Abstract: A snowmobile warning and control method for a snowmobile having an engine and a brake system, including: sensing a temperature of the brake system of the vehicle; determining that the temperature of the brake system is above a first predetermined temperature threshold; issuing a first brake-system temperature warning in response to the temperature of the brake system exceeding the first predetermined temperature threshold; determining that the temperature of the brake system is above a second predetermined temperature, the second predetermined temperature being greater than the first predetermined temperature; issuing a second brake-system temperature warning in response to the temperature of the brake system exceeding the second predetermined temperature threshold; and modifying an operation of the engine in response to the temperature of the brake system exceeding the second predetermined temperature threshold.

Abstract: A system and method for secure generation and distribution of digital encryption keys is disclosed. The system may also be used to protect and distribute other types of secure information, including digital, audio, video, or analog data, or physical objects. The system may include a tamper-respondent secure token device, which may be configured to destroy or disable access to the secure information contained therein in response to attempts to physically or electronically breach the device. Outputs may be provided in a secure manner through various interfaces without using electricity (wires) or electromagnetic radiation. Inputs may be provided in a secure manner, including through the use of a gesture-based input interface. Destruction or disablement of the device and/or its secure contents may be provided upon detection of tamper attempts or upon input of a self-destruct command. Proof of the destruction or disablement of the device or its contents may be provided.

Abstract: A system and method for secure generation and distribution of digital encryption keys is disclosed. The system may also be used to protect and distribute other types of secure information, including digital, audio, video, or analog data, or physical objects. The system may include a tamper-respondent secure token device, which may be configured to destroy or disable access to the secure information contained therein in response to attempts to physically or electronically breach the device. Outputs may be provided in a secure manner through various interfaces without using electricity (wires) or electromagnetic radiation. Inputs may be provided in a secure manner, including through the use of a gesture-based input interface. Destruction or disablement of the device and/or its secure contents may be provided upon detection of tamper attempts or upon input of a self-destruct command. Proof of the destruction or disablement of the device or its contents may be provided.

Abstract: A system and method for secure generation and distribution of digital encryption keys is disclosed. The system may also be used to protect and distribute other types of secure information, including digital, audio, video, or analog data, or physical objects. The system may include a tamper-respondent secure token device, which may be configured to destroy or disable access to the secure information contained therein in response to attempts to physically or electronically breach the device. Outputs may be provided in a secure manner through various interfaces without using electricity (wires) or electromagnetic radiation. Inputs may be provided in a secure manner, including through the use of a gesture-based input interface. Destruction or disablement of the device and/or its secure contents may be provided upon detection of tamper attempts or upon input of a self-destruct command. Proof of the destruction or disablement of the device or its contents may be provided.

Abstract: A system and method for secure generation and distribution of digital encryption keys is disclosed. The system may also be used to protect and distribute other types of secure information, including digital, audio, video, or analog data, or physical objects. The system may include a tamper-respondent secure token device, which may be configured to destroy or disable access to the secure information contained therein in response to attempts to physically or electronically breach the device. Outputs may be provided in a secure manner through various interfaces without using electricity (wires) or electromagnetic radiation. Inputs may be provided in a secure manner, including through the use of a gesture-based input interface. Destruction or disablement of the device and/or its secure contents may be provided upon detection of tamper attempts or upon input of a self-destruct command. Proof of the destruction or disablement of the device or its contents may be provided.

Abstract: A system and method for secure generation and distribution of digital encryption keys is disclosed. The system may also be used to protect and distribute other types of secure information, including digital, audio, video, or analog data, or physical objects. The system may include a tamper-respondent secure token device, which may be configured to destroy or disable access to the secure information contained therein in response to attempts to physically or electronically breach the device. Outputs may be provided in a secure manner through various interfaces without using electricity (wires) or electromagnetic radiation. Inputs may be provided in a secure manner, including through the use of a gesture-based input interface. Destruction or disablement of the device and/or its secure contents may be provided upon detection of tamper attempts or upon input of a self-destruct command. Proof of the destruction or disablement of the device or its contents may be provided.

Abstract: A system and method for secure generation and distribution of digital encryption keys is disclosed. The system may also be used to protect and distribute other types of secure information, including digital, audio, video, or analog data, or physical objects. The system may include a tamper-respondent secure token device, which may be configured to destroy or disable access to the secure information contained therein in response to attempts to physically or electronically breach the device. Outputs may be provided in a secure manner through various interfaces without using electricity (wires) or electromagnetic radiation. Inputs may be provided in a secure manner, including through the use of a gesture-based input interface. Destruction or disablement of the device and/or its secure contents may be provided upon detection of tamper attempts or upon input of a self-destruct command. Proof of the destruction or disablement of the device or its contents may be provided.

