Abstract: A method and system for securely timestamping digital data is disclosed. A secure encryption key is provided within a timestamping module. The timestamping module comprises a processor for performing security functions with the secure encryption key. The processor is operable in a first mode wherein the secure encryption key is used for encryption operations and for test operations and in a second mode in which the secure encryption key is only used for timestamping operations. Once the processor performs a function with the secure encryption key in the second mode it is precluded from performing further functions in the first mode with the secure encryption key. After the processor has been placed in the second mode of operation a unique code for being embedded within timestamped digital data is generated. Data indicative of a real time a request for a timestamping operation has been received is then provided to the processor from a real time clock.

Abstract: Methods and apparatus are described for generating a gaming application signature which uniquely represents a gaming application having a plurality of gaming application objects associated therewith. A subset of the plurality of gaming application objects are retrieved. An object signature is generated for each of the retrieved gaming application objects. The object signatures are combined to generate the gaming application signature.

Abstract: A software controlled device comprises a central processing unit (CPU) and a memory unit. The CPU comprises a digital signature algorithm and a private key; wherein the memory unit stores run-time binary code. A digital signature is derived during manufacture from the digital signature algorithm, the private key and the run time binary code, then stored in the CPU and, in use, the CPU recalculates the digital signature and compares it with the stored digital signature, such that if the two signatures are not identical, the run-time code will not execute. A method of preventing fraudulent use of an electronic device comprising a central processing unit (CPU) and a memory unit is also provided.

Abstract: Methods, devices, and systems for closing back door access mechanisms. A processor includes a first register configured to store one or more hardware-debug-test (HDT) enable bits, a first control logic coupled to receive a plurality of HDT input signals, and a second control logic coupled to the first register. The first control logic is coupled to access the first register. The second control logic is configured to store one or more default values in the first register in response to a reset of the processor. Another processor includes a first control logic coupled to receive a plurality of microcode inputs, a first register coupled to the first control logic, and a second control logic coupled to the first register. The first register is configured to store one or more microcode loader enable bits. The second control logic is configured to store one or more default values in the first register in response to a reset of the processor.

Abstract: System and method for facilitating initiation and disposition of an online motion (e.g., a motion filed and processed within the context of a legal proceeding, etc.) within an access controlled environment within the context of a court proceeding. The system and method include and involve an access control facility accessible via a global data processing network and configured to maintain user information, and to permit or deny a user to enter an access controlled environment within a data processing environment and to perform user operations within the access controlled environment related to the online motion. A transaction management facility is operable within the access controlled environment and is coupled to the access control facility, and is configured to store and maintain transaction data based on online motion, the user operations, and a security scheme.

Abstract: This invention relates to a system that generates an output from an input by a cryptographic hash-based method. The method generates the output by reading from and writing to an intermediate storage medium, in accordance with an addressing schedule. The output can subsequently be validated, or can be used in the formation of an encryption/decryption key.

Abstract: A user authentication method of making determination of identity of a user based on an image of a part of a body of a user as biometrics captured by a sensor, including searching, with respect to feature information extracted from a single image of a part of a body captured by the sensor and a frame as a series of images of the part of the body captured by the sensor, a corresponding point between a preceding frame and a current frame to conduct user authentication based on a sweep pattern as a series of moving vectors obtained by calculating a moving vector of relative movement of a finger.

Abstract: A system and method for executing computer virus definitions containing general purpose programming language extensions is described. One or more virus definition records are stored in a computer virus data file. Each virus definition record includes an identifier, a virus detection section and an extension sentence. The identifier uniquely identifies a computer virus. The virus detection section includes object code providing operations to detect the identified computer virus within a computer system. The extension sentence includes object code providing reusable operations implemented in a general purpose computing language. For each virus definition record, at least one of the object code of the virus detection section and the extension sentence is interpreted.

Abstract: The present invention provides a new and novel system and method for protecting a computer software product from its unauthorized use. In a preferred embodiment of the invention, a computer system or any other processor based hardware must ‘download’ a credit from an authorized licensing system in order to operate a software product. The invention also provides a novel way of utilizing dynamic encryption techniques that are used to exchange credits. The dynamic encryption techniques ensure that the licensing credits exchange taking place between the computer system and licensing system in the form of binary bit segments appear to be ‘random’ in nature. The credits are transferable from one form of licensing system to another licensing system adapted in a different embodiment. The licensing system also provides a convenient way to add or subtract the number of available credits in it.

