公开(公告)号：US12192181B2

公开(公告)日：2025-01-07

申请号：US18117768

申请日：2023-03-06

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Timothy Hartley ,  Deborah Charan ,  Ranga S. Ramanujan

IPC: H04W12/02 ,  G06F21/60 ,  H04L9/40 ,  H04L47/2441 ,  H04L49/201 ,  H04L69/22 ,  H04W4/06 ,  H04L45/16 ,  H04L69/04

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising a computing device, which provides Efficient Data-In-Transit Protection Techniques for Handheld Devices (EDITH) to protect data-in-transit. An end user device (EUD) may generate a multicast data packet. The EDITH module of the EUD encapsulates the data packet in a GRE packet and directs the GRE packet to a unicast destination address of an EDITH Multicast Router included in an infrastructure. The EDITH module on the EUD double compresses and double encrypts the GRE packet. The EDITH module on the infrastructure decrypts and decompresses the double compressed and double encrypted GRE packet to recreate the GRE packet. The EDITH module on the infrastructure decapsulates the GRE packet to derive the original multicast data packet, and distributes the original multicast data packet to the multiple group member based on the multicast destination address included in the original multicast data packet.

公开(公告)号：US11675889B1

公开(公告)日：2023-06-13

申请号：US17093206

申请日：2020-11-09

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Jafar Al-Gharaibeh ,  Timothy Hartley ,  Ranga S. Ramanujan

IPC: G06F21/40 ,  G06F21/60 ,  G06F21/31 ,  H04L9/40

CPC classification number: G06F21/40 ,  G06F21/316 ,  G06F21/602 ,  H04L63/102 ,  H04L63/0815

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows a device to be used in different classification levels by powering the device down and booting to a different classified level without the need to switch hard drives. The disclosed software shield and persona switcher (Shielder) module provides independent application environments (personas) for separate security domains while allowing fast transition between personas. Shielder module supports multiple security classification via a minimal system storage partitioning. Shielder module allows efficient collection and reallocation of memory and persistent storage according to need and priority. Shielder module provides secure management of communication media by directing the system communication according to the security profile of the active persona.

公开(公告)号：US11973783B1

公开(公告)日：2024-04-30

申请号：US18089083

申请日：2022-12-27

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Ian McLinden ,  Timothy Hartley

IPC: H04L9/40 ,  H04L12/46

CPC classification number: H04L63/1425 ,  H04L63/0236 ,  H04L63/101 ,  H04L63/105 ,  H04L63/1416 ,  H04L63/1458 ,  H04L12/4641

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows in-network and network-border protection for Internet of things (IoT) devices by securely partitioning network space and defining service-based access to IoT devices. The disclosed segmented attack prevention system for IoT networks (SAPSIN) segments the IoT network into two virtual networks: a service network and a control network; and define access control rules for each virtual network. In the service network, SAPSIN utilizes a service-based approach to control device access, allowing only configured protocol, applications, network ports, or address groups to enter or exit the network. In control network, the SAPSIN provides the access control rules by defining a threshold for the number of configuration requests within a predetermined time. As a result, SAPSIN protects IoT devices against intrusion and misuse, without the need for device-specific software or device-specific security hardening.

公开(公告)号：US10015196B1

公开(公告)日：2018-07-03

申请号：US15632538

申请日：2017-06-26

Applicant: Architecture Technology Corporation

Inventor： Timothy Hartley ,  Ranga Ramanujan ,  Jafar Al-Gharaibeh

IPC: H04L29/06 ,  G06F3/06 ,  H04L12/26

CPC classification number: H04L63/18 ,  G06F3/0622 ,  G06F3/0659 ,  G06F3/0664 ,  G06F3/067 ,  G06F21/53 ,  G06F21/74 ,  H04L43/0829 ,  H04L43/0864 ,  H04L43/0882 ,  H04L63/0245 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/105 ,  H04L67/34 ,  H04W12/02 ,  H04W12/08

Abstract: An example method includes receiving an indication of a selection of a first application environment that includes a first virtual environment associated with a first security domain and is configured to isolate execution of software applications within the first application environment, suspending execution of a second application environment that includes a second virtual environment associated with a second security domain different from the first security domain, initiating execution of the first application environment, identifying information associated with the first security domain and provided by the first application environment that is to be sent to an external computing device associated with the first security domain, selecting communication network(s) from one or more communication networks that are each available to the mobile computing device for data communication, encrypting, based on the first security domain and network(s), the information, and sending, to the external computing device via the network(s), the encrypted information.

公开(公告)号：US11637815B1

公开(公告)日：2023-04-25

申请号：US17171436

申请日：2021-02-09

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Timothy Hartley ,  Deborah Charan ,  Ranga S. Ramanujan

IPC: H04W12/02 ,  H04L9/40 ,  H04L69/22 ,  H04L49/201 ,  H04L47/2441 ,  H04W4/06 ,  G06F21/60 ,  H04L69/04 ,  H04L45/16

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising a computing device, which provides Efficient Data-In-Transit Protection Techniques for Handheld Devices (EDITH) to protect data-in-transit. An end user device (EUD) may generate a multicast data packet. The EDITH module of the EUD encapsulates the data packet in a GRE packet and directs the GRE packet to a unicast destination address of an EDITH Multicast Router included in an infrastructure. The EDITH module on the EUD double compresses and double encrypts the GRE packet. The EDITH module on the infrastructure decrypts and decompresses the double compressed and double encrypted GRE packet to recreate the GRE packet. The EDITH module on the infrastructure decapsulates the GRE packet to derive the original multicast data packet, and distributes the original multicast data packet to the multiple group member based on the multicast destination address included in the original multicast data packet.

