Access Limiting Patents (Class 711/163)
  • Patent number: 10776283
    Abstract: Various embodiments are generally directed to an apparatus, method and other techniques for allocating a portion of the memory as system management random access memory (SMRAM) including a system management interrupt (SMI) handler for a system management mode (SMM), the SMI handler to handle SMIs for the SMM, generating a page table for the SMM, the page table comprising one or more mapped pages to map virtual addresses to physical addresses for the SMM, and setting one or more page table attributes for the page table to prevent a malicious code attack on the SMM.
    Type: Grant
    Filed: April 1, 2016
    Date of Patent: September 15, 2020
    Assignee: INTEL CORPORATION
    Inventors: Kirk D. Brannock, Barry E. Huntley, Vincent J. Zimmer
  • Patent number: 10776020
    Abstract: Aspects of the disclosure provide for mechanisms for memory protection of virtual machines in a computer system. A method of the disclosure includes: obtaining, by a hypervisor, a guest page table associated with a virtual machine, wherein the guest page table comprises a first guest page table entry associated with a privilege flag indicating that a first virtual page of a guest memory of the virtual machine is accessible to unprivileged code; and in view of a determination that the virtual machine is running in a kernel mode, generating a first host page table in view of the guest page table, wherein the first host page table comprises a first host page table entry corresponding to the first guest page table entry, and wherein the first host page table entry is associated with a privilege flag indicating that the first virtual page is not accessible to the unprivileged code.
    Type: Grant
    Filed: August 13, 2018
    Date of Patent: September 15, 2020
    Assignee: Red Hat, Inc.
    Inventors: David Gilbert, Paolo Bonzini
  • Patent number: 10768969
    Abstract: Some embodiments of the present invention include a method comprising: accessing units of network storage that encode state data of respective virtual machines, wherein the state data for respective ones of the virtual machines are stored in distinct ones of the network storage units such that the state data for more than one virtual machine are not commingled in any one of the network storage units.
    Type: Grant
    Filed: November 13, 2018
    Date of Patent: September 8, 2020
    Assignee: VMware, Inc.
    Inventors: Daniel K. Hiltgen, Rene W. Schmidt
  • Patent number: 10761908
    Abstract: Various embodiments relate generally to computer software and systems, including a subset of intermediary executable instructions constituting an communication interface between various software and/or hardware platforms, and, more specifically, to an application interface integration design management platform configured to analyze distinctive repositories (e.g., version-control application-based repositories) and identify application interface files and data components to form a consolidated data source with which to perform a unified search (e.g., a global search) to implement different portions of various application interfaces in development of application program interfaces (“APIs”), and the like.
    Type: Grant
    Filed: August 6, 2019
    Date of Patent: September 1, 2020
    Assignee: Stoplight, Inc.
    Inventor: Marc MacLeod
  • Patent number: 10764280
    Abstract: A fingerprint recognition based authentication method and apparatus is disclosed. The authentication apparatus may obtain an input fingerprint from a touch input of a user, determine an input number corresponding to the input fingerprint using preregistered fingerprint-number mapping information, and authenticate the user based on whether an input number sequence corresponding to an input fingerprint sequence is identical to a reference number sequence.
    Type: Grant
    Filed: January 20, 2016
    Date of Patent: September 1, 2020
    Assignee: SAMSUNG ELECTRONICS CO., LTD.
    Inventors: Wonjun Kim, Chilhee Chung, Jung-Bae Kim, Chang Kyu Choi, Seungju Han
  • Patent number: 10762225
    Abstract: The herein described technology facilitates sharing of notes and files with a locked computing device. The locked computing device may receive a file sharing request that includes a file identifier identifying a location of a source file. The locked processing device provides a user account of the processing device with access to content of the source file responsive to authentication of a recipient access credential associated with the user account.
    Type: Grant
    Filed: January 11, 2018
    Date of Patent: September 1, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: John B. Hesketh, Charlene M. Atlas, Jamie Cabaccang
  • Patent number: 10755011
    Abstract: A hardware monitor arranged to detect out-of-bounds violations in a hardware design for an electronic device. The hardware monitors include monitor and detection logic configured to monitor the current operating state of an instantiation of the hardware design and detect when the instantiation of the hardware design implements a fetch of an instruction from memory; and assertion evaluation logic configured to evaluate one or more assertions that assert a formal property that compares the memory address of the fetched instruction to an allowable memory address range associated with the current operating state of the instantiation of the hardware design to determine whether there has been an out-of-bounds violation. The hardware monitor may be used by a formal verification tool to exhaustively verify that the hardware design does not cause an instruction to be fetched from an out-of-bounds address.
