Patents Issued in April 1, 2004
-
Publication number: 20040064690Abstract: A method for applying for crypto-keys from a network system. The network system includes at least a user, an access point for identifying the user, and a server for generating a pair of distinct crypto-keys based on a first algorithm. The method includes using the access point to identify the user, and the server generating a pair of distinct crypto-keys based on the first algorithm and transmitting the pair of keys to the user via the access point. The method further includes the user using the pair of keys to encrypt a document and then transmitting the encrypted document to another user.Type: ApplicationFiled: October 1, 2002Publication date: April 1, 2004Inventors: Xiao-Qin Yu, Dai-Shui Ho, Shih-Kuang Tsai
-
Publication number: 20040064691Abstract: A method, system, apparatus, and computer program product are presented for processing certificate revocation lists (CRLs) in a data processing system. Rather than using CRLs for authentication purposes, CRLs are used for authorization purposes, and the responsibility of processing CRLs is placed on a monitoring process within a centralized authorization subsystem rather than the applications that authenticate certificates. A monitoring process obtain newly published CRLs and determines whether revoked certificates are associated with users that possess authorized privileges. If so, then the monitoring process updates one or more authorization databases to reduce or eliminate the authorized privileges for those users.Type: ApplicationFiled: September 26, 2002Publication date: April 1, 2004Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Ming Lu, Ivan Matthew Milman
-
Publication number: 20040064692Abstract: A method of managing digital objects in a network is presented. The objects are stored at locations accessible in the network using a storage technique which renders the digital objects secure against unauthorized access. Pointer information which associates each digital object identifier with a pointer indicating the location of the stored digital object is also stored in the network. For each digital object validation information is stored, separately from the digital object, and is sufficient to permit a determination whether a purported instance of a digital object is identical to the original.Type: ApplicationFiled: October 2, 2003Publication date: April 1, 2004Applicant: Corporation for National Research Initiatives, a Virginia corporationInventors: Robert E. Kahn, David K. Ely
-
Publication number: 20040064693Abstract: Embodiments of a distributed index mechanism for indexing and searching for identity information in peer-to-peer networks. In one embodiment, a distributed index may be used to store identity information in a decentralized manner on a plurality of peer nodes. The identity information may be used, for example, to authenticate users. Distributed indexes may allow identity information to be spread across multiple peer nodes so that the load is spread among the various peer nodes. In one embodiment, the distributed index may be a distributed hash table. One embodiment of a distributed index of identity information may be implemented in peer-to-peer networks implemented according to a peer-to-peer platform including one or more peer-to-peer platform protocols for enabling peer nodes to discover each other, communicate with each other, and cooperate with each other to form peer groups and share network resources.Type: ApplicationFiled: September 26, 2002Publication date: April 1, 2004Inventors: Kuldipsingh A. Pabla, Akhil K. Arora
-
Publication number: 20040064694Abstract: In a cryptographic system, a nonce is removed from a communication stream. The nonce is encrypted based on a shared secret. The encrypted nonce is inserted into the communication stream. The encrypted nonce is removed from the communication stream. The encrypted nonce is decrypted based on the shared secret formed by an authenticated key exchange. The decrypted nonce is inserted into the communication stream. The nonce may be an An value generated by a HDCP function. The authenticated key exchange may use Diffie-Hellman Key Exchange.Type: ApplicationFiled: September 27, 2002Publication date: April 1, 2004Inventors: David A. Lee, Gary L. Graunke, C. Brendan Traw
-
Publication number: 20040064695Abstract: A system, method, and computer program product enabling individual user devices to authenticate and validate a digital message sent by a distribution center, without requiring transmissions to the distribution center. The center transmits the message with an appended modulus that is the product of two specially selected primes. The transmission also includes an appended authentication value that is based on an original message hash value, a new message hash value, and the modulus. The new message hash value is designed to be the center's public RSA key; a corresponding private RSA key is also computed. Individual user devices combine a digital signet, a public modulus, unique hardware-based secret numbers, and an original message hash to compute a unique integrity value K. Subsequent messages are similarly processed to determine new integrity values K′, which equal K if and only if new messages originated from the center and have not been corrupted.Type: ApplicationFiled: September 26, 2002Publication date: April 1, 2004Inventor: Jeffrey Bruce Lotspiech
