Access Limiting Patents (Class 711/163)
  • Patent number: 11151262
    Abstract: The present invention extends to methods, systems, and computer program products for configuring, enforcing, and monitoring separation of trusted execution environments. Firmware images consistent with configuration of multiple separate execution domains can be generated without requiring changes to existing application source code. A cryptographically signed firmware image can be loaded at a processor to form multiple separate execution domains at the processor. Communications can be secured across separate execution domains without using shared memory.
    Type: Grant
    Filed: June 24, 2019
    Date of Patent: October 19, 2021
    Assignee: Hex Five Security, Inc.
    Inventor: Cesare Garlati
  • Patent number: 11151267
    Abstract: A single architected instruction to perform multiple functions is executed. The executing includes performing a first function of the multiple functions and a second function of the multiple functions. The first function includes moving a block of data from one location to another location, and the second function includes setting one portion of a storage key using one selected key and another portion of the storage key using another selected key. The storage key is associated with the block of data and controls access to the block of data. The first function and the second function are performed as part of the single architected instruction.
    Type: Grant
    Filed: February 25, 2019
    Date of Patent: October 19, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Timothy Siegel, Elpida Tzortzatos
  • Patent number: 11144347
    Abstract: Methods, systems and computer program products provide protection domains for processes in shared address space. Multiple processes may share address space, for example, in a software isolated process running on top of a library operating system (OS). A protection domain (PD), such as a Protection Key (PKEY), may be assigned to a process to protect its allocated address spaces from access by other processes. PDs may be acquired from a host OS. A library OS may manage PDs to protect processes and/or data. A PD may be freed and reassigned to a different process or may be concurrently assigned to multiple processes, for example, when the number of processes exceeds the number of protection domains. Threads spawned by a process may inherit protection provided by a PD assigned to the process. Process PDs may be disassociated with address spaces as they are deallocated for a process or its threads.
    Type: Grant
    Filed: August 20, 2019
    Date of Patent: October 12, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Purvi Shah, Georgiy I. Reynya, Stanislav A. Oks
  • Patent number: 11144468
    Abstract: A system may include a processor and a memory, the processor having at least one cache. The cache may include a plurality of sets, each set having a plurality of cache lines. Each cache line may include several bits for storing information, including at least a “shared” bit to indicate whether the cache line is shared between different processes being executed by the processor. The example cache may also include shared cache line detection and eviction logic. During normal operation, the cache logic may monitor for a context switch (i.e., determine if the processor is switching from executing instructions for a first process to executing instructions for a second process). Upon a context switch, the cache logic may evict the shared cache lines (e.g., the cache lines with a shared bit of 1). This eviction of shared cache lines may prevent attackers utilizing such attacks from gleaning meaningful information.
    Type: Grant
    Filed: June 29, 2018
    Date of Patent: October 12, 2021
    Assignee: Intel Corporation
    Inventors: Abhishek Basak, Arun Kanuparthi, Nagaraju N. Kodalapura, Jason M. Fung
  • Patent number: 11144217
    Abstract: The present invention provides a data protection method and storage device. The data protection method includes: (A): during an initial period after the storage device is connected to a host, detecting the storage device and determining whether the storage device needs to be performed with data protection; (B): when the storage device needs to be performed with data protection in Step (A), modifying a predetermined writing destination that the host writes data to a storage unit of the storage device, to make the data from the host be written to another writing destination rather than being written to said writing destination; or writing the data from the host into a control chip or a bridge chip of an inner memory or an inner register, rather than writing the data from the host into the storage device; and (C): reporting to the host that the writing operation is completed.
    Type: Grant
    Filed: October 1, 2019
    Date of Patent: October 12, 2021
    Assignee: JMicron Technology Corp.
    Inventor: Shih-Ling Lin
  • Patent number: 11144634
    Abstract: Security systems for microelectronic devices physically lock the hardware itself and serve as a first line of defense by preventing overwriting, modification, maniplation or erasure of data stored in a device's memory. Implementations of the security systems can respond to lock/unlock commands that do not require signal or software interactivity with the functionality of the protected device, and which therefore may be consistent across devices. In various embodiments, a security device passively “listens” on data lines of the protected device and, when a lock or unlock command is received (typically in conjunction with a valid authentication code), the security device physically blocks or allows passage of signals to and from the protected device.
    Type: Grant
    Filed: September 26, 2017
    Date of Patent: October 12, 2021
    Assignee: NANOLOCK SECURITY INC.
