Abstract: An event handler is provided that associates events from heterogeneous data sources. In a first phase, incoming events are translated to vectors of event attributes. Based on the data source, implicit information about the event and its attributes may be available. This information is used to normalize the information provided by the event. Normalization actions may include renaming the attributes, deriving new attributes from given attributes, and transforming attribute value ranges. In a second phase, a determination is made as to whether two or more events are considered to be associated based on the vectors. Different vectors of core attributes may be created in order to create associations with different semantics.

Abstract: A method for providing access control to a single sign-on computer network is disclosed. A user is assigned to multiple groups within a computer network. In response to an access request by the user, the computer network determines a group pass count based on a user profile of the user. The group pass count is a number of groups in which the access request meets all their access requirements. The computer network grants the access request if the group pass count is greater than a predetermined high group pass threshold value.

Abstract: A method and system for handling a malicious intrusion to a machine in a networked group of computers. The malicious intrusion is an unauthorized access to the machine, such as a server in a server farm. When the intrusion is detected, the machine is isolated from the rest of the server farm, and the machine is reprovisioned as a decoy system having access to only data that is ersatz or at least non-sensitive. If the intrusion is determined to be non-malicious, then the machine is functionally reconnected to the server farm, and the machine is reprovisioned to a state held before the reprovisioning of the machine as a decoy machine.

Abstract: A method and system for managing an intrusion on a computer by graphically representing an intrusion pattern of a known past intrusion, and then comparing the intrusion pattern of the known intrusion with a current intrusion. The intrusion pattern may either be based on intrusion events, which are the effects of the intrusion or activities that provide a signature of the type of intrusion, or the intrusion pattern may be based on hardware topology that is affected by the intrusion. The intrusion pattern is graphically displayed with scripted responses, which in a preferred embodiment are presented in pop-up windows associated with each node in the intrusion pattern. Alternatively, the response to the intrusion maybe automatic, based on a pre-determined percentage of common features in the intrusion pattern of the known past intrusion and the current intrusion.

Abstract: A trusted process for use with a hierarchical directory service such as LDAP for enabling different security systems to store and retrieve unique identifiers that are shared or common to the entire directory. The trusted process allows LDAP users to store and to retrieve unique identifiers on LDAP using standard LDAP interfaces. It also allows security systems to share unique identifier information. The trusted process generates or verifies a unique identifier, guarantees the uniqueness of a unique identifier within the entire directory (rather than just within a single security system), and guarantees that any unique identifier returned to an LDAP user is a trusted unique identifier.

Abstract: A process for maintaining authentication information in a distributed network of servers generates and maintains a non-local access server list, queries non-local servers using a Lightweight Directory Access Protocol (LDAP) search request, caches responses to queries from non-local servers, updates the cached directory entries and applies an LDAP operation to the cached directory entries and the local access control data. A variety of techniques are used to update cache information. When a request to authenticate a user with a distinguished name is received, the cached directory entries and the local access control data are searched for the distinguished name and, once the distinguished name is located, the user is authenticated with each server in the non-local access server list.

Abstract: A method, system, apparatus, and computer program product are presented for load balancing amongst a set of processors within a distributed data processing system. To accomplish the load balancing, a modulo arithmetic operation is used to divide a set of data elements from a data source substantially equally among the processors. Each of the processors performs the modulo arithmetic operation substantially independently. At a particular processor, a data element is retrieved from a data source, and the processor calculates a representational integer value for the data element. The processor then calculates a remainder value by dividing the representational integer value by the number of processors in the distributed data processing system. If the remainder value is equal to a predetermined value associated with the processor, then the data element is processed further by the processor.

Abstract: A method, apparatus, and computer implemented instructions for handling a situation in a data processing system. In response to detecting a situation, an aging function is applied to the situation. Alerts regarding the situation based on the aging function are presented.

Abstract: A method, computer program product, and apparatus for presenting data about security-related events that puts the data into a concise form is disclosed. Events are abstracted into a set data-type. Sets with common elements are grouped together, and summaries of the groups—“situations” are established from groups whose severity exceeds a threshold value. These groups and situations are then propagated up a hierarchical arrangement of systems and further aggregated so as to provide summary information over a larger group of systems. This hierarchical scheme allows for scalability of the event correlation process across larger networks of systems.

Abstract: A method, computer program product, and apparatus for presenting data about security-related events that puts the data into a concise form is disclosed. Events are abstracted into a set data-type. Sets with common elements are grouped together, and summaries of the groups—“situations”—are presented to a user or administrator.

Abstract: The present invention is directed to an interceptor security server. The server receives incoming requests from a network and determines if they are valid or not. When the requests are valid, the server relays them to other computing devices that store the actual data. The other devices then relay the requested information to the server, which then passes it to the requesting party. When an invalid request is received, the server denies the request. In this manner, the server protects the associated other computing devices from harmful attacks, snooping requests, or other invalid network requests.

Abstract: The present invention relates to snack pieces having improved structural and geometric shape features that provide increased bulk density and method do make such a snack piece. More particularly, the present invention relates to snack pieces having improved structural and geometric shape features that provide increased bulk density, wherein the snack pieces are oriented in a nested arrangement.

Abstract: An apparatus and method for authenticating users on a data processing system is implemented. The present invention provides for aggregating authenticated identities and related authorization information. A security context created in response to a first user logon is saved in response to a second logon. A composite or aggregate security context is created based on the identity passed in the second logon. Access may then be granted (or denied) based on the current, aggregated security context. Upon logout of the user based on the second identity, the aggregate security context is destroyed, and the security context reverts to the context previously saved.

Abstract: Uniformly shaped snack chips, preferably tortilla-type chips, having raised surface features and a method for preparing the same. The chips can be made from a dough composition comprising pre-cooked starch-based material and pregelatinized starch. Preferably, the snack chips have raised surface features comprising from about 12% to about 40% large surface features; from about 20% to about 40% medium surface features; and from about 25% to about 60% small surface features. In one embodiment, the average thickness of the snack chip is from about 1 mm to about 3 mm; the average thickness of raised surface features is from about 2.3 mm to about 3.2 mm; the maximum thickness of the chip is less than about 5.5 mm; and the coefficient of variation of the chip thickness is greater than about 15%.

Abstract: A novel internal combustion engine head assembly is disclosed wherein the rocker arms for the intake and exhaust valves each have a portion that pivots about a common axis, and wherein these portions are concentric to one another. Thus, a very compact combustion head assembly is provided. In particular, the present invention is useful in Harley-Davidson motorcycles.

Abstract: An internal combustion engine head assembly is disclosed wherein the rocker arms for the intake and exhaust valves each have a portion that pivots about a common axis, and wherein these portions are concentric to one another. Thus, a very compact combustion head assembly is provided. In particular, the present invention is useful in Harley-Davidson motorcycles.

Abstract: A method and apparatus for displaying a data collection within a data processing system, wherein the data collection includes a plurality of entries. First a control layer is displayed. Next, entries from the plurality of entries in the data collection are displayed within the control layer. In response to entries within the plurality of entries being undisplayed within the control layer, a secondary layer and entries from the additional entries from the plurality of entries are displayed within the secondary layer, wherein the data collection is efficiently displayed within the data processing system.

Abstract: Particulate compositions comprising a thiocarbamate herbicide releasably contained with certain polymer matrices are herbicidally effective throughout the growing season.