-
Publication number: 20040064696Abstract: Plug-ins for instant messaging (IM) systems are described. By using plug-ins in conjunction with IM systems, the functionality of IM systems may be greatly extended. Specifically, in business applications, such as workflow processes, IM provides a more reliable approach to determining actual delivery of messages.Type: ApplicationFiled: April 7, 2003Publication date: April 1, 2004Inventors: Brian K. Daigle, W. Todd Daniell, Joel Davis, Larry G. Kent
-
Publication number: 20040064697Abstract: A mobile communication device (200) has a software architecture (302) that includes a closed operating environment (306). The closed operating environment is inaccessible to the user of the mobile communication device, and it includes software for implementing a reporting function designed to collect certain information from within the mobile communication device, and to transmit it to an entity outside the mobile communication device, such as a server (310).Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Inventors: Jyh-Han Lin, Wei-Hsing Lee, Ronald R. Smith, Biren Patel
-
Publication number: 20040064698Abstract: An electronic seal includes an input/output section for receiving a random number encrypted based on a prescribed key; and an advance authentication processing section for decrypting the encrypted and received random number based on a secret key related to the prescribed key and then encrypting the decrypted random number based on the secret key. The input/output section outputs the encrypted random number encrypted based on the secret key.Type: ApplicationFiled: September 30, 2003Publication date: April 1, 2004Inventor: Xiaomang Zhang
-
Publication number: 20040064699Abstract: An authentication algorithm and apparatus for communication between a first device and a second device over a network carrier is provided. The algorithm includes encoding, in response to a message from the second device, a first authentication value upon receipt of the message; sending the encoded value to the second device; decoding, in response to a reply from the second device, a second authentication value upon receipt of the reply; and comparing the first and second authentication values to determine the authenticity of the reply.Type: ApplicationFiled: September 16, 2002Publication date: April 1, 2004Inventors: John Kenneth Hooker, Eric Larouche
-
Publication number: 20040064700Abstract: A method for identification includes the steps of generating system parameters, a private key and a public key, random numbers for obtaining an evidence, sending the evidence to a verifier by a prover, selecting a randomly selected number to obtain a query and sending the query R to the prover by the verifier, computing a temporary value to obtain a response and sending the response to the verifier by the prover, and determining a legitimacy of the prover by employing the system parameters, the public key, the evidence and the randomly selected number by the verifier. The method provides an identification scheme based on discrete logarithm problem, requiring no certificate and including only one query-and-response procedure.Type: ApplicationFiled: June 19, 2003Publication date: April 1, 2004Inventors: Myungsun Kim, Kwangjo Kim
-
Publication number: 20040064701Abstract: The invention relates to a method and device for authenticating a user of an electronic device in usage contexts being able to use in said electronic device by using a usage context identifier, wherein in the method, a usage context being used in the device is selected by the user. The method comprising maintaining a centralized register of the usage context s available for the user in the device and the user profiles associated to said usage contexts, the device identifying an usage context selected by the user, selecting at least one user profile in response to the identified service, and authenticating the user in the selected usage context on the basis of the selected user profile.Type: ApplicationFiled: June 27, 2003Publication date: April 1, 2004Applicant: NOKIA CORPORATIONInventor: Niall O'Donoghue
-
Publication number: 20040064702Abstract: One aspect of the present invention is a method for embedding a watermark in a digital movie. The method includes: buffering portions of an electronic digital representation of a digital movie in at least one digital representation domain; embedding an electronic watermark into at least one of the buffered digital representation domain of the movie; and presenting portions of the digital movie while the embedding is occurring.Type: ApplicationFiled: September 27, 2002Publication date: April 1, 2004Inventors: Hong Heather Yu, Prabir Bhattacharya
-
