公开(公告)号：US09460127B2

公开(公告)日：2016-10-04

申请号：US14559563

申请日：2014-12-03

Applicant: EMPIRE TECHNOLOGY DEVELOPMENT LLC

Inventor： Ezekiel Kruglick

IPC: G06F17/30 ,  G06F9/50

CPC classification number: G06F17/30289 ,  G06F9/45533 ,  G06F9/50 ,  G06F9/5027 ,  G06F9/5044 ,  G06F2209/501 ,  G06F2209/508 ,  G06Q10/063

Abstract: Technologies and implementations for allocating datacenter resources are generally disclosed.

Abstract translation: 通常公开了用于分配数据中心资源的技术和实现。

公开(公告)号：US09426048B2

公开(公告)日：2016-08-23

申请号：US14725874

申请日：2015-05-29

Applicant: EMPIRE TECHNOLOGY DEVELOPMENT LLC

Inventor： Ezekiel Kruglick

IPC: G06F9/455 ,  G06F9/46 ,  H04L12/26 ,  H04L29/08 ,  H04L12/841

CPC classification number: H04L43/0852 ,  G06F9/45558 ,  G06F2009/45575 ,  G06F2009/45595 ,  H04L47/283 ,  H04L67/142

Abstract: Technologies related to virtual machine switching based on measured network delay are generally described. A network delay aware Virtual Machine (VM) may be configured to adapt a Virtual Machine Manager (VMM) to delay switching back to the network delay aware VM by a delay amount determined using a measured network delay. The measured network delay may comprise a delay between sending a network communication and receiving a network response. By delaying switching back to the network delay aware VM, additional processing resources are freed for other VMs managed by the VMM, thereby increasing efficiency of computing devices including network delay aware VMs, and correspondingly increasing efficiency of data centers including such computing devices.

Abstract translation: 通常描述与基于测量网络延迟的虚拟机切换相关的技术。 网络延迟感知虚拟机（VM）可以被配置为使虚拟机管理器（VMM）适应延迟切换到网络延迟感知VM的延迟量，该延迟量使用测量的网络延迟确定。 测量的网络延迟可以包括在发送网络通信和接收网络响应之间的延迟。 通过延迟切换回网络延迟感知VM，为VMM管理的其他VM释放额外的处理资源，从而提高包括网络延迟感知VM在内的计算设备的效率，并相应提高包括这些计算设备在内的数据中心的效率。

公开(公告)号：US09419993B2

公开(公告)日：2016-08-16

申请号：US14380371

申请日：2013-12-12

Applicant: Empire Technology Development LLC

Inventor： Ezekiel Kruglick

IPC: H04L29/06 ,  G06F9/455 ,  G06F21/55

CPC classification number: H04L63/1441 ,  G06F9/45558 ,  G06F21/556 ,  G06F2009/45587

Abstract: Technologies are generally provided for a system to enhance security and prevent side channel attacks of targeted functions. Side channel attacks assume that the targeted functions operate at same speed each time, and observe timing data of the targeted functions to glean secure information. According to some examples, an enhanced security system may alter a processing speed of one or more subunits of a processor executing the targeted function(s) to transparently change an instantaneous performance of the processor in an unpredictable manner. The performance time of the targeted function(s) may thereby be randomized. A virtual machine manager (VMM) may identify a security risk for a targeted function, and trigger one or more subunits of the processor to operate at a reduced frequency. After completion of the targeted function, the subunits may be returned to a default performance speed.

Abstract translation: 通常为系统提供技术来增强安全性并防止目标功能的副频道攻击。 侧信道攻击假定目标函数每次都以相同的速度运行，并观察目标函数的定时数据以收集安全信息。 根据一些示例，增强的安全系统可以改变执行目标功能的处理器的一个或多个子单元的处理速度，以不可预测的方式透明地改变处理器的瞬时性能。 因此，目标功能的演奏时间可以随机化。 虚拟机管理器（VMM）可以识别目标功能的安全风险，并且触发处理器的一个或多个子单元以较低的频率进行操作。 完成目标功能后，子单元可能返回到默认的性能速度。

公开(公告)号：US09418231B2

公开(公告)日：2016-08-16

申请号：US14295286

申请日：2014-06-03

Applicant: Empire Technology Development LLC

Inventor： Ezekiel Kruglick

IPC: G06F21/57 ,  G06F21/50 ,  G06F21/76 ,  G06F21/70

CPC classification number: G06F21/577 ,  G06F21/50 ,  G06F21/556 ,  G06F21/57 ,  G06F21/572 ,  G06F21/70 ,  G06F21/75 ,  G06F21/76 ,  G06F2221/033 ,  G06F2221/034

Abstract: Technologies are provided to automatically vary a structure of a netlist computation arranged to configure a field programmable gate array (FPGA). In an example scenario, an FPGA netlist may be received from a client to configure the FPGA. A perturbation generator may be activated in response to a detection of one or more security risk factors associated with the netlist. The netlist may be altered through schemes designed to repair one or more FPGAs. The repair schemes may be used to repair the FPGAs to work around failed cells and failed sub-cells. The perturbation generator may produce a false map of failed cells. The false map may be used to generate different timings and different intermediate values associated with the netlist to generate an alternate netlist. The alternate netlist may be used to configure the FPGA to prevent side channel attacks.