Abstract: A transponder used in conjunction with a computer software product discourages unauthorized copying. The transponder is attached to or embedded in the computer-readable media (e.g. the CD-ROMs, DVDs) that comes with the product. Before the software product can be installed on a user's computer, the installation software may activate a radio-frequency (RF) device and query the transponder for an identification number. The identification number is associated with the particular copy of the software that the user is attempting to install. The installation software attempts to verify the identification number and, if successful, proceeds with the installation of the software.

Abstract: The invention concerns a process to protect a vulnerable software working on a data processing system against its unauthorized usage using a processing and memorizing unit. The process comprises defining: 1) a set of elementary functions whose elementary functions are liable to be executed in a processing and memorizing unit 2) a set of elementary commands, said elementary commands being liable to be executed in the data processing system and to trigger the execution in a processing and memorizing unit, of the elementary functions 3) exploitation means designed to be used in a processing and memorizing unit during a usage phase, and enabling to execute the elementary functions of said set.

Abstract: The invention concerns a process to protect a vulnerable software working on a data processing system against its unauthorized usage using a processing and memorizing unit. The process comprises creating a protected software by choosing in the source of the vulnerable software at least one conditional branch and by producing the source of the protected software so that during the execution of the protected software a second execution part, executed in the processing and memorizing unit, executes at least the functionality of the chosen conditional branch and puts at the data processing system's disposal a piece of information enabling it to know where to carry on the execution of the software.

Abstract: In a security module for a host device of an account management system, a host device for exchanging electronic goods, services, data and/or funds between host devices of an account management system as well as an account management system itself, in order to protect financial data and customer accounts at the highest level possible at the application layer, little use of organizational and administrative security measures is made, and technical and cryptographic security measures are built into the database and network systems that handle the account data.

Abstract: The stream processor of the present invention includes: a selection section and first to fifth processing sections. In the selection section, a plurality of inputs are associated with a plurality of outputs according to control from outside so that streams sent to the plurality of inputs are passed to the associated outputs. The first processing section sends a first stream to the first input among the plurality of inputs. The second processing section sends a second stream to the second input among the plurality of inputs. The third processing section receives a stream from the first output among the plurality of outputs. The fourth processing section receives a stream from the second output among the plurality of outputs. The fifth processing section receives a stream from the third output among the plurality of outputs, subjects the received stream to predetermined processing, and sends the processed stream to the third input among the plurality of inputs.

Abstract: A system and method for automatically inputting user data into Internet based electronic forms includes creating an autofill profile at a user computer. The autofill profile includes user information and is stored at the user computer. When electronic forms are encountered on the Internet, information from the autofill profile is used to automatically fill the input fields of the electronic form. The autofill profile is automatically updated with new user information each time an electronic form is submitted to a server, if the form includes new information manually input by the user.

Abstract: The invention concerns a process to protect a vulnerable software working on a data processing system against its unauthorized usage using a processing and memorizing unit. The process comprises creating a protected software by choosing in the source of the vulnerable software at least one algorithmic processing and by producing the source of the protected software so that during the execution of the protected software appear several distinct steps, namely 1) the placing of at least one operand at the processing and memorizing unit's disposal 2) the carrying out by the processing and memorizing unit, of the algorithmic processing's functionality on at least said operand 3) and possibly, the placing at the data processing system's disposal of at least one result by the processing and memorizing unit.

Abstract: A method of protecting a microcomputer system against manipulation of data stored in a memory assembly of the microcomputer system is provided. The method may protect, for example, a control program stored in the memory assembly of a motor vehicle control device. To secure and reliably protect the microcomputer system against manipulation of the data, the data is stored in the memory assembly marked or encrypted using an asymmetrical encryption method. The data may, for example, be encrypted outside the microcomputer system using an encryption algorithm and a private key, which is accessible to only a limited group of persons. The data may be decrypted in the microcomputer system using a decryption algorithm and a freely accessible public key.

Abstract: A network system capable of positively preventing information (content) having copyright from being outputted unfairly is provided. In an information processing apparatus in which a content managed at a content managing side is acquired via communication and the acquired content is printed and outputted, storing means stores information regarding the number of outputtable prints of the content. Output means effects print output of the content on the basis of the information stored in the storing means.

