Memory Access Blocking Patents (Class 711/152)
  • Patent number: 10776524
    Abstract: Embodiments are directed to securing system management mode (SMM) in a computer system. A CPU is configurable to execute first code in a normal mode, and second code in a SMM. A SMM control engine is operative to transition the CPU from the normal mode to the SMM in response to a SMM transition call, and to control access by the CPU in the SMM to data from an originator of the SMM transition call. The access is controlled based on an authorization state assigned to the SMM transition call. An authorization engine is operative to perform authentication of the originator of the SMM transition call and to assign the authorization state based on an authentication result. The CPU in the SMM is prevented from accessing the data in response to the authentication result being a failure of authentication.
    Type: Grant
    Filed: January 14, 2016
    Date of Patent: September 15, 2020
    Assignee: Intel Corporation
    Inventors: Jiewen Jacques Yao, Vincent J. Zimmer, Bassam N. Coury
  • Patent number: 10769027
    Abstract: Systems, apparatuses, and methods for scheduling maintenance jobs for computing assets implementing configuration items within a CMDB are described. The maintenance jobs include database backups. Two queues operate together to schedule a large number of jobs in a technique that is scalable while staying within resource constraints.
    Type: Grant
    Filed: May 25, 2016
    Date of Patent: September 8, 2020
    Assignee: ServiceNow, Inc.
    Inventors: Sam Hauer, Scott Stone, Ivan Batanov
  • Patent number: 10678710
    Abstract: A code protection scheme for controlling access to a memory region in an integrated circuit includes a processor with an instruction pipeline that includes multiple processing stages. A first processing stage receives one or more instructions. A second processing stage receives address information identifying a protected memory region of the memory from the first processing stage and protection information for an identified protected memory region. The protection information indicates a protection state assigned to each protected memory region. Based on the instruction type of the received instruction and the protection information associated with a particular protected memory region, the second processing stage determines whether to enable or disable access to the particular protected memory region by the processor or other external host.
    Type: Grant
    Filed: June 19, 2017
    Date of Patent: June 9, 2020
    Assignee: Synopsys, Inc.
    Inventors: Pranab Bhooma, Carlos Basto, Kulbhushan Kalra
  • Patent number: 10652310
    Abstract: A method of distributing data over multiple Internet connections is provided. The method includes the steps of: (a) providing a client computer with access to a plurality of Internet connections; and (b) providing a host computer for determining the allocation of data to be sent to the client computer over each of the plurality of Internet connections using at least one of (i) predetermined criteria and (ii) dynamically changing criteria.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: May 12, 2020
    Assignee: Connectify, Inc.
    Inventors: Alexander Gizis, Brian Prodoehl, Kevin Cunningham, Brian Lutz
  • Patent number: 10635479
    Abstract: Described systems and methods allow protecting a hardware virtualization system from malicious software. Some embodiments use a hybrid event notification/analysis system, wherein a first component executing within a protected virtual machine (VM) registers as a handler for processor exceptions triggered by violations of memory access permissions, and wherein a second component executing outside the respective VM registers as a handler for VM exit events. The first component filters permission violation events according to a set of rules and only notifies the second component about events which are deemed relevant to security. The second component analyzes notified events to detect malicious software.
    Type: Grant
    Filed: December 18, 2017
    Date of Patent: April 28, 2020
    Assignee: Bitdefender IPR Management Ltd.
    Inventor: Andrei V. Lutas
  • Patent number: 10628192
    Abstract: Scalable techniques for data transfer between virtual machines (VMs) are described. the disclosure provides an apparatus including circuitry, a virtual machine management component for execution by the circuitry to define a plurality of public virtual memory spaces and assign each one of the plurality of public virtual memory spaces to a respective one of a plurality of VMs including a first VM and a second VM, and a virtual machine execution component for execution by the circuitry to execute a first virtual machine process corresponding to the first VM and a second virtual machine process corresponding to the second VM, the first virtual machine process to identify data to be provided to the second VM by the first VM and provide the data to the second VM by writing to a public virtual memory space assigned to the first VM. Other embodiments are described and claimed.
    Type: Grant
    Filed: December 24, 2015
    Date of Patent: April 21, 2020
    Assignee: INTEL CORPORATION
    Inventors: Ben-Zion Friedman, Eliezer Tamir
  • Patent number: 10606768
    Abstract: A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition.
