US Pat. No. 9,160,553

ADAPTIVE MULTICAST NETWORK COMMUNICATIONS

Architecture Technology C...

1. A method for communicating in an adaptive multicast network, the method comprising:
archiving, at a rendezvous point, multicast subscription information for one or more terminal nodes in the adaptive multicast
network, wherein the adaptive multicast network is divided into a plurality of trusted networks, wherein the multicast subscription
information comprises a dynamic list of receiver terminal nodes located within the adaptive multicast network that subscribe
to particular multicast streams from one or more terminal nodes in the adaptive multicast network, and wherein the rendezvous
point is a designated router in a first trusted network;

receiving, at a router, a multicast stream from a sender terminal node, wherein the router and the sender terminal node are
in a second trusted network;

receiving, at the router from the rendezvous point, the multicast subscription information for the multicast stream sent by
the sender terminal node; and

forwarding, from the router, the multicast stream to all receiver terminal nodes in the dynamic list of receiver terminal
nodes indicated as subscribing to the multicast stream sent by the sender terminal node.

US Pat. No. 9,838,415

FIGHT-THROUGH NODES FOR SURVIVABLE COMPUTER NETWORK

Architecture Technology C...

1. A method comprising:
running a plurality of virtual machines that includes (n) virtual machines, each respective virtual machine of the plurality
of virtual machines associated with a respective position in an ordered sequence of the virtual machines, wherein a first
virtual machine of the plurality of virtual machines is associated with a position in the ordered sequence of virtual machines
occurring first;

receiving, by a node, a plurality of transaction requests that consists of (n) transaction requests;
for each respective transaction request of the plurality of transaction requests:
dispatching the respective transaction request and each transaction request, if any, of the plurality of transaction requests
previous to the respective transaction request to respective virtual machines of the ordered sequence of virtual machines;
and

executing, by the respective virtual machines of the ordered sequence of virtual machines, the respective transaction request
and each transaction request, if any, of the plurality of transaction requests previous to the respective transaction request,
wherein a service provided by the node is usable as part of the respective virtual machines of the ordered sequence of virtual
machines executing the respective transaction request and each transaction request, if any, of the plurality of transaction
requests previous to the respective transaction request;

based on the first virtual machine having executed (n) transaction requests in the plurality of transaction requests, detecting
whether any of the virtual machines has been compromised;

in response to detecting the plurality of virtual machines includes a compromised virtual machine, isolating the compromised
virtual machine such that the compromised virtual machine is unable to subsequently use the service; and

after isolating the compromised virtual machine:
receiving a subsequent transaction request;
dispatching the subsequent transaction request to the compromised virtual machine; and
executing, by the compromised virtual machine, the subsequent transaction request.

US Pat. No. 9,076,342

AUTOMATED EXECUTION AND EVALUATION OF NETWORK-BASED TRAINING EXERCISES

Architecture Technology C...

1. A method comprising:
providing a training environment that includes a control and monitoring system, an attack system, and a target system that
are each executable by one or more processors and that each comprise one or more virtual machines, and wherein the training
environment is configured to monitor and respond to actions specified by a human trainee, the human trainee using the target
system and participating in the training environment; initiating, by the control and monitoring system, a training scenario
within the training environment to cause the attack system to engage in a simulated attack against the target system; in response
to the simulated attack against the target system, performing, by the target system, an action that is specified by the human
trainee; updating a state of the target system based upon the action performed by the target system and specified by the human
trainee;

collecting, by the control and monitoring system, monitor information associated with the simulated attack against the target
system by continuously monitoring the training scenario, wherein collecting the monitor information associated with the training
scenario further comprises:

collecting information associated with the action performed by the target system and specified by the human trainee, andreceiving user input from the human trainee indicating a reason for performing the action;
updating a state of the attack system based upon the collected monitor information that is associated with the action performed
by the target system and specified by the human trainee;
generating, by the attack system, dynamic response data according to the updated state of the attack system;
sending the dynamic response data from the attack system to the target system to adapt the training scenario to the action
performed by the target system and specified by the human trainee; and generating, by the control and monitoring system, an
automated evaluation of a performance of the human trainee, wherein the automated evaluation is based upon the collected monitor
information that is associated with the action performed by the target system and specified by the human trainee during the
simulated attack, and wherein generating the automated evaluation further comprises analyzing the user input to determine
if the reason for performing the action is correct according to the training scenario.

US Pat. No. 9,083,741

NETWORK DEFENSE SYSTEM AND FRAMEWORK FOR DETECTING AND GEOLOCATING BOTNET CYBER ATTACKS

Architecture Technology C...

1. A system comprising:
a data collection and storage subsystem configured to provide a central repository to store network traffic data received
from a plurality of sensors positioned within geographically separate networks;

a computing cluster comprising at least one computing device, the computing cluster being coupled to the data collection storage
subsystem;

a set of software modules configured to execute a plurality of cyber defense algorithms on the computing cluster that analyze
the network traffic data and detect, based on the analysis of the network traffic data, centrally-controlled malware that
is configured to perform distributed network attacks (“botnet attacks”) from devices within the geographically separate networks;
and

a visualization and decision-making subsystem, operatively coupled to the data collection and storage subsystem, that generates
a user interface that presents an electronic map of geographic locations of source devices and target devices of the botnet
attacks within the geographically separate networks;

wherein the data collection and storage subsystem is further configured to manage a plurality of features for the network
traffic data to be analyzed by the cyber defense algorithms,

wherein, based on the plurality of features, the data collection and storage subsystem is configured to a) determine subsets
of the network traffic data to be analyzed by respective ones of the cyber defense algorithms, b) extract the subsets of the
network traffic data stored in the data collection and storage subsystem, c) determine which ones of the extracted subsets
of the network traffic data are to be provided to the respective ones of the cyber defense algorithms during execution on
the at least one computing device, and d) deliver each of the extracted subsets of the network traffic data to the at least
one computing device, such that, during execution of the cyber defense algorithms, the at least one computing device provides
the extracted subsets of the network traffic data to the respective ones of the cyber defense algorithms for analysis, and

wherein at least one of the plurality of cyber defense algorithms is configured to automatically generate network security
policies and propagate the network security policies to at least one of the geographically separate networks.

US Pat. No. 9,473,526

FIGHT-THROUGH NODES FOR SURVIVABLE COMPUTER NETWORK

Architecture Technology C...

1. A method comprising:
receiving a plurality of transaction requests associated with one or more network communication sessions;
distributing copies of the transaction requests to a plurality of virtual machines over a plurality of time steps to form
a processing pipeline of the virtual machines;

upon dispatching a threshold number (n) of the transaction requests to the plurality of virtual machines, detecting whether
any of the virtual machines in the processing pipeline has been compromised;

when none of the virtual machines in the processing pipeline has been compromised, check-pointing the processing pipeline
of the virtual machines by recording a state for each of the plurality of virtual machines; and

when at least one of the virtual machines in the processing pipeline has been compromised, removing the compromised virtual
machines from the processing pipeline.

US Pat. No. 9,081,911

MEDIATING COMMUNICATION OF A UNIVERSAL SERIAL BUS DEVICE

Architecture Technology C...

1. A computing device comprising:
at least one processor;
a hypervisor operable by the at least one processor as a primary operating system and configured to:
determine whether a universal serial bus (USB) device is authorized to communicate with a guest operating system managed by
the hypervisor;

only after determining that the USB device is authorized to communicate with the guest operating system, virtualize the USB
device to present a virtual USB device to the guest operating system and transmit messages between the USB device and the
guest operating system through the virtual USB device; and

virtualize one or more devices in addition to the USB device at the guest operating system.

US Pat. No. 9,229,936

LOCAL STORAGE OF INFORMATION PEDIGREES

Architecture Technology C...

1. A method comprising:
receiving, by a remote server and from a client device, a remote request for a remaining portion of pedigree data that partially
defines a pedigree of a primary resource included in a document being processed by the client device, wherein an initial portion
of the pedigree data that partially defines the pedigree is embedded within the document;

determining, by the remote server and based on the remote request, at least one pedigree fragment included in the remaining
portion of the pedigree data, wherein the at least one pedigree fragment specifies at least one resource from which the primary
resource was derived; and

sending, by the remote server and to the client device, the at least one pedigree fragment for assembling the pedigree of
the primary resource.

US Pat. No. 9,094,449

FIGHT-THROUGH NODES FOR SURVIVABLE COMPUTER NETWORK

Architecture Technology C...

1. A method comprising:
receiving a plurality of transaction requests associated with one or more network communication sessions;
distributing copies of the transaction requests to a plurality of virtual machines over a plurality of time steps to form
a processing pipeline of the virtual machines;

upon dispatching a threshold number (n) of the transaction requests to the plurality of virtual machines, detecting whether
any of the virtual machines in the processing pipeline has been compromised;

when none of the virtual machines in the processing pipeline has been compromised, check-pointing the processing pipeline
of virtual machines by recording a state for each of the plurality of virtual machines;

when at least one of the virtual machines in the processing pipeline has been compromised, removing the compromised virtual
machines from the processing pipeline; and

reordering the processing pipeline by promoting the non-compromised virtual machines to earlier stages in the processing pipeline
that correspond to stages associated with the removed virtual machines that have been compromised.

US Pat. No. 9,384,677

AUTOMATED EXECUTION AND EVALUATION OF NETWORK-BASED TRAINING EXERCISES

Architecture Technology C...

1. A method comprising:
during a computer-based training exercise, initiating, by an attack system, a simulated attack against a target system, wherein
the target system is configured to respond to actions specified by a human trainee, wherein the target system performs a corrective
or preventive action that is specified by the human trainee in response to the simulated attack, and wherein the attack system
is configured to initiate a change in the simulated attack by dynamically responding to the corrective or preventive action
performed by the target system and specified by the human trainee;

collecting information associated with the corrective or preventive action performed by the target system in response to the
simulated attack; and

based on the corrective or preventive action performed by the target system:
updating a state of the attack system;
automatically generating, by the attack system and based on the updated state of the attack system, dynamic response data;
sending the dynamic response data from the attack system to the target system, wherein sending the dynamic response data initiates
the change in the simulated attack against the target system; and

upon completion of the training exercise, generating an automated evaluation of a performance of the human trainee.

US Pat. No. 9,602,296

ADAPTIVE MULTICAST NETWORK COMMUNICATIONS

Architecture Technology C...

