Abstract: Various technologies and techniques are disclosed for providing host control of partial trust accessibility. A framework allows libraries to be identified as partial trust callers allowed to indicate that the libraries are allowed to be called from partially trusted code by default. The framework allows libraries to be identified as partial trust callers enabled to indicate the libraries could be called from partially trusted code, but not by default. A hosting application is notified that a particular library has been loaded. If the particular library has been identified as partial trust callers allowed, then a determination is received from the hosting application on whether to remove or keep partial trust accessibility for the particular library. If the particular library has been identified as partial trust callers enabled, then a determination is received from the hosting application on whether or not to enable partial trust accessibility for the particular library.

Abstract: In one embodiment of this invention, a computer system performs a method for securely sharing applications installed by unprivileged users. The method involves the computer system receiving a user associated command from a user of the computer system. A previous application installation included installing an application manifest and application data objects in a shared repository and installing a user manifest and user configuration data objects in a private repository for an initial installing user. The computer system verifies that a digital signature of the application manifest corresponds to a public key of a user manifest for the associated user. The computer system verifies that an application identifier of the application manifest matches an application identifier of the user manifest. The computer system verifies that the data objects belong to the software application by comparing the application data objects to one or more data object identifiers in the application manifest.

Abstract: The subject disclosure pertains to systems and methods that facilitate managing groups entities for access control. A negative group is defined using a base group, where the negative group associated with a base group includes any entities not included in the base group. Negative groups can be implemented using certificates rather than explicit lists of negative group members. A certificate can provide evidence of membership in the negative group and can be presented for evaluation to obtain access to resources. Subtraction groups can also be used to manage access to resources. A subtraction group can be defined as the members of a first group, excluding any members of a second group.

Abstract: An air conditioning system that includes desiccant compartments for holding a desiccant; a heat exchanger, a blower and a vessel. The heat exchanger can be filled with a heat transfer medium, while the blower blows ambient air by the heat exchanger such that the blown air is cooled and the heat exchanger is warmed such that thermal energy increases and is transferred from the air to the heat transfer medium causing the heat transfer medium to turn into vapor. The vapor is then diffused to one of the desiccant compartments such that the vapor is adsorbed onto the desiccant creating a mixture. Then an energy source is applied to the mixture such that the vapor and desiccant are separated. The separated vapor is transported to the vessel where it is condensed and then sent back to the heat exchanger, such that the system is able to be continuously operating.

Abstract: Techniques to provide evidence-based dynamic scoring to limit guesses in knowledge based authentication are disclosed herein. In some aspects, an authenticator may receive an input from a user in response to a presentation of a personal question that enables user access to a restricted resource. The authenticator may determine that the input is not equivalent to a stored value, and thus is an incorrect input. The authenticator may then determine whether the input is similar to a previous input received from the user. A score may be assigned to the input. When the input is determined to be similar to the previous input, the score may be reduced. Another request for an input may be transmitted by the authenticator when a sum of the score and any previous scores of the session is less than a threshold.

Abstract: An air conditioning system that includes desiccant compartments for holding a desiccant; a heat exchanger, a blower and a vessel. The heat exchanger can be filled with a heat transfer medium, while the blower blows ambient air by the heat exchanger such that the blown air is cooled and the heat exchanger is warmed such that thermal energy increases and is transferred from the air to the heat transfer medium causing the heat transfer medium to turn into vapor. The vapor is then diffused to one of the desiccant compartments such that the vapor is adsorbed onto the desiccant creating a mixture. Then an energy source is applied to the mixture such that the vapor and desiccant are separated. The separated vapor is transported to the vessel where it is condensed and then sent back to the heat exchanger, such that the system is able to be continuously operating.

Abstract: Various technologies and techniques are disclosed for implementing a Diffie-Hellman secret agreement. An application programming interface is provided that is operable to allow a first computer to generate a Diffie-Hellman secret agreement for communicating securely with a second computer over an insecure channel. A get public key operation is performed upon receiving a request to perform the get public key operation. The get public key operation gets a public key of the first computer. A retrieval operation is performed upon receiving a request to perform the retrieval operation. The retrieval operation retrieves the Diffie-Hellman secret agreement upon supplying a public key of the second computer.

Abstract: An air conditioning system that includes desiccant compartments for holding a desiccant; a heat exchanger, a blower and a vessel. The heat exchanger can be filled with a heat transfer medium, while the blower blows ambient air by the heat exchanger such that the blown air is cooled and the heat exchanger is warmed such that thermal energy increases and is transferred from the air to the heat transfer medium causing the heat transfer medium to turn into vapor. The vapor is then diffused to one of the desiccant compartments such that the vapor is adsorbed onto the desiccant creating a mixture. Then an energy source is applied to the mixture such that the vapor and desiccant are separated. The separated vapor is transported to the vessel where it is condensed and then sent back to the heat exchanger, such that the system is able to be continuously operating.

Abstract: The subject disclosure pertains to systems and methods that facilitate managing access control utilizing certificates. The systems and methods described herein are directed to mapping an access policy as expressed in an access control list to a set of certificates. The set of certificates can be used to grant access to resources in the manner described by the ACL. The certificates can be distributed to entities for use in obtaining access to resources. Entities can present certificates to resources as evidence of their right to access the resources. The access logic of the sequential ACL can be transformed or mapped to a set of order independent certificates. In particular, each entry, position of the entry in the list and any preceding entries can be analyzed. The analysis can be used to generate order independent certificates that provide access in accordance with the access policy communicated in the ACL.