    Type: Grant
    Filed: October 1, 2018
    Date of Patent: March 31, 2020
    Assignee: PathGuard, LLC
    Inventors: Frank N. Newman, Dan Newman
  • Patent number: 10552091
    Abstract: Methods, apparatus and computer program products implement embodiments of the present invention that include storing one or more data volumes to a small computer system interface storage device, and receiving a request to map a given data volume to a host computer. One or more attributes of the given data volume are identified, and using the identified one or more attributes, a unique logical unit number (LUN) for the given data volume is generated. The given data volume is mapped to the host computer via the unique LUN. In some embodiments, the generated LUN includes one of the one or more attributes. In additional embodiments, the generated LUN includes a result of a hash function using the one or more attributes. In storage virtualization environments, the data volume may include secondary logical units, and mapping the given data volume to the host may include binding the SLU to the host.
    Type: Grant
    Filed: August 14, 2018
    Date of Patent: February 4, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Daniel I. Goodman, Ran Harel, Oren S. Li-On, Rivka M. Matosevich, Orit Nissan-Messing, Yossi Siles, Eliyahu Weissbrem
  • Patent number: 10545872
    Abstract: Techniques are described for reducing shared cache memory requests in a multi-threaded microprocessor-based system. One method includes receiving a request for data from a thread, identifying that the request correlates with a pending request associated with a different thread, combining the request with the pending request based on the identifying, and receiving the data after the combining, the receiving being based on the pending request. In some examples, the request may be associated with an address of a cache line in a cache memory.
    Type: Grant
    Filed: September 26, 2016
    Date of Patent: January 28, 2020
    Assignee: Ikanos Communications, Inc.
    Inventor: Alberto Brizio
  • Patent number: 10503892
    Abstract: The disclosed technology is generally directed to the authentication of software. In one example of the technology, a private attestation key is stored in hardware. In some examples, during a sequential boot process a hash is calculated, in an order in which the software stages are sequentially booted, of each software stage of a plurality of software stages. The hashes of each software stage of the plurality may be cryptographically appended to an accumulation register. The accumulation register may be used to attest to validity of the software stages. The plurality of software stages may include a first bootloader, a runtime for a first core of a multi-core processor, and a runtime for a first execution environment for a second core of the multi-core processor.
    Type: Grant
    Filed: June 25, 2017
    Date of Patent: December 10, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Felix Stefan Domke
  • Patent number: 10503666
    Abstract: A method for operating a microcontroller, where access rights of processes executed in the microcontroller to different memory areas are stored in a memory protection unit, includes, in the course of a simulation mode, a first process carrying out an access attempt to a certain memory area in a certain manner in the name of a second process; the memory protection unit transferring access rights of the second process for the certain memory area to the first process upon the access attempt. The access rights are read out by the first process and the simulation mode is terminated. The access attempt is preferably thereupon terminated and an access is not carried out according to this access attempt by the first process.
    Type: Grant
    Filed: November 7, 2016
    Date of Patent: December 10, 2019
    Assignee: Robert Bosch GmbH
    Inventors: Jens Gladigau, Simon Hufnagel
  • Patent number: 10496302
    Abstract: Described are techniques for use in connection with providing data protection. A storage resource for which data protection is provided by a data protection service may be identified. One or more criteria may be specified denoting one or more trigger conditions for providing data protection by the data protection service, wherein, responsive to an occurrence of any of the one or more trigger conditions, first processing may be performed by the data protection service to protect the storage resource. The one or more criteria may include a first criterion identifying a first amount of data change that has to occur with respect to the storage resource. Notification may be received regarding an occurrence of a first of the one or more trigger conditions. Responsive to receiving the notification, the first processing may be performed by the data protection service.
    Type: Grant
    Filed: March 10, 2016
    Date of Patent: December 3, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Natasha Gaurav, Dennis T. Duprey, Bruce R. Rabe, Binbin Lin, Scott E. Joyce
  • Patent number: 10496612
    Abstract: A method for converting metadata in a hierarchical configuration within a filesystem from a first format to a second format includes reading metadata that is in the first format within the hierarchical configuration; writing all of the metadata that is in the first format into a flat file; scanning the metadata to compile a list of inode chunks; sorting the list of inode chunks based on the on disk location of the inode chunks; and writing all of the metadata from the flat file back into the hierarchical configuration, the metadata being in the second format. The method can also include increasing the size of each of a first inode and a second inode within a first inode chunk in the filesystem, assigning the first inode to the first inode chunk, and assigning the second inode to a second inode chunk.
