COMPUTER SYSTEM

US 20090083829A1
Filed: 09/19/2008
Published: 03/26/2009
Est. Priority Date: 09/20/2007
Status: Abandoned Application

First Claim

Patent Images

1. A computer system comprising:

processing hardware that defines an OS security level and at least a first additional security level above the OS security level;

a first guest operating system;

a controller kernel running on the processing hardware, with the controller kernel being programmed to allow the first guest operating system exchange instructions with the processing hardware through the controller kernel at the OS security level.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed to computer systems, methods and/or hardware where one or more guest operating systems exchange instructions with the processing hardware (see DEFINITIONS section) through a controller kernel. Even though the instructions are exchanged through the controller kernel, rather than directly between the OS and the processing hardware, the controller kernel does not change the instructions out of native form. The controller kernel refrains from virtualizing or emulating the instructions. For this reason, the controller kernel cannot be considered to be and/or include middleware, a hypervisor or VMM. The use of the controller kernel can be helpful in computer systems with multiple guest OS'"'"'s because it allows multiple containerized OS'"'"'s to simultaneously run on a single set of processing hardware. For example, the multiple containerized OS'"'"'s can be used to run multiple terminals. The use of the controller kernel may also be useful even if there is a single guest operating system. For example, a LINUX controller kernel has been found to speed up the operation of the Windows Vista operating system running as the guest OS, relative to the speed of Windows Vista running directly on the same processing hardware in the conventional way.

136 Citations

View as Search Results

46 Claims

1. A computer system comprising:
- processing hardware that defines an OS security level and at least a first additional security level above the OS security level;
  
  a first guest operating system;
  
  a controller kernel running on the processing hardware, with the controller kernel being programmed to allow the first guest operating system exchange instructions with the processing hardware through the controller kernel at the OS security level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 9, 10)
- - 2. The system of claim 1 wherein the controller kernel is programmed to allow the first guest operating system access to the processing hardware at the OS security level for basic I/O operations level.
  - 3. The system of claim 2 further comprising a host operating system wherein:
    - the first guest operating system generates a plurality of first-guest-to-hardware instructions;
      
      the processing hardware generates a plurality hardware-to-first-guest privileged instructions instructions;
      
      the controller kernel is further programmed to selectively and temporarily pre-empt the first guest operating system by temporarily trapping at least some first-guest-to-hardware instructions and at least some hardware-to-first-guest privileged instructions;
      
      the controller kernel is further programmed to deliver the trapped first-guest-to-hardware instructions to the processing hardware when the first guest operating system is no longer pre-empted; and
      
      the controller kernel is further programmed to deliver the trapped hardware-to-first-guest instructions to the first guest operating system when the first guest operating system is no longer pre-empted.
  - 4. The system of claim 3 wherein the controller kernel further comprises an interrupt descriptor table programmed to control the selective pre-emption of the first guest operating system.
  - 5. The system of claim 4 wherein the kernel further comprises an idle loop that temporarily stores the trapped first-guest-to-hardware instructions and the trapped hardware-to-first-guest instructions during periods when the first guest operating system is pre-empted.
  - 6. The system of claim 3 wherein the controller kernel is a POSIX kernel.
  - 7. The system of claim 6 wherein the controller kernel is a LINUX kernel.
  - 9. The system of claim 1 further comprising a second guest operating system wherein:
    - the controller kernel is further programmed to allow the second guest operating system access to the processing hardware at the OS security level; and
      
      the first guest operating system and the second guest operating system are containerized with respect to each other.
  - 10. The system of claim 1 wherein:
    - the processing hardware defines a native form for instructions that the processing hardware receives from and sends to operating systems; and
      
      the controller kernel is programmed so that the instructions communicated through the controller kernel between the first guest operating system and the processing hardware remain in the native form.

11. A computer comprising:
- processing hardware that defines an OS security level and at least a first additional security level above the OS security level;
  
  a first memory portion programmed with a first guest operating system;
  
  a controller memory portion programmed with a controller kernel running on the processing hardware, with the controller kernel being programmed to allow the first guest operating system exchange instructions with the processing hardware through the controller kernel at the OS security level.

