Abstract: A mechanism is provided for determining a safety reputation for a network site in a manner that provides both wide coverage of potentially malicious sites as well as improves the freshness of information from which the safety reputation is derived. Community-based information, such as reports from users related to recently-visited network sites, malware detected by reporting network nodes, non-specific information such as unusual CPU usage and network activity of visiting nodes, and information received from other types of external feeds is used in determining the safety reputation and updating the safety reputation. Such information is analyzed in order to determine network sites that are potential sources of malware, which can then be subjected to more detailed analysis.

Abstract: A method of protecting a data network from denial of service (DOS) attacks is described. The method may use various network tools to selectively block or disable portions of a data trunk experiencing a DOS attack, thereby preventing the DOS attack from reaching at least some resources on the network. In one embodiment, a network switch identifies a virtual LAN (VLAN) carrying suspect data on a data trunk. The network switch then adjusts a spanning tree for the network so that one or more ports on the compromised VLAN are blocked or disabled, while non-compromised VLANs are allowed to continue carrying data. Other approaches are also presented for avoiding the loss of valid data when a network blocks one or more VLANs or other portions of a network in response to a DOS attack or other intrusion.

Abstract: A method and apparatus for selectively storing data on a server. The method operates by accessing a computer file and defining a data block as a current block of data. The current block is subsequently checksummed using a rolling error identification code. The method then determines if the calculated checksum for the current block has been previously stored in a database. If a matching checksum for the data is found in the database, then a duplicate of the current block already exists and the process repeats by selecting a new block of data. Alternatively, if the calculated checksum is absent from the checksum and the process has advanced one block length, the process moves back one block length and stores the current block in an archive. Otherwise, the checksum advances one byte forward to form a new current block of data and the process repeats.

Abstract: Various methods and systems for implementing Reed Solomon multiplication sections from exclusive-OR (XOR) logic are disclosed. For example, a system includes a Reed Solomon multiplication section, which includes XOR-based logic. The XOR-based logic includes an input, an output, and one or more XOR gates. A symbol X is received at the input of the XOR-based logic. The one or more XOR gates are coupled to generate a product of a power of ? and X at the output, wherein ? is a root of a primitive polynomial of a Reed Solomon code. Such a Reed Solomon multiplication section, which can include one or more multipliers implemented using XOR-based logic, can be included in a Reed Solomon encoder or decoder.

Abstract: A method and apparatus for distributing events. In one embodiment, the method includes a bus concurrently transmitting a first event-signal and a first event-identification (event-ID); wherein the first event-signal, when active, indicates that a first event has occurred, is occurring, or should occur. The first event-ID corresponds to the first event-signal.

Abstract: A system and method for efficiently locating and processing data on a deduplication storage system are provided. A logical volume is mapped to a deduplication storage area. The logical volume includes a collection of logical block locations and the deduplication storage area includes a collection of physical block locations. The collection of logical block locations is mapped to the collection of physical block locations. A filesystem organizes the logical volume by organizing the logical block locations into a collection of files. Reverse-mapping information is generated for a logical block location that associates the logical block location with at least one file. In response to receiving a logical block address of a logical block location, at least one file is returned.

Abstract: Method, apparatus, and computer readable medium for managing an image of a storage volume are described. File extents for each of a plurality of files as defined in an original block layout of the image are obtained. A re-ordered block layout is generated by re-ordering, for each file of the plurality of files, blocks as defined by the original block layout based on the file extents of the respective file such that the blocks are contiguous. Layout metadata indicative of a mapping between the original block layout and the re-ordered block layout is generated. An archive image having the re-ordered block layout and the layout metadata is stored to a sequential storage device.

Abstract: A method for improving network compatibility, the method including but not limited to the following: receiving a first-protocol data-link layer packet having a first-protocol address, the first-protocol data-link layer packet encapsulating a network-layer packet bound for a network layer entity native to a second-protocol data link layer environment, directly translating the first-protocol data-link layer packet to at least one second-protocol data-link layer packet encapsulating at least a part of the network layer packet, where the at least one second-protocol data-link layer packet has addressing including a pre-defined second protocol companion address of the first-protocol address, and transmitting the at least one second-protocol data-link layer packet into the second-protocol data-link layer environment. Hardware and/or software can effect the foregoing referenced method.

Abstract: A method, system and apparatus for mapping of internal corporate policies to operational guidelines, such as regulations, best practice frameworks, and standards, through the use of control statements are provided. In one embodiment, a set of normalized control statements are linked to best practice framework control objectives and regulations pertinent to an organization. The control statements are also linked to an organization's policies; thereby providing a mapping via the control statements between the regulations and best practices those policies are intended to satisfy. Other embodiments provide for a mechanism for organizing, maintaining, tracking, and displaying control statements and the associated operational guidelines.