Publication number: 20040064703Abstract: This invention relates to an access control by using the cryptographic technology. The method according to this invention comprises receiving a first digital signature for specific data from a user terminal; comparing the received first digital signature with a second digital signature, which is registered in a data storage unit so as to correspond to the specific data; if it is judged that the first and second digital signatures are identical, granting the user an authority to update the specific data; if it is judged that the first and second digital signatures are not identical, generating first hash data from the first digital signature; comparing the first hash data with second hash data, which is registered in the data storage unit so as to correspond to the specific data; and if it is judged that the first and second digital signatures are identical, granting the user an authority to read the specific data.Type: ApplicationFiled: September 11, 2003Publication date: April 1, 2004Applicant: FUJITSU LIMITEDInventor: Ikuo Makita
-
Publication number: 20040064704Abstract: Methods, apparatuses and computer program products for secure information display and access rights control. In one embodiment, a method involves uploading a first image from a first user and enabling the first user to set an access attribute that indicates a limited ability for a second user to view the first image. The first image may selectively be provided to the second user in a secure form in accordance with the access attribute.Type: ApplicationFiled: September 27, 2002Publication date: April 1, 2004Inventor: Monis Rahman
-
Publication number: 20040064705Abstract: An automated method and system for gaining access to restricted or controlled areas. The system allows individuals to sign-in and request access to the facility or building that is restricted or controlled. The system will proceed through a series of prompts that require inputted information from the individual. The information will be processed and, if acceptable, the individual will be permitted to gain access to the restricted or controlled area. The system also allows the administrator to manage and oversee the administration of the system and individuals and prepare detailed reports based upon certain criteria. In particular, the system maintains the confidentiality of the individuals seeking access to the restricted or controlled area from the other individuals who are seeking the same access.Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Inventor: Gregory M. Rivet
-
Publication number: 20040064706Abstract: A system and method for controlling access to multiple public networks and for controlling access to multiple private networks is provided. Authentication is used with unique public shared secrets and unique private shared secrets to control access to the networks. The invention includes a user device for communicating with at least a public network and/or a private network. The device may be capable of accessing multiple networks through one or more private networks with multiple access control servers. The user device must provide a correct response to each access control server, before access to the network may be granted. The device generates a one-time password, or response, to gain access to a controlled network server. The response generated by the device is matched to a response generated by an access control server that may have generated a challenge that prompted the response. If the two responses match, the device is authenticated and a user of the device is granted access to the network server.Type: ApplicationFiled: September 29, 2003Publication date: April 1, 2004Inventors: Paul Lin, Henry Hon, Fred Cheng
-
Publication number: 20040064707Abstract: Cryptography is used to generate a token that both authorizes request processing and establishes constraints on that authorization. A mobile communications device user or client subscribes to an information service of a content provider. A description of the subscribed service is generated. The client applies a digital signature to the description and optionally encrypts the signed description. A token is generated based on the signed description. The content provider presents the token to the request processing entity of a mobile service provider in order to establish trust between the content provider and the request processing entity. The request processing entity decrypts the token and verifies the signature of the client. The request of the content provider is validated through a comparison of the request with the constraints indicated in the decrypted token. Valid requests are processed.Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Inventors: Peter James McCann, Kumar Venkata Vemuri
-
Publication number: 20040064708Abstract: A security token is used to dynamically create a user account on a host computer system. The token preferably is programmed with a user's credentials which includes information regarding the user account and security data. Once programmed, the token then can be inserted into a host computer. The user verifies himself or herself to the host computer/token and the token verifies itself to the host computer. Once verified, the user's credentials stored on the token are accessed to dynamically create the user account on the host system. The token may comprise a smart card, USB-compatible memory device, and the like. Storage media, such as floppy disks, also can be used if fewer security features are acceptable.Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Applicant: Compaq Information Technologies Group, L.P.Inventors: Michael F. Angelo, Manuel Novoa, John A. Carchide
