Abstract: Various systems and methods for queue management in computer memory are described herein. A system for implementing a zero thrash cache queue manager includes a processor subsystem to: receive a memory access request for a queue; write data to a queue tail cache line in a cache when the memory access request is to add data to the queue, the queue tail cache line protected from being evicted from the cache; and read data from a current queue head cache line in the cache when the memory access request is to remove data from the queue, the current queue head cache line protected from being evicted from the cache.

Abstract: Example methods, apparatus, systems and articles of manufacture (e.g., physical storage media) to control digital video bandwidth utilization with a virtualized communication hub are disclosed. Example methods disclosed herein include monitoring, with a virtual access function of the virtualized communication hub, an aggregate load on a broadband access medium to detect bandwidth utilization events. Disclosed example methods also include sending, from the virtual access function, a first notification message to a virtual set-top box of the virtualized communication hub in response to detecting a first bandwidth utilization event. Disclosed example methods further include adjusting, at the virtual set-top box and based on the first notification message, an output bandwidth for streaming digital media from the virtual set-top box to a physical set-top box via a broadband access medium.

Abstract: Techniques are disclosed for controlling data transmission in multi-stream digital systems. The techniques disclosed allow an input stream to a conditional access system to be throttled when a FIFO begins to fill up. Each data stream may have its own FIFO, which sends data to a MUX and exports its status to a backpressure rate control module. Multiple seconds worth of data may be stored in a BPRC buffer ahead of the backpressure rate control module prior to being transmitted to a MUX FIFO buffer. The backpressure rate control module may use the cached data to fill available spaces within a MUX FIFO buffer. The determination to forward a data packet may be based on the individual MUX FIFO buffer levels, the sum of all the MUX FIFO buffer levels, and/or one or more configurable threshold values. In some embodiments, individual thresholds may be assigned to each FIFO buffer.

Abstract: Efficient architecture for a secure access enforcement proxy is described. The proxy interfaces with multiple subsystems and multiple shared resources. The proxy identifies an original transaction command being sent from one of the subsystems to one of the shared resources, identifies a policy corresponding to the subsystem, performs an action pertaining to the original transaction command based on the policy, and sends a response to the subsystem based on the action.

Abstract: Techniques are disclosed for controlling data transmission in multi-stream digital systems. The techniques disclosed allow an input stream to a conditional access system to be throttled when a FIFO begins to fill up. Each data stream may have its own FIFO, which sends data to a MUX and exports its status to a backpressure rate control module. Multiple seconds worth of data may be stored in a BPRC buffer ahead of the backpressure rate control module prior to being transmitted to a MUX FIFO buffer. The backpressure rate control module may use the cached data to fill available spaces within a MUX FIFO buffer. The determination to forward a data packet may be based on the individual MUX FIFO buffer levels, the sum of all the MUX FIFO buffer levels, and/or one or more configurable threshold values. In some embodiments, individual thresholds may be assigned to each FIFO buffer.

Abstract: Efficient architecture for a secure access enforcement proxy is described. The proxy interfaces with multiple subsystems and multiple shared resources. The proxy identifies an original transaction command being sent from one of the subsystems to one of the shared resources, identifies a policy corresponding to the subsystem, performs an action pertaining to the original transaction command based on the policy, and sends a response to the subsystem based on the action.

Abstract: A method for secure remote storage of system-boot executable image for a network access device embedded in an untrusted remote user device operably connected to a service provider's network. In an exemplary embodiment, a copy of service provider's executable image is distributed to provider's network access device by the central network administration system. The executable image is encrypted locally by the provider's network access device using a unique encryption key which is generated by and stored in a non-volatile memory on said access device. The encrypted image is then passed to and stored in the non-volatile memory of the host user device. During system boot, the encrypted image is fetched from the host device to the network access device where it is decrypted and stored in active memory of the network device during normal system operations. This results in cost savings to provider by limiting remote access device's non-volatile storage requirements.