16th week of 2014 patent applcation highlights part 70 |
Patent application number | Title | Published |
20140108723 | REDUCING METADATA IN A WRITE-ANYWHERE STORAGE SYSTEM - Systems and methods for reducing metadata in a write-anywhere storage system are disclosed herein. The system includes a plurality of clients coupled with a plurality of storage nodes, each storage node having a plurality of primary storage devices coupled thereto. A memory management unit including cache memory is included in the client. The memory management unit serves as a cache for data produced by the clients before the data is stored in the primary storage. The cache includes an extent cache, an extent index, a commit cache and a commit index. The movement of data and metadata is by an interval tree. Methods for reducing data in the interval tree increase data storage and data retrieval performance of the system. | 2014-04-17 |
20140108724 | PREVENTING ACCESS LOSS WHEN DEVICE ADAPTER AFFINITY TO A NODE CHANGES - Provided are a computer implemented method, computer program product, and system for maintaining state information. An available node affiliated with an unavailable device adapter and an unavailable node affiliated with an available device adapter are identified, wherein the available node is assigned a first subset of disk arrays, and wherein the unavailable node is assigned a second subset of disk arrays. The available device adapter is affiliated with the available node. First state information of the first node that describes a state of the first subset of disk arrays is updated with second state information of the second node that describes a state of the second subset of disk arrays. Access to the first subset of disk arrays and the second subset of disk arrays is provided through the available node and the available device adapter using the updated first state information. | 2014-04-17 |
20140108725 | SEMICONDUCTOR MEMORY DEVICE - A semiconductor memory device includes a memory cell array configured to include sub memory blocks and a redundancy memory block, data line groups configured to deliver data to be programmed into the sub memory blocks and data read from the sub memory blocks, a redundancy data line group configured to deliver data to be programmed into the redundancy memory block and data read from the redundancy memory block, and switching circuits configured to couple selectively the data line groups to the redundancy data line group. | 2014-04-17 |
20140108726 | ACCELERATOR SYSTEM FOR USE WITH SECURE DATA STORAGE - Data processing and an accelerator system therefore are described. An embodiment relates generally to a data processing system. In such an embodiment, a bus and an accelerator are coupled to one another. The accelerator has an application function block. The application function block is to process data to provide processed data to storage. A network interface is coupled to obtain the processed data from the storage for transmission. | 2014-04-17 |
20140108727 | STORAGE APPARATUS AND DATA PROCESSING METHOD - To raise the CPU cache hit rate and improve the I/O processing. Controller is CPU configured from a CPU core and a CPU cache wherein the CPU selects memory bus optimization execution processing or cache poisoning optimization execution processing according to an attribute of the access target volume on the basis of an access request. If the memory bus optimization execution processing is selected, CPU loads the target data into the CPU core after storing the target data in the main storage area, and if the cache poisoning optimization execution processing is selected, the CPU loads the target data into the CPU core after storing the target data in the temporary area of the CPU cache from the CPU memory, and the CPU core checks the target data which was loaded from the main storage area or the temporary area of the CPU cache. | 2014-04-17 |
20140108728 | MANAGING A LOCK TO A RESOURCE SHARED AMONG A PLURALITY OF PROCESSORS - Provided are a computer program product, system, and method for managing a lock to a resource shared among a plurality of processors. Slots in a memory implement the lock on the shared resource. The slots correspond to counter values that are consecutively numbered and indicate one of busy and free. A requesting processor fetches a counter value comprising a fetched counter value. A determination is made as to whether the slot corresponding to the fetched counter value indicates free. A processor identifier of the requesting processor is inserted into the slot corresponding to the fetched counter value in response to determining that the slot corresponding to the fetched counter value indicates not free. The requesting processor accesses the shared resource in response to determining that the slot corresponding to the fetched counter value indicates free. | 2014-04-17 |
20140108729 | SYSTEMS AND METHODS FOR LOAD CANCELING IN A PROCESSOR THAT IS CONNECTED TO AN EXTERNAL INTERCONNECT FABRIC - Systems and methods for load canceling in a processor that is connected to an external interconnect fabric are disclosed. As a part of a method for load canceling in a processor that is connected to an external bus, and responsive to a flush request and a corresponding cancellation of pending speculative loads from a load queue, a type of one or more of the pending speculative loads that are positioned in the instruction pipeline external to the processor, is converted from load to prefetch. Data corresponding to one or more of the pending speculative loads that are positioned in the instruction pipeline external to the processor is accessed and returned to cache as prefetch data. The prefetch data is retired in a cache location of the processor. | 2014-04-17 |
20140108730 | SYSTEMS AND METHODS FOR NON-BLOCKING IMPLEMENTATION OF CACHE FLUSH INSTRUCTIONS - Systems and methods for non-blocking implementation of cache flush instructions are disclosed. As a part of a method, data is accessed that is received in a write-back data holding buffer from a cache flushing operation, the data is flagged with a processor identifier and a serialization flag, and responsive to the flagging, the cache is notified that the cache flush is completed. Subsequent to the notifying, access is provided to data then present in the write-back data holding buffer to determine if data then present in the write-back data holding buffer is flagged. | 2014-04-17 |
20140108731 | Energy Optimized Cache Memory Architecture Exploiting Spatial Locality - Aspects of the present invention provide a “SuperTag” cache that manages cache at three granularities: (i) coarse grain, multi-block “super blocks,” (ii) single cache blocks and (iii) fine grain, fractional block “data segments.” Since contiguous blocks have the same tag address, by tracking multi-block super blocks, the SuperTag cache inherently increases per-block tag space, allowing higher compressibility without incurring high area overheads. To improve compression ratio, the SuperTag cache uses variable-packing compression allowing variable-size compressed blocks without requiring costly compactions. The SuperTag cache also stores data segments dynamically. In addition, the SuperTag cache is able to further improve the compression ratio by co-compressing contiguous blocks. As a result, the Super Tag cache improves energy and performance for memory intensive applications over conventional compressed caches. | 2014-04-17 |
20140108732 | CACHE LAYER OPTIMIZATIONS FOR VIRTUALIZED ENVIRONMENTS - Embodiments of the invention relate to optimizing the storage of data in a multi-cache level environment. In one aspect, data is classified into primary and secondary cache sections. Data is differentiated based on an inherent sharing characteristic of the data within a system comprising virtual machines. The data is then placed into the classified sections of the cache storage layer and/or persistent data, reflective of how the data is shared among virtual disk images access by virtual machines. | 2014-04-17 |
20140108733 | DISABLING CACHE PORTIONS DURING LOW VOLTAGE OPERATIONS - Methods and apparatus relating to disabling one or more cache portions during low voltage operations are described. In some embodiments, one or more extra bits may be used for a portion of a cache that indicate whether the portion of the cache is capable at operating at or below Vccmin levels. Other embodiments are also described and claimed. | 2014-04-17 |
20140108734 | METHOD AND APPARATUS FOR SAVING PROCESSOR ARCHITECTURAL STATE IN CACHE HIERARCHY - A processor includes a first processing unit and a first level cache associated with the first processing unit and operable to store data for use by the first processing unit used during normal operation of the first processing unit. The first processing unit is operable to store first architectural state data for the first processing unit in the first level cache responsive to receiving a power down signal. A method for controlling power to processor including a hierarchy of cache levels includes storing first architectural state data for a first processing unit of the processor in a first level of the cache hierarchy responsive to receiving a power down signal and flushing contents of the first level including the first architectural state data to a first lower level of the cache hierarchy prior to powering down the first level of the cache hierarchy and the first processing unit. | 2014-04-17 |
20140108735 | MANAGING A CACHE FOR STORING ONE OR MORE INTERMEDIATE PRODUCTS OF A COMPUTER PROGRAM - A method, program product and a system is provided for managing a cache. The method includes analyzing at least an intermediate product of a computer program. The intermediate product is produced by the computer program in response to a set of control inputs. The method also includes determining a resource measure associated with the first intermediate product and determining a resource measure value for the first intermediate product using a first set of control inputs> The first intermediate product is stored in the cache upon determination that the resource measure value exceeds a predetermined resource threshold. | 2014-04-17 |
