Abstract: A disk player having a self-compensating dynamic balancer which can limit internal vibrations generated by an eccentric center of gravity of a disk, and a turntable, a clamper and a spindle motor which incorporate a self-compensating dynamic balancer. The self-compensating dynamic balancer is formed integrally with rotating members in a disk player; that is, a turntable, a clamper and/or a rotor of a spindle motor. The self-compensating dynamic balancer includes at least one race which is integrally formed with the rotating member and rotates around a rotational shaft, a mobile unit which is located in the race to be capable of moving, and a cover member for covering an opening of the race. Thus, internal vibrations occurring due to the eccentric center of gravity of the disk can be effectively limited by the self-compensating dynamic balancer in which the mobile unit is disposed far away from the center of orbital rotation by a centrifugal force during rotation thereof.

Abstract: A disc holder for holding at least one media storage disc during rotation includes a central hub arranged for rotation about a central axis. The hub includes resilient centering arms which are arranged to provide an outwardly directed centering force on an internal bore of a carried disc in order to center the carried disc about the axis of rotation of the hub. The arms are disposed in, and movable in, planes which are substantially perpendicular to the axis of rotation of the hub. The disc holder may be arranged for carrying a stack of axially spaced media storage discs and may include axial gripping structure for holding the stack together. The gripping structure may include a central shaft which is held in position by ball shaped clamps which are spring loaded against inclined surfaces.

Abstract: A combination of new hardware at the subscriber site, hardware and services at the satellite broadcasting center and new installation procedures provide a cost-effective approach for verifying “callback” functionality. The required test and monitoring hardware may be provided as an external test CAM and call progress monitor (CPM) or integrated into the IRD. The satellite broadcast center is provided with a call responder & data test system (CRDTS) that is set up to automatically receive and evaluate test calls over a back channel and a call recording system (CRS) that records the test results and notifies the billing center of a successful installation. The installer installs the dish and IRD, verifies “callback” functionality by placing a test call that is evaluated by the CRDTS, and then calls a customer service representative (CSR) to complete the service authorization process. The CSR checks the CRS to verify that the “callback” function is operational and authorizes payment to the installer.

Abstract: A view restriction method surely blocks a program voluntarily designated by a viewer from view. When a restricted program is designated by the viewer (step S1), receiver identification information for identifying a receiver of a viewer is associated with the restricted program (step S2). View restriction information is broadcasted together with the restricted program in a broadcasting time range of the restricted program (step S3). At the receiver, the view restriction information is captured (step S4). At the receiver, display of the restricted program is restricted if the receiver identification information included in the view restriction information matches that set at the receiver (step S5).

Abstract: When TV images are inputted as video data through a channel selected by the first inputting means, the video information including audio information is compressively encoded at a specified compression coding ratio by a compression coding portion, provided with a compression coding ratio statement attached thereto by the compression definition data adding portion and recorded on a recording portion at the specified compression ratio specified by the compression coding control portion. An electronic program guide overlaid on TV signal, which includes genre information, is input to a second information inputting means, decoded by a second information decoding portion and stored as data. The compression coding ratio is set in a setting table with reference to the data by a compression coding ratio control portion.

Abstract: A system and method of adding hyperlinked information to a television broadcast. The broadcast material is analyzed and one or more regions within a frame are identified. Additional information can be associated with a region, and can be transmitted in encoded form, using timing information to identify the frame with which the information is associated. The system comprising a video source and an encoder that produces a transport stream in communication with the video source, an annotation source, a data packet stream generator that produces encoded annotation data packets in communication with the annotation source and the encoder, and a multiplexer system in communication with the encoder and the data packet stream generator. The encoder provides timestamp information to the data packet stream generator and the data packet stream generator synchronizes annotation data from the annotation source with a video signal from the video source in response to the timestamp information.

Abstract: Metadata for a programming event may be generated by receiving descriptive information and timing information for the programming event and analyzing this information to determine category goodness of fit scores for the programming event corresponding to categories of a classification hierarchy. The information is further analyzed to determine keywords associated with the programming event. The category goodness of fit scores and keywords may be stored along with time data and descriptive data for the programming event as metadata for the programming event. Goodness of fit scores may also be generated for the keywords. Related embodiments may pertain to a device implementing such processing. Keyword metadata may be generated using candidate keywords taken from descriptive data associated with the programming event. The candidate key words may be provided individually as inputs to a classification tool configured to generate goodness of fit scores for categories of a classification hierarchy.

Abstract: A network of secure servers, requiring no central entity to administer user identities or access permissions. Each autonomous server hosts a set of user accounts. Users may link to and access the accounts of all other users in the network. Resources in accounts are private, but users may grant each other partial permissions to them. Links and permissions are independent of the location of accounts, and are cryptographically authenticated. Users may migrate their account between servers without loosing accumulated permissions, or breaking links that others have to their account. The ability to grant permissions may be delegated to reflect complex organizational structures. A permission may be configured to unlock data in a multitude of accounts. The system will support applications that require secure information sharing across multiple organizational boundaries, and provides a distributed security model which is feasible to deploy as it is wholly administered by its users.

