Abstract: A method a scale having an inductively scannable graduation, the scale including a sequence of graduation elements disposed in a measuring direction and a layer stack including a succession of metal layers. The succession of metal layers includes a ferromagnetic metal carrier layer and a graduation layer that forms the sequence of graduation elements. The carrier layer is disposed between the graduation layer and a metal substrate, and the metal substrate is dimensioned to definitively determine mechanical properties of the layer stack.

Abstract: In a method for manufacturing paper or the like, in which cationic polymer microparticles comprised of polyacrylamide and a fine-particle inorganic component are added to the paper pulp following the final shearing step and prior to the headbox, whereupon the paper pulp is subjected to dehydration while forming sheets, followed by sheet drying, a polymer mixture comprising a linear cationic polymer and a linear anionic copolymer, whose overall ionicity is anionic, is additionally added immediately prior to the headbox.

Abstract: A method and apparatus provide for performing language translation by obtaining a selection of a language preference for presentation of text and/or speech on an electronic device. When data is received that includes content in a language other than the preferred language, a decision whether translation is required may be reached by analyzing the context of the language or metadata associated with the language, such as. HTML tags, or language data included in a particular protocol, e.g. HTTP headers. A selection may be made of billing level, determined at least in part by the languages involved, desired accuracy, latency and volume of translation. If necessary, the data may be routed to a translation host or service before final presentation.

Abstract: An electronic device, such as, a computer, may be adapted for self-monitoring for compliance to an operating policy. The operating policy may specify a pay-per-use or subscription business model and measurements associated with compliant usage. A secure execution environment may measure usage in accordance with the business model as well as monitor and enforce compliance to the operating policy. To increase the difficulty of attacking or otherwise disabling the secure execution environment, elements of the secure execution environment may be distributed. The distribution points may include other functional elements of the computer, such as interface circuits, or may even be remotely located over a network. An implementation method for disaggregating the secure execution environment is also disclosed.

Abstract: A system and method for monitoring a computer, particularly a pay-per-use computer, uses an isolated computing environment or supervisor. The isolated computing environment boots prior to any boot device associated with an operating system, runs concurrently with the operating system and monitors and measures the computer in operation. Once the isolated computing environment determines the computer is not in compliance with the required policies, the isolated computing environment may either impose an impediment to use such as slowing clock speed or completely disable the operating system. The user may have to return the computer to a service provider to restore it from the offending condition and reset the computer to an operational state.

Abstract: A computer network firewall or network filter functions normally to pass data on open ports to a respective service or data source associated with an open port. In addition, traffic arriving on closed ports may be directed to a handler for analysis and response. The handler may analyze and catalog the source and type of traffic arriving on the closed ports. The handler may then send a response with either a fixed response or data tailored to the type and nature of the traffic. The handler may respond slowly to cause the source of the traffic to wait for the response, thereby slowing the speed at which a potential attacker can identify valid targets and proceed past non-valid targets.

Abstract: Described is an independent computation environment that is built into one or more hardware components of a computer system, wherein the independent computation environment hosts a logic that measures the health of other software code that executes in memory. Examples of ways to measure health include performing a mathematical computation such as a computing a hash/digital signature on the software code in the memory, and/or evaluating statistical information related to the execution of the code and/or the code's being loaded into memory. By executing the logic in an independent computation environment, the health of software code may be measured against policy/metadata in a tamper-proof or tamper-resistant environment. When the software code measurement does not comply with the policy, some action may be taken action to penalize the computer system.

Abstract: A processing unit for use in an electronic device includes standard instruction processing and communication interfaces and also includes functional capability in addition to or in place of those found in an operating system. A secure memory within the processing unit may contain a hardware identifier, policy data, and subsystem functions such as a secure clock, policy management, and policy enforcement. Data in functions within the secure memory are not accessible from outside the processing unit.

Abstract: A pay-per-use or pay-as-you-go computer uses a secure memory to store individual unique program identifiers. Each unique program identifier is associated with a particular hardware or software component, or service, or the entire computer available to a user. By combining the unique program identifier with a computer hardware identifier uniquely identified transactions may be tracked for both billing and reconciliation. Certificates associated with each unique program identifier, and coupled to the hardware identifier, provide a cryptographic basis for mutual verification of messages, requests, configuration instructions, and provisioning.

Abstract: An electronic device, such as, a computer, may be adapted for self-monitoring for compliance to an operating policy. The operating policy may specify a pay-per-use or subscription business model and measurements associated with compliant usage. A secure execution environment may measure usage in accordance with the business model as well as monitor and enforce compliance to the operating policy. To increase the difficulty of attacking or otherwise disabling the secure execution environment, elements of the secure execution environment may be distributed. The distribution points may include other functional elements of the computer, such as interface circuits, or may even be remotely located over a network. An implementation method for disaggregating the secure execution environment is also disclosed.

