Abstract: A first cryptographic communication system is disclosed. The first cryptographic communication system includes a common hardware module configured to receive local cryptographic signals and coalition cryptographic signals that includes a transmitter, a receiver, a common router, a trusted router, and a data loader. The first cryptographic communication system further includes a local cryptographic assembly and a coalition cryptographic assembly each including and end cryptographic unit communicatively coupled to the trusted router, a cross domain guard communicatively coupled to the end cryptographic unit and the trusted router, and a general purpose security module communicatively coupled to the cross domain guard. The first cryptographic communication system further includes a data recoding module communicatively coupled to the data loader that includes local and coalition data recording devices.

Abstract: A method of remotely initializing at least one device is disclosed. The method includes initializing at a local host a cryptographic authorization sequence after receiving a secure input value. The method further includes receiving at a local host cryptographic controller a first authorization request from a first remote device. After a challenge-response authentication protocol, the first remote device is authenticated and receives a public key infrastructure certificate. The method includes receiving at a first remote cryptographic controller a second request from a second remote device. After a challenge-response authentication protocol, the first remote device is authenticated, but does not receive a public key infrastructure certificate. A system for remotely initiating at least one device is also disclosed.

Abstract: A cross-domain guard is disclosed that includes a field programmable gate array (FPGA). The FPGA includes a rule database containing one or more rules, a memory interconnect configured to send control data or rule processing data, media access control logic, and a plurality of filter engines configured to receive an incoming message and generate a processed message. Each of the plurality of filter engines may contain a message processing allocation element configured to receive and distribute the incoming message, and a plurality of rule processor kernels. Each of the plurality of rule processor kernels includes a rule processor kernel control element, a plurality of data operator kernels configured to perform a data comparison operation, a ternary lookup table processor configured to perform a logic operation based upon a result of the data comparison operation, and a processed message arbiter. A method for filtering incoming messages is also disclosed.

Abstract: A security module is disclosed. In embodiments, the security module includes a common host platform configured to co-host a plurality of certified functions via a plurality of interconnected hardware resources. The common host platform may be configured to host a first certified function independently certified via a first certifying authority, and a second certified function independently certified via a second certifying authority. The first certified function may be hosted on a first sub-set of dedicated hardware resources and a first sub-set of shared hardware resources. The second certified function may hosted on a second sub-set of dedicated hardware resources and the first sub-set of shared hardware resources including one or more hardware resources shared with the first certified function.

Abstract: A method of remotely initializing at least one device is disclosed. The method includes initializing at a local host a cryptographic authorization sequence after receiving a secure input value. The method further includes receiving at a local host cryptographic controller a first authorization request from a first remote device. After a challenge—response authentication protocol, the first remote device is authenticated and receives a public key infrastructure certificate. The method includes receiving at a first remote cryptographic controller a second request from a second remote device. After a challenge—response authentication protocol, the first remote device is authenticated, but does not receive a public key infrastructure certificate. A system for remotely initiating at least one device is also disclosed.

Abstract: A security module is disclosed. In embodiments, the security module includes a common host platform configured to co-host a plurality of certified functions via a plurality of interconnected hardware resources. The common host platform may be configured to host a first certified function independently certified via a first certifying authority, and a second certified function independently certified via a second certifying authority. The first certified function may be hosted on a first sub-set of dedicated hardware resources and a first sub-set of shared hardware resources. The second certified function may hosted on a second sub-set of dedicated hardware resources and the first sub-set of shared hardware resources including one or more hardware resources shared with the first certified function.

Abstract: A multilevel security (MLS) network is disclosed. The MLS network includes untrusted nodes (UTN) capable of receiving messages en route from a source node to a destination node, each message having an unencrypted outer header, an encrypted inner header, and a data payload. UTNs route messages toward their destination as directed by the outer header. Global trusted nodes (GTN) decrypt a portion of the inner header to validate source and destination information before routing the message forward. GTNs further modify the outer header to obfuscate source and destination information from the UTNs. Local trusted nodes (LTN) serve as gateway nodes into a local network. LTNs also validate source and destination information to regulate admission to the local network. LTNs include an address manager which decrypts an additional portion of the inner header to read local address data and generates local messages for routing through the local network.

Abstract: A secure onboard maintenance circuit (OMC) includes a primary OMC node with a controller, a secure storage, a trusted CDS interface, and a configurable I/O interface for connecting to at least one system component. The controller is configured to receive maintenance information via the configurable I/O interface and the trusted CDS interface and is further configured to store data associated with the maintenance information in the secure storage. The OMC further includes at least one secondary OMC node with a second controller, a second trusted CDS interface, and a second configurable I/O interface for connecting to at least one other system component. The second controller is configured to receive maintenance information via the second configurable I/O interface and is further configured to transmit the maintenance information to the primary OMC node via the second trusted CDS interface.

Abstract: A multilevel security fabric with address management units communicatively coupled to ports of a communication fabric and nodes of a multilevel security system are disclosed. The communication fabric facilitates communication between the nodes. An address management unit associated with a particular node extracts address maps contained in data requests associated with the particular node and regulates communication of that node any other nodes within the system across the communication fabric based on whether the extracted address maps are within an allowable address access range specified for the particular node. In the event that an extracted address map fails to fall within the allowable address access range, the address management unit may block the communication with the particular node. Accordingly, the address management unit may enforce multilevel communication across the communication fabric with high assurance.

