公开(公告)号：US07509141B1

公开(公告)日：2009-03-24

申请号：US11239668

申请日：2005-09-29

申请人： Steven E. Koenck ,  Allen P. Mass ,  Julianne R. Crosmer ,  Gregory A. Arundale ,  Joel M. Wichgers ,  James A. Marek ,  David W. Fitkin ,  David A. Haverkamp

发明人： Steven E. Koenck ,  Allen P. Mass ,  Julianne R. Crosmer ,  Gregory A. Arundale ,  Joel M. Wichgers ,  James A. Marek ,  David W. Fitkin ,  David A. Haverkamp

IPC分类号： G06F13/00 ,  H04Q11/00

CPC分类号： G06F13/4256 ,  Y02D10/14 ,  Y02D10/151

摘要： An improved architectural approach for implementation of a low power, scalable topology for a software defined radio (SDR). Low power processors and switching elements forming building blocks are employed in an embedded switched fabric architecture network having a repeating building block topology that advantageously employs wormhole routing and has self-healing, fail-safe properties. Differential signaling is used and data rates in excess of 250 Mbps are possible. In one embodiment a dual civilian and military channel SDR is disclosed; in other embodiments, a plurality of independent SDR channels, with or without encryption, are disclosed. A plurality of different topologies are disclosed including torodial topologies having a planar topology with orthogonal connections, a planar topology with orthogonal and diagonal connections, and a cube topology with both orthogonal and/or diagonal connections.

摘要翻译： 用于实现软件定义无线电（SDR）的低功率，可扩展拓扑的改进的架构方法。 在具有重复构建块拓扑的嵌入式交换结构体系结构网络中采用形成构建块的低功率处理器和交换元件，其有利地采用虫洞路由并具有自愈，故障安全性质。 使用差分信令，数据速率超过250 Mbps是可能的。 在一个实施例中，公开了一种双重民用和军事通道SDR; 在其他实施例中，公开了具有或不具有加密的多个独立SDR信道。 公开了多个不同的拓扑结构，包括具有正交连接的平面拓扑的结构拓扑结构，具有正交和对角连接的平面拓扑以及具有正交和/或对角连接的立方体拓扑。

公开(公告)号：US08160251B1

公开(公告)日：2012-04-17

申请号：US11488995

申请日：2006-07-19

申请人： Steven E. Koenck ,  Allen P. Mass ,  Julianne R. Crosmer ,  James A. Marek ,  Carlen R. Welty

发明人： Steven E. Koenck ,  Allen P. Mass ,  Julianne R. Crosmer ,  James A. Marek ,  Carlen R. Welty

IPC分类号： G06F21/00

CPC分类号： H04L63/0485

摘要： A system providing a scalable distributed operating environment is provided. The system may include a cryptographic module for encrypting communications for transmission over an external network. Further, more than one classified processor may be communicatively coupled to the cryptographic module for handling classified processes and information. In addition, more than one unclassified processor may also be communicatively coupled to the cryptographic module for handling unclassified processes and information. The number of classified and unclassified processors activated upon selection of a waveform is dependent upon the degree of complexity of the waveform.

摘要翻译： 提供了一种提供可扩展的分布式操作环境的系统。 该系统可以包括用于加密通信以在外部网络上传输的加密模块。 此外，多于一个的分类处理器可以通信地耦合到加密模块，用于处理分类的处理和信息。 此外，多于一个未分类的处理器还可以通信地耦合到加密模块，以处理未分类的进程和信息。 在选择波形时激活的分类和未分类处理器的数量取决于波形的复杂程度。

公开(公告)号：US07607032B1

公开(公告)日：2009-10-20

申请号：US11489007

申请日：2006-07-19

申请人： James A. Marek ,  Steven E. Koenck ,  Julianne R. Crosmer ,  Allen P. Mass

发明人： James A. Marek ,  Steven E. Koenck ,  Julianne R. Crosmer ,  Allen P. Mass

IPC分类号： G06F1/00 ,  H04L29/06

CPC分类号： G06F1/3203 ,  G06F9/5094 ,  H04L63/0428 ,  H04L63/105 ,  Y02D10/22

摘要： A multiple security level power managed processing system and method of managing power consumption in a multi security level system is disclosed. The system includes a plurality of nodes having a processor, associated memory and a processor interface. A plurality of processors individually may include multiple independent processing security levels, such as a first processing level and a second processing level. A MILS processor-to-processor network connects the plurality of processors. The system may be configured to distribute the application among the processing levels corresponding to a specific level of security. Power management profiles are used to control operation of the processors to maximize power efficiency while meeting security criteria.