12. A method comprising the steps of:
- providing a computer system comprising;
  
  processing hardware that defines an OS security level and at least a first additional security level above the OS security level,a first guest operating system, anda controller kernel;
  
  running the controller kernel on the processing hardware;
  
  exchanging instructions through the controller kernel between the first guest operating system and the processing hardware at the OS security level.

13. A computer system comprising:
- processing hardware that defines an OS security level and at least a first additional security level above the OS security level;
  
  a first guest operating system;
  
  a second guest operating system, with the first guest operating system and the second guest operating system being containerized with respect to each other; and
  
  a controller kernel running on the processing hardware, with the controller kernel being programmed to perform cycles including at least;
  
  a first cycle portion when the first guest operating system exchanges instructions with the processing hardware at the OS security level through the controller kernel, anda second cycle portion when the second guest operating system exchanges instructions with the processing hardware at the OS security level through the controller kernel.
- View Dependent Claims (8, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 8. The system of claim 13 wherein the controller kernel comprises:
    - a modified interrupt service code;
      
      an idle loop programmed to temporarily store the instructions that are exchanged between the first guest operating system and the processing hardware; and
      
      a modified interrupt descriptor table.
  - 14. The system of claim 13 further comprising a third guest operating system, with the first guest operating system, the second guest operating system and the third guest operating system being containerized with respect to each other, wherein the cycles performed by the controller kernel further include at least a third cycle portion when the third guest operating system exchanges instructions with the processing hardware at the OS security level through the controller kernel.
  - 15. The system of claim 14 further comprising a fourth guest operating system, with the first guest operating system, the second guest operating system, the third guest operating system and the fourth being containerized with respect to each other, wherein the cycles performed by the controller kernel further include at least a fourth cycle portion when the fourth guest operating system exchanges instructions with the processing hardware at the OS security level through the controller kernel.
  - 16. The system of claim 13 wherein the OS security level is Ring Zero and/or Ring One.
  - 17. The system of claim 13 further comprising:
    - a first terminal controlled by the first guest operating system; and
      
      a second terminal controlled by the second guest operating system.
  - 18. The system of claim 13 wherein:
    - the processing hardware defines a native form for instructions that the processing hardware receives from and sends to operating systems;
      
      the controller kernel is programmed so that the instructions communicated through the controller kernel between the first guest operating system and the processing hardware remain in the native form; and
      
      the controller kernel is programmed so that the instructions communicated through the controller kernel between the second guest operating system and the processing hardware remain in the native form.
  - 19. The system of claim 13 wherein:
    - the controller kernel is programmed so that the instructions exchanged through the controller kernel between the first guest operating system and the processing hardware comprise instructions for basic I/O operations; and
      
      the controller kernel is programmed so that the instructions exchanged through the controller kernel between the second guest operating system and the processing hardware comprise instructions for basic I/O operations.
  - 20. The system of claim 19 wherein the controller kernel is programmed to:
    - during at least the first portion of the cycle, pre-empt the second guest operating system; and
      
      during at least the second portion of the cycle, pre-empt the first guest operating system.
  - 21. The system of claim 20 wherein the controller kernel further comprises an interrupt descriptor table programmed to control the selective pre-emption of the first guest operating system and the second guest operating system.
  - 22. The system of claim 21 wherein the kernel further comprises an idle loop that temporarily stores instructions to and/or from the first guest operating system and the second guest operating system while they are respectively pre-empted.
  - 23. The system of claim 19 wherein the controller kernel is a POSIX kernel.
  - 24. The system of claim 23 wherein the first guest operating system is a Windows type operating system.
  - 25. The system of claim 24 further comprises a POSIX application program, wherein:
    - the processing hardware defines a native form for instructions that the processing hardware receives from and sends to operating systems;
      
      the instructions exchanged through the controller kernel between the first guest operating system and the processing hardware comprise native form video frame data;
      
      the controller kernel comprises a socket programmed to run the POSIX application program;
      
      the running of the POSIX application program generates POSIX application display data; and
      
      the processing hardware incorporates the POSIX application display data into the native form video frame data.
  - 26. The system of claim 25 wherein:
    - the controller kernel is a LINUX kernel; and
      
      the POSIX application program is a LINUX application program.
  - 27. The system of claim 13 wherein the controller kernel comprises:
    - a modified interrupt service code;
      
      an idle loop; and
      
      a modified interrupt descriptor table.

