Abstract: A perfornance measurement, communication fault detection, and fault isolation system for a ring based communication network. The present invention includes mechanisms and procedures operable within each port logic device of a communication network for counting the number of message packets lost by the network versus the number of message packets lost by the particular port or it's attached communication station. The result is a generic loss metric for that particular port. Positive counts represent packets lost by the remainder (i.e., not including the particular port) of the network while negative counts represent packets lost by the port or its attached station. The present invention also includes embodiments wherein the above capabilities are provided for a group of ports but only for messages that contain a particular targeted address as the packet's origin (i.e., targeted loss metric).

Abstract: A multilevel computer security system including a computer with multiple security subsystems for secure data storage and data communications at each security level, a smart-card reader for controlling user access to each security level, an electronically-activated switch for activating only the selected and authorized security level, and a mechanically-activated switch that detects the availability of the security level selected. The computer will automatically power-up at the first security level and activate the first security subsystem which is allocated to the processing of restricted data. Access to each level of restricted data requires a user to insert his smart-card into a smart-card reader which will verify the identity through an entered PIN or from stored biometrics data and will allow the user to access only those levels for which the user is authorized as stored in the smart-card.

Abstract: A method and an apparatus for controlling the operation of a digital processing system. In one example of a method of the invention, a request is repeatedly generated for the digital processing system, and a response to the request is normally provided by the digital processing system when it is not in a default state (e.g. when not crashed). If the digital processing system is in a default state then no response is provided, and a control device automatically restarts the digital processing system. In another example of a method of the invention, a status indicator is, when the system is not in a fault state, repeatedly sent to a control device. This status indicator resets a counter in the control device, thereby preventing the counter from reaching a predetermined value. If the counter reaches the predetermined value, then the control device automatically restarts the digital processing system.

Abstract: Computer-based systems and methods are disclosed for a comprehensive security model for managing active content downloaded from a computer network. The security model includes the configuration of a system security policy that is stored on a host computer. The system security policy is configured by security zone in progressively “finer grain” levels with each level associated with and defining the previous level. These levels may include: protected operations; user permission sets, permissions, parameters and primitives associated with parameters. A requested permission set is provided by the publisher of active content that lists the permissions that the active content requires in order to run on the host system. The requested permission set is automatically compared to one or more user permission sets to determine the permissions, if any that will be granted on the host system.

Abstract: A system, method and article of manufacture are provided for recording exception handling requirements for maintaining a consistent error handling approach. An exception response table is provided in which an exception is recorded. The context of the exception is entered in the exception response table and a response for the exception is listed in the exception response table. The response is subsequently outputted upon the exception occurring in the context.

Abstract: A network of microcontrollers for monitoring and diagnosing the environmental conditions of a computer is disclosed. The network of microcontrollers provides a management system by which computer users can accurately gauge the health of their computer. The network of microcontrollers provides users the ability to detect system fan speeds, internal temperatures and voltage levels. The invention is designed to not only be resilient to faults, but also allows for the system maintenance, modification, and growth—without downtime. Additionally, the present invention allows users to replace failed components, and add new functionality, such as new network interfaces, disk interface cards and storage, without impacting existing users. One of the primary roles of the present invention is to manage the environment without outside involvement. This self-management allows the system to continue to operate even though components have failed.

Abstract: A computer system provides authenticated access for a client computer over an insecure, public network to one of a plurality of destination servers on private, secure network, through the use of a client-side X.509 digital certificate. A firewall is disposed between the insecure, public network and the private network. A demilitarized zone (DMZ) proxy server intercepts messages destined for the destination servers, and forwards the intercepted messages through the firewall to a gateway on the private network. The gateway is configured to create a cookie, based on the selection of one of a several applications available on the private network. The cookie contains an identifier sufficient to identify the destination server corresponding to the selected application. Messages from the client computer include the cookie. The gateway processes the cookie and appends the identifier on a destination URL portion of the messages for routing.

