Abstract: Mechanisms are provided for performing an operation on a received data packet. A data packet is received and a hash operation on a header field value of a header of the data packet is performed to generate a hash value. A lookup operation is performed in a hash table associated with a type of the header field value to identify a hash table entry. A bit string associated with the hash table entry is retrieved, where each bit in the bit string corresponds to a class of rules of a rule set of a firewall. A matching operation of the header field value to rules in classes of rules corresponding to bits set in the bit string is performed to select one or more search trees. Operations are performed based on rules in the classes of rules being matched by header field value of the data packet.

Abstract: Mechanisms are provided for performing an operation on a received data packet. A data packet is received and a hash operation on a header field value of a header of the data packet is performed to generate a hash value. A lookup operation is performed in a hash table associated with a type of the header field value to identify a hash table entry. A bit string associated with the hash table entry is retrieved, where each bit in the bit string corresponds to a class of rules of a rule set of a firewall. A matching operation of the header field value to rules in classes of rules corresponding to bits set in the bit string is performed to select one or more search trees. Operations are performed based on rules in the classes of rules being matched by header field value of the data packet.

Abstract: Mechanisms are provided for performing an operation on a received data packet. A data packet is received and a hash operation on a header field value of a header of the data packet is performed to generate a hash value. A lookup operation is performed in a hash table associated with a type of the header field value to identify a hash table entry. A bit string associated with the hash table entry is retrieved, where each bit in the bit string corresponds to a class of rules of a rule set of a firewall. A matching operation of the header field value to rules in classes of rules corresponding to bits set in the bit string is performed to select one or more search trees. Operations are performed based on rules in the classes of rules being matched by header field value of the data packet.

Abstract: Mechanisms are provided for performing an operation on a received data packet. A data packet is received and a hash operation on a header field value of a header of the data packet is performed to generate a hash value. A lookup operation is performed in a hash table associated with a type of the header field value to identify a hash table entry. A bit string associated with the hash table entry is retrieved, where each bit in the bit string corresponds to a class of rules of a rule set of a firewall. A matching operation of the header field value to rules in classes of rules corresponding to bits set in the bit string is performed to select one or more search trees. Operations are performed based on rules in the classes of rules being matched by header field value of the data packet.

Abstract: Mobile code, such as an applet, is permitted to create a network connection with a content server on a network, without restricting the applet only to connections from the computer from which it was downloaded. This is achieved in accordance with the principles of the present invention by using network restriction software in the execution engine or runtime system under which the applet executes. When the applet attempts to create a network connection to a content server, the network restriction software checks a name file on the content server for the presence of an entry whose name corresponds to the name of the computer from which the applet was downloaded. If such an entry is present, then the network restriction software permits the network connection between the applet and the content server to be created. If not, the applet may not create a network connection with the content server.

Abstract: Mobile code, such as an applet, is permitted to create a network connection with a content server on a network, without restricting the applet only to connections from the computer from which it was downloaded. This is achieved in accordance with the principles of the present invention by using network restriction software in the execution engine or runtime system under which the applet executes. When the applet attempts to create a network connection to a content server, the network restriction software checks a name file on the content server for the presence of an entry whose name corresponds to the name of the computer from which the applet was downloaded. If such an entry is present, then the network restriction software permits the network connection between the applet and the content server to be created. If not, the applet may not create a network connection with the content server.

Abstract: A system and methods are disclosed that permit mobile code, such as an applet, to create a network connection with a content server on a network, without exposing the client computer that is running the applet, or other computers with which the client computer may communicate, to a DNS spoofing attack. This is achieved in accordance with the principles of the present invention by using network restriction software in the execution engine or runtime system under which the applet executes. When the applet attempts to create a network connection to a content server, the network restriction software checks a “name directory” on the content server for the presence of an entry whose name corresponds to the name of the computer from which the applet was downloaded. If such an entry is present, then the network restriction software permits the network connection between the applet and the content server to be created. If not, the applet may not create a network connection with the content server.

Abstract: Opaque I/O objects are described which can be used in a variety of mobile code systems to permit unprivileged applets to perform a wide variety of I/O operations in a safe manner. Such opaque objects permit limited I/O without requiring the user of an applet to confer trust or privilege on the applet, and without exposing the user to a risk of his data being destroyed, compromised, or stolen by malicious applets.

Abstract: Mobile code, such as an applet, is permitted to create a network connection with a content server on a network, without restricting the applet only to connections from the computer from which it was downloaded. This is achieved in accordance with the principles of the present invention by using network restriction software in the execution engine or runtime system under which the applet executes. When the applet attempts to create a network connection to a content server, the network restriction software checks a name file on the content server for the presence of an entry whose name corresponds to the name of the computer from which the applet was downloaded. If such an entry is present, then the network restriction software permits the network connection between the applet and the content server to be created. If not, the applet may not create a network connection with the content server.

Abstract: A system and methods are disclosed that permit mobile code, such as an applet, to create a network connection with a content server on a network, without exposing the client computer that is running the applet, or other computers with which the client computer may communicate, to a DNS spoofing attack. This is achieved in accordance with the principles of the present invention by using network restriction software in the execution engine or runtime system under which the applet executes. When the applet attempts to create a network connection to a content server, the network restriction software checks a “name directory” on the content server for the presence of an entry whose name corresponds to the name of the computer from which the applet was downloaded. If such an entry is present, then the network restriction software permits the network connection between the applet and the content server to be created. If not, the applet may not create a network connection with the content server.

Abstract: A miniature fiber optic hydrophone based on the principles of a Fabry-Perot interferometer. The hydrophone, in one embodiment, includes a body having a shaped flexible bladder at one end which defines a volume containing air or suitable gas, and including a membrane disposed adjacent a vent. An optic fiber extends into the body with one end terminating in spaced relation to the membrane. Acoustic waves in the water that impinge on the bladder cause the pressure of the volume therein to vary causing the membrane to deflect and modulate the reflectivity of the Fabry-Perot cavity formed by the membrane surface and the cleaved end of the optical fiber disposed adjacent to the membrane. When the light is transmitted down the optical fiber, the reflected signal is amplitude modulated by the incident acoustic wave. Another embodiment utilizes a fluid filled volume within which the fiber optic extends.

Abstract: Underground anomalies or discontinuities, such as holes, tunnels, and caverns, are located by lowering an electromagnetic signal transmitting antenna down one borehole and a receiving antenna down another, the ground to be surveyed for anomalies being situated between the boreholes. Electronic transmitting and receiving equipment associated with the antennas is activated and the antennas are lowered in unison at the same rate down their respective boreholes a plurality of times, each time with the receiving antenna at a different level with respect to the transmitting antenna. The transmitted electromagnetic waves diffract at each edge of an anomaly. This causes minimal signal reception at the receiving antenna. Triangulation of the straight lines between the antennas for the depths at which the signal minimums are detected precisely locates the anomaly.