Abstract: Managing data units by converting the data units into data segments and access files describing how to retrieve the data segments using hash values for the data segments. In a data store operation, the data unit is divided into data segments and an access file is generated. The access file includes segmenting scheme information for the data segments, hashing scheme information for the hash values, hash identification information describing the hash values, and location information identifying the locations at which the data segments are available. In a data retrieval operation, data from the data unit is retrieved by accessing the data segments and extracting the data therefrom, where the data segments are retrieved based on the access file for the data unit.

Abstract: Monitoring integrity of a running computer system is based on creating a Test Model which includes predicates descriptive of invariant properties of security relevant objects and their attributes in the monitored structure known-to-be “healthy”, acquiring memory image of a portion of the running monitored structure, decomposing the acquired memory image to retrieve representation of the security relevant objects of interest, by implementing the attributes of the Test Model, and verifying, by implementing the predicates, whether the invariant properties defined in the Test Model remain unchanged for the running host system. If a discrepancy is detected, a signal indicative of a detected discrepancy is transmitted to a management entity for analysis and formulating a course of action.

Abstract: Managing data units by converting the data units into data segments and access files describing how to retrieve the data segments using hash values for the data segments. In a data store operation, the data unit is divided into data segments and an access file is generated. The access file includes segmenting scheme information for the data segments, hashing scheme information for the hash values, hash identification information describing the hash values, and location information identifying the locations at which the data segments are available. In a data retrieval operation, data from the data unit is retrieved by accessing the data segments and extracting the data therefrom, where the data segments are retrieved based on the access file for the data unit.

Abstract: A network-based storage system comprises one or more block-level storage servers that connect to, and provide disk storage for, one or more host computers. In one embodiment, the system is capable of subdividing the storage space of an array of disk drives into multiple storage partitions, and allocating the partitions to host computers on a network. A storage partition allocated to a particular host computer may appear as local disk drive storage to user-level processes running on the host computer.

Abstract: A network-based storage system comprises one or more block-level storage servers that connect to, and provide disk storage for, one or more host computers. In one embodiment, the system is capable of subdividing the storage space of an array of disk drives into multiple storage partitions, and allocating the partitions to host computers on a network. A storage partition allocated to a particular host computer may appear as local disk drive storage to user-level processes running on the host computer.

Abstract: A network-based storage system comprises one or more block-level storage servers that connect to, and provide storage for, one or more host computers over logical network connections, such as TCP/IP connections. In one embodiment, the block-level storage servers implement a protocol through which a storage server authenticates a host before permitting the host to access storage resources. Upon successful authentication, the storage server may also provide access information to the host.

Abstract: A network-based storage system comprises one or more block-level storage servers that connect to, and provide disk storage for, one or more host computers (“hosts”) over logical network connections (preferably TCP/IP sockets). In one embodiment, each host can maintain one or more socket connections to each storage server, over which multiple I/O operations may be performed concurrently in a non-blocking manner. The physical storage of a storage server may optionally be divided into multiple partitions, each of which may be independently assigned to a particular host or to a group of hosts. When a host initially connects to a storage server in one embodiment, the storage server initially authenticates the host, and then notifies the host of the ports that may be used to establish data connections and of the partitions assigned to that host.

Abstract: A network-based storage system comprises one or more block-level storage servers that connect to, and provide disk storage for, one or more host computers (“hosts”) over logical network connections (preferably TCP/IP sockets). In one embodiment, each host can maintain one or more socket connections to each storage server, over which multiple I/O operations may be performed concurrently in a non-blocking manner. The physical storage of a storage server may optionally be divided into multiple partitions, each of which may be independently assigned to a particular host or to a group of hosts. Host driver software presents these partitions to user-level processes as one or more local disk drives. When a host initially connects to a storage server in one embodiment, the storage server initially authenticates the host, and then notifies the host of the ports that may be used to establish data connections and of the partitions assigned to that host.

Abstract: A method and system for obscuring user requests for information in a computer network. A user request for information, aimed at another network member, is routed to a first cache memory. If the first cache memory contains the requested information, the cache returns the requested information in response to the user request without releasing the user request to the network member. If the first cache memory does not contain the requested information, a first reference editing function edits user identity information contained in the request, resulting in an edited request with obscured identity information. The edited request is then released to the network member and the requested information is received by the user from the network member. A copy of the requested information is stored in the first cache memory.

Abstract: A network-based storage system comprises one or more block-level storage servers that connect to, and provide disk storage for, one or more host computers (“hosts”) over logical network connections (preferably TCP/IP sockets). In one embodiment, each host can maintain one or more socket connections to each storage server, over which multiple I/O operations may be performed concurrently in a non-blocking manner. The physical storage of a storage server may optionally be divided into multiple partitions, each of which may be independently assigned to a particular host or to a group of hosts. Host driver software presents these partitions to user-level processes as one or more local disk drives. When a host initially connects to a storage server in one embodiment, the storage server initially authenticates the host, and then notifies the host of the ports that may be used to establish data connections and of the partitions assigned to that host.

Abstract: A method and system for private shipping to anonymous users purchasing goods on a computer or communications network linking users with merchant web-sites for electronic commerce. A user is issued a proxy identity and the user's mailing address is received and encrypted. The proxy identity and encrypted mailing address are transmitted to a merchant, and decryption information is provided to a shipper. Upon receipt of the encrypted shipping address from the merchant, the shipper can use the decryption information to decrypt the address and generate a package label bearing the true shipping address of the user so that the merchant is prevented from electronically capturing the true identity of the user. The present invention provides for anonymity of a user when browsing and shopping, and integrates easily and simply with existing online infrastructures of banks or credit card issuers, and delivery companies.