Abstract: The present invention relates to providing security functionality over computer system mass storage data, and more particularly relates to a system and method of transparent data backup on either local or remote storage devices such as SATA storage devices. According to aspects of the invention, the system is transparent to operating system and application software layers. That makes it unnecessary to make any software modifications to the file system, device drivers, operating system, or applications, or installing specialized applications or hardware. In embodiments, the snapshot functionality of the invention is implemented entirely in hardware, and is not designed to slow down performance of the rest of the system.

Abstract: In general, the invention provides a computer architecture designed for enhanced data security. In embodiments, the architecture comprises two sub-systems, each with their own processing units and memories, and a defined set of interfaces that interconnect the two sub-systems and the external world. One sub-system is designed to provide a familiar environment for running computer applications. The other sub-system is designed to provide a secure bridge between the first sub-system and users via input and output devices.

Abstract: In general, embodiments of the invention include methods and apparatuses for securing otherwise unsecured computer audio and video subsystems. Embodiments of the invention perform watermarking of video and/or audio data streams output by a computer system. Additional security features that are included in embodiments of the invention include fingerprinting, snooping, capturing streams for local or remote analytics or archiving, and mixing of secure system content with local audio and video content.

Abstract: According to certain aspects, the present invention relates to a system and method of sending PCI Express video data over a lower speed Ethernet connection. In embodiments, a system according to the invention includes bridges at either end of an Ethernet connection that is disposed between a PCIe host and a PCIe device. According to aspects of the invention, the slower Ethernet connection can be used by forcing the faster PCIe link to operate at a slower rate than is possible, forcing a PCIe device with a large number of lanes to use only a single lane, forcing a PCIe link to use the shortest possible packet size and/or controlling the time when UpdateFC DLLP packets are sent.

Abstract: The present invention relates to a system that manages security of one or more computer systems and/or one or more different types of I/O channels such as USB, Ethernet, SATA, and SAS. According to certain aspects, the management system is distributed. That is, a central management system and computer subsystems are physically distributed within one or more geographical areas, and communicate with each other by passing messages through a computer network. According to certain additional aspects, the configuration and/or security functions performed by methods and apparatuses according to the invention can be logically transparent to the upstream host and to the downstream device.

Abstract: In general, embodiments of the invention include methods and apparatuses for securing otherwise unsecured computer audio and video subsystems. Embodiments of the invention perform watermarking of video and/or audio data streams output by a computer system. Additional security features that are included in embodiments of the invention include fingerprinting, snooping, capturing streams for local or remote analytics or archiving, and mixing of secure system content with local audio and video content.

Abstract: The present invention relates to a system and architecture for securing otherwise unsecured computer subsystems. According to one aspect, the invention provides an independent hardware platform for running software in a secure manner. According to another aspect, the invention provides the means to control and secure all disk, network and other I/O transactions. According to still further aspects, the invention provides a means to monitor and prevent unauthorized user and malicious software activity Additional aspects include providing a secure platform for device and user authentication as well as encryption key management, providing a means to perform background backup snapshots, and providing the means for enabling full management over computer operations.

Abstract: The present invention relates to a system that manages security of one or more computer systems and/or one or more different types of I/O channels such as USB, Ethernet, SATA, and SAS. According to certain aspects, the management system is distributed. That is, a central management system and computer subsystems are physically distributed within one or more geographical areas, and communicate with each other by passing messages through a computer network. According to certain additional aspects, the configuration and/or security functions performed by methods and apparatuses according to the invention can be logically transparent to the upstream host and to the downstream device.

Abstract: In general, embodiments of the invention include methods and apparatuses for securing otherwise unsecured computer interfaces by performing transparent data encryption and decryption. According to certain transparency aspects, the encryption and decryption functionality of the invention do not require any changes to the software layers such as file systems, device drivers, operating systems, or applications. Embodiments of the invention offload encryption key management to a centralized key management system that can be remotely located from the secured computer. Alternative embodiments perform key management locally.

Abstract: The present invention relates to methods and apparatuses for securing otherwise unsecured internal and external computer communications. According to one aspect, the invention relates to methods and apparatuses for implementing device gatekeeping. According to another aspect the invention relates to methods and apparatuses for encrypting and decrypting data sent over an external or internal interface. According to another aspect, the invention relates to methods and apparatuses for implementing device snooping, in which some or all traffic passing between a host and a connected device is captured into memory and analyzed in real time by system software. In embodiments, the software can also act upon analyzed information. According to certain additional aspects, the security functions performed by methods and apparatuses according to the invention can be logically transparent to the upstream host and/or to the downstream device.