Abstract: This invention discloses a method and system for communication that consist of an end station and a network interface, such that, the network interface is capable of determining the authenticity of the program used by the end station to generate and send data packets. The method is based on using a hidden program that was obfuscated and encrypted within the program that is used to generate and send data packets from the end station. The hidden program is being updated dynamically and it includes the functionality for generating a pseudo random sequence of security signals. Only the network interface knows how the pseudo random sequence of security signals were generated, and therefore, the network interface is able to check the validity of the pseudo random sequence of security signals, and thereby, verify the authenticity of the programs used to generate and send data packets. The method further comprises of means for coordinating the initialization of the end station and network interface.

Abstract: According to an approach for assigning network addresses to network devices, an authentication request that requests authentication of identification data that uniquely identifies a network device is generated and sent to an authentication mechanism. An authentication response is received from the authentication mechanism that indicates whether the network device is authorized to access a first network. If the authentication response indicates that the network device is authorized to access the first network, then a first network address on a first network is assigned to the network device. If the authentication response indicates that the network device is not authorized to access the first network, then a second network address on a second network to the network device is assigned. If no authentication response is received from the authentication mechanism, then the second network address on the second network is assigned to the network device.

Abstract: When in order to enable the use of a plurality of applications (AP1 to AP3) simultaneously, preparation commands, having identifiers attached, are provided according to the respective applications and working areas for the respective applications are secured inside a RAM (134). By providing a verification command having a specific identifier, a verification process concerning a specific application is performed and a verification result is stored in the corresponding application working area. This verification result is used until the completion of a communication session. To make a specific application execute a desired process, a process executing command that designates an identifier attached to the corresponding application is provided. Adequate security can be ensured and yet a series of linked processes can be performed smoothly while switching among a plurality of application programs in the same communication session.

Abstract: A software application and corresponding architecture to implement the application that dynamically updates the access control list and keeps track of the distribution routes of a document in a repository where the document is built and accessed through usage of a common email system. The access control list and distribution routes are built by tracking recipients of the email message linked to the document. Some recipients can be disabled by the originator from forwarding the referenced databases within the emailed document, while others may designate further transmissions to selected persons or groups.

Abstract: The present invention is a system and method of enrolling potential system users for a biometric system for identity verification. Potential system user information is entered into the system, either by the user or a system operator, and is stored as a partially-enabled user record. The user of a partially-enabled user record fully enables the record by presenting information previously stored in the user record and presenting the remainder of user information necessary to complete record activation. Enrollment data is used to authenticate the system user's identity and authorize related transaction accesses in a biometric system for identity verification.

Abstract: The present invention relates to a storage device for supporting an iSCSI protocol as an interface with host devices, wherein, in realizing an authentication function of access control following the iSCSI protocol, presence and absence of an authentication of the host device connected under the same port can coexist. In the storage device that can be connected to a plurality of host devices, access information from the host devices is received through the iSCSI port, and the host devices are identified based on the access information and refers to an authentication control table memorized in a shared memory and associating an iSCSI name for specifying the host device in the unit of iSCSI port, with authentication information of the host device (necessity of authentication, user ID/password), to determine the necessity of the authentication to the iSCSI port from the host device.

Abstract: A streaming media application attempting to establish a streaming media connection first attempts to establish the connection directly using a format such as UDP. If no direct connection can be established, the media application attempts to establish a connection through a proxy server using proxy server information obtained from installed software components such as browsers that manage Internet connections. If necessary, an auto configuration web page is utilized to obtain the proxy server address. The invention also includes methods for blocking streaming media connections.

Abstract: Methods and apparatus for implementing an access list key for accessing information associated with a packet from an access list are disclosed. The packet includes an IP source address field and an IP destination address field, the IP source address field including an IP source address and the IP destination address field including an IP destination address, the IP source address and the IP destination address each having a number of bits (e.g., 128 bits in the case of IPv6). An IP source address is obtained from the IP source address field of the packet and an IP destination address is obtained from the IP destination address field of the packet. A modified IP source address is generated from the obtained IP source address such that the number of bits in the modified IP source address is less than the number of bits in the obtained IP source address.

Abstract: A password strength checking method has the steps of inputting a password to be checked, generating a plaintext password candidate according to the same generation procedure as that used by a password guessing tool, determining whether or not the inputted password and the generated password candidate match each other, directing generation of the next password candidate when the match is not determined, determining strength of the inputted password based on the number of the generated password candidates when the match is determined, and outputting information of the determined password strength.

Abstract: A Denial of Service attack received at a network node from a packet data communications network is managed by tracing the path of predominantly malicious data packets arriving at the network node. The attack may be mitigated by selecting a router along the detected path and requesting the router to alter its handling of the data traffic. In one embodiment, the selected router installs a filter for data directed at the network node. In a different embodiment, the router alters a Quality of Service setting for the data directed at the network node. The network node may also request the router to mark all data being forwarded to it, to allow the network to characterize the data and determine to what extent it consists of malicious data.

