Abstract: Methods and systems are provided for delaying local information classification until global intelligence has an opportunity to be gathered. According to one embodiment, an initial information identification process, e.g., an initial spam detection, is performed on received electronic information, e.g., an e-mail message. Based on the initial information identification process, classification of the received electronic information is attempted. If the received electronic information cannot be unambiguously classified as being within one of a set of predetermined categories (e.g., spam or clean), then an opportunity is provided for global intelligence to be gathered regarding the received electronic information by queuing the received electronic information for re-evaluation. The electronic information is subsequently classified by performing a re-evaluation information identification process, e.g.

Abstract: This invention provides pH buffered plant nutrient compositions, methods for fertilizing a plant growing or a seed germinating in a hydroponics system, methods for growing a plant in a hydroponics system, and methods for making a pH buffered plant nutrient composition. The compositions and methods of this invention are useful with distilled water, deionized water, filtered water, and United States municipal tap water. The compositions and methods of this invention are useful with most of the municipal water supplies in the United States. pH buffering agents useful in the practice of this invention include phosphate buffers, aquarium buffers, 2-[N-morpholino]ethanesulfonic acid, and mixtures thereof.

Abstract: Methods and Systems are provided for a distributed Provider Edge (PE). A single Virtual Routing and Forwarding device (VRF) is associated with a single customer site. The VRF includes a single routing table (RIB) and a single forwarding table (FIB). The VRF also includes a plurality of Virtual Private Network (VPN) Protocol Instance Modules (VRP), where each VRP is associated with a different VPN from the customer site. Each VRP accesses the RIB directly and the FIB indirectly to acquiring addressing/routing information for a received data packet. Moreover, each VRP uses a data plane of the VRP to communicate the data packets to a PE backbone device. In turn, the PE backbone device uses the data plane to communicate with each of the VRPs, and the PE backbone device communicates with one or more tunnels.

Abstract: Various embodiments of the present invention provide elements that may be utilized for improved virus processing. As one example, a computer readable medium is disclosed that includes a virus signature compiled for execution on a virus co-processor. The virus signature includes at least one primitive instruction and at least one CPR instruction stored at contiguous locations in the computer readable medium. The CPR instruction is one of an instruction set that includes, but is not limited to: a compare string instruction, compare buffer instruction; perform checksum instruction; a seek instruction; and a test instruction. The primitive instruction may be, but is not limited to, an add instruction, a branch instruction, a jump instruction, a load instruction, a move instruction, a logic AND instruction, a logic OR instruction, and/or a logic XOR instruction.

Abstract: Systems and methods for an anti-virus detection module that can detect known undesired computer files in archives that may be encrypted, compressed and/or password-protected are provided. According to one embodiment, a method is provided for detection of malicious or undesired computer files within an archive without decrypting and without decompressing the contents of the archive. A type and structure of the archive are identified by examining primary or secondary identification bytes stored within the archive. Based on the identified type and structure, descriptive information is obtained from the archive describing contained files within the archive file. The descriptive information for each contained files is evaluated to determine if any are malicious or undesired computer files by comparing the descriptive information to signatures of known malicious or undesired computer files. Finally, an attempt is made to prevent contained files determined to be malicious or undesired from being opened.

Abstract: Methods and systems are provided for steering network packets. According to one embodiment, a mapping associates a processing resource with a network interface module (netmod) and/or a number of line interface ports included within the netmod. In one embodiment, the mapping is configurable within the processing resource and pushed to the netmod. The netmod uses the mapping to steer network packets to the processing resource when the packets conform to the mapping. The mapping may be additionally used to identify a specific process that is to be performed against the packets once the processing resource receives the steered packets from the netmod.

Abstract: A system and method of managing a switch includes installing a switch having a plurality of processor elements, installing an operating system on each processor element, creating a system virtual router and configuring the processor elements from the system virtual router.

Abstract: Systems and methods for allowing authorized code to execute on a computer system are provided. According to one embodiment, an in-memory cache is maintained having entries containing execution authorization information regarding recently used modules. After authenticating a module, its execution authorization information is added to the cache. Activity relating to a module is intercepted. A hash value of the module is generated. The module is authenticated with reference to a multi-level whitelist including a global whitelist, a local whitelist and the cache. The authentication includes first consulting the cache and if the module is not found, then looking up its hash value in the local whitelist and if it is not found, then looking it up in the global whitelist. Finally, the module is allowed to be loaded and executed if its hash value matches a hash value of an approved code modules within the global whitelist.

Abstract: Methods and systems for providing IP services in an integrated fashion are provided. According to one embodiment, a system includes a switch fabric and a line interface/network module, multiple virtual routing engines (VREs) and a virtual services engine (VSE) coupled with the switch fabric. The line interface/network module receives packets, steers ingress packets to a selected VRE and transmits egress packets according to their relative priority. VREs determines if a packet associated with a packet flow requires processing by the VSE by performing flow-based packet classification on the packet and evaluating forwarding state information associated with previously stored flow learning results. The VSE includes a central processing unit configured to perform firewall processing, Uniform Resource Locator (URL) filtering and anti-virus processing. If the packet is determined to require processing by the VSE, then the packet is steered to the VSE for firewall, URL filtering and/or anti-virus processing.

Abstract: Methods and systems for an intelligent network protection gateway (NPG) and network architecture are provided. According to one embodiment, a firewall provides network-layer protection to internal hosts against unauthorized access by hosts of an external network by performing network address translation (NAT) processing of Internet Protocol (IP) addresses. The firewall changes data in headers of VoIP packets and corresponding data contents of the VoIP packets, to enable bi-directional VoIP communications. An external VoIP interface of the firewall receives incoming VoIP packets having a user alias (e.g., an email address) and an indication regarding a VoIP port of external interface. The packets are directed to an appropriate internal host by the firewall performing port address forwarding based on the port indication to a Session Initiation Protocol (SIP) server within the internal network that maintains a mapping of user aliases to private addresses of the internal hosts.