20140108736 | SYSTEM AND METHOD FOR REMOVING DATA FROM PROCESSOR CACHES IN A DISTRIBUTED MULTI-PROCESSOR COMPUTER SYSTEM - A processor ( | 2014-04-17 |
20140108737 | ZERO CYCLE CLOCK INVALIDATE OPERATION - A method to eliminate the delay of a block invalidate operation in a multi CPU environment by overlapping the block invalidate operation with normal CPU accesses, thus making the delay transparent. A range check is performed on each CPU access while a block invalidate operation is in progress, and an access that maps to within the address range of the block invalidate operation will be trated as a cache miss to ensure that the requesting CPU will receive valid data. | 2014-04-17 |
20140108738 | APPARATUS AND METHOD FOR DETECTING LARGE FLOW - An apparatus and method for detecting a large flow are provided. The method includes: storing flow information corresponding to the received flow in a cache entry; determining whether or not there is a possibility to be determined that the flow corresponding to the flow information stored in an entry to be deleted from a cache by storing the flow information in the cache entry is a large flow; restoring the entry to be deleted in the cache according to a result of the possibility determination; inspecting a packet count of the entry in which the flow information is stored; and determining that the flow corresponding to the flow information stored in the corresponding entry is the large flow, if the result of the packet count inspection is greater than or equal to a preset threshold value. | 2014-04-17 |
20140108739 | SYSTEMS AND METHODS FOR IMPLEMENTING WEAK STREAM SOFTEARE DATA AND INSTRUCTION PREFETCHING USING A HARDWARE DATA PREFETCHER - A method for weak stream software data and instruction prefetching using a hardware data prefetcher is disclosed. A method includes, determining if software includes software prefetch instructions, using a hardware data prefetcher, and, accessing the software prefetch instructions if the software includes software prefetch instructions. Using the hardware data prefetcher, weak stream software data and instruction prefetching operations are executed based on the software prefetch instructions, free of training operations. | 2014-04-17 |
20140108740 | PREFETCH THROTTLING - A processing system monitors memory bandwidth available to transfer data from memory to a cache. In addition, the processing system monitors a prefetching accuracy for prefetched data. If the amount of available memory bandwidth is low and the prefetching accuracy is also low, prefetching can be throttled by reducing the amount of data prefetched. The prefetching can be throttled by changing the frequency of prefetching, prefetching depth, prefetching confidence levels, and the like. | 2014-04-17 |
20140108741 | LIST-BASED PREFETCHING - A computer implemented method for prefetching data for a processor into a first memory, wherein in a recording mode, a prefetching unit for a processor performs the steps of a method. The method includes: receiving one or more first addresses from the processor; filtering the one or more first addresses; providing a recording-list including the filtered one or more first addresses; receiving at least one second address from the processor; receiving a playback-list including all or a subset of the first addresses of the recording-list; comparing the at least one second address with each of the first addresses in the playback-list for identifying a matching address; if a matching address is identified, fetching data from a second memory; and transferring the fetched data to a first memory. | 2014-04-17 |
20140108742 | PROCESSOR INSTRUCTION BASED DATA PREFETCHING - A computer implemented method for prefetching data. The method includes: receiving one or more addresses by a prefetching unit upon execution of an enqueuing command in a first piece of program logic; enqueuing each of the received addresses to a recording-list; identifying one of the positions in the recording-list as jump position; providing the identified jump position to a frame-shifter; using a sub-list of the recording-list defined by a shiftable frame as a playback-list; executing a frame-shift command which triggers the frame-shifter to shift the frame in dependence on the jump position to provide an updated playback-list; fetching data identified by the updated playback-list from a second memory; and transferring the fetched data to a first memory. | 2014-04-17 |
20140108743 | STORE DATA FORWARDING WITH NO MEMORY MODEL RESTRICTIONS - Embodiments relate to loading data in a pipelined microprocessor. An aspect includes issuing a load request that comprises a load address requiring at least one block of data the same size as a largest contiguous granularity of data returned from a cache. Another aspect includes determining that the load address matches at least one block address. Another aspect includes, based on determining that there is an address match, reading a data block from a buffer register and sending the data to satisfy the load request; comparing a unique set id of the data block to the set id of the matching address after sending the data block; based on determining that there is a set id match, continuing the load request, or, based on determining that there is not a set id match, setting a store-forwarding state of the matching address to no store-forwarding and rejecting the load request. | 2014-04-17 |
20140108744 | SIMPLIFIED CONTROLLER WITH PARTIAL COHERENCY - A simplified coherency controller supports multiple exclusively active fully coherent agent interfaces and any number of active I/O (partially) coherent agent interfaces. A state controller determines which fully coherent agent is active. Multiple fully coherent agents can be simultaneously active during a short period of a transition of processing from one to another processor. Multiple fully coherent agents can be simultaneously active, though without a mutually consistent view of memory, which is practical in cases such as when running multiple operating systems on different processors. | 2014-04-17 |
20140108745 | METHOD AND DEVICE FOR MAINTAINING DATA IN A DATA STORAGE SYSTEM COMPRISING A PLURALITY OF DATA STORAGE NODES - A method and device for maintaining data in a data storage system, comprising a plurality of data storage nodes, the method being employed in a storage node in the data storage system and comprising: monitoring and detecting, conditions in the data storage system that imply the need for replication of data between the nodes in the data storage system; initiating replication processes in case such a condition is detected, wherein the replication processes include sending multicast and unicast requests to other storage nodes, said requests including priority flags, receiving multicast and unicast requests from other storage nodes, wherein the received requests include priority flags, ordering the received requests in different queues depending on their priority flags, and dealing with requests in higher priority queues with higher frequency than requests in lower priority queues. | 2014-04-17 |
20140108746 | MEMORY ARBITRATION SYSTEM AND METHOD HAVING AN ARBITRATION PACKET PROTOCOL - A memory hub and method for transmitting a read response on a data path of a memory hub interposed between a transmitting memory hub and a receiving memory hub. An arbitration packet including data indicative of a data path configuration for an associated read response is received at the memory hub. The arbitration packet is decoded, and the data path is configured in accordance with the data of the arbitration packet. The associated read response is received at the memory hub and the associated read response is coupled to the configured data path for transmitting the same to the receiving memory hub. | 2014-04-17 |
20140108747 | METHOD OF DETERMINING DETERIORATION STATE OF MEMORY DEVICE AND MEMORY SYSTEM USING THE SAME - A method is provided for determining a deterioration condition of a memory device. The method includes calculating first information corresponding to a number of bits having a first logic value from data obtained by performing a first read operation on target storage region of the memory device using a first reference voltage as a read voltage, and calculating second information corresponding to a number of bits having a second logic value from data obtained by performing a second read operation on the target storage region using a second reference voltage as the read voltage. A deterioration condition of the target storage region is determined based on the first and second information. The first reference voltage is less than a first read voltage by which an erase state of the memory device is distinguished from an adjacent program state, and the second reference voltage is higher than the first read voltage. | 2014-04-17 |
20140108748 | CONTROLLERS CONTROLLING NONVOLATILE MEMORY DEVICES AND OPERATING METHODS FOR CONTROLLERS - An operating method of a controller includes selecting bits of code word to be punctured; detecting locations of incapable bits of an input word based on locations of the bits to be punctured and a structure of a generation matrix calculation unit; refreezing the input word such that frozen bits and incapable bits of the input word overlap; generating input word bits by replacing information word bits with frozen bits based on the refreezing result; generating the code word by performing generation matrix calculation on the input word bits; generating output bits by puncturing the code word based on locations of the bits to be punctured; and transmitting the output bits to a nonvolatile memory device. | 2014-04-17 |