28. A computer comprising:
- processing hardware that defines an OS security level and at least a first additional security level above the OS security level;
  
  a first memory portion programmed with a first guest operating system;
  
  a second memory portion programmed with a second guest operating system, with the first guest operating system and the second guest operating system being containerized with respect to each other; and
  
  a controller memory portion programmed with a controller kernel running on the processing hardware, with the controller kernel being programmed to perform cycles including at least;
  
  a first cycle portion when the first guest operating system exchanges instructions with the processing hardware at the OS security level through the controller kernel, anda second cycle portion when the second guest operating system exchanges instructions with the processing hardware at the OS security level through the controller kernel.

29. A method comprising the following steps:
- providing a computer system comprising;
  
  processing hardware that defines an OS security level and at least a first additional security level above the OS security level,a first guest operating system,a second guest operating system, with the first guest operating system and the second guest operating system being containerized with respect to each other, anda controller kernel;
  
  running cycles by the controller kernel, with each cycle including the following sub-steps;
  
  during a first cycle portion, exchanging instructions between the first guest operating system and the processing hardware at the OS security level through the controller kernel, andduring a second cycle portion, exchanging instructions between the second guest operating system and the processing hardware at the OS security level through the controller kernel.

30. A computer system comprising:
- processing hardware;
  
  a first guest operating system;
  
  a second guest operating system, with the first guest operating system and the second guest operating system being containerized with respect to each other;
  
  a controller kernel programmed to control the exchange of instructions between the first guest operating system and the processing hardware and the exchange of instructions between the second operating systems and the processing hardware;
  
  a first terminal hardware set controlled by the first guest operating system, with the first terminal hardware set in the form of an ultra thin terminal; and
  
  a second terminal hardware set controlled by the second guest operating system, with the second terminal hardware set in the form of an ultra thin terminal.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38)
- - 31. The system of claim 30 further comprising:
    - a third guest operating system, with the first guest operating system, the second guest operating system and the third guest operating system being containerized with respect to each other; and
      
      a third terminal hardware set controlled by the third guest operating system, with the third terminal hardware set in the form of an ultra thin terminal; and
      
      wherein the controller kernel further being programmed to control access by the third guest operating system to the processing hardware.
  - 32. The system of claim 31 further comprising:
    - a fourth guest operating system, with the first guest operating system, the second guest operating system, the third guest operating system and the fourth guest operating system being containerized with respect to each other; and
      
      a fourth terminal hardware set controlled by the fourth guest operating system, with the fourth terminal hardware set in the form of an ultra thin terminal; and
      
      wherein the controller kernel further being programmed to control access by the fourth guest operating system to the processing hardware.
  - 33. The system of claim 30 wherein:
    - the processing hardware defines a native form for instructions that the processing hardware receives from and sends to operating systems;
      
      the controller kernel is programmed so that the instructions communicated between the first guest operating system and the processing hardware remain in the native form; and
      
      the controller kernel is programmed so that the instructions communicated between the second guest operating system and the processing hardware remain in the native form.
  - 34. The system of claim 30 wherein:
    - the first terminal hardware set comprises a first keyboard, a first mouse and a first visual display; and
      
      the second terminal hardware set comprises a second keyboard, a second mouse and a second visual display.
  - 35. The system of claim 30 wherein the controller kernel is a POSIX kernel.
  - 36. The system of claim 35 wherein the first guest operating system is a Windows type operating system.
  - 37. The system of claim 35 wherein the controller kernel is a LINUX kernel.
  - 38. The system of claim 30 wherein the controller kernel comprises:
    - a modified interrupt service code;
      
      an idle loop; and
      
      a modified interrupt descriptor table.

