Abstract: A method and system for memory address translation and pinning are provided. The method includes attaching a memory address space identifier to a direct memory access (DMA) request, the DMA request is sent by a consumer and using a virtual address in a given address space. The method further includes looking up for the memory address space identifier to find a translation of the virtual address in the given address space used in the DMA request to a physical page frame. Provided that the physical page frame is found, pinning the physical page frame al song as the DMA request is in progress to prevent an unmapping operation of said virtual address in said given address space, and completing the DMA request, wherein the steps of attaching, looking up and pinning are centrally controlled by a host gateway.

Abstract: A method for facilitating direct memory access in a computing system in response to a request to transfer data is provided. The method comprises selecting a thread for transferring the data, wherein the thread executes on a processing core within the computing system; providing the thread with the request, wherein the request comprises information for carrying out a data transfer; and transferring the data according to the request. The method may further comprise: coordinating the request with a memory management unit, such that virtual addresses may be used to transfer data; invalidating a cache line associated with the source address or flushing a cache line associated with the destination address, if requested. Multiple threads can be selected to transfer data based on their proximity to the destination address.

Abstract: A method for accessing a memory space allocated to a virtual machine, the method includes: receiving a request from the virtual machine to generate, for another virtual machine, a memory credential associated with a certain memory space allocated to the virtual machine; generating, in response to the request, a cryptographically signed credential; sending the cryptographically signed credential to the other virtual machine; receiving from the other virtual machine an access request to access at least one memory entry within the certain memory space; and accessing the at least one memory entry, if the access request complies with the memory credential.

Abstract: The present invention prevents illegitimate access to a user computing machine. A method in accordance with an embodiment includes: setting an authentication routine in the user computing machine; generating a virtual keyboard on the user computing machine; entering a user identification through the virtual keyboard, the user identification being entered according to a virtual keyboard form factor; comparing the entered user identification with a secure user identification previously stored in the user computing machine; and validating the user access to the user computing machine if a match occurs, otherwise denying access.

Abstract: A method for processing a memory page, the method includes: retrieving, in response to a request to provide a first memory page to a processor, first memory page metadata associated with first memory page address information; wherein the first memory page address information is stored in a memory page table; and performing a page operation in response to the memory page metadata; wherein the page operation is selected from a group consisting of compression, cryptography, searching a page for a virus signature, searching a page for digital right management signature, error correction code verification, error correction code addition.

Abstract: a secure challenge-response virtualization system including a computer having a memory divided into at least a first and a second logical partition, where the first partition is operative to receive a challenge from an entity, and a challenge/response manager configured with the second partition, where the first partition is configured to provide the challenge to the challenge/response manager configured with the second partition, and where the challenge/response manager is configured to generate a response to the challenge and provide the response to the first partition.

Abstract: A method for executing a migrated execution context by a storage controller, the method includes: determining, by a management entity, to migrate an execution context from a source computer to the storage controller in response to a fulfillment of a first criterion; and migrating the execution context to the storage controller; wherein the source computer is coupled to the storage controller.

Abstract: A computer system includes a local area network (LAN) and a plurality of computers. Each of the computers includes at least one central processing unit (CPU) and a LAN interface, which is coupled to communicate over the LAN, while the computers include no on-board input/output (I/O) device controllers other than the LAN interface. One or more peripheral devices are coupled to communicate with the computers over the LAN.

Abstract: A method and apparatus for reducing transitions thereby reducing power consumption for a clocked output state-holding element having inputs that are respective logic functions of one or more clocked input state-holding elements. A respective valid line is associated with each of the clocked input state-holding elements whose value indicates whether a respective input of the clocked input state-holding element is valid. The clocked output state-holding element is clock gated only if the respective inputs of all of the clocked input state-holding elements coupled to the clocked output state-holding element are indicated as being valid.

Abstract: A method and system for memory address translation and pinning are provided. The method includes attaching a memory address space identifier to a direct memory access (DMA) request, the DMA request is sent by a consumer and using a virtual address in a given address space. The method further includes looking up for the memory address space identifier to find a translation of the virtual address in the given address space used in the DMA request to a physical page frame. Provided that the physical page frame is found, pinning the physical page frame al song as the DMA request is in progress to prevent an unmapping operation of said virtual address in said given address space, and completing the DMA request, wherein the steps of attaching, looking up and pinning are centrally controlled by a host gateway.

