Abstract: A data processing system and method are disclosed for prohibiting access to a SCSI bus prior to a correct entry of an access password. The system includes a plurality of internal SCSI bus devices coupled to the SCSI bus. The system also includes an external SCSI connector for coupling external SCSI devices to the SCSI bus. The access password is established and stored within the system. The plurality of internal SCSI bus devices and the external devices are prohibited from accessing the SCSI bus prior to a correct entry of the access password. The SCSI bus includes a busy signal line. Prior to a correct entry of the access password, the system asserts the busy signal line, indicating that the SCSI bus is busy. Both internal and external devices are prohibited from accessing the SCSI bus while the busy signal line is asserted.

Abstract: A mechanism for authenticating multiple connections to a network server is disclosed. A client establishes a first connection to the server. In establishing the first connection, the client provides authentication information and authorization information, and in response the server assigns first access privileges to the client. When the client requests a second connection, the server receives authentication information from the client, and assigns limited access privileges to the client. The server associates the first connection with the second connection and the client. The server automatically associates the first access privileges with the second connection, without requiring the client to provide authorization information for the second connection.

Abstract: A computer implemented system, method and computer program product for automatically distributing copies of a replicated database for a computer system comprising at least first and second host computers. Each of the host computers operatively control at least one associated computer mass storage device controller coupled to commonly accessible computer mass storage devices by at least one storage device bus. The system and method comprises the step of enumerating each of the various host computers of the computer system, each of the computer mass storage device controllers associated with each host computer and each of the computer mass storage devices coupled to the storage device buses coupling the controllers.

Abstract: A method for controlling a set of services in a cluster computer system. The set of services is registered with a service controller in the cluster computer system. The set of services is monitored for a failure of a service within the set of services. In response to a failure of the service, a failure sequence is initiated. An appropriate start sequence is initiated when the failed service can be restarted.

Abstract: A security and access management system provides unified access management to address the specific problems facing the deployment of security for the Web and non-Web environment. Unified access management consists of strategic approaches to unify all key aspects of Web and non-Web security policies, including access control, authorization, authentication, auditing, data privacy, administration, and business rules. Unified access management also addresses technical scalability requirements needed to successfully deploy a reliable unified Web and non-Web security system. The security and access management system provides the technology required to support these key factors as they relate to Web and non-Web security. The security and access management system operates in combination with network and system security tools such as firewalls, network intrusion detection tools, and systems management tools to provide comprehensive security for the Web-enabled enterprise.

Abstract: A computer system includes a central processing unit and a memory management unit having a plurality of functional units, such as a memory interface unit, a remote interface unit, a cache interface unit, and a translation unit. Each functional unit has a low priority error queue for storing error information for errors having a low priority. Some functional units also have a high priority error queue for storing error information for errors having a high priority error. Based on the status of the error queues, the memory management unit prioritizes and handles errors caused by hardware failures. For low priority errors, an interrupt request signal is sent to the central processing unit. For high priority errors, a RED ALERT signal is sent to the processing unit to cause the processing unit to give immediate attention to the error. For high priority error queue overflows, a failure signal is generated which causes the system to be halted and the contents of the system to be scanned out.

Abstract: A method for creating and maintaining user home directories and providing for user access across a heterogeneous network of managed servers based on the user account information of the central server. Upon determination that the function of home directories is supported, the target server name is determined and the type of server is extracted from the target server. Based on the server type, appropriate commands are issued to create the necessary directories on the target server. After establishment of the directories, access rights are established to enable the directory to be shared and available to the user through client systems in the network. Connections to the home directory are then made when a request is initiated by the user.

Abstract: In one embodiment of a method for recovering from a computer system lockup condition, an interrupt is generated to the computer system's operating system notifying the operating system of the lockup condition. An operating system interrupt handler is then executed. The interrupt handler performs at least one step to attempt to cure the lockup condition. If the interrupt handler fails to cure the lockup condition, the interrupt is regenerated to the operating system notifying the operating system of the lockup condition. The interrupt handler is then re-executed in response to the regeneration of the interrupt, with the interrupt handler performing a further step in attempting to cure the lockup condition.

Abstract: Secure wiretap support for Internet Protocol security. Specifically, one embodiment of the present invention includes a system for allowing controlled access to a networked communication. The system comprises an intermediate device that includes memory. The memory of the intermediate device is for storing a policy rule therein. The intermediate device is adapted to download the policy rules governing access to a desired location. The system further comprises a client which is coupled to the intermediate device. The client is adapted to receive the policy rule when the intermediate device downloads it to the client. As such, any communication data intended to travel between a first destination and the client is forwarded to a second destination. Therefore, the present invention provides a method and system for providing law enforcement agencies the ability to wiretap specific encrypted communications.

Abstract: An electronic point-of-sale (PoS) system comprises a network with a number of PoS terminals and a PoS server computer attached to it. The PoS terminals and the PoS server interact over the network to perform conventional PoS transactions. Additionally, each of the PoS terminals monitors its own operation for predetermined security-related events (such as refunds or voids). Upon detection of such an event, the PoS terminal sends an alert message and data over the network to a control computer (which may be the PoS server computer, or may be a separate computer). The control computer responds to the alert message by activating a video camera and recorder to record a view of the PoS terminal, along with the data.

