Abstract: A data server platform includes a security file system layer interposed between the platform operating system kernel and file system. The secure file system layer is structured to implement a file access control function that selectively constrains data transfer operations initiated through the operating system kernel by an application program to transfer file data through the file system with respect to a persistent data store. A file access controller, implemented independent of the operating system kernel, is coupled to the security file system layer and supports the file access control function by defining permitted file data transfers through the file system. Management of the file access controller separate from the data server platform ensures that any security breach of the platform operating system kernel cannot compromise the function of the security file system layer.

Abstract: Methods and apparatus are disclosed for testing the scalability size of a Unit Under Test (UUT) bridging a WAN and a LAN. The method may be repeated until a desired scalability limit has been reached. The apparatus may verify the proper creation of bindings and static routes. The method may be performed by a Dynamic Host Control Protocol (DHCP) server in a system where the UUT comprises a router.

Abstract: A method of preventing UV charging of flash NVROM cells during fabrication and a device thereby formed. During device fabrication, a UV blocking layer is deposited over the floating gates. The UV blocking layer substantially blocks UV from entering the gate regions so as to prevent electron mobility sufficient to render the cells unprogrammable or unerasable. The reduced electron migration during processing of the NVROM leads to increased yield and reliability of the devices.

Abstract: A security server qualifies the execution of programs for networked host computer systems using a database storing pre-qualified program signatures and defined policy rules associating execution permission qualifiers with execution control values. The server executes a control program in response to execution requests received via a communications network interface from identifiable hosts, wherein a predetermined execution request received from a predetermined host computer system includes an identification of a program load request, request context related data, and a secure program signature. The control program determines an execution control value based on an evaluation of the execution request relative to the pre-qualified program signatures and defined policy rules. The execution control value is then returned to the predetermined host computer system to securely qualify the execution of the program identified from the program load request.

Abstract: The secure trust relationship between communicating programs is established at any policy defined level down to individual program instances. Policy enforcement modules installed on host computer systems support qualified encrypted communications channels between discretely selected program instances. Program instances are qualified to establish communication channels, each defined by a unique session encryption key, based on an evaluation of security data including the individual process execution contexts, user authorizations, and access attributes of the program instances. A security appliance server performs the policy-based qualification based on a mutually interdependent evaluation of the security data for both the communications channel source and target program instances.

Abstract: A network file access appliance operates as a secure portal for network file access operations between client computer systems and network storage resources. The file access appliance terminates network file access transactions, identified by packet information including client system, mount point, and file request identifiers, between client systems and mount points supported by the access controller. A policy parser determines, based on the packet information, to selectively initiate network file access transactions between the access controller and network storage resources to enable completion of selected network file access transactions directed from the clients to the network file access appliance. The network file access transactions directed to the network storage resources are modified counterparts of policy selected client network file access transactions modified to reference mapped network storage resource mount points and support the secure transfer and storage of network file data.

Abstract: An improved method of making a flash memory cell including a substrate having a floating gate of a first thickness includes depositing an insulator on the substrate and over the floating gate. The insulator is preferably a high quality oxide. A portion of the insulator not covering the floating gate has a second thickness which is greater than the first thickness of the floating gate. The method further includes polishing the insulator until the second thickness is substantially equal to the first thickness. Polishing results in a planar floating gate and insulator layer. The method further includes sequentially depositing a dielectric layer and a control gate layer on the planar floating gate and insulator layer and then etching these layers to complete the stacked gate structure of the memory cell.

Abstract: Host computer systems dynamically engage in independent transactions with servers of a server cluster to request performance of a network service, preferably a policy-based transfer processing of data. The host computer systems operate from an identification of the servers in the cluster to autonomously select servers for transactions qualified on server performance information gathered in prior transactions. Server performance information may include load and weight values that reflect the performance status of the selected server and a server localized policy evaluation of service request attribute information provided in conjunction with the service request. The load selection of specific servers for individual transactions is balanced implicitly through the cooperation of the host computer systems and servers of the server cluster.

Abstract: Communications between server computer systems of a cluster routinely exchange notice of configuration status and, on demand, transmit updated configuration data sets. Each status message identifies any change in the local configuration of a servers and, further, includes encrypted validation data. Each of the servers stores respective configuration data including respective sets of data identifying the servers known to the respective servers as participating in the cluster. Each status message, as received, is validating against the respective configuration data stored by the receiving server. A status message is determined valid only when originating from a server as known by the receiving server, as determined from the configuration data held by the receiving server. Where a validated originating server identifies updated configuration data, the receiving server requests a copy of the updated configuration data set, which must also be validated, to equivalently modify the locally held configuration data.

Abstract: A semiconductor chip having a plurality of flash memory devices, shallow trench isolation in the periphery region, and LOCOS isolation in the core region. A hard mask is used first to create the shallow trench isolation. The LOCOS isolation is then created. Subsequent etching is used to remove stringers. The flash memory is able to use shallow trench isolation to limit encroachment. The flash memory may also have a nitridated tunnel oxide barrier layer. A hard mask is used to prevent nitride contamination of the gate oxide layer. Periphery stacks have hate oxide layers of different thicknesses.

