Abstract: An apparatus, system, and method are provided for sharing a cached security profile in a database environment. The apparatus, system, and method include a cache module for caching a security profile accessible to primary tasks and secondary tasks. An identification module is provided that distinguishes between primary tasks authorized to refresh the security profile and secondary tasks. A refresh module cooperates with the cache module and identification module to selectively refresh the security profile in response to a refresh request and expiration of the security profile such that an old version of the security profile is retained for use by secondary tasks until an execution window closes.

Abstract: A system and method for providing a containment model of role capabilities wherein a parent role can obtain the capabilities of its child role(s).

Abstract: An intrusion handling system for a packet network is provided according to an embodiment of the invention. The intrusion handling system includes a communication interface configured to receive or detect a network event that is directed to a network address. The intrusion handling system further includes a processing system coupled to the communication interface and configured to receive the network event from the communication interface, determine whether to yield the network address, respond to the network event in order to retain the network address, and not respond to the network event in order to yield the network address.

Abstract: A method of encrypting and transmitting data and a system for transmitting encrypted data. The method includes one or more different encryption algorithms, and may include employing different encryption algorithms to achieve multiple levels of encryption. A first encryption algorithm is based upon multiple rearrangements of bits representing data to obtain encoded data. A second encryption algorithm is based upon performing multiple XOR operations on bits representing data so that each data word is at least encoded with previous data words. The system comprises first and second computers and a plurality of communication parameters. The two computers are communicably connected to a network, and the second computer is adapted to route a transmission to the first computer. The transmission includes a data part and a header part, both of which are encrypted by the second computer utilizing the communication parameters. The first computer decrypts the transmission utilizing the communication parameters.

Abstract: An encrypted-data decrypting apparatus that provides enhanced security protection for programs and data while they are in the processes of decryption to execution after having been encrypted. When a decrypted partial program needs to be loaded into the shared memory M, the controlling unit 11 loads it into an area indicated by the memory location information. According to the memory location information, a plurality of partial programs are sequentially loaded into an area so that one partial program gets overwritten by another; therefore, none of the partial programs exists in the memory for a long time, and thus there is less possibility of having the partial programs referred to illegitimately. In addition, since every time some data is decrypted, the decryption support program authenticating unit 13 confirms authenticity of the decryption support program P, it is possible to prevent having illegitimate references in which the decryption support program is abused.

Abstract: A user authentication method for a remote control apparatus and a remote control apparatus using this method are provided. If a user inputs information for user authentication after having inputted a command for control of a controlled device, this information is compared with the corresponding user authentication information stored. If the user authentication is successful, it is determined whether a secondary authentication is required. If a secondary authentication is required, authentication data, as well as control data corresponding to the user's command, are transmitted to the controlled device. The controlled device operates in accordance with the received control data, if the authentication with the received authentication data was successful. The method and apparatus allow individual setting of a communication device for each controlled device.

Abstract: In a network of computer systems having a group of users subscribing to a service comprising restricted channels, a user applies for an action to be performed by an automated software agent. The agent initiates a poll of a predetermined group of subscribers soliciting votes for approving the action. When the poll is complete, the votes are tallied by the agent and compared with predetermined authorization rules. If the votes pass the rules test, the action is approved and performed by a software agent. The user in one embodiment is an automated software agent.

Abstract: Communicating between multiple application programs includes providing an adapter to a first computer application for use in accessing a second computer application that provides a function to the first computer application. The inputs and outputs of the function are defined by the first computer application. The adapter is made available to the first computer application for use in accessing the second computer application. The adapter is configured to accept from the first computer application the inputs to the function and provide to the second computer application the inputs in a form that the second computer application is able to use. The adapter is configured to receive from the second computer application outputs from the function and provide to the first computer application the outputs in a form that the first computer application is able to use.

Abstract: Embodiments of the present invention provide adjustments of the depiction of a user interface upon a computing environment's change in state.

Abstract: A mechanism for protected operating system boot that prevents rogue components from being loaded with the operating system, and thus prevents divulgence of the system key under inappropriate circumstances. After a portion of the machine startup procedure has occurred, the operating system loader is run, the loader is validated, and a correct machine state is either verified to exist and/or created. Once the loader has been verified to be a legitimate loader, and the machine state under which it is running is verified to be correct, the loader's future behavior is known to protect against the loading of rogue components that could cause divulgence of the system key. With the loader's behavior being known to be safe for the system key, the validator may unseal the system key and provides it to the loader.

