Abstract: In one embodiment, a computer program product includes a computer readable storage medium having computer readable program code embodied therewith, the computer readable program code being configured to: assign volume(s) to either a storage group or a reserve storage pool group, designate each of the volume(s) assigned to the storage group as a storage volume, designate each of the volume(s) assigned to the reserve storage pool group as a reserve storage volume, receive policy attributes for the storage group including a storage utilization goal and a default reserve storage pool assignment, monitor a storage utilization level for the storage group, detect when the storage utilization level for the storage group falls outside of the ideal storage utilization range, and adjust an available storage amount for the storage group to bring the storage utilization level within the ideal storage utilization range.

Abstract: A virtual memory management unit can implement various techniques for managing paging space. The virtual memory management unit can monitor a number of unallocated large sized pages and can determine when the number of unallocated large sized pages drops below a page threshold. Unallocated contiguous smaller-sized pages can be aggregated to obtain unallocated larger-sized pages, which can then be allocated to processes as required to improve efficiency of disk I/O operations. Allocated smaller-sized pages can also be reorganized to obtain the unallocated contiguous smaller-sized pages that can then be aggregated to yield the larger-sized pages. Furthermore, content can also be compressed before being written to the paging space to reduce the number of pages that are to be allocated to processes. This can enable efficient management of the paging space without terminating processes.

Abstract: A memory controller writes to a virtual address associated with data residing within an asymmetric memory component of main memory that is within a computer system and that has a symmetric memory component, while preserving proximate other data residing within the asymmetric memory component. The symmetric memory component within the main memory of the computer system is configured to enable random access write operations in which an address within a block of the symmetric memory component is written without affecting the availability of other addresses within the block of the symmetric memory component during the writing of that address. The asymmetric memory component is configured to enable block write operations in which writing to an address within a region of the asymmetric memory component affects the availability of other addresses within the region of the asymmetric memory component during the block write operations involving the address.

Abstract: What is provided is a load page table entry address function defined for a machine architecture of a computer system. In one embodiment, a machine instruction is obtained which contains an opcode indicating that a load page table entry address function is to be performed. The machine instruction contains an M field, a first field identifying a first general register, and a second field identifying a second general register. Based on the contents of the M field, an initial origin address of a hierarchy of address translation tables having at least one segment table is obtained. Based on the obtained initial origin address, dynamic address translation is performed until a page table entry is obtained. The page table entry address is saved in the identified first general register.

Abstract: A data processor and a method for processing data is disclosed. The processor has an input port for receiving packets of data to be processed. A master controller acts to analyze the packets and to provide a header including a list of processes to perform on the packet of data and an ordering thereof. The master controller is programmed with process related data relating to the overall processing function of the processor. The header is appended to the packet of data. The packet with the appended header information is stored within a buffer. A buffer controller acts to determine for each packet stored within the buffer based on the header within the packet a next processor to process the packet. The controller then provides the packet to the determined processor for processing. The processed packet is returned with some indication that the processing is done. For example, the process may be deleted from the list of processes.

Abstract: A multi-mode register file is described. In one embodiment, the multi-mode register file includes an operand in a first mode. The multi-mode register file further includes auxiliary information which replaces the operand in a second mode.

Abstract: An apparatus includes an instruction decoder, first and second source registers and a circuit coupled to the decoder to receive packed data from the source registers and to unpack the packed data responsive to an unpack instruction received by the decoder. A first packed data element and a third packed data element are received from the first source register. A second packed data element and a fourth packed data element are received from the second source register. The circuit copies the packed data elements into a destination register resulting with the second packed data element adjacent to the first packed data element, the third packed data element adjacent to the second packed data element, and the fourth packed data element adjacent to the third packed data element.

Abstract: In some embodiments, a method and apparatus for distributing private keys to an entity with minimal secret, unique information are described. In one embodiment, the method includes the storage of a chip secret key within a manufactured chip. Once the chip secret key is stored or programmed within the chip, the chip is sent to a system original equipment manufacturer (OEM) in order to integrate the chip within a system or device. Subsequently, a private key is generated for the chip by a key distribution facility (KDF) according to a key request received from the system OEM. In one embodiment, the KDF is the chip manufacturer. Other embodiments are described and claimed.

