Abstract: The preferred embodiments of the present invention disclose a security transformation system which includes an e-mail client, a cipher proxy, a dictionary database and an Internet e-mail system. The system is capable of generating and receiving messages and performing a cipher substitution and encryption of key fields of messages when they are stored at a user's Internet e-mail system. When the messages are received or accessed the system permits deciphering and decrypting the message using a reverse security transformation The preferred embodiments of the method of the present invention comprises steps of generating and receiving messages at an Internet e-mail system, performing a security transformation on said messages, encrypting said messages, updating a cipher dictionary at a cipher proxy, and decoding and decrypting the messages when accessed by a user.

Abstract: A network includes a number of domains ("layer 2 domains") interconnected by routers. Within each domain, traffic is forwarded based on MAC addresses (or other data link layer addresses). The routers route traffic based on IP addresses or other network layer addresses. To restrict network connectivity, a network administrator specifies connectivity groups each of which is a group of sub-networks that are allowed to communicate. The administrator also specifies which entities (MAC addresses, ports, or user names) belong to the same group. The entities may be in the same or different domains. A computer system automatically creates access control lists for routers to allow or deny traffic as specified by the administrator. The computer system also creates VLANs to allow or deny traffic as specified, wherein each VLAN is part of a domain or is a whole domain. Connectivity within each domain is restricted by VLANs and connectivity between domains is restricted by access control lists.

Abstract: A broadcast or multicast message from a network station is forwarded only to stations in the same virtual broadcast domain (VBD) as the sending station. In some embodiments, a VBD is virtual network (VLAN) or a workgroup (a group of stations, possibly within a VLAN). A membership of a network station in a VBD is determined based on the user who logged on to the station. When the station is first powered up, it is bound to a "default" VBD. When a user logs on, the VBD(s) assigned to the user are determined, and the user's station is switched to the VBD(s). When the user logs off, the user's station is returned to the default VBD.

Abstract: A system for computer software protection includes a random access memory (RAM) device and one or more read-only memory (ROM) devices. The RAM and ROMs are connected in parallel to a data transfer bus, and to an address bus. Selected proprietary portions of a program are pre-stored in the ROMs prior to distribution to system users, and the remaining portions of the program are stored on an external storage medium such as a diskette which is made available for access and use by system users. When using the program, the portion of the program stored on the external storage medium is loaded into the RAM. In executing the program, the system commences executing, in turn, each program instruction contained in the RAM until it is instructed to transfer to one of the ROMs for execution of the proprietary portions of the program stored in the ROMs.