761 results about "User space" patented technology

A computer includes a memory and a processor connected to the memory. The processor includes memory segment configuration registers to store defined memory address segments and defined memory address segment attributes such that the processor operates in accordance with the defined memory address segments and defined memory address segment attributes to allow kernel mode access to user space virtual addresses for enhanced kernel mode memory capacity.

The invention relates to a method for implementing a safe storage system in a cloud storage environment and belongs to the technical field of storage safety. The method is characterized in that a trust domain is established in a server according to the requirements of a user; in the trust domain, identity authentication is performed by using an public key infrastructure (PKI); the independence between the storage system and a bottom layer system is realized by utilizing a filesystem in user space (FUSE); a hash value of a file is calculated by utilizing a secure hash algorithm (SHA1) and taking a block as a unit, a file block is encrypted by utilizing a key and an advanced encryption standard (AES) algorithm of a symmetric encipherment algorithm and taking a block as a unit, and a file cipher text is uploaded to a file server in a cloud storage area so as to guarantee the confidentiality and integrity of the file; a filer owner postpones encrypting the file again when permission is revoked by designating a user with the permission of accessing the file and the permissions thereof in an access control list; and only when the user modifies the content of the file, the user encrypts the file block in which the modified content is positioned again and the system implements three layers of key management, namely a file block key, a safe metadata file key and a trust domain server key so that not only the safety of the file is guaranteed when the permission is revoked, but also the management load of the system is not increased.

Exemplary spatial-input-based cursor projection systems and methods are disclosed herein. An exemplary method includes a cursor projection system detecting spatial input provided by a user within a physical user space associated with a display screen, determining that the spatial input is associated with a request for cursor projection, and mapping the spatial input to at least one cursor position on the display screen based on at least one of a plane projection heuristic and a vector projection heuristic. Corresponding systems and methods are also disclosed.

Method, apparatus and system embodiments to schedule user-level OS-independent “shreds” without intervention of an operating system. For at least one embodiment, the shred is scheduled for execution by a scheduler routine rather than the operating system. The scheduler routine resides in user space and may be part of a runtime library. The library may also include monitoring logic that monitors execution of a shredded program and provides scheduling hints, based on shred dependence information, to the scheduler. In addition, the scheduler may further optimize shred scheduling by taking into account information about a system's configuration of thread execution hardware. Other embodiments are also described and claimed.

Systems, methods and computer-readable storage media are disclosed for providing a virtual single-user session to a client in a terminal server session. In an embodiment, requests to a resource in the system-space of a system made by an application are intercepted. A determination is made as to whether to virtualize the resource for the application. Where the resource is to be virtualized, a user-specific virtualized resource is created or maintained in user-space and provided to the application.

A method for realizing content filtering gateway based on network filter includes realizing network content analysis and real time monitor as well as realizing purpose of filtering application layer information at network layer based on Linux system platform, utilizing network filter Net-filter frame to carry out collection and filtering on data packet under kernel state for optimizing network path of data packet and for raising collection efficiency of data, furthermore using shared internal memory technique of user space and kernel space to submit session content from kernel state to content filtering module of user state.

In one embodiment, the present invention is related to a computer system including compartments implemented on an operating system. A database contains access rules with the access rules defining which compartments are authorized to access particular file resources. A kernel module receives a system call to access a file from a user space application belonging to a compartment. A security module determines whether the user space application is authorized to access the file utilizing access rules stored in the database.

A system and method for interfacing TCP Offload Engines (TOE) into an operating system to improve system performance and reduce CPU utilization. The system and method places an interposed filter before the generic user space socket library near the top of the TCP stack to intercept at the earliest possible layer a user application network socket request. The interposed filter determines whether an I/O request is targeted for a generic network adapter or a full TOE network adapter. For I/O requests that are targeted to a full TOE network adapter, the request is formatted to meet the requirements of the full TOE driver and sent directly to that driver, bypassing the operating system's generic user space socket library and socket driver in kernel space. This system and method takes full advantage of the capabilities offered by TOE hardware.

Systems and methods for managing digital assets in a distributed computing environment are described. Meta-data for the digital assets is stored separately from the digital assets. Meta-data for some of the digital assets is copied and stored at a central location. Meta-data for the digital assets is generated by clients of the system. A method of filtering I/O requests of a computer system includes: receiving a plurality of I/O requests from a filter manager of the computer system, the filter manager executing in the system space of an operating system; applying a hierarchical rule set to at least a portion of the plurality of I/O requests by a mini-filter executing in the system space; and providing at least one of the plurality of I/O requests from the mini-filter to an agent executing in user space in response to the application of the hierarchical rule set by the mini-filter.

Certain aspects of a method and system for transparent TCP offload with a user space library are disclosed. Aspects of a method may include collecting TCP segments in a network interface card (NIC) without transferring state information to a host system. When an event occurs that terminates the collection of TCP segments, a single aggregated TCP segment based on the collected TCP segments may be generated. The aggregated TCP segment may be posted directly to a user space library, bypassing kernel processing of the aggregated TCP segment.