-
Publication number: 20040064709Abstract: An apparatus and method of security is disclosed. The apparatus for determining a primary location and an identity of at least one person, comprising at least one sensor, wherein the at least one sensor provides a current location and at least one identifying characteristic about at least one person to a match validation system. The method for determining the primary location and the identity of the at least one person is also disclosed. The method comprises the steps of: providing a current location of at least one sensor and at least one identifying characteristic of at least one person to a match verification system; and matching the at least one identifying characteristic of the at least one person and the at least one verified identifying characteristic; and verifying the match.Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Inventor: James G. Heath
-
Publication number: 20040064710Abstract: An improved system and approaches for exchanging secured files (e.g., documents) between internal users of an organization and external users are disclosed. A file security system of the organization operates to protect the files of the organization and thus prevents or limits external users from accessing internal documents. Although the external users are unaffiliated with the organization (i.e., not employees or contractors), the external users often have working relationships with internal users. These working relationships (also referred to herein as partner relationships) often present the need for file (document) exchange. According to one aspect, external users having working relationships with internal users are able to be given limited user privileges within the file security system, such that restricted file (document) exchange is permitted between such internal and external users.Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Applicant: Pervasive Security Systems, Inc.Inventor: Klimenty Vainstein
-
Publication number: 20040064711Abstract: A transaction device adds or injects a random noise component into signals representing (x,y) coordinate signals associated with user interface with an input screen associated with the device. The noise component can be generated by converting to analog the output of a random number generator, and then adding the noise component to the x-axis and/or y-axis component of the (x,y) coordinate signal. Alternatively the noise component can be injected into the x-axis and/or y-axis operating potential for the input screen. The result is a masking of the original (x,y) positional information. The randomly generated number is only available internal to the device. The device can use this number to de-crypt the true (x,y) signals, which signals can then be re-encrypted before transmitting from the device.Type: ApplicationFiled: March 7, 2003Publication date: April 1, 2004Inventors: Llavanya Fernando, Nathan C. Wang, G.F.R. Sulak Soysa
-
Publication number: 20040064712Abstract: An electronic system, such as a multimedia player, renders encrypted multimedia content from a local memory device or a remote multimedia server. In one embodiment, the multimedia player is implemented with a general-purpose computer executing tamper-resistant software (TRS). To prevent debugging of the TRS while it is executing, exception handlers that could be used by software debuggers or hackers are replaced by substitute exception handlers. Instrumented exceptions are occasionally caused by the TRS, and if these exceptions are not correctly handled by the substitute exception handlers, execution of the TRS may be terminated. To verify that the substitute (and non-substitute) exception handlers have not been tampered with by rogue software, the instructions of the exception handlers may be occasionally read and checked, and if any instruction has been changed, the TRS may be terminated. Various methods of protecting multimedia content are also described, in addition to a machine-accessible medium.Type: ApplicationFiled: September 27, 2002Publication date: April 1, 2004Applicant: Intel CorporationInventors: William C. Arthur, Richard L. Maliszewski, Keith L. Shippy
-
Publication number: 20040064713Abstract: The invention is a system to secure data. The data security system includes data, a data security system enforcer, a local policy database, and a centralized policy manager. When a block level file access request is received, the data security system enforcer checks the local policy database to see if the file access request is authorized. If the file access request is authorized, then the file access request is performed. Intrusions may be determined based on the type and number of unauthorized file access requests. Forensic analysis may be performed on a database logging file access requests (both authorized and unauthorized).Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Applicant: Intel CorporationInventor: Satyendra Yadav
-
