公开(公告)号：US10587509B2

公开(公告)日：2020-03-10

申请号：US15425364

申请日：2017-02-06

Applicant: Architecture Technology Corporation

Inventor： Ranga S. Ramanujan ,  Benjamin L. Burnett ,  Barry A. Trent ,  Jafar Al-Gharaibeh

IPC: H04L12/741 ,  H04L12/751 ,  H04L12/729 ,  H04W40/00 ,  H04L12/707

Abstract: A method of routing an Internet Protocol (IP) packet from a routing device is provided. The method includes receiving a first IP packet having a first IP header and a first IP data field, the first IP packet having a final destination corresponding to a destination device communicatively coupled to the routing device via a network route including at least two hops between the routing device and the final destination. A second IP packet having a second IP header and a second IP data field is generated. The second IP data field is a copy of the first IP data field, and a destination IP address field in the second IP header includes an IP address of a next hop on the network route. The second IP packet does not include an IP address of the final destination in the second IP header.

公开(公告)号：US11902433B1

公开(公告)日：2024-02-13

申请号：US16115709

申请日：2018-08-29

Applicant: Architecture Technology Corporation

Inventor： John Wu ,  Ranga S. Ramanujan

IPC: H04L9/08 ,  H04L9/40

CPC classification number: H04L9/0866 ,  H04L9/0819 ,  H04L63/0236 ,  H04L63/0245

Abstract: Embodiments for a networking device are disclosed. The networking device includes a private identity-based cryptographic (IBC) key issued for a first device. The networking device can receive an internet protocol (IP) packet from the first device. The networking device modifies the IP packet to form a modified IP packet, wherein modify the IP packet includes add an extension header to the IP packet. The extension header includes a source identifier identifying the first device, an indication of the key generation authority and an indication of an identity-based encryption (IBE) algorithm. The networking device also generates an identity-based signature (IBS) using the IBC algorithm with the source identifier as an identity input, the modified IP packet as a message input, and the private IBC key for the first device as a private key input. The modified IP packet and the IBS is then sent towards a destination of the IP packet.

公开(公告)号：US20240013662A1

公开(公告)日：2024-01-11

申请号：US18171434

申请日：2023-02-20

Applicant: Architecture Technology Corporation

Inventor： Barry A. Trent ,  Ranga S. Ramanujan ,  Fabio F. Pozzo ,  Ian McLinden ,  Jordan C. Bonney

IPC: G08G5/00 ,  G01C21/20 ,  G05D1/10 ,  G05D1/00 ,  G06Q10/047

CPC classification number: G08G5/0034 ,  G01C21/20 ,  G08G5/0013 ,  G08G5/0026 ,  G08G5/0043 ,  G08G5/0086 ,  G05D1/104 ,  G08G5/0039 ,  G05D1/0022 ,  G06Q10/047

Abstract: A method of generating a plan for a vehicle is provided. The method includes receiving information indicating a location of each of a plurality of communication nodes and the vehicle during a first time period and a second time period. The vehicle is configured to send wireless signals to and receive wireless signals with the plurality of communication nodes. The method includes developing a plan that defines a path of motion for the vehicle and a configuration for an antenna on the vehicle during the first time period and the second time period based on connectivity between the vehicle and the plurality of communication nodes.

公开(公告)号：US11722471B1

公开(公告)日：2023-08-08

申请号：US16860208

申请日：2020-04-28

Applicant: Architecture Technology Corporation

Inventor： Ranga S. Ramanujan

IPC: H04L9/40 ,  H04L47/2483 ,  H04L69/04 ,  H04L69/22

CPC classification number: H04L63/0485 ,  H04L47/2483 ,  H04L63/0272 ,  H04L63/029 ,  H04L69/04 ,  H04L69/22

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which provides a secure data transport service (SecureX) for data packets traversing from an end user device (EUD) to a mission network over untrusted networks. The disclosed SecureX module may be software product running on the EUD and on a SecureX appliance fronting the mission network. The SecureX module on the EUD compresses the data packets by removing header fields that are constant over the same packet flow and double encrypts the data packets with different cryptographic keys. The SecureX on the EUD transmits the double compressed encrypted data packets over the untrusted network. The SecureX appliance receives the double compressed encrypted data packets, decrypts the data packets and decompresses the data packets to recreate the original data packets. The SecureX appliance transmits the original data packets to the mission network.

公开(公告)号：US11637815B1

公开(公告)日：2023-04-25

申请号：US17171436

申请日：2021-02-09

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Timothy Hartley ,  Deborah Charan ,  Ranga S. Ramanujan

IPC: H04W12/02 ,  H04L9/40 ,  H04L69/22 ,  H04L49/201 ,  H04L47/2441 ,  H04W4/06 ,  G06F21/60 ,  H04L69/04 ,  H04L45/16

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising a computing device, which provides Efficient Data-In-Transit Protection Techniques for Handheld Devices (EDITH) to protect data-in-transit. An end user device (EUD) may generate a multicast data packet. The EDITH module of the EUD encapsulates the data packet in a GRE packet and directs the GRE packet to a unicast destination address of an EDITH Multicast Router included in an infrastructure. The EDITH module on the EUD double compresses and double encrypts the GRE packet. The EDITH module on the infrastructure decrypts and decompresses the double compressed and double encrypted GRE packet to recreate the GRE packet. The EDITH module on the infrastructure decapsulates the GRE packet to derive the original multicast data packet, and distributes the original multicast data packet to the multiple group member based on the multicast destination address included in the original multicast data packet.

