Abstract: A system and method for handling complex instructions includes generating a jump instruction from an address which may be embedded in a computer instruction and selecting the original instruction if it was not complex or the Jump instruction if it was.

Abstract: A computer includes a central processing unit. The CPU can extend a general instruction. In one embodiment, the CPU can have an extension instruction comprising a memory address, an offset and a fixed length instruction of varying immediate data.

Abstract: One embodiment of the present invention provides a system to facilitate multithreading a computer processor pipeline. The system includes a pipeline that is configured to accept instructions from multiple independent threads of operation, wherein each thread of operation is unrelated to the other threads of operation. This system also includes a control mechanism that is configured to control the pipeline. This control mechanism is statically scheduled to execute multiple threads in round-robin succession. This static scheduling eliminates the need for communication between stages of the pipeline.

Abstract: A method for look-ahead load pre-fetching that reduces the effects of instruction stalls caused by high latency instructions. Look-ahead load pre-fetching is accomplished by searching an instruction stream for load memory instructions while the instruction stream is stalled waiting for completion of a previous instruction in the instruction stream. A pre-fetch operation is issued for each load memory instruction found. The pre-fetch operations cause data for the corresponding load memory instructions to be copied to a cache, thereby avoiding long latencies in the subsequent execution of the load memory instructions.

Abstract: A plurality of fold decoders are each coupled to a different set of successive entries within an instruction fetch buffer stack and check the contents of the successive entries for a variable number of variable-length instructions which may be folded. Folding information for each of the respective set of entries, identifying a number of instructions therein which may be folded (if any) and a size of each instruction which may be folded, is produced by the fold decoders and stored in the first entry of the set, then transmitted to the main decoder for use in folding instructions during decoding.

Abstract: A method and apparatus for selectively writing data elements from packed data based upon a mask using predication. In one embodiment of the invention, for each data element of a packed data operand, the following is performed in response to a plurality of instructions: determining a predicate value for the data element from one or more bits of a corresponding packed data mask element indicating whether the data element is selected for writing to a corresponding storage location, and storing in the corresponding storage location the data element based on the predicate value.

Abstract: An multi-threading processor is provided. The multi-threading processor includes a first instruction fetch unit and a second instruction fetch unit. A multi-thread scheduler unit is coupled to the first instruction fetch unit and the second instruction fetch unit. An execution unit, which executes a first active thread and a second active thread is coupled to the scheduler unit. The multi-threading processor also includes a register file coupled to the execution unit. The register file switches one of the first active thread and the second active threads with a first inactive thread.

Abstract: An adaptive data communication approach permits communication bus monitoring by using a reconfigurable bus monitor built into the CPU bus structure and adapted to report back to the CPU in response to detecting certain CPU-programmed events. In one particular example embodiment, a circuit arrangement having a CPU circuit communicates with another device over a communication channel while a reconfigurable circuit monitors the communication channel. The CPU circuit configures the reconfigurable circuit for monitoring any of various types of event expected to occur on the communication channel. The reconfigurable circuit collects signals passed on the communication channel and reports back to the CPU circuit when data indicative of the first event type occurs on the communication channel.

Abstract: Pieces of input data, which can be either setup data or program data with an associated identifier, are provided to a processing engine through a single input data path. After a system initially resets, the processing engine runs in setup mode. When an identifier for setup data is detected, input data is passed unchanged through an execution pipeline to control logic, which executes a setup program. The setup program loads a program counter, a memory, a register file counter, and a register file. When an identifier for program data is detected, the processing engine automatically switches to run mode and input data is processed in the execution pipeline. The processing engine automatically switches between run mode and setup mode depending on the identifier. Using a single input data path decreases hardware complexity and allows input data to be processed without external control logic.

Abstract: A method and apparatus for the dynamic inclusion or exclusion of initialization modules within the set of initialization modules designated as recovery initialization modules is described. When a BIOS system is updated through the inclusion of a new initialization module, the algorithm of the present invention dynamically determines if the initialization module is required for recovery. A firmware update utility evaluates new initiation modules to determine if they are designated as recovery or required by core recovery modules. If so, the new module is designated for recovery and stored to a fault-tolerant block within a recovery file volume. The firmware update utility of the present invention allows an initiation module to be automatically designated as recovery only when necessary. Initiation modules, designated as recovery, that subsequently are not required fro recovery may be omitted from the recovery set. Thus the collection of recovery initiation modules is minimized.

