Abstract: A door closer with a self-powered control unit is disclosed. The control unit for the door closer includes a drive gear configured to rotate in response to movement of a door, and a chain arranged to cooperate with the drive gear to produce linear motion in response to rotation of the drive gear. At least one gear creates rotational motion from the linear motion of the chain to turn a generator and generate electricity to power the control unit. In some embodiments, a set of clutch gears is disposed between the chain and the gear creating the rotational motion from the chain so that only one direction of the rotational motion is transferred to the generator in response to movement of the door in any direction. The control unit can additionally include a power management circuit to store energy from the generator.

Abstract: The system and method for correlating network identities and addresses described herein may include a log correlation engine distributed on a network that identifies relationships between certain network identities and Internet Protocol (IP) and Ethernet addresses in the network. In particular, the log correlation engine may analyze various event logs that describe activity in a network to learn relationships between network identities and network addresses and generate alerts in response to discovering changes in the learned relationships. For example, the log correlation engine may identify authentication events described in the logs to map network identities to IP addresses, and may further analyze the logs to map the IP addresses to Ethernet addresses. Thus, the log correlation engine may discover new and changed relationships between the network identities, the IP addresses, and the Ethernet addresses.

Abstract: A distributed networked physical security access control system for controlling a plurality of security access devices includes access server appliances in communication with a primary network. At least one access server appliance includes an appliance management module accessible through a web browser in communication with the primary network. The appliance management module configures the access server appliances to a user specified security configuration. The access server appliances are in peer-to-peer communication on the primary network to bridge the access server appliances for providing consistency in each of the access server appliances.

Abstract: A door closer comprises a piston cooperating with a rotating pinion. Upon rotation of the pinion in the door opening direction, the piston moves toward the second end of the housing forcing fluid from a second variable volume chamber through a passage to a first variable volume chamber and compressing a spring assembly for storing energy. The spring assembly urges the piston toward the first end of the housing for forcing fluid from the first variable volume chamber to the second variable volume chamber and rotating the pinion in the door closing direction. A controller controls the position of a valve in the passage based on the sensed angular position of a door and the position of the valve for determining the amount of hydraulic fluid flowing through the valve.

Abstract: A latch assembly comprises a first portion (32) defining an opening and a second portion (54) slidably disposed in the opening for movement of the first portion along the second portion. The second portion includes a stop which is larger than the opening for preventing further movement of the first portion along the second portion in a first direction. A securing element releasably connects the first portion and the second portion in a first relative axially connected position. In a mortise lock (20), the first portion and the second portion are thus movable together relative to the housing so that the first portion at least partially non-rotatably projects outwardly from the opening in the edge wall of the housing in an extended position and is inside the housing in a retracted position. Disconnecting the first portion from the second portion allows the first portion to move along the second portion in the first direction to a second axial position.

Abstract: The system and method described herein may use file hashes to track data leakage and document propagation in a network. For example, file systems associated with known reference systems and various user devices may be compared to classify the user devices into various groups based on differences between the respective file systems, identify files unique to the various groups, and detect potential data leakage or document propagation if user devices classified in certain groups include any files that are unique to other groups. Additionally, various algorithms may track locations, movements, changes, and other events that relate to normal or typical activity in the network, which may be used to generate statistics that can be compared to subsequent activities that occur in the network to detect potentially anomalous activity that may represent potential data leakage or document propagation.

Abstract: A code finder system deployed as a software module, a web service or as part of a larger security system, identifies and processes well-formed code sequences. For a data flow that is expected to be free of executable or interpreted code, or free of one or more known styles of executable or interpreted code, the code finder system can protect participants in the communications network. Examples of payload carried by data flows that can be monitored include, but are not limited to, user input data provided as part of interacting with a web application, data files or entities, such as images or videos, and user input data provided as part of interacting with a desktop application.

Abstract: Various systems and methods of embedded authentication are described herein. One method of the preferred embodiment can include receiving at an authentication server a transaction token from a host website, the host website including an embeddable interface and prompting a user challenge by the authentication server at the embeddable interface. The method of the preferred embodiment can also include creating a signed authentication token in response to a successful user challenge, and transmitting the signed authentication token from the authentication server to the embeddable interface.

Abstract: A drive mechanism for a door operator comprises a drive member and a driven member. The drive member is adapted to be operably connected between a motor assembly for rotating the drive member and a door closer assembly rotating with the driven member. The drive member and the driven member both include a protrusion. The driven member protrusion moves in the free space defined by driving surfaces of the drive member protrusion. Rotation of the drive member from a first angular orientation to a second angular orientation causes rotation of the driven member for powered opening of the door. The driven member protrusion moves in the free space without engaging the protrusion surfaces when the door is opened manually and allowed to close.

Abstract: An administrator of an enterprise can recover a user secure storage device in conjunction with a third-party service without the administrator knowing a user secure storage device password. The administrator secure storage device is communicatively coupled with a host computer. A user secure storage device is communicatively coupled with a host computer. The administrator secure storage device is authenticated to the third-party service. One or more decryptions are performed on an encrypted portion of data with an enterprise private key and a shared administrator private key to produce information associated with the user secure storage device password. The administrator is logged into the user secure storage device using the information associated with the user secure storage device password without the administrator knowing the user secure storage device password.