Embodiments of the invention disclose a foreground application program scene synchronization method, apparatus and system. By receiving a process name and a process number of a foreground application program running in the user space of the operating system, the kernel space of the operating system searches a scene matching the process name of the foreground application program according to the corresponding relationship between the scene and the process name of the foreground application program, a processor configuration policy that matches the searched scene is obtained, and the processor configuration policy is executed to match the operational requirements of the foreground application program, so that configuration of the processor can precisely match the operational requirements of the foreground application program, system performance is optimized, and power consumption is reduced.

The invention proposes a network device driver architecture with functionality distributed between kernel space and user space. The overall network device driver comprises a kernel-space device driver (10) and user-space device driver functionality (20). The kernel-space device driver (10) is adapted for enabling access to the user-space device driver functionality (20) via a kernel-space-user-space interface (15). The user-space device driver functionality (20) is adapted for enabling direct access between user space and the NIC (30) via a user-space-NIC interface (25), and also adapted for interconnecting the kernel-space-user-space interface (15) and the user-space-NIC interface (25) to provide integrated kernel-space access and user-space access to the NIC (30). The user-space device driver functionality (20) provides direct, zero-copy user-space access to the NIC, whereas information to be transferred between kernel space and the NIC will be “tunneled” through user space by combined use of the kernel-space device driver (10), the user-space device driver functionality (20) and the two associated interfaces (15,25).

The present invention relates to a tabletop, mobile augmented reality system for personalization and cooperation and an interaction method using augmented reality. More particularly, the tabletop, mobile augmented reality system for personalization and cooperation according to the present invention adds a mobile interface for providing a personal user space to a table interface for providing a cooperative space for users such that information on a table can be brought to a personal mobile device and controlled directly or manipulated personally by a user, allows for fairness in the right to control the table, and permits users to share the result of personalization. The tabletop, mobile augmented reality system for personalization and cooperation according to the present invention includes a table interface for providing a cooperative space, which allows for interaction among users by enabling users to touch a specific piece of content of the image projected onto a table or via an object disposed on the specific piece of content. The invention further relates to a mobile interface for providing a personal space, which recognizes and traces said object to augment the image projected onto the table with three-dimensional content.

This invention includes apparatus, systems, and methods to establish a virtual private network (“VPN”), or a secured network for authenticated and encrypted data transmission to prevent disclosure of private information to unauthorized parties. This invention provides secure and authenticated data transmission from a communication device to another device over any public or private network while using existing standard applications such as email, VoIP, internet browsers, ISR applications, video conferencing, telecommuting, inventory tracking and control, etc. without the need to secure or add encryption features into each specific application. This invention provides the opportunity to selectively secure one or more existing applications with configuration changes that can be made at the user-space level of the software stack and without need for higher level software stack access, such as root access.

A server has a processor and a memory connected to the processor. The memory stores instructions executed by the processor to collect operating signals from machines, where each operating signal characterizes the state or a change in operational state of a designated application operating within a designated container, where the designated container is an isolated process in user space designated by an operating system kernel. The operating signals are compared to models that incorporate summarizations of data sets that represent observed benign operating signals and malicious operating signals for the designated application operating within the designated container. Risks associated with the operating signals are characterized.

According to the invention, a safety problem based on splitting and under large-scale shared virtual calculating environment is discussed. And the invention provides a safety framework based on a virtual machine and facing the virtual calculating environment and a large-scale distributed extensible intrusion detection system. The system provides resource access monitoring identity authentication inside and outside an ability service domain and an encrypted data transmission channel for a user, provides isolation and protection of a user space and a system space and finally guarantees application safety based on an ability server. By using the system of the invention, many safety problems under the ability server, such as, a large-scale dynamic user quantity, large-scale dynamic virtual resource objects, a calculating load of dynamic increase and reduction, user space isolation, user system isolation and protection, internal and external network attack prevention, equipment safety reuse and sharing, communication safety, uniform authentication, access control and the like, are solved.

Techniques have been developed whereby dynamic kernel/user-level tracing may be employed to efficiently characterize runtime behavior of production code. Using dynamic tracing techniques, user space or kernel instruction sequences between system calls may be instrumented without access to source code. In some realizations, instrumentation may be interactively specified on a host system. In some realizations, instrumentation specifications may be supplied as functional definitions (e.g., as scripts and/or probe definitions) for installation on a host system. Using the developed techniques, data states, parameters passed and/or timing information may be sampled to provide more detailed insight into actual program behavior. In signature-oriented exploitations, more powerful intrusion signatures are possible. In anomaly-oriented exploitations, a more detailed “sense of self” may be developed to discriminate between normal and anomalous program behavior.

The invention provides a high-speed capturing method of a bottom-layer data packet based on Linux. By setting a virtual capturing equipment module (VUKM module) to modify a network card driver, the high-speed capturing method leads the data packet reaching to a network card to be capable of bypassing a kernel protocol to be directly passed to a subsequence module for processing so as to realize memory sharing of a user space and a kernel space; and the kernel space transmits the data packet to an upper-layer analysis processing interface module at a high speed, and provides a mechanism for leading an upper-layer application program and the network card to access the VUKM module in a conflict-free manner so as to make further processing to the captured data packet. The high-speed capturing method can acquire the original data packet by the network card at a high speed under the gigabit network environment, and can overcome the defect of the traditional data packet capturing technology, thus improving the acquisition efficiency.