公开(公告)号：US6105039A

公开(公告)日：2000-08-15

申请号：US103334

申请日：1998-06-23

Applicant: John R. Douceur ,  Yoram Bernet ,  Ofer Bar

Inventor： John R. Douceur ,  Yoram Bernet ,  Ofer Bar

IPC: G06F9/46 ,  G06F9/44 ,  G06F9/50 ,  G06F17/30

CPC classification number: G06F9/5016 ,  G06F9/4435 ,  Y10S707/99932 ,  Y10S707/99939 ,  Y10S707/99952

Abstract: The present invention is embodied in a system and method for generating and validating reference handles for consumers requiring access to resources in a computer system. The system of the present invention includes a resource manager having a handle administrator, a plurality of consumers, and a plurality of resources. The handle administrator includes an assignment routine, a release routine, and a dereference routine. The assignment routine issues new handles, the release routine releases handles that are no longer required (thus rendering the handle invalid), and the dereference routine dereferences handles into a pointer to a resource, which entails verifying that the handle is valid. Also included is an auxiliary sub-routine for managing used and unused records, an expansion sub-routine for efficiently expanding the handle database, a handle recycling sub-routine for recycling handles, a contraction sub-routine for efficiently contracting the handle database, a hysteresis sub-routine for probabilistically contracting the handle database, and a memory allocation failure sub-routine to improve functionality in the event of memory allocation failure.

Abstract translation: 本发明体现在用于生成和验证需要访问计算机系统中的资源的消费者的参考手柄的系统和方法中。 本发明的系统包括具有句柄管理员，多个消费者和多个资源的资源管理器。 句柄管理员包括分配例程，释放例程和取消引用例程。 分配例程发出新的句柄，释放例程释放不再需要的句柄（从而使句柄无效），解引用例程解引用句柄转换为指向资源的指针，这需要验证句柄是否有效。 还包括用于管理使用和未使用的记录的辅助子例程，用于有效地扩展句柄数据库的扩展子程序，用于回收句柄的句柄回收子例程，用于有效地收缩句柄数据库的收缩子例程 用于概率地收缩句柄数据库的滞后子程序，以及在存储器分配失败的情况下改善功能的存储器分配故障子例程。

公开(公告)号：US5764526A

公开(公告)日：1998-06-09

申请号：US629274

申请日：1996-04-08

Applicant: John R. Douceur

Inventor： John R. Douceur

IPC: G06F17/50

CPC classification number: G06F17/5022

Abstract: Described herein is a computer-implemented method of dynamically determining propagation delays through a system of directedly interconnected components. An array of storage cells is maintained in a computer. The storage cells are logically referenced by row and column numbers. As components are added to the system, they are assigned enumerated component numbers. A particular storage cell corresponds to a potential network of directed paths between upstream and downstream components having component numbers equal to the row and column numbers of the particular storage cell, respectively. When the array is maintained in accordance with the invention, a cell contains the propagation delay from the corresponding upstream component to the corresponding downstream component if there is a path from the upstream component to the downstream component. Upon specifying a new component in the system, the array is increased in size by one row and one column. The invention includes writing the individual propagation delay of the new component to the storage cell having row and column numbers equal to the component number of the new component. Upon specifying a new connection from a component q to a component p, all storage cells are identified that correspond to a directed path network including a non-looping directed path completed by the new connection. The cells so identified are those that are both (a) in a column having a propagation delay entry in row p, and (b) in a row having a propagation delay entry in column q. Identified storage cells are updated with the propagation delay of the newly completed path, but only if the new value is greater than the prior entry and the path does not contain a loop.

Abstract translation: 这里描述的是一种计算机实现的方法，其通过有针对互连的组件的系统来动态地确定传播延迟。 在计算机中维护一组存储单元。 存储单元由行和列号逻辑地引用。 当组件被添加到系统中时，它们被分配枚举的组件编号。 特定存储单元对应于分别具有等于特定存储单元的行和列号的分量编号的上游和下游组件之间的有向路径的潜在网络。 当根据本发明维持阵列时，如果存在从上游组件到下游组件的路径，则小区包含从相应的上游组件到相应的下游组件的传播延迟。 在系统中指定新的组件后，数组的大小增加了一行和一列。 本发明包括将新组件的各个传播延迟写入具有等于新组件的组件编号的行数和列数的存储单元。 在从组件q指定到组件p的新连接时，识别与包括由新连接完成的非循环定向路径的定向路径网络相对应的所有存储单元。 所识别的单元是（a）在列p中具有传播延迟入口的列中的单元格，以及（b）在列q中具有传播延迟入口的行中的单元。 使用新完成的路径的传播延迟更新已识别的存储单元，但仅当新值大于先前条目且路径不包含循环时。

