Abstract: A code range which is the range of usable identification codes (corresponding to file names or directory names) is stored in an area defining area corresponding to a directory, and a layer structure in which the area defining area concerned is set as a parent layer and the other area defining areas are set as child layers is constructed on the basis of the code range. Further, the capacity (empty capacity) of the usable storage area is stored in the area defining area, and the capacity and identification codes which are usable in the layer of an area defining area are restricted by the empty capacity and the code range.

Abstract: An intrusion detection system and method for detecting unauthorized or malicious use of network resources includes an intrusion detection analysis engine that instanciates one or more analysis objects to detect signatures associated with attacks on network vulnerabilities. As new network vulnerabilities are identified, new analysis objects can be dynamically interfaced on a runtime basis with the intrusion detection analysis engine to detect signatures associated with the new network vulnerabilities. A signature application programming interface supports communication between the intrusion detection analysis engine and the analysis objects. When the instance of an analysis object indicates that an associated signature exists in network data, the intrusion detection analysis engine can provide an alarm.

Abstract: Methods, systems, and devices are provided for securely updating private keys, key pairs, passwords, and other confidential information in a distributed environment. A transaction is created including appropriate encrypted soft-token content, and then transmitted to a new ocation. Comparisons are made to determine whether the new soft-token content should be recognized as authentic and entered at the new location. Updates are accomplished without ever sending the plain text form of a key or a password across the wire between the distributed locations.

Abstract: Aspects for a heterogeneous computer network system with unobtrusive cross-platform user access are described. In an exemplary system aspect, the system includes a plurality of computer systems coupled in a network, each of the plurality of computer systems operating according to one of a plurality of operating system platforms, each operating system platform having an associated security mechanism. The system further includes an enterprise directory included on at least one server system of the plurality of computer systems, the enterprise directory configured for security interception to allow an authorized user access among the services of the plurality of computer systems without affecting the associated security mechanisms of the plurality of operating system platforms.

Abstract: A method and system are described for activating a password requirement in a computer system included within a data processing system. A wireless signal is transmitted to the computer system such that computer system receives the signal. In response to a receipt of the wireless signal, a requirement that a password be entered is activated. Thereafter, a correct entry of a password is required prior to the computer system being fully operable.

Abstract: In a system such as a computer system, and in a power controlling method for the system, power applied to the overall system is controlled according to correctness or incorrectness of a password in starting up the system. The password is received from a user. Power is applied to the overall system only when the input password is identical to a preset password, and the power is shut off if not. If the password is correct, the applied power is automatically shut off, thereby prohibiting unauthorized use of the system. In starting up the system, only the minimum power necessary for inputting the password and controlling the power is applied to the system, thereby advantageously preventing unnecessary power consumption.

Abstract: Various embodiments of a method and system for detecting unauthorized signatures to or from a local network. Multiple sensors are connected at an internetworking device, which can be a router or a switch. The sensors operate in parallel and each receives a portion of traffic through the internetworking device, at a session-based level or at a lower (packet-based) level. Depending on the type of internetworking device (router or switch) the load balancing mechanism that distributes the packets can be internal or external to the internetworking device. Also depending on the level of packet distribution (session-based or packet-based), the sensors share a network analyzer (if session-based) or both a network analyzer and a session analyzer (if packet-based).

Abstract: A method of screening a software file for viral infection comprising defining a first database of known macro virus signatures, a second database of known and certified commercial macro signatures, and a third database of known and certified local macro signatures. The file is scanned to determine whether or not the file contains a macro. If the file contains a macro, a signature for the macro is determined and screened against the signatures contained in said databases. A user is alerted in the event that the macro has a signature corresponding to a signature contained in said first database and/or in the event that the macro has a signature which does not correspond to a signature contained in either of the second and third databases.

Abstract: A computer system, bus interface unit, and method are provided for securing certain Plug and Play peripheral devices connected to an ISA bus. Those devices include any device which contains sensitive information or passwords. The device may be encompassed by or interfaced through adapter cards which can be readily inserted into sockets and thereafter relocated to dissimilar sockets. A security device within the bus interface unit keeps track of identifying information of various Plug and Play ISA devices inserted and re-inserted into slots connected to the ISA bus. As a peripheral device or card is moved, an identifying number associated with that device is maintained in a device identification register within the bus interface unit. Moreover, the base address of that device address space is also maintained in I/O address registers contained within the bus interface unit. The device identification registers and I/O address registers are deemed shadowing registers to which future ISA cycles are compared.

