Abstract: In a system and method for performing message-based business processes among a plurality of applications, a gateway message is received at the gateway, the gateway message including a gateway message header and a payload, the gateway message header including a routing slip block providing a template of a complex transaction in which the gateway message is participating, the complex transaction comprising one or more simple transactions performed in a defined order. A copy of the received gateway message is persisted in a data store in the gateway. The gateway executes at least one simple transaction in accordance with the template in the routing slip in the received gateway message and persists a copy of the gateway message, after executing the at least one simple transaction, in the data store.

Abstract: To protect device keys, an optical media recording device capable of performing AACS encryption on data does not have any device keys, and the optical media recording device performs AACS encryption by activating recording software stored in a memory the optical media recording device, and utilizing a pre-calculated media key stored in the memory of the optical media recording device to perform AACS encryption on the data.

Abstract: A method for providing message protection includes generating a ciphered message based upon a first counter, a message, and a ciphering key. The method further includes generating an unciphered message authentication code (MAC) based upon the first counter, an integrity protection key, and either the message or the ciphered message, and transmitting security protected data, which includes the MAC and the ciphered message, over a transmission medium.

Abstract: A system and method is provided for verifying an access-control policy against a particular constraint for a multi-step operation. In disclosed embodiments, the method includes expressing the access-control policy as a first quantifier-free form (QFF) constraint and identifying the particular constraint as a second QFF constraint. The method also includes identifying an operation vector and providing copies of the operation vector associated with steps in the multi-step operation. The method also includes determining a third QFF constraint using the first QFF constraint, the second QFF constraint, and the copies of the operation vector. The method also includes solving the third QFF constraint to determine a solution and outputting a result of the solving.

Abstract: A method and apparatus facilitating access to a communication session for a client is provided. The method may comprise receiving, at a mobile virtual network operator (MVNO), an access request from a client, wherein the MVNO is associated with a set of mobile network operators (MNOs), receiving, from the client, client connection parameters associated with at least one of the set of MNOs, formulating at least one option for a communication session over a network associated with at least one of the set of MNOs, the at least one option based on the client connection parameters and MVNO-connection parameters associated with the set of MNOs, and establishing a selected communication session based on the at least one option.

Abstract: The Wireless Integrated Network Sensor Next Generation (WINS NG) nodes provide distributed network and Internet access to sensors, controls, and processors that are deeply embedded in equipment, facilities, and the environment. The WINS NG network is a new monitoring and control capability for applications in transportation, manufacturing, health care, environmental monitoring, and safety and security. The WINS NG nodes combine microsensor technology, low power distributed signal processing, low power computation, and low power, low cost wireless and/or wired networking capability in a compact system. The WINS NG networks provide sensing, local control, remote reconfigurability, and embedded intelligent systems in structures, materials, and environments.

Abstract: A method for handling the automated transferal of project level data to the various entities involved in such project which may be one of several projects within the control of each entity. Project level data may be coded, extracted and conveyed to one or more of several entities involved in a project in a format permitting notification of upper levels of management of each specific entity or summarization within the hierarchy of projects within the enterprise structure of each specific entity. Similarly, project level data may be imported and sequestered within the database for the project such that such data may be used for calculations or reports relating to that project without permitting unauthorized access to such data to the entities involved in the project.

Abstract: An authentication method in a system having a display and a storage device is provided. The authentication method includes the steps of registering an object selected for each user from among a plurality of visually distinguishable objects prepared in advance as a key object in the storage device; and presenting the plurality of objects to the display, accepting selection of an object by a user to be authenticated, and performing authentication based on matching/mismatching of the selected object with the key object registered in association with the user. The step of registering includes a step of determining a degree of freedom of selection of the object at the time of registration of the key object according to a degree of overlapping of the key object already registered in the storage device.

Abstract: A system to facilitate a service oriented email client application. The system includes a service registry, a service address book coupled to an email client, and an email composer coupled to the service address book. The service registry includes service information. The service information describes how to invoke a web service. The service address book includes a web service entry linked to the service information for the web service in the service registry. The email composer generates a user input form with a custom input field corresponding to the service information for the web service.

Abstract: A method of providing transports for a data distribution middleware over a plurality of transport networks is provided. A data distribution middleware with a pluggable transport layer is provided. A plurality of transport plugins in the transport layer are provided. Aliases are assigned to each of the transport plugins of the plurality of transport plugins, wherein at least one of the transport plugins of the plurality of transport plugins has a plurality of aliases.

Abstract: A portable computer and a charging method thereof are provided. The portable computer includes a charge integrated circuit (IC), a basic input/output system (BIOS) and embedded controller (EC), a south bridge chip, a north bridge chip and a central processing unit (CPU). After the portable computer is connected to a battery, the BIOS and EC controls the south bridge chip to read a sealed security bit of the battery and checks whether the sealed security bit equals a default value. The BIOS and EC controls the south bridge chip to read a battery data of the battery if the sealed security bit equals default value. The BIOS and EC controls the charge IC via the south bridge chip to charge the battery according to the battery data. The CPU controls the south bridge chip and the north bridge chip.

