Abstract: A protective canopy is intended for use over existing structures undergoing roofing replacement or repairs, for the protection of workers from direct sunlight and inclement weather. An upper surface is comprised of a weatherproof tarpaulin. The tarpaulin is anchored along edge portions to the ground surface using guy lines, and supported by a plurality of adjustable poles which are positioned upon the roof surface.

Abstract: A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.

Abstract: Disclosed is a method for encrypted communications. A first IPsec endpoint selects a security association (SA) from a security association database (SAD) by using a selector and then extracts an indexing parameter from SA. The indexing parameter is used to determine an active key location from a key storage database (KSD). Data packets are then encrypted using a key from the active key location. The first IPsec endpoint also forms a security parameter index (SPI) in a header of the data packet by using a keyID from the active key location and transmits the encrypted data packet with the header indicating the SPI to a second IPsec endpoint.

Abstract: A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.

Abstract: A method for managing a packet in a communication system between two or more endpoints, a sender and one or more recipients, comprises receiving a first packet comprising a source identifier that uniquely identifies a sender of the first packet and a current source time assigned to the first packet by the sender, determining a received time for the first packet, retrieving a cached source time assigned by the sender to a second packet that was received prior to receiving the first packet, and determining whether to discard or process the first packet based on the current source time, the received time, and the cached source time. The current source time, the received time, and the cached time, in addition to predetermined parameters such as a maximum age and an anti-replay window allows a recipient to determine whether to process or discard a packet.

Abstract: A transmitting device (100) generates a message (102). The message has a message length (104) and comprises message data (106). A key input (108) is identified, and a message authentication key (112) is derived based on the key input and the message length. Based on the message authentication key and the message data, a message authentication code (118) is derived, which is used to authenticate the message.

Abstract: A transmitting device generates a header, at least one data block, a first message authentication code (MAC), and an authentication indicator to create a trunking control message. The trunking control message is transmitted to a receiving device, such that, upon receipt of the trunking control message by the receiving device, the receiving device can generate a second MAC. Once the second MAC is generated, the receiving device compares the second MAC to the first MAC. The at least one data block is determined to be authentic if the second MAC matches the first MAC. If the at least one data block is authentic, the receiving device processes the at least one data block; otherwise, the receiving device discards the trunking control message.

Abstract: A transmitting device (100) generates a message (102). The message has a message length (104) and comprises message data (106). A key input (108) is identified, and a message authentication key (112) is derived based on the key input and the message length. Based on the message authentication key and the message data, a message authentication code (118) is derived, which is used to authenticate the message.

Abstract: The following describes an apparatus for and method of providing a secure method of downloading a program into a processor (101) from a device (103) external to the processor (101). The program may be encrypted (207) prior to its entry into the external device (103). The program may also have authentication information added (203 and 207) to it. Authentication information may be provided on an unencrypted and/or an encrypted program. The processor (101) decrypts (307) and/or successfully authenticates (311) the program before allowing the program to be executed by the processor (101).

Abstract: The method generally includes the steps of receiving (201) a message (100) comprising a message indicator (101) and a plurality of encrypted blocks (103 through 111). When at least one block of the plurality of encrypted blocks is received with error, a second message is transmitted (215), which second message requests a retransmission of the at least one block. Upon receiving the retransmission of the at least one block without error, a keystream is generated (219) from the message indicator and the at least one block is decrypted using the keystream.

Abstract: An apparatus for and method of correcting errors in a received signal comprised of a rate-one orthogonal convolutional code generated by an LFSR involved feeding (403) a received signal into a multiple-stage shift register (201). Estimates of one of the stages of the shift register are performed by estimators (203, 205, 207, 209, 211, 213, and 215) and are based on the outputs of several of the other stages of the shift register (201). These estimates are combined on a bit-by-bit basis to provide a corrected received signal, which is used as the output of the shift register (201).

Abstract: A method of decrypting retransmitted parts of a message includes receiving (201) a message comprising encryption synchronization and a plurality of encrypted blocks. Until a first block of the plurality of encrypted blocks is received with error, a first keystream is generated (205) from the encryption synchronization and at least one of the plurality of encrypted blocks, and, using the first keystream, the plurality of encrypted blocks, received without error before the first block of the plurality of encrypted blocks is received with error, is decrypted (207). A priming block is determined (211) from the message. When the first block of the plurality of encrypted blocks is received with error, a second message is transmitted (219) requesting a retransmission of the first block.

Abstract: A key management system for encryption keys removes the effect of secure communications loss during a rekey period in a secure communications system. Use of key indexes to partition encryption keys into usable subgroups such that during a rekey period, continuous secure communications are maintained throughout the entire secure communications system.

Abstract: In a communication system that includes a plurality of communication units, a communication resource allocator, and a limited number of transceivers that transceive information amongst the plurality of communication units via a limited number of communication resources, at least some of the information is transceived utilizing encryption means. To enhance the security of the communication system multiple keys are employed wherein a first communication unit transmits information identifying a particular key of the plurality of keys. Upon receiving the identifying information, at least a second communication unit looks up the particular key that is represented by the identifying information. Once the key is determined, it is loaded into a cryptographic circuit of the second communication unit enabling the second communication unit to receive encrypted messages from the first communication unit.

Abstract: A method for recovering from encryption key variable loss, either inadvertent or the result of tampering. A predetermined key encryption key is encrypted with itself at the time when keys are first loaded, and the resultant key loss key is stored in non-volatile memory. This key loss key acts as a key encryption key for decryption of new shadow and traffic keys.

Abstract: A method of message authentication in an encrypted communication system with over-the-channel rekeying features the ability of a communication unit (107) to authenticate (1709) a rekeying message (701) from a key management controller (101) using a message number (1517A) comparison, thereby preventing outside interference from unauthorized rekeying message transmissions.

Abstract: This key management system effectively solves the key distribution problems of distance, time, operator error, and security risk by transferring encryption keys with appropriate system information between a key management controller (101) and a remote keyloader (109). The keyloader (109) is then coupled to a communication device to transfer (327) the keys and receive (329) identification information from the communication device. The keyloader (109) then sends (323) the information to the key management controller (101) that controls the distribution of the encryption keys and collection of the communication device identifications.

Abstract: Formation and sending of rekeying messages (305, 415, 515, and 605) in an encrypted communication system with over-the-channel rekeying of communication units is performed by a KMC, key management controller (101). The KMC (101) forms messages to provide new keys (1541), zeroization information (1549), and key indexing information (1543) to communication units (107), and to provide keyloader upload data (1563). Acknowledgments and rekey requests are also handled between the KMC (101) and communication units (107).

Abstract: A single sync field (501) and multiple messages or message segments (503, 507, 511, and 515) are chained (407) together and encrypted (407) as a whole. When this encrypted chained message is received, it is decrypted as a whole (605), or in part (613) by setting up (609) and filling (611) a holding register with the encryption state of the encrypting device.

Abstract: This method of key distribution locates (401,501) an individual communication unit (107) within an encrypted communication system with over-the-channel rekeying and then rekeys (415, 515) the unit. The method uses a key management controller (101) to manage and distribute keys (1541) and handle acknowledgments that are either immediate or delayed from receipt of the rekeying message.