    Type: Grant
    Filed: October 16, 2017
    Date of Patent: August 25, 2020
    Assignee: Imagination Technologies Limited
    Inventors: Ashish Darbari, Iain Singleton
  • Patent number: 10754895
    Abstract: A method for reducing I/O performance impacts associated with a data commit operation is disclosed. In one embodiment, such a method includes periodically performing a data commit operation wherein modified data is destaged from cache to persistent storage drives. Upon performing a particular instance of the data commit operation, the method determines whether modified data in the cache is a metadata track. In the event the modified data is a metadata track, the method attempts to acquire an exclusive lock on the metadata track. In the event the exclusive lock cannot be acquired, the method skips over the metadata track without destaging the metadata track for the particular instance of the data commit operation. A corresponding system and computer program product are also disclosed.
    Type: Grant
    Filed: October 17, 2018
    Date of Patent: August 25, 2020
    Assignee: International Business Machines Corporation
    Inventors: Lokesh M. Gupta, Edward Lin, Kyler A. Anderson, Matthew G. Borlick, Kevin J. Ash
  • Patent number: 10757087
    Abstract: A memory subsystem includes a memory interface for accessing a non-volatile memory (NVM), a host interface for communicating with a host, and a processor. The processor is configured to calculate a signature over program code that is used by the host and is stored in the NVM, to verify, upon detecting a boot process performed by the host, whether the boot process is legitimate, and, only if the boot process was verified to be legitimate, to provide the signature to the host for authentication to a remote server.
    Type: Grant
    Filed: January 2, 2018
    Date of Patent: August 25, 2020
    Assignee: WINBOND ELECTRONICS CORPORATION
    Inventor: Nir Tasher
  • Patent number: 10747908
    Abstract: Techniques are disclosed in which a secure circuit controls a gating circuit to enable or disable other circuitry of a device (e.g., one or more input sensors). For example, the gating circuit may be a power gating circuit and the secure circuit may be configured to disable power to an input sensor in certain situations. As another example, the gating circuit may be a clock gating circuit and the secure circuit may be configured to disable the clock to an input sensor. As yet another example, the gating circuit may be configured to gate a control bus and the secure circuit may be configured to disable control signals to an input sensor. In some embodiments, hardware resources included in or controlled by the secure circuit are not accessible by other elements of the device, other than by sending requests to a predetermined set of memory locations (e.g., a secure mailbox).
    Type: Grant
    Filed: September 11, 2018
    Date of Patent: August 18, 2020
    Assignee: Apple Inc.
    Inventors: Pierre-Olivier J. Martel, Jeffrey R. Wilcox, Ian P. Shaeffer, Andrew D. Myrick, Robert W. Hill, Tristan F. Schaap
  • Patent number: 10740452
    Abstract: A call path identifier is maintained which is permuted in response to a calling instruction for calling a target function, based on a function return address. The call path identifier is used as a modifier value for authentication code generating and checking instructions for generating and checking authentication codes associated with source values. In response to the authentication code checking instruction, if an expected authentication code mismatches a previously generated authentication code for a source value then an error handling response is triggered. This is useful for preventing attacks where address pointers which are valid in one part of the code are attempted to be reused in other parts of code.
    Type: Grant
    Filed: September 15, 2017
    Date of Patent: August 11, 2020
    Assignee: ARM Limited
    Inventor: Simon Hosie
  • Patent number: 10740302
    Abstract: A system can apply file placement rules to dynamically place files and directories within file system views backed by objects in an object storage system. After detection of an update to a first file system view that causes an update of an object in a storage grid, an object manager begins evaluation of file placement rules against metadata of the object. For each file placement rule that is triggered, the object manager determines identifies gateways that export the first file system view. The object manager then instructs the gateways to update their representations of the first file system view. The disclosed embodiments may be able to scale to managing hundreds of billions of files spanning thousands of file system views, especially in the presence of disconnected operation.
    Type: Grant
    Filed: May 25, 2016
    Date of Patent: August 11, 2020
    Assignee: NETAPP, INC.
    Inventors: David Slik, Tym Altman, Adam F. Ciapponi
  • Patent number: 10740233
    Abstract: According to an example, cache operations may be managed by detecting that a cacheline in a cache is being dirtied, determining a current epoch number, in which the current epoch number is associated with a store operation and wherein the epoch number is incremented each time a thread of execution completes a flush-barrier checkpoint, and inserting an association of the cacheline to the current epoch number into a field of the cacheline that is being dirtied.
