is greater than the transmit range. Disabling the display of the electronic device may improve the security of data on display. Moreover, the disabling and enabling of the display may be carried out automatically, thereby possibly relieving the authorized user from logging out or powering-off the electronic device to secure the display. When the authorized user carries the remote device, the display may be enabled and disabled as the user moves relative to the electronic device.

Abstract: The secure management of encryption keys is obtained by preventing external access thereto and ensuring that the keys do not leave an encryption unit in their original form. This result is obtained via a facility which (a) generates a unique device encryption key and at least one program encryption key, (b) encrypts the program encryption key using the device encryption key, and (c) stores the result in local memory. Thereafter, responsive to receipt of an indication to encrypt data, the program encryption key is retrieved from memory and is decrypted using the unique device encryption key. The data is then encrypted using the decrypted program encryption key and the encrypted data is stored in a server for distribution to a user who enters a request for the data. When there is a need to transport the latter key to another element, then the program key is encrypted using a symmetrical encryption key that the facility shares with the other element and the result is supplied to that element.

Abstract: A method and apparatus in a computing platform located in an vehicle for restricting access to a plurality of software components, wherein the plurality of software components are used to interface with a plurality of devices located within the vehicle. A request is received from an application for a software component, wherein the request includes a data structure, wherein the software component is a requested software component. A determination is made as to whether the requested software component is present within the plurality of software components. An access level for the application is identified and a result is returned to the application based on whether the requested software component is present in the plurality of software components and based on the access level identified for the application.

Abstract: A system comprises a first computer which has a unique processor identification. Additionally, a first application is operatively coupled to the first computer across a network. The first computer provides the unique processor identification to the first application with the first application identifying the first computer based on the unique processor identification.

Abstract: Authentication of a request by a computer for access to a resource is accomplished by means of a randomly generated password that can only be used a limited number of times. In a disclosed embodiment of the invention, a network computer sends a boot request to a network server. In response, the network server generates a random password, and sets a use counter to a value which indicates the number of times that the password can be used for access to network resources. This password is transmitted to the network computer, which uses it to initiate a session with a network file server, and access network resources. The network server then invalidates the password, by decrementing the use counter to zero. As a result, even if the password becomes known to an unauthorized user as it is being transmitted from the network server to the network computer, it cannot be improperly employed to gain access to any network resources.

Abstract: A medical image management system including an image archive server for storing image datasets received from a plurality of image acquisition computers and a plurality of display stations for displaying requested image datasets retrieved from the image archive server is provided with an authentication and security system which includes an authentication server for maintaining and storing hashes and timestamps, and for providing hash, timestamp pairs in encrypted form in response to requests from display stations. The image acquisition computers are configured for computing hashes and providing them and image dataset identifiers to the authentication server, receiving timestamps from the authentication server which are then inserted in the image datasets, and storing the image datasets in the image archive server.

Abstract: In a computer resource assignment apparatus, a registration request processing section assignes a computer resource to a user in response to a temporary registration request from the user. A computer resource management section manages the computer resource assigned to the user of the temporary registration request by unit of each user.

Abstract: Digital data is provided with a time stamp of an internal time signal of an internal clock. The internal time signal is validated by receiving and evaluating an internal broadcast or a cable signal of an external time source, from which a standard time can be derived, comparing the standard time with the internal time signal of the internal clock, and time stamping the digital data. The digital data is time stamped only if a time difference between the internal and external time signals lies within a given tolerance range. Finally, the time-stamped digital data is encrypted.

Abstract: An Open Descriptor demanding an access right is transmitted from a personal computer to a DVD player. In response to this demand, the DVD player transmits either an Accept response or a Reject response. Upon receiving the Accept response, the personal computer transmits a Write Descriptor. The Write Descriptor indicates an instruction that data (da) having a data length (le) is written (AuthDe) into an address (Add) of a sender (SD). Upon receiving this Write Descriptor, the DVD player transmits the Accept Write Descriptor indicating that the writing instruction has been accepted. Thus, in an authentication protocol, data is transmitted in accordance with the size of the buffer for use in an electronic machine.