公开(公告)号：US10728106B1

公开(公告)日：2020-07-28

申请号：US15583711

申请日：2017-05-01

Applicant: Architecture Technology Corporation

Inventor： Timothy E. Hartley ,  Ranga S. Ramanujan

IPC: H04L12/24 ,  H04L29/08 ,  H04L12/46 ,  H04L12/741 ,  H04L29/06 ,  G06F9/455

Abstract: A method of managing a plurality of client nodes in a network is disclosed. A plurality of domains is provided in the network, each domain isolating data from other domains. A plurality of applications is also provided, each application of the plurality of applications allowed to operate in one or more of the plurality of domains. Each of the plurality of client nodes is allowed to operate in one or more of the plurality of domains. The method includes assigning the plurality of applications to the plurality of client nodes, such that each application of the plurality of applications is assigned to a client node that is allowed to operate in a domain that the application is allowed to operate in.

公开(公告)号：US10721213B1

公开(公告)日：2020-07-21

申请号：US15611127

申请日：2017-06-01

Applicant: Architecture Technology Corporation

Inventor： Ryan L. Hagelstrom ,  Ranga S. Ramanujan ,  Nathan E. Bahr

IPC: H04L29/06 ,  H04L12/18 ,  H04L12/741 ,  G06F21/60

Abstract: A method of obfuscating a source of a multicast packet is provided. The method includes receiving a plurality of multicast packets at a first device from one or more second devices, the multicast packets received over one or more network links. A source internet protocol (IP) address of each multicast packet of the plurality of multicast packets is an IP address of the one or more second devices that sent the multicast packet. The source IP address of each of the plurality of multicast packets is changed to an IP address other than an IP address of the first device or an IP address of the one or more second devices. The plurality of multicast packets can then be sent.

公开(公告)号：US10606660B1

公开(公告)日：2020-03-31

申请号：US15583692

申请日：2017-05-01

Applicant: Architecture Technology Corporation

Inventor： Timothy E. Hartley ,  Ranga S. Ramanujan

IPC: H04L29/08 ,  H04L12/24 ,  G06F9/50 ,  G06F9/455

Abstract: One embodiment is directed to a method of managing hardware resources of a plurality of client nodes. The method includes providing a plan that indicates when to execute a plurality of applications and identifying one or more concurrent applications which are one or more of the plurality of applications that are scheduled to execute concurrently according to the plan. The method also includes determining which of the one or more concurrent applications to execute on which of a plurality of client nodes by maximizing a utility function that factors in aspects of each of one or more concurrent applications and the hardware resources of the plurality of client nodes. Respective client nodes of the plurality of client nodes are instructed to execute respective applications as determined.

公开(公告)号：US12058262B2

公开(公告)日：2024-08-06

申请号：US18145841

申请日：2022-12-22

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Ranga S. Ramanujan ,  Deborah K. Charan ,  Barry A. Trent ,  Jordan C. Bonney

IPC: H04L9/00 ,  H04L9/32 ,  H04L9/40

CPC classification number: H04L9/3213 ,  H04L9/3228 ,  H04L9/3234 ,  H04L9/3263 ,  H04L63/083

Abstract: Embodiments for a computer readable medium including a software module are provided. The software module causes one or more processing devices to obtain a biometric identifier from a user. Access to a resource is requested by providing a software credential token and the biometric identifier. The software credential token corresponds to a hardware credential token, and the hardware credential token is one of a set of hardware credential tokens that are used to access the resource. An indication that access to the resource has been granted is received and after receiving the indication an indication that the access to the resource has been revoked is received. After receiving the indication that access to the resource has been revoked, a biometric identifier is re-obtained from a user and access to the resource is re-requested by providing a software credential token and the re-obtained biometric identifier.

公开(公告)号：US12047285B2

公开(公告)日：2024-07-23

申请号：US16812917

申请日：2020-03-09

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Ranga S. Ramanujan ,  Benjamin L. Burnett ,  Barry A. Trent ,  Jafar Al-Gharaibeh

IPC: H04L45/74 ,  H04L45/02 ,  H04L45/125 ,  H04L45/24 ,  H04W40/00

CPC classification number: H04L45/74 ,  H04L45/02 ,  H04L45/125 ,  H04L45/24 ,  H04W40/00

Abstract: A method of routing an Internet Protocol (IP) packet from a routing device is provided. The method includes receiving a first IP packet having a first IP header and a first IP data field, the first IP packet having a final destination corresponding to a destination device communicatively coupled to the routing device via a network route including at least two hops between the routing device and the final destination. A second IP packet having a second IP header and a second IP data field is generated. The second IP data field is a copy of the first IP data field, and a destination IP address field in the second IP header includes an IP address of a next hop on the network route. The second IP packet does not include an IP address of the final destination in the second IP header.

