Abstract: A security apparatus and method are provided for performing a security algorithm that prevents unauthorized access to contents of a physical address (PA) that have been loaded into a storage element of the computer system as a result of performing a prediction algorithm during a hardware table walk that uses a predictor to predict a PA based on a virtual address (VA). When the predictor is enabled, it might be possible for a person with knowledge of the system to configure the predictor to cause contents stored at a PA of a secure portion of the main memory to be loaded into a register in the TLB. In this way, a person who should not have access to contents stored in secure portions of the main memory could indirectly gain unauthorized access to those contents. The apparatus and method prevent such unauthorized access to the contents by masking the contents under certain conditions.

Abstract: A method for selectively scrambling data within a memory associated with a computing device based on data tagging. The computing device may define security domains that are protected. Data generated by an application may be packaged as a data bus transaction having tagging information describing the application and/or the data. The data bus transaction may be transmitted over a bus of the computing device to a memory, such as internal memory, where the computing device may compare the tagging information to stored information describing security domains. When the data is determined to be protected based on the tagging information, the computing device may perform scrambling operations on the data. In an aspect, the tagging information may describe a virtual machine used to execute various applications on a processor. In another aspect, the tagging information may define destination memory addresses or content protection bit values.

Abstract: A security apparatus and method are provided for performing a security algorithm that prevents unauthorized access to contents of a physical address (PA) that have been loaded into a storage element of the computer system as a result of performing a prediction algorithm during a hardware table walk that uses a predictor to predict a PA based on a virtual address (VA). When the predictor is enabled, it might be possible for a person with knowledge of the system to configure the predictor to cause contents stored at a PA of a secure portion of the main memory to be loaded into a register in the TLB. In this way, a person who should not have access to contents stored in secure portions of the main memory could indirectly gain unauthorized access to those contents. The apparatus and method prevent such unauthorized access to the contents by masking the contents under certain conditions.

Abstract: A method of transmitting and receiving data from a multi-homing network device to a data network is disclosed and includes defining a network policy and transmitting the network policy to a routing module. Further, the method includes receiving a route scope from the routing module. The route scope identifies a subset of data interfaces to the data network that satisfy the network policy wherein the subset of data interfaces are selected from a set of available data interfaces and wherein the subset of data interfaces includes at least one data interface.

Abstract: A computer system and a method are provided that reduce the amount of time and computing resources that are required to perform a hardware table walk (HWTW) in the event that a translation lookaside buffer (TLB) miss occurs. If a TLB miss occurs when performing a stage 2 (S2) HWTW to find the PA at which a stage 1 (S1) page table is stored, the MMU uses the IPA to predict the corresponding PA, thereby avoiding the need to perform any of the S2 table lookups. This greatly reduces the number of lookups that need to be performed when performing these types of HWTW read transactions, which greatly reduces processing overhead and performance penalties associated with performing these types of transactions.

Abstract: A security apparatus and method are provided for performing a security algorithm that prevents unauthorized access to contents of a physical address (PA) that have been loaded into a storage element of the computer system as a result of performing a prediction algorithm during a hardware table walk that uses a predictor to predict a PA based on a virtual address (VA). When the predictor is enabled, it might be possible for a person with knowledge of the system to configure the predictor to cause contents stored at a PA of a secure portion of the main memory to be loaded into a register in the TLB. In this way, a person who should not have access to contents stored in secure portions of the main memory could indirectly gain unauthorized access to those contents. The apparatus and method prevent such unauthorized access to the contents by masking the contents under certain conditions.

Abstract: A computer system and a method are provided that reduce the amount of time and computing resources that are required to perform a hardware table walk (HWTW) in the event that a translation lookaside buffer (TLB) miss occurs. If a TLB miss occurs when performing a stage 2 (S2) HWTW to find the PA at which a stage 1 (S1) page table is stored, the MMU uses the IPA to predict the corresponding PA, thereby avoiding the need to perform any of the S2 table lookups. This greatly reduces the number of lookups that need to be performed when performing these types of HWTW read transactions, which greatly reduces processing overhead and performance penalties associated with performing these types of transactions.

