What technology area does this patent fall under?

Primary CPC classification G06F9/45558. Mapped technology areas include Physics.

When was this patent published?

Publication date Thu Sep 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Algorithm and Apparatus To Deploy Virtual Machine Monitor on Demand

US2016283262A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016283262-A1
Application number	US-201615172529-A
Country	US
Kind code	A1
Filing date	Jun 3, 2016
Priority date	Mar 12, 2013
Publication date	Sep 29, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

In the various aspects, virtualization techniques may be used to improve performance and reduce the amount of power consumed by selectively enabling a hypervisor operating on a computing device during sandbox sessions. In the various aspects, a high-level operating system may allocate memory such that its intermediate physical addresses are equal to the physical addresses. When the hypervisor is disabled, the hypervisor may suspend second stage translations from intermediate physical addresses to physical addresses. During a sandbox session, the hypervisor may be enabled and resume performing second stage translations.

First claim

Opening claim text (preview).

1 . A method of managing memory on a computing device, comprising: initializing a hypervisor, a security monitor, and a high-level operating system (HLOS); disabling the hypervisor after initialization; monitoring for a signal from the security monitor to start a sandbox session; enabling the hypervisor in response to receiving the signal to start the sandbox session; and implementing access control while the hypervisor is enabled. 2 . The method of claim 1 , wherein the security monitor is an ARM TrustZone®. 3 . The method of claim 1 , wherein the hypervisor may be disabled or enabled across at least one of an integrated circuit boundary and a chip boundary. 4 . The method of claim 1 , wherein initializing the hypervisor comprises configuring the HLOS to allocate memory space such that each intermediate physical address in the HLOS's intermediate physical address space is equal to a corresponding physical address in a physical address space. 5 . The method of claim 4 , wherein initializing the hypervisor further comprises authenticating the hypervisor's code and data with the security monitor. 6 . The method of claim 5 , further comprising configuring the hypervisor's code and data to be inaccessible to at least one of a digital signal processor and a central processing unit (CPU) included in the digital signal processor while the hypervisor is enabled. 7 - 14 . (canceled) 15 . The method of claim 1 , wherein implementing access control comprises implementing second stage translations. 16 - 19 . (canceled) 20 . A computing device, comprising: a memory; and a processor coupled to the memory, wherein the processor is configured with processor-executable instructions to perform operations comprising: initializing a hypervisor, a security monitor, and a high-level operating system (HLOS); disabling the hypervisor after initialization; monitoring for a signal from the security monitor to start a sandbox session; enabling the hypervisor in response to receiving the signal to start the sandbox session; and implementing access control while the hypervisor is enabled. 21 . The computing device of claim 20 , wherein the security monitor is an ARM TrustZone®. 22 . The computing device of claim 20 , wherein the processor is configured with processor-executable instructions to perform operations such that the hypervisor may be disabled or enabled across at least one of an integrated circuit boundary and a chip boundary. 23 . The computing device of claim 20 , wherein the processor is configured with processor-executable instructions to perform operations such that initializing the hypervisor comprises configuring the HLOS to allocate memory space such that each intermediate physical address in the HLOS's intermediate physical address space is equal to a corresponding physical address in a physical address space. 24 . The computing device of claim 23 , wherein the processor is configured with processor-executable instructions to perform operations such that initializing the hypervisor further comprises authenticating the hypervisor's code and data with the security monitor. 25 . The computing device of claim 24 , wherein the processor is configured with processor-executable instructions to perform operations further comprising configuring the hypervisor's code and data to be inaccessible to at least one of a digital signal processor and a central processing unit (CPU) included in the digital signal processor while the hypervisor is enabled. 26 - 33 . (canceled) 34 . The computing device of claim 20 , wherein the processor is configured with processor-executable instructions to perform operations such that implementing access control comprises implementing second stage translations. 35 - 38 . (canceled) 39 . A computing device, comprising: means for initializing a hypervisor, a security monitor, and a high-level operating system (HLOS); means for disabling the hypervisor after initialization; means for monitoring for a signal from the security monitor to start a sandbox session; means for enabling the hypervisor in response to receiving the signal to start the sandbox session; and means for implementing access control while the hypervisor is enabled. 40 . The computing device of claim 39 , wherein the security monitor is an ARM TrustZone®. 41 . The computing device of claim 39 , wherein the hypervisor may be disabled or enabled across at least one of an integrated circuit boundary and a chip boundary. 42 . The computing device of claim 39 , wherein means for initializing the hypervisor comprises means for configuring the HLOS to allocate memory space such that each intermediate physical address in the HLOS's intermediate physical address space is equal to a corresponding physical address in a physical address space. 43 . The computing device of claim 42 , wherein means for initializing the hypervisor further comprises means for authenticating the hypervisor's code and data with the security monitor. 44 . The computing device of claim 43 , further comprising means for configuring the hypervisor's code and data to be inaccessible to at least one of a digital signal processor and a central processing unit (CPU) included in the digital signal processor while the hypervisor is enabled. 45 - 52 . (canceled) 53 . The computing device of claim 39 , wherein means for implementing access control comprises means for implementing second stage translations. 54 - 57 . (canceled) 58 . A non-transitory processor-readable storage medium having stored thereon processor-executable software instructions configured to cause a processor to perform operations for managing memory on a computing device, the operations comprising: initializing a hypervisor, a security monitor, and a high-level operating system (HLOS); disabling the hypervisor after initialization; monitoring for a signal from the security monitor to start a sandbox session; enabling the hypervisor in response to receiving the signal to start the sandbox session; and implementing access control while the hypervisor is enabled. 59 . The non-transitory processor-readable storage medium of claim 58 , wherein the security monitor is an ARM TrustZone®. 60 . The non-transitory processor-readable storage medium of claim 58 , wherein the stored processor-executable software instructions are configured to cause a processor to perform operations such that the hypervisor may be disabled or enabled across at least one of an integrated circuit boundary and a chip boundary. 61 . The non-transitory processor-readable storage medium of claim 58 , wherein the stored processor-executable software instructions are configured to cause a processor to perform operations such that initializing the hypervisor comprises configuring the HLOS to allocate memory space such that each intermediate physical address in the HLOS's intermediate physical address space is equal to a corresponding physical address in a physical address space. 62 . The non-transitory processor-readable storage medium of claim 61 , wherein the stored processor-executable software instructions are configured to cause a processor to perform operations such that initializing the hypervisor further comprises authenticating the hypervisor's co

Assignees

Qualcomm Inc

Inventors

Classifications

G06F12/1009
using page tables, e.g. page table structures · CPC title
G06F12/1027
using associative or pseudo-associative address translation means, e.g. translation look-aside buffer [TLB] · CPC title
G06F2212/68
Details of translation look-aside buffer [TLB] · CPC title
G06F2009/45587
Isolation or security of virtual machine instances · CPC title
G06F21/44
Program or device authentication · CPC title

Patent family

Related publications grouped by family.

View patent family 50473787

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016283262A1 cover?: In the various aspects, virtualization techniques may be used to improve performance and reduce the amount of power consumed by selectively enabling a hypervisor operating on a computing device during sandbox sessions. In the various aspects, a high-level operating system may allocate memory such that its intermediate physical addresses are equal to the physical addresses. When the hypervisor i…
Who is the assignee on this patent?: Qualcomm Inc
What technology area does this patent fall under?: Primary CPC classification G06F9/45558. Mapped technology areas include Physics.
When was this patent published?: Publication date Thu Sep 29 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).