20140108749 | STORAGE SYSTEM EFFECTIVELY MANAGING A CAPACITY FOR REMOTE COPY - In one of the storage control apparatuses in the remote copy system which performs asynchronous remote copy between the storage control apparatuses, virtual logical volumes complying with Thin Provisioning are adopted as journal volumes to which journals are written. The controller in the one of the storage control apparatuses assigns a smaller actual area based on the storage apparatus than in case of assignment to the entire area of the journal volume, and adds a journal to the assigned actual area. If a new journal cannot be added, the controller performs wraparound, that is, overwrites the oldest journal in the assigned actual area by the new journal. | 2014-04-17 |
20140108750 | ESTABLISHING A POINT-IN-TIME COPY RELATIONSHIP BETWEEN SOURCE LOGICAL ADDRESSES AND TARGET LOGICAL ADDRESSES - Provided are a computer program product, system, and method for establishing a point-in-time copy relationship between source logical addresses and target logical addresses. A point-in-time (PiT) copy establish command specifies a source set comprising a subset of source logical addresses in at least one storage and a target set comprising a subset of target logical addresses in the at least one storage. The source set of source logical addresses are copied to the target set of target logical addresses. The source logical addresses map to source tracks and wherein the target logical addresses map to target tracks. Copy information is generated indicating whether the source logical addresses in the source set have been copied to the target set. Complete is returned to the PiT copy establish command after generating the copy information and before copying all the source logical addresses to the target logical addresses. | 2014-04-17 |
20140108751 | PROCESSING A COPY COMMAND DIRECTED TO A FIRST STORAGE ARCHITECTURE FOR DATA THAT IS STORED IN A SECOND STORAGE ARCHITECTURE - Provided are a computer program product, system, and method for processing a copy command indicating a source set comprising a subset of source logical addresses to copy to an indicated target set comprising a subset of target logical addresses. Complete is expected to be returned to the copy command in response to completing the copying of the source set to the target set. A point-in-time (PiT) copy establish command is generated in response to receiving the copy command, indicating the source and target sets in the copy command, The generated PiT copy command is executed to generate copy information indicating the source and target sets of source logical addresses and whether they have been copied to the target set. Complete is returned to the copy command after generating the copy information and before copying all the source logical addresses to the target logical addresses. | 2014-04-17 |
20140108752 | MANAGING UPDATES AND COPYING DATA IN A POINT-IN-TIME COPY RELATIONSHIP EXPRESSED AS SOURCE LOGICAL ADDRESSES AND TARGET LOGICAL ADDRESSES - Provided are a computer program product, system, and method for managing updates and copying data in a point-in-time copy relationship expressed as source logical addresses and target logical addresses. A copy relationship indicates a source set of a subset of source logical addresses to copy to a target set comprising a subset of target logical addresses. An update is received to a source logical address that has not been copied. Determinations are made of the target logical address corresponding to the source logical address to be updated according to the copy relationship, a target group of target logical addresses in the target set that include the determined target logical address, and the source logical addresses in the source set that correspond to the target logical addresses in the target group. The determined source logical addresses are copied to the target logical addresses in the determined target group. | 2014-04-17 |
20140108753 | MERGING AN OUT OF SYNCHRONIZATION INDICATOR AND A CHANGE RECORDING INDICATOR IN RESPONSE TO A FAILURE IN CONSISTENCY GROUP FORMATION - A first data structure stores indications of storage locations that need to be copied for forming a consistency group. A second data structure stores indications of new host writes subsequent to starting a point in time copy operation to form the consistency group. Read access is secured to a metadata storage area and a determination is made as to whether the second data structure indicates that there are any new host writes. In response to determining that the second data structure indicates that there are new host writes, write access is secured to the metadata storage area, the first data structure is updated with contents of the second data structure to determine which additional storage locations need to be copied for formation of a next consistency group, and the second data structure is updated to indicate that that the second data structure is in an initialized state. | 2014-04-17 |
20140108754 | STORAGE SYSTEM AND METHOD OF CONTROLLING STORAGE SYSTEM - An exemplary storage system according to the invention includes a first physical storage apparatus providing a first real volume and a second physical storage apparatus providing a second real volume to form a copy pair with the first real volume. The first physical storage apparatus provides a first host with a first storage identifier and a first volume identifier for the first host to access the first real volume. The second physical storage apparatus provides a second host with at least a part of a first virtual storage apparatus including a first virtual volume allocated the second real volume. The second physical storage apparatus assigns the first volume identifier to the first virtual volume and the first storage identifier to the first virtual storage apparatus. | 2014-04-17 |
20140108755 | MOBILE DATA LOSS PREVENTION SYSTEM AND METHOD USING FILE SYSTEM VIRTUALIZATION - Disclosed are a mobile DLP system and method. The mobile DLP system includes a general storage that allows an access in a normal mode and a security mode, an encrypted virtual storage that disallows an access in the normal mode and allows an access in the security mode, a management program that designates the general storage as a write/read area in the normal mode and designates the general storage and the virtual storage as the write/read area in the security mode, a fuse that intercepts a file input/output of an application program including the management program to again set a file input/output path as the virtual storage according to a command of the management program in the security mode, and a VFS engine that performs a bridge function between the application program of an application layer and the fuse of a kernel layer. | 2014-04-17 |
20140108756 | BITMAP SELECTION FOR REMOTE COPYING OF UPDATES - In one embodiment of the present description, a copy relationship is established between a storage location at a first site and a storage location at a second site in a data storage system, wherein a dynamically assignable bitmap preset to one of a plurality of different predetermined bit patterns is selected as a function of both the availability of the selected bitmap and the type of predetermined bit pattern identified for the selected bitmap. The selected bitmap may be assigned as an out-of-sync bitmap wherein updates to the storage location at one site, which are to be copied to the storage location at the other site, are indicated in the selected bitmap, and data writes being written to the storage location at the one site, are copied to the storage location at the other site, using the selected bitmap as an out-of-sync bitmap. Other aspects are described. | 2014-04-17 |
20140108757 | PROCESSING A COPY COMMAND DIRECTED TO A FIRST STORAGE ARCHITECTURE FOR DATA THAT IS STORED IN A SECOND STORAGE ARCHITECTURE - Provided are a computer program product, system, and method for processing a copy command indicating a source set comprising a subset of source logical addresses to copy to an indicated target set comprising a subset of target logical addresses. Complete is expected to be returned to the copy command in response to completing the copying of the source set to the target set. A point-in-time (PiT) copy establish command is generated in response to receiving the copy command, indicating the source and target sets in the copy command, The generated PiT copy command is executed to generate copy information indicating the source and target sets of source logical addresses and whether they have been copied to the target set. Complete is returned to the copy command after generating the copy information and before copying all the source logical addresses to the target logical addresses. | 2014-04-17 |
20140108758 | DATA PROCESSING METHOD AND DATA PROCESSING SYSTEM - A data processing method that is executed by a first data processing apparatus included among plural data processing apparatuses, includes producing a copy of data, and restoration information that includes a first address of memory to which the copy of the data is stored; transmitting any one among the data and the copy of the data to a second data processing apparatus that is included among the data processing apparatuses; and storing the restoration information to shared memory that is memory of at least one data processing apparatus among the data processing apparatuses, and shared among the data processing apparatuses. | 2014-04-17 |
