Abstract: A first cryptographic communication system is disclosed. The first cryptographic communication system includes a common hardware module configured to receive local cryptographic signals and coalition cryptographic signals that includes a transmitter, a receiver, a common router, a trusted router, and a data loader. The first cryptographic communication system further includes a local cryptographic assembly and a coalition cryptographic assembly each including and end cryptographic unit communicatively coupled to the trusted router, a cross domain guard communicatively coupled to the end cryptographic unit and the trusted router, and a general purpose security module communicatively coupled to the cross domain guard. The first cryptographic communication system further includes a data recoding module communicatively coupled to the data loader that includes local and coalition data recording devices.

Abstract: A method of remotely initializing at least one device is disclosed. The method includes initializing at a local host a cryptographic authorization sequence after receiving a secure input value. The method further includes receiving at a local host cryptographic controller a first authorization request from a first remote device. After a challenge-response authentication protocol, the first remote device is authenticated and receives a public key infrastructure certificate. The method includes receiving at a first remote cryptographic controller a second request from a second remote device. After a challenge-response authentication protocol, the first remote device is authenticated, but does not receive a public key infrastructure certificate. A system for remotely initiating at least one device is also disclosed.

Abstract: A cross-domain guard is disclosed that includes a field programmable gate array (FPGA). The FPGA includes a rule database containing one or more rules, a memory interconnect configured to send control data or rule processing data, media access control logic, and a plurality of filter engines configured to receive an incoming message and generate a processed message. Each of the plurality of filter engines may contain a message processing allocation element configured to receive and distribute the incoming message, and a plurality of rule processor kernels. Each of the plurality of rule processor kernels includes a rule processor kernel control element, a plurality of data operator kernels configured to perform a data comparison operation, a ternary lookup table processor configured to perform a logic operation based upon a result of the data comparison operation, and a processed message arbiter. A method for filtering incoming messages is also disclosed.

Abstract: A method of remotely initializing at least one device is disclosed. The method includes initializing at a local host a cryptographic authorization sequence after receiving a secure input value. The method further includes receiving at a local host cryptographic controller a first authorization request from a first remote device. After a challenge—response authentication protocol, the first remote device is authenticated and receives a public key infrastructure certificate. The method includes receiving at a first remote cryptographic controller a second request from a second remote device. After a challenge—response authentication protocol, the first remote device is authenticated, but does not receive a public key infrastructure certificate. A system for remotely initiating at least one device is also disclosed.

Abstract: A secure onboard maintenance circuit (OMC) includes a primary OMC node with a controller, a secure storage, a trusted CDS interface, and a configurable I/O interface for connecting to at least one system component. The controller is configured to receive maintenance information via the configurable I/O interface and the trusted CDS interface and is further configured to store data associated with the maintenance information in the secure storage. The OMC further includes at least one secondary OMC node with a second controller, a second trusted CDS interface, and a second configurable I/O interface for connecting to at least one other system component. The second controller is configured to receive maintenance information via the second configurable I/O interface and is further configured to transmit the maintenance information to the primary OMC node via the second trusted CDS interface.

Abstract: A multilevel security fabric with address management units communicatively coupled to ports of a communication fabric and nodes of a multilevel security system are disclosed. The communication fabric facilitates communication between the nodes. An address management unit associated with a particular node extracts address maps contained in data requests associated with the particular node and regulates communication of that node any other nodes within the system across the communication fabric based on whether the extracted address maps are within an allowable address access range specified for the particular node. In the event that an extracted address map fails to fall within the allowable address access range, the address management unit may block the communication with the particular node. Accordingly, the address management unit may enforce multilevel communication across the communication fabric with high assurance.

Abstract: Embodiments of the inventive concepts disclosed herein are directed to systems and methods for managing network communications. A transceiver of a first node may receive, from a second node of the plurality of nodes, a transmission sequence generated according to a communications cost value determined for each pair of the nodes in the communications node. The transmission sequence may specify a third node followed by the first node as consecutive nodes for transmitting packets. A sequence manager of the first node may detect that reception of a terminal packet of the one or more packets from the third node has or should have just completed. The sequence manager may initiate transmission by the transceiver immediately upon the detection.