Abstract: A handheld authentication device comprising a data processor and a display is adapted to: generate an input value; submit the input value to an asymmetric cryptographic operation; obtain the result of said asymmetric cryptographic operation; generate an authentication message substantially comprising the result of the asymmetric cryptographic operation; encode the authentication message into one or more images; and display these images on the display.

Abstract: A device for securing a spindle to a hub in a mortise lock for a door. The device includes a hub defining a central opening about an axis of rotation and a spindle with a first end adapted to be received in the opening in the hub to apply rotational force to the hub. A securing element is moveable between a first position in which the securing element engages the spindle and the spindle is secured to the hub, and a second position in which the securing element is disengaged from the spindle and the spindle may be freely removed from the opening in the first hub. The securing element may be adapted for reciprocal linear movement in the housing, and may engage the first spindle by part of the securing element being received in a peripheral groove in the spindle.

Abstract: An electronic device, which may be a USB device, includes a body part that is removably connected to a cap. The body part includes a connector for plugging the device into a host computing device. The cap includes a lever part and a main part. The lever part of the cap is attached to the main part and pivots at least partially around a pivot axis. The lever part includes an anchor part on one side of the pivot axis and an unlock part on the other side of the pivot axis. The anchor part includes a hook that engages a cavity in the body part when the cap is connected to the body part. Depressing the unlock part of the cap causes the lever to pivot around the pivot axis thereby disengaging the hook from the first cavity, and thereby releasing the cap from the body part.

Abstract: Methods for reducing the impact of malware during a booting sequence for an interrupt driven computing device are disclosed. One or more parameters associated with an interrupt vector table (IVT) are manipulated to force the computing device into a clean state following a system level portion of the booting sequence. In another embodiment, occurring prior to the loading of an operating system or a call to a non-returnable main( ) function, one or more unused interrupt vectors in an IVT are replaced. A function filter is implemented for one or more interrupt vectors in the IVT to disallow unnecessary interrupt functions from being executed. One or more required interrupt vector functions are replaced with one or more corresponding custom vector functions. One or more memory locations are wiped if the one or more memory locations do not hold at least a portion of the IVT and/or the interrupt vector functions.

Abstract: A system and system for controlling the execution of executable files. The executables are identified by either a cryptographic digest or a digital certificate. The cryptographic digest is computed from the binary image of the executable. An executable that is attempting to execute is intercepted by a protection module that consults a database of stored rules over a secure channel to determine whether or not the executable can be identified as a permitted executable and whether or not it has permission to execute on a particular computer system under certain specified conditions. If a stored permission is available, it is used to control the execution. Otherwise, the user is consulted for permission.

Abstract: Systems, methods, and apparatus, including computer program products, for detecting a presence of at least one vulnerability in an application. The method is provided that includes modifying instructions of the application to include at least one sensor that is configurable to generate an event indicator, wherein the event indicator includes at least some data associated with the event; storing the event indicator with other stored event indicators generated by the at least one sensor during the execution of the application; analyzing the stored event indicators; detecting a presence of at least one vulnerability in the application based on the analysis of the stored event indicators; and reporting the presence of at least one vulnerability.

Abstract: A secure smart card reader is disclosed that is enabled to make reader signatures on data representative of events and actions which may be security related and which may include data representative of reader commands received from a host or remote application, smart card commands exchanged with an inserted smart card, data presented to a user for approval, and/or configuration parameters applied when dealing with any of the foregoing. The smart card reader may be adapted to maintain logs of events and actions which may include exchanging reader commands, exchanging smart card commands, and/or interactions with a user. The logs may include data representative of the reader commands received, the smart card commands exchanged, data presented to the user for approval, and/or configuration parameters applied when dealing with any of the foregoing. The secure smart card reader may be adapted to generate a reader signature over the logs.

Abstract: Systems and methods for managing email are provided. Some of the email may be encrypted using identity-based-encryption (IBE) techniques. When an incoming IBE-encrypted message for a recipient in an organization is received by a gateway at the organization, the gateway may request an IBE private key from an IBE private key generator. The IBE private key generator may generate the requested IBE private key for the gateway. The gateway may use an IBE decryption engine to decrypt the incoming message. The decrypted message can be scanned for viruses and spam and delivered to the recipient. Outgoing email messages can also be processed. If indicated by message attributes or information provided by a message sender, an outgoing message can be encrypted using an IBE encryption engine and the IBE public key of a desired recipient.

Abstract: The system and method for correlating network identities and addresses described herein may include a log correlation engine distributed on a network that identifies relationships between certain network identities and Internet Protocol (IP) and Ethernet addresses in the network. In particular, the log correlation engine may analyze various event logs that describe activity in a network to learn relationships between network identities and network addresses and generate alerts in response to discovering changes in the learned relationships. For example, the log correlation engine may identify authentication events described in the logs to map network identities to IP addresses, and may further analyze the logs to map the IP addresses to Ethernet addresses. Thus, the log correlation engine may discover new and changed relationships between the network identities, the IP addresses, and the Ethernet addresses.

Abstract: Systems and methods are provided for using digital signatures to help distinguish legitimate email from known or trusted organizations from unsolicited email or forged email. Digital signatures may be used in an email body, mail header, or embedded links. The signatures may be verified by a recipient or internet service provider and may be used in conjunction with spam filtering applications.