| 10th week of 2015 patent applcation highlights part 83 |
| Patent application number | Title | Published |
|---|
| 20150067257 | FAST ACCESSIBLE COMPRESSED THIN PROVISIONING VOLUME - A computerized data storage system includes at least one storage device including a nonvolatile writable medium; a cache memory and a data management controller and a storage port. The storage port is operable to receive a request to read data, and, in response to the request to read data, to send the data stored in the data storing area of the cache memory. The storage port is further operable to receive a request to write data, and, in response to the request to write data, to send the write data to the data storing area of the cache memory. The storage system further includes a thin provisioning controller operable to provide a virtual volume, and a capacity pool. The storage system further includes a data compression controller and a data decompression controller. | 2015-03-05 |
| 20150067258 | CACHE MANAGEMENT APPARATUS OF HYBRID CACHE-BASED MEMORY SYSTEM AND THE HYBRID CACHE-BASED MEMORY SYSTEM - A cache management apparatus includes an access pattern analysis unit configured to analyze an access pattern of each of one or more pages present in a first cache by monitoring data input/output (I/O) requests, a page class management unit configured to determine a class of each of the pages based on results of the analysis performed by the access pattern analysis unit, and a page transfer management unit configured to transfer one or more pages classified into a first class including pages to be transferred, to a second cache based on results of the determination performed by the page class management unit. | 2015-03-05 |
| 20150067259 | MANAGING SHARED CACHE BY MULTI-CORE PROCESSOR - Systems and methods for managing shared cache by multi-core processor. An example processing system comprises: a plurality of processing cores, each processing core communicatively coupled to a last level cache (LLC) slice; and a cache control logic coupled to the plurality of processing cores, the cache control logic configured to perform one of: making an LLC slice of an inactive processing core available to an active processing core or power gating the LLC slice, based on estimating cache requirements by active processing cores. | 2015-03-05 |
| 20150067260 | OPTIMIZING MEMORY BANDWIDTH CONSUMPTION USING DATA SPLITTING WITH SOFTWARE CACHING - A computer processor collects information for a dominant data access loop and reference code patterns based on data reference pattern analysis, and for pointer aliasing and data shape based on pointer escape analysis. The computer processor selects a candidate array for data splitting wherein the candidate array is referenced by a dominant data access loop. The computer processor determines a data splitting mode by which to split the data of the candidate array, based on the reference code patterns, the pointer aliasing, and the data shape information, and splits the data into two or more split arrays. The computer processor creates a software cache that includes a portion of the data of the two or more split arrays in a transposed format, and maintains the portion of the transposed data within the software cache and consults the software cache during an access of the split arrays. | 2015-03-05 |
| 20150067261 | Device and Method for Eliminating Complex Operations in Processing Systems based on Caching - The technology described in this application relates generally to computing processing systems and more specifically relates to systems that process data with resource intensive operations. Method and apparatus to lower the power consumption of the resource intensive operations are disclosed. Code analysis methods and run-time apparatus are presented that may eliminate the redundant operations (either complex calculations, memory fetches, or both). The techniques presented in this application are driven by special instructions inserted in the software code of the executing computer programs during the code generation process. Code analysis methods to insert the special instructions into the appropriate points in the source code of the target executing computer programs are presented. Run-time hardware mechanisms to support the potential elimination of redundant operations are also presented. Corresponding methods that might increase the number of eliminated operations by allowing limited errors to occur are also disclosed. | 2015-03-05 |
| 20150067262 | THREAD CACHE ALLOCATION - Systems and techniques are described for thread cache allocation. A described technique includes monitoring input and output accesses for a plurality of threads executing on a computing device that includes a cache comprising a quantity of memory blocks, determining a respective reuse intensity for each of the threads, determining a respective read ratio for each of the threads, determining a respective quantity of memory blocks for each of the partitions by optimizing a combination of cache utilities, each cache utility being based on the respective reuse intensity, the respective read ratio, and a respective hit ratio for a particular partition, and resizing one or more of the partitions to be equal to the respective quantity of the memory blocks for the partition. | 2015-03-05 |
| 20150067263 | SERVICE PROCESSOR PATCH MECHANISM - A microprocessor includes a plurality of processing cores, a service processing unit and a memory accessible by both the service processing unit and the plurality of processing cores. At least one of the plurality of processing cores is configured to write a patch to the memory. The patch comprises one or more instructions to be fetched from the memory and executed by the service processing unit after written to the memory by the at least one of the plurality of processing cores. | 2015-03-05 |
| 20150067264 | METHOD AND APPARATUS FOR MEMORY MANAGEMENT - In some embodiments, a method of managing cache memory includes identifying a group of cache lines in a cache memory, based on a correlation between the cache lines. The method also includes tracking evictions of cache lines in the group from the cache memory and, in response to a determination that a criterion regarding eviction of cache lines in the group from the cache memory is satisfied, selecting one or more (e.g., all) remaining cache lines in the group for eviction. | 2015-03-05 |
| 20150067265 | System and Method for Partitioning of Memory Units into Non-Conflicting Sets - A system and method of operation exploit the limited associativity of a single cache set to force observable cache evictions and discover conflicts. Loads are issued to input memory addresses, one at a time, until a cache eviction is detected. After observing a cache eviction on a load from an address, that address is added to a data structure representing the current conflict set. The cache is then flushed, and loads are issued to all addresses in the current conflict set, so that all known conflicting addresses are accessed first, ensuring that the next cache miss will occur on a different conflicting address. The process is repeated, issuing loads from all input memory addresses, incrementally finding conflicting addresses, one by one. Memory addresses that conflict in the cache belong to the same partition, whereas memory addresses belonging to different partitions do not conflict. | 2015-03-05 |
| 20150067266 | EARLY WRITE-BACK OF MODIFIED DATA IN A CACHE MEMORY - A level of cache memory receives modified data from a higher level of cache memory. A set of cache lines with an index associated with the modified data is identified. The modified data is stored in the set in a cache line with an eviction priority that is at least as high as an eviction priority, before the modified data is stored, of an unmodified cache line with a highest eviction priority among unmodified cache lines in the set. | 2015-03-05 |
| 20150067267 | CONCURRENT INLINE CACHE OPTIMIZATION IN ACCESSING DYNAMICALLY TYPED OBJECTS - A method and an apparatus for concurrent accessing of dynamically type objects based on inline cache code are described. Inline cache initialization in a single thread may be off loaded to an interpreter without incurring unnecessary synchronization overhead. A thread bias mechanism may be provided to detect whether a code block is executed in a single thread. Further, the number of inline cache initializations performed via a compiler, such as baseline JIT compiler, can be reduced to improve processing performance. | 2015-03-05 |
| 20150067268 | OPTIMIZING MEMORY BANDWIDTH CONSUMPTION USING DATA SPLITTING WITH SOFTWARE CACHING - A computer processor collects information for a dominant data access loop and reference code patterns based on data reference pattern analysis, and for pointer aliasing and data shape based on pointer escape analysis. The computer processor selects a candidate array for data splitting wherein the candidate array is referenced by a dominant data access loop. The computer processor determines a data splitting mode by which to split the data of the candidate array, based on the reference code patterns, the pointer aliasing, and the data shape information, and splits the data into two or more split arrays. The computer processor creates a software cache that includes a portion of the data of the two or more split arrays in a transposed format, and maintains the portion of the transposed data within the software cache and consults the software cache during an access of the split arrays. | 2015-03-05 |
| 20150067269 | METHOD FOR BUILDING MULTI-PROCESSOR SYSTEM WITH NODES HAVING MULTIPLE CACHE COHERENCY DOMAINS - A method for building a multi-processor system with nodes having multiple cache coherency domains. In this system, a directory built in anode controller needs to include processor domain attribute information, and the information can be acquired by configuring cache coherency domain attributes of ports of the node controller connected to processors. In the disclosure herein, the node ca roller can support the multiple physical cache coherency domains in a node. | 2015-03-05 |
| 20150067270 | METADATA CACHE MANAGEMENT - Managing a cache includes determining from metadata of a received service request whether a cache data response may satisfy the request as a function of recognizing a cacheable method name specification within request metadata by a service provider associated with the request, and determining whether the request is an inquiry in order to decide if the request may be satisfied by the cached data. Aspects also include searching the cache for the data response if determined the data is cacheable and the request is an inquiry, and sending the request on to a service provider if the data response is not a cacheable response, or the request is an update request. | 2015-03-05 |
| 20150067271 | SELECTIVELY ENABLING WRITE CACHING IN A STORAGE SYSTEM BASED ON PERFORMANCE METRICS - According to a method of cache management in a data storage system including a write cache and bulk storage media, a storage controller of the data storage system caches, in the write cache, write data of write input/output operations (IOPs) received at the storage controller. In response to a first performance-related metric for the data storage system satisfying a first threshold, the storage controller decreases a percentage of write IOPs for which write data is cached in the write cache of the data storage system and increases a percentage of write IOPs for which write data is stored directly in the bulk storage media in lieu of the write cache. In response to a second performance-related metric for the data storage system satisfying a second threshold, the storage controller increases the percentage of write IOPs for which write data is cached in the write cache of the data storage system. | 2015-03-05 |
| 20150067272 | SYSTEM AND METHOD FOR PROVIDING STEALTH MEMORY - The described implementations relate to computer memory. One implementation provides a technique that can include providing stealth memory to an application. The stealth memory can have an associated physical address on a memory device. The technique can also include identifying a cache line of a cache that is mapped to the physical address associated with the stealth page, and locking one or more other physical addresses on the memory device that also map to the cache line. | 2015-03-05 |
| 20150067273 | COMPUTATION HARDWARE WITH HIGH-BANDWIDTH MEMORY INTERFACE - Various embodiments relating to performing multiple computations are provided. In one embodiment, a computing system includes an off-chip storage device configured to store a plurality of stream elements and associated tags and a computation device. The computation device includes an on-chip storage device configured to store a plurality of independently addressable resident elements, and a plurality of parallel processing units. Each parallel processing unit may be configured to receive one or more stream elements and associated tags from the off-chip storage device and select one or more resident elements from a subset of resident elements driven in parallel from the on-chip storage device. A selected resident element may be indicated by an associated tag as matching a stream element. Each parallel processing unit may be configured to perform one or more computations using the one or more stream elements and the one or more selected resident elements. | 2015-03-05 |
| 20150067274 | MEMORY SYSTEM - A memory system, including a plurality of stacked slices and a controller electrically coupled to the plurality of slices, includes: the plurality of slices configured to share a command in a preset number unit, wherein a slice performs a data input/output operation; and the controller configured to generate the command and a control signal for selecting slices in the preset number unit from the plurality of slices. | 2015-03-05 |
| 20150067275 | SINGLE PORT MEMORY THAT EMULATES DUAL PORT MEMORY - A single-port memory that operates in single-cycle dual-port mode has a logical capacity of N=k·m memory words and (k+1) single-port RAM having an overall physical capacity of (k+1)·m memory words. A status register holds words identifying which RAM bank has the last data at the i | 2015-03-05 |
| 20150067276 | MEMORY SYSTEM AND CONTROLLER - According to one embodiment, according to one embodiment, a memory system includes a first memory, a second memory, an interface, a managing unit, and a control unit. The second memory stores data read out from the first memory. The interface receives a read command. The managing unit manages a corresponding relationship of a first address included in the read command and a second address. The second address is an address indicating a position in the first memory where data designated by the first address is stored. The control unit acquires a plurality of second addresses corresponding to a sequential first address range including the first address in a case where the read command is received, and determine an amount of data to be read out from the first memory to the second memory based on whether the plurality of second addresses is sequential or not. | 2015-03-05 |
| 20150067277 | MULTIPROCESSOR SYSTEM FOR RESTRICTING AN ACCESS REQUEST TO A SHARED RESOURCE - A multiprocessor system including a first processor element, and a second processor element that includes a CPU, a shared resource unit shared by the first and second processor elements, a protection setting unit and a guard unit, and the protection setting unit sets an access protection range for the shared resource unit, the guard unit restricts an access request from the first processor element to the shared resource unit based on the access protection range, the guard unit issues an exceptional access notification signal when the access request from the first processor element is within the access protection range, and when the exceptional access notification signal is issued, the CPU extends the access protection range in such a manner that the extended access protection range is wider than the access protection range set before issue of the exceptional access notification signal. | 2015-03-05 |
| 20150067278 | Using Redundant Transactions to Verify the Correctness of Program Code Execution - In the described embodiments, a processor core (e.g., a GPU core) receives a section of program code to be executed in a transaction from another entity in a computing device. The processor core sends the section of program code to one or more compute units in the processor core to be executed in a first transaction and concurrently executed in a second transaction, thereby creating a “redundant transaction pair.” When the first transaction and the second transaction are completed, the processor core compares a read-set of the first transaction to a read-set of the second transaction and compares a write-set of the first transaction to a write-set of the second transaction. When the read-sets and the write-sets match and no transactional error condition has occurred, the processor core allows results from the first transaction to be committed to an architectural state of the computing device. | 2015-03-05 |
| 20150067279 | DATA PROCESSING SYSTEM AND METHOD FOR OPERATING A DATA PROCESSING SYSTEM - A data processing system comprising a processing unit, a first memory, and a second memory, wherein the data processing system is arranged to hardware protect the second memory when a write access to the first memory is executed, wherein the processing unit is arranged to execute a program having at least one jump instruction and at least one return instruction, wherein the processing unit is arranged to store a program stack in the first memory, wherein the processing unit is arranged to store a return address on the program stack and to store a return address copy in the second memory when the at least one jump instruction is executed, and wherein the processing unit is arranged to compare the return address with the return address copy when the at least one return instruction is executed. | 2015-03-05 |
| 20150067280 | METHOD AND APPARATUS FOR CONTROLLING MEMORY STARTUP - Embodiments of the present invention disclose a method and an apparatus for controlling memory startup, and relate to the field of memory control technologies. The present invention is not limited to the number of pins of a control chip, thereby reducing costs. The method is applied to a control apparatus, where the control apparatus includes a preset data segment; the preset data segment includes at least one sub data segment; and each sub data segment is corresponding to one configuration type. The method includes: reading each sub data segment in a first data segment and performing a first operation on a sub data segment corresponding to a first configuration type to obtain a second data segment; performing matching between the second data segment and the preset data segment; and starting up the memory according to the first configuration type when the second data segment matches the preset data segment. | 2015-03-05 |
| 20150067281 | RESERVATION OF STORAGE SPACE FOR A THIN PROVISIONED VOLUME - For reserving storage space, a determination module determines if required storage space is available for a write in response to logical storage address for the write being unallocated. The logical storage address is a thin provisioned storage space. A reservation module reserves the required storage space for the write in response to determining that the required storage space is available. In addition, the reservation module may communicate an allocation success in response to determining the required storage space is available. The allocation success is communicated prior to allocating the required storage space. The reservation module may communicate a write failure in response to determining the required storage space is not available. | 2015-03-05 |
| 20150067282 | COPY CONTROL APPARATUS AND COPY CONTROL METHOD - A copy control apparatus includes a processor. The processor is configured to record, in update location information, an update count for each of sectional areas obtained by sectioning a copy-source area. The update count indicates a number of updates of data in a sectional area. The update count is indicative of more than two values. The processor is configured to perform first copy of copying data in the copy-source area to a copy-destination area based on the update location information. The processor is configured to deter the first copy for data in a sectional area for which an update count indicating more than a predetermined number is recorded in the update location information. | 2015-03-05 |
| 20150067283 | Image Deduplication of Guest Virtual Machines - Methods, systems, and articles of manufacture for image deduplication of guest virtual machines are provided herein. A method includes implementing a shared image file on a host server, transparently consolidating multiple duplicate blocks across multiple virtual machines on the shared image file, and creating a merged data path for the multiple virtual machines via the shared image file based on the multiple consolidated duplicate blocks. | 2015-03-05 |
| 20150067284 | SYSTEM AND METHOD FOR SELECTIVELY UTILIZING MEMORY AVAILABLE IN A REDUNDANT HOST IN A CLUSTER FOR VIRTUAL MACHINES - Techniques for selectively utilizing memory available in a redundant host system of a cluster are described. In one embodiment, a cluster of host systems, with at least one redundant host system, with each host system having a plurality of virtual machines with associated virtual machine (VM) reservation memory is provided. A portion of a data store is used to store a base file, the base file accessed by all the plurality of virtual machines. A portion of the memory available in the redundant host system is assigned as spare VM reservation memory. A copy of the base file is selectively stored in the spare VM reservation memory for access by all the plurality of virtual machines. | 2015-03-05 |
| 20150067285 | STORAGE CONTROL APPARATUS, CONTROL METHOD, AND COMPUTER-READABLE STORAGE MEDIUM - A movement processing unit retains data in a source area when 10% or more space is available at a source hierarchical level. A read processing unit reads, when data for which a read request is received is present on more than one hierarchical level, the data from a hierarchical level with a low load. A write processing unit records an update state in a bitmap table without updating a copy when a load is high, and updates copied data under the condition that a low-load state continues 10 minutes or longer. | 2015-03-05 |
| 20150067286 | GARBAGE COLLECTION IN A STORAGE SYSTEM - A system and method for performing garbage collection. A system includes a storage medium, a first table including entries which map a virtual address to locations in the storage medium, and a second table with entries which include a reverse mapping of a physical address in a data storage medium to one or more virtual addresses. A storage controller is configured to perform garbage collection. During garbage collection, the controller is configured to identify one or more entries in the second table which correspond to a segment to be garbage collected. In response to determining the first table includes a valid mapping for a virtual address included in an entry of the one of the one or more entries, the controller is configured to copy data from a first location identified in the entry to a second location in the data storage medium, and reclaim the first storage location. | 2015-03-05 |
| 20150067287 | DISTRIBUTED DYNAMIC MEMORY MANAGEMENT UNIT (MMU)-BASED SECURE INTER-PROCESSOR COMMUNICATION - A first processor and a second processor are configured to communicate secure inter-processor communications (IPCs) with each other. The first processor effects secure IPCs and non-secure IPCs using a first memory management unit (MMU) to route the secure and non-secure IPCs via a memory system. The first MMU accesses a first page table stored in the memory system to route the secure IPCs and accesses a second page table stored in the memory system to route the non-secure IPCs. The second processor effects at least secure IPCs using a second MMU to route the secure IPCs via the memory system. The second MMU accesses the second page table to route the secure IPCs. | 2015-03-05 |
| 20150067288 | CORRUPTING DATA STRUCTURES FOR PRIVACY PROTECTION - Methods, systems, and apparatuses, including computer programs encoded on computer-readable media, for storing data in both defaultable and non-defaultable memory on a unit in such a way that if a pluggable device is removed from the unit, the defaultable memory is reset to some default state. Further, non-defaultable memory may have data, but that data is unintelligible without data in the defaultable memory. | 2015-03-05 |
| 20150067289 | METHOD AND APPARATUS FOR IMPLEMENTING GARBAGE COLLECTION WITHIN A COMPUTING ENVIRONMENT - An approach is provided for obtaining memory management information associated with a computing environment, processing the memory management information to determine one or more computing devices within the computing environment experiencing full garbage collection, and resetting memory of the one or more computing devices to correct the full garbage collection. | 2015-03-05 |
| 20150067290 | MEMORY ACCESS TIME TRACKING IN DUAL-RAIL SYSTEMS - Disclosed are various apparatuses and methods for memory access time tracking in dual-rail systems. An apparatus may include a memory coupled to a first voltage rail and having a data output, a data circuit coupled to a second voltage rail and configured to receive the data output from the memory, and a timing circuit configured to adjust an access time of the memory based on a second voltage rail level. A method may include determining a voltage rail level of a data circuit, adjusting the access time of the memory based on the voltage rail level of the data circuit, outputting data from the memory, and receiving the output data by the data circuit. | 2015-03-05 |
| 20150067291 | CONTROLLER, MEMORY SYSTEM, AND METHOD - According to the embodiments, a controller includes an arbiter, a command fetch unit, and a processing unit. The arbiter executes a retrieval process. The retrieval process is a process of selecting a queue, to which a command is issued, out of plural queues by retrieval according to a round robin method. The command fetch unit fetches a command from the selected queue. The processing unit executes a process according to the fetched command to a memory chip. The arbiter manages a retrieval position. When a new command is issued to any one of the plural queues in an empty state in which there is no queue to which a command is issued, the arbiter has the retrieval position jump to the queue to which the new command is issued. | 2015-03-05 |
| 20150067292 | IMPEDANCE ADJUSTMENT IN A MEMORY DEVICE - Methods and apparatus for impedance adjustment operations in memory devices are disclosed. One such method includes adjusting an impedance of a particular driver circuit of a particular memory device to a desired impedance, determining configuration information corresponding to a configuration of the particular driver circuit adjusted to the desired impedance, transferring the configuration information to a different memory device and configuring an impedance of a driver circuit of the different memory device responsive to the configuration information. | 2015-03-05 |
| 20150067293 | NON-INTRUSIVE STORAGE OF GARBAGE COLLECTOR-SPECIFIC MANAGEMENT DATA - A system, method, and techniques for managing memory are provided. An example method includes identifying a plurality of regions in a heap storing one or more objects of a first type and one or more objects of a second type. Each object of the first type includes application data and management data, and the management data is used by a managed runtime to manage the application data. The method also includes determining an object of the first type to read and computing, based on a last-known memory address of the object of the first type, a memory address of an object of the second type storing a current memory address of the object of the first type. The method further includes reading the current memory address stored in the object of the second type and locating the object of the first type at the read memory address. | 2015-03-05 |
| 20150067294 | METHOD AND SYSTEM FOR ALLOCATING A RESOURCE OF A STORAGE DEVICE TO A STORAGE OPTIMIZATION OPERATION - Allocating a resource of a storage device to a storage optimization operation. An available resource of the storage device is monitored. Determining an allocation proportion of the resource allocated to the storage optimization operation, based on at least one of historical running information and a predicted value of a performance improvement caused by the storage optimization operation. Allocating the resource of the storage device to the storage optimization operation based on the available resource and the allocation proportion. | 2015-03-05 |
| 20150067295 | STORAGE POOLS FOR A DISPERSED STORAGE NETWORK - A method begins by a dispersed storage (DS) processing module selecting storage pools within the DSN with available capacity for storing data of a storage group. The method continues by selecting one or more dispersed storage (DS) units within each of the selected storage pools based on a selection criteria and mapping the one or more DS units to the storage group. The method continues by receiving a write request to store a data object to the storage group and by storing the data object in at least one of the mapped one or more DS units. The method continues with the DS processing module issuing an indication unutilized storage space calculated on a proportionate basis based on storage utilized for the storage group as a percentage of total storage utilized and updating a write proportion value based on received storage utilization responses. | 2015-03-05 |
| 20150067296 | I/O MEMORY MANAGEMENT UNIT PROVIDING SELF INVALIDATED MAPPING - A memory management unit for 110 devices uses page table entries to translate virtual addresses to physical addresses. The page table entries include removal rules allowing the I/O memory management unit to delete page table entries without CPU involvement significantly reducing the CPU overhead involved in virtualized I/O data transactions. | 2015-03-05 |
| 20150067297 | DIRECT MEMORY ACCESS (DMA) ADDRESS TRANSLATION WITH A CONSECUTIVE COUNT FIELD - DMA translation table entries include a consecutive count (CC) field that indicates how many subsequent translation table entries point to successive real page numbers. A DMA address translation mechanism stores a value in the CC field when a translation table entry is stored, and updates the CC field in other affected translation table entries as well. When a translation table entry is read, and the CC field is non-zero, the DMA controller can use multiple RPNs from the access to the single translation table entry. Thus, if a translation table entry has a value of 2 in the CC field, the DMA address translation mechanism knows it can access the real page number (RPN) corresponding to the translation table entry, and also knows it can access the two subsequent RPNs without the need of reading the next two subsequent translation table entries. | 2015-03-05 |
| 20150067298 | SPLITABLE AND SCALABLE NORMALIZER FOR VECTOR DATA - A hardware circuit component configured to support vector operations in a scalar data path. The hardware circuit component configured to operate in a vector mode configuration and in a scalar mode configuration. The hardware circuit component configured to split the scalar mode configuration into a left half and a right half of the vector mode configuration. The hardware circuit component configured to perform one or more bit shifts over one or more stages of interconnected multiplexers in the vector mode configuration. The hardware circuit component configured to include duplicated coarse shift multiplexers at bit positions that receive data from both the left half and the right half of the vector mode configuration, resulting in one or more coarse shift multiplexers sharing the bit position. | 2015-03-05 |
| 20150067299 | SPLITABLE AND SCALABLE NORMALIZER FOR VECTOR DATA - A hardware circuit component configured to support vector operations in a scalar data path. The hardware circuit component configured to operate in a vector mode configuration and in a scalar mode configuration. The hardware circuit component configured to split the scalar mode configuration into a left half and a right half of the vector mode configuration. The hardware circuit component configured to perform one or more bit shifts over one or more stages of interconnected multiplexers in the vector mode configuration. The hardware circuit component configured to include duplicated coarse shift multiplexers at bit positions that receive data from both the left half and the right half of the vector mode configuration, resulting in one or more coarse shift multiplexers sharing the bit position. | 2015-03-05 |
| 20150067300 | REDUCING OVERHEAD IN LOADING CONSTANTS - An overhead reduction system creates a plurality of candidates of constants to be stored in one or more constant registers based on constants used in the program code of the current compilation scope, estimates, for each of the candidates of constants, an effect of overhead reduction by generation of the constant used in the program code by using the candidate of constant, determines a base constant to be loaded on the constant registers based on the estimation result, loads the base constant on the constant registers at an entry point of the program code, and generates a code for generating the constants used in the program code by using values of the constant registers. | 2015-03-05 |
| 20150067301 | MICROPROCESSOR WITH BOOT INDICATOR THAT INDICATES A BOOT ISA OF THE MICROPROCESSOR AS EITHER THE X86 ISA OR THE ARM ISA - A microprocessor includes a plurality of registers that holds an architectural state of the microprocessor and an indicator that indicates a boot instruction set architecture (ISA) of the microprocessor as either the x86 ISA or the Advanced RISC Machines (ARM) ISA. The microprocessor also includes a hardware instruction translator that translates x86 ISA instructions and ARM ISA instructions into microinstructions. The hardware instruction translator translates, as instructions of the boot ISA, the initial ISA instructions that the microprocessor fetches from architectural memory space after receiving a reset signal. The microprocessor also includes an execution pipeline, coupled to the hardware instruction translator. The execution pipeline executes the microinstructions to generate results defined by the x86 ISA and ARM ISA instructions. In response to the reset signal, the microprocessor initializes its architectural state in the plurality of registers as defined by the boot ISA prior to fetching the initial ISA instructions. | 2015-03-05 |
| 20150067302 | INSTRUCTIONS AND LOGIC TO PROVIDE GENERAL PURPOSE GF(256) SIMD CRYPTOGRAPHIC ARITHMETIC FUNCTIONALITY - Instructions and logic provide general purpose GF(2 | 2015-03-05 |
| 20150067303 | INPUT DATA AGGREGATION PROCESSING APPARATUS, SYSTEM AND METHOD - To improve usability and a processing speed by waiting for a string of information associated with each other, and appropriately aggregating data satisfying a specific condition when outputting the data, and retaining and storing the aggregated data. In a case where a string of information originally associated with each other is arrival, separately, a data input/output unit determines a processing pattern on the basis of information on an input source. A data processing unit implements a processing condition for waiting for the associated information, individually, controls the storage of data in conformity with the processing condition, and aggregates and retains the string of data, and outputs an aggregation result. Also, the data processing unit can delete the string of unnecessary data in a lump. | 2015-03-05 |
| 20150067304 | INFORMATION PROCESSING APPARATUS AND METHOD OF CONTROLLING INFORMATION PROCESSING APPARATUS - An information processing apparatus includes a plurality of arithmetic processing devices, a common timer unit configured to measure time in common among the plurality of arithmetic processing devices, a plurality of individual timer units to measure execution time of a program per plurality of arithmetic processing devices, a comparing unit configured to compare the program execution time of each of the plurality of arithmetic processing devices, the program execution time being measured by the plurality of individual timer units, with time measured by the common timer unit, and a control unit configured to control processing of the plurality of arithmetic processing devices on the basis of a result of the comparison made by the comparing unit. | 2015-03-05 |
| 20150067305 | SPECIALIZED MEMORY DISAMBIGUATION MECHANISMS FOR DIFFERENT MEMORY READ ACCESS TYPES - A system and method for efficient predicting and processing of memory access dependencies. A computing system includes control logic that marks a detected load instruction as a first type responsive to predicting the load instruction has high locality and is a candidate for store-to-load (STL) data forwarding. The control logic marks the detected load instruction as a second type responsive to predicting the load instruction has low locality and is not a candidate for STL data forwarding. The control logic processes a load instruction marked as the first type as if the load instruction is dependent on an older store operation. The control logic processes a load instruction marked as the second type as if the load instruction is independent on any older store operation. | 2015-03-05 |
| 20150067306 | INTER-CORE COMMUNICATION VIA UNCORE RAM - A microprocessor includes a plurality of processing cores and an uncore random access memory (RAM) readable and writable by each of the plurality of processing cores. Each core of the plurality of processing cores comprises microcode run by the core that implements architectural instructions of an instruction set architecture of the microprocessor. The microcode is configured to both read and write the uncore RAM to accomplish inter-core communication between the plurality of processing cores. | 2015-03-05 |
| 20150067307 | PROPAGATION OF UPDATES TO PER-CORE-INSTANTIATED ARCHITECTURALLY-VISIBLE STORAGE RESOURCE - A microprocessor a plurality of processing cores, wherein each of the plurality of processing cores instantiates a respective architecturally-visible storage resource. A first core of the plurality of processing cores is configured to encounter an architectural instruction that instructs the first core to update the respective architecturally-visible storage resource of the first core with a value specified by the architectural instruction. The first core is further configured to, in response to encountering the architectural instruction, provide the value to each of the other of the plurality of processing cores and update the respective architecturally-visible storage resource of the first core with the value. Each core of the plurality of processing cores other than the first core is configured to update the respective architecturally-visible storage resource of the core with the value provided by the first core without encountering the architectural instruction. | 2015-03-05 |
| 20150067308 | MANAGING PHYSICAL PRESENCE ACROSS MULTIPLE BLADES - A system includes a multi-node chassis including a chassis management module, a plurality of compute nodes, and a physical presence manual actuator for transmitting a physical presence signal to each compute node in response to manual actuation. Each server has a firmware interface, a trusted platform module, and an AND gate. The firmware interface has a general purpose input output pin for providing an enabling signal in response to a user instruction to a firmware interface setup program that communicates with the firmware interface. The AND gate has a first input receiving the enabling signal, a second input receiving the physical presence signal, and an output coupled to the trusted platform module, wherein the AND gate for a selected compute node asserts physical presence to the trusted platform module of the selected compute node in response to receiving both the enabling signal and the physical presence signal. | 2015-03-05 |
| 20150067309 | MANAGING PHYSICAL PRESENCE ACROSS MULTIPLE BLADES - A method uses a firmware interface setup program for a selected compute node (“node”) to cause a firmware interface to enable a trusted platform module (TPM) on the selected node to receive a physical presence (PP) signal. The selected node is selected from a plurality of nodes within a multi-node chassis, wherein each node includes a firmware interface and a TPM. A device within the multi-node chassis is manually actuated to transmit a PP signal to each of the plurality of nodes, such that each node receives the PP signal. The PP signal is asserted to the TPM of the selected node in response to both enabling the TPM of the selected node to be able to receive the PP signal and receiving the PP signal. Still further, the method allows modification of a security setting of the selected node in response to the TPM receiving the PP signal. | 2015-03-05 |
| 20150067310 | DYNAMIC RECONFIGURATION OF MULTI-CORE PROCESSOR - A microprocessor includes a plurality of processing cores and a configuration register configured to indicate whether each of the plurality of processing cores is enabled or disabled. Each enabled one of the plurality of processing cores is configured to read the configuration register in a first instance to determine which of the plurality of processing cores is enabled or disabled and generate a respective configuration-related value based on the read of the configuration register in the first instance. The configuration register is updated to indicate that a previously enabled one of the plurality of processing cores is disabled. Each enabled one of the plurality of processing cores is configured to read the configuration register in a second instance to determine which of the plurality of processing cores is enabled or disabled and generate the respective configuration-related value based on the read of the configuration register in the second instance. | 2015-03-05 |
| 20150067311 | METHOD AND SYSTEM FOR VERIFYING PROPER OPERATION OF A COMPUTING DEVICE AFTER A SYSTEM CHANGE - A method and system for applying a system change in an automated fashion and verifying the correct operation of a computing device after the system change includes allowing the computing device an opportunity to at least temporarily apply the system change, determine whether the system change is successful, and discard the system change if not successful, using operating system and BIOS components. | 2015-03-05 |
| 20150067312 | AUTOMATED POWER CYCLING UNIT OF A DATA PROCESSING DEVICE - A method, a system, and a device to provide an automated power cycling operation to a data processing device are disclosed. In one embodiment, a method includes receiving an error signal of a data processing device, through a processor of a power cycle unit, wherein the power cycle unit is coupled to the data processing device. In another embodiment, the power cycle unit may disconnect electrical power from a power supply to the data processing device. For example, the data processing device may require a power cycling operation to improve performance and the power cycle unit may comprise one or more routines for a power cycle operation. The power cycle unit may include a processor to detect computational errors and trigger the power cycling operation. Further, an administration server may be in communication with the power cycle unit and may allow a remote triggering of the power cycling operation. | 2015-03-05 |
| 20150067313 | SYSTEMS AND METHODS FOR SECURE BOOT ROM PATCH - A data processing system includes a boot read only memory (ROM) configured to store boot code; one time programmable (OTP) storage circuitry configured to store patch instructions; a random access memory (RAM); and a processor coupled to the boot ROM, the OTP storage circuitry, and the RAM. The processor is configured to: in response to a reset of the data processing system, copy one or more patch instructions from the OTP storage circuitry into the RAM, and during execution of the boot code, execute a patch instruction from the RAM in place of a boot instruction of the boot code. | 2015-03-05 |
| 20150067314 | SECURE FIRMWARE FLASH CONTROLLER - A microcontroller that includes a secure firmware flash controller is provided. The secure firmware flash controller utilizes a hardware assisted boot sequence that performs a firmware code validation. If the firmware code fails validation for any reason, the firmware flash controller locks out access to the firmware RAM and firmware flash controller, and passes control back to the microcontroller for further measures that are protected by security protocols on the microcontroller. | 2015-03-05 |
| 20150067315 | MEMORY APPARATUS AND COMPUTER SYSTEM INCLUDING THE SAME - A semiconductor device includes a memory bank, a data line and a data line control unit. The memory bank stores data. The data line transfers data to be stored in or output from the memory bank. The data line control unit initializes the data line in response to a power-up signal and a write command. | 2015-03-05 |
| 20150067316 | ELECTRONIC DEVICE AND TESTING METHOD - In a method of testing stability of updating firmware of a baseboard management controller (BMC) of an electronic device, the electronic device comprises a first storage device that stores original firmware data of the BMC, and a second storage device that stores update data of the firmware. The electronic device tests the stability by repeatedly erasing the original firmware data and writing the update data into the first storage device. Once the electronic device updates the firmware of the BMC for a predetermined number of times, the process is ended. | 2015-03-05 |
| 20150067317 | DEVICE-LESS AND SYSTEM AGNOSTIC UNIFIED EXTENSIBLE FIRMWARE INTERFACE (UEFI) DRIVER - Loading and executing a device-less and system agnostic Unified Extensible Firmware Interface (UEFI) driver configured to filter inputs/outputs (I/O) to storage devices without requiring dependency on a Peripheral Component Interconnect (PCI) type device and/or modifying a system UEFI Basic Input/Output System (BIOS), thereby enabling a software only product supporting booting of an Operating System (OS). | 2015-03-05 |
| 20150067318 | SELECTIVE DESIGNATION OF MULTIPLE CORES AS BOOTSTRAP PROCESSOR IN A MULTI-CORE MICROPROCESSOR - A microprocessor includes an indicator and a plurality of processing cores. Each of the plurality of processing cores is configured to sample the indicator. When the indicator indicates a first predetermined value, the plurality of processing cores are configured to collectively designate multiple of the plurality of processing cores to be a bootstrap processor. When the indicator indicates a second predetermined value distinct from the first predetermined value, the plurality of processing cores are configured to collectively designate a single processing core of the plurality of processing cores to be the bootstrap processor. | 2015-03-05 |
| 20150067319 | SNAPSHOTS IN A HYBRID STORAGE DEVICE COMPRISING A MAGNETIC DISK AND A SOLID STATE DISK - One or more snapshots of data stored over a period of time are maintained in a hybrid storage device comprising a magnetic disk and a solid state disk, wherein a selected snapshot stores information that allows recovery of data that is stored in the hybrid storage device at a selected point in time of the period of time. The hybrid storage device receives an input/output (I/O) command from a computational device. A category of a plurality of categories to which the I/O command belongs is determined, wherein the plurality of categories comprise writing to an unused block, writing to a used block, reading from an unused block, and reading from a used block. In response to determining the category to which the I/O command belongs, the I/O command is handled by one of the magnetic disk and the solid state disk based on the determined category. | 2015-03-05 |
| 20150067320 | METHODS AND SYSTEMS FOR DETECTING A USER AND INTELLIGENTLY ALTERING USER DEVICE SETTINGS - Systems and methods according to one or more embodiments are provided for detecting or recognizing a user and intelligently altering or adjusting user device settings appropriate for the detected user. In an embodiment, a method comprises detecting, electronically by a processor, a first user interacting with a user device via a user input interface of the user device; determining, electronically by the processor, one or more characteristics associated with a primary user of the user device; determining, electronically by the processor, the first user is not the primary user based at least in part on comparing interactions of the first user with the user device and the one or more characteristics associated with the primary user of the user device; and altering one or more settings of the user device. | 2015-03-05 |
| 20150067321 | METHOD OF CHANGING ALGORITHM AND ELECTRONIC DEVICE THEREFOR - A method of changing an algorithm used in an electronic device and an electronic device thereof are provided. The method includes determining an algorithm based on at least one of information about environments and information about a useful amount of resources, determining a variable of the determined algorithm based on the at least one of information about the environments and the information about the useful amount of resources, and executing the determined algorithm based on the determined variable of the algorithm. | 2015-03-05 |
| 20150067322 | SYSTEMS AND METHODS FOR MULTI-LEVEL TAGGING OF ENCRYPTED ITEMS FOR ADDITIONAL SECURITY AND EFFICIENT ENCRYPTED ITEM DETERMINATION - The present disclosure is directed towards systems and methods for performing multi-level tagging of encrypted items for additional security and efficient encrypted item determination. A device intercepts a message from a server to a client, parses the message and identifies a cookie. The device processes and encrypts the cookie. The device adds a flag to the cookie indicating the device encrypted the cookie. The device re-inserts the modified cookie into the message and transmits the message. The device intercepts a message from a client and determines whether the cookie in the message was encrypted by the device. If the message was not encrypted by the device, the device transmits the message to its destination. If the message was encrypted by the device, the device removes the flag, decrypts the cookie, removes the tag from the cookie, re-inserts the cookie into the message and transmits the message to its final destination. | 2015-03-05 |
| 20150067323 | Software Revocation Infrastructure - In one implementation, software components include an identity of a revocation authority. Prior to loading of the software in a given platform, the revocation authority is checked for any revocation messages. The revocation authority creates software component specific messages for any software components to be revoked, rather than using certificate revocation or individual licenses. The messages include mitigation information, such as instructions for automatically configuring already installed software without requiring an update or change in code. | 2015-03-05 |
| 20150067324 | Transmission/Reception System, Transmission Device, Reception Device, Authentication Device, User Equipment, Method Executed Using These, and Program - An encryption technique in which a transmission device and a reception device use solutions generated such that those generated in the same order are assumed to be the same is improved so as to enhance versatility without undermining security. An initial solution respectively used by two communication devices involved in communication in order to generate solutions is sent from one communicating device to the other. Both communication devices generate a mutually agreed-upon number of solutions from the initial solution and set the last solution among the generated solutions as a new initial solution, and using solutions generated based on the new initial solution, the transmission device performs encryption while the reception device performs decryption. | 2015-03-05 |
| 20150067325 | Protection Against Unintentional File Changing - Files are protected against intrusion. A first embodiment protects certain files against changes. A second embodiment encrypts the files that are stored using user's personal information. | 2015-03-05 |
| 20150067326 | PARALLEL DATA PROCESSING SYSTEM BASED ON LOCATION CONTROL AND METHOD THEREOF - A parallel data processing system based on location control and a method thereof can divide a data into smaller data and store and manage the divided data using a location control technique which divides a file, distributes the divided files, and stores and manages information on corresponding areas. The parallel data processing system includes an encryption and decryption server, a location control server and a storage device. Further, the system may reduce the time required for storing and reading a data and improve the speed of controlling encryption and decryption of the data as a result, by distributing the data in a plurality of storage devices and processing the data in parallel in encrypting, storing and restoring a data which requires security. In addition, performance of a plurality of storage devices and efficiency of the storage may be enhanced. | 2015-03-05 |
| 20150067327 | METHODS, DEVICES, AND MEDIUMS FOR SECURELY SHARING RESTRICTED CONTENT - A computing device is disclosed for securely sharing restricted content. The computing device includes a memory storing computer readable instructions, and one or more processors configured to execute the computer readable instructions. The computer readable instructions configure the one or more processors to, collectively, receive a share request to share the restricted content; in response to the share request, encode a link with encrypted access information, the access information including a first password and identifying the restricted content; receive an access request for access to the restricted content from a client device executing the link, the access request including the encrypted access information; receive a second password from the client device in association with the access request; and grant the client device access to the restricted content in response to determining the first password matches the second password. A method and a computer readable medium are also disclosed. | 2015-03-05 |
| 20150067328 | AUTHENTICATING A USER DEVICE TO ACCESS SERVICES BASED ON A DEVICE ID - A first device may receive a first session token from a second device; determine that the first session token is expired or invalid; provide a security input to the second device to cause the second device to generate a first hash value of the security input using a key corresponding to a key identifier (ID); receive the key ID and the first hash value from the second device; generate a second hash value using the key corresponding to the key ID; determine that the first hash value matches the second hash value; and establish a session with the second device based on determining that the first hash value matches the second hash value. | 2015-03-05 |
| 20150067329 | METHOD AND SYSTEM FOR ESTABLISHING A SESSION KEY - A system and a method is provided for establishing a session key in a context of communications between entities, the identifiers of which are generated cryptographically and for which one of the entities is highly resource-constrained. It includes assigning to assistant entities of the resource-constrained entity, the highest-consuming asymmetric cryptography operations. | 2015-03-05 |
| 20150067330 | METHOD AND SYSTEM FOR NETWORK DATA ACCESS - Embodiments of the invention provide a method and system which allow for ready revocation of end user access rights by virtue of storing data in an encrypted form in a network environment, and using a trusted proxy server to re-encrypt the data itself to permit eventual decryption of the data by an authorised end user. However, if the end user's access rights are revoked then the trusted proxy does not perform the re-encryption of the data, and the end user is not then able to subsequently decrypt data stored in the network environment, even if it is able to access the data, without permission. Embodiments therefore have advantages that access control is decoupled from data confidentiality to provide scalability, and revocation of user access rights can be accomplished without requiring re-encryption of the stored data. | 2015-03-05 |
| 20150067331 | REMOTE DATA STORAGE - A computer-implemented method for performing remote data storage includes providing, by at least one client, files to be stored on a remote server, evaluating popularity of the files, and storing the files on the server in a form that depends on the popularity of the files. Files with a first level of popularity are stored in a deduplicated form and files with a second level of popularity are stored in an encrypted form, the first level of popularity being higher than the second level of popularity. | 2015-03-05 |
| 20150067332 | SYSTEM AND METHOD CAPABLE OF VERIFYING CONTACTLESS SENSOR TAG - A system and a method capable of verifying contactless sensor tag, the system comprising: a reading device, served to generate a first verification code according to a first dynamic value and generate an authority request according to an authority code; a sensor tag, used to obtain the first verification code of the reading device in a contactless way, generate a second verification code according to a second dynamic value, and process a ciphering calculation according to an identification code, the first verification code and the second verification code for generating the authority code, and send the authority code to the reading device in a contactless way; and a verifying device, used to receive the authority request of the reading device, and perform a deciphering calculation on the authority request for obtaining the first dynamic value and the second dynamic value for determining whether the sensor tag is real. | 2015-03-05 |
| 20150067333 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR UTILIZING PREDETERMINED ENCRYPTION KEYS IN A TEST SIMULATION ENVIRONMENT - Methods, systems, and computer readable media for utilizing predetermined encryption keys in a test simulation environment are disclosed. In one embodiment, a method includes generating, prior to an initiation of an Internet protocol security (IPsec) test session, a private key and a public key at a traffic emulation device and storing the private key and the public key in a local storage associated with the traffic emulation device. The method further includes retrieving, from the local storage, the private key and the public key upon the initiation of the IPsec test session between the traffic emulation device and a device under test (DUT) and generating a shared secret key utilizing the retrieved private key and a DUT public key received from the DUT. | 2015-03-05 |
| 20150067334 | DELIVERING DATA OVER A NETWORK - A method and system for storing and delivering content data over a network comprising receiving a request over a network for content data from a requester ( | 2015-03-05 |
| 20150067335 | TETHERED DEVICE SYSTEMS AND METHODS - Systems and methods are described for applying digital rights management techniques to tethered devices. In one embodiment, a host device is operable to translate a relatively sophisticated license into a simpler format for use on a relatively low-capability device. In another embodiment, a method of using extended SCSI commands to communicate over a USB connection is provided. | 2015-03-05 |
| 20150067336 | New Cryptographic Systems Using Pairing with Errors - Using the same mathematical principle of paring with errors, which can be viewed as an extension of the idea of the LWE problem, this invention gives constructions of a new key exchanges system, a new key distribution system and a new identity-based encryption system. These new systems are efficient and have very strong security property including provable security and resistance to quantum computer attacks. | 2015-03-05 |
| 20150067337 | Techniques to Classify Virtual Private Network Traffic Based on Identity - Techniques are provided for obtaining first and second digital certificates from a certificate authority database for establishing a secure exchange between network devices. The first digital certificate contains identity information of a first network device, and the second digital certificate contains classification information of the first network device. In one embodiment, a secure key exchange is initiated with the second network device, and the first and second digital certificates are transmitted as a part of the secure key exchange to the second network device. In another embodiment, the first and second digital certificates are received by an intermediate network device. The first digital certificate is encrypted and is not evaluated by the intermediate network device. The second digital certificate is evaluated for classification information of the first network device. Source information associated with the first network device is stored, and encrypted traffic is processed between the network devices. | 2015-03-05 |
| 20150067338 | Providing forward secrecy in a terminating SSL/TLS connection proxy using ephemeral Diffie-Hellman key exchange - An infrastructure delivery platform provides a proxy service as an enhancement to the TLS/SSL protocol to off-load to an external server the generation of a digital signature, the digital signature being generated using a private key that would otherwise have to be maintained on a terminating server. Using this service, instead of digitally signing (using the private key) “locally,” the terminating server proxies given public portions of ephemeral key exchange material to the external server and receives, in response, a signature validating the terminating server is authorized to continue with the key exchange. In this manner, a private key used to generate the digital signature (or, more generally, to facilitate the key exchange) does not need to be stored in association with the terminating server. Rather, that private key is stored only at the external server, and there is no requirement for the pre-master secret to travel (on the wire). | 2015-03-05 |
| 20150067339 | SINGLE-PASS DATA COMPRESSION AND ENCRYPTION - Embodiments compress and encrypt data in a single pass to reduce inefficiencies that occur from compression and encrypting data separately. Typically, compression and encryption are implemented in separate functional units. This has a few disadvantages: 1) encryption cannot make use of compression state to further secure the message, 2) processed data is read and written twice, 3) additional space, time, and resources are consumed, and 4) it is more prone to potential cipher-attacks since the encryption stage is independent from compression. Embodiments overcome these disadvantages by structuring these operations so that both compression and encryption is executed within the same processing loop. Thus: 1) encryption is stronger due to the dependence on the compression state, 2) I/O buffers are accessed only once reducing overhead, 3) system footprint is reduced, and 4) cipher analysis is more complex since the decryption process cannot be separated from the decompression process. | 2015-03-05 |
| 20150067340 | CRYPTOGRAPHIC GROUP SIGNATURE METHODS AND DEVICES - To generate a group signature on a message, a processor generates a two-level signature on an identity of the group member at the first level and the message at the second level; generates a commitment to the identity of the group member, commitments to each group element and a proof that the identity and the group elements satisfy a predetermined equation; encodes the identity of the group member in the group signature in a bit-wise manner using an identity-based encryption scheme where the message serves as the identity of the identity-based encryption scheme to produce a ciphertext; generates a first proof that the ciphertext encrypts the identity of the group member; generates a second proof that the encoded identity is an identity of a group member in a certificate signed by a group manager and that the certificate was used to generate the signature on the message at the second level; and outputs the group signature comprising the two-level signature, the commitments, the encoded identity of the group member and the proofs | 2015-03-05 |
| 20150067341 | METHOD AND SYSTEM FOR VALIDATING RIGHTS TO DIGITAL CONTENT USING A DIGITAL TOKEN - A computer implemented method for generating a receipt. The method includes, accessing a universal digital fingerprint associated with an item of content, wherein the fingerprint is invariant across one or more formats of the item of content. The method includes accessing an identification value by the processor. The method includes generating a digital token by cryptographically binding the digital fingerprint and the identification value, wherein the digital token is invariant across the one or more formats of the item of content. The method further includes associating the digital token with at least one right to the item of content. | 2015-03-05 |
| 20150067342 | SYSTEMS AND METHODS FOR EXECUTING COMPLIANCE VERIFICATION OR REMEDIATION SCRIPTS - Systems and methods for executing compliance verification or remediation scripts. An example method may comprise: identifying, by a computer system, a compliance script to be executed; determining a value of a cryptographic hash function of at least part of the identified compliance script; identifying, based on the value of the cryptographic hash function, an installation path of a corresponding digitally signed compliance script pre-installed on the computer system, the digitally signed compliance script associated with a security context; and executing, within the security context, the digitally signed compliance script. | 2015-03-05 |
| 20150067343 | TAMPER RESISTANCE OF AGGREGATED DATA - By processing aggregated data in a trusted environment, a system can reduce opportunities for tampering with aggregated data that is processed in a peer-to-peer chain. Each device may pass the predecessor aggregated data to a trusted environment in that device, which obtains local data for that device and aggregates it with the predecessor aggregated data, producing an output aggregated data. Optionally, the system can identify when a device has previously processed the aggregated data, reducing the possibility that the device can be used to aggregate data repeatedly. The aggregated data may be digitally signed or encrypted to enhance the tamper resistance of the data payload. | 2015-03-05 |
