Abstract: In a computerized method, a computer program is analyzed while the program is interpreted. The program is expressed in a first memory as input values and functions. Some of the input values are complex values which can have a plurality of component values. Each function operates on combinations of the input values and the functions of the program. The program is interpreted in a processor connected to the first memory. The processor is also connected to a second memory to store result values produced during the interpretation. Selected input values, components of the complex values, and functions are named only if the selected values, components, and functions are necessary to produce a selected result value. For each function of the program, the function which is interpreted, the input values on which the function depends, and the result value produced by the function during interpretation, are recorded in the second memory to dynamically perform a precise dependency analysis of the program.

Abstract: A technique to facilitate decryption processing of information packets transmitted over a communication network after encryption in accordance with a specific network protocol, the details of which may be subject to later change as standards are developed or modified. Programmable registers are used in the decryption process to hold information for identifying an incoming information packet as being subject to the specific protocol and requiring decryption, and identifying a starting location of a data field to be decrypted. Specifically one programmable register contains a first offset locating an identifier field in the packet, in which a cryptographic identifier will be found if the packet is one conforming to the protocol; another programmable register contains a cryptographic identifier value that will be found in the identifier field if decryption is to be performed, and a third programmable register contains a second offset to locate the beginning of a data field to be decrypted.

Abstract: Apparatus for protecting the confidentiality of a user's password during a remote login authentication exchange between a user node and a directory service node of a distributed, public key cryptography system includes a specialized server application functioning as an intermediary agent for the login procedure. The login agent has responsibility for approving the user's login attempt and distributing a private key to the user. However, the login agent is not trusted with the user's password and is therefore a "semi-trusted" node. In another aspect of the invention, a login protocol enables remote authentication of the user password without transmitting the password over the network.

Abstract: A distributed computing system using a data communications network may have a number of service providers for a given service or remote procedure call. A client on the network makes reference to a name service to obtain the network address of one of these service providers. The name service maintains for each client or group of clients a configuration profile of the service providers in order to resolve the issue of selecting one of the several service providers when a request is made. A single configuration profile is a priority-ordered search list that maps from a service identifier (e.g., remote procedure call interface specification) into service provider (e.g., remote procedure call server) names. A configuration profile may include names for individual service providers, and/or named groups of service providers, and/or other configuration profiles. Configuration profiles are stored in a manner that makes them accessible throughout the distributed system, e.g., in the name service.

Abstract: Apparatus for protecting the confidentiality of a user's password during a remote login authentication exchange between a user node and a directory service node of a distributed, public key cryptography system includes a specialized server application functioning as an intermediary agent for the login procedure. The login agent has responsibility for approving the user's login attempt and distributing a private key to the user. However, the login agent is not trusted with the user's password and is therefore a "semi-trusted" node. In another aspect of the invention, a login protocol enables remote authentication of the user password without transmitting the password over the network.

Abstract: An access control list for determining the access rights of principals in a distributed system to a system resource is disclosed wherein the access rights of a specified principal are based on the access rights delegated to that principal.

Abstract: A decryption method, and associated cryptographic processor, for performing in-line decryption of information frames received from a communication network through a first in-line processing stage. As an information packet is streamed into the cryptographic processor, a determination is made to an acceptable level of probability whether the packet contains data that should be decrypted. The decision whether or not decrypt is made by analyzing the incoming packet header, recognizing a limited number of packet formats, and further parsing the packet to locate any encrypted data and to make sure that the packet is not a segment of a larger message. Falsely decrypted packets are looped back through the cryptographic processor, to regenerate the data that was falsely decrypted. Decryption and encryption are performed in such a manner that a false decryption is completely reversible without loss of data.

Abstract: A method for delegating authorization from one entity in a distributed computing system to another for a computing session is disclosed wherein a session public/private encryption key pair is utilized for each computing session. The private encryption key is erased to terminate the computing session.

Abstract: A method and apparatus for authenticating a human user on a personal computer without requiring the user to expose his password or authentication secret to the personal computer of a server. Also a method for protecting a floppy disk with login software from unauthorized use.

Abstract: Cryptographic apparatus, and a related method for its operation, for in-line encryption and decryption of data packets transmitted in a communication network. A full-duplex cryptographic processor is positioned between two in-line processing entities of a network architecture. For example, in a fiber distributed data interface (FDDI) network, the processor is positioned between a media access control (MAC) sublayer and a ring memory controller (RMC). Incoming information packets are analyzed to decide whether or not they contain encrypted data and, if they do, are subject to decryption before forwarding. Outbound information packets have their data portions encrypted if called for, and are usually forwarded toward the network communication medium. Cryptographic processing in both directions is performed in real time as each packet is streamed through the processor.

Abstract: A software version management system, also called system modeller, provides for automatically collecting and recompiling updated versions of component software objects comprising a software program for operation on a plurality of personal computers coupled together in a distributed software environment via a local area network. The component software objects include the source and binary files for the software program, which stored in various different local and remote storage means through the environment. The component software objects are periodically updated, via a system editor, by various users at their personal computers and then stored in designated storage means. The management system includes models which are also objects.

Abstract: An electronic image processing system includes a controller for receiving character font data from a main memory and for converting it to image data utilizable by a raster output device capable of formatting the image data in a plurality of scan lines onto an imaging medium. The controller includes an input memory coupled to the main memory for receiving character font data therefrom, a data pattern memory for providing a predetermined pattern of data in response to a predetermined address signal, and a plurality of band buffer memories each capable of storing image data representing a predetermined number of scan lines constituting an image band, each band buffer memory having enable input lines and associated data input lines. The input memory is addressed to access character font data therefrom, such accessed character font data being then applied to respective enable input lines of a selected one of the band buffer memories.

Abstract: System and method for parallel decoding of character data in run length format to produce data in dot matrix form for presentation to a display device. The data for successive runs is stored in registers and processed in parallel to provide address data for memory devices programmed to deliver predetermined output data patterns in response to the address data.

Abstract: High resolution character generator for producing rows of characters to be scanned on a display medium. Input data defining characters to be printed in ordered rows of text is sorted to provide specifications for the characters which being on each successive scan line. These specifications are stored initially in an input buffer, and specifications for characters which have been partially printed in a previous scan line are stored in an active character buffer. For each scan line, the character specifications are read first from the active character buffer and then from the input buffer until an end of line specifier is reached. For each character specification received, a font memory containing data defining the characters is cycled. The data from the font memory is decoded and presented to the display medium on a line by line basis.

Abstract: Apparatus for enabling communications between two or more data processing stations comprising a communication cable arranged in branched segments including taps distributed thereover. Tied to each tap is a transceiver which on the other side connects to an associated interface stage. Each transceiver includes, in addition to the usual transmitter and receiver sections, a gate which compares the data from the interface stage with the data on the cable and indicates whether such are equal. Should such be unequal, an interference between the transceiver and the cable is indicated, disabling the associated transmitter section. Each interface stage tied to such transceiver also includes an input and an output buffer on the other end thereof interfacing with a using device, such input and output buffers storing both the incoming and outgoing data.