Abstract: The present invention relates to providing security functionality over computer system mass storage data, and more particularly relates to a system and method of transparent data backup on either local or remote storage devices such as SATA storage devices. According to aspects of the invention, the system is transparent to operating system and application software layers. That makes it unnecessary to make any software modifications to the file system, device drivers, operating system, or applications, or installing specialized applications or hardware. In embodiments, the snapshot functionality of the invention is implemented entirely in hardware, and is not designed to slow down performance of the rest of the system.

Abstract: The present invention relates to a system that manages security of one or more computer systems and/or one or more different types of I/O channels such as USB, Ethernet, SATA, and SAS. According to certain aspects, the management system is distributed. That is, a central management system and computer subsystems are physically distributed within one or more geographical areas, and communicate with each other by passing messages through a computer network. According to certain additional aspects, the configuration and/or security functions performed by methods and apparatuses according to the invention can be logically transparent to the upstream host and to the downstream device.

Abstract: In general, embodiments of the invention include methods and apparatuses for securely storing computer system data. Embodiments of the invention encrypt and decrypt SATA data transparently to software layers. That makes it unnecessary to make any software modifications to the file system, device drivers, operating system, or application. Encryption key management is performed either remotely on a centralized Remote Management System or locally. Embodiments of the invention implement background disk backups using snapshots. Additional security features that are included in embodiments of the invention include virus scanning, a virtual/network drive, a RAM drive and a port selector that provides prioritized and/or background access to SATA mass storage to a secure subsystem.

Abstract: The present invention relates to methods and apparatuses for securing otherwise unsecured computer communications that addresses the above shortcomings among others. According to certain aspects, the invention relates to methods and apparatuses for implementing device snooping, in which some or all traffic passing between a host and a connected device is captured into memory and analyzed in real time by system software. According to other aspects, the invention relates to real time capture of certain types of traffic and communication of the captured traffic to a remote management system. According to still further aspects, the invention relates to detecting security threats in real time. Upon threat detection, possible actions are blocking individual devices or alerting a system administrator. According to certain additional aspects, the security functions performed by methods and apparatuses according to the invention can be logically transparent to the upstream host and to the downstream device.

Abstract: In general, embodiments of the invention include methods and apparatuses for securing otherwise unsecured computer interfaces by performing transparent data encryption and decryption. According to certain transparency aspects, the encryption and decryption functionality of the invention do not require any changes to the software layers such as file systems, device drivers, operating systems, or applications. Embodiments of the invention offload encryption key management to a centralized key management system that can be remotely located from the secured computer. Alternative embodiments perform key management locally.

Abstract: The present invention relates to a system and architecture for securing otherwise unsecured computer subsystems. According to one aspect, the invention provides an independent hardware platform for running software in a secure manner. According to another aspect, the invention provides the means to control and secure all disk, network and other I/O transactions. According to still further aspects, the invention provides a means to monitor and prevent unauthorized user and malicious software activity Additional aspects include providing a secure platform for device and user authentication as well as encryption key management, providing a means to perform background backup snapshots, and providing the means for enabling full management over computer operations.

Abstract: In general, embodiments of the invention include methods and apparatuses for securing otherwise unsecured computer audio and video subsystems. Embodiments of the invention perform watermarking of video and/or audio data streams output by a computer system. Additional security features that are included in embodiments of the invention include fingerprinting, snooping, capturing streams for local or remote analytics or archiving, and mixing of secure system content with local audio and video content.

Abstract: A Galois field multiplier array includes a 1st register, a 2nd register, a 3rd register, and a plurality of multiplier cells. The 1st register stores bits of a 1st operand. The 2nd register stores bits of a 2nd operand. The 3rd register stores bits of a generating polynomial that corresponds to one of a plurality of applications (e.g., FEC, CRC, Reed Solomon, et cetera). The plurality of multiplier cells is arranged in rows and columns. Each of the multiplier cells outputs a sum and a product and each cell includes five inputs. The 1st input receives a preceding cell's multiply output, the 2nd input receives at least one bit of the 2nd operand, the 3rd input receives a preceding cell's sum output, a 4th input receives at least one bit of the generating polynomial, and the 5th input receives a feedback term from a preceding cell in a preceding row. The multiplier cells in the 1st row have the 1st input, 3rd input, and 5th input set to corresponding initialization values in accordance with the 2nd operand.

