Abstract: A method, system, and apparatus for performing computations. In a method, arguments X and K are loaded into session memory, and X mod P and X mod Q are computed to give, respectively, XP and XQ. XP and XQ are exponentiated to compute, respectively, CP and CQ. CP and CQ are merged to compute C, which is then retrieved from the session memory. A system includes a computing device and at least one computational apparatus, wherein the computing device is configured to use the computational apparatus to perform accelerated computations. An apparatus includes a chaining controller and a plurality of computational devices. A first chaining subset of the plurality of computational devices includes at least two of the plurality of computational devices, and the chaining controller is configured to instruct the first chaining subset to operate as a first computational chain.

Abstract: A method, system, and device for encrypted packet inspection allowing an authorized third party device to monitor cryptographic handshaking information (full- duplex) between two other devices and together with the secret private key then transparently decrypt the bulk encrypted data stream. The scope of this invention encompasses many applications, three examples of which are firewalls, load balancers, and local network caches. Additionally, this invention achieves and contributes to the efficient handling of encrypted information in other ways, three examples of which are making switching, routing, and security decisions.

Abstract: A method is described herein for transmitting data from a first point (203) to a second point (205) on a network (201) via a proxy server (207). In accordance with the method, a first data packet is received from the first point at the proxy server without sending an acknowledgement packet to the first point. The first data packet is forwarded from the proxy server to the second point, and a second data packet is received from the second point at the proxy server. The second data packet is then forwarded to the first point along with an acknowledgement packet for receipt of the first data packet from the first point at the proxy server.

Abstract: A data encryption method performed with ring arithmetic operations using a residue number multiplication process wherein a first conversion to a first basis is done using a mixed radix system and a second conversion to a second basis is done using a mixed radix system. In some embodiments, a modulus C is be chosen of the form 2w?L, wherein C is a w-bit number and L is a low Hamming weight odd integer less than 2(w?1)/2. And in some of those embodiments, the residue mod C is calculated via several steps. P is split into 2 w-bit words H1 and L1. S1 is calculated as equal to L1+(H12x1)+(H12x2)+ . . . +(H12xk)+H1. S1 is split into two w-bit words H2 and L2. S2 is computed as being equal to L2+(H22x1)+(H22x2)+ . . . +(H22xk)+H2. S3 is computed as being equal to S2+(2x1+ . . . +2xk+1). And the residue is determined by comparing S3 to 2w. If S3<2w, then the residue equals S2. If S3?2w, then the residue equals S3?2w.

Abstract: A secure time stamping device uses multiple virtual clocks, each of which may be individually accessed and calibrated. A digital key is associated with each of the clocks. All of the virtual clocks use a common timer (130), with the actual clock output being generated by applying calibration information (124) for that clock to the timer (130) output. A user wishing to have a message time stamped presents that message along with information as to which virtual clock to be used at a device input (92). The appropriate calibration information (124) is then selected and the timer (130) output is compensated accordingly. The incoming message plus the resultant time are concatenated and automatically signed using the key (126) applicable to that particular virtual clock.

Abstract: A state decision subsystem (SDS) including an inload module, a simple programmable entity (SPE), at least one SPE memory, an unload module, and a coherency module. The inload module reads state information from a memory subsystem—the state information corresponding to TCP packets that are to be processed. In addition, the inload module writes contexts to the SPE memory. Each context includes both a TCP packet and its corresponding state information. The SPE reads each context from the SPE memory, processes the context, and writes the processed context to the SPE memory. The processed context includes both a processed TCP packet and its corresponding processed state information. Furthermore, the unload memory reads the processed context and writes the processed state information to the memory subsystem.

Abstract: A method for the secure transmission of data from a distributor to a client over a computer network. The method includes encrypting the data using an encryption confidentiality key known to the client, but not the distributor. The method also includes storing the encrypted data at the distributor and generating a message by further encrypting the encrypted data using an encryption transmission key. The corresponding transmission decryption key is also known by the client. Also, the method includes transmitting the generated message to the client.

Abstract: The invention relates to a method of storing items of data in a memory device. The memory device has an array of a storage locations, each identified by an address corresponding to a unique multi-bit index value. The data items consist of a multi-bit identifier value and an information value. The method includes generating a first index value corresponding to the address of a fist storage location as a first function of the identifier value of an item of data and a first number from a predetermined sequence of numbers. If the first storage location is unoccupied, the item of data is stored therein. Alternatively, if the first storage location is already occupied, a second index value corresponding to the address of a further storage location is generated as a function of the identifier value and a second number from the predetermined sequence of numbers. If the further storage location is unoccupied, the item of data is stored therein. The invention also relates to a memory device for storing items of data.

Abstract: A method is described of managing memory in a microprocessor system comprising two or more processors (40, 42). Each processor (40, 42) has a cache memory (44, 46) and the system has a system memory (48) divided into pages subdivided into blocks. The method is concerned with managing the system memory (48) identifying areas thereof as being "cacheable", "non-cacheable" or "free". Safeguards are provided to ensure that blocks of system memory (48) cannot be cached by two different processors (40, 42) simultaneously.