Abstract: A keyboard includes a plurality of keys, a plurality of keyboard components coupled to the keys, and one-time password (OTP) generation hardware integrated with at least some of the keyboard components, where actuating at least one of the keys causes a one-time password to be generated. The OTP generation hardware may be actuated with a dedicated button on the keyboard, by pressing a button on the keyboard that is otherwise used for pairing the keyboard to a device, or by pressing a specific sequence of keys on the keyboard. The keyboard may maintain state information to cause input by the user for OTP generation to be provide to the OTP generation hardware instead of to a device paired with the keyboard. The keyboard may also include a display that is part of the keyboard, where the display shows the one-time password generated by the OTP hardware.

Abstract: The present invention provides a method, apparatus, and computer instructions for warning of a presence of a person in a zone having an inadequate security clearance. Movement of the person in the zone is detected. A message is broadcast to selected data processing systems associated with the zone, wherein the data processing systems initiate actions to protect data in the selected data processing systems.

Abstract: The present invention provides a method, apparatus, and computer instructions for warning of a presence of a person in a zone having an inadequate security clearance. Movement of the person in the zone is detected. A message is broadcast to selected data processing systems associated with the zone, wherein the data processing systems initiate actions to protect data in the selected data processing systems.

Abstract: A system for automatic identification and notification of relevant program defects. A defect report server opens a defect description in response to receiving the defect description from an end user. Then, the defect report server extracts each word and phrase contained within the program defect description. After extracting each word and phrase, the defect report server searches a plurality of defect databases for each extracted word and phrase. If an extracted word or phrase is found in a defect database, the defect report server calculates a word relevancy percentage for each of the extracted words or phrases found in the search. Finally, if the word relevancy percentage for each extracted word and phrase exceeds a threshold, the defect report server sends all relevant defects associated with each extracted word and phrase that exceeded the predetermined threshold to a defect owner.

Abstract: A method and system for tracking a data processing system within a communications network are provided. According to one embodiment, a method is provided comprising receiving identity data from a data processing system via a communications network, where the data processing system comprises a security processing element associated with a secure storage element and the identity data specifies a portion of a security processing element endorsement key stored within the secure storage element. The described method embodiment further comprises identifying the data processing system utilizing the identity data and causing corresponding recovery data to be stored in response to an identification of the data processing system, where the recovery data comprises an associated network connection address.

Abstract: A method, system, and program provide for voice mail management. A voice mail filtering controller calculates a separate Bayesian score for each voice mail message from among multiple voice mail message entries received into a voice mailbox for a user, wherein each separate Bayesian score indicates a probability that the associated voice mail message is unwanted by said user. During playback, the voice mail filtering controller automatically deletes a selection of the voice mail messages each with a separate Bayesian score greater than a particular Bayesian score of the last played voice mail message from the voice mailbox.

Abstract: A balanced approach is provided for interrupt coalescing, wherein interrupts of locking and other small size packets are maximized, while large data segment interrupts are minimized. Thus, the most desirable interrupt characteristics of both large data segments and smaller packets are achieved. Usefully, a data processing system has an adapter connecting the system to a network to receive incoming packets of varying size, the incoming packets respectively carrying messages to interrupt the system processor. Each incoming packet is analyzed, to determine whether or not it meets one or more prespecified criteria, at least a first criterion being related to the size of the incoming packet. The processor is immediately interrupted in accordance with the interrupt message carried by the analyzed packet, if the packet meets all the prespecified criteria. If the analyzed packet does not meet all of the prespecified criteria, the processor is interrupted in accordance with a specified interrupt coalescing technique.

Abstract: A method and system for controlling interrupt frequency by estimating processor load in the peripheral adapter provides adaptive interrupt latency to improve performance in a processing system. A mathematical function of the depth of one or more queues of the adapter is compared to its historical value in order to provide an estimate of processor load. The estimated processor load is then used to set a parameter that controls the frequency of an interrupt generator, which may be controlled by setting an interrupt queue depth threshold, packet frequency threshold or interrupt hold-off time value. The mathematical function may be the ratio of the transmit queue depth to the receive queue depth and the historical value may be predetermined, user-settable, obtained during a calibration interval or obtained by taking a long-term average of the mathematical function of the queue depths.

