Abstract: Provided is a method for the standardization of information management among different information sources and different information formats. With respect to information sources that employ different information storage formats, an organizational proxy, or “shadow,” of the organization structure of the first information source is created in the second information source and a shadow of the second information source is created in the first information source. Information stored in conjunction with the first information source is copied into the shadow within the second information source. The information in the first source is then either maintained or a link to corresponding information in the second information source is created within the first information source and the first information is deleted. The claimed subject matter provides a graphical user interface (GUI) so that a user can copy information from one information source to another by executing a “drag & drop” action.

Abstract: A system, method and computer program for enforcing network cluster proximity requirements using a proxy is useful in preventing unauthorized devices from receiving encrypted broadcast content intended for only authorized users within a network cluster. The current art allows users to remotely establish trust via a cryptographic handshake. This results in encrypted broadcast content being delivered to unauthorized devices. The present invention assures that encrypted broadcast content is delivered to only authorized devices, allowing authorized remote devices to receive encrypted broadcast content while preventing unauthorized remote devices from doing so. The present invention enforces network proximity requirements to authorized devices within a defined area by timing the cryptographic handshaking, and by authorizing device proxies within a geographic area for retransmitting to authorized remote devices outside said geographic area.

Abstract: Systems, methods and media for encrypting and decrypting content files are disclosed. More particularly, hardware and/or software for adding an additional level of indirection to a title key encryption scheme are disclosed. Embodiments may include generating by a cryptographic system a binding key based on binding information. Embodiments may also include encrypting by the cryptographic system a secret key with the binding key and generating a title key associated with at least one content file. Embodiments may also include encrypting by the cryptographic system the title key with the secret key and the at least one content file with the title key. Further embodiments may include receiving an indication that the binding information has changed, generating a new binding key based on the new changed binding information, and re-encrypting the secret key with the new binding key.

Abstract: Methods, systems, and products are disclosed for controlling with rights objects delivery of broadcast encryption content for a network cluster from a content server outside the cluster that include receiving in the content server from a network device a key management block for the cluster, a unique data token for the cluster, and an encrypted cluster id; calculating a binding key for the cluster in dependence upon the key management block for the cluster, the unique data token for the cluster, and the encrypted cluster id; inserting a title key into a rights object defining rights for the broadcast encryption content; and sending the rights object to the cluster. In typical embodiments, the rights for content include an authorization for a play period and an authorized number of copies of the broadcast encryption content to devices outside the cluster.

Abstract: Methods, systems, and products are disclosed for delivering broadcast encryption content. Embodiments of the present invention typically include receiving in a cluster broadcast encryption content; receiving in a cluster a rights object defining device-oriented digital rights for broadcast encryption content; and administering the broadcast encryption content on one or more network devices in the cluster in dependence upon the digital rights. In some embodiments, administering the broadcast encryption content on one or more network devices in the cluster in dependence upon the digital rights include mapping the device-oriented digital rights to digital rights supported in the cluster, excluding device-oriented rights not supported in the cluster. In some embodiments, mapping the device-oriented digital rights to digital rights supported in the cluster includes supporting in the cluster only those device-oriented digital rights having direct analogs in the cluster.

Abstract: Controlling delivery of broadcast encryption content for a network cluster from a content server outside the cluster that include receiving in the content server from the network device a key management block for the cluster, a unique data token for the cluster, and an encrypted cluster id and calculating a binding key for the cluster in dependence upon the key management block for the cluster, the unique data token for the cluster, and the encrypted cluster id. In typical embod0iments, calculating a binding key includes calculating a management key from the key management block for the cluster; calculating a content server device key from the management key and the content server device id; decrypting the encrypted cluster id with the content server device key; and calculating the binding key with the management key, the unique data token for the cluster, and the cluster id.

Abstract: A system and method for controlling access to shared resources in a distributed computer system. Access to shared resources is controlled by a local authorization token manager. Only computer processes holding authorization tokens for the requested operation may perform that operation. Each requested operation checks for the proper token. If the token is not held by the process, it is requested. The local token manager resolves token conflicts before granting tokens. A token manager of a distributed file system export protocol also is able to request authorization tokens from the local token manager. The export protocol token manager controls authorization tokens for that particular distributed file system protocol. Multiple different export protocols may request tokens from the local token manager. The shared resources may therefore be shared by multiple different export protocols without conflict.

Abstract: A system and method for maintaining data coherency in a system in which data is replicated on two or more servers. Each server is able to update the data replica present on the server. Updates are logged for each server. Reconciliation of server data replicas is aggressively initiated upon the occurrence of predefined events. These events include arrival at a scheduled time, a request for data by a client system, server and network failure recovery. Reconciliation is managed by a coordinator server selected to ensure that at most one coordinator server per network partition is selected. Logged updates are merged and transmitted to each server containing a data replica. The logged updates are applied unless a conflict is detected. Conflicts are collected and distributed for resolution. Reconciliation is managed between servers without regard to operating system or physical file system type.

Abstract: A unique naming system and method are described for managing object identification by a network of computer systems. The naming system employs data structures stored in the memory of the computer systems containing character strings and corresponding addresses to entries in the data structures and objects in the computer systems. Names employed in a particular computer system that correspond to objects in another computer system are resolved by a border data structure capable of transforming names, delimiters and visas across computer systems.

