Abstract: A sealed modular trim supplemental side air bag inflatable curtain (SABIC) module assembly includes a SABIC and a vehicle trim assembly encapsulating the SABIC. The SABIC is sealed within the vehicle trim assembly and provided as a complete compact module configured for subsequent attachment to a vehicle roll bar.

Abstract: Among other things, traces are received of activities of an online user who is associated with an entity. By analysis of the traces a security state of the entity is inferred. Also, a map is generated between (a) technical assets that contribute to security characteristics of respective entities and (b) the identities of the entities that are associated with the respective technical assets. At least part of the generating of the map is done automatically. A user can be engaged to assist in the generating of the map by presenting to the user through a user interface (a) data about the technical assets of entities and (b) an interactive tool for associating the technical assets with the identities of the entities.

Abstract: Among other things, traces are received of activities of an online user who is associated with an entity. By analysis of the traces a security state of the entity is inferred. Also, a map is generated between (a) technical assets that contribute to security characteristics of respective entities and (b) the identities of the entities that are associated with the respective technical assets. At least part of the generating of the map is done automatically. A user can be engaged to assist in the generating of the map by presenting to the user through a user interface (a) data about the technical assets of entities and (b) an interactive tool for associating the technical assets with the identities of the entities.

Abstract: A computer-implemented system, method and apparatus for operating a reference monitor simulator is operable to recreate the operations performed by a reference monitor on a computer system. In one configuration, the system defines at least one security rule specifying whether to allow or deny a request to access at least one resource under a given set of circumstances and supplies at least one request to access a resource. The system further applies the at least one security rule in response to the at least one request to access a resource to determine whether to allow or prevent the at least one request.

Abstract: Conventional matching approaches to virus detection are ineffective pending deployment of a signature to match a newly discovered virus. In contrast, a behavioral based (subject) approach addresses the so-called “day zero” problem of object matching approaches. An integrated approach combines the behavioral remedy against unknown transmissions with the signature matching of known harmful transmission to provide the reliability and stability of signature based approaches with the real time responsiveness of the behavioral approach. A behavior monitoring module analyzes actions via behavioral heuristics indicative of actions performed by known harmful transmissions. The behavioral monitoring correlates the actions performed to determine an undesirable object. A signature generator computes a realtime signature on the suspect object.

Abstract: An automated method and apparatus for creating a security policy for one or more applications is provided. The method includes exercising the features of the one or more applications to generate behavioral data, applying a heuristic to aggregate the behavioral data into a subset of representative actions, and organizing the representative actions according to a structure defined by a template into a security policy for the one or more applications. The security policy may be downloaded to one or more workstations for deployment, and provides a safeguard to protect a computer system against cyber-terrorism.

Abstract: A high speed optical communication and data transfer network comprises fiber optic links interconnecting a plurality of hybrid electronic-optical switch devices, each hybrid switch circuit including an electronic switch, electronic switch controller and optical switch. The hybrid switch circuits and nodes on the periphery of the core network communicate amongst each other over a first dedicated wavelength. Optical signals on the first dedicated wavelength are converted to electronic signals which are monitored by the electronic controller in each hybrid switch circuit. Routing in the network is optimized by transmitting lower volume data traffic on the first dedicated wavelength which is typically slower due to optical/electronic signal conversions and which uses more resources. Higher capacity data transfers are achieved by transmitting data on an assigned carrier wavelength over an established flow path among the optical switches of multiple hybrid switch circuits.

Abstract: A high speed optical communication and data transfer network comprises fiber optic links interconnecting a plurality of hybrid electronic-optical switch devices, each hybrid switch circuit including an electronic switch, electronic switch controller and optical switch. The hybrid switch circuits and nodes on the periphery of the core network communicate amongst each other over a first dedicated wavelength. Optical signals on the first dedicated wavelength are converted to electronic signals which are monitored by the electronic controller in each hybrid switch circuit. Routing in the network is optimized by transmitting lower volume data traffic on the first dedicated wavelength which is typically slower due to optical/electronic signal conversions and which uses more resources. Higher capacity data transfers are achieved by transmitting data on an assigned carrier wavelength over an established flow path among the optical switches of multiple hybrid switch circuits.

