Abstract: Network security administrators are enabled with their customizable certificate authority reputation policy store which is informed by an independent certificate authority reputation server. The custom policy store overrides trusted root certificate stores accessible to an operating system web networking layer or to a third party browser. Importing revocation lists or updating browsers or operating system is made redundant. Proactive remediation is enabled to delete or disable root certificates in trusted operating system root certificate stores or in trusted browser root certificate stores by a web security agent installed at distributed endpoints. This removes the need for additional hardware or synchronous remote access over the protected endpoints.

Abstract: Network security administrators are enabled with their customizable certificate authority reputation policy store which is informed by an independent certificate authority reputation server. The custom policy store overrides trusted root certificate stores accessible to an operating system web networking layer or to a third party browser. Importing revocation lists or updating browsers or operating system is made redundant. The apparatus redirects or rewrites traffic to protect a plurality of endpoints from a man-in-the-middle attack when a certificate authority has lost control over certificates used in TLS.

Abstract: A system includes an instrument coupled to a magnetic material. The orientation of the instrument is influenced by a magnetic field generated by an array of magnetic elements. Each element of the array is controlled by a data value in a magnetic control store to produce a field strength and polarity. Overwriting the pattern in the magnetic control store will result in a magnetic field which applies a torque to the instrument and cause an azimuthal or elevational rotary movement about the center of the instrument.

Abstract: A system at a central server and at a plurality of web filters is installed to observe traffic and to protect users from attempting connection to suspicious, malicious, and/or infectious targets. Targets are defined as Uniform Resource Identifiers (URI) and Internet Protocol (IP) addresses. Traffic is collected, analyzed, and reported for further analysis. Behavior is analyzed for each client attempting a connection to an uncategorized target. IP addresses and URIs are evaluated toward placement in either a Trusted target store or an Anomalous target store. The accumulated content of Anomalous target store is provided back to the Network Service Subscriber Clients. Warnings and tools are presented when appropriate.

Abstract: Enabling web filtering by authenticated group membership, role, or user identity is provided by embedding a uniform resource identifier into an electronic document requested by a client. A client browser will provide directory credentials to a trusted web filter apparatus enabling a policy controlled access to resources external to the trusted network. An apparatus comprises circuits for transmitting a uniform resource identifier to a client, receiving a request comprising authentication credentials, querying a policy database and determining a customized policy for access to an externally sourced electronic document or application. A computer-implemented technique to simplify web filter administrator tasks by removing a need to set each browsers settings or install additional software on each user terminal.

Abstract: A network apparatus, system, and method for operating a server to identify and subsequently control suspected peer-to-peer (P2P) sources transmitting traffic from a first network to a second network. Identifying a peer-to-peer source by a characteristic of destination port profile. Identifying a peer-to-peer source by a characteristic of destination host IP address profile. Determining when hopping ports usage comprise a data stream. Determining when destination IP address usage represent “Seek You” (CQ) like call behavior analogous to a radio invitation for any operators listening to respond.

Abstract: A system comprising three services: query string proxy, URI path scanner, and domain name system triage. A query string proxy sends a request on behalf of a client and analyzes the response from a remote server. A URI path scanner performs keyword matching on the entire path of a uniform resource identifier. A domain name system triage service receives a UDP request prior to establishing any protocol session between a client and a server and returns one IP address selected from the following: a block IP address, a trusted IP address, and a redirection to enhanced filter service IP address.

Abstract: A system to enable a local area network operator to optimize bandwidth by controlling annular display surrounding sourced content. An apparatus for storing content sponsor messages locally to a user's network. A method for selecting among locally served messages, images, and applications to support delivery of content provider's intellectual property. In short, optimizing and tuning the delivery of the message annulus surrounding the “news hole” of a webpage.

Abstract: A network filtering system and method without requiring cryptographic processing of secure message transmissions. The method provides for determining target node ID associations corresponding to domain names of filtered node DNS requests and corresponding network address and address duration data determined according to a corresponding DNS responses. The method also provides for comparing a destination address of a current message transmission corresponding to a filtered node with the determined target node ID associations, and conducting filtering processing of the current message transmission.

Abstract: A system and method for disrupting the download of undesirable files. A data store traps the final block or blocks of a file transfer which is held for detection of viruses, trojan horses, spyware, worms, dishonest ads, scripts, plugins, and other files considered computer contaminants. Innocuous file transfers are completed with minimum disruption as perceived by the user.

Abstract: A system, apparatus, and method for controlling peer to peer traffic at a network gateway or server. Suspected peer to peer traffic is identified heuristically and collected for content analysis. Content digital fingerprint pattern matching software is received from a remote server. Peer to peer traffic is selectively disposed of.