Abstract: A communication protocol for direct communications between operating system kernels of a plurality of processors in a clustered-type, shared virtual memory, multi-processor data processing system is disclosed. Each processor unit includes a intermachine communications software system ("IMCS") which may-be used by a trusted kernel of the operating system of the processor to communicate with a service in another processor, either directly or through an intermediate processor. Communications are initiated when a user prepares a message in accordance with pre-programmed instructions from the IMCS in a standard format. Once the message is prepared, the user calls IMCS which selects a route for the transmission of the message over a serial communications link to the receiving processor using a "request to send immediate" serial link level protocol. The message is initially directed to a common buffer pool.

Abstract: A conventional single node operating system is provided with a distributed file management system (DFS) with a plurality of nodes and a plurality of files. The DFS uses the UNIX operating system tree structure employing inodes (data structure containing administrative information for each file) to manage the local files and surrogate inodes (s.sub.-- inode) to manage access to files existing on another node. In addition, the DFS uses a lock table to manage the lock status of files. The method which implements the DFS locking of records and files involves the following steps. If the file is a local file, then the UNIX operating system standard file locking is used. However, if a remote file is to be locked, the UNIX operating system LOCKF and FCNTL system calls are intercepted and an remote process call (RPC) DFS.sub.-- LOCK.sub.-- CONTROL is executed. The server node receives the remote process call and carries out the lock request.

Abstract: A distributed file management system (DFS) with a plurality of nodes and a plurality of files is disclosed. The DFS uses the UNIX operating system tree structure employing inodes (data structures containing the administrative information of each file) to manage the local files and surrogate inodes (s.sub.-- inode) to manage access to files existing on another node. In addition, the DFS uses a file access structure lock (fas.sub.-- lock) to manage multiple requests to a single file. The primary reason for the addition of the fas.sub.-- lock for each file is to avoid the problem of deadlocks. The inodes and s.sub.-- inodes use the fas.sub.-- lock to synchronize their accesses to a file and avoid a deadlock situation where both s.sub.-- inode and inode await the use of a file that is locked by the other.

Abstract: An improved directory caching technique is provided for a plurality of data processing systems which are connected together in a network. In the system, when a local, or client, data processing system interrogates a remote, or server, data processing system for a unit of directory information, the server system is enabled to automatically send additional units of pertinent director information back to the client system in response to a subsequent change in the directory structure of the server system. If the server system is unable to continue updating the client system, for any of a plurality of possible reasons, the server system informs the client system of this fact, which enables the client system to purge itself of the formerly stored directory cache entry relative to this path, since the client system can no longer consider this cached path information to be currently correct.

Abstract: A data processing system including at least one storage device for storing and retrieving data and connected to a storage device interface that controls the storing and retrieving of data from the storage device and further includes a data buffer for storing data retrieved from or being stored in the storage device. The data processing system includes a storage device driver that receives storage access commands from a processor, provides commands to the interface in response to these commands to the access commands from the processor and also provides commands for data not requested by the processor. The commands for data not requested by the processor provide for the temporary storage of data in the storage device interface data buffer. This data not requested by the processor is retrieved in anticipation of commands to be sent by the processor. The storage driver manages this buffer to optimize the amount of storage dedicated to the storage of data for these anticipatory commands.

Abstract: A system for an efficient message handling technique implemented in AIX, an operating system derived from UNIX System V, is described for use in a distributed services network include a plurality of multi-processing, multi-tasking nodes among which interprocess communication occurs via queues, the actual node locations of which are transparent at the application interface.

Abstract: A data processing system including at least one storage device for storing and retrieving data from several rotating tracks where each track includes sequentially located blocks for the storage of data. A storage interface is connected for controlling this storage device. The storage interface includes a data buffer for storing data retrieved from the storage device. A storage driver is provided that receives storage access commands from a processor and provides commands to the interface in response to these commands from the processor. This storage driver further includes the capability to provide commands for requesting data that has not been requested by the processor. This data not requested by the processor is stored in a data buffer. These commnads for data not requested by the processor are issued in accordance to procedure that computes these commands called read ahead commands based on the order of commands received from the processor and also based on the number of storage devices in use.

Abstract: In a distributed environment several data processing systems are interconnected across a network system. A distributed services program installed on the systems in the network allows the processors to access data files distributed across the various nodes of the network without regard to the location of the data file in the network. The processing system accessing file, referred to as the client processing system, utilizes a client cache within its operating system to store the data file. Utilizing the client cache minimizes the number of reads and writes that must go over the network to the server processing system where the file physically resides. The system and method of this invention prevents a process in the client processing system from accessing data in the client cache that has been modified at another node in the network. The blocks of data in the client cache are tested for validity in the client processing system by using modification times as measured by the server processing system.

Abstract: A distrbuted services program installed on each of a plurality of data processing systems in a network allows the processors to access data files distrbuted across the various nodes of the network.To reduce the network traffic overhead when files at other nodes are accessed, and to preserve the file system semantics, i.e. the file integrity, the accessing of the various files are managed by file synchronization modes. A file is given a first synchronization mode if a file is open at only one node for either read or write access. A file is given a second synchronization mode if a file is opened for read only access at any node. A file is given a third synchronization mode if the file is open for read access in more than one node, and at least one node has the file open for write access.If a file is in either the first or second synchronization mode, the client node, which is the node accessing the file, uses a client cache within its operating system store the file.