    Inventors: Nitzan Daube, Eran Fine, Shlomo Oren
  • Patent number: 11134137
    Abstract: Filter-based request processing includes generating first data corresponding to a request. A first queue node is generated for processing the first data. The first queue node references a first buffer and a filter subroutine. The first buffer references the first data and a completion handler for performing completion tasks associated with the filter subroutine. The first queue node is executed. The executing includes processing the first data using the filter subroutine to generate a second buffer referencing second data. A second queue node is generated that includes the completion handler. The second queue node is executed. The executing includes processing the completion handler to perform the completion tasks. A response is transmitted corresponding to the request. The response includes the second data referenced by the second buffer.
    Type: Grant
    Filed: April 1, 2019
    Date of Patent: September 28, 2021
    Assignee: F5 NETWORKS, INC.
    Inventors: Igor Sysoev, Valentin Bartenev, Nikolay Shadrin, Maxim Romanov
  • Patent number: 11115192
    Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing cryptographic keys based on user identity information. One of the methods includes receiving biometric information associated with a user and a request to store a user key pair to a memory on an identity cryptographic chip (ICC); comparing the biometric information associated with the user with biometric information pre-stored in the memory as pre-stored biometric information; in response to determining that the biometric information associated with the user matches the pre-stored biometric information, encrypting the user key pair to provide an encrypted user key pair; and storing the encrypted user key pair to the memory.
    Type: Grant
    Filed: September 30, 2019
    Date of Patent: September 7, 2021
    Assignee: Advanced New Technologies Co., Ltd.
    Inventors: Zhiyuan Feng, Yanpeng Li, Long Cheng
  • Patent number: 11114069
    Abstract: In some examples, a non-transitory machine readable medium storing instructions executable by a processor to store display information in a private memory hidden from an operating system (OS), and divisibly virtualize a contiguous planar display into a first area as a main display and a second area as a second display separate from the main display, where the continuous planar display is divisibly virtualized responsive to exposure of the display information to the OS or the display information being directly provided to a graphics processing unit (GPU).
    Type: Grant
    Filed: December 8, 2017
    Date of Patent: September 7, 2021
    Assignee: Hewlett-Packard Development Company, L.P.
    Inventors: Mario E Campos, Monji G Jabori, Scott Rawlings, Thong Thai
  • Patent number: 11113204
    Abstract: An integrated circuit includes a first communication interface for communicatively coupling the integrated circuit with a coherent data processing system, a second communication interface for communicatively coupling the integrated circuit with an accelerator unit including an accelerator functional unit and an effective address-based accelerator cache for buffering copies of data from the system memory of the coherent data processing system, and a real address-based directory inclusive of contents of the accelerator cache. The real address-based directory assigns entries based on real addresses utilized to identify storage locations in the system memory.
    Type: Grant
    Filed: April 18, 2019
    Date of Patent: September 7, 2021
    Assignee: International Business Machines Corporation
    Inventors: Bartholomew Blaner, Michael S. Siegel, Jeffrey A. Stuecheli, William J. Starke, Kenneth M. Valk, John D. Irish, Lakshminarayana Arimilli
  • Patent number: 11102298
    Abstract: Locally providing cloud storage array services for a plurality of storage systems within a data center by receiving a request from an operating system level virtualization service; and determining, among the plurality of storage systems, an implementation of the request from the operating system level virtualization service, among the plurality of storage systems.
    Type: Grant
    Filed: January 23, 2019
    Date of Patent: August 24, 2021
    Assignee: Pure Storage, Inc.
    Inventors: Benjamin Borowiec, Terence Noonan, Patrick East
  • Patent number: 11100045
    Abstract: An approach is provided for collecting data files from target devices. A data collection manager implemented in a mobile device generates a collector based, at least in part, on collection definition data. The collector is configured to perform a data search on a target device. The data collection manager causes to transmit the collector to a network server for storing the collector in the network server, and causes to transmit a notification to the network server to notify a custodian of the target device that the collector is to be downloaded from the network server to the target device for execution. Executing the collector causes the collector to selectively determine one or more data files that have certain characteristics and that are hosted on the target device, collect the one or more data files from the target device, and store the one or more data files in the network server.
    Type: Grant
    Filed: January 28, 2019
    Date of Patent: August 24, 2021
    Assignee: Ricoh Company, Ltd.
    Inventor: David Greetham
  • Patent number: 11094179
    Abstract: A delivery management system includes: an authentication unit that authenticates a user; a storage unit that stores identification information on an article stored in a storage area that is a target article associated with the user; and a control unit that, when an article carried out by the authenticated user from the storage area is the same as the target article, permits the user to exit the storage area.
    Type: Grant
    Filed: September 10, 2018
    Date of Patent: August 17, 2021
    Assignee: NEC CORPORATION
    Inventors: Yasuji Saito, Hajime Suzuki
  • Patent number: 11093629
    Abstract: One embodiment of the present invention is a method including: (a) representing virtual primary disk data and state data of a virtual machine in a unit of storage; (b) exposing the virtual primary disk data of the virtual machine to a guest of the virtual machine to allow the guest to access the virtual primary disk data; and (c) preventing the guest from accessing the state data for the virtual machine.