Publication number: 20040064714Abstract: Systems and methods that process and protect content are provided. In one example, a system may include, for example, a first device coupled to a second device. The first device may include, for example, an integrated circuit that may include a content processing system and a security system. The security system may include, for example, a digital rights manager. The first device and the second device may be part of a network. The network receives content and control information via the first device. The content processing system processes incoming content based upon at least the control information. The integrated circuit protects the content before placing the content on the network.Type: ApplicationFiled: December 20, 2002Publication date: April 1, 2004Inventor: Jeffrey Douglas Carr
-
Publication number: 20040064715Abstract: A method and device are provided for accessing a memory of an information processing device in order to prevent tampering to a program in the memory. In one example, the method involves making it difficult to extract inner information inside an integrated circuit (IC) chip via analyzing variations of power consumption of the IC chip. A relationship between address information processed inside the IC chip and the power consumption is made inconspicuous. The Difference between hamming distances of certain memory portions is reduced so as to reduce changes of a program counter in each execution of conditional branch instructions.Type: ApplicationFiled: June 3, 2003Publication date: April 1, 2004Applicant: Hitachi, Ltd.Inventors: Masahiro Kaminaga, Takashi Endo, Takashi Watanabe
-
Publication number: 20040064716Abstract: A detecting data processing apparatus determines whether one or more code words of a predetermined set of code words are present in a suspected version of a material item. The apparatus comprises a registration processor operable to associate samples of the suspected version with samples of a copy of the original material item, a recovery processor and a detection processor. The recovery processor is operable to generate a recovered code word by comparing the registered copy of the original and the suspect material items. The detection processor is operable to detect one or more code words from a correlation between the recovered code word and the code words from the set. The registration processor is operable to form at least one reduced-bandwidth-version of the material item and to associate the suspected version and the copy of the material item in accordance with a comparison between the reduced-bandwidth-versions of the suspected version and the original material item.Type: ApplicationFiled: July 1, 2003Publication date: April 1, 2004Inventor: Daniel Warren Tapson
-
Publication number: 20040064717Abstract: A recording and reproducing apparatus having a recording medium and cartridge memory inside a cartridge and making a copy of control information memorized in said cartridge memory recorded, in which control information memorized in the cartridge memory is compared with one recorded in the recording medium, thereby a recording or reproducing operation of the apparatus is selected based on the compared result. Moreover in the apparatus, a password is memorized in the cartridge memory in advance and an authentication is made with the password being input through an external input means, thereby its recording or reproducing operation is selected based on the authenticated result.Type: ApplicationFiled: September 9, 2003Publication date: April 1, 2004Applicant: FUJI PHOTO FILM CO., LTD.Inventor: Nobuyuki Tada
-
Publication number: 20040064718Abstract: A system, method, and computer program product are disclosed for prohibiting unauthorized access to a protected region of memory. A protected region of memory and a trusted region of memory are both specified. A call to access a location within the protected region of memory is received. An origination location of the call is then determined. In response to a determination that the origination location is within the trusted region, the call is permitted to access the protected region of memory. In response to a determination that the origination location is outside of the trusted region, the call is prohibited from accessing the protected region of memory.Type: ApplicationFiled: September 12, 2002Publication date: April 1, 2004Applicant: International Business Machines CorporationInventors: Bradley Ryan Harrington, Kevin Brian Locke
-
Publication number: 20040064719Abstract: A method and apparatus for digital content access control comprises sending a digital content request comprising a request for digital content to a content provisioner capable of authenticating the request, receiving an authenticated digital content request in response to the digital content request and sending the authenticated digital content request to a content repository that provides storage for the digital content.Type: ApplicationFiled: September 13, 2002Publication date: April 1, 2004Applicant: Sun Microsystems, Inc., a Delaware CorporationInventors: Eduard de Jong, Aaron Cooley, Jon Bostrom
-