Abstract: A computer network remote data mirroring system writes update data both to a local data device and to a local, chronologically sequenced journal storage area, or writelog device. If the local computer system crashes, upon recovery or re-boot of the local computer system, the two most current updates in the writelog device are written to the local data device to assure that the data stored on the local data device is current. Additional memory or disk space is dynamically assigned to the writelog device to prevent a memory overflow condition. The computer network remote data mirroring system can be structured to provide logical groups of local data device/writelog device pairs. A primary mirror daemon on a local computer system monitors the writelog device for data updates and feeds the data over a network in the same order in which it is stored to a receiving remote mirror daemon on a remote computer system, which in turn commits the data updates to a mirror device.

Abstract: A method and system for securing confidential data in a computer network, wherein the computer network includes a management information database that assists in the management of the computer network. Initially, confidential data are identified within the management information database. Next, particular data objects are associated with the identified confidential data. Thereafter, the identified confidential data are accessed from the management information database. Finally each particular data object and its associated confidential data are automatically converted into a secure data object, in response to accessing the confidential data from the management information database, such that the confidential data may only be understood or altered external to the management information database by converting the secure data object back into the particular data objects and the associated confidential data.

Abstract: A redundant array includes a plurality of disks, a bus coupling the disks, a receiving device, and a device to reconstruct a block stored in one of the disks. The device reconstructs the block with associated data and parity blocks from other disks. The device transmits the reconstructed block to the receiving device in response to the one of the disks being slowly responding. A method includes requesting a first disk to transmit a first block, reconstructing, when necessary, the first block from associated data stored in other disks of a RAID configuration, and transmitting the reconstructed block directly to a receiving device. The transmitting is in response to the first disk not transmitting the block in a predetermined time.

Abstract: In an external storage, an I/O process is continued without any intervention of a user or a host system at failure of a controller. When a failure occurs in a controller, a host system 10 recognizes the failure of the controller. Before the failure is notified to the user and application to stop the job, the substitutive controller reads the SCSI-ID possessed by an SCSI port of the failed controller from a shared memory, registers the SCSI-ID of the SCSI port to the SCSI port associated with the substitutive controller, and erases by a port address resetting facility 45 of the substitutive controller the SCSI-ID possessed by an SCSI port of the failed controller. Thanks to the provision, since the SCSI-ID specified at issuance of an I/O request is transferred between the controllers, the user or the host system need not alter the I/O request issuing route. Moreover, while the host system does not recognize the error, the transfer can be conducted.

Abstract: A system for controlling the validity of printing of indicias on mailpieces from a potentially large number of users of postage meters includes apparatus disposed in each said postage meter for generating a code and for printing the code on each mailpiece. The code is an encrypted code representative of the postage meter apparatus printing the indicia and other information uniquely determinative of the legitimacy of postage on the mailpieces. The keys for the code generating apparatus are changed to change its code generation at predetermined time intervals in each of the meters. A security center includes apparatus for maintaining a security code database and for keeping track of the keys for generating security codes in correspondence with the changes in each generating apparatus and the information printed on the mailpiece by the postage meter apparatus for comparison with the code printed on the mailpiece.

Abstract: A method for providing single step log-on access for a subscriber to a computer network. The computer network is differentiated into public and private areas. Secure access to the private areas is provided by a Service Selection Gateway (SSG) Server, introduced between a conventional Network Access Server (NAS) and an Authentication Authorization and Accounting (AAA) Server. The SSG Server intercepts and manipulates packets of data exchanged between the NAS and the AAA Server to obtain all the information it needs to automatically log the user on when the user logs on to the NAS. An authorized user is thus spared the task of having to re-enter username and password data or launch a separate application in order to gain secure access to private areas of the network.

