Abstract: Catheters are presented herein having planar end effectors of various configurations, generally providing a two-sided and multi-layered platform for electrodes and sensors. In some examples, the end effector has a support frame (e.g. nitinol) between a pair of flexible circuits. The end effector can also include a polymer (e.g. silicone, LCP, etc.) between the flexible circuits and encapsulating the support frame. This platform facilitates positioning of electrodes on either side (including both sides) of the end effector in a variety of spacings and facilitates ultra-tight electrode spacing and/or a large area electrode. Sensors (ultrasound transducers, navigation coils, etc.) can be layered within the end effector between outer surfaces of the flexible circuits in a variety of configurations.

Abstract: A method for controlling an inverter, and in particular a double stage inverter, for implementing a model of a synchronous generator is provided including implementing a rotor inertia using an intermediate dc-link capacitor without duplicating the emulated inertia in the controller, simulating the rotor speed based on a measured voltage of the dc-link capacitor, while allowing the voltage to change in a defined range, and mapping the changing voltage of the dc-link capacitor into the inverter as an internal frequency. A system for connecting a power generator to a power grid is also provided including a control device for an inverter, the control device implementing a model of a synchronous generator. The control device including a computer processor in electrical communication with a storage device with instructions stored thereon, that when executed on the computer processor, perform the method for controlling an inverter for implementing a model of a synchronous generator.

Abstract: A system for detecting leaks in a hydraulic supply system for a double-acting hydraulic actuator is disclosed. The system may include a first conduit in fluid communication with a first chamber of the actuator, and with a second chamber of the actuator, and a directional control valve coupled with the first conduit and the second conduit. A directional control valve may be in fluid communication with a hydraulic oil supply line and may switch between the hydraulic oil being sent and received via the first conduit and second conduit. A valve can be associated with the oil supply line. A first and second flow meter can generate a first signal and a second signal, respectively, indicating flow rate within the first conduit and the second conduit. A controller may receive the first signal and the second signal, calculate their ratio, and cause the valve to inhibit flow within the oil supply line upon the ratio differing from a given ratio by more than a predetermined threshold.

Abstract: A method for controlling an inverter, and in particular a double stage inverter, for implementing a model of a synchronous generator is provided including implementing a rotor inertia using an intermediate dc-link capacitor without duplicating the emulated inertia in the controller, simulating the rotor speed based on a measured voltage of the dc-link capacitor, while allowing the voltage to change in a defined range, and mapping the changing voltage of the dc-link capacitor into the inverter as an internal frequency. A system for connecting a power generator to a power grid is also provided including a control device for an inverter, the control device implementing a model of a synchronous generator. The control device including a computer processor in electrical communication with a storage device with instructions stored thereon, that when executed on the computer processor, perform the method for controlling an inverter for implementing a model of a synchronous generator.

Abstract: A system for detecting leaks in a hydraulic supply system for a double-acting hydraulic actuator is disclosed. The system may include a first conduit in fluid communication with a first chamber of the actuator, and with a second chamber of the actuator, and a directional control valve coupled with the first conduit and the second conduit. A directional control valve may be in fluid communication with a hydraulic oil supply line and may switch between the hydraulic oil being sent and received via the first conduit and second conduit. A valve can be associated with the oil supply line. A first and second flow meter can generate a first signal and a second signal, respectively, indicating flow rate within the first conduit and the second conduit. A controller may receive the first signal and the second signal, calculate their ratio, and cause the valve to inhibit flow within the oil supply line upon the ratio differing from a given ratio by more than a predetermined threshold.

Abstract: A forward proxy can perform identity substitutions and related services. The user provides the forward proxy with identity information, and the forward proxy presents itself to remote Internet sites on behalf of the user in the guize of the specified identity. From the remote site's point of view, the forward proxy is the machine being used by the user; the identity of the actual user machine can be hidden. Cookies are thus stored and updated at the forward proxy instead of being stored and updated at the user computer as they would be if a conventional forward proxy had been used. This helps preserve user privacy. The use of group identities, which are shared by multiple users, are also facilitated.

Abstract: Methods, signals, devices, and systems are provided for using proxy servers to transparently forward messages between clients and origin servers if, and only if, doing so does not violate network policies. In some systems, a transparent proxy uses a combination of standard-format HTTP commands, embedding auxiliary information in URLs and other tools and techniques to redirect an initial client request to one or more policy modules, such as a login server or an identity broker or an access control server. The policy module authenticates the request, and uses HTTP redirection to have the client transmit authorization data to the proxy. The proxy extracts the authorization data, directs the client to use a corresponding cookie, and subsequently provides the implicitly requested proxy services to the client in response to the client's subsequently providing the authorization data in a cookie.

