Abstract: Method and systems using stateful encryption for non-bypassable FPGA configuration including receiving, at an FPGA, FPGA-configuration data comprising a cryptographic state to initialize a cryptographic state of the FPGA, and decrypting, at the FPGA, the FPGA-configuration data, wherein decrypting the FPGA-configuration data yields at least a second cryptographic state and decrypted FPGA-configuration data. Embodiments can include receiving, at the FPGA, a challenge message, processing, at the FPGA, the challenge message to yield at least a third cryptographic state and a response, and transmitting the response from the FPGA.

Abstract: Method and systems using stateful encryption for non-bypassable FPGA configuration including receiving, at an FPGA, FPGA-configuration data comprising a cryptographic state to initialize a cryptographic state of the FPGA, and decrypting, at the FPGA, the FPGA-configuration data, wherein decrypting the FPGA-configuration data yields at least a second cryptographic state and decrypted FPGA-configuration data. Embodiments can include receiving, at the FPGA, a challenge message, processing, at the FPGA, the challenge message to yield at least a third cryptographic state and a response, and transmitting the response from the FPGA.

Abstract: A method and system for configuring a field-programmable gate array (FPGA) includes receiving an encrypted FPGA load-decryption key at an FPGA from a remote key-storage device. The remote key-storage device may be external to and operatively connected with the FPGA. The encrypted FPGA load-decryption key is decrypted using a session key, which may be stored at both the FPGA and the remote key-storage device. Encrypted FPGA-configuration data is received at the FPGA, and decrypted and authenticated using the decrypted FPGA load-decryption key. The decryption of the FPGA-configuration data may indicate a cryptographic state associated with the FPGA-configuration data, which may be used in recurring authentication of the FPGA-configuration data. For recurring authentication, a challenge message may be received at the FPGA from an authentication device, which may be encrypted using the cryptographic state and the session key to generate a response message.

Abstract: A method and system for configuring a field-programmable gate array (FPGA) includes receiving an encrypted FPGA load-decryption key at an FPGA from a remote key-storage device. The remote key-storage device may be external to and operatively connected with the FPGA. The encrypted FPGA load-decryption key is decrypted using a session key, which may be stored at both the FPGA and the remote key-storage device. Encrypted FPGA-configuration data is received at the FPGA, and decrypted and authenticated using the decrypted FPGA load-decryption key. The decryption of the FPGA-configuration data may indicate a cryptographic state associated with the FPGA-configuration data, which may be used in recurring authentication of the FPGA-configuration data. For recurring authentication, a challenge message may be received at the FPGA from an authentication device, which may be encrypted using the cryptographic state and the session key to generate a response message.

Abstract: A method and system for configuring a field-programmable gate array (FPGA) includes receiving an encrypted FPGA load-decryption key at an FPGA from a remote key-storage device. The remote key-storage device may be external to and operatively connected with the FPGA. The encrypted FPGA load-decryption key is decrypted using a session key, which may be stored at both the FPGA and the remote key-storage device. Encrypted FPGA-configuration data is received at the FPGA, and decrypted and authenticated using the decrypted FPGA load-decryption key. The decryption of the FPGA-configuration data may indicate a cryptographic state associated with the FPGA-configuration data, which may be used in recurring authentication of the FPGA-configuration data. For recurring authentication, a challenge message may be received at the FPGA from an authentication device, which may be encrypted using the cryptographic state and the session key to generate a response message.

Abstract: A method and system for configuring a field-programmable gate array (FPGA) includes receiving an encrypted FPGA load-decryption key at an FPGA from a remote key-storage device. The remote key-storage device may be external to and operatively connected with the FPGA. The encrypted FPGA load-decryption key is decrypted using a session key, which may be stored at both the FPGA and the remote key-storage device. Encrypted FPGA-configuration data is received at the FPGA, and decrypted and authenticated using the decrypted FPGA load-decryption key. The decryption of the FPGA-configuration data may indicate a cryptographic state associated with the FPGA-configuration data, which may be used in recurring authentication of the FPGA-configuration data. For recurring authentication, a challenge message may be received at the FPGA from an authentication device, which may be encrypted using the cryptographic state and the session key to generate a response message.