1. A method for internet group management protocol tunneling, the method comprising:
electing, by each of a plurality of multicast gateways in a subnet, a designated router in the subnet, wherein the subnet
is a broadcast-capable routed radio subnet comprising the plurality of multicast gateways, wherein electing the designated
router comprises:

sending first-in-first-out registration messages via a first broadcast amongst each of the plurality of multicast gateways
in the subnet;

sorting, by each of the plurality of multicast gateways, the one or more routers according to IP addresses; and
electing, by each of the plurality of multicast gateways, a gateway router as the designated router based on the sorted IP
addresses;

sending, by the designated router, internet group management protocol queries to at least one router in the subnet via a second
broadcast; and

tunneling, by each of the plurality of multicast gateways and to the designated router, internet group management protocol
reports.

US Pat. No. 9,501,304

LIGHTWEIGHT APPLICATION VIRTUALIZATION ARCHITECTURE

Architecture Technology C...

1. A method comprising:
in a cloud computing platform comprising one or more computing systems, identifying, in a runtime environment, a software
package that is associated with a software application, wherein the software package includes platform-independent instructions
that are configured to perform at least one computational task and that are compiled from application source code associated
with the software application, and wherein the platform-independent instructions have a format that is not specific to any
particular hardware platform provided by the one or more computing systems, and wherein the platform-independent instructions
comprise instructions that are not native to or executable by any particular hardware platform provided by the one or more
computing systems;

selecting, from the one or more computing systems, a computing system to perform the at least one computational task;
providing, by the selected computing system, a container in which to perform the at least one computational task;
obtaining, by the selected computing system, in the runtime environment, platform-dependent instructions that have been converted
from the platform-independent instructions, wherein the platform-dependent instructions have a format that is specific to
a hardware platform provided by the selected computing system, and wherein the platform-dependent instructions comprise instructions
that are native to and executable by the selected computing system;

prior to execution of the platform-dependent instructions, configuring the container, wherein configuring the container comprises
applying one or more security controls to the container, the one or more security controls being configured to restrict access
of the container to only a group of resources provided by the selected computing system; and

executing, by the selected computing system and in the container, in the runtime environment, the platform-dependent instructions
to perform the at least one computational task.

US Pat. No. 9,769,131

FAST RECONFIGURING ENVIRONMENT FOR MOBILE COMPUTING DEVICES

Architecture Technology C...

1. A method comprising:
executing, by a mobile computing device, a communication manager;
receiving, by the mobile computing device comprising one or more processors, an indication of a selection of a first application
environment from a plurality of application environments, wherein the first application environment comprises a first virtual
environment that is associated with a first security domain, and wherein the first application environment is not currently
executing on the mobile computing device;

responsive to receiving the indication of the selection of the first application environment, suspending, by the mobile computing
device, execution of a second application environment from the plurality of application environments, wherein the second application
environment is different from the first application environment, wherein the second application environment comprises a second
virtual environment that is associated with a second security domain different from the first security domain, and wherein
the communication manager executes in a third virtual environment that operates in a separate execution domain with respect
to each of the first application environment and the second application environment, such that the third virtual environment
is isolated from each of the first application environment and the second application environment;

after suspending execution of the second application environment, initiating, by the mobile computing device, execution of
the first application environment on the mobile computing device, wherein the first application environment is configured
to isolate execution of one or more software applications within the first application environment;

determining, by the mobile computing device, one or more resources of the mobile computing device that are allocated to the
first application environment during execution, wherein the one or more resources comprise at least one of processor usage,
memory, or persistent storage of the mobile computing device;

after initiating execution of the first application environment, limiting, by the mobile computing device, access of the first
application environment to the one or more resources of the mobile computing device, wherein the communication manager controls
at least one virtualized communication channel with the first application environment to limit the access of the first application
environment to the one or more resources;

identifying, by the mobile computing device, information associated with the first security domain and provided by the first
application environment that is to be sent to an external computing device associated with the first security domain;

selecting, by the mobile computing device, at least one communication network from one or more communication networks that
are each available to the mobile computing device for data communication, wherein selecting the at least one communication
network is based on one or more criteria associated with at least one of the information associated with the first security
domain or the one or more communication networks;

encrypting, by the mobile computing device, based on the first security domain and the at least one selected communication
network, the information to generate encrypted information associated with the first security domain; and

sending, by the mobile computing device and to the external computing device, via the at least one selected communication
network, the encrypted information.

US Pat. No. 9,736,112

CONTEXT-AWARE NETWORK AND SITUATION MANAGEMENT FOR CRYPTO-PARTITIONED NETWORKS

Architecture Technology C...

1. An apparatus comprising:
a computing device located in a trusted network, the computing device executing a network management system, the computing
device comprising:

at least one processor; and
a memory storing instructions that, when executed, cause the at least one processor to:
access network information from the trusted network;
access network information from an untrusted network;
correlate one or more data flows in the trusted network to one or more encrypted data tunnels in the untrusted network to
form fused network information; and

generate a cross-domain network topology for the trusted network and the untrusted network based on the fused network information.

US Pat. No. 9,191,377

METHOD FOR NETWORK COMMUNICATION PAST ENCRYPTION DEVICES

Architecture Technology C...

1. A method comprising:
processing, with a first protocol adapter positioned within a first network, a data packet to insert a message within a set
of one or more pass-through fields of the packet, wherein the first network is separated from a second network by a first
encryption device and a second encryption device that securely communicate packets through an intermediate network in encrypted
form, wherein the one or more pass-through fields are located in a portion of the data packet that remains unencrypted when
the data packet is processed by the first encryption device, and wherein the message comprises sequence information associated
with a disruption tolerant networking protocol;

sending, with the first protocol adapter, the data packet to the first encryption device;
receiving, with a second protocol adapter positioned within the intermediate network and between the first encryption device
and the second encryption device, the data packet in encrypted form;

reading, with the second protocol adapter, the message from the set of one or more pass-through fields; and
performing, by the second protocol adapter and responsive to the message, an action, wherein performing the action comprises
processing, with the second protocol adapter, a plurality of packets from the first network in accordance with a disruption
tolerant networking protocol.

US Pat. No. 9,769,250

FIGHT-THROUGH NODES WITH DISPOSABLE VIRTUAL MACHINES AND ROLLBACK OF PERSISTENT STATE

Architecture Technology C...

1. A method comprising:
initializing, by a computing system and from one or more common templates, a virtual machine that executes on one or more
computing devices of the computing system, wherein the virtual machine is subject to a first refresh policy;

responsive to an occurrence of an initiation condition of a transaction, assigning, by the computing system, the transaction
to the virtual machine based on a determination that the transaction belongs to a first class of transactions, wherein the
computing system is configured to assign a different transaction belonging to a second class to another virtual machine that
is subject to a second refresh policy, the second class being different from the first class, and the second refresh policy
being different from the first refresh policy;

generating, by the virtual machine, as part of the virtual machine processing the transaction of the first class, a database
modification request associated with the transaction;

responsive to the database modification request associated with the transaction of the first class, performing a modification
to a shared database that is persisted independently of the virtual machine;

generating checkpoint data associated with the transaction of the first class;
responsive to a trigger, discarding, by the computing system, according to the first refresh policy, the virtual machine;
and

responsive to determining that the transaction is associated with a cyber-attack, using the checkpoint data associated with
the transaction of the first class to roll back the modification to the shared database performed responsive to the database
modification request associated with the transaction.

US Pat. No. 10,015,196

FAST RECONFIGURING ENVIRONMENT FOR MOBILE COMPUTING DEVICES

Architecture Technology C...

1. A method comprising:responsive to receiving an indication of a selection of a first application environment from a plurality of application environments, suspending, by a mobile computing device, execution of a second application environment from the plurality of application environments, wherein the first application environment comprises a first virtual environment that is associated with a first security domain, and wherein the second application environment comprises a second virtual environment that is associated with a second security domain different from the first security domain;
after suspending execution of the second application environment, initiating, by the mobile computing device, execution of the first application environment on the mobile computing device, wherein the first application environment is configured to isolate execution of one or more software applications within the first application environment;
determining, by the mobile computing device, one or more resources of the mobile computing device that are allocated to the first application environment during execution, wherein the one or more resources comprise at least one of processor usage, memory, or persistent storage of the mobile computing device;
after initiating execution of the first application environment, limiting, by the mobile computing device, access of the first application environment to the one or more resources of the mobile computing device;
determining, by the mobile computing device, one or more criteria that are usable by the mobile computing device to select a particular communication network from a plurality of different communication networks that are each configured for data communication with the mobile computing device, wherein the one or more criteria are associated with one or more of (a) a categorization or priority of information provided by the first application environment that is associated with the first security domain, (b) a type of each of the plurality of different communication networks, (c) latency characteristics of each of the plurality of different communication networks, (d) speed characteristics of each of the plurality of different communication networks, (e) bandwidth characteristics of each of the plurality of different communication networks, (f) packet loss characteristics of each of the plurality of different communication networks, or (g) the one or more software applications executing in the first application environment;
selecting, by the mobile computing device, and based on the one or more criteria, the particular communication network from the plurality of different communication networks; and
sending, by the mobile computing device, via the particular communication network and to an external computing device, the information provided by the first application environment, wherein the external computing device is also associated with the first security domain.

US Pat. No. 9,983,857

DYNAMIC COMPUTATIONAL ACCELERATION USING A HETEROGENEOUS HARDWARE INFRASTRUCTURE

Architecture Technology C...

1. A method comprising:during execution of a software application in a computing system comprising a plurality of processing units, identifying platform-independent instructions that are configured to perform at least one computational task associated with execution of the software application, wherein the plurality of processing units comprises a heterogeneous group that includes at least two different types of processing units, wherein, prior to execution of the software application, the platform-independent instructions are compiled from computational source code providing one or more computational functions associated with the software application, wherein the platform-independent instructions have a platform-independent format that is not specific to any particular processing unit of the plurality of processing units, and wherein the platform-independent instructions comprise Low Level Virtual Machine (LLVM) bitcode compiled from the computational source code that is not native to or executable by any particular processing unit of the plurality of processing units;
during execution of the software application, determining one or more scheduling criteria that are associated with the platform-independent instructions, wherein the one or more scheduling criteria are based at least in part on historical performance information associated with prior performance of the at least one computational task by a particular processing unit of the plurality of processing units, wherein the historical performance information comprises information associated with one or more resources used by the particular processing unit during prior performance of the at least one computational task by the particular processing unit, wherein the historical performance information further comprises information associated with an amount of time to previously convert the platform-independent instructions comprising the LLVM bitcode into platform-dependent instructions, and wherein the one or more scheduling criteria are further based on one or more of (a) a number of times that the platform-independent instructions are invoked during execution of the software application, or (b) a respective number of the platform-independent instructions that are executable on each of the plurality of processing units;
during execution of the software application, and after determining the one or more scheduling criteria that are associated with the platform-independent instructions, selecting, from the plurality of processing units and based on the one or more scheduling criteria, the particular processing unit to perform the at least one computational task;
during execution of the software application, converting the platform-independent instructions comprising the LLVM bitcode into the platform-dependent instructions, wherein the platform-dependent instructions comprise optimized native code having a format that is specific to the selected processing unit, and wherein the platform-dependent instructions comprise instructions that are native to and executable by the selected processing unit; and
during execution of the software application, executing, by the selected processing unit, the platform-dependent instructions to perform the at least one computational task.

