Abstract: An online trusted platform module (TPM) in communication with a security module that can be located elsewhere in the network in a server machine. In an embodiment, the online TPM is connected directly to a network interface card (NIC) that is also resident at the client. This allows the online TPM to communicate directly to the network, and therefore to the security module (without having to deal with the TCP/IP stack at the client machine in some circumstances, e.g., the boot process). In an embodiment, the communications channel between the online TPM and the security module is implemented using the transport layer security (TLS) protocol. A secure boot process is performed in advance of security processing. Typical security processing includes receipt, by the online TPM, of one or more commands from an application. The online TPM then proxies out the commands to the security module.

Abstract: A secure communication methodology is presented. The client device is configured to download application code and/or content data from a server operated by a service provider. Embedded within the client is a client private key, a client serial number, and a copy of a server public key. The client forms a request, which includes the client serial number, encrypts the request with the server public key, and sends the download request to the server. The server decrypts the request with the server's private key and authenticates the client. The received client serial number is used to search for a client public key that corresponds to the embedded client private key. The server encrypts its response, which includes the requested information, with the client public key of the requesting client, and only the private key in the requesting client can be used to decrypt the information downloaded from the server.

Abstract: A system and associated protocols for communication between two entities across a computer network operate such that the identities of the two entities remain concealed from each other, while ensuring that no third party is able to trace the existence of a conversation between them. The two entities correspond to each other through pseudonyms. The protocols are designed with an object to distribute trust so that an identity is not revealed by the compromise of any one agent involved in the execution of the protocol. No one agent can establish a correlation between a pseudonym and a physical address.

Abstract: An online trusted platform module (TPM) in communication with a security module that can be located elsewhere in the network in a server machine. In an embodiment, the online TPM is connected directly to a network interface card (NIC) that is also resident at the client. This allows the online TPM to communicate directly to the network, and therefore to the security module (without having to deal with the TCP/IP stack at the client machine in some circumstances, e.g., the boot process). In an embodiment, the communications channel between the online TPM and the security module is implemented using the transport layer security (TLS) protocol. A secure boot process is performed in advance of security processing. Typical security processing includes receipt, by the online TPM, of one or more commands from an application. The online TPM then proxies out the commands to the security module.

Abstract: A memory management system for a computer, where cache coherency between a descriptor cache and data cache is preserved through an inclusion bit mechanism. In one embodiment, an inclusion bit is set for a descriptor cached in a data cache corresponding to a descriptor cached in a descriptor cache such that the association between the descriptors is indicated. Whenever a descriptor in the data cache with a set inclusion bit is altered, the entire descriptor cache is flushed by virtue of the set inclusion bit. Furthermore, in the same embodiment, a valid bit is set for a descriptor in the data cache which is cached from the descriptor table. Whenever a descriptor in the descriptor table, which has a valid bit set in the data cache, is modified, the valid bit is reset. And if the same descriptor with its valid bit reset has a set inclusion bit, then the entire descriptor cache is flushed.