Abstract: New code routines for a secure system (e.g., a TPM) are stored in a memory (e.g., a flash memory) that is located external to the secure system. For example, a chip may include a TPM and an external flash memory may be connected to the chip. New routines for the TPM may then be stored in the flash. A function table may be used to determine whether a given function to be executed by the TPM is stored in on-chip memory (e.g., ROM) or in the flash. New function tables may be stored in the flash. For example, when a new set of functions is loaded into the flash, a new function table that references the new functions also may be loaded into the flash.

Abstract: Methods and associated systems for providing secured data transmission over a data network are disclosed. Security association updates may be provided in a load-balanced system. Before encryption, the system may calculate values for header fields that need to be updated as a result of an encryption process. Encrypted packets may be decrypted by a parallel decryption system. After decryption, the system may calculates value for fields in the header information that need to be updated as a result of the decryption process.

Abstract: Intended for an information security application, particularly in networked information systems, the present invention includes two methods and systems for verifying a current performance of a command by a controller. A first cyclic redundancy check (CRC) for the command is prestored in memory. A second CRC for the command is calculated after instructions of the command have been performed by the controller. The first CRC is compared with the second CRC. Preferably, the controller is reset if the first CRC does not match the second CRC. Also, an address of a first instruction of the command is compared with an address of a second instruction of the command to determine if there may be a discontinuity between the first and the second instructions. It is determined if the first instruction is a valid instruction from/to which an instruction sequence of the command can be redirected.

Abstract: Intended for an information security application, particularly in networked information systems, the present invention includes two methods and systems for verifying a current performance of a command by a controller. A first cyclic redundancy check (CRC) for the command is prestored in memory. A second CRC for the command is calculated after instructions of the command have been performed by the controller. The first CRC is compared with the second CRC. Preferably, the controller is reset if the first CRC does not match the second CRC. Also, an address of a first instruction of the command is compared with an address of a second instruction of the command to determine if there may be a discontinuity between the first and the second instructions. It is determined if the first instruction is a valid instruction from/to which an instruction sequence of the command can be redirected.

Abstract: Systems and methods are disclosed for processing data packets. Such a system may generate a header for a session and repeatedly use that header to generate packets for the session. Packets may be processed by a host processor and an associated security processor. When the security processor generates packets for the session it may prepend a header from the host processor onto packets, rather than independently generate the header.

Abstract: Systems and methods are disclosed for processing data packets. Such a system may generate a header for a session and repeatedly use that header to generate packets for the session. Packets may be processed by a host processor and an associated security processor. When the security processor generates packets for the session it may prepend a header from the host processor onto packets, rather than independently generate the header.

Abstract: Methods and associated systems for providing secured data transmission over a data network are disclosed. Security association updates may be provided in a load-balanced system. Before encryption, the system may calculate values for header fields that need to be updated as a result of an encryption process. Encrypted packets may be decrypted by a parallel decryption system. After decryption, the system may calculates value for fields in the header information that need to be updated as a result of the decryption process.