Abstract: The present invention provides a method, apparatus, and computer instructions for warning of a presence of a person in a zone having an inadequate security clearance. Movement of the person in the zone is detected. A message is broadcast to selected data processing systems associated with the zone, wherein the data processing systems initiate actions to protect data in the selected data processing systems.

Abstract: The present invention provides a method, apparatus, and computer instructions for warning of a presence of a person in a zone having an inadequate security clearance. Movement of the person in the zone is detected. A message is broadcast to selected data processing systems associated with the zone, wherein the data processing systems initiate actions to protect data in the selected data processing systems.

Abstract: A method and system is provided for providing and storing annotations that pertain to travel directions to a particular destination, the annotations generally including ratings of the accuracy of the directions and errors observed in the directions by prior users. Annotations submitted by users are stored in a central repository, for access by those who subsequently become interested in the directions or the particular destination. A useful embodiment of the invention is directed to a method for providing travel directions over a selected network, wherein a request for directions regarding a specified destination is sent from a requester to a Directions Provider. The Provider retrieves the requested directions and furnishes them to the requestor. The method further includes generating annotations associated with the furnished directions in accordance with a set of rules resulting from one or more decisions made by the requester, and sending the annotations to the requester.

Abstract: A method and system for tracking a data processing system within a communications network are provided. According to one embodiment, a method is provided comprising receiving identity data from a data processing system via a communications network, where the data processing system comprises a security processing element associated with a secure storage element and the identity data specifies a portion of a security processing element endorsement key stored within the secure storage element. The described method embodiment further comprises identifying the data processing system utilizing the identity data and causing corresponding recovery data to be stored in response to an identification of the data processing system, where the recovery data comprises an associated network connection address.

Abstract: A method, system, and program provide for voice mail management. A voice mail filtering controller calculates a separate Bayesian score for each voice mail message from among multiple voice mail message entries received into a voice mailbox for a user, wherein each separate Bayesian score indicates a probability that the associated voice mail message is unwanted by said user. During playback, the voice mail filtering controller automatically deletes a selection of the voice mail messages each with a separate Bayesian score greater than a particular Bayesian score of the last played voice mail message from the voice mailbox.

Abstract: A balanced approach is provided for interrupt coalescing, wherein interrupts of locking and other small size packets are maximized, while large data segment interrupts are minimized. Thus, the most desirable interrupt characteristics of both large data segments and smaller packets are achieved. Usefully, a data processing system has an adapter connecting the system to a network to receive incoming packets of varying size, the incoming packets respectively carrying messages to interrupt the system processor. Each incoming packet is analyzed, to determine whether or not it meets one or more prespecified criteria, at least a first criterion being related to the size of the incoming packet. The processor is immediately interrupted in accordance with the interrupt message carried by the analyzed packet, if the packet meets all the prespecified criteria. If the analyzed packet does not meet all of the prespecified criteria, the processor is interrupted in accordance with a specified interrupt coalescing technique.

Abstract: A method and system for controlling interrupt frequency by estimating processor load in the peripheral adapter provides adaptive interrupt latency to improve performance in a processing system. A mathematical function of the depth of one or more queues of the adapter is compared to its historical value in order to provide an estimate of processor load. The estimated processor load is then used to set a parameter that controls the frequency of an interrupt generator, which may be controlled by setting an interrupt queue depth threshold, packet frequency threshold or interrupt hold-off time value. The mathematical function may be the ratio of the transmit queue depth to the receive queue depth and the historical value may be predetermined, user-settable, obtained during a calibration interval or obtained by taking a long-term average of the mathematical function of the queue depths.

Abstract: A method and system for controlling interrupt frequency by transferring processor load information to a peripheral adapter provides adaptive interrupt latency to improve performance in a processing system. A device driver obtains current processor load information from an operating system or directly from processor usage counters. The estimated processor load is then used to set a parameter in the adapter that controls the frequency of an interrupt generator, which may be controlled by setting an interrupt queue depth threshold, packet frequency threshold or interrupt hold-off time value. The result is that the relative frequency of interrupts is managed in conformity with the current processor load, provide reduced processing latency when the system is relatively idle, which avoids loading the processor with additional interrupt processing overhead when the processor is busy.

Abstract: A method, apparatus, and computer program product are described for asserting physical presence in a trusted computing environment included within a data processing system. The trusted computing environment includes a trusted platform module (TPM). The data processing system is coupled to a hardware management console. The trusted platform module determines whether the hardware management console is a trusted entity. The trusted platform module also determines whether the hardware management console has knowledge of a secret key that is possessed by the TPM. If the TPM determines that the hardware management console is a trusted entity and has knowledge of the secret key, the TPM determines that physical presence has been asserted.

Abstract: A method, apparatus, and computer program product are described for implementing a trusted computing environment within a data processing system. The data processing system includes multiple different service processor-based hardware platforms. Multiple different trusted platform modules (TPMs) are provided in the data processing system. Each TPM provides trust services to only one of the service processor-based hardware platforms. Each TPM provides its trust services to only a portion of the entire data processing system.

