Memory Access Blocking Patents (Class 711/152)
-
Patent number: 10678710Abstract: A code protection scheme for controlling access to a memory region in an integrated circuit includes a processor with an instruction pipeline that includes multiple processing stages. A first processing stage receives one or more instructions. A second processing stage receives address information identifying a protected memory region of the memory from the first processing stage and protection information for an identified protected memory region. The protection information indicates a protection state assigned to each protected memory region. Based on the instruction type of the received instruction and the protection information associated with a particular protected memory region, the second processing stage determines whether to enable or disable access to the particular protected memory region by the processor or other external host.Type: GrantFiled: June 19, 2017Date of Patent: June 9, 2020Assignee: Synopsys, Inc.Inventors: Pranab Bhooma, Carlos Basto, Kulbhushan Kalra
-
Patent number: 10652310Abstract: A method of distributing data over multiple Internet connections is provided. The method includes the steps of: (a) providing a client computer with access to a plurality of Internet connections; and (b) providing a host computer for determining the allocation of data to be sent to the client computer over each of the plurality of Internet connections using at least one of (i) predetermined criteria and (ii) dynamically changing criteria.Type: GrantFiled: October 29, 2018Date of Patent: May 12, 2020Assignee: Connectify, Inc.Inventors: Alexander Gizis, Brian Prodoehl, Kevin Cunningham, Brian Lutz
-
Patent number: 10635479Abstract: Described systems and methods allow protecting a hardware virtualization system from malicious software. Some embodiments use a hybrid event notification/analysis system, wherein a first component executing within a protected virtual machine (VM) registers as a handler for processor exceptions triggered by violations of memory access permissions, and wherein a second component executing outside the respective VM registers as a handler for VM exit events. The first component filters permission violation events according to a set of rules and only notifies the second component about events which are deemed relevant to security. The second component analyzes notified events to detect malicious software.Type: GrantFiled: December 18, 2017Date of Patent: April 28, 2020Assignee: Bitdefender IPR Management Ltd.Inventor: Andrei V. Lutas
-
Patent number: 10628192Abstract: Scalable techniques for data transfer between virtual machines (VMs) are described. the disclosure provides an apparatus including circuitry, a virtual machine management component for execution by the circuitry to define a plurality of public virtual memory spaces and assign each one of the plurality of public virtual memory spaces to a respective one of a plurality of VMs including a first VM and a second VM, and a virtual machine execution component for execution by the circuitry to execute a first virtual machine process corresponding to the first VM and a second virtual machine process corresponding to the second VM, the first virtual machine process to identify data to be provided to the second VM by the first VM and provide the data to the second VM by writing to a public virtual memory space assigned to the first VM. Other embodiments are described and claimed.Type: GrantFiled: December 24, 2015Date of Patent: April 21, 2020Assignee: INTEL CORPORATIONInventors: Ben-Zion Friedman, Eliezer Tamir
-
Patent number: 10606768Abstract: A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition.Type: GrantFiled: October 1, 2018Date of Patent: March 31, 2020Assignee: PathGuard, LLCInventors: Frank N. Newman, Dan Newman
-
Patent number: 10552091Abstract: Methods, apparatus and computer program products implement embodiments of the present invention that include storing one or more data volumes to a small computer system interface storage device, and receiving a request to map a given data volume to a host computer. One or more attributes of the given data volume are identified, and using the identified one or more attributes, a unique logical unit number (LUN) for the given data volume is generated. The given data volume is mapped to the host computer via the unique LUN. In some embodiments, the generated LUN includes one of the one or more attributes. In additional embodiments, the generated LUN includes a result of a hash function using the one or more attributes. In storage virtualization environments, the data volume may include secondary logical units, and mapping the given data volume to the host may include binding the SLU to the host.Type: GrantFiled: August 14, 2018Date of Patent: February 4, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Daniel I. Goodman, Ran Harel, Oren S. Li-On, Rivka M. Matosevich, Orit Nissan-Messing, Yossi Siles, Eliyahu Weissbrem
-