公开(公告)号：US09588803B2

公开(公告)日：2017-03-07

申请号：US12463892

申请日：2009-05-11

Applicant: Jonathan R. Howell ,  Jacob R. Lorch ,  Jeremy E. Elson ,  John R. Douceur

Inventor： Jonathan R. Howell ,  Jacob R. Lorch ,  Jeremy E. Elson ,  John R. Douceur

IPC: G06Q99/00 ,  G06F9/46 ,  G06Q20/12 ,  G06F21/53

CPC classification number: G06F21/53 ,  G06F8/60 ,  G06F9/468 ,  G06Q20/1235

Abstract: Techniques for leveraging legacy code to deploy native-code desktop applications over a network (e.g., the Web) are described herein. These techniques include executing an application written in native code within a memory region that hardware of a computing device enforces. For instance, page-protection hardware (e.g., a memory management unit) or segmentation hardware may protect this region of memory in which the application executes. The techniques may also provide a narrow system call interface out of this memory region by dynamically enforcing system calls made by the application. Furthermore, these techniques may enable a browser of the computing device to function as an operating system for the native-code application. These techniques thus allow for execution of native-code applications on a browser of a computing device and, hence, over the Web in a resource-efficient manner and without sacrificing security of the computing device.

Abstract translation: 本文描述了利用传统代码通过网络（例如，Web）来部署本地代码桌面应用程序的技术。 这些技术包括执行在计算设备的硬件实施的存储器区域内以本地代码编写的应用程序。 例如，页面保护硬件（例如，存储器管理单元）或分段硬件可以保护应用程序执行的存储器区域。 这些技术还可以通过动态地执行由应用程序进行的系统调用来提供超出该存储器区域的窄系统调用接口。 此外，这些技术可以使得计算设备的浏览器能够用作本地代码应用的操作系统。 因此，这些技术允许在计算设备的浏览器上执行本地代码应用，并因此允许以资源有效的方式在Web上执行，而不会牺牲计算设备的安全性。

公开(公告)号：US09432401B2

公开(公告)日：2016-08-30

申请号：US13542666

申请日：2012-07-06

Applicant: John R. Douceur ,  Bryan Parno ,  Robert W. Reeder

Inventor： John R. Douceur ,  Bryan Parno ,  Robert W. Reeder

IPC: G06F11/00 ,  H04L29/06 ,  G06F21/51

CPC classification number: H04L63/1483 ,  G06F21/51 ,  G06F2221/2119

Abstract: A method for providing consistent security information between multiple applications is described herein. The method includes detecting potentially deceptive content from a communication application in a browser application. The method also includes generating consistent security information for the potentially deceptive content with the browser application. Additionally, the method includes sending the consistent security information for the potentially deceptive content to the communication application. Furthermore, the method includes providing a warning based on the consistent security information to the communication application.

Abstract translation: 这里描述了一种用于在多个应用之间提供一致的安全信息的方法。 该方法包括从浏览器应用中的通信应用中检测潜在的欺骗性内容。 该方法还包括使用浏览器应用为潜在的欺骗性内容生成一致的安全信息。 此外，该方法包括向通信应用发送用于潜在欺骗性内容的一致的安全信息。 此外，该方法包括基于一致的安全信息向通信应用提供警告。

公开(公告)号：US08943510B2

公开(公告)日：2015-01-27

申请号：US12971983

申请日：2010-12-17

Applicant: Rotem Oshman ,  John R. Douceur ,  Thomas Moscibroda

Inventor： Rotem Oshman ,  John R. Douceur ,  Thomas Moscibroda

IPC: G06F9/46 ,  G06F9/52 ,  G06F11/14

CPC classification number: G06F9/526 ,  G06F11/1479 ,  G06F2201/825

Abstract: Techniques for implementing mutual-exclusion algorithms that are also fault-resistant are described herein. For instance, this document describes systems that implement fault-resistant, mutual-exclusion algorithms that at least prevent simultaneous access of a shared resource by multiple threads when (i) one of the multiple threads is in its critical section, and (ii) the other thread(s) are waiting in a loop to enter their respective critical sections. In some instances, these algorithms are fault-tolerant to prevent simultaneous access of the shared resource regardless of a state of the multiple threads executing on the system. In some instances, these algorithms may resist (e.g., tolerate entirely) transient memory faults (or “soft errors”).

