Abstract: A vehicle screening system for screening vehicles and occupants for entrance to a secured facility is disclosed. The system can include a processor and an interface that communicates with the processor, wherein the interface displays identification information extracted from a vehicle occupant associated with a vehicle for processing by the processor. Additionally, a plurality of controls are associated with the interface and the processor, wherein the plurality of controls facilitates the handling and management of the information extracted from the vehicle occupant to either permit or deny the vehicle occupant and the vehicle entry to a secured facility through a security gate.

Abstract: A process detects an attack on a software system, eradicates the attack, automatically loads software into the software system in response to the attack, and executes one or more of a reboot of the software system or a boot of the loaded software. The loaded software comprises a substantially similar functionality of at least a portion of the software system and a different implementation of the functionality of the portion of the software system.

Abstract: A network security modeling system which simulates a network and analyzes security vulnerabilities of the network. The system includes a simulator which includes a network vulnerabilities database and a network configuration module having network configuration data. The simulator determines vulnerabilities of the simulated network based on the network configuration data and the vulnerabilities database.

Abstract: A system and method for secure group communications is provided. One embodiment provides a method for implementing a virtual private group network. The method includes creating a virtual private group definition on a policy server, establishing a plurality of secure connections between the policy server and a plurality of group nodes, sending a copy of the virtual private group definition from the policy server to the group nodes, sending a shared traffic encryption key from the policy server to each of the group nodes, and sharing secure communication information among the group nodes using the shared traffic encryption key, wherein each group node is included in the virtual private group definition.

Abstract: A system includes a motion detection processor, a motion tracking processor, a people detection processor, a controller, a fusion processor, an appearance model generator processor, a database, a fast search processor, and a matching processor. The motion detection processor, the motion tracking processor, the controller, the people detection processor, the fusion processor, and the appearance model generator processor comprise an analytics pipeline, and the database and the fast search processor comprise a data index pipeline.

Abstract: A system and method for restricting packet transfer to a computer across a network, wherein the computer includes a network interface device coupled to the network and wherein the network interface device includes a packet filter. A security server is connected to the network. A packet is received at the network interface device and the network interface device determines if the packet is an authorized transaction. If the packet is not an authorized transaction, the packet is routed to the security server, where the security server determines whether the packet is an authorized transaction. If the security server determines that the packet is an authorized transaction, the network interface device is configured to accept similar transactions.

Abstract: A network security modeling system which simulates a network and analyzes security vulnerabilities of the network. The system includes a simulator which includes a network vulnerabilities database and a network configuration module having network configuration data. The simulator determines vulnerabilities of the simulated network based on the network configuration data and the vulnerabilities database.

Abstract: A method and system for selecting and allocating high confidence biometric data. A combination of presented identification information along with gathered biometric data are associated with an entity separated by a sensor trigger. For example, presenting a driver's license in addition to automated gathering and identification of face, iris, voice, or any other combination of biometrics can be implemented in the context of gathering and selecting biometric data. Such a method and system solves the problem of harvesting sensor data from disparate sources together to form a more strongly identified individual user profile with appropriate related identifying information.

Abstract: A vehicle screening system for screening vehicles and occupants for entrance to a secured facility. The system can include a processor and an interface that communicates with the processor, wherein the interface displays identification information extracted from a vehicle occupant associated with a vehicle for processing by the processor. Additionally, a plurality of controls are associated with the interface and the processor, wherein the plurality of controls permit facilitates the handling and management of the information extracted from the vehicle occupant in order to permit or deny the vehicle occupant and the vehicle entry to a secured facility through a security gate.

Abstract: A vehicle screening method and system. A vehicle occupant can be identified utilizing one or more biometric identifiers input by or obtained from the vehicle occupant via a biometric input device. A barcode can also be provided by the vehicle occupant from a scanned card or other structure upon which the barcode is maintained. Additionally, a unique identification number can be provided by the user in order to match the unique identification number against a database of identification numbers, thereby permitting the vehicle occupant to be remotely screened and verified for entry into a secure facility based on the biometric identifier(s), the barcode and the unique identification number.

Abstract: A network security modeling system which simulates a network and analyzes security vulnerabilities of the network. The system includes a simulator which includes a network vulnerabilities database and a network configuration module having network configuration data. The simulator determines vulnerabilities of the simulated network based on the network configuration data and the vulnerabilities database.