Publication number: 20040064720Abstract: A removable, wireless, cryptographic ignition key (CIK) provides a user the capability to conduct secure operations utilizing a processor as long as the CIK is within the vicinity of the processor. This removable CIK may be utilized in applications related to conducting secure operations on desktop computers, laptop computers, wireless telephones, handheld radios (e.g., military radios requiring secure communications), and personal digital assistants (PDAs). Secure operations are enabled upon insertion and removal of the CIK into/from the processor. If a predetermined proximity between the removable CIK and the processor is exceeded (e.g., the user leaves the room, the user puts the processor on a moving belt on an X-ray machine at the airport, the processor is stolen), secure operations are disabled. Secure operations may be resumed, upon the CIK being inserted and removed into/from the processor again.Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Inventors: Clifford Hessel, David Mark Smith
-
Publication number: 20040064721Abstract: A namespace management module utilizes a persistent reservation store that associates URI namespaces with one or more permissions. The reservation store can contain a number of reservation entries that each include a URI identifying a URI namespace and a corresponding Access Control List (“ACLs”) that includes permissions for the identified URI namespace. When a request to register a URI namespace is received, the permissions of an appropriate ACL can be checked to determine if the registration is approved. When a resource request is received, permissions of the ACLs can also be checked to determine if the resource request should be routed to a registered process. Preemptive wildcards can be included in aggregated URIs to identify aggregated URI namespaces. Aggregated URIs can be included in registration requests to override the registration of unauthorized processes.Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Applicant: Microsoft CorporationInventors: Arvind M. Murching, Henry L. Sanders, Eric B. Stenson, Shivakumar Seetharaman, Rajesh Sundaram, Anish V. Desai, George V. Reilly
-
Publication number: 20040064722Abstract: A computer security system and method that includes executing a vaccine program on a computer, where the program searches for a known vulnerability in software on the computer. Upon detecting a vulnerability, the program triggers execution of code that performs at least one non-malicious activity to effect reducing risk associated with the vulnerability, such as generating a notification or applying a software patch to neutralize the vulnerability.Type: ApplicationFiled: October 1, 2002Publication date: April 1, 2004Inventors: Dinesh Neelay, Sudha Verma
-
Publication number: 20040064723Abstract: A method and an apparatus for performing a virtual memory access. A software object is executed. A security level for the software object is established. A secondary table is established. A memory access request based upon the executing of the software object is received. At least one security level that corresponds to a segment in the secondary table is determined. A match between an execution security level and a security level associated with a segment being accessed is verified in response to an execution of the software object. A virtual memory address based upon the secondary table in response to a match between the execution security level and the security level associated with the segment being accessed is determined. A physical memory location corresponding to the virtual memory address is located. A portion of a memory based upon locating the physical memory location is accessed.Type: ApplicationFiled: October 31, 2001Publication date: April 1, 2004Inventors: Brian C. Barnes, Geoffrey S. Strongin, Rodney W. Schmidt
-
Publication number: 20040064724Abstract: Controlling access to a resource, including creating a security object in dependence upon user-selected security control data types, including asserting security control data as security facts into a security knowledge database and asserting security rules into the security knowledge database, the security object including security control data and at least one security method, receiving a request for access to the resource, and receiving security request data. Embodiments include asserting the security request data as security facts into the security knowledge database, and determining access to the resource in dependence upon the security facts and security rules in the security knowledge database.Type: ApplicationFiled: September 12, 2002Publication date: April 1, 2004Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Benjamin Andrew Himmel, Maria Azua Himmel, Herman Rodriguez, Newton James Smith, Clifford Jay Spinac
-
Publication number: 20040064725Abstract: A computer in a network runs a verification procedure in which it sends data packets to another computer in the network. Some or all of the data packets contain, either individually or collectively, a secret piece of information, such as a secret code. The computer then makes a determination regarding the network links between it and the other computer. If, for example, the other computer is able to respond by providing the secret piece of information back, then the computer sending the data packets concludes that the devices along the network links en route to the other computer are properly forwarding data packets.Type: ApplicationFiled: September 18, 2002Publication date: April 1, 2004Applicant: Microsoft CorporationInventors: Venkata N. Padmanabhan, Daniel R. Simon