20140108759 | STORAGE APPARATUS AND DATA MANAGEMENT METHOD - A storage apparatus for which a hierarchical data management system is adopted is designed so that when receiving a read request for a first logical area to which a first storage area of a first storage device in a virtual volume is allocated, whether or not to migrate data in a first storage area of the first storage device, to a storage area of a second storage device is decided according to an access frequency to the first logical area in synchronization with the read request. When it is decided that the data stored in the first storage area of the first storage device should be migrated to the storage area of the second storage device, the data is migrated to a second storage area of the second storage device and the second storage area thereof is allocated to the first logical area in the virtual volume. | 2014-04-17 |
20140108760 | SYSTEM AND METHOD FOR SUPPORTING SMART BUFFER MANAGEMENT IN A DISTRIBUTED DATA GRID - A system and method can support smart buffer management in a distributed data grid. A buffer manager in the distributed data grid can provide a plurality of buffers in a buffer pool in the distributed data grid, wherein the plurality of buffers are arranged in different generations and each buffer operates to contain one or more objects. The buffer manager can prevent a garbage collector from directly recycling the memory associated with each individual object in the buffer pool, and can allow the garbage collecting of one or more objects in one or more buffers in a particular generation to be performed together. | 2014-04-17 |
20140108761 | MEMORY ALLOCATION WITH IDENTIFICATION OF REQUESTING LOADABLE KERNEL MODULE - A technique that supports improved debugging of kernel loadable modules (KLMs) that involves allocating a first portion of a memory and detecting a first kernel loadable module (KLM) requesting an allocation of at least a portion of the memory. The first KLM is then loaded into the first portion of the memory and a first identifier is associated with the first KLM and the first portion. The access of a second portion of the memory by the first KLM, the second portion being distinct from the first portion is detected and an indication that the first KLM has accessed the second portion is generated. | 2014-04-17 |
20140108762 | INFORMATION PROCESSING APPARATUS, CONTROL METHOD THEREFOR, AND STORAGE MEDIUM - The present information processing apparatus compares a size of a used memory that is currently used for execution of an application with a stored maximum size of a memory used by the application. Dump Processing for writing memory contents to an external storage device is not executed when the result of the comparison shows that the size of the used memory is smaller than or equal to the maximum size, and is executed when the result of the comparison shows that the size of the used memory is larger than the maximum size. | 2014-04-17 |
20140108763 | TIERED STORAGE POOL MANAGEMENT AND CONTROL FOR LOOSELY COUPLED MULTIPLE STORAGE ENVIRONMENT - A system comprises a first storage system including a first storage controller, which receives input/output commands from host computers and provides first storage volumes to the host computers; and a second storage system including a second storage controller which receives input/output commands from host computers and provides second storage volumes to the host computers. A first data storing region of one of the first storage volumes is allocated from a first pool by the first storage controller. A second data storing region of another one of the first storage volumes is allocated from a second pool by the first storage controller. A third data storing region of one of the second storage volumes is allocated from the first pool by the second storage controller. A fourth data storing region of another one of the second storage volumes is allocated from the second pool by the second storage controller. | 2014-04-17 |
20140108764 | METHOD AND COMPUTER SYSTEM FOR MEMORY MANAGEMENT ON VIRTUAL MACHINE - A memory management method for a virtual machine system is provided. First, a first threshold value is set by a processor. A balloon target is then set to an allocated virtual memory size and decremented by a first decrement value stepwise by the processor according to a swapin/refault detecting result in a first adjustment state. The swapin/refault detecting result is generated by detecting at least one swapin or refault events by the processor. The balloon target stops being decremented by the processor according to the swapin/refault detecting result in a cool-down state. The balloon target is decremented by a second decrement value stepwise by the processor in a second adjustment state which is after the cool-down state. The second decrement value is less than the first decrement value, and the balloon target is not less than the first threshold value. | 2014-04-17 |
20140108765 | METHOD AND COMPUTER SYSTEM FOR MEMORY MANAGEMENT ON VIRTUAL MACHINE SYSTEM - A method and a computer system for memory management on a virtual machine system are provided. The memory management method includes the following steps. First, a working set size of each of a plurality of virtual machines on the virtual machine system is obtained by at least one processor, wherein the working set size is an amount of memory required to run applications on each of the virtual machines. Then, an amount of storage memory is allocated to each of the virtual machines by the at least one processor according to the working set size of each of the virtual machines and at least one swapin or refault event, wherein the storage memory is a part of memory available from the computer system. | 2014-04-17 |
20140108766 | PREFETCHING TABLEWALK ADDRESS TRANSLATIONS - A processing unit includes a translation look-aside buffer operable to store a plurality of virtual address translation entries, a prefetch buffer, and logic operable to receive a first virtual address translation associated with a first virtual memory block and a second virtual address translation associated with a second virtual memory block immediately adjacent the first virtual memory block, store the first virtual address translation in the transaction look-aside buffer, and store the second virtual address translation in the prefetch buffer. | 2014-04-17 |
20140108767 | METHOD AND SYSTEM FOR EXTENDING VIRTUAL ADDRESS SPACE OF PROCESS PERFORMED IN OPERATING SYSTEM - A method of extending a virtual address space of a process executed in an operating system includes selecting a virtual address range included in a virtual address space corresponding to the process and the number of a plurality of extended virtual address ranges, extending and thereby setting the virtual address space to a multi-virtual address space based on the selected virtual address range and the selected number of the plurality of extended virtual address ranges, and providing the multi-virtual address space to the process. | 2014-04-17 |
20140108768 | Computer instructions for Activating and Deactivating Operands - An instruction set architecture (ISA) includes instructions for selectively indicating last-use architected operands having values that will not be accessed again, wherein architected operands are made active or inactive after an instruction specified last-use by an instruction, wherein the architected operands are made active by performing a write operation to an inactive operand, wherein the activation/deactivation may be performed by the instruction having the last-use of the operand or another (prefix) instruction. | 2014-04-17 |
20140108769 | MULTI-REGISTER SCATTER INSTRUCTION - A processor fetches a multi-register scatter instruction that includes a source operand and a destination operand. The source operand specifies a source vector register that includes multiple source data elements. The destination operand identifies multiple destination data elements that each specify a destination vector register and an index into that destination vector register. The instruction is decoded and executed, causing, for each of those identified destination data elements, the one of the source data elements that is in a position in the source vector register that corresponds with a position of that destination data element to be stored in the destination vector register at the index specified by that destination data element. | 2014-04-17 |
20140108770 | IDENTIFYING LOAD-HIT-STORE CONFLICTS - A computing device identifies a load instruction and store instruction pair that causes a load-hit-store conflict. A processor tags a first load instruction that instructs the processor to load a first data set from memory. The processor stores an address at which the first load instruction is located in memory in a special purpose register. The processor determines where the first load instruction has a load-hit-store conflict with a first store instruction. If the processor determines the first load instruction has a load-hit store conflict with the first store instruction, the processor stores an address at which the first data set is located in memory in a second special purpose register, tags the first data set being stored by the first store instruction, stores an address at which the first store instruction is located in memory in a third special purpose register and increases a conflict counter. | 2014-04-17 |
20140108771 | Using Register Last Use Information to Perform Decode Time Computer Instruction Optimization - Two computer machine instructions are fetched for execution, but replaced by a single optimized instruction to be executed, wherein a temporary register used by the two instructions is identified as a last-use register, where a last-use register has a value that is not to be accessed by later instructions, whereby the two computer machine instructions are replaced by a single optimized internal instruction for execution, the single optimized instruction not including the last-use register. | 2014-04-17 |
