Representing a number of assets on an originating computer begins with selecting the assets to be represented. Cryptographic hash asset identifiers are generated; each of the asset identifiers is computed using the contents of a particular asset. The asset identifier is a content-based or content-addressable asset name for the asset and is location independent. An asset list is generated that includes the asset identifiers computed from the assets. A cryptographic hash asset list identifier is g...

Complexity is reduced and performance is improved when enforcing security restrictions on the execution of program code in a runtime environment. Units of executable code, such as methods or functions, are classified by "security level." Code units belonging to a "trusted" security level may call any other code unit in the runtime environment, but other security levels are restricted in the code units they can call. Code units may also have "instance permissions" to allow them to have permission...

A data recording apparatus which enables an individual like an author to record in a recording medium any data, such as a publication desired to be restricted on its copying, in the way that the copying can be restricted in an actually desired condition. A CPU, with respect to the data to be recorded input via an interface unit, compares copy control information input via an interface unit along with data and copy control information separately instructed by an operation panel, and uses the one ...

Method of invisibly embedding into a text document generated by a licensed software the License Identification Signature of the software wherein each original copy of the software has been assigned a unique Software License Code (SLC) and a unique License Identification Key (LIK) by a Licensing Authority, such a method comprising the steps of computing a Document Hash Value (DHV) of the text document (12), getting from the DHV a License Identification Code (LIC) of the text document by using the...

A secure detection network system includes plurality of remote nodes, each remote node comprising a set of detector interfaces configured to couple to a set of detectors disposed to detect the presence of an illegal asset within a shipping container; at least one server node configured to initialize, install, and authenticate each remote node in the plurality of remote nodes, including delivering to each remote node an agent module, said agent module for each remote node comprising a node specif...

Provided are methods, apparatus and computer programs for identifying vulnerabilities to viruses of hacking. Hash values are computed and stored for resources stored on systems within a network. If a first resource or a collection of resources (such as files comprising an operating system, Web Browser or mail server) is associated with a vulnerability, hash values for the first resource or collection of resources are compared with the stored hash values to identify systems which have the vulnera...

A flow-based intrusion detection system for detecting intrusions in computer communication networks. Data packets representing communications between hosts in a computer-to-computer communication network are processed and assigned to various client/server flows. Statistics are collected for each flow. Then, the flow statistics are analyzed to determine if the flow appears to be legitimate traffic or possible suspicious activity. A concern index value is assigned to each flow that appears suspici...

The authenticity of a website is tested with software that runs on a personal computing device and a service that is provided via the Internet. The software on the personal computing device is in the form of a proxy, or transparent component in the Internet Protocol implementation. The proxy receives all outbound messages, analyzes them and forwards or modifies them without the user's intervention. The service tests the IP address and/or the behavior of the target website.

A system and method for an end user to change the operation of a data flow filter mechanism, such as a firewall, that operates to control data flows between a plurality of protected computing devices and one or more non-protected computing devices. With the system and method, an administrator of a sub-network of computing devices may set a client computing device's scope of rules/policies that may be changed by a user of the client computing device, with regard to a data flow filter mechanism. T...

A protected execution agent installs itself within a file system manager on the computer to control modifications to a protected execution environment by intercepting I/O requests from applications. If an unauthorized application attempts to modify the protected execution environment, the protected execution agent terminates the original I/O request and creates a redirect I/O request that specifies a corresponding directory path within an alternate environment. The requested I/O operation is a c...