Abstract: The present invention is embodied in a system and method for monitoring and alerting remote client users of digital intrusions of their computers by host servers. In general, the present invention monitors actions taken by host servers relating to information about the remote client and displays graphical alerts when a digital intrusion or a breach of security occurs during a network connection, such as a connection to the Internet, with the host server. Specifically, the present invention monitors certain aspects of the remote client user s interaction with host servers. Based on certain interaction, such as an attempt by the host server to retrieve non-related information about the remote client, the remote client user can be provided with a graphical alert. This allows the remote client user to make an informed decision whether or not to allow certain host server sites to retrieve the client user s personal information.

Abstract: A system and method for providing multiple virtual private networks from a computer system. The computer system communicates with a remote computer system in order to allow encrypted data traffic to flow between the respective systems. Two phases are used to authenticate the computer systems to one another. During the first phase, digital certificates or pre-shared keys are used to authenticate the computer systems. A phase 1 ID rules list contains authentication rules for local-remote computer pairs. During the second phase, a hash value is used to authenticate the computer systems and a security association payload is created. The remote system's IP address is used for connecting. The phase 1 ID rules list corresponds to one or more phase 2 ID rules lists. If the remote ID is not found in the phase 2 ID rules list, a default rule is used based upon the phase 1 ID rules list.

Abstract: A method of protecting a data processing system is provided. In a preferred embodiment the data processing system temporarily switches from a main system library mode to a safe system library mode. A user then may open and read a document, such as, for example, an e-mail message, and any virus or worm contained in the document will be prevented from executing and damaging the data processing system.

Abstract: A method and apparatus for use in data processing system for selecting rules to filter data for a tunnel. A request is received to create a tunnel to another data processing system. A granularity of information about the data processing system is identified to form an identified granularity. The identified granularity of the information about the data processing system is used to select a rule, which matches the identified granularity. This rule is placed in a filter, wherein the filter associates data packets with the tunnel.

Abstract: For a presentation comprising a plurality of presentation segments, timing is established through the combination of assigning a portion of a total presentation time to each of the plurality of presentation segments, displaying the time assigned to each of said presentation segments, enabling a user to change the time assigned to the segment being presented, and in response to a change in said time, dynamically reapportioning the remaining total time among the subsequent sequential presentation segments. The reapportioned times for said subsequent sequential presentation segments can further be displayed. There may also be means, responsive to the change in the time, for dynamically eliminating one of said sequential segments. In slide presentations, there may be means for displaying the reapportioned times for said subsequent sequential individual slides together with miniaturizations of each of said subsequent sequential individual slides.

Abstract: Protecting open Web sites from known malicious users in a World Wide Web (Web) communication network with access to a plurality of open Web sites responsive to requests from users at IP addresses throughout the Web. There is provided in association with a protected open Web site, a stored list of the IP addresses of known malicious users combined with means for comparing the IP addresses of each user requesting access to the protected open Web site to said list of IP addresses of the known malicious users. There are also implementations responsive to the comparing means for diverting to an alias address for the protected Web site any request from the IP address of a malicious user. The alias address is provided by a function associated with the protected open Web site. The present invention is applicable in circumstances where the malicious users or “crackers” are already known.

Abstract: A system and method for providing multiple virtual private networks (VPNs) from a computer system. Configuration information is maintained for connections, or tunnels, established between a local computer system and a number of remote computer systems. The configuration information includes information about the endpoints, or local-remote computer pairs, policies used to determine preferred access methods for connecting a given pair of computers, pre-shared keys, and digital certificates for providing keys to encrypt and decipher data. A local-remote pair is selected from an endpoints table. A policy corresponding to the selected local-remote pair is selected determining the access method(s) to be attempted in securely connecting the two computer systems. If an access method uses a digital certificate, the corresponding information is retrieved from a digital certificate table. The decision whether to check the digital certification has been revoked is stored in the endpoints table.

Abstract: A system and method for providing multiple virtual private networks from a computer system. The computer system communicates with a remote computer system in order to allow encrypted data traffic to flow between the respective systems. Two phases are used to authenticate the computer systems to one another. During the first phase, digital certificates or pre-shared keys are used to authenticate the computer systems. A phase 1 ID rules list contains authentication rules for local-remote computer pairs. During the second phase, a hash value is used to authenticate the computer systems and a security association payload is created. The remote system's IP address is used for connecting. The phase 1 ID rules list corresponds to one or more phase 2 ID rules lists. If the remote ID is not found in the phase 2 ID rules list, a default rule is used based upon the phase 1 ID rules list.

Abstract: A method of securing data traffic between a local and remote host systems is provided. The method includes autogenerating a filter having rules associated with a defined tunnel. The filter rules are used to permit or deny acceptance of transmitted data by the host system and to direct traffic to the tunnel. The tunnel, on the other hand, is used to keep data confidential. The method further includes autogeneration of a counterpart tunnel and associated filter to be used by the remote host when in communication with the local host. The method further autogenerates a new filter to reflect changes to any one of the tunnels and autodeactivates the filter associated with a deleted tunnel.