Abstract: A device to prevent, detect and respond to one or more security threats between one or more controlled hosts and one or more services accessible from the controlled host. The device determines the authenticity of a user of a controlled host and activates user specific configurations under which the device monitors and controls all communications between the user, the controlled host and the services. As such, the device ensures the flow of only legitimate and authorized communications. Suspicious communications, such as those with malicious intent, malformed packets, among others, are stopped, reported for analysis and action. Additionally, upon detecting suspicious communication, the device modifies the activated user specific configurations under which the device monitors and controls the communications between the user, the controlled host and the services.

Abstract: Identification servers are small, perhaps embedded, systems that can be used as subsystems of a tracking and verification system. An identification server can obtain identification data when a trigger, called an identification event, occurs. The identification server can store the identification data in a database module with a key. The identification server can send a message containing the identification data or the key to a set of subscribing clients. Subscribing clients, such as a central database or a graphical user interface, are clients that subscribe to receive messages from the identification server. An identification server can trigger off of an identification message sent by another identification server.

Abstract: A device to prevent, detect and respond to one or more security threats between one or more controlled hosts and one or more services accessible from the controlled host. The device determines the authenticity of a user of a controlled host and activates user specific configurations under which the device monitors and controls all communications between the user, the controlled host and the services. As such, the device ensures the flow of only legitimate and authorized communications. Suspicious communications, such as those with malicious intent, malformed packets, among others, are stopped, reported for analysis and action. Additionally, upon detecting suspicious communication, the device modifies the activated user specific configurations under which the device monitors and controls the communications between the user, the controlled host and the services.

Abstract: A system and method analyzes queries in a computer network, and identifies problem-causing queries that could be harmful to the system. If a query does not match any queries in a database, the query is transmitted to its destination. If a query matches a query in the database, that query is blocked from transmission to the destination. If a query is transmitted to its destination, and it is later determined that query caused a problem on that destination, that query is added to the database of queries. In one embodiment, a query that does not cause any problems is written to a pool of current up-to-date backup databases that may be used if the main system goes down. In another embodiment, the system tests variants of a query that caused a problem at the destination to attempt to discover other queries that could cause a problem.

Abstract: In an embodiment, a computer-based service security system receives a communication such as a query. The system processes that query in a server, which may be referred to as a lead server, and creates a plurality of copies of that lead server. The query is transferred to the plurality of copies of the lead server when the query did not cause a problem in the lead server. The query is transferred to a learning server when the query caused a problem in the lead server. The lead server is replaced by one of the copies of the lead server when the query caused a problem on the lead server.

Abstract: Identification servers are small, perhaps embedded, systems that can be used as subsystems of a tracking and verification system. An identification server can obtain identification data when a trigger, called an identification event, occurs. The identification server can store the identification data in a database module with a key. The identification server can send a message containing the identification data or the key to a set of subscribing clients. Subscribing clients, such as a central database or a graphical user interface, are clients that subscribe to receive messages from the identification server. An identification server can trigger off of an identification message sent by another identification server.

Abstract: In an embodiment, a computer-based service security system receives a communication such as a query. The system processes that query in a server, which may be referred to as a lead server, and creates a plurality of copies of that lead server. The query is transferred to the plurality of copies of the lead server when the query did not cause a problem in the lead server. The query is transferred to a learning server when the query caused a problem in the lead server. The lead server is replaced by one of the copies of the lead server when the query caused a problem on the lead server.

Abstract: A system and method analyzes queries in a computer network, and identifies problem-causing queries that could be harmful to the system. If a query does not match any queries in a database, the query is transmitted to its destination. If a query matches a query in the database, that query is blocked from transmission to the destination. If a query is transmitted to its destination, and it is later determined that query caused a problem on that destination, that query is added to the database of queries. In one embodiment, a query that does not cause any problems is written to a pool of current up-to-date backup databases that may be used if the main system goes down. In another embodiment, the system tests variants of a query that caused a problem at the destination to attempt to discover other queries that could cause a problem.

Abstract: A system for coordinating the activity of a plurality of humans in teams with a central automated controller having reasoning capability based on a predetermined set of criteria by sending messages to and from each of the humans. The controller processes input from each of the humans in accordance with programmed decision making capability to accomplish predetermined objectives and provide output to at least some of the humans to assess a situation, direct steps in response thereto and coordinate decisions based on a predetermined model and task assessment reasoning to determine the best way to accomplish the predetermined objectives. The coordinator assesses changes to the situation, and makes decisions about the various tasks to be performed and when they are to be begun. Outputs to the humans may be instructions, questions, information and combinations thereof.

Abstract: A system and a method identify the presence and actions of first responders in a region. Receivers can respond to radio frequency identifying tags affixed to people or building assets in the region. One of a plurality of regional cameras can be selected, based on at least one responding receiver, to provide at least one visual display.

Abstract: Anomaly detection technology is used to detect attempts at remote tampering of communications used to control components of critical infrastructure. Intrusions in a control network are detected by monitoring operational traffic on the control network. Activity outside a normal region is identified, and alerts are provided as a function of identified activity outside the normal region. A stide algorithm may be used to identify such activity.

Abstract: A system for coordinating the activity of a plurality of humans in teams with a central automated controller having reasoning capability based on a predetermined set of criteria by sending messages to and from each of the humans. The controller processes input from each of the humans in accordance with programmed decision making capability to accomplish predetermined objectives and provide output to at least some of the humans to assess a situation, direct steps in response thereto and coordinate decisions based on a predetermined model and task assessment reasoning to determine the best way to accomplish the predetermined objectives. The coordinator assesses changes to the situation, and makes decisions about the various tasks to be performed and when they are to be begun.