Abstract: Methods of processing a substrate and related structures and systems. Described methods comprise forming a distal dipole layer on to a distal material layer; forming a high-k dielectric on the distal dipole layer; and, forming a proximal dipole layer on the high-k dielectric.

Abstract: When a mobile device such as a smart phone comes within range of a location device, the mobile device inputs a location token from the location device and a travel token is created from a mobile device token and the location token. The mobile and location tokens may include data elements indicating not only identity, but also such other characteristics as an authorization or infection risk level. Tokens may be digitally signed, preferably with an independently verifiable signature that also encodes time. Mobile and location devices may be created and issued by a tracking service provider, which may also store tokens, analyze travel tokens with respect to a location's risk level, and update mobile device and location tokens to change a status of the mobile or location device.

Abstract: A method for forming a semiconductor device structure is disclosure. The method may include, depositing an NMOS gate dielectric and a PMOS gate dielectric over a semiconductor substrate, depositing a first work function metal over the NMOS gate dielectric and over the PMOS gate dielectric, removing the first work function metal over the PMOS gate dielectric, and depositing a second work function metal over the NMOS gate dielectric and over the PMOS gate dielectric. Semiconductor device structures including desired metal gate electrodes deposited by the methods of the disclosure are also disclosed.

Abstract: Embodiments include semiconductor processing methods to form low-K films on semiconductor substrates are described. The processing methods may include flowing one or more deposition precursors to a semiconductor processing system, wherein the one or more deposition precursors include a silicon-containing precursor. The silicon-containing precursor may include a carbon chain. The methods may include generating a deposition plasma from the one or more deposition precursors. The methods may include depositing a silicon-and-carbon-containing material on the substrate from plasma effluents of the deposition plasma. The silicon-and-carbon-containing material as-deposited may be characterized by a dielectric constant less than or about 3.0.

Abstract: Embodiments include semiconductor processing methods to form low-? films on semiconductor substrates are described. The processing methods may include flowing one or more deposition precursors to a semiconductor processing system. The one or more deposition precursors may include a silicon-containing precursor that may be a cyclic compound. The methods may include generating a deposition plasma from the one or more deposition precursors. The methods may include depositing a silicon-and-carbon-containing material on the substrate from plasma effluents of the deposition plasma. The silicon-and-carbon-containing material as-deposited may be characterized by a dielectric constant less than or about 3.0.

Abstract: The present technology can detect potential labeling conflicts made during different labeling tasks when those tasks are checked in to ensure that a map database is free from conflicts that might interrupt publishing of a map. The present technology can determine whether a first labeled version of map portion is based on a most recent version for the map portion that is stored in the map database, and when it is determined that it is not, and there is an intervening version, the present technology can identify differences between the intervening version of the map portion and the first version of the map portion and identify differences between the second version of the map portion and the first version of the map portion. Based on the identified differences, the present technology can determine whether any of those differences are conflicting.

Abstract: Systems, devices, and methods are discussed for treating a number of network security devices in a cooperative security fabric as a unified object for configuration purposes.

Abstract: When a mobile device such as a smart phone comes within range of a location device, the mobile device inputs a location token from the location device and a travel token is created from a mobile device token and the location token. The mobile and location tokens may include data elements indicating not only identity, but also such other characteristics as an authorization or infection risk level. Tokens may be digitally signed, preferably with an independently verifiable signature that also encodes time. Mobile and location devices may be created and issued by a tracking service provider, which may also store tokens, analyze travel tokens with respect to a location's risk level, and update mobile device and location tokens to change a status of the mobile or location device.

Abstract: When a mobile device such as a smart phone comes within range of a location device, the mobile device inputs a location token from the location device and a travel token is created from a mobile device token and the location token. The mobile and location tokens may include data elements indicating not only identity, but also such other characteristics as an authorization or infection risk level. Tokens may be digitally signed, preferably with an independently verifiable signature that also encodes time. Mobile and location devices may be created and issued by a tracking service provider, which may also store tokens, analyze travel tokens with respect to a location's risk level, and update mobile device and location tokens to change a status of the mobile or location device.

Abstract: When a mobile device such as a smart phone comes within range of a location device, the mobile device inputs a location token from the location device and a travel token is created from a mobile device token and the location token. The mobile and location tokens may include data elements indicating not only identity, but also such other characteristics as an authorization or infection risk level. Tokens may be digitally signed, preferably with an independently verifiable signature that also encodes time. Mobile and location devices may be created and issued by a tracking service provider, which may also store tokens, analyze travel tokens with respect to a location's risk level, and update mobile device and location tokens to change a status of the mobile or location device.

Abstract: Methods and systems are provided for an improved cluster-based network architecture. According to one embodiment, an active connection is established between a first interface of a network device and an enabled interface of a first cluster unit of an HA cluster of network security devices. The HA cluster is configured to provide connectivity between network devices of an internal and external network. A backup connection is established between a second interface of the network device and a disabled interface of a second cluster unit. While the first cluster unit is operational and has connectivity, it receives and processes all network traffic from the network device that is destined for the external network. Upon determining the first cluster unit has failed or has lost connectivity, then all subsequent network traffic originated by the network device that is destined for the external network is directed to the second cluster unit.