Abstract: A method of maintaining the integrity of software stored in memory, the method comprising: storing an indicator associated with the memory; calculating a reference value from the stored indicator; storing the reference value; modifying the indicator when the software in the memory is modified; storing the modified indicator; recalculating the reference value from the modified indicator; storing the recalculated reference value; and verifying the integrity of the software by: retrieving the modified indicator; calculating an expected value from the modified indicator; and comparing the expected value with the recalculated reference value. Preferably the integrity of the software is verified without calculating an expected value from the software. The reference and expected values are typically calculated in accordance with a secret key.

Abstract: Techniques are provided for desktop streaming over wide area networks. In one embodiment, a computer comprises logic stored in one or more storage media. The logic is configured to receive a first request for a desktop image comprising a collection of files, and to segment the desktop image into a prefetch set, a streaming set, and a leave-behind set. The prefetch set includes a smallest subset of files, in the collection of files, that is needed for a boot up without requiring retrieval of additional files. The streaming set includes those files, in the collection of files, that are to be sent after the boot up. The leave-behind set includes those files, in the collection of files, that are to be sent when specifically requested. In response to the first request, the logic is configured to send the prefetch set to a computing device.

Abstract: An apparatus including a first connector configured to fit into a first socket in a processing system, the first connector and first socket conforming to a first standard, a second socket configured to accept a memory module therein, the second socket and the memory module conforming to a second standard, a memory buffer module communicatively coupled to the first connector and the second socket, the memory buffer module configured to receive signals associated with the first standard from the first connector and output signals associated with the second standard to the second socket, and a virtualization module communicatively coupled to the memory buffer module, the first connector, and the second socket, the virtualization module configured to receive first initialization data associated with the second standard from the second socket and output second initialization data associated with the first standard to the processing system.

Abstract: A microprocessor is provided with a reset logic flag and corresponding reset microcode that selectively enables the reset microcode to set up and enable debug logic before the microprocessor subsequently fetches and executes user instructions. When the reset logic flag is set to a debug mode, the reset microcode configures and enables the microprocessor's debug logic before the microprocessor subsequently fetches and executes user instructions. When the reset logic flag is set to a normal mode, the reset microcode refrains from configuring and enabling the microprocessor's debug logic. The reset logic flag is indicated by an alterable fuse or a debugger-programmable scan register. Debug configuration initialization values are also provided by several alternative structures, including the reset microcode itself, alterable fuses, and debugger-programmable scan registers. Corresponding methods are also provided for configuring the debug logic of a microprocessor.

Abstract: Embodiments facilitate confidential and secure sharing of anonymous user profile data to improve the delivery of customized content. Embodiments of the invention provide a data appliance to an entity such as a business to convert profile data about the business's customers into anonymous identifiers. A similar data appliance is provided to a content provider in one embodiment to generate identifiers for its user profile data. Because the anonymous identifiers are generated with the same anonymization method, identical identifiers are likely generated from profile data of the same users. Therefore, the identifiers can be used to anonymously match the customers of the business to the users of the content provider. Therefore, data can be shared to improve customized content such as advertisements that the business wishes to place with the content provider without requiring the business to disclose customer data in an unencrypted form, and any non-matched data can remain confidential.

Abstract: Methods, apparatus, and computer-accessible storage media for implementing a gateway to a remote service provider according to a security model. The gateway serves as an interface between processes on a customer network and the provider, for example to store customer data to a remote data store. The model may include an activation process initiated by the gateway to register with the provider and associate the gateway with a customer account; the gateway is provided with security credentials. The model may also include establishing secure connections to external processes, for example processes of the service provider. The gateway initiates connections; the external processes do not initiate connections. The model may also include the customer managing the gateway through the service provider. The model may also include encrypting communications between the gateway and the provider and the gateway including security credentials in communications to the provider.

Abstract: A secure communications and location authorization system using a power line or a potion thereof as a side-channel that mitigates man-in-the-middle attacks on communications networks and devices connected to those networks. The system includes a power grid server associated with a substation, or curb-side distribution structure such as a transformer, an electric meter associated with a structure having electric service and able to communicate with the power grid server, a human authorization detector input device connected to the electric meter and the power grid server. The human authorization detector is able to receive an input from a user physically located at the structure and capable of communicating with the power grid server via the electric meter. The user's physical input into the device causing a request to be sent to the power grid server that then generates a location certificate for the user.

Abstract: A client hosted virtualization system (CHVS) includes a processor to execute code, a security processor, a component that includes a certificate, and a non-volatile memory. The non-volatile memory includes BIOS code for the CHVS and virtualization manager code to initialize the CHVS, launch a virtual machine on the CHVS, and authenticate the component with the security processor by determining that the certificate is valid. The CHVS is configurable to execute the first code and not the second code, or to execute the second code and not the first code.

