Abstract: A pod system for an aircraft is disclosed. Embodiments provide an external, near belly-tangent modular plug-and-play pod system that includes a scalable set of left-side bays which are connected to a scalable set of right-side bays via a central compartment positioned on a bottom external surface of the aircraft's fuselage. The bays accommodate removable slide trays which have various equipment (for example, communications, intelligence, surveillance, and reconnaissance equipment) mounted thereon. The bays and slide trays combination allow for quick removal, insertion, and connection of the various mounted equipment to IP-based connectivity, power, and foundation signals from the aircraft. In an embodiment, the left-side bays, right-side bays, and central compartment each have a planar bottom surface which are substantially equiplanar so that inserted and connected mounted equipment extending downward and externally from the bays from the planar bottom surface have 360 degree unobstructed views.

Abstract: A pod system for an aircraft is disclosed. Embodiments provide an external, near belly-tangent modular plug-and-play pod system that includes a scalable set of left-side bays which are connected to a scalable set of right-side bays via a central compartment positioned on a bottom external surface of the aircraft's fuselage. The bays accommodate removable slide trays which have various equipment (for example, communications, intelligence, surveillance, and reconnaissance equipment) mounted thereon. The bays and slide trays combination allow for quick removal, insertion, and connection of the various mounted equipment to IP-based connectivity, power, and foundation signals from the aircraft. In an embodiment, the left-side bays, right-side bays, and central compartment each have a planar bottom surface which are substantially equiplanar so that inserted and connected mounted equipment extending downward and externally from the bays from the planar bottom surface have 360 degree unobstructed views.

Abstract: A system and method is provided for a gesture recognition interface system. The system comprises a projector configured to project colorless light and visible images onto a background surface. The projection of the colorless light can be interleaved with the projection of the visible images. The system also comprises at least one camera configured to receive a plurality of images based on a reflected light contrast difference between the background surface and a sensorless input object during projection of the colorless light. The system further comprises a controller configured to determine a given input gesture based on changes in relative locations of the sensorless input object in the plurality of images, and being further configured to initiate a device input associated with the given input gesture.

Abstract: What is disclosed is a system and method that allows a secondary certificate authority to rely on one or more existing primary certificate authorities to establish identity of a user and provide identity certificates. The secondary certificate authority applies business rules to those identity certificates to establish a community of privilege, and then issues and maintains new privilege certificates without issuing new private keys or smart cards. The new privilege certificates bind the original identity, the sponsor, i.e., the primary certificate authority, and the privilege. The new privilege certificates can be used on a Public Key Infrastructures (PKI) transaction basis, for example, to grant access to unclassified and Multi-Level Secure (MLS) resources without further reference to the existing primary certificate authorities.

Abstract: A process for generating a unique, secure and printable identity document, for authenticating the use of the document, and for granting privileges based on the document, includes generating an identity certificate for an individual. This certificate incorporates a pointer to biometric and other identifying data for the individual which are stored in a reference database. The identity certificate is encoded to produce, for example, a machine-readable printable 2-dimensional barcode as an identity document. The identity document may then be used by the document holder for generation of an encoded privilege document and this, in turn, is compared with the stored reference data, including the stored biometric when the privilege is to be exercised.

Abstract: A method for secure identity processing using biometrics is provided. A public key and a unique serial number are received from a BIOTOKEN. A random number is generated. The random number and the unique serial number are transmitted to the BIOTOKEN. A serial number received from the BIOTOKEN is compared with the unique serial number and if there is a match, an encrypted symmetric key, transmitted by the BIOTOKEN, is decrypted using the public key. An encrypted random number and encrypted biometric data associated with a user are decrypted using the decrypted symmetric key. The decrypted random number is compared with the transmitted random number, if there is a match, the decrypted biometric data is validated and the received serial number and the public key are transmitted to a certification authority if the biometric data is validated. An authentication certificate associated with the BIOTOKEN is issued by the certification authority.

Abstract: A technique for automatically obtaining a second certificate for a user using a first certificate includes accessing a server platform using a user's server and the first certificate of the user to create a connection that authenticates both the user's server identity via a server certificate of the user server and the user's identity via the user's first certificate. A secure data channel is then created between the server platform and the user platform. A request for the second certificate is forwarded by the user from the user server to the server platform and the sever platform then generates the second certificate. The first certificate may be a signature certificate and the second certificate may be an encryption certificate.

Abstract: What is disclosed is a system and method that allows a secondary certificate authority to rely on one or more existing primary certificate authorities to establish identity of a user and provide identity certificates. The secondary certificate authority applies business rules to those identity certificates to establish a community of privilege, and then issues and maintains new privilege certificates without issuing new private keys or smart cards. The new privilege certificates bind the original identity, the sponsor, i.e., the primary certificate authority, and the privilege. The new privilege certificates can be used on a Public Key Infrastructures (PKI) transaction basis, for example, to grant access to unclassified and Multi-Level Secure (MLS) resources without further reference to the existing primary certificate authorities.

Abstract: Systems and methods for verifying the identities of RFID tags are provided. An RFID reader is configured to transmit an interrogation sequence to an RFID tag and recover digital information stored on the tag from an RFID response signal. A verification module is configured to extract a plurality of characteristics of the RFID response signal associated with Technically Uncontrollable RFID Features (TURF) of the RFID tag, and verify the identity of the RFID tag according to these characteristics.

