Abstract: Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes obtaining an image from equipment of a user, wherein the image includes an indication of an individual and an indication of a local environment. The individual is identified within the image to obtain an identification of the individual, and the local environment is determined as a predetermined local environment based on the identification of the local environment. Access to a restricted computing resource is facilitated based on the determining that the individual is the user and that the local environment is the predetermined local environment. Other embodiments are disclosed.

Abstract: Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes obtaining an image from a communication device of a user. An individual and a landmark are identified within the image. Determinations are made that the individual is the user and that the landmark is a predetermined landmark. Access to a restricted computing resource is granted based on the determining that the individual is the user and that the landmark is the predetermined landmark. Other embodiments are disclosed.

Abstract: A system that incorporates the subject disclosure may perform, for example, operations including receiving a request from a first device to access information content of a second device. The process further includes forwarding a token to the second device by way of a second wireless network, to obtain a second device token, and forwarding the token to the first device by way of the first network to obtain a first device token, wherein the first device forwards the first device token to the second device by way of a third network. A confirmation that the token was received at the first device is based on the result of the comparison indicating a match between the first device token and the second device token. Access to the information content of the second device is authorized in response to the confirmation. Other embodiments are disclosed.

Abstract: A server uses an encryption key to decrypt authentication information thereby facilitating communication with network-accessible applications that may be remotely located from the server. Servers can also use encryption keys to decrypt files containing sensitive data. The encryption key is obtained by a collection of software agents, each providing a portion of information necessary for generating the encryption key. Each software agent performs a respective examination, the results of which determine whether the respective portion of information is valid or not. A complete encryption key can be obtained only when all of the contributing portions of information are valid.

Abstract: A system that incorporates teachings of the subject disclosure may include, for example, receiving multiple software agents and configuring a network of the multiple software agents according to a predetermined policy. The process can further include facilitating secure communications among software agents of the network of the multiple software agents according to the predetermined policy. A state of one of the system, a system environment within which the system operates, or a combination thereof can be determined, based on the secure communications among the software agents of the network of the multiple software agents. A computing environment can be facilitated conditionally on the state of the one of the system, the system environment, or the combination thereof, according to the predetermined policy to support a mission application. Other embodiments are disclosed.

Abstract: A system that incorporates the subject disclosure may perform, for example, operations including receiving a request from a first device to access information content of a second device. The process further includes determining that the first device is authorized to access the information content according to authorization credentials, and determining a token associated with the request in response to determining that the first device is authorized to access the information content. The token is forwarded to the first device, and it is confirmed that the token was received at the first device. Access to the information content of the second device is authorized in response to confirming that the token was received at the first device. Other embodiments are disclosed.

Abstract: Described herein are devices and techniques for remotely controlling user access to a restricted computer resource. The process includes pre-determining an association of the restricted computer resource and computer-resource-proximal environmental information. Indicia of user-proximal environmental information are received from a user requesting access to the restricted computer resource. Received indicia of user-proximal environmental information are compared to associated computer-resource-proximal environmental information. User access to the restricted computer resource is selectively granted responsive to a favorable comparison in which the user-proximal environmental information is sufficiently similar to the computer-resource proximal environmental information. In at least some embodiments, the process further includes comparing user-supplied biometric measure and comparing it with a predetermined association of at least one biometric measure of an authorized user.

Abstract: Described herein are devices and techniques related to implementation of a trustworthy electronic processing module. During fabrication, a manufacturer is provided with partial technical specifications that intentionally exclude at least one critical design feature. Fabrication of the electronic processing module is monitored from a trusted remote location; wherefrom, the intentionally excluded at least one critical design feature is implemented, thereby completing manufacture of the trustworthy electronic processing module. At least one of the acts of monitoring and implementing can be accomplished by instantiating executable software remotely from a trusted remote location and immediately prior to execution. It is the executable software that enables at least one of the acts of monitoring and implementing. Further, the instantiated executable software is removed or otherwise rendered inoperable immediately subsequent to execution.

Abstract: An apparatus is disclosed including one or more security structures. The one or more security structures includes: a weldable frame; a plurality of composite panels, each panel securable to the weldable frame, each composite panel configured to form at least one joint with at least one adjoining composite panel; and a respective security element embedded within each of the composite panels. The security element is configured to detect a breach in the composite panel.

Abstract: A method for scanning and securing a container including a plurality of at least partially composite panels defining an interior volume is disclosed. The method includes: storing unique identification information in an identification element within container; sealing the container; monitoring the container for intrusion; without breaching the seal of the container, remotely identifying the container based on the unique identity information without breaching the seal of the container; without breaching the seal of the container; scanning the identified container to determine the presence or absence of a nuclear weapon in the interior volume; and if the scan determines no nuclear weapon is present remotely storing certificate information associated with the identity of the container in a remote monitor unit.

