System for reading a document provided with machine-readable holder details and establishing whether a person presented the document has a predetermined right, which document at least contains a chip containing biometric data on a holder as well as data with a predetermined relationship to the holder details, and wherein the system comprises: a reader for reading the chip and the machine-readable holder details; a memory containing details with regard to the right of the holder; a biometric feat...

In one aspect, a data structure to be encrypted is received, the data structure including content along with a statement of conditions under which the content may be decrypted. The content is encrypted using a public key of a pair of public and private keys of a device that is to decrypt the data structure. In another aspect, a data structure is decrypted using a private key of a pair of public and private keys. A statement of conditions under which content in the data structure can be decrypted...

A memory controller prevents CPUs and other I/O bus masters from accessing memory during a code (for example, trusted core) initialization process. The memory controller resets CPUs in the computer and allows a CPU to begin accessing memory at a particular location (identified to the CPU by the memory controller). Once an initialization process has been executed by that CPU, the code is operational and any other CPUs are allowed to access memory (after being reset), as are any other bus masters ...

Update status field information (34) is associated with a computer file (32) indicating the update status of a scanner (30, 40, 42, 44) that has previously scanned that computer file. A current scanner encountering that computer file again may examine the update status field information to determine if they match, if the update status field information does not match, then this indicates that one of the scanners concerned is out-of-date and an appropriate alert message relating to this out-of-da...

Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device invol...

A method and system for implementing secure network communications between a first device and a second device, at least one of the devices communicating with the other device via a firewall device, are provided. The method and system may include obtaining an encryption parameter that is shared by the first device, second device and firewall device. A data packet sent by the first device may then be copied within the firewall device, so that decryption of the copy of the data packet within a port...

A configurable firewall for computing systems is disclosed. The configurable firewall provides a firewall control block that can be used as a mechanism to implement and control access privileges between various components of the computing environment. As such, the firewall control block can be used to determine whether one component (e.g., applet) can access another component in the computing environment. This allows a flexible environment where firewall boundaries can be configured in such a wa...

Methods, apparatus and articles of manufacture are provided for governing the transfer of data characterizing a user's behavior, physiological parameters and/or psychological parameters. One embodiment provides a method of handling a request, from a requesting application, for emotion data characterizing an emotional state of a user. A firewall ruleset defining rules governing the transfer of the emotion data to requesting applications is accessed to determine whether to provide the emotion data...

A system and method of limiting access from an external network to documents stored on an internal network. A client list is built in which each client is assigned to one or more roles. Each role has access to one or more documents as defined on a document list. A request from an external network is reviewed and, if possible, the request is associated with a client on the client list. The requested document is then compared to the document list associated with the client's role and, if the reque...

A hybrid fiber coax (HFC) network management method and system for use in a broadband network having a hybrid fiber coax (HFC) network provided with network elements operable for communicating telephony, data, and video signals with customer-premises equipment (CPE). The network elements include a host digital terminal (HDT) for communicating the telephony signals, a cable modem termination system (CMTS) for communicating the data signals, and video equipment for communicating the video signals;...