Abstract: An IPC protocol/network allows for dynamic dedication of ports in order to reduce system latencies and power consumption. The IPC system allows for either the IPC server or any of the IPC clients to request that a port(s) be dedicated for use in the transfer of data, such as real-time data. The request for a port can occur for example by a client transmitting a control message to the server/another client requesting that a particular port be dedicated for its use. The server and client(s) negotiate the port dedication and once dedicated, the client can use the dedicated port to transfer its data either to the server or to another client. In one embodiment, the server can take away a dedicated port if it determines it needs the port for another data transfer that may be more critical or have a higher priority.

Abstract: System and method for direct call of a target function by a start function by means of a processor with a memory management unit (MMU) in a computer operated by an operating system. A first task with a first memory context and with the staff function as a component executes the start function to perform a context switch from the first memory context into a second memory context. The target function is a component of a second task with the second memory context. The target function is executed in the second memory context, and the context switch is reversed to return to the first memory context after executing the target function.

Abstract: A pickup supporter 72 supporting a pickup device 70A includes a driver 76 having an abutting surface 764 that is a flat surface substantially in parallel to an axial direction of a lead screw 752 and intersecting with both a focus direction and a plane direction substantially vertical to the focus direction. With such arrangement, even when a posture of the pickup supporter 72 is changed by adjusting heights of the main shaft 74A and the sub shaft 74B, the screw abutting surface 764 can abut on the lead screw 752 at a substantially constant angle. Therefore, when the posture of the pickup supporter 72 is changed, substantially constant driving force can be transmitted from the lead screw 752, so that stable and proper driving force can be constantly obtained.

Abstract: A disc device includes: a casing including: a casing body that has a housing section of a disc 4 and houses a device body including a drive unit for rotating the disc 4; and a cover section rotatably supported on the casing body for closing the housing section. The casing includes: a rotation stop mechanism 5 for stopping rotation of the disc 4 when the cover section is opened. The rotation stop mechanism 5 includes a lever 6 rotatably supported on the casing body and having a contact section 631 contacting with the disc 4 when the cover section is opened; a biasing unit 7 provided on the lever 6 for biasing the contact section 631 toward an edge face of the disc 4; and a first releasing unit 13B provided in a protruding state on the cover section, the releasing unit 13B contacting with the lever 6 to rotate the lever 6 for releasing contact between the contact section 631 and the disc 4 when the cover section is closed.

Abstract: A disc cartridge includes a cartridge main body 2, a rotation wheel 4 rotatably accommodated in the cartridge main body 2, a pair of shutter plates 5a, 5b interposed between a lower shell 7 and the rotation wheel 4 for releasing a first opening 24 of a lower shell 7 and a second opening 44 of the rotation wheel 4 in association with the rotation of the rotation wheel 4 when the first opening 24 coincides with the second opening 44, and a locking member 72 for prohibiting the rotation of the rotation wheel 4. The locking member 72 includes a locking portion 76 engaged with an engaging recessed portion 85 of the rotation wheel 4 for locking the rotation wheel 4 at a position where the shutter plates 5a, 5b close the first opening 24 and a first and second unlocking pieces 77, 78 for releasing the state that the locking portion 76 is engaged with the engaging recessed portion 85.

Abstract: Methods and apparatus for media source identification and time shifted media consumption measurements are disclosed. A disclosed method identifies a media source by generating first signature information based on media presented via a media delivery device and comparing the first signature information to second signature information. The second signature information is derived from a library of signature information local to the media delivery device. The disclosed method generates a collection of matching signature information based on the comparison of the first and second signature information, and identifies a source of the media presented via the media delivery device based on the collection of matching signature information.

Abstract: An audience measurement system identifies a program which is broadcast from a signal source and to which a receiver is tuned. The audience measurement system includes a code reader for reading an ancillary code of the program to which the receiver is tuned, a channel status detector for determining channel status relating to channels to which the receiver is tuned, a memory for storing ancillary codes read by the code reading means and for storing channel status determined by the channel status determining means if ancillary codes are not readable by the code reading means, and a communicator for communicating the ancillary code and/or the channel status to a central office computer.

Abstract: First rating information, together with a television broadcasting signal, is transmitted, and second rating information, together with electronic program guide information, is transmitted. A controller extracts the first rating information from video data decoded by a video decoder, and extracts the second rating information from EPG data decoded by an EPG processor. At the time of reserving a program, it is judged whether or not the program can be reserved by restricting viewing on the basis of the second rating information, and the result of the judgment is displayed on a program reservation setting guide.

