Abstract: A method of forming a semiconductor structure includes a number of operations. Conductors are formed in a first dielectric layer on a substrate. First conductive vias overlapping the conductors are formed in a second dielectric layer on the substrate. Electrodes are formed in a third dielectric layer on the substrate, wherein each of the electrodes overlaps one of the first conductive vias. A hard mask is formed on the third dielectric layer. Mandrel exposures are formed on the hard mask. Patterning spacers is formed on sidewalls of the mandrel exposures. The mandrel exposures are removed. The hard mask is patterned based on the patterning spacers and the third dielectric layer is patterned based on the patterning spacers to form conductive lines along the second direction in the third dielectric layer, wherein each of the conductive lines overlaps one of the first conductive vias.

Abstract: An integrated bicycle control device has a handlebar portion of a bicycle handlebar assembly. The handlebar portion has a body with a gripping portion adjacent a distal end of the body and a transition portion spaced from the gripping portion. A compartment may be formed in the transition portion and an opening in the body may permit access to the compartment. An actuator is disposed near the distal end of the gripping portion. A control element and/or other elements or circuitry may be disposed within the compartment. The control device may include integrated accessory attachment structure.

Abstract: A method of network data transmission is implemented by a computer device, and includes: defining every data packet to be generated by a specific application program as belonging to a direct data packet; defining every data packet to be generated by other application programs as belonging to a controlled data packet; determining which one of the direct data packet and the controlled data packet a data packet belongs to; and when it is determined that the data packet belongs to the direct data packet, transmitting the data packet, and delaying transmission of another data packet which is determined as belonging to the controlled data packet and which is received later than the data packet that is determined as belonging to the direct data packet.

Abstract: Embodiments provide a system and method for stateless session synchronization between inspectors for high availability deployments. Man in the Middle inspectors of a communication session between a client and server exchange a shared key that is used as a common seed value in a mapping function algorithm. Each inspector generates identical key-pairs using the common mapping function algorithm, and the inspectors generate the session keys from the key-pairs. Inspectors use the session keys to decrypt and either actively or passively inspect data transferred in a session between a client and server.

Abstract: Embodiments are directed to a method of monitoring a suspicious file, including: receiving, from a web server, a first file; encrypting, by an intermediary network device, the first file; transferring the encrypted file, from the intermediary network device, to an end device; transferring the first file, from the intermediary network device, to a malware analysis device for a malware analysis; and receiving a malware analysis result, from the malware analysis device. If the malware analysis result indicates the first file is not a malware, requesting a key; decrypting the encrypted file using the key; and accessing the decrypted file.

Abstract: A network-based appliance includes a mechanism to set-up and selectively use an “out-of-band” encryption channel. The mechanism comprises a packet parser, and a packet dispatcher, and it is integrated with an existing network layer stack that typically is not visible to host applications. In lieu of simply encrypting all data it receives, the mechanism instead analyzes one or more attributes, e.g., protocol type, application type, current encryption strength, content payload, etc., associated with a packet transmission to determine whether further encryption is required. The evaluation may include a deep packet inspection (DPI) when the information at the network layer (e.g., IP address, port number, etc.) is not sufficient to determine if the payload in the packet needs to be further encrypted. Based on the result of the analysis, packets are dispatched to the encryption channel as and when necessary.

Abstract: An intelligent network management device including an analytic unit, conducting an analysis according to received packets in order to determine whether a given event is occurred; and a processing unit, generating and sending a control instruction to a SDN controller to change configurations of a SDN switch when the analytic unit determined the given event has been occurred.

Abstract: A network-based appliance includes a mechanism to set-up and selectively use an “out-of-band” encryption channel. The mechanism comprises a packet parser, and a packet dispatcher, and it is integrated with an existing network layer stack that typically is not visible to host applications. In lieu of simply encrypting all data it receives, the mechanism instead analyzes one or more attributes, e.g., protocol type, application type, current encryption strength, content payload, etc., associated with a packet transmission to determine whether further encryption is required. The evaluation may include a deep packet inspection (DPI) when the information at the network layer (e.g., IP address, port number, etc.) is not sufficient to determine if the payload in the packet needs to be further encrypted. Based on the result of the analysis, packets are dispatched to the encryption channel as and when necessary.

Abstract: A method of network data transmission is implemented by a computer device, and includes: defining every data packet to be generated by a specific application program as belonging to a direct data packet; defining every data packet to be generated by other application programs as belonging to a controlled data packet; determining which one of the direct data packet and the controlled data packet a data packet belongs to; and when it is determined that the data packet belongs to the direct data packet, transmitting the data packet, and delaying transmission of another data packet which is determined as belonging to the controlled data packet and which is received later than the data packet that is determined as belonging to the direct data packet.

Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.

Abstract: A Man in the Middle (MitM) computer receives a first session identifier from a client for a first communication session between the client and a server, and monitors Transport Layer Security (TLS) communication sessions between the client and the server, where the first session identifier is one of an unknown session identifier and an invalid session identifier. In response to receiving the first session identifier from the client, the MitM computer performs one of: requesting a second session identifier from the server for a second communication session if the first session identifier is an unknown session identifier; and transmitting, to the client, an instruction to flush a session cache in the client, where flushing the session cache in the client forces the client and the server to establish a full TLS handshake in order to obtain a session key if the first session identifier is an invalid session identifier.

Abstract: Embodiments provide a system and method for network tracking. Through various methods of packet encapsulation or IP option filling, one or more packets of information can be tagged with a unique security tag to prevent unauthorized access. A user agent can be validated by an authentication server through acceptance of one or more user credentials. The authentication server can generate a security token that can be transmitted to the user agent. The user agent can generate a keystream from the security token, and portions of that keystream can be attached to the packets as the security tag. The tagged packets can be forwarded to an authenticator, who can recreate the keystream from a copy of the security token provided by the authentication server. If the tags generated from the authenticator match the tags on the tagged packet, the authenticator can strip the tag from the tagged packet and forward the packet on to its next network address.

Abstract: An integrated bicycle control device has a handlebar portion of a bicycle handlebar assembly. The handlebar portion has a body with a gripping portion adjacent a distal end of the body and a transition portion spaced from the gripping portion. A compartment may be formed in the transition portion and an opening in the body may permit access to the compartment. An actuator is disposed near the distal end of the gripping portion. A control element and/or other elements or circuitry may be disposed within the compartment. The control device may include integrated accessory attachment structure.

Abstract: An integrated bicycle control device has a handlebar portion of a bicycle handlebar assembly. The handlebar portion has a body with a gripping portion adjacent a distal end of the body and a transition portion spaced from the gripping portion. A compartment may be formed in the transition portion and an opening in the body may permit access to the compartment. An actuator is disposed near the distal end of the gripping portion. A control element and/or other elements or circuitry may be disposed within the compartment. The control device may include integrated accessory attachment structure.

Abstract: Embodiments provide a system and method for stateless session synchronization between inspectors for high availability deployments. Man in the Middle inspectors of a communication session between a client and server exchange a shared key that is used as a common seed value in a mapping function algorithm. Each inspector generates identical key-pairs using the common mapping function algorithm, and the inspectors generate the session keys from the key-pairs. Inspectors use the session keys to decrypt and either actively or passively inspect data transferred in a session between a client and server.

Abstract: Methods and systems for high-availability data processing include detecting, at a first data processing system, a change in link state between the first data processing system and a second data processing system. A link state between the first data processing system and a third data processing system is changed responsive to the detection in accordance with a first high availability policy stored at the first data processing system. An identifier of the first data processing system is changed in accordance with the first high availability policy to conform to a second high availability policy stored at the first data processing system. The detection, change of the link state, and change of the identifier are repeated in accordance with the second high availability policy.

Abstract: Embodiments are directed to a method of monitoring a suspicious file, including: receiving, from a web server, a first file; encrypting, by an intermediary network device, the first file; transferring the encrypted file, from the intermediary network device, to an end device; transferring the first file, from the intermediary network device, to a malware analysis device for a malware analysis; and receiving a malware analysis result, from the malware analysis device. If the malware analysis result indicates the first file is not a malware, requesting a key; decrypting the encrypted file using the key; and accessing the decrypted file.

Abstract: Embodiments provide a system and method for stateless session synchronization between inspectors for high availability deployments. Man in the Middle inspectors of a communication session between a client and server exchange a shared key that is used as a common seed value in a mapping function algorithm. Each inspector generates identical key-pairs using the common mapping function algorithm, and the inspectors generate the session keys from the key-pairs. Inspectors use the session keys to decrypt and either actively or passively inspect data transferred in a session between a client and server.

Abstract: A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives a session ID from the TLS server, the inspector generates and issues to the client a session ticket that includes the original session ID and other session context information. In this manner, the inspector converts the Session ID-based connection to a Session Ticket-based connection. The session ticket is encrypted by the inspector to secure the session information. When the TLS client presents the session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session ID from it directly. The inspector then uses the original session ID to resume the TLS session.

Abstract: A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives the session ticket from the TLS server, and in lieu of caching it, the inspector generates and issues to the client a composited ticket that includes the original ticket and session context information that contains the session key. The composited ticket is encrypted by the inspector to secure the session information. When the TLS client presents the composited session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session context from it directly. The inspector then uses the original session ticket to resume the TLS session.