Abstract: A subscriber's terminal 201 is configured to be connected to an internet service provided 208 via a LAN 202, and an IP subnet distribution switch 209 within a network service provider 203. When a packet signal that has not received the authentication is input, a physical-port changeover switch 204 gives a temporary IP address to the subscriber's terminal 201, and causes the subscriber's terminal 201 to employ this for making an authentication process. If the authentication succeeds, a normal IP address is given, and the packet signal, which made use of this, is distributed to a network that is an object by the IP subnet distribution switch 209.

Abstract: A graphical user interface for displaying and interacting with a rendered image of a graphical object on a display device. A color value is stored for each pixel in the display device. Object identification data is stored with each pixel covered by the rendered image wherein the object identification data uniquely identifies a particular one of the graphical objects located at the least one pixel.

Abstract: A system and method for generating and authenticating a password to protect a computer system from unauthorized access. The characters of the password are placed in data packets by an access device. Prior to sending the packets, the device inserts a predefined number of blank packets between each of the character-carrying packets. The number of blank packets is retrieved from a number sequence that is shared between the access device and an authentication device. The authentication device determines whether the received set of password characters matches a stored set of password characters, determines whether the received number of blank packets between the received character-carrying packets matches a predefined number of blank packets, and positively authenticates the access device only if both conditions are met.

Abstract: A method and apparatus for image compression using temporal and resolution layering of compressed image frames, and which provides encryption and watermarking capabilities. In particular, layered compression allows a form of modularized decomposition of an image that supports flexible encryption and watermarking techniques. Using layered compression, the base layer and various internal components of the base layer can be used to encrypt a compressed layered movie data stream. By using such a layered subset of the bits, the entire picture stream can be made unrecognizable by encrypting only a small fraction of the bits of the entire stream. A variety of encryption algorithms and strengths can be applied to various portions of the layered stream, including enhancement layers. Encryption algorithms or keys can be changed at each slice boundary as well, to provide greater intertwining of the encryption and the picture stream.

Abstract: A system and method for accessing data located behind a security mechanism is provided. In the preferred embodiment, the system may use the common HTTP protocol and JDBC drivers. In more detail, a client may execute a Java applet that generates database proxy objects that are communicated to an application server using the HTTP protocol. The application server may use a servlet to process the objects and generate database requests using JDBC drivers so that the data is retrieved from the database for the client Java applet without the security problems.

Abstract: A security system for a computer network that has a plurality of devices connected thereto comprises a security subsystem, a master system and a secure link. The security subsystem is connected to at least some of the devices in the network. The security subsystem is configured to monitor activities of the at least some devices on the network and detect attacks on the at least some devices. The master system monitors the integrity of the security subsystem and registers information pertaining to attacks detected by the security subsystem. The secure link is connected between the security subsystem and the master system. The master system monitors the integrity of the security subsystem and receives the information pertaining to the attacks through the secure link.

Abstract: A system and method are disclosed for providing security for a computer network. Content sets are generated for a computer associated with the network. It is determined whether a user should be routed to the generated content sets. If it is determined that the user should be routed to the generated content sets, a generated content set is selected and the user is so routed. Various actions and events may be recorded in a logfile, and the logfile is analyzed using regular expressions.

Abstract: Techniques for using a class loader to protect mobile code against a malicious host. The techniques include using the class loader to extend a class used by the mobile code such that a method is added to the code which authenticates the mobile code. When executed, the method provides a dynamic watermark that authenticates the code. The method may be encrypted until it is added to the code. One such method uses a static watermark in the code to determine whether the code has been modified. The techniques also include using a class loader to extend the class such that obfuscated symbolic names in the program that correspond to symbolic names defined by the class can be resolved. A way of doing this is to include a first association between the obfuscated symbolic names and encrypted forms of the corresponding symbolic names in the program and to make a second association between the encrypted forms of the corresponding symbolic names and information used to resolve the symbolic names defined in the class.

Abstract: Disclosed are an encryption method and system. The method comprises the steps of providing a message to be encrypted, said message having a string of characters; and providing a matrix having characters in a last row and numbers in all other rows. A string of numbers is formed from said string of characters by selecting the number in the next to last row in said matrix in the column corresponding to a character of said string of characters. The remaining numbers in said column are shifted down one row, and the selected number is placed in a queue. The method comprises the further steps of continuing until upon depletion of numbers from a column, shifting columns in said matrix, refilling the empty column with numbers from said queue, and shifting each row in said matrix.

Abstract: A technique for adaptive encryption of digital assets such as computer files. The system model monitors passage of files to uncontrollable removable storage media or through network connections and the like which may indicate possible abuse of access rights. In accordance with a preferred embodiment, an autonomous independent agent process running at a point of use, such a background process in a client operating system kernel, interrupts requests for access to resources. The agent process senses low level system events, filters, and aggregates them. A policy engine analyzes sequences of aggregate events to determine when to apply encryption.