Abstract: A system and method for host-to-host communication are provided in the present invention. The system may include a first host of at least one consumer application, the host may be arranged to allow the consumer to communicate with a second consumer coupled with a second host. The system may further include a network arranged to connect the first and second hosts, and a host-to-host device controller arranged to control communication protocols between the first and second hosts to allow the first and second consumers to communicate with each other.

Abstract: A method and system for protection and security of IO devices using credential are provided. The system may include at least one consumer arranged to initiate IO requests from the IO device, and the IO requests may include IO capability allocation and additional parameters. The system may also include an IO resource manager (IORM) arranged to translate the IO capability allocation and additional parameters included in said IO request to a set of capability tokens for the consumer or for a group of consumers, to generate a global key to protect the capability tokens, and further arranged to manage the IO device. The system may further include a channel component arranged to transfer and receive the IO request to and from the IO device.

Abstract: A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.

Abstract: A virtualized system including a processing sub-system including a plurality of partitions and operating systems and a virtualization layer, each partition running its own operating system and having assigned its own partition ID, and an I/O emulation entity connected to the processing sub-system through a bus and connected to a network to which is connected at least one computer that hosts at least one remote I/O peripheral, the I/O emulation entity being adapted to execute an I/O-emulation transaction for any of the operating systems in accordance with that operating system's partition-ID.

Abstract: A method for receiving data in a network acceleration architecture for use with TCP (transport control protocol), iSCSI (Internet Small Computer System Interface) and/or RDMA (Remote Direct Memory Access) over TCP, including providing a hardware acceleration engine, called a streamer, adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, providing a software protocol processor adapted for carrying out TCP implementation, the software control processor being called a TCE (TCP Control Engine), wherein the streamer and the TCE are adapted to operate asynchronously and independently of one another, and transmitting a TCP segment with the streamer.

Abstract: A method for receiving data in a network acceleration architecture for use with TCP (transport control protocol), iSCSI (Internet Small Computer System Interface) and RDMA (Remote Direct Memory Access) over TCP, including providing a hardware acceleration engine, called a streamer, adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, providing a software protocol processor adapted for carrying out TCP implementation, the software control processor being called a TCE (TCP Control Engine), and providing an asynchronous dual-queue interface for exchanging information between the streamer and TCE, wherein the streamer and TCE are adapted to operate asynchronously and independently of one another.

Abstract: A network acceleration architecture for use with TCP, iSCSI and/or RDMA over TCP, including a hardware acceleration engine adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, a software protocol processor adapted for carrying out TCP implementation, and an asynchronous dual-queue interface for exchanging information between the hardware acceleration engine and the software protocol processor, wherein the hardware acceleration engine and the software protocol processor are adapted to operate asynchronously and independently of one another.

Abstract: A method for receiving data in a network acceleration architecture for use with TCP (transport control protocol), iSCSI (Internet Small Computer System Interface) and RDMA (Remote Direct Memory Access) over TCP, including providing a hardware acceleration engine, called a streamer, adapted for communication with and processing data from a consumer application in a system that supports TCP, iSCSI and RDMA over TCP, providing a software protocol processor adapted for carrying out TCP implementation, the software control processor being called a TCE (TCP Control Engine), wherein the streamer and the TCE are adapted to operate asynchronously and independently of one another, and receiving an inbound TCP segment with the streamer.

Abstract: A method and apparatus for reducing transitions thereby reducing power consumption for a clocked output state-holding element having inputs that are respective logic functions of one or more clocked input state-holding elements. A respective valid line is associated with each of the clocked input state-holding elements whose value indicates whether a respective input of the clocked input state-holding element is valid. The clocked output state-holding element is clock gated only if the respective inputs of all of the clocked input state-holding elements coupled to the clocked output state-holding element are indicated as being valid.

Abstract: A computer system includes a local area network (LAN) and a plurality of computers. Each of the computers includes at least one central processing unit (CPU) and a LAN interface, which is coupled to communicate over the LAN, while the computers include no on-board input/output (I/O) device controllers other than the LAN interface. One or more peripheral devices are coupled to communicate with the computers over the LAN.