    Type: Grant
    Filed: May 27, 2016
    Date of Patent: August 17, 2021
    Assignee: VMware, Inc.
    Inventors: Daniel K. Hiltgen, Rene W. Schmidt
  • Patent number: 11086779
    Abstract: Disclosed are a method and system for managing multi-threaded concurrent access to a cache data structure. The cache data structure includes a hash table and three queues. The hash table includes a list of elements for each hash bucket with each hash bucket containing a mutex object and elements in each of the queues containing lock objects. Multiple threads can each lock a different hash bucket to have access to the list, and multiple threads can each lock a different element in the queues. The locks permit highly concurrent access to the cache data structure without conflict. Also, atomic operations are used to obtain pointers to elements in the queues so that a thread can safely advance each pointer. Race conditions that are encountered with locking an element in the queues or entering an element into the hash table are detected, and the operation encountering the race condition is retried.
    Type: Grant
    Filed: November 11, 2019
    Date of Patent: August 10, 2021
    Assignee: VMware, Inc.
    Inventors: Wenguang Wang, Mounesh Badiger, Abhay Kumar Jain, Junlong Gao, Zhaohui Guo, Richard P. Spillane
  • Patent number: 11074494
    Abstract: In one respect, there is provided a system for classifying an instruction sequence with a machine learning model. The system may include at least one processor and at least one memory. The memory may include program code that provides operations when executed by the at least one processor. The operations may include: processing an instruction sequence with a trained machine learning model configured to detect one or more interdependencies amongst a plurality of tokens in the instruction sequence and determine a classification for the instruction sequence based on the one or more interdependencies amongst the plurality of tokens; and providing, as an output, the classification of the instruction sequence. Related methods and articles of manufacture, including computer program products, are also provided.
    Type: Grant
    Filed: November 7, 2016
    Date of Patent: July 27, 2021
    Assignee: Cylance Inc.
    Inventors: Xuan Zhao, Matthew Wolff, John Brock, Brian Wallace, Andy Wortman, Jian Luan, Mahdi Azarafrooz, Andrew Davis, Michael Wojnowicz, Derek Soeder, David Beveridge, Eric Petersen, Ming Jin, Ryan Permeh
  • Patent number: 11074076
    Abstract: Dynamic load balancing of hardware threads in clustered processor cores using shared hardware resources, and related circuits, methods, and computer readable media are disclosed. In one aspect, a dynamic load balancing circuit comprising a control unit is provided. The control unit is configured to determine whether a suboptimal load condition exists between a first cluster and a second cluster of a clustered processor core. If a suboptimal load condition exists, the control unit is further configured to transfer a content of private register(s) of a first hardware thread of the first cluster to private register(s) of a second hardware thread of the second cluster via shared hardware resources of the first hardware thread and the second hardware thread. The control unit is also configured to exchange a first identifier associated with the first hardware thread with a second identifier associated with the second hardware thread via the shared hardware resources.
    Type: Grant
    Filed: May 7, 2014
    Date of Patent: July 27, 2021
    Assignee: QUALCOMM Incorporated
    Inventors: Suresh Kumar Venkumahanti, Stephen Robert Shannon, Lin Wang
  • Patent number: 11074199
    Abstract: Some examples described relate to securing a memory device of a computing system. For instance, a method may comprise comparing a command for the memory device to each command in a list of commands. The command is accepted when the command matches an authorized command in the list of commands. The accepted command is issued to the memory device.
    Type: Grant
    Filed: January 27, 2016
    Date of Patent: July 27, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: David F. Heinrich, Theodore F. Emerson, Don A. Dykes, Sukhamoy Som
  • Patent number: 11068614
    Abstract: Data is frequently protected by securing the data within containers that are only accessible using a specific security application. Once such data is transferred, all protections provided by the security application are lost. Methods and systems provide secured access to data by intercepting requests for access to a data files accessed via an IHS (Information Handling System) by applications operating within the operating system of the IHS. Based on condition settings stored in the data files, access privileges are determined for applications. The conditions settings include environmental conditions required for providing access to the data. If the IHS satisfies the environmental conditions specified by a data file, access to the data file may be granted. The data requests may be intercepted by a kernel process of the operating system of the IHS. The environmental conditions may specify requirements on the networks, display devices and/or software utilized by the IHS.
    Type: Grant
    Filed: August 30, 2018
    Date of Patent: July 20, 2021
    Assignee: Dell Products, L.P.