Patent number: 10545872Abstract: Techniques are described for reducing shared cache memory requests in a multi-threaded microprocessor-based system. One method includes receiving a request for data from a thread, identifying that the request correlates with a pending request associated with a different thread, combining the request with the pending request based on the identifying, and receiving the data after the combining, the receiving being based on the pending request. In some examples, the request may be associated with an address of a cache line in a cache memory.Type: GrantFiled: September 26, 2016Date of Patent: January 28, 2020Assignee: Ikanos Communications, Inc.Inventor: Alberto Brizio
-
Patent number: 10503666Abstract: A method for operating a microcontroller, where access rights of processes executed in the microcontroller to different memory areas are stored in a memory protection unit, includes, in the course of a simulation mode, a first process carrying out an access attempt to a certain memory area in a certain manner in the name of a second process; the memory protection unit transferring access rights of the second process for the certain memory area to the first process upon the access attempt. The access rights are read out by the first process and the simulation mode is terminated. The access attempt is preferably thereupon terminated and an access is not carried out according to this access attempt by the first process.Type: GrantFiled: November 7, 2016Date of Patent: December 10, 2019Assignee: Robert Bosch GmbHInventors: Jens Gladigau, Simon Hufnagel
-
Patent number: 10503892Abstract: The disclosed technology is generally directed to the authentication of software. In one example of the technology, a private attestation key is stored in hardware. In some examples, during a sequential boot process a hash is calculated, in an order in which the software stages are sequentially booted, of each software stage of a plurality of software stages. The hashes of each software stage of the plurality may be cryptographically appended to an accumulation register. The accumulation register may be used to attest to validity of the software stages. The plurality of software stages may include a first bootloader, a runtime for a first core of a multi-core processor, and a runtime for a first execution environment for a second core of the multi-core processor.Type: GrantFiled: June 25, 2017Date of Patent: December 10, 2019Assignee: Microsoft Technology Licensing, LLCInventor: Felix Stefan Domke
-
Patent number: 10496302Abstract: Described are techniques for use in connection with providing data protection. A storage resource for which data protection is provided by a data protection service may be identified. One or more criteria may be specified denoting one or more trigger conditions for providing data protection by the data protection service, wherein, responsive to an occurrence of any of the one or more trigger conditions, first processing may be performed by the data protection service to protect the storage resource. The one or more criteria may include a first criterion identifying a first amount of data change that has to occur with respect to the storage resource. Notification may be received regarding an occurrence of a first of the one or more trigger conditions. Responsive to receiving the notification, the first processing may be performed by the data protection service.Type: GrantFiled: March 10, 2016Date of Patent: December 3, 2019Assignee: EMC IP Holding Company LLCInventors: Natasha Gaurav, Dennis T. Duprey, Bruce R. Rabe, Binbin Lin, Scott E. Joyce
-
Patent number: 10496612Abstract: A method for converting metadata in a hierarchical configuration within a filesystem from a first format to a second format includes reading metadata that is in the first format within the hierarchical configuration; writing all of the metadata that is in the first format into a flat file; scanning the metadata to compile a list of inode chunks; sorting the list of inode chunks based on the on disk location of the inode chunks; and writing all of the metadata from the flat file back into the hierarchical configuration, the metadata being in the second format. The method can also include increasing the size of each of a first inode and a second inode within a first inode chunk in the filesystem, assigning the first inode to the first inode chunk, and assigning the second inode to a second inode chunk.Type: GrantFiled: May 10, 2017Date of Patent: December 3, 2019Assignee: QUANTUM CORPORATIONInventor: Tim LaBerge
-
Patent number: 10491773Abstract: An information processing apparatus includes circuitry to check whether a program is active at plural timings. The program is previously terminated while keeping prohibition of at least one operation of the information processing apparatus. The circuitry cancels the prohibition of the at least one operation of the information processing apparatus when the program remains inactive for a given period of time.Type: GrantFiled: June 14, 2018Date of Patent: November 26, 2019Assignee: Ricoh Company, Ltd.Inventor: Jongsook Eun
-