    Type: Grant
    Filed: October 30, 2015
    Date of Patent: August 11, 2020
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Derek Alan Sherlock
  • Patent number: 10740476
    Abstract: An apparatus includes an interface and storage circuitry. The interface is configured to communicate with a memory including multiple memory cells that store data as respective analog values. The memory is addressable using physical addresses. The storage circuitry is configured to perform a first read operation from a physical address, and determine a first sequence of analog values retrieved by the first read operation, to further perform a second read operation from the physical address, and determine a second sequence of analog values retrieved by the second read operation, to evaluate a variation between the first sequence and the second sequence, and to determine that an unauthorized re-programming to the physical address has occurred between the first read operation and the second read operation, in response to the evaluated variation exceeding a predefined variation level.
    Type: Grant
    Filed: April 10, 2019
    Date of Patent: August 11, 2020
    Assignee: APPLE INC.
    Inventors: Assaf Shappir, Itay Sagron
  • Patent number: 10741568
    Abstract: Numerous embodiments of a precision tuning algorithm and apparatus are disclosed for precisely and quickly depositing the correct amount of charge on the floating gate of a non-volatile memory cell within a vector-by-matrix multiplication (VMM) array in an artificial neural network. Selected cells thereby can be programmed with extreme precision to hold one of N different values.
    Type: Grant
    Filed: December 21, 2018
    Date of Patent: August 11, 2020
    Assignee: SILICON STORAGE TECHNOLOGY, INC.
    Inventors: Hieu Van Tran, Steven Lemke, Vipin Tiwari, Nhan Do, Mark Reiten
  • Patent number: 10725687
    Abstract: A method for data protection in a memory system includes receiving, from entity, an address range and a set command, the address range corresponding to at least a portion of a memory partition in the memory system. The method further includes determining whether the entity is an authenticated entity. The method further includes based on the determination of whether the entity is an authenticated entity, setting, using the set command, access characteristics of the portion of the partition corresponding to the address range.
    Type: Grant
    Filed: March 19, 2019
    Date of Patent: July 28, 2020
    Assignee: Western Digital Technologies, Inc.
    Inventors: Rotem Sela, David Brief, Eliad Adi Klein
  • Patent number: 10725937
    Abstract: A data processing system includes multiple processing units all having access to a shared memory. A processing unit includes a processor core that executes memory access instructions including a store-conditional instruction that generates a store-conditional request specifying a store target address and store data. The processing unit further includes a reservation register that records shared memory addresses for which the processor core has obtained reservations and a cache that services the store-conditional request by conditionally updating the shared memory with the store data based on the reservation register indicating a reservation for the store target address. The processing unit additional includes a blocking state machine configured to protect the store target address against access by any conflicting memory access request during a protection window extension following servicing of the store-conditional request.
    Type: Grant
    Filed: July 30, 2018
    Date of Patent: July 28, 2020
    Assignee: International Business Machines Corporation
    Inventors: Derek E. Williams, Guy L. Guthrie, Hugh Shen, Sanjeev Ghai
  • Patent number: 10727198
    Abstract: A semiconductor package including an insulating encapsulation, an integrated circuit component, and conductive elements is provided. The integrated circuit component is encapsulated in the insulating encapsulation, wherein the integrated circuit component has at least one through silicon via protruding from the integrated circuit component. The conductive elements are located on the insulating encapsulation, wherein one of the conductive elements is connected to the at least one through silicon via, and the integrated circuit component is electrically connected to the one of the conductive elements through the at least one through silicon via.
    Type: Grant
    Filed: December 26, 2017
    Date of Patent: July 28, 2020
    Assignee: Taiwan Semiconductor Manufacturing Co., Ltd.
    Inventors: Feng-Cheng Hsu, Shin-Puu Jeng
  • Patent number: 10719410
    Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate distributed data backup. An example apparatus includes a controller to detect a trigger event for a distributed backup mode; and, in response to detection of the trigger event, trigger the distributed backup mode. When in the distributed backup mode, the controller of the example apparatus is to identify one or more receiving devices within communication range of the apparatus available to receive a data backup from the apparatus. The example apparatus includes a data distributor to distribute data from the apparatus among the one or more receiving devices. The controller of the example apparatus is to confirm receipt of the distributed data by the one or more receiving devices.
    Type: Grant
    Filed: June 21, 2018
    Date of Patent: July 21, 2020
    Assignee: Intel Corporation
    Inventor: Mateusz Bronk
  • Patent number: 10719457
    Abstract: A storage device includes an antenna, a first nonvolatile memory that is operable using power generated at the antenna by an electromagnetic induction caused by an external device, and stores lock state information, a first controller configured to change the lock state information in response to a command that is wirelessly transmitted from the external device through the antenna, a second nonvolatile memory, and a second controller configured to allow access to a memory region of the second nonvolatile memory depending on the lock state information stored in the first nonvolatile memory.