    Inventors: Daniel L. Hamlin, Minhaj Ahmed
  • Patent number: 11061753
    Abstract: Systems, apparatuses, and methods for implementing a hardware enforcement mechanism to enable platform-specific firmware visibility into an error state ahead of the operating system are disclosed. A system includes at least one or more processor cores, control logic, a plurality of registers, platform-specific firmware, and an operating system (OS). The control logic allows the platform-specific firmware to decide if and when the error state is visible to the OS. In some cases, the platform-specific firmware blocks the OS from accessing the error state. In other cases, the platform-specific firmware allows the OS to access the error state such as when the OS needs to unmap a page. The control logic enables the platform-specific firmware, rather than the OS, to make decisions about the replacement of faulty components in the system.
    Type: Grant
    Filed: March 29, 2018
    Date of Patent: July 13, 2021
    Assignee: Advanced Micro Devices, Inc.
    Inventors: Dean A. Liberty, Vilas K. Sridharan, Michael T. Clark, Jelena Ilic, David S. Christie, James R. Williamson, Cristian Constantinescu
  • Patent number: 11061833
    Abstract: Method and apparatus for handling page protection faults in combination particularly with the dynamic conversion of binary code executable by a one computing platform into binary code executed instead by another computing platform. In one exemplary aspect, a page protection fault handling unit is used to detect memory accesses, to check page protection information relevant to the detected access by examining the contents of a page descriptor store, and to selectively allow the access or pass on page protection fault information in accordance with the page protection information.
    Type: Grant
    Filed: December 16, 2019
    Date of Patent: July 13, 2021
    Assignee: International Business Machines Corporation
    Inventors: Simon Murray, Geraint M. North
  • Patent number: 11036633
    Abstract: Systems, apparatuses, and methods related to hierarchical memory are described. A hierarchical memory system that can leverage persistent memory to store data that is generally stored in a non-persistent memory. Logic circuitry can be configured to determine that a request to access a persistent memory device corresponds to an operation to divert data from the non-persistent memory device to the persistent memory device, generate an interrupt signal, and cause the interrupt signal to be asserted on a host coupleable to the logic circuitry as part of the operation to divert data from the non-persistent memory device to the persistent memory device. Access data and control messages can be transferred between or within a memory device, including to or from a multiplexer and/or a state machine. A state machine can include logic circuitry configured to transfer interrupt request messages to and receive interrupt request messages.
    Type: Grant
    Filed: August 22, 2019
    Date of Patent: June 15, 2021
    Assignee: Micron Technology, Inc.
    Inventors: Vijay S. Ramesh, Anton Korzh, Richard C. Murphy
  • Patent number: 11023134
    Abstract: A host device is configured to communicate over a network with a storage system. The host device comprises a multi-path input-output (MPIO) driver configured to control delivery of input-output (IO) operations from the host device to the storage system over selected ones of a plurality of paths through the network, and a data service driver. The data service driver is configured to provide one or more data services on the host device, wherein the one or more data services correspond to respective extensions. The respective extensions are organized in different levels in a stacked configuration. The data service driver is further configured to receive and process a given IO operation through the respective extensions in the stacked configuration. The MPIO driver is a component of first MPIO software for the host device, and the data service driver is a component of second MPIO software for the host device.
    Type: Grant
    Filed: May 22, 2020
    Date of Patent: June 1, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Vinay G. Rao, Madhu Tarikere
  • Patent number: 11023609
    Abstract: A computer initiates a fault prevention shell. The computer protects a plurality of the computer's files in a first storage area. The computer carries out a command entered by a user into the fault prevention shell, wherein the command targets one or more of the plurality of the computer's files in the first storage area, and wherein the command is carried out on a copy of the one or more of the plurality of the computer's files in a second storage area. The computer prompts a commit by the user to perform the command on the one or more of the plurality of the computer's files in the first storage area. The computer processes a user response to the prompt. The computer updates one or more command lists with the command.
    Type: Grant
    Filed: November 26, 2018
    Date of Patent: June 1, 2021
    Assignee: International Business Machines Corporation
    Inventor: Shingo Nagai
  • Patent number: 11019072
    Abstract: Techniques for providing content management based on spatial and temporal information are disclosed herein. In an example, a service provides content management based on properties determined from a schedule of a user. The schedule of the user is processed to identify a geo-fenced area assigned for performing a task. Upon determining that the location of the client device as within the geo-fenced area, content identified by the task may be accessed through the client to perform the task.
    Type: Grant
    Filed: November 12, 2019
    Date of Patent: May 25, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventor: Leela S Tamma
  • Patent number: 11010251
    Abstract: At least one processing device is configured to detect a failure event impacting at least a first storage node of a distributed storage system, and responsive to the detected failure event, to initiate a metadata recovery process for at least the first storage node. In conjunction with the metadata recovery process, destaging of a metadata update journal of the first storage node is performed, the destaging of the metadata update journal of the first storage node being performed in multiple phases, including at least a preload phase in which, for each of a plurality of pages required for the destaging of the metadata update journal, one or more address locks are obtained for the page, the page is preloaded into a memory of the first storage node from persistent storage accessible to the first storage node, and the one or more address locks are released, and an update and write phase.
