Abstract: A processing method is disclosed. When a recording medium on which at least one program has been recorded is loaded, a program for a user registration is started. Identification information unique to the recording medium is read therefrom. The identification information that has been read and user's information that has been obtained are correlatively stored. After they have been stored, the program data is read from the recording medium.

Abstract: A Computer Information Database System includes a software update and patch audit subsystem that manages computer profile data using system grouping and audit specification criteria. The subsystem thus selects a particular group of computers using the grouping criteria, and further selects from within the group the computers that pass or fail the applicable audit requirements. A given computer passes the requirements if the computer has installed thereon the specified software updates and patches that are applicable to the computer operating system platform. Otherwise, the computer fails. The audit subsystem may instead select particular computers using the audit specification criteria and then using the grouping criteria further select the subset of these computers that belong to a particular group. Further, the audit specification criteria may be set differently for the respective groups.

Abstract: A system and method for enabling a network device to resume network activities in a secure manner on a communication network when network activities are generally blocked by protective security measures implemented by network security modules is presented. During its periodic update request, a network security module blocking the network activities of the network device requests updated security measures from an administrator-configurable security service. The security service determines whether the network security module/network device may receive a relaxed set of security measures that, when implemented by the network security module, enable the network device to resume some network activities. If the security service determines that the network security module/network device may receive a relaxed set of security measures, the relaxed set of security measures are returned to and implemented on the network security module, thereby enabling the network device to resume some network activities.

Abstract: In a multi-tiered computing environment, a first program may authenticate with a second program using dynamically-generated public/private key pairs. An authentication token is constructed that includes user information and information about the first program and the second program. The first program then digitally signs the authentication token using the dynamically-generated private key, and sends the authentication token to the second program. The second program then verifies the authentication token using the public key corresponding to the first program. Once verified, the first program is authenticated to the second program. The second program may then authenticate to a next-tier program by constructing an authentication token that includes the information in the authentication token received from the first program.

Abstract: A method and system for cryptographically secure hashed end marker of streaming data. In one embodiment, a method for transmitting streaming data comprises establishing a shared secret between a receiving participant and a sending participant; using the shared secret to initialize a cryptographically secure hashed end of file marker for the streaming data that is updated as the streaming data is transmitted or received; transmitting the streaming data from the sending participant to the receiving participant; and comparing the streaming data with the cryptographically secure hashed end of file marker to determine when an end of the streaming data occurs.

Abstract: The present invention allows the user (author or creator) of a document to specify that certain portions of a document be selected for encryption while other portions of the document remain displayed as created. The user could employ a standard word processing editor technique to highlight (or swipe) portions of a document that the user desires to be encrypted. The highlighted portion would then be ‘tagged’ with a surrounding attribute indicating to the word processor that this highlighted portion of the document is to be encrypted. This process is similar to the existing word processor capability to highlight areas on a document and then assign rich text attributes, such as BOLD, ITALICS, etc., to those areas. With proper authorization, any encrypted portion of a document would be displayed as part of the document. Without proper authorization, the display of the document would only contain the unencrypted portions of the document.

Abstract: Systems and methods for processing textual messages which are integrated with one or more digital attachments is described. These systems and methods are useful in the electronic filing and processing of, for example, image data, and of textual data associated with the image data. One particular application of these systems and methods would be for the electronic filing and processing of dental x-rays with patient claim forms.

Abstract: A fan control apparatus and method to reduce the temperature in an equipment body by a time control when setting a stop period constant at the start by adding a time axis fan control by means of a temperature sensor. The fan control apparatus includes a temperature sensor that detects the temperature in the equipment body; a CPU and a sub-microcomputer perform the control of the cooling fans according to the detected temperature value. The CPU performs communication with a server connected to the equipment body via a network, and the CPU and sub-microcomputer perform the control of the cooling fans according to the time value based on a previous communication start and the present communication start.

Abstract: A logging module is disclosed. A communications device can include, and so be made secure through the use of, the logging module. The logging module is configured to communicate information regarding a change to a configuration of a subsystem of the communications device.

Abstract: One or more mobility token managers (101) track movement of files (105) within a network. A mobility token manager (101) on a source computer (113) detects an attempt to write a file (105) to a target computer (117). Responsive to the detection, the mobility token manager (101) writes a mobility token (103) containing data concerning at least the file (105) and the write operation to the target computer (117). A mobility token manager (101) on the target computer (117) detects that the mobility token (103) is being written to the target computer (117). The mobility token manager (101) on the target computer (117) reads the mobility token (103), and determines relevant information concerning the file (105) associated with the mobility token (103).

