Patent application number | Description | Published |
20080201495 | HANDLING DMA OPERATIONS DURING A PAGE COPY - A memory controller provides page copy logic that assures data coherency when a DMA operation to a page occurs during the copying of the page by the memory controller. The page copy logic compares the page index of the DMA operation to a copy address pointer that indicates the location currently being copied. If the page index of the DMA operation is less than the copy address pointer, the portion of the page that would be written to by the DMA operation has already been copied, so the DMA operation is performed to the physical address of the new page. If the page index of the DMA operation is greater than the copy address pointer, the portion of the page that would be written to by the DMA operation has not yet been copied, so the DMA operation is performed to the physical address of the old page. | 08-21-2008 |
20080235610 | CHAINING OBJECTS IN A POINTER DRAG PATH - An apparatus and method for a graphical user interface allow performing operations simply by dragging a first object to touch a second object. The selection of the first object places a corresponding first object in a chain of objects. When the selected first object touches a second object, a corresponding second object is added to the chain of objects. This process may continue for the selection of many objects by merely touching each object with the selected first object, which causes a corresponding object to be added to the chain of objects. The chain of objects may then be processed as an atomic group of operations that may be rolled back if any of the operations in the group fail. | 09-25-2008 |
20080244112 | HANDLING DMA REQUESTS IN A VIRTUAL MEMORY ENVIRONMENT - An apparatus includes a virtual memory manager that moves data from a first block to second block in memory. When the virtual memory manager is ready to transfer data from the first block to the second block, a third, temporary block of memory is defined. The translation table in a DMA controller is changed to point DMA transfers that target the first block to instead target the temporary block. The virtual memory manager then transfers data from the first block to the second block. When the transfer is complete, a check is made to see if the DMA transferred data to the temporary block while the data from the first block was being written to the second block. If so, the data written to the temporary block is written to the second block. A hardware register is preferably used to efficiently detect changes to the temporary block. | 10-02-2008 |
20080270731 | Memory Request/Grant Daemons in Virtual Nodes for Moving Subdivided Local Memory Space from VN to VN in Nodes of a Massively Parallel Computer System - A memory management mechanism a nodal having multiple processors in a massively parallel computer system dynamically configures nodal memory on demand. A respective variable-sized subdivision of nodal memory is associated with each processor in the node. A processor may request additional memory, and the other processor(s) may grant or veto the request. If granted, the requested memory is added to the subdivision of the requesting processor. A processor can only access memory within its own subdivision. Preferably, each subdivision contains a daemon which monitors memory usage and generates requests for additional memory. | 10-30-2008 |
20080270926 | POINTER DRAG PATH OPERATIONS - A graphical user interface allows performing operations simply by dragging a first object over a second object. One or more attributes of the second object are effectively “picked up” by virtue of dragging over the second object. In this manner, the user interface is more friendly, more intuitive, and reduces the number of pointer clicks to implement a particular function, thereby enhancing the efficiency of the user. | 10-30-2008 |
20080301109 | MODIFICATION OF A SAVED DATABASE QUERY BASED ON A CHANGE IN THE MEANING OF A QUERY VALUE OVER TIME - An apparatus and method modify a saved query based on a change in a query value meaning that changes over time. In preferred embodiments a graphical query interface displays an option to adjust query values of a saved database query. A query adjustment mechanism then adjusts the value of the query to compensate for the change in the meaning of the query value since the query was created such that the adjusted query will have the same basic meaning as when the query was originally created. Preferred Embodiments allow the user to specify to adjust the query to the current date or to a specified date in the past. | 12-04-2008 |
20080301110 | MODIFICATION OF A SAVED DATABASE QUERY BASED ON A CHANGE IN THE MEANING OF A QUERY VALUE OVER TIME - An apparatus and method modify a saved query based on a change in a query value meaning that changes over time. In preferred embodiments a graphical query interface displays an option to adjust query values of a saved database query. A query adjustment mechanism then adjusts the value of the query to compensate for the change in the meaning of the query value since the query was created such that the adjusted query will have the same basic meaning as when the query was originally created. Preferred Embodiments allow the user to specify to adjust the query to the current date or to a specified date in the past. | 12-04-2008 |
20080301131 | MODIFICATION OF A SAVED DATABASE QUERY BASED ON A CHANGE IN THE MEANING OF A QUERY VALUE OVER TIME - An apparatus and method modify a saved query based on a change in a query value meaning that changes over time. In preferred embodiments a graphical query interface displays an option to adjust query values of a saved database query. A query adjustment mechanism then adjusts the value of the query to compensate for the change in the meaning of the query value since the query was created such that the adjusted query will have the same basic meaning as when the query was originally created. Preferred Embodiments allow the user to specify to adjust the query to the current date or to a specified date in the past. | 12-04-2008 |
20080301274 | BLOCK ALLOCATION TIMES IN A COMPUTER SYSTEM - A method and apparatus improves the block allocation time in a parallel computer system. A pre-load controller pre-loads blocks of hardware in a supercomputer cluster in anticipation of demand from a user application. In the preferred embodiments the pre-load controller determines when to pre-load the compute nodes and the block size to allocate the nodes based on pre-set parameters and previous use of the computer system. Further, in preferred embodiments each block of compute nodes in the parallel computer system has a stored hardware status to indicate whether the block is being pre-loaded, or already has been pre-loaded. In preferred embodiments, the hardware status is stored in a database connected to the computer's control system. In other embodiments, the compute nodes are remote computers in a distributed computer system. | 12-04-2008 |
