Abstract: A pectus excavatum treating apparatus or assembly having two pectus bars joined by a connecting member.

Abstract: A computer-implemented method for trajectory prediction. The method includes: receiving trajectory data of motion trajectories of road users arranged in a surrounding area of the ego vehicle by a prediction module, wherein the trajectory data are arranged in a graph representation; receiving map data of a map representation mapping the surrounding area of the ego vehicle by the prediction module; generating an interaction graph representation for the plurality of road users based on the trajectory data of the road users and roadway location information of the map representation by the prediction module; and predicting a future motion trajectory to be executed for at least one other road user based on the trajectory data, the map data, and the interaction graph representation of the road users by the prediction module.

Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may selectively direct the device to a portal that provides support to the user of the device while the device awaits admission to the enterprise network. As the user interacts with the portal, the portal may manage admission of unrecognized devices onto the enterprise network while making efficient use of network administrator resources.

Abstract: Where a single networked security service supports multiple enterprises, this security service can operate as a shared source of trust so that security devices associated with one enterprise can provide authenticated, policy-based management of computing devices associated with another enterprise. For example, an enterprise firewall can advantageously manage network access for a new device based on a shared and authenticated relationship with the networked security service.

Abstract: An image sensor for immersion lithography, the image sensor including: a grating; an absorber layer on the grating, the absorber layer configured to absorb radiation; and a liquidphobic coating at an upper surface of the image sensor, wherein a protective layer is provided between the absorber layer and the liquidphobic layer, the protective layer being less reactive than the absorber layer to an immersion liquid.

Abstract: Systems, methods, and apparatus for determining a volume of remaining liquid in a container are disclosed. A container profile can first be developed using image analysis to determine a maximum liquid level in the container. The profile can then be broken into divisions, each corresponding to an equal volume. When real-world measurements of a liquid level in a real-world container are made, these can be translated to one of the divisions, which can be summed with all underlying divisions to estimate a volume of remaining liquid in the real-world container.

Abstract: A network address translation device or similarly situated network device can cooperate with endpoints on a subnet of an enterprise network to secure endpoints within the subnet. For example, the network address translation device may be configured, either alone or in cooperation with other network devices, to block traffic from a compromised endpoint to destinations outside the subnet, and to direct other endpoints within the subnet to stop network communications with the compromised endpoint.

Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may selectively direct the device to a portal that provides support to the user of the device while the device awaits admission to the enterprise network. As the user interacts with the portal, the portal may manage admission of unrecognized devices onto the enterprise network while making efficient use of network administrator resources.

Abstract: Endpoints and a corresponding switch within a heterogeneous network work cooperatively to respond to notifications of compromise in order to protect the enterprise network. Endpoints self-isolate when a local security agent detects a compromise, and shun a compromised one of the other endpoints in response to a corresponding notification. The switch forwards a notice of compromise from an endpoint to a threat management facility for the enterprise network and prevents communications from a compromised endpoint through the switch in response to receiving a corresponding request from the threat management facility.

Abstract: An image sensor for immersion lithography, the image sensor including: a grating; an absorber layer on the grating, the absorber layer configured to absorb radiation; and a liquidphobic coating at an upper surface of the image sensor, wherein a protective layer is provided between the absorber layer and the liquidphobic layer, the protective layer being less reactive than the absorber layer to an immersion liquid.

Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may selectively direct the device to a portal that provides support to the user of the device while the device awaits admission to the enterprise network. As the user interacts with the portal, the portal may manage admission of unrecognized devices onto the enterprise network while making efficient use of network administrator resources.

Abstract: Endpoints within a subnet of a heterogeneous network are configured to cooperatively respond to internal or external notifications of compromise in order to protect the endpoints within the subnet and throughout the enterprise network. For example, each endpoint may be configured to self-isolate when a local security agent detects a compromise, and to shun one of the other endpoints in response to a corresponding notification of compromise in order to prevent the other, compromised endpoint from communicating with other endpoints and further compromising other endpoints either within the subnet or throughout the enterprise network.

Abstract: Where a single networked security service supports multiple enterprises, this security service can operate as a shared source of trust so that security devices associated with one enterprise can provide authenticated, policy-based management of computing devices associated with another enterprise. For example, an enterprise firewall can advantageously manage network access for a new device based on a shared and authenticated relationship with the networked security service.

Abstract: An endpoint in an enterprise network is configured to respond to internal and external detections of compromise in a manner that permits the endpoint to cooperate with other endpoints to secure the enterprise network. For example, the endpoint may be configured to self-isolate when local monitoring detects a compromise on the endpoint, and to respond to an external notification of compromise of another endpoint by restricting communications with that other endpoint.

Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the device may be directed to a portal that manages admission of unrecognized devices onto the enterprise network. Based on a response of the unrecognized device to the portal (e.g., if the unrecognized device does not respond to the portal), the device may be listed on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.

Abstract: Systems, methods, and apparatus for determining a volume of remaining liquid in a container are disclosed. A container profile can first be developed using image analysis to determine a maximum liquid level in the container. The profile can then be broken into divisions, each corresponding to an equal volume. When real-world measurements of a liquid level in a real-world container are made, these can be translated to one of the divisions, which can be summed with all underlying divisions to estimate a volume of remaining liquid in the real-world container.

Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the device may be directed to a portal that manages admission of unrecognized devices onto the enterprise network. Based on a response of the unrecognized device to the portal (e.g., if the unrecognized device does not respond to the portal), the device may be listed on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.

Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.

Abstract: A threat management facility detects a device on an enterprise network and determines whether the device is one of a set of managed devices for the enterprise network. When the device is not one of the set of managed devices, the threat management facility may determine whether the device is manageable. When the device is unrecognized and unmanageable, a portal may provide support to a user of the device by listing the device on an unclaimed device page published by the portal and accessible to authorized users of the enterprise network. An authorized user may claim the unrecognized device from the unclaimed device page and, in the process, may provide additional information regarding the unrecognized device. Once claimed, the previously unrecognized device may be permitted to communicate over the enterprise network.

Abstract: Secure management of an enterprise network is improved by creating a network adapter fingerprint for an endpoint that identifies all of the network adapters for that endpoint. With this information, the location and connectivity of the endpoint can be tracked and managed independent of the manner in which the endpoint is connecting to the enterprise network.