Abstract: An apparatus, system and method for protecting the confidentiality and integrity of a secure object running on a computer system by protecting the memory pages owned by the secure object, including assigning a secure object an ID, labeling the memory pages owned by a secure object with the ID of the secure object, maintaining an Access Control Monitor (ACM) table for the memory pages on the system, controlling access to memory pages by monitoring load and store instructions and comparing information in the ACM table with the ID of the software that is executing these instructions; and limiting access to a memory page to the owner of the memory page.

Abstract: An apparatus, system and method for protecting the confidentiality and integrity of a secure object running on a computer system by protecting the memory pages owned by the secure object, including assigning a secure object an ID, labeling the memory pages owned by a secure object with the ID of the secure object, maintaining an Access Control Monitor (ACM) table for the memory pages on the system, controlling access to memory pages by monitoring load and store instructions and comparing information in the ACM table with the ID of the software that is executing these instructions; and limiting access to a memory page to the owner of the memory page.

Abstract: A processor in a computer system, the processor including a mechanism supporting a Secure Object that comprises information that is protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information while making the Secure Object information available to the Secure Object itself during execution of the Secure Object. The mechanism includes a crypto mechanism that decrypts and integrity-checks Secure Object information as said Secure Object information moves into the computer system from an external storage system, and encrypts and updates an integrity value for Secure Object information as said Secure Object information moves out of the computer system to the external storage system, and a memory protection mechanism that protects the confidentiality and integrity of Secure Object information when that information is in the memory of the computer system.

Abstract: A processor in a computer system, the processor including a mechanism supporting a Secure Object that comprises information that is protected so that other software on said computer system cannot access or undetectably tamper with said information, thereby protecting both a confidentiality and an integrity of the Secure Object information while making the Secure Object information available to the Secure Object itself during execution of the Secure Object. The mechanism includes a crypto mechanism that decrypts and integrity-checks Secure Object information as said Secure Object information moves into the computer system from an external storage system, and encrypts and updates an integrity value for Secure Object information as said Secure Object information moves out of the computer system to the external storage system, and a memory protection mechanism that protects the confidentiality and integrity of Secure Object information when that information is in the memory of the computer system.

Abstract: A system and method are described for secure data transfer over a network. According to an exemplary embodiment a system for secure data transfer over a network includes memory and a memory controller configured to transfer data received from the network to the memory. The system includes a processor, having logic configured to retrieve a portion of the data from the memory using the memory controller. The processor also includes logic configured to perform security operations on the retrieved portion of the data, and logic configured to store the operated-on portion of the data in the memory using the memory controller. The memory controller is further configured to transfer the operated-on portion of the data from the memory to the network.

Abstract: A computing device for securely executing authorized code includes a protected memory for storing authorized code, which contains an original digital signature, and a processor in signal communication with the protected memory for preparing to execute code from the protected memory by verifying that a digital signature contained in the code is original in accordance with a public key, and if the original digital signature is verified, then branching to a copy of the authorized code in the protected memory to begin execution.

Abstract: A system to increase the security of the state of interrupted applications may include a computer processor to process software running in a plurality of runtime environments. The system may also include an interrupt stack per runtime environment to assist in how the computer processor switches from one subroutine to another in the same environment and from one runtime environment to any of the other runtime environments. The system may further include a plurality of hardware-managed areas to store processor state information and to assist in how the computer processor switches from one runtime environment to any of the other runtime environments.

Abstract: A system and method for coding data to help resist differential attacks. Data in m columns may be initialized to an initialized value. One new column of data may be mixed with a new input word and input to an advanced mixer. The advanced mixer may include linear mixing having indexed bytes and performing of exclusive-OR operation and transposing. An output of the advanced mixer may be a new m column state. A value of m could be 0 through 30. The value of m may have a preferred range of 27 through 36. Systems to implement the foregoing method are also described.

Abstract: A simple universal hash apparatus and method include input means for inputting at least one of a plurality of Plaintext blocks into an integrity aware encryption scheme using at least one of two secret keys to obtain a plurality of Ciphertext blocks; Plaintext checksum means for computing a Plaintext checksum value from said plurality of Plaintext blocks; Ciphertext checksum means for processing said plurality of Ciphertext blocks and a third key to obtain a Ciphertext checksum; and combination means for combining said Plaintext checksum and said Ciphertext checksum to obtain the simple universal hash value.

