Abstract: A method and apparatus for efficiently executing nested transactions is herein described. Hardware support for execution of transactions is provided. Additionally, through the use of logging previous values immediately before a current nested transaction in a local memory and storage of a stack of handlers associated with a hierarchy of transactions, nested transactions are potentially efficiently executed. Upon a failure, abort, or invalidating event/access within a nested transaction, the state of variables or memory locations written to during execution of the nested transaction are rolled-back to immediately before the nested transaction, instead of all the way back to an original state of the variables or memory locations before an enclosing transaction. As a result, nested transactions may be re-executed within enclosing transactions, without flattening the enclosing and nested transactions to re-execute everything.

Abstract: Methods and software are presented for processing data in a programmable processor, involving (a) decoding instructions for execution using an execution unit operable to execute instructions by partitioning data stored in registers in a register file into multiple data elements, the instructions selected from an instruction set that includes group arithmetic instructions and group data handling instructions, (b) in response to decoding different group data handling instructions, executing group data handling operations that re-arrange data elements in different ways, and (c) in response to decoding different group arithmetic instructions, executing a plurality of different group floating-point and group integer arithmetic operations that each arithmetically operates on the multiple data elements stored in registers in the register file to produce a catenated result that is returned to a register in the register file, wherein the catenated result comprises a plurality of individual results.

Abstract: A method and apparatus for executing instructions. The method includes receiving a first load instruction and a second load instruction. The method also includes issuing the first load instruction and the second load instruction to a cascaded delayed execution pipeline unit having at least a first execution pipeline and a second execution pipeline, wherein the second execution pipeline executes an instruction in a common issue group in a delayed manner relative to another instruction in the common issue group executed in the first execution pipeline. The method also includes accessing a cache by executing the first load instruction and the second load instruction. A delay between execution of the first load instruction and the second load instruction allows the cache to complete the access with the first load instruction before beginning the access with the second load instruction.

Abstract: A method for preloading data in a CPU pipeline is provided, which includes the following steps. When a hint instruction is executed, allocate and initiate an entry in a preload table. When a load instruction is fetched, load a piece of data from a memory into the entry according to the entry. When a use instruction which uses the data loaded by the load instruction is executed, forward the data for the use instruction from the entry instead of from the memory. When the load instruction is executed, update the entry according to the load instruction.

Abstract: A method is disclosed for executing a load instruction. Address information of the load instruction is used to generate an address of needed data, and the address is used to search a cache memory for the needed data. If the needed data is found in the cache memory, a cache hit signal is generated. At least a portion of the address is used to search a queue for a previous load instruction specifying the same address. If a previous load instruction specifying the same address is found, the cache hit signal is ignored and the load instruction is stored in the queue. A load/store unit, and a processor implementing the method, are also described.

Abstract: A multiprocessing system, including a multithreading microprocessor and a multiprocessor operating system (OS), is disclosed. The microprocessor includes a plurality of thread contexts (TCs), each having a program counter and a general purpose register set for executing a thread. The OS includes a data structure having an entry for each of the plurality of TCs, each entry containing information describing capabilities of the corresponding one of the plurality of TCs. Each entry further comprises a TC identifier field for identifying a corresponding one of the plurality of TCs. The OS populates the TC identifier field for each of the entries with a unique identifier value.

Abstract: In the context of a microprocessor and a program, the invention provides parallel subword compare instructions that store results in a selectable intra-register subword location. In a targeting approach, an instruction permits the location to be specified; alternatively, there can be plural instructions, each associated with one of the locations. In a replicating approach, plural replicas are stored in the alternative locations. In a shifting approach, the instruction moves prior results, so that the number of subsequent iterations of the instruction determines the location of a result. The invention provides for overwriting and content-preserving instructions, and for overlapping and separate locations. The invention allows results from multiple parallel subword compare operations with relatively few instructions. The invention also provides for other parallel subword instructions.

Abstract: A hard disk drive (HDD) self-test system comprises a basic input/output system (BIOS) configured to automatically invoke a self-test of an HDD based on a predetermined schedule.

Abstract: A system for managing a distributed MetaHop that is administered, managed, and monitored as a single entity. If a new gateway is added to a MetaHop, the gateway can be provisioned with membership credentials by an administrator who indicates relatively basic information for the new gateway to join the MetaHop. Once provisioned with relatively basic information, the new gateway can be shipped to a relatively remote site where it automatically seeks out an entry point to the MetaHop. After connecting to an entry point (or entry points), the new gateway is automatically provisioned with any other information used to join the MetaHop. In one embodiment, the joined gateway is automatically enabled to forward traffic. In another embodiment, a new gateway is disabled for traffic forwarding until the administrator enables it for such forwarding on the MetaHop.