Abstract: Using protocol cause codes, a mobile telecommunications network (10) may be pre-configured with a rule set (63) to report the results of the cause codes to an automated security event processing system (50) for security event detection and containment. The cause code information sent from the network nodes (30, 40) to the automated security event processing system will allow for security event correlation across network nodes for the determination and resolution of security breaches.

Abstract: Methods, apparati, and computer-readable media for countering malicious code infections to computer files (20). A preferred embodiment comprises selecting (40) an invariant section of each file (20), wherein said invariant section is invariant to malicious code infections and to repair thereof; for each of a set of known malicious code files, using an algorithm to generate (41) a template corresponding to the invariant section; using said algorithm to define a target (29), corresponding to said invariant section, within a test file (20); comparing (46) the target (29) with the templates; and declaring (48) the presence of malicious code in the test file (20) when the target (29) matches a template.

Abstract: A processor based system and method for virus detection is described. In one embodiment, a processor comprises a plurality of functional units. The plurality of functional units includes a first functional unit and a second functional unit, the first functional unit to receive instructions, to determine whether ones of the instructions are associated with a virus, and to transmit the ones of the instructions not associated with the virus to the second functional unit. In one embodiment, the method includes receiving an instruction in a first functional unit of a processor pipeline. The method further includes determining whether the instruction is associated with a virus. The method further includes transmitting the instruction to a second functional unit of the processor pipeline for further processing.

Abstract: A method is described that provides efficient, secure web-based recognition services. More particularly, an embodiment of the method relates to confidential encoding by dissociating image information into individual word segments, or snippets, at a distribution point and distributing the snippets over a network to users who subscribe to provide their services. Users could include college students, housewives, or any individual with Internet access. The users view the snippets, enter equivalent ASCII information for the snippets, and send the ASCII information back over the network to the distribution point for reassembly.

Abstract: A method and apparatus for activating protected content on a portable memory device when the portable memory device is incorporated into a mobile terminal during the manufacture of the mobile terminal. During manufacturing, the portable memory device is coupled to the mobile terminal, and the mobile terminal is powered on. An activation program resident on the mobile terminal is executed upon power on of the mobile terminal. The activation program imports a secure rights database of rights files from the portable memory device, activates an active rights database resident on the mobile terminal based on the imported secure rights database, and disables the secure rights database on the portable memory device to prevent subsequent unauthorized use of the portable memory device.

Abstract: A secure document printing system is provided. A policy server is used to define access rules for a document, and select individual users and/or groups that will have access to the document. The policy server stores the access rules along with a document decryption key. The policy server's name and address are packed in the document, and then encrypted and sent to a print server which stores it for later access. A recipient is notified that the document resides on a particular print server. The print server retrieves the specified document, contacts the policy server named in the document, and requests the document decryption key and access rules for the user, print server, and document from the policy server which replies with the related decryption key and access rules. The print server decrypts the document and prints the document based on the access rules.

Abstract: Systems, methods, and a storage medium for storing and securely transmitting digital media data in a networked system are provided. The method includes determining an amount of memory for storing the digital media data. The method further includes querying a plurality of network computers to determine an amount of available memory in a plurality of memory storage devices associated with the plurality of network computers. The method further includes receiving the digital media data and partitioning the digital media data into a plurality of digital media data sets. The method further includes encrypting the plurality of digital media data sets into a plurality of encrypted digital media data sets using at least one encryption key value. The method further includes storing the plurality of encrypted digital media data sets in at least two of the plurality of memory storage devices associated with the plurality of network computers.

Abstract: A method of maintaining security of a BIOS included in a BIOS ROM of a computer system. The method of BIOS security of the computer system includes storing a check sum value calculated by byte-adding a user password and a product serial number of a BIOS ROM. The method further includes comparing the stored check sum value with a check sum value calculated by byte-adding an inputted password and the product serial number of the BIOS ROM. The method further includes enabling writing to the BIOS ROM when the stored check sum value and the calculated check sum value are equal. Thus, by adding a checking function to check the product serial number given by manufacturer and the director password given by a user, the BIOS ROM is effectively protected from an optional or malicious falsification, change, or removal action.

Abstract: A controller of the computerized device monitors a configuration state of the computerized device by maintaining a record of the hardware or software configuration of the computerized device and recording, between user sessions, any detectable attachments or detachments of peripheral devices relative to the computerized device. The controller provides a two-level login procedure for the computerized device that ensures the user's high-security credentials are not presented to the controller until after the user has had the opportunity to be warned of detected configuration changes with respect to the computerized device. The controller provides a first login query to a user for a password. Upon reception of a successful first login response, the controller displays a warning screen that indicates, for example, whether the controller has detected any change to the hardware or software configuration of the computer since the user's last session.