Abstract: A data transmitting method, a data recording apparatus, a data record medium and a data reproducing apparatus are provided to disallow the encryption to be easily decoded and keep the secrecy of key information higher. The data transmitting apparatus includes an error correction coding process block. In the block, an input converting circuit operates to perform a logic operation with respect to the information data from an interface circuit 12 according to the key data. The converted information data is sent to an encoder 15 for generating parity data. This parity data is mixed with information data before conversion in a mixing circuit. The error correction coding block operates to send the resulting data to a modulating circuit 17 for modulating the data. The modulated data is recorded on a disk record medium.

Abstract: An Enhanced Shared Secret Provisioning Protocol (ESSPP) provides a novel method and system for adding devices to a network in a secure manner. A registration process is launched at two network devices together within a predetermined time interval. These two devices then automatically register with each other. When two devices running ESSPP detect each other, they exchange identities and establish a key that can later be used by the devices to mutually authenticate each other and generate session encryption keys. With ESSPP, two ESSPP devices that are attempting to register with each other will only provision a key when they detect that they are the only two ESSPP devices on the wireless network running ESSPP. If additional devices running ESSPP are detected, the ESSPP protocol is either terminated or suspended.

Abstract: The invention relates to systems and methods for using a template in the authentication process using biometric data. In one embodiment, a module modifies a template of the reference set of biometric data with the candidate set of biometric data when the user is authenticated. In another embodiment, a module modifies a copy of the template of the reference biometric data with modification data thereby creating a challenge template. The client compares the challenge template to a candidate set of biometric data thereby creating a response vector. A module authenticates the user based on the response vector and the modification data.

Abstract: The principles of the present invention provide for delegating certificate validation. A client computer system sends a certificate validation request to a server computer system over a trusted link. The certificate validation request includes at least enough certificate information for a certificate authority to identify a digital certificate that binds a sending entity to a private key. The server computer system checks a validation path to determine if the digital certificate is valid and at least one certificate revocation list to determine if the certificate has been compromised. The server computer system sends a certificate status indication to the client computer system over the trusted link. Accordingly, the resources of the server computer system, instead of the client computer system, are utilized to validate a digital certificate. Further, digital certificate validation can be delegated to a server computer system that attempts to pre-validate a digital certificate.

Abstract: A content protection system prevents illegal key acquisition, without checking uniqueness of device keys. The content protection system includes a key data generation apparatus and a user terminal. The key data generation apparatus converts first key data, which is for using content, based on a predetermined conversion rule, thereby generating second key data, encrypts the second key data using a device key held by valid terminals, and outputs the encrypted key data. The user terminal obtains the encrypted key data, decrypts the encrypted key data using a device key held by the user terminal, thereby generating second key data, converts the second key data based on a re-conversion rule corresponding to the conversion rule, thereby generating the first key data, and uses the content with use of the generated first key data.

Abstract: At least one basic program and an auxiliary program run on a computer and collaborate with the computer via an operating system, with windows being displayed on a viewing device allocated to the computer. The auxiliary program determines a basic window pointer on the basis of an identifier that is characteristic of the at least one basic program, the location and size of the basic window on the viewing device being able to be set via the basic window pointer. The auxiliary program, based on this pointer, sets the location and size of the basic window to values determined by the auxiliary program.

Abstract: Ergonomic graphical user interfaces (GUIs) for displaying medical record information obtained from various sources within handheld devices are provided. A GUI for display within a touch screen display of a handheld device includes adjacent first and second portions. A list of patient names is displayed within the first portion of the GUI, along with medical facility location information, means for indicating when new clinical data for a patient is available, means for removing patient names from the displayed list, and means for sorting the displayed list of patient names. A plurality of ergonomically designed GUI controls are displayed within the second portion of the GUI. At least some of the displayed information is responsive to user touching for displaying additional patient information.

Abstract: Provided is a method, system, and program for accessing calendar information of users in a database for presentation by a personal information manager. Scheduled event records for users are maintained within the database. Further maintained in the database is information on a current location of wireless devices of users in the database, wherein one user is associated with each wireless device. Scheduled event records and the current location of a wireless device for a shadowed user are provided from the database to a device operated by a shadower user in the database.

Abstract: Methods and systems for creating and rendering skins are described. In one described embodiment skins can be defined as sets of script files, art files, media files, and text files. These files can be used to create new and different skin appearances, layouts and functionalities. The files are organized for use using a hierarchical tag-based data structure, an example of which is an XML data structure. The data structure is processed to provide an object model. The object model can be a scriptable object model that enables script to execute to provide an interactive, dynamic skin that can respond to internal and external events. In one embodiment, a computer architecture used for rendering the skin includes a layout manager that processes an intermediate representation of the XML data structure to provide the scriptable object model. Various components of the scriptable object model can include a script engine for receiving and executing script, and one or more rendering elements.

Abstract: An operating system program launch menu, such as a Start menu, provides various mechanisms for a user to quickly and efficiently locate and launch desired data items such as programs, data files, storage locations, and the like. A search box within the program launch menu may be used to quickly locate programs, documents, communications, and other data items. An auto-complete feature may be used, e.g., when the user restricts the locations searched for the user-entered search text. A most commonly used program list may include programs based on various criteria including both frequency of use and recent use, thereby always including a most recently used item. An all programs view may display programs and documents in a hosted-tree view within the original confines of the program launch menu, thereby negating the need to open sub-menus on top of a large portion of the desktop displayed on the display device.