Abstract: Method for operating a network (10), wherein the network (10) comprises at least one outer network (12) having at least one network device (14) and at least one inner network (13) having at least one network device (15), wherein additionally a transmission unit (16) is present that blocks a transmission of data from the outer network (12) to the inner network (13) and allows it in the opposite direction (or vice versa), characterised in that the transmission unit (16) permits a transmission of data only from the inner network (13) to the outer network (12) and the at least one network device (15) sends data from the inner network (13) to the transmission unit (16) with a first address, wherein the transmission unit (16) converts this first address into a second address and thereafter the data are transmitted with this second address in the direction of the outer network (12), the second address being a target address for the at least one network device in the outer network (12).

Abstract: Methods, systems and computer program products are provided for authenticating a message via a revocable signature. The method includes, at a signing computer, generating first auxiliary data and second auxiliary data respectively dependent on a public key and a private key of a public-private key pair for the message. The signing computer hashes the message and the first auxiliary data via a chameleon hash algorithm, using a public hash key of a verifier computer, to produce a first hash value. The signing computer signs the first hash value, using a secret signing key of the signing computer, to produce a signature. The signing computer sends the message, the signature and the first auxiliary data to the verifier computer, and stores the second auxiliary data.

Abstract: Method for operating a network (10), wherein the network (10) comprises at least one outer network (12) having at least one network device (14) and at least one inner network (13) having at least one network device (15), wherein additionally a transmission unit (16) is present that blocks a transmission of data from the outer network (12) to the inner network (13) and allows it in the opposite direction (or vice versa), characterised in that the transmission unit (16) permits a transmission of data only from the inner network (13) to the outer network (12) and the at least one network device (15) sends data from the inner network (13) to the transmission unit (16) with a first address, wherein the transmission unit (16) converts this first address into a second address and thereafter the data are transmitted with this second address in the direction of the outer network (12), the second address being a target address for the at least one network device in the outer network (12).

Abstract: Methods, systems and computer program products are provided for authenticating a message via a revocable signature. The method includes, at a signing computer, generating first auxiliary data and second auxiliary data respectively dependent on a public key and a private key of a public-private key pair for the message. The signing computer hashes the message and the first auxiliary data via a chameleon hash algorithm, using a public hash key of a verifier computer, to produce a first hash value. The signing computer signs the first hash value, using a secret signing key of the signing computer, to produce a signature. The signing computer sends the message, the signature and the first auxiliary data to the verifier computer, and stores the second auxiliary data.

Abstract: A method for implementing an electronically-based negotiation session between users within an ESN. The method includes sending a message including a request portion and a response portion from a first user to a second user in a round of successive rounds, and in response to receiving the message from the first user, sending a message from the second user to the first user in a subsequent round, the message from the second user including a response portion responsive to the request portion of the message from the first user and a request portion. When a new round is performed, evaluating whether an agreement exists by checking messages previously exchanged, and exchanging subsequent messages, when any rounds remain and the session has not been terminated, and granting access and exchanging data between the users, executing actions, and setting policies as negotiated, when the session has been terminated and an agreement exists.

Abstract: A method for receiving input from a user of a virtual world, the method including: interacting with an object displayed in the virtual world; displaying another object in the virtual world in response to the interacting, the another object adapted to interact with the user; displaying at least one of a user specific label and a service specific label in place of a generic label associated with the another object; selecting the another object; and receiving the generic label and the at least one of the user specific label and the service specific label as the input in response to the selecting.

Abstract: A method for providing e-token based access control to virtual world (VW) spaces includes intercepting a request from a first VW member to invite a second VW member to a VW space within a VW network, the request intercepted outside of the VW network. The access controls also include using a secret code associated with the first member to generate an e-token that includes an identifier of the second member and the space. The access controls further include sending the e-token inside the network. In response to a request for access to the space, the access controls include sending the e-token outside of the network for verification. Upon successful verification of the e-token, the access controls include accessing the network and controlling a guard bot inside the network to grant access for the second member to the space. The guard bot adds the second member to an access control list.

Abstract: A computer implemented method for performing a privacy enhanced comparison of a plurality of data sets includes allocating a private encryption key to each of the data sets; performing an encryption operation for each of the data sets, the encryption operation comprising generating a commutatively encrypted data set of the respective data set, wherein the commutatively encrypted data sets are generated by successively applying a keyed commutative encryption function on the respective data set with the private encryption key of the respective data set itself and with the private encryption keys of the other data sets; and comparing the commutatively encrypted data sets.

Abstract: A computer implemented method for performing a privacy enhanced comparison of a plurality of data sets includes allocating a private encryption key to each of the data sets; performing an encryption operation for each of the data sets, the encryption operation comprising generating a commutatively encrypted data set of the respective data set, wherein the commutatively encrypted data sets are generated by successively applying a keyed commutative encryption function on the respective data set with the private encryption key of the respective data set itself and with the private encryption keys of the other data sets; and comparing the commutatively encrypted data sets.

Abstract: Methods and apparatus for presenting confidential presentations are presented. For example, a method for providing a confidential presentation includes providing a data stream by a stream server of a provider of the confidential presentation to a participant client, providing virtual world elements from a virtual world provider to the participant client, and forming, by the participant client, virtual world display data comprising the data stream and the virtual world elements. The virtual world provider is distinct from the provider of the confidential presentation.