US Pat. No. 9,887,974

METHOD FOR NETWORK COMMUNICATION PAST ENCRYPTION DEVICES

Architecture Technology C...

1. A method comprising:
processing, with a first protocol adapter positioned within a first network, a first data packet to insert a first message
within a set of one or more pass-through fields of the first packet, wherein the first network is separated from a second
network by a first encryption device and a second encryption device that securely communicate packets through an intermediate
network in encrypted form, wherein the set of one or more pass-through fields are located in a portion of the first data packet
that remains unencrypted when the first data packet is processed by the first encryption device;

processing, with the first protocol adapter, a second data packet to insert a second message within a set of one or more pass-through
fields of the second data packet, wherein the set of one or more pass-through fields are located in a portion of the second
data packet that remains unencrypted when the second data packet is processed by the first encryption device, and wherein
the second message comprises a bandwidth of a traffic flow originating in the first network;

sending, with the first protocol adapter, the first data packet and the second data packet to the first encryption device
for encryption;

receiving, with a second protocol adapter positioned within the intermediate network and between the first encryption device
and the second encryption device, the first data packet in encrypted form and the second data packet in encrypted form;

reading, with the second protocol adapter, the first message from the set of one or more pass-through fields of the first
data packet;

reading, with the second protocol adapter, the second message from the set of one or more pass-through fields of the second
data packet; and

performing, with the second protocol adapter, responsive to the first message, and based on the bandwidth in the second message,
an end-to-end quality of service admission protocol.

US Pat. No. 9,766,986

FIGHT-THROUGH NODES WITH DISPOSABLE VIRTUAL MACHINES AND ROLLBACK OF PERSISTENT STATE

Architecture Technology C...

1. A method comprising:
initializing, by a computing system and from a common template that has been determined to be free of malware infection, a
respective one of a plurality of virtual machines that execute at one or more computing devices of the computing system, wherein
the initializing comprises initializing an instance of an application on the respective virtual machine in accordance with
application state stored within a shared database;

responsive to receiving a request to initiate a communication session from a client computing device external to the computing
system, assigning, by the computing system, a transaction corresponding to the communication session to the respective virtual
machine;

generating, by the respective virtual machine, as part of the respective virtual machine executing the transaction, a database
modification request associated with the transaction;

responsive to generating the database modification request associated with the transaction, performing a modification to the
shared database, wherein the database modification request requests the modification, within the shared database, of the application
state for the application running on the respective virtual machine, wherein the shared database is persisted independently
of the plurality of virtual machines, and wherein the shared database is accessible to and shared amongst each of the plurality
of virtual machines;

generating checkpoint data associated with the transaction, the transaction being associated with the database modification
request;

responsive to detecting a termination of the communication session, discarding, by the computing system, the respective virtual
machine;

after performing the modification to the shared database, and responsive to determining that the transaction is associated
with a cyber-attack initiated by the client computing device external to the computing system, generating a rollback request,
wherein determining that the transaction is associated with the cyber-attack comprises determining that the transaction is
associated with at least one of (a) an unauthorized request to access or modify data in the shared database, or (b) an attempt
to perform an unauthorized modification of the respective virtual machine; and

responsive to generating the rollback request, using the checkpoint data associated with the transaction to roll back the
modification to the shared database performed in response to the database modification request associated with the transaction.

US Pat. No. 9,754,130

PEER INTEGRITY CHECKING SYSTEM

Architecture Technology C...

1. A method comprising:
generating a database that contains file properties for a set of valid system files for a non-compromised operating system
of a host computer;

storing the database in a distributed manner throughout a peer-to-peer (P2P) network of nodes using a distributed hash table
to select the nodes of the P2P network such that the file properties contained within the database are stored to different
ones of the nodes of the P2P network, wherein storing the database further comprises:

performing a plurality of different content-hash functions on each of the file properties of the system files to produce a
plurality of hash values for each of the file properties;

re-hashing each of the plurality of hash values with a hash function associated with the distributed hash table to generate
respective keys that map each of the plurality of hash values for each of the file properties into a key space of the distributed
hash table; and

selecting nodes of the P2P network as storage nodes to store the plurality of hash values for each of the file properties
based on the generated keys; and

performing, by a first node of the P2P network, an integrity check of a second node of the P2P network using the distributed
hash table to access the file properties contained within the database distributed throughout the P2P network to detect whether
a system file of an operating system currently executing on the second node of the P2P network has been compromised by comparing,
with the first node, file properties of the system file of the operating system currently executing on the second node of
the P2P network with the file properties contained within the database distributed throughout the P2P network.

US Pat. No. 9,191,391

CROSS-DOMAIN OBJECT MODELS FOR SECURELY SHARING INFORMATION BETWEEN NETWORK SECURITY DOMAINS

Architecture Technology C...

1. A system comprising:
a plurality of network domains, each of the domains comprising a respective set of client computing devices comprising a respective
one or more processors executing respective instances of at least one software application;

a cross-domain object model specification that specifies object classes for cross-domain objects, each of the objects having
methods comprising code executable by the applications for accessing a plurality of data fields of the object;

a protected and distributed object repository positioned within each of the network domains; and
a controller within each of the network domains,
wherein, for each of the object classes, the cross-domain object model specification defines the plurality of data fields
and specifies which of the data fields of the respective object class can be exposed to each of the respective network domains,

wherein each of the object repositories stores an authorized portion of each of the cross-domain objects in accordance with
the cross-domain object model specification, and

wherein the controller within each of the network domains detects changes to the portions of the cross-domain objects within
the respective one of the network domains and propagates versions of the changes to the controllers of the other ones of the
network domains in compliance with cross-domain model specification.

US Pat. No. 10,043,405

ADVISOR SYSTEM AND METHOD

ARCHITECTURE TECHNOLOGY C...

1. An airport movement surface advisor system, comprising:a receiver, installed on a mobile first platform operating on the airport movement surface, that receives one or more signals from a signal source installed on a mobile second platform, the signals conforming to one or more types of surveillance signals;
a processor, coupled to the receiver, that processes a given signal of a given signal type from the signal source installed on the mobile second platform to produce signal data; and
a non-transitory computer-readable storage medium having encoded thereon a program of instructions, the instructions, when executed, causing the processor to:
determine a first path vector for the mobile first platform along the airport movement surface,
determine a quality factor associated with the given signal, comprising:
determining a frequency of reception of multiple instances of the given signal over time to determine if an error condition exists; and
comparing latitude and longitude of a source of each of the multiple instances of the given signal to determine each of the multiple instances of the given signal originates from the mobile second platform, and
based on the quality factor, analyze the signal data from the given signal to identify a threat to the mobile first platform, comprising the processor:
determining a second path vector for the mobile second platform;
identifying the second path vector along the airport movement surface within a minimum proximity value of the first path vector; and
providing an advisory to the mobile first platform.

US Pat. No. 10,026,509

LOW BANDWIDTH MEDIA STREAM TRANSMISSION

Architecture Technology C...

1. A method comprising:capturing, by a central computing device, an image of a background environment, wherein the background environment is local to the central computing device;
recording, by the central computing device, a first media stream, wherein the first media stream includes at least a portion of the image of the background environment, and wherein the first media stream further includes at least one movement of a representation of at least one object through the background environment; and
removing, by the central computing device, the image of the background environment from the first media stream to create a second media stream, wherein the second media stream includes the at least one movement of the at least one object through the background environment without the image of the background environment, wherein removing the image of the background environment from the first media stream comprises:
detecting, by the computing device, one or more pixel color values present in the image of the background environment; and
for each frame of at least one frame of the first media stream, removing, by the computing device, each pixel with a color value that matches one of the detected one or more pixel color values.

US Pat. No. 10,007,498

APPLICATION RANDOMIZATION MECHANISM

Architecture Technology C...

1. A method comprising:generating, by a computing system comprising one or more processors, first unique configuration information;
generating, by the computing system and based on the first unique configuration information, a first unique instance of a software component that is executable on a runtime computing system, wherein generating the first unique instance of the software component comprises creating, by the computing system, a first modification to an application binary interface (ABI), wherein the first modification to the ABI comprises a first modification to an operating system kernel ABI that is associated with a first reordering of a system call table, and wherein the first unique instance of the software component uses the first modification to the ABI;
generating, by the computing system, second unique configuration information, wherein the second unique configuration information is different from the first unique configuration information; and
generating, by the computing system and based on the second unique configuration information, a second unique instance of the software component that is executable on the runtime computing system, wherein generating the second unique instance of the software component comprises creating, by the computing system, a second modification to the ABI, wherein the first modification to the ABI is different than the second modification to the ABI, wherein the second modification to the ABI comprises a second modification to the operating system kernel ABI that is associated with a second reordering of the system call table, and wherein the second unique instance of the software component uses the second modification to the ABI,
wherein the first and second unique instances of the software component comprise different instances of the same software component that each are configured to have uniquely different operating characteristics during execution on the runtime computing system.

US Pat. No. 10,068,493

AUTOMATED EXECUTION AND EVALUATION OF NETWORK-BASED TRAINING EXERCISES

Architecture Technology C...

1. A method comprising:prior to execution of a computer-based training exercise, providing a virtual environment in which the computer-based training exercise is to be executed, wherein the virtual environment includes an attack system and a target system, and wherein providing the virtual environment comprises:
receiving a model of a network topology of the target system, the network topology of the target system including one or more virtual network elements;
selecting at least one source document that defines one or more rules for use by the target system; and
configuring the target system based on the one or more rules defined by the at least one source document, wherein configuring the target system includes automatically instantiating one or more virtual machines of the target system that correspond to the one or more virtual network elements included in the network topology of the target system; and
during execution of the computer-based training exercise, and responsive to a simulated attack initiated by the attack system against the one or more virtual machines of the target system, performing, by the one or more virtual machines of the target system, one or more corrective or preventive actions that are specified by a human trainee,
wherein, responsive to the one or more corrective or preventive actions performed by the one or more virtual machines of the target system, the attack system responds by automatically generating dynamic response data that is sent from the attack system to the target system to initiate a change in the simulated attack against the one or more virtual machines of the target system.

