In a computer system, a first electronic data processor is communicatively coupled to a first memory space and a second memory space. A second electronic data processor is communicatively coupled the second memory space and to a network interface device. The second electronic data processor is capable of exchanging data across a network of one or more computers via the network interface device. A video processor is adapted to combine video data from the first and second electronic data processor...

A content distribution is performed by a secure container including a content encrypted by a content key and container information set for a content transaction. The container information includes a person identification certificate identifiers list. Usage control status information including the list is generated and stored in a device during a secondary distribution among user devices after a primary distribution of the content. In the distribution among the user devices, identifying an identi...

A system and method protects security of data. The data is packaged together with one or more permissions that designate what actions are allowed with respect to the data. The package can be opened when there is approval for doing so and the allowed permissions are maintained. The data is stored within a vault and there are a number of available security procedures that prevent the unauthorized access of the data.

An object of the present invention is to provide an apparatus, a method, and a system for virus detection which can find even an unknown virus easily with no OS dependency. To achieve the foregoing object, the present invention provides a virus detection apparatus including an inspection computer to be connected to a mail server. The inspection computer includes file opening means for opening an attachment of e-mail transferred from said mail server, an I/O port for establishing interface connec...

A routing routine is used within a security access program in order to provide access to various heterogeneous directories and registries. Each user logs on with an indication of the domain of which they are a part. An access protocol for the given domain is loaded and used to authenticate the user's access rights.

Enabling automated provisioning on a data processing network includes providing the network with access to an automated provisioning controller. The controller enables a user to specify resource allocation priorities and uses the user-specified priorities, in conjunction with a resource stabilization policy, to resolve conflicting resource requests. The resource allocation priorities include priorities for demand-based resource requests and maintenance-based resource requests. The stabilization ...

Methods and arrangements are disclosed for secure single sign on to an operating system using only a power-on password. In many embodiments modified BIOS code prompts for, receives and verifies the power-on password. The power-on password is hashed and stored in a Platform Configuration Register of the Trusted Platform Module. In a setup mode, the trusted platform module encrypts the operating system password using the hashed power-on password. In a logon mode, the trusted platform module decryp...

The invention proposes a method of performing authentication of a subscriber during a subscriber equipment terminated call, comprising the steps of sending a session invitation message (S4, S5) to the subscriber equipment, the session invitation message including authentication information (AuthData1), and performing an authentication procedure in the subscriber equipment by using the authentication information. The invention also proposes a corresponding network system, network control element ...

A call to a critical operating system function is stalled. The pregion and pregion type associated with the location of a call module originating the call is determined. In one embodiment, when the pregion type is either a stack or a heap pregion type, protective action is taken, such as terminating the call, otherwise the call is released. In another embodiment, when the pregion type is either a text or shared memory pregion type, the call is released, otherwise protective action is taken.

A management computer collects, from a storage subsystem via a management network, path definition information including the contents of a security setting made to a path accessible to a volume in the storage subsystem, and when the volume in the storage subsystem is an original volume having a replica volume, replica definition information of the original volume. Based on the replica configuration information thus collected from the storage subsystem, the replica relationship between the volume...