公开(公告)号：US20120162234A1

公开(公告)日：2012-06-28

申请号：US13325824

申请日：2011-12-14

申请人： Paul Blinzer ,  Leendert Van Doorn ,  Gongxian Jeffrey Cheng ,  Elene Terry ,  Thomas Woller ,  Arshad Rahman

发明人： Paul Blinzer ,  Leendert Van Doorn ,  Gongxian Jeffrey Cheng ,  Elene Terry ,  Thomas Woller ,  Arshad Rahman

IPC分类号： G06T1/20 ,  G06T1/60

CPC分类号： G06T1/20 ,  G06F9/30003

摘要： Methods and apparatus are provided, as an aspect of a combined CPU/APD architecture system, for discovering and reporting properties of devices and system topology that are relevant to efficiently scheduling and distributing computational tasks to the various computational resources of a combined CPU/APD architecture system. The combined CPU/APD architecture unifies CPUs and APDs in a flexible computing environment. In some embodiments, the combined CPU/APD architecture capabilities are implemented in a single integrated circuit, elements of which can include one or more CPU cores and one or more APD cores. The combined CPU/APD architecture creates a foundation upon which existing and new programming frameworks, languages, and tools can be constructed.

摘要翻译： 提供了作为组合的CPU / APD架构系统的一个方面的方法和装置，用于发现和报告与有效地调度和分发计算任务到组合的CPU / APD架构的各种计算资源相关的设备和系统拓扑的属性 系统。 组合的CPU / APD架构将CPU和APD统一在灵活的计算环境中。 在一些实施例中，组合的CPU / APD架构能力在单个集成电路中实现，其单元可以包括一个或多个CPU核心和一个或多个APD核心。 组合的CPU / APD架构创建了可以构建现有和新的编程框架，语言和工具的基础。

公开(公告)号：US20080301473A1

公开(公告)日：2008-12-04

申请号：US11754585

申请日：2007-05-29

申请人： Ronald Perez ,  Freeman L. Rawson, III ,  Leendert van Doorn ,  Xiaolan Zhang

发明人： Ronald Perez ,  Freeman L. Rawson, III ,  Leendert van Doorn ,  Xiaolan Zhang

IPC分类号： G06F1/00

CPC分类号： G06F1/3203 ,  G06F1/3246

摘要： A method of hypervisor based power management, includes: allocating resources to a plurality of partitions defined within a virtual machine environment; monitoring performance of the plurality of partitions with respect to a service level agreement (SLA); tracking power consumption in the plurality of partitions; scaling power consumption rates of the plurality of partitions based on the allocated resources, wherein the power consumption rate of physical resources is scaled by adjusting resource allocations to each partition; identifying partitions that are sources of excessive power consumption based on the SLA; and adjusting the allocation of resources based on the power consumption of the plurality of partitions, the performance of the plurality of partitions, and the SLA.

摘要翻译： 一种基于管理程序的电源管理方法，包括：将资源分配给虚拟机环境中定义的多个分区; 监视多个分区相对于服务水平协议（SLA）的性能; 跟踪多个分区中的功耗; 基于所分配的资源来缩放多个分区的功率消耗率，其中通过调整对每个分区的资源分配来缩放物理资源的功耗率; 识别基于SLA的过度功耗源的分区; 并且基于多个分区的功耗，多个分区的性能和SLA来调整资源的分配。

公开(公告)号：US20070136577A1

公开(公告)日：2007-06-14

申请号：US11301803

申请日：2005-12-13

申请人： Steven Bade ,  Andrew Kegel ,  Leendert Van Doorn

发明人： Steven Bade ,  Andrew Kegel ,  Leendert Van Doorn

IPC分类号： H04L9/00

CPC分类号： G06F21/57

摘要： A method, system and computer program product for implementing general purpose PCRs with extended semantics (referred to herein as “ePCRs”) in a trusted, measured software module. The module is designed to run in one of a hypervisor context, an isolated partition, or under other isolated configurations. Because the software module is provided using trusted (measured) code, the software implementing the PCRs is able to run as a simple software process in the operating system (OS), as long as the software is first measured and logged. The software-implemented ePCRs are generated as needed to record specific measurements of the software and hardware elements on which an application depends, and the ePCRs are able to ignore other non-dependencies.

摘要翻译： 一种用于在可信测量的软件模块中实现具有扩展语义（在本文中称为“ePCR”）的通用PCR的方法，系统和计算机程序产品。 该模块设计为在虚拟机管理程序上下文，隔离分区或其他隔离配置之一下运行。 由于使用可信（测量）代码提供软件模块，所以实施PCR的软件只要首先测量和记录软件，就可以在操作系统（OS）中作为简单的软件过程运行。 根据需要生成软件实现的ePCR，以记录应用程序所依赖的软件和硬件元素的特定测量，ePCR可以忽略其他不依赖性。

公开(公告)号：US20070079120A1

公开(公告)日：2007-04-05

申请号：US11242673

申请日：2005-10-03

申请人： Steven Bade ,  Stefan Berger ,  Kenneth Goldman ,  Ronald Perez ,  Reiner Sailer ,  Leendert Van Doorn

发明人： Steven Bade ,  Stefan Berger ,  Kenneth Goldman ,  Ronald Perez ,  Reiner Sailer ,  Leendert Van Doorn

IPC分类号： H04L9/00

CPC分类号： G06F21/57

摘要： A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.