Abstract: A system for controlling the flight of aircraft includes an aircraft operated by a human pilot, one or more optionally piloted aircraft controlled by a processor, and a communication link between the aircraft. The optionally piloted aircraft receives data indicative of the position and flight path of the piloted aircraft, and is automatically controlled to maintain a predetermined range of separation distances from the piloted aircraft. Control of the optionally piloted aircraft may include machine reasoning computing functions based on a classification of data received by the communication link, data indicative of the current positions and three-dimensional flight paths of the aircraft, stored data from previously calculated positions and three-dimensional flight paths of the aircraft, and stored data from previously executed flight plans associated with the optionally piloted aircraft.

Abstract: Segregated cores or virtual processors within a processor establish at least two separate encryption paths via software virtualization. Guest operating systems and encryption applications operate on input data with an enforced level of synchronicity. Output is compared to determine if each encryption path arrives at the same encrypted output. If the outputs are identical, the encrypted data is passed on; if not, an error report is generated. No individual vulnerability may produce a single point of failure to produce erroneously encrypted or unencrypted output.

Abstract: A data storage system is provided. The system includes an electronic storage architecture configured to be coupled to a computing system and a storage medium. The architecture mediates the storing and accessing of data at the storage medium in response to the commands to write or read data. The architecture includes a file interface configured to process at least one attribute associated with data. The architecture includes a crypto interface configured to encrypt and decrypt the data based on the at least one attribute. The at least one attribute specifies a classification level of the data. The crypto interface includes cryptographic functions. Each cryptographic function is associated with a different classification level. The architecture includes a storage interface configured to provide a mapping between partitions on the storage medium and the cryptographic functions. Each of the partitions is associated with a different classification level.

Abstract: Multilevel secure communication systems and methods for providing multilevel security to such communication systems are disclosed. More specifically, communication systems and methods configured in accordance with the inventive concepts disclosed herein may be utilized to provide support for N levels of secure communications using processors (may also be referred to as nodes) that may only have (N?M) levels of security separation (where N and M are integers and M is strictly less than N). In other words, processors that have less than N levels of security separation may be configured to form a communication system that is capable of supporting N levels of secure communication.

Abstract: A method for indicating the security level of a selected element on a multi-level security display includes determining a security level of a selected element and modifying the visual representation of the selected element to indicate the security level and/or providing an audible tone. Visual distinction may include a security tag, color variation or flashing pattern.

Abstract: A secured enclosure system and a method for configuring a secured enclosure system are disclosed. The secured enclosure system includes at least one processing module for implementing a processing task, a security module in communication with the processing module for providing a trust anchor functionality to the processing module, a secure backplane in communication with the at processing module for monitoring a connection with the processing module, and a security controller module in communication with the secure backplane for providing a root of trust, for serving as a local system controller, and for serving as a key/certificate manager. An enclosure encloses the components of the system and includes a physical security component for detecting an interference with the enclosure.

Abstract: A method and system for securely distributing human-machine input/output to multi-level displays in a multi-level security environment is disclosed. The method and system in accordance with the present disclosure provides the ability to take input from common input devices and manages the input to ensure that the input is delivered only to the intended security domain/level and that the input is delivered only to the intended display element within the intended security domain/level. Furthermore, architectures configured for supporting the multi-level security display with secure input/output are also disclosed.

Abstract: A secure deterministic fabric includes switches that segregate data traffic requiring disparate levels of authentication or having different safety levels. Data may be segregated physically, utilizing different hardware; or virtually, by allocating certain assets such as memory blocks exclusively for certain levels of authentication. The secure deterministic fabric may include elements for safety monitoring and multi-level security monitoring.

Abstract: A method for disambiguating entities on a multi-level security display includes receiving a selection of a particular security level and rendering entities having a different security level in a visually distinct way. Visual distinction may include not drawing the entities on the multi-level security display.

Abstract: An anti-rotation device for use in a linear actuator comprises a hollow body permitting passage of a screw therein. At least one pair of legs extends longitudinally away from the hollow body and each leg of the at least one pair includes a first key feature configured for mating or complementary engagement with a second key feature of an housing used to enclose the screw, nut and anti-rotation device. In one embodiment, each leg is configured to extend or flex radially outward relative to an outer diameter of the hollow body. In another embodiment, the second key features of the housing are substantially longitudinally uniform, whereas the first key feature of at least one of the legs includes a longitudinally non-uniform feature. These pre-loading features induce self-centering of the anti-rotation device that reduces or eliminates play between the components and noise while also improving performance of the linear actuator.

Abstract: The present invention is directed to routing information between networks of differing security level. Communication to/from each network is handled by a dedicated Offload Engine (OE). Each OE interfaces to a Guard Engine through a Guard Data Mover (GDM) and includes an interface for connecting to an external network. A first OE receives a data packet from a first network intended to be transmitted to a second network. The Guard Engine analyzes the data packet. The Guard Engine includes an ACL (Access Control List) which are rules data packets must meet before being passed onto a destination network. If allowed, the Guard Engine delivers the data packet to the second network via a second OE utilizing a GDM associated with the first OE and a GDM associated with the second OE. The architecture of the present invention reduces the time and effort needed to attain high-assurance certification.