Abstract: A digital broadcast signal for use in a digital television receiver includes a rating region table carrying rating information for multiple geographical regions, and a master guide table carrying information related to the rating region table. The master guide table includes a version number field defining a version number of the rating region table and at least one effective time field defining an effective time of the version number. The effective time represents a time after which a use of the rating region table is permitted. For example, it may be represented by a number of global positioning system (GPS) seconds since a coordinated universal time (UTC). The effective time field is included in a descriptor within the master guide table.

Abstract: This invention discloses a method for displaying advertisements transmitted to a user unit, the method includes receiving, at the user unit, at least one advertisement tagged with a delay tag indicating whether display of the at least one advertisement can be delayed and only if the delay tag allows delaying display of the at least one advertisement, storing the at least one advertisement at the user unit, retrieving the at least one advertisement and displaying the at least one advertisement. A billing system for reporting a commercial broadcast to a multiplicity of users is also disclosed.

Abstract: The present invention provides a system and method for interfacing between a digital TV and a plurality of remote controllers, remote controller thereof, and remote controller signal transmitting method thereof, by which Java API enabling to support a plurality of remote controllers is defined to enable interfacing between the digital TV and a plurality of the remote controllers. In interfacing between a digital TV and a plurality of remote controllers, the present invention includes the steps of defining an event class including remote controller identifiers enabling to identify a plurality of the remote controllers, respectively and identifying a plurality of the remote controllers using the event class including the remote controller identifiers, respectively and controlling the digital TV according to a signal received from the identified remote controller.

Abstract: Disclosed is a set-top box capable of delivering television, internet service, video phone service, video-on-demand, and other media services to a consumer. One portion of the set-top box interacts with a CDMA network for the purpose of receiving wireless internet, video-on-demand, videophone and other IP services. Another portion of the device is satellite-enabled. The satellite portion of the device enables the user to also receive satellite service. Because the set-top box works to receive satellite programming and wireless CDMA network communications, it is not terrestrially-bound. This means it is not bound to be included within a cable, telephone, or other wired circuit network.

Abstract: A remote user interface transmits a digital media request through a communication link to a control which is coupled to a digital audio-visual playback device for selecting and playing a stored digital media by the playback device. The control receives the digital media request and transmits digital media selection and/or the selected digital media content directly to a selected playback device or indirectly to the selected playback device through a playback device server. The communication between the control and the playback device can be through a global communication network.

Abstract: A personal media broadcasting system enables video distribution over a computer network and allows a user to view and control media sources over a computer network from a remote location. A personal broadcaster receives an input from one or more types of media sources, digitizes and compresses the content, and streams the compressed media over a computer network to a media player running on any of a wide range of client devices for viewing the media. The system may allow the user to issue control commands (e.g., “channel up”) from the media player to the broadcaster, causing the source device to execute the commands. The broadcaster and the media player may employ several techniques for buffering, transmitting, and viewing the content to improve the user's experience.

Abstract: An audio input interface (122) receives a digital audio signal and identifies an audio bitstream which is optionally decrypted by a decryption unit (123), and decoded by an audio decoding unit (124). An audio digital to analog converter (126) converts the decoded audio bitstream to an analog audio signal which is optionally decrypted by an audio analog decryption unit (127) and output by an audio output interface (128) to an analog wireline device (100). A video input interface (142) receives a digital video signal and identifies a video bitstream which is optionally decrypted by a video digital decryption unit (143), and decoded by a video decoding unit (144). A video digital to analog converter (146) converts the decoded video bitstream to an analog video signal that is optionally decrypted by a video analog decryption unit (147) and output by a video output interface (148) to the analog wireline device (100).

Abstract: A method and system of analyzing the perceived quality of streaming media that includes transmitting at least one data packet from a stream sender to a stream receiver via a network connection; analyzing the data packets at the stream receiver, where the stream receiver determines whether there are data packets missing from the stream sender's data packets; requesting retransmission of specific data packets missing from the stream receiver; and retransmitting at least one specific data packet missing from the stream sender to the stream receiver.

Abstract: A method for user assisted association between a television and a telephony device is provided. A set-top box requests an identification code from a server. The server identifies the set-top box, generates the code and transmits it to the set-top box. The set-top box displays the code and a user transmits the code back to the server via a telephony device. The server identifies the telephony device, and using the code, associates between the set-top box and the telephony device.