Abstract: An optical instrument has an outer shank (15) with a viewing window (31) arranged near the free shank end and a handle part (1) at the other end of the outer shank. An opto-electrical a transducer (26) is rotatably arranged within the outer shank, and is attached on an inner shank (12) which is rotatably mounted within the outer shank. Actuation means (10) for rotating the transducer (26) are provided in the outer shank. An axial bearing is provided between the outer shank and the inner shank (12). Moreover, a spring element impinging the inner shank (12) with force in the direction of the axial bearing is provided.

Abstract: A pay-per-use computer, or other electronic device that uses local security, may use a security module or other circuit for monitoring and enforcement of a usage policy. To help prevent physical attacks on the security module, or the circuit board near the security module, a second circuit may be mounted over the security module to help prevent access to the security module. Both circuits may be mounted on a interposer and the interposer mounted to the circuit board, creating a stack including the first circuit, the interposer, the security module, and a main PC board. When the PC board includes dense signal traces under the security module a three dimensional envelope is created around the security module. When the first circuit is a high value circuit, such as a Northbridge, the risk/reward of attacking the security module is increased substantially and may deter all but the most determined hackers.

Abstract: A security module for a pay-per-use computer supplies an appropriate BIOS for a given mode of operation. A power manager in the security module powers only essential circuits until the BIOS is operational to help prevent substitution of a non-authorized BIOS. The security module also includes a capability to monitor and restrict data lines on a bus between a main computer processor and computer system memory. When the computer is operating in a restricted use mode, data lines may be restricted to allow only minimal access to the computer system memory. Bus transactions may be monitored to ensure that only valid transactions are occurring and are within the designated memory space.

Abstract: A network security system for protecting computing devices connected to a communication network from identified security threats is presented. A security service published security information intended for network security modules in the communication network. A network security module is interposed, either logically or physically, between a computer and the communication network. The security information comprises security measures which, when implemented by a network security module, protect the corresponding computer from an identified security threat to the computer.

Abstract: A device, such as a component or a peripheral, and corresponding computer are adapted to be bound such that the device will only operate with that computer after the binding process. Cryptographic messages are sent between the device and computer to confirm the relationship. When the device cannot confirm it is operating with the previously bound computer, the device reduces its own operating capability to render itself substantially useless until either unbound from that computer or a successful confirmation takes place. Methods for operation, binding and unbinding are also disclosed.

Abstract: An independent computation environment (ICE) that is isolated from tampering is contained in at least one hardware component of a general purpose computing device (CD). The CD includes at least one processor and memory operable to store instructions, which when executed by the at least one processor direct the CD to execute a module being monitored by the ICE. The ICE is operable to access the memory independent of an operating system of the CD. A policy engine is maintained within the ICE to monitor metadata related to the module and manage the execution of the module in accordance with the contents of a memory addresses and/or data registers of the CD that are referenced by the metadata. The ICE is operable to activate an enforcement mechanism to control an operating state of the CD in response to the monitoring of the module.

Abstract: A method and system is provided for determining reliability of data from a network or federated device. In one example, data from different devices in the network are compared and a relationship between the devices is determined. The reliability may be based on the relationship of the devices and/or similarity of data from the devices. In another example, reliability of devices and/or data from the devices may be based on a historical reliability of the devices.

Abstract: A network security module for protecting computing devices connected to a communication network from security threats is presented. The network security module is interposed, either logically or physically, between the protected computer and the communication network. The network security module receives security information from a security service. The security information comprises security measures which, when enforced by the network security module, protect the computer from a security threat to the computer. The network security module implements the security measures by controlling the network activities between the protected computer and the network. The network security module also temporarily implements security patches until corresponding patches are installed onto the protected computer.

Abstract: A network security module for protecting computing devices connected to a communication network from identified security threats communicated in a secured communication is presented. The network security module is interposed, either logically or physically, between the protected computer and the communication network. Upon detecting a secured communication, the network security module obtains a decryption key from the computing device to decrypt the secured communication. The network security module then processes the decrypted communication according to whether the decrypted communication violates protective security measures implemented by the network security module.

Abstract: The invention relates to secured distributed impersonation, for use within systems such as batch system and batch message transaction systems. In one embodiment, a method includes sending a request for credentials of a network account from an originating account associated with an unpublished object to a dispatch associated with a published object. In one embodiment, both the unpublished and the published objects can each be a message queue. The dispatch authenticates the originating account. Upon successful authentication, the network account access emblem is sent to the originating account—that is, the originating account receives the requested credentials, which facilitate the ability to impersonate into the network account.