Abstract: A secure network file access appliance supports the secure access and transfer of data between the file system of a client computer system and a network data store. An agent provided on the client computer system and monitored by the secure network file access appliance ensures authentication of the client computer system with respect to file system requests issued to the network data store. The secure network file access appliance is provided in the network infrastructure with the client computer system and network data store to apply qualifying access policies to file system requests. The secure network file access appliance maintains an encryption key store and associates encryption keys with corresponding filesystem files to permit encryption and decryption of file data as transferred to and read from the network data store.

Abstract: A data server platform includes a security file system layer interposed between the platform operating system kernel and file system. The secure file system layer is structured to implement a file access control function that selectively constrains data transfer operations initiated through the operating system kernel by an application program to transfer file data through the file system with respect to a persistent data store. A file access controller, implemented independent of the operating system kernel, is coupled to the security file system layer and supports the file access control function by defining permitted file data transfers through the file system. Management of the file access controller separate from the data server platform ensures that any security breach of the platform operating system kernel cannot compromise the function of the security file system layer.

Abstract: A multilayer electrically conductive stack is formed in a semiconductor device prior to one step of photolithography. In this multilayer electrically conductive stack, alternate layers of the stack contain materials that differ in their refractive indices. In one instance, the electrically conductive stack can serve as an anti-reflective coating in the photolithographical processing. As the electrically conductive stack has chemical and electrical properties similar to those of an underlying device structures, removal of the multilayer stack after the photolithographical step is not required. In one instance, the electrically conductive stack can be used to form a gate structure or an interconnect structure. In an embodiment of the invention, alternate layers consist of Si1−xGex and Si, respectively.

Abstract: Network data files are secure through the operation of an infrastructure gateway-based network file access appliance. Network file data, corresponding to network pocket payload data, are further reduced to a sequence of data blocks that are secured through any combination of block encryption, compression, and digital signatures. File meta-data, including encryption, compression and block-level digital signatures are persistently stored with the file data, either in-band in the file as stored or out-of-band key as a separately stored file or file policy record. File meta-data is recovered with accesses of the file data to support bidirectional encryption and compression and to detect tampering with the file data by comparison against block-level digital signatures.

Abstract: A network file access appliance operates as a secure portal for network file access operations between client computer systems and network storage resources. The file access appliance terminates network file access transactions, identified by packet information including client system, mount point, and file request identifiers, between client systems and mount points supported by the access controller. A policy parser determines, based on the packet information, to selectively initiate network file access transactions between the access controller and network storage resources to enable completion of selected network file access transactions directed from the clients to the network file access appliance. The network file access transactions directed to the network storage resources are modified counterparts of policy selected client network file access transactions modified to reference mapped network storage resource mount points and support the secure transfer and storage of network file data.

Abstract: A secure network file access appliance supports the secure access and transfer of data between the file system of a client computer system and a network data store. An agent provided on the client computer system and monitored by the secure network file access appliance ensures authentication of the client computer system with respect to file system requests issued to the network data store. The secure network file access appliance is provided in the network infrastructure between the client computer system and network data store to apply qualifying access policies and selectively pass through to file system requests. The secure network file access appliance maintains an encryption key store and associates encryption keys with corresponding filesystem files to encrypt and decrypt file data as transferred to and read from the network data store through the secure network file access appliance.

Abstract: An etch barrier to be used in a photolithograph process is disclosed. A silicon rich etch barrier is deposited on a substrate using a low energy deposition technique. A diamond like carbon layer is deposited on the silicon rich etch barrier. Photoresist is then placed on this etch barrier DLC combination. To form photolithographic features, successive steps of oxygen and flourine reactive ion etching is used.

Abstract: A method and system for insulating a lower layer of a semiconductor device from an upper layer of the semiconductor device is disclosed. The method and system include providing an interlayer dielectric on the lower layer. The interlayer dielectric is capable of gap filling while using only species of relatively low mobility. The method and system also include planarizing a surface of the interlayer dielectric.

Abstract: A server appliance self-adaptively configures to the operating parameters of a communications network to enable remote configuration control exclusively via the communications network. The server appliance includes a host computer system including a network interface controller and an operating system, executable by the host computer system, that is configurable by a defined set of network values for transmitting and receiving data packets through the network interface controller without network configuration conflicts. A control program, executable by the host computer system in conjunction with the operating system, determines, on initial start-up and specifically with respect to the communications network, an initial set of network values to configure the operating system.

Abstract: A method of fabricating an improved flash memory device, having shallow trench isolation in the periphery region and LOCOS isolation in the core region is provided, by first creating the shallow trench isolation using a hard mask; then creating the LOCOS isolation; and subsequently etching to remove stringers. The flash memory is able to use shallow trench isolation to limit encroachment. The flash memory may also have a nitridated tunnel oxide layer. A hard mask is used to prevent nitride contamination of the gate oxide layer.