摘要翻译： 提出了一种可信任的平台模块，能够在层次结构中动态创建多个虚拟可信平台模块。 创建可信平台模块域。 可信平台模块根据需要在可信平台模块域中创建虚拟可信平台模块。 虚拟可信平台模块可以继承父信任平台模块的权限，以便能够自己创建虚拟可信平台模块。 每个虚拟可信平台模块与特定分区关联。 每个分区与单个操作系统相关联。 创建的操作系统的层次结构及其产生新操作系统的特权体现在可信平台模块的层次结构和每个可信平台模块所具有的特权上。

公开(公告)号：US20050144531A1

公开(公告)日：2005-06-30

申请号：US10733592

申请日：2003-12-11

申请人： David Challener ,  Steven Mastrianni ,  Joseph Parker ,  Ratan Ray ,  Leendert Van Doorn

发明人： David Challener ,  Steven Mastrianni ,  Joseph Parker ,  Ratan Ray ,  Leendert Van Doorn

IPC分类号： G06F11/00

CPC分类号： H04L43/0811 ,  H04L41/0654 ,  H04L43/062 ,  H04L69/40

摘要： A method for repairing a failed network connection between a client system and a network is disclosed. In a first aspect, the method preferably includes collecting real time connectivity information by the client system and utilizing the real time connectivity information by the client system to establish a connection with the network.

摘要翻译： 公开了一种用于修复客户机系统和网络之间的故障网络连接的方法。 在第一方面，该方法优选地包括由客户端系统收集实时连接性信息，并利用客户端系统建立与网络的连接的实时连接信息。

公开(公告)号：US09177153B1

公开(公告)日：2015-11-03

申请号：US11545924

申请日：2006-10-10

申请人： Adrian Perrig ,  Pradeep Khosla ,  Arvind Seshadri ,  Mark Luk ,  Leendert van Doorn

发明人： Adrian Perrig ,  Pradeep Khosla ,  Arvind Seshadri ,  Mark Luk ,  Leendert van Doorn

IPC分类号： G06F21/57

CPC分类号： G06F21/57 ,  G06F21/54 ,  G06F21/577 ,  G06F21/645

摘要： A method, system, and apparatus for verifying integrity and execution state of an untrusted computer. In one embodiment, the method includes placing a verification function in memory on the untrusted computer; invoking the verification function from a trusted computer; determining a checksum value over memory containing both the verification function and the execution state of a processor and hardware on the untrusted computer; sending the checksum value to the trusted computer; determining at the trusted computer whether the checksum value is correct; and determining at the trusted computer whether the checksum value is received within an expected time period.

摘要翻译： 一种用于验证不可信计算机的完整性和执行状态的方法，系统和装置。 在一个实施例中，该方法包括将验证功能置于不可信计算机上的存储器中; 从可信计算机调用验证功能; 确定包含所述不可信计算机上的处理器和硬件的验证功能和执行状态的存储器的校验和值; 将校验和值发送到可信计算机; 在可信计算机上确定校验和值是否正确; 以及在可信计算机上确定在预期时间段内是否接收到校验和值。

公开(公告)号：US20070198214A1

公开(公告)日：2007-08-23

申请号：US11355719

申请日：2006-02-16

申请人： Steven Bade ,  Andrew Kegel ,  Leendert Van Doorn

发明人： Steven Bade ,  Andrew Kegel ,  Leendert Van Doorn

IPC分类号： G21C17/00

CPC分类号： G06F21/577 ,  G06F11/3409 ,  G06F2201/81

摘要： A solution for evaluating trust in a computer infrastructure is provided. In particular, a plurality of computing devices in the computer infrastructure evaluate one or more other computing devices in the computer infrastructure based on a set of device measurements for the other computing device(s) and a set of reference measurements. To this extent, each of the plurality of computing devices also provides a set of device measurements for processing by the other computing device(s) in the computer infrastructure.

摘要翻译： 提供了一种评估计算机基础设施信任的解决方案。 特别地，计算机基础设施中的多个计算设备基于用于其他计算设备的一组设备测量值和一组参考测量结果来评估计算机基础结构中的一个或多个其他计算设备。 在这种程度上，多个计算设备中的每一个还提供一组设备测量值以供计算机基础设施中的其他计算设备处理。

公开(公告)号：US20060010326A1

公开(公告)日：2006-01-12

申请号：US10887441

申请日：2004-07-08

申请人： Steven Bade ,  Ronald Perez ,  Leendert Van Doorn ,  Helmut Weber

发明人： Steven Bade ,  Ronald Perez ,  Leendert Van Doorn ,  Helmut Weber

IPC分类号： H04L9/00

CPC分类号： G06F21/572

摘要： A method, system and computer program product for enhancing the functionality of the existing core root of trust measurement (CRTM). The CRTM is extended to allow platform manufacturer controlled and certified code to be incorporated into the function of the CRTM, wherein the manufacturer may define the policy for accepting a new function into the CRTM. When a firmware or software module image is compiled, the build process generates a hash value of the compiled firmware or software image, wherein the hash value reflects a fingerprint (or short hand) representation of the compiled image. A determination is made as to whether the hash value of the firmware or software image is to be a CRTM extension. If so, a digital signature of the module is created using the CRTM extension private key. This signature value is added to the firmware or software module.

摘要翻译： 一种用于增强现有核心信任度量（CRTM）功能的方法，系统和计算机程序产品。 CRTM被扩展为允许平台制造商控制和认证的代码被并入CRTM的功能，其中制造商可以将接受新功能的策略定义到CRTM中。 当编译固件或软件模块图像时，构建过程产生编译的固件或软件映像的哈希值，其中散列值反映编译图像的指纹（或短手）表示。 确定固件或软件映像的哈希值是否为CRTM扩展。 如果是这样，使用CRTM扩展专用密钥创建模块的数字签名。 该签名值被添加到固件或软件模块。

公开(公告)号：US08797332B2

公开(公告)日：2014-08-05

申请号：US13325824

申请日：2011-12-14

申请人： Paul Blinzer ,  Leendert Van Doorn ,  Gongxian Jeffrey Cheng ,  Elene Terry ,  Thomas Woller ,  Arshad Rahman

发明人： Paul Blinzer ,  Leendert Van Doorn ,  Gongxian Jeffrey Cheng ,  Elene Terry ,  Thomas Woller ,  Arshad Rahman

IPC分类号： G06F15/00 ,  G06T1/00 ,  G06F15/16 ,  G06T1/60

CPC分类号： G06T1/20 ,  G06F9/30003

摘要： Methods and apparatus are provided, as an aspect of a combined CPU/APD architecture system, for discovering and reporting properties of devices and system topology that are relevant to efficiently scheduling and distributing computational tasks to the various computational resources of a combined CPU/APD architecture system. The combined CPU/APD architecture unifies CPUs and APDs in a flexible computing environment. In some embodiments, the combined CPU/APD architecture capabilities are implemented in a single integrated circuit, elements of which can include one or more CPU cores and one or more APD cores. The combined CPU/APD architecture creates a foundation upon which existing and new programming frameworks, languages, and tools can be constructed.

摘要翻译： 提供了作为组合的CPU / APD架构系统的一个方面的方法和装置，用于发现和报告与有效地调度和分发计算任务到组合的CPU / APD架构的各种计算资源相关的设备和系统拓扑的属性 系统。 组合的CPU / APD架构将CPU和APD统一在灵活的计算环境中。 在一些实施例中，组合的CPU / APD架构能力在单个集成电路中实现，其单元可以包括一个或多个CPU核心和一个或多个APD核心。 组合的CPU / APD架构创建了可以构建现有和新的编程框架，语言和工具的基础。

公开(公告)号：US20090013149A1

公开(公告)日：2009-01-08

申请号：US11773747

申请日：2007-07-05

申请人： Volkmar Uhlig ,  Leendert van Doorn

发明人： Volkmar Uhlig ,  Leendert van Doorn

IPC分类号： G06F12/00

CPC分类号： G06F12/1036 ,  G06F12/1009 ,  G06F12/109 ,  G06F2212/151

摘要： A method for caching of page translations for virtual machines includes managing a number of virtual machines using a guest page table of a guest operating system, which provides a first translation from a guest-virtual memory address to a first guest-physical memory address or an invalid entry, and a host page table of a host operating system, which provides a second translation from the first guest-physical memory address to a host-physical memory address or an invalid entry, and managing a cache page table, wherein the cache page table selectively provides a third translation from the guest-virtual memory address to the host-physical memory address, a second guest-physical memory address or an invalid entry.

摘要翻译： 用于缓存虚拟机的页面翻译的方法包括使用访客操作系统的访客页表来管理多个虚拟机，该访客操作系统提供从访客虚拟存储器地址到第一访客物理存储器地址的第一翻译，或者 无效条目和主机操作系统的主机页表，其提供从第一客户物理存储器地址到主机 - 物理存储器地址或无效条目的第二转换，以及管理高速缓存页表，其中高速缓存页 表选择性地提供从虚拟存储器地址到主机物理存储器地址的第三个转换，第二个客体物理存储器地址或无效条目。