Abstract: An embodiment of the present invention comprises a method of updating firmware of a peripheral device coupled to a computer system. A first boot operation is executed for loading an operating system into the computer system, and an update routine is installed for loading updated firmware into the peripheral device. The operating system is modified so that the update routine is executed early during a second boot operation for loading the operating system into the computer system. The second boot operation is executed, during which the update routine is executed to load the updated firmware into the peripheral device. In one embodiment, the update routine comprises an update driver having a DriverEntry code segment for loading the updated firmware into the peripheral device.

Abstract: Aspects of the invention provide a method and system for coding information in a communication channel. More particularly, aspects of the invention provide an method and system for synchronous running encryption and/or encoding and corresponding decryption and decoding in a communication channel or link. Aspects of the method may include encoding and/or encrypting a first data using a first or second encoding table and/or a first or second encryption table. The method may indicate which one of the first or second encoding tables or which one of the first or second encryption tables were utilized for encoding and/or encrypting the said first data. The encoded and/or encrypted first data may subsequently be transferred downstream and decoded by synchronous decoder/decryptor using a corresponding decoding and/or decryption table. The corresponding decoding and/or decryption table may be determined based on the indicated first and/or second encoding and/or encrypting tables.

Abstract: Methods and apparatus, including computer program products, implementing and using techniques for exchanging certificates, including generating a first container object including one or more of a sender's certificate and a request for a recipient's certificate, wherein the first container object has a recognizable container type, and transmitting the first container object to a recipient's address. Upon receipt of the first container object, it can be determined the first container object includes one or more of a certificate and a request for a certificate of the recipient. A request for a certificate can be responded to by generating a second container object including a certificate of the recipient, extracting a return address from the first container object, and transmitting the second container object to the return address.

Abstract: A system and method for communicating information between multiple locations. A computer receives, via a network, information signed and/or encrypted at a first location in accordance with a first signing and encryption methodology. The information is decrypted and the signatures of the information are validated using the first signing and/or encrypting methodology. The information is re-signing and/or re-encrypting with a second signing and encryption methodology such that the information can be decrypted and/or its signatures validated at a second location. The information is then transmitted to the second location via a network.

Abstract: A system and method for the secure transfer of data between a workstation connected to a private network and a remote computer connected to an unsecured network. A secure computer is inserted into the private network to serve as the gateway to the unsecured network and a client subsystem is added to the workstation in order to control the transfer of data from the workstation to the secure computer. The secure computer includes a private network interface connected to the private network, an unsecured network interface connected to the unsecured network, wherein the unsecured network interface includes means for encrypting data to be transferred from the first workstation to the remote computer and a server function for transferring data between the private network interface and the unsecured network interface.

Abstract: According to one embodiment, a method for scrambling and descrambling program data comprises the receipt of a mating key generator message including a manufacturer identifier. The mating key generator message is transmitted to a first remote source identified by the manufacturer identifier. In response, a mating key is received from the first remote source. Then, the mating key is supplied to a second remote source, the mating key being subsequently used to encrypt a service key used for scrambling program data.

Abstract: A collective packet generator forms collective Internet Protocol (IP) data packets, each of which contains several IP data packets of different communication data streams, for encrypted transmission of each of the communication data streams as a sequence of IP data packets. A particular collective IP data packet is encrypted by an encryption module for encrypting IP data packets. The encrypted collective IP data packets are then transmitted via a communication network.

Abstract: Embodiments herein address some of the problems associated with compromised configuration files used in a remote sessions of a virtual computing environment. Accordingly, a subset of settings in a configuration file are secured from malicious or accidental modification, while other portions of the configuration file are modifiable by a user as desired without invalidating the integrity of the secure subset. This not only allows for the user to be assured of the integrity of the settings, but also allows an administrator of the remote or terminal server with the ability to control how and what access a client has to resources thereon. Such access may be further controlled based on a trust level between the client, server, and/or publisher of the configuration file.

