Abstract: In one embodiment, a system comprises logic to receive a data packet. The logic is further to identify, based on the data packet, a plurality of candidate rules. The candidate rules may comprise a first candidate rule from a first database of rules and a second candidate rule from a second database of rules. The logic is further to select a rule from among the plurality of candidate rules based on a priority associated with the rule and a determination that the rule matches the data packet. The rule specifies at least one action to be performed on the data packet.

Abstract: Systems, apparatus, and/or methods to provide memory data protection. In one example, authenticated encryption may be enhanced via a modification to an authentication code that is associated with encrypted data. The authentication code may be modified, for example, with a nonce value generated for a particular write to memory Decrypted data, generated from the encrypted data, may then be validated based on a modified authentication code. Moreover, data freshness control for data stored in the memory may be provided based on iterative authentication and re-encryption. In addition, a counter used to provide a nonce value may be managed to reduce a size of the counter and/or a growth of the counter.

Abstract: An apparatus to facilitate mitigation of side-channel attacks in a computer system platform is disclosed. The apparatus comprises a cryptographic circuitry, including a plurality of crypto functional units (CFUs) to perform cryptographic algorithms; and jammer circuitry to generate noise to protect the plurality of CFUs from side-channel attacks.

Abstract: System and techniques for compressed integrity check counters in memory are described herein. A set of counters may be maintained for data areas in memory. A respective counter is the set of counters is used to provide a variance to encryption operations on a corresponding data area. The respective counter is each time data is modified in the corresponding data area. The respective counter implemented by a generalized multi-dimensional counter (GMDC). In response to a trigger, a counter reset is performed on the set of counters. The counter reset may include refreshing the corresponding data area using a new key and resetting the respective counter to a default value in response to the refresh.

Abstract: System and techniques for error correction code (ECC) memory security are described herein. A write request that includes data is received. An integrity check value (ICV) is computed for the data. Then, the write request is performed, including writing a representation of the data to a data area in memory and writing the ICV into an ECC area in memory. Here, the data area is addressable by a host and the ECC area corresponds to the data area via hardware of the memory.

Abstract: Systems, apparatus, and/or methods to provide memory data protection. In one example, authenticated encryption may be enhanced via a modification to an authentication code that is associated with encrypted data. The authentication code may be modified, for example, with a nonce value generated for a particular write to memory Decrypted data, generated from the encrypted data, may then be validated based on a modified authentication code. Moreover, data freshness control for data stored in the memory may be provided based on iterative authentication and re-encryption. In addition, a counter used to provide a nonce value may be managed to reduce a size of the counter and/or a growth of the counter.

Abstract: System and techniques for error correction code (ECC) memory security are described herein. A write request that includes data is received. An integrity check value (ICV) is computed for the data. Then, the write request is performed, including writing a representation of the data to a data area in memory and writing the ICV into an ECC area in memory. Here, the data area is addressable by a host and the ECC area corresponds to the data area via hardware of the memory.

Abstract: System and techniques for compressed integrity check counters in memory are described herein. A set of counters may be maintained for data areas in memory. A respective counter in the set of counters is used to provide a variance to encryption operations on a corresponding data area. The respective counter is each time data is modified in the corresponding data area. The respective counter implemented by a generalized multi-dimensional counter (GMDC). In response to a trigger, a counter reset is performed on the set of counters. The counter reset may include refreshing the corresponding data area using a new key and resetting the respective counter to a default value in response to the refresh.

Abstract: In one embodiment, a system comprises logic to receive a data packet. The logic is further to identify, based on the data packet, a plurality of candidate rules. The candidate rules may comprise a first candidate rule from a first database of rules and a second candidate rule from a second database of rules. The logic is further to select a rule from among the plurality of candidate rules based on a priority associated with the rule and a determination that the rule matches the data packet. The rule specifies at least one action to be performed on the data packet.

Abstract: An apparatus having a memory and a controller is disclosed. The memory is configured to store a codeword. The controller is configured to (i) determine one or more least-reliable bit positions in a soft-decision version of the codeword in response to failing to decode a hard-decision version of the codeword, (ii) generate a trial codeword by selecting at random a respective value in one or more trial positions among the least-reliable bit positions in the hard-decision codeword and (iii) perform a hard-decision decoding of the trial codeword.