Abstract translation: 提供了技术来自动地改变布置成配置现场可编程门阵列（FPGA）的网表计算的结构。 在一个示例场景中，可以从客户端接收FPGA网络表以配置FPGA。 扰动发生器可以响应于检测到与网表相关联的一个或多个安全风险因素而被激活。 可以通过设计用于修复一个或多个FPGA的方案来改变网表。 修复方案可用于修复FPGA以解决故障单元和故障子单元。 扰动发生器可能会产生故障单元的虚拟映射。 假映射可用于生成与网表相关联的不同定时和不同中间值，以生成备用网表。 备用网表可用于配置FPGA以防止侧信道攻击。

公开(公告)号：US09405666B2

公开(公告)日：2016-08-02

申请号：US14342333

申请日：2013-06-03

Applicant: Empire Technology Development LLC

Inventor： Ezekiel Kruglick

IPC: G06F11/00 ,  G06F11/36 ,  G06F11/14 ,  H04L12/24 ,  H04L12/26

CPC classification number: G06F11/3692 ,  G06F11/1464 ,  G06F11/36 ,  G06F11/3672 ,  G06F11/3684 ,  G06F11/3688 ,  G06F2201/84 ,  H04L41/5012 ,  H04L41/5038 ,  H04L41/5096 ,  H04L43/0817 ,  H04L43/0852 ,  H04L43/0888 ,  H04L43/50

Abstract: Technologies are described for health monitoring using snapshot backups through test vectors. In some examples, health of an application deployed at a datacenter may be monitored and key metrics recorded in the metadata of progressive backup snapshots of an instance of the application such that warning metrics can be reviewed retrospectively upon failure of the instance and a snapshot can be automatically selected for restoration of the application instance based on lack of high incidence of suspect metric values. Moreover, an operating state associated with snapshot backups may be assessed as the snapshots are captured and selected ones with operating conditions desired as part of a test suite may be saved for use as test scenarios. In particular, state information from added or existing deployment monitoring may be used by a test logic process to evaluate whether each snapshot is needed for testing scenarios.

Abstract translation: 描述了通过测试向量使用快照备份进行健康监控的技术。 在一些示例中，可以监视在数据中心部署的应用的健康状况，并且关键指标记录在应用程序实例的渐进备份快照的元数据中，以便可以在实例失败后追溯地检查警告指标，并且快照可以 由于缺乏可疑度量值的高发生率，自动选择恢复应用实例。 此外，与快照备份相关联的操作状态可以被评估为捕获快照，并且可以保存作为测试套件的一部分所需的具有所需操作条件的选定的状态以用作测试场景。 特别地，测试逻辑过程可以使用来自添加或现有部署监视的状态信息来评估测试场景是否需要每个快照。

公开(公告)号：US09391771B2

公开(公告)日：2016-07-12

申请号：US14390368

申请日：2014-02-06

Applicant: Empire Technology Development LLC

Inventor： Ezekiel Kruglick

IPC: H04L9/08 ,  H04L29/06

CPC classification number: H04L9/0861 ,  H04L9/0822 ,  H04L9/0838 ,  H04L9/0869 ,  H04L63/0428 ,  H04L63/061 ,  H04L2209/08

Abstract: Technologies are provided for shared secret generation between a server and a client using cached data. In some examples, a server may send a number of encrypted secrets to a client that caches a number of data blocks previously provided by the server. Each of the encrypted secrets may be encrypted using a data block that may or may not be cached at the client. The client may then identify the encrypted secrets that correspond to data blocks in its cache and use those data blocks to recover those secrets. The client may then encrypt a message for the server using the recovered secrets. Upon reception of the message, the server may then recover the message using its knowledge of the data blocks cached at the client.

Abstract translation: 提供了技术，用于使用缓存数据在服务器和客户机之间进行共享密钥生成。 在一些示例中，服务器可以向存储先前由服务器提供的多个数据块的客户端发送多个加密秘密。 可以使用可以或可以不在客户端缓存的数据块来加密每个加密的秘密。 然后，客户端可以识别对应于其高速缓存中的数据块的加密秘密，并使用这些数据块来恢复这些秘密。 客户端然后可以使用恢复的秘密加密服务器的消息。 在接收到消息时，服务器然后可以使用其在客户端缓存的数据块的知识来恢复消息。

公开(公告)号：US20160156561A1

公开(公告)日：2016-06-02

申请号：US14558447

申请日：2014-12-02

Applicant: Empire Technology Development LLC

Inventor： Ezekiel Kruglick

IPC: H04L12/815 ,  H04L29/06

CPC classification number: H04L63/1441 ,  H04L63/20

Abstract: The present disclosure relates to technologies to deter side channel data center attacks. An example method may include receiving an incoming packets destined for a network, grouping, at a gateway, the incoming packets into groups, wherein a size of the groups is based on predetermined statistics, and wrapping the groups into packages of normalized size.

