Abstract: In some embodiments, the invention involves securing network traffic to and from a host processor. A system and method is disclosed which utilizes a second processor on a virtualization technology platform to send/receive and triage messages. The second processor is to forward suspect messages to a virtual appliance for further investigation before routing the suspect messages to one of a plurality of virtual machines running on the host processor. When messages are not suspect, use of the virtual appliance is avoided and messages are routed to one of a plurality of virtual machines via a virtual machine manager running on the host processor. Other embodiments are described and claimed.

Abstract: The invention is a versatile, but simple, rifle sling for carrying a rifle, shotgun, or other long gun over one shoulder. The sling can be attached to the rifle by use of studs or swivels in a conventional manner or can be attached directly to the firearm by using the adjustable loops at each end of the sling. It is constructed from a single strip of leather without the use of any hardware such as buckles, clasps, clamps, hooks, rivets, screws or other devices. Each of the adjustable loops are formed from slide-lock knots.

Abstract: In some embodiments, an apparatus comprises a certificate store to store a current certificate associated with a key pair including a current public key and a current private key; a policy decision point (PDP) module to monitor the certificate store and to ascertain whether the current certificate has expired or is expiring; and a key manager, based at least in part on the PDP module determining that the current certificate has expired or is expiring, being adapted to identify encrypted information encrypted with an encrypting key of the key pair and to decrypt the encrypted information with a decrypting key of the key pair to obtain unencrypted information.

Abstract: A method, apparatus, and system enable a secure location-aware platform. Specifically, embodiments of the present invention may utilize a secure processing partition on the platform to determine a location of the platform and dynamically apply and/or change security controls accordingly.

Abstract: A method, apparatus and system enable a secure location-aware platform. Specifically, embodiments of the present invention may utilize a secure processing partition on the platform to determine a location of the platform and dynamically apply and/or change security controls accordingly.

Abstract: The claimed method and system provides a graphical user interface that illustrates network topology information, including connection paths between devices on the local network and an external network such as the Internet. The claimed method and system may use a three column format for presenting the topology that is more intuitive for a user. Also, the claimed method and system may aggregate context and connection information from multiple different protocols to provide the topology display. Further, the claimed method and system may use a device registry to enable customized and extensible representations of the network devices.

Abstract: A security manager receives a request for data that is subject to data security management. The security manager operates independently of a host partition and is not directly accessible or detectable by the host partition. The security manager determines whether to grant or deny access to the requested data based at least in part on a requesting user's authentication credentials. If the data request is approved, a security policy associated with the data is determined. In addition, instructions are sent to a system hypervisor to create a secure partition. The hypervisor loads the requested data and a verified version of an application necessary to access the data into the secure partition creating a secure environment for accessing the data.

Abstract: The claimed method and system provides a graphical user interface that illustrates network topology information, including connection paths between devices on the local network and an external network such as the Internet. The claimed method and system may use a three column format for presenting the topology that is more intuitive for a user. Also, the claimed method and system may aggregate context and connection information from multiple different protocols to provide the topology display. Further, the claimed method and system may use a device registry to enable customized and extensible representations of the network devices.

Abstract: A software network bridge which allows connected network segments to be presented as a single network unit to the host computer. The software bridge can be implemented as an intermediate network driver, abstracting multiple network segments into a single network interface for higher level protocols and applications. The intermediate network driver can simultaneously send the same data packet through multiple network interfaces by creating multiple packet descriptors, each pointing to the same data, but each given individually to the underlying network interfaces to control during their transmission.

Abstract: The claimed method and system provides a graphical user interface that illustrates network topology information, including connection paths between devices on the local network and an external network such as the Internet. The claimed method and system may use a three column format for presenting the topology that is more intuitive for a user. Also, the claimed method and system may aggregate context and connection information from multiple different protocols to provide the topology display. Further, the claimed method and system may use a device registry to enable customized and extensible representations of the network devices.

Abstract: Apparatuses and methods provide operating system independent digital rights management. A request can be made for data, which can be monitored by a security module. The security module is independent of a host operating system and manages digital rights for the requested data. Thus, digital rights management occurs outside the context of a host operating system. The security module may classify the data and determine a security policy based on the data classification. Policy may be stored locally or remotely, and may be associated with the data subject to the policy.

