Abstract: The present invention relates to systems and methods for controlling indicators on a device to achieve power and energy conservation. The systems and methods include enabling one or more indicators on the device and further include triggering the disablement of one or more of the indicators on the device based upon a disabling event. Upon detecting an enabling event, the systems and methods include re-enabling one or more of the disabled indicators.

Abstract: In one implementation, a delegation system authenticates, at a first time, a first user relative to a computing environment, and receives, at a second time after the first time, a request for the first user to act within the computing environment as a second user. The delegation system also determines, in response to the request, whether the first user is authorized to act as the second user within the computing environment.

Abstract: A trusted computing platform includes one or more first logically protected computer environments (or “compartments”) associated with initialization of the system, and one or more second logically protected computing environments (or “compartments”). The one or each second compartment is associated with at least one service or process supported by the said system. The trusted computing platform is loaded with a predetermined security policy including one or more security rules for controlling the operation of each of the compartments such that the security rules relating to the one or each first compartment is loaded onto the trusted computing platform when the system is initialized. The one or more security rules relating to the one or at least one of the second compartments are only loaded onto the trusted computing platform if one or more services or processes associated therewith are enabled.

Abstract: A placket truss comprising an elongate member including opposed end portions, wherein each of the end portions includes at least one slot sized and adapted to engage the thread of a corresponding button. Each end portion may include a clip, wherein each clip includes at least one slot and the elongate member is adapted to confront the back side of the placket. The slot or slots may extend in the same direction as a length of the elongate member. Alternatively, the slot or slots may extend in a direction transverse to a length of the elongate member. Each clip is adapted to confront the front side of the placket whereby each of the clips is capable of grasping the placket. The elongate member may comprise a strip of resilient material and may be substantially flat.

Abstract: A virtual network has network interfaces coupled by tunnels (100) through a forwarding network (40), each interface having a forwarding address in an address space of the forwarding network, each network interface having a reconfigurable address mapper (320) for determining a forwarding address for a packet, and encapsulating the packet with its forwarding address so that the forwarding network can forward the data packet transparent to its destination address. The network interface automatically configures the address mapper by sending a discovery request for a given virtual network address over the forwarding network, to prompt a response with an indication of the corresponding forwarding address, and to use the indication in such a response to configure the address mapper. This can ease the administrative burden of setting up and maintaining the address mapper and to ease network reconfiguration according to demand or faults for example.

Abstract: A virtual network has virtual machines on physical devices connected to network interfaces each coupled by tunnels (100) through a forwarding network (40), each interface having a forwarding address in an address space of the forwarding network, each network interface having a reconfigurable address mapper (320) for determining a forwarding address for a packet, and encapsulating the packet with its forwarding address so that the forwarding network can deliver the data packet to the remote physical device having that forwarding address. Such encapsulation enables virtual machines on different physical devices to communicate transparently to the underlying forwarding network. Virtual networks can be created to suit their applications yet use or share existing forwarding networks, while protecting the forwarding network from interference by the virtual machines, and maintaining isolation between virtual machines.

Abstract: A virtual network has network interfaces coupled by a multipoint tunnel (100) through a forwarding network (40), each interface having a forwarding address in an address space of the forwarding network, each network interface having a reconfigurable address mapper (320) for determining a forwarding address for a packet, and encapsulating the packet with its forwarding address so that the forwarding network can forward the data packet transparent to its destination address. This makes the virtual network more agile since changes to the virtual network can be achieved by reconfiguring the corresponding forwarding addresses without needing to set up new tunnels new routing to these different tunnels. The forwarding network need not be aware of the virtual network and so no adaptation of the forwarding network or specialised hardware is needed.

Abstract: The present invention relates to systems and methods for controlling indicators on a device to achieve power and energy conservation. The systems and methods include enabling one or more indicators on the device and further include triggering the disablement of one or more of the indicators on the device based upon a disabling event. Upon detecting an enabling event, the systems and methods include re-enabling one or more of the disabled indicators.

Abstract: A system comprising a trusted computing platform including one or more logically protected computing environments, each of which is associated with at least one service or process supported by said system, the system being arranged to load onto said trusted computing platform a predetermined security policy including one or more security rules for controlling the operation of each of said logically protected computing environments, the security rules for at least one of said logically protected computing environments including an execution control rule which defines the security attributes to be applied to a service or process associated with said logically protected computing environment when said service or process is started.

Abstract: A system and method for resolving a rule conflict within a security policy applied to a trusted computing platform, wherein the fileset to which each of the conflicting rules v and s refers (or “scope”) is determined (step 10). It is then determined (at step 12) if the scope of one of the rules s is a complete subset of the scope of rule r. If so, rule s is applied to the accessed file f (at step 14). If not, the conflict is resolved in another way, for example, by determining the most restrictive of rules r and s (at step 16) and applying the result accordingly (step 18).

Abstract: A virtual network has network interfaces coupled by a multipoint tunnel (100) through a forwarding network (40), each interface having a forwarding address in an address space of the forwarding network, each network interface having a reconfigurable address mapper (320) for determining a forwarding address for a packet, and encapsulating the packet with its forwarding address so that the forwarding network can forward the data packet transparent to its destination address. This makes the virtual network more agile since changes to the virtual network can be achieved by reconfiguring the corresponding forwarding addresses without needing to set up new tunnels new routing to these different tunnels. The forwarding network need not be aware of the virtual network and so no adaptation of the forwarding network or specialised hardware is needed.