Abstract: An external security device is provided in the communication path between devices of different security levels. A higher security device needs only to trust the security of the external device, rather than relying on operating system and file system software that cannot be assured. The external security device blocks access requests that may be using covert channels, but returns status information that indicates that the request is successful. The external security device may then audit access requests to provide a higher level of accountability. The external security device also handles data duplication to prevent or significantly reduce the threat of traffic analysis.

Abstract: A system and method for storing data in a virtual file system using write once read many (WORM) protection includes a WORM server in communication with one or more storage devices and a controller in communication with the WORM server. A first time stamping process for creating a first time stamp for a data object based on instructions applied by the controller for storage on the WORM server. A second time stamping process for creating a second time stamp for the data object for storage on the WORM server. The second time stamping process creates the second time stamp for the data object and first time stamp to ensure the integrity of the data object stored on the system.

Abstract: A system for object-based data storage includes a plurality of object-based storage nodes having respective data storage devices, at least one file presentation node, a virtual cluster file server (VFS), and a scalable interconnect to couple the virtual cluster file server to the storage nodes, and to the at least one file presentation node. The VFS mirrors a same data object for a data file across the plurality of data storage devices.

Abstract: A system and method for error detection in a data storage array includes one or more storage medium interconnected with a controller through a network. A data integrity engine in the controller applies a first error detection process to a data object to create one or more data blocks and associated parity codes. First and second error detection processes are applied to detect and repair errors in the data object.

Abstract: A system that remotely authenticates a command is presented. During operation, an authentication system receives the command from an intermediary system, wherein the command is to be executed on a target system. Next, the authentication system authenticates the intermediary system. If the intermediary system is successfully authenticated, the authentication system authenticates the command using a private key for the authentication system to produce an authenticated command. Next, the authentication system sends the authenticated command to the intermediary system, thereby enabling the intermediary system to send the authenticated command to the target system so that the target system can use a public key for the authentication system to verify and execute the command.

Abstract: A method for encrypting data includes receiving a block of plaintext for a data set at one or more computers, acquiring a cryptographic key for the data set, generating an initialization vector for the block of plaintext based on the block of plaintext, and encrypting the block of plaintext using the cryptographic key and the initialization vector.

Abstract: Security is provided for a data set stored in a data storage canister. The data set has a data size when received for storage within the canister. At least one data security operation is performed on the received data set to generate secure data having a secure data size that may be different than the set data size. The secure data is stored on at least one data storage device within the canister. Any information about the secure data size is kept from the data producer sending the data set for storage.

Abstract: A system that securely registers components in a first system is presented. During operation, the first system receives a request from an intermediary system to obtain configuration information related to the components in the first system. In response to the request, the first system: (1) encrypts configuration information for the first system using a first encryption key; (2) encrypts the first encryption key using a second encryption key; and (3) sends the encrypted configuration information and the encrypted first encryption key to the intermediary system so that the intermediary system can forward the encrypted configuration information and the encrypted first encryption key to the second system, whereby the encrypted configuration information is cryptographically opaque to the intermediary system. Next, the second system uses the configuration information to register the components in the first system.

Abstract: A method of protecting a media key including obtaining the media key, obtaining an auxiliary key, calculating a split key using the media key and the auxiliary key, encrypting the split key using a wrap key to generate an encrypted split key, assembling the encrypted split key and a communication key to obtain a data bundle, and sending the data bundle to a token, where the media key is extracted from the data bundle on the token to protect data on a storage device.

Abstract: A method of protecting a media key including obtaining the media key, obtaining an auxiliary key, calculating a split key using the media key and the auxiliary key, encrypting the split key using a wrap key to generate an encrypted split key, assembling the encrypted split key and a communication key to obtain a data bundle, and sending the data bundle to a token, where the media key is extracted from the data bundle on the token to protect data on a storage device.

Abstract: A hand-held token for secure conveyance of encryption keys includes memory for holding a media key and at least one device key. Control logic reads the media key from memory, encrypts the media key based on the device key, and transmits the encrypted media key to a data storage device. The data storage device decrypts the encrypted media key using its own device key, which may have previously been downloaded from a token.

Abstract: One embodiment of the present invention provides a system that parallelizes the TCP-related actions of a network connection between two computer systems during a data transfer between the two computer systems. During operation, the first computer system partitions the data into two or more data segments, and assigns the data segments to multiple processing elements. These multiple processing elements subsequently prepare and send their assigned data segments to the second computer system in parallel using TCP.

Abstract: A method for encrypting data includes receiving a block of plaintext for a data set at one or more computers, acquiring a cryptographic key for the data set, generating an initialization vector for the block of plaintext based on the block of plaintext, and encrypting the block of plaintext using the cryptographic key and the initialization vector.