Patent number: 10481805Abstract: Preventing timeouts of I/O requests at a data storage system that are associated with cloud-based and/or external data storage systems. Rather than allow a timeout to occur, a response is sent to the host at a predetermined time before timeout, which will prevent the timeout from occurring and may cause the host system to “retry” the I/O operation by issuing another I/O request specifying the same I/O operation. The data storage system may repeat this process a preconfigured number of times or indefinitely, or until the host or user terminates or the application crashes. An I/O request received from a host may be configured in accordance with one or more SAN- or NAS-based protocols, and the I/O request may be translated into an I/O request conforming to one or more cloud-based and/or Internet-based protocols and transmitted to a cloud-based and/or external storage system.Type: GrantFiled: June 30, 2015Date of Patent: November 19, 2019Assignee: EMC IP Holding Company LLCInventors: Adnan Sahin, Wayne D'Entremont, Suresh Krishnan, Arieh Don
-
Patent number: 10452459Abstract: Systems and methods are described for verifying functionality of a computing device. Rules are received that are usable to configure a driver verifier function to capture information associated with a device driver identified by the rules. The configured driver verifier function is run on a computing device. The information is captured in response to driver conditions identified by the rules. The computing device is allowed to continue operation when the driver condition includes an error condition of the identified device driver. A communication is initiated to transmit the captured information to a driver verification analysis service.Type: GrantFiled: December 9, 2016Date of Patent: October 22, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Markus W. Mielke, Jakob F. Lichtenberg, Vladimir A. Levin, Remy L. De Weduwe, Hyuk Joon Kwon, Nathan L. Deisinger, Vikas Pabreja, Juncao Li
-
Patent number: 10387037Abstract: Techniques for enabling enhanced parallelism for sparse linear algebra operations having write-to-read dependencies are disclosed. A hardware processor includes a plurality of processing elements, a memory that is heavily-banked into a plurality of banks, and an arbiter. The arbiter is to receive requests from threads executing at the plurality of processing elements seeking to perform operations involving the memory, and to maintain a plurality of lock buffers corresponding to the plurality of banks. Each of the lock buffers is able to track up to a plurality of memory addresses within the corresponding bank that are to be treated as locked in that the values stored at those memory addresses cannot be updated by those of the threads that did not cause the memory addresses to be locked until those memory addresses have been removed from being tracked by the plurality of lock buffers.Type: GrantFiled: December 31, 2016Date of Patent: August 20, 2019Assignee: Intel CorporationInventors: Ganesh Venkatesh, Deborah Marr
-
Patent number: 10382578Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.Type: GrantFiled: September 30, 2015Date of Patent: August 13, 2019Assignee: Apple Inc.Inventors: Srinivas Vedula, Daniel P. Carter, Gianpaolo Fasoli, Augustin J. Farrugia, Eugene Jivotovski
-
Patent number: 10379768Abstract: In one embodiment, a memory interface employs selective memory mode authorization enforcement in accordance with the present description to ensure that memory modes of operation which have not been authorized, are not permitted to proceed. In one embodiment, mode control logic receives from memory control logic of the memory interface, memory mode selection data which is compared to a mode authorization classification structure to determine if the memory mode being selected in association with a memory transaction request is authorized or otherwise permitted. Memory mode enablement logic of the mode control logic enables the requested memory mode associated with a memory transaction request if it is determined that the selected memory mode associated with the memory transaction request is authorized. Other aspects are described herein.Type: GrantFiled: September 30, 2016Date of Patent: August 13, 2019Assignee: INTEL CORPORATIONInventors: Mahesh S. Natu, Vedaraman Geetha
-
Patent number: 10367923Abstract: The invention relates to a method for processing at least one data packet (78, 156) which comprises a first header (82, 158) and a payload (100, 160), wherein the first header (82, 158) is processed by a first mode and the payload (100, 160) is processed by a second mode, wherein a number of processing steps (172, 174) for carrying out the second mode is greater than a number of processing steps (168, 170) for carrying out the first mode, the two modes being performed separately from one another.Type: GrantFiled: October 2, 2012Date of Patent: July 30, 2019Assignee: Robert Bosch GmbHInventors: Volker Blaschke, Guenter Vogel, Timo Lothspeich, Anton Pfefferseder, Reiner Schnitzer, Jeffrey Lee, Soeren Krieger, Juergen Mallok
-
Patent number: 10348558Abstract: The present disclosure discloses a method and system for restarting the network service with zero downtime, comprising: a) listening, by an original process of the network service, on a first port; (b) configuring and initiating a transition process, wherein the configuring includes causing the transition process to listen on a second port different from the first port of the original process; (c) running a connection tracking module and, meanwhile adding an iptables rule to redirect a connection directed to the first port to the second port; (d) waiting until existing connections on the original process are processed completely, then exiting the original process; (e) initiating a new process on the first port according to a new configuring file; (f) reconfiguring the iptables rule to cancel port redirection; and (g) waiting until existing connections on the transition process are processed completely, then exiting the transition process.Type: GrantFiled: May 30, 2016Date of Patent: July 9, 2019Assignee: WANGSU SCIENCE & TECHNOLOGY CO., LTDInventor: Xun Chen