    Type: Grant
    Filed: May 10, 2017
    Date of Patent: December 3, 2019
    Assignee: QUANTUM CORPORATION
    Inventor: Tim LaBerge
  • Patent number: 10491773
    Abstract: An information processing apparatus includes circuitry to check whether a program is active at plural timings. The program is previously terminated while keeping prohibition of at least one operation of the information processing apparatus. The circuitry cancels the prohibition of the at least one operation of the information processing apparatus when the program remains inactive for a given period of time.
    Type: Grant
    Filed: June 14, 2018
    Date of Patent: November 26, 2019
    Assignee: Ricoh Company, Ltd.
    Inventor: Jongsook Eun
  • Patent number: 10481805
    Abstract: Preventing timeouts of I/O requests at a data storage system that are associated with cloud-based and/or external data storage systems. Rather than allow a timeout to occur, a response is sent to the host at a predetermined time before timeout, which will prevent the timeout from occurring and may cause the host system to “retry” the I/O operation by issuing another I/O request specifying the same I/O operation. The data storage system may repeat this process a preconfigured number of times or indefinitely, or until the host or user terminates or the application crashes. An I/O request received from a host may be configured in accordance with one or more SAN- or NAS-based protocols, and the I/O request may be translated into an I/O request conforming to one or more cloud-based and/or Internet-based protocols and transmitted to a cloud-based and/or external storage system.
    Type: Grant
    Filed: June 30, 2015
    Date of Patent: November 19, 2019
    Assignee: EMC IP Holding Company LLC
    Inventors: Adnan Sahin, Wayne D'Entremont, Suresh Krishnan, Arieh Don
  • Patent number: 10452459
    Abstract: Systems and methods are described for verifying functionality of a computing device. Rules are received that are usable to configure a driver verifier function to capture information associated with a device driver identified by the rules. The configured driver verifier function is run on a computing device. The information is captured in response to driver conditions identified by the rules. The computing device is allowed to continue operation when the driver condition includes an error condition of the identified device driver. A communication is initiated to transmit the captured information to a driver verification analysis service.
    Type: Grant
    Filed: December 9, 2016
    Date of Patent: October 22, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Markus W. Mielke, Jakob F. Lichtenberg, Vladimir A. Levin, Remy L. De Weduwe, Hyuk Joon Kwon, Nathan L. Deisinger, Vikas Pabreja, Juncao Li
  • Patent number: 10387037
    Abstract: Techniques for enabling enhanced parallelism for sparse linear algebra operations having write-to-read dependencies are disclosed. A hardware processor includes a plurality of processing elements, a memory that is heavily-banked into a plurality of banks, and an arbiter. The arbiter is to receive requests from threads executing at the plurality of processing elements seeking to perform operations involving the memory, and to maintain a plurality of lock buffers corresponding to the plurality of banks. Each of the lock buffers is able to track up to a plurality of memory addresses within the corresponding bank that are to be treated as locked in that the values stored at those memory addresses cannot be updated by those of the threads that did not cause the memory addresses to be locked until those memory addresses have been removed from being tracked by the plurality of lock buffers.
    Type: Grant
    Filed: December 31, 2016
    Date of Patent: August 20, 2019
    Assignee: Intel Corporation
    Inventors: Ganesh Venkatesh, Deborah Marr
  • Patent number: 10382578
    Abstract: This application relates to embodiments for providing a content stream to a device from a content server based on a protocol that is established between the device and an account server. The account server can initiate a session with the device and provide the device with a list of channels available for a user account associated with the device. When a channel is selected at the device, conditional access information can be provided from the account server to the device, which can thereafter relay the conditional access information to the content server. The content server can use the conditional access information to verify that the device has the appropriate permission to receive streaming content. In this way, because the conditional access information originates at the account server, permission to access streaming content can be managed by correspondence between the account server and the device, rather than the content server.
    Type: Grant
    Filed: September 30, 2015
    Date of Patent: August 13, 2019
    Assignee: Apple Inc.
    Inventors: Srinivas Vedula, Daniel P. Carter, Gianpaolo Fasoli, Augustin J. Farrugia, Eugene Jivotovski
  • Patent number: 10379768
    Abstract: In one embodiment, a memory interface employs selective memory mode authorization enforcement in accordance with the present description to ensure that memory modes of operation which have not been authorized, are not permitted to proceed. In one embodiment, mode control logic receives from memory control logic of the memory interface, memory mode selection data which is compared to a mode authorization classification structure to determine if the memory mode being selected in association with a memory transaction request is authorized or otherwise permitted. Memory mode enablement logic of the mode control logic enables the requested memory mode associated with a memory transaction request if it is determined that the selected memory mode associated with the memory transaction request is authorized. Other aspects are described herein.