US Pat. No. 10,067,787

CONFIGURABLE FORENSIC INVESTIGATIVE TOOL

Architecture Technology C...

1. A method comprising:storing an investigative profile that identifies a plurality of forensic tools from a set of forensic tools and defines a manner in which a forensic investigative tool invokes the identified forensic tools for an investigation of a target computing device, wherein to define the manner in which the forensic investigative tool invokes the identified forensic tools, the investigative profile defines:
a sequence in which the forensic investigative tool invokes the identified forensic tools,
one or more operational parameters for respective identified forensic tools needed for the execution of the respective forensic tools on the target computing device, and
an identification of data to capture from the target computing device;
processing the investigative profile with the forensic investigative tool on a forensic device to provide a common execution framework for selective execution of the plurality of forensic tools identified by the investigative profile, the framework including a common user interface and a reporting structure associated with the plurality of forensic tools;
transferring, with the forensic device upon execution of the forensic investigative tool, one or more of the identified forensic tools and a remote agent to the target computing device for temporary storage;
temporarily executing, with the forensic device upon execution of the forensic investigative tool, the remote agent on the target computing device to execute the identified forensic tools on the target computing device in accordance with the sequence and the one or more operational parameters investigative profile;
receiving, with the forensic investigative tool executing on the forensic device, data acquired from the target computing device by the execution of the identified forensic tools in accordance with the investigative profile; and
deleting, after receiving the data acquired from the target computing device, the transferred identified forensic tools, the remote agent, and a temporary directory within the target computing device where the transferred forensic tools and the remote agent are temporarily stored.

US Pat. No. 10,083,624

REAL-TIME MONITORING OF NETWORK-BASED TRAINING EXERCISES

Architecture Technology C...

1. A method comprising:outputting, by a management server and for display, a graphical dashboard associated with a training exercise, wherein the graphical dashboard includes one or more learning objective nodes that represent one or more learning objectives to be accomplished by a trainee using at least one host computing system during the training exercise, wherein the graphical dashboard further includes one or more skill nodes that represent one or more skills to be demonstrated by the trainee during the training exercise, wherein the one or more skills support the one or more learning objectives, and wherein the one or more skill nodes graphically indicate that the one or more skills have not yet been demonstrated by the trainee;
determining, by the management server, one or more metrics that are usable to determine whether the one or more skills are demonstrated by the trainee based on one or more evaluation criteria;
identifying, by the management server, parameter data to be collected by the at least one host computing system during the training exercise to calculate the one or more metrics;
selecting, by the management server and based on the one or more skills to be demonstrated by the trainee, one or more software agents that are associated with the one or more skill nodes and that are capable of collecting the parameter data;
after selecting the one or more software agents, providing, by the management server and to the at least one host computing system, an indication of the one or more software agents that are executed on the at least one host computing system during the training exercise;
providing, by the management server and to the at least one host computing system, one or more metric parameters that are used to configure the one or more software agents to collect the parameter data from the at least one host computing system while the trainee performs actions during the training exercise, wherein the one or more metric parameters include at least an operational mode parameter indicating whether the one or more software agents will terminate after collecting the parameter data or will instead stay resident on and monitor the at least one host computing system;
receiving, by the management server, the parameter data collected by the one or more software agents during execution on the at least one host computing system;
calculating, by the management server and based on the parameter data collected by the one or more software agents, the one or more metrics usable to determine whether the one or more skills are demonstrated by the trainee based on the one or more evaluation criteria;
determining, by the management server and based on the calculated one or more metrics, that the one or more skills have been demonstrated by the trainee during the training exercise; and
responsive to determining that the one or more skills have been demonstrated, updating, by the management server and for display, the one or more skill nodes representing the one or more skills to graphically indicate that the one or more skills have been demonstrated by the trainee during the training exercise.

US Pat. No. 10,057,298

CONFIGURABLE INVESTIGATIVE TOOL

Architecture Technology C...

1. A method comprising:presenting, with an investigative device, a user interface configured to receive input, from a user, that specifies a plurality of different user-defined investigative profiles, each of the investigative profiles identifying a plurality of tools, defining a sequence in which the tools are to be invoked by an investigative device for an investigation of a target computing device, and defining a reporting structure of data collected from the investigation for the particular investigation, wherein at least two of the plurality of tools are configured to acquire different types of data from the target computing device as part of the investigation of the target computing device;
generating and storing, in response to the input, the plurality of investigative profiles, wherein one or more of the investigative profiles are non-executable data configuration information files arranged as text that specifies the plurality of tools, define the sequence in which the tools are to be invoked by the investigative device for the investigation of the target computing device, and define the reporting structure of data collected from the investigation for the particular investigation, and wherein at least two of the investigative profiles specify different sequences for invoking the tools;
receiving a selection of one of the investigative profiles;
configuring, responsive to the selection of one of the investigative profiles, an investigative tool on the investigative device for execution, on the target computing device, with the plurality of tools identified by the selected investigative profile to allow for collection of all desired data with one investigation of the target computing device and reporting of the collected data in the reporting structure defined by the selected investigative profile, wherein the investigative tool is configurable to operate in accordance with any of the plurality of investigative profiles;
establishing, with the investigative tool, a communication link with the target computing device, the communication link including at least an input socket between the investigative device on which the investigative tool is configured and the target computing device and a file transfer socket between the investigative device on which the investigative tool is configured and the target computing device for communicating with the target computing device;
automatically transferring, with the investigative device the tools identified by the selected profile and a remote agent, via the input socket, to the target computing device;
configuring, with the investigative tool, the remote agent on the target computing device to control execution, on the target computing device, of the tools identified by the selected investigative profile and in the sequence defined by the investigative profile;
receiving, with the investigative tool executing on the investigative device and from the remote agent via the file transfer socket, data acquired from the target computing device by the execution of the tools identified in the selected investigative profile and in the sequence defined by the selected investigative profile; and
outputting, with the investigative tool executing on the investigative device, results of the data acquired from the target computing device, by the execution of the tools identified in the investigative profile, in the defined reporting structure.

US Pat. No. 10,200,401

EVALUATING RESULTS OF MULTIPLE VIRTUAL MACHINES THAT USE APPLICATION RANDOMIZATION MECHANISM

Architecture Technology C...

1. A method comprising:initializing, by a computing system, a plurality of virtual machines (VMs), wherein initializing the plurality of VMs comprises:
for at least one particular VM of the plurality of VMs:
generating, by the computing system, a randomized instance of an operating system for the particular VM, wherein the randomized instance of the operating system for the particular VM has a randomized Application Binary Interface (ABI), the randomized ABI being a randomized version of an ABI of the operating system; and
installing, by the computing system, the randomized instance of the operating system for the particular VM on the particular VM; and
deploying, by the computing system, the plurality of VMs;
receiving, by the computing system, a series of incoming messages from a client device;
distributing, by the computing system, a copy of each incoming message in the series of incoming messages to each VM of the plurality of VMs;
receiving, by the computing system, results generated by the plurality of VMs in response to the series of incoming messages, wherein the results generated by the VMs in response to the series of incoming messages include a first result different from a second result if code executing in one of the VMs uses the randomized version of the ABI and code executing in another one of the VMs uses a publicly available version of the ABI, the publicly available version of the ABI being different from the randomized version of the ABI;
performing, by the computing system, a comparison on the results; and
in response to the comparison revealing that two or more of the results are not the same, performing, by the computing system, a cybersecurity defense action.

US Pat. No. 10,659,476

TRANSPARENT BRIDGE FOR MONITORING CRYPTO-PARTITIONED WIDE-AREA NETWORK

ARCHITECTURE TECHNOLOGY C...

1. A method comprising:receiving, by a first computing device in a plain-text portion of a first enclave behind a first inline network encryptor (INE), a data packet from a second computing device in a plain-text portion of a second enclave behind a second INE via a cipher-text wide-area network (WAN) that carries data traffic between a plurality of enclaves including the first enslave and the second enclave, wherein the first enclave further includes a first group of one or more client devices, wherein the second enclave further includes a second group of one or more client devices, wherein the first group of one or more client devices communicate through the cipher-text WAN via the first computing device, wherein the second group of one or more client devices communicate through the cipher-text WAN via the second computing device, and wherein the first computing device communicates with the second computing device using the cipher-text WAN;
determining, by the first computing device, contents of a header of the data packet, wherein the contents of the header of the data packet comprise one or more of a timestamp, a connection state, or a priority of an associated data flow to the second enclave;
detecting, by the first computing device and based at least in part on the one or more of the timestamp, the connection state, or the priority of an associated data flow to the second enclave in the contents of the header of the data packet, a network event affecting a status of the cipher-text WAN, wherein the connection state indicates connection states between the second enclave and each of the other enclaves in the plurality of enclaves;
performing, by the first computing device and based on the network event affecting the status of the cipher-text WAN, an operation to correct the status of the cipher-text WAN;
determining, by the first computing device and based at least in part on the connection state in the data packet received from the second computing device, that the second computing device is connected to a third computing device in a plain-text portion of a third enclave in the plurality of enclaves, wherein the third enclave communicates with the first enclave and the second enclave via the cipher-text WAN;
determining, by the first computing device, that the first computing device is not currently receiving an expected data flow from the third computing device;
determining, by the first computing device, that the network event affecting the status of the cipher-text WAN is a faulty connection between the first enclave and the third enclave;
sending, by the first computing device, a second data packet to the second computing device, wherein the second data packet comprises an indication for the second computing device to receive the expected data flow from the third computing device and to send the expected data flow to the first computing device; and
receiving, by the first computing device and from the second computing device, the expected data flow that was received by the second computing device from the third computing device.

US Pat. No. 10,346,612

COMPUTER NETWORK DEFENSE TRAINING ON OPERATIONAL NETWORKS USING SOFTWARE AGENTS

Architecture Technology C...