Abstract: The invention relates to video distribution systems and, more particularly, to a system that blanket transmits video/audio content such as movies (for example, via satellite downlink transmission) to each customer's recording, storage and playback system. Customers may preselect from a list of available movies or other content in advance using an interactive screen selector, and pay for the video/audio content that is actually viewed.

Abstract: A broadcast receiver includes an input unit, a receiving unit, a control unit, a main memory, a demultiplexer unit, and a decoding unit. A transport stream of digital packetized data includes various data types identified by various parameters within the packet header. A filtering table lists select identifying parameters representing the various data types which are to be stored and processed. Data packets which do not have a select parameter found within the filtering table are ignored by the broadcast receiver. The filtering table is scalable by a control unit to an optimum size, which is the minimum size necessary to store all necessary parameters. A control unit determines the number of parameters required in the filtering table, and scales the filtering table to accommodate that number of parameters.

Abstract: Graphic images that overlay a transmitted video signal are provided in the form of bitmaps that allow any character or font size to be displayed. A color-look-up-table (CLUT) at a receiver is defined that maps “m” inputs to a combination of color and luminance values for display. One or more map tables are provided that allow pixel colors to be encoded using fewer than “m” bits, the map tables providing an “m” bit output for accessing the CLUT. The provider of the graphic images can also specify a required minimum number of CLUT colors for rendering the images; if this minimum is greater than “m”, the image is not rendered. The use of map tables provides compatibility between a variety of encoding techniques and a variety of rendering devices, without requiring different CLUTs to be transmitted for each different color encoding format.

Abstract: A system, method and computer program product are provided for policy management. In use, a plurality of rules for applying policies to a computer are identified. Further, information associated with the computer is also identified. Such rules and information are then utilized for applying the policies to the computer.

Abstract: Risk events occurring on a computer system are logged over time and a risk profile is dynamically generated and updated based on the logged risk events. In one embodiment, a security policy is dynamically set and updated based on the risk profile.

Abstract: A method and system for filtering malicious packets received at the edge of a service provider (SP) domain is provided. A protocol aware border element identifies the protocol used by any ingress packet, and then determines which domain-specific information is used in the application payload of the packet to form the source identity. If this packet pretends to come from the SP domain, and no domain entity is allowed to roam, the packet is identified as illegitimate and is subjected to a given security policy. The border element also identifies as legitimate the SP domain entities that are allowed to roam, and legitimate sources outside said SP domain that communicates customary with entities in the SP domain.

Abstract: Techniques are provided for preserving and managing identities within an audit log. Initial entries into a log do not include an explicit and direct reference to an agent that performs a transaction; rather, the agent acquires a temporary transaction identity for the transaction and an indirect reference to the transaction identity is written to the log while the transaction is pending. Once the transaction completes a direct reference to the transaction identity is written to the log, the identity of agent remains transparent until the identity of the agent expires, if at all.

Abstract: The subject matter disclosed herein relates to authenticating an identity of users desiring access to an application program and determining whether an authenticated user is authorized to access one or more aspects of the application program.

Abstract: A data server of a data processing system is operably coupled to a database and in communication with a middleware server. A connection between the data server and the middleware server is established and managed. A set of attributes identifying trusted middleware servers is instituted with the data server. The middleware server transmits a connection request to the data server. The connection request has request attributes including identifying the connection request as being for a new connection or reuse of an existing connection with different connection request attributes. A connection with the middleware server is established by the data server based on the connection request. A connection status message is received by the middleware server from the data server indicating a status of the connection request. A trust indicator for the connection is established at the data server according to a trust status identified by the set of attributes for the middleware server.

Abstract: Provided is a method for intercepting a message between a requesting web service and a source web service, validating the message, logging the result of the validations, and adding a security profile to the message. The method may also include examining the message to determine whether a security profile is embedded therein. If the message is valid, access to the message by the requesting web service is permitted. If the message is not valid, access to the message by the requesting web service is prevented.

Abstract: Systems, methods, and program products are provided for switching identity of a user that has a first username associated with a first class of users. According to the method, login information is received from the user, with the login information including the first username, an alternate class, and a password. The user is authenticated based on the first username and the password, and access to the computer system is provided as the alternate class, with the alternate class being different than the first class. In one preferred embodiment, the login information further includes a second username, and access to the computer system is provided with the rights and privileges of the second username.

