Abstract: A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers.

Abstract: A method and structure for enhancing protection for at least one of software and data being executed on a computer. A file to comprise a secure object is constructed, using a processor on a build machine, the secure object to be executed on a target machine different from the build machine. The secure object comprises at least one of code and data that is to be encrypted when the secure object is stored on the target machine. The encrypted stored secure object is decrypted by the target machine when executed by the target machine after retrieval from a memory on the target machine. The decryption uses a system key of the target machine. The secure object is stored, upon completion of construction, in an encrypted state as a completed secure object, and the secure object is completed without the build machine having the system key of the target machine.

Abstract: A method and structure in a computer system, including a mechanism supporting a Secure Object that includes code and data that is cryptographically protected from other software on the computer system.

Abstract: A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers.

Abstract: A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers.

Abstract: An apparatus includes a memory to store a secure object comprising at least one of code and data that is encrypted when stored in the memory and a central processing unit (CPU) that is capable of executing an EnterSecureMode (esm) instruction that enables the decryption of the secure object's information when the secure object information is retrieved from the memory into the CPU. The CPU further comprises a feature to protect the secure object from code received from other software.

Abstract: A method and structure for enhancing protection for at least one of software and data being executed on a computer. A file to comprise a secure object is constructed, using a processor on a build machine, the secure object to be executed on a target machine different from the build machine. The secure object comprises at least one of code and data that is to be encrypted when the secure object is stored on the target machine. The encrypted stored secure object is decrypted by the target machine when executed by the target machine after retrieval from a memory on the target machine. The decryption uses a system key of the target machine. The secure object is stored, upon completion of construction, in an encrypted state as a completed secure object, and the secure object is completed without the build machine having the system key of the target machine.

Abstract: A method and structure for a secure object, as tangibly embodied in a computer-readable storage medium. The secure object includes a cryptographically protected region containing at least one of code and data, an initial integrity tree that protects an integrity of contents of the cryptographically protected region; and an unprotected region that includes a loader, an esm (enter secure mode) instruction, and one or more communication buffers.

Abstract: A method (and structure) of enhancing efficiency in processing using a secure environment on a computer, includes, for each line of a cache, providing an associated object identification label field associated with the line of cache, the object identification label field storing a value that identifies an owner of data currently stored in the line of cache.

Abstract: A method and structure in a computer system, including a mechanism supporting a Secure Object that includes code and data that is cryptographically protected from other software on the computer system.

Abstract: An information processing system for protecting against denial of service attacks comprises an interface (310) to receive and send packets, wherein the packets comprise at least one synchronization packet that is part of a handshake process for establishing the connection between the source client computer (118) and the target server computer (102); a crypto engine (306) adapted to create a unique sequence number for inclusion in a packet to be sent to a client (118) requesting establishment of a connection between a client (118) and server (102), wherein the crypto engine (306) is further adapted to validate unique sequence numbers in received synchronization packets that are part of a handshake process for establishing the connection between the source client (118) and the protected server (102); and a lookup table (304) for storing information defining established connections between the server (102) and clients so that arriving packets that purport to be part of an established connection can be validated

Abstract: A method and system for controlling and guaranteeing a service level agreement (SLA) based on a communications outbound link bandwidth usage to a plurality of customers having electronic business activity hosted by at least one server as a server farm, includes monitoring the outbound communications bandwidth usage by each customer traffic to determine a level of service being provided to each customer with respect to the agreed service level agreement in each service cycle time per unit of time. The flow of incoming requests to each customer business activity application is controlled so as to guarantee a level of service previously agreed to the customer by queuing requests to the customer and by selectively dropping requests to the customer to guarantee the agreed service levels to the customer. The controlling process controls and guarantees each outbound link usage based service level agreement by controlling the flow of incoming requests to the at least one server.

Abstract: A routing table for use with a router in a world-wide network, includes an existing routing table with a multicast-destination (MD) column.

Abstract: An information processing system for protecting against denial of service attacks comprises an interface (310) to receive and send packets, wherein the packets comprise at least one synchronization packet that is part of a handshake process for establishing the connection between the source client computer (118) and the target server computer (102); a crypto engine (306) adapted to create a unique sequence number for inclusion in a packet to be sent to a client (118) requesting establishment of a connection between a client (118) and server (102), wherein the crypto engine (306) is further adapted to validate unique sequence numbers in received synchronization packets that are part of a handshake process for establishing the connection between the source client (118) and the protected server (102); and a lookup table (304) for storing information defining established connections between the server (102) and clients so that arriving packets that purport to be part of an established connection can be validated

Abstract: A system and method for prefetching instructions from a slower memory for storing them in a faster memory includes the following: prefetching the instructions from a slower memory; recognizing an opcode corresponding to an unconditional branch instruction; continuing to prefetch at a target address of the unconditional branch instruction, responsive to recognizing the opcode corresponding to the unconditional branch instruction; recognizing an opcode corresponding to a conditional branch instruction; prefetching along each of the possible branches for the conditional branch instruction, responsive to recognizing the opcode corresponding to the conditional branch instruction; taking a branch from the possible branches of the conditional branch; and canceling prefetching of other possible branches not taken.

Abstract: An optical switch for a network having a plurality of nodes, includes a switch coupled to communications links used for input and output in which a plurality of wavelengths are used to carry traffic on a communications link, and a controller, coupled to the switch, for controlling the operation of the switch by implementing a routing protocol, and implementing a labeling protocol to associate a wavelength with a route table destination. The controller controls the switch to direct the various wavelengths of traffic from an input link to an appropriate output link as determined by the routing protocol and the labeling protocol.