Abstract: The presented method allows a virtual TRUSTED PLATFORM MODULE (TPM) instance to map the Platform Configuration Registers (PCR) register state of a parent virtual TPM instance into its own register space and export the state of those registers to applications inside the virtual machine associated with the virtual TPM instance. Through the mapping of PCR registers, the procedure of attesting to the overall state of a virtual machine can be accelerated, since the state of all measurements relevant to the trustworthiness of a virtual machine are all visible in the combined view of mapped and non-mapped PCR registers. Registers that are mapped into the register space of a virtual TPM instance reflect the state of trustworthiness of those virtual machines that were involved in the creation of the virtual machine that is being challenged.

Abstract: The invention includes various systems, architectures, frameworks and methodologies that can securely enforce a privacy policy. A method is include for securely guaranteeing a privacy policy between two enterprises, comprising: creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first entity will be enforced by the privacy rules engine of the first enterprise; sending the message to a second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.

Abstract: A data management system and method are provided. Specifically, the present invention includes a system for controlling access to data and ensuring that the confidentiality of the data is maintained. In addition, the present invention provides a system for updating data so that confidential data, which has become non-confidential, can be identified and exposed.

Abstract: A symmetric key cryptographic method is provided for short operations. The method includes batching a plurality of operation parameters (1503), and performing an operation according to a corresponding operation parameter (1505). The symmetric key cryptographic method is a Data Encryption Standard (DES) method. The short operations can be less than about 80 bytes. The short operations can be between 8 and 80 bytes. The method includes reading the batched parameters from a dynamic random access memory (1504), and transmitting each operation through a DES engine according to the operations parameter (1505).

Abstract: The invention includes various systems, architectures, frameworks and methodologies that can securely enforce a privacy policy. A method is include for securely guaranteeing a privacy policy between two enterprises, comprising: creating a message at a first enterprise, wherein the message includes a request for data concerning a third party and a privacy policy of the first enterprise; signing and certifying the message that the first enterprise has a tamper-proof system with a privacy rules engine and that the privacy policy of the first entity will be enforced by the privacy rules engine of the first enterprise; sending the message to a second enterprise; and running a privacy rules engine at the second enterprise to compare the privacy policy of the first enterprise with a set of privacy rules for the third party.

Abstract: A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications.

Abstract: A computer implemented method, data processing system, and computer program product for managing computer workloads with security policy enforcement. When a determination is made that a component in a data processing system has failed to meet processing requirements, a candidate host to where the component may be migrated based on performance considerations is identified. A first security policy associated with the component is compared to a second security policy associated with the candidate host to determine if the first security policy is equivalent to or stronger than the second security policy. Responsive to a determination that the first security policy is equivalent to or stronger than the second security policy, the component is migrated to the candidate host.

Abstract: A scheme for protecting policy state information during the lifetime of a virtual machine is presented. In order to protect and preserve the policy state information of the virtual machine, a process creates a source policy, a mapping policy, and a binary policy. These polices are all different representations of a security policy. The different policy representations are chained together via cryptographic hashes.

Abstract: An improved edgewise orthodontic bracket is disclosed. In one embodiment, a bracket comprises a single pair of opposing T-shaped tie wings which define an archwire slot therebetween. Notches are provided on each of the mesial and distal sides of the center leg of each T-shaped tie wing for selectively receiving a ligating device. The notches are defined in the gingival/occlusal edges of the tie wings and comprise sloped portions that extend labially towards the archwire slot. Convex sidewall portions and convex floor portions are provided in the archwire slot adjacent to the notches. The body of the bracket is interconnected to a base that includes a continuous series of characters that serve as texturing to facilitate bonding of the bracket with a tooth. A discontinuous perimeter rail may be used at the edge of the base. A method for forming a bracket is also provided.

Abstract: An exemplary method is provided for managing and mitigating security risks through planning. A first security-related information of a requested product is received. A second security-related information of resources that are available for producing the requested product is received. A multi-stage process with security risks managed by the first security-related information and the second security-related information is performed to produce the requested product.

Abstract: A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.