Abstract: Disclosed are a server and a client processing a security program by using a real-time distribution method and method of controlling the server and the client. A method of controlling a server processing a security program by using a real-time key distribution method according to an exemplary embodiment of the present invention includes: analyzing a security program for transmitting the security program to a client; decomposing a code of the analyzed security program into code blocks; encrypting the code blocks by using an encryption key; changing an original header of the security program to a first header; and transmitting a packed program including the encrypted code blocks and the changed first header to the client.

Abstract: A method for protecting a sensor and data of the sensor from manipulation, as well as a sensor to that end; in the course of the authentication, a random number being sent by a control unit to the sensor; in order to recognize manipulation of the sensor data, the sensor data from the sensor to the control unit being provided with a cryptographic integrity protection; and to prevent replay attacks, additional time-variant parameters being added to the sensor data, the sensor data, together with the integrity protection and the added time-variant parameters, being sent by the sensor to the control unit. In this context, after the authentication of the sensor, the random number or a part of the random number or a number obtained from the random number by a function is utilized for the time-variant parameters.

Abstract: A user authenticates a mobile device (MD) to a network-based service (NBS) for initial authentication. Policy is pushed from the NBS to the MD and the MD automatically obtains details about devices and attributes that are near or accessible to the MD in accordance with the policy. The details are pushed as a packet from the MD to the NBS and multifactor authentication is performed based on the details and the policy. If the multifactor authentication is successful, access privileges are set for the MD for accessing the NBS and perhaps for accessing local resources of the MD.

Abstract: A method of user-authenticated quantum key distribution according to the present invention shares a position having the same basis without making public basis information using previously shared secret keys and authenticates a quantum channel by confirming whether there is the same measured outcome at that position, in order to secure unconditional security of BB84 quantum key distribution (QKD) protocols vulnerable to man-in-the-middle attack.

Abstract: A system and a method are provided for retrieving decryption keys from a secure location that is separate from the encrypted data. In particular, for each decryption key, there is an associated key ID, public and private authentication key pair and a storage key. The decryption key is encrypted and can be decrypted with the storage key. A key-server securely stores the encrypted decryption key, key ID and public authentication key. A separate key-host stores the storage key, key ID and private authentication key. For the key-host to retrieve the encrypted decryption key, the key-server first authenticates the key-host using the authentication keys. Upon receipt of the encrypted decryption key, the key-host decrypts the encrypted key using the storage key. The decryption key is then used for decrypting the encrypted data.

Abstract: A method, device and system for authenticating gateway, node and server are provided in this invention. The node receives a message sent by a gateway, wherein the message comprises a number T3 shared by the gateway and a server, and a gateway identification. The node encrypts data with a key K1 shared by the node and the server, the data including T3, the gateway identification, and a random number T1 generated by the node, and then sends the encrypted data and a node identification to the server through the gateway. The node decrypts data encrypted by the server and forwarded by the gateway with the key, determines that the server is a valid server according to a T1-related number obtained by decryption, and establishes a security channel with the gateway according to a new key obtained through the decryption.

Abstract: Some embodiments provide a verification system for automated verification of entities. The verification system automatedly verifies entities using a two part verification campaign. One part verifies that the entity is the true owner of the entity account to be verified. This verification step involves (1) the entity receiving a verification code at the entity account and returning the verification code to the verification system, (2) the entity associating an account that it has registered at a service provider to an account that the verification system has registered at the service provider, (3) both. Another part verifies the entity can respond to communications that are sent to methods of contact that have been previously verified as belonging to the entity. The verification system submits a first communication with a code using a verified method of contact. The verification system then monitors for a second communication to be returned with the code.

Abstract: The generation of a shared secret key K in the implementation of a key agreement protocol, for example MQV, may be optimized for accelerated computation by selecting the ephemeral public key and the long-term public key of a correspondent to be identical. One correspondent determines whether the pair of public keys of the other correspondent are identical. If it is, a simplified representation of the shared key K is used which reduces the number of scalar multiplication operations for an additive group or exponentiation operations for a multiplicative group. Further optimization may be obtained by performing simultaneous scalar multiplication or simultaneous exponentiation in the computation of K.