Abstract: A method for selectively scrambling data within a memory associated with a computing device based on data tagging. The computing device may define security domains that are protected. Data generated by an application may be packaged as a data bus transaction having tagging information describing the application and/or the data. The data bus transaction may be transmitted over a bus of the computing device to a memory, such as internal memory, where the computing device may compare the tagging information to stored information describing security domains. When the data is determined to be protected based on the tagging information, the computing device may perform scrambling operations on the data. In an aspect, the tagging information may describe a virtual machine used to execute various applications on a processor. In another aspect, the tagging information may define destination memory addresses or content protection bit values.

Abstract: A method of transmitting and receiving data from a multi-homing network device to a data network is disclosed and includes defining a network policy and transmitting the network policy to a routing module. Further, the method includes receiving a route scope from the routing module. The route scope identifies a subset of data interfaces to the data network that satisfy the network policy wherein the subset of data interfaces are selected from a set of available data interfaces and wherein the subset of data interfaces includes at least one data interface.

Abstract: A method of transmitting and receiving data from a multi-homing network device to a data network includes defining a network policy and transmitting the network policy to a routing module. Further, the method includes receiving a route scope from the routing module. The route scope identifies a subset of data interfaces to the data network that satisfy the network policy wherein the subset of data interfaces are selected from a set of available data interfaces and wherein the subset of data interfaces includes at least one data interface.

Abstract: Techniques for dynamically configuring IP and providing IP connectivity for a terminal equipment attached to a wireless device are described. The wireless device obtains from a wireless network a dynamically assigned IP address, an IP gateway's IP address, a subnet mask, or none or any combination thereof. Wireless device determines a host IP address (which may be the dynamically assigned IP address), a router IP address (which may be the gateway IP address or a spoofed IP address), a server IP address (which may be the router IP address), and a subnet mask (which may be obtained from the wireless network or spoofed by the wireless device). Wireless device, acting as a DHCP server, provides IP configuration for the terminal equipment, acting as a DHCP client. Wireless device thereafter forwards IP packets exchanged between the terminal equipment and wireless network and processes DHCP packets from the terminal equipment.

Abstract: Techniques for dynamically configuring IP and providing IP connectivity for a terminal equipment attached to a wireless device are described. The wireless device obtains from a wireless network a dynamically assigned IP address, an IP gateway's IP address, a subnet mask, or none or any combination thereof. Wireless device determines a host IP address (which may be the dynamically assigned IP address), a router IP address (which may be the gateway IP address or a spoofed IP address), a server IP address (which may be the router IP address), and a subnet mask (which may be obtained from the wireless network or spoofed by the wireless device). Wireless device, acting as a DHCP server, provides IP configuration for the terminal equipment, acting as a DHCP client. Wireless device thereafter forwards IP packets exchanged between the terminal equipment and wireless network and processes DHCP packets from the terminal equipment.

Abstract: Techniques for dynamically configuring IP and providing IP connectivity for a terminal equipment attached to a wireless device are described. The wireless device obtains from a wireless network a dynamically assigned IP address, an IP gateway's IP address, a subnet mask, or none or any combination thereof. Wireless device determines a host IP address (which may be the dynamically assigned IP address), a router IP address (which may be the gateway IP address or a spoofed IP address), a server IP address (which may be the router IP address), and a subnet mask (which may be obtained from the wireless network or spoofed by the wireless device). Wireless device, acting as a DHCP server, provides IP configuration for the terminal equipment, acting as a DHCP client. Wireless device thereafter forwards IP packets exchanged between the terminal equipment and wireless network and processes DHCP packets from the terminal equipment.

Abstract: The invention provides technology that improves the security of the A-Keys in a wireless communications system. The technology effectively prevents any human access to the A-Keys and eliminates cloning. The invention improves the security and integrity of the wireless communications system. A secure processor exchanges random numbers with a wireless communications device to generate the A-Key. The secure processor then encrypts the A-Key and transfers the encrypted A-Key to an authentication system. When the authentication system generates or updates the SSD, the authentication system transfers the encrypted A-Key and other information to the secure processor. The secure processor decrypts the A-Key and calculates the SSD. The secure processor transfers the SSD to the authentication system for use in authenticating the wireless communications device.