-
Patent number: 10346306Abstract: Methods and apparatuses relating to memory performance monitoring are described, including a processor and method for memory performance monitoring utilizing a monitor flag and first and second allocators for allocating virtual memory regions.Type: GrantFiled: April 2, 2016Date of Patent: July 9, 2019Assignee: Intel CorporationInventors: Amitabha Roy, Subramanya R. Dulloor, Rajesh M. Sankaran
-
Patent number: 10305793Abstract: A communication device conforming with plural communication standards and having a storage storing a plurality of virtual stacks each having an application program and communication program that implements a protocol stack for communication by the application program. An executor executes the virtual stacks, and a switching controller switches the virtual stacks to be executed by performing a first processing in which at least one part of at least one of the virtual stacks is read from storage and stored into a memory of, and executed by, the executor. Then, in accordance with free capacity in the memory, at least one part of at least one of the virtual stacks executed in the first processing is deleted from memory. In a second processing at least one part of at least one of the virtual stacks is read from the storage and stored into the memory of, and executed by, the executor.Type: GrantFiled: May 29, 2013Date of Patent: May 28, 2019Assignee: Yokogawa Electric CorporationInventors: Nobuo Okabe, Yukiyo Akisada, Kazunori Miyazawa, Yasuki Sakurai
-
Patent number: 10291543Abstract: A system, method, and computer program product are provided for migrating availability of a resource type in a communication network using network function virtualization, comprising: selecting a resource type; selecting a first section of the network where demand for the resource type is expected to grow; selecting a second section of the network where demand for the resource type is expected to be stable relative to the first section; selecting a third section of the network communicatively coupled to the first and second sections, the third section comprising higher availability of the resource type than the first section; migrating a first virtual network function (VNF) instance from the third section to the first section; and migrating a second virtual network function instance from the second section to the third section.Type: GrantFiled: January 26, 2016Date of Patent: May 14, 2019Assignee: AMDOCS DEVELOPMENT LIMITEDInventors: Eyal Felstaine, Ofer Hermoni, Itzik Kitroser, Nimrod Sandlerman
-
Patent number: 10261794Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.Type: GrantFiled: September 5, 2017Date of Patent: April 16, 2019Assignee: The Charles Stark Draper Laboratory, Inc.Inventor: Andre′ DeHon
-
Patent number: 10242022Abstract: The disclosed computer-implemented method for managing delayed allocation on clustered file systems may include (i) receiving, at a global lock manager that stores storage disk allocation information for a plurality of nodes in a clustered file system, a lock request from a node that requests a lock range on a storage disk to store data from a file, (ii) reserving, by the global lock manager, the lock range, (iii) receiving, at the global lock manager, from an additional node, an additional lock request for an additional lock range to store additional data from the file, and (iv) reserving, by the global lock manager, the additional lock range to be adjacent to the lock range on the storage disk based on the additional data on the additional node being from the same file as the data on the node. Various other methods, systems, and computer-readable media are also disclosed.Type: GrantFiled: August 10, 2016Date of Patent: March 26, 2019Assignee: Veritas Technologies LLCInventors: Sanjay Jain, Shirish Vijayvargiya, Anindya Banerjee
-
Patent number: 10236069Abstract: An apparatus is described. The apparatus includes a storage device having multiple non volatile memory chips and controller circuitry. The controller circuitry is to implement wear leveling of storage cells of the non volatile memory chips at a granularity of segments of storage cell arrays of the non volatile memory chips that share a same disturber node and that are coupled to a same storage cell array wire to diminish disturb errors.Type: GrantFiled: June 20, 2017Date of Patent: March 19, 2019Assignee: Intel CorporationInventors: Ning Wu, Robert E. Frickey
-