20080301693 | BLOCK ALLOCATION TIMES IN A COMPUTER SYSTEM - A method and apparatus improves the block allocation time in a parallel computer system. A pre-load controller pre-loads blocks of hardware in a supercomputer cluster in anticipation of demand from a user application. In the preferred embodiments the pre-load controller determines when to pre-load the compute nodes and the block size to allocate the nodes based on pre-set parameters and previous use of the computer system. Further, in preferred embodiments each block of compute nodes in the parallel computer system has a stored hardware status to indicate whether the block is being pre-loaded, or already has been pre-loaded. In preferred embodiments, the hardware status is stored in a database connected to the computer's control system. In other embodiments, the compute nodes are remote computers in a distributed computer system. | 12-04-2008 |
20080313432 | BLOCK ALLOCATION TIMES IN A COMPUTER SYSTEM - A method and apparatus improves the block allocation time in a parallel computer system. A pre-load controller pre-loads blocks of hardware in a supercomputer cluster in anticipation of demand from a user application. In the preferred embodiments the pre-load controller determines when to pre-load the compute nodes and the block size to allocate the nodes based on pre-set parameters and previous use of the computer system. Further, in preferred embodiments each block of compute nodes in the parallel computer system has a stored hardware status to indicate whether the block is being pre-loaded, or already has been pre-loaded. In preferred embodiments, the hardware status is stored in a database connected to the computer's control system. In other embodiments, the compute nodes are remote computers in a distributed computer system. | 12-18-2008 |
20090019092 | ABSTRACTION BASED AUDIT AND SECURITY LOG MODEL FOR INCREASED ROLE AND SECURITY ENFORCEMENT - Embodiments of the invention store log event records in a secure database log by encrypting information in a query, or in query results, that would otherwise be subject to unwanted disclosure (either from within or without a given organization). For example, an organization (e.g., a research institution) may allow a database administrator to review log event records to diagnose and correct system performance issues, without being forced to trust the administrator with sensitive medical data (e.g., medical records related to participants in a research study). Thus, the security of sensitive information may be maintained, while at the same time, the database administrator may still access the information needed to maintain a working system. | 01-15-2009 |
20090106838 | Blocking Intrusion Attacks at an Offending Host - A method, apparatus, and program product are provided for protecting a network from intrusions. An offending packet communicated by an offending host coupled to a protected network is detected. In response to the detection, a blocking instruction is returned to the offending host to initiate an intrusion protection operation on the offending host, where the blocking instruction inhibits further transmission of offending packets by the offending host. At the offending host, a blocking instruction is received with a portion of an offending packet. The offending host verifies that the offending packet originated from the host. In response to the verification of the offending packet originating from the host, an intrusion protection operation is initiated on the host thereby inhibiting transmission of a subsequent outbound offending packet by the host. | 04-23-2009 |
20090187964 | Applying Security Policies to Multiple Systems and Controlling Policy Propagation - A method and apparatus for attaching security policies to secured computing systems is provided. A security policy is attached to a parent domain. The parent domain includes a first secured computing system. The security policy is a natural language description for controlling access to the secured computing system. Upon determining that the parent domain propagates the security policy, a first generation child domain is identified. The first generation child domain includes a second secured computing system. The first generation child domain is associated with the parent domain in a hierarchical relationship. It is determined that the first generation child domain inherits the security policy based on an inheritance rule. The security policy is attached to the first generation child domain. | 07-23-2009 |
20090204576 | Constructing a Domain-Specific Ontology by Mining the Web - A method, apparatus, and program product is provided for constructing a domain-specific ontology for interpreting a policy. A phrase assumed to be associated with a policy is received. An indefinite term in the phrase is identified. Internet searches are performed on a plurality of terms from the phrase. A plurality of potential replacement terms is extracted from the Internet search results for the indefinite term. A context-specific ontology is built for the indefinite term based upon tracked occurrences of the plurality of potential replacement terms. The policy is interpreted by accessing the domain-specific ontology to interpret the indefinite term, where the indefinite term is interpreted by mapping the indefinite term to a plurality of potential replacement terms in the ontology for a plurality of contexts, and creating a policy based upon the interpretation of the indefinite term from the ontology. | 08-13-2009 |
20110246441 | CONSTRUCTING A DOMAIN-SPECIFIC ONTOLOGY BY MINING THE WEB - A method, apparatus, and program product is provided for constructing a domain-specific ontology for interpreting a policy. A phrase assumed to be associated with a policy is received. An indefinite term in the phrase is identified. Internet searches are performed on a plurality of terms from the phrase. A plurality of potential replacement terms is extracted from the Internet search results for the indefinite term. A context-specific ontology is built for the indefinite term based upon tracked occurrences of the plurality of potential replacement terms. The policy is interpreted by accessing the domain-specific ontology to interpret the indefinite term, where the indefinite term is interpreted by mapping the indefinite term to a plurality of potential replacement terms in the ontology for a plurality of contexts, and creating a policy based upon the interpretation of the indefinite term from the ontology. | 10-06-2011 |
20120324576 | BLOCKING INTRUSION ATTACKS AT AN OFFENDING HOST - A method, apparatus, and program product are provided for protecting a network from intrusions. An offending packet communicated by an offending host coupled to a protected network is detected. In response to the detection, a blocking instruction is returned to the offending host to initiate an intrusion protection operation on the offending host, where the blocking instruction inhibits further transmission of offending packets by the offending host. At the offending host, a blocking instruction is received with a portion of an offending packet. The offending host verifies that the offending packet originated from the host. In response to the verification of the offending packet originating from the host, an intrusion protection operation is initiated on the host thereby inhibiting transmission of a subsequent outbound offending packet by the host. | 12-20-2012 |