Abstract: A processor includes an instruction memory, arithmetic logic unit, finite field arithmetic unit, at least one digital storage device, and an instruction decoder. The instruction memory temporarily stores an instruction that includes at least one of: an operational code, destination information, and source information. The instruction decoder is operably coupled to interpret the instruction to identify the arithmetic logic unit and/or the finite field arithmetic unit to perform the operational code of the corresponding instruction. The instruction decoder then identifies at least one destination location within the digital storage device based on the destination information contained within the corresponding instruction. The instruction decoder then identifies at least one source location within the digital storage device based on the source information of the corresponding instruction.

Abstract: A Galois field arithmetic unit includes a Galois field multiplier section and a Galois field adder section. The Galois field multiplier section includes a plurality of Galois field multiplier arrays that perform a Galois field multiplication by multiplying, in accordance with a generating polynomial, a 1st operand and a 2nd operand. The bit size of the 1st and 2nd operands correspond to the bit size of a processor data path, where each of the Galois field multiplier arrays performs a portion of the Galois field multiplication by multiplying, in accordance with a corresponding portion of the generating polynomial, corresponding portions of the 1st and 2nd operands. The bit size of the corresponding portions of the 1st and 2nd operands corresponds to a symbol size of symbols of a coding scheme being implemented by the corresponding processor.

Abstract: A processor includes an instruction memory, arithmetic logic unit, finite field arithmetic unit, at least one digital storage device, and an instruction decoder. The instruction memory temporarily stores an instruction that includes at least one of: an operational code, destination information, and source information. The instruction decoder is operably coupled to interpret the instruction to identify the arithmetic logic unit and/or the finite field arithmetic unit to perform the operational code of the corresponding instruction. The instruction decoder then identifies at least one destination location within the digital storage device based on the destination information contained within the corresponding instruction. The instruction decoder then identifies at least one source location within the digital storage device based on the source information of the corresponding instruction.

Abstract: A Galois field arithmetic unit includes a Galois field multiplier section and a Galois field adder section. The Galois field multiplier section includes a plurality of Galois field multiplier arrays that perform a Galois field multiplication by multiplying, in accordance with a generating polynomial, a 1st operand and a 2nd operand. The bit size of the 1st and 2nd operands correspond to the bit size of a processor data path, where each of the Galois field multiplier arrays performs a portion of the Galois field multiplication by multiplying, in accordance with a corresponding portion of the generating polynomial, corresponding portions of the 1st and 2nd operands. The bit size of the corresponding portions of the 1st and 2nd operands corresponds to a symbol size of symbols of a coding scheme being implemented by the corresponding processor.

Abstract: A Galois field multiplier array includes a 1st register, a 2nd register, a 3rd register, and a plurality of multiplier cells. The 1st register stores bits of a 1st operand. The 2nd register stores bits of a 2nd operand. The 3rd register stores bits of a generating polynomial that corresponds to one of a plurality of applications (e.g., FEC, CRC, Reed Solomon, et cetera). The plurality of multiplier cells is arranged in rows and columns. Each of the multiplier cells outputs a sum and a product and each cell includes five inputs. The 1st input receives a preceding cell's multiply output, the 2nd input receives at least one bit of the 2nd operand, the 3rd input receives a preceding cell's sum output, a 4th input receives at least one bit of the generating polynomial, and the 5th input receives a feedback term from a preceding cell in a preceding row. The multiplier cells in the 1st row have the 1st input, 3rd input, and 5th input set to corresponding initialization values in accordance with the 2nd operand.

Abstract: A method for debugging an application on an embedded processor using a debug monitor service routine (debug ISR) and allowing critical interrupts to be transparently serviced is provided. The method enters and runs a debug monitor service routine transparently such that the application program being debugged is unaware of the monitor. A debug interrupt is completely transparent to the application software that runs on the embedded processor and is therefore non-maskable. In addition, when entering the debug ISR, shadow registers and the global interrupt disable bit (if they exist) are not be altered, which preserves the monitor's transparency to the application. Once the debug monitor is entered, a context save may be performed if needed and the monitor may proceed to enable interrupts if necessary.

Abstract: An address pipeline includes a sequence of registers for storing the memory addresses of instructions currently being processed within the different stages of an execution pipeline. In parallel with the execution pipeline, the address pipeline advances the corresponding memory addresses as the instructions are advanced through the execution pipeline. Address pipelining allows the programmer of a pipelined processor to understand the otherwise hidden operation of a pipelined processor by giving the programmer means to track instructions through the pipeline. In addition, the address pipeline includes an instruction status register for indicating whether an instruction at any given stage of the pipeline has been executed and a program counter address breakpoint register for storing the address of the instruction that actually triggers a breakpoint.