Abstract: The invention relates to methods and apparatus for Quantum key distribution. Such methods including authenticating a first node in a communications network with a remote node in the communications network. The authentication may include connecting an authentication device to the first node, agreeing a quantum key between the first node and the remote node based on a quantum signal transmitted or received by the first node and performing an authentication step between the authentication device and the remote node on an encrypted channel. Authentication between the authentication device and remote node may be taken as authentication of the first node.

Abstract: An image reading apparatus which reads an original document and generates a digitized scanned document, and which includes a document storage section that stores the scanned document, a document bundling section that identifies one or more scanned documents stored by the document storage section, and bundles the identified documents into one document, and a time stamp affixing section that creates a digital signature of the document bundled by the document bundling section, and affixes a time stamp.

Abstract: Technologies are generally described for using metrics of radio path characteristics within a wireless network to establish signal signature vectors. These signal signature vectors may be used as a shared secret between network nodes to establish affirmative identification. For example, a signal signature vector may be established when a new node sends a fixed number of packets to the existing nodes and the existing nodes send a fixed number of other packets back to the new node. The number of properly received packets can be counted to establish a success probability between the new node and each existing node. These probabilities can be normalized and quantized to generate signal signature vectors at each node. Without every transmitting any of the vectors, the vector at the new node should be highly correlated to the vectors at existing nodes since the pair-wise channels between each of the nodes should be reasonably symmetrical.

Abstract: A non-transitory machine-readable storage medium storing program code for causing a processor to establish a plurality of links to a plurality of devices communicatively coupled to the processor, a particular link of the plurality of links supporting control-plane communications between the processor and a particular device of the plurality of devices over a wireless access network; receive a server message from a particular server of a plurality of servers communicatively coupled to the processor, the server message comprising message payload for delivery to the particular device; generate an encrypted message comprising the message payload and an identifier identifying a particular agent of a plurality of agents on the particular device; and send the encrypted message to the particular device over the particular link, wherein establishing the plurality of links comprises executing a link initialization sequence associating the particular link with a credential associated with the particular device.

Abstract: Methods in OMA SEC_CF for providing security services to traffic over UDP between a client and a server and the relevant entities are provided. A pre-shared key is pre-shared between the client and the server. A pair of IPSec ESP SAs between the client and the server is established without shared key negotiation, wherein traffic data cryptographic algorithms are determined. Traffic data security keys are derived from the pre-shared key via the determined traffic data cryptographic algorithms. Then, data of the traffic can be provided with security services with the traffic data security keys through use of IPSec ESP.

Abstract: A method and apparatus are provided for extracting information from a user's memory that will be easily recalled during future authentication yet is hard for an attacker to guess. The information might be a little-known fact of personal relevance to the user or the personal details surrounding a public event. The user is guided to appropriate topics and forms an indirect hint that is useful to the user yet not to an attacker. Information extraction techniques verify that the information is not easily attacked and to estimate how many bits of assurance the question and answer provide. The information extracted may be, e.g., Boolean (Yes/No), multiple choice, numeric, textual, or a combination of the foregoing. The enrollment process may schedule the sending of one or more reminder messages to the user containing the question (but not the answer) to reinforce the memory of the user.

Abstract: A system for enhancing security of a personal identification number is configned for performing a method that includes receiving, from a first entity having an input permission, a first data structure into a HSM, wherein the first data structure maps a first many-to-one mapping between a first and a second PIN numeral system. The method also includes determining whether the content of the first data structure is valid, storing the first data structure in the HSM if the first data structure is valid and marking the stored first data structure as inactive. The method further includes activating the first data structure if a second data structure is input into the HSM by a second entity having an activation permission, wherein the first entity is different from the second entity, the first data structure is identical to the second data structure. The method additionally includes converting from the first to the second PIN numeral system responsive to the activated first data structure.

Abstract: An object known as an identity object comprises a public key and a private key pair and at least one certificate issued by a certificate authority that certifies that the public key of the pair is genuine. In one embodiment, this object may be used as proof of identification by using the private key to sign data provided to it or signals derived from the data. An identity object may be stored in a non-volatile memory as proof of identity, where the memory is controlled by a controller. Preferably, a housing encloses the memory and the controller.

Abstract: An embodiment relates generally to a method of assigning roles to a token. The method includes determining a first role for a first participant on a token and providing exclusive access to a first section of the token for the first participant base on the first role. The method also includes determining a second role for a second participant on the token and providing exclusive access to a second section of the token for the second participant based on the second role.