Abstract: A method of providing automatically verifiable trust in a content resolution process in which a PDR resolves a content reference identifier (CRID) identifying a content item using a resolution authority record (RAR) to obtain a locator identifying a location where the PDR can obtain the content item. Preferably, the measure comprises computing a digital signature over at least part of the contents of the CRID, the locator and/or the RAR. The method may also comprise encrypting at least a data portion of the CRID, RAR or locator. Digital rights needed to access the content item can be provided with the CRID, RAR or locator.

Abstract: A CE apparatus (9) is a terminal capable of including apparatus authentication information therein with a high degree of safety. A management server (7) encrypts apparatus authentication information and transmits the encrypted apparatus authentication information to a factory (5). A factory worker links a connection means (10) to a connector of the CE apparatus (9). The encrypted apparatus authentication information transmitted by the management server (7) to the factory (5) is supplied to the CE apparatus (9) in a state of being encrypted as it is by way of the connection means (10). The CE apparatus (9) includes an embedded write module for decrypting the encrypted apparatus authentication information and storing the apparatus authentication information in a storage unit. That is to say, the apparatus authentication information supplied by way of the connection means (10) is decrypted by the write module and stored in the storage unit employed in the CE apparatus (9).

Abstract: An authentication method for link protection between an OLT and an ONU newly connected thereto in an EPON, which is implemented in a data link layer to which cryptography is applied. First, an authentication key is distributed to both the OLT and an ONU. The OLT (or ONU) generates first and second random values, generates an authentication request frame containing the random values, and transmits it to the ONU (or OLT). The ONU generates a first hash value according to a hash function using the random values contained in the request frame, and transmits an authentication response frame containing the first hash value to the OLT. The OLT compares the first hash value with a second hash value calculated by it according to the has function using the two random values and an authentication key distributed to it, and transmits an authentication result frame to the ONU.

Abstract: Processing for extending function of an information processing apparatus having functions, the use of which is restricted, is managed by canceling the restriction of the use of function in association with an information storing device which is connected to information processing apparatus A, B. The information storing device holds information on a list of product keys and the number of possible function extensions (the number of restriction cancellations and the number of licenses) as information for canceling the restriction in advance. The number of information processing apparatus, the functions of which are extended, is managed by reducing the number of possible function extensions each time when one function of the information processing apparatus A is extended. Unnecessary function is deleted from the information processing apparatus A so as to increase the number of licenses. Correspondingly, the function of the information processing apparatus B can be extended.

Abstract: A secure system for authenticating the identity of ADS-B systems, including: an authenticator, including a unique id generator and a transmitter transmitting the unique id to one or more ADS-B transmitters; one or more ADS-B transmitters, including a receiver receiving the unique id, one or more secure processing stages merging the unique id with the ADS-B transmitter's identification, data and secret key and generating a secure code identification and a transmitter transmitting a response containing the secure code and ADSB transmitter's data to the authenticator; the authenticator including means for independently determining each ADS-B transmitter's secret key, a receiver receiving each ADS-B transmitter's response, one or more secure processing stages merging the unique id, ADS-B transmitter's identification and data and generating a secure code, and comparison processing comparing the authenticator-generated secure code and the ADS-B transmitter-generated secure code and providing an authentication signa

Abstract: A method for setting up a secure communication line between a user and a service provider using non-secure communication channels within an insecure network, comprising the steps of transmitting an identity token from a user station to a service provider station both coupled to the insecure network; upon reception of the identity token, triggering the creation of a secret URL by the service provider station; transmitting the secret URL within a secure side channel to the user station; obtaining, within the user station, the secret URL, and setting-up a new communication path in the insecure network linking the user and the service provider station based on said secret URL. Beside discarding a man-in-the-middle by denying him access to the data flow it is also possible to stop him through denying him access to the content of the data flow. Such access can be denied through use of a one-time codebook with semantics only known to the User and the authentication service provider.

Abstract: A method and system for a secure telephone protocol are disclosed, which can be implemented using current Voice over IP (VoIP) protocols, Session Initiation Protocol (SIP, as specified in the Request for Comment (RFC) 3261 from the Internet Engineering Task Force (IETF)), Real Time Transport Protocol (RTP, as specified in RFC 3550), and Secure RTP (SRTP, as specified in RFC 3711). The secure telephone protocol can include a shared secret value that is cached and then re-used later to authenticate a long series of session keys to be used for numerous separate secure phone calls over a long period of time, thereby providing cryptographic key continuity without the need for voice authentication. In an embodiment, the secure telephone protocol can utilize the Diffie-Hellman key exchange during call setup, and AES for encrypting the voice stream.