Abstract: A security enhanced computer system arrangement includes a coprocessor and a multiprocessor logic controller inserted into the architecture of a conventional computer system. The coprocessor and multiprocessor logic controller is interposed between the CPU of the conventional computer system to intercept and replace control signals that are passed over certain of the critical control signal lines associated with the CPU. The multiprocessor logic controller arrangement thereby isolates the CPU of the conventional computer system from the remainder of the conventional computer system, permitting separate control over the CPU and separate control over the remainder of the computer system. By controlling the control signals that are normally passed between the CPU and the remainder of the computer system, the multiprocessor logic controller permits the coprocessor to perform highly secure operations.

Abstract: A system and method for the detection of permanent virtual circuit failures in a communication network determines and classifies failures based upon physical or logical criteria. Upon detection of a physical failure or a logical failure the virtual circuit backup logic will establish an alternate path in order to selectively reroute information avoiding the failed primary path. Once the primary path is again available, the logic of the present invention will restore the communication from the alternate path to the primary path. The virtual circuit backup logic will selectively provide an alternate path for communication traffic on a per data link connection identifier (DLCI) basis, thus enabling a single link to be backed up over multiple links.

Abstract: A web host includes a web server that provides web pages to a client. In response to a particular web page, the client sends a request to the web server to execute a CGI program stored on the web server. A redirector within the web server redirects the CGI execution request to a CGI proxy, which determines the execution mode in which the CGI program is executed. To make this determination, the CGI proxy first checks if the requested program requires authentication, and next if it belongs to a list of “special” CGI programs meant to be executed with different “safety” modes. Each CGI program in such a list corresponds to an execution mode with particular security privileges—e.g., being able to read or write to a file the user otherwise could not read or modify. If authentication is required but fails, the CGI proxy executes the requested program in a “safety” mode, according very limited privileges to the invoked program.

Abstract: A server computer acts as a central repository for tests performed by any number of connected client computers, as well the results of these tests returned by the client computers. A test manager executed by the server computer analyzes the results of the tests performed by the client computers, and determines which tests have passed or failed during execution, whether the tests failed because of an application or other error, and which tests should be re-executed by the same or different client computer. A test grouper analyzes the error messages produced by the application being tested, so that tests that reveal the same defect can be grouped together. A test reducer is iteratively applied to selected tests to reduce the test to the smallest subset of the original test that still reveals the defect. In this manner, the present invention maximizes the testing efficiency of the resources used and minimizes the amount of time required of the operator to confirm failures.

Abstract: Data sequences comprised of figure-coded units, such as text comprised of ASCII characters, are encoded into another data entity, such as a pixel based image. The encoding implements a positionally-based encoding scheme in which values of the data entity (basic matrix) upon which the data sequences are to be encoded is used. The position for values to be changed in the basic matrix are determined by a reversible function, and the encoding value that these values are changed by may be 1, another arbitrary number, or determined by a formula. The counterpart to the reversible function is known by an intended receiver of the encoded data for decoding purposes. The basic matrix may be generated utilizing a suitably complex function, such as a chaos function, with parameters known only to the sender and receiver.

Abstract: Customer-service tasks are performed in a noninvasive manner by relying on automatic methods for (a) capturing the state of the operating domain and (b) automatically communicating this state as well as a description of the circumstances that lead to activation of the process to a remote service machine via an electronic network. Network-based customer-service for software support includes an automatic mechanism which initiates the product support process. This automatic mechanism may optionally be augmented by a manual mechanism for initiating the support process. The process captures the operating environment in sufficient detail so as to enable its re-creation in part or in whole on a separate machine. Archived data is transmitted to an off-site storage device, and when this data is received, notification is transmitted to customer-support personnel.

Abstract: The invention is a computer interface utilizing a sensor for sensing that a user is in the immediate vicinity of the computer. The interface consists of a motion sensor, computer software for enabling the computer security in the absence or presence of a user, a keyboard interface connected to the motion sensor and a keyboard connected to the keyboard interface.