Abstract: A processor interface chip and a maintenance diagnostic chip are provided coupled with two microprocessors designed to be run in tandem. The processor interface chip includes logic for interfacing between the microprocessors and a main memory, logic for pipelining multiple microprocessor requests between the microprocessors and main memory, logic for prefetching data before a microprocessor issues a read request, logic for allowing a boot to occur from code anywhere in physical memory without regard to the microprocessors' fixed memory location for boot code, and logic for intelligently limiting the flow of interrupt information over a processor bus between the microprocessors and the processor interface chip.

Abstract: A system and method for troubleshooting devices on a network where each device is identifiable by a medium access control address. Personnel interact with the system from a browser using hypertext markup language pages. A search capability allows the personnel to find a particular device based upon its medium access control address, and display device specific data. The device specific data is kept in a database internal to the system. Update functions are provided to change the data in the internal database. Utility functions are also provided to aid in troubleshooting, maintenance, and verification.

Abstract: The present invention is a method and apparatus for controlling access to at least one program on a processing system by verifying data entered through a keyboard, while isolating the entered data from the processing system. The apparatus comprises a memory and a processor coupled to the memory. A first data path is provided between the keyboard and the processing system; a second data path is provided between the keyboard and the processor; and a third data path is provided between the processing system and the processor. When activated, the processor is operable in a first mode wherein access to the processing system via the keyboard is inhibited when data entered via the keyboard does not match data stored on the card. The processor is operable in a second mode, wherein the keyboard is coupled to the processing system so that the at least one program on the processing system is accessible via the keyboard when the entered matches the data stored on the card. Various embodiments are disclosed.

Abstract: A method and apparatus for remote access to a network server, using a secured and self-contained environment is described. In one or more embodiments of the invention, the needed software for transmission of information is readily available on portable media. The portable media can be used in conjunction with any compatible computer system to securely transfer or access information to or from Internet resources. In one or more embodiments of the invention, the operating system needed for accessing the remote server is stored on bootable media, such as a floppy disk for example. A user can reboot a computer or public terminal using the bootable media. Other portable and easily accessible media with larger memory storage capacity, such as a memory flash card, are utilized to store the necessary software for information communication.

Abstract: A method and apparatus for providing media-independent security for a document may be programmed to create a document file having two or more components. In one embodiment, a document may include a background object, an image object (e.g. text, graphic, both, or the like), and a watermark object. When output, the image object is directly interpretable by a user. Meanwhile, in the background object, watermark object, or both, a high-resolution pattern may be stored to be output with all copies of the document. Encoded in some binary symbol in the pattern is security data. Resolution is high enough that the binary symbols are undetectable by a human eye. A processor may be programmed to recognize (e.g. read) the pattern, decode the pattern into binary data, and decode the binary data to characters directly interpretable by a user. Information relating to creation and control of a document, signature, or the like, may all be encoded independent from the principal image (e.g.

Abstract: A fault tolerant method by which individual components of a server are monitored and controlled through independent, programmable microcontrollers interconnected through a microcontroller network. An external agent can control and monitor the microcontrollers by extending the interconnection network beyond the physical server. Intervention of the server operating system software is not required and is not utilized for the access and control operations. The method includes the processes running on a remote interface so as to enable communication between the microcontroller network and an external modem that communicates with a remote client machine. The remote interface also provides for connection to a local client machine.

Abstract: The invention authenticates processes and inter-process messaging. In some examples of the invention, security is performed in three layers—the application layer, the middleware layer, and the transport layer. Some examples of the invention include software products. One software product comprises security software and middleware software stored on a software storage medium. The security software directs a processor to receive a log-in request for a process, generate a request to authenticate the process, transfer the request to authenticate the process, receive a security association for the process, and transfer the security association. The middleware software directs the processor to receive the security association from the security software, receive a message from the process, insert the security association into the message, and transfer the message. Another software product comprises security software stored on a software storage medium.

Abstract: A data bus system with data integrity verification is arranged so that a bus device receiving a message always responds by sending a check sequence back to the message originating device; i.e., a check sequence is automatically returned to a message originating device as part of every bus transaction. The originating device reads the returned check sequence and uses it to verify the integrity of the data transferred between the two devices. The check sequence can be created by the receiving device based on the data conveyed, or the receiving device can simply echo back a check sequence that is appended to the incoming data.

Abstract: A method and system for providing security during use of an intermediate device which represents clients to a central site. In one embodiment of the invention, an intermediate device includes memory. The memory of the intermediate device is adapted to a store a deliverable security applet. Additionally, the intermediate device is configured to download the deliverable security applet to a desired location. The present embodiment also includes a client which is coupled to the intermediate device. The client is adapted to receive the deliverable security applet from the intermediate device when the intermediate device downloads the deliverable security applet to the client. In so doing, the client can be prompted to respond to requests for authentication of the client when the requests for authentication of the client are received by the intermediate device.

Abstract: Computer-based systems and methods are disclosed for a comprehensive security model for managing foreign content downloaded from a computer network. The methods and systems include the configuration of a system security policy that is stored on a host computer. The system security policy includes one or more independently configurable security zones. Each security zone corresponds to a group of network locations and may have one or more associated configurable protected operations that control the access to the host system by foreign content downloaded from the computer network. A protected operations may have one or more associated configurable permissions that define the capabilities of the protected operation. Each permission may be defined by one or more parameters and each parameter may be defined by one or more primitives. The permissions may be defined to enable the permission, disable the permission, or prompt the user when the permission is required.