20140108772 | Exploiting an Architected Last-Use Operand Indication in a System Operand Resource Pool - A pool of available physical registers are provided for architected registers, wherein operations are performed that activate and deactivate selected architected registers, such that the deactivated selected architected registers need not retain values, and physical registers can be deallocated to the pool, wherein deallocation of physical registers is performed after a last-use by a designated last-use instruction, wherein the last-use information is provided either by the last-use instruction or a prefix instruction, wherein reads to deallocated architecture registers return an archtiected default value. | 2014-04-17 |
20140108773 | APPLICATION DEFINED COMPUTING COMPONENT CONFIGURATION - One embodiment includes a configurable computing system. The configurable computing system includes a broker module that receives information for one or more applications, obtains one or more attributes for an electronic device, and determines runtime configurations for one or more components for the electronic device. A controller communicates with applications for configuring the one or more components based on the runtime configurations. | 2014-04-17 |
20140108774 | DYNAMICALLY RECOMMENDING CHANGES TO AN ASSOCIATION BETWEEN AN OPERATING SYSTEM IMAGE AND AN UPDATE GROUP - Dynamically recommending changes to an association between an operating system image and an update group includes monitoring a configuration of a deployed copy of a first master operating system (OS) image; detecting a modification in the configuration of the deployed copy; determining that the configuration of the deployed copy with the modification more closely matches a configuration of a second master OS image than a configuration of the first master OS image; in response to determining that the configuration of the deployed copy with the modification more closely matches the configuration of the second master OS image, generating an association recommendation that recommends associating the deployed copy with a second update group of the second master OS image; and associating the deployed copy with the second update group of the second master OS image instead of the first update group of the first master OS image. | 2014-04-17 |
20140108775 | MAINTAINING RESOURCE AVAILABILITY DURING MAINTENANCE OPERATIONS - One or more aspects of this disclosure may relate to using a configurable server farm preference for an application, desktop or other hosted resource. Additional aspects may relate to moving server farm workloads based on the configurable server farm preference. Further aspects may relate to performing reboot cycles, a reboot schedule and on-demand rebooting. Yet further aspects may relate to staggering individual machine reboot operations over a specified period of time and performing reboot operations such that some machines are available for user sessions during a reboot cycle. | 2014-04-17 |
20140108776 | INFORMATION PROCESSING APPARATUS, VIRTUAL MACHINE MANAGEMENT METHOD, AND VIRTUAL MACHINE MANAGEMENT PROGRAM - An interface unit holds an activation code including information indicating an access destination storage device among storage devices. A storage unit stores activation codes, each including information indicating an access destination storage device. A controller selects, when activating a program on a virtual machine, an activation code according to the virtual machine from the storage unit, and provides the virtual machine with the selected activation code, in place of the activation code of the interface unit. A program is read from a storage device according to the selected activation code. | 2014-04-17 |
20140108777 | SYSTEM AND METHOD FOR AUTOMATED NETWORK CONFIGURATION - A method of configuring a data network with a controller, the data network including a plurality of hosts each associated with at least one of a plurality of switches, the method including receiving a request to boot an operating system image on one of the plurality of hosts, the operating system image having network connectivity requirements. Further, the method includes selecting a host out of the plurality of hosts on which to boot the operating system image. The method also includes booting the operating system image on the host, and configuring a switch out of the plurality of switches associated with the host based upon the network connectively requirements of the operating system image. Additionally, the method includes configuring networking attributes of a network interface in the host based upon the network connectivity requirements of the operating system image. | 2014-04-17 |
20140108778 | Method for Reducing Execution Jitter in Multi-Core Processors Within an Information Handling System - A method of reducing execution jitter includes a processor having several cores and control logic that receives core configuration parameters. Control logic determines if a first set of cores are selected to be disabled. If none of the cores is selected to be disabled, the control logic determines if a second set of cores is selected to be jitter controlled. If the second set of cores is selected to be jitter controlled, the second set of cores is set to a first operating state. If the first set of cores is selected to be disabled, the control logic determines a second operating state for a third set of enabled cores. The control logic determines if the third set of enabled cores is jitter controlled, and if the third set of enabled cores is jitter controlled, the control logic sets the third set of enabled cores to the second operating state. | 2014-04-17 |
20140108779 | DYNAMICALLY RECOMMENDING CHANGES TO AN ASSOCIATION BETWEEN AN OPERATING SYSTEM IMAGE AND AN UPDATE GROUP - Dynamically recommending changes to an association between an operating system image and an update group includes monitoring a configuration of a deployed copy of a first master operating system (OS) image; detecting a modification in the configuration of the deployed copy; determining that the configuration of the deployed copy with the modification more closely matches a configuration of a second master OS image than a configuration of the first master OS image; in response to determining that the configuration of the deployed copy with the modification more closely matches the configuration of the second master OS image, generating an association recommendation that recommends associating the deployed copy with a second update group of the second master OS image; and associating the deployed copy with the second update group of the second master OS image instead of the first update group of the first master OS image. | 2014-04-17 |
20140108780 | WIRELESS COMMUNICATIONS USING A SOUND SIGNAL - A method for communicating messages by a mobile device via a sound medium is disclosed. The mobile device receives input sounds from at least one mobile device via the sound medium. From the input sounds, an input sound signal carrying a first message encoded with a first key is detected. The mobile device decodes the first message based on a matching key. An output sound signal carrying a second message encoded with a second key is generated. Further, the mobile device transmits an output sound corresponding to the output sound signal via the sound medium. | 2014-04-17 |
20140108781 | Method and System for Negotiation Based on IKE Messages - The present invention provides a method and a system for negotiation based on IKE messages. A standby device updates a value of a stored third identity according to an update notification of an active device. The update notification of the active device is sent by the active device after updating a value of a stored second identity. When the standby device switches to a new active device, the new active device sends a second message for negotiating IPSec information to a peer device according to the updated third identity. The third identity is an identity that is stored in the standby device and used to acquire state information of the active device. | 2014-04-17 |
20140108782 | Reconfigurable Access Network Encryption Architecture - An access platform or other network elements can include multiple line cards configured to encrypt data. The platform and/or each of the line cards may receive encryption management data that conforms to a predefined encryption management data interface. The encryption management data received by a particular line card may be generated by a conditional access system device and converted to conform to the encryption management data interface by an encryption manager. Line cards may alternatively be configured for connection to separate encryption hardware components. Line cards may include a block of field programmable gate arrays or other type of programmable hardware that can be configured to execute an encryption module. | 2014-04-17 |
20140108783 | VIRTUAL NETWORK BUILDING SYSTEM, VIRTUAL NETWORK BUILDING METHOD, SMALL TERMINAL, AND AUTHENTICATION SERVER - A virtual network building system includes a small terminal and an authentication server. The small terminal includes an identifier transmission unit automatically transmitting an identifier to the authentication server via a client terminal in a state in which a connection unit is connected to the client terminal, and is attachable to and detachable from the client terminal. The authentication server includes an authentication unit performing authentication on the basis of the identifier of the small terminal, a distribution unit distributing software for encrypting communication to the client terminal according to selected communication protocol and encryption method, a reception unit receiving information (access request information) regarding a request for access to the target apparatus, which is automatically transmitted from the distributed software, and a redirect unit making a proxy response of access of the client terminal to the target apparatus in response to the received access request information. | 2014-04-17 |