    Type: Grant
    Filed: March 10, 2020
    Date of Patent: May 18, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Alex Soukhman, Lior Kamran
  • Patent number: 11010455
    Abstract: Method for processing data, in which a Petri net is encoded, written into a memory and read and executed by at least one instance, wherein transitions of the Petri net read from at least one tape and/or write on at least one tape symbols or symbol strings, with the aid of at least one head. [FIG. 1]. In an alternative, data-processing, co-operating nets are composed, the composition result is encoded, written into a memory and read and executed from the memory by at least one instance. In doing this, components can have cryptological functions. The data-processing nets can receive and process second data from a cryptological function which is executed in a protected manner. The invention enables processing of data which prevents semantic analysis of laid-open, possibly few processing steps and which can produce a linkage of the processing steps with a hardware which is difficult to isolate.
    Type: Grant
    Filed: December 13, 2019
    Date of Patent: May 18, 2021
    Assignee: Whitecryption Corporation
    Inventor: Wulf Harder
  • Patent number: 11010069
    Abstract: An information processing apparatus includes a first memory configured to store first conversion information used for converting a virtual address to a physical address of a memory region to access data stored in the memory region; a second memory configured to store second conversion information used for converting a virtual address to a logical block address of a storage device to access data stored in the storage device; memory management circuitry configured to execute a first processor a second process, according to an access destination of a first virtual address, the first process includes address conversion on the first virtual address using the first conversion information or the second conversion information and memory access to the memory region based on a result of the address conversion, the second process including notification of a first logical block address associated with the first virtual address to an operating system.
    Type: Grant
    Filed: January 30, 2019
    Date of Patent: May 18, 2021
    Assignee: FUJITSU LIMITED
    Inventor: Satoshi Imamura
  • Patent number: 11006544
    Abstract: A system to facilitate automatic data center assembly is described. The system includes a first enclosure, including a first set of components, each component including a component manager to perform a component function and a first enclosure manager, communicatively coupled to each component manager, to perform a discovery of each of the first set of components and discover one or more adjacent enclosures coupled to the enclosure via link cables. The system also includes a system manager to automatically discover the first enclosure via the first enclosure manager and discover each of the first set of plurality of components via an associated component manager.
    Type: Grant
    Filed: December 4, 2019
    Date of Patent: May 11, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventor: Montgomery Carl McGraw
  • Patent number: 10997306
    Abstract: A device may obtain user activity data associated with a plurality of processes being run by the device, where the user activity data identifies user interactions with one or more user input devices, where the plurality of processes is associated with a plurality of process identifiers, and where the user activity data is associated with the plurality of process identifiers. The device may detect an attempt, initiated by a first process having a first process identifier, to access a data file of a file system, and may compare the first process identifier and the plurality of process identifiers to determine whether the first process is associated with a first user interaction included in the user activity data, and may selectively grant the first process access to the data file based on determining whether the first process is associated with the first user interaction.
    Type: Grant
    Filed: November 27, 2018
    Date of Patent: May 4, 2021
    Assignee: Accenture Global Solutions Limited
    Inventors: Dani Grabois, Yair Karmy, Asaf Cohen, Roee Schreiber
  • Patent number: 10999284
    Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.
    Type: Grant
    Filed: October 29, 2020
    Date of Patent: May 4, 2021
    Assignee: Intel Corporation
    Inventors: Barry E. Huntley, Gilbert Neiger, H. Peter Anvin, Asit K. Mallick, Adriaan Van De Ven, Scott D. Rodgers
  • Patent number: 10990297
    Abstract: An apparatus comprises a storage system having storage devices and an associated storage controller. In conjunction with initiation of a checkpoint, the storage controller sets a checkpoint started flag for the checkpoint, marks user data pages and metadata pages for write operations already entered in a write journal of the storage system as of the setting of the checkpoint started flag as checkpoint pages, and marks user data pages and metadata pages for new write operations entered in the write journal after the setting of the checkpoint started flag as non-checkpoint pages by altering information used to generate signatures for respective ones of the metadata pages. Metadata pages characterizing the same user data pages subject to write operations at different times thereby have different signatures depending on whether or not the checkpoint started flag was set when its corresponding write operation was entered in the write journal.