Patent number: 10235310Abstract: Described herein are technical features for freeing a buffer used during execution of a work-item by a multiprocessor. An example method includes identifying a first processing unit that assigned the buffer to the work-item, in response to a request from a second processing unit to free the buffer. The computer-implemented method also includes identifying a bitmap associated with the buffer, the bitmap being in a local memory of the first processing unit. The computer-implemented method also includes updating a bit from the bitmap to indicate that the buffer has been freed, the bit corresponding to the buffer.Type: GrantFiled: November 29, 2016Date of Patent: March 19, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jeffrey P. Kubala, Jerry A. Moody, Muruganandam Somasundaram
-
Pre-allocating memory buffers by physical processor and using a bitmap metadata in a control program
Patent number: 10223301Abstract: Aspects of the present invention include a method, system and computer program product that implements a memory management scheme for each processor in a multiprocessor system. The method includes pre-allocating, for each processor in a multiprocessor system, a set of memory buffers; and implementing a metadata bitmap for each pre-allocated set of memory buffers, wherein the metadata bitmap for each pre-allocated set of memory buffers comprises a plurality of bits, and wherein each of the plurality of bits is indicative of a usage state of a corresponding one of the memory buffers within each pre-allocated set of memory buffers.Type: GrantFiled: November 29, 2016Date of Patent: March 5, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jeffrey P. Kubala, Jerry A. Moody, Muruganandam Somasundaram -
Pre-allocating memory buffers by physical processor and using a bitmap metadata in a control program
Patent number: 10210109Abstract: Aspects of the present invention include a method, system and computer program product that implements a memory management scheme for each processor in a multiprocessor system. The method includes pre-allocating, for each processor in a multiprocessor system, a set of memory buffers; and implementing a metadata bitmap for each pre-allocated set of memory buffers, wherein the metadata bitmap for each pre-allocated set of memory buffers comprises a plurality of bits, and wherein each of the plurality of bits is indicative of a usage state of a corresponding one of the memory buffers within each pre-allocated set of memory buffers.Type: GrantFiled: February 10, 2017Date of Patent: February 19, 2019Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Jeffrey P. Kubala, Jerry A. Moody, Muruganandam Somasundaram -
Patent number: 10191852Abstract: Methods and apparatus for locking at least a portion of a shared memory resource. In one embodiment, an electronic device configured to lock at least a portion of a shared memory is disclosed. The electronic device includes a host processor, at least one peripheral processor and a physical bus interface configured to couple the host processor to the peripheral processor. The electronic device further includes a software framework that is configured to: attempt to lock a portion of the shared memory; verify that the peripheral processor has not locked the shared memory; when the portion of the shared memory is successfully locked via the verification that the peripheral processor has not locked the portion of the shared memory, execute a critical section of the shared memory; and otherwise attempt to lock the at least the portion of the shared memory at a later time.Type: GrantFiled: September 22, 2016Date of Patent: January 29, 2019Assignee: Apple Inc.Inventors: Vladislav Petkov, Haining Zhang, Karan Sanghi, Saurabh Garg
-
Patent number: 10191795Abstract: Embodiments relate to systems and methods for timeout monitoring of concurrent commands or parallel communication channels comprising assigning or de-assigning each one of the commands or communication channels to a corresponding one of a plurality of timeout timers when corresponding commands are to be transmitted or command acknowledges are received respectively.Type: GrantFiled: June 23, 2017Date of Patent: January 29, 2019Assignee: Infineon Technologies AGInventors: Karl Herz, Ljudmil Anastasov, Harald Zweck
-
Patent number: 10176122Abstract: A processor employs a hardware encryption module in the memory access path between an input/out device and memory to cryptographically isolate secure information. In some embodiments, the encryption module is located at a memory controller of the processor, and each memory access request provided to the memory controller includes VM tag value identifying the source of the memory access request. The VM tag is determined based on a requestor ID identifying the source of the memory access request. The encryption module performs encryption (for write accesses) or decryption (for read accesses) of the data associated with the memory access based on an encryption key associated with the VM tag.Type: GrantFiled: October 19, 2016Date of Patent: January 8, 2019Assignees: Advanced Micro Devices, Inc., ATI Technologies ULCInventors: David Kaplan, Maggie Chan, Philip Ng
-
