Abstract: Systems, methods, and apparatus for space surveillance are disclosed herein. In one or more embodiments, the disclosed method involves scanning, by at least one sensor on at least one satellite in inclined super-geostationary earth orbit (super-GEO), a raster scan over a field of regard (FOR). In one or more embodiments, the scanning is at a variable rate, which is dependent upon a target dwell time for detecting a target of interest. In at least one embodiment, the target dwell time is a function of a range from at least one sensor to the target of interest and a function of a solar phase angle. In some embodiments, the axis of inclination of the inclined super-GEO is a function of the solar phase angle.

Abstract: Systems, methods, and apparatus for space surveillance are disclosed herein. In one or more embodiments, the disclosed method involves scanning, by at least one sensor on at least one satellite in super-geostationary earth orbit (super-GEO), a raster scan over a field of regard (FOR). In one or more embodiments, the scanning is at a variable rate, which is dependent upon a target dwell time for detecting a target of interest. In at least one embodiment, the target dwell time is a function of a characteristic brightness of the target.

Abstract: An electrical sensor arrangement for measuring a property of a chemical species (32) comprises first and second electrodes (72, 74) comprising first and second generally planar molecular layers (76, 78) each consisting of an array of covalently bonded atoms. The first molecular layer (76) is covalently bonded (82) to the second molecular layer (78) to define an aperture (84) through both the first and second molecular layers. The aperture (84) is configured to enable the chemical species (32) to pass through. The sensor arrangement further comprises an electrical power supply (86) connected to the first electrode (76) and the second electrode (78) and configured to apply a voltage across the first electrode (76) and the second electrode (78).

Abstract: In some aspects, an encryption method comprises encrypting a first portion of a message using a first secret key. The first secret key is generated based on the public key of an entity. A one-way function is used to generate a second secret key from the first secret key, and the first secret key is subsequently discarded. A second portion of the message is encrypted using the second secret key. The encrypted first portion of the message and the encrypted second portion of the message are provided to the entity.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: A manhole guard, methods of assembling the same, and methods of using the same, are described. The manhole guard generally includes a plurality of sections connected for movement, the sections being capable of being locked into a fixed rigid structure through the use of a first arm and second arm that act independently of each other. The manhole guard can include attachable mounting brackets designed to facilitate the attachment of a hoist device and/or winch.

Abstract: A system and method are provided for enabling a password reset mechanism for a secured device that verifies a digital signature on a password reset message. The password reset message has been generated by a password reset service for an authorized administrator associated with the secured device. The password reset mechanism allows the authorized administrator to make a request to the password reset service for a password reset, and receive the password reset message such that a password reset can be performed at the secured device. In this way, the secured device's password can be reset absent a connection to a command and control center or other service.

Abstract: There is provided a method for secure communications. The method includes a computing device receiving a notification comprising a message, a counter value, a signature signed by a signer and based on the message and the counter value, and an indication of the signer. The device obtains a current counter value based on an identity of the signer, checks the signature and compares the counter value with the current counter value; and, if the counter comparison and the signature checking is successful, accepting the message.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: Challenge-response authentication protocols are disclosed herein, including systems and methods for a first device to authenticate a second device. In one embodiment, the following operations are performed by the first device: (a) sending to the second device: (i) a challenge value corresponding to an expected response value known by the first device, and (ii) a hiding value; (b) receiving from the second device a masked response value; (c) obtaining an expected masked response value from the expected response value and the hiding value; and (d) determining whether the expected masked response value matches the masked response value received from the second device. The operations from the perspective of the second device are also disclosed, which in some embodiments include computing the masked response value using the challenge value, the hiding value, and secret information known to the second device.

Abstract: There is provided a method for secure communications. The method includes a computing device receiving a notification comprising a message, a counter value, a signature signed by a signer and based on the message and the counter value, and an indication of the signer. The device obtains a current counter value based on an identity of the signer, checks the signature and compares the counter value with the current counter value; and, if the counter comparison and the signature checking is successful, accepting the message.