Abstract: Multiple information is extracted from an unknown recording and information associated therewith. Associated information includes the filename, if the recording is a computer file in, e.g., MP3 format, or table of contents (TOC) data, if the recording is on a removable medium, such as a compact disc. At least one and preferably several algorithmically determined fingerprints are extracted from the recording using one or more fingerprint extraction methods. The information extracted is compared with corresponding information in a database maintained for reference recordings. Identification starts with the most accurate and efficient method available, e.g., using a hash ID, a unique ID or text. Fingerprint matching is used to confirm other matches and validation is performed by comparing the duration of the unknown and a possibly matching reference recording.

Abstract: A personal key having an inexpensive and robust integrated USB connector is disclosed. The apparatus comprises a circuit board having a processor and a plurality of conductive traces communicatively coupling the processor to a peripheral portion of the circuit board. The plurality of conductive traces includes, for example, a power trace, a ground trace, and at least two signal traces. The apparatus also comprises a first housing, having an aperture configured to accept the periphery of the circuit board therethrough, thereby presenting the plurality of conductive traces exterior to the aperture. The apparatus also comprises a shell, surrounding the plurality of conductive traces, the shell including at least one locking member interfacing with the first housing.

Abstract: The invention is directed to a caching system for authorization requests. The authorization request is intercepted by a authorization manager. The manager searches in a cache for matching request criteria. If found, the manager returns the result of the request based on the cache information. If not, the normal authorization techniques may be implemented in an associated authorization protocol, whereby the results of the authorization are returned to the requesting party. However, the results of the protocol are also stored in the cache, where they may be found by a later user.

Abstract: A method and system for enabling safe external connectivity for a workstation, by using multiple mass-storage devices, each of which defines a separate physical machine within the workstation, such that an individual separate machine of the workstation may access external information resources (such as the Internet), without contamination (from such external resources) of other separate machines of the workstation. Individual mass-storage devices are selected by a switch function which insures that, at most, one mass-storage device is selected and active at any time. The switch function also resets the workstation, as a step in the mass-storage device selection process. This insures there is no information signal transfer (thus no contamination) from any separate machine to another.

Abstract: A hard drive having a protected partition is used in the recovery of a BIOS image for a computer system. An EEPROM is used to store a first BIOS image that is used to boot-up the system and recovery code is used to recover a new BIOS image if the first BIOS image has been corrupted. The new BIOS image is stored in the protected partition of the drive. A recover BIOS command is issued whenever the first BIOS image has been corrupted or a remote or local recover BIOS request is received. When the first BIOS is corrupted, the EEPROM is rewritten with the second BIOS image and the system boots with the rewritten first BIOS image. When a recover BIOS request is received in a data packet sent over a communication link, the data packet is authenticated before the first BIOS image is rewritten.

Abstract: Spaces between words in a web document may be identified and replaced with at least one random character in order to deter users from copying the web document. Random characters may also be inserted within words in the web document. The random characters are invisible when the user views the web document through a browser but visible when the user attempts to select, copy, or print the web document. The random characters may be of the same color as the background color of the web document. To further deter the user, the mouse, menu, and/or keyboard functions on the user computer may be disabled. To prevent the user from viewing the source code of the web document, the source code may also be encrypted. A small tracking image having a unique identification number may be added to the web document to allow an owner of the web document to trace unauthorized use of the web document on another web site.

Abstract: Asynchronous communication protocol for electronic keys of security locks and systems, characterized by the use of a same and only channel to transmit the time and the data (bits), that single channel has two states: one normal state of rest and another active state when communication occurs and through the use of an active pulse to indicate the start of a bit; using an active pulse to indicate the transmission of a 1 bit, and the use of a resting state for the transmission of a 0 bit; the active pulse consists of the maintenance of the communication channel in an active state during a brief period of time and the use of a resting state which permits the extraction of energy from the communication channel and an active state which does not impede the maintenance of a certain level of energy which is sufficient for the proper functioning of the devices connected to the communication channel.