Abstract: A high speed optical communication and data transfer network comprises fiber optic links interconnecting a plurality of hybrid electronic-optical switch devices, each hybrid switch circuit including an electronic switch, electronic switch controller and optical switch. The hybrid switch circuits and nodes on the periphery of the core network communicate amongst each other over a first dedicated wavelength. Optical signals on the first dedicated wavelength are converted to electronic signals which are monitored by the electronic controller in each hybrid switch circuit. Routing in the network is optimized by transmitting lower volume data traffic on the first dedicated wavelength which is typically slower due to optical/electronic signal conversions and which uses more resources. Higher capacity data transfers are achieved by transmitting data on an assigned carrier wavelength over an established flow path among the optical switches of multiple hybrid switch circuits.

Abstract: The invention features receiving encrypted network packets sent over a network at a network interface computer, and passing the encrypted network packets to a computer on an internal network.The invention also features receiving encrypted network packets at a first computer over a network from a second computer, examining a field in each network packet to determine which of a plurality of encryption algorithms was used to encrypt the network packet, and decrypting the network packet in accordance with the determined encryption algorithm.The invention further features receiving network packets sent over a network, determining which virtual tunnel each network packet was sent over, and routing each network packet to a destination computer in accordance with the determined virtual tunnel.

Abstract: Passage of packets or messages is controlled between a device and a network via a virtual connection or flow which conforms to a predefined communication protocol. In connection with processing a packet or message that triggers a step in managing the virtual connection or flow, predefined authorization rules are applied to determine whether to permit the step to occur. In connection with processing a packet or message that does not trigger a step in managing the virtual connection or flow, the packet or message is permitted to pass directly via the virtual connection or flow, without applying the predefined authorization rules.

Abstract: Back door packet communication between a workstation on a network and a device outside the network is identified by detecting packets that are associated with communication involving devices outside the network, and identifying packets, among those detected packets, that are being sent or received by a device that is not authorized for communication with devices outside the network.

Abstract: An apparatus for forwarding a data packet from a first link to a second link is disclosed. The apparatus is coupled with a plurality of computer networks through ports on the apparatus. The apparatus maintains a spanning tree list indicating which of the apparatus ports are active. The apparatus receives a packet, and determines if the packet was received from a port that is active. If the packet was received from a port that is not active, the packet is discarded. If the packet is not discarded, the data link source address of the packet is stored in a database within the apparatus for the computer network coupled with the port from which the packet was received. The apparatus then decides, responsive to a contents of a data link destination address field in the packet, whether to forward the packet as a bridge or to forward the packet as a router.

Abstract: An apparatus for forwarding a data packet from a first link to a second link is disclosed. The apparatus is coupled with a plurality of computer networks through ports on the apparatus. The apparatus maintains a spanning tree list indicating which of the apparatus ports are active. The apparatus receives a packet, and determines if the packet was received from a port that is active. If the packet was received from a port that is not active, the packet is discarded. If the packet is not discarded, the data link source address of the packet is stored in a database within the apparatus for the computer network coupled with the port from which the packet was received. The apparatus then decides, responsive to a contents of a data link destination address field in the packet, whether to forward the packet as a bridge or to forward the packet as a router.

Abstract: There is disclosed the architecture for an all optic network which employs a three level hierarchy using wavelength vision multiplexing. At the lowest level of the hierarchy are Level-0 all optical networks. The Level-0 networks are "local" broadcast networks each of which supports a plurality of access ports and each access port can hear all the local traffic transmitted by all other access ports in the same Level-0 network. Each Level-0 network shares wavelengths internally, but there is extensive reuse of wavelengths among different Level-0 networks. The next higher level, which is the intermediate level, Level-1, is essentially a wavelength router coupled with one or more of the Level-0 networks to provide a wavelength path to one or more directly connect Level-0 networks or, in combination with a Level-2 network, a light path to one or more Level-0 network outside itself.