Abstract: A virtual network has network interfaces coupled by tunnels (100) through a forwarding network (40), each interface having a forwarding address in an address space of the forwarding network, each network interface having a reconfigurable address mapper (320) for determining a forwarding address for a packet, and encapsulating the packet with its forwarding address so that the forwarding network can forward the data packet transparent to its destination address. The network interface automatically configures the address mapper by sending a discovery request for a given virtual network address over the forwarding network, to prompt a response with an indication of the corresponding forwarding address, and to use the indication in such a response to configure the address mapper. This can ease the administrative burden of setting up and maintaining the address mapper and to ease network reconfiguration according to demand or faults for example.

Abstract: A solution for replicating protected data is provided. A manifest is managed along with the protected data at each computing device as well as at a server. The manifest is also protected and includes an entry for each protected data item in the protected data. The protected data at each computing device is replicated using both the local version of the manifest and the server version of the manifest. In an embodiment, each entry in the manifest includes an update identifier that can be compared with an update identifier stored with the protected data item as well as the update identifier in a local version of the manifest. In another embodiment, the manifest includes an entry for each computing device that includes a replication identifier. These entries can be used to perform additional checks to ensure that the manifest and/or protected data has not been compromised.

Abstract: Under the present invention, a method, system, and program product for providing an untrusted certificate store for secure e-mail is provided. The method for providing the untrusted certificate store (UCS) includes obtaining particular information from either an e-mail message or directory that includes either, or both of, an untrusted certificate and an e-mail address and storing it/them in the UCS and then automatically maintaining the information in the UCS.

Abstract: Under the present invention, when a request for a certificate is made, a set of (mapping) rules are used to identify an appropriate directory and any other information sources, and to retrieve information for the certificate therefrom. The directory name is then transformed using the set of rules for use in the certificate. Thereafter, a template for the certificate is developed using the set of rules. The template and the request are then communicated to the PKI, which will generate and return the certificate. Upon receipt, the present invention can verify that the certificate actually includes the transformed name.

Abstract: The present invention provides a method, system, and computer program product for transparent on-demand certificate provisioning for secure email. The method comprises: generating a keypair and a self-signed certificate; requesting a certificate from a certification authority; temporarily securing email using the self-signed certificate; and securing email using the requested certificate, after receipt of the requested certificate from the certification authority. The present inventions uses self-signed certificates as an initial, interim security mechanism, provides automatic submission of certificate requests and renewal requests, provides an administrative policy to specify when keypairs and self-signed certificates are generated by a user's client system, and when certificate requests are submitted, and provides automatic transition from end-user defined trust to delegated trust based upon CA-issued certificates.

Abstract: A personal credential store that aggregates a number of physical credential stores beneath an application programming interface (API) and offers tag-based credential look-up. The API of the disclosed system runs on the user's client system, and effectively hides the underlying credential store types from applications using it. The tags used to look up credentials through the API may advantageously include or consist of unique identifiers indicating the functional purpose of the desired credential. The types of physical credential store aggregated together under the disclosed API may include a local credential store, a network-resident private credential store that may be shared across multiple client systems operated by a single user, and a network-resident shareable credential store, that may be used by processes acting on behalf of the user, and/or shared by multiple users.

Abstract: A method, system and apparatus for the transparent security for electronic mail (e-mail) messages. A method for transparently securing an e-mail message can include producing a secured form of an e-mail message and identifying at least one designated recipient of the e-mail message for whom a secured form of the e-mail message cannot be produced and understood. Consequently, the secured form can be selectively transmitted to designated recipients able to process the secured form, while an unsecured form of the e-mail message can be transmitted to those identified recipients unable to process the secured form without first requiring confirmation from a sender of the e-mail message to transmit the unsecured form instead of the secured form.

Abstract: A trusted computing platform includes one or more first logically protected computer environments (or “compartments”) associated with initialisation of the system, and one or more second logically protected computing environments (or “compartments”). The one or each second compartment is associated with at least one service or process supported by the said system. The trusted computing platform is loaded with a predetermined security policy including one or more security rules for controlling the operation of each of the compartments such that the security rules relating to the one or each first compartment is loaded onto the trusted computing platform when the system is initialized. The one or more security rules relating to the one or at least one of the second compartments are only loaded onto the trusted computing platform if one or more services or processes associated therewith are enabled.

Abstract: A computer network includes an on-line purchasing system which advertises goods for sale by means of a web-page accessible over the Internet. The web-page is stored on a server which is connected to an XML interface facility in the form of an XSLT file. The server is connected to the Internet by means of a first port. A client terminal is connected to the server by means of the first port. The server also includes a second port for connecting the server to an external authorisation computer via a connection. The server is configured to perform certain data processing operations, such as processing purchase orders sent from a user, forwarding processed purchase orders to a despatch service for effecting delivery etc., but only after an authorisation process has been completed. Initially, the client terminal sends a purchase order, in the form of an XML document, to the server.