Abstract: Systems, methods for computer program products for securely storing data in a data store or in an external data store associated with a mobile device are described herein. Data that is being sent from an application module to a data store, on the mobile device or an external data store used by the mobile device is first encrypted by a security manager. The security manager encrypts data based on an encryption algorithm that may be selected by a user. Data received from an application module is thus stored in an encrypted form on a data store. When an application requests data from the data store, the security manager decrypts the data and provides the data to the application module in its decrypted form. All data that is transmitted to or received from a data store or an external data store is intercepted by the security manager for encryption and decryption respectively.

Abstract: An information processing apparatus, a software update method, and an image processing apparatus capable of encrypting and decrypting information using values uniquely calculated from booted primary modules or booted backup modules with less effort are disclosed. The information processing apparatus includes primary modules and the same kinds of backup modules, and includes a value storage unit storing values calculated from the modules, an encryption information storage unit storing information unique to the modules, an information decryption unit decrypting the information unique to the modules using the values in the value storage unit, and an encryption information update unit, when the module is updated, encrypting the information unique to the modules based on a value calculated from the each kind of the primary modules or the backup modules after the update.

Abstract: Methods and systems to guard against attacks designed to replace authenticated, secure code with non-authentic, unsecure code and using existing hardware resources in the CPU's memory management unit (MMU) are disclosed. In certain embodiments, permission entries indicating that pages in memory have been previously authenticated as secure are maintained in a translation lookaside buffer (TLB) and checked upon encountering an instruction residing at an external page. A TLB permission entry indicating permission is invalid causes on-demand authentication of the accessed page. Upon authentication, the permission entry in the TLB is updated to reflect that the page has been authenticated. As another example, in certain embodiments, a page of recently authenticated pages is maintained and checked upon encountering an instruction residing at an external page.

Abstract: The invention relates to a method and to an electronic device for securing the computation of a modular exponentiation x=mD mod N against invasive attacks. The invention comprises applying a mask to the message m, and after the modular exponentiation is carried out, in verifying that the exponentiation was not altered thanks to properties introduced by the mask.

Abstract: A microprocessor includes a storage element that stores decryption key data and a fetch unit that fetches and decrypts program instructions using a value of the decryption key data stored in the storage element. The fetch unit fetches an instance of a branch and switch key instruction and decrypts it using a first value of the decryption key data stored in the storage element. If the branch is taken, the microprocessor loads the storage element with a second value of the decryption key data for subsequent use by the fetch unit to decrypt an instruction fetched at a target address specified by the branch and switch key instruction. If the branch is not taken, the microprocessor retains the first value of the decryption key data in the storage element for subsequent use by the fetch unit to decrypt an instruction sequentially following the branch and switch key instruction.

Abstract: The disclosure includes a system and method of using a processor and protected memory. In a particular embodiment, the system includes a processor, a volatile memory accessible to the processor, and a first nonvolatile memory accessible to the processor. The first nonvolatile memory includes a first portion of memory that is protected and is readable when a shield bit indicates an unshielded mode of operation, but is unreadable when the shield bit indicates a shielded mode of operation and a second portion of memory that is unprotected and that is readable regardless of the value of the shield bit. The system includes a second nonvolatile memory including data to be transferred to the volatile memory.

Abstract: A database encryption system and method, the Structure Preserving Database Encryption (SPDE), is presented. In the SPDE method, each database cell is encrypted with its unique position. The SPDE method permits to convert a conventional database index into a secure one, so that the time complexity of all queries is maintained. No one with access to the encrypted database can learn anything about its content without the encryption key. Also a secure index for an encrypted database is provided. Furthermore, secure database indexing system and method are described, providing protection against information leakage and unauthorized modifications by using encryption, dummy values and pooling, and supporting discretionary access control in a multi-user environment.

Abstract: The subject matter herein relates to database management systems and, more particularly, encrypted data management in database management systems. Various embodiments provide systems, methods, and software to maintain database tables, some of which are encrypted. Some embodiments include holding clear text in cache and servicing queries from the cache. When a query is received, a file system of the database management system determines if a table holding data to service the query is encrypted. If the table is encrypted, the file system decrypts the data and writes the data to the cache as clear text. Some embodiments, when writing clear text to a table from the cache, determine if the table to which the data is to be written is an encrypted table. If the table is encrypted, the file system encrypts the clear text and stores the cipher text to the encrypted table.