    Type: Grant
    Filed: September 1, 2016
    Date of Patent: July 21, 2020
    Assignee: TOSHIBA MEMORY CORPORATION
    Inventors: Keisuke Sato, Masaomi Teranishi, Shuichi Sakurai, Masahiko Nakashima, Shigeki Koizumi
  • Patent number: 10719631
    Abstract: The present disclosure includes systems and methods relating to information flow tracking and detection of unintentional design flaws of digital devices and microprocessor systems. In general, in one implementation, a technique includes: receiving a hardware design specifying an implementation for information flow in a hardware configuration; receiving one or more labels annotating the hardware design; receiving one or more security properties specifying a restriction relating to the one or more labels for implementing an information flow model; generating the information flow model; performing verification using the information flow model, wherein verification comprises verifying whether the information flow model passes or fails against the one of more security properties; and upon verifying that the information flow model passes, determining that an unintentional design flaw is not identified in the hardware design.
    Type: Grant
    Filed: July 27, 2017
    Date of Patent: July 21, 2020
    Assignees: Tortuga Logic Inc., The Regents of the University of California
    Inventors: Wei Hu, Ryan Kastner, Jason K. Oberg
  • Patent number: 10713105
    Abstract: An operating method of a memory controller to control a nonvolatile memory device includes receiving information about operation failure from the nonvolatile memory device, receiving lock-out status information from the nonvolatile memory device, determining whether a lock-out signal is output based on the lock-out status information, and determining a failure block corresponding to the information about the operation failure as a normal block or a bad block depending on the determination result.
    Type: Grant
    Filed: April 25, 2018
    Date of Patent: July 14, 2020
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Kwangkyu Bang, Young-Seop Shim, Heeyoub Kang, Kyungduk Lee
  • Patent number: 10715340
    Abstract: A system and method for utilizing a security key stored in non-volatile memory, and for generating a PUF-based data set on an integrated circuit including non-volatile memory cells, such as flash memory cells, are described. The method includes storing a security key in a particular block in a plurality of blocks of the non-volatile memory array; utilizing, in a security logic circuit coupled to the non-volatile memory array, the security key stored in the particular block in a protocol to enable access via a port by external devices or communication networks to data stored in blocks in the plurality of blocks; and enabling read-only access to the particular block by the security logic for use in the protocol, and preventing access to the particular block via the port.
    Type: Grant
    Filed: May 22, 2017
    Date of Patent: July 14, 2020
    Assignee: MACRONIX INTERNATIONAL CO., LTD.
    Inventors: Chun-Hsiung Hung, Kuen-Long Chang, Ken-Hui Chen, Shih-Chang Huang
  • Patent number: 10705976
    Abstract: Examples include a processor including at least one untrusted extended page table (EPT), circuitry to execute a set of instructions of the instruction set architecture (ISA) of the processor to manage at least one secure extended page table (SEPT), and a physical address translation component to translate a guest physical address of a guest physical memory to a host physical address of a host physical memory using one of the at least one untrusted EPT and the at least one SEPT.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: July 7, 2020
    Assignee: Intel Corporation
    Inventors: Ravi Sahita, Barry E. Huntley, Vedvyas Shanbhogue, Dror Caspi, Baruch Chaikin, Gilbert Neiger, Arie Aharon, Arumugam Thiyagarajah
  • Patent number: 10701082
    Abstract: A method and system for operating an application with multiple modes are described. A plurality of applications may be presented to a user on a mobile device and one of the displayed applications may be selected. The selected application may have one or more contexts that are determined based on one or more operational parameters. For example, a context for the selected application may be that the application is configured to access an enterprise account. Based on the context, the selected application may be run on the mobile device in one of a plurality of operations modes. The operation modes may comprise managed, unmanaged, and partially managed modes, among others.
    Type: Grant
    Filed: September 11, 2019
    Date of Patent: June 30, 2020
    Assignee: Citrix Systems, Inc.
    Inventors: Zhongmin Lang, Gary Barton
  • Patent number: 10698854
    Abstract: A system architecture is provided and includes first and second processing units respectively communicative with an on-chip coherency unit and an accelerator communicative with the on-chip coherency unit. The accelerator is configured to execute an operation responsive to a call issued by one of the first and second processing units. The first processing unit is configured to set an asynchronous operation flag (AOF) to indicate that the second processing unit is to conduct an operation for the first processing unit. The second processing unit is configured to respond to the AOF by building scatter gather lists and subsequently issuing the call and feeding the scatter gather lists to the accelerator to facilitate execution of the operation by the accelerator.