Abstract: The subject disclosure pertains to systems and methods that facilitate entity-based for access management. Typically, access to one or more resources is managed based upon identifiers assigned to entities. Groups of identifiers can be assigned to access rights. An authority component can manage an exclusion group that excludes an entity, regardless of the identifier utilized by the entity. Access control components can utilize exclusion groups in access policies to define access rights to a resource.

Abstract: The subject disclosure pertains to systems and methods that facilitate managing groups entities for access control. A negative group is defined using a base group, where the negative group associated with a base group includes any entities not included in the base group. Negative groups can be implemented using certificates rather than explicit lists of negative group members. A certificate can provide evidence of membership in the negative group and can be presented for evaluation to obtain access to resources. Subtraction groups can also be used to manage access to resources. A subtraction group can be defined as the members of a first group, excluding any members of a second group.

Abstract: Various technologies and techniques are disclosed for providing host control of partial trust accessibility. A framework allows libraries to be identified as partial trust callers allowed to indicate that the libraries are allowed to be called from partially trusted code by default. The framework allows libraries to be identified as partial trust callers enabled to indicate the libraries could be called from partially trusted code, but not by default. A hosting application is notified that a particular library has been loaded. If the particular library has been identified as partial trust callers allowed, then a determination is received from the hosting application on whether to remove or keep partial trust accessibility for the particular library. If the particular library has been identified as partial trust callers enabled, then a determination is received from the hosting application on whether or not to enable partial trust accessibility for the particular library.

Abstract: Access control as it relates to policies or permissions is provided based on a created model. A security policy is abstracted and can be independent of a mechanism used to protect resources. An asbstract model of a potential user, user role and/or resource is created without associating a specific individual and/or resource with a model. These abstract user models and abstract resource models can be used across applications or within disparate applications. The abstracted security policies can be selectively applied to the model. Specific users and/or resources can be associated with one or more abstract user model or abstract resource model. The models can be nested to provide configurations for larger systems.

Abstract: In one embodiment of this invention, a computer system performs a method for securely sharing applications installed by unprivileged users. The method involves the computer system receiving a user associated command from a user of the computer system. A previous application installation included installing an application manifest and application data objects in a shared repository and installing a user manifest and user configuration data objects in a private repository for an initial installing user. The computer system verifies that a digital signature of the application manifest corresponds to a public key of a user manifest for the associated user. The computer system verifies that an application identifier of the application manifest matches an application identifier of the user manifest. The computer system verifies that the data objects belong to the software application by comparing the application data objects to one or more data object identifiers in the application manifest.

Abstract: A data processing system and method are disclosed for protecting data within a hard disk drive included within a data processing system. Data is generated. A signature value is provided which is stored in a signature device. The signature device is capable of being inserted into and removed from a computer system. A textual description of the data is created. The data is encrypted utilizing both the signature value stored on the device and the textual description. The encrypted data is then stored on the hard disk drive. The data processing system does not permanently store encryption keys.

Abstract: The present invention involves a stringed musical instrument having a lower portion comprised of a resonance body and an upper portion comprised of a neck and headstock. The resonance body encloses a resonating chamber and has a sound board and a bridge for fastening multiple strings. One or more sound holes are carried by the resonance body. The neck has an upper end from which the headstock extends and a lower end that is secured to the resonance body. Multiple pegs located in the headstock are connected to the strings for tightening and loosening the strings. One or more sound holes are located in the upper portion of the instrument. An elongated, hollow, enclosed passage is located in the upper portion of the instrument and communicates the resonating chamber with the one or more sound holes in the upper portion.

Abstract: A cryptographic key recovery system that is interoperable with existing systems for establishing keys between communicating parties. The sender uses a reversible key inversion function to generate key recovery values P, Q and (optionally) R as a function of a session key and public information, so that the session key may be regenerated from the key recovery values P, Q and (if generated) R. Key recovery values P and Q are encrypted using the respective public recovery keys of a pair of key recovery agents. The encrypted P and Q values are included along with other recovery information in a session header accompanying an encrypted message sent from the sender to the receiver. The key recovery agents may recover the P and Q values for a law enforcement agent by decrypting the encrypted P and Q values in the session header, using their respective private recovery keys corresponding to the public keys.

Abstract: An improved dental procedure and apparatus where ultraviolet radiation pulses are used to etch selectively both hard tissue and soft tissue in dental procedures. There exists distinct ablation thresholds for hard and soft tissue which are dependent on the material being ablated for a given wavelength of the ultraviolet radiation. Sufficient differences in ablation threshold exist for enamel, dentin, and carious material, thereby allowing dentists to perform both hard tissue and soft tissue procedures without excess damage to healthy enamel, dentin or other pulp structures.

Abstract: An improved dental procedure and apparatus where ultraviolet radiation pulses are used to etch selectively both hard tissue and soft tissue in dental procedures. There exists distinct ablation thresholds for hard and soft tissue which are dependent on the material being ablated for a given wavelength of the ultraviolet radiation. Sufficient differences in ablation threshold exist for enamel, dentin, and carious material, thereby allowing dentists to perform both hard tissue and soft tissue procedures without excess damage to healthy enamel, dentin or other pulp structures.

Abstract: An improved dental procedure contacts a tooth with a fluoride carrier to produce a fluoride containing layer on the tooth. The tooth is then irradiated with UV radiation in the wavelength range of 100-400 nm. The fluoride carrier is at least 70% transparent to UV radiation, and the radiation is provided with sufficiently low energy to avoid inflicting pain on the patient.