Abstract: A host operating in a managed environment intercepts a call from a managed caller to a particular callee and determines whether the call is permissible according to the host's prior configuration of a plurality of callees. The particular callee, which provides access to a resource that the host can be protecting, can have been previously configured by the host to always allow the call to be made, to never allow the call to be made, or to allow the call to be made based upon the degree to which the host trusts the managed caller.

Abstract: A method for authorizing information flows based on security information associated with information objects is provided. A hash key is generated based on an information object and a lookup operation is performed in a hash table based on the hash key. A determination is made whether an entry in the hash table at an index corresponding to the hash key identifies a labelset for the information object. A labelset, identifying a sensitivity of the information object, is stored in the entry at the index corresponding to the hash key for the information object if a labelset for the information object is not identified in the entry in the hash table. Information flows involving the information object are authorized based on a lookup of the labelset associated with the information object in the hash table. The hash table may be a multidimensional hash table.

Abstract: Various embodiments of systems, methods, software tools, etc. for performing an assessment of an application are provided. One embodiment comprises a method for performing an assessment of a web application. One such method comprises: recording user interactions with a web application; and playing back the user interactions to perform an assessment of the web application.

Abstract: A system can be configured using configuration objects that have the ability to refer to one another. In one embodiment, the present invention includes such a system having a plurality of objects used to configure the system, each object having a uniform resource identifier (URI), and an object reference table to enable the plurality of objects to reference each other without using URIs.

Abstract: Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java™ applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides, within a server, firewall or other suitable “re-communicator,” for monitoring information received by the communicator, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information, more suitably by forming a protection agent including the MPC, protection policies and a detected-Downloadable.

Abstract: One embodiment of the invention is directed to managing access of a host computer to a network. A first communication session with the host computer may be conducted to authenticate the host computer's identity. A second communication session with the host computer may be conducted to determine the health status of the host computer.

Abstract: A system and method for resolving an identity includes a security console, which displays security information regarding a secure network. The security information includes at least a first identity used to access the secure network. An operator selects the first identity, and the security console sends it to a resolver. The resolver connects with an identity server to find an access session record with an identity matching the first identity. A second identity is extracted from this record, and the resolver returns a result that includes the second identity. The security console displays the second identity; The first identity can be a user identity of a user, where the second identity is corresponding host identity, or vise versa. In this manner, an efficient interface to security information is provided to an operator, where the operator may resolve a user/host identity to a host/user identity interactively.

Abstract: A generic RootKit detector is disclosed that identifies when a malware, commonly known as RootKit, is resident on a computer. In one embodiment, the generic RootKit detector performs a method that compares the properties of different versions of a library used by the operating system to provide services to an application program. In this regard, when a library is loaded into memory, an aspect of the generic RootKit detector compares two versions of the library; a potentially infected version in memory and a second version stored in a protected state on a storage device. If certain properties of the first version of the library are different from the second version, a determination is made that a RootKit is infection the computer.

Abstract: A patch or set of patches may be deployed, often to a subset of potentially vulnerable systems, to address a particular vulnerability while providing a facility to monitor and, in some cases, characterize post-patch exploit attempts. Often, such a patch will check for an exploit signature and, if an exploit attempt is detected or suspected, take an appropriate action. For example, the patch may include code to log indicative data or trigger such logging. In some exploitations, the patch may generate or contribute to a warning or advisory regarding an additional target (or targets) of the exploit and, if appropriate, initiate a patch or protective measure for the additional target(s). In some exploitations, the patch may simulate responses or behaviors suggestive (to an attacker) of unpatched code. In some exploitations, the patch may direct an exploit attempt to a service (or simulated service) hosted or executing in an isolated protection domain.

Abstract: An authentication section comparing a characteristic included in a user's input into an input section with a characteristic of a person registered in memory, to determine an authentication result. An authentication control section including a function for (i) storing a value indicating a likelihood of being the person, (ii) controlling the value indicating a likelihood of the user being the person, based on (i) the authentication result of the authentication section and (ii) a passage of time. In response to an instruction to begin a process which requires authentication, the authentication control section controls whether or not to permit execution of the process depending on a the stored value Thus, unauthorized use of a device is prevented, while the trouble of asking a user to make a special input for authentication is resolved when a process requiring authentication is executed.