    Type: Grant
    Filed: February 27, 2019
    Date of Patent: June 30, 2020
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Simon Weishaupt, Matthias Klein, Stefan Usenbinz, Anthony Thomas Sofia
  • Patent number: 10691506
    Abstract: Systems and methods for managing locks in a data acquisition system with a distributed data storage are disclosed. In embodiments, a storage node of a data acquisition system with a plurality of storage nodes receives a request for an unprocessed event, where portions of the event data are stored across the plurality of storage nodes. One node of the plurality of nodes holds the lock value for the event. The node receiving the request searches for an event where it stores the lock value that is unlocked. If none is found, the node receiving the request forwards the request to a second node, which repeats the search.
    Type: Grant
    Filed: December 28, 2018
    Date of Patent: June 23, 2020
    Assignee: Intel Corporation
    Inventors: Grzegorz Jereczek, Jakub Radtke, Pawel Makowski, Maciej Maciejewski, Pawel Lebioda, Piotr Pelplinski, Aleksandra Wisz
  • Patent number: 10691482
    Abstract: A data processing system with technology to secure a VMCS comprises random access memory (RAM) and a processor in communication with the RAM. The processor comprises virtualization technology that enables the processor to (a) execute host software in root mode and (b) execute guest software from the RAM in non-root mode in a virtual machine (VM) that is based at least in part on a virtual machine control data structure (VMCDS) for the VM. The processor also comprises a root security profile to specify access restrictions to be imposed when the host software attempts to read the VMCDS in root mode. Other embodiments are described and claimed.
    Type: Grant
    Filed: August 22, 2018
    Date of Patent: June 23, 2020
    Assignee: Intel Corporation
    Inventors: Kai Cong, Karanvir Grewal, David M. Durham
  • Patent number: 10685126
    Abstract: A method for operating a secure storage device with a non-volatile memory on a computer system which executes multiple operating system instances. The non-volatile memory comprises one or more domains which are used by the operating system instances. A separate trusted key entry system is used to configure secret data of an operating system instance stored in the non-volatile memory. The method comprises setting a domain to either secure or non-secure mode; generating a unique identifier of the operating system instance; generating a secure hash for the operating system instance; and storing the secure hash in the domain.
    Type: Grant
    Filed: January 22, 2018
    Date of Patent: June 16, 2020
    Assignee: International Business Machines Corporation
    Inventors: Jakob C. Lang, Joerg Schmidbauer, Klaus Werner
  • Patent number: 10684782
    Abstract: One example method includes receiving an IO associated with a process initiated by an application, where the IO is identified by a tag that corresponds to the process. The method further includes saving the tag on a device that is an element of a storage group (SG) that is specific to the application, and correlating the tag with a data protection process that is associated with the application. When a request is received to perform an SG protection process, the SG protection process is performed on the tagged device.
    Type: Grant
    Filed: August 2, 2018
    Date of Patent: June 16, 2020
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Arieh Don, Jehuda Shemer, Yaron Dar
  • Patent number: 10664392
    Abstract: The present invention discloses a method and device for managing a storage system. Specifically, in one embodiment of the present invention there is proposes a method for managing a storage system, the method comprising: dividing a stripe included in a storage array in the storage system into a group of blocks; in response to receiving an allocation request for a storage space in the storage system, determining a space size associated with the allocation request; and building a repository based on one or more blocks selected from the group which match the space size, the repository being defined using an address mapping including addresses of the one or more blocks in the storage system. In one embodiment of the present invention there is proposed a device for managing a storage system.
    Type: Grant
    Filed: December 20, 2017
    Date of Patent: May 26, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Xinlei Xu, Jian Gao, Lifeng Yang, Yousheng Liu, Changyu Feng
  • Patent number: 10664589
    Abstract: A memory alignment randomization method of a memory heap exploit is provided, memory alignment of objects inside a heap area is randomly performed to mitigate the exploits of the vulnerability of the software memory heap area The heap exploit is powerfully mitigated by aligning randomly obtained memory addresses instead of aligning memory addresses at multiples of 4 or 8 when the memory alignment for the objects inside the heap area.