Abstract translation: 本文描述了用于实现也是故障抵抗的互斥算法的技术。 例如，本文档描述了实现防故障互斥算法的系统，当（i）多个线程中的一个处于其关键部分时，至少防止多个线程同时访问共享资源，以及（ii） 其他线程正在等待循环进入各自的关键部分。 在某些情况下，这些算法是容错的，以防止共享资源的同时访问，而不管系统上执行多个线程的状态如何。 在某些情况下，这些算法可以抵抗（例如，完全容忍）瞬态存储器故障（或“软错误”）。

公开(公告)号：US08749585B2

公开(公告)日：2014-06-10

申请号：US11731032

申请日：2007-03-29

Applicant: Keith Robert Kinnan ,  Chandrasekhar Thota ,  Jaya Bhatia ,  Jeremy Eric Elson ,  Jonathan R. Howell ,  Danyel Fisher ,  John R. Douceur ,  Duncan Murray Lawler

Inventor： Keith Robert Kinnan ,  Chandrasekhar Thota ,  Jaya Bhatia ,  Jeremy Eric Elson ,  Jonathan R. Howell ,  Danyel Fisher ,  John R. Douceur ,  Duncan Murray Lawler

IPC: G09G5/00

CPC classification number: G06T17/05 ,  G06F17/30241 ,  G06T15/04 ,  G06T15/20 ,  G06T19/20 ,  G06T2200/04 ,  G06T2207/30184 ,  G06T2210/04 ,  G09B29/007

Abstract: Digital maps can be composed of a series of image tiles that are selected based on the context of the map to be presented. Independently hosted tiles can comprise additional details that can be added to the map. A manifest can be created that describes the layers of map details composed of such independently hosted tiles. Externally referable mechanisms can, based on the manifest and map context, select tiles, from among the independently hosted tiles, that correspond to map tiles being displayed to a user. Subsequently, the mechanisms can instruct a browser, as specified in the manifest, to combine the map tiles and the independently hosted tiles to generate a more detailed map. Alternatively, customized mechanisms can generate map detail tiles in real-time, based on an exported map context. Also, controls instantiated by the browser can render three-dimensional images based on the combined map tiles.

Abstract translation: 数字地图可以由根据要呈现的地图的上下文选择的一系列图像块组成。 独立托管的图块可以包含可以添加到地图的其他细节。 可以创建一个清单，描述由这些独立托管的图块组成的地图细节层。 外部可引用机制可以基于清单和地图上下文，从独立托管的瓦片中选择与显示给用户的地图瓦片对应的瓦片。 随后，机构可以指示清单中指定的浏览器来组合地图瓦片和独立托管的瓦片以生成更详细的地图。 或者，定制机制可以基于导出的地图上下文来实时生成地图细节瓦片。 此外，由浏览器实例化的控件可以基于组合的地图图块来呈现三维图像。

公开(公告)号：US20140013426A1

公开(公告)日：2014-01-09

申请号：US13542666

申请日：2012-07-06

Applicant: John R. Douceur ,  Bryan Parno ,  Robert W. Reeder

Inventor： John R. Douceur ,  Bryan Parno ,  Robert W. Reeder

IPC: G06F21/00

CPC classification number: H04L63/1483 ,  G06F21/51 ,  G06F2221/2119

Abstract: A method for providing consistent security information between multiple applications is described herein. The method includes detecting potentially deceptive content from a communication application in a browser application. The method also includes generating consistent security information for the potentially deceptive content with the browser application. Additionally, the method includes sending the consistent security information for the potentially deceptive content to the communication application. Furthermore, the method includes providing a warning based on the consistent security information to the communication application.

Abstract translation: 这里描述了一种用于在多个应用之间提供一致的安全信息的方法。 该方法包括从浏览器应用中的通信应用中检测潜在的欺骗性内容。 该方法还包括使用浏览器应用为潜在的欺骗性内容生成一致的安全信息。 此外，该方法包括向通信应用发送用于潜在欺骗性内容的一致的安全信息。 此外，该方法包括基于一致的安全信息向通信应用提供警告。

公开(公告)号：US08549106B2

公开(公告)日：2013-10-01

申请号：US12484356

申请日：2009-06-15

Applicant: Jonathan R. Howell ,  Jeremy E. Elson ,  John R. Douceur ,  Jacob R. Lorch

Inventor： Jonathan R. Howell ,  Jeremy E. Elson ,  John R. Douceur ,  Jacob R. Lorch

IPC: G06F15/16

CPC classification number: G06F9/5055 ,  G06F2209/509

Abstract: Techniques for enabling client computing devices to leverage remote server pools for increasing the effectiveness of applications stored on the client computing device are described herein. In some instances, the server pools comprise a “cloud”, “cluster” or “data center” that comprises hundreds or thousands of servers connected together by a network that has an extremely low latency and high bandwidth relative to the network through which the client computing device connects to the server pool. The client computing device may request that the server pool perform a certain task for an application whose canonical state resides on the client. After computation of a result of the task, a server of the server pool then provides the result to the client. By doing so, the techniques dramatically increase the amount of resources working on the request of the client and, hence, dramatically increase the speed and effectiveness of the client-side application.

Abstract translation: 本文描述了使客户端计算设备能够利用远程服务器池来增加存储在客户端计算设备上的应用的有效性的技术。 在某些情况下，服务器池包括一个“云”，“集群”或“数据中心”，其中包含数百或数千个由网络连接在一起的服务器，网络具有相对于网络极低的延迟和高带宽，客户端 计算设备连接到服务器池。 客户端计算设备可以请求服务器池为其规范状态驻留在客户端上的应用执行特定任务。 在计算任务的结果之后，服务器池的服务器然后将结果提供给客户端。 通过这样做，这些技术大大增加了根据客户端请求工作的资源量，从而大大提高了客户端应用程序的速度和有效性。

公开(公告)号：US20120158396A1

公开(公告)日：2012-06-21

申请号：US12972081

申请日：2010-12-17

Applicant: John R. Douceur ,  Jonathan R. Howell ,  Arun M. Seehra

Inventor： John R. Douceur ,  Jonathan R. Howell ,  Arun M. Seehra

IPC: G06F9/455

CPC classification number: G06F9/4555 ,  G06F9/455

Abstract: This document describes techniques for allowing a computing device that provides a minimal execution environment to execute legacy applications that rely on rich functionality that the computing device does not natively provide. For instance, a device may initially receive a request to execute an application and may determine whether the application is directly executable. In response to determining that the application is not directly executable, the computing device may determine whether the application specifies another application to provide the functionality. If the application specifies another application to provide this functionality, then the computing device retrieves the specified application and executes the specified application on the client computing device. If the application does not specify such an application, then the computing device may execute a default application for providing the functionality. The specified or default application then executes the application that is not directly executable on the minimal-execution-environment computing device.

Abstract translation: 本文档描述了允许提供最小执行环境的计算设备执行依赖计算设备本身不提供的丰富功能的旧应用程序的技术。 例如，设备可以初始地接收执行应用的请求，并且可以确定应用是否可直接执行。 响应于确定应用程序不是可直接执行的，计算设备可以确定应用程序是否指定另一个应用程序来提供功能。 如果应用程序指定另一个应用程序来提供此功能，则计算设备将检索指定的应用程序并在客户端计算设备上执行指定的应用程序。 如果应用程序没有指定这样的应用程序，则计算设备可以执行用于提供功能的默认应用程序。 指定或默认应用程序然后执行在最小执行环境计算设备上不能直接执行的应用程序。

公开(公告)号：US20120072771A1

公开(公告)日：2012-03-22

申请号：US12887938

申请日：2010-09-22

Applicant: John R. Douceur ,  Jacob R. Lorch

Inventor： John R. Douceur ,  Jacob R. Lorch

IPC: G06F11/08

CPC classification number: G06F11/1441 ,  G06F21/86

Abstract: Techniques for providing fast, non-write-cycle-limited persistent memory within secure containers, while maintaining the security of the secure containers, are described herein. The secure containers may reside within respective computing devices (e.g., desktop computers, laptop computers, etc.) and may include both volatile storage (e.g., Random Access Memory (RAM), etc.) and non-volatile storage (NVRAM, etc.). In addition, the secure containers may couple to auxiliary power supplies that are located externally thereto and that power the secure containers at least temporarily in the event of a power failure. These auxiliary power supplies may be implemented as short-term power sources, such as capacitors, batteries, or any other suitable power supplies.

Abstract translation: 在此保护安全容器的安全性的同时在安全容器内提供快速，非写周期限制的持久存储器的技术在这里被描述。 安全容器可以驻留在相应的计算设备（例如，台式计算机，膝上型计算机等）内，并且可以包括易失性存储器（例如，随机存取存储器（RAM）等）和非易失性存储器（NVRAM等） ）。 此外，安全容器可以耦合到位于外部的辅助电源，并且在电源故障的情况下至少暂时为安全容器供电。 这些辅助电源可以实现为短期电源，例如电容器，电池或任何其它合适的电源。