Abstract: A system that incorporates the subject disclosure may perform, for example, operations including receiving a request from a first device to access information content of a second device. The process further includes determining that the first device is authorized to access the information content according to authorization credentials, and determining a token associated with the request in response to determining that the first device is authorized to access the information content. The token is forwarded to the first device, and it is confirmed that the token was received at the first device. Access to the information content of the second device is authorized in response to confirming that the token was received at the first device. Other embodiments are disclosed.

Abstract: A server uses an encryption key to decrypt authentication information thereby facilitating communication with network-accessible applications that may be remotely located from the server. Servers can also use encryption keys to decrypt files containing sensitive data. The encryption key is obtained by a collection of software agents, each providing a portion of information necessary for generating the encryption key. Each software agent performs a respective examination, the results of which determine whether the respective portion of information is valid or not. A complete encryption key can be obtained only when all of the contributing portions of information are valid.

Abstract: An apparatus is disclosed including one or more security structures. The one or more security structures includes: a weldable frame; a plurality of composite panels, each panel securable to the weldable frame, each composite panel configured to form at least one joint with at least one adjoining composite panel; and a respective security element embedded within each of the composite panels. The security element is configured to detect a breach in the composite panel.

Abstract: A dosimeter is disclosed for use in container including outer walls defining an interior volume, the dosimeter including: a radon detection element adapted to detect a radon level for the interior volume; a neutron detection element adapted detect a neutron level for the interior volume. The dosimeter is adapted to measure the radon level and neutron level for a period of time, compare the measured radon level to a first threshold, compare the measured neutron level to a second threshold, and determine information indicative of the presence or absence of fissile material within the interior volume based on the comparisons.

Abstract: A design and manufacturing methods for reusable, stackable shipping containers made from composite materials is described. The composite material is embedded with optical fibers, data and electrical paths, and various types of components. These embedded devices are capable of detecting intrusions through the container walls, securely storing and processing information, and securely communicating information to other containers and to remote devices.

Abstract: A secure detection network system includes plurality of remote nodes, each remote node comprising a set of detector interfaces configured to couple to a set of detectors disposed to detect the presence of an illegal asset within a shipping container; at least one server node configured to initialize, install, and authenticate each remote node in the plurality of remote nodes, including delivering to each remote node an agent module, said agent module for each remote node comprising a node specific configuration file defining a set of nodes with which the remote node can communicate and a different encryption means corresponding to each node in the set of nodes; and a communication path coupling the plurality of remote nodes and the at least one server node.

Abstract: An apparatus is disclosed including one or more security structures. The one or more security structures includes: a weldable frame; a plurality of composite panels, each panel securable to the weldable frame, each composite panel configured to form at least one joint with at least one adjoining composite panel; and a respective security element embedded within each of the composite panels. The security element is configured to detect a breach in the composite panel.

Abstract: A method is disclosed for securing sensitive material on a computer system comprising a network of computers from unauthorized access by a root level user of the computer system, the method including the steps of: limiting access to the sensitive material to one or more authorized users; controlling the operation of one or more system functions to prevent unauthorized access to the sensitive material.

Abstract: Described herein are devices and techniques related to implementation of a trustworthy electronic processing module. During fabrication, a manufacturer is provided with partial technical specifications that intentionally exclude at least one critical design feature. Fabrication of the electronic processing module is monitored from a trusted remote location; wherefrom, the intentionally excluded at least one critical design feature is implemented, thereby completing manufacture of the trustworthy electronic processing module. At least one of the acts of monitoring and implementing can be accomplished by instantiating executable software remotely from a trusted remote location and immediately prior to execution. It is the executable software that enables at least one of the acts of monitoring and implementing. Further, the instantiated executable software is removed or otherwise rendered inoperable immediately subsequent to execution.

Abstract: Described herein are devices and techniques for implementing a polymorphic network adapted to change network path configurations among a number of pre-determined network path configurations in response to a perceived threat. Such perceived threats can include detection of an unknown process, or simply according to some schedule, or randomly to prevent or otherwise reduce susceptibility to such perceived threats. Multiple (e.g., redundant) network communications paths can be pre-configured between two endpoints. Network communications between the two endpoints can be periodically redirected, for example, in response to a perceived threat or according to one or more rules and/or a schedule to otherwise avoid a perceived threat. A system adapted to permit such pre-configuration of multiple network paths can include an access restrictor in communication with a network configuration controller to prohibit unauthorized pre-configuration of the network paths.