    Type: Grant
    Filed: April 12, 2017
    Date of Patent: May 26, 2020
    Assignee: Korea Advanced Institute of Science and Technology
    Inventors: Brent ByungHoon Kang, Daehee Jang, Minsu Kim, Jonghwan Kim, Daegyeong Kim, Hojoon Lee
  • Patent number: 10664183
    Abstract: A system includes a processor and memory including one or more memory region groups, each including a plurality of distinct memory regions. In embodiments, each memory region of a particular memory region group has a same set of memory attributes and is associated with a same attribute group identifier (AGI). In response to an access request to a memory location of a memory region within the particular memory region group, the AGI may be used to identify the set of memory attributes to be applied when executing the access request. In response to a request to change one or more memory attributes of the particular memory region group, update of a single entry changes the memory attributes for all memory regions of the particular memory region group, without accessing individual metadata of each memory region. The update can be accomplished atomically and substantially simultaneously.
    Type: Grant
    Filed: June 21, 2017
    Date of Patent: May 26, 2020
    Assignee: Oracle International Corporation
    Inventors: David L. Weaver, John R. Rose
  • Patent number: 10649915
    Abstract: The present disclosure relates to a disaggregated computing architecture comprising: a first compute node (302) comprising an interconnect interface (310); an accelerator node (304) comprising a physical device (402); and an interconnection network (308) linking the first compute node (302) and the accelerator node (304), wherein: the first compute node (302) executes a host operating system (410) and instantiates a first virtual machine (VM) executing a guest device driver (406) for driving the physical device; one or more input registers of the physical device are accessible via a first uniform physical address range (upa_a_devctl) of the interconnection network (308); and the interconnect interface (310) of the first compute node (302) is configured to map a host physical address range (hpa_c_devctl) of the host operating system (410) to the first uniform physical address range (upa_a_devctl).
    Type: Grant
    Filed: October 28, 2018
    Date of Patent: May 12, 2020
    Assignee: VIRTUAL OPEN SYSTEMS
    Inventors: Maciej Bielski, Alvise Rigo, Michele Paolino, Salvatore Daniele Raho
  • Patent number: 10642534
    Abstract: A data storage device includes a nonvolatile memory device; and a controller suitable for controlling the nonvolatile memory device through a command, the controller comprising a memory controller including a queue which includes multiple slots, each of the multiple slots being mapped to one type among a plurality of types of the command, and suitable for processing a descriptor for the command enqueued to the queue to generate the command; and a processor suitable for requesting one slot of the multiple slots mapped to one type among the plurality of types of the command, to the memory controller, and enqueuing, when allocated with the one slot, the descriptor for the command, to the one slot.
    Type: Grant
    Filed: July 7, 2017
    Date of Patent: May 5, 2020
    Assignee: SK hynix Inc.
    Inventor: Dong Jae Shin
  • Patent number: 10635481
    Abstract: Some embodiments of the present invention include a method comprising: accessing units of network storage that encode state data of respective virtual machines, wherein the state data for respective ones of the virtual machines are stored in distinct ones of the network storage units such that the state data for more than one virtual machine are not commingled in any one of the network storage units.
    Type: Grant
    Filed: November 13, 2018
    Date of Patent: April 28, 2020
    Assignee: VMware, Inc.
    Inventors: Daniel K. Hiltgen, Rene W. Schmidt
  • Patent number: 10635327
    Abstract: Apparatuses, systems, and methods are disclosed for data availability during temporary inaccessibility of a memory region for memory. An apparatus may include a plurality of memory elements and a controller. A controller may be configured to identify a portion of memory of a plurality of memory elements such that data stored in a portion of memory is temporarily inaccessible and other data stored in other portions of memory in the plurality of memory elements is accessible. A controller may be configured to reconstruct data stored in a portion of memory from other data stored in other portions of memory. A controller may be configured to provide reconstructed data while a portion of an array is temporarily inaccessible.
    Type: Grant
    Filed: January 31, 2018
    Date of Patent: April 28, 2020
    Assignee: WESTERN DIGITAL TECHNOLOGIES, INC.
    Inventors: Daniel Helmick, Yuheng Zhang, Mai Ghaly, Yibo Yin, Hao Su, Kent Anderson
  • Patent number: 10628299
    Abstract: A storage system in one embodiment comprises a plurality of storage devices and a storage controller. The storage controller is configured to receive a plurality of logical addresses. Each logical address has one of a content-based mapping type and an address-based mapping type. Responsive to a first logical address of the plurality of logical addresses having the content-based mapping type, the storage controller is configured to utilize a content-based mapping generated based on content of a data page associated with the first logical address to identify a corresponding physical address. Responsive to a second logical address of the plurality of logical addresses having the address-based mapping type, the storage controller is configured to utilize an address-based mapping generated based on the second logical address to identify a corresponding physical address.
