Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.

Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.

Abstract: This document describes among other things, network security systems that incorporate a feedback loop so as to automatically and dynamically adjust the scope of network traffic that is subject to inspection. Risky traffic can be sent for inspection; risky traffic that is demonstrated to have high rate of threats can be outright blocked without further inspection; traffic that is causing errors due to protocol incompatibility or should not be inspected for regulatory or other reasons can be flagged so it bypasses the security inspection system. The system can operate on a domain by domain basis, IP address basis, or otherwise.

Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.

Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.

Abstract: This document describes among other things, network security systems that incorporate a feedback loop so as to automatically and dynamically adjust the scope of network traffic that is subject to inspection. Risky traffic can be sent for inspection; risky traffic that is demonstrated to have high rate of threats can be outright blocked without further inspection; traffic that is causing errors due to protocol incompatibility or should not be inspected for regulatory or other reasons can be flagged so it bypasses the security inspection system. The system can operate on a domain by domain basis, IP address basis, or otherwise.

Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.

Abstract: This document describes among other things, network security systems that incorporate a feedback loop so as to automatically and dynamically adjust the scope of network traffic that is subject to inspection. Risky traffic can be sent for inspection; risky traffic that is demonstrated to have high rate of threats can be outright blocked without further inspection; traffic that is causing errors due to protocol incompatibility or should not be inspected for regulatory or other reasons can be flagged so it bypasses the security inspection system. The system can operate on a domain by domain basis, IP address basis, or otherwise.

Abstract: It is known in the art to route client traffic to a network security gateway using the domain name system, or DNS. More specifically, a local DNS resolver on a private network may apply security intelligence to client DNS lookup requests, based on the domains that clients are seeking to resolve. If a requested domain represents a known security threat, the client can be blocked or directed to the network security gateway instead of to the desired host. This routing of the client request to the network security gateway can be accomplished by giving the client the IP address of the network security gateway instead of the actual IP address corresponding to the domain name, in response to a given DNS name query from the client. Request routing can be accomplished using other techniques, such as IP layer routing, as well.

Abstract: This document describes techniques for rotating keys used to tokenize data stored in a streaming data store where data is stored for a maximum time [W]. In some embodiments, a data layer of such a data store can encrypt arriving original data values twice. The original data value is first encrypted with a first key, producing a first token. The original data value is encrypted with a second key, producing a second token. Each encrypted token can be stored separately in the data store. A field may be associated with two database columns, one holding the value encrypted with the first key and the second holding the value encrypted with the second key. Keys are rotated after time [K], which is at least equal to and preferably longer than [W]. Rotation can involve discarding the older key and generating a new key so that two keys are still used.

Abstract: This document describes among other things, network security systems that incorporate a feedback loop so as to automatically and dynamically adjust the scope of network traffic that is subject to inspection. Risky traffic can be sent for inspection; risky traffic that is demonstrated to have high rate of threats can be outright blocked without further inspection; traffic that is causing errors due to protocol incompatibility or should not be inspected for regulatory or other reasons can be flagged so it bypasses the security inspection system. The system can operate on a domain by domain basis, IP address basis, or otherwise.

Abstract: This document describes among other things, network security systems that incorporate a feedback loop so as to automatically and dynamically adjust the scope of network traffic that is subject to inspection. Risky traffic can be sent for inspection; risky traffic that is demonstrated to have high rate of threats can be outright blocked without further inspection; traffic that is causing errors due to protocol incompatibility or should not be inspected for regulatory or other reasons can be flagged so it bypasses the security inspection system. The system can operate on a domain by domain basis, IP address basis, or otherwise.

Abstract: Methods, systems, and software for managing development components or other enterprise content—whether developed internally or by third parties—are described herein. One method for managing reusable development components includes identifying a first development component of a first type. This first development component is stored in a repository, with the repository including a plurality of other development components with at least a second development component of a second type. The method then includes presenting an interface to a user operable to display information for at least the first and second development components.

Abstract: Methods, systems, and software for providing or utilizing a software solutions bag of development components and enterprise knowledge—whether developed internally or by third parties—are described herein. One method for managing reusable development components comprises providing a catalog of a plurality of development components to a user. The cataloged development components may include or reference at least a first development component of a first type and a second development component of a second type. A software solutions bag is then generated based on a user selection of at least one of the cataloged development components.

Abstract: A method and apparatus for handling a data structure in a computerized system, the data structure comprising a first object having content and a second object having content, and interdependencies between the first object and the second object, the method comprising: receiving a description of the data structure; creating a graph structure indicating the interdependencies between the objects, the graph structure comprising at least a first vertex and a second vertex, the first vertex and the second vertex connected by an edge; and associating the first vertex with content of the first object and the second vertex with content of the second object, wherein the first vertex and the second vertex do not contain the content of the first object or the second object. In some embodiments, an application executed by computing platforms in a cluster comprising symmetrical nodes, statically registers relevant filters with every node in the cluster, and registers to the filter upon loading.

Abstract: Methods, systems, and software for identifying reusable development components or other enterprise knowledge—whether developed internally or by third parties—are described herein. One method for identifying reusable development components includes receiving a request for development components according to search criteria. A catalog with at least a first development component of a first type and a second development component of a second type is then provided to a user on any suitable client.

Abstract: According to some embodiments, meta-model information associated with an enterprise portal is defined. The meta-model information may then be consumed (e.g., by a design tool) when not in communication with an executing enterprise portal server. According to some embodiments, the meta-model information includes UML class diagram definitions associated with the enterprise portal.

Abstract: A method and apparatus for handling a data structure in a computerized system, the data structure comprising a first object having content and a second object having content, and interdependencies between the first object and the second object, the method comprising: receiving a description of the data structure; creating a graph structure indicating the interdependencies between the objects, the graph structure comprising at least a first vertex and a second vertex, the first vertex and the second vertex connected by an edge; and associating the first vertex with content of the first object and the second vertex with content of the second object, wherein the first vertex and the second vertex do not contain the content of the first object or the second object. In some embodiments, an application executed by computing platforms in a cluster comprising symmetrical nodes, statically registers relevant filters with every node in the cluster, and registers to the filter upon loading.

Abstract: According to some embodiments, meta-model information associated with an enterprise portal is defined. The meta-model information may then be consumed (e.g., by a design tool) when not in communication with an executing enterprise portal server. According to some embodiments, the meta-model information includes UML class diagram definitions associated with the enterprise portal.

Abstract: Methods, systems, and software for identifying reusable development components or other enterprise knowledge—whether developed internally or by third parties—are described herein. One method for identifying reusable development components includes receiving a request for development components according to search criteria. A catalog with at least a first development component of a first type and a second development component of a second type is then provided to a user on any suitable client.