-
Publication number: 20040064726Abstract: Vulnerabilities may be managed by receiving a vulnerability message describing a profile of a computer system vulnerable to a threat, identifying one or more vulnerable systems with the profile described in the received vulnerability message, the vulnerable systems having a vulnerability that may be exploited by the threat, and generating a display that includes a list of the identified vulnerable systems.Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Inventor: Mario Girouard
-
Publication number: 20040064727Abstract: The invention is a system and method for applying a uniform network security policy. The security policy is described using a computer-readable file. The computer-readable file may be filtered and/or translated into other files that may be used as inputs to security devices. An example of one such security device is a remote system security controller, which is responsible for ensuring that remote devices outside the corporate network enforce the corporate security policy. In addition, the system is capable of updating the security policy of all network components based on feedback received from one or more devices.Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Applicant: Intel CorporationInventor: Satyendra Yadav
-
Publication number: 20040064728Abstract: A security device restricting access to various machines, places or data, using a security device that is kept in close proximity to a portion of the body of a person and is activated to provide access to those machines, places or data to a that person only when that person is confirmed to be a designated person, and which is automatically deactivated when it ceases to be in close proximity to that person's body.Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Inventor: Christoph E. Scheurich
-
Publication number: 20040064729Abstract: Through associating each data partition within a replicated storage domain of networked storage devices with one of multiple secret keys shared with a file manager, a credential is issued from the file manager to a client requesting access to a partition. The credential includes a network address for the partition to which the client is to direct its actions. The storage device periodically confirms with the file manager the validity of the shared secret keys. Through logical process and evaluations applied to issuing the credential and determining the address of the partition to be included in each credential, the file manager may invalidate partitions individually, provide load balancing between access of original and replica partitions, and provide security functions such as isolation of partitions for access by and tracking of unauthorized users, or for testing purposes.Type: ApplicationFiled: September 30, 2002Publication date: April 1, 2004Applicant: International Business Machines CorporationInventor: Krishna Kishore Yellepeddy
-
Publication number: 20040064730Abstract: The object of the present invention is to provide a user authentication apparatus that is easy for the user of a mobile wireless communication terminal to use and that makes it possible to authenticate a user reliably, and to provide a method of controlling this apparatus. After authentication (S25) is performed based upon a user ID and password, e-mail that has been made to include a temporary URL that is valid for a fixed period of time is transmitted to a mobile station 11 (S30). The mobile station 11 is authenticated by determining (S32) whether it has accessed the temporary URL within the period of validity.Type: ApplicationFiled: October 27, 2003Publication date: April 1, 2004Inventors: Hiroyuki Kamiyama, Norio Ando, Joohai Ch'ng
-
Publication number: 20040064731Abstract: An Integrated Security Administrator (ISA) for managing an Informational Network (IN) includes a plurality of monitoring agents, wherein at least one of the plurality of monitoring agents is configured to obtain a plurality of events from a plurality of monitored elements, reduce the plurality of events to obtain a reduced plurality of events, select an event from the reduced plurality of events, characterize the event using stored knowledge, and respond to the event at a response level, and a core system configured to update data and instructions stored on the at least one of the plurality of monitoring agents.Type: ApplicationFiled: June 5, 2003Publication date: April 1, 2004Inventors: Timothy Thien-Kiem Nguyen, Martha Fischer Evert, Francois Thierry Barret
-
Publication number: 20040064732Abstract: A method and device for detecting intrusion on a computer system utilizes a target server running software that is executed for a client only upon receiving authorization from a monitoring server to execute the software. When an attempt to execute software on the target server by a client is not authorized, monitoring server notifies the system administrator of the unauthorized attempt.Type: ApplicationFiled: June 17, 2003Publication date: April 1, 2004Inventor: Robert J. Hall
-