Abstract: A multi-level secure multi-processor computer architecture. The inventive architecture provides an inexpensive security solution for integrated avionics and includes a plurality of nodes. The nodes are connected via a switch in a network configuration over which data is routed using labels. The switch is controlled to facilitate secure communication of data between the nodes. In the illustrative embodiment, the network is a Fibre Channel network including plural switches in which a system manager node serves to control routing between nodes based on a security policy. Each node has a central processing unit. The system manager is implemented as a node and sets up routing tables for selective connection of the nodes via the switch. The label assignments are stored in Fibre Channel network interface cards disposed on each node. The system manager also sets up label routing tables that authorize the interconnection of selective nodes.

Abstract: A method for detecting entry into a secure area uses a passive entry detector. The secure area has an access door, having a closed position. The passive entry detector comprises a source of energy internal or external to the passive entry detector, an activator for detecting a change in the access door from its closed position, and for releasing the energy in response to the change of the access door from the closed position. The energy is transferred to one or more pseudo random units. Each of the pseudo random units has a plurality of mechanical states. The pseudo random units are responsive to the activator. The activator induces a change of the mechanical states in the pseudo random units upon transfer of energy. The pseudo random units report the mechanical states upon interrogation. Using above passive entry detector, a first interrogation using the interface is performed to create a first record to identify one or more mechanical states with the access door in the closed position.

Abstract: A method and apparatus for fault management in a network. A network architecture is disclosed including at least one network switch, several network interface cards, several processors (host) and a network manager. Fault reporting and detection logic is implemented in each switch and in each network interface card. In addition, multiple fault reporting pathways are provided for each switch and each network interface card. As a result, utilizing message exchanges such as Fibre Channel exchange messages, the switch, the network interface cards and the processors (host) are able to autonomously generate and report faults to the network manager. The combined fault reporting enables the network manager to more accurately isolate faults. In addition, because of the autonomous nature of the fault reporting, faults may be detected and corrected prior to the initiation of a communication session.

Abstract: A stream computer comprises a plurality of interconnected functional units. The functional units are responsive to a data- stream containing data and tokens. The data is to be operated on by one or more of the plurality of interconnected functional units. Digital logic cooperatively associated with one of the functional units adds one or more tokens to the data stream presented to one of the functional units. The tokens are representative of the type of data being generated or received by the functional units. The digital logic also reports the occurrence of said one or more tokens within said data stream without interrupting the data stream. The digital logic reports one or more tokens arriving at one of the functional units as part of the data stream to a graphical programming environment. The graphical programming environment is compatible with human perception.

Abstract: A stream computer has a first plurality of interconnected functional units. The functional units are responsive to a data stream containing data and tokens. The data is to be operated on by one or more of the first plurality of interconnected functional units.

Abstract: A stream computer comprises a plurality of interconnected functional units. The functional units are responsive to a data- stream containing data and tokens. The data is to be operated on by one or more of the plurality of interconnected functional units.

Abstract: An innovative middleware architecture for interfacing between a user Application Programming Interface (API) (12) and a target API (16) comprised of two layers with an Intermediate Target Independent Interface (34). This architecture divides the middleware into two separate and distinct layers separated by an Intermediate Target Independent Interface (ITII). The front-end layer (32) maps the user API (12) to the ITII (34), and then the backend layer (36) maps the ITII (34) to the target API (16). In the preferred embodiment, the implementation of each layer would be via a software library, although each library can be divided into sub-libraries. The key feature is the ITII. The ITII defines the fixed interface between the front end of the middleware and the backend of middleware. Each layer will translate between ITII and the other interface while handling various issues associated with that translation. Such issues include initialization, error handling, and programming language differences.

Abstract: A method and apparatus for fault management in a network. A network architecture is disclosed including at least one network switch, several network interface cards, several processors (host) and a network manager. Fault reporting and detection logic is implemented in each switch and in each network interface card. In addition, multiple fault reporting pathways are provided for each switch and each network interface card. As a result, utilizing message exchanges such as Fibre Channel exchange messages, the switch, the network interface cards and the processors (host) are able to autonomously generate and report faults to the network manager. The combined fault reporting enables the network manager to more accurately isolate faults. In addition, because of the autonomous nature of the fault reporting, faults may be detected and corrected prior to the initiation of a communication session.