Abstract: Techniques are provided for securely managing and accelerating the delivery of data associated with remote sites. A client desires to establish secure communications with a remote site. Requests made from the client to the remote site are intercepted or forwarded to a proxy, which locates a local managing service associated with handling the requests. The local managing service acts as an intermediary between the client and the remote site and communicates securely with the client. Data associated with the client's requests is at least partially cached by the local managing service for purposes of accelerating the delivery of that data to the client.

Abstract: Methods, signals, devices, and systems are provided for using proxy servers to transparently forward messages between clients and origin servers if, and only if, doing so does not violate network policies. In some systems, a transparent proxy uses a combination of standard-format HTTP commands, embedding auxiliary information in URLs and other tools and techniques to redirect an initial client request to one or more policy modules, such as a login server or an identity broker or an access control server. The policy module authenticates the request, and uses HTTP redirection to have the client transmit authorization data to the proxy. The proxy extracts the authorization data, directs the client to use a corresponding cookie, and subsequently provides the implicitly requested proxy services to the client in response to the client's subsequently providing the authorization data in a cookie.

Abstract: Methods, signals, devices, and systems are provided for using proxy servers to transparently forward messages between clients and origin servers if, and only if doing so does not violate network policies. In some systems, a transparent proxy uses a combination of standard-format HTTP commands, embedding auxiliary information in URLs and other tools and techniques to redirect an initial client request to one or more policy modules, such as a login server or an identity broker or an access control server. The policy module authenticates the request, and uses HTTP redirection to have the client transmit authorization data to the proxy. The proxy extracts the authorization data, directs the client to use a corresponding cookie, and subsequently provides the implicitly requested proxy services to the client in response to the client's subsequently providing the authorization data in a cookie.

Abstract: Techniques are provided for securely accelerating external domains locally. Secure client requests directed to an external domain are forwarded to a local domain accelerator. The local domain accelerator communicates securely with the client as if it were the external domain. The local domain accelerator communicates securely with the external domain and acquires data to service the client requests within a local cache. The data is vended from the local cache via secure communications made to the client.

Abstract: Methods, systems, and data structures are provided for single sign-on with basic authentication on a transparent proxy. A user accesses a client to issue requests for content on an origin server. The transparent proxy requires user authentication before access can be granted to the origin server. The transparent proxy receives the requests and determines if the user is presently authenticated to the origin server. If the user is not authenticated, then the transparent proxy issues a basic authentication error to the client causing the client to prompt the user for authentication information. The transparent proxy directs the client to retain the authentication information and supply it with subsequent requests to the origin server. Further, the transparent proxy independently reconstructs the authentication information for subsequent requests directed to other servers under the handling of the transparent proxy, without requiring additional user action.

Abstract: Techniques are provided for proxy authentication. A proxy includes a first port, a second port, and a secure port; each port processing a different service. Requests received on the first and second ports which require authentication are redirected to the secure port. The secure port processes an authentication router service. The authentication router service forwards requests for authentication to selective authentication services. The authentication services authenticate the requests over the secure port.

Abstract: An architecture for secure network communications includes a security layer sandwiched between an upper connection layer and a lower connection layer. An application program need not deal directly with the details of security handshakes, encryption, and decryption. Instead, the application sends plain text data to the upper connection layer, which passes it to the security layer. The security layer manages the necessary security handshakes, and encrypts the data. The security layer then passes the encrypted application data to the lower connection layer, which transports it using TCP or another transport protocol. The security layer need not manage the transport protocol, as this is done by the connection layers. Encrypted data received over the network at the lower connection layer is passed to the security layer for decryption, and then to the upper connection layer for transport to the application.

Abstract: Techniques are provided for establishing privileged paths for data packets over a network. A data packet is received with a header; the header includes a route selector. The route selector assists in resolving a privileged path for the data packet. The data packet is injected into the network over the resolved privileged path.

Abstract: Techniques are provided for managing communications associated with Virtual Private Networks (VPNs). One or more local clients who attempt to communicate with one or more remote clients via a VPN are serviced by local and remote transparent VPN services. The services intercept VPN communications and, in some embodiments, satisfy the communications via local cache. In instances where the VPN communications cannot be satisfied from the cache, the services translate the intercepted communications and securely communicate with one another for purposes of interfacing the local clients with the remote clients via the VPN.

Abstract: Techniques are provided for preserving content during a network transaction. A client issues a content-bearing request to a desired service. At the time the request is issued, the client is not authenticated to the service. The content associated with the content-bearing request is preserved and associated with a modified request. The modified request and a redirection to an authentication service are sent to the client. The client authenticates and transparently sends the modified request. The modified request is used for reacquiring the content. The content-bearing request along with the content are sent to the desired service for processing.