Abstract: A method and system for controlling interrupt frequency by transferring processor load information to a peripheral adapter provides adaptive interrupt latency to improve performance in a processing system. A device driver obtains current processor load information from an operating system or directly from processor usage counters. The estimated processor load is then used to set a parameter in the adapter that controls the frequency of an interrupt generator, which may be controlled by setting an interrupt queue depth threshold, packet frequency threshold or interrupt hold-off time value. The result is that the relative frequency of interrupts is managed in conformity with the current processor load, provide reduced processing latency when the system is relatively idle, which avoids loading the processor with additional interrupt processing overhead when the processor is busy.

Abstract: A system, apparatus and method of displaying images based on image content are provided. To do so, a database of offensive images is maintained. Stored in the database, however, are hashed versions of the offensive images. When a user is accessing a Web page and the Web page contains an image, the image is hashed and the hashed image is compared to hashed images stored in the database. A match between the message digest of the image on the Web page and one of the stored message digests indicates that the image is offensive. All offensive images are precluded from being displayed.

Abstract: A mechanism is provided for performing intrusion decision-making using a plurality of approaches. Detection approaches may include, for example, signature-based, anomaly-based, scan-based, and danger theory approaches. When event information is received, each approach produces a result. A consensus of each result is then reached by using, for example, Bayesian Filtering. A corpus is kept for each approach. An intrusion corpus keeps combinations of the corpora for all of the approaches that constitute intrusions. A safe corpus keeps combinations of the corpora for all of the approaches that do not constitute an intrusion. The corpora for the approaches may be pre-defined according to security policies and the like. The intrusion corpus and the safe corpus may be trained using scores that are determined using the detection approaches.

Abstract: Changing access permission based on usage of computer resources including maintaining records of a user's usage of computer resources in a security domain, the user having a scope of access permission for the computer resources; measuring the user's disuse of one or more of the computer resources in the security domain; and degrading the user's scope of access permission for the computer resources in dependence upon the user's disuse. Typical embodiments include receiving from a user a request for access to a requested computer resource, receiving from the user a request to upgrade the user's degraded scope of access permissions to grant access to the requested computer resource and upgrading, in dependence upon the user's request to upgrade the degraded scope of access permissions, the user's degraded scope of access permissions to grant access to the requested computer resource.

Abstract: A method, system, and program for mitigating self-propagating e-mail viruses are provided. A request to send an electronic mail message with a file attachment to intended recipients is received. A characteristic of the intended recipients are compared with a maximum recipient limit for the file attachment. If the characteristic of the intended recipients exceeds the maximum recipient limit for the file attachment, then a sender authorization is requested prior to sending the electronic mail message. The sender authorization is required such that if a virus is attempting to self-propagate by sending the electronic mail message, the attempt is mitigated.

Abstract: Exemplary embodiments of the present invention include a method for providing a password to an application. Such exemplary embodiments include receiving, from a user, a passkey event uniquely associated with one of a plurality of applications requiring a password, and receiving, from a user, a same master password for access to each of the plurality of applications, applying a hashing algorithm associated with the separate input event to the master password to generate an application specific password, and submitting the application specific password to the application for access by the user. In some embodiments, receiving, from a user, a passkey event uniquely associated with any given one of the plurality of applications includes receiving, from a user, an event created by a user's engaging a keyboard key.

Abstract: A method, apparatus, and computer instructions for processing video data. Text in the subtitles in the multimedia program data is identified to generate a set of text. The set of text is analyzed to form an analysis. A video segment that should be altered based on the analysis is identified to form an identified video segment and this identified segment is altered. Additionally, color corrections may be performed to enhance the visibility of text in subtitles.

Abstract: A method and system for automatic address error recovery in an electronic mail system where electronic mail messages are transferred by identifying an address which includes a user name and a domain name which includes a top level domain suffix. In the event an electronic mail message destination cannot be determined, likely appropriate destinations are automatically determined by systematically determining common alternate spellings of the user name, likely alternate domain names or an alternate top level domain suffix. Alternately, a table of expired addresses and corresponding new addresses can be maintained and examined to determine a likely appropriate address. At least one likely appropriate address is presented to a sender and the electronic mail message is then transmitted to a destination by the sender.