Abstract: Conventional matching approaches to virus detection are ineffective pending deployment of a signature to match a newly discovered virus. In contrast, a behavioral based (subject) approach addresses the so-called “day zero” problem of object matching approaches. An integrated approach combines the behavioral remedy against unknown transmissions with the signature matching of known harmful transmission to provide the reliability and stability of signature based approaches with the real time responsiveness of the behavioral approach. A behavior monitoring module analyzes actions via behavioral heuristics indicative of actions performed by known harmful transmissions. The behavioral monitoring correlates the actions performed to determine an undesirable object. A signature generator computes a realtime signature on the suspect object.

Abstract: A technique for integrating message authentication with encryption and decryption is disclosed. Intermediate internal states of the decryption operation are used to generate a validation code that can be used to detect manipulation of the encrypted data. The technique is optimized with respect to processing time, execution space for code and runtime data, and buffer usage. The technique is generally applicable to a variety of block ciphers, including TEA, Rijndael, DES, RC5, and RC6.

Abstract: In an authentication apparatus 300, so as to confirm whether a user is legitimate in supplying key information to a resource 500, discernment information for identifying the user is caused to be input, and only in a case where this discernment information coincided with the stored discernment information of the user, the key information is supplied to the resource. Also, in causing the authentication apparatus 300 to register the discernment information of the user, the discernment information is caused to be input, this discernment information is collated with the discernment information registered in a key information management center 200, and in a case where it coincided, the authentication apparatus 300 is caused to register the discernment information.

Abstract: Reliable end-to-end messaging in which tracking and acknowledgement information are contained in the electronic message that is visible to layers above the transport layer, thereby being independent of what transport protocols, and whether different transport protocols, are used to communicate between the two end points. Furthermore, acknowledgment messages may identify multiple ranges of sequence numbers corresponding to received electronic messages, thereby permitting further flexibility and completeness in acknowledging received messages.

Abstract: A system and method for providing Java Server Page (JSP) security are provided. In one embodiment, a method for providing JSP security comprises selecting a JSP file at least partially in response to a request by a user. The request includes information identifying the user. A security tag associated with at least a portion of the JSP file is located for the selected JSP file. Authorization of the user to access the portion of the JSP file is determined based on the security tag. At least one web page is generated based, at least in part, on the determination.

Abstract: A system for manipulating a computer file and/or program. The system includes a serving device having access to a computer file and/or program which is unencrypted and which can encrypt the unencrypted computer file and/or program to become an encrypted computer file and/or program and transfer it. The system includes a connector connected to the serving device on which the encrypted computer file and/or program travels and to which the serving device transfers the encrypted computer file and/or program. The system includes a client device which receives the encrypted computer file and/or program and decrypts the encrypted computer file and/or program back to the unencrypted computer file and/or program. The client device does not allow intervention to the encrypted computer file and/or program during a time when the encrypted computer and/or file program is received. The serving device is separate, apart and distinct from the client device. A method for manipulating a computer file and/or program.

Abstract: A system for controlling network access to products. The system includes a security appliance connected to a product under operational control of a first entity, a product connection platform and a user terminal under operational control of a second entity, the product connection platform being accessed by the user terminal, and a trust relationship established between the first entity and the second entity based on predetermined criteria between the first entity and the second entity, the trust relationship being represented by a certificate or public/private key exchange. Authentication of access by a user of the user terminal of the second entity to the product of the first entity is deferred to the product connection platform of the second entity based on the predetermined criteria of the trust relationship, whereupon if authentication is granted, the user is provided access to the product.

Abstract: A broadcast receiving apparatus (2100) performs descrambling implicitly during the access of scrambled information within a broadcast signal by a program. The broadcast receiving apparatus (2100) in the present invention includes a descrambler (2104) operable to perform descrambling on a per-piece of information basis. Together with executing a service including one or more pieces of information, the broadcast receiving apparatus (2100) adds a service to be executed, cancels a service to be executed, and controls descrambling of one or more pieces of information using the descrambler (2104).

Abstract: First data to be sent by a first party to a second party is encrypted using an encryption key string formed using at least a hash value generated using second data and a secret, shared with a trusted party, that serves as identification of the first party. The second data comprises, for example, one or more conditions that serve as identifiers of the second party, and a hash-value element generated by hashing the first data. The encrypted first data and the encryption key string is made available to the second party which forwards the encryption key string to the trusted party with a request for the corresponding decryption key. The trusted party carries out at least one check on the basis of data contained in the encryption key string and, if this at least one check is satisfactory, provides a decryption key to the second party.

Abstract: A method of allowing a remote device connected to a first network to access a second network, including leasing a leased network address to the remote device, where the leased network address allows the remote device access to the first network for a pre-defined time period, submitting at least one identification token from the remote device to an appliance within the first network, validating the at least one identification token within the pre-defined time period, and connecting the remote device to the second network if the validating is successful.