    Type: Grant
    Filed: September 30, 2016
    Date of Patent: August 13, 2019
    Assignee: INTEL CORPORATION
    Inventors: Mahesh S. Natu, Vedaraman Geetha
  • Patent number: 10367923
    Abstract: The invention relates to a method for processing at least one data packet (78, 156) which comprises a first header (82, 158) and a payload (100, 160), wherein the first header (82, 158) is processed by a first mode and the payload (100, 160) is processed by a second mode, wherein a number of processing steps (172, 174) for carrying out the second mode is greater than a number of processing steps (168, 170) for carrying out the first mode, the two modes being performed separately from one another.
    Type: Grant
    Filed: October 2, 2012
    Date of Patent: July 30, 2019
    Assignee: Robert Bosch GmbH
    Inventors: Volker Blaschke, Guenter Vogel, Timo Lothspeich, Anton Pfefferseder, Reiner Schnitzer, Jeffrey Lee, Soeren Krieger, Juergen Mallok
  • Patent number: 10348558
    Abstract: The present disclosure discloses a method and system for restarting the network service with zero downtime, comprising: a) listening, by an original process of the network service, on a first port; (b) configuring and initiating a transition process, wherein the configuring includes causing the transition process to listen on a second port different from the first port of the original process; (c) running a connection tracking module and, meanwhile adding an iptables rule to redirect a connection directed to the first port to the second port; (d) waiting until existing connections on the original process are processed completely, then exiting the original process; (e) initiating a new process on the first port according to a new configuring file; (f) reconfiguring the iptables rule to cancel port redirection; and (g) waiting until existing connections on the transition process are processed completely, then exiting the transition process.
    Type: Grant
    Filed: May 30, 2016
    Date of Patent: July 9, 2019
    Assignee: WANGSU SCIENCE & TECHNOLOGY CO., LTD
    Inventor: Xun Chen
  • Patent number: 10346306
    Abstract: Methods and apparatuses relating to memory performance monitoring are described, including a processor and method for memory performance monitoring utilizing a monitor flag and first and second allocators for allocating virtual memory regions.
    Type: Grant
    Filed: April 2, 2016
    Date of Patent: July 9, 2019
    Assignee: Intel Corporation
    Inventors: Amitabha Roy, Subramanya R. Dulloor, Rajesh M. Sankaran
  • Patent number: 10305793
    Abstract: A communication device conforming with plural communication standards and having a storage storing a plurality of virtual stacks each having an application program and communication program that implements a protocol stack for communication by the application program. An executor executes the virtual stacks, and a switching controller switches the virtual stacks to be executed by performing a first processing in which at least one part of at least one of the virtual stacks is read from storage and stored into a memory of, and executed by, the executor. Then, in accordance with free capacity in the memory, at least one part of at least one of the virtual stacks executed in the first processing is deleted from memory. In a second processing at least one part of at least one of the virtual stacks is read from the storage and stored into the memory of, and executed by, the executor.
    Type: Grant
    Filed: May 29, 2013
    Date of Patent: May 28, 2019
    Assignee: Yokogawa Electric Corporation
    Inventors: Nobuo Okabe, Yukiyo Akisada, Kazunori Miyazawa, Yasuki Sakurai
  • Patent number: 10291543
    Abstract: A system, method, and computer program product are provided for migrating availability of a resource type in a communication network using network function virtualization, comprising: selecting a resource type; selecting a first section of the network where demand for the resource type is expected to grow; selecting a second section of the network where demand for the resource type is expected to be stable relative to the first section; selecting a third section of the network communicatively coupled to the first and second sections, the third section comprising higher availability of the resource type than the first section; migrating a first virtual network function (VNF) instance from the third section to the first section; and migrating a second virtual network function instance from the second section to the third section.
    Type: Grant
    Filed: January 26, 2016
    Date of Patent: May 14, 2019
    Assignee: AMDOCS DEVELOPMENT LIMITED
    Inventors: Eyal Felstaine, Ofer Hermoni, Itzik Kitroser, Nimrod Sandlerman
  • Patent number: 10261794
    Abstract: Techniques are described for metadata processing that can be used to encode an arbitrary number of security policies for code running on a processor. Metadata may be added to every word in the system and a metadata processing unit may be used that works in parallel with data flow to enforce an arbitrary set of policies. In one aspect, the metadata may be characterized as unbounded and software programmable to be applicable to a wide range of metadata processing policies. Techniques and policies have a wide range of uses including, for example, safety, security, and synchronization. Additionally, described are aspects and techniques in connection with metadata processing in an embodiment based on the RISC-V architecture.
