Abstract: The present invention provides for authenticating code and/or data and providing a protected environment for execution. The present invention provides for dynamically partitioning and un-partitioning a local store for the authentication of code or data. The local store is partitioned into an isolated and non-isolated section. Code or data is loaded into the isolated section. The code or data is authenticated in the isolated section of the local store. After authentication, the code is executed. After execution, the memory within the isolated region of the attached processor unit is erased, and the attached processor unit de-partitions the isolated section within the local store.

Abstract: A secure communication methodology is presented. The client device is configured to download application code and/or content data from a server operated by a service provider. Embedded within the client is a client private key, a client serial number, and a copy of a server public key. The client forms a request, which includes the client serial number, encrypts the request with the server public key, and sends the download request to the server. The server decrypts the request with the server's private key and authenticates the client. The received client serial number is used to search for a client public key that corresponds to the embedded client private key. The server encrypts its response, which includes the requested information, with the client public key of the requesting client, and only the private key in the requesting client can be used to decrypt the information downloaded from the server.

Abstract: A secure communication methodology is presented. The client device is configured to download application code and/or content data from a server operated by a service provider. Embedded within the client is a client private key, a client serial number, and a copy of a server public key. The client forms a request, which includes the client serial number, encrypts the request with the server public key, and sends the download request to the server. The server decrypts the request with the server's private key and authenticates the client. The received client serial number is used to search for a client public key that corresponds to the embedded client private key. The server encrypts its response, which includes the requested information, with the client public key of the requesting client, and only the private key in the requesting client can be used to decrypt the information downloaded from the server.

Abstract: A secure communication methodology is presented. The client device is configured to download application code and/or content data from a server operated by a service provider. Embedded within the client is a client private key, a client serial number, and a copy of a server public key. The client forms a request, which includes the client serial number, encrypts the request with the server public key, and sends the download request to the server. The server decrypts the request with the server's private key and authenticates the client. The received client serial number is used to search for a client public key that corresponds to the embedded client private key. The server encrypts its response, which includes the requested information, with the client public key of the requesting client, and only the private key in the requesting client can be used to decrypt the information downloaded from the server.

Abstract: A computer implemented method, apparatus, and computer program product for obtaining an absolute path name for an open file system object. A file descriptor for the open file system object is identified in response to a process in a first software partition opening a file system object to form the open file system object. The absolute path name for the open file system object is cached in a path name field in a file structure associated with the file descriptor for the open file system object. The absolute path name for the open file system object in the path name field is used during migration of the first software partition to restore the open file system object in a second software partition.

Abstract: A computer implemented method, apparatus, and computer program product for managing state data in a workload partitioned environment. Process state data for a process in a workload partition is saved. Process state data is used to restore the process to a given state. State data associated with open sockets and open files bound to the first process is saved. In response to a determination that the process is associated with a domain socket that is bound to a socket file, an absolute pathname for the socket file is saved. A domain socket associated with a connecting process in the workload partition uses the socket file to connect to a domain socket associated with a listening process in the same workload partition to enable the two processes to communicate with each other.

Abstract: The present invention provides data encryption for a differential bus employing transitional coding. The present invention maps, encodes and encrypts input data as a logic status for a given bus transfer cycle. The mapping, encoding and encrypting of the input data changes from bus transfer cycle to bus transfer cycle. The mapping, encoding and encrypting is a function of a pseudo-random number. A logic status is differentially transmitted from a bus transmitter to a bus receiver, to be mapped, decrypted and decoded as the corresponding output data.

Abstract: The present invention provides for authentication of code, such as boot code. A memory addressing engine is employable to select a portion of a memory, as a function of a step value, as a first input hash value. The step value allows for the non-commutative cumulative hashing of a plurality of memory portions with a second input hash value, such as a previous hash value that has been rotated left. An authenticator circuit is employable to perform a hash upon the portion of memory and the second input hash value. A comparison circuit is then employable to compare an output of the authenticator circuit to an expected value.

Abstract: The present invention provides for validating downloaded code. Code is transferred to a volatile memory of a system on a chip from a source. The volatile memory is decoupled from the source of the transferred code through employment of an isolation bus. An embedded security value, associated with the downloaded code, is determined. The security value is compared to an unlock sequence stored within the non-volatile memory in the system on a chip. If the security value matches the unlock sequence, the downloaded code is allowed access to secure data stored in the non-volatile memory. If the security value does not match the unlock sequence, the downloaded code is denied access to the secure data stored in the non-volatile memory.

Abstract: The present invention provides employing differential transitional encoding with a differential bus. Employing the differential transitional encoding comprises dividing the differential bus into one or more groups comprising four bus lines. Employment of the differential bus also comprises asserting half the bus lines of a group during a bus data transfer, thereby defining an asserted set of bus lines and a de-asserted set of bus lines. The method and system further comprises transmitting data by differentially driving two of the bus lines, one bus line per set, by de-asserting one of the bus lines of the asserted set, and asserting one of the bus lines of the de-asserted set.

Abstract: The present invention provides for validating downloaded code. Code is transferred to a volatile memory of a system on a chip from a source. The volatile memory is decoupled from the source of the transferred code through employment of an isolation bus. An embedded security value, associated with the downloaded code, is determined. The security value is compared to an unlock sequence stored within the non-volatile memory in the system on a chip. If the security value matches the unlock sequence, the downloaded code is allowed access to secure data stored in the non-volatile memory. If the security value does not match the unlock sequence, the downloaded code is denied access to the secure data stored in the non-volatile memory.

Abstract: An encoder for compressing data is described, including a history buffer having multiple storage locations for storing target data units. The encoder is configured to input a target data string including multiple target data units, and additional data (e.g., security data associated with the target data string). In the event the history buffer contains multiple matching strings that match the target data string, the encoder is configured to select a displacement value of one of the matching strings dependent on a portion of the additional data, and to produce a copy pointer corresponding to the target data string and including the selected displacement. The selected displacement value in the copy pointer conveys the portion of the additional data. A decoder for decompressing data is also described, including a history buffer having multiple storage locations for storing data units.

Abstract: The present invention provides for authentication of code, such as boot code. A memory addressing engine is employable to select a portion of a memory, as a function of a step value, as a first input hash value. The step value allows for the non-commutative cumulative hashing of a plurality of memory portions with a second input hash value, such as a previous hash value that has been rotated left. An authenticator circuit is employable to perform a hash upon the portion of memory and the second input hash value. A comparison circuit is then employable to compare an output of the authenticator circuit to an expected value.

Abstract: The present invention provides employing differential transitional encoding with a differential bus. Employing the differential transitional encoding comprises dividing the differential bus into one or more groups comprising four bus lines. Employment of the differential bus also comprises asserting half the bus lines of a group during a bus data transfer, thereby defining an asserted set of bus lines and a de-asserted set of bus lines. The method and system further comprises transmitting data by differentially driving two of the bus lines, one bus line per set, by de-asserting one of the bus lines of the asserted set, and asserting one of the bus lines of the de-asserted set.

Abstract: The present invention provides data encryption for a differential bus employing transitional coding. The present invention maps, encodes and encrypts input data as a logic status for a given bus transfer cycle. The mapping, encoding and encrypting of the input data changes from bus transfer cycle to bus transfer cycle. The mapping, encoding and encrypting is a function of a pseudo-random number. A logic status is differentially transmitted from a bus transmitter to a bus receiver, to be mapped, decrypted and decoded as the corresponding output data.

Abstract: An encoder for compressing data is described, including a history buffer having multiple storage locations for storing target data units. The encoder is configured to input a target data string including multiple target data units, and additional data (e.g., security data associated with the target data string). In the event the history buffer contains multiple matching strings that match the target data string, the encoder is configured to select a displacement value of one of the matching strings dependent on a portion of the additional data, and to produce a copy pointer corresponding to the target data string and including the selected displacement. The selected displacement value in the copy pointer conveys the portion of the additional data. A decoder for decompressing data is also described, including a history buffer having multiple storage locations for storing data units.

Abstract: A method for adaptively compensating skews during data transmission on a bus is disclosed. A bus includes one or more groups of multiple signal paths. Each of the signal paths within a group is assigned a unique binary data value. During data transmissions, only one signal path within each group is activated at a time, and each activation of one of the signal paths represents its associated unique binary data value. Thus, a sequence of consecutive activations represents the same information as if the data were transmitted in parallel. Before signal transmission, a time delay between a transition on a first and a second of the signal lines is measured by utilizing a control frame. The time delay measurement is repeated to establish the relative time delays associated with all possible transitions on all the signal lines. In response to the measured time delays, an appropriate compensating delay is introduced accordingly before launching each transition on the signal lines.

Abstract: A method and apparatus for configuring redundant array of independent disks (RAID) are disclosed. A RAID includes a processor tray having a host processor, and a drive tray having a bridge chip and multiple attachment chips. The attachment chips are connected to each other in a loop configuration. Each of the attachment chips, which is assigned with an unique node ID, is connected to a respective disk drive. The host processor can direct more than one attachment chip to participate, in various ways, to a single data transfer around the loop. This is accomplished by directing the data transfer to a specified node ID, after configuring all the other attachment chips with temporary alias node ID identical to the specified node ID to which the data transfer operation is directed.

Abstract: A method for adaptively compensating skews during data transmission on a bus is disclosed. A bus includes one or more groups of multiple signal paths. Each of the signal paths within a group is assigned a unique binary data value. During data transmissions, only one signal path within each group is activated at a time, and each activation of one of the signal paths represents its associated unique binary data value. Thus, a sequence of consecutive activations represents the same information as if the data were transmitted in parallel. Before signal transmission, a time delay between a transition on a first and a second of the signal lines is measured by utilizing a control frame. The time delay measurement is repeated to establish the relative time delays associated with all possible transitions on all the signal lines. In response to the measured time delays, an appropriate compensating delay is introduced accordingly before launching each transition on the signal lines.

Abstract: A secure communication methodology is presented. The client device is configured to download application code and/or content data from a server operated by a service provider. Embedded within the client is a client private key, a client serial number, and a copy of a server public key. The client forms a request, which includes the client serial number, encrypts the request with the server public key, and sends the download request to the server. The server decrypts the request with the server's private key and authenticates the client. The received client serial number is used to search for a client public key that corresponds to the embedded client private key. The server encrypts its response, which includes the requested information, with the client public key of the requesting client, and only the private key in the requesting client can be used to decrypt the information downloaded from the server.