Abstract: A system and method for the capture and storage of industrial process and operational machine data including operator input and environmental factors, the analysis thereof in order to identify elements of tribal knowledge therein, the storage of such elements of tribal knowledge for future reference and analysis and the deployment of such tribal knowledge, specifically in a manufacturing system.

Abstract: A method and apparatus for automating controlled computing environment protection is disclosed. In one embodiment, the method for automating controlled computing environment protection includes monitoring a controlled computing environment to process user activity information associated with a user computer and comparing the user activity information with abnormal behavior indicia to identify hostile user activity that denotes browser control circumvention.

Abstract: In a computerised system of control, management and optimisation for machine tools, operational data thereof is compared/matched with historical data in realtime. Historical and contemporary operation data of the same and/or other machines, including machines of other species is harvested and housed in a central data warehouse that is continuously updated. Operation data, and patterns thereof, of non-invasive attributes of the target machine(s) are compared/matched with the warehoused data by multi-variate analysis, thresholding and symbolic and non-symbolic pattern matching to generate control inputs and metrics for performance evaluation, performance upgrade such as of legacy machines and for status evaluation with regard to health(maintenance), risk/safety and environmental impacts thereof. Preferably, the power attributes of voltage, amperage, wattage and power factor together with compressed air and coolant flow rates are monitored. Methods of operating data processing/transformation are disclosed.

Abstract: A method and apparatus for monitoring a computer to detect operating system process manipulation by malicious software programs is disclosed. In one embodiment, a method for detecting operating system process manipulation through unexpected process behavior includes accessing process behavior indicia regarding memory addresses used by at least one user mode process to request computer resources and comparing the process behavior indicia with a user mode request to identify operating system process manipulation.

Abstract: The invention comprises a risk model and data, and is provided on a secure Web-based, interactive platform, whereby a user can build customized risk analyses and reports, covering multiple asset classes and markets. The invention also organizes and categorizes assets along dimensions best reflecting a user's investment process, determines risk assumed, determines sources of risk, allows viewing of a portfolio's risk exposures, identifies and quantifies sources of volatility, provides streamlined risk reporting, and provides a trade scenario utility.

Abstract: Systems, methods, and computer readable media for determining whether a computer file (210) has been infected with malicious code by an attacking agent. A scanning engine (205) determines whether the file (210) contains malicious code. The scanning engine (205) includes detection modules (325) for detecting particular attacking agents, and indicators of when particular attacking agents were first created. The scanning engine (205) determines a critical date for a file (210) with regards to a particular attacking agent. If the file (210) has not been changed since the critical date, the scanning engine (205) determines that the file (210) has not been infected by that attacking agent.

Abstract: A blocking-scanning manager (101) detects (200) attempted malicious behavior of running code (120). In response to detection, the blocking-scanning manager (101) blocks (206) the attempted malicious behavior. The blocking-scanning manager (101) generates (208) a signature to identify the code that attempted the malicious behavior. The blocking-scanning manager (101) detects (506) code identified by the signature. Responsive to detection, the blocking-scanning manager (101) blocks (508) execution of the identified code (122).

Abstract: A tactile scratch media apparatus and method are disclosed. In one embodiment, an apparatus includes a scratch media having a tactile data pattern to provide information to a user and a scratch region on the scratch media having a plurality of layers that conceal the tactile data pattern. The tactile data pattern may include a raised tactile data and/or an indented tactile data. The raised tactile data and the indented tactile data may be a braille character, an alphanumerical character and/or a tangible data. The surface edge of the raised tactile data and/or the indented tactile data of the tactile data pattern may be curved. The tactile data pattern may be arranged according to an overlapping pattern arrangement and/or a non-overlapping pattern arrangement. The arrangement of the overlapping pattern arrangement and the non-overlapping pattern arrangement may be based on a combination of a print data and the raised tactile data and/or the indented tactile data.

Abstract: An accessibility and security in a gaming environment method and system is disclosed. In one embodiment, a method includes associating an accessibility feature to a navigation mechanism of a game, processing a response through the navigation mechanism of a special-needs user when the accessibility feature is enabled, and/or generating a trusted ticket using at least one security algorithm when the special-needs user initiates a transaction. The game may be a lottery game, a sweepstakes contest, a poker game, a contest game, a gambling game, a game of chance, and/or a game of skill. The generating the trusted ticket using the security algorithm may include an embedded certification of authenticity provided by a certification authority module.

Abstract: Computer-implemented methods, apparati, and computer-readable media for detecting malicious computer code in a file (2) associated with a computer (10). A method of the present invention comprises the steps of determining whether there is more than one hard link (1) to the file (2); and when there is more than one hard link (1), ascertaining the identities of all the hard links (1), and performing an antivirus scan on the file (2) based upon the hard link(s) (1) having the most restrictive scanning criteria of all the hard links (1), or upon the union of scanning criteria amongst all the hard links (1).