摘要翻译： 公开了一种多安全级功率管理处理系统和多安全级系统中的功耗管理方法。 该系统包括具有处理器，相关联的存储器和处理器接口的多个节点。 单独的多个处理器可以包括多个独立的处理安全级别，诸如第一处理级别和第二处理级别。 MILS处理器到处理器网络连接多个处理器。 该系统可以被配置为在与特定安全级别相对应的处理级别内分发应用。 电源管理配置文件用于控制处理器的操作，以最大限度地提高功率效率，同时满足安全标准。

公开(公告)号：US07509434B1

公开(公告)日：2009-03-24

申请号：US11340096

申请日：2006-01-26

申请人： Julianne R. Crosmer ,  Steven E. Koenck ,  Allen P. Mass

发明人： Julianne R. Crosmer ,  Steven E. Koenck ,  Allen P. Mass

IPC分类号： G06F15/173

CPC分类号： H04L63/105

摘要： A method for transmitting information having different classification levels within an interconnection network includes transmitting a data word having encoded information that indicates a classification level to a processing environment having a classification level. The encoded information is examined to ascertain the indicated classification level. The classification level of the processing environment is verified by comparing it with the indicated classification level, and the data word is delivered to the processing environment upon verification. An interconnection network for transmitting the data words includes a switched fabric topology with serializer/deserializer devices interconnected by router blocks. A node for connecting to the interconnection network includes a network interface module linking the interconnection network and the processing environment. The network interface module examines data words to ascertain their classification level and verifies the classification level of the processing environment. The network interface module delivers the data words to the processing environment upon verification.

摘要翻译： 一种用于在互连网络内发送具有不同分类级别的信息的方法包括：向具有分类级别的处理环境发送具有指示分类级别的编码信息的数据字。 检查编码信息以确定指示的分类水平。 处理环境的分类级别通过与指定的分类级别进行比较来验证，并且在验证时将数据字传送到处理环境。 用于发送数据字的互连网络包括具有通过路由器块互连的串行器/解串器设备的交换结构拓扑。 用于连接到互连网络的节点包括链接互连网络和处理环境的网络接口模块。 网络接口模块检查数据字以确定其分类级别，并验证处理环境的分类级别。 验证后，网络接口模块将数据字传送到处理环境。

公开(公告)号：US09223020B1

公开(公告)日：2015-12-29

申请号：US13238606

申请日：2011-09-21

申请人： Julianne R. Crosmer ,  Kevin M. Kronfeld ,  Gregory D. Murray

发明人： Julianne R. Crosmer ,  Kevin M. Kronfeld ,  Gregory D. Murray

IPC分类号： G01S13/95 ,  G01S7/00 ,  G01S13/89 ,  G01W1/10

CPC分类号： G01S13/953 ,  G01S7/003 ,  G01S13/86 ,  G01S13/865 ,  G01S13/867 ,  G01S13/89 ,  G01S13/951 ,  G01W1/10 ,  G08G5/0013 ,  G08G5/0026 ,  G08G5/0091 ,  Y02A90/18

摘要： A radar system can include electronics configured to receive communications from a terrestrial location. The communications can include composite weather data from a plurality of sources and scheduling data. The scheduling data can include an indication of timing for sending local weather data sensed by an airborne radar system to the terrestrial location. The terrestrial system can provide composite weather radar data to an airborne source.

摘要翻译： 雷达系统可以包括被配置为从地面位置接收通信的电子设备。 通信可以包括来自多个源的复合天气数据和调度数据。 调度数据可以包括用于将由机载雷达系统感测到的本地天气数据发送到地面位置的定时指示。 地面系统可以向气象来源提供复合天气雷达数据。

公开(公告)号：US07676608B1

公开(公告)日：2010-03-09

申请号：US11637489

申请日：2006-12-12

申请人： Julianne R. Crosmer ,  John G. Bendickson ,  Scott R. Gerhold

发明人： Julianne R. Crosmer ,  John G. Bendickson ,  Scott R. Gerhold

IPC分类号： G06F3/00

CPC分类号： G06F21/554 ,  G06F21/85 ,  G06F2221/2113

摘要： The present invention is a system for providing Multiple Independent Levels of Security (MILS) partitioning. The system includes a memory, a bus controller communicatively coupled to the memory via a memory bus, and a MILS controller communicatively coupled to the bus controller via a host-side bus, the MILS controller configured for monitoring and controlling system transactions. The system further includes a plurality of input/output (I/O) devices communicatively coupled to the MILS controller via a plurality of corresponding device-side buses. The system further includes a MILS separation kernel configured for mapping regions of the memory to a plurality of user partitions. Each I/O device included in the plurality of I/O devices is allocated to a partition included in the plurality of partitions and is isolated from MILS separation kernel space. The MILS separation kernel is configured for guaranteeing isolation of the partitions of the memory. The system further includes a processor connected to the bus controller via a processor front-side bus. The MILS controller is configured for extending MILS partitioning to the plurality of I/O devices.