1. A method comprising:storing, by an attack computing system, a scenario event list that defines one or more events associated with a training exercise;
configuring, by the attack computing system and based on the one or more events defined in the scenario event list, one or more software agents to emulate one or more cyber-attacks against a host computing system during the training exercise, wherein the attack computing system is communicatively coupled to the host computing system via one or more operational networks, and wherein configuring the one or more software agents further comprises:
configuring, by the attack computing system, the one or more software agents to save a state of one or more resources of the host computing system prior to emulating the one or more cyber-attacks against the host computing system;
configuring, by the attack computing system, at least one software agent of the one or more software agents to self-terminate its respective execution either (i) after a respective amount of time, or (ii) responsive to determining that the at least one software agent is unable to establish or maintain communication with the attack computing system via the one or more operational networks; and
configuring, by the attack computing system, the one or more software agents to restore the state of the one or more resources of the host computing system prior to termination of the one or more software agents; and
deploying, by the attack computing system, the one or more software agents for execution on the host computing system during the training exercise to emulate the one or more cyber-attacks against the host computing system using the one or more operational networks.

US Pat. No. 10,346,628

MULTI-DOMAIN APPLICATION EXECUTION MANAGEMENT

Architecture Technology C...

1. A method comprising:selecting, by a mobile computing device comprising one or more processors, and based at least on a first policy of a group of policies, a first container in which to execute a first application, wherein the first container is included in a group of containers that are each configured to isolate at least one application during execution within the respective container;
selecting, by the mobile computing device, and based at least on a second policy of the group of policies, a second container in which to execute a second application, wherein the second container is included in the group of containers, wherein the second container is different from the first container, wherein the second policy specifies a maximum number of applications that are executable in the second container, wherein the second policy is different from the first policy, and wherein the second application is different from the first application;
responsive to determining that the maximum number of applications are selected for execution in the second container, selecting, by the mobile computing device, and based on the second policy, a third container in which to execute a third application, wherein the third container is different from the second container;
isolating, by the mobile computing device, execution of the first application in the first container, execution of the second application in the second container, and execution of the third application in the third container;
applying, by the mobile computing device, and based at least on the first policy, a first group of controls to the first application executing in the first container, wherein the first group of controls are at least configured to restrict access of the first application to a first group of resources provided by the mobile computing device, and to control communications with the first application, wherein the first container defines a first domain in which the first application is executed; and
applying, by the mobile computing device, and based at least on the second policy, a second group of controls to the second application executing in the second container and to the third application executing in the third container, wherein the second group of controls are at least configured to restrict access of the second application and the third application to a second group of resources provided by the mobile computing device, and to control communications with the second application and the third application, wherein the second container defines a second domain in which the second application is executed, and wherein the third container also defines the second domain in which the third application is executed.

US Pat. No. 10,402,179

APPLICATION RANDOMIZATION MECHANISM

ARCHITECTURE TECHNOLOGY C...

1. A method comprising:generating, by a computing system comprising one or more processors, first unique configuration information;
generating, by the computing system and based on the first unique configuration information, a first unique instance of a software component that is executable on a runtime computing system, wherein the computing system creates a first modification to an operating system kernel application binary interface (ABI) as part of generating the first unique instance of the software component, and wherein the first unique instance of the software component uses the first modification to the operating system kernel ABI;
generating, by the computing system, second unique configuration information, wherein the second unique configuration information is different from the first unique configuration information; and
generating, by the computing system and based on the second unique configuration information, a second unique instance of the software component that is executable on the runtime computing system, wherein the computing system creates a second modification to the operating system kernel ABI as part of generating the second unique instance of the software component, wherein the first modification to the operating system kernel ABI is different than the second modification to the operating system kernel ABI, and wherein the second unique instance of the software component uses the second modification to the operating system kernel ABI,
wherein the first and second unique instances of the software component comprise different instances of the same software component that each are configured to have uniquely different operating characteristics during execution on the runtime computing system.

US Pat. No. 10,235,892

AIRCRAFT SURFACE STATE EVENT TRACK SYSTEM AND METHOD

ARCHITECTURE TECHNOLOGY C...

1. A method, executed by a processor, for autonomous monitoring and reporting of aircraft surface state for aircraft operating at an airport, comprising:the processor receiving digital signals information from sensors located on a mobile device onboard an airplane departing the airport;
the processor verifying an identification of the airplane and flight and identifying an expected departure sequence of aircraft surface states;
the processor monitoring, identifying, and analyzing additional digital signals information received from the mobile device, comprising:
identifying aircraft movement events, comprising:
receiving aircraft sound signature data from and collected by the mobile device;
comparing the aircraft sound signature data to known data;
determining aircraft movement events based on the comparison,
receiving aircraft motion data from and collected by the mobile device;
analyzing the aircraft motion data; and
determining aircraft movement events based on the analysis,
logging the aircraft movement events, and
determining the logged aircraft movement events correspond to events indicative of an aircraft surface state;
the processor directing transmission of an aircraft surface state reached message to Local and Center flight management; and
the processor executing a statistical routine and providing statistical data from the execution relating to an occurrence of expected upcoming aircraft surface state events and directing transmission of the statistical data with the aircraft surface state reached message.

US Pat. No. 10,200,406

CONFIGURATION OF APPLICATION RANDOMIZATION MECHANISM

Architecture Technology C...

1. A method comprising:receiving, by a computing system that comprises one or more processors, configuration data;
initializing, by the computing system, a plurality of virtual machines (VMs), wherein initializing the plurality of VMs comprises:
for each respective VM of the plurality of VMs:
selecting, by the computing system, based on the configuration data, an operating system for the respective VM from among a plurality of operating systems specified by the configuration data;
selecting, by the computing system, based on a rule specified by the configuration data regarding which software programs are usable with the selected operating system for the respective VM, a software program for the respective VM from among a plurality of software programs specified by the configuration data;
generating, by the computing system, a respective randomized instance of the selected operating system for the respective VM, wherein the respective randomized instance of the selected operating system for the respective VM has a respective randomized Application Binary Interface (ABI);
generating, by the computing system, a respective randomized instance of the selected software program for the respective VM, the respective randomized instance of the selected software program configured to use the respective randomized ABI of the respective randomized instance of the selected operating system for the respective VM; and
installing, by the computing system, the respective randomized instance of the selected operating system for the respective VM and the respective randomized instance of the selected software program for the respective VM on the respective VM,
wherein none of the randomized ABIs of the plurality of VMs is the same as another one of the randomized ABIs of the plurality of VMs; and
deploying, by the computing system, the plurality of VMs.

US Pat. No. 10,235,357

COMMUNITY-BASED REPORTING AND ANALYSIS SYSTEM AND METHOD

ARCHITECTURE TECHNOLOGY C...

1. A community-based reporting and analysis system comprising a program of instructions stored on a non-transitory computer-readable storage medium, wherein when executed, the program of instructions cause a processor to:generate a domain of interest;
based on the domain of interest, identify known terms in one or more resources, the known terms corresponding to named entities, wherein, for one or more known terms, the processor:
tweaks one or more known terms to produce an expanded list of known terms, each tweaked known term in the expanded list of known terms corresponding to the named entity, and
stores the known terms and the expanded list of known terms with a link from the expanded list of known terms to an original known term;
use the known terms to train a neural network by iteratively applying the known terms to an input layer of the neural network and reading an output of an output layer of the neural network;
receive a document related to the domain of interest;
apply a natural language processing system to parse the document to identify one or more data items in the document;
apply the parsed document to the trained neural network, thereby causing the neural network to:
extract one or more of the identified data items from the parsed document, comprising the neural network:
applying a data item to a series of layers of the neural network; and
providing an output to the processor,
determine that the data item comprises a true mention of a named entity based on the output, wherein the processor determines that the data item is a true mention when the neural network output indicates the data item matches exactly a known term in a list of named entities;
analyze circumstances in which the true mention of the named entity appears in the parsed document; and
determine, based on the analyzed characteristics, that the document is a true document.

US Pat. No. 10,565,307

COMMUNITY-BASED REPORTING AND ANALYSIS SYSTEM AND METHOD

ARCHITECTURE TECHNOLOGY C...

1. A system for determining that documents are true documents, comprising:a processor;
a document input component and data store; and
a non-transitory computer-readable storage medium having encoded thereon a program of instructions, that when executed, cause the processor to:
control the input component to receive a document related to a domain of interest;
apply a natural language processing system to parse the document to identify one or more data items in the document;
apply the parsed document to a trained neural network, thereby causing the neural network to extract one or more of the identified data items from the parsed document, comprising the neural network:
applying a data item to a series of layers of the neural network; and
providing an output to the processor,
determine that the data item comprises a true mention of a named entity based on the output, wherein the processor determines that the data item is a true mention when the neural network output indicates the data item matches exactly a known term in a list of named entities;
analyze circumstances in which the true mention of the named entity appears in the parsed document; and
determine, based on the analyzed characteristics, that the document is a true document.

US Pat. No. 10,557,918

MOBILE EMERGENCY PERIMETER SYSTEM AND METHOD

ARCHITECTURE TECHNOLOGY C...

1. A method for establishing and controlling a mobile perimeter at a fixed or moving geographic location and for determining a geographic location of an emitting radio frequency (RF) emitter in a vicinity of the mobile perimeter, comprising:at each of a plurality of RF sensors:
receiving an RF transmission,
processing the received RF transmission to produce RF signal data, and
wirelessly transmitting the RF signal data to a central station; and
at the central station, a processor:
executing a cross-correlation process to:
compare characteristics of pairs of RF signal data;
based on the compared characteristics, determine a time difference of arrival (TDOA) between RF transmissions received at each RF sensor of a pair of RF sensors, and
repeat the cross-correlation process for each pair of RF sensors from which RF signal data are received; and
using the TDOA values for two or more pairs of RF sensors, the processor determining a location estimate for the RF emitter.

US Pat. No. 10,547,679

CLOUD DATA SYNCHRONIZATION BASED UPON NETWORK SENSING

Architecture Technology C...

1. A method for cloud data synchronization, the method comprising:generating, by a cloud server, a breakaway cloudlet containing copies of one or more cloud databases and one or more cloud application programs associated with one or more service systems in the cloud server;
uploading, by the cloud server, the breakaway cloudlet to a client device associated with a client device identifier, the breakaway cloudlet configured to operate independently as a remote cloud server when the client device is disconnected from the cloud server;
updating, by the cloud server, the one or more cloud databases and the one or more cloud application programs within the cloud server based upon execution of one or more cloud tasks by the cloud server;
tracking, by the cloud server using one or more cloud proxy executable files, the updates to the one or more cloud databases and the one or more cloud application programs within the cloud server in one or more transaction log files;
storing, by the cloud server using the one or more cloud proxy executable files, the one or more transaction log files in a cloud proxy database;
selecting, by the cloud server, a set of updates associated with the client device in the one or more transaction log files stored in the cloud proxy database using the client device identifier;
retrieving, by the cloud server, a set of selection criteria associated with the client device identifier;
assigning, by the cloud server, a first priority to a first subset of updates in the set of updates and a second priority to second subset in the set of updates based on the set of selection criteria, wherein the first priority is higher than the second priority;
determining, by the cloud server, bandwidth value of a communications link in a network connecting the cloud server with the client device; and
in response to determining by the cloud server that the bandwidth value of the communications link is below a predetermined threshold value:
transmitting, by the cloud server to the client device, the first subset of updates before transmitting the second subset of updates.