Abstract: Methods, apparati, and computer-readable media for securely transporting a software application onto a tamper resistant module (TRM) (103) by using an individualized TRM key set. A method embodiment of the present invention comprises: storing a key pair unique to the TRM (103) in a memory located on the TRM (103), where the key pair comprises a TRM public key (150) and a TRM private key (190); retrieving the TRM public key from the TRM; encrypting a portion of the software application using the TRM public key (150); transmitting the encrypted software application to the TRM (103); and recovering and decrypting the encrypted software application using the TRM private key (190).

Abstract: Methods, apparati, and computer-readable media for securely transporting a software application onto a tamper resistant module (TRM) (103) by using an individualized TRM key set. A method embodiment of the present invention comprises: storing a key pair unique to the TRM (103) in a memory located on the TRM (103), where the key pair comprises a TRM public key (150) and a TRM private key (190); retrieving the TRM public key from the TRM; encrypting a portion of the software application using the TRM public key (150); transmitting the encrypted software application to the TRM (103); and recovering and decrypting the encrypted software application using the TRM private key (190).

Abstract: Methods and apparati for securely loading one or more computer software applications onto a tamper resistant module (TRM) (107) and for securely deleting one or more applications from the TRM. An embodiment of the invention comprises a method for determining, based at least upon an encrypted personalization data block, whether a TRM (107) is part of a qualified set of TRM's to accept loading of an application. Thereafter, the method provides for loading the application onto the TRM (107) only after the first step determines that the TRM (107) is qualified to accept the loading of the application. Another embodiment comprises a method for determining, based at least upon an encrypted personalization data block, whether a TRM (107) is part of a qualified set of TRM's to accept deleting of an application. Thereafter, the method provides for deleting the application from the TRM (107) only when the first step determines that the TRM (107) is qualified to accept the deleting of the application.

Abstract: Disclosed is a system configured to process content to enable tracing of at least one of a multitude of subsequent uses of content by at least one user. The system provides for: making markable content from content, iteratively marking the markable content with information such as use information; and later extracting at least one of the iteratively applied marks.

Abstract: A method and apparatus for electronic commerce using a digital ticket are provided. The method for electronic commerce using a digital ticket includes hiding a message comprising a random number and transmitting the hidden message to a ticket issuer, receiving the hidden message signed with a digital signature by the ticket issuer, verifying the digital signature on the message, and transmitting the message with the verified digital signature to the ticket issuer to consume a digital ticket.

Abstract: A cryptosystem has a secret based on an order of a group of points on a Jacobian of a curve. In certain embodiments, the cryptosystem is used to generate a product identifier corresponding to a particular product. The product identifier is generated by initially receiving a value associated with a copy (or copies) of a product. The received value is padded using a recognizable pattern, and the padded value is converted to a number represented by a particular number of bits. The number is then converted to an element of the Jacobian of the curve, and the element is then raised to a particular power. The result of raising the element to the particular power is then compressed and output as the product identifier. Subsequently, the encryption process can be reversed and the decrypted value used to indicate validity and/or authenticity of the product identifier.

Abstract: Methods and computer program products for creating sketches of a document, which are compared with sketches of other documents, in order to determine the documents' degree of similarity. A sketch is a digest of information from random locations within a document. A document is divided into a set of shingles. Each shingle is converted into a set of fingerprints. A sketch is determined based on one bit fingerprints thus created. In order to create additional sketches of the document, a new set of fingerprints are created by randomization techniques.

Abstract: Z-transform calculations may be used to encode (and/or decode) carrier signal independent data (e.g., digital watermarks) to a digital sample stream. Deterministic and non-deterministic components of a digital sample stream signal may be analyzed for the purposes of encoding carrier signal independent data to the digital sample stream. The carrier signal independent data may be encoded in a manner such that it is restricted or concentrated primarily in the non-deterministic signal components of the carrier signal. The signal components can include a discrete series of digital samples and/or a discreet series of carrier frequency sub-bands of the carrier signal. Z-transform calculations may be used to measure a desirability of particular locations and a sample stream in which to encode the carrier signal independent data.