20140108784 | REDUCING NOISE IN A SHARED MEDIA SESSSION - A method to verify a geographic location of a virtual disk image executing at a data center server within a data center. One embodiment includes a cryptoprocessor proximate the data center server, a hypervisor configured to send a disk image hash value of the virtual disk image, a digital certificate issued to the cryptoprocessor, an endorsement key to a data center tenant and a location provider. The method includes sending a disk image hash value of the virtual disk image, an endorsement key unique to a cryptoprocessor proximate the data center server to a data center tenant, and a digital certificate to a data center tenant. Next, the location provider sends the geographic location of the cryptoprocessor matching the endorsement key to the data center tenant. | 2014-04-17 |
20140108785 | Certificate Authority Server Protection - This invention includes a solution to enable a digital authentication solution comprising a network. Next, a first device is coupled to the network. The first device may include an authentication key generator that is able to generate both public and private keys in electronic formats. Next, the first device is coupled to a certificate authority gateway. The certificate authority gateway includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. Next, the certificate authority gateway is coupled to a certificate authority server. The certificate authority server includes devices capable of converting the electronically formatted public key to a non-electronic format, and vice versa. The certificate authority server is also contained in a secure area such as a locked room, or a safe. The secure area includes features that allow the non-electronically formatted public key to be passed across the boundary of the secure area. Finally, a second device is coupled to the network. | 2014-04-17 |
20140108786 | TAMPER-PROTECTED HARDWARE AND METHOD FOR USING SAME - One of the various aspects of the invention is related to suggesting various techniques for improving the tamper-resistibility of hardware. The tamper-resistant hardware may be advantageously used in a transaction system that provides the off-line transaction protocol. Amongst these techniques for improving the tamper-resistibility are trusted bootstrapping by means of secure software entity modules, a new use of hardware providing a Physical Unclonable Function, and the use of a configuration fingerprint of a FPGA used within the tamper-resistant hardware. | 2014-04-17 |
20140108787 | IN-VEHICLE COMMUNICATION SYSTEM - The present invention is directed to solve a problem that time is required for a process related to verification of a public key certificate of a message sender. An in-vehicle device mounted on a vehicle has a memory for holding information of a device which failed in verification of a public key certificate. At the time of performing communication between vehicles or between a vehicle and a roadside device, a check is made to see whether or not information of a device included in a message transmitted matches information of a device which failed and held in the memory. When the information matches, verification of a public key certificate is not performed. | 2014-04-17 |
20140108788 | SYSTEMS AND METHODS FOR EVALUATING AND PRIORITIZING RESPONSES FROM MULTIPLE OCSP RESPONDERS - The present disclosure is directed towards systems and methods for determining a status of a client certificate from a plurality of responses for an Online Certificate Status Protocol (OCSP) request. An intermediary device between a plurality of clients and one or more servers identifies a plurality of OCSP responders for determining a status of a client certificate responsive to receiving the client certificate from a client during a Secure Socket Layer (SSL) handshake. Each of the plurality of OCSP responders may transmit a request for the status of the client certificate to a uniform resource locator corresponding to each OCSP responder. The intermediary device may determine a single status for the client certificate from a plurality of statuses of the client certificate received via responses from each uniform resource locator. | 2014-04-17 |
20140108789 | SYSTEM, METHOD AND APPARATA FOR SECURE COMMUNICATIONS USING AN ELECTRICAL GRID NETWORK - A secure communications and location authorization system using a power line or a portion thereof as a side-channel that mitigates man-in-the-middle attacks on communications networks and devices connected to those networks. The system includes a power grid server associated with a substation, or curb-side distribution structure such as a transformer, an electric meter associated with a structure having electric service and able to communicate with the power grid server, a human authorization detector input device connected to the electric meter and the power grid server. The human authorization detector is able to receive an input from a user physically located at the structure and capable of communicating with the power grid server via the electric meter. The user's physical input into the device causing a request to be sent to the power grid server that then generates a location certificate for the user. Without the location certificate, access to the communications network and devices connected to those networks can be denied. | 2014-04-17 |
20140108790 | Secure Communication Methods - Secure communication of user inputs is achieved by isolating part of an endpoint device such that certificates and encryption keys are protected from corruption by malware. Further, the communication is passed through a trusted data relay that is configured to decrypt and/or certify the user inputs encrypted by the isolated part of the endpoint device. The trusted data relay can determine that the user inputs were encrypted or certified by the protected certificates and encryption keys, thus authenticating their origin within the endpoint device. The trusted data relay then forwards the inputs to an intended destination. In some embodiments, the isolated part of the endpoint device is configured to detect input created by auto-completion logic and/or spell checking logic. | 2014-04-17 |
20140108791 | Secure Communication Architecture Including Sniffer - Secure communication of user inputs is achieved by isolating part of an endpoint device such that certificates and encryption keys are protected from corruption by malware. Further, the communication is passed through a trusted data relay that is configured to decrypt and/or certify the user inputs encrypted by the isolated part of the endpoint device. The trusted data relay can determine that the user inputs were encrypted or certified by the protected certificates and encryption keys, thus authenticating their origin within the endpoint device. The trusted data relay then forwards the inputs to an intended destination. In some embodiments, the isolated part of the endpoint device is configured to detect input created by auto-completion logic and/or spell checking logic. | 2014-04-17 |
20140108792 | Controlling Device Access to Enterprise Resources in an Orchestration Framework for Connected Devices - Aspects described herein allow multiple devices to function as a coherent whole, allowing each device to take on distinct functions that are complementary to one another. Aspects described herein also allow the devices function as a coherent whole when interconnected devices and their respective applications are configured to operate in various operation modes, when management policies are employed to control the operation of the interconnected devices and their respective applications, when transferring content between the interconnected devices and storing the content at those devices, when obtaining access credentials for the interconnected devices that enable the devices to access enterprise resources, when a policy agent applies management policies to control operation of and interaction between the interconnected devices, and when the interconnected devices are used to access an enterprise application store. | 2014-04-17 |
20140108793 | CONTROLLING MOBILE DEVICE ACCESS TO SECURE DATA - Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device. | 2014-04-17 |
20140108794 | CONTROLLING MOBILE DEVICE ACCESS TO SECURE DATA - Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device. | 2014-04-17 |
20140108795 | METHOD AND APPARATUS FOR FILE ENCRYPTION/DECRYPTION - A file encrypting method and apparatus, and a file decrypting method and apparatus is provided. The method includes following steps: creating a virtual disk; the virtual disk receiving a writing request from a file system, encrypting data in the writing request; and notifying the file system to write the encrypted data into a corresponding physical disk, so that the file system writes the encrypted data into the corresponding physical disk after receiving a notification from the virtual disk. The methods and apparatuses can employ the virtual disk to encrypt data in the writing request and decrypt the data required by the reading request, and this manner achieves highly-reliable, secure and effective file encrypting. | 2014-04-17 |
20140108796 | STORAGE OF CRYPTOGRAPHICALLY-SPLIT DATA BLOCKS AT GEOGRAPHICALLY-SEPARATED LOCATIONS - A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary data blocks by performing splitting and encrypting operations on a primary data block received from the client for storage on the virtual disk. For security, the secondary data blocks are stored at geographically-distributed locations. The secure storage appliance is also capable of executing program instructions configured to reconstitute the primary data block from at least a portion of the plurality of secondary data blocks stored in shares on corresponding physical storage devices in response to a request from the client. | 2014-04-17 |