Abstract: Systems, apparatuses and methods are described for facilitating connection between two or more clients across a network that includes network address translators (NATs). In a particular implementation, the techniques include peer-to-peer (P2P) traffic processing and network address translator (NAT) traversal. Low cost data traffic processing techniques with minimal server intervention are disclosed. The techniques can establish direct connections between clients located in private networks behind NATs. In the case where the clients are each behind a symmetric NAT, the connection can be established indirectly via a non-symmetric NAT (used as a relay) which establishes connection with both symmetric NATs using the disclosed direct connection techniques.

Abstract: A method for generating a design of a multiplier is disclosed. The method generally includes steps (A) to (C). Step (A) may generate a first circuit comprising a plurality of polynomial results of a particular multiplier scheme based on a plurality of parameters of the multiplier. The first circuit is generally configured to multiply a plurality of polynomials. Step (B) may generate a second circuit comprising a plurality of polynomial evaluators based on the parameters. The second circuit may be (i) connected to the first circuit and (ii) configured to evaluate a polynomial modulo operation. Step (C) may generate the design of the multiplier in combinational logic by optimizing a depth of a plurality of logic gates through the first circuit and the second circuit. A product of the polynomials generally resides in a finite field.

Abstract: The present inventions are related to systems and methods for data processing, and more particularly to systems and methods for performing data decoding. In one case a data processing system is disclosed that includes a decoder circuit operable to apply a low density parity check algorithm to a decoder input to yield an interim decoded output, where the decoder input is a codeword formed of two bit symbols, and where the decoder input is encoded to yield a last layer including at least two different entry values. In addition, the data processing system includes an inverse mapping circuit operable to remap the interim decoded output to yield an overall decoded output.

Abstract: An apparatus having a memory and a controller is disclosed. The memory is configured to store a codeword. The controller is configured to (i) determine one or more least-reliable bit positions in a soft-decision version of the codeword in response to failing to decode a hard-decision version of the codeword, (ii) generate a trial codeword by selecting at random a respective value in one or more trial positions among the least-reliable bit positions in the hard-decision codeword and (iii) perform a hard-decision decoding of the trial codeword.

Abstract: Disclosed is a method and apparatus for matching regular expressions. A buffer of symbols giving a number of the last occurrence positions of each symbol is maintained. When two constants match on either side of a regular expression operator, the buffer of symbols is queried to determine if a member of the complement of the regular expression operator occurred between the two constants. If so, then the operator was not satisfied. If not, then the operator was satisfied.

Abstract: The present inventions are related to systems and methods for detecting trapping sets in LDPC decoders, and particularly for detecting variable nodes in trapping sets in a non-erasure channel LDPC decoder.

Abstract: A data processing system includes a decoder circuit, syndrome calculation circuit and hash calculation circuit. The decoder circuit is operable to apply a decoding algorithm to a decoder input based on a first portion of a composite matrix to yield a codeword. The syndrome calculation circuit is operable to calculate a syndrome based on the codeword and on the first portion of the composite matrix. The hash calculation circuit is operable to calculate a hash based on a second portion of the composite matrix. The decoder circuit is also operable to correct the codeword on the hash when the syndrome indicates that the codeword based on the first portion of the composite matrix is correct but a second test indicates that the codeword is miscorrected.

Abstract: A data processing system is disclosed including a data decoder circuit, an error handling circuit and a syndrome checker circuit. The data decoder circuit is operable to apply a data decode algorithm to a decoder input to yield a decoded output, and to calculate a syndrome indicating an error level for the decoded output. The error handling circuit is operable to determine whether any errors in the decoded output involve user data bits. The syndrome checker circuit is operable to trigger the error handling circuit based at least in part on the syndrome.

Abstract: A receive path of a communications system comprises an error-correction decoder, an error-detection decoder, and a codeword adjuster. The error-correction decoder performs error-correction decoding on a received codeword to generate a valid codeword. The error-detection decoder performs error-detection decoding on the valid codeword to determine whether or not the valid codeword is the correct codeword that was transmitted. If the valid codeword is not the correct codeword, then the codeword adjuster generates an adjusted valid codeword by applying an error vector to the valid codeword. The error-detection decoder performs error-detection decoding on the adjusted valid codeword to determine whether or not the adjusted valid codeword is the correct codeword. When the error-correction decoder generates an incorrect valid codeword, adjusting the valid codeword enables the receive path to recover the correct codeword without retransmitting or re-detecting the codeword.

Abstract: The present inventions are related to systems and methods for data processing, and more particularly to systems and methods for performing data decoding.