Abstract: Challenge-response authentication protocols are disclosed herein, including systems and methods for a first device to authenticate a second device. In one embodiment, the following operations are performed by the first device: (a) sending to the second device: (i) a challenge value corresponding to an expected response value known by the first device, and (ii) a hiding value; (b) receiving from the second device a masked response value; (c) obtaining an expected masked response value from the expected response value and the hiding value; and (d) determining whether the expected masked response value matches the masked response value received from the second device. The operations from the perspective of the second device are also disclosed, which in some embodiments include computing the masked response value using the challenge value, the hiding value, and secret information known to the second device.

Abstract: Described herein is a device to hold eggs during the cooking and cooling process for the creation of boiled eggs. The egg cooking device includes a frame capable of holding at least one egg while in boiling water and a handle that may be used to lift the device in and out of boiling water and a spout assembly for distributing cold water over the egg holders to cool them simultaneously.

Abstract: Methods, systems, and computer programs for interrogating an authentication device are disclosed. For example, a mobile device can include an interrogator module that interrogates an authentication module in a mobile device accessory, for example, upon installation of the mobile device accessory. In some implementations, challenge-response pairs and a challenge-response distribution are stored in a memory of an interrogator module. The challenge-response distribution defines selection probabilities for the challenge values. In some instances, the interrogator module receives an authentication request from an authentication module, and in response to the authentication request, the interrogator module selects an initial challenge value according to the challenge-response distribution. The interrogator module sends the authentication module an interrogation message that includes the initial challenge value.

Abstract: A method and apparatus are disclosed for using a single credential request (e.g., registered public key or ECQV certificate) to obtain a plurality of credentials in a secure digital communication system having a plurality of trusted certificate authority CA entities and one or more subscriber entities A. In this way, entity A can be provisioned onto multiple PKI networks by leveraging a single registered public key or implicit certificate as a credential request to one or more CA entities to obtain additional credentials, where each additional credential can be used to derive additional public key-private key pairs for the entity A.

Abstract: A facility is described for analyzing access control configurations. In various embodiments, the facility comprises an operating system having resources and identifications of principals, the principals having access control privileges relating to the resources, the access control privileges described by access control metadata; an access control scanner component that receives the access control metadata, determines relationships between principals and resources, and emits access control relations information; and an access control inference engine that receives the emitted access control relations information and an access control policy model, analyzes the received information and model, and emits a vulnerability report.

Abstract: In some aspects, an encryption method comprises encrypting a first portion of a message using a first secret key. The first secret key is generated based on the public key of an entity. A one-way function is used to generate a second secret key from the first secret key, and the first secret key is subsequently discarded. A second portion of the message is encrypted using the second secret key. The encrypted first portion of the message and the encrypted second portion of the message are provided to the entity.

Abstract: A method is presented to compute square roots of finite field elements from the prime finite field of characteristic p over which points lie on a defined elliptic curve. Specifically, while performing point decompression of points that lie on a standardized elliptic curve over a prime finite field of characteristic 2224?296+1, the present method utilizes short Lucas sub-sequences to optimize the implementation of a modified version of Mueller's square root algorithm, to find the square root modulo of a prime number. The resulting method is at least twice as fast as standard methods employed for square root computations performed on elliptic curves.

Abstract: A system and method are provided for having a device in a communication system update an operational policy for the device by encoding a policy update in a virtual machine language used by a virtual machine on the device, having the policy update signed by a trusted entity, and sending a message comprising the signed policy update to the device to enable the device to implement the policy update using the virtual machine on the device. A system and method are also provided for updating an operational policy on a device in a communication system by receiving, at the device, a message comprising a signed policy update that has been signed by a trusted entity, the policy update being encoded in a virtual machine language used by a virtual machine on the device, verifying the signed policy update, and implementing the policy update using the virtual machine on the device when the policy update is verified.

Abstract: There is provided a method for secure communications. The method includes a computing device receiving a notification comprising a message, a counter value, a signature signed by a signer and based on the message and the counter value, and an indication of the signer. The device obtains a current counter value based on an identity of the signer, checks the signature and compares the counter value with the current counter value; and, if the counter comparison and the signature checking is successful, accepting the message.