Abstract: A system, apparatus and method of displaying images based on image content are provided. To do so, a database of offensive images is maintained. Stored in the database, however, are hashed versions of the offensive images. When a user is accessing a Web page and the Web page contains an image, the image is hashed and the hashed image is compared to hashed images stored in the database. A match between the message digest of the image on the Web page and one of the stored message digests indicates that the image is offensive. All offensive images are precluded from being displayed.

Abstract: A method, system, and program for user controlled anonymity when evaluating into a role are provided. An anonymous authentication controller enables a user to control anonymity of the user's identity for role based network accesses to resources, without requiring reliance on any single third party to maintain user anonymity. First, a role authentication certificate is received from a role authenticator, wherein the role authentication certificate certifies that the holder of the role authentication certificate is a member of a particular role without allowing the role authenticator issuing the role authentication certificate the ability to track an identity of a user holding the role authentication certificate.

Abstract: A system for managing security index scores is provided. A security index that rates the security level of a portion of code is associated with the code. Development tools, such as packaging utilities, compilers, integrated development environments, and the like, may warn the user if the security level of the portion of the code is low. Source code repository tools, such as concurrent versioning systems, may deny submitted source code if the security index is below a threshold or below a previous version. Installation tools may warn a user or refuse to install a software package if an associated security index is low. Security index scores may be maintained and digitally signed by a trusted third party.

Abstract: A mechanism for determining a probabilistic security score for a software package is provided. The mechanism calculates a raw numerical score that is probabilistically linked to how many security vulnerabilities are present in the source code. The score may then be used to assign a security rating that can be used in either absolute form or comparative form. The mechanism uses a source code analysis tool to determine a number of critical vulnerabilities, a number of serious vulnerabilities, and a number of inconsequential vulnerabilities. The mechanism may then determine a score based on the numbers of vulnerabilities and the number of lines of code.

Abstract: A mechanism is provided for performing intrusion decision-making using a plurality of approaches. Detection approaches may include, for example, signature-based, anomaly-based, scan-based, and danger theory approaches. When event information is received, each approach produces a result. A consensus of each result is then reached by using, for example, Bayesian Filtering. A corpus is kept for each approach. An intrusion corpus keeps combinations of the corpora for all of the approaches that constitute intrusions. A safe corpus keeps combinations of the corpora for all of the approaches that do not constitute an intrusion. The corpora for the approaches may be pre-defined according to security policies and the like. The intrusion corpus and the safe corpus may be trained using scores that are determined using the detection approaches.

Abstract: A method, computer program product, and a data processing system for distributing attendee information for use in a physical encounter involving multiple attendees is provided. An identifier assigned to a first data processing system associated with a first attendee is received by wireless transmission. A query including the identifier is formulated. The query is executed on an attendee database. A record of the database including an identity of the first attendee is wirelessly transmitted to a second data processing system associated with a second attendee responsive to execution of the query.

Abstract: Changing access permission based on usage of computer resources including maintaining records of a user's usage of computer resources in a security domain, the user having a scope of access permission for the computer resources; measuring the user's disuse of one or more of the computer resources in the security domain; and degrading the user's scope of access permission for the computer resources in dependence upon the user's disuse. Typical embodiments include receiving from a user a request for access to a requested computer resource, receiving from the user a request to upgrade the user's degraded scope of access permissions to grant access to the requested computer resource and upgrading, in dependence upon the user's request to upgrade the degraded scope of access permissions, the user's degraded scope of access permissions to grant access to the requested computer resource.

Abstract: A method is presented for implementing a trusted computing environment within a data processing system. A hypervisor is initialized within the data processing system, and the hypervisor supervises a plurality of logical, partitionable, runtime environments within the data processing system. The hypervisor reserves a logical partition for a hypervisor-based trusted platform module (TPM) and presents the hypervisor-based trusted platform module to other logical partitions as a virtual device via a device interface. Each time that the hypervisor creates a logical partition within the data processing system, the hypervisor also instantiates a logical TPM within the reserved partition such that the logical TPM is anchored to the hypervisor-based TPM. The hypervisor manages multiple logical TPM's within the reserved partition such that each logical TPM is uniquely associated with a logical partition.

Abstract: A method, computer program product, and a data processing system for logging audit events in a data processing system. A sequence of audit records including a final audit record are written to a first log file stored by a data processing system. A respective first hash value of each audit record is calculated. Responsive to calculating each respective first hash value, a corresponding second hash value is calculated from the first hash value and a value of a register associated with the data processing system. The second hash value is written to the register. A second log file is opened in response to closing the first log file. A final second hash value corresponding to a first hash value of the final audit record is written to a first record of the second log file.

Abstract: The present invention is a method and system that determines the connection availability of a mobile or cellular device to the communication network in the current location of the mobile or cellular device. The system of the present invention comprises a communication tower containing a means to monitor the current connection capacity of the tower. This monitoring process would involve establishing the maximum call connection capability of the tower. This process also maintains a current count of the number of calling devices that are connected through the tower. As the number of connections increases toward the maximum number of connections, the tower will begin to broadcast messages to mobile and cellular telephone devices in the area of the tower the current connection capability to that tower. The mobile or cellular devices would receive the message and display the information to the device user.