Abstract: A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

Abstract: A system and method for a travel route preference repository based on global positioning services (GPS). The system includes an information input member being configured to accept input information from users of the system. The input information is an evaluation of routes that the users have traversed. An information correlation member is communicatively connected via a network to the information input member. The information correlation member is configured to render a response pertaining to the input information such that users that have not entered an evaluation of the routes may have a current evaluation of the routes. An information access member is communicatively connected via the network to the information input member and the information correlation member. The information access member is configured to permit users of the system to have access to the response of the information correlation member.

Abstract: A statistical approach implementing Singular Value Decomposition (SVD) to a policy-based management system for autonomic and on-demand computing applications. The statistical approach empowers a class of applications that require policies to handle ambiguous conditions and allow the system to “evolve” in response to changing operation and environment conditions. In the system and method providing the statistical approach, observed event-policy associated data, which is represented by an event-policy matrix, is treated as a statistical problem with the assumption that there are some underlying or implicit higher order correlations among events and policies. The SVD approach enables such correlations to be modeled, extracted and modified. From these correlations, recommended policies can be selected or created without exact match of policy conditions.

Abstract: Disclosed is a performance prediction system and service that uses acquired knowledge of queries that are received to make predictions concerning the future performance of certain entities, such as business entities. By analyzing query patterns and the actual or predicted performance of business entities, the performance prediction service is enabled to observe correlations between queries, query patterns and performance that can be used to facilitate the prediction of future performance.

Abstract: A trusted co-server, and a method of using a trusted co-server, for a service provider. The co-server executes a program such that: for multiple parties P0–Pn (where Po is said co-server), each party Pi may (optionally) provide input Ii, and then said co-server carries out N functions: Fi (io . . . In) describes what the co-server returns to party Pi. The preferred embodiment of the invention raises the trust level of the computation and data storage at the server. For instance, this invention may be witness to authenticity of certain data coming back to the client. This data can include assertions from the trusted co-server about the server content and configuration. The invention, also, can provide privacy of data going back to the server, by keeping it encrypted between the client and the co-server, and then re-encrypting it before inserting it into the server.

Abstract: A method for carrying out multi-party transactions in which at least one party or user has information which he considers private, the method comprising: a first determining step, in which it is determined which parties will take part in the transaction; a second determining step, in which it is determined, for each party taking part in the transaction, what information about the user that party requires in order to complete the corresponding part of the transaction; a selecting step, which may occur before or after the determining steps, in which one or more nonces, GUIDs, or other tokens are selected, to represent the user in the course of the transaction; a providing step, in which each party determined in the first determining step is provided with information comprising the corresponding information about the user determined in the second determining step, and one or more of the nonces, GUIDs, or other tokens selected in the selecting step; an execution step, in which the parties to the transaction compl

Abstract: Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity.

Abstract: An apparatus and a method for enabling the secure installation and use of an information system having a plurality of nodes, where the plurality of nodes include at least one information appliance (100) and at least one security console (200). The apparatus includes at least one data-carrying object, referred to as a “key” (301), that contains security-related data, and further includes at least one key receptacle (103, 203) that forms a portion of at least one of the nodes. The key is inserted into the receptacle for reading-out the security-related data for indicating to the information system a desired security configuration. The key is not intended to primarily establish the identity of a particular user or principal, but is instead intended to provide and be instrumental in defining, using a tangible medium, a security configuration that bestows a certain level of authorization or access to a particular user or principal.

Abstract: A method, apparatus, and computer instructions for providing identification and monitoring of entities. A distributed data processing system includes one or more distributed publishing entities, which publish computer readable announcements in a standard language. These announcements may contain a description of a monitoring method that may be used to monitor the behavior of one or more distributed monitored entities. These announcements also may include information used to identify a monitoring method that may be used by the distributed monitored entity to monitor its own behavior or by a distributed consumer entity to monitor the behavior of the distributed monitored entity. The monitoring also may be performed by a third-party distributed monitoring entity.

Abstract: A system and a method are disclosed for dynamically analyzing software, some of whose potentially-important behaviors (such as worm-like behavior) may only be displayed when the software is executed in an environment where it has, or appears to have, access to a production network and/or to the global Internet. The software can be executed in a real or an emulated network environment that includes a monitoring component and an emulation component. The monitoring component serves to capture and/or record the behaviors displayed by the software and/or other components of the system, and the emulation component gives the software being analyzed the impression that it is executing with access to a production network and/or to the global Internet. The software being analyzed is effectively confined to the analysis network environment, and cannot in fact read information from, or alter any information on, any production network or the global Internet.

Abstract: A virus detection method for use in a computer system that contains at least one object that may potentially become infected with a computer virus. The method has steps of providing a database for storing information that is descriptive of a state of the object as it existed at a point in the past. For an object that is indicated as having a current state that is described by the stored information, another step programmatically examines the object for a presence of a computer virus while assuming that the current state of the object is the same as the state of the object as it existed at the point in the past. The the database stores additional information, beyond what is necessary to determine simply whether or not a particular object, such as a file, has changed. The additional information is employed to achieve a more rapid virus scan, even when the list of viruses being scanned for has changed since a previous scan.