    Type: Grant
    Filed: September 5, 2017
    Date of Patent: April 16, 2019
    Assignee: The Charles Stark Draper Laboratory, Inc.
    Inventor: Andre′ DeHon
  • Patent number: 10242022
    Abstract: The disclosed computer-implemented method for managing delayed allocation on clustered file systems may include (i) receiving, at a global lock manager that stores storage disk allocation information for a plurality of nodes in a clustered file system, a lock request from a node that requests a lock range on a storage disk to store data from a file, (ii) reserving, by the global lock manager, the lock range, (iii) receiving, at the global lock manager, from an additional node, an additional lock request for an additional lock range to store additional data from the file, and (iv) reserving, by the global lock manager, the additional lock range to be adjacent to the lock range on the storage disk based on the additional data on the additional node being from the same file as the data on the node. Various other methods, systems, and computer-readable media are also disclosed.
    Type: Grant
    Filed: August 10, 2016
    Date of Patent: March 26, 2019
    Assignee: Veritas Technologies LLC
    Inventors: Sanjay Jain, Shirish Vijayvargiya, Anindya Banerjee
  • Patent number: 10235310
    Abstract: Described herein are technical features for freeing a buffer used during execution of a work-item by a multiprocessor. An example method includes identifying a first processing unit that assigned the buffer to the work-item, in response to a request from a second processing unit to free the buffer. The computer-implemented method also includes identifying a bitmap associated with the buffer, the bitmap being in a local memory of the first processing unit. The computer-implemented method also includes updating a bit from the bitmap to indicate that the buffer has been freed, the bit corresponding to the buffer.
    Type: Grant
    Filed: November 29, 2016
    Date of Patent: March 19, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jeffrey P. Kubala, Jerry A. Moody, Muruganandam Somasundaram
  • Patent number: 10236069
    Abstract: An apparatus is described. The apparatus includes a storage device having multiple non volatile memory chips and controller circuitry. The controller circuitry is to implement wear leveling of storage cells of the non volatile memory chips at a granularity of segments of storage cell arrays of the non volatile memory chips that share a same disturber node and that are coupled to a same storage cell array wire to diminish disturb errors.
    Type: Grant
    Filed: June 20, 2017
    Date of Patent: March 19, 2019
    Assignee: Intel Corporation
    Inventors: Ning Wu, Robert E. Frickey
  • Patent number: 10223301
    Abstract: Aspects of the present invention include a method, system and computer program product that implements a memory management scheme for each processor in a multiprocessor system. The method includes pre-allocating, for each processor in a multiprocessor system, a set of memory buffers; and implementing a metadata bitmap for each pre-allocated set of memory buffers, wherein the metadata bitmap for each pre-allocated set of memory buffers comprises a plurality of bits, and wherein each of the plurality of bits is indicative of a usage state of a corresponding one of the memory buffers within each pre-allocated set of memory buffers.
    Type: Grant
    Filed: November 29, 2016
    Date of Patent: March 5, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jeffrey P. Kubala, Jerry A. Moody, Muruganandam Somasundaram
  • Patent number: 10210109
    Abstract: Aspects of the present invention include a method, system and computer program product that implements a memory management scheme for each processor in a multiprocessor system. The method includes pre-allocating, for each processor in a multiprocessor system, a set of memory buffers; and implementing a metadata bitmap for each pre-allocated set of memory buffers, wherein the metadata bitmap for each pre-allocated set of memory buffers comprises a plurality of bits, and wherein each of the plurality of bits is indicative of a usage state of a corresponding one of the memory buffers within each pre-allocated set of memory buffers.
    Type: Grant
    Filed: February 10, 2017
    Date of Patent: February 19, 2019
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Jeffrey P. Kubala, Jerry A. Moody, Muruganandam Somasundaram
  • Patent number: 10191852
    Abstract: Methods and apparatus for locking at least a portion of a shared memory resource. In one embodiment, an electronic device configured to lock at least a portion of a shared memory is disclosed. The electronic device includes a host processor, at least one peripheral processor and a physical bus interface configured to couple the host processor to the peripheral processor. The electronic device further includes a software framework that is configured to: attempt to lock a portion of the shared memory; verify that the peripheral processor has not locked the shared memory; when the portion of the shared memory is successfully locked via the verification that the peripheral processor has not locked the portion of the shared memory, execute a critical section of the shared memory; and otherwise attempt to lock the at least the portion of the shared memory at a later time.
