Paul S. Gallo

Bio: Paul S. Gallo is an academic researcher from Symantec. The author has contributed to research in topics: Computer security model & Network Access Control. The author has an hindex of 2, co-authored 2 publications receiving 1431 citations.

Systems and methods for processing data flows

Abstract: A flow processing facility, which uses a set of artificial neurons for pattern recognition, such as a self-organizing map, in order to provide security and protection to a computer or computer system supports unified threat management based at least in part on patterns relevant to a variety of types of threats that relate to computer systems, including computer networks. Flow processing for switching, security, and other network applications, including a facility that processes a data flow to address patterns relevant to a variety of conditions are directed at internal network security, virtualization, and web connection security. A flow processing facility for inspecting payloads of network traffic packets detects security threats and intrusions across accessible layers of the IP-stack by applying content matching and behavioral anomaly detection techniques based on regular expression matching and self-organizing maps. Exposing threats and intrusions within packet payload at or near real-time rates enhances network security from both external and internal sources while ensuring security policy is rigorously applied to data and system resources. Intrusion Detection and Protection (IDP) is provided by a flow processing facility that processes a data flow to address patterns relevant to a variety of types of network and data integrity threats that relate to computer systems, including computer networks.

Packet switch including usage monitor and scheduler

Abstract: A packet switch for allocating access to a communication of network among a plurality of customers, each having an allotment of guaranteed accesses to the network, includes a queuing unit for maintaining a plurality of queue-sets, each of which accepts a data packet from a corresponding customer. The switch also include a usage monitor for monitoring the extent to which each customer has depleted his allotment of guaranteed access. The usage monitor and the queuing unit both communicate with a scheduler that retrieves a data packet for transmission on the network. The queue-set is selected on the basis of the usage information stored by the usage monitor.

Display screen or portion thereof with graphical user interface

Abstract: Newness and distinctiveness is claimed in the features of ornamentation as shown inside the broken line circle in the accompanying representation.

System and method for a cloud computing abstraction layer with security zone facilities

Abstract: In embodiments of the present invention improved capabilities are described for a virtualization environment adapted for development and deployment of at least one software workload, the virtualization environment having a metamodel framework that allows the association of a policy to the software workload upon development of the workload that is applied upon deployment of the software workload. This allows a developer to define a security zone and to apply at least one type of security policy with respect to the security zone including the type of security zone policy in the metamodel framework such that the type of security zone policy can be associated with the software workload upon development of the software workload, and if the type of security zone policy is associated with the software workload, automatically applying the security policy to the software workload when the software workload is deployed within the security zone.

Automated Device Provisioning and Activation

Abstract: A method comprising providing a plurality of links to a plurality of end-user devices communicatively coupled to a network system, a particular link of the plurality of links supporting control-plane communications between the network system and a particular end-user device of the plurality of end-user devices over one or more wireless access networks; receiving a message from a server communicatively coupled to the network system, the message comprising payload for delivery to the particular end-user device; generating an encrypted message comprising the payload and an identifier identifying a particular device agent of a plurality of device agents on the particular end-user device, the identifier configured to assist in delivering at least a portion of the payload to the particular device agent on the particular end-user device; and sending the encrypted message to the particular end-user device over the particular link.

Eyepiece with uniformly illuminated reflective display

Abstract: An eyepiece includes a mechanical frame adapted to secure a lens and an image source facility above the lens. The image source facility includes an LED, a planar illumination facility and a reflective display. The planar illumination facility converts a light beam from the LED received on a side of the planar illumination facility into a top emitting planar light source, uniformly illuminates the reflective display, and is substantially transmissive to allow reflected light to pass through towards a beam splitter. The beam splitter is positioned to receive the image light and to reflect a portion onto a mirrored surface. The mirrored surface is positioned and shaped to reflect the image light into an eye of a user of the eyepiece thereby providing an image within a field of view, the mirrored surface further adapted to be partially transmissive within an area of image reflectance.