Abstract: Application factoring or partitioning is used to integrate secure features into a conventional application. An application's functionality is partitioned into two sets according to whether a given action does, or does not, involve the handling of sensitive data. Separate software objects (processors) are created to perform these two sets of actions. A trusted processor handles secure data and runs in a high-assurance environment. When another processor encounters secure data, that data is sent to the trusted processor. The data is wrapped in such a way that allows it to be routed to the trusted processor, and prevents the data from being deciphered by any entity other than the trusted processor. An infrastructure is provided that wraps objects, routes them to the correct processor, and allows their integrity to be attested through a chain of trust leading back to base component that is known to be trustworthy.

Abstract: A method and apparatus for implementing portions of a provisional signature scheme are disclosed. In one embodiment, the method comprises creating a provisional signature by performing an operation on a message and completing the provisional signature to create a final signature on the message. Such a scheme may be used for server assisted signature schemes, designated confirmer signature schemes and blind signature schemes.

Abstract: In a target apparatus which stores at least one piece of domain key information in a first area and a plurality of pieces of content key information each associated with any one of the domain key information in a second area, a method for generating data for detecting tampering of the content key information. The method comprises the steps of encrypting the content key information associated with one of the domain key information using a chain encryption technique, extracting data at predetermined positions in the encrypted content key information, concatenating the pieces of data extracted at the predetermined positions in the encrypted content key information to obtain concatenated data, performing a hash calculation with respect to the concatenated data to obtain a hash value, storing check values corresponding to the data at the predetermined positions in plain text, in the target apparatus, and storing the hash value in the target apparatus.

Abstract: A system and method allows a user to authenticate a communication from a computer system, a computer system to authenticate a user, or both. When a user requests a web page from the web site, customization information that is recognizable to the user is provided to allow the user to authenticate the web site. A signed, encrypted persistent file stored on the user's computer system or installed on a different computer system, or a trusted computing subsystem allows the web site to authenticate the user. If the user is using a system that will not allow that user to be authenticated, the user may instruct the system to continue providing information without the user's customization information. The system and method may be used to allow the user to authenticate an e-mail message or its source, and Flash movies or other computer code may be used if the user's e-mail client does not employ cookies.

Abstract: The present invention relates generally to computer software, and more specifically, to a system and method of foiling buffer-overflow and alien-code attacks. The invention protects computers from such attacks by encoding data placed in storage, and varying the encodings used in different storage areas. When the data is needed by a software application, the data is simply decoded in a complementary manner. This prevents storage areas written according to one usage from being used effectively for some other purpose. The method of the invention can be done in a number of ways. For example, a “protector” engine can be placed between a software application and memory, or the function calls in the software application itself, could be amended to include encoding and decoding. Other embodiments and alternatives are also described.

Abstract: Briefly, in accordance with one or more embodiments, copyrights of digital data may be controlled.

Abstract: The present invention provides a method for controlling copyrights of digital data in a database system including real time transmission of a digital picture. Copyrights are controlled using one or more of the following, as necessary, in addition to a permit key: a copyright control program, copyright information or copyright control message. The copyright control program, the copyright information and the copyright control message are supplied together with the permit key, or they are supplied together with the data. Otherwise, a part of them is supplied together with the permit key and the other part of them is supplied together with the data. The data, the permit key, the copyright control message, the copyright information and the copyright control program are (1) transmitted while encrypted, but are decrypted when used, or (2) they are transmitted while encrypted and decrypted for display only, otherwise remaining encrypted, or (3) they may not be encrypted at all.

Abstract: A verification system has an operational component registry 10 that includes an interface 20, a memory device 30, and a processor 40. Preferably, the interface 20 in the operational component registry 10 communicates the installed identification data 50 from the gaming units 60 to the operational component registry. The memory device 30 preferably stores registered identification data 70 for the gaming units 60. Preferably, the processor 40 in the operational component registry 10 then analyzes the registered identification data 70 and the installed identification data 50 from the gaming units 60, after which enablement of the gaming units is determined based upon the examination of the registered identification data and the installed identification data. An operational component registry 10 may also monitor changes, services, requirements, enablement, and productivity of the gaming units or components of the gaming units.

Abstract: Improved approaches to update computer program code residing within a computing device are disclosed. By maintaining a former version of the computer program code, the computing device remains operable even if the update to the computer program code fails. Hence, the invention permits reliable updates to computer program code, which is particularly useful for firmware (e.g., boot-up code) of computing devices. For control and security, each version of computer program code can include authentication information. Before the computer program code is used, the computer program code can be required to be authenticated using the authentication information.