US Pat. No. 10,540,502

SOFTWARE ASSURANCE FOR HETEROGENEOUS DISTRIBUTED COMPUTING SYSTEMS

ARCHITECTURE TECHNOLOGY C...

1. A method comprising:generating, by an analysis computing system comprising processing circuitry, data representing a risk model for a distributed computing system, wherein:
the risk model comprises a plurality of tree nodes organized as a tree,
for each respective tree node of the risk model, the respective tree node corresponds to a respective event that may befall the distributed computing system,
for each respective non-leaf tree node of the risk model, the events corresponding to child tree nodes of the respective non-leaf tree node are preconditions of the event corresponding to the respective non-leaf tree node, and
the tree nodes of the risk model include a first inspected tree node and a second inspected tree node;
generating, by the processing circuitry of the analysis computing system, data associating a first test agent with a first target, the first test agent configured to perform a data gathering routine that gathers data from the first target associated with the first test agent, the first target associated with the first test agent comprising a first set of one or more system nodes in the distributed computing system;
generating, by the processing circuitry, data associating the first inspected tree node of the risk model with the first test agent, the data gathered by the data gathering routine of the first test agent comprising data indicating whether the event corresponding to the inspected tree node is occurring or has occurred;
generating, by the processing circuitry of the analysis computing system, data associating a second test agent with a second target, the second test agent being different from the first test agent, the second test agent configured to perform a data gathering routine that gathers data from the second target associated with the second test agent, the second target associated with the second test agent comprising a second set of one or more system nodes in the distributed computing system;
generating, by the processing circuitry, data associating the second inspected tree node of the risk model with the second test agent, the data gathered by the data gathering routine of the second test agent comprising data indicating whether the event corresponding to the inspected tree node is occurring or has occurred;
performing, by the processing circuitry, according to a first predefined schedule that specifies a recurrence pattern of the data gathering routine of the first test agent, the data gathering routine of the first test agent;
performing, by the processing circuitry, according to a second predefined schedule that specifies a recurrence pattern of the data gathering routine of the second test agent, the data gathering routine of the second test agent;
outputting, by the processing circuitry, a graphical representation of the data indicating whether the event corresponding to the first inspected tree node is occurring or has occurred; and
outputting, by the processing circuitry, a graphical representation of the data indicating whether the event corresponding to the second inspected tree node is occurring or has occurred.

US Pat. No. 10,534,604

SOFTWARE REFACTORING SYSTEMS AND METHODS

ARCHITECTURE TECHNOLOGY C...

1. A computer-implemented method comprising:creating, by a computing device, an abstract syntax tree based on a source code file of a software application, the source code file including source code defining operations of the software application;
traversing, by the computing device, the abstract syntax tree;
identifying, by the computing device and based on the traversing of the abstract syntax tree, one or more code violations present in the source code;
generating, by the computing device, at least one refactoring option for each code violation of the one or more code violations, each refactoring option of the at least one refactoring option representing a change to the source code file that is configured to remediate the associated code violation;
displaying, by the computing device, a segment of the source code including the one or more code violations and the associated at least one refactoring option for each code violation to a user;
receiving, by the computing device, an indication of a selection, by the user, of a first refactoring option of the at least one refactoring option associated with a first code violation; and
changing, by the computing device, the source code file based on the first refactoring option.

US Pat. No. 10,412,116

MECHANISM FOR CONCEALING APPLICATION AND OPERATION SYSTEM IDENTITY

ARCHITECTURE TECHNOLOGY C...

1. A method comprising:initializing, by a computing system comprising one or more processors, a virtual machine (VM), wherein initializing the VM comprises:
obtaining, by the computing system, an unmodified operating system that is compatible with a first computing device and a second computing device of the computing system;
modifying, by the computing system, in a first manner, unmodified version of the operating system to form a first modified version of the operating system;
modifying, by the computing system, in a second manner, the unmodified version of the operating system to form a second modified version of the operating system, wherein:
(1) each of the first modified version of the operating system, the second modified version of the operating system, and the unmodified version of the operating system sets a respective implementation-dependent parameter of response messages, which conform to a communication protocol, to a different value under same conditions, and/or
(2) each of the first modified version of the operating system, the second modified version of the operating system, and the unmodified version of the operating system produces respective response messages in which same sets of two or more implementation-dependent parameters are sequenced in a different order;
installing, by the computing system, the first modified version of the operating system in a first instance of the VM; and
installing, by the computing system, the second modified version of the operating system in a second instance of the VM;
deploying, by the computing system, the first instance of the VM on the first computing device of the computing system;
deploying, by the computing system, the second instance of the VM on the second computing device of the computing system;
setting, by the first modified version of the operating system deployed on the first computing device of the computing system, the implementation-dependent parameter to a first value;
setting, by the second modified version of the operating system deployed on the second computing device of the computing system, the implementation-dependent parameter to a second value that is different from the first value;
generating, by the first modified version of the operating system deployed on the first computing device of the computing system, a first message that conforms to the communication protocol, the first message including the first value of the implementation-dependent parameter;
generating, by the second modified version of the operating system deployed on the second computing device of the computing system, a second message that conforms to the communication protocol, the second message including the second value of the implementation-dependent parameter;
sending, by the first modified version of the operating system, from the first computing device of the computing system, the first message to a remote device; and
sending, by the second modified version of the operating system, from the second computing device of the computing system, the second message to the remote device.

US Pat. No. 10,372,428

DYNAMIC COMPUTATIONAL ACCELERATION USING A HETEROGENEOUS HARDWARE INFRASTRUCTURE

Architecture Technology C...

1. A method comprising:in a distributed computing environment comprising a plurality of distributed computing systems that are communicatively coupled to one another via at least one network, identifying, during execution of a software application, platform-independent instructions that are configured to perform at least one computational task associated with execution of the software application, wherein the plurality of computing systems includes a heterogeneous group of specialized processing units, wherein the platform-independent instructions have a platform-independent format that is not specific to any particular processing unit of the heterogeneous group of specialized processing units, wherein the software application is associated with an application executable previously compiled from application source code using a first compiler, wherein the software application is further associated with the platform-independent instructions that, prior to execution of the software application, were compiled from computational source code using a second compiler, and wherein the platform-independent instructions are not native to or executable by any particular processing unit of the heterogeneous group of specialized processing units;
determining real-time performance information to collect and store during performance of the at least one computational task by the heterogeneous group of specialized processing units, wherein the real-time performance information indicates an amount of one or more constrained resources utilized by one or more of the specialized processing units while performing the at least one computational task during execution of platform-dependent instructions that are specific to each respective specialized processing unit;
after identifying the platform-independent instructions, determining one or more scheduling criteria that are associated with the platform-independent instructions, wherein the one or more scheduling criteria are based at least in part on the real-time performance information previously collected while performing the at least one computational task by the one or more of the specialized processing units during prior execution of platform-dependent instructions specific to each respective specialized processing unit;
selecting, from the heterogeneous group of specialized processing units and based on the one or more scheduling criteria, a specialized processing unit to perform the at least one computational task, wherein selecting the specialized processing unit comprises selecting one of the heterogeneous group of specialized processing units that utilizes a relatively fewer amount of the one or more constrained resources, with respect to one or more other specialized processing units in the group, when performing the at least one computational task during execution of platform-dependent instructions specific to the selected specialized processing unit;
during execution of the software application, converting the platform-independent instructions into the platform-dependent instructions that are specific to the selected specialized processing unit, wherein the application executable includes references, provided by one or more libraries, to the platform-independent instructions that are resolved at runtime during execution of the software application, and wherein the platform-dependent instructions comprise optimized native code executable by the selected specialized processing unit; and
providing the platform-dependent instructions to the selected specialized processing unit for execution in order to perform the at least one computational task.

US Pat. No. 10,235,894

ADVISOR SYSTEM AND METHOD

ARCHITECTURE TECHNOLOGY C...

1. An aircraft advisory system installed on a first aircraft operating on a movement surface of an airport, the advisory system comprising:a cockpit display configured to provide advisories to cockpit personnel;
a receiver configured to receive surveillance signals associated with a second aircraft operating on a runway surface of the airport or on approach to the runway surface;
a processor system, comprising:
a processor, and
a non-transitory, computer-readable storage medium having encoded thereon machine instructions that the processor executes to:
determine a projected path vector for the first aircraft;
determine a projected movement vector for the second aircraft, comprising:
determine a health of the advisory system,
determine the health is a sufficient health,
determine a quality of the surveillance signals,
determine the quality is a sufficient quality, and
compute the projected movement vector, comprising:
 determining multiple instances of velocity and acceleration and determining latitude, longitude, and altitude of the second aircraft; and
 generating a three-dimensional vector projection of movement of the second aircraft based on one or more most recent instances of the velocity, acceleration, latitude, longitude, and altitude of the second aircraft,
determine an existence of an interference condition between the projected path vector and the projected movement vector, comprising:
comparing the path vector with the projected movement vector; and
designating the existence of the interference condition when the path vector and the projected movement vector cross within a specified threshold, and
issue an advisory indicating the interference condition for rendering on the cockpit display, wherein to further determine the quality of the surveillance signals, the processor determines that multiple instances of the projected movement vector follow a consistent path by comparing the latitude, longitude, and altitude of each of the multiple instances.

US Pat. No. 10,600,335

ADAPTIVE TEAM TRAINING EVALUATION SYSTEM AND METHOD

ARCHITECTURE TECHNOLOGY C...

1. A computer-implemented adaptive group training method comprising:a computer accessing a virtual system and initiating a group training exercise for training a trainee group comprising one or more trainees, the group training exercise comprising one or more challenges to the virtual system, each of the one or more challenges including a pre-defined sequence of one or more injectable events;
the computer controlling subsequent execution of the group training exercise comprising injecting the injectable events; and
the computer evaluating performance of the trainee group during the subsequent execution of the group training exercise, comprising:
analyzing actions taken by the trainee group in response to each of the injections, and
attributing one or more of the actions taken to a trainee.

US Pat. No. 10,558,809

SOFTWARE ASSURANCE SYSTEM FOR RUNTIME ENVIRONMENTS

ARCHITECTURE TECHNOLOGY C...