Abstract: A computer program and method for controlling the manner in which an operating system associated with a computer launches a plurality of application programs. Briefly described, one of many possible embodiments is a computer program for use in a computer having an operating system. The computer program may comprise code for: determining application programs that are to be launched by the operating system; determining a program launch procedure associated with the application programs, the program launch procedure defining a sequence in which the application programs are to be launched by the operating system, the sequence based on the functionality of at least one of the application programs; and launching the application programs with the operating system based on the program launch procedure.

Abstract: A multilingual system and methodology that displays data on a user interface for a computer system. According to the invention, the multilingual system and method is suitable for a computer system, having a detecting apparatus and the user interface configured therein. The detecting apparatus includes a BIOS and an operating system (OS). The BIOS performs functions of the computer system. The operating system (OS) controls the computer system. The user interface provides options for a user and displays a language met with the user's demand.

Abstract: The present invention concerns means and methods to display resolution independent, multi-lingual and/or multi-style operating system and/or application user interfaces on arbitrary programmable units with display units—like personal computers, notebooks, personal digital assistants, (mobile) internet terminals and/or others.

Abstract: A palmtop computer system that incorporates mechanical buttons that combine the task of turning the palmtop computer system on and starting a particular application program. Furthermore, the same mechanical button can be used to navigate the application program to find the information that is most likely needed by the user. Additionally, external devices can be coupled to the palmtop computer system in a manner that allows the external hardware device to initiate specific application programs that cooperate with the external hardware device.

Abstract: A boot process for a computer comprising, in a client environment,

Abstract: The present invention describes a method and system for an interface for integrating reconfigurable processors into a general purpose computing system. In particular, the system resides in a computer system containing standard instruction processors, as well as reconfigurable processors. The interface includes a command processor, a command list memory, various registers, a direct memory access engine, a translation look-aside buffer, a dedicated section of common memory, and a dedicated memory. The interface is controlled via commands from a command list that is created during compilation of a user application, or various direct commands.

Abstract: A partition reconfiguration system includes a management node that issues a partition reconfiguration instruction based on pre-defined schedule information; an operating system that, in response to the instruction, changes an operation state thereof to a partition re-configurable state in which a usual operation state is stopped to make reconfiguration possible and, at the same time, notifies that the operation state thereof has been changed, the operating system operating on a computer system; and a service processor that, in response to the notification notifying that the operation state has been changed, configures a partition according to information on components constituting the partition included in the instruction and, at the same time, changes the operation state of the operating system to the usual operation state.

Abstract: A system and method for accelerating cryptographically secured transactions is disclosed. In an embodiment of the present invention, cryptographically secured transactions are accelerated to increase the speed at which encrypted network transcriptions may be processed by offloading encryption processing to central encryption servers equipped with hardware built to accelerate encryption speed and to reduce encryption latency.

Abstract: A secure e-mail system (10) permitting a sender (12) to send a secure e-mail (14) to one or more receivers (16). The sender (12) employs a sending unit (18) having a software module (26) to compose the secure e-mail (14), to send data about it to a security server (24), to receive back from that security server (24) a messageKey (102e) for encrypting the secure e-mail (14), and for sending it conventionally to an e-mail server (22). The receivers (16) employ receiving units (20) also having software modules (26) to receive the secure e-mail (14), to send data about it to the security server (24), and to receive back from the security server (24) the messageKey (102e) for decrypting the secure e-mail (14). The security server (24) stores a user id (102a) and password (102b) for the sender (12) and the receivers (16); a messageId (104a), a sealSalt (104j), and the messageKey (104g) for the secure e-mail (14); and a receiver address (106b) in a database (100).