Abstract: Methods, apparati, and computer program products for detecting and responding to fast-spreading network worm attacks include a network monitoring module, which observes failed network connection attempts from multiple sources. A logging module logs the failed connection attempts. An analysis module uses the logged data on the failed connection attempts to determine whether a sources is infected with a worm using a set of threshold criteria. The threshold criteria indicate whether a source's failed connection attempts are non-normal. In one embodiment, a response module responds to the computer worm by, e.g., alerting a user or system administrator, terminating an infected process, or terminating the infected source's network access.

Abstract: Methods and Systems are disclosed for a centralized license and subscription management in a small, networked environment may include a licensing/subscription charging service, a licensing/subscription store and a client device licensing/subscription checking component. The licensing/subscription charging service may be located on server, for example, with the software product producer or distributor. The licensing/subscription store may be located on a gateway appliance of the network. The licensing/subscription store may acquire a single licensing/subscription agreement from the licensing/subscription charging service that will cover each of the software products on all of the client devices within the small network.

Abstract: Methods, apparati, and computer program products for detecting and responding to fast-spreading network worm attacks include a network monitoring module (110), which observes (205) failed network connection attempts from multiple sources. A logging module (120) logs (220) the failed connection attempts. An analysis module (150) uses the logged data on the failed connection attempts to determine (225) whether a sources is infected with a worm using a set of threshold criteria. The threshold criteria indicate whether a source's failed connection attempts are non-normal. In one embodiment, a response module (160) responds (240) to the computer worm by, e.g., alerting a user or system administrator, terminating an infected process (20), or terminating the infected source's network access.

Abstract: The risk of inadvertent introduction of software bugs to a large number of users during a software update is minimized by controlling updates using a uniform mechanism of sending updates to seed users. A value-generating module generates a value for a computer, the value falling within a population range of values. A sampling range-generating module generates a sampling range of values as a proper subset of the population range, the probability of the random value falling within the sampling range being predetermined. An eligibility determination module determines whether the computer is eligible to receive a software update, the computer being determined eligible when the random value for the computer falls within the sampling range, and an update module provides the software update to the computer based on the eligibility determination. In some embodiments, a problem review module determines whether the update has caused a problem for computers receiving the update.

Abstract: Improved file tracking methods and file re-positioning or file defragmenting mechanisms are disclosed for use with a differential rate memory device which has allocatable storage units disposed in regions of comparatively faster data access and of comparatively slower data access for storing retrievable data file contents in such regions.

Abstract: Security sensor data from intrusion detection system (IDS) sensors, vulnerability assessment (VA) sensors, and/or other security sensors is used to enhance the compliancy determination in a client compliancy system. A database is used to store the security sensor data. In one particular embodiment, a list of device compliance statuses indexed by corresponding identifiers (e.g., IP/MAC addresses) combined from IDS, VA, and/or other security sensing technologies is made available as a non-compliance database for query, so that clients and other compliancy authentication elements can tell that a particular client appears to be out of compliance. A client-side self-policing compliance system is enabled, and can be used in conjunction with automated endpoint compliance policy configuration to reduce system administrator burden.

Abstract: Techniques for implementing client compliancy in a network address translation (NAT) environment are disclosed. Network appliances (e.g., NAT hubs, routers, switches, and other NAT devices) actively cooperate with client compliance strategies by engaging in the compliance evaluation of the hosts connected to it, and interact with the up-stream compliance mechanism. As such, devices normally hidden behind a NAT device from the upstream network can participate in the compliance scheme in a more meaningful way.

Abstract: Security sensor data from intrusion detection system (IDS) sensors, vulnerability assessment (VA) sensors, and/or other security sensors is used to enhance the compliancy determination in a client compliancy system. A database is used to store the security sensor data. In one particular embodiment, a list of device compliance statuses indexed by corresponding identifiers (e.g., IP/MAC addresses) combined from IDS, VA, and/or other security sensing technologies is made available as a non-compliance database for query, so that clients and other compliancy authentication elements can tell that a particular client appears to be out of compliance. A client-side self-policing compliance system is enabled, and can be used in conjunction with automated endpoint compliance policy configuration to reduce system administrator burden.

Abstract: The invention comprises a risk model and data, and is provided on a secure Web-based, interactive platform, whereby a user can build customized risk analyses and reports, covering multiple asset classes and markets. The invention also organizes and categorizes assets along dimensions best reflecting a user's investment process, determines risk assumed, determines sources of risk, allows viewing of a portfolio's risk exposures, identifies and quantifies sources of volatility, provides streamlined risk reporting, and provides a trade scenario utility.

Abstract: Methods, apparati, and computer program products for detecting and responding to fast-spreading network worm attacks include a network monitoring module (110), which observes (205) failed network connection attempts from multiple sources. A logging module (120) logs (220) the failed connection attempts. An analysis module (150) uses the logged data on the failed connection attempts to determine (225) whether a sources is infected with a worm using a set of threshold criteria. The threshold criteria indicate whether a source's failed connection attempts are non-normal. In one embodiment, a response module (160) responds (240) to the computer worm by, e.g., alerting a user or system administrator, terminating an infected process (20), or terminating the infected source's network access.