1. A method comprising:monitoring, by an analysis computing system, execution of one or more applications on a runtime computing system, wherein the runtime computing system includes a plurality of processing units that perform one or more operations during execution of the one or more applications;
during execution of the one or more applications on the runtime computing system, receiving, by the analysis computing system and from the runtime computing system, monitoring information that includes at least one of function call data or application programming interface call data associated with the one or more operations performed by the plurality of processing units during execution of the one or more applications, wherein the at least one of the function call data or the application programming interface call data comprises at least one ordered sequence of a plurality of function calls or application programming interface calls that are each intercepted by at least one function hook or application programming interface hook during execution of the one or more applications on the runtime computing system;
importing, by the analysis computing system, the monitoring information into a risk model;
analyzing, by the analysis computing system, the monitoring information within the risk model to determine one or more potential vulnerabilities and one or more potential impacts of the one or more potential vulnerabilities in the runtime computing system, wherein the one or more potential vulnerabilities are associated with execution of the one or more applications on the runtime computing system, and wherein the one or more potential vulnerabilities are further associated with at least one unexpected call sequence or unexpected call stack associated with the at least one ordered sequence of the plurality of function calls or application programming interface calls; and
outputting, by the analysis computing system and for display in a graphical user interface, a graphical representation of the one or more potential vulnerabilities and the one or more potential impacts in the risk model.

US Pat. No. 10,554,685

SELF-HEALING ARCHITECTURE FOR RESILIENT COMPUTING SERVICES

ARCHITECTURE TECHNOLOGY C...

1. A method comprising:initializing, by a distributed computing system, a plurality of virtual machines (VMs) configured to provide a service, wherein:
the distributed computing system hosts a first VM of the plurality of VMs,
the distributed computing system hosts a second VM of the plurality of VMs,
the first VM is in an active mode and the second VM is not in the active mode,
initializing the plurality of VMs comprises, for each respective VM of the plurality of VMs:
generating a unique Application Binary Interface (ABI) for an operating system for the respective VM;
compiling a software application such that the software application is configured to use the unique ABI for the operating system for the respective VM; and
installing the operating system for the respective VM and the compiled software application on the respective VM,
wherein, for each respective VM of the plurality of VMs, the ABI for the operating system for the respective VM is different from the ABIs for the operating systems for each other VM of the plurality of VMs;
dispatching, by the distributed computing system, to one or more VMs of the plurality of VMs that provide the service and are in the active mode, one or more request messages for the service;
determining, by the distributed computing system, in response to software in the first VM invoking a system call in a manner inconsistent with the unique ABI for the operating system of the first VM, that a failover event has occurred; and
responsive to determining that the failover event has occurred, failing over, by the distributed computing system, from the first VM to the second VM such that the second VM is in the active mode instead of the first VM.

US Pat. No. 10,452,466

AUTOMATED SYSTEM MAINTENANCE CAPABILITIES FOR A COMPUTING SYSTEM

ARCHITECTURE TECHNOLOGY C...

1. A method comprising:receiving, by at least one software application executing on a client computing system, one or more cross-platform system maintenance rules that are generated by and sent from a central server computing system, wherein the one or more cross-platform system maintenance rules specify one or more cross-platform system maintenance operations to be performed on the client computing system and further specify scheduling information for performance of the one or more cross-platform system maintenance operations, and wherein the one or more cross-platform system maintenance rules are not specific to any particular type of software operating system;
determining, by the at least one software application executing on the client computing system, a type of software operating system currently being executed by the client computing system;
determining, by the at least one software application executing on the client computing system, based on the one or more cross-platform system maintenance rules and further based on the type of software operating system currently being executed by the client computing system, one or more platform-specific system maintenance rules that specify one or more platform-specific system maintenance operations to be performed on the client computing system and further specify scheduling information for performance of the one or more platform-specific system maintenance operations, wherein the one or more platform-specific system maintenance rules are specific to the type of software operating system currently being executed by the client computing system;
determining, by the at least one software application executing on the client computing system, and based on the scheduling information identified by the one or more platform-specific system maintenance rules, a schedule indicating when to perform the one or more platform-specific system maintenance operations;
initiating, by the at least one software application executing on the client computing system, performance of the one or more platform-specific system maintenance operations in accordance with the schedule;
collecting, by the at least one software application executing on the client computing system, one or more results associated with the performance of the one or more platform-specific system maintenance operations;
generating, by the at least one software application executing on the client computing system, at least one summary report that includes the one or more results; and
sending, by the at least one software application executing on the client computing system, and to the central server computing system, the at least one summary report.

US Pat. No. 10,412,114

APPLICATION RANDOMIZATION MECHANISM

ARCHITECTURE TECHNOLOGY C...

1. A method comprising:initializing, by a computing system comprising one or more processors, a virtual machine (VM), wherein initializing the VM comprises:
generating, by the computing system, a randomized instance of an operating system, the randomized instance of the operating system having a randomized calling convention for a system call of an operating system, wherein:
the randomized calling convention for the system call is a first scheme for how the system call receives parameters from a caller of the system call and how the system call returns a result, if any,
a publicly available calling convention for the system call is a second scheme for how the system call receives parameters from the caller of the system call and how the system call returns the result, if any, and
the randomized calling convention for the system call is different from a publicly available calling convention for the system call;
generating, by the computing system, a randomized instance of a software program, the randomized instance of the software program configured to use the randomized calling convention for the system call when invoking the system call; and
installing, by the computing system, the randomized instance of the operating system and the randomized instance of the software program on the VM;
deploying, by the computing system, the VM;
determining, by the computing system, that a first software process running on the VM has invoked the system call;
determining, by the computing system, which one of the following applies: (i) the first software process invoked the system call using the randomized calling convention for the system call, or (ii) the first software process invoked the system call not using the randomized calling convention for the system call;
responsive to determining that the first software process invoked the system call not using the randomized calling convention for the system call, performing, by the computing system, a cybersecurity defense action;
determining, by the computing system, that a second software process running on the VM has invoked the system call;
determining, by the computing system, which one of the following applies: (i) the second software process invoked the system call using the randomized calling convention for the system call, or (ii) the second software process invoked the system call not using the randomized calling convention for the system call; and
responsive to determining that the second software process invoked the system call using the randomized calling convention for the system call, performing, by the computer system, the system call without performing the cybersecurity defense action.

US Pat. No. 10,628,560

PERMISSION REQUEST SYSTEM AND METHOD

ARCHITECTURE TECHNOLOGY C...

1. A method for managing privilege access in a computer system by applications executing on the computer system, comprising:receiving a system call request from an application, the system call request requesting access to resources of the computer system;
determining, by a processor, a status of the system call request as one of permanently allowed and not permanently allowed by consulting a privilege profile for the application;
for a not permanently allowed system call request;
generating, by the processor, a volatile access control list for the non-permanently-allowed system call request,
providing a user with a system call request prompt comprising a plurality of actions,
receiving, by the processor, an action selection from the user,
performing a privilege operation for the system call request based on the received action, and
storing the privilege operation for the system call request in the privilege profile for the application; and
for a permanently allowed system call request:
invoking a persistent access control list,
granting access to the resources, and
storing the access grant privilege operation in the privilege profile for the application.

US Pat. No. 10,621,365

OBFUSCATION FOR HIGH-PERFORMANCE COMPUTING SYSTEMS

ARCHITECTURE TECHNOLOGY C...

1. A method comprising:initializing, by an obfuscation computing system, communications with a plurality of nodes in a distributed computing platform, wherein the plurality of nodes includes one or more compute nodes that provide one or more resources in the distributed computing platform, wherein the plurality of nodes further includes a controller node that performs resource management of the one or more resources in the distributed computing platform, and wherein the obfuscation computing system serves as an intermediary between the controller node and the one or more compute nodes; and
performing, by the obfuscation computing system, at least one of:
(a) code-level obfuscation for the distributed computing platform to obfuscate interactions between a user computing system and the plurality of nodes, wherein performing the code-level obfuscation comprises:
obfuscating, based on a first group of customizable obfuscation policies stored by the obfuscation computing system, data associated with one or more commands provided by the user computing system to generate one or more obfuscated commands; and
sending the one or more obfuscated commands to at least one of the plurality of nodes in the distributed computing platform; or
(b) system-level obfuscation for the distributed computing platform, wherein performing the system-level obfuscation comprises performing, based on a second group of customizable obfuscation policies stored by the obfuscation computing system, at least one of obfuscating system management tasks that are performed to manage the plurality of nodes or obfuscating network traffic data that is exchanged between the plurality of nodes, wherein the second group of customizable obfuscation policies is different from the first group of customizable obfuscation policies.

US Pat. No. 10,560,351

NETWORK MONITORING TOOL FOR SUPERCOMPUTERS

Architecture Technology C...

1. A method for monitoring a supercomputer nodes network:monitoring, by an application monitoring module of a network monitoring device, communication messages between a plurality of processes being executed by a plurality of supercomputer nodes;
generating, by the application monitoring module of the network monitoring device, a virtual network topology containing a plurality of virtual communication links between the plurality of processes being executed by the plurality of supercomputer nodes based upon the monitoring of the communication messages;
determining, by the application monitoring module of the network monitoring device, a number of the communication messages being transmitted on each of the plurality of virtual communication links and a bandwidth value for each of the plurality of virtual communication links;
monitoring, by a traffic monitoring module of the network monitoring device, network traffic in a plurality of communication links interconnecting the plurality of supercomputer nodes;
generating, by the traffic monitoring module of the network monitoring device, a global networking view of the network traffic of the plurality of the supercomputer nodes and the interconnecting plurality of communication links;
receiving, by a topology mapping module of the network monitoring device, an API call for mapping a new application to the plurality of supercomputer nodes; and
mapping, by the topology mapping module of the network monitoring device, the new application to the plurality of supercomputer nodes that are currently available based upon the virtual network topology and the global networking view of the network traffic.

US Pat. No. 10,454,891

CONTEXT-AWARE NETWORK AND SITUATION MANAGEMENT FOR CRYPTO-PARTITIONED NETWORKS

ARCHITECTURE TECHNOLOGY C...

1. A method for providing network management, the method comprising:gathering first network information from first network elements in one or more trusted networks;
receiving second network information through a one-way guard, the second information from second network elements in one or more untrusted networks;
correlating one or more data flows associated with the first network information to one or more encrypted data tunnels associated with the second network information to form fused network information;
generating a cross-domain network topology for the one or more trusted networks and the one or more untrusted networks based on the fused network information, wherein the cross-domain network topology depicts at least one of the one or more data flows in the trusted network as being contained in at least one of the one or more encrypted data tunnels based on the correlation of the one or more data flows in the trusted network to the one or more encrypted data tunnels in the untrusted network; and
managing at least one of the second network elements identified in the cross-domain topology.