Abstract: A user anonymously acquires a first sequence of encryption key material. An encryption server, having a second sequence complementary to the first sequence, receives and forwards encrypted messages and monitors utilization of encryption key material by the user. As the key material is used, the server adjusts user accounts to exhaust the first sequence. Thus, the first sequence provides for secure, anonymous communication and, correspondingly, can serve as a payment media for conducting electronic transactions.

Abstract: The present disclosure relates to a system and method for authenticating use of a network appliance. In some arrangements, the system and method involve receiving a use request from a user, forwarding the request to an authentication agent configured to determine whether the user is authorized to use the network appliance, receiving an indication from the authentication agent as to whether the user is authorized, and enabling or disabling use of the network appliance by the user based upon the indication received from the authentication agent.

Abstract: A system for allowing a potential buyer of second-hand of a CE device (60) to look up an identifier of the device (60) in a revocation list (55), in order to determine if the CE device (60) has been partially or full disabled as a result of revocation. The revocation list (55) may be accessible by a user on-line, e.g., on the Internet, or may be stored in a DVD. The CE device (60) may be equipped with a revocation status indicator 61 that, when activated by the user, causes the CE device (60) to access an on-line revocation list (55), look up its revocation status, and output its revocation status to the user. Alternatively, the CE device (60) may include a revocation status indicator (61) that accesses a tamper-resistant storage mechanism (63) in the CE device (60) to determine and output the revocation status.

Abstract: The system and method of the present invention use public key cryptography to ensure that content provided to a rendering platform has been properly authorized and licensed. Once the content is created, a digital signature is generated based upon at least a portion of the content using a private key. The private key is stored in a secure server separate from the content development environment. The rendering platform uses a corresponding public key to check authentication of the content prior to display. The system also allows different levels of rendering based upon the creation of the digital signature.

Abstract: The invention concerns a method for the subscription of a terminal to a base station in a telecommunications system. The method involves the use of a call control entity for communicating the appropriate information between the terminal and the base station with a view to a subscription, without the use of the management mobility procedure provided for by the DECT standard.

Abstract: The present invention provides a multicast communication system having a multicast server and a plurality of clients belonging to a multicast group. The multicast server transmits data encrypted by using a first encryption key to the clients by multicasting, and transmits the result of encrypting the first encryption key by using a second encryption key by unicasting to a client subscribed to a data distribution service, among the plurality of clients. The client subscribed to the data distribution service receives the encrypted data and the result. The client decrypts the result to obtain the first encryption key and decrypts the encrypted data using the first encryption key.

Abstract: Wrongful authentication process is prevented. A passive entry authenticating section compares an identification signal sent from a portable unit with an identification signal previously stored in a storage section. A biometrics authenticating section compares the biometrics information of a user inputted through a sensor section with the biometrics information registered in a biometrics database. A control section authenticates an authorized user when there is agreement in both the identification-signal comparison result and the biometrics-information comparison result, and controls a lock system to unlock the door lock of the automobile.

Abstract: A universal authentication mechanism for authenticating a user to a service provider (SP) is disclosed. An application device (ApD) requests a service for the user from the service provider (SP) and performs a transmission of a user identity (S10) identifying the user to the service provider (SP). The service provider sends a request for confirmation of the user identity (S20) to an authentication server (AS). The request comprises the user identity and a service identity identifying the requested service. The authentication server (AS) sends a request for service authentication (S50) to the authentication device (AuD) for confirmation. Based on the result of an analysis (S80) of a service authentication confirmation (S60) received from the authentication device (AuD), the authentication server (AS) sends a confirmation of the user identity (S90) confirming the identity of the user to the service provider (SP), which grants service access (S100).

Abstract: There are many times when a secret needs to be used in a distributed computing system—these are often held in security tokens, such as smart cards. It may be desirable for another device, such as a computer platform to act in place of the security token as the repository of a secret, particularly for operations within a distributed computing system. Within the distributed computing system there is located a trusted entity, physically and logically resistant to unauthorized modification—this may be a trusted device located within a specific computing platform. This contains validation information which can be communicated to the security token. The security token then carries out a validation process on this validation information—if successful, the security token then provides a secret to the trusted device for use within the distributed computing system. The trusted device may be required to use this secret only for a specified period of time, or for a specific purpose or task.

