Abstract: A system for providing secure access and execution of application software stored on a first computer by a second computer using a communication device while a communication link is maintained between the first and second computers. The present invention is a secure software rental system. The system enables a user in a remote location using a computer and a modem to connect to a central rental facility, transfer application software from the central rental facility to the remote computer, and execute the software on the remote computer while electronically connected to the central rental facility. When the link between the central rental facility and the remote computer is interrupted or terminated, the software no longer executes on the remote computer. The software stored on the central rental facility is integrated with the header software to provide a security feature.

Abstract: A method and computer software code for monitoring security codes generated by a security device and providing software security for an application program are disclosed. In a preferred embodiment, security software provides security for an application program by reading analog data signals representing a security code from a predetermined input port of a computer, determining whether the read analog data signals correspond with an expected security code, and enabling or disabling the protected application program based upon whether the read analog data signals correspond with an expected security code. In a preferred embodiment, the analog data signals are resistance values, and the predetermined input port of a computer is a game port. In a preferred embodiment, multiple sequences of resistance values, a combination of which form a security code sequence, are presented to the analog pins of a computer's game port.

Abstract: A security framework for wrapping standard, commercially-available software applications in order to limit the amount of potential damage that a successful attacker or corrupt program can cause. The security framework includes a security master that coordinates installation and removal of kernel-based security modules and that provides a means for managing these modules. The security module are loadable kernel modules that include security information for enforcing application-specific or resource-specific policies. The security module are easy to install and require no modification to the existing operating system or to the software applications that they are monitoring. The security framework has a number of potential applications, including protecting a computing system from malicious software downloaded via a web browser, for wrapping web servers and firewalls in order to limit possible compromise and for replicating file operations.

Abstract: A data processing system and method are disclosed for permitting only preregistered client computer hardware to access a service executing on a remote server computer system. A log-in token is established including a unique identifier which identifies a particular client computer hardware. The client computer hardware logs-on to the server computer system. Subsequent to the client computer hardware logging-on to the server computer system, the client computer hardware attempts to access the service. During the attempt, the client computer hardware transmits the log-in token to the server computer system. The server computer system utilizes the unique identifier included within the log-in token to determine if the client computer hardware is registered to access the service. In response to a determination that the client computer hardware is registered to access the service, the server computer system permits the client computer hardware to access the service.

Abstract: A system, method and apparatus for generating security codes that may be used in providing software security are disclosed. In a preferred embodiment, at least one analog data signal representing a security code is generated by security circuitry. Such analog data signal is input to an analog input port of a computer. The generated security code may be used to prevent unauthorized operation of a software program. In a preferred embodiment, such an analog data signal is a resistance value, and such an analog input port of a computer is a game port. Most preferably, multiple sequences of resistance values are generated and input to the analog pins of the game port. A combination of the multiple sequences of resistance values form a security code that may be used to provide software security for a software program. Additionally, one or more confounding signals may be generated to make decoding the security code more difficult.

Abstract: A novel method is provided for initializing a data processing system having registers programmable with configuration data read from a non-volatile memory at power-up. The method includes segmenting the non-volatile memory into a first portion for storing first data, and a second portion for storing second data having lower priority than the first data. The first portion is smaller than the second portion. The first data are read from the first portion to program a first group of registers. Thereafter, the second data are read from the second portion to program a second group of registers. As a result, a host is enabled to access the first group of registers, while the second data are being read from the second memory portion.

Abstract: A network system includes a plurality of networks, a first internetwork apparatus having a plurality of first ports each connected to the plurality of networks, a second internetwork apparatus having a plurality of second ports each connected to the plurality of networks, and a data transmission path connected to the first and second internetwork apparatuses to transmit data mutually between the first and second internetwork apparatuses. In the normal state, each of the plurality of first ports is caused to be able to transmit and receive data to and from one of the plurality of networks and the plurality of second ports are caused not to be able to receive data from the plurality of networks and to be able to transmit data to the plurality of networks.

Abstract: A security system includes a network adapter that links the security system to a computer network infrastructure to establish a connection to the network. An embedded HTTP server receives and responses to the requests sent from any HTTP client having access to the computer network. A browser-based management module allows any HTTP client that is capable of accessing the computer network to setup and maintain the security system. A browser-based information query module allows any HTTP client that is capable to access the computer network to access the information of the security system.

Abstract: Electronic mail (email) is certified and authenticated by an authentication service. The authentication service is integrated with an email web site that allows users to set up email accounts. Outgoing email from the email web site is routed to the authentication service. A message identifier (ID) is generated and added to the message within markers. A random-number generator creates random pad characters that are added to the message before a checksum is generated. The checksum and the pad characters are stored in a table indexed by the message ID. The pad characters and the checksum are placed in secure storage and not available to users or others on the Internet. The email with the message ID in the markers but without the pad characters or checksum is sent to the recipients, along with instructions on how to authenticate the message. Others can authenticate a message by emailing it to the authentication service.

Abstract: A data processing system containing a monolithic network of cells with sufficient redundancy provided through direct logical replacement of defective cells by spare cells to allow a large monolithic array of cells without uncorrectable defects to be organized, where the cells have a variety of useful properties. The data processing system according to the present invention overcomes the chip-size limit and off-chip connection bottlenecks of chip-based architectures, the von Neumann bottleneck of uniprocessor architectures, the memory and I/O bottlenecks of parallel processing architectures, and the input bandwidth bottleneck of high-resolution displays, and supports integration of up to an entire massively parallel data processing system into a single monolithic entity.