    Type: Grant
    Filed: September 22, 2016
    Date of Patent: January 29, 2019
    Assignee: Apple Inc.
    Inventors: Vladislav Petkov, Haining Zhang, Karan Sanghi, Saurabh Garg
  • Patent number: 10191795
    Abstract: Embodiments relate to systems and methods for timeout monitoring of concurrent commands or parallel communication channels comprising assigning or de-assigning each one of the commands or communication channels to a corresponding one of a plurality of timeout timers when corresponding commands are to be transmitted or command acknowledges are received respectively.
    Type: Grant
    Filed: June 23, 2017
    Date of Patent: January 29, 2019
    Assignee: Infineon Technologies AG
    Inventors: Karl Herz, Ljudmil Anastasov, Harald Zweck
  • Patent number: 10177921
    Abstract: A process is disclosed for authorizing a user's access to a limited access network. The process comprises sending an encrypted server random number to a previously registered user. If the user can demonstrate an ability to successfully decrypt the server random number, the user is authenticated and access is authorized. The process further comprises an encrypted user random number. Encryption of the user random number comprises the use of a server-controlled value. The web server's ability to return to the user a decryption of the encrypted user random number serves as confirmation that the web site is legitimate. In a preferred embodiment all communications of login values between the user and the web server are encrypted. In an embodiment a user is provided with a key for encrypting user random numbers and for decrypting server random numbers. The key may be automatically updated on a predetermined schedule.
    Type: Grant
    Filed: January 15, 2015
    Date of Patent: January 8, 2019
    Assignee: XORkey B.V.
    Inventor: Timotheus Martinus Cornelis Ruiter
  • Patent number: 10176122
    Abstract: A processor employs a hardware encryption module in the memory access path between an input/out device and memory to cryptographically isolate secure information. In some embodiments, the encryption module is located at a memory controller of the processor, and each memory access request provided to the memory controller includes VM tag value identifying the source of the memory access request. The VM tag is determined based on a requestor ID identifying the source of the memory access request. The encryption module performs encryption (for write accesses) or decryption (for read accesses) of the data associated with the memory access based on an encryption key associated with the VM tag.
    Type: Grant
    Filed: October 19, 2016
    Date of Patent: January 8, 2019
    Assignees: Advanced Micro Devices, Inc., ATI Technologies ULC
    Inventors: David Kaplan, Maggie Chan, Philip Ng
  • Patent number: 10148732
    Abstract: A method of distributing data over multiple Internet connections is provided. The method includes the steps of: (a) providing a client computer with access to a plurality of Internet connections; and (b) providing a host computer for determining the allocation of data to be sent to the client computer over each of the plurality of Internet connections using at least one of (i) predetermined criteria and (ii) dynamically changing criteria.
    Type: Grant
    Filed: December 21, 2015
    Date of Patent: December 4, 2018
    Assignee: Connectify, Inc.
    Inventors: Alexander Gizis, Brian Prodoehl, Kevin Cunningham, Brian Lutz
  • Patent number: 10133508
    Abstract: A computer-implemented method for enhancing data protection is disclosed. The method starts with monitoring an operating status of a storage volume at a primary storage of a storage system, where the storage volume is allocated to one or more applications. The method continues with determining whether the operating status of the storage volume satisfies a predetermined condition and notifying a backup application to trigger a backup of the storage volume of the primary storage to a backup storage upon determining that the operating status of the storage volume satisfies the first predetermined condition.
    Type: Grant
    Filed: June 13, 2014
    Date of Patent: November 20, 2018
    Assignee: EMC IP Holding Company LLC
    Inventors: Stephen D. Smaldone, Jian Xing, Hyong Shim
  • Patent number: 10129329
    Abstract: An improved method for the prevention of deadlock in a massively parallel processor (MPP) system wherein, prior to a process sending messages to another process running on a remote processor, the process allocates space in a deadlock-avoidance FIFO. The allocated space provides a “landing zone” for requests that the software process (the application software) will subsequently issue using a remote-memory-access function. In some embodiments, the deadlock-avoidance (DLA) function provides two different deadlock-avoidance schemes: controlled discard and persistent reservation. In some embodiments, the software process determines which scheme will be used at the time the space is allocated.
    Type: Grant
    Filed: October 13, 2015
    Date of Patent: November 13, 2018
    Assignee: Cray Inc.
    Inventors: Edwin L. Froese, Eric P. Lundberg, Igor Gorodetsky, Howard Pritchard, Charles Giefer, Robert L. Alverson, Duncan Roweth
  • Patent number: 10089248
    Abstract: A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition.