Abstract: The present invention relates to a system that manages security of one or more computer systems and/or one or more different types of I/O channels such as USB, Ethernet, SATA, and SAS. According to certain aspects, the management system is distributed. That is, a central management system and computer subsystems are physically distributed within one or more geographical areas, and communicate with each other by passing messages through a computer network. According to certain additional aspects, the configuration and/or security functions performed by methods and apparatuses according to the invention can be logically transparent to the upstream host and to the downstream device.

Abstract: In general, embodiments of the invention include methods and apparatuses for securely storing computer system data. Embodiments of the invention encrypt and decrypt SATA data transparently to software layers. That makes it unnecessary to make any software modifications to the file system, device drivers, operating system, or application. Encryption key management is performed either remotely on a centralized Remote Management System or locally. Embodiments of the invention implement background disk backups using snapshots. Additional security features that are included in embodiments of the invention include virus scanning, a virtual/network drive, a RAM drive and a port selector that provides prioritized and/or background access to SATA mass storage to a secure subsystem.

Abstract: The present invention relates to methods and apparatuses for securing otherwise unsecured computer communications that addresses the above shortcomings among others. According to certain aspects, the invention relates to methods and apparatuses for implementing device snooping, in which some or all traffic passing between a host and a connected device is captured into memory and analyzed in real time by system software. According to other aspects, the invention relates to real time capture of certain types of traffic and communication of the captured traffic to a remote management system. According to still further aspects, the invention relates to detecting security threats in real time. Upon threat detection, possible actions are blocking individual devices or alerting a system administrator. According to certain additional aspects, the security functions performed by methods and apparatuses according to the invention can be logically transparent to the upstream host and to the downstream device.

Abstract: The present invention relates to providing security functionality over computer system mass storage data, and more particularly relates to a system and method of transparent data backup on either local or remote storage devices such as SATA storage devices. According to aspects of the invention, the system is transparent to operating system and application software layers. That makes it unnecessary to make any software modifications to the file system, device drivers, operating system, or applications, or installing specialized applications or hardware. In embodiments, the snapshot functionality of the invention is implemented entirely in hardware, and is not designed to slow down performance of the rest of the system.

Abstract: The present invention relates to a system and architecture for securing otherwise unsecured computer subsystems. According to one aspect, the invention provides an independent hardware platform for running software in a secure manner. According to another aspect, the invention provides the means to control and secure all disk, network and other I/O transactions. According to still further aspects, the invention provides a means to monitor and prevent unauthorized user and malicious software activity Additional aspects include providing a secure platform for device and user authentication as well as encryption key management, providing a means to perform background backup snapshots, and providing the means for enabling full management over computer operations.

Abstract: In general, embodiments of the invention include methods and apparatuses for securing otherwise unsecured computer interfaces by performing transparent data encryption and decryption. According to certain transparency aspects, the encryption and decryption functionality of the invention do not require any changes to the software layers such as file systems, device drivers, operating systems, or applications. Embodiments of the invention offload encryption key management to a centralized key management system that can be remotely located from the secured computer. Alternative embodiments perform key management locally.

Abstract: In general, the invention provides a computer architecture designed for enhanced data security. In embodiments, the architecture comprises two sub-systems, each with their own processing units and memories, and a defined set of interfaces that interconnect the two sub-systems and the external world. One sub-system is designed to provide a familiar environment for running computer applications. The other sub-system is designed to provide a secure bridge between the first sub-system and users via input and output devices.

Abstract: According to certain aspects, the present invention relates to a system and method of sending PCI Express video data over a lower speed Ethernet connection. In embodiments, a system according to the invention includes bridges at either end of an Ethernet connection that is disposed between a PCIe host and a PCIe device. According to aspects of the invention, the slower Ethernet connection can be used by forcing the faster PCIe link to operate at a slower rate than is possible, forcing a PCIe device with a large number of lanes to use only a single lane, forcing a PCIe link to use the shortest possible packet size and/or controlling the time when UpdateFC DLLP packets are sent.

Abstract: In general, embodiments of the invention include methods and apparatuses for securing otherwise unsecured computer audio and video subsystems. Embodiments of the invention perform watermarking of video and/or audio data streams output by a computer system. Additional security features that are included in embodiments of the invention include fingerprinting, snooping, capturing streams for local or remote analytics or archiving, and mixing of secure system content with local audio and video content.

Abstract: In general, the invention provides a computer architecture designed for enhanced data security. In embodiments, the architecture comprises two sub-systems, each with their own processing units and memories, and a defined set of interfaces that interconnect the two sub-systems and the external world. One sub-system is designed to provide a familiar environment for running computer applications. The other sub-system is designed to provide a secure bridge between the first sub-system and users via input and output devices.