Abstract: An apparatus for displaying information received from a communication apparatus includes: a key information producing unit configured to produce key information for authenticating the communication apparatus; a key information display unit for displaying the key information; an authentication information receiving unit for receiving authentication information; an authenticating unit for authenticating the communication apparatus by verifying whether or not the authentication information was formed based upon the key information; and a display information receiving unit for displaying information from the authenticated communication apparatus.

Abstract: The present invention is directed to a streaming system for encrypting encrypted data such as music and image, etc. to perform stream distribution thereof. Client terminals (30) used in this system structure leaves of the hierarchical tree structure, and hold a key set consisting of a route key, node keys and the own leaf key on a path of this tree structure, whereby SDP file is transmitted from a stream server (20). In the SDP file, there is stored encrypted information consisting of EKB including data encrypted by selection key that only specific client terminal holds and encrypted contents key data in which contents key has been encrypted. Only specific client terminal having selection key in key set (selected client terminal) decodes contents key from selection key to decode encrypted contents data caused to undergo stream distribution into contents data to perform real time reproduction thereof.

Abstract: By providing a secure EEPROM (Electrically Erasable Programmable Read Only Memory) device or other non-volatile memory (NVM) in an arrangement of a master key system operation key (SOK) plus any subsequently installed SOK to control the configurable machine option attributes, various problems associated with machine option configuration and updates may be accommodated. At the initial install of either SOK type the identity of the machine is written to the NVM, i.e. the machine serial number. This is performed during the initial machine power up or reboot sequence. If the SOK type is a subsequently installed SOK, the option code(s) from the subsequently installed SOK are written to the master key SOK. As part of the power on or reboot routine the machine will check to ensure no tampering has taken place and that the machine identity and the NVM serial number location data match.

Abstract: Device files are disposed on respective routes through which a process accesses the same device, and access rules for those device files are unified. Foe example, where there exist two routes by which a certain process accesses a device, two device files are disposed on each of the routes. Access rules that are set for all directories that access the two device files are unified so as to permit only reading so that the device file can be accessed according to the same access rule by the two routes.

Abstract: A system for group key management including a keying material infrastructure including a root portion configured to store a root public key, a key encryption key portion operatively connected to the root portion configured to store a traffic encryption key encrypted using a symmetric key encryption key, and a public key encryption key, and a first client operatively connected the key encryption key portion configured to store the symmetric key encryption key encrypted using a first client symmetric key, and a first group member configured to access the traffic encryption key using the first client symmetric key.

Abstract: A security architecture has been developed in which a single sign-on is provided for multiple information resources. Rather than specifying a single authentication scheme for all information resources, the security architecture associates trust-level requirements with information resources. Authentication schemes (e.g., those based on passwords, certificates, biometric techniques, smart cards, etc.) are employed depending on the trust-level requirement(s) of an information resource (or information resources) to be accessed. Once credentials have been obtained for an entity and the entity has been authenticated to a given trust level, access is granted, without the need for further credentials and authentication, to information resources for which the authenticated trust level is sufficient.

Abstract: Distributed module authentication allows security checks to be initiated by multiple software modules. Module authentication processes can be inserted into two or more modules in an operating system and/or various other applications. These module authentication processes can verify the integrity of binaries associated with one or more modules in computer memory. Security checks can be performed on modules stored on disk, in active system memory, or in any other location. Various security checks can be coordinated with each other to ensure variety and frequency of module authentication, as well as to randomize the module authentication process that performs a particular security check. In addition, security processor code can be interleaved within normal application code, so the security code is difficult for attackers to remove or disable without damaging the useful functionality of an application.

Abstract: A computer receives a user authentication request from a client. The computer accesses a password associated with the user name, stored locally on the computer, and attempts to authenticate the password using an authentication server. If the password authentication succeeds, the computer hashes the password and compares the hashes. If the hashes match, the user authentication succeeds.

Abstract: An apparatus and method use the built-in authentication and authorization functions of a directory service to perform authentication and authorization for resources that are external to the directory service. A Lightweight Directory Access Protocol (LDAP) service is used in the preferred embodiments. The LDAP directory includes built-in functions for authenticating a user that requests access to an entry. Each resource that needs to be protected is mapped to an entry in the LDAP directory. These entries that correspond to protected resources external to the LDAP directory are called proxy entries. Proxy entries contain the authorization information for the corresponding protected resource in the form of an access control list for each entry that specifies the authorized users of the entry.

Abstract: Various methods and apparatus are described in which a power management controller having process control software controls output power characteristics for a group of wind turbine generators. The power management controller also has a network interface configured to allow a user of a supervisory and control network to remotely access and change output power settings of the group of wind turbine generators through a secure connection established over a network connection.