Abstract: The present invention extends to validating measurable aspects of computing system. A provider causes a challenge to be issued to the requester, the challenge requesting proof that the requester is appropriately configured to access the resource. The requester accesses information that indicates how the requester is to prove an appropriate configuration for accessing the resource. The requester formulates and sends proof that one or more measurable aspects of the requester's configuration are appropriate. The provider receives proof that one or more measurable aspects of the requester's configuration are appropriate and authorizes the requester to access the resource. Proof of one more measurable aspects of a requester can be used along with other types of authentication to authorize a requester to access a resource of a provider. Solutions to challenges can be pre-computed and stored in a location accessible to a provider.

Abstract: A pulsed plasma thruster (PPT) and a method of making the pulsed plasma thruster are disclosed. The PPT includes no moving parts and is able to achieve a small size. The PPT is also designed to facilitate easy and rapid manufacture. The process for making the PPT uses known techniques for making printed circuit board devices. Another PPT also has no moving parts and uses a liquid fuel that is progressively advanced by capillary action.

Abstract: The principles of the present invention relate to systems, methods, and computer program products for more efficiently and securely authenticating computing systems. In some embodiments, a limited use credential is used to provision more permanent credentials. A client receives a limited-use (e.g., a single-use) credential and submits the limited-use credential over a secure link to a server. The server provisions an additional credential (for subsequent authentication) and sends the additional credential to the client over the secure link. In other embodiments, computing systems automatically negotiate authentication methods using an extensible protocol. A mutually deployed authentication method is selected and secure authentication is facilitated with a tunnel key that is used encrypt (and subsequently decrypt) authentication content transferred between a client and a server. The tunnel key is derived from a shared secret (e.g., a session key) and nonces.

Abstract: A method and system for protecting an application that implements a communication protocol against exploitation of a communication-based vulnerability is provided. A protection system provides a protection policy that specifies how to recognize messages that expose a specific vulnerability and specifies actions to take when the vulnerability is exposed. A protection policy specifies the sequence of messages and their payload characteristics that expose a vulnerability. The protection system may specify the sequences of messages using a message protocol state machine. A message protocol state machine of an application represents the states that the application transitions through as it receives various messages. The message protocol state machine of the protection policy may be a portion of the message protocol state machine of the application relating to the vulnerability. The protection system uses the message protocol state machine to track the states that lead up to the exposing of the vulnerability.

Abstract: A system and method is provided for handling network communications between a client and a target server on the Internet to protect the privacy and anonymity of the client. For a session between the client and the target server, a routing control server sets up a routing chain using a plurality of Web servers randomly selected from a pool of participating Web servers as routers for routing messages between the client and the target server. To prevent traffic analysis, an “onion encryption” scheme is applied to the messages as they are forwarded along the routing chain. A payment service cooperating with the routing control server allows a user to pay for the privacy protection service without revealing her real identity.

Abstract: A system and method is provided for evaluating the effectiveness of data encryption for hiding the identity of the source of Web traffic. A signature is constructed from encrypted Web traffic for a Web page sent by a target Web site, and the signature is compared with archived traffic signatures obtained by accessing various Web pages of interest in advance. If the signature of the detected encrypted Web traffic matches a stored traffic signature beyond a pre-set statistical threshold, a positive match is found, and the source of the traffic is identified. Countermeasures for reducing the reliability of source identification based on traffic signature matching are provided.

Abstract: Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

Abstract: Transferring application secrets in a trusted operating system environment involves receiving a request to transfer application data from a source computing device to a destination computing device. A check is made as to whether the application data can be transferred to the destination computing device, and if so, whether the application data can be transferred under control of the user or a third party. If these checks succeed, a check is also made as to whether the destination computing device is a trustworthy device running known trustworthy software. Input is also received from the appropriate one of the user or third party to control transferring of the application data to the destination computing device. Furthermore, application data is stored on the source computing device in a manner that facilitates determining whether the application data can be transferred, and that facilitates transferring the application data if it can be transferred.

Abstract: An exemplary router performs actions including: receiving at least one certificate from an end device, the at least one certificate issued by another router; ascertaining if the other router is a member of a predetermined neighborhood; determining if the at least one certificate is valid; and if the other router is ascertained to be a member of the predetermined neighborhood and the at least one certificate is determined to be valid, recognizing the end device as privileged. An exemplary mesh router is capable of establishing a wireless mesh network with other mesh routers, the mesh router is further capable of designating a neighborhood administrator mesh router; and the mesh router is adapted to grant privileged status to a particular end device associated with a particular certificate issued by a particular mesh router when the particular mesh router is a member of a neighborhood of the designated neighborhood administrator mesh router.

Abstract: Machine instructions comprising a bootstrap code are buried within a critical component of an electronic game console where they cannot readily be accessed or modified. A preloader portion in a read only memory (ROM) is hashed by the bootstrap code and the result is compared to an expected hash value maintained in the bootstrap code. Further verification of the boot-up process is carried out by the preloader, which hashes the code in ROM to obtain a hash value for the code. The result is verified against a digital signature value that defines an expected value for this hash. Failure to obtain any expected result terminates the boot-up process. Since the bootstrap code confirms the preloader, and the preloader confirms the remainder of the code in ROM, this technique is useful for ensuring that the code used for booting up the device has not been modified or replaced.