Abstract: A system and method is provided for a gesture recognition interface system. The system comprises a projector configured to project colorless light and visible images onto a background surface. The projection of the colorless light can be interleaved with the projection of the visible images. The system also comprises at least one camera configured to receive a plurality of images based on a reflected light contrast difference between the background surface and a sensorless input object during projection of the colorless light. The system further comprises a controller configured to determine a given input gesture based on changes in relative locations of the sensorless input object in the plurality of images, and being further configured to initiate a device input associated with the given input gesture.

Abstract: A method and computer program to assign certificates/private keys to a token. This method and computer program allows a user to access a certificate authority and have certificates/private keys that are used for signature, encryption and role purposes generated and downloaded to the token. The use of secure communication lines and computers is not necessary since the token contains a unique token ID and private key, while the certificate authority contains the associated public key for the token. The certificate generated is wrapped in the public key and only the token, having the associated private key, may activate the certificate.

Abstract: Systems and methods for verifying the identities of RFID tags are provided. An RFID reader is configured to transmit an interrogation sequence to an RFID tag and recover digital information stored on the tag from an RFID response signal. A verification module is configured to extract a plurality of characteristics of the RFID response signal associated with Technically Uncontrollable RFID Features (TURF) of the RFID tag, and verify the identity of the RFID tag according to these characteristics.

Abstract: A technique for automatically obtaining a second certificate for a user using a first certificate includes accessing a server platform using a user's server and the first certificate of the user to create a connection that authenticates both the user's server identity via a server certificate of the user server and the user's identity via the user's first certificate. A secure data channel is then created between the server platform and the user platform. A request for the second certificate is forwarded by the user from the user server to the server platform and the server platform then generates the second certificate. The first certificate may be a signature certificate and the second certificate may be an encryption certificate. The first certificate may be an expiring signature certificate and the second certificate may be a replacement signature certificate.

Abstract: A method and computer program to revoke and update a token (130) having several encryption, signature and role certificates/private keys contained in the token (130). The certificates/private keys in the token 130 are transmitted wrapped by a public key and may only be activated by a private key contained in the token (130). The activation of any certificate/private key requires the entry of a passphrase by a user (132). Further, all certificates/private keys contained in a token (130) are stored in an authoritative database 104. In the event that a token (130) is lost then all certificates/private keys associated with the token (130) are revoked. Further, when new certificates/private keys are issued to a user (132) these certificates/private keys are encrypted using the token's (130) public key and downloaded to the token (130).

Abstract: A method and computer program in which a user (132) may have a digital certificate created using a strong authentication technique. Once the user has the digital certificate he may then request the generation of a “single sign-on” certificate that will allow the user (132) access to a foreign computer networks. This is accomplished by the user (132) contacting a registration web server (124) and requesting the generation of “single sign-on” for the foreign computer network. Thereafter, the registration web server (124) may take a public key generated based on the digital certificate and request the creation of a “single sign-on” by simply creating a public key from the digital certificate.

Abstract: A method of automatically tracking a certificate pedigree is provided, in which a new user is provided with a piece of hardware containing a predetermined pedigree certificate stored therein, the predetermined pedigree certificate having a level of trust bearing a relationship to a category of hardware of which the provided piece of hardware is a member. An automated registration arrangement is provided which can be accessed only by users having a piece of hardware containing a predetermined pedigree certificate having a specified level of trust stored therein. When the new user accesses the automated registration arrangement using the provided piece of hardware, the automated registration arrangement provides the new user with an individual signature certificate having a level of trust commensurate with that of the pedigree certificate.

Abstract: System and method for revocation of a signature certificate in a Public Key Infrastructure (PKI) that includes an enterprise with one or more servers, a directory, a registration web server, and one or more client platforms that allow users to access the servers of the enterprise. A user may desire to revoke a potentially compromised signature certificate of the user, or a manger of the user may revoke a signature certificate because it has been lost by the user, or the manager no longer desires that the user has access to servers of an enterprise. A user or personal revocation authority (manager) initiates a revocation process by creating an authenticated secure channel with a registration web server. Using the authenticated secure channel, the user or personal revocation authority requests the registration web server revoke a user signature certificate.

Abstract: A method and computer program in which a user (132) may access the registration web server for the purpose of creating and utilizing a role certificate. This role certificate has policies associated with it and may be utilized for both encryption and as a digital signature. Individuals in a group share the same role certificate and can sign on behalf of the group. Further, individuals may decrypt messages sent to the group or any member of the group which have been encrypted using the role certificate. This method and computer program utilizes a directory (108) to maintain a list of all role certificates, their respective role administrators and all members of the organization that may utilize them. A key recovery authority (114) is utilized to recover expired role certificates. A certificate authority (110) is utilized to create and delete these role certificates. Further, a registration authority (112) is utilized to add and remove a previously created role.

Abstract: A system for arranging multiple certificates on a hardware token. A user may have several encryption certificates for different systems or uses. These can be stored on a single hardware token which is machine readable. Since the Windows 2000 systems require that the single sign-on certificate be placed first on the token, a method is provided for rearranging certificates so that the single sign-on certificate is always the first to be read.

Abstract: System and method for cross directory authentication in a Public Key Infrastructure. A first directory is configured to query a second directory when receiving queries regarding signature certificates from a second enterprise PKI. The first directory is part of a first enterprise PKI, and the second directory is part of the second enterprise PKI. Access to a first enterprise PKI server is attempted by a user. The user presents a signature certificate from the second enterprise PKI to the server for authentication. A query is sent to the first directory from the server to determine if the user is allowed access to the server. A query is sent to the second directory from the first directory to determine if the user is a member of the second enterprise PKI. The server approves access to the server if the user is a member of the second enterprise PKI.