Abstract: Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, an NSD of multiple NSDs participates in the dynamic construction of a CSF interconnecting the NSDs in a form of a tree, having multiple nodes each representing one of the NSDs, based on hierarchical interconnections between the NSD and directly connected upstream and downstream NSDs. A communication channel is established by a backend daemon of the NSD with a directly connected upstream node of the NSD within the CSF through which queries and replies are communicated and through which periodic keep-alive messages and responses are exchanged between the upstream node and the NSD. A CSF protocol is enforced by a forward daemon of the NSD that limits issuance of query messages to those originated by a source NSD representing an upstream node and directed to a destination NSD representing a downstream node.

Abstract: Systems and methods for monitoring compliance with security goals by a network or part thereof are provided. According to one embodiment, a topology of a network segment of a private network is discovered by a network security device associated with the private network. Security policies implemented by one or more network security devices that form part of the network segment are learned by the network security device. Compliance with a security goal associated with the network segment is then determined by the network security device by: (i) analyzing traffic passing through the network segment; (ii) analyzing respective system configurations of the one or more network security devices; and (iii) evaluating performance of the security policies based on the traffic.

Abstract: Systems and methods are described for analysing, sharing and comparing security configurations. According to one embodiment, a security metric for a network segment of a private network is generated based on determination and analysis of network assets, network topology, and one or more defined security criteria representing security features being implemented by one or more network security devices that form part of the network segment, wherein the scoring metric is a quantitative representation of protection level and/or exposure level of the network segment. In an embodiment, the security metric can be shared and compared with security metrics of other network segments.

Abstract: Systems and methods are provided for notifying users within a protected network about various events and information. According to one embodiment, a method includes receiving, by a filtering device, a request originated by an application running on a client device. The method further includes making a determination, by the filtering device, whether the request is to be blocked or allowed, based on the one or more policies. If the request is to be blocked, a notification is provided to a user of the client device regarding the determination by causing the application to display a predefined message.

Abstract: Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, an NSD of multiple NSDs participates in the dynamic construction of a CSF interconnecting the NSDs in a form of a tree, having multiple nodes each representing one of the NSDs, based on hierarchical interconnections between the NSD and directly connected upstream and downstream NSDs. A communication channel is established by a backend daemon of the NSD with a directly connected upstream node of the NSD within the CSF through which queries and replies are communicated and through which periodic keep-alive messages and responses are exchanged between the upstream node and the NSD. A CSF protocol is enforced by a forward daemon of the NSD that limits issuance of query messages to those originated by a source NSD representing an upstream node and directed to a destination NSD representing a downstream node.

Abstract: Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, a CSF of multiple network security devices (NSDs) deployed within a protected network is constructed in a form of a tree, having a root node, one or more intermediate nodes and one or more leaf nodes, based on hierarchical interconnections among the NSDs by determining a relative upstream or downstream relationship among each NSD. Backend daemons of the NSDs establish and maintain a bi-directional tunnel between each parent node within the CSF and its respective child nodes through which queries and replies are communicated and through which periodic keep-alive messages and responses are exchanged. Forward daemons of the NSDs enforce a CSF protocol that limits the issuance of query messages to those originated by an upstream node within the CSF and directed to a downstream node within the CSF.

Abstract: A device for detecting network traffic content is provided. The device includes a first input port configured to receive one or more signatures, each of the one or more signatures associated with content desired to be detected, a second input port configured to receive data associated with network traffic content. The device also includes a processor configured to process the one or more signatures and the data to determine whether the network traffic content matches the content desired to be detected, and an output port configured to couple the device to a computer system of an intended recipient of the network traffic content. The output port passes the network traffic content to the computer system when it is determined that the network traffic content does not match the content desired to be detected.

Abstract: Process, equipment, and computer program product code for configuring a network security device using a hand-held computing device are provided. Default initial settings for a network security device are received by a mobile application running on a hand-held computing device. The default initial settings represent settings that allow the network security device to be remotely managed via a network to which the network security device is coupled. The default initial settings are presented to a network administrator via a touch-screen display of the hand-held computing device. Revisions to or acceptance of the default initial settings are received by the mobile application. The mobile application causes the network security device to be configured with the revised or accepted default initial settings by delivering the settings to the network security device via a management interface to which the hand-held computing device is coupled via a connecting cable.

Abstract: Systems and methods for detecting email messages in which the sender is attempting to impersonate an email user of the target domain are provided. According to one embodiment, an email is received by a network security device protecting a private network. A value of at least one header field of the received email is parsed to extract a display name and an email address. A determination is made regarding whether the received email is associated with an external domain. When it is determined that the received email is associated with an external domain, then a further determination is made regarding whether the received email potentially involves sender impersonation based on a comparison of the display name with display names associated with users of the private network meeting a predetermined or configurable similarity threshold.