Abstract: To answer the security needs of the market, a preferred embodiment was developed. The preferred embodiment provides real-time network security vulnerability assessment tests, possibly complete with recommended security solutions. External vulnerability assessment tests may emulate hacker methodology in a safe way and enable study of a network for security openings, thereby gaining a true view of risk level without affecting customer operations. Because this assessment may be performed over the Internet, both domestic and worldwide corporations benefit. The preferred embodiment's physical subsystems combine to form a scalable holistic system that may be able to conduct tests for thousands of customers any place in the world. The security skills of experts may be embedded into the preferred embodiment systems and automated the test process to enable the security vulnerability test to be conducted on a continuous basis for multiple customers at the same time.

Abstract: An apparatus and method for updating security association database entries in a system having multiple security channels by selectively granting access to the entries by a plurality of the multiple security channels that may need to update the same entry using a first-come, first-served scheme. The apparatus includes a controller circuit that functions to carry out the method which, for each of the multiple security channels, includes determining whether another of the security channels has a higher priority to access a particular security association database entry. If no other channel has a higher priority, then the channel requesting access to the entry retrieves it from its address location, modifies it, and writes the modified entry back to its address location. The controller prevents other channels from simultaneously, or substantially simultaneously, retrieving and modifying the same entry.

Abstract: A system and method for automatically switching network connections to an appropriate network entity based on access rights possessed by a user of a wireless terminal. A switch recognizes the certificate provided by a terminal, and directs the connection to the service provider hosting a targeted secure service if the certificate proves to have the appropriate access rights. The switch directs the connection to an enrollment module if the certificate does not correspond to the service provider's required certificate, where the user can attempt to obtain the appropriate certificate from the enrollment module to ultimately access the targeted secure service.

Abstract: A system, apparatus, and method for dynamically allocating ports in a firewall is presented herein. During establishment of a data transfer session, such as a voice over IP call, the firewall receives signals which establish the data transfer session. The foregoing signals indicate the identity of the terminals as well as the port numbers used by the terminals. The firewall records the foregoing information. During the data transfer session, data packets for a terminal in the network of the firewall are examined for addresses and port numbers of the sender and destination. Wherein the foregoing information matches the information recorded during establishment of the data transfer session, the data packets are permitted to reach the terminal.

Abstract: A trusted device, physically associated with a network appliance that does not include a CPU, communicates with at least one component of the appliance and is accessible via a network connection to the device for providing a signal indicative of a condition of the appliance. The appliance can be a storage box having bulk non-volatile memory storage locations. The component is an ASIC of a controller of the appliance. The trusted device acquires a true value of an integrity metric of the appliance which is reported by the trusted device to a challenger. The component then provides the root of trust for measurement. The trusted device provides the root of trust for reporting. In a RAID controller assembly, each RAID controller has its own trusted device.

Abstract: Disclosed are a network system which can ensure the security in a LAN environment, an authentication method and a program used therein. A switching hub attains an authentication frame transmitted from a terminal and copies the frame content to use it as an authentication packet for making an inquiry about the authentication of the terminal to an authentication server. The authentication server then retrieves to check whether or not the MAC address included in the authentication packet is stored in an authentication database. In the case where an authentication method is a password, when the password in the authentication packet is correct, the authentication server returns the authentication packet (OK) to the switching hub and, when the MAC address is not stored in the authentication database or the password is incorrect, returns an authentication packet (NG) notifying that the terminal is used by a false user.

Abstract: A method for authenticating a software library, including inserting an encrypted checksum into a software library, and in response to loading the software library calculating a checksum of the software library, requesting the encrypted checksum from the library, decrypting the encrypted checksum, and checking whether or not the decrypted checksum agrees with the calculated checksum. A system is also described and claimed.

Abstract: A data communication system includes a plurality of network and a plurality of terminal being accessible to the plurality of network. Each of the plurality of network is assigned with each network property value. Each of the plurality of terminal further includes: at least an access policy for making a decision on permissibility for access to other terminal of the plurality of terminal than the each terminal, with reference to at least one of a first network property value assigned to a first network connected with the each terminal and a second network property value assigned to a second network connected with the other terminal, so that only when the access is permitted based on the access policy, then the terminal makes an access to the other terminal.

Abstract: A fingerprint authentication and communication system having a fingerprint sensor and reader that converts a fingerprint into a digital profile output, a plurality of databases for storing among other things fingerprint digital profiles, user ID's, and patient related medical information, software that determines whether a recently entered fingerprint digital profile is on the approved list for authentication, and telecommunication transceiver for communicating user selected actions over telephone lines, wireless channels and the Internet. The system is preferably concealed in a handheld product for physicians and allows medical professionals to initiate and perform a plurality of actions, such as ordering multiple prescriptions and lab tests, with a fingerprint induced command.