    Type: Grant
    Filed: July 21, 2017
    Date of Patent: April 27, 2021
    Assignee: EMC IP Holding Company LLC
    Inventors: Ying Hu, Anton Kucherov, Zvi Schneider, Vladimir Shveidel, Xiangping Chen, Felix Shvaiger
  • Patent number: 10990667
    Abstract: Certain example embodiments described herein relate to techniques for automatically protecting, or hardening, software against exploits of memory-corruption vulnerabilities. The techniques include arranging a plurality of guard regions in the memory in relation to data objects formed by the application program, identifying an access by the application program to a guard region arranged in the memory as a disallowed access, and modifying the execution of the application program in response to the identifying, the modifying being in order to prevent exploitation of the memory and/or to correctly execute the application program.
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: April 27, 2021
    Assignee: GrammaTech, Inc.
    Inventors: David Gordon Melski, Nathan Taylor Kennedy, Drew Christian Dehaas
  • Patent number: 10983953
    Abstract: The described technology is generally directed towards domains that data services can use to collect files of a global filesystem namespace into groups. A data service (a domain patron) creates a domain, e.g., for a particular directory, and a domain manager associates files under that directory with domain membership information. Thereafter, the data service can use the domain membership information associated with a file to determine whether to include that file in a data service operation. In one implementation the membership information is maintained in file metadata, facilitating fast and efficient retrieval of the information in near constant time. Exclusion from a domain, hard links, renames and alternate data streams are among the various aspects supported by the domain technology.
    Type: Grant
    Filed: February 1, 2019
    Date of Patent: April 20, 2021
    Assignee: EMC IP HOLDING COMPANY LLC
    Inventors: Mayank Rajawat, Barry Naujok, Mohd Fahadullah
  • Patent number: 10970401
    Abstract: In a general aspect, a system can include a processor having a secure mode and a non-secure mode, and a secure module configured to respond to tokens posted by the processor in the secure mode. Each token can identify a secure asset, and source and destination addresses within secure and public address spaces. The secure module can include a memory storing secure assets identifiable by the tokens and a memory access circuit to read data from source addresses and write processed data to destination addresses. The system can further include a cryptography engine configured to process the read data using identified secure assets. The secure module can respond to tokens posted in the non-secure mode. The memory can store, with each secure asset, a respective rule defining the address spaces where the memory access circuit may read and write data. The secure module can ignore tokens that do not satisfy respective rules.
    Type: Grant
    Filed: May 12, 2017
    Date of Patent: April 6, 2021
    Assignee: Rambus, Inc.
    Inventors: Gijs Willemse, Marc Van Hoorn, Marcel Van Loon
  • Patent number: 10969980
    Abstract: A processor includes a processing core; a filter register to store a first permissions filter; and a memory management unit (MMU), coupled to the processing core, the filter register and a first peripheral device associated with the first permissions filter, wherein the MMU comprises a logic circuit to manage a shared page table comprising entries corresponding to the processing core and the first peripheral device, wherein the logic circuit is to; receive a memory access request for a first page of memory from the first peripheral device; determine whether the set of permission bits of the first entry match a first combination of bits of the first permissions filter; grant the memory access request if the set of permission bits match the first combination of bits of the first permissions filter; and cause a page fault if the set of permission bits do not matching the first combination of bits.
    Type: Grant
    Filed: March 28, 2019
    Date of Patent: April 6, 2021
    Assignee: Intel Corporation
    Inventors: David Hansen, Ashok Raj
  • Patent number: 10956205
    Abstract: Data processing apparatus comprises one or more transaction issuing devices configured to issue data processing transactions to be handled by a downstream device and to receive a completion acknowledgement in respect of each completed transaction; each transaction issuing device having associated transaction regulator circuitry configured to allow that transaction issuing device to issue transactions subject to a limit on a maximum number of outstanding transactions, an outstanding transaction being a transaction which has been issued but for which a completion acknowledgement has not yet been received; in which the downstream device is configured to issue an indication to a transaction issuing device, to authorize a change by the transaction regulator circuitry of the limit applicable to outstanding transactions by that transaction issuing device.
    Type: Grant
    Filed: January 3, 2017
    Date of Patent: March 23, 2021
    Assignee: ARM Limited
    Inventors: Alistair Crone Bruce, Andrew David Tune
  • Patent number: 10949201
    Abstract: A processor and method for handling lock instructions identifies which of a plurality of older store instructions relative to a current lock instruction are able to be locked. The method and processor lock the identified older store instructions as an atomic group with the current lock instruction. The method and processor negatively acknowledge probes until all of the older store instructions in the atomic group have written to cache memory. In some implementations, an atomic grouping unit issues an indication to lock identified older store instructions that are retired and lockable, and in some implementations, also issues an indication to lock older stores that are determined to be lockable that are non-retired.
    Type: Grant
    Filed: February 27, 2019
    Date of Patent: March 16, 2021
    Assignee: Advanced Micro Devices, Inc.