Abstract: When termination of information processing is instructed, the entry of a password is requested and the password that is entered is identified. When the password that is input is a password for a manager, the system is shut down; when it is a password for a registered user, the client process is terminated; but when it is a password for a person other than those two, permission to end the processing is not granted. Thus, the type of end process that is performed can be controlled in accordance with the identity of a user. As for the client process, upon receiving an end instruction from a user the client internally performs a corresponding end process, instead of requesting that the process be performed by the server process.

Abstract: A method of providing external notification of an error includes detecting an error during an execution of a program command in a first set of commands in a first system, identifying a second system to notify when the error is detected, generating a notification signal based on the detected error, and transmitting the notification signal to the second system. Optionally, the error can be resolved by receiving at least one corrected command from the second system in response to the notification signal and implementing the at least one corrected command into the first set in the first system. A system and a computer readable medium capable of executing the method of the present invention are also disclosed.

Abstract: The present invention provides a way to access a secure environment by virtue of a right to access another secure environment. The present invention is directed to, in a general aspect, a method of authenticating membership for providing access to a secure environment. The environment for which access is requested can be a network environment, such as, for example, an Internet, containing a first secure domain and a second secure domain. Network connections can be made using TCP/IP protocols. Claimants inside and outside of the first secure environment are afforded access to the second secure environment. The first secure environment uses its own authentication information, such as a database of user names and passwords, for authenticating claimants. In order for an outside claimant to gain access to the second secure environment, the outside claimant must have previously been an inside claimant.

Abstract: Several embodiments of computer security systems are described and which are adapted to grant an authorized individual access to a secured domain, such as a computer or data stream. In one embodiment, the security system comprises: an analyzing means for receiving first and second passwords, each of said passwords being transmitted over a first communication channel, analyzing said first password, transmitting a first signal output only if said first password is authorized, and granting access to said secured domain only if said second password is substantially identical to a code; and a random code generating means for generating said code, transmitting said code over a second communication channel upon receipt of first signal output, and transmitting said code to said analyzing means; and a notification means for receiving said code and for notifying said authorized individual of the identity of said code.

Abstract: An object-based security framework provides for intra-process security boundaries. An application developer can define security settings declaratively at the object, interface, and method level using a graphical interface. When the application is deployed, the settings are placed into a central store and can be modified at a later time. At runtime, logic outside the application objects enforces the security boundaries, relieving the developer of having to incorporate security logic into the application. Changes to the security can be implemented by changing the settings without having to change the application objects. In addition to checking for identity, the security framework supports roles and enforces specified authentication levels. The integrity of an application's security scheme is retained when the application is combined with another application in the framework.

Abstract: An Internet Portal is enabled by software executing on an Internet-connected server. The Portal, in response to a log-on by a user, presents a secure and personalized page for and to the user, the personalized page having listed plural Internet destinations enabled by hyperlinks, wherein upon invocation of a hyperlink by the subscriber, such as by a point-and-click technique, the portal invokes a URL for the destination, and upon connection with the destination, transparently provides any required log-on information for user access at the destination. In an enhanced embodiment a search function is provided wherein a user may configure searches in any or all of the listed destinations on a personalized page.

Abstract: A new operating system is provided with two layers having different access authorizations. For security reasons a memory for basic system routines can be accessed only from a kernel layer, but not from an application layer. By providing a respective program that is executable in the respective layer, it is possible, while complying with the security stipulations, for the memory to be accessed and, consequently, for a new version of the basic system routines to be made available to the data processing system.

Abstract: In order to reproduce data scrambled in respective manners to recordable recording medium, it is necessary to take the step of discriminating if the reproduction signal comes from any recording medium before descrambling the data. Further, before doing the control, it is necessary to discriminate if the data is copy-permitted or copy-prohibited. To accomplish this process, a data recording and reproducing apparatus includes a first reproducing unit, a second reproducing unit for receiving the data processed by the first reproducing unit and executing the next reproducing process about the data, a first authenticating unit for authenticating the first reproducing unit, a second authenticating unit positioned in correspondence with the first authenticating unit and for authenticating the second reproducing unit.

Abstract: A computer network penetration test discovers vulnerabilities in the network using a number of scan modules. The scan modules perform their scanning of the network separately but in parallel. A scan engine controller oversees the data fed to and received from the scan modules, and controls the sharing of information among the modules according to data records and configuration files that specify how a user-selected set of penetration objectives should be carried out. The system allows for penetration strategies to be attempted simultaneously and independently. Information from each strategy is shared with other strategies so each can be more effective, and together they form a very comprehensive approach to network penetration. The strategies can be throttled at different levels to allow for those that are more likely to achieve success to run at the highest speeds.

Abstract: An application developer grants access privileges to application processing services in an object-based application by defining logical classes of users called roles. When the application is deployed on a host computer system, an administrator populates the roles with users and groups recognized by the host computer system. At runtime, a user is not permitted access to a processing service unless the user is a member of a permitted role for the processing service. To ease administration, two or more roles can be composed. In one implementation, roles are associated with a separate composite role. The administrator can then populate the composite role instead of individually populating each of the roles associated with the composite role. In another implementation, the administrator can specify that a role follows another role; user identities in the followed role are automatically considered members of the following role.