Abstract: The present invention provides a computer implemented method, apparatus, and computer usable program code to receive a request to withdraw money using a bank card. A determination is made as to whether a profile is present on the bank card. The money is dispensed using types of currency based on the profile in response to the determination that the profile is present on the bank card.

Abstract: A method and system is provided for providing and storing annotations that pertain to travel directions to a particular destination, the annotations generally including ratings of the accuracy of the directions and errors observed in the directions by prior users. Annotations submitted by users are stored in a central repository, for access by those who subsequently become interested in the directions or the particular destination. A useful embodiment of the invention is directed to a method for providing travel directions over a selected network, wherein a request for directions regarding a specified destination is sent from a requester to a Directions Provider. The Provider retrieves the requested directions and furnishes them to the requestor. The method further includes generating annotations associated with the furnished directions in accordance with a set of rules resulting from one or more decisions made by the requester, and sending the annotations to the requester.

Abstract: An intrusion detection mechanism is provided for flexible, automatic, thorough, and consistent security checking and vulnerability resolution in a heterogeneous environment. The mechanism may provide a predefined number of default intrusion analysis approaches, such as signature-based, anomaly-based, scan-based, and danger theory. The intrusion detection mechanism also allows a limitless number of intrusion analysis approaches to be added on the fly. Using an intrusion detection skin, the mechanism allows various weights to be assigned to specific intrusion analysis approaches. The mechanism may adjust these weights dynamically. The score ration can be tailored to determine if an intrusion occurred and adjusted dynamically. Also, multiple security policies for any type of computing element may be enforced.

Abstract: A system, apparatus, computer program product and method for authorizing information flows based on security information associated with information objects is provided. A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.

Abstract: A system, apparatus, computer program product and method for authorizing information flows between devices of a data processing system are provided. In one illustrative embodiment, an information flow request is received from a first device to authorize an information flow from the first device to a second device. The information flow request includes an identifier of the second device. Based on an identifier of the first device and the second device, security information identifying an authorization level of the first device and second device is retrieved. A sensitivity of an information object that is to be transferred in the information flow is determined and the information flow is authorized or denied based only on the sensitivity of the information object and the authorization level of the first and second devices irregardless of the particular action being performed on the information object as part of the information flow.

Abstract: A reference monitor system, apparatus, computer program product and method are provided. In one illustrative embodiment, elements of the data processing system are associated with security data structures in a reference monitor. An information flow request is received from a first element to authorize an information flow from the first element to a second element. A first security data structure associated with the first element and a second security data structure associated with the second element are retrieved. At least one set theory operation is then performed on the first security data structure and the second security data structure to determine if the information flow from the first element to the second element is to be authorized. The security data structures may be labelsets having one or more labels identifying security policies to be applied to information flows involving the associated element.

Abstract: A method, system, and program provide for voice mail management. A voice mail filtering controller calculates a separate Bayesian score for each voice mail message from among multiple voice mail message entries received into a voice mailbox for a user, wherein each separate Bayesian score indicates a probability that the associated voice mail message is unwanted by said user. During playback, the voice mail filtering controller automatically deletes a selection of the voice mail messages each with a separate Bayesian score greater than a particular Bayesian score of the last played voice mail message from the voice mailbox.

Abstract: A memory coherence protocol is provided for using cache line access frequencies to dynamically switch from an invalidation protocol to an update protocol. A frequency access count (FAC) is associated with each line of data in a memory area, such as each cache line in a private cache corresponding to a CPU in a multiprocessor system. Each time the line is accessed, the FAC associated with the line is incremented. When the CPU, or process, receives an invalidate signal for a particular line, the CPU checks the FAC for the line. If the CPU, or process, determines that it is a frequent accessor of a particular line that has been modified by another CPU, or process, the CPU sends an update request in order to obtain the modified data. If the CPU is not a frequent accessor of a line that has been modified, the line is simply invalidated in the CPU's memory area.

Abstract: A system and method in a data processing system for error checking and resolving failed input/output open calls. A configuration mechanism configures the options, such as the information stored in databases, details of how each error check is performed, and what actions should be taken when improper error checking occurs. Based on data stored in databases, such as an I/O calls database, a rules with syntax database, and an usage calls database, a code analyzer analyzes code in software programs for an error check of a failed input/output open call. A reporting mechanism reports data from the analyzed code to a report file, such as why software programs have proper and improper error-checking instances, sends errors from the analyzed code to an error file, and enables these files to be displayed on a display. Finally, the code analyzer enables resolving an improper error check for the failed input/output open call.

Abstract: A system, method, and computer program product for adaptively identifying unauthorized intrusions in a networked data processing system. In accordance with the method of the present invention, an intrusion detection module receives system event data that may be utilized for intrusion detection. The received system event data is processed utilizing multiple intrusion detection techniques including at least one behavior-based intrusion detection technique to generate an intrusion detection result. In response to the intrusion detection result indicating an unauthorized intrusion, at least one knowledge-based intrusion detection corpus is updated utilizing the system event data. In a preferred embodiment, the intrusion detection system/method is implemented in a network data processing environment in which the knowledge-based intrusion detection corpus is communicatively accessible by multiple elements coupled to the networked data processing system.

Abstract: A mechanism is provided for performing intrusion decision-making using a plurality of approaches. Detection approaches may include, for example, signature-based, anomaly-based, scan-based, and danger theory approaches. When event information is received, each approach produces a result. A consensus of each result is then reached by using, for example, Bayesian Filtering. A corpus is kept for each approach. An intrusion corpus keeps combinations of the corpora for all of the approaches that constitute intrusions. A safe corpus keeps combinations of the corpora for all of the approaches that do not constitute an intrusion. The corpora for the approaches may be pre-defined according to security policies and the like. The intrusion corpus and the safe corpus may be trained using scores that are determined using the detection approaches.

Abstract: Methods, systems, and computer program products are described for logging off a user from a website, including detecting through a browser a predefined exit channel for a website; detecting a user's leaving the website outside the predefined exit channel; and guiding browser operation toward the predefined exit channel.

Abstract: A database skin allows a database administrator to configure which security checks are to be implemented, the frequency with which the security checks are to be executed, the look and feel of the output, how security violations are to be resolved, where reports are to be sent, details of each security check as it is executed, statistics or metrics to be collected, and the like. A security checker is pre-loaded with security checks that always need to be executed for databases. Pluggable security check modules may also be used. A security violations manager includes a report mechanism for reporting security violations and a resolution mechanism for resolving security violations, if possible or if instructed by the database skin. The security violations manager reports errors to an error file and sends data to be reported to a report file.