Abstract: Embodiments of methods, devices and/or systems for managing the encryption of data are described.

Abstract: To render content on a medium, a device obtains a table from the medium, obtains a private key of the device (PR-PD), indexes into an entry of the table based thereon, obtains (PU-PD(RND)) from the indexed-into entry of the table, and applies (PR-PD) to (PU-PD(RND)) to expose a random key (RND). Then, the device obtains (RND(PR-PM)) from the table, applies (RND) to (RND(PR-PM)) to expose a private key of the medium (PR-PM), obtains (PU-PM(KD)) from the license, applies (PR-PM) to (PU-PM(KD)) to expose a content key (KD), obtains (KD(content)) from the storage medium, applies (KD) to (KD(content)) to expose the content.

Abstract: A CPU (1) automatically preserves the CPU context in a computer memory (5) that remains powered-up when the CPU is powered down in sleep mode. By means of the preserved CPU context, the CPU is able to instantly and transparently resume program execution at the instruction of the program that was asserted for execution when the CPU was powered down. The CPU is permitted to power down frequently, even during execution of a program, and results in reduced average overall power consumption.

Abstract: Disclosed herein is a method of controlling power consumption of a mobile communication terminal, and a mobile communication terminal in which the method is implemented. The mobile communication terminal, having peripheral devices, such as a speaker, Liquid Crystal Display (LCD) and a camera, and a diversity unit for implementing a diversity function, includes a power measurement unit and a control unit. The power measurement unit measures power consumed in the diversity unit. The control unit controls the power consumption of the peripheral devices based on the amount of consumed power read from the power measurement unit. Accordingly, the power consumption of the peripheral devices is appropriately controlled, so that unnecessary power consumption can be reduced, therefore the lifespan of a battery can be prolonged.

Abstract: A new system-level approach to managing the delivery of DC voltage and current. Several system level functions may be enabled without requiring separate ICs to perform those functions. Supervisory functions for a voltage converter may be performed by a central control module or chip that may be coupled to point-of-load voltage converters comprised in digital power management devices (DPMD) through a serial digital bus. The DPMDs may also use the high-speed serial digital bus to provide real-time feedback information to the central control module or chip. Single DPMDs may be combined together in a current sharing configuration in a “plug-and-play” fashion, where the control logic in each DPMD is capable of automatically establishing control loops required a multi-phase supply. Feedback necessary for establishing control may be transmitted across the digital bus coupling the devices.

Abstract: An intermittent computing system state and intermittent computing module is described for a power-constrained personal computer. In the intermittent computing system state, the power-constrained personal computer may transition between sub-states of the intermittent computing system state according to an intermittent computing schedule. Each intermittent computing sub-state may be associated with hardware power sets and software power sets. Altering power supply to hardware components referenced by hardware power sets may alter power consumed in associated intermittent computing sub-states. A caching mechanism may be configured to make it likely that software components referenced by software power sets are loaded into powered storage types during associated intermittent computing sub-states. In the intermittent computing system state, periods of high functionality may be available over extended periods without the high power consumption associated with a continuous working system state.

Abstract: A method for on-demand power management monitors a processing demand in a processing system operating at a first set of voltages and frequencies and generates a second set of voltages and frequencies in response to the processing demand. The method switches from the first set of voltages and frequencies to the second set of voltages and frequencies without halting the processing system.

Abstract: An architecture for a computer includes a primary processor that consumes power at a first rate, that is operated when the computer is in an high power mode and that is not powered when the computer is in a low power mode. A primary graphics processor communicates with the primary processor, is operated when the computer is in the high power mode and is not powered when the computer is in the low power mode. A secondary graphics processor communicates with a secondary processor. The secondary processor consumes power at a second rate that is less than the first rate. The secondary processor and the secondary graphics processor are operated when the computer is in the low power mode.

Abstract: Many computing device may now include two or more graphics subsystems. The multiple graphics subsystems may have different abilities, and may, for example, consume differing amount of electrical power, with one subsystem consuming more average power than the others. The higher power consuming graphics subsystem may be coupled to the device and used instead of, or in addition to, the lower power consuming graphics subsystem, resulting in higher performance or additional capabilities, but increased overall power consumption. By transitioning from the use of the higher power consuming graphics subsystem to the lower power consuming graphics subsystem, while placing the higher power consuming graphics subsystem in a lower power consumption mode, overall power consumption is reduced.