    Type: Grant
    Filed: February 20, 2017
    Date of Patent: October 2, 2018
    Assignee: Newman H-R Computer Design, LLC
    Inventors: Frank N. Newman, Dan Newman
  • Patent number: 10089447
    Abstract: Instructions and logic fork processes and establish child enclaves in a secure enclave page cache (EPC). Instructions specify addresses for secure storage allocated to enclaves of a parent and a child process to store secure enclave control structure (SECS) data, application data, code, etc. The processor includes an EPC to store enclave data of the parent and child processes. Embodiments of the parent may execute, or a system may execute an instruction to copy parent SECS to secure storage for the child, initialize a unique child ID and link to the parent's SECS/ID. Embodiments of the child may execute, or the system may execute an instruction to copy pages from the parent enclave to the enclave of the child where both have the same key, set an entry for EPC mapping to partial completion, and record a page state in the child enclave, if interrupted. Thus copying can be resumed.
    Type: Grant
    Filed: June 13, 2017
    Date of Patent: October 2, 2018
    Assignee: Intel Corporation
    Inventors: Prashant Pandey, Mona Vij, Somnath Chakrabarti, Krystof C. Zmudzinski
  • Patent number: 10083071
    Abstract: An anomaly detector for a Controller Area Network (CAN) bus performs state space classification on a per-message basis of messages on the CAN bus to label messages as normal or anomalous, and performs temporal pattern analysis as a function of time to label unexpected temporal patterns as anomalous. The anomaly detector issues an alert if an alert criterion is met that is based on the outputs of the state space classification and the temporal pattern analysis. The temporal pattern analysis may compare statistics of messages having analyzed arbitration IDs with statistics for messages having those analyzed arbitration IDs in a training dataset of CAN bus messages, and a temporal pattern is anomalous if there is a statistically significant deviation from the training dataset. The anomaly detector may be implemented on a vehicle Electronic Control Unit (ECU) communicating via a vehicle CAN bus.
    Type: Grant
    Filed: September 17, 2015
    Date of Patent: September 25, 2018
    Assignee: BATTELLE MEMORIAL INSTITUTE
    Inventors: Anuja Sonalker, David Sherman
  • Patent number: 10061657
    Abstract: Embodiments are described for dynamically modifying backup policy of an application using changes in metrics of a data set generated by the application and/or user-specified rules. Each application can have its own backup policy having a protection level that determines a frequency of backup for the application data set. An application can have an initial backup policy. An application backup policy can be based on the application type, a percent of change to the data set since the last backup, a size of the data set, or other metric. A user can specify a rule for the backup policy and protection level for the application. The backup policy or protection level can be dynamically updated in response to changes in the data set or a user-specified rule, on a per-application basis.
    Type: Grant
    Filed: March 23, 2016
    Date of Patent: August 28, 2018
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Shelesh Chopra, John Rokicki, Vladimir Mandic
  • Patent number: 10025580
    Abstract: In accordance with embodiments of the present disclosure, a method may include querying, by an application program executing on a first information handling system, a second information handling system remotely coupled to the first information handling system for data comprising identities of versions or patches of an operating system certified by a provider of the operating system. The method may also include receiving the data in response to the query. The method may further include updating a support matrix associated with the application program based on the identities of certified versions or patches, the support matrix setting forth identities of versions or patches of the operating system supported by the application program.
    Type: Grant
    Filed: January 23, 2013
    Date of Patent: July 17, 2018
    Assignee: Dell Products L.P.
    Inventors: Matthew Christian Paul, Trung Minh Tran, Muhammad Rahman
  • Patent number: 10007553
    Abstract: A method designed to configure an IT system having at least one computing core for executing instruction threads, in which each computing core is capable of executing at least two instruction threads at a time in an interlaced manner, and an operating system, being executed on the IT system, capable of providing instruction threads to each computing core. The method includes a step of configuring the operating system being executed in a mode in which it provides each computing core with a maximum of one instruction thread at a time.
    Type: Grant
    Filed: March 10, 2011
    Date of Patent: June 26, 2018
    Assignee: BULL SAS
    Inventors: Xavier Bru, Philippe Garrigues, Benoît Welterlen
  • Patent number: 9990372
    Abstract: The disclosed embodiments disclose techniques for managing consistency for a file in a distributed filesystem. Two or more cloud controllers collectively manage distributed filesystem data that is stored in the cloud storage systems; the cloud controllers ensure data consistency for the stored data, and each cloud controller caches portions of the distributed filesystem. During operation, a cloud controller receives from a client a request to access the file. The cloud controller determines a level of consistency that is associated with the file, and then uses this level of consistency to determine whether to communicate with a peer cloud controller when handling the request.