Abstract: A system and method of operating a computer system include ignoring all inputs from an input/output device during a power-on self test procedure except a pre-specified input; prompting a user for a password upon detection of the pre-specified input; comparing the password entered by the user in response to the prompting to a previously-stored password; and processing inputs other than the pre-specified input during the power-on self-test procedure if and only if the password entered by the user matches the previously-stored password. In one embodiment, the password must be entered by the user with a pre-specified period of time after the prompt.

Abstract: According to one illustrative embodiment, a standalone computer system having a password maintenance capability includes an operating system, a password generator, and a password encryptor. The operating system is operable for executing a dedicated application. The password security generator couples with the operating system for generating a password in response to an occurrence of a prescribed password generation event, in connection with the operating system and the dedicated application. Lastly, the password encryptor couples to the password generator for producing a coded password as a function of the generated password.

Abstract: An access control system securely transfers identification and transaction information between an access reader and a contactless smart card over a contactless radio frequency link via an RF modem. The access reader contains a programmable microcontroller, DC/DC converter, regulator, Opto-Isolators and LEDS, and an RF modem. The smart cards contain identification or transaction data as well as reader programming and de-programming software, which is protected by appropriate security keys. An access reader having the appropriate security keys performs a one to one verification of data stored in the smart card to data from an identification device coupled to the access reader. Upon verification of the validity of the smart card, the access reader transfers identification and transaction information over a data link to any external processor or controller which controls access to a secured area.

Abstract: Power saving method is achieved by weakly holding a signal line in its last in time state, which is responsive to and may be overcome by the state of an external signal. During sleep mode, the weakly held signal line state tracks and holds the external signal using alternatively a controllable weak pull-up or pull-down device, such that weakly held state may be driven to a different state by the external driving signal with slight power consumption. When sleep mode is off, the keeper function is disabled and the signal line maybe driven alternatively internally or externally depending upon the state of an enable line.

Abstract: The preferred embodiment of the present invention varies the speed of processor execution, including associating a clock rate with each thread in a plurality of threads and executing each thread in the plurality of threads on the processor at the clock rate associated with the thread.

Abstract: In a method and a device for notifying a server failure recovery which notify a failure recovery of a server or the like to a client, a server failure detector detects a client having tried but failed to access a server due to a failure, a server recovery detector detects a failure recovery, and a server recovery notifier gives a failure recovery notification to the client having failed to access. Also, the server failure recovery notification device is mounted on a router. The server failure detector detects the client having failed to access based on a destination unreachable message of an ICMP of the router 40, or detects the client having failed to access by determining the failure is being occurred in the server, in the absence of a reply IP packet to the IP packet addressed to the server from the client.

Abstract: Backup LSPs (label switched path) are established from LSRs (label switching router) except the egress LSR of a main LSP. Each backup LSP is established between an LSR that functions as a starting node and the egress LSR so as not to include any link or node on the main LSP to be protected. When the backup LSP is established such that it merges into another pre-established backup LSP protecting the same main LSP, merging is performed at the LSR located at the merge point.

Abstract: A method, apparatus, article of manufacture, and a memory structure for an internode network. Nodes are active-active using commodity hardware so that the system can perform I/O together between any number of nodes, and data can be located on any given node. A single modified image is configured to maintain recent and updated data. At least one failure can occur (and be corrected) in the nodes before data is written to disk. A history of access points is kept in a cache directory, and it is assumed that the nodes most frequently accessed in the past are likely to be the most frequently accessed in the near future. One or more embodiments of the invention move this data to where it will likely be needed. This means that data is delivered to hosts quickly, as is required in high volume enterprise web environments. The symbolic list in the cache directory provides a history of the nodes that have previously performed I/O operations.

Abstract: In a data recovery processing, the conventional overhead, primarily, latency due to a rotational recording media is removed. Secondary, in a signal processing or in a recording and reproducing apparatus, reliability of data reproduction is improved by repeatedly processing data. These processing are achieved that input signal, i.e., raw analog signal read from the recording media is digitized to be stored in a secondary storage such as a memory or a FIFO memory. The apparatus includes a signal processing circuit to repeatedly process the stored digital signal in the secondary storage. When detecting data, operation of the circuit is efficiently controlled by a change over detector parameters, in which characteristics for the detecting performance. Resultantly, data recovery processing speed is increased and reliability of data reproduced is improved.