公开(公告)号：US11563763B1

公开(公告)日：2023-01-24

申请号：US16989534

申请日：2020-08-10

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Ian McLinden ,  Timothy Hartley

IPC: H04L9/40 ,  H04L12/46

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows in-network and network-border protection for Internet of things (IoT) devices by securely partitioning network space and defining service-based access to IoT devices. The disclosed segmented attack prevention system for IoT networks (SAPSIN) segments the IoT network into two virtual networks: a service network and a control network; and define access control rules for each virtual network. In the service network, SAPSIN utilizes a service-based approach to control device access, allowing only configured protocol, applications, network ports, or address groups to enter or exit the network. In control network, the SAPSIN provides the access control rules by defining a threshold for the number of configuration requests within a predetermined time. As a result, SAPSIN protects IoT devices against intrusion and misuse, without the need for device-specific software or device-specific security hardening.

公开(公告)号：US10791091B1

公开(公告)日：2020-09-29

申请号：US15895897

申请日：2018-02-13

Applicant: Architecture Technology Corporation

Inventor： Clint Sanders ,  Ranga S. Ramanujan ,  Timothy Hartley

IPC: H04L29/06 ,  H04L12/18 ,  H04L12/761

Abstract: Disclosed is a high assurance unified switching device corresponding to a modular, standards-compliant extensible network switch supporting multiple security domains with data isolation of multiple data packets obtained from the multiple security domains. The device may comprise an inner layer router and an outer layer security wrapper (outer layer router). The ports on the outer layer router are configured for different security domains and assigned corresponding key pairs. The ports use the assigned key pairs for encrypting data packets prior to routing and decrypt the data after routing such that there is an isolation of data packets of different security domains. A routed packet arriving at the wrong port cannot be decrypted and therefore is dropped.

公开(公告)号：US10609076B1

公开(公告)日：2020-03-31

申请号：US16022531

申请日：2018-06-28

Applicant: Architecture Technology Corporation

Inventor： Timothy Hartley ,  Ranga Ramanujan ,  Jafar Al-Gharaibeh

IPC: H04L29/06 ,  H04L29/08 ,  H04W12/08 ,  H04W12/02 ,  G06F21/53 ,  G06F3/06 ,  G06F21/74 ,  H04L12/26

Abstract: An example method includes receiving an indication of a selection of a first application environment that includes a first virtual environment associated with a first security domain and is configured to isolate execution of software applications within the first application environment, suspending execution of a second application environment that includes a second virtual environment associated with a second security domain different from the first security domain, initiating execution of the first application environment, identifying information associated with the first security domain and provided by the first application environment that is to be sent to an external computing device associated with the first security domain, selecting communication network(s) from one or more communication networks that are each available to the mobile computing device for data communication, encrypting, based on the first security domain and network(s), the information, and sending, to the external computing device via the network(s), the encrypted information.

公开(公告)号：US09769131B1

公开(公告)日：2017-09-19

申请号：US15226515

申请日：2016-08-02

Applicant: Architecture Technology Corporation

Inventor： Timothy Hartley ,  Ranga Ramanujan ,  Jafar Al-Gharaibeh

IPC: H04L29/06 ,  H04L29/08 ,  G06F21/74

CPC classification number: H04L63/18 ,  G06F3/0622 ,  G06F3/0659 ,  G06F3/0664 ,  G06F3/067 ,  G06F21/53 ,  G06F21/74 ,  H04L43/0829 ,  H04L43/0864 ,  H04L43/0882 ,  H04L63/0245 ,  H04L63/0272 ,  H04L63/0428 ,  H04L63/105 ,  H04L67/34 ,  H04W12/02 ,  H04W12/08

Abstract: An example method includes receiving an indication of a selection of a first application environment that includes a first virtual environment associated with a first security domain and is configured to isolate execution of software applications within the first application environment, suspending execution of a second application environment that includes a second virtual environment associated with a second security domain different from the first security domain, initiating execution of the first application environment, identifying information associated with the first security domain and provided by the first application environment that is to be sent to an external computing device associated with the first security domain, selecting communication network(s) from one or more communication networks that are each available to the mobile computing device for data communication, encrypting, based on the first security domain and network(s), the information, and sending, to the external computing device via the network(s), the encrypted information.

公开(公告)号：US11792160B1

公开(公告)日：2023-10-17

申请号：US17032871

申请日：2020-09-25

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Clint Sanders ,  Ranga S. Ramanujan ,  Timothy Hartley

IPC: H04L29/06 ,  H04L9/40 ,  H04L12/18 ,  H04L45/16

CPC classification number: H04L63/0218 ,  H04L9/40 ,  H04L12/18 ,  H04L45/16 ,  H04L63/0485 ,  H04L63/0853 ,  H04L63/162

Abstract: Disclosed is a high assurance unified switching device corresponding to a modular, standards-compliant extensible network switch supporting multiple security domains with data isolation of multiple data packets obtained from the multiple security domains. The device may comprise an inner layer router and an outer layer security wrapper (outer layer router). The ports on the outer layer router are configured for different security domains and assigned corresponding key pairs. The ports use the assigned key pairs for encrypting data packets prior to routing and decrypt the data after routing such that there is an isolation of data packets of different security domains. A routed packet arriving at the wrong port cannot be decrypted and therefore is dropped.