Abstract: Methods of detecting executable code which has been altered are provided. Upon an initial loading of an executable code a calculation is performed to generate a score associated with the executable code, the initial score is retained. Subsequently, one or more additional calculations are performed on the executable code to generate subsequent scores. Any subsequent score not matching the initial score indicates the executable code has been varied in some way. If variations have occurred, determinations are made to assess whether the variations correspond to valid conditions, especially valid conditions of a vendor supplying the executable code. If variations do not correspond to valid conditions, the executable code is then partially or completely disabled and optionally unloaded from the operating system within which it resides. Moreover, the vendor may be notified, or other events triggered. Calculations may be performed on the executable code randomly, periodically or other.

Abstract: Systems and methods for binding a secret to a computer system are disclosed. Systems and methods for generating a strong hardware identification (SHWID) for a given computer system are also disclosed. The strong hardware identification (SHWID) is coupled to a bound secret. The strong hardware identification (SHWID) may be used to control the use of software on the given computer system depending on the degree of hardware changes to the computer system.

Abstract: The invention relates to an access control method controlling access to a broadcast digital dataflow previously scrambled. The method according to the invention includes the following steps: On transmission: generating an entitlement control message R-ECMc for recording the content of the flow as a function of a key KRc and at least one criterion CRR defining a right to the record, generating an entitlement control message P-ECMc controlling access to play back the content of the recorded flow as a function of a key KPc and at least one criterion CRP defining a right to play back, and on reception: analysing the messages P-ECMc and P-ECMc, authorizing the recording and playback if the criteria CRR and CRP are verified.

Abstract: Copyrighted electronic media are packaged in a secure electronic format, and registered on associated registration server, which serves to provide on-line licensing and copyright management for that media. Users are connected to the server, e.g., through a computer network or the Internet, to enable data transfers and to transact licenses to utilize the media. Packaged electronic media are typically created by an author or derivative user of the work. Once the packaged media is registered on the server, the media is made available for limited use and possible license through an authorization server. This limited use is specified within the minimum permissions data set assigned to each packaged media. Without a license, users are typically permitted to view the packaged media—through a system which unpackages the media—but cannot save or otherwise transfer the media without obtaining auxiliary permissions to do so from the authorization server.

Abstract: A method, apparatus and computer program product for producing and processing template access control lists (ACLs) is presented. The method, apparatus and computer program product obtain a first ACL having a first rule set, the first rule set including a peer Internet Protocol (IP) address. The first rule set is copied into the template ACL. The occurrences of a peer's IP address within the rule set of the template ACL are determined and are replaced with an indicator indicating that the peer's IP address is used in place of the indicator when the ACL is evaluated.

Abstract: A consumer system is registered on a producer system, which can be accomplished by submitting one or more registration values. The producer system checks each application according to acceptable registration values for each application. A set of applications that are available is generated according to which applications have permissions associated with the submitted registration values. The set is then presented to the consumer system, which can utilize applications on the set.

Abstract: The present invention described secures a computer account against unauthorized access caused as a result of identity-theft, and insider-espionage using artificial intelligence and behavioral modeling methods. The present invention has the ability to detect intruders or impersonators by observing “suspicious” activity under a computer account. When it sees such suspicious behavior, it uses artificial intelligence to authenticate the suspect by interrogation. The present invention asks the suspect questions that only the legitimate computer account owner can verify correctly. If the suspect fails the interrogation, that proves that he/she is an impersonator and therefore further access to the computer account is denied immediately. On the other hand if the suspect passes, access to the computer account is restored. The present invention uses a Programmable Artificial Intelligence Engine (PAIE) to interact with computer users in human natural language.

Abstract: In an information input/output system, a user device inputs and outputs information to and from external sources including a key management device. The system includes the key management device that securely outputs invalid-device information specifying an invalid device unit that has been made invalid for use, and the user device that includes an input/output unit and a host unit. Via the input/output unit, input and output of information is enabled between the host unit and the external sources. The host unit securely receives, via the input/output unit, the invalid-device information outputted by the key management device and judges whether or not the input/output unit is an invalid device unit by referring to the received invalid-device information. When judging, that the input/output unit is an invalid device, the host unit thereafter prohibits input and output via the input/output unit.

Abstract: A system, method and program product that allows a set of actions being executed on a computer system to be temporally authorized for execution for a short duration. A computer system is provided comprising: an execution platform for executing program code; and an execution control system that can interrupt execution of actions encountered in the program code, wherein the execution control system includes a system for temporally authorizing execution of an encountered action.