Abstract: A trusted co-server, and a method of using a trusted co-server, for a service provider. The co-server executes a program such that: for multiple parties P0–Pn (where Po is said co-server), each party Pi may (optionally) provide input Ii, and then said co-server carries out N functions: Fi (io . . . In) describes what the co-server returns to party Pi. The preferred embodiment of the invention raises the trust level of the computation and data storage at the server. For instance, this invention may be witness to authenticity of certain data coming back to the client. This data can include assertions from the trusted co-server about the server content and configuration. The invention, also, can provide privacy of data going back to the server, by keeping it encrypted between the client and the co-server, and then re-encrypting it before inserting it into the server.

Abstract: An access control system and method includes a risk index module which computes a risk index for a dimension contributing to risk. A boundary range defined for a parameter representing each risk index such that the parameter above the range is unacceptable, below the range is acceptable and in the range is acceptable with mitigation measures. A mitigation module determines the mitigation measures which reduce the parameter within the range.

Abstract: A financial information system provides enhanced data and/or indicators regarding reported corporate earnings.

Abstract: A method, system and computer program product for enhancing the functionality of the existing core root of trust measurement (CRTM). The CRTM is extended to allow platform manufacturer controlled and certified code to be incorporated into the function of the CRTM, wherein the manufacturer may define the policy for accepting a new function into the CRTM. When a firmware or software module image is compiled, the build process generates a hash value of the compiled firmware or software image, wherein the hash value reflects a fingerprint (or short hand) representation of the compiled image. A determination is made as to whether the hash value of the firmware or software image is to be a CRTM extension. If so, a digital signature of the module is created using the CRTM extension private key. This signature value is added to the firmware or software module.

Abstract: Techniques are disclosed for systematically assessing an enterprise's security risks in view of a set of security patterns. Each pattern that is applicable to the enterprise's operation is then considered against the backdrop of a set of common attributes that are used, in turn, to further distinguish each pattern from a risk and security solution perspective. Using the disclosed techniques, specific security risks can be identified and appropriate security products can be selected to address those risks in a systematic manner, thereby assisting information technology decision makers across a wide variety of enterprises in deriving security solutions. These security solutions will typically be more effective and efficient from a functional perspective, as well as being more cost-effective, than security solutions created using prior art ad hoc approaches. The disclosed techniques may also be leveraged to create a requirements list for function to be included in a security product.

Abstract: The present invention comprises a continuous series of alpha-numeric characters (such as letters or numerals) or symbols (such as company logos) that are formed in a manner such that the symbols or characters on the base of the bracket serve as texturing to facilitate bonding of the bracket with the tooth when the base of the bracket is attached to the tooth using an adhesive. In a separate aspect of the invention, a perimeter rail, and more preferably, a discontinuous perimeter rail may be used at the edge of the base. A method for forming a bracket is also provided.

Abstract: A customer relationship management (CRM) system in which customer data can be dynamically controlled by the customer. The CRM system may reside on a server that is accessible by a plurality of customers of a business and a customer service representative (CSR) of the business, and comprise: a database for storing data for each of the plurality of customers related to interactions with the business; a customer interface that allows each customer to access customer specific data; a data subset identification system that allows the customer to identify a subset of the customer specific data; and a CSR interface that allows the CSR to view only the subset of customer specific data.

Abstract: A mobile-dining meal holder including a plate and detachable beverage cup, the cup having a lip with an annular ring thereabout projecting radially to form an interfacing surface and the plate including (a) a lid portion pressing against the interfacing surface and terminating in a downward skirt having an inner taper that engages against the same taper of the beverage container, and (b) a tray portion having food-holding areas spaced about the lid portion, the cup, plate, bead and skirt being configured and arranged to engage despite food-loading and usage forces. Food-receiving depressed regions have vertically extending portions positioned and arranged transversely with respect to pivot lines on the tray portion in order to avoid excessive flexing under food and dining loads. The beverage container acts as the pillar of support for the mobile dining meal holder. This arrangement allows the mobile-dining meal holder to disengage from the bottom of the cup.

Abstract: The present invention comprises a continuous series of alpha-numeric characters (such as letters or numerals) or symbols (such as company logos) that are formed in a manner such that the symbols or characters on the base of the bracket serve as texturing to facilitate bonding of the bracket with the tooth when the base of the bracket is attached to the tooth using an adhesive. In a separate aspect of the invention, a perimeter rail, and more preferably, a discontinuous perimeter rail may be used at the edge of the base. A method for forming a bracket is also provided.