    Inventors: Scott Thomas Bingham, Marius Evers, Krishnan V. Ramani, Thomas Kunjan
  • Patent number: 10949376
    Abstract: An electronic device is disclosed that includes a housing, a universal serial bus (USB) connector exposed through one region of the housing, a wireless communication circuitry supporting short-range wireless communication, at least one processor electrically connected with the USB connector and the wireless communication circuitry, and a memory electrically connected with the processor. The memory stores instructions, when executed, causing the at least one processor to, while the USB connector is connected with a first external device and while the wireless communication circuitry performs wireless communication with a second external device, determine a wired communication state with the first external device through the USB connector and adjust a power saving scheme for the wireless communication based at least in part on the determined state. In addition, various embodiments recognized through the specification are possible.
    Type: Grant
    Filed: October 22, 2018
    Date of Patent: March 16, 2021
    Assignee: Samsung Electronics Co., Ltd.
    Inventors: Soon Ho Lee, Guneet Singh Khurana, Woo Kwang Lee, Yong Seok Jang, Bu Seop Jung, Doo Suk Kang, Min Jung Kim, Bo Kun Choi
  • Patent number: 10936211
    Abstract: There is described a method, data processing apparatus and computer program product for initializing storage protection, the storage protection for enforcing access permission for a region of storage configured in a layout of regions according to at least one security constraint, the method comprising: receiving a set of storage requirements; generating a layout whereby the layout comprises a combination of storage regions that accommodate the storage requirements within the at least one security constraint; and configuring the storage protection according to the generated layout, wherein generating a layout comprises: calculating, for each storage requirement, a list of all storage regions that could accommodate the storage requirement within the at least one security constraint; selecting and testing combinations of storage regions until a selected combination accommodates the storage requirements within the at least one security constraint; and providing the accommodated combination of storage regions as a
    Type: Grant
    Filed: September 7, 2017
    Date of Patent: March 2, 2021
    Assignee: ARM IP LTD
    Inventors: Alessandro Angelino, Milosch Meriac, Niklas Lennart Hauser
  • Patent number: 10936213
    Abstract: Methods, systems, and devices associated with techniques for secure writes by non-privileged users are described. A memory device may be configured with one or more blocks of memory operating in a secure write mode. The memory device may receive an append command from a non-privileged user. The append command may indicate data to write to the block of memory at an address determined by the memory device. The memory device may identify a pointer to the address for storing the data within the block of memory. The memory device may write the data to a portion of the block of memory based on identifying the pointer and may update the pointer associated with the block of memory based on writing the data.
    Type: Grant
    Filed: March 13, 2019
    Date of Patent: March 2, 2021
    Assignee: Micron Technology, Inc.
    Inventors: Olivier Duval, Lance Dover
  • Patent number: 10936775
    Abstract: A hardware monitor arranged to detect out-of-bounds violations in a hardware design for an electronic device. The hardware monitors include monitor and detection logic configured to monitor the current operating state of an instantiation of the hardware design and detect when the instantiation of the hardware design implements a fetch of an instruction from memory; and assertion evaluation logic configured to evaluate one or more assertions that assert a formal property that compares the memory address of the fetched instruction to an allowable memory address range associated with the current operating state of the instantiation of the hardware design to determine whether there has been an out-of-bounds violation. The hardware monitor may be used by a formal verification tool to exhaustively verify that the hardware design does not cause an instruction to be fetched from an out-of-bounds address.
    Type: Grant
    Filed: July 16, 2020
    Date of Patent: March 2, 2021
    Assignee: Imagination Technologies Limited
    Inventors: Ashish Darbari, Iain Singleton
  • Patent number: 10929293
    Abstract: A system includes a plurality of processes, a network fabric, and a shared memory accessible by the plurality of processes over the network fabric, the shared memory to store a plurality of elements of a data structure. A first process is designated as being allowed to update a target variable stored in the shared memory, and a second process of the plurality of processes writes a request for an atomic operation to a first region in the shared memory. The first process is responsive to the request to perform the atomic operation that updates the target variable, and write a result including a value of the updated target variable to a second region in the shared memory, the second region readable by the second process, the request and the result being elements of the data structure.
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: February 23, 2021
    Assignee: Hewlett Packard Enterprise Development LP
    Inventors: John L. Byrne, Harumi Kuno, Khemraj Shukla, Wei Zhang
  • Patent number: 10922403
    Abstract: Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content. The content is accessed in a protected derived user account (DUA) such as a SAE DUA if the content is untrusted otherwise the content is accessed in a regular DUA if the content is trusted.