Abstract: A method for symmetric receive-side scaling (RSS) in a network device having an ingress side RRS router and an egress side RSS router and a plurality of queues for handling packets. The method comprises identifying an internet protocol (IP) version being used for the network. The transport layer headers (TLHs) existence status is identified. A secret key by each of the egress side RSS router and the ingress side RSS router is identified. The key is based on the identification of the IP version and the TLHs existence status. The secret key ensures that packets sent from a source to a destination and packets sent from the destination to the source are routed by the egress side RSS router and the ingress side RSS router to a common queue among the plurality of queues. The secret key is stored at a storage in the network device. The secret key is used by the ingress side RSS router and the egress side RSS router for routing packets.

Abstract: A remote data acquisition, transmission and analysis system including handheld wireless equipment to obtain operational data and the status of remote machines is disclosed. A plurality of application controllers are interfaced with the remote machines from which operation data is acquired by the application controllers. The application controllers communicate with an application host via a local area network. The application host may communicate with a network operations center using a wide area network. The handheld wireless equipment may be used to obtain operational information for each remote machine from the network operations center.

Abstract: A method for authenticating messages in a communication network includes forming a super message having a plurality of individual messages such that at least two of the individual messages are intended for separate receiving entities. The method further includes creating a message authentication code (MAC) using a private key, such that the MAC is configured to permit authentication of the super message using a public key.

Abstract: An interoperability system abstracts the protocols used by multiple network applications into an interoperability framework, thereby allowing the network applications to interoperate with each other and/or with modules for providing enhanced functionalities. The interoperability framework includes a number of adapters that modularize the components needed for interoperation and abstracts content from the underlying protocols and procedures used by the network applications. The interoperability framework includes a resource control that enables the network applications to access shared resources, such as data and content used by the network applications, thus allowing the applications to interoperate and for functionality enhancements to be added.

Abstract: Secure outsourced aggregation of data using one-way chains is discussed in this application. Each input data source such as a sensor generates a Verifiable Synopsis (“VS”) which includes sensor data, an Inflation Free Proof (“IFP”) generated using a cryptographic function and a Self-Authenticating Value (“SEAL”) chain generated using a one-way function. An aggregator takes a plurality VSs from multiple data sources and aggregates them together into one. Maximum value, top-k, count, count distinct, sum, average, and other aggregate functions may be used. Folded VS provides a concise proof that no value greater than the maximum value was reported by a sensor, thus providing a check against deflation of sensor data. Similarly, the cryptographic function of the IFP provides a mechanism to prevent inflation of the sensor data. Thus it becomes possible at a portal to verify that aggregated data has not been inflated or deflated by the aggregator.

Abstract: An approach is provided to receive a request at a first computer system from a second system. The first system generates an encryption key, modifies retrieved source code by inserting the generated encryption key into the source code, and compiles the modified source code into an executable. A hash value of the executable program is calculated and is stored along with the encryption key in a memory area. The executable and the hash value are sent to the second system over a network. The executable is executed and it generates an encrypted result using the hash value and the embedded encryption key. The encrypted result is sent back to the first system where it is authenticated using the stored encryption key and hash value.

Abstract: A data processing system features a hardware trusted platform module (TPM), and a virtual TPM (vTPM) manager. When executed, the vTPM manager detects a first request from a service virtual machine (VM) in the processing system, the first request to involve access to the hardware TPM (hTPM). In response, the vTPM manager automatically determines whether the first request should be allowed, based on filter rules identifying allowed or disallowed operations for the hTPM. The vTPM manager may also detect a second request to involve access to a software TPM (sTPM) in the processing system. In response, the vTPM manager may automatically determine whether the second request should be allowed, based on a second filter list identifying allowed or disallowed operations for the sTPM. Other embodiments are described and claimed.

Abstract: In a communication apparatus on a network where communication apparatuses perform direct communication with each other, a network management apparatus for managing the network based on message information transmitted and received on the network is determined. When the communication apparatus itself is determined as the network management apparatus, the apparatus collects information indicating device capabilities from other communication apparatuses. On the other hand, the communication apparatus receives information indicating device capabilities from another communication apparatus when the other communication apparatus is determined as the network management apparatus.

Abstract: For the operation of at least one non-safety-critical application process and at least one safety-critical application process, the invention proposes a data processing and transmission system with a data transmission network, at least one non-safety-related network element linked to the non-safety-critical application process and connected to the network, and with at least one safety-related network element linked to the safety-critical application process, as well as with at least one master unit connected to the network, and a server unit connected to the network separately from the master unit, wherein the safety-related server unit controls the at least one safety-critical application process, specifically by processing safety-relevant data necessary for controlling the safety-critical application process and by organizing the transmission of the safety-relevant data over the network by means of at least one of the network elements and/or the master unit.