Abstract: A drive mechanism is provided for a door operator, comprising a drive member and a driven member. The drive member includes a protrusion, the edges of the protrusion forming first and second driving surfaces which define a free space of at least about 90° there between. The driven member includes a protrusion, the sides of the protrusion form a first and a second driven surface, respectively. The drive member is adapted to be operably connected to between a motor assembly for rotating the drive member and a door closer assembly rotating with the driven member. The drive member and the driven member are disposed for relative rotation in substantially the same plane such that the driven member protrusion moves in the free space defined by the driving surfaces of the drive member protrusion.

Abstract: A door operator with an electrical back check feature is disclosed. Embodiments of the present invention are realized by a motorized door operator that electrically creates a back check force for an opening door. The door operator simulates the back check normally created by hydraulic means in convention door closers, but without the use of pistons, springs or hydraulic fluid. The door operator includes a motor disposed to operatively connect to a door so that the door will open when the motor moves, and a position sensor to determine a position of the door. A processor is programmed to exert a closing force on the door in the back check region. In some embodiments, the closing force is exerted by injecting a voltage into the electric motor of the door operator.

Abstract: Systems and methods are provided for performing digital signing and encryption using identity-based techniques. A message may be signed and encrypted in a single operation and may be decrypted and verified in two separate operations. Messages may be sent anonymously and confidentially. The systems and methods support message confidentiality, signature non-repudiation, and ciphertext authentication, ciphertext unlinkability, and anonymity.

Abstract: A data transfer hinge is disclosed. Embodiments of the present invention provide a door hinge that facilitates transmission of data from LAN wiring in a building through a door frame to a door mounted device. Power and ground connections can also pass through the hinge. Channels (207, 211, 607, 611) run in each leaf from an edge coincident with the knuckles of the leaf to a passageway (110, 112) in the face of the leaf Twisted pairs of data wires (106, 108) having a specified number of twists per unit length run through the passageway and the channels in the leaves. Each wire of a twisted pair is of a gauge and has insulation of a specified thickness and permittivity so as to cooperate with the channel to maintain an even distribution of capacitance and appropriate impedance for connection within a local area network.

Abstract: A method for locating a target wireless device is disclosed. At least one directional antenna is swept through a field of view at each of a plurality of sensing locations. A position is determined for each of the plurality of sensing locations. During the sweep at each of the plurality of sensing locations, a set of signal strength data for the target wireless device and a set of bearing information are collected. A plurality of lines of bearing are determined, one from each of the plurality of sensing locations to the target wireless device, based on the determined position, the collected set of signal strength data, and bearing information for each of the plurality of sensing locations. A target location of the target wireless device is determined based on an intersection of at least two lines of bearing from the plurality of lines of bearing.

Abstract: The present invention provides systems and methods for risk detection and analysis in a computer network. Computerized, automated systems and methods can be provided. Raw vulnerability information and network information can be utilized in determining actual vulnerability information associated with network nodes. Methods are provided in which computer networks are modeled, and the models utilized in performing attack simulations and determining risks associated with vulnerabilities. Risks can be evaluated and prioritized, and fix information can be provided.

Abstract: Methods for reducing the impact of malware during a booting sequence for an interrupt driven computing device are disclosed. One or more parameters associated with an interrupt vector table (IVT) are manipulated to force the computing device into a clean state following a system level portion of the booting sequence. In another embodiment, occurring prior to the loading of an operating system or a call to a non-returnable main( ) function, one or more unused interrupt vectors in an IVT are replaced. A function filter is implemented for one or more interrupt vectors in the IVT to disallow unnecessary interrupt functions from being executed. One or more required interrupt vector functions are replaced with one or more corresponding custom vector functions. One or more memory locations are wiped if the one or more memory locations do not hold at least a portion of the IVT and/or the interrupt vector functions.

Abstract: A system provides for fuzzy classification in comparisons of scanner responses. A web application test suite performs tests against a web application by sending client requests from a testing computer to the server running the web application and checking how the web application responds. A thorough web application security scan might involve thousands of checks and responses. As a result, some sort of programmatic analysis is needed. One such evaluation involves comparing one response against another. Response matching that compares two HTTP responses might use fuzzy classification processes.

Abstract: A system is provided that uses identity-based encryption to support secure communications between senders and recipients over a communications network. Private key generators are used to provide public parameter information. Senders encrypt messages for recipients using public keys based on recipient identities and using the public parameter information as inputs to an identity-based encryption algorithm. Recipients use private keys to decrypt the messages. There may be multiple private key generators in the system and a given recipient may have multiple private keys. Senders can include private key identifying information in the messages they send to recipients. The private key identifying information may be used by the recipients to determine which of their private keys to use in decrypting a message. Recipients may obtain the correct private key to use to decrypt a message from a local database of private keys or from an appropriate private key server.

Abstract: The invention is directed to techniques of facilitating document transmission from one entity through an electronic communications network. An entity may be a legally recognized person such as a corporation, partnership, organization, government, individual, and the like. As a legally recognized person, an entity may act as a principal with respect to one or more authorized agents. Furthermore, as a legal person, an entity may authorize one or more of its agents to use fax transmission equipment such as the fax certification system described herein. The techniques of this invention assure a second entity that a first entity has indeed authorized its agent to send a document from a fax station under the controls of the first entity.