    Type: Grant
    Filed: October 18, 2018
    Date of Patent: February 16, 2021
    Assignee: Google LLC
    Inventor: Úlfar Erlingsson
  • Patent number: 10915370
    Abstract: Direct inter-processor communication is enabled with respect to data in a memory location without having to switch specific circuits through a switching element (e.g., an optical switch). Rather, in this approach a memory pool is augmented to include a dedicated portion that serves as a disaggregated memory common space for communicating processors. The approach obviates the requirement of switching of physical memory modules through the optical switch to enable the processor-to-processor communication. Rather, processors (communicating with another) have an overlapping ability to access the same memory module in the pool; thus, there is no longer a need to change physical optical switch circuits to facilitate the inter-processor communication. The disaggregated memory common space is shared among the processors, which can access the common space for reads and writes, although particular locations in the memory common space for reads and writes are different.
    Type: Grant
    Filed: November 29, 2018
    Date of Patent: February 9, 2021
    Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATION
    Inventors: Yaoping Ruan, John A. Bivens, Min Li, Ruchi Mahindru, HariGovind V. Ramasamy, Valentina Salapura, Eugen Schenfeld
  • Patent number: 10915269
    Abstract: The present invention provides a system on chip (SoC), wherein the SoC comprises a first processor, a second processor and a memory. The memory stores a first parameter and a second parameter, wherein the first parameter is set by the first processor to indicate whether a specific region of the memory is locked or unlocked, and the second parameter is set by the first processor to indicate whether the specific region of the memory is locked or unlocked. In the operations of the SoC, before the first processor intends or prepares to access the specific region, the first processor refers to the second parameter to determine if the specific region is allowed to be accessed by the first processor.
    Type: Grant
    Filed: July 5, 2018
    Date of Patent: February 9, 2021
    Assignee: Silicon Motion, Inc.
    Inventor: Kuan-Yu Ke
  • Patent number: 10901789
    Abstract: A system and method of registering one or more objects in a container of a multi-threaded computing system. A method includes prefixing, to each object of the one or more objects, an object header having a version counter with an initial version count of zero. The method further includes for each object to be allocated to a thread of the multi-threaded computing system, allocating an object frame associated with each allocated object to the thread while maintaining the object header. The method further includes constructing each allocated object in the object frame after the object header, and initializing the object header of each allocated object by executing a store/store memory barrier and incrementing the version counter by a count of one to mark the associated allocated object as valid.
    Type: Grant
    Filed: April 2, 2019
    Date of Patent: January 26, 2021
    Assignee: SAP SE
    Inventor: Ivan Schreter
  • Patent number: 10904208
    Abstract: The controller has a communication unit that receives read/write requests specifying an address of the same virtual area from a plurality of clients, and an actual area to be read/written by the communication unit. The communication unit has a management table that associates an identifier of the client with an address of the actual area that is different for each client, and an address conversion unit that carries out reading and writing to the address of the actual area associated with the identifier of the client with reference to the management table.
    Type: Grant
    Filed: December 20, 2018
    Date of Patent: January 26, 2021
    Assignee: Fanuc Corporation
    Inventor: Masaki Tanabe
  • Patent number: 10887362
    Abstract: Systems for identifying misappropriation of forensically-watermarked video content. A method embodiment for forensic watermarking commences upon identifying video sources. A video is partitioned into frame ranges or “chunks”. Different watermarking schemes are applied to the chunks to generate different watermarked versions of each chunk. Upon receiving a request from a user to view a requested video, a digital signature is generated from a set of request attributes such as a user ID or session ID. A video stream is assembled wherein the stream chunk order comprises a particular recoverable sequence of the differing watermarked chunks, where the sequence is based on bit sequences of the digital signature. A misappropriated video or portion thereof can be analyzed to identify the particular recoverable sequence or portion thereof. Based on the recoverable sequence, the digital signature can be recovered, and based on the digital signature, the source of the misappropriation can be determined.
    Type: Grant
    Filed: April 10, 2017
    Date of Patent: January 5, 2021
    Assignee: Box, Inc.
    Inventor: Victor De Vansa Vikramaratne
  • Patent number: 10884668
    Abstract: A memory system includes a controller and a non-volatile memory device. The controller is connectable to a host device by a bus conforming to a serial peripheral interface (SPI) standard, and configured to recognize a command signal that is received over the bus immediately after a chip select signal is received over the bus. The non-volatile memory device stores first information indicating a data size, second information indicating a manufacturer ID, third information indicating a device ID, and fourth information. The controller, upon recognizing that the command signal is an identification (ID) read command, outputs to the host device, response information that has the data size indicated by the first information and includes any one of: (i) the second information and the third information, and (ii) the second information, the third information, and the fourth information.
    Type: Grant
    Filed: August 29, 2019
    Date of Patent: January 5, 2021
    Assignee: Toshiba Memory Corporation
    Inventors: Hiroya Shirakura, Kyoko Shoji, Shinya Takeda