Abstract: A simple universal hash apparatus and method include input means for inputting at least one of a plurality of Plaintext blocks into an integrity aware encryption scheme using at least one of two secret keys to obtain a plurality of Ciphertext blocks; Plaintext checksum means for computing a Plaintext checksum value from said plurality of Plaintext blocks; Ciphertext checksum means for processing said plurality of Ciphertext blocks and a third key to obtain a Ciphertext checksum; and combination means for combining said Plaintext checksum and said Ciphertext checksum to obtain the simple universal hash value.

Abstract: A system and method for coding data to help resist differential attacks. Data in m columns may be initialized to an initialized value. One new column of data may be mixed with a new input word and input to an advanced mixer. The advanced mixer may include linear mixing having indexed bytes and performing of exclusive-OR operation and transposing. An output of the advanced mixer may be a new m column state. A value of m could be 0 through 30. The value of m may have a preferred range of 27 through 36. Systems to implement the foregoing method are also described.

Abstract: A system and method are described for performing security operations on network data. According to an exemplary embodiment, a system for performing security operations on network data includes memory and a data coprocessor configured to transfer data into and out of the memory. A plurality of processors are coupled to the memory and to the data coprocessor. Each processor is configured to perform, in parallel to one another, security operations on a portion of the data. The system includes a plurality of security coprocessors coupled to the memory. Each security coprocessor is coupled to a respective one of the processors and configured to assist the respective processor in performing security operations on the portion of the data.

Abstract: A method for processing a memory page, the method includes: retrieving, in response to a request to provide a first memory page to a processor, first memory page metadata associated with first memory page address information; wherein the first memory page address information is stored in a memory page table; and performing a page operation in response to the memory page metadata; wherein the page operation is selected from a group consisting of compression, cryptography, searching a page for a virus signature, searching a page for digital right management signature, error correction code verification, error correction code addition.

Abstract: A simple universal hash apparatus and method include input means for inputting at least one of a plurality of Plaintext blocks into an integrity aware encryption scheme using at least one of two secret keys to obtain a plurality of Ciphertext blocks; Plaintext checksum means for computing a Plaintext checksum value from said plurality of Plaintext blocks; Ciphertext checksum means for processing said plurality of Ciphertext blocks and a third key to obtain a Ciphertext checksum; and combination means for combining said Plaintext checksum and said Ciphertext checksum to obtain the simple universal hash value.

Abstract: A simple universal hash apparatus and method include input means for inputting at least one of a plurality of Plaintext blocks into an integrity aware encryption scheme using at least one of two secret keys to obtain a plurality of Ciphertext blocks; Plaintext checksum means for computing a Plaintext checksum value from the said plurality of Plaintext blocks; Ciphertext checksum means for processing said plurality of Ciphertext blocks and a third key to obtain a Ciphertext checksum; and combination means for combining the said Plaintext checksum and the said Ciphertext checksum to obtain the simple universal hash value.

Abstract: Aspects for optimizing leaf comparisons from a tree search of data stored in external memory of an embedded processing system are described. The aspects include providing a control structure for leaf data comparisons as a control vector and a match key, and utilizing the control vector to direct types of comparison tests performed with the match key.

Abstract: Aspects for optimizing data searches in tree structures are described. The aspects include organizing multiple search levels of data into sub-trees contained in fixed size blocks of shared external memory of an embedded processing system, and requiring each reference to the data to proceed from one-half of a sub-tree during a descent of the search tree based on a search pattern.

Abstract: Aspects for optimizing leaf comparisons from a tree search of data stored in external memory of an embedded processing system are described. The aspects include providing a control structure for leaf data comparisons as a control vector and a match key, and utilizing the control vector to direct types of comparison tests performed with the match key.

Abstract: Aspects for optimizing data searches in tree structures are described. The aspects include organizing multiple search levels of data into sub-trees contained in fixed size blocks of shared external memory of an embedded processing system, and requiring each reference to the data to proceed from one-half of a sub-tree during a descent of the search tree based on a search pattern.

Abstract: A fiberoptic communication system is presented which allows an open-link condition on one link of a multi-link fiberoptic connection to be propagated to other links of the connection while satisfying the Open Fiber Control safety standard. Each link comprises a duplex link and at least one optical repeater is employed. The at least one optical repeater is adapted to propagate an open-link condition in one link of the multiple duplex links between the links of the fiberoptic connection. Propagating the open-link condition can be accomplished using an out band signal, an electrical wrap mode, or a hybrid approach using both an out band signal and electrical wrap mode. Automatic propagation of a closed-link condition is provided once the originally opened link is closed.