Abstract: A computer system, bus interface unit, and method are provided for securing certain devices connected to an I2C bus. Those devices include any device which contains sensitive information or passwords. For example, a device controlled by a I2C-connected device bay controller may contain sensitive files, data, and information to which improper access may be denied by securing the device bay controller. Moreover, improper accesses to passwords contained in non-volatile memory connected to the I2C bus must also be prevented. A bus interface unit coupled within the computer contains registers, and logic which compares the incoming I2C target and word addresses with coded bits within fields of those registers. If the target or word address is to a protected address or range of addresses, then an unlock signal must be issued before the security control logic will allow the target or word address to access the I2C bus or addressed device thereon.

Abstract: A system and method for providing external data-signal isolation, and signal-level information-preserving-data-transformations, to enable safe, operationally efficient, information sharing between protected information systems and networks and external, potentially hostile, information systems and networks which neutralizes any imbedded hostile executable codes such as viruses that may be in data-signals incoming from the external systems and networks. The system and method prevent untransformed external data-signals from entering protected systems and/or networks using an intermediate screen which is a computer hardware device. The intermediate screen is deployed between the protected systems and external systems and is used to process all incoming signals from the external system to obtain transformed data sets from which information is extracted before it is passed to the protected system.

Abstract: An intrusion detection system and method for detecting unauthorized or malicious use of network resources includes an intrusion detection analysis engine that instanciates one or more analysis objects to detect signatures associated with attacks on network vulnerabilities. As new network vulnerabilities are identified, new analysis objects can be dynamically interfaced on a runtime basis with the intrusion detection analysis engine to detect signatures associated with the new network vulnerabilities. A signature application programming interface supports communication between the intrusion detection analysis engine and the analysis objects. When the instance of an analysis object indicates that an associated signature exists in network data, the intrusion detection analysis engine can provide an alarm.

Abstract: In a data secret protecting system received in a casing, a data holding memory device holds important data. A distortion detecting device detects a distortion value of the casing to produce a detected distortion value. An important data controlling device compares the detected distortion value with a reference distortion value to produce a compared distortion signal when the detected distortion value is greater than the reference distortion value. The important data controlling device erases, in response to the compared distortion signal, the important data. The data secret protecting system may comprise a temperature measuring device which measures a temperature value of the case to produce a measured temperature value. In this event, the important data controlling device corrects, in response to the measured temperature value, the detected distortion value to produce a corrected value of the detected distortion value.

Abstract: A computer system, bus interface unit, and method is provided for programmably modifying securable resources of the computer. Those resources may be devices which can be coupled to peripheral buses of the computer, or which may contain or allow access to sensitive information that must be secured against improper access. The security system thereby functions to block accesses to certain devices based on the status of the user seeking access. Passwords stored in the security system are matched against locally and distally entered passwords from either the user of that particular computer system, an administrator of a subset of localized computer systems, or a system administrator in charge of all networked computer systems. The present security system is thereby hierarchical in nature and can be programmed by the system administrator such that the assignment of unlocked signals arising from password comparisons can be programmably mapped to various securable devices.

Abstract: A controller contains software which, when triggered in some prearranged way such as assertion of an input to the controller, calculates a digital signature for the contents of the protected memory of the controller. The digital signature is preferably extracted from the contents of the memory by means of a function that varies greatly with even small changes to the memory contents. The function preferably is such that one cannot easily determine from the output what input generated the output. The function is preferably such that one cannot easily create a data set for input that yields any particular predetermined output. The circuitry generating the signature may be embedded in hardware of the controller so that its digital signature function is unknown even to the programmer writing the main body of code to be stored in the protected memory. With such a hardware configuration, it is possible to have a very high degree of confidence that the memory contents are what they are expected to be.

Abstract: A method of enabling a Web browser user to interact with a given application running on a Web server begins by constructing and returning a cookie to the Web browser upon a given occurrence, e.g., user login to the application. Without additional user input, the routine then forces the Web browser to check with the Web server that the cookie was set on the Web browser. Preferably, this is accomplished by sending the cookie from the Web server in a refresh page that redirects the HTTP flow back to itself with a parameter to check if the cookie was set. At the Web server, a test is then done to determine whether the cookie is valid. If so, the user is allowed to interact with the given server application (e.g., to take a given action or to log off from the application without closing the Web browser). A novel cookie construction and validation mechanism is also described.