Abstract: The invention relates to a method for providing an assertion message (200) from a proving party (20) to a relying party (40), the method comprising the steps of:—creating an assertion (A) comprising one or more statements,—creating an assertion proof (p A),—creating a temporary private key and a corresponding temporary public key (K) from the assertion (A) and the assertion proof (p A),—creating a key proof (PK) for the temporary public key (K),—creating an assertion message signature (S) by means of the temporary private key,—creating the assertion message (200) comprising the temporary public key (K), the assertion proof (PA), the key proof (PK), the assertion (A), a message body (220) and the assertion message signature (S) to the relying party (40).

Abstract: The invention relates to a mechanism designed for use in areas at risk of explosions, having at least two devices (1, 2) connected to one another by transmission means (3) for exchanging data, at least one of the devices (1, 2) being located in the area as risk of explosion and a decoupling network (4 to 11) being provided on the input side of the devices (1, 2), wherein the invention provides for the decoupling network (4 to 11) to be dimensioned and designed such that the energy that may be stored therein is not able to exceed a predeterminable maximum value.

Abstract: A method for implementing an electronically-based negotiation session between users within an ESN. The method includes sending a message including a request portion and a response portion from a first user to a second user in a round of successive rounds, and in response to receiving the message from the first user, sending a message from the second user to the first user in a subsequent round, the message from the second user including a response portion responsive to the request portion of the message from the first user and a request portion. When a new round is performed, evaluating whether an agreement exists by checking messages previously exchanged, and exchanging subsequent messages, when any rounds remain and the session has not been terminated, and granting access and exchanging data between the users, executing actions, and setting policies as negotiated, when the session has been terminated and an agreement exists.

Abstract: A method for receiving input from a user of a virtual world, the method including: interacting with an object displayed in the virtual world; displaying another object in the virtual world in response to the interacting, the another object adapted to interact with the user; displaying at least one of a user specific label and a service specific label in place of a generic label associated with the another object; selecting the another object; and receiving the generic label and the at least one of the user specific label and the service specific label as the input in response to the selecting.

Abstract: A method for providing e-token based access control to virtual world (VW) spaces includes intercepting a request from a first VW member to invite a second VW member to a VW space within a VW network, the request intercepted outside of the VW network. The access controls also include using a secret code associated with the first member to generate an e-token that includes an identifier of the second member and the space. The access controls further include sending the e-token inside the network. In response to a request for access to the space, the access controls include sending the e-token outside of the network for verification. Upon successful verification of the e-token, the access controls include accessing the network and controlling a guard bot inside the network to grant access for the second member to the space. The guard bot adds the second member to an access control list.

Abstract: A method for virtual world (VW) access control management includes intercepting a policy object from a VW network in response to a request from a VW client system to access a VW space, the policy object intercepted by a proxy server located outside of the network. The method also includes selecting an identity based upon the policy object, which provides credentials required in the policy object as a condition of granting access to the network, generating proof from the selected identity, and transmitting the proof to a verifier avatar located inside the network, the verifier avatar logically mapped to, and controlled by, a verification system located outside of the network. The method further includes receiving, at the verification system, the proof from the verifier avatar. In response to successful validation of the proof, the verification avatar places an avatar of the client system on a list of avatars having access to the space.

Abstract: A computer implemented method for performing a privacy enhanced comparison of a plurality of data sets includes allocating a private encryption key to each of the data sets; performing an encryption operation for each of the data sets, the encryption operation comprising generating a commutatively encrypted data set of the respective data set, wherein the commutatively encrypted data sets are generated by successively applying a keyed commutative encryption function on the respective data set with the private encryption key of the respective data set itself and with the private encryption keys of the other data sets; and comparing the commutatively encrypted data sets.

Abstract: The invention relates to a cuvette (10, 10?) having a chamber (20, 20?) which is closed by windows at the end faces and having an HF reservoir, wherein an HF resistant, porous material (30, 30?) is arranged as the HF reservoir in the chamber (20, 20?).

Abstract: A computer implemented method for performing a privacy enhanced comparison of a plurality of data sets includes allocating a private encryption key to each of the data sets; performing an encryption operation for each of the data sets, the encryption operation comprising generating a commutatively encrypted data set of the respective data set, wherein the commutatively encrypted data sets are generated by successively applying a keyed commutative encryption function on the respective data set with the private encryption key of the respective data set itself and with the private encryption keys of the other data sets; and comparing the commutatively encrypted data sets.

Abstract: A method and system for performing transactions between a client and a server. The client sends to the server a transaction request for performing a transaction, and receives from the server a transaction policy. The client displays a first representation of the transaction policy depicting transaction policy options for fulfilling the transaction policy. After the user selects a first transaction policy option, the client displays a second representation of the transaction policy, depicting at least one mechanism pertaining to the first transaction policy option for satisfying the requirements of the first transaction policy option. After the user selects a first mechanism, the client depicts evidence options for each requirement of the first transaction policy option. After the user selects an evidence option for each requirement of the first transaction policy option, the client sends to the server transaction enablement information that includes evidence dictated by the selected evidence options.