公开(公告)号：US11792160B1

公开(公告)日：2023-10-17

申请号：US17032871

申请日：2020-09-25

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Clint Sanders ,  Ranga S. Ramanujan ,  Timothy Hartley

IPC: H04L29/06 ,  H04L9/40 ,  H04L12/18 ,  H04L45/16

CPC classification number: H04L63/0218 ,  H04L9/40 ,  H04L12/18 ,  H04L45/16 ,  H04L63/0485 ,  H04L63/0853 ,  H04L63/162

Abstract: Disclosed is a high assurance unified switching device corresponding to a modular, standards-compliant extensible network switch supporting multiple security domains with data isolation of multiple data packets obtained from the multiple security domains. The device may comprise an inner layer router and an outer layer security wrapper (outer layer router). The ports on the outer layer router are configured for different security domains and assigned corresponding key pairs. The ports use the assigned key pairs for encrypting data packets prior to routing and decrypt the data after routing such that there is an isolation of data packets of different security domains. A routed packet arriving at the wrong port cannot be decrypted and therefore is dropped.

公开(公告)号：US11450214B1

公开(公告)日：2022-09-20

申请号：US16681242

申请日：2019-11-12

Applicant: Architecture Technology Corporation

Inventor： Barry A. Trent ,  Ranga S. Ramanujan ,  Fabio F. Pozzo

IPC: G08G5/00 ,  G05D1/10 ,  G01C21/20 ,  G06Q10/04 ,  G05D1/00

Abstract: A method of generating a flight path for an aircraft is provided. The method includes modeling geographic space and time that includes a plurality of mobile communication nodes. The model includes locations of each of the plurality of mobile communication nodes as those nodes move over time. The model also provides an indication of wireless connectivity between a radio on each of the plurality of communication nodes and a radio of the aircraft at their respective location. The method further includes running a plurality of flight paths through the model in order to identify a selected flight path that provides a desired level of connectivity between the aircraft and the plurality of communication nodes.

公开(公告)号：US10979402B1

公开(公告)日：2021-04-13

申请号：US15975580

申请日：2018-05-09

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Timothy Hartley ,  Deborah Charan ,  Ranga S. Ramanujan

IPC: H04W12/02 ,  H04L29/06 ,  H04W4/06 ,  H04L12/851 ,  H04L12/931 ,  G06F21/60 ,  H04L12/761

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising a computing device, which provides Efficient Data-In-Transit Protection Techniques for Handheld Devices (EDITH) to protect data-in-transit. An end user device (EUD) may generate a multicast data packet. The EDITH module of the EUD encapsulates the data packet in a GRE packet and directs the GRE packet to a unicast destination address of an EDITH Multicast Router included in an infrastructure. The EDITH module on the EUD double compresses and double encrypts the GRE packet. The EDITH module on the infrastructure decrypts and decompresses the double compressed and double encrypted GRE packet to recreate the GRE packet. The EDITH module on the infrastructure decapsulates the GRE packet to derive the original multicast data packet, and distributes the original multicast data packet to the multiple group member based on the multicast destination address included in the original multicast data packet.

公开(公告)号：US10831877B1

公开(公告)日：2020-11-10

申请号：US15912411

申请日：2018-03-05

Applicant: Architecture Technology Corporation

Inventor： Jafar Al-Gharaibeh ,  Timothy Hartley ,  Ranga S. Ramanujan

IPC: G06F21/62 ,  G06F21/40 ,  G06F21/60 ,  H04L29/06 ,  G06F21/31

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows a device to be used in different classification levels by powering the device down and booting to a different classified level without the need to switch hard drives. The disclosed software shield and persona switcher (Shielder) module provides independent application environments (personas) for separate security domains while allowing fast transition between personas. Shielder module supports multiple security classification via a minimal system storage partitioning. Shielder module allows efficient collection and reallocation of memory and persistent storage according to need and priority. Shielder module provides secure management of communication media by directing the system communication according to the security profile of the active persona.

公开(公告)号：US10728149B1

公开(公告)日：2020-07-28

申请号：US15593883

申请日：2017-05-12

Applicant: Architecture Technology Corporation

Inventor： Ranga S. Ramanujan ,  Benjamin L. Burnett ,  Barry A. Trent ,  Jafar Al-Gharaibeh

IPC: H04W40/26 ,  H04L12/741 ,  H04L12/707 ,  H04L12/771 ,  H04L12/933

Abstract: A method of routing a packet from a routing device includes receiving a first packet having a first header and a first data field. The first header has a final destination corresponding to a destination device communicatively coupled to the routing device via at least two parallel network links. A second packet having a second header and a second data field is sent over the first network link. The second data field is identical to the first data field. A destination address in the second header corresponds to a device on a first of the parallel network links. A third packet having a third header and a third data field is sent over the second network link. The third data field is identical to the first data field. a destination address in the third header corresponds to a device on a second of the parallel network links.