Abstract: Systems and methods for an associative policy model are provided. One embodiment of the present invention provides a method for implementing an associative policy. In this embodiment, the method includes providing a policy on a policy server, the policy having a service definition that contains first and second relational components, providing first and second network entities, operatively coupling the first and second network entities to the policy server, dynamically associating the first network entity with the second network entity (wherein such associating includes binding the first relational component of the service definition in the policy to the first network entity, and binding the second relational component of the service definition in the policy to the second network entity), and enforcing the policy on the first and second network entities.

Abstract: A novel system and method for transmitting and receiving secure data in a virtual private group (VPG). In one embodiment, a method for transmitting secure data from a first node to a second node includes accessing a group membership table on the first node, the group membership table having group membership information for each group, including a first group, to which the first node belongs and group security information associated with each group, wherein the first group has two or more members, and checking the group membership table to determine if the second node is a member of the first group. If the second node is a member of the first group, the method further includes encrypting a data packet using the group security information associated with the first group, processing the encrypted data packet, and transmitting the encrypted data packet from the first node to the second node.

Abstract: Systems and methods for an associative policy model are provided. One embodiment of the present invention provides a method for implementing an associative policy. In this embodiment, the method includes providing a policy on a policy server, the policy having a service definition that contains first and second relational components, providing first and second network entities, operatively coupling the first and second network entities to the policy server, dynamically associating the first network entity with the second network entity (wherein such associating includes binding the first relational component of the service definition in the policy to the first network entity, and binding the second relational component of the service definition in the policy to the second network entity), and enforcing the policy on the first and second network entities.

Abstract: A system and method for secure group communications is provided. One embodiment provides a method for implementing a virtual private group network. The method includes creating a virtual private group definition on a policy server, establishing a plurality of secure connections between the policy server and a plurality of group nodes, sending a copy of the virtual private group definition from the policy server to the group nodes, sending a shared traffic encryption key from the policy server to each of the group nodes, and sharing secure communication information among the group nodes using the shared traffic encryption key, wherein each group node is included in the virtual private group definition.

Abstract: A novel system and method for transmitting and receiving secure data in a virtual private group (VPG). In one embodiment, a method for transmitting secure data from a first node to a second node includes accessing a group membership table on the first node, the group membership table having group membership information for each group, including a first group, to which the first node belongs and group security information associated with each group, wherein the first group has two or more members, and checking the group membership table to determine if the second node is a member of the first group. If the second node is a member of the first group, the method further includes encrypting a data packet using the group security information associated with the first group, processing the encrypted data packet, and transmitting the encrypted data packet from the first node to the second node.

Abstract: A system and method for restricting packet transfer to a computer across a network, wherein the computer includes a network interface device coupled to the network and wherein the network interface device includes a packet filter. A security server is connected to the network. A packet is received at the network interface device and the network interface device determines if the packet is an authorized transaction. If the packet is not an authorized transaction, the packet is routed to the security server, where the security server determines whether the packet is an authorized transaction. If the security server determines that the packet is an authorized transaction, the network interface device is configured to accept similar transactions.

Abstract: A method and apparatus for ensuring secure communication over an unsecured communications medium between a user working on an unsecured workstation or computer and a host computer. A secure user interface is created by inserting a trusted path subsystem between input/output devices to the workstation and the workstation itself. Data transferred from the input/output devices is intercepted, encrypted and transmitted in packets to the host computer. Packets of screen display data from the host computer are decrypted and presented within a user-defined screen overlay.

Abstract: A system and method for encrypting blocks of plain text. Output FIFO memories are provided for decoupling pseudorandom vector generation from plain text encryption. The output FIFOs produce the effect of multiplexing several cryptographic devices together and can be combined with feedback FIFO memories in order to provide key agility and parallel secret key encryption. Throughput is also enhanced by constructing wide codebooks so that a block of data can be enciphered as a whole.

Abstract: A method and apparatus for ensuring secure communication over an unsecured communications medium between a user working on an unsecured workstation or computer and a host computer. A secure user interface is created by inserting a trusted path subsystem between input/output devices to the workstation and the workstation itself. Data transferred from the input/output devices is intercepted, encrypted and transmitted in packets to the host computer. Packets of screen display data from the host computer are decrypted and presented within a user-defined screen overlay.