Abstract: A dual lock step processor system includes a first processor connected to a first memory, a second processor connected to a second memory, compiler engine, a first instruction engine operably connected to a first memory, and a second instruction engine operably connected to a second memory. The first instruction engine is configured to store a program value; encode the first program value using a first differential encoding and the compiler engine to generate a first encoded program value; and write the first encoded program value into a first address location of a plurality of first address locations. The second instruction engine is configured to store a program value; to encode the first program value using a second differential encoding and the compiler engine to generate a second encoded program value and write the second encoded program value into a second address location of a plurality of second address locations corresponding to the first selected address location.

Abstract: A system for confirming a computing environment includes a remote computing device connected by a communication network to a computing device. The remote computing device generates a nonce, or number used once, and executes an attestation function to determine an attestation measurement value based on the contents of the memory of the remote computing device. The nonce is transmitted by the network to the computing device, which uses the nonce to execute the attestation function based on the contents of the memory of the computing device and determine an attestation measurement value. This attestation measurement value is transmitted to the remote computing device. If the attestation measurement values match, the computing device is designated as trusted. If the attestation measurement values mismatch, the computing device is designated as untrusted.

Abstract: Testing a system against fuzzing attacks includes negating all regular expressions used in the corresponding language, and applying those negated regular expressions to a system interface. Only expressions definitively outside the scope of protocol specification implicate vulnerabilities to fuzzing attacks. The system detects fuzzing attacks by continuously monitoring packets of data and only passing through packets that conform to regular expressions of the language.

Abstract: A training data management method and related system is disclosed comprising three integrated elements. A training data network may provide a network linking a remote instructor operating an off-board data network with a student operating an onboard data network. The remote instructor may, via the datalink connection, maintain a level of control of the data set available to the student. A method for providing training data may include an onboard and off-board safety monitor configured for perceiving a safety event and sending a notification thereof to an involved participant. A system for providing training data may include a data guard configured to monitor all communications between two networks and block sensitive information, training data, and classified communications between the networks.

Abstract: The present disclosure is directed to a system and method for applying unique routing rules to encrypted data packets being transmitted via a tunneling protocol. Because encrypted data packets are unintelligible at intermediary points along a secured link or “tunnel,” a multi-path router located between the tunnel endpoints is typically unable to apply unique routing rules. To enable unique routing, the disclosed method relies on a unique identifier that is associated with the secured link established between an initiator and a receiver (i.e., the tunnel endpoints). The unique identifier is transmitted with one or more encrypted data packets and is used at intermediary points to differentiate the encrypted data packets so that unique routing rules can be applied.

Abstract: A system for preventing a computing device from obtaining unauthorized access to a secure network includes a client agent operably connected to the computing device configured to intercept network traffic information from applications running on the computing device and transmit a network request including application information and the network traffic information. A network token broker operably connected to the network client agent contains a database of application information. The network token broker is configured to cooperate with the network client agent for i) verifying whether the network request should be granted access to the secure network, and ii) cryptographically signing the intercepted network traffic information with a network authorization token, to authorize network access for the intercepted network traffic information.

Abstract: The present invention includes an image processing system with several data compression processing units connected together with a communication bus. Each data compression processing unit includes a wavelet transform processing unit, a shared register file and an address computation processing unit. The wavelet transform processing unit decomposes data from one or more segments of an image into wavelets using a discrete wavelet transform. The shared register stores the intermediate wavelet coefficient computations. The address computation processing unit identifies addresses of wavelets to be decomposed by subsequent operation of the wavelet transform processing unit. The system also includes storage where the resultant wavelet coefficients from each segment may be stored. The present invention also includes methods of compressing image data using multiple processors where each processor operates on a segment of the image data.

Abstract: A system for preventing computer software from communicating from a user computer in a network to untrusted remote computers. A host-based credential management agent is operably connected to a user computer for intercepting network traffic information from the user computer and transmitting a network request including credentials of the remote computer and the network traffic information. A trusted credential database contains information identifying trusted entities and corresponding cryptographic certificates. A server cooperates with the management agent for i) verifying whether the user computer in the network request should have network access, and ii) cryptographically signing the intercepted network traffic information with an authorization server key, to authorize network access for the intercepted information. A firewall is operably connected to the user computer and the authorization server.

Abstract: A system for preventing computer malware from exfiltrating data from a user computer in a network via the internet. A host-based network process monitor intercepts network traffic information from the user computer and transmits a network request including user and application information including the network traffic information. An authorization server cooperates with the host-based network process monitor for i) verifying whether the user and process in the network request should have network access, and ii) cryptographically signing the intercepted network traffic information with an authorization server key, to authorize network access for the intercepted network traffic information. A firewall system is operably connected to the user computer and the authorization server configured to inspect the network traffic information from the user computer and reject any traffic information not signed with the authorization server key.

Abstract: A training data management method and related system is disclosed comprising three integrated elements. A training data network may provide a network linking a remote instructor operating an off-board data network with a student operating an onboard data network. The remote instructor may, via the datalink connection, maintain a level of control of the data set available to the student. A method for providing training data may include an onboard and off-board safety monitor configured for perceiving a safety event and sending a notification thereof to an involved participant. A system for providing training data may include a data guard configured to monitor all communications between two networks and block sensitive information, training data, and classified communications between the networks.