Publication number: 20040064733Abstract: An interactive information management system is provided to interact with e-mail systems by which information sent or received as attachment can be managed and shared dynamically among e-mail users. E-mail users can indicate rules on attachment and share information management with e-mail receivers in such a way that ensures data integrity and efficiency. The information management system uses Concurrent Version Control to manage the integrity of the content and may use a different connection channel other than the e-mail itself to transfer attachments. And the system provides both web-based information management interface and e-mail client plug-in interface for real-time attachment and related information management. The user of the system may use any e-mail clients and systems to interact with the information management system.Type: ApplicationFiled: June 26, 2003Publication date: April 1, 2004Applicant: JudoSoft Inc.Inventor: Li Gong
-
Publication number: 20040064734Abstract: The present invention is a method of processing a message addressed to a user address of a user, said message being transmitted through a communication network, including the steps of receiving the message at a message processor; said message processor checking for a valid authorization tag issued to the message; if the message has a valid authorization tag, said message processor transmitting the message through the network to the user; if the message does not have a valid authorization tag, delaying transmission of the message until verification of the message is conducted.Type: ApplicationFiled: June 30, 2003Publication date: April 1, 2004Inventor: Julian Ehrlich
-
Publication number: 20040064735Abstract: Methods and systems for controlling at least a part of a microprocessor system, that include, based at least in part on objectives of at least one electronic attack, using a partially observable Markov decision process (PO-MDP) to provide a model of at least part of the microprocessor system, the PO-MDP including a controller, the controller including an estimation policy to recursively generate a state estimate at stage k based on a state estimate at stage k−1, a control at stage k−1, and an observation at stage k, and, a response policy to select a control at stage k based on the state estimate at stage k, and cause the selected control to be provided to at least a part of the microprocessor system.Type: ApplicationFiled: August 11, 2003Publication date: April 1, 2004Inventors: Tiffany M. Frazier, O. Patrick Kreidl
-
Publication number: 20040064736Abstract: Malicious code detection code is executed by an information handling system. The malicious code detection code includes detection routines. The detection routines are applied to executable code under investigation. The detection routines associate weights to respective code under investigation in response to detections of a valid program or malicious code as a function of the detection routines. It is determined whether code under investigation is a valid program or malicious code as a function of the weights associated by the detection routines.Type: ApplicationFiled: August 25, 2003Publication date: April 1, 2004Applicant: WholeSecurity, Inc.Inventors: Mark Eric Obrecht, Michael Anthony Alagna, Charles Andrew Payne
-
Publication number: 20040064737Abstract: A system (200) detects transmission of potentially malicious packets. The system (200) receives, or otherwise observes, packets and generates hash values based on variable-sized blocks of the packets. The system (200) then compares the generated hash values to hash values associated with prior packets. The system (200) determines that one of the received packets is a potentially malicious packet when one or more of the generated hash values associated with the received packet match one or more of the hash values associated with the prior packets.Type: ApplicationFiled: September 4, 2003Publication date: April 1, 2004Inventors: Walter Clark Milliken, William Timothy Strayer
-
Publication number: 20040064738Abstract: A server computer protection apparatus protects a server computer against DoS attacks, but allows access to the server. The server computer protection apparatus comprises a unit configured to calculate the load state of the server computer on the basis of the number of data requests made upon the server computer, and the number of data responses of the server responsive to the data requests, and for changing the rate of data requests to be transferred to the server, in accordance with the load state.Type: ApplicationFiled: September 25, 2003Publication date: April 1, 2004Applicant: Kabushiki Kaisha ToshibaInventors: Shin-ichi Kanno, Masamichi Tateoka
-
Publication number: 20040064739Abstract: A network accessible apparatus and security method thereof, include identifying whether a command is a reliable request or an unreliable request, wherein a context issues the command to read a content; reading the content and generating a reliable context corresponding to the content when the command is the reliable request; and reading the content and generating an unreliable context corresponding to the content when the command is the unreliable request.Type: ApplicationFiled: September 30, 2003Publication date: April 1, 2004Applicant: SAMSUNG ELECTRONICS CO., LTDInventor: Hyun-Kwon Chung