| 20150067344 | Digital Identification Document - Some implementations may include a computer-assisted method for digitizing an identification document, the method including: receiving a digital biometric of a subject; applying the received digital biometric to a digital identification document; applying a digital watermark to the digital identification document, the digital watermark encoding personally identifiable information of the subject identified by the digital biometric; and generating the digital identification document with the applied digital watermark, the digital identification document comprising both the digital watermark and the digital biometric. | 2015-03-05 |
| 20150067345 | ADVANCED WATERMARKING SYSTEM AND METHOD - A method, computer program product, and computing device for obtaining an uncompressed digital media data file. One or more default watermarks is inserted into the uncompressed digital media data file to form a watermarked uncompressed digital media data file. The watermarked uncompressed digital media data file is compressed to form a first watermarked compressed digital media data file. The first watermarked compressed media data file is stored on a storage device. The first watermarked compressed media data file is retrieved from the storage device. The first watermarked compressed digital media data file is modified to associate the first watermarked compressed digital media data file with a transaction identifier to form a second watermarked compressed digital media data file. | 2015-03-05 |
| 20150067346 | DIGITAL FINGERPRINTING TRACK AND TRACE SYSTEM - Methods and systems for tracking a physical object to identify or authenticate it utilizing digital fingerprints which are based on natural features extracted from a digital image of the object. Digital fingerprints do not require or rely on any labels, tags, integrated materials, unique identification characters, codes or other items that may be added to the object specifically for the purpose of identification. Consequently, the disclosed digital fingerprint techniques help to detect or prevent unauthorized alterations of documents, apparel, drugs and pharmaceuticals, etc. Further digital fingerprints can be used to better track and trace a wide variety of objects throughout the distribution chain to demonstrate their provenance and to detect counterfeit objects. | 2015-03-05 |
| 20150067347 | SIGNATURE SYSTEM PORTAL FOR SIGNING ELECTRONIC DOCUMENTS - An system for operating a portal to provide an electronic document including a signature field to a signer for signature, wherein the signer has a personal electronic device that includes a browser application. Providing the document at a remote server. Providing the device with a web link to the document. Forming a connection between the device and the server via a communications network, responsive to activating of the web link. Accepting the signature of the signer. Communicating the document containing the signature of the signer to the server. | 2015-03-05 |
| 20150067348 | DATA ENCRYPTION AND SMARTCARD STORING ENCRYPTED DATA - A data encryption and decryption process, particularly for use in smart cards, in which the data is encrypted using an encryption key derived from a fingerprint template. The fingerprint template is stored, in unencrypted form, in a memory which, apart from the fingerprint template, is filled or substantially filled with random data values thereby to conceal the fingerprint template. The template may be broken up into components stored in disparate locations in the memory to further increase security. Decryption is performed by, firstly, carrying out scanning a fingerprint to obtain a new template, comparing the new template with the previously stored template and, if there is a match, regenerating the encryption key from the previously stored template. The regenerated encryption key is then used to decrypt the data. | 2015-03-05 |
| 20150067349 | VIRTUAL BANDS CONCENTRATION FOR SELF ENCRYPTING DRIVES - An apparatus includes a storage device and a host device. The storage device may be configured to encrypt and decrypt user data during write and read operations, respectively. The host device is communicatively coupled to the storage device. The host device may be configured to execute the write and read operations by concentrating a first number of virtual bands into a second number of real bands, wherein said second number is smaller than said first number. | 2015-03-05 |
| 20150067350 | FIELD-BUS DATA TRANSMISSION - A communication subscriber for a field-bus system for transmitting data, comprises a safety layer with an error-safety layer protecting the data against random data transmission errors and an information-security layer protecting against manipulation of data and/or against unauthorized reading of data. The communication subscriber is configured during transmission mode to process the data to be transmitted first by means of the error-safety layer and then by means of the information-security layer, and during receipt mode to process the data first by means of the information-security layer and then by means of the error-safety layer. | 2015-03-05 |
| 20150067351 | Method and Device for Data Confidentiality Protection Based on Embedded Universal Integrated Circuit Card - Embodiments of the present invention provide a method and device for data confidentiality protection based on an embedded universal integrated circuit card. An embodiment method includes determining that a terminal device is not held by an authorized user; setting an eUICC in the terminal device to an unavailable state; and instructing the eUICC to perform confidentiality protection processing on data in the eUICC. | 2015-03-05 |
| 20150067352 | Receptacle-Configured Cryptographic Device - Disclosed is a cryptographic device that may automatically configure its traffic interfaces and cryptographic modes when it is inserted into an electrically keyed receptacle in a host system. Such automatic configuration may enable a single cryptographic module to support a range of input/output interfaces, such as SPI, Ethernet, RS-232 Serial, and RS-485 Serial, for example, and also to support a range of cryptographic modes, such as Cipher Block Chaining, Galois Counter Mode, or Long Cycle Mode, for Communications Security (COMSEC) and Transmission Security (TRANSEC) purposes. In addition, such automatic configuration may include parameters that affect power consumption, such as device clock rate or other power management features. | 2015-03-05 |
| 20150067353 | STORAGE MANAGEMENT DEVICE AND STORAGE MANAGEMENT METHOD - A storage management method includes: determining whether receives a creation request for creating a group storage space from one user group, wherein the creation request comprises an identity of the user group and a request size of the group storage space. Assigning a group storage space with the request size to the user group and assigning a corresponding storage gateway address to the user group. Setting an administrator identity of the group storage space and permissions of an administrator with the administrator identity. In addition, creating or deleting sub-group storage spaces and personal storage spaces in the group storage space in response to operations of the administrator. | 2015-03-05 |
| 20150067354 | STORAGE MANAGEMENT DEVICE AND STORAGE MANAGEMENT METHOD - A storage management method includes: verifying an identity of the user in response to a login operation of the user to login a group storage space; determining storage spaces to which the user has access permission according to the identity of the user when the user is an authorized user; obtaining a group secret key of the user group that the user belongs to when the user stores data to a target storage space and encrypting the data by using the group secret key; and storing the encrypted data to the target storage space. | 2015-03-05 |
| 20150067355 | SECURE MEMORY CONTROL PARAMETERS IN TABLE LOOK ASIDE BUFFER DATA FIELDS AND SUPPORT MEMORY ARRAY - Techniques and apparatus for utilizing bits in a translation look aside buffer (TLB) table to identify and access security parameters to be used in securely accessing data are provided. Any type of bits in the TLB may be used, such as excess bits in a translated address, excess attribute bits, or special purpose bits added specifically for security purposes. In some cases, the security parameters may include an index into a key table for use in retrieving a set of one or more keys to use for encryption and/or decryption. | 2015-03-05 |
| 20150067356 | POWER MANAGER FOR MULTI-THREADED DATA PROCESSOR - A data processing system includes a plurality of processor resources, a manager, and a power distributor. Each of the plurality of data processor cores is operable at a selected one of a plurality of performance states. The manager assigns each of a plurality of program elements to one of the plurality of processor resources, and synchronizing the program elements using barriers. The power distributor is coupled to the manager and to the plurality of processor resources, and assigns a performance state to each of the plurality of processor resources within an overall power budget, and in response to detecting that a program element assigned to a first processor resource is at a barrier, increases the performance state of a second processor resource that is not at the barrier within the overall power budget. | 2015-03-05 |