Patent number: 10177921Abstract: A process is disclosed for authorizing a user's access to a limited access network. The process comprises sending an encrypted server random number to a previously registered user. If the user can demonstrate an ability to successfully decrypt the server random number, the user is authenticated and access is authorized. The process further comprises an encrypted user random number. Encryption of the user random number comprises the use of a server-controlled value. The web server's ability to return to the user a decryption of the encrypted user random number serves as confirmation that the web site is legitimate. In a preferred embodiment all communications of login values between the user and the web server are encrypted. In an embodiment a user is provided with a key for encrypting user random numbers and for decrypting server random numbers. The key may be automatically updated on a predetermined schedule.Type: GrantFiled: January 15, 2015Date of Patent: January 8, 2019Assignee: XORkey B.V.Inventor: Timotheus Martinus Cornelis Ruiter
-
Patent number: 10148732Abstract: A method of distributing data over multiple Internet connections is provided. The method includes the steps of: (a) providing a client computer with access to a plurality of Internet connections; and (b) providing a host computer for determining the allocation of data to be sent to the client computer over each of the plurality of Internet connections using at least one of (i) predetermined criteria and (ii) dynamically changing criteria.Type: GrantFiled: December 21, 2015Date of Patent: December 4, 2018Assignee: Connectify, Inc.Inventors: Alexander Gizis, Brian Prodoehl, Kevin Cunningham, Brian Lutz
-
Patent number: 10133508Abstract: A computer-implemented method for enhancing data protection is disclosed. The method starts with monitoring an operating status of a storage volume at a primary storage of a storage system, where the storage volume is allocated to one or more applications. The method continues with determining whether the operating status of the storage volume satisfies a predetermined condition and notifying a backup application to trigger a backup of the storage volume of the primary storage to a backup storage upon determining that the operating status of the storage volume satisfies the first predetermined condition.Type: GrantFiled: June 13, 2014Date of Patent: November 20, 2018Assignee: EMC IP Holding Company LLCInventors: Stephen D. Smaldone, Jian Xing, Hyong Shim
-
Patent number: 10129329Abstract: An improved method for the prevention of deadlock in a massively parallel processor (MPP) system wherein, prior to a process sending messages to another process running on a remote processor, the process allocates space in a deadlock-avoidance FIFO. The allocated space provides a “landing zone” for requests that the software process (the application software) will subsequently issue using a remote-memory-access function. In some embodiments, the deadlock-avoidance (DLA) function provides two different deadlock-avoidance schemes: controlled discard and persistent reservation. In some embodiments, the software process determines which scheme will be used at the time the space is allocated.Type: GrantFiled: October 13, 2015Date of Patent: November 13, 2018Assignee: Cray Inc.Inventors: Edwin L. Froese, Eric P. Lundberg, Igor Gorodetsky, Howard Pritchard, Charles Giefer, Robert L. Alverson, Duncan Roweth
-
Patent number: 10089248Abstract: A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition.Type: GrantFiled: February 20, 2017Date of Patent: October 2, 2018Assignee: Newman H-R Computer Design, LLCInventors: Frank N. Newman, Dan Newman
-
Patent number: 10089447Abstract: Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed.Type: GrantFiled: June 13, 2017Date of Patent: October 2, 2018Assignee: Intel CorporationInventors: Prashant Pandey, Mona Vij, Somnath Chakrabarti, Krystof C. Zmudzinski
-
Patent number: 10083071Abstract: An anomaly detector for a Controller Area Network (CAN) bus performs state space classification on a per-message basis of messages on the CAN bus to label messages as normal or anomalous, and performs temporal pattern analysis as a function of time to label unexpected temporal patterns as anomalous. The anomaly detector issues an alert if an alert criterion is met that is based on the outputs of the state space classification and the temporal pattern analysis. The temporal pattern analysis may compare statistics of messages having analyzed arbitration IDs with statistics for messages having those analyzed arbitration IDs in a training dataset of CAN bus messages, and a temporal pattern is anomalous if there is a statistically significant deviation from the training dataset. The anomaly detector may be implemented on a vehicle Electronic Control Unit (ECU) communicating via a vehicle CAN bus.Type: GrantFiled: September 17, 2015Date of Patent: September 25, 2018Assignee: BATTELLE MEMORIAL INSTITUTEInventors: Anuja Sonalker, David Sherman
-
Patent number: 10061657Abstract: Embodiments are described for dynamically modifying backup policy of an application using changes in metrics of a data set generated by the application and/or user-specified rules. Each application can have its own backup policy having a protection level that determines a frequency of backup for the application data set. An application can have an initial backup policy. An application backup policy can be based on the application type, a percent of change to the data set since the last backup, a size of the data set, or other metric. A user can specify a rule for the backup policy and protection level for the application. The backup policy or protection level can be dynamically updated in response to changes in the data set or a user-specified rule, on a per-application basis.Type: GrantFiled: March 23, 2016Date of Patent: August 28, 2018Assignee: EMC IP HOLDING COMPANY LLCInventors: Shelesh Chopra, John Rokicki, Vladimir Mandic