Abstract: A method for verifying the authenticity of a preselected item is provided which includes the steps of selecting authenticity indicia for association with the preselected item and associating the authenticity indicia with the preselected item. Digital data is then generated containing evidence of the preselected item and the authenticating indicia associated therewith. A digital file is also generated which contains digital data. The digital file is downloaded to a server associated with the Internet using software downloaded to a computer associated with the server, which permitting the digital data to be accessed from the Internet using Internet data accessing techniques. The method also includes the step of providing a Web site maintained by an authenticating party and accessible by a requesting party using the Internet data accessing techniques for permitting the requesting party to retrieve the digital file and confirm the authenticity of the preselected item.

Abstract: The invention generates a temporary digital certificate with a useful life of only a few minutes to a few hours. An expiration time is attached to such temporary digital certificate by a secure computer platform that is presented with a user's smart-card. Expiration dates one or two years after the issuance of the smart-card are conventional. A digital certificate issued by a central authority is carried within the smart card and is used by the secure computer platform to generate temporary digital certificate. The temporary digital certificate functions as a proxy digital certificate that will allow the user to immediately pocket the smart card and thus avoid the possibility of forgetting it in a card reader.

Abstract: A method and system for authenticating a digital optical medium, such as a CD-ROM, determine whether the medium is an unauthorized copy, or the original. The original media is created, or altered, so as to contain anomalous locations from which the transfer of data is accomplished at different rates than a standard digital copy would exhibit. One implementation of the process involves timing analysis of the differences in data transfer rates, and does not necessarily require the retrying of data reads, nor does the process require the media to exhibit fatal errors, as in conventional approaches. The process can be employed in systems that control access to unauthorized copies, or may be used for other informative purposes.

Abstract: An identifying method of the present invention is to indicate and confirm identification with ease. A communication terminal device sends communication data and a communication discrimination code, to which a certification mark to identify a user of the communication terminal device has been added, as data indicating a sender. While, an identification confirming device receives the communication data and the communication discrimination code accompanied with the communication data, so as to extract the certification mark from the communication discrimination code. Thus, the user of the communication terminal device who is the sender can indicate identification, which identifies the user, without performing a special operation. While, a receiver can confirm the identification of the sender only by extracting the certification mark from the communication discrimination code in accordance with an identification confirming device.

Abstract: An exponentiation operation or other computational task associated with a cryptographic protocol is performed in a secure distributed manner using multiple machines, e.g., a client device and multiple servers of a computer network. The computational task is transformed by an originator machine before being sent to one or more external servers for execution. The transformation may include replication and dependency operations to provide robustness to errors in the computations performed by the external servers, and blinding and permutation operations to provide privacy for secret information associated with the computational task. The transformed computational task is executed by the one or more external servers, and the results of the transformed computational task are transmitted back to the originator machine. The originator machine transforms the results of the transformed computational task in a manner which permits verification that the one or more results are appropriate results for a given input.

Abstract: An apparatus and method for providing access rights information on computer accessible content are provided. The apparatus and method provide a mechanism through which access rights information is provided in association with information and content such that use of the information and content is controlled based on the access rights information. The apparatus and method include access rights information tags being associated with information and content to control access to the content. In alternative embodiments, the access rights information is implemented as metadata files rather than as tags. These metadata files are associated with content files and are processed when the access to the content is requested. In addition, when HTML content, which has associated ARI tags, is downloaded, the ARI tags may be stored as HTML code in a metadata file. The filesystem may then use a web browser or the like to parse and interpret the HTML code when access to the content file is desired.

Abstract: A method and an apparatus for executing a program obtained from an external device with protecting at least one privacy information requested to be utilized by the program is provided. At least one program is obtained from the at least one external device. A division is made to allow or inhibit the at least one program to utilize the at least one privacy information based on at least one mediation result obtained based on at least one conditional information to allow or inhibit the at least one program to utilize at least one privacy information.