Abstract: Methods and systems for creating three-dimensional models from two-dimensional images are provided. According to one embodiment, a method of creating an inflatable icon involves a vectorizing module polygonizing an input image to produce an inflatable image by representing a set of pixels making up the input image as polygons. The inflatable image is then extruded by an extrusion module by generating appropriate z-coordinate values for a reference point associated with each polygon of the inflatable image based upon a biased diffusion process. End-user controlled pressure modulation is supported by an interface module by (i) adjusting one or more modulation functions employed by the biased diffusion process based upon end-user input regarding relative modulation bias for a selected set of one or more pixels associated with the inflatable image or (ii) applying the biased diffusion process to only the selected set of one or more pixels.

Abstract: A financial advisory system is provided. According to one aspect of the present invention, return scenarios for optimized portfolio allocations are simulated interactively to facilitate financial product selection. Return scenarios for each asset class of a plurality of asset classes are generated based upon estimated future scenarios of one or more economic factors. A mapping from each financial product of an available set of financial products onto one or more asset classes of the plurality of asset classes is created by determining exposures of the available set of financial products to each asset class of the plurality of asset classes. In this way, the expected returns and correlations of a plurality of financial products are generated and used to produce optimized portfolios of financial products. Return scenarios are simulated for one or more portfolios including combinations of financial products from the available set of financial products based upon the mapping.

Abstract: A hybrid digital pulse width modulator (DPWM) with digital delay-locked loops (DLLs) is provided. In this implementation, the digital pulse-width-modulator is synthesizable and includes a digital delay-locked loop around a delay-line to achieve constant frequency clocked operation. In this implementation, the resolution of the modulator is consistent over a wide range of process or temperature variations. The DPWM may implement trailing-edge, leading-edge, triangular, or phase-shift modulation. In an implementation suitable for DC-DC converters with synchronous rectifiers, for example, the DPWM may include two or more outputs for programmable dead-times. In another implementation, a digital pulse-width-modulator with a digital phase-locked loop is also provided.

Abstract: Systems and methods for tracking electronic messages and data are provided. In one embodiment, the invention consists of a method of tracking email messages. In various embodiments, steps may include a) identifying an email message for tracking and b) inserting a linking object, into a tracked email message. Responsive to activation by a receiver of the email message, the linking object enables the receiver to submit information to a commercial anti-spam service or a commercial anti-virus service. The method can be used to identify and track email messages defined as spam or defined as containing viruses. The receiver's privacy may be preserved with respect to content of the email message by limiting the information submitted to signatures of the electronic message and other information associated with the electronic message that are reasonably required for spam or virus analysis.

Abstract: Firewalls and other filtering gateways have become common security devices for improving computer network security. As more features and functionality are added to these devices they become quite complex to configure. By associating configuration schemes with firewall policies, configuration can be simplified without compromising flexibility. Administrators have more options to filter different traffic streams based on their type and sources. They also have increased flexibility to be able to filter traffic on a per user basis, through authentication mechanisms tied to various filtering options.

Abstract: Methods are provided for managing hierarchically organized subscriber profiles. According to one embodiment of the present invention, a subscriber connection is created with a virtual router operable within a telecommunications system of a service provider. A connection request is received from a subscriber of multiple subscribers of the service provider at a subscriber manager of the virtual router. The virtual router maintains a database of hierarchically organized profile identifiers, including multiple lower-level profile identifiers, which explicitly define subscriber services, and multiple first-level profile identifiers, which define service contexts representing combinations of services available to subscribers when connected by (i) explicitly defining the subscriber services or (ii) referring to one or more of the multiple lower-level profile identifiers.

Abstract: A mechanism is disclosed that enables layer two host addresses (e.g. a MAC addresses) to be shielded from a network. In one implementation, the mechanism updates each packet sent by the hosts into the network to indicate that the source layer two (L2) address for that packet is a shared L2 address instead of the actual L2 address of the sending host. By doing so, the mechanism exposes only the shared L2 address to the network, and shields the actual L2 addresses of the hosts from the network. The effect of this is that the switches in the network will need to store only the shared L2 address in their forwarding tables, not the actual L2 addresses of the hosts. By reducing the number of L2 addresses that need to be stored in the forwarding tables of the switches, the mechanism improves the scalability of the network.

Abstract: Methods and systems for bridging Ethernet frames transmitted over heterogeneous media channels are provided. According to one embodiment, multiple Ethernet frames encapsulated within multiple in-bound media transmissions having different media formats are received via a first set of multiple network interfaces of a network-computing device. The multiple in-bound media transmissions are relayed via a switch fabric of the network-computing device to a virtual bridge application running on a processing resource shared by the network interfaces and which acts as a single bridging domain for all Ethernet frames. The virtual bridge application encapsulates the multiple Ethernet frames within multiple out-bound media transmissions by performing media agnostic Ethernet bridging of the multiple Ethernet frames. The multiple Ethernet frames are transmitted by relaying, via the switch fabric, the out-bound media transmissions to a second set of the multiple network interfaces.

Abstract: The present invention provides novel methods and devices for detecting hybridization of nucleic acids using liquid crystals and cationic surfactants.

Abstract: Methods and systems for a more efficient transmission of network traffic are provided. According to one embodiment, a method is provided for performing segmentation offloading, such as TCP segmentation offloading (TSO). An interface performs direct virtual memory addressing of a user memory space of a system memory on behalf of a network processor to fetch payload data originated by a user process running on a host processor. Then, the network processor segments the payload data across one or more packets.