38th week of 2014 patent applcation highlights part 222 |
Patent application number | Title | Published |
20140281405 | OPTIMIZING PERFORMANCE FOR CONTEXT-DEPENDENT INSTRUCTIONS - A processor includes a queue for storing instructions processed within the context of a current value of a register field, where for some embodiments the instruction is undefined or defined, depending upon the register field at time of processing. After a write instruction (an instruction that writes to the register field) executes, the queue is searched for any entries that contain instructions that depend upon the executed write instruction. Each such entry stores the value of the register field at the time the instruction in the entry was processed. If such an entry is found in the queue and its stored value of the register field does not match the value that the write instruction wrote to the register field, then the processor flushes the pipeline and restarts at a state so as to correctly execute the instruction. | 2014-09-18 |
20140281406 | Instruction For Performing An Overload Check - A processor is described having a functional unit within an instruction execution pipeline. The functional unit having circuitry to determine whether substantive data from a larger source data size will fit within a smaller data size that the substantive data is to flow to. | 2014-09-18 |
20140281407 | METHODS AND APPARATUS TO COMPILE INSTRUCTIONS FOR A VECTOR OF INSTRUCTION POINTERS PROCESSOR ARCHITECTURE - Methods, apparatus, systems, and articles of manufacture to compile instructions for a vector of instruction pointers (VIP) processor architecture are disclosed. An example method includes identifying a predicate dependency between a first compiled instruction and a second compiled instruction at a control flow join point, the second compiled instruction having different speculative assumptions corresponding to how the second compiled instruction will be executed based on an outcome of the first compiled instruction. A first strand is organized to execute a first instance of the second compiled instruction corresponding to a first one of the speculative assumptions, and a second strand to execute a second instance of the second compiled instruction corresponding to a second one of the speculative assumptions which is opposite to the first one of the speculative assumptions. The first instance of the second compiled instruction and the second instance of the second compiled instruction are executed in an asynchronous manner relative to each other and to the first compiled instruction. | 2014-09-18 |
20140281408 | METHOD AND APPARATUS FOR PREDICTING FORWARDING OF DATA FROM A STORE TO A LOAD - A method for gating a load operation based on entries of a prediction table is presented. The method comprises performing a look-up for the load operation in a prediction table to find a matching entry, wherein the matching entry corresponds to a prediction regarding a behavior of the load operation, and wherein the matching entry comprises: (a) a tag field operable to identify the matching entry; (b) a distance field operable to indicate a distance of the load operation to a prior aliasing store instruction; and (c) a confidence field operable to indicate a prediction strength generated by the prediction table. The method further comprises determining if the matching entry provides a valid prediction and, if valid, retrieving a location for the prior aliasing store instruction using the distance field. It finally comprises performing a gating operation on said load operation. | 2014-09-18 |
20140281409 | METHOD AND APPARATUS FOR NEAREST POTENTIAL STORE TAGGING - A method for performing memory disambiguation in an out-of-order microprocessor pipeline is disclosed. The method comprises storing a tag with a load operation, wherein the tag is an identification number representing a store instruction nearest to the load operation, wherein the store instruction is older with respect to the load operation and wherein the store has potential to result in a RAW violation in conjunction with the load operation. The method also comprises issuing the load operation from an instruction scheduling module. Further, the method comprises acquiring data for the load operation speculatively after the load operation has arrived at a load store queue module. Finally, the method comprises determining if an identification number associated with a last contiguous issued store with respect to the load operation is equal to or greater than the tag and gating a validation process for the load operation in response to the determination. | 2014-09-18 |
20140281410 | Method and Apparatus to Allow Early Dependency Resolution and Data Forwarding in a Microprocessor - A microprocessor implemented method for performing early dependency resolution and data forwarding is disclosed. The method comprises mapping a plurality of instructions in a guest address space into a corresponding plurality of instructions in a native address space. For each current guest branch instruction in the native address space fetched during execution, performing (a) determining a youngest prior guest branch target stored in a guest branch target register, wherein the guest branch register is operable to speculatively store a plurality of prior guest branch targets corresponding to prior guest branch instructions; (b) determining a current branch target for a respective current guest branch instruction by adding an offset value for the respective current guest branch instruction to the youngest prior guest branch target; and (c) creating an entry in the guest branch target register for the current branch target. | 2014-09-18 |
20140281411 | METHOD FOR DEPENDENCY BROADCASTING THROUGH A SOURCE ORGANIZED SOURCE VIEW DATA STRUCTURE - A method for dependency broadcasting through a source organized source view data structure. The method includes receiving an incoming instruction sequence using a global front end; grouping the instructions to form instruction blocks; using a plurality of register templates to track instruction destinations and instruction sources by populating the register template with block numbers corresponding to the instruction blocks, wherein the block numbers corresponding to the instruction blocks indicate interdependencies among the blocks of instructions; populating a source organized source view data structure, wherein the source view data structure stores sources corresponding to the instruction blocks as recorded by the plurality of register templates; upon dispatch of one block of the instruction blocks, broadcasting a number belonging to the one block to a row of the source view data structure that relates that block and marking the sources of the row accordingly; and updating the dependency information of remaining instruction blocks in accordance with the broadcast. | 2014-09-18 |
20140281412 | METHOD FOR POPULATING AND INSTRUCTION VIEW DATA STRUCTURE BY USING REGISTER TEMPLATE SNAPSHOTS - A method for populating an instruction view data structure by using register template snapshots. The method includes receiving an incoming instruction sequence using a global front end; grouping the instructions to form instruction blocks; using a plurality of register templates to track instruction destinations and instruction sources by populating the register template with block numbers corresponding to the instruction blocks, wherein the block numbers corresponding to the instruction blocks indicate interdependencies among the blocks of instructions; populating and instruction view data structure, wherein the instruction view data structure stores instructions corresponding to the instruction blocks as recorded by the plurality of register templates; and using the instruction view data structure to feed a plurality of stacked execution units of execution stage in accordance with the readiness of instruction sources of the instruction blocks. | 2014-09-18 |
20140281413 | Superforwarding Processor - Methods and systems that allow the processor to effectively and efficiently reduce or eliminate the latency associated with instructions that copy the value of one register to another register. A processor includes a superforwarding table, a superforwarding logic block, and a computation engine. The superforwarding table stores an entry, wherein the entry has a valid bit, a key field, and a forward field. The superforwarding logic block determines which register contains the information needed for an instruction. The computation engine executes instructions. | 2014-09-18 |
20140281414 | REORDER-BUFFER-BASED DYNAMIC CHECKPOINTING FOR RENAME TABLE REBUILDING - Out-of-order CPUs, devices and methods diminish the time penalty from stalling the pipe to rebuild a rename table, such as due to a misprediction. A microprocessor can include a pipe that has a decoder, a dispatcher, and at least one execution unit. A rename table stores rename data, and a check-point table (“CPT”) stores rename data received from the dispatcher. A Re-Order Buffer (“ROB”) stores ROB data, and has a dynamic mapping relationship with the CPT. If the rename table is flushed, such as due to a misprediction, the rename table is rebuilt at least in part by concurrent copying of rename data stored in the CPT, in coordination with walking the ROB. | 2014-09-18 |
20140281415 | DYNAMIC RENAME BASED REGISTER RECONFIGURATION OF A VECTOR REGISTER FILE - Reconfiguring a register file using a rename table having a plurality of fields that indicate fracture information about a source register of an instruction for instructions which have narrow to wide dependencies. | 2014-09-18 |