    Type: Grant
    Filed: March 15, 2019
    Date of Patent: April 21, 2020
    Assignee: EMC IP Holding Company LLC
    Inventors: Zvi Schneider, Amitai Alkalay, Assaf Natanzon
  • Patent number: 10621101
    Abstract: An overlay of a file-based write filter can be freed up to thereby minimize the likelihood that the overlay will become full and force a system reboot. An overlay-managing write filter can be employed in conjunction with the file-based write filter to monitor files that are stored in the overlay and move files that are not currently being accessed. If a request is made to access a moved file, the overlay-managing write filter can modify the request so that it targets the location of the moved file rather than the location of the original file on the protected volume. In this way, the fact that modified files are being moved from the overlay but not discarded can be hidden from the file-based write filter. As a result, the effective size of the overlay will be increased while still allowing the file-based write filter to function in a normal fashion.
    Type: Grant
    Filed: February 1, 2017
    Date of Patent: April 14, 2020
    Assignee: Wyse Technology L.L.C.
    Inventors: Salil S Joshi, Puneet Kaushik
  • Patent number: 10592435
    Abstract: In one embodiment, an apparatus includes: at least one core to execute instructions, the at least one core formed on a semiconductor die; a first memory formed on the semiconductor die, the first memory comprising a non-volatile random access memory, the first memory to store a first entry to be a monotonic counter, the first entry including a value field and a status field; and a control circuit, wherein the control circuit is to enable access to the first entry if the apparatus is in a secure mode and otherwise prevent the access to the first entry. Other embodiments are described and claimed.
    Type: Grant
    Filed: July 14, 2016
    Date of Patent: March 17, 2020
    Assignee: Intel Corporation
    Inventors: Prashant Dewan, Siddhartha Chhabra, David M. Durham, Karanvir S. Grewal, Alpa T. Narendra Trivedi
  • Patent number: 10585810
    Abstract: A method of protecting software for embedded applications against unauthorized access is disclosed. Software to be protected is loaded into a protected memory area and access to the protected memory area is controlled by sentinel logic circuitry. The sentinel logic circuitry allows access to the protected memory area only either from within the protected memory area or from outside of the protected memory area but through a dedicated memory location within the protected memory area. The dedicated memory location then points to protected address locations within the protected memory area.
    Type: Grant
    Filed: June 27, 2018
    Date of Patent: March 10, 2020
    Assignee: TEXAS INSTRUMENTS INCORPORATED
    Inventor: Johann Zipperer
  • Patent number: 10581737
    Abstract: A method and apparatus for accelerating data routing between applications of an application group are disclosed. In the method and apparatus, a host computer system receives registration information from a first computer system instantiated on the host computer system, whereby the registration information indicates whether a first application is executed on the first computer system. In response to a request from a second computer system that is instantiated on the host computer system to route data to the first application, the host computer system routes the data to the first computer system, whereby the internal routing of the data is determinable by the first computer system.
    Type: Grant
    Filed: June 20, 2014
    Date of Patent: March 3, 2020
    Assignee: Amazon Technologies, Inc.
    Inventor: Nicholas Alexander Allen
  • Patent number: 10581858
    Abstract: A Network Attached Storage (NAS) apparatus to provide network-based data storage for client computing devices (e.g., in a local area network). One or more file-based logical storage area (LSA) shares are created in memory of the NAS apparatus, wherein each file-based LSA share originally is configured as one of “private access” (only certain users have access to a private file-based LSA share) or “public access” (any user on the LAN that can access the NAS appliance can also access the public file-based LSA share). At some later time, the file-based LSA share may be reconfigured to go from private-to-public access or public-to-private access (each file-based LSA share has a “reversible privacy setting”). In one example, object permissions for each object (file or folder) already stored on the LSA share prior to the access reconfiguration are updated on an object-by-object basis to ensure appropriate access to all legacy objects after the access reconfiguration.
    Type: Grant
    Filed: April 1, 2016
    Date of Patent: March 3, 2020
    Assignee: Datto, Inc.
    Inventors: John Fury Christ, Austin McChord
  • Patent number: 10572687
    Abstract: A microprocessor computer system for secure/high assurance/safety critical computing includes a hardware subsystem having a plurality of cache controller and cache bank modules including cache bank and memory cell hardware permission bits for managing and controlling access to system resources. A computer security framework subsystem includes a hierarchy of access layers comprising top layers and lower layers. The permission bits provide hardware level computer security primitives for a computer operating system. The top layers are completely trusted and the lower layers are moderately trusted to completely untrusted. The top layers include a trusted operating system layer that executes management and control of the system resources and permission bits. The permission bits define limits for a hardware execution security mechanism for less trusted to completely untrusted software.