-
Patent number: 10025580Abstract: In accordance with embodiments of the present disclosure, a method may include querying, by an application program executing on a first information handling system, a second information handling system remotely coupled to the first information handling system for data comprising identities of versions or patches of an operating system certified by a provider of the operating system. The method may also include receiving the data in response to the query. The method may further include updating a support matrix associated with the application program based on the identities of certified versions or patches, the support matrix setting forth identities of versions or patches of the operating system supported by the application program.Type: GrantFiled: January 23, 2013Date of Patent: July 17, 2018Assignee: Dell Products L.P.Inventors: Matthew Christian Paul, Trung Minh Tran, Muhammad Rahman
-
Patent number: 10007553Abstract: A method designed to configure an IT system having at least one computing core for executing instruction threads, in which each computing core is capable of executing at least two instruction threads at a time in an interlaced manner, and an operating system, being executed on the IT system, capable of providing instruction threads to each computing core. The method includes a step of configuring the operating system being executed in a mode in which it provides each computing core with a maximum of one instruction thread at a time.Type: GrantFiled: March 10, 2011Date of Patent: June 26, 2018Assignee: BULL SASInventors: Xavier Bru, Philippe Garrigues, Benoît Welterlen
-
Patent number: 9990372Abstract: The disclosed embodiments disclose techniques for managing consistency for a file in a distributed filesystem. Two or more cloud controllers collectively manage distributed filesystem data that is stored in the cloud storage systems; the cloud controllers ensure data consistency for the stored data, and each cloud controller caches portions of the distributed filesystem. During operation, a cloud controller receives from a client a request to access the file. The cloud controller determines a level of consistency that is associated with the file, and then uses this level of consistency to determine whether to communicate with a peer cloud controller when handling the request.Type: GrantFiled: September 10, 2014Date of Patent: June 5, 2018Assignee: PANZURA, INC.Inventors: Yun Lin, Steve Hyuntae Jung, Vinay Kumar Anneboina, John Richard Taylor
-
Patent number: 9940287Abstract: A shared memory controller receives, from a computing node, a request associated with a memory transaction involving a particular line in a memory pool. The request includes a node address according to an address map of the computing node. An address translation structure is used to translate the first address into a corresponding second address according to a global address map for the memory pool, and the shared memory controller determines that a particular one of a plurality of shared memory controllers is associated with the second address in the global address map and causes the particular shared memory controller to handle the request.Type: GrantFiled: March 27, 2015Date of Patent: April 10, 2018Assignee: Intel CorporationInventor: Debendra Das Sharma
-
Patent number: 9934004Abstract: A computer readable medium including executable instructions that when executed perform a method for validating an optimization in generated code using an executable constraints document is provided. The medium can include instructions for relating an assumption to the optimization during code generation. The medium can include instructions for generating the executable constraints document during the code generation, the executable constraints document including information about the relating; and the medium can include instructions for executing the constraints document when the validating is performed, the validating including performing an operation based on a validation result produced by the validating, where the operation includes displaying the validation result to a user, storing the validation result, sending the validation result to a destination, or modifying the generated code.Type: GrantFiled: March 31, 2014Date of Patent: April 3, 2018Assignee: The MathWorks, Inc.Inventors: Aravind Pillarisetti, Peter S. Szpak, Jesung Kim, Xiaocang Lin, Pieter J. Mosterman
-
Patent number: 9928174Abstract: A consistent caching service for managing data consistency between a cache system and backing store is provided. The consistent caching service compares an origin token and a parity token associated with the cached copy of the data item to determine consistency of the data item. The origin and parity tokens may be generated by an operation that caused population of the data item to the cache. The parity token may be invalidated by a write operation of the data item, thus causing a mismatch between the two tokens.Type: GrantFiled: March 16, 2016Date of Patent: March 27, 2018Assignee: Amazon Technologies, Inc.Inventor: Paul Connell