Abstract: A method for ensuring security of a system accessed utilizing a keypad wherein access is provided to said system via a security code entered on the keypad. A security code is entered on the keypad utilizing a first character configuration of the keypad. Following this, the location of one or more access characters on the keypad is repositioned to present a second character configuration of the keypad. The repositioning of the character configuration is completed electronically in a generally random manner. The change in configuration may take place immediately after each user interface, or after a predetermined number of user interfaces.

Abstract: In an external storage, an I/O process is continued without any intervention of a user or a host system at failure of a controller. When a failure occurs in a controller, a host system recognizes the failure of the controller. Before the failure is notified to the user and application to stop the job, the substitutive controller reads the SCSI-ID possessed by an SCSI port of the failed controller from a shared memory, registers the SCSI-ID of the SCSI port to the SCSI port associated with the substitutive controller, and erases by a port address resetting facility of the substitutive controller the SCSI-ID possessed by an SCSI port of the failed controller.

Abstract: An Internet Portal is enabled by software executing on an Internet-connected server. The Portal, in response to a log-on by a user, presents a secure and personalized page for and to the user, the personalized page having listed plural Internet destinations enabled by hyperlinks, wherein upon invocation of a hyperlink by the subscriber, such as by a point-and-click technique, the portal invokes a URL for the destination, and upon connection with the destination, transparently provides any required log-on information for user access at the destination. In an enhanced embodiment a search function is provided wherein a user may configure searches in any or all of the listed destinations on a personalized page.

Abstract: A data processing system containing a monolithic network of cells with sufficient redundancy provided through direct logical replacement of defective cells by spare cells to allow a large monolithic array of cells without uncorrectable defects to be organized, where the cells have a variety of useful properties. The data processing system according to the present invention overcomes the chip-size limit and off-chip connection bottlenecks of chip-based architectures, the von Neumann bottleneck of uniprocessor architectures, the memory and I/O bottlenecks of parallel processing architectures, and the input bandwidth bottleneck of high-resolution displays, and supports integration of up to an entire massively parallel data processing system into a single monolithic entity.

Abstract: A system for validating network communication, such as e-mail. A person sending information to a previously unverified recipient first enters “Address Book” information about the unverified recipient into the sender's e-mail system. Part of this initial information includes the recipient's e-mail address and a way of communicating with the intended recipient other than by using the e-mail address. For example, regular mail, fax, or other means can be specified. When the sender sends the information to the intended recipient, the recipient is not able to receive the information until an identification code is entered by the intended recipient. The identification code is transferred via the different way of communicating that does not use the intended recipient's e-mail address. For example, the code can be sent via fax. The intended recipient then logs on to the e-mail system and enters their user name and the code.

Abstract: A multilevel computer security system including a computer with multiple security subsystems for secure data storage and data communications at each security level, a smart-card reader for controlling user access to each security level, an electronically-activated switch for activating only the selected and authorized security level, and a mechanically-activated switch that detects the availability of the security level selected. The computer will automatically power-up at the first security level and activate the first security subsystem which is allocated to the processing of restricted data. Access to each level of restricted data requires a user to insert-his smart card into a smart-card reader which will verify the identity through an entered PIN or from stored biometrics data and will allow the user to access only those levels for which the user is authorized as stored in the smart card.

Abstract: A secure client/server system provides remote access to a database system without allowing unauthorized users to access data stored within the database system. A client computer (client) establishes communication with server computer (server) and transmits a user password to the server. The server receives the user password and translates the user password into an alias or different password. When the client submits a request for data contained in the database system, the server accesses a database system associated with the server using the alias password. The database system allows the server to access information within the database system based on the alias password. Since the database system recognizes the alias password instead of the user password, only attempts to access the database via the server (after passing the security measures in place at the server) should be successful.

Abstract: Detecting harmful or illegal intrusions into a computer network or into restricted portions of a computer network uses statistical analysis to match user commands and program names with a template sequence. Discrete correlation matching and permutation matching are used to match sequences. The result of the match is input to a feature builder and then a modeler to produce a score. The score indicates possible intrusion. A sequence of user commands and program names and a template sequence of known harmful commands and program names from a set of such templates are retrieved. A closeness factor indicative of the similarity between the user command sequence and a template sequence is derived from comparing the two sequences. The user command sequence is compared to each template sequence in the set of templates thereby creating multiple closeness or similarity measurements. These measurements are examined to determine which sequence template is most similar to the user command sequence.

Abstract: In a communication network having computer systems communicatively coupled to each other with communication equipment, where the computer systems are executing network applications that send and receive either encrypted or unencrypted data packets over the communication network, a method for quantifying performance of the communication network. In one embodiment, between an application program interface and a protocol stack in a computer system, where the application program interface resides in an application layer of the computer system and the protocol stack resides in a kernel layer of the computer system, the present invention executes a process for identifying a network application, where the network application originates a request data packet and a response data packet. Second, in this embodiment the present invention records time-stamps when the request data packet and the response data packet are between the application program interface and the protocol stack in the computer system.

Abstract: A monitor function is implemented to monitor and control service processes and other system entities that perform tasks on a distributed network. The monitor function tracks the demise and instantiation of processes and entities that either export or import instrumentation. Any service process or other system entity (driver, interrupt handler, system library procedure) can export instruments (indicators, controls, testpoints). Instrument updates are propagated automatically if they are significant. The importing process conveys the information to a management system so that a human operator, or automated system, can observe and control the operation of the network service. One aspect of the invention uses a backup exporter to take over the processing of an exporter that has become nonfunctional. Another aspect of the invention determines when a CPU has gone down and acts accordingly to identify service processes that were associated with an exporter in the down CPU.