Abstract: A method for managing authorization to access Internet services. A session object is created when a user logs onto a web site. The session object includes authorization-privilege information for N services. The user selects the service desired from the web site, at which point the server checks the session object. If the session object does not include authorization to access the selected service, the server consults a directory service. If the user is authorized according to the directory service, authorization-to-access information is incorporated into the session object. When authorization is conditional, a listener object is created within the session object. The listener object registers with a broadcast object and receives information germane to conditions of authorization. The listener object analyzes the information according to conditions of authorization, and terminates access to the selected service when conditions of authorization are not satisfied.

Abstract: A method of accomplishing two-factor user authentication, comprising providing two separate user authentication methods, enabling a user to communicate authentication data for both authentication methods to a first web site using the internet, and enabling the communication of at least some of the authentication data from the first web site to a second web site also using the internet. Both web sites are thus involved in user authentication using the authentication data.

Abstract: A security system for securing an entity or a service from indiscriminate access and a method for operating the same is disclosed. Each designated person of M designated persons is provided with a portable biometric device. Biometric data in dependence upon a biometric characteristic of each of the M designated persons is stored in memory of the respective portable biometric device. Biometric information representative of a biometric characteristic of each of a subset of 1<N<M persons is captured in response to each of the N persons presenting said information to the respective portable biometric device. The biometric information is encoded and biometric data in dependence thereupon is provided to the processor of each respective portable biometric device. Using the processor of each respective portable biometric device the captured biometric data is then compared with the stored biometric data to produce a comparison result.

Abstract: Biometric sensors are used to control physical and logical access to various computer components or subsystems comprising a computer system. The biometric sensors may comprise fingerprint scanners, iris scanners or any other type of biometric sensor that can uniquely identify a person. The biometric sensors can be used to activate electromagnetic locks, which lock individual components within the system, or enabling locks which prevent devices from receiving power or being enabled (such as disk drives, network cards, etc.).

Abstract: A portable device including a biometric voice sensor configured to detect voice information and to take an action in response to speech spoken into the voice sensor. The device also includes a voice processor configured to process the voice sensor signal characteristics. The portable device may encrypt the detected signal and may compare the detected signal characteristics with voice characteristics that are stored in a memory of the portable device for applications such as voice enabled authentication, identification, command execution, encryption, and free speech recognition. The voice sensor may include a thin membrane portion that detects pressure waves caused by human speech. The portable device may be a contact-type smart card, a contactless smart card, or a hybrid smart card with contact and contactless interfaces. The device may be powered by an internal battery or by a host via contacts or by a power signal making use of the antenna in a contactless implementation.

Abstract: In accordance with the present invention, authorization to gain access to an account is carried out in two phases. During the first phase, a biometric image stored on a microchip disposed on a token is compared to a biometric image supplied by the token holder at the time and site of the transaction. If there is a match between the two biometric images in the first phase, then the second phase of the verification is carried out during which data associated with and extracted from the biometric image supplied by the account holder—prior to the issuance of the token—is compared to data associated with and extracted from the biometric image stored on the microchip or supplied by the token holder at the time and site of the transaction. If there is a match between the two data during the second phase, then access to the account is granted.

Abstract: A security code, for use as a PIN (personal identification number) in gaining access to a secure service, such as a banking application, is assigned by selecting natural language words from different sets of words of different parts of speech. For example one set may comprise adjectives, another participles, another nouns. The selected words are concatenated in a predetermined sequence, e.g. adjective-participle-noun, to provide a memorable phrase conforming to the grammer of the natural language. The code may be used via a speech recognition interface and via other channels.

Abstract: A multi-purpose networked data communications system and any easy to use distributed user control interface to such networked system. The system allows easy control of computer applications and external connected devices (home security, audio/video, etc.) Simplifying modifications to the operating system eliminate the need to reboot individually networked workstations on user sign-on and sign-off, thus increasing the speed with which users access the system. Such access time is further increased by the inclusion of a finger print reader which performs user log-off and log-on and also performs user authentication, thus eliminating the need to type a user name and password. The system further provides for “roaming profiles” ensuring that users are presented on sign-on with any previously stored customized display settings and preferences.