Abstract: A method and device for securing a removable Attached Computer Module (“ACM”) 10. ACM 10 inserts into a Computer Module Bay (“CMB”) 40 within a peripheral console to form a functional computer such as a desktop computer or portable computer. The present ACM 10 includes a locking system, which includes hardware and software 600, 700, to prevent accidental removal or theft of the ACM from the peripheral console. While ACM is in transit, further security is necessary against illegal or unauthorized use. If ACM contains confidential data, a high security method is needed to safeguard against theft.

Abstract: An apparatus within a device, such as an integrated circuit, for controlling available capabilities of the device. The apparatus includes an EEPROM storing a configuration control word having at least one bit, a configuration control mask having at least one bit, and logic to select a first operating mode of the device when the configuration control word does not match the configuration control mask and to select a second operating mode of the device when the configuration control word matches the configuration control mask. The first operating mode may indicate full capabilities of the device and the second operating mode may indicate a set of reduced capabilities of the device. Additional logic in the device implements a “write once” feature for irrevocably setting the configuration control word to match the configuration control mask, thereby permanently selecting the second operating mode (e.g., reduced capabilities).

Abstract: A system for controlling Signaling System #7 (“SS7”) message traffic by defining a message control policy for SS7 signaling links and accepting, modifying, responding to, or rejecting SS7 signaling messages according to the defined control policy is disclosed. The control policy is composed of a set of access rules that are loaded onto one or more firewalls located at strategic points in a SS7 network. The firewalls use the access rules as the basis for examining each SS7 message a signaling node transmits or receives on a signaling link and determining whether or not to pass, modify, respond to, or reject the message. The system includes a graphical user interface for providing configuration information, as well as information as to the current and past states of the message traffic of a signaling node.

Abstract: A communication system and method utilizing a divided customer Internet Protocol (IP) address space for access customer premises equipment (CPE) addresses and customer personal computer addresses. Both the access CPE and the customer personal computers are located at a customer premises. Using the system and method, Internet service providers can easily implement security measures to deny access to a Network Operation Center (NOC) by communications originating from customer personal computers but allow communications between the NOC and the access CPE.

Abstract: A method of providing a preconfigured computer system to a user commences with the installation of first and second applications on the computer system. The computer system is then configured to restrict access to the first application by a user, so as to inhibit ready and convenient execution of the first application by the user. However, access to the second application is not restricted, so that this second application can be executed or invoked in a usual and convenient manner. The computer system is then supplied to an end user, with the first and second of applications installed thereon. Responsive to a subsequent request from the user, the restrictions on the access to the first application are removed so as not to inhibit the execution of the first application by the user.

Abstract: A method and system for supplying a software image to a computer system utilize a custom-programmed compact disk (CD) ROM that is configured for a specified individual computer system and constrained to be downloaded to and operable on only the specified individual computer system. The method and system further utilize an installation procedure for restoring the specified computer system to the software state that the computer was in at the time the computer left the factory after initial configuration and downloading. The custom-programmed CD ROM 106 is delivered to a customer in combination with a bootable flexible diskette 108, and an instructional technical instruction sheet for usage by the customer to restore the computer system to a “factory new” software condition.

Abstract: A system for allowing predesignated users at remotely located computer-based systems to perform document management. Components of the system include public data network, a publication facility, a remote storage facility and a document manager computer-based system. The document manager computer-based system, the publication facility, the remote storage facility are all coupled to the computer-based systems used by the predesignated users over the public data network. The system allows authorized users from remote locations to perform secure document collaboration, share and archive documents, context index documents, digitally notarize documents, electronically file documents and publish documents.

Abstract: Checkpointing of operations on data may be provided by partitioning the data into temporal segments. Operations may be performed on the temporal segments and checkpoints may be established by storing a persistent indication of the segment being processed. The entire processing state need not be saved. If a failure occurs, processing can be restarted using the saved indication of the segment to be processed. Such data partitioning and checkpointing may be applied to relational databases, databases with dataflow operation and/or parallelism and other database types with or without parallel operation.

Abstract: A system, method and computer program product for automatic response to computer system misuse using active response modules (ARMs). ARMs are tools that allow static intrusion detection system applications the ability to dynamically increase security levels by allowing real-time responses to detected instances of computer misuse. Several classes of ARMs exist which allow them to interface with several types of network elements found within a computing environment (e.g., firewalls, web servers, Kerberos severs, certificate authorities, etc.). The ARMs, once defined, are deployed in a “plug and play” manner into an existing intrusion detection system within a computing environment. A user (e.g., system administrator) may then configure the ARMs by linking them to specific computer misuses.

Abstract: The present invention comprises a method and apparatus for receiving data analysis instructions from a user and for displaying results of the data analysis to the user. In one embodiment, the invention provides a series of interface windows displayed on a computer display screen. A first window allows a user to select one or more specification files comprising reference data specifying capabilities and or resources with which other data is to be compared. A second window allows the user to select one or more data files to be compared to the one or more specification files selected using the first window. A third window allows the user to interactively select the type of analysis to be performed and provides the results of the selected analysis to the user. The third window also allows the user to interactively apply one or more filters to the results and to select the manner (view) in which the results are displayed.