Abstract: A secure computing device includes a secure cryptographic module with a key generation unit for generating a cryptographic key in dependence on received input. A storage is used for storing a virtual machine that is executable on a processor and at least one program that is executable on the virtual machine. A virtual machine manager including a unit 132 for determining an identifier associated 5 with the virtual machine, a unit 134 for supplying a representation of the identifier to the secure cryptographic module and retrieving a cryptographic keyfrom the secure cryptographic module; and a unit 136 for, under control of the cryptographic key, decrypting at least a part of data input to the processor and encrypting at least part of data output from the processor when the processor executes the virtual machine.

Abstract: Embodiments relate to systems and methods for the management of secure data in a cloud-based network. A secure data store can store sensitive or confidential data, such as account numbers, social security numbers, medical or other information in an on-premise data facility. Regulatory and/or operational requirements may prohibit the migration or unprotected transmission of the secure data to the cloud. An operator can instantiate a set of virtual machines to access and process the secure data, for example to process online purchase transactions. To prevent unauthorized disclosure of the secure data, the secure data store can receive data access requests via a translation module that translates the secure data. The secure data store can retrieve and transmit the secure data using a protection mechanism such as a masking and/or encryption mechanism, avoiding the unprotected transport or exposure of that data to the cloud.

Abstract: Mobile network services are performed in a mobile data network in a way that is transparent to most of the existing equipment in the mobile data network. The mobile data network includes a radio access network and a core network. A breakout appliance in the radio access network breaks out data coming from a basestation, and performs one or more mobile network services at the edge of the mobile data network based on the broken out data. The breakout appliance includes multiple states that support manufacturing, testing, production, tamper detection and end of life, and the functions of the breakout appliance vary according to its state.

Abstract: A programmable logic device (PLD) provides voltage identification (VID) codes to a voltage regulator module having VID capabilities. The voltage regulator module generates supply Vdd and/or body bias Vbb voltages according to a selected VID code. The value of the supply Vdd and/or body bias Vbb voltages generated and applied to the PLD determine the operating characteristics of the PLD. The VID codes can be provided and stored in various ways: by an addressable lookup table (LUT) integrated with the PLD, by a memory device in which the VID codes are transferred from an external memory. The VID codes may also be self-generated by auto-detect circuitry integrated with the PLD. The ability to select a particular VID code for each individual PLD allows the user to optimize operational characteristics of the device to satisfy power and/or performance requirements.

Abstract: A power device, such as a UPS, and a method for gathering system information using the power device are provided. In one aspect, a UPS receives system information associated with at least one other device, the system information including configuration management information, stores, in data storage, the system information associated with the at least one other device and provides the system information to an external entity.

Abstract: A portable electronic device employs a method for recovering power to a rechargeable battery used therein when the battery is in a low state of charge. The portable electronic device includes at least a power management subsystem (PMS), a main processor subsystem, and the battery. When the battery is incapable of supplying boot-up power to the processor subsystem, power is provided from a battery charger to the PMS to power-up the PMS. The PMS then determines the battery's type and a state-of-charge (SOC) parameter for the battery, and compares the SOC parameter to a threshold, which is based on at least the battery type. If the SOC parameter is less than the threshold, power is provided from the battery charger to the battery for use in recharging the battery. Otherwise, power is supplied from the battery to the processor subsystem to facilitate general operation of the portable electronic device.

Abstract: A system and method for controlling power and performance in a microprocessor system includes a monitoring and control system integrated into a microprocessor system. The monitoring and control system includes a hierarchical architecture having a plurality of layers. Each layer in the hierarchal architecture is responsive to commands from a higher level, and the commands provide instructions on operations and power distribution, such that the higher levels provide modes of operation and budgets to lower levels and the lower levels provide feedback to the higher levels to control and manage power usage in the microprocessor system both globally and locally.

Abstract: Embodiments of the invention relate to reducing energy consumption in a computing cluster. An aspect of the invention includes a method for reducing energy consumption in a computing cluster. The method includes monitoring requests to server. The method further includes activating a server, if at least one request is to be routed to the server in a reduced power consumption state. The method further includes routing the requests to at least one server. The method further includes reducing power consumption on the server, if the server does not have at least one active request.

Abstract: A method and apparatus for reducing power consumption in a DLNA (Digital Living Network Alliance) network is provided. A method for operating a digital media renderer to reduce power consumption in a DLNA network includes receiving media content from a digital media server, and controlling the power of a communication connection device and a display according to the control state of the received media content.