Abstract: A mechanism is provided for the automatic generation of virus fingerprint data for use in detecting computer viruses and virus removal data for use in removing computer viruses from infected files. The fingerprint generation technique serves to identify the infected virus carrying portions of a computer file and then search within those portions for matching blocks of bytes in excess of a certain size that are consistently located at a predetermined position within the infected computer file such that they may be used to reliably detect that computer virus when it is infecting different host computer files. The removal data generation mechanism serves to search the infected computer file against a clean version of that computer file to identify matching blocks. Critical data missing within the infected computer file may be found within the virus carrying portions by the application of various decryption techniques. Cutting points to remove the virus carrying portions are identified.

Abstract: An apparatus and method for loading a data storage device with a plurality of randomly located data are described. The method includes loading, in response to execution of a multiple data load instruction, data within a destination data storage device wherein one or more data elements from the data are randomly located within a memory device. In one embodiment, addresses of the data elements are contained within a data storage device and indicated as index addresses. In addition, the data elements are stored n one or more data storage areas of a memory device, which include look-up tables, data arrays or the like. In addition, data elements within the destination data storage device, as well as address indexes within the address data storage device may be organized in response to execution of a data shuffle instruction according to a data processing operation instruction.

Abstract: An encryption/decryption system capable of supplying data only to a user making a request. A computer encrypts data with a common key, encrypts the common key with a public key, and transmits the encrypted data and the encrypted common key. A copy machine receives these data, encrypts challenge data with the public key, and transmits the encrypted challenge data to an IC card. The IC card decrypts the encrypted challenge data with a private key, and feeds the decrypted challenge data back to the copy machine. The copy machine transmits the IC card an encrypted common key of reception data offering decrypted challenge data identical to the original challenge data. The IC card decrypts the encrypted common key and feeds the decrypted common key back to the complex copy machine. The complex copy machine decrypts the encrypted data with the common key.

Abstract: A non-algebraic cryptographic architecture. The non-algebraic cryptographic architecture is a logical implementation of a non-algebraic cryptographic engine (sometimes referred to as a “NACE”). The architecture uses a NACE in conjunction with cryptographic key lengths up to 2048 bits to achieve real-time encryption at speeds sufficient to permit wideband digital data to be decrypted in real time thereby obviating the need for store-and-forward. The architecture is inherently parallel and can accept extended block lengths, which are several multiples of the length of the cryptographic key.

Abstract: When a surgery and a remote control room in a remote location are connected through a communication circuit to perform an endoscope operation, image information is not encrypted and is sent as it is. Patient data including identification information, a name and so on relating to a patient is encrypted in an encrypting portion and then is sent. In the remote control room side receiving the patient data through the communication circuit, the patient data is decrypted by a decrypting portion when it is determined, based on the header portion, that the received data includes the patient data. Thus, the patient data is restructured and a structure, which can be displayed in a display device, including the image information can be obtained. As a result, the privacy of the patient data can be reserved, and the fast transmission can be achieved at low costs.

Abstract: Methods, systems, and arrangements enable increased security for a processor, including by implementing block encryption. The block may include multiple instructions and/or operations to be executed by the processor. The block may also include multiple bytes that are read into the processor byte by byte. Once a block-wide encrypted buffer has been filled from an external memory source, the block may be decrypted using an encryption algorithm (e.g., the Data Encryption Standard (DES), the triple DES, etc.), and the decrypted block may be forwarded to a decrypted buffer. The decrypted block may thereafter be moved into a cache, which may optionally be organized into an equivalent block width (e.g., for each way of a multi-way cache). Therefore, when a processing core/instruction decoder needs a new instruction, it may retrieve one from the cache, directly from the decrypted buffer, or from external memory (e.g., after undergoing decryption).

Abstract: Data is encrypted and stored in an area on a storage medium accessible by the user outside an external storage device. A decrypting algorithm is stored in an area inaccessible by the user outside the external storage device. The external storage device provided with the storage medium retrieves the decrypting algorithm according to which the data is decrypted using a key obtained from outside the external storage device, for example, from a personal computer connected to the external storage device. Since the encrypted data and its decrypting algorithm are stored on the same storage medium, a specific decrypting algorithm can be assigned to each storage medium, thereby improving the security level for the stored information.