Abstract: Mass storage devices and methods for securely storing data are disclosed. The mass storage device includes a communication interface for communicating with a connected host computer, a mass-memory storage component for storing data, a secure key storage component adapted to securely store at least one master secret, and an encryption-decryption component different from the secure key storage component and connected to the secure key storage component and the mass-memory storage component. The encryption-decryption component may be adapted to encrypt data received from the host computer using an encryption algorithm and at least one encryption key and to write the encrypted data into the mass-memory storage component.

Abstract: The DigiPass for the Web provides security for internet communication greater than that achieved by the use of a static password without requiring the user to install any software or to possess or use dedicated hardware of any kind. The user merely access an appropriate website which downloads an applet to the user's browser. This is a conventional function which is handled by the browser and does not require any expertise on the part of the user. The browser relies on a password known only to the user for authenticating the user to the browser/applet. The browser/applet interacts with the server to create an authentication key which is then stored on the user's computer. The user can invoke the authentication key dependent on the user's presentation to the browser/applet of the password. Since the password is not used outside the user-browser/applet interaction it is not subject to attacks by hackers.

Abstract: A system and method for improving code coverage for web code that is analyzed for security purposes by dynamic code execution are described. A controller receives information, routes the information to the appropriate engine, analyzer or module and provides the functionality for improving code coverage for code analyzed for security purposes. A code rewrite engine rewrites code in such a way that all branches and stray functions will be executed. A dynamic analyzer performs dynamic analysis on web content to detect malicious code. Additionally, a static analyzer performs static analysis on web content. The static analyzer scans web content and detects a style of coding, a style of obfuscation of the code or patterns in the code.

Abstract: A system and method for detecting malicious code in web content is described. A controller receives information, routes the information to the appropriate module and determines whether a user receives the web content or a report of a detection of malicious code. A vulnerability definition generator generates vulnerability definitions. A parser parses web content into static language constructions. A translation engine translates the static language constructions into trap rules, translates the web content into application programming interface (API) calls and determines whether the API calls trigger any of the trap rules. A sandbox engine generates an environment that mimics a browser and executes dynamic parts of the web content and determines whether a dynamic part triggers a trap rule.

Abstract: Analyzing computer code using a tree is described. For example, a client device generates a data request for retrieving data from a non-trusted entity via a network. A gateway is communicatively coupled to the client device and to the network. The gateway is configured to receive computer code from the non-trusted entity via the network. The gateway builds a tree representing the computer code. The tree has one or more nodes. A node of the tree represents a statement from the computer code. The gateway analyzes the statement to identify symbol data. The symbol data describes a name of the variable and the value of the variable. The gateway stores the symbol data in a symbol table.

Abstract: Blocking transmission of tainted data using dynamic data tainting is described. For example, sensitive information is stored on a client device as tainted data. The client device generates a data request for retrieving data from a non-trusted entity via a network. A gateway is communicatively coupled to the client device and the network. The gateway receives computer code from the non-trusted entity via the network. The gateway executes the computer code. The gateway tracks the execution of the computer code to determine whether the computer code attempts to access tainted data and transmit the tainted data to an outside entity. The gateway blocks the transmission of the tainted data to the outside entity responsive to determining that the computer code has attempted to access tainted data and transmit the tainted data to an outside entity.

Abstract: A URL verification service is provided that is used to evaluate the trustworthiness of universal resource locators (URLs). As a user browses the world wide web, the URL for a web page to which the user is browsing is evaluated. A brand and a second level domain portion may be extracted from the URL and used as search engine inputs in evaluating the trustworthiness of the URL. The content of the web page can also be analyzed. Page elements may be extracted from the web page and compared to page elements in a brand indicator table to identify page brands associated with the web page. The brand extracted from the URL is compared to the page brands to detect cross-branding. If cross-branding is detected, the URL verification service helps to prevent the user from submitting sensitive information over the internet.

Abstract: Cryptographic systems and methods are provided in which authentication operations, digital signature operations, and encryption operations may be performed. Authentication operations may be performed using authentication information. The authentication information may be constructed using a symmetric authentication key or a public/private pair of authentication keys. Users may digitally sign data using private signing keys. Corresponding public signing keys may be used to verify user signatures. Identity-based-encryption (IBE) arrangements may be used for encrypting messages using the identity of a recipient. IBE-encrypted messages may be decrypted using appropriate IBE private keys. A smart card, universal serial bus key, or other security device having a tamper-proof enclosure may use the authentication information to obtain secret key information. Information such as IBE private key information, private signature key information, and authentication information may be stored in the tamper-proof enclosure.

Abstract: A magnetic field verifier apparatus includes a magnetic field detection element configured to produce a voltage signal in response to an applied magnetic field wherein the voltage signal corresponds to the strength of the applied magnetic field. Substantially identical circuit boards or units are connected to a central unit or mother board to place magnetic field detection elements of each board or unit in an mutually approximately orthogonal relationship. A microcontroller is in communication with the voltage signal. The magnetic field verifier apparatus is configurable to sense particular field strengths at various frequencies and store the readings to provide the user with a reliable verification that a particular magnetic field strength has been produced in a particular environment.

Abstract: A system and method for controlling the execution of executable files. The executables are identified by either a cryptographic digest or a digital certificate. The crytographic digest is computed from the binary image of the executable. An executable that is attempting to execute is intercepted by a protection module that consults a database of stored rules over a secure channel to determine whether or not the executable can be identified as a permitted executable and whether or not it has permission to execute on a particular computer system under certain specified conditions. If a stored permission is available, it is used to control the execution. Otherwise, the user is consulted for permission.