Abstract: A flash memory system for encrypting and storing data in a non-volatile flash memory associated with a host system. The device includes flash memory, encryption engine, random number generator, cryptographic hash engine, key store, static random-access memory to interface with the host system, and associated control circuitry. When powered on, the device determines if a valid encryption key is held in the key store. If a valid key is held, a program flag is set when encrypted data in the flash memory is ready to be decrypted and stored in the static random access memory for use by the host system, or when data originating from the host system and stored in the static random access memory is ready to be encrypted by the engine and programmed into the flash memory. The device can be embedded in any host system wherein data is encrypted while at rest in memory.

Abstract: A flash memory system for encrypting and storing data in a non-volatile flash memory associated with a host system. The device includes flash memory, encryption engine, random number generator, cryptographic hash engine, key store, static random-access memory to interface with the host system, and associated control circuitry. When powered on, the device determines if a valid encryption key is held in the key store. If a valid key is held, a program flag is set when encrypted data in the flash memory is ready to be decrypted and stored in the static random access memory for use by the host system, or when data originating from the host system and stored in the static random access memory is ready to be encrypted by the engine and programmed into the flash memory. The device can be embedded in any host system wherein data is encrypted while at rest in memory.

Abstract: A flash memory process and device for encrypting and storing data in a non-volatile flash memory associated with a host system. The device includes a flash memory, an encryption engine, a key store, a SRAM to interface with the host system, and associated control circuitry. When powered on, the device first determines if a valid encryption key is held in the key store. If a valid key is held in the store, a program flag is set when encrypted data in the flash memory is ready to be decrypted by the engine and stored in the SRAM for use by the host system, or when data originating from the host system and stored in the SRAM is ready to be encrypted by the engine and programmed into the flash memory. The device can be embedded in any host system wherein data must be encrypted while at rest in a memory.

Abstract: A flash memory process and device for encrypting and storing data in a non-volatile flash memory associated with a host system. The device includes a flash memory, an encryption engine, a key store, a SRAM to interface with the host system, and associated control circuitry. When powered on, the device first determines if a valid encryption key is held in the key store. If a valid key is held in the store, a program flag is set when encrypted data in the flash memory is ready to be decrypted by the engine and Random stored in the SRAM for use by the host system, or when data originating from the host system and stored in the SRAM is ready to be encrypted by the engine and programmed into the flash memory. The device can be embedded in any host system wherein data must be encrypted while at rest in a memory.

Abstract: A system and method for converting a device between an authorized device and an unauthorized device may include a crypto ignition key (CIK) and a mission module. The CIK may store an original device number corresponding to a device. The mission module typically loads a local mission and a key, decrypts the local mission with the key to produce a decrypted local mission, and generates an internal file encryption key (IFEK) and an internal split. The mission module may then encrypt the decrypted local mission to produce an encrypted local mission and then erase the IFEK. The mission module, when attached to the device, may read an additional device number from the device and recreate the IFEK based on the additional device number and the internal split. The mission module may decrypt the encrypted local mission and install the results in the device to convert the device into an authorized device.

Abstract: An expansion card and method for controlling a radio system integrates PCDD operations into a PCMCIA or ExpressCard which can be inserted into an external display, smart screen PCMCIA slot, or laptop ExpressCard or PCMCIA slot to allow an operator to control the radio system with a computer without any modification of the computer.

Abstract: A system and method for connecting an advanced electronic module to a legacy chassis is presented. In one embodiment, a connector plate comprises a plate bracket, a module connector, at least two chassis connectors and route logic. The plate bracket has a front side, a back side and an opening. The module connector connects to an electronic module within the opening. The at least two chassis connectors are located on the back side of the bracket plate and are configured to be connected to a legacy chassis or and advanced chassis. The legacy chassis and the advanced chassis do not expect signals from the same number chassis conductors. The routing logic routes signals from the module connector to each of the at least two chassis connectors.

Abstract: An interface device for a protected workstation or host has a network interface for connection to a multi-level secure network, a first address corresponding to a guard control port, and a second address corresponding to a guard data port. A transport guard in the device has a control component coupled to the guard control port for processing configuration data sent to the first address and producing a desired security configuration, a guard component coupled to the output of the control component and to the guard data port of the network interface, and a host interface coupled to the guard component for exchanging data with the protected host. Only when permitted by the desired security configuration, the guard component passes network data addressed to the second address of the network interface to the host interface, and passes outbound data from the host interface to the network through the guard data port.

Abstract: An expansion card and method for controlling a radio system integrates PCDD operations into a PCMCIA or ExpressCard which can be inserted into an external display, smart screen PCMCIA slot, or laptop ExpressCard or PCMCIA slot to allow an operator to control the radio system with a computer without any modification of the computer.

Abstract: A secure communications system has at least one processor and a control bus. A number of ports, each having a different fixed address, are coupled to the control bus. The processor assigns each port the address of another port whose data the port is permitted to receive when placed on a system data bus by the other port. A time slot generator outputs each fixed port address sequentially during corresponding time slots in a recurring manner, and a time slot bus is coupled to the time slot generator and to each of the ports. The ports are configured so that (a) when a given port detects its fixed address on the time slot bus, it writes desired outbound data on the data bus, and (b) when the given port detects its assigned port address on the time slot bus, the given port reads data off the data bus.

Abstract: Systems including both distributed and centralized architectures for providing multiple levels of security using “virtual” switches. Ports and channels are assigned the same time slots on a TDMA bus only when they have matching security levels.

Abstract: An interface device for a protected workstation or host has a network interface for connection to a multi-level secure network, a first address corresponding to a guard control port, and a second address corresponding to a guard data port. A transport guard in the device has a control component coupled to the guard control port for processing configuration data sent to the first address and producing a desired security configuration, a guard component coupled to the output of the control component and to the guard data port of the network interface, and a host interface coupled to the guard component for exchanging data with the protected host. Only when permitted by the desired security configuration, the guard component passes network data addressed to the second address of the network interface to the host interface, and passes outbound data from the host interface to the network through the guard data port.

Abstract: A method for operating a multiple single levels of security (MSLS) system comprising the step of providing switched-circuit functionality between channels operating at the same level of security whereby MSLS requirements are met and intelligence is distributed in a way to minimize security certification effort, and apparatus operative for said method.

Abstract: In a system that has a redundant pair of modules where one module is the active module and the other module is the standby module, each of the two modules includes equipment such as an inexpensive programmable logic device to provide a protection switching algorithm for determining, at the individual module level, whether a module is in the active or standby state and switching a module from a standby state to its active state when the module in the active state becomes defective. The number of wires that are required as module to module indicators is reduced to two. The processor can make the active, standby determination when the two modules are powered up simultaneously, when one module is inserted subsequent to the other, or where a module has been active and then fails or is unexpectedly removed.