39. A computer comprising:
- processing hardware;
  
  a first memory portion programmed with a first guest operating system;
  
  a second memory portion programmed with a second guest operating system, with the first guest operating system and the second guest operating system being containerized with respect to each other;
  
  a controller memory portion programmed with a controller kernel programmed to control the exchange of instructions between the first guest operating system and the processing hardware and the exchange of instructions between the second operating systems and the processing hardware;
  
  a first terminal hardware set controlled by the first guest operating system, with the first terminal hardware set in the form of an ultra thin terminal; and
  
  a second terminal hardware set controlled by the second guest operating system, with the second terminal hardware set in the form of an ultra thin terminal.

40. A method comprising the following steps:
- (a) providing a computer system comprising;
  
  processing hardware,a first guest operating system,a second guest operating system, with the first guest operating system and the second guest operating system being containerized with respect to each other;
  
  a controller kernel,a first terminal hardware set in the form of an ultra thin terminal, anda second terminal hardware set in the form of an ultra thin terminal;
  
  (b) controlling, by the controller kernel, an exchange of instructions between the first guest operating system and the processing hardware;
  
  (c) controlling, by the first guest operating system, the first terminal hardware set based on the exchange of instructions occurring at step (b);
  
  (d) controlling, by the controller kernel, an exchange of instructions between the second guest operating system and the processing hardware; and
  
  (e) controlling, by the second guest operating system, the second terminal hardware set based on the exchange of instructions occurring at step (d).

41. A computer system comprising:
- processing hardware that defines an OS security level and at least a first additional security level above the OS security level;
  
  a first guest operating system;
  
  a second guest operating system;
  
  a controller kernel running on the processing hardware, with the controller kernel being programmed to;
  
  selectively allow the first guest operating system to have access to the processing hardware at the OS security level under control of the controller kernel while pre-empting the second guest operating system in a manner that allows the second guest operating system to continue running, andselectively allow the second guest operating system to have access to the processing hardware at the OS security level under control of the controller kernel while pre-empting the first guest operating system in a manner that allows the first guest operating system to continue running.
- View Dependent Claims (42, 43, 44)
- - 42. The system of claim 41 wherein the controller kernel being programmed to:
    - dynamically schedule the first guest operating system to have access to the processing hardware at the OS security level under control of the controller kernel while pre-empting the second guest operating system in a manner that allows the second guest operating system to continue running, anddynamically schedule the second guest operating system to have access to the processing hardware at the OS security level under control of the controller kernel while pre-empting the first guest operating system in a manner that allows the first guest operating system to continue running.
  - 43. The system of claim 41 wherein the controller kernel being programmed to:
    - selectively allow based on user input the first guest operating system to have access to the processing hardware at the OS security level under control of the controller kernel while pre-empting the second guest operating system in a manner that allows the second guest operating system to continue running, andselectively allow based on user input the second guest operating system to have access to the processing hardware at the OS security level under control of the controller kernel while pre-empting the first guest operating system in a manner that allows the first guest operating system to continue running.
  - 44. The system of claim 41 wherein the controller kernel comprises:
    - a modified interrupt service code;
      
      an idle loop; and
      
      a modified interrupt descriptor table.

45. A computer comprising:
- processing hardware that defines an OS security level and at least a first additional security level above the OS security level;
  
  a first memory portion programmed with a first guest operating system;
  
  a second memory portion programmed with a second guest operating system;
  
  a controller memory portion programmed with a controller kernel running on the processing hardware, with the controller kernel being programmed to;
  
  selectively allow the first guest operating system to have access to the processing hardware at the OS security level under control of the controller kernel while pre-empting the second guest operating system in a manner that allows the second guest operating system to continue running, andselectively allow the second guest operating system to have access to the processing hardware at the OS security level under control of the controller kernