| Patent application number | Description | Published |
|---|
| 20080307419 | Lazy kernel thread binding - Various technologies and techniques are disclosed for providing lazy kernel thread binding. User mode and kernel mode portions of thread scheduling are decoupled so that a particular user mode thread can be run on any one of multiple kernel mode threads. A dedicated backing thread is used whenever a user mode thread wants to perform an operation that could affect the kernel mode thread, such as a system call. For example, a notice is received that a particular user mode thread running on a particular kernel mode thread wants to make a system call. A dedicated backing thread that has been assigned to the particular user mode thread is woken. State is shuffled from the user mode thread to the dedicated backing thread using a state shuffling process. The particular kernel mode thread is put to sleep. The system call is executed using the dedicated backing thread. | 12-11-2008 |
| 20080313647 | Thread virtualization techniques - Various technologies and techniques are disclosed for virtualizing threads. An operating system thread is virtualized by intercepting accesses of the operating system thread state and emulating a normal operating system behavior. A kernel mode thread state is virtualized by intercepting kernel accesses of the kernel mode thread state and emulating a normal kernel mode behavior. A user mode thread state is virtualized by intercepting user mode accesses of the user mode thread state and emulating a normal user mode behavior. If the access is a write access, then the write access is applied to a virtual thread structure. If the access is a read access, then the read access is applied to the virtual thread structure. | 12-18-2008 |
| 20080313652 | Notifying user mode scheduler of blocking events - Various technologies and techniques are disclosed for detecting and handling blocking events. A user mode thread is assigned a dedicated backing thread. System calls are made on the dedicated backing thread. The kernel detects when a system call results in a blocking event. A core that the dedicated backing thread is currently running on is observed. An entry in a per process table that maps cores to a currently associated primary thread waiting to be woken is consulted. The currently associated primary thread for the core is woken with a special result code to indicate that it was woken due to the blocking system call. The primary thread is released back to the application. A user mode scheduler is notified of the blocking event so a core can continue to be utilized. | 12-18-2008 |
| 20080313656 | User mode stack disassociation - Various technologies and techniques are disclosed for allowing a user mode stack to be shared by multiple contexts. A user mode stack can be shared between execution contexts that are guaranteed to not need the user mode stack at the same time. For example, each user mode portion of a kernel thread is provided with a dedicated backing thread. When a respective dedicated backing thread is sleeping and not using a respective user mode stack, the user mode stack is allowed to float with a respective user mode portion to other kernel threads. The user mode stack is disassociated from the kernel portion of the thread. The kernel is notified of an address of a user mode thread context. The kernel mode portion of the converted thread becomes a backing thread that waits. The user mode portion of the converted thread can be switched without entering the kernel. | 12-18-2008 |
| 20080320475 | Switching user mode thread context - Various technologies and techniques are disclosed for switching user mode thread context. A user mode portion of a thread can be switched without entering a kernel by using execution context directly based on registers. Upon receiving a request to switch a user mode part of a thread to a new thread, user mode register contexts are switched, as well as a user mode thread block by changing an appropriate register to point at the user mode thread block of the new thread. Switching is available in environments using segment registers with offsets. Each user mode thread block in a process has a descriptor in a local descriptor table. When switching a user mode thread context to a new thread, a descriptor is located for a user mode thread block of the new thread. A shadow register is updated with a descriptor base address of the new thread. | 12-25-2008 |
| 20090164749 | COUPLED SYMBIOTIC OPERATING SYSTEMS - A single application can be executed across multiple execution environments in an efficient manner if at least a relevant portion of the virtual memory assigned to the application was equally accessible by each of the multiple execution environments. A request by a process in one execution environment can, thereby, be directed to an operating system, or other core software, in another execution environment and can be made by a shadow of the requesting process in the same manner as the original request was made by the requesting process itself. Because of the memory invariance between the execution environments, the results of the request will be equally accessible to the original requesting process even though the underlying software that responded to the request may be executing in a different execution environment. A similar thread invariance can be maintained to provide for accurate translation of requests between execution environments. | 06-25-2009 |
| 20090292919 | SECURE EXECUTION ENVIRONMENT ON EXTERNAL DEVICE - A device, such as a smartcard, may be externally-connected to a host platform and may be used to enhance or extend security services provided by the host platform's Trusted Platform Module (TPM). The device and the platform exchange keys in order to facilitate reliable identification of the platform by the device and vice versa, and to support cryptographic tunneling. A proxy component on the host device tunnels information between the platform and the device, and also provides the device with access to the TPM's services such as sealing and attestation. The device can provide secure services to the platform, and may condition provision of these services on conditions such as confirming the platform's identity through the exchanged keys, or platform state measurements reported by the TPM. | 11-26-2009 |
| 20090313397 | Methods and Systems for Protecting Data in USB Systems - The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected. | 12-17-2009 |
| 20110119500 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied. | 05-19-2011 |
| 20110119501 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied. | 05-19-2011 |
| 20110119502 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, bound key operations on ciphertext and/or data are implemented. A bound key operation can receive both data to be signed and a bound key blob that is bound to one or more processors, recover a private key from the bound key blob, and generate a digital signature over the data using the private key. A bound key operation can alternatively receive both ciphertext and a bound key or bound key structure bound to one or more processors, recover or reconstruct a private key based on the bound key or bound key structure, and use the private key to generate plaintext corresponding to the ciphertext. | 05-19-2011 |
| 20110119505 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors. | 05-19-2011 |
| 20110154057 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received from a calling program. Ciphertext that includes the data is generated, using public key encryption, in a manner that allows the data to be obtained from the ciphertext only if one or more conditions are satisfied. In accordance with another aspect, a bit string is received from a calling program. Data in the bit string is decrypted using public key decryption and returned to the calling program only if one or more conditions included in the bit string are satisfied. | 06-23-2011 |
