Abstract: A method and an apparatus in a data processing system detects the presence of sensitive data and renders this data in a secured manner. The data processing system may be any device with information presentation capability which can receive data from a network. Detecting a need for secured rendering may include recognition that the data was encrypted, tags in the data indicating a level of secured rendering, or various forms of pre-arrangement between the sender and the recipient. Ways to determine if the recipient is in a secured environment include detection of conversations in the environment, video images showing people in the environment, analysis of infrared signals, determining the location of the data processing system using GPS or similar means, or interaction with an authenticated user.

Abstract: The invention is a system combining a Global Positioning Satellite (GPS) receiver, an electronic compass and a two-way wireless communication system wherein a plurality of hunters each carry such a device. The device is adapted to determine its location using GPS, report that location to a base station or directly to other such devices, receive the location of the other hunters from the base station or directly from other of such devices, and to warn the hunter when aiming his weapon in the direction of another hunter that is within an unsafe distance.

Abstract: A device certificate identifies a particular device using a globally-unique device identifier and contains a public key associated therewith. A private key stored in protected storage of the device is used to digitally sign outbound messages, enabling communicating devices to authenticate one another using the associated device certificate and public key, before returning a response. Devices functioning as servers can thereby securely participate in dynamic, automatic address assignment services using a service such as a Boot Protocol or Dynamic Host Configuration Protocol, and/or to update address information stored in a Domain Name System (DNS) server, ensuring that the update is authentic, and when the DNS is also authenticated, ensuring that a legitimate DNS has been contacted.

Abstract: A device certificate identifies a particular device using a globally-unique device identifier and contains a public key associated therewith. A private key stored in protected storage of the device is used to digitally sign outbound messages, enabling the message receiver to authenticate the message originator. Devices requesting address assignment from a service such as a Boot Protocol or Dynamic Host Configuration Protocol service can be authenticated by that service before an address is assigned. The device of the service providing the address assignment may also digitally sign the requested address, using its own private key, enabling the address receiver to verify that the address provider is authentic before accepting and using the assigned address. A device requesting an update to address information stored in a Domain Name System (DNS) server can be authenticated and/or can ensure that a legitimate DNS has been contacted.

Abstract: A method, system, computer program product, and method of doing business by digitally notarizing a collection of data streams, thereby improving security of the contents of the data streams. Preferably, public key cryptography is used, wherein the collection of data streams is digitally signed (i.e. notarized) using a private cryptographic key of a digital notary, such that an associated public cryptographic key can be used to verify the authenticity and integrity of the collection of data streams. One or more components which are involved in creating the data streams are preferably authenticated, and a unique identifier of each such component is included within cryptographically-protected information that is provided for the digital notarization. The authenticated identities of the components can therefore be determined from the digital notarization.

Abstract: A method, system, computer program product, and method of doing business by providing a secure integrated device (such as a pervasive computing device) for which operating capabilities can be dynamically yet securely selected (including, but not limited to, pluggable connection of input/output devices and/or application processors that provide selected functions). Each input/output (I/O) device and application processor to be used is plugged in to a bus of a security core, and authenticates itself to the security core using public key infrastructure techniques, thereby creating a secure multi-function device. All of the multi-function device's input and output interactions with its environment necessarily traverse an I/O bus under the sole control of the security core. The only communication path between an application processor and the external environment (such as an I/O device) is through an application processor bus, which is likewise under control of the security core.

Abstract: A method, system, and computer program product for resolving address information in an ad-hoc networking environment. Two indicators are defined to indicate whether (1) a device has a self-assigned (i.e. auto-configured) IP (Internet Protocol) address and (2) the device has an administered IP address (i.e. an IP address configured by an administrator or assigned by a service such as a Dynamic Host Configuration Protocol service). These indicators are communicated, along with a device's IP host name, IP address, subnet, and subnet mask, preferably as augmented information of existing protocol messages. The information may be communicated during establishment of the data link layer connection between two devices, or it may be communicated during service discovery protocol exchanges between two devices, or in a combination thereof.

Abstract: An apparatus and method for searching a database of web site functional characteristics to identify web sites that are compatible with designated functions are provided. With the apparatus and method, a database of functional characteristics is compiled and a search interface is provided. The database may be compiled in an automatic, manual, or semiautomatic manner by, for example, retrieving web site content with various functions of a web browser disabled and analyzing the resultant output through the web browser. With the search interface, a user may enter designations of the functional characteristics that the user is either interested in having or not having in the resultant list of web sites. Based on the user's designation of functional characteristics, the search engine associated with the search interface searches the database of web sites and identifies the web site entries in the database that are compatible with the designated functional characteristics.

Abstract: Methods, systems and computer program products are provided for determining if a packet has a spoofed source Internet Protocol (IP) address. A source media access control (MAC) address of the packet and the source IP address are evaluated to determine if the source IP address of the packet has been bound to the source MAC address at a source device of the packet. The packet is determined to have a spoofed source IP address if the evaluation indicates that the source IP address is not bound to the source MAC address. Such an evaluation may be made for packets having a subnet of the source IP address which matches a subnet from which the packet originated.

Abstract: The invention is a system combining a Global Positioning Satellite (GPS) receiver, an electronic compass and a two-way wireless communication system wherein a plurality of hunters each carry such a device. The device is adapted to determine its location using GPS, report that location to a base station or directly to other such devices, receive the location of the other hunters from the base station or directly from other of such devices, and to warn the hunter when aiming his weapon in the direction of another hunter that is within an unsafe distance.

Abstract: A data cylinder functioning as a graphical user interface for managing ad-hoc data is disclosed. The data cylinder stores therein a plurality of related data sets representing ad-hoc data, and displays one of these data sets at a time. The data cylinder is laterally rotatable to display a different one of the related data sets. A new set of related data can be easily created based on existing data sets. By selecting the data set of the data cylinder displayed to the user, current data fields are automatically filled with the values in the selected data set.

Abstract: A method and system for providing targeted advertising and personalized customer services using wireless communication devices. The method includes the steps of initiating wireless communication with the wireless communication device, automatically receiving preference information from the wireless communication device through the initiated communication, and providing, based on the preference information, a personalized customer service in response to a user's request. The wireless communication device can be, e.g., a PDA, a mobile phone, a two-way pager, or a shopping cart attachment device. The shopping cart attachment device is attached to a shopping cart operated by the user and is capable of reading RFID-tagged products placed in the shopping cart or reading a customer card carrying the preference information or a unique customer ID associated with preference information prestored in a central location.

Abstract: A method and system for identifying and tracking persons using RFID-tagged items carried on the persons. Previous purchase records for each person who shops at a retail store are collected by POS terminals and stored in a transaction database. When a person carrying or wearing items having RFID tags enters the store or other designated area, a RFID tag scanner located therein scans the RFID tags on that person and reads the RFID tag information. The RFID tag information collected from the person is correlated with transaction records stored in the transaction database according to known correlation algorithms. Based on the results of the correlation, the exact identity of the person or certain characteristics about the person can be determined. This information is used to monitor the movement of the person through the store or other areas.

Abstract: A method and system for providing targeted advertising in public places and carriers such as trains, buses, train stations, shopping malls, airports, etc. The demographics, purchasing history and/or personal preferences of individuals in the public place are collected from personal digital assistants (PDAs) or other wireless communication devices carried by the individuals in the public place or public carrier. The collected data pertaining to a group of individuals who are present near the display device, is processed and used to select appropriate advertisements that would most likely interest that group of individuals. The selected advertisements are displayed on the display device located in the public place or public carrier so as to provide targeted advertising to the group of individuals.

Abstract: Methods, systems, computer program products, and methods of doing business by improving quality of service (“QoS”) in network exchanges comprising a plurality of related request and response messages. A TQoS (“transactional QoS”) cookie is defined, which is used to store information needed when controlling response time (and perhaps other QoS factors as well) for messages exchanged with a particular client. In preferred embodiments, this QoS information comprises a relative priority for these related messages and an available bandwidth for transmitting messages to the client. The disclosed techniques enable applying consistent QoS requirements for delivery of all the related Web objects comprising a transaction. No changes are required on client devices or in client software, and there is no dependency on a client to support cookies.

Abstract: Methods, systems, computer program products, and methods of doing business by improving collection of clickstream data in network exchanges comprising a plurality of related request and response messages. A clickstream cookie is created by an application, and contains a clickstream data collection correlator for messages of a particular transaction. A Uniform Resource Locator (“URL”) token is created, and is used both in URLs of messages and in cookies downstream of a cookie jar for locating the application-generated correlator. In preferred embodiments, this application-generated correlator is a unique value which is used to identify related clickstream data once it is collected. A flag may also be used to indicate whether data collection is enabled. No changes are required on client devices or in client software, and there is no dependency on a client to support cookies.

Abstract: The present invention provides a method for automatically bookmarking a URL specified by a web author when a user of a web browser attempts to bookmark a different page or when a process updates bookmarks based on either the HTTP 301 return code or the HTML meta refresh markup. In accordance with the present invention, a web page author places an “alternate bookmark directive” in the page (HTML or XML format) associated with a particular URL. When this “alternate bookmark directive” in the HTML or XML file is received by the web browser or by a process updating bookmarks, and the user of the browser attempts to bookmark the URL being viewed or the process is verifying a bookmark, then either the browser is instead directed to bookmark the alternate URL from the tag or the process modifies the bookmark being verified using the alternate URL from the tag.

Abstract: The present invention provides a method for automatically updating bookmarks stored by a web browser when the bookmarked URL is invalid and a redirect to an alternate URL is specified. In accordance with the present invention, a web page author places redirect markups in the HTML or XML file associated with a particular URL. When this redirect markup in the HTML or XML file is received by the web browser, the user of the browser is given the option of replacing the existing bookmarked original URL with the redirect URL. Further, if desired, the bookmark, now containing the redirect URL, may also be modified to include the bookmarked original URL, so that, if desired, the user of the browser can try to reach the original URL if the redirect URL is no longer functional.

Abstract: A method, system, apparatus, and computer program product for using radio-frequency identification (RFID) technology to store product information in tags attached to items of merchandise is disclosed. The RFID tagging scheme of the present invention prevents tampering with stored information, global tracking of customers and their purchased items, and pricing mistakes made at the point of sale.

Abstract: A method, system, computer program product, and method of doing business by providing improved audio compression wherein an audio stream is securely transformed to an encoded text stream (such as an ASCII, EBCDIC, or Unicode text stream). One or more components which are involved in the transformation process are authenticated. A unique identifier of each such component is included within cryptographically-protected information that is provided for the encoded text stream. A digital signature is preferably used for the cryptographic protection, thereby digitally notarizing the encoded text stream. The authenticity and integrity of the encoded text stream can therefore be verified. In preferred embodiments, the authenticated identities of components performing the transformation can also be determined from the cryptographically-protected information.