Abstract: In an exemplary method implementation, a method includes: designating a neighborhood administrator; receiving notification of a delinquent router from the designated neighborhood administrator; and excluding the delinquent router responsive to the notification. In an exemplary mesh router implementation, a mesh router is capable of establishing a wireless mesh network with other mesh routers, the mesh router is further capable of designating a neighborhood administrator mesh router; and the mesh router is adapted to exclude another mesh router that is associated with a particular certificate when the particular certificate has been identified as delinquent by the designated neighborhood administrator. mesh router.

Abstract: A method for authenticating and negotiating security parameters among two or more network devices is disclosed. The method has a plurality of modes including a plurality of messages exchanged between the two or more network devices. In a main mode, the two or more network devices establish a secure channel and select security parameters to be used during a quick mode and a user mode. In the quick mode, the two or more computers derive a set of keys to secure data sent according to a security protocol. The optional user mode provides a means of authenticating one or more users associated with the two or more network devices. A portion of the quick mode is conducted during the main mode thereby minimizing the plurality of messages that need to be exchanged between the initiator and the responder.

Abstract: In a cryptographic system, a certificate is used to provide information regarding a client device. The certificate is blindly signed by a certifying authority to preserve the anonymity of the client device. However, information is encoded into the signature so that a content server can readily verify security attributes of the client device and make decisions regarding the delivery of electronic content to the client device based on those security attributes.

Abstract: In a cryptographic system, a certificate is used to provide information regarding a client device. The certificate is blindly signed by a certifying authority to preserve the anonymity of the client device. However, information is encoded into the signature so that a content server can readily verify security attributes of the client device and make decisions regarding the delivery of electronic content to the client device based on those security attributes.

Abstract: Nitrosylation of proteins and amino acid groups enables selective regulation of protein function, and also endows the proteins and amino acids with additional smooth muscle relaxant and platelet inhibitory capabilities. Thus, the invention relates to novel compounds achieved by nitrosylation of protein thiols. Such compounds include: S-nitroso-t-PA, S-nitroso-cathepsin; S-nitroso-lipoprotein; and S-nitroso-immunoglobulin. The invention also relates to therapeutic use of S-nitroso-protein compounds for regulating protein function, cellular metabolism and effecting vasodilation, platelet inhibition, relaxation of non-vascular smooth muscle, and increasing blood oxygen transport by hemoglobin and myoglobin. The compounds are also used to deliver nitric oxide in its most bioactive form in order to achieve the effects described above, or for in vitro nitrosylation of molecules present in the body.

Abstract: A system and method of creating affinity groups of portable communication device users, and distributing targeted content to said users is disclosed. The user affinity groups may be formed by comparing user profiles with each other or with a predefined affinity group profile definition.

Abstract: Nitrosylation of proteins and amino acid groups enables selective regulation of protein function, and also endows the proteins and amino acids with additional smooth muscle relaxant and platelet inhibitory capabilities. Thus, the invention relates to novel compounds achieved by nitrosylation of protein thiols. Such compounds include: S-nitroso-t-PA, S-nitroso-cathepsin; S-nitroso-lipoprotein; and S-nitroso-immunoglobulin. The invention also relates to therapeutic use of S-nitroso-protein compounds for regulating protein function, cellular metabolism and effecting vasodilation, platelet inhibition, relaxation of non-vascular smooth muscle, and increasing blood oxygen transport by hemoglobin and myoglobin. The compounds are also used to deliver nitric oxide in its most bioactive form in order to achieve the effects described above, or for in vitro nitrosylation of molecules present in the body.

Abstract: A network management apparatus and method for determining the topology of a network in which a Spanning-Tree protocol is implemented, is disclosed in which address table data is obtained from the ports of the core network devices on the network, and the identity of the ports of the core network devices are determined. Spanning-Tree protocol information is obtained from the core network devices and used to process the address table data to remove data relating to ports having links which are inactive. The topology of the network is then determined using the processed data by first selecting one of the core network devices as a root network device, and then using the processed address table data to build a network tree from the selected root device.

Abstract: L-shaped spacers for use adjacent to the vertical sidewalls of gate electrodes in the manufacture of MOS integrated circuits are described along with methods of fabricating such structures that do not require any additional cost compared to conventional manufacturing processes. A spacer is formed as a tri-layer of silicon oxide/silicon nitride/silicon oxide deposited in- situ at low temperature using a conventional furnace and a bis(tertiarybutylamino) silane chemistry deposition. The spacer has the same performance as a conventional spacer during deep source/drain (S/D) implants. Prior to a cleaning operation which precedes silicidation, the top oxide layer is removed leading to improved gap-fill characteristics. The upper oxide may to removed before deep S/D implantation to further achieve reduction of series resistance.

Abstract: A telephone (202) includes a microphone (204), earphone (206), keypad (208), and display unit (210). The keypad (208) is the preferred user interface for entry of a telephone number into the telephone so that the telephone may call it. However, a voice recognition device (212) may be attached to the microphone with similar effect. The telephone includes a list (214) of stored telephone numbers, which may be added onto the list in any convenient way. As digits are entered into the phone through the user interface (208, 212), a comparator (216) compares the resulting partially entered number with the numbers on the list. When the comparison demonstrates some pre-established association between the numbers, then the stored number is displayed on the display unit (210). If the user selects (310) one of the displayed numbers (perhaps with scrolling), the number is called (312). If not, the next digit is entered.