US Pat. No. 10,656,940

SYSTEMS, DEVICES, AND METHODS FOR SOURCE CODE GENERATION FROM BINARY FILES

Architecture Technology C...

1. A method comprising:identifying, by a hardware processor, a predetermined machine code string embedded in a binary file;
disassembling, by the hardware processor, the binary file such that an assembly language set is generated;
inputting, by the hardware processor, the assembly language set to a front end of a multistage compiler such that the front end generates an abstract syntax tree, wherein the multistage compiler includes a back end;
inputting, by the hardware processor, the abstract syntax tree into an artificial neural network such that the artificial neural network identifies a compiler optimization in the abstract syntax tree;
de-optimizing, by the hardware processor, the abstract syntax tree such that the compiler optimization is removed and a transformed abstract syntax tree is generated without the compiler optimization; and
inputting, by the hardware processor, the transformed abstract syntax tree to the back end such that the back end generates a high level source code based on the predetermined machine code string, wherein the high level source code corresponds to the binary file.

US Pat. No. 10,657,548

PRODUCT OBSOLESCENCE FORECAST SYSTEM AND METHOD

ARCHITECTURE TECHNOLOGY C...

1. A product obsolescence forecast system comprising machine instructions stored in a non-transitory computer readable storage medium, the machine instructions, when executed, causing a processor to:access data items related to a first product and one or more second products designated as similar to the first product, the first product and each of the one or more second products belonging to a same class of products;
extract data elements from the data items;
reformat the data elements as analyzable data elements and store the analyzable data elements in an analyzable data structure, wherein the processor:
generates a data element similarity matrix for the plurality of the second products and the first product, and
from the data element similarity matrix, identifies a primary determinant of product obsolescence;
input the identified primary determinant to a Bayesian neural network to generate an observation comprising a forecast obsolescence date for the first product; and
using the forecast obsolescence date, determine one or more impacts based on the forecast obsolescence date.

US Pat. No. 10,652,220

SYSTEMS AND METHODS FOR SECURE DATA TRANSPORT

Architecture Technology C...

1. A computer-implemented method, comprising:compressing, by a first computer, a data packet by removing a portion of a header of the data packet to generate an inner layer compressed data packet;
encrypting, by the first computer, the inner layer compressed data packet with an inner layer cryptographic key to generate an inner layer compressed encrypted data packet;
compressing, by the first computer, the inner layer compressed encrypted data packet by removing a portion of a header of the inner layer compressed encrypted data packet to generate an outer layer compressed data packet;
encrypting, by the first computer, the outer layer compressed data packet with an outer layer cryptographic key to generate an outer layer compressed encrypted data packet;
transmitting, by the first computer, the outer layer compressed encrypted data packet to a secure network;
receiving, by a second computer interfacing the secure network, the outer layer compressed encrypted data packet to the secure network;
decrypting, by the second computer, the outer layer compressed encrypted data packet using the outer layer cryptographic key to derive the outer layer compressed data packet;
decompressing, by the second computer, the outer layer compressed data packet by adding header information derived by the second computer from a previous outer layer encrypted data packet to derive the inner layer compressed encrypted data packet;
decrypting, by the second computer, the inner layer compressed encrypted data packet using the inner layer cryptographic key to derive the inner layer compressed data packet;
decompressing, by the second computer, the inner layer compressed data packet by adding header information derived by the second computer from a previous data packet to derive the data packet; and
transmitting, by the second computer, the data packet to the secure network.

US Pat. No. 10,650,690

ADVISOR SYSTEM AND METHOD

ARCHITECTURE TECHNOLOGY C...

1. On a first aircraft operating on a movement area of an airport, an aircraft-based, aircraft-centric advisory system, comprising:an output system coupled to an aircraft cockpit display;
a radiofrequency (RF) front end, comprising:
a receiver configured to receive ownship data, airport environmental factors, and surveillance signals associated with a second aircraft; and
a processor system, comprising:
a processor, and
a non-transitory, computer-readable storage medium having encoded thereon machine instructions that the processor executes to:
determine a health of the advisory system is sufficient to rely on an advisory from the advisory system, comprising:
determining a quality of the airport environmental factors input to the advisory system;
determining a quality of the received surveillance signals is a sufficient quality including determining sufficient accuracy and minimal latency of the received surveillance signals, and
determining a proper operation of the advisory system, comprising:
 determining advisory system memory utilization by the processor is below a threshold value; and
 determining advisory system processor utilization of the processor is below a threshold value,
determine a potential interference condition between the first aircraft and the second aircraft, comprising:
determining a projected path vector of the first aircraft based on the received ownship data,
determining a projected movement vector of the second aircraft based on the surveillance signals received at the first aircraft and indicating movement of the second aircraft, and
determining the projected path vector and the projected movement vector intersect; and
provide an advisory for display on the aircraft cockpit display.

US Pat. No. 10,614,252

PEER INTEGRITY CHECKING SYSTEM

ARCHITECTURE TECHNOLOGY C...

1. A method comprising:generating a database that contains file properties for a set of valid system files for a non-compromised operating system of a host computer;
storing the database in a distributed manner throughout a peer-to-peer (P2P) network of nodes using a distributed hash table to select the nodes of the P2P network such that two or more nodes of the P2P network store different portions of the database; and
performing, by a first node of the P2P network, an integrity check of a second node of the P2P network to detect whether a system file of an operating system currently executing on the second node of the P2P network has been compromised by:
outputting, by the first node, a challenge to the second node of the P2P network requesting file properties of the system files for the operating system currently executing on the second node,
accessing, by the first node and using the distributed hash table, the database distributed throughout the P2P network to retrieve the file properties of the valid system files from the database,
receiving, by the first node, the file properties of the system files for the operating system currently executing on the second node,
comparing, by the first node, the file properties of the system files of the operating system currently executing on the second node to the file properties retrieved from the database distributed throughout the P2P network,
determining, by the first node, that the system files for the operating system currently executing on the second node have been compromised, and
initiating, by the first node, a counter-measure on the second node.

US Pat. No. 10,616,324

DECENTRALIZED LEDGER SYSTEM AND METHOD FOR ENTERPRISES

ARCHITECTURE TECHNOLOGY C...

1. A computer-implemented method for managing enterprise transactions, comprising:creating, by a processor, a network overlay to a physical communications network;
adding one or more nodes to the network overlay;
designating a plurality nodes of the network overlay as super nodes, comprising:
receiving an identification of a node and an identification of resource capabilities of a node, and
determining the identified resource capabilities of the node are sufficient to allow the node to function as a super node, comprising, in a bandwidth-limited environment, using a link sensing mechanism to determine sufficient bandwidth is available at the node for transmission of information;
generating a distributed ledger to store the transactions, comprising:
receiving, at the super node, transactions from the one or more nodes,
assigning, by the super node, the transactions to a variable size block,
validating, by the super nodes, the variable size block, comprising each of a plurality of the super node executing a block validity voting process comprising:
computing a hash based on the variable size block;
comparing the hash to a target value;
generating a block valid vote when the hash meets the target value and a block invalid vote when the hash does not meet the target value;
accumulating block valid votes and block invalid votes from the super nodes; and
designating the block valid when at least a majority of votes in the block validity voting process are block valid votes, and
linking the validated variable size block to the distributed ledger; and
replicating the distributed ledger to all nodes of the network overlay.

US Pat. No. 10,284,592

APPLICATION RANDOMIZATION MECHANISM

Architecture Technology C...

1. A method comprising:initializing, by a computing system comprising one or more processors, a plurality of virtual machines (VMs), wherein initializing the plurality of VMs comprises, for each respective VM of the plurality of VMs, initializing the respective VM, wherein initializing the respective VM comprises:
generating, by the computing system, a respective randomized instance of an operating system, the respective randomized instance of the operating system having a respective randomized system call numbering scheme for the respective VM that associates a plurality of system calls of the operating system with a respective randomized set of call numbers different from a publicly available set of call numbers associated with the system calls of the operating system;
generating, by the computing system, a respective randomized instance of a software program, the respective randomized instance of the software program configured to use the respective randomized system call numbering scheme for the respective VM to invoke one or more of the system calls of the operating system using a respective one or more of the respective randomized set of call numbers; and
installing, by the computing system, the respective randomized instance of the operating system and the respective randomized instance of the software program on the respective VM,
wherein the randomized system call numbering schemes for the VMs are different in each of the randomized instances of the operating system;
deploying, by the computing system, the plurality of VMs;
determining, by the computing system, that a first software process running on a VM of the plurality of VMs has invoked a system call;
determining, by the computing system, whether the first software process invoked the system call using a call number in the randomized set of call numbers of the randomized system call numbering scheme for the VM; and
responsive to determining that the first software process invoked the system call not using any call number in the randomized set of call numbers of the randomized system call numbering scheme for the VM, performing, by the computing system, a cybersecurity defense action;
determining, by the computing system, that a second software process running on the VM has invoked the system call;
determining, by the computing system, whether the second software process invoked the system call using the call number in the randomized set of call numbers; and
responsive to determining that the second software process invoked the system call using the call number in the randomized call numbering scheme for the VM, executing, by the computer system, the system call corresponding to the call number without performing the cybersecurity defense action.

US Pat. No. 10,225,138

SCALABLE AND AUTOMATED NETWORK-PARAMETER ASSIGNMENT

Architecture Technology C...

1. A method comprising:in a Dynamic Host Configuration Protocol (DHCP) network comprising one or more configuration computing systems and one or more network devices, receiving, by the one or more configuration computing systems and from the one or more network devices, one or more augmented DHCP configuration messages;
determining, by the one or more configuration computing systems, that each of the one or more augmented DHCP configuration messages includes a message tag indicating that the respective augmented DHCP configuration message contains parameter information that includes a client identifier associated with a respective one of the one or more network devices, wherein each client identifier comprises at least one of a user log-in role or a reference number associated with a unit role or an organizational division of a network user of the respective one of the one or more network devices;
determining, by the one or more configuration computing systems, respective configuration data uniquely associated with the corresponding client identifiers included in the one or more augmented DHCP configuration messages that are usable to configure the one or more network devices; and
configuring, by the one or more configuration computing systems, based on the corresponding configuration data uniquely associated with the corresponding client identifiers, the one or more network devices.