Abstract: A computing system uses Advanced Encryption Standard XEX Based Tweaked Codebook Mode with Ciphertext Stealing (AES-XTS) encryption to encrypt a block of data using a tweak key, a data key, a modified tweak value, and the block of data to thereby generate an encrypted block of data. The modified tweak value is computed according to the expression DEC(0, CONST KEY), where DEC is an AES decryption algorithm, and CONST KEY is the tweak key. The encrypted block of data is thereby formatted according to the Advanced Encryption Standard with no extended mode and not according to the XEX Based Tweaked Codebook Mode with Ciphertext Stealing.

Abstract: A computing system uses AES-XTS encryption to encrypt data of a first part of first data stream using a tweak key, a data key, an initial tweak value, in a first encryption session, store the encrypted first part, then encrypts a second part of the first data stream in a second encryption session commenced after the termination of the first encryption session; and store the encrypted second part in the encrypted data store. The second part of the first data stream is encrypted using a modified tweak value computed based on the initial tweak value, the tweak key, and a block index of a last cipher block of the first part of the first data stream.

Abstract: A method provides for receiving multiple different segment tags generated based on different segments of a data record, where each segment is encrypted during a separate encryption process. Upon receipt, each of the multiple different segment tags is adjusted by an end-of-segment operation that induces a segment-specific error rendering the segment tag invalid for authentication of the data record as a whole. The method provides for accumulating together the multiple different segment tags to form a combined multi-segment tag, computing a correction effective to reverse a cumulative effect of the segment-specific error for each of the multiple different segment tags on the combined multi-segment tag; and generating a complete authentication tag by adjusting the combined multi-segment tag based on the computed correction. The complete authentication tag is usable to authenticate aspects of the data record as a whole.

Abstract: A method supporting interleaved authentication-encryption operations for different data records provides for constructing authentication tag usable to authenticate a transmitted data record from multiple different tag segments generated by an authentication-encryption engine in association with different segments of the data record. The method provides for recovering a first partial tag from a first segment tag received from an authentication-encryption engine by performing one or more operations effective to reverse certain operations performed by the third-party authentication-encryption engine. One or more additional partial tags may be similarly recovered from additional tag segments subsequently output from the third-party authentication-encryption engine in association with the data record, and a complete authentication tag for the data record may be generated based on the recovered first partial tag and each of the one or more additional recovered partial tags.

Abstract: An electronic device includes a processor, a Nonvolatile Memory (NVM), and a Programmable Logic Device (PLD). The NVM stores loadable shell image and user image. The shell image supports communication with the processor, and each of the shell and user images implements a bus client for communication with a host in accordance with a bus protocol. The PLD connects to the processor and to the NVM. Upon initialization, the PLD is configured to load and run the shell image, to receive from the processor, by the shell image, an indication for selecting between the shell and user images, and when the indication selects the user image, to load the user image and run the loaded user image. The process of sequential loading of the shell and user images completes before the host concludes attempting to enumerate the bus client of the user image, in accordance with the bus protocol.

Abstract: An electronic device includes a processor, a Nonvolatile Memory (NVM), and a Programmable Logic Device (PLD). The NVM stores loadable shell image and user image. The shell image supports communication with the processor, and each of the shell and user images implements a bus client for communication with a host in accordance with a bus protocol. The PLD connects to the processor and to the NVM. Upon initialization, the PLD is configured to load and run the shell image, to receive from the processor, by the shell image, an indication for selecting between the shell and user images, and when the indication selects the user image, to load the user image and run the loaded user image. The process of sequential loading of the shell and user images completes before the host concludes attempting to enumerate the bus client of the user image, in accordance with the bus protocol.

Abstract: A method is provided for maintaining a synchronized local timer by using a periodic signal which comprises: providing a value of a clock cycle, and values for a first and second timer-parameters, wherein the first timer-parameter is less than the clock cycle value and the second timer-parameter is higher therefrom; providing values for a first (“a”) and second (“b”) arbitration parameters associated with the first and second timer-parameters respectively; upon receiving a periodic signal, adding to the local timer, at least once the first and/or the second timer-parameter, so that on average over one second, the first timer-parameter is added “a” times and the second timer-parameter is added “b” times, thereby ensuring that a value of the local timer essentially overlaps the period frequency of the periodic signal; upon receiving a subsequent periodic signal, setting the value of the local timer to a propagation delay of the periodic signal.

Abstract: A method is provided for maintaining a synchronized local timer by using a periodic signal which comprises: providing a value of a clock cycle, and values for a first and second timer-parameters, wherein the first timer-parameter is less than the clock cycle value and the second timer-parameter is higher therefrom; providing values for a first (“a”) and second (“b”) arbitration parameters associated with the first and second timer-parameters respectively; upon receiving a periodic signal, adding to the local timer, at least once the first and/or the second timer-parameter, so that on average over one second, the first timer-parameter is added “a” times and the second timer-parameter is added “b” times, thereby ensuring that a value of the local timer essentially overlaps the period frequency of the periodic signal; upon receiving a subsequent periodic signal, setting the value of the local timer to a propagation delay of the periodic signal.

Abstract: A system and method for switching between flows of water solutions passed in groups of blocks of membrane pressure vessels arranged in parallel in a tapered flow system, wherein the system comprises a system inlet feed line, a system outlet flow line, high pressure booster pumps configured to provide a high pressure feed stream to the system; blocks of membrane pressure vessels arrayed in parallel, and a first and second bypass line each parallel to said blocks.