Abstract: A method and apparatus for providing a competitive bid from a provider comprising receiving billing data from a user, the billing data including provider information, location, and total bill amount. The method further comprising calculating a complex usage pattern based on the billing data and statistical data for the location. The method additionally comprising calculating a competitive bid for the user, based on the complex usage pattern and a pricing structure of the provider.

Abstract: Methods, apparatus, and articles of manufacture for capturing commercial loan application data and assigning a commercial loan request are disclosed herein. Embodiments of the invention provide mechanisms for capturing commercial loan application data, assigning a commercial loan request, monitoring an approval process, and administering association of accounts with approved requests via a series of user interface displays communicated to a user via a network communication link. In addition, the network environment of the invention provides for the storage of data in a relational database management system that enables previously entered data to populate data fields of applets within the user interface displays without the necessity to re-enter the data. Moreover, the status of the review process may be monitored to more quickly respond to requests for such information by the customer.

Abstract: A method and apparatus for routing a data stream through a plurality of data movers independent of a network interface type is provided. In one embodiment, the method for routing the data stream to a destination with indifference to network interface type includes segregating the data stream into a plurality of data blocks at an application layer, wherein the plurality of data blocks are to be routed to a destination through the plurality of data movers and coordinating data path selection for communicating the plurality of data blocks to the plurality of data movers over a plurality of data paths.

Abstract: Various systems and methods for integrating procedural logic with a stateless constraint engine are disclosed. One method involves accessing a first set of values generated by a stateless constraint engine based upon a first set of inputs and then accessing a second set of values generated by the stateless constraint engine subsequent to the first set of values and based upon a second set of inputs. The second set of values is validated based upon a procedural constraint. The procedural constraint can include a precondition and a postcondition. The precondition is dependent upon at least one value from the first set of values, and the postcondition is dependent upon at least one value from the second set of values.

Abstract: A method and apparatus for using expiration information to improve confidential data leakage prevention is described. In one embodiment, a method for protecting confidential data from disclosure using expiration information, comprises processing the expiration information that is associated with a data specification for the confidential data, wherein the expiration information defines a time period in which the confidential data ceases to be confidential and examining the time period to determine an expiration of the data specification.

Abstract: A method for synchronizing, using at least one processor, a physical machine with a virtual machine while the virtual machine is operational in memory is disclosed. In one embodiment, the method includes monitoring a physical machine that utilizes a physical disk for storing computer data, consolidating a virtual disk with modifications to the physical disk, wherein the modifications to the physical disk are replicated on the virtual disk in response to unavailability of the physical machine, operating a virtual machine that utilizes the virtual disk for storing the computer data and migrating the virtual machine, using the virtual disk, to a computer.

Abstract: A system that includes a multiplexer having an output selectively coupled to a plurality of inputs, a bus coupled to the output of the multiplexer, and first and second circuits configured to generate first and second digital signals, respectively. The first digital signal is related to a rotational angle of a crankshaft at a first point in time, and the second digital signal is related to a value of parameter at the first point in time, wherein the parameter is one other than the rotational angle of the crankshaft. The first and second circuits are coupled directly or indirectly to first and second inputs of the multiplexer.

Abstract: A method, system, and apparatus to transmit replicated multicast packets over a plurality of physical network links that are combined into one logical channel or link so that the replicated multicast packets are distributed over more than one network link is disclosed. It is further disclosed that distribution over the network links is accomplished, in part, through analyzing the multicast packet for information other than ethernet addresses. Such information can include a tag header including destination interface information.

Abstract: Method and apparatus for file sharing between continuous and scheduled backups is described. One example relates to backing up source data stored by a computer system. A first portion of the source data is backed up at points in time in response to a backup schedule to produce a plurality of partial backups. A second portion of the source data is backed up continuously in response to changes of the second portion to maintain a replica of the second portion. The replica of the second portion is linked to the plurality of partial backups to produce a respective plurality of full backups of the source data.

Abstract: Various methods and systems are presented to restore a logical data object from a backup to a working copy, in a manner that allows for the return of the working copy to a prior state of the working copy. One such method and system copies data to a restore backup of a working copy, by copying (sequentially, or in parallel) portions of a version of the logical data object from the working copy to the restore backup.

Abstract: Various techniques for exchanging control messages in order to gracefully reroute multicast traffic are disclosed. For example, one method involves sending a join message for a multicast group towards a root of a new multicast tree and forwarding multicast traffic, addressed to the multicast group, on a current multicast tree until an acknowledgment corresponding to the join message is received. The new multicast tree can be identified in response to detection of a topology change within the network. Until the acknowledgment is received, multicast traffic that is received via the new multicast tree can be dropped.