20140108797 | STORAGE COMMUNITIES OF INTEREST USING CRYPTOGRAPHIC SPLITTING - Methods and systems of presenting data in a secure data storage network are disclosed. One method includes defining a community of interest capable of accessing data stored in a secure data storage network, the community of interest including a plurality of users desiring access to a common set of data. The method also includes associating the community of interest with a workgroup key. and, upon identification of a client device as associated with a user from among the plurality of users in the community of interest, presenting a virtual disk to the client device, the virtual disk associated with the workgroup key and a volume containing the common set of data, the volume including a plurality of shares stored on a plurality of physical storage devices. | 2014-04-17 |
20140108798 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING CLIENT, ACCESS AUTHENTICATION METHOD, AND PROGRAM - There is provided an information processing device including a public key setter that sets a public key corresponding to a public-key authentication scheme in an access area defined as a given area of an object of access, and a device authentication processor that authenticates access to the access area against a secret key paired with the public key. | 2014-04-17 |
20140108799 | METHOD AND APPARATUS FOR PROVIDING SUBSCRIBER IDENTITY MODULE-BASED DATA ENCRYPTION AND REMOTE MANAGEMENT OF PORTABLE STORAGE DEVICES - Portable storage devices and methods for remotely managing such portable storage devices are disclosed. For example, a method receives a request from an endpoint device to send a command to a portable storage device. The method then authenticates the endpoint device that has sent the request. The method then transmits the command wirelessly to the portable storage device. Similarly, a portable storage device includes a processor and a computer-readable medium in communication with the processor, the computer-readable medium to store instructions. The instructions, when executed by the processor, cause the processor to perform operations that include: wirelessly receiving a command related to an access of a memory of the portable storage device, verifying an authenticity of the command and executing the command when the authenticity of the command is verified. | 2014-04-17 |
20140108800 | SYSTEM AND METHOD FOR IMPROVED GEOTHENTICATION BASED ON A HASH FUNCTION - A system and methods for time and/or location authentication are presented. A hash value is received from a client device and a hash value receiving time of the received hash value is stored. A data block is received after receiving the hash value is received, the received data block comprising alleged transmission signal data. A computed hash value of the received data block is computed, and an estimated transmission signal client receiving time by the client is calculated based on the alleged transmission signal data. A timely possession of the received data block by the client device is authenticated based on a comparison of the computed hash value to the received hash value and a comparison of the hash value receiving time to the estimated transmission signal client receiving time. | 2014-04-17 |
20140108801 | System and Method for Identity Management for Mobile Devices - Systems and methods for managing a user identity on a mobile device are provided. The system comprises the mobile device comprising a user agent and a client application, the user agent and the client application in communication with each other. The system further comprises an identity provider in communication with the mobile device, and a client service in communication with the mobile device. The user agent is configured to communicate with the identity provider and retrieve the user identity for the client application, and the client application is configured to transmit the user identity to the client service. | 2014-04-17 |
20140108802 | CONTENT PUBLICATION CONTROL SYSTEM - To control the publication of digital content on a web site managed by a publication server (SP) from a communication terminal (TC | 2014-04-17 |
20140108803 | STEGANOGRAPHIC MESSAGING SYSTEM USING CODE INVARIANTS - A steganographic method to prevent the execution of malicious code and mitigate software piracy. The method uses invariant portions of machine instructions to create an executable watermark within unmodified code. This watermark can be verified at any stage of the software lifecycle, including dynamically and continuously during execution, to detect foreign code by verifying the integrity of the watermark prior to execution. In addition, the watermark may serve as a steganographic covert channel concealing additional information. Code invariants are not altered by binding operations such as loading and linking on different machines, and thus may be employed to consistently and repeatedly identify an unmodified instantiation of a particular program. The use of opcodes and register references as invariants avoids trivial register substitution as a means of program differentiation that eludes detection. The split key structure of the resulting cipher implies that knowledge of only the code (first key) or the cipher table (second key) alone is insufficient to derive the message. | 2014-04-17 |
20140108804 | SYSTEM AND METHOD FOR VERIFYING THE AUTHENTICITY OF AN ELECTRONIC DEVICE - Methods and systems are provided for verifying the authenticity of an electronic device by a security server comprising a processor and a memory. The method, for example, may include, but is not limited to, receiving, from the electronic device, a unique identifier associated with the electronic device, determining, by the processor, a public key corresponding to the unique identifier, generating, by the processor, a message, encrypting, by the processor, the message with the determined public key, transmitting, to the electronic device, the encrypted message; receiving, from the electronic device, a response message, comparing the response message to the generated message, and authorizing the electronic device based upon the comparison. | 2014-04-17 |
20140108805 | TECHNOLOGIES LABELING DIVERSE CONTENT - Technologies for labeling diverse content are described. In some embodiments, a content creation device generates a data structure that may include encrypted diverse content and metadata including at least one rights management (RM) label applying to the diverse content. The RM label may attribute all or a portion of the diverse content to one or more authors. The metadata may also be signed using an independently verifiable electronic signature. A consumption device receiving such a data structure may verify the authenticity of the electronic signature and, if verification succeeds, decrypt the encrypted diverse content in the data structure. Because the metadata is encapsulated with the diverse content in the data structure, it may accompany the diverse content upon its transfer or incorporation into other diverse content. | 2014-04-17 |
20140108806 | COMMUNICATION APPARATUS AND COMMUNICATION PARAMETER CONFIGURATION METHOD THEREOF - A communication apparatus functioning as a master device denies participation by new communication apparatuses in a network in communication parameter configuration mode based on participation statuses of communication apparatuses functioning as slave devices in the network. The communication apparatus functioning as a master device establishes the network in communication parameter configuration mode between the communication apparatuses participating in the network, and configures communication parameters. | 2014-04-17 |
20140108807 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. | 2014-04-17 |
20140108808 | HOST DEVICE, SEMICONDUCTOR MEMORY DEVICE, AND AUTHENTICATION METHOD - According to one embodiment, encrypted secret identification information (E-SecretID) and the key management information (FKB) are read from a memory device. Encrypted management key (E-FKey) is obtained using the key management information (FKB) and index information (k). The index information (k) and the encrypted management key (E-FKey) are transmitted to the semiconductor memory device. An index key (INK) is generated using the first key information (NKey) and the received index information (k). The encrypted management key (E-FKey) is decrypted using the index key (INK) to obtain management key (FKey), which is transmitted to the host device. | 2014-04-17 |
20140108809 | Functionality Watermarking and Management - A method, system and non-transitory computer-readable medium product are provided for functionality watermarking and management. In the context of a method, a method is provided that includes identifying a request to perform at least one function of a user device and identifying at least one watermark template. The method further includes applying the at least one watermark template to at least one function of the user device and authorizing the request to perform the at least one function of the user device. | 2014-04-17 |