摘要翻译： 本发明是一种用于提供多重独立安全级别（MILS）分区的系统。 该系统包括存储器，总线控制器，其通过存储器总线通信地耦合到存储器，以及MILS控制器，MILS控制器经由主机侧总线通信地耦合到总线控制器，MILS控制器被配置用于监视和控制系统事务。 该系统还包括多个输入/输出（I / O）设备，其经由多个对应的设备侧总线通信地耦合到MILS控制器。 该系统还包括配置用于将存储器的区域映射到多个用户分区的MILS分离内核。 包括在多个I / O设备中的每个I / O设备被分配给包括在多个分区中的分区，并且与MILS分离内核空间隔离。 MILS分离内核配置为保证内存分区的隔离。 该系统还包括经由处理器前端总线连接到总线控制器的处理器。 MILS控制器被配置为将MILS分区扩展到多个I / O设备。

公开(公告)号：US08631244B1

公开(公告)日：2014-01-14

申请号：US13207651

申请日：2011-08-11

申请人： James N. Potts ,  Sung J. Kim ,  Julianne R. Crosmer ,  Karl F. Hoech

发明人： James N. Potts ,  Sung J. Kim ,  Julianne R. Crosmer ,  Karl F. Hoech

IPC分类号： H04L29/06

CPC分类号： H04L67/02 ,  H04L63/101 ,  H04L63/123 ,  H04L63/1441

摘要： A system for preventing computer malware from exfiltrating data from a user computer in a network via the internet. A host-based network process monitor intercepts network traffic information from the user computer and transmits a network request including user and application information including the network traffic information. An authorization server cooperates with the host-based network process monitor for i) verifying whether the user and process in the network request should have network access, and ii) cryptographically signing the intercepted network traffic information with an authorization server key, to authorize network access for the intercepted network traffic information. A firewall system is operably connected to the user computer and the authorization server configured to inspect the network traffic information from the user computer and reject any traffic information not signed with the authorization server key.

摘要翻译： 一种用于防止计算机恶意软件经由因特网从网络中的用户计算机中渗出数据的系统。 基于主机的网络进程监视器拦截来自用户计算机的网络流量信息，并发送包括用户的网络请求和包括网络流量信息的应用信息。 授权服务器与基于主机的网络进程监视器协作，i）验证网络请求中的用户和进程是否应具有网络访问，以及ii）使用授权服务器密钥加密地对被拦截的网络流量信息进行签名，以授权网络访问 用于拦截网络流量信息。 防火墙系统可操作地连接到用户计算机，授权服务器被配置为检查来自用户计算机的网络业务信息，并且拒绝没有用授权服务器密钥签名的任何业务信息。

公开(公告)号：US07779254B1

公开(公告)日：2010-08-17

申请号：US11314981

申请日：2005-12-21

申请人： Julianne R. Crosmer ,  John G. Bendickson

发明人： Julianne R. Crosmer ,  John G. Bendickson

IPC分类号： H04L29/06

CPC分类号： G06F21/85 ,  G06F21/74

摘要： The present invention is a system and a method for extending multiple independent levels of security to a plurality of input/output buses and components connected to the buses. In an exemplary embodiment, the system may include a processing unit suitable for operation in a plurality of security level. A bus controller including security control logic may be coupled to the processing unit for restricting access and flow of information between the physical memory and the plurality of buses. The bus controller may employ base address registers to allocate and map the physical memory to control which partitions of the physical memory are accessible to each of the plurality of buses and thus, a device connected to at least one of the plurality of buses.

摘要翻译： 本发明是一种用于将多个独立级别的安全性扩展到连接到总线的多个输入/输出总线和组件的系统和方法。 在示例性实施例中，系统可以包括适于在多个安全级别中操作的处理单元。 包括安全控制逻辑的总线控制器可以耦合到处理单元，用于限制物理存储器和多个总线之间的信息的访问和流动。 总线控制器可以采用基地址寄存器来分配和映射物理存储器，以控制物理存储器的哪些分区可被多个总线中的每一个访问，并且因此连接到多个总线中的至少一个总线的设备。