Abstract: System, apparatus and methods for allocation of storage resources, performance monitoring, and reallocation of resources to eliminate hot spots, by specifying high-level goals, rather than by means of low-level manual steps. Policies are specified as administrator specified constraints under which the resources are managed. Goals are specified in terms of performance, availability, and security requirements of the desired storage. As a part of the automation, this invention provides for analyzing capabilities of the computer storage system and forming analysis results, which are later used for determining an allocation of resources that will meet the high-level goals specified. This invention also provides automatic monitoring of performance, availability, and security goals for allocated resources. If goals are not met, resources are reallocated so that the goals can be met with the allocation.

Abstract: A system for providing fact verification for a body of text. The system includes either or both of: a fact-identification arrangement which automatically identifies at least one subset of the body of text potentially containing a fact-based statement; and a fact-verification arrangement which is adapted to automatically consult at least one information source towards determining whether at least one fact contained in a fact-based statement is true or false.

Abstract: A performance-prediction system (10) includes a performance-prediction service (101). The service includes a performance report processor (106) for gathering information that is relevant to predicting future performance of business entities at least partly by receiving reports of experiences that one business entity has had as at least one of a customer of, or a supplier to, another business entity. The service further includes a supply-chain network architect (107) that is responsive at least in part to the gathered information for inferring at least some probable customer/supplier relationships between at least some of the business entities to derive a representation of a supply-chain network.

Abstract: A method and a system provide a service to a customer (101) over a network (102), such as the global Internet, where the service provides the customer access to a database (104). The method includes: (a) receiving a query (101A) from the customer, the query including a query program or an identification of a query program; (b) executing the query program in an environment (103, 105, 106, 107) that permits the query program to access at least a portion of the database while selectively inhibiting transmission of information from the database; and (c) sending a response to the query, where the response includes a predetermined, limited amount of information that is returned as output by the query program. Preferably the amount of information returned in the response to the query is limited to a predetermined number of data units. Sending the response involves examining the information that is returned as output by the query program, and the response is sent only if at least one criterion is satisfied.

Abstract: A method, apparatus, and computer instructions for providing identification and monitoring of entities. A distributed data processing system includes one or more distributed publishing entities, which publish computer readable announcements in a standard language. These announcements may contain a description of a monitoring method that may be used to monitor the behavior of one or more distributed monitored entities. These announcements also may include information used to identify a monitoring method that may be used by the distributed monitored entity to monitor its own behavior or by a distributed consumer entity to monitor the behavior of the distributed monitored entity. The monitoring also may be performed by a third-party distributed monitoring entity.

Abstract: A method and system for the automatic determination of the behavioral profile of a program suspected of having worm-like characteristics includes analyzing data processing system resources required by the program and, if the required resources are not indicative of the program having worm-like characteristics, running the program in a controlled non-network environment while monitoring and logging accesses to system resources to determine the behavior of the program in the non-network environment. A logged record of the observed behavior is analyzed to determine if the behavior is indicative of the program having worm-like characteristics. The non-network environment may simulate the appearance of a network to the program, without emulating the operation of the network.

Abstract: Disclosed is a method, a computer system and a computer readable media product that contains a set of computer executable software instructions for directing the computer system to execute a process for determining a non-replicative behavior of a program that is suspected of containing an undesirable software entity. The process causes execution of the program in at least one known environment and automatically examines the at least one known environment to detect if a change has occurred in the environment as a result of the execution of the program. If a change is detected, the process automatically analyzes the detected change (i.e., the process performs a side effects analysis) to determine if the change resulted from execution of the program or from execution of the undesirable software entity. The process then uses the result of the analysis at least for undoing a detected change that results from execution of the undesirable software entity.

Abstract: A method for carrying out multi-party transactions in which at least one party or user has information which he considers private, the method comprising: a first determining step, in which it is determined which parties will take part in the transaction; a second determining step, in which it is determined, for each party taking part in the transaction, what information about the user that party requires in order to complete the corresponding part of the transaction; a selecting step, which may occur before or after the determining steps, in which one or more nonces, GUIDs, or other tokens are selected, to represent the user in the course of the transaction; a providing step, in which each party determined in the first determining step is provided with information comprising the corresponding information about the user determined in the second determining step, and one or more of the nonces, GUIDs, or other tokens selected in the selecting step; an execution step, in which the parties to the transaction compl

Abstract: A method for operating a data communication system comprises the steps of (a) originating an electronic commerce transaction at a first party, (b) transmitting the electronic commerce transaction through the data communications network towards a second party, (c) during the step of transmitting, inputting the electronic commerce transaction to an electronic commerce transaction filter that is interposed between two network components, and (e) operating the electronic commerce transaction filter to take some action with respect to the electronic commerce transaction.