公开(公告)号：US11190587B1

公开(公告)日：2021-11-30

申请号：US17170597

申请日：2021-02-08

Applicant: ARCHITECTURE TECHNOLOGY CORPORATION

Inventor： Benjamin L. Burnett ,  Ranga S. Ramanujan

IPC: H04L29/06 ,  H04L29/08 ,  G06F9/50

Abstract: Disclosed herein are embodiments of a cloud data synchronization system enabling an user operating a mobile client device to download mission-specific data sets from a fixed cloud-based server system to a database of the mobile client device, and then use the downloaded data sets independently on the mobile client device when the mobile client device is disconnected from a network connecting to the fixed cloud-based server system. When connectivity to the fixed cloud-based server system is re-established by the mobile client device in an intermittent and bandwidth-limited communication network environment, the fixed cloud-based server system may provide bi-directional data synchronization between records of the fixed cloud-based server system and the mobile client device to update the data sets on the fixed cloud-based server system and the mobile client device while operating in the intermittent and bandwidth-limited communication network environment.

公开(公告)号：US11051227B1

公开(公告)日：2021-06-29

申请号：US16781725

申请日：2020-02-04

Applicant: Architecture Technology Corporation

Inventor： John Wu ,  Ranga S. Ramanujan

IPC: H04W40/12 ,  H04W4/46 ,  H04L29/08 ,  H04W84/18 ,  G08G5/00 ,  H04L12/721 ,  H04L29/06 ,  H04W76/14

Abstract: Embodiments for a method for enhancing communication for operating along with a plurality of cooperating communication enhancement modules are disclosed. The communication enhancement module receives a STANAG 4586 message from an upstream module and determine whether a point-to-point wireless connection is available to the destination. If a point-to-point wireless connection is available, the module sends a message over the point-to-point wireless connection to the destination. If a point-to-point wireless connection is not available, the module identifies a multi-hop path to the destination via at least one other communication enhancement module, modifies the STANAG 4586 message to create a modified message having a format corresponding to the communication enhancement modules, and send the modified message to a next hop communication enhancement module on the multi-hop path for directing toward the destination.

公开(公告)号：US10917501B1

公开(公告)日：2021-02-09

申请号：US16687786

申请日：2019-11-19

Applicant: Architecture Technology Corporation

Inventor： John Wu ,  Nathan E. Bahr ,  Ranga S. Ramanujan

IPC: H04L29/06 ,  H04L29/08

Abstract: Embodiments for a method of controlling entry of packets into a broadcast network are provided. The method includes providing a plurality of edge devices communicatively disposed on an edge of the broadcast network. Reachability information is exchanged amongst the plurality of edge devices by translating Internet Protocol (IP) packets into ZOOM packets and including the reachability information in the ZOOM packets. A ZOOM packet has a data field that is a copy of a data field of the IP packet and a header that includes the reachability information. A first edge device of the plurality of edge devices maintains a table of forward destinations reachable via the broadcast network based on the reachability information exchanged. The first edge device discards IP packets from endpoint devices if the IP packets do not have a destination that is indicated as reachable in the table of forward destinations for that edge device.

公开(公告)号：US10813033B1

公开(公告)日：2020-10-20

申请号：US15945933

申请日：2018-04-05

Applicant: Architecture Technology Corporation

Inventor： John Wu ,  Ranga S. Ramanujan

IPC: H04W40/26 ,  H04W40/24 ,  B64C39/02 ,  H04W84/18

Abstract: Embodiments for a routing module for a first node are disclosed. The routing module includes a computer readable medium having instructions thereon. The instructions cause one or more processing devices to track former links between the first node and a second node and determine a probability of a future link with the second node based on the former links. If the probability of a future link with a second node is above a threshold, an advertisement is sent to at least one other node indicating that the second node is reachable from the first node. If the probability of a future link with the second node is below the threshold and no other route exists from the first node to the second node, an advertisement is sent to at least one other node indicating that the second node is not reachable from the first node.

公开(公告)号：US10791091B1

公开(公告)日：2020-09-29

申请号：US15895897

申请日：2018-02-13

Applicant: Architecture Technology Corporation

Inventor： Clint Sanders ,  Ranga S. Ramanujan ,  Timothy Hartley

IPC: H04L29/06 ,  H04L12/18 ,  H04L12/761

Abstract: Disclosed is a high assurance unified switching device corresponding to a modular, standards-compliant extensible network switch supporting multiple security domains with data isolation of multiple data packets obtained from the multiple security domains. The device may comprise an inner layer router and an outer layer security wrapper (outer layer router). The ports on the outer layer router are configured for different security domains and assigned corresponding key pairs. The ports use the assigned key pairs for encrypting data packets prior to routing and decrypt the data after routing such that there is an isolation of data packets of different security domains. A routed packet arriving at the wrong port cannot be decrypted and therefore is dropped.