-
Patent number: 9891962Abstract: Provided is a lock management system, a lock management method and a lock management program whereby lock acquisition and release processes can be carried out at high speed. A lock management system 1 having a multiprocessor includes: a lock acquisition process 310 for carrying out a lock acquisition process for a thread according to one or more lock modes, at least a portion of the lock modes being a shared lock that can be acquired by one or more threads; and lock status holding means 410 for managing the number of threads acquiring a lock, by first information which can express the number of threads by one word that can be handled by an indivisible access command of the multi-processor, and second information representing a whole range of the number of threads that can possibly acquire a lock in each lock mode.Type: GrantFiled: March 26, 2013Date of Patent: February 13, 2018Assignee: NEC CorporationInventor: Takashi Horikawa
-
Patent number: 9826045Abstract: Systems and methods are provided to test changes for a mobile app built by web-based tooling directly on a physical mobile device. A first application can be loaded on a mobile device. The first application can receive metadata of a second application. The first application can execute the second application using the metadata. Access to local resources can be intercepted and redirected to the server for processing. Additionally, changes made to the second application using the web-based tooling can be pushed to the first application using a persistent channel allowing the changes to be immediately tested.Type: GrantFiled: September 25, 2015Date of Patent: November 21, 2017Assignee: Oracle International CorporationInventors: Christian David Straub, Maneesh Chugh
-
Patent number: 9817573Abstract: A smart card management method, a memory storage device, and a memory control circuit unit are provided. The method includes: receiving a first setting command corresponding to a temporary file from a host system. The temporary file is configured to access the smart card, and the first setting command includes a plurality of first setting messages. One of the first setting messages includes first setting command verification information and first location identification information. The first setting command verification information is configured to verify whether the first setting command is configured to set the temporary file, and the first location identification information is configured to find a logical unit corresponding to the first setting message including the first location identification information. The method also includes: recording a first logic range belonging to the temporary file in a look-up table according to the first setting command.Type: GrantFiled: March 24, 2015Date of Patent: November 14, 2017Assignee: PHISON ELECTRONICS CORP.Inventors: Meng-Chang Chen, Hsing-Chang Liu
-
Patent number: 9812186Abstract: A first level buffer chip gates a target second level buffer chip according to a preset mapping relationship, a first chip select signal, and a first higher-order address signal, and forwards a memory access instruction and a lower-order address signal received from a memory controller to the target second level buffer chip. The target second level buffer chip determines a target memory module according to a second chip select signal and a delayed address signal obtained by delay processing on a second higher-order address signal, determines a target memory chip according to the lower-order address signal, acquires target data from the target memory chip according to the memory access instruction, and returns the target data to the memory controller. A cascading manner of a system memory is changed to a tree-like topological form, which avoids a protocol conversion problem and reduces the memory access time.Type: GrantFiled: October 26, 2015Date of Patent: November 7, 2017Assignee: Huawei Technologies Co., Ltd.Inventors: Yuan Ruan, Mingyu Chen
-
Patent number: 9792294Abstract: The disclosed embodiments disclose techniques for using byte-range locks to manage multiple concurrent accesses to a file in a distributed filesystem. Two or more cloud controllers collectively manage distributed filesystem data that is stored in the cloud storage systems; the cloud controllers ensure data consistency for the stored data, and each cloud controller caches portions of the distributed filesystem. During operation, a cloud controller receives from a first client a request to access a portion of the file. The cloud controller contacts the owning cloud controller for the portion of the file to request a byte-range lock for that portion of the file. The owning cloud controller returns a byte-range lock to the requesting cloud controller if no other clients of the distributed filesystem are currently locking the requested portion of the file with conflicting accesses.Type: GrantFiled: July 2, 2014Date of Patent: October 17, 2017Assignee: PANZURA, INCInventors: Yun Lin, Richard Sharpe