20140281416 | METHOD FOR IMPLEMENTING A REDUCED SIZE REGISTER VIEW DATA STRUCTURE IN A MICROPROCESSOR - A method for implementing a reduced size register view data structure in a microprocessor. The method includes receiving an incoming instruction sequence using a global front end; grouping the instructions to form instruction blocks; using a plurality of multiplexers to access ports of a scheduling array to store the instruction blocks as a series of chunks. | 2014-09-18 |
20140281417 | SYSTEMS, METHODS, AND COMPUTER PROGRAM PRODUCTS PROVIDING A DATA UNIT SEQUENCING QUEUE - A system for passing data, the system including multiple data producers passing processed data, wherein the processed data include discrete data units that are each consecutively numbered, each of the data producers calculating insertion indices for ones of the data units passing therethrough; a circular buffer receiving the data units from the producers, the data units placed in slots that correspond to the respective insertion indices; and a consumer of the data units that receives the data units from the circular buffer in an order that preserves sequential numbering of the data units, wherein the multiple data producers follow a protocol so that a first one of the data producers, upon failing to place a first data unit in the circular buffer, does not lock other data producers from placing other data units in the circular buffer. | 2014-09-18 |
20140281418 | Multiple Data Element-To-Multiple Data Element Comparison Processors, Methods, Systems, and Instructions - An apparatus includes packed data registers and an execution unit. An instruction is to indicate a first source packed data that is to include a first packed data elements, a second source packed data that is to include a second packed data elements, and a destination storage location. The execution unit, in response to the instruction, is to store a packed data result that is to include packed result data elements in the destination storage location. Each of the result data elements is to correspond to a different one of the data elements of the second source packed data. Each of the result data elements is to include a multiple bit comparison mask that is to include a different comparison mask bit for each different corresponding data element of the first source packed data compared with the corresponding data element of the second source packed data. | 2014-09-18 |
20140281419 | COMBINED FLOATING POINT MULTIPLIER ADDER WITH INTERMEDIATE ROUNDING LOGIC - An error handling method includes identifying a code region eligible for cumulative multiply add (CMA) optimization and translating code region instructions into interpreter code instructions, which may include translating sequences of multiply add instructions in the code region instructions into fusion code including CMA instructions. Floating point (FP) exceptions generated by the fusion code may be monitored and at least a portion of the code region instructions may be re-translated to eliminate some or all fusion code if CMA intermediate rounding exceptions exceed a threshold. | 2014-09-18 |
20140281420 | ADD-COMPARE-SELECT INSTRUCTION - An apparatus includes memory storing an instruction that identifies a first register, a second register, and a third register. Upon execution of the instruction by a processor, a vector addition operation is performed by the processor to add first values from the first register to second values from the second register. A vector subtraction operation is also performed upon execution of the instruction to subtract the second value from third values from the third register. A vector compare operation is also performed upon execution of the instruction to compare results of the vector addition operation to results of the vector subtraction operation. | 2014-09-18 |
20140281421 | ARBITRARY SIZE TABLE LOOKUP AND PERMUTES WITH CROSSBAR - An example method of updating an output data vector includes identifying a data value vector including element data values. The method also includes identifying an address value vector including a set of elements. The method further includes applying a conditional operator to each element of the set of elements in the address value vector. The method also includes for each element data value in the data value vector, determining whether to update an output data vector based on applying the conditional operator. | 2014-09-18 |
20140281422 | Method and Apparatus for Sorting Elements in Hardware Structures - A method for sorting elements in hardware structures is disclosed. The method comprises selecting a plurality of elements to order from an unordered input queue (UIQ) within a predetermined range in response to finding a match between at least one most significant bit of the predetermined range and corresponding bits of a respective identifier associated with each of the plurality of elements. The method further comprises presenting each of the plurality of elements to a respective multiplexer. Further the method comprises generating a select signal for an enabled multiplexer in response to finding a match between at least one least significant bit of a respective identifier associated with each of the plurality of elements and a port number of the ordered queue. Finally, the method comprises forwarding a packet associated with a selected element identifier to a matching port number of the ordered queue from the enabled multiplexer. | 2014-09-18 |
20140281423 | PROCESSOR AND METHOD FOR PROCESSING INSTRUCTIONS USING AT LEAST ONE PROCESSING PIPELINE - A processor has a processing pipeline with first, second and third stages. An instruction at the first stage takes fewer cycles to reach the second stage then the third stage. The second and third stages each have a duplicated processing resource. For a pending instruction which requires the duplicated resource and can be processed using the duplicated resource at either of the second and third stages, the first stage determines whether a required operand would be available when the pending instruction would reach the second stage. If the operand would be available, then the pending instruction is processed using the duplicated resource at the second stage, while if the operand would not be available in time then the instruction is processed using the duplicated resource in the third pipeline stage. This technique helps to reduce delays caused by data dependency hazards. | 2014-09-18 |
20140281424 | TRACKING CONTROL FLOW OF INSTRUCTIONS - A mechanism for tracking the control flow of instructions in an application and performing one or more optimizations of a processing device, based on the control flow of the instructions in the application, is disclosed. Control flow data is generated to indicate the control flow of blocks of instructions in the application. The control flow data may include annotations that indicate whether optimizations may be performed for different blocks of instructions. The control flow data may also be used to track the execution of the instructions to determine whether an instruction in a block of instructions is assigned to a thread, a process, and/or an execution core of a processor, and to determine whether errors have occurred during the execution of the instructions. | 2014-09-18 |
20140281425 | LIMITED RANGE VECTOR MEMORY ACCESS INSTRUCTIONS, PROCESSORS, METHODS, AND SYSTEMS - A processor of an aspect includes a plurality of packed data registers. The processor also includes a unit coupled with the packed data registers. The unit is operable, in response to a limited range vector memory access instruction. The instruction is to indicate a source packed memory indices, which is to have a plurality of packed memory indices, which are to be selected from 8-bit memory indices and 16-bit memory indices. The unit is operable to access memory locations, in only a limited range of a memory, in response to the limited range vector memory access instruction. Other processors are disclosed, as are methods, systems, and instructions. | 2014-09-18 |
20140281426 | METHOD FOR POPULATING A SOURCE VIEW DATA STRUCTURE BY USING REGISTER TEMPLATE SNAPSHOTS - A method for populating a source view data structure by using register template snapshots. The method includes receiving an incoming instruction sequence using a global front end; grouping the instructions to form instruction blocks; using a plurality of register templates to track instruction destinations and instruction sources by populating the register template with block numbers corresponding to the instruction blocks, wherein the block numbers corresponding to the instruction blocks indicate interdependencies among the blocks of instructions; populating a source view data structure, wherein the source view data structure stores sources corresponding to the instruction blocks as recorded by the plurality of register templates; and determining which of the plurality of instruction blocks are ready for dispatch by using the populated source view data structure. | 2014-09-18 |
20140281427 | METHOD FOR IMPLEMENTING A REDUCED SIZE REGISTER VIEW DATA STRUCTURE IN A MICROPROCESSOR - A method for implementing a reduced size register view data structure in a microprocessor. The method includes receiving an incoming instruction sequence using a global front end; grouping the instructions to form instruction blocks; using a plurality of register templates to track instruction destinations and instruction sources by populating the register template with block numbers corresponding to the instruction blocks, wherein the block numbers corresponding to the instruction blocks indicate interdependencies among the blocks of instructions; populating a register view data structure, wherein the register view data structure stores destinations corresponding to the instruction blocks as recorded by the plurality of register templates; and using the register view data structure to track a machine state in accordance with the execution of the plurality of instruction blocks, wherein the register view data structure is a reduced size register view data structure by only storing register template snapshots containing branches or by storing deltas between changing register template snapshots. | 2014-09-18 |
20140281428 | METHOD FOR POPULATING REGISTER VIEW DATA STRUCTURE BY USING REGISTER TEMPLATE SNAPSHOTS - A method for populating a register view data structure by using register template snapshots. The method includes receiving an incoming instruction sequence using a global front end; grouping the instructions to form instruction blocks; using a plurality of register templates to track instruction destinations and instruction sources by populating the register template with block numbers corresponding to the instruction blocks, wherein the block numbers corresponding to the instruction blocks indicate interdependencies among the blocks of instructions; populating a register view data structure, wherein the register view data structure stores destinations corresponding to the instruction blocks as recorded by the plurality of register templates; and using the register view data structure to track a machine state in accordance with the execution of the plurality of instruction blocks. | 2014-09-18 |
20140281429 | ELIMINATING REDUNDANT SYNCHRONIZATION BARRIERS IN INSTRUCTION PROCESSING CIRCUITS, AND RELATED PROCESSOR SYSTEMS, METHODS, AND COMPUTER-READABLE MEDIA - Embodiments disclosed herein include eliminating redundant synchronization barriers from execution pipelines in instruction processing circuits. Related processor systems, methods, and computer-readable media are also disclosed. By tracking the occurrence of synchronization events, unnecessary software synchronization operations may be identified and eliminated, thus improving performance of a central processing unit (CPU). In one embodiment, a method for eliminating redundant synchronization barriers in an instruction stream is provided. The method comprises determining whether a next instruction comprises a synchronization barrier of a type corresponding to a first synchronization event. The method also comprises eliminating the next instruction from the instruction stream, responsive to determining that the next instruction comprises a synchronization barrier of a type corresponding to the first synchronization event. In this manner, the average number of instructions executed during each CPU clock cycle may be increased by avoiding unnecessary synchronization operations. | 2014-09-18 |
20140281430 | EXECUTION OF CONDITION-BASED INSTRUCTIONS - Execution of condition-based instructions is facilitated. A condition-based instruction is obtained, as well as a confidence level associated with the instruction. The confidence level is checked, and based on the confidence level being a first value, a predicted operation of the instruction, which is based on a predictor, is unconditionally performed. Further, based on the confidence level being a second value, a specified operation of the instruction, which is based on a determined condition, is conditionally performed. | 2014-09-18 |
20140281431 | EFFICIENT WAY TO CANCEL SPECULATIVE 'SOURCE READY' IN SCHEDULER FOR DIRECT AND NESTED DEPENDENT INSTRUCTIONS - A method and apparatus for simultaneously canceling a dependent instruction and a nested dependent instruction when a cancel timer of a source of the dependent instruction and a cancel timer of a source of the nested dependent instruction expire and a producer instruction speculatively waking up the dependent instruction is canceled. | 2014-09-18 |
20140281432 | Systems and Methods for Move Elimination with Bypass Multiple Instantiation Table - Systems and methods for move operation elimination with bypass Multiple Instantiation Table (MIT) logic. An example processing system may comprise a first data structure configured to store a plurality of physical register values; a second data structure configured to store a plurality of pointers, each pointer referencing an element of the first data structure; a third data structure including a plurality of move elimination sets, each move elimination set comprising a plurality of bits representing a plurality of logical registers; and a logic configured to perform a data manipulation operation by causing an element of the second data structure to reference an element of the first data structure, the logic further configured to reflect results of two or more data manipulation operations by performing a single update of the third data structure. | 2014-09-18 |
20140281433 | APPARATUS AND METHOD FOR TRACING EXCEPTIONS - A data processing apparatus comprises processing circuitry for executing a stream of instructions, and exception handling circuitry for selecting, from one or more exceptions, an exception to be handled by the processing circuitry. The unselected exceptions are referred to as pending exceptions. The data processing apparatus further comprises trace generating circuitry that generates trace data packets in dependence on activity of the processing circuitry. The trace generating circuitry detects pending exceptions and, if an exception is detected to be pending, includes an indication of the pending exception in at least one trace data packet. By tracking when a particular exception is pended, rather than when it is selected for handling by the processing circuitry, it is possible to more precisely determine when the exception occurred, as opposed to when it is finally handled. | 2014-09-18 |
20140281434 | PATH PROFILING USING HARDWARE AND SOFTWARE COMBINATION - A mechanism for generating a path profile is disclosed. A profiling module may insert profiling instructions into instruction blocks. The profiling instructions may generate a path identifier as a processor executes an execution path executes a sequence or path of instruction blocks). A path identifier module may add path identifiers to path identifier data, such as a table, and may track the number of times an execution path associated with the path identifier is executed. The profiling module may periodically copy and/or modify the path identifier data and may generate a path profile based on the path identifier data | 2014-09-18 |
20140281435 | METHOD TO PARALLEIZE LOOPS IN THE PRESENCE OF POSSIBLE MEMORY ALIASES - In one particular example, this disclosure provides an efficient mechanism to determine the degree of parallelization possible for a loop in the presence of possible memory aliases that cannot be resolved at compile-time. Hardware instructions are provided that test memory addresses at run-time and set a mode or register that enables a single instance of a loop to run the maximum number of SIMD (Single Instruction, Multiple Data) lanes to run in parallel that obey the semantics of the original scalar loop. Other hardware features that extend applicability or performance of such instructions are enumerated. | 2014-09-18 |
20140281436 | METHOD FOR EMULATING A GUEST CENTRALIZED FLAG ARCHITECTURE BY USING A NATIVE DISTRIBUTED FLAG ARCHITECTURE - A method for emulating a guest centralized flag architecture by using a native distributed flag architecture. The method includes receiving an incoming instruction sequence using a global front end; grouping the instructions to form instruction blocks, wherein each of the instruction blocks comprise two half blocks; scheduling the instructions of the instruction block to execute in accordance with a scheduler; and using a distributed flag architecture to emulate a centralized flag architecture for the emulation of guest instruction execution. | 2014-09-18 |
20140281437 | Robust and High Performance Instructions for System Call - Robust system call and system return instructions are executed by a processor to transfer control between a requester and an operating system kernel. The processor includes execution circuitry and registers that store pointers to data structures in memory. The execution circuitry receives a system call instruction from a requester to transfer control from a first privilege level of the requester to a second privilege level of an operating system kernel. In response, the execution circuitry swaps the data structures that are pointed to by the registers between the requester and the operating system kernel in one atomic transition. | 2014-09-18 |
20140281438 | METHOD FOR A DELAYED BRANCH IMPLEMENTATION BY USING A FRONT END TRACK TABLE - A method for a delayed branch implementation by using a front end track table. The method includes receiving an incoming instruction sequence using a global front end, wherein the instruction sequence includes at least one branch, creating a delayed branch in response to receiving the one branch, and using a front end track table to track both the delayed branch the one branch. | 2014-09-18 |
20140281439 | HARDWARE OPTIMIZATION OF HARD-TO-PREDICT SHORT FORWARD BRANCHES - Methods and apparatuses for optimizing hard-to-predict short forward branches. A method detects a forward conditional branch with at least one instruction between the forward conditional branch and forward conditional branch target. The method determines whether a first of the at least one instruction includes at least one of a conditional branch or a condition-code setter. If the first instruction does not have the at least one of a conditional branch or a condition-code setter, the first instruction is dynamically assigned an inverted condition to optimize a code path. The method determines if there is a next instruction between the forward conditional branch and its target. If there is, the method analyzes the next instruction. If there is no next instruction, the method executes the optimized code path. If the instruction includes the conditional branch or condition-code setter, it discards dynamic assignments and executes the detected forward conditional branch. | 2014-09-18 |
20140281440 | PRECALCULATING THE DIRECT BRANCH PARTIAL TARGET ADDRESS DURING MISSPREDICTION CORRECTION PROCESS - An example method of storing a partial target address in an instruction cache includes receiving a branch instruction. The method also includes predicting a direction of the branch instruction as being not taken. The method further includes calculating a destination address based on executing the branch instruction. The method also includes determining a partial target address using the destination address. The method further includes in response to the predicted direction of the branch instruction changing from not taken to taken, replacing an offset in an instruction cache with the partial target address. | 2014-09-18 |
20140281441 | INDIRECT BRANCH PREDICTION - Methods and indirect branch predictor logic units to predict the target addresses of indirect branch instructions. The method comprises storing in a table predicted target addresses for indirect branch instructions indexed by a combination of the indirect path history for previous indirect branch instructions and the taken/not-taken history for previous conditional branch instructions. When a new indirect branch instruction is received for prediction, the indirect path history and the taken/not-taken history are combined to generate an index for the indirect branch instruction. The generated index is then used to identify a predicted target address in the table. If the identified predicted target address is valid, then the target address of the indirect branch instruction is predicted to be the predicted target address. | 2014-09-18 |
20140281442 | SYSTEM MANAGEMENT AND INSTRUCTION COUNTING - Techniques for managing a plurality of threads on a multi-threading processing core. Embodiments provide an instruction count threshold condition that determines how many countable instructions of a thread the multi-threading processing core will execute before context switching to another one of the plurality of threads. A first plurality of instructions for a first one of the plurality of threads is processed on the multi-threading processing core. Embodiments determine, for each of the first plurality of instructions, whether the instruction is a countable instruction, wherein at least one of the first plurality of instructions is not a countable instruction. A count of the countable instructions is maintained. Upon determining that the instruction count threshold condition is satisfied, based on the maintained count, embodiments context switch the multi-threading processing core to process a second plurality of instructions for a second one of the plurality of threads. | 2014-09-18 |
20140281443 | Encrypted Warranty Verification and Diagnostic Tool - According to one embodiment of the present disclosure, an approach is provided in which a diagnostic system retrieves encrypted utilization data from an electronic system that were generated from utilization data corresponding to the electronic system's usage. The diagnostic system decrypts the encrypted utilization data and determines whether the decrypted utilization data are valid. When the decrypted utilization data are valid, the diagnostic system displays the decrypted utilization data on a display. In another embodiment, the diagnostic system retrieves cryptographically-protected utilization data from the electronic system and determines the authenticity of the cryptographically-protected utilization data. Once the cryptographically-protected utilization data are authenticated, the diagnostic system displays the corresponding utilization data on a display. | 2014-09-18 |
20140281444 | Enabling Alternate Usage Modes in an Operating System - An embodiment provides an information handling device, including: a display panel and a base component connected by a hinge between the display panel and the base component, the hinge supporting a tent physical configuration and a stand physical configuration; one or more processors; an operating system; and instructions accessible to the one or more processors that when executed provide one or more actions comprising: determining via a first input regarding physical orientation of the information handling device that the operating system is to be operated in a first operational mode that is not supportive of the tent physical configuration or the stand physical configuration; operating the operating system in the first operational mode; and selectively altering a function of the first operational mode after receiving an additional input to support one or more of the tent physical configuration and the stand physical configuration. Other aspects are described and claimed. | 2014-09-18 |
20140281445 | PROCESSOR HAVING FREQUENCY OF OPERATION INFORMATION FOR GUARANTEED OPERATION UNDER HIGH TEMPERATURE EVENTS - A processor is described having a semiconductor chip having non volatile storage circuitry. The non volatile storage circuitry has information identifying a maximum operational frequency of the processor at which the processor's operation is guaranteed for an ambient temperature that corresponds to an extreme thermal event. | 2014-09-18 |
20140281446 | METHOD FOR INITIALIZING EXPENDED MODULES IN PROGRAMMABLE LOGIC CONTROLLER SYSTEM - A method for initializing expended modules in PLC (Programmable Logic Controller) system is provided in which an initialization request signal is generated and transmitted to a plurality of expended modules, when one basic unit initializes a plurality of expended modules, and an initialization completion signal is sequentially transmitted by the plurality of expended modules, when the initialization is completed, whereby the initialization time can be optimized, the method including performing an initialization operation after generating, by a basic unit, an initialization request signal and transmitting the initialization request signal to a plurality of expended modules, and determining that the initialization operation is completed, when an initialization completion signal is received from the expended modules connected to the basic unit. | 2014-09-18 |
20140281447 | Single-Chip Virtualizing and Obfuscating Communications System for Portable Computing Devices - A virtualizing and obfuscating communications firmware module may be incorporated into common, mass-market portable computing devices, such as smartphones and tablets, to provide this service. The disclosure encompasses authentication and obfuscation software components that may comprise trusted firmware whose operation is protected from the main portable device operating system that is assumed to be hostile (e.g. infiltrated with malware or under the control of a remote attacker). In certain embodiments, a single-chip design is disclosed, without any specialized hardware: only the primary portable device applications microprocessor may be used by both the main operating system and the virtualizing and obfuscating communications firmware module. The operating system may operates as if it has access to a real communications peripheral, but in reality the virtualizing and obfuscating communications firmware module virtualizes this peripheral. The firmware module may perform authentication of the user and obfuscation of the data without the operating system's knowledge. | 2014-09-18 |
20140281448 | SYSTEM AND METHOD TO REDUCE SERVICE DISRUPTION IN A SHARED INFRASTRUCTURE NODE ENVIRONMENT - A method of reducing downtime in a node environment is disclosed. The method includes identifying an originating system board of a plurality of system boards that requires service where the originating system board includes a node operating on a processor. The method further includes identifying a target system board of the plurality of system boards where the target system board includes a target processor. The method further includes transferring operation of the node to the target processor before the originating system board is serviced, and operating the node on the target processor. | 2014-09-18 |
20140281449 | METHOD OF INSTALLING VIRTUAL SERVICE PROCESSOR (VSP) TO COMPUTING DEVICE AND APPLICATION OF THE SAME - Method, system, and storage media for remotely installing a virtual service processor (VSP) to a computing device are disclosed. The computer device initiates a preboot execution environment (PXE) client and receives a VSP installation file from a PXE server. The VSP installation file includes a VSP file, a universal plug and play (UPnP) service file, and a remote procedure call (RPC) service file. The UPnP service is discoverable by a management station in a network through UPnP. The computer device initiates a RPC service based on the RPC service file, sends hardware information of the computing device to the management station through the RPC service, receives configuration parameters for the VSP through the RPC service. The RPC service installs the VSP based on the VSP installation file and the configuration parameters. | 2014-09-18 |
20140281450 | LIVE INITIALIZATION OF A BOOT DEVICE - Apparatus and computer program products implement embodiments of the present invention that include executing, by a processor, a software stack. A writeable boot device such as a storage device with a removable medium is detected, and upon reaching a boot level threshold for the software stack, the software stack is saved to the writeable boot device as a boot image. | 2014-09-18 |
20140281451 | RECOVERING FROM A DEFECTIVE BOOT IMAGE - Apparatus and computer program products implement embodiments of the present invention that include detecting, by a first computer having a first memory, a software stack in a second memory of a second computer coupled to the first computer via a network. The software stack is copied from the second memory to the first memory, and the copied software stack is executed by the first computer. | 2014-09-18 |
20140281452 | SELF-HEALING USING AN ALTERNATE BOOT PARTITION - Apparatus and computer program products implement embodiments of the present invention that enable a computer system comprising networked computers to self-heal from a boot failure of one of the computers. In some embodiments, upon detecting a first computer failing to successfully load a first boot image, a second computer configures the first computer to boot a second boot image. Subsequent to configuring the first computer, the first computer is power cycled, and upon the power cycling, the first computer loads the second boot image. | 2014-09-18 |
20140281453 | SELF-HEALING USING A VIRTUAL BOOT DEVICE - Apparatus and computer program products implement embodiments of the present invention that enable a computer system comprising networked computers to self-heal from a boot failure of one of the computers. In some embodiments, upon detecting a first computer having a memory and a physical boot device failing to successfully load a boot image, a second computer defines a virtual boot device in communication with the first computer and the second computer and having a boot image for the first computer. Subsequent to defining the virtual boot device, the second computer can configure the first computer to boot from the virtual boot device. | 2014-09-18 |
20140281454 | FAST HOT BOOT OF A COMPUTER SYSTEM - Apparatus and computer program products implement embodiments of the present invention that enable a computer that is executing a first operating system kernel to load a second operating system kernel and one or more software components to a region in a memory. Using functions incorporated in the kernel, the region in the memory is tagged, and the computer initiates a boot of a second operating system kernel while preserving in the tagged region contents stored therein. Following the boot of the second operating system kernel, the computer executes the one or more software components from the tagged region that was preserved during the boot. | 2014-09-18 |
20140281455 | MULTI-BOOT OR FALLBACK BOOT OF A SYSTEM-ON-CHIP USING A FILE-BASED BOOT DEVICE - A method includes initiating a boot of a system-on-chip coupled to a boot device. The boot is initiated from boot code stored in nonvolatile memory responsive to a power-on-reset. Under control of the boot code: a first register value is loaded into a register; a name string from the boot code is accessed; the first register value is obtained from the register; and the first register value and name string are converted to a first string value, which is provided as a first filename. The boot device is searched for a boot image file with the first filename. If the first filename is not found in the boot device, the first register value is incremented to provide a second register value. The obtaining, converting, and searching are repeated using a second filename generated using the second register value, and a valid filename for the boot image file is iteratively generated. | 2014-09-18 |
20140281456 | METHOD AND APPARATUS FOR IMPLEMENTING A SECURE BOOT USING MULTIPLE FIRMWARE SOURCES - Technologies for implementing a secure boot using multiple firmware sources are described. One or more fuses of a processing device can be configured. Based on such configuration, one or more keys can be generated. Based on the configuration of the various fuses, an operation of a firmware device can be initiated. Using the generated key(s), a protected section of the firmware device can be accessed. | 2014-09-18 |
20140281457 | METHOD FOR BOOTING A HETEROGENEOUS SYSTEM AND PRESENTING A SYMMETRIC CORE VIEW - A heterogeneous processor architecture and a method of booting a heterogeneous processor is described. A processor according to one embodiment comprises: a set of large physical processor cores; a set of small physical processor cores having relatively lower performance processing capabilities and relatively lower power usage relative to the large physical processor cores; and a package unit, to enable a bootstrap processor. The bootstrap processor initializes the homogeneous physical processor cores, while the heterogeneous processor presents the appearance of a homogeneous processor to a system firmware interface. | 2014-09-18 |
20140281458 | SYSTEM AND METHOD FOR PREDICTING AND IMPROVING BOOT-UP SEQUENCE - A method for optimizing a boot up sequence includes, during a host idle time or during data transfer: obtaining a predicted read address from the a prediction table, prefetching from the non-volatile data store, and saving the prefetched data in memory. Also included is receiving a current read command issued by the host and if the read address matches the predicted read address, providing to the host the prefetched data saved in temporary memory, and indicating a match. If a match is not indicated, obtaining current data from the non-volatile data store corresponding to the read address of the current read command, and providing the current data to the host. If a match was not indicated, searching the data prediction table for the predicted read address that matches the read address corresponding to the current read command, and if found in the data prediction table, recording the offset value. | 2014-09-18 |
20140281459 | LIVE INITIALIZATION OF A BOOT DEVICE - Methods, apparatus and computer program products implement embodiments of the present invention that include executing, by a processor, a software stack. A writeable boot device such as a storage device with a removable medium is detected, and upon reaching a boot level threshold for the software stack, the software stack is saved to the writeable boot device as a boot image. | 2014-09-18 |
20140281460 | RECOVERING FROM A DEFECTIVE BOOT IMAGE - Methods, apparatus and computer program products implement embodiments of the present invention that include detecting, by a first computer having a first memory, a software stack in a second memory of a second computer coupled to the first computer via a network. The software stack is copied from the second memory to the first memory, and the copied software stack is executed by the first computer. | 2014-09-18 |
20140281461 | SELF-HEALING USING AN ALTERNATE BOOT PARTITION - Methods, apparatus and computer program products implement embodiments of the present invention that enable a computer system comprising networked computers to self-heal from a boot failure of one of the computers. In some embodiments, upon detecting a first computer failing to successfully load a first boot image, a second computer configures the first computer to boot a second boot image. Subsequent to configuring the first computer, the first computer is power cycled, and upon the power cycling, the first computer loads the second boot image. | 2014-09-18 |
20140281462 | SELF-HEALING USING A VIRTUAL BOOT DEVICE - Methods, apparatus and computer program products implement embodiments of the present invention that enable a computer system comprising networked computers to self-heal from a boot failure of one of the computers. In some embodiments, upon detecting a first computer having a memory and a physical boot device failing to successfully load a boot image, a second computer defines a virtual boot device in communication with the first computer and the second computer and having a boot image for the first computer. Subsequent to defining the virtual boot device, the second computer can configure the first computer to boot from the virtual boot device. | 2014-09-18 |
20140281463 | FAST HOT BOOT OF A COMPUTER SYSTEM - Methods, apparatus and computer program products implement embodiments of the present invention that enable a computer that is executing a first operating system kernel to load a second operating system kernel and one or more software components to a region in a memory. Using functions incorporated in the kernel, the region in the memory is tagged, and the computer initiates a boot of a second operating system kernel while preserving in the tagged region contents stored therein. Following the boot of the second operating system kernel, the computer executes the one or more software components from the tagged region that was preserved during the boot. | 2014-09-18 |
20140281464 | METHOD OF IMPLEMENTING MAGNETIC RANDOM ACCESS MEMORY (MRAM) FOR MOBILE SYSTEM-ON CHIP BOOT - A method of booting a system on chip (SoC) includes using an on-chip MRAM located in the SoC, to store a boot software that includes a start-up software, boot loaders, and kernel and user-personalized information in an on-chip magnetic random access memory (MRAM) located in and residing on the same semiconductor as the SoC. The method further includes directly executing the boot software from the on-chip MRAM by the SoC and directly accessing the user-personalized information from the MRAM by the SoC. | 2014-09-18 |
20140281465 | Dual Boot Panel SWAP Mechanism - A central processing unit with dual boot capabilities is disclosed comprising an instruction memory further comprising a first and second memory area which are configured to be individually programmable, wherein first and second memory area can be assigned to an active memory from which instructions are executed and an inactive memory, respectively. The instruction set for the central processing unit comprises a dedicated instruction that allows to perform a swap from the an active memory area to an inactive memory area, wherein the swap is performed by executing the dedicated instruction in the active memory followed by a program flow change instruction in the active memory, whereupon the inactive memory becomes the new active memory and the active memory becomes the new inactive memory and execution of instructions continues in the new active memory. | 2014-09-18 |
20140281466 | Boot Sequencing for Multi Boot Devices - A multi-boot device capable of booting from a plurality of boot devices, each storing a boot image. The multi-boot device determines which boot device to load based on sequence numbers assigned to each of the boot devices. Some embodiments will make this determination using only hardware operations. The multi-boot device compares the sequence numbers of the available boot devices in order to determine the boot image to be loaded. The address of the selected boot image is then mapped to the device's default boot vector. The remaining images are likewise mapped to a secondary boot memory. The device then boots from the default boot vector. The user can change the boot device to be loaded by modifying one or more of the boot sequence numbers. The boot images can be updated without resetting the device by switching execution to and from boot images in the secondary boot memory. | 2014-09-18 |
20140281467 | SYSTEM AND METHOD FOR EXECUTION OF A SECURED ENVIRONMENT INITIALIZATION INSTRUCTION - A method and apparatus for initiating secure operations in a microprocessor system is described. In one embodiment, one initiating logical processor initiates the process by halting the execution of the other logical processors, and then loading initialization and secure virtual machine monitor software into memory. The initiating processor then loads the initialization software into secure memory for authentication and execution. The initialization software then authenticates and registers the secure virtual machine monitor software prior to secure system operations. | 2014-09-18 |
20140281468 | Virtual Bus Device Using Management Engine - A management engine may be used to trap configuration cycles during the boot process and thereafter in response to operating system enumeration. As a result, a virtual bus device can be created. The bus device may be used to provision software to the platform even when the operating system is corrupted or non-functional. | 2014-09-18 |
20140281469 | PROVIDING A FUNCTION OF A BASIC INPUT/OUTPUT SYSTEM (BIOS) IN A PRIVILEGED DOMAIN - A privileged domain includes a function of a Basic Input/Output System (BIOS). A request to access the function of the BIOS is routed to the privileged domain. | 2014-09-18 |
20140281470 | Electronic Device Mode Detection - In embodiments of electronic device mode detection, a mode detection application, implemented on an electronic device, correlates an identifier of a wireless device and an activity of the electronic device based at least in part on multiple instances of detecting the identifier of the wireless device during the activity of the electronic device. In some embodiments, the mode detection application correlates the identifier of the wireless device and the activity of the electronic device based at least in part on the identifier of the wireless device not being detected during one or more different activities of the electronic device. After correlating the identifier of the wireless device and the activity of the electronic device, the mode detection application configures the electronic device to automatically switch to a mode associated with the activity responsive to detecting the identifier of the wireless device. | 2014-09-18 |
20140281471 | SYSTEMS, METHODS, AND MEDIA FOR MANAGING AN ENTERTAINMENT SYSTEM - Systems, methods, and media for managing an entertainment system are provided. In some implementations, systems for managing an entertainment system are provided, the systems comprising: at least one hardware processor configured to: detect a first instruction; select a component of the entertainment system; determine a first state of the component; store an indication of the first state; detect a second instruction; retrieve the indication of the first state; generate a third instruction based on the indication of the first state; and transmit the third instruction to the component of the entertainment system. | 2014-09-18 |
20140281472 | USE CASE BASED RECONFIGURATION OF CO-PROCESSOR CORES FOR GENERAL PURPOSE PROCESSORS - A wireless mobile device includes a configurable co-processor core(s). The wireless mobile device also includes a multi-core central processing unit coupled to a memory and the configurable co-processor core(s). The multi-core central processing unit may select from a set of hardware accelerators according to a user's use pattern. The wireless mobile device also includes a hardware controller that reconfigures the configurable co-processor core(s) according to a selected hardware accelerator. | 2014-09-18 |
20140281473 | Minimizing Switchover Time In A Hot Swappable Program Memory - A method for hot swapping program code includes defining a predetermined range of new code from which to execute; identifying from the new code one or more system components which require a reinitialization or reset; reinitializing or resetting the one or more system components; and executing the new code. | 2014-09-18 |
20140281474 | System and Method for Unattended Out of Band Job Execution - Systems and method for providing unattended out of band job execution are disclosed. The systems and methods may include scheduling a job for execution by a host system, determining an attribute value, the attribute value associated a component of the host system, and determining a shadow attribute value, wherein the shadow attribute value is configured to identify a user interaction associated with a configuration change to the component. | 2014-09-18 |
20140281475 | METHOD AND SYSTEM FOR PROVISIONING A COMPUTING DEVICE BASED ON LOCATION - A method and system for provisioning a computing device based on location is disclosed herein. The computing device may be provisioned with first content based on a first location. The method includes the step of detecting a first change in the location of the computing device such that the computing device transitions from the first location to a second location. The method also includes the step of—in response to the detection of the first change in the location—identifying second content based on the second location. As an example, the second content may be at least partially based on the customs of the second location. In addition, the method also includes the step of provisioning the computing device with the second content such that the computing device is configured to at least partially operate in accordance with the customs of the second location. | 2014-09-18 |
20140281476 | PARTICLE COUNTER WITH INTEGRATED BOOTLOADER - An airborne or liquid particle sensor with integrated bootloader. A particle sensor incorporating at least one bootloader for programming or retrieval of program or data in local memory. | 2014-09-18 |
20140281477 | Secure Cloud Storage and Encryption Management System - An embodiment of the invention allows a user to back-up/store data to a cloud-based storage system and synchronize that data on the user's devices coupled to the storage system. The devices have secure out-of-band cryptoprocessors that conceal a private key. The private key corresponds to a public key that is used to encrypt a session key and information, both of which are passed to and through cloud based storage, all while remaining encrypted. The encrypted material is communicated from the cloud to another of the user's devices where the encrypted material is decrypted within a secure out-of-band cryptoprocessor (using the private key that corresponds to the aforementioned public key) located within the device. The embodiment allows for secure provisioning of the private key to the devices. The private key is only decrypted within the cryptoprocessor so the private key is not “in the open”. Other embodiments are described herein. | 2014-09-18 |
20140281478 | CONFIGURING SECURE WIRELESS NETWORKS - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for configuring secure wireless networks. One of the methods includes receiving, at a security system management device, protocol and key information for establishing a connection as a client device to the wireless IP device, wherein the protocol and key information is received in response to a user transmitting an identifier for the IP device to a service provider system; establishing communication with the wireless IP device, wherein the wireless IP device is acting as an access point device; exchanging keys with the wireless IP device; rebooting the security system management device to become an access point for the secure wireless network; and establishing communication with the wireless IP device, wherein the wireless IP device has become a wireless client. | 2014-09-18 |
20140281479 | ENVIRONMENTAL MEASUREMENT DISPLAY SYSTEM AND METHOD - Environmental measurement display systems that can be used in home and commercial environments are disclosed. The environmental measurement display system can include an environmental sensor array, signal-processing circuitry, a power supply, a display device, a communications system, a data storage system, and a remote data visualization system. | 2014-09-18 |
20140281480 | SYSTEMS AND METHODS FOR PROVIDING SECURE COMMUNICATION - A client includes a security agent configured to create a client certificate that corresponds to one or more client identifiers. A server includes a server certificate and is in communication with the security agent. The server is configured to facilitate establishing an initial mutually authenticated transport layer security (TLS) session with the client based on the client certificate and the server certificate. The server is also configured to extract the client certificate from the security agent once the TLS session is established. The server is configured to store the certificate as being associated with only the corresponding client identifier(s) and to categorize the association between the client certificate and the corresponding client identifier(s) as being secure but not trusted for the client until the identity of the client has been verified. Moreover, the server is configured to receive an indication that the identity of the client has been verified. | 2014-09-18 |
20140281481 | DLNA/DTCP STREAM CONVERSION FOR SECURE MEDIA PLAYBACK - A process for converting a DTCP-IP transport stream into HLS format, comprising receiving an encrypted DTCP-IP transport stream comprising DTCP frames at a secondary device from a source device, with each of the plurality of DTCP frames comprising encrypted 16-byte portions, forming chunks from the DTCP frames by grouping encrypted 16-byte portions into a chunk, adding HLS padding bytes to the end of each chunk and encrypting the HLS padding bytes to form an encrypted chunk, loading each of the encrypted chunks and a playlist to a media proxy server at the secondary device, loading a DTCP key onto a security proxy server, and providing the playlist, each of the encrypted chunks, and the DTCP key to a native media player on the secondary device, such that the native media player follows the playlist to decrypt the encrypted chunks using the DTCP key and plays back the chunks. | 2014-09-18 |
20140281482 | SECURE STORAGE AND SHARING OF USER OBJECTS - Information objects model real-world objects or concepts that may be associated with users, such as vehicles, homes, people, animals, accounts, places, and the like. The objects have a set of associated properties, which have corresponding required protection levels indicating a level of permission that another user must have to the object in order to be able to receive and access the value of that property in the object. Objects are stored by a framework using techniques that reduce or eliminate the possibility of unauthorized access. For example, an object is durably stored in encrypted form in device storage, with the values of properties encrypted in different manners according to the different corresponding protection levels. When sharing an object with another user or other entity, the required protection levels of the object properties are respected in order to prohibit the other entity from obtaining access to unauthorized portions of an object. | 2014-09-18 |
20140281483 | SYSTEM AND METHOD FOR ENABLING A SCALABLE PUBLIC-KEY INFRASTRUCTURE ON A SMART GRID NETWORK - A method for enabling a scalable public-key infrastructure (PKI) comprises invoking a process of receiving a message for a device, identifying an association ID for the device, retrieving encrypted association keys stored on the server for communicating with the device, the encrypted association keys encrypted using a wrapping key stored on a Hardware Security Module (HSM). The method further comprises sending the message and the encrypted association keys to the HSM, unwrapping, by the HSM, the encrypted association keys to create unwrapped association keys, cryptographically processing the message to generate a processed message, deleting the unwrapped association keys, sending the processed message to the device, and invoking, concurrently and by a second application, the process. | 2014-09-18 |
20140281484 | System and Method to Securely Transfer Data - Various embodiments of the invention achieve optimal data security by adding a security layer to data at the point of generation. Some embodiments add a security feature to data that controls or configures a device at a physical interface. | 2014-09-18 |
20140281485 | Efficient Encryption, Escrow and Digital Signatures - A network server is operated so as to facilitate legal eavesdropping by receiving, from the first user via a network, a session key (SK) encrypted with a second user's public key, k | 2014-09-18 |
20140281486 | COMMUNITY-BASED DE-DUPLICATION FOR ENCRYPTED DATA - Technologies for de-duplicating encrypted content include fragmenting a file into blocks on a computing device, encrypting each block, and storing each encrypted block on a content data server with associated keyed hashes and member identifications. The computing device additionally transmits each encrypted block with an associated member encryption key and member identification to a key server. As part of the de-duplication process, the content data server stores only one copy of the encrypted data for a particular associated keyed hash, and the key server similarly associates a single member encryption key with the keyed hash. To retrieve the file, the computing device receives the encrypted blocks with their associated keyed hashes and member identifications from the content data server and receives the corresponding member decryption key from the key server. The computing device decrypts each block using the member decryption keys and combines to blocks to generate the file. | 2014-09-18 |
20140281487 | SYSTEMS AND METHODS FOR CRYPTOGRAPHIC SECURITY AS A SERVICE - A system and a computer-based method for providing bundled services to a client application in a service call to a service system in a service provider computer system includes receiving a message defining an API service request comprising at least a parameter portion and a payload portion, determining at the gateway system an identity of an application transmitting the received message using identity information that has been established within the service provider computer system, providing, by a services platform, at least one of encryption services and decryption services for data contained in the payload portion using the parameters received in the parameter portion, managing key material for security of the data, and transmitting the encrypted data back to the calling application. | 2014-09-18 |
20140281488 | System and Method for Offloading Cryptographic Functions to Support a Large Number of Clients in a Wireless Access Point - The present disclosure discloses a method and network device for offloading cryptographic functions to support a large number of clients. Specifically, a network device receives a packet corresponding to a client device via an interface, and determines whether a first hardware module that performs cryptographic operations on a per-client basis overflows. If first hardware module overflows, the network device retrieves a cryptographic key for the packet, and sends the received packet with the retrieved cryptographic key to a second hardware module that performs cryptographic operations on a per-packet basis to perform one or more cryptographic operations. If not, the network device sends the packet to the first hardware module to perform the one or more cryptographic operations. | 2014-09-18 |
20140281489 | SECURITY AND KEY MANAGEMENT OF DIGITAL CONTENT - Managing access to digital content within a particular domain, including: receiving the digital content at a first client device; decrypting the received digital content at the first client device using a first key; transcoding the digital content to another format; re-encrypting the transcoded content using a second key, wherein the second key is obtained by one of: (1) directly from a server; or (2) indirectly by deriving it locally based on information received from the server; and transmitting the re-encrypted content to a second client device, wherein the second client device obtains the second key and decrypts the re-encrypted content at the second client device. | 2014-09-18 |
20140281490 | ONE-TOUCH DEVICE PERSONALIZATION - Technologies for one-touch device personalization include at least two mobile computing devices configured to communicate with a personalization server. The first mobile computing device tracks changes to device personalization data and backs up the personalization data to the personalization server. The personalization server associates the personalization data to authenticated user credentials. The personalization server may store the personalization data in an operating-system-independent format. Later, a second mobile computing device sends a request for personalization including those user credentials. After authenticating the user credentials, the personalization server sends the personalization data to the second mobile computing device, which installs the personalization data. Installing the personalization data establishes a configuration of the second mobile computing device corresponding to a previous configuration of the first mobile computing device. For increased convenience and security, the user credentials may be stored on a smart card or other security device. Other embodiments are described and claimed. | 2014-09-18 |
20140281491 | IDENTITY ESCROW MANAGEMENT FOR MINIMAL DISCLOSURE CREDENTIALS - The subject disclosure is directed towards identity escrow management where anonymous online users can be de-anonymized if certain conditions are met. An auditor is configured to control a user's anonymity using a prime-order cryptographic group based encryption scheme. Via an authentication component, the auditor verifies that a pseudonym corresponding to the user's identity was encrypted correctly. If valid, the auditor decrypts encrypted pseudonym data using a private cryptographic key based upon the prime-order cryptographic group | 2014-09-18 |
20140281492 | Prevention of Forgery of Web Requests to a Server - Technologies for prevention of forgery of a network communication request to a server include a system for security of a network communication request. The system includes a communication module configured to receive the network communication request from a client. The network communication request may have a content parameter. The communication module may be configured to generate a string of content parameters comprising the content parameters and a hash of the content parameter, and communicate portions of a result of the network communication request to the client incorporating the encrypted string of content parameters. Furthermore, the communication module may receive a subsequent request from the client. The subsequent request may be associated with the network communication request. As a result of authenticating the subsequent request, the communication module may complete the network communication request. | 2014-09-18 |
20140281493 | PROVISIONING SENSITIVE DATA INTO THIRD PARTY - A method for providing identity data to network-enabled devices includes receiving a request for identity data from a network-enabled device that is deployed to an end-user. The network-enabled device is pre-provisioned with a PIN, a global key pair, a user-accessible first device identifier, and a second device identifier usable by a service provider delivering a service to the device. The identity data request includes the first and second identifiers, a protected rendition of the PIN, and an encryption key or other data from which an encryption key is derivable. The identifiers, the protected rendition of the PIN, and the encryption key or the other data are signed by a private key in the global key pair. The validity of the PIN included in the request is verified to authenticate the device. If the PIN is valid, identity data for the device is generated, encrypted and sent to the network-enabled device. | 2014-09-18 |
20140281494 | ACCESS CONTROL METHOD AND MOBILE TERMINAL WHICH EMPLOYS AN ACCESS CONTROL METHOD - An access control method for accessing an embedded system includes: performing a first access control operation for an access system by a first authentication subject, wherein the first access control operation includes performing a first authentication for the access system; when the first access control operation is passed, receiving at the first authentication subject a result of a second access control operation for the access system which is performed by a second authentication subject that is separate from the first authentication subject performing a second authentication for authenticating whether the access system is an access system that is authenticated by a second authentication subject that is separate from the first authentication subject, and receiving the result of the authentication; and allowing the access system to access the embedded system if the first authentication and the second authentication are successful. | 2014-09-18 |
20140281495 | METHOD AND APPARATUS FOR PERFORMING AUTHENTICATION BETWEEN APPLICATIONS - A method performed by a first application in a client apparatus to authenticate a second application in the client apparatus is provided. The method includes, when the first application receives an execution request from the second application, requesting authentication information of the second application from an authentication server, obtaining the authentication information of the second application from the authentication server, and authenticating the second application using the authentication information, wherein the authentication information of the second application is signed with a private key of the authentication server. | 2014-09-18 |
20140281496 | SECURE USER AUTHENTICATION IN A DYNAMIC NETWORK - A method, apparatus and/or computer program provides secure user authentication in a network having a dynamic set of services. The method comprises a client authenticating with an edge service and generating a query key. The edge service issues a request to the dynamic set of services. The request comprises (i) an encrypted identifier associated with the client, (ii) a private portion of the request being encrypted with the query key, and (iii) a public portion of the request. In response to ascertaining from the public portion of the request that it is able to respond to the request, one or more of the dynamic set of services respond to the edge service with (i) an identifier associated with the dynamic set of services, and (ii) the identifier associated with the client. The edge service then authenticates that it is able to respond to the request, including generating a session key. | 2014-09-18 |
20140281497 | ONLINE PERSONALIZATION UPDATE SYSTEM FOR EXTERNALLY ACQUIRED KEYS - A method is provided for updating identity data on network-enabled devices. The method provides for providing certificate signing requests and/or device identifiers to an external trust authority, which in response generates digital certificates and/or key pairs. The generated digital certificates and/or key pairs can be provided to a network-enabled device in response to an update request. | 2014-09-18 |
20140281498 | IDENTITY AUTHENTICATION USING CREDENTIALS - A method and system may allow for authenticating a computing device. A computing device may send an authentication request over a network to an authentication computing device. The authentication request may include a user name and a password. The user name may include a credential and the password may be a digitally signed version of the user name. The authentication computing device may authenticate the requesting computing device by decrypting the password and comparing the received user name to the decrypted password. | 2014-09-18 |
20140281499 | METHOD AND SYSTEM FOR ENABLING COMMUNICATIONS BETWEEN UNRELATED APPLICATIONS - A method and system of enabling communications among unrelated applications is described herein. The method includes the step of identifying a paste memory element in an environment of a computing device that restricts communications among unrelated applications. The method also includes the step of imposing a file system on the identified paste memory element. The file system is compatible with the unrelated applications such that a first unrelated application is capable of storing data in the paste memory element using the imposed file system and a second unrelated application is capable of accessing the stored data using the imposed file system. As an example, the first and second unrelated applications may be secure applications. In addition, the method can also include the steps of encrypting the data stored in the paste memory element that is associated with the first unrelated application and decrypting this data on behalf of the second unrelated application. | 2014-09-18 |
20140281500 | SYSTEMS, METHODS AND APPARATUSES FOR REMOTE ATTESTATION - The systems, methods and apparatuses described herein provide a system for attesting a computing device. In one aspect, the computing device may comprise a secure zone configured to execute a task. The task may have executable code and data. The secure zone may be further configured to obtain a private key and an attestation certificate associated with the private key. The attestation certificate may be received from an attestation service attesting legitimacy of the computing device. The secure zone may be further configured to calculate a secure hash of the task, generate a message comprising the secure hash, sign the message with the private key and send the message and the attestation certificate to a second computing device in communication with the computing device. | 2014-09-18 |
20140281501 | APPLICATION ACCESS CONTROL METHOD AND ELECTRONIC APPARATUS IMPLEMENTING THE SAME - A method and apparatus of access control in an electronic apparatus implementing the method are provided. The method of operating an electronic apparatus includes detecting an access request to a resource from an application included in a first area of a memory by a processor of the electronic apparatus, in response to the access request, executing an access control module included in a second area of the memory to calculate a hash value of the application by the processor, determining whether a record exists in the memory, the record corresponding to the hash value and identification information of the application, by executing the access control module by the processor, and allowing access to the resource by the processor when the record exists in the memory. | 2014-09-18 |
20140281502 | METHOD AND APPARATUS FOR EMBEDDING SECRET INFORMATION IN DIGITAL CERTIFICATES - A method and system is provided for embedding cryptographically modified versions of secret in digital certificates for use in authenticating devices and in providing services subject to conditional access conditions. | 2014-09-18 |
20140281503 | CERTIFICATE GRANT LIST AT NETWORK DEVICE - A certificate grant list is provided. The certificate grant list may be stored in a memory, at the network device. The certificate grant list may store information associated with a client-device certificate, where the client-device certificate permits the client-device access to a secure service. | 2014-09-18 |
20140281504 | Authorizing Use Of A Test Key Signed Build - Methods, apparatuses, and computer program products for authorizing use of a test key signed build are provided. Embodiments include transmitting to an update provider system, unique data associated with a target system; receiving from the update provider system, a signed update capsule file; determining, by the target system, that a signature within the signed update capsule file is valid; in response to determining that the signature is valid, determining that the validation data within the signed update capsule file matches the unique data associated with the target system; and in response to determining that the validation data matches the unique data, determining that the target system is authorized to use a test key signed build to update the firmware of the target system. | 2014-09-18 |