Abstract translation: 本公开涉及用于阻止侧信道数据中心攻击的技术。 示例性方法可以包括接收目的地为网络的传入分组，在网关处将进入的分组分组成组，其中组的大小基于预定的统计，并且将组包裹成归一化大小的包。

公开(公告)号：US09356956B2

公开(公告)日：2016-05-31

申请号：US14356150

申请日：2013-06-06

Applicant: Empire Technology Development LLC

Inventor： Ezekiel Kruglick

IPC: H04L29/06 ,  H04L1/00 ,  H04L12/28 ,  H04L12/751 ,  H04L12/721

CPC classification number: H04L63/1475 ,  H04L1/00 ,  H04L12/28 ,  H04L45/02 ,  H04L45/38 ,  H04L63/02

Abstract: Technologies are provided for preventing abuse of software-defined datacenter networks. In some examples, an SDN abuse prevention module within a control layer of an SDN may use graph analysis rules and monitor network paths over time to detect and prevent abusive network conformation change command series. Instance-generated network paths may be analyzed to determine if the paths attempt to repeatedly traverse one or more sensitive network paths. If so, the paths may be implemented or denied based on, among other things, the time scale within which they attempt to repeatedly traverse the sensitive network paths.

Abstract translation: 提供了防止滥用软件定义的数据中心网络的技术。 在一些示例中，SDN的控制层内的SDN滥用预防模块可以使用图分析规则并随时间监视网络路径以检测和防止滥用网络构象改变命令序列。 可以分析实例生成的网络路径以确定路径是否尝试重复地遍历一个或多个敏感网络路径。 如果是这样，则可以基于他们尝试重复遍历敏感网络路径的时间尺度来实现或拒绝路径。

公开(公告)号：US09352833B2

公开(公告)日：2016-05-31

申请号：US14574329

申请日：2014-12-17

Applicant: Empire Technology Development LLC

Inventor： Ezekiel Kruglick

IPC: G05D3/00 ,  B64C39/02 ,  G05D1/00 ,  G05D1/10 ,  G06T17/05 ,  G06T17/10 ,  B64C19/00

CPC classification number: B64C39/024 ,  B64C19/00 ,  B64C2201/127 ,  B64C2201/141 ,  B64C2201/146 ,  G05D1/0088 ,  G05D1/0094 ,  G05D1/101 ,  G06T17/05 ,  G06T17/10 ,  G06T2210/21 ,  G06T2210/61

Abstract: Technologies are generally described for controlling a flight path of a UAV based image capture system for solid modeling. Upon determining an initial movement path based on an estimate of a structure to be modeled, images of the structure to be modeled may be captured and surface hypotheses formed for unobserved surfaces based on the captured images. A normal vector and a viewing cone may be computed for each hypothesized surface. A set of desired locations may be determined based on the viewing cones for the entire structure to be modeled and a least impact path for the UAV determined based on the desired locations and desired flight parameters.

公开(公告)号：US20160132994A1

公开(公告)日：2016-05-12

申请号：US14413223

申请日：2014-04-03

Applicant: Empire Technology Development LLC

Inventor： Ezekiel Kruglick

IPC: G06T5/00 ,  G06K9/46 ,  G06T7/20 ,  G06T7/40

CPC classification number: G06T5/00 ,  G02B27/017 ,  G06K9/4652 ,  G06T7/20 ,  G09G3/2003 ,  G09G5/003 ,  G09G2310/0235 ,  G09G2320/0242 ,  G09G2320/0261 ,  H04N5/144 ,  H04N9/045 ,  H04N9/3129 ,  H04N9/3182 ,  H04N9/3194

Abstract: Technologies are generally described to correct color smear in an image generated using a sequential color system. In some examples, a correction system for see-through displays may use inertial movement data to compute the relative motion of the visual backdrop to correct color amplitudes and reduce or eliminate motion-caused color smear. A system according to embodiments may compute the angular motion of the background from inertial inputs, compute the pixel-angle equivalent motion time, and apply sequential color balancing across a time that corresponds to the pixel-angle motion time.

Abstract translation: 通常描述技术来校正使用顺序色彩系统产生的图像中的颜色涂片。 在一些示例中，用于透视显示器的校正系统可以使用惯性运动数据来计算视觉背景的相对运动以校正色彩幅度并减少或消除运动引起的颜色涂片。 根据实施例的系统可以从惯性输入计算背景的角运动，计算像素角等效运动时间，并且在对应于像素角度运动时间的时间内应用顺序色彩平衡。