    Type: Grant
    Filed: March 30, 2017
    Date of Patent: February 25, 2020
    Assignee: America as represented by the Secretary of the Army
    Inventor: Patrick W. Jungwirth
  • Patent number: 10565132
    Abstract: In various implementations, a system includes a memory, a processor, and an execution-aware memory protection unit (EA-MPU). The EA-MPU is configured to regulate memory access by the processor based at least on the identity of a subject executable that requests access, and on the address to which access is requested, and on permissions information that identifies which subject executables are to be granted access to each of several memory regions. In various implementations, the permissions information itself is stored among the several memory regions. Various configurations of the permissions information can be used to provide shared memory regions for communication among two or more stand-alone trusted software modules, to protect access to devices accessible through memory-mapped I/O (MMIO), to implement a flexible watchdog timer, to provide security for software updates, to provide dynamic root of trust measurement services, and/or to support an operating system.
    Type: Grant
    Filed: July 17, 2017
    Date of Patent: February 18, 2020
    Assignee: Intel Corporation
    Inventors: Steffen Schulz, Patrick Koeberl
  • Patent number: 10558573
    Abstract: A memory request, including an address, is accessed. The memory request also specifies a type of an operation (e.g., a read or write) associated with an instance (e.g., a block) of data. A group of caches is selected using a bit or bits in the address. A first hash of the address is performed to select a cache in the group. A second hash of the address is performed to select a set of cache lines in the cache. Unless the operation results in a cache miss, the memory request is processed at the selected cache. When there is a cache miss, a third hash of the address is performed to select a memory controller, and a fourth hash of the address is performed to select a bank group and a bank in memory.
    Type: Grant
    Filed: September 11, 2018
    Date of Patent: February 11, 2020
    Assignee: Cavium, LLC
    Inventors: Richard E. Kessler, David Asher, Shubhendu S. Mukherjee, Wilson P. Snyder, II, David Carlson, Jason Zebchuk, Isam Akkawi
  • Patent number: 10552602
    Abstract: A system, method and computer-readable storage medium with instructions for operating a processor of an electronic device to protect against unauthorized manipulation of the code pointer by maintaining and updating a code pointer complement against which the code pointer may be verified. Other systems and methods are disclosed.
    Type: Grant
    Filed: August 31, 2015
    Date of Patent: February 4, 2020
    Assignee: Thales Dis France SA
    Inventor: Lance Hannen-Williams
  • Patent number: 10534558
    Abstract: A storage array uses paged metadata. Each storage director has access to a plurality of object storage systems which describe locations of paged metadata in backing storage. Each object storage system includes different types of inodes which describe objects in backing storage. The object storage systems are used to locate and relocate metadata for loading into global memory, and creation and deletion of objects. An object storage system may be selected based on factors including ratio of different inode types, locality of object usage and anticipated object activity level.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: January 14, 2020
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Philip Miloslavsky, Matthew David Ivester, David Shadmon, Jeffrey Held, Andrew Chanler
  • Patent number: 10528490
    Abstract: An apparatus and method are provided for managing bounded pointers. The apparatus has processing circuitry to execute a sequence of instructions, and a plurality of storage elements accessible to the processing circuitry, for storage of bounded pointers and non-bounded pointers. Each bounded pointer has explicit range information associated therewith indicative of an allowable range of memory addresses when using the bounded pointer. A current range check storage element is then used to store a current range check state for the processing circuitry. When the current range check state indicates a default state, the processing circuitry is responsive to execution of a memory access instruction identifying a pointer to be used to identify a memory address, to perform a range check operation to determine whether access to that memory address is permitted.
    Type: Grant
    Filed: October 19, 2016
    Date of Patent: January 7, 2020
    Assignee: ARM Limited
    Inventor: Graeme Peter Barnes
  • Patent number: 10521241
    Abstract: An added security feature on a mobile device to require an owner or an authorized user of the mobile device to provide a shutdown password to power off the mobile device is disclosed. The shutdown password is configured and set by the owner or the authorized user and stored internally in a data storage device of the mobile device. When so configured, the mobile device triggers a shutdown password input field to be displayed on the mobile device screen. The user of the mobile device must provide the shutdown password in order to power off the mobile device, thereby preventing unauthorized powering off of the mobile device and associated GPS and internal communications circuitry of the mobile device, allowing the mobile device to be tracked in the event of an emergency or when the mobile device is lost or stolen.
    Type: Grant
    Filed: April 27, 2017
    Date of Patent: December 31, 2019
    Inventor: Long Van Ha