20140108810 | PERFORMING CLIENT AUTHENTICATION USING CERTIFICATE STORE ON MOBILE DEVICE - Techniques are disclosed for authenticating users to a computing application. A relying application transmits a login page to a user requesting access to the application. The login page may include a QR code (or other barcode) displayed to the user. The QR code may encode a nonce along with a URL address indicating where a response to the login challenge should be sent. In response, the user scans the barcode with an app on a mobile device (e.g., using a camera on a smart phone) to recover both the nonce and the URL address. The mobile device may also include a certificate store containing a private key named in a PKI certificate. The app signs the nonce using the private key and sends the signed nonce in to the URL in a response message. | 2014-04-17 |
20140108811 | SYSTEM AND METHOD FOR CONTROLLING ACCESS TO AN ELECTRONIC DEVICE - Methods and systems are provided for controlling access to an electronic device. The electronic device, for example, may include, but is not limited to, a processor, a memory communicatively coupled to the processor, wherein the memory is configured to store a password for accessing the electronic device, and a communication interface communicatively coupled to the processor, wherein the processor is configured to receive a request to access the electronic device from the communication interface, and transmit an encrypted version of the password for accessing the electronic device via the communication interface. | 2014-04-17 |
20140108812 | SYSTEM AND METHOD ENABLING PARALLEL PROCESSING OF HASH FUNCTIONS USING AUTHENTICATION CHECKPOINT HASHES - Systems and methods enabling parallel processing of hash functions are provided. A data string including a plurality of pieces arranged in an order is hashed using a hash function to determine a plurality of authentication checkpoint hashes associated with the pieces. To authenticate the data string, the pieces are grouped into sets, and the authentication checkpoint hash associated with the piece following all other pieces of that set in the order is associated with that set. The system simultaneously performs a separate hash process on each set. That is, the system hashes the pieces of that set using the hash function to determine a result hash, and compares that result hash with the authentication checkpoint hash associated with that set. The initial input to the hash function for the hash process for each set includes one of the pieces and either a default seed or an authentication checkpoint hash. | 2014-04-17 |
20140108813 | DATA PROCESSING SYSTEMS WITH FORMAT-PRESERVING ENCRYPTION AND DECRYPTION ENGINES - A data processing system is provided that includes format-preserving encryption and decryption engines. A string that contains characters has a specified format. The format defines a legal set of character values for each character position in the string. During encryption operations with the encryption engine, a string is processed to remove extraneous characters and to encode the string using an index. The processed string is encrypted using a format-preserving block cipher. The output of the block cipher is post-processed to produce an encrypted string having the same specified format as the original unencrypted string. During decryption operations, the decryption engine uses the format-preserving block cipher in reverse to transform the encrypted string into a decrypted string having the same format. | 2014-04-17 |
20140108814 | CRYPTOGRAPHIC KEY MANAGEMENT - Cryptographic key management techniques are described. In one or more implementations, an access control rule is read that includes a Boolean expression having a plurality of atoms. The cryptographic keys that corresponds each of the plurality of atoms in the access control rule are requested. One or more cryptographic operations are then performed on data using one or more of the cryptographic keys. | 2014-04-17 |
20140108815 | SECURELY REBUILDING AN ENCODED DATA SLICE - A method begins by a requesting entity issuing a rebuild request regarding an encoded data slice to at least some of a set of distributed storage (DS) units. In response to the rebuild request, the method continues with each of at least some of the DS units of the set of DS units generating a partial slice corresponding to the encoded data slice to be rebuilt based on one of a set of encoded data slices stored by the respective DS unit to produce an array of partial slices. The method continues with the at least some of the DS units encrypting the array of partial slices using a set of encryption keys to produce an array of encrypted partial slices. The method continues with the requesting entity rebuilding the encoded data slice from the array of encrypted partial slices. | 2014-04-17 |
20140108816 | KEY GENERATION METHOD - A computer-implemented method to generate a key to provide access to a software product, where the product key is embedded with product information, such as product title, distribution channel, geographic region of sale or other product data. | 2014-04-17 |
20140108817 | METHOD FOR PROCESSING AND VERIFYING REMOTE DYNAMIC DATA, SYSTEM USING THE SAME, AND COMPUTER-READABLE MEDIUM - A method for processing and verifying remote dynamic data is provided. The method includes providing a radix tree structure having N levels, obtaining and recording N initial values for representing the empty radix tree structure, wherein all nodes at the same level are assigned an identical initial value. When performing a data processing operation to the radix tree structure, determining a first leaf node and calculating and recording the value of each node in a shortest path from the first leaf node to the root node. When performing a verification of a specific data, obtaining a second leaf node corresponding to the specific data, a sibling node of each node in a shortest path from the second leaf node to the root node, and generating a verification result according to a digital signature for verifying the root node, the value of each obtained sibling node, and the specific data. | 2014-04-17 |
20140108818 | METHOD OF ENCRYPTING AND DECRYPTING SESSION STATE INFORMATION - In a method of encrypting session state information, the value of a counter corresponding to session state information to be encrypted is calculated based on the ID of a cryptographic session corresponding to the session state information to be encrypted and the value of a session termination counter for the cryptographic session. The session state information to be encrypted is encrypted based on the calculated value of the counter and a preset key. | 2014-04-17 |
20140108819 | System and Method Providing Permission Based Access to Automotive Computers - A Link device has a processor connected to an internal Link bus, a non-transitory memory, a digital device ID, one or both of firmware or software executing from non-transitory media, a first communication port enabled to communicate with a vehicle bus coupling computerized devices in a vehicle, and a second communication port enabled to communicate with one or more digital devices external to the vehicle. The firmware or software enables the Link device to communicate with the vehicle bus, and to accomplish a variety of tasks including pulling data from data stores in the vehicle and operating specific vehicle functions, and wherein the firmware or software manages communication with the one or more external digital devices, accepting only requests for cooperation with the Link device using the unique device ID with a request that is cryptographically secure. | 2014-04-17 |
20140108820 | Secure Communication Architecture - Secure communication of user inputs is achieved by isolating part of an endpoint device such that certificates and encryption keys are protected from corruption by malware. Further, the communication is passed through a trusted data relay that is configured to decrypt and/or certify the user inputs encrypted by the isolated part of the endpoint device. The trusted data relay can determine that the user inputs were encrypted or certified by the protected certificates and encryption keys, thus authenticating their origin within the endpoint device. The trusted data relay then forwards the inputs to an intended destination. In some embodiments, the isolated part of the endpoint device is configured to detect input created by auto-completion logic and/or spell checking logic. | 2014-04-17 |
20140108821 | Trusted Data Relay - Secure communication of user inputs is achieved by isolating part of an endpoint device such that certificates and encryption keys are protected from corruption by malware. Further, the communication is passed through a trusted data relay that is configured to decrypt and/or certify the user inputs encrypted by the isolated part of the endpoint device. The trusted data relay can determine that the user inputs were encrypted or certified by the protected certificates and encryption keys, thus authenticating their origin within the endpoint device. The trusted data relay then forwards the inputs to an intended destination. In some embodiments, the isolated part of the endpoint device is configured to detect input created by auto-completion logic and/or spell checking logic. | 2014-04-17 |
20140108822 | CONTROLLER TO BE INCORPORATED IN STORAGE MEDIUM DEVICE, STORAGE MEDIUM DEVICE, SYSTEM FOR MANUFACTURING STORAGE MEDIUM DEVICE, AND METHOD FOR MANUFACTURING STORAGE MEDIUM DEVICE - Provided is a controller capable of preventing card makers from conducting unauthorized acts. The controller includes: a controller key storage unit configured to hold a controller key that has been embedded by a controller manufacturing device in advance; a decryption unit configured to receive encrypted media key information that has been generated by a key issuance center that is authorized and to decrypt the received encrypted media key by using the controller key, the encrypted key information generated through encryption of key information with use of the controller key; and an encryption unit configured to encrypt the decrypted media key again by using an individual key that is unique to the controller. | 2014-04-17 |