Abstract: A method for a firewall-aware application to communicate its expectations to a firewall without requiring the firewall to change its policy or compromise network security. An application API is provided for applications to inform a firewall or firewalls of the application's needs, and a firewall API is provided that informs the firewall or firewalls of the application's needs. An interception module watches for connect and listen attempts by applications and services to the network stack on the local computer. The interception module traps these attempts and determines what user is making the attempt, what application or service is making the attempt, and conducts a firewall policy look-up to determine whether the user and/or application or service are allowed to connect to the network. If so, the interception module may instruct the host and/or edge firewall to configure itself for the connection being requested.

Abstract: Methods, systems, and articles to receive, by a fail-over computing device, a request to instantiate a virtual-machine in response to a virtual-machine failure on a separate physical device. The request includes a minimum security rating. The fail-over computing device then compares the minimum security rating against an assigned security rating of the fail-over computing device and instantiates the virtual-machine if the assigned security rating meets or exceeds the minimum security rating.

Abstract: In some embodiments, the invention involves securing network traffic to and from a host processor. A system and method is disclosed which utilizes a second processor on a virtualization technology platform to send/receive and triage messages. The second processor is to forward suspect messages to a virtual appliance for further investigation before routing the suspect messages to one of a plurality of virtual machines running on the host processor. When messages are not suspect, use of the virtual appliance is avoided and messages are routed to one of a plurality of virtual machines via a virtual machine manager running on the host processor. Other embodiments are described and claimed.

Abstract: Methods, apparatuses, articles, and systems for an inventory agent and/or a policy agent of a computing device are described herein. In various embodiments, the inventory agent may be adapted to determine a count of a plurality of virtual machines on the computing device and notify an inventory server of the determined count. The policy agent, in some embodiments, may be adapted to receive an instruction to instantiate or shut down a virtual machine of the plurality of virtual machines of the apparatus, and conditionally disallow the instruction if the instruction does not meet criteria specified by a policy. The computing device may have either or both of the inventory agent or policy agent, either or both of the agents residing on either or both of a management controller of the computing device or a service operating system of the computing device.

Abstract: A method, apparatus and system enable a secure location-aware platform. Specifically, embodiments of the present invention may utilize a secure processing partition on the platform to determine a location of the platform and dynamically apply and/or change security controls accordingly.

Abstract: In some embodiments, an apparatus comprises a certificate store to store a current certificate associated with a key pair including a current public key and a current private key; a policy decision point (PDP) module to monitor the certificate store and to ascertain whether the current certificate has expired or is expiring; and a key manager, based at least in part on the PDP module determining that the current certificate has expired or is expiring, being adapted to identify encrypted information encrypted with an encrypting key of the key pair and to decrypt the encrypted information with a decrypting key of the key pair to obtain unencrypted information.

Abstract: A software tool and method are provided which allow an unsophisticated user to easily determine or identify problems in a networked computer system. The software tool comprises a diagnostic component adapted to determine at least one attribute associated with the computer system, and a user interface component adapted to launch the diagnostic component and to render the attribute to a user. The diagnostic component may obtain first information related to a local host computer, and selectively perform one or more tests associated with the local host computer according to the first information. The diagnostic component then determines the attribute according to the first information and/or the test results. A self-healing networked computer system is also disclosed, comprising the diagnostic component and a remedial object adapted to perform one or more remedial actions according to the attribute.

Abstract: The claimed method and system provides a graphical user interface that illustrates network topology information, including connection paths between devices on the local network and an external network such as the Internet. The claimed method and system may use a three column format for presenting the topology that is more intuitive for a user. Also, the claimed method and system may aggregate context and connection information from multiple different protocols to provide the topology display. Further, the claimed method and system may use a device registry to enable customized and extensible representations of the network devices.

Abstract: A system and method is provided for detecting, monitoring and maintaining an Internet Connection Sharing Device (ICSD). An ICSD may be connected to one or more devices, and/or applications associated with a Local Area Network (LAN), which devices, and/or applications, may attempt to detect, monitor and maintain the ICSD. Thus, a broadcast protocol for advertising status and services and a unicast request/response protocol are provided to facilitate such detection, monitoring and maintenance.