Abstract: A server architecture includes a server program to receive a request from a client. In one aspect, an out-of-process application executing in a separate process from the server program is invoked to process the request and to generate a response to be returned to the client, and the server architecture includes a subsystem to detect when the out-of-process application fails and to recover the out-of-process application without disrupting operation of the server program. In another aspect, a method for detecting when an out-of-process application fails includes recording the request on a list as the request is passed to the application, examining the request as it is returned from the application, determining that the application has failed if the returned request contains erroneous data, and if the application has not failed then removing the request from the list.

Abstract: A system and method in data processing networks with distributed processing or multiple nodes provide a capability to insure that the protocols implicated in a first or original protocol are identified so that diagnostic messages sent during execution of that protocol are traceable. Thus, each of the diagnostic messages are delivered to the requestor of the original protocol before the original request completes. A linkage is provided between the original protocol and all protocols nested within it.

Abstract: A method for automated generation of an extended fault tree structure adapted to a production installation or a specific installation is used within a system determining the effectiveness and analyzing causes of faults. Generation takes place using a data processor and stored programs for carrying out functions of a hypothesis verifier, a fault data classifier, and a hypothesis configurer, and also based upon a prescribed general hierarchical fault tree structure produced by accessing data of a data server with the verifier, from which it derives fault events according to execution requirements of the verification script and stores these fault events, possibly together with previously entered fault events, in a fault database. At prescribable time intervals, the classifier carries out classification of the fault events by accessing the database, maps them as weighted causes of faults onto the tree structure, and displays or outputs the tree structure so extended.

Abstract: A system for testing an integrated circuit at a plurality of locations with a plurality of test modes includes a sequence of test-mode storage devices, each of which has an input and an output. The sequence includes at least first and second test-mode storage devices located at corresponding first and second locations on the integrated circuit and configured to store first and second test modes. The first test-mode storage device is configured to perform a shift operation by providing the first test-mode at its output. The second test-mode storage device has its input connected to the output of the first test-mode storage device. This second device is configured to perform the shift operation by receiving, at its input, the first test mode and providing, at its output, the second test-mode.

Abstract: A computer method for automatically troubleshooting and preventing problems on a computer system. The method includes receiving data corresponding to the computer system including core files, supplemental configuration information, and other data. The method continues with processing the computer system data into a format useful for rapid analysis. The method uses a knowledge repository of phases and scripts. Each phase is a logical organization of scripts. Each script is an executable for identifying both the conditions that can lead to a problem as well as determining an actual instance of a problem. Execution of the method includes execution of the phases contained in the repository. Several optimizations are used to eliminate large quantities of scripts in order to improve run time. Phases produce intermediate results that can be used by subsequent phases to reduce complexity. A report is generated listing problems for the computer system with corrective actions.

Abstract: The present disclosure relates to systems and methods for generating and performing custom peripheral device integration tests on a network. A method for developing a peripheral device integration test suite entails performing the following steps: developing a set of generic tests designed to exercise the various functions of a particular peripheral device; auditing a network where the peripheral device is designated for installation; and applying parameters responsive to the audit to the set of generic tests. A method for optimizing a customer's peripheral device configuration is also disclosed. Another method contains the following steps: developing a knowledge base associated with a peripheral device of interest; monitoring a customer's administration and configuration of the peripheral device; and applying parameters collected during the monitoring step to the knowledge base to generate an expected performance measure associated with the peripheral device.

Abstract: A method and apparatus for monitoring a computing device and detecting whether an error condition is present in the computing device. In one aspect, the present invention relates to an apparatus that can be coupled to a controlled computing device, comprising an input stage for receiving signals from the controlled computing device, and a control stage for determining whether an error condition is present in the controlled computing device from the signals and generating an error indicator if it is determined that the error condition is present in the controlled computing device. The present invention facilitates the monitoring of the computing device for error conditions automatically, without the need for ongoing direct maintenance of the computing device by a user. In another aspect, the present invention relates to an apparatus for remotely controlling the computing device.