    Type: Grant
    Filed: September 10, 2014
    Date of Patent: June 5, 2018
    Assignee: PANZURA, INC.
    Inventors: Yun Lin, Steve Hyuntae Jung, Vinay Kumar Anneboina, John Richard Taylor
  • Patent number: 9940287
    Abstract: A shared memory controller receives, from a computing node, a request associated with a memory transaction involving a particular line in a memory pool. The request includes a node address according to an address map of the computing node. An address translation structure is used to translate the first address into a corresponding second address according to a global address map for the memory pool, and the shared memory controller determines that a particular one of a plurality of shared memory controllers is associated with the second address in the global address map and causes the particular shared memory controller to handle the request.
    Type: Grant
    Filed: March 27, 2015
    Date of Patent: April 10, 2018
    Assignee: Intel Corporation
    Inventor: Debendra Das Sharma
  • Patent number: 9934004
    Abstract: A computer readable medium including executable instructions that when executed perform a method for validating an optimization in generated code using an executable constraints document is provided. The medium can include instructions for relating an assumption to the optimization during code generation. The medium can include instructions for generating the executable constraints document during the code generation, the executable constraints document including information about the relating; and the medium can include instructions for executing the constraints document when the validating is performed, the validating including performing an operation based on a validation result produced by the validating, where the operation includes displaying the validation result to a user, storing the validation result, sending the validation result to a destination, or modifying the generated code.
    Type: Grant
    Filed: March 31, 2014
    Date of Patent: April 3, 2018
    Assignee: The MathWorks, Inc.
    Inventors: Aravind Pillarisetti, Peter S. Szpak, Jesung Kim, Xiaocang Lin, Pieter J. Mosterman
  • Patent number: 9928174
    Abstract: A consistent caching service for managing data consistency between a cache system and backing store is provided. The consistent caching service compares an origin token and a parity token associated with the cached copy of the data item to determine consistency of the data item. The origin and parity tokens may be generated by an operation that caused population of the data item to the cache. The parity token may be invalidated by a write operation of the data item, thus causing a mismatch between the two tokens.
    Type: Grant
    Filed: March 16, 2016
    Date of Patent: March 27, 2018
    Assignee: Amazon Technologies, Inc.
    Inventor: Paul Connell
  • Patent number: 9891962
    Abstract: Provided is a lock management system, a lock management method and a lock management program whereby lock acquisition and release processes can be carried out at high speed. A lock management system 1 having a multiprocessor includes: a lock acquisition process 310 for carrying out a lock acquisition process for a thread according to one or more lock modes, at least a portion of the lock modes being a shared lock that can be acquired by one or more threads; and lock status holding means 410 for managing the number of threads acquiring a lock, by first information which can express the number of threads by one word that can be handled by an indivisible access command of the multi-processor, and second information representing a whole range of the number of threads that can possibly acquire a lock in each lock mode.
    Type: Grant
    Filed: March 26, 2013
    Date of Patent: February 13, 2018
    Assignee: NEC Corporation
    Inventor: Takashi Horikawa
  • Patent number: 9826045
    Abstract: Systems and methods are provided to test changes for a mobile app built by web-based tooling directly on a physical mobile device. A first application can be loaded on a mobile device. The first application can receive metadata of a second application. The first application can execute the second application using the metadata. Access to local resources can be intercepted and redirected to the server for processing. Additionally, changes made to the second application using the web-based tooling can be pushed to the first application using a persistent channel allowing the changes to be immediately tested.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: November 21, 2017
    Assignee: Oracle International Corporation
    Inventors: Christian David Straub, Maneesh Chugh
  • Patent number: 9817573
    Abstract: A smart card management method, a memory storage device, and a memory control circuit unit are provided. The method includes: receiving a first setting command corresponding to a temporary file from a host system. The temporary file is configured to access the smart card, and the first setting command includes a plurality of first setting messages. One of the first setting messages includes first setting command verification information and first location identification information. The first setting command verification information is configured to verify whether the first setting command is configured to set the temporary file, and the first location identification information is configured to find a logical unit corresponding to the first setting message including the first location identification information. The method also includes: recording a first logic range belonging to the temporary file in a look-up table according to the first setting command.
    Type: Grant
    Filed: March 24, 2015
    Date of Patent: November 14, 2017
    Assignee: PHISON ELECTRONICS CORP.
    Inventors: Meng-Chang Chen, Hsing-Chang Liu