A method for controlling the release of an as-rendered configuration of a digital work, comprising the steps of presenting said digital work as a composite of a plurality of layers comprising at least a first layer and a second layer; providing a rendering protocol interface which is adapted for defining said as-rendered configuration of the digital work by specifying a first rendering status of said first layer and a second rendering status of said second layer; providing a rendering protocol f...

A method and system for authenticating a digital optical medium, such as a CD-ROM, determine whether the medium is an unauthorized copy, or the original. The original media is created, or altered, so as to contain anomalous locations from which the transfer of data is accomplished at different rates than a standard digital copy would exhibit. One implementation of the process involves timing analysis of the differences in data transfer rates, and does not necessarily require the retrying of data...

A digital rights management system for the distribution, protection and use of electronic content. The system includes a client architecture which receives content, where the content is preferably protected by encryption and may include a license and individualization features. Content is protected at several levels, including: no protection; source-sealed; individually-sealed (or "inscribed"); source-signed; and fully-individualized (or "owner exclusive"). The client also includes and/or receiv...

A compact portable, self contained digital media player is provided whose content is not recordable or removable by a user. The content is reproduced in a high fidelity format. The binding of the content to the media player results in a significant degree of copyright protection. The compactness of the player enables binding of the player with various products. Also, the binding of content enable its instant playability.

A gateway for mobile access includes a foreign agent that receives user profile data and session state data from a home authentication, authorization and accounting (AAA) system of a mobile node, and a dynamic packet filter that performs multi-layer filtering based on the user profile data. The foreign agent transfers a session from a first network to a second network without session interruption, using the session state data, when the mobile node moves from the first network to the second netwo...

The present invention relates generally to interacting with audio and ambient music, e.g., as obtained by a handheld device such as a cell phone. One combination includes: receiving electronic signals representing ambient music captured with a microphone in a user device; transferring the electronic signals representing the ambient music to a processor; receiving from the processor data derived from the electronic signals; using said data to obtain information from a database, said information r...

Certain events, such as data input operating system calls, are likely to initiate a buffer overflow attack. A timing module generates timestamps that indicate when such possible initiating events occur. The timestamp is associated with a particular process and/or thread executing on the computer. If subsequent evidence of a buffer overflow attack is detected on the computer, the timestamps are consulted to determine if a possible initiating event occurred recently. If there is a recent initiatin...

A system and method that provides for copying ARP replies, and generating data packets which include the ARP reply, and other information such as an identification of the port on the ARP reply was received. These data packets are then transmitted to an ARP collector which stores the ARP reply and port information. The ARP collector then uses this stored information, and analyzes future data packets relative to the stored information to detect occurrences of ARP spoofing. The ARP collector furthe...

In accordance with one embodiment of the present invention, a method includes receiving a packet at a physical interface of a network security gateway. The packet is tagged with a first VLAN identifier associated with an external network. The method also includes communicating a copy of the packet to a first processor, analyzing the copy of the packet at the first processor to determine whether the packet violates a security condition, and communicating a reply message from the first processor t...

Supporting the implementation and collaboration of a variety of security modules in a distributed computing network. A security interface provides a universal platform for coupling security modules to the network. The various security modules are linked to and provide identifying information to the security interface. The security interface also receives subscription requests used to coordinate which security modules will communicate. When a security event occurs, a message can be generated by t...