Abstract: In this system, a monitor unit monitors outbound communications through a network interface. A process designation unit designates a process 2X which has generated communications. A process tree obtaining unit obtains and outputs process tree information for designation of an upper process to the process 2X. A discrimination unit refers to an illegal rule file for definition of an illegal process by a combination of a process and an upper process which have generated communications, and determines whether or not a process 2X is illegal according to communications information, process information, and process tree information. A process stop unit stops a process 2X determined to be illegal. A notification unit notifies a user of the stop of the process 2X.

Abstract: In a system for providing software maintenance service, a server includes: a storage unit that stores a determination rule for determining whether to deny a process request to the faulty software; and a transmitting unit that transmits the determination rule to the client. The client includes: a determination-rule receiving unit that receives the determination rule; a process-request receiving unit that receives the process request; and a determining unit that determines whether to deny the process request based on the determination rule.

Abstract: A malicious access-detecting apparatus which is cable of grasping the whole aspect of an attack which can occur, before it actually occurs. A monitoring information-collecting section collects monitoring information including the network events detected by the monitoring devices on networks. A malicious apparatus group-deriving section retrieves a corresponding piece of the event information from an event information storage device, and derives, based on the retrieved piece of the event information, apparatuses that are involved in relevant detected network events which belong to the predetermined type of network events and of which addresses of senders or recipients are same, as a malicious apparatus group involved in the predetermined type of malicious access. A storage section stores information on each derived malicious apparatus group. An output section outputs a list of the each derived malicious apparatus group.

Abstract: A communication-information acquisition section 240a acquires information related to a traffic and communication address of a communication packet based on setting information related to acquisition of information that is stored in setting-data. Worm detection section makes a judgment of whether a communication is executed by a worm based on information acquired by the communication-information acquisition section and information related to judgment criteria that is stored in the setting-data and which regulates whether the communication is executed by a worm.

Abstract: An unauthorized access detection device capable of detecting unauthorized accesses which are made through preparation, in real time. When a packet travels on a network, a key data extractor obtains the packet and obtains key data. Next an ongoing scenario detector searches an ongoing scenario storage unit for an ongoing scenario with the key data as search keys. A check unit determines whether the execution of the process indicated by the packet after the ongoing scenario detected by the ongoing scenario detector follows an unauthorized access scenario being stored in an unauthorized access scenario storage unit. Then a report output unit outputs an unauthorized access report depending on the check result of the check unit.

Abstract: An unauthorized access prevention system includes a countermeasure execution status screen generation unit, a countermeasure execution instruction obtaining unit, and a countermeasure execution control unit. With the configuration, the countermeasure execution status screen generation unit generates a screen on which a case where countermeasures are being taken to protect a destination against unauthorized access in traffic entering a predetermined position on a communications network can be identified. The countermeasure execution instruction obtaining unit obtains an instruction to take the countermeasures to be taken for each type of traffic or an instruction to suspend the countermeasures being taken. The countermeasure execution control unit controls to take the countermeasures or to suspend the countermeasures at the instruction.

Abstract: An unauthorized access prevention system that includes a search unit searching the flowing-in path of the unauthorized access to the services by a Web system disclosed by a user's ISP, a determination unit determining the place to implement a countermeasure for protecting the services from the unauthorized access based on the result of the search, and a notification unit notifying, according to a determination that that the countermeasure is implemented in the flow source that makes the unauthorized access flow into the user's communication network, the determination to the flow source.

Abstract: A security management apparatus is capable of taking various security measures while referencing machine information and hence excellent in flexibility and widely applicable. The apparatus includes a security diagnostic unit for making a security diagnosis on the basis of security information obtained from a security information providing apparatus for providing information concerning security in a network and further on the basis of machine information obtained from at least one network machine connected to a network to judge a type of security-related processing to be executed for the network machine and also judge whether or not the security-related processing needs to be executed. A security execution unit executes predetermined security measure processing for the network machine on the basis of a result of diagnosis made by the security diagnostic unit.

Abstract: Method signatures included in an input program are detected. An access analyzer sequentially analyzes the method signatures and obtains a run-time access right list based on a rule. This rule specifies method signatures and the access rights which may possibly be included in the program so that the method signatures correspond to the access rights, respectively. A comparator compares the run-time access right list with the design-time access right list in width of restriction based on another rule. This rule specifies widths related to restrictions of the access rights which may possibly be included in the program.

Abstract: The digital signatures of users A and B are created for a transaction document which states the contents of a transaction between the users A and B, and they are sent to a transaction proof device of a notary public being a third party, together with the transaction document. Thus, the users A and B and the notary public share information, and the notary public can objectively prove the transactional contents, etc.

Abstract: The filtering system includes the incorrect request database that stores patterns of incorrect accesses to the Web server. The estimation unit that estimates the correctness of an access request from a client device based on the patterns stored in the incorrect request database and a predetermined estimation rule. The decision unit decides whether the access request is to be passed to the Web server based on the result of estimation by the estimation unit and a predetermined decision rule.

Abstract: A filtering apparatus includes an illegal request DB (database) which stores patterns of illegal accesses to a Web server, an estimation section which estimates the legality of an access request from a client device based on the illegal access patterns stored in the illegal request DB and on a predetermined estimation rule, and a determination section which determines whether the access request is to be transmitted to the Web server based on an estimation result of the estimation section and on a predetermined determination rule.

Abstract: The system includes the monitor agent that analyzes log of an entity. When an abnormality is detected, the monitor agent notifies about the abnormality to the control manager. The control manager decides a countermeasure and a countermeasure request party from the database and informs them to the action agent which the countermeasure request party. The action agent implements the countermeasure.

Abstract: The security information mediation apparatus comprises security information registering unit which registers security information supplied by a client of a user, a transfer unit which transfers the security information registered in the security information registering unit to a client of a program developer. This client judges the usefulness of the security information and outputs reply information when the security information is useful. A reply information registering unit receives the reply information and payment information that indicates payment of the information presentation fee of the corresponding security information from the developer client. A transfer unit transfers the reply information and payment information to the client of the user.

Abstract: In an authentication system for companies, a server appends suitable verification data to an electronic document to be circulated through terminal units for persons in charge. Each terminal is allocated a unique function in advance and applies it to the verification data in turn when receiving the document. Upon receipt of the document that has been circulated through the persons in charge, the server examines the function-applied value appended to the document to determine whether the document has been circulated correctly through the persons in charge, or via the correct route.

Abstract: A prestaging method is adapted to a computer system comprising a central processing unit, a buffer and a secondary storage, where the prestaging method reads input data of a submitted job into the buffer from the secondary storage before executing the submitted job so as to carry out a prestaging.

Abstract: A prestaging method is adapted to a computer system comprising a central processing unit, a buffer and a secondary storage, where the prestaging method reads input data of a submitted job into the buffer from the secondary storage before executing the submitted job so as to carry out a prestaging.

Abstract: An interface conformance verification system uses a computer to verify, e.g., the interface between modules in a large computer program or other a verification target. The interface conformance verification system includes an information collector and a verifier. The information collector receives at least one module group made up of one or more modules, collects as identification data pieces of target information on a predetermined operation, and creates sets, each having elements formed of the identification data. For example, the identification data may be a list of all variables declared, referenced or assigned a value in respective modules. Each set may correspond to a module or a plurality of modules. The verifier has a set operating mechanism and judging unit.

Abstract: A vibration suppressing device for a wheeled construction equipment having a wheeled chassis, a working device operatively supported on the wheeled chassis, and a hydraulic circuit including hydraulic actuators for operating the working device for up-and-down motion. The vibration suppressing device includes an accumulator filled with a pressurized gas for suppressing vibrations, and a mode changeover valve for connecting the accumulator to the load bearing pressure chambers of the hydraulic actuators in a travelling mode in which the wheeled construction equipment operates for running, and for disconnecting the accumulator from the load bearing pressure chambers of the hydraulic actuators in a working mode in which the wheeled construction equipment operates. When the working device is held at a height in the range of zero to a minimum limit height from the road, the vibration suppressing device meets conditions: P.sub.G x V.sub.A.sup.n .ltoreq.P.sub.H x V.sub.F.sup.n and P.sub.G .ltoreq.P.sub.H, where P.

Abstract: A hydraulic rotation control circuit for a rotational actuator such as a hydraulic motor for rotating a rotary frame of a hydraulic crane, the circuit employing a combination of a number of check and variable reducing valves in a manner which allows smooth and delicate control of the rotation of the actuator to provide an operation performance equivalent to that of mechanical drive, including coasting operation of the motor.