Abstract: Methods and systems for isolating data flow between a secured network and an unsecured network may include a configurable flow control module, communicatively connected to the secured network and to the unsecured network; and a state selector module, associated with the flow control module and adapted to dynamically configure a state of the flow control module. The flow control module may include at least one hardware switch, configured to isolate between the secured network and the unsecured network, by allowing unidirectional transfer of data from the secured network to the unsecured network via a communication channel, based on the configured state.

Abstract: A method for facilitating direct memory access in a computing system in response to a request to transfer data is provided. The method comprises selecting a thread for transferring the data, wherein the thread executes on a processing core within the computing system; providing the thread with the request, wherein the request comprises information for carrying out a data transfer; and transferring the data according to the request. The method may further comprise: coordinating the request with a memory management unit, such that virtual addresses may be used to transfer data; invalidating a cache line associated with the source address or flushing a cache line associated with the destination address, if requested. Multiple threads can be selected to transfer data based on their proximity to the destination address.

Abstract: A method for accessing a memory space allocated to a virtual machine, the method includes: receiving a request from the virtual machine to generate, for another virtual machine, a memory credential associated with a certain memory space allocated to the virtual machine; generating, in response to the request, a cryptographically signed credential; sending the cryptographically signed credential to the other virtual machine; receiving from the other virtual machine an access request to access at least one memory entry within the certain memory space; and accessing the at least one memory entry, if the access request complies with the memory credential.

Abstract: The present invention prevents illegitimate access to a user computing machine. A method in accordance with an embodiment includes: setting an authentication routine in the user computing machine; generating a virtual keyboard on the user computing machine; entering a user identification through the virtual keyboard, the user identification being entered according to a virtual keyboard form factor; comparing the entered user identification with a secure user identification previously stored in the user computing machine; and validating the user access to the user computing machine if a match occurs, otherwise denying access.

Abstract: A method for executing a migrated execution context by a storage controller, the method includes: determining, by a management entity, to migrate an execution context from a source computer to the storage controller in response to a fulfillment of a first criterion; and migrating the execution context to the storage controller; wherein the source computer is coupled to the storage controller.

Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.

Abstract: A method for separating multiple print jobs sent by one or more computers to a document printer, the method including printing a first banner at the edge of a top sheet of a first print job, and printing a second banner at the edge of a top sheet of a second print job.

Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.

Abstract: A method for accessing a memory space allocated to a virtual machine, the method includes: receiving a request from the virtual machine to generate, for another virtual machine, a memory credential associated with a certain memory space allocated to the virtual machine; generating, in response to the request, a cryptographically signed credential; sending the cryptographically signed credential to the other virtual machine; receiving from the other virtual machine an access request to access at least one memory entry within the certain memory space; and accessing the at least one memory entry, if the access request complies with the memory credential.

Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.

Abstract: A method for accessing a memory space allocated to a virtual machine, the method includes: receiving a request from the virtual machine to generate, for another virtual machine, a memory credential associated with a certain memory space allocated to the virtual machine; generating, in response to the request, a cryptographically signed credential; sending the cryptographically signed credential to the other virtual machine; receiving from the other virtual machine an access request to access at least one memory entry within the certain memory space; and accessing the at least one memory entry, if the access request complies with the memory credential.

Abstract: A method for receiving data in a network acceleration architecture for use with TCP (transport control protocol), iSCSI (Internet Small Computer System Interface) and RDMA (Remote Direct Memory Access) over TCP, including providing a hardware acceleration engine, called a streamer, adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, providing a software protocol processor adapted for carrying out TCP implementation, the software control processor being called a TCE (TCP Control Engine), and providing an asynchronous dual-queue interface for exchanging information between the streamer and TCE, wherein the streamer and TCE are adapted to operate asynchronously and independently of one another.

Abstract: A method and system for protection and security of IO devices using credential are provided. The system may include at least one consumer arranged to initiate IO requests from the IO device, and the IO requests may include IO capability allocation and additional parameters. The system may also include an IO resource manager (IORM) arranged to translate the IO capability allocation and additional parameters included in said IO request to a set of capability tokens for the consumer or for a group of consumers, to generate a global key to protect the capability tokens, and further arranged to manage the IO device. The system may further include a channel component arranged to transfer and receive the IO request to and from the IO device.

Abstract: A method for receiving data in a network acceleration architecture for use with TCP (transport control protocol), iSCSI (Internet Small Computer System Interface) and RDMA (Remote Direct Memory Access) over TCP, including providing a hardware acceleration engine, called a streamer, adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, providing a software protocol processor adapted for carrying out TCP implementation, the software control processor being called a TCE (TCP Control Engine), wherein the streamer and the TCE are adapted to operate asynchronously and independently of one another, and receiving an inbound TCP segment with the streamer.

Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.

Abstract: A network acceleration architecture for use with TCP, iSCSI and/or RDMA over TCP, including a hardware acceleration engine adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, a software protocol processor adapted for carrying out TCP implementation, and an asynchronous dual-queue interface for exchanging information between the hardware acceleration engine and the software protocol processor, wherein the hardware acceleration engine and the software protocol processor are adapted to operate asynchronously and independently of one another.

Abstract: A computer-implemented method for protecting a memory is provided. The method includes responsive to a direct memory access (DMA) request received from a consumer for a transaction of data from an IO device to the memory, the request including an IO command and a capability (CAP), generating a cryptographically signed capability (CAPB), forming a credential from CAP and CAPB, appending the credential to the IO command, configuring the IO device according to the credential and the IO command, transmitting the data from the IO device to the memory and prior to allowing execution of the DMA, authenticating that the credential is valid, further includes regenerating CAPB from a key available to an authenticating entity and from the CAP (included in CAPB) and verifying that the memory region information described in the cryptographically signed capability is the same as the requested region that was originally created, and that the cryptographically signed capability encompasses the IO command.

Abstract: A method for separating multiple print jobs sent by one or more computers to a document printer, the method including printing a first banner at the edge of a top sheet of a first print job, and printing a second banner at the edge of a top sheet of a second print job.

Abstract: A method for receiving data in a network acceleration architecture for use with TCP (transport control protocol), iSCSI (Internet Small Computer System Interface) and/or RDMA (Remote Direct Memory Access) over TCP, including providing a hardware acceleration engine, called a streamer, adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, providing a software protocol processor adapted for carrying out TCP implementation, the software control processor being called a TCE (TCP Control Engine), wherein the streamer and the TCE are adapted to operate asynchronously and independently of one another, and transmitting a TCP segment with the streamer.

Abstract: A method and system for memory address translation and pinning are provided. The method includes attaching a memory address space identifier to a direct memory access (DMA) request, the DMA request is sent by a consumer and using a virtual address in a given address space. The method further includes looking up for the memory address space identifier to find a translation of the virtual address in the given address space used in the DMA request to a physical page frame. Provided that the physical page frame is found, pinning the physical page frame as long as the DMA request is in progress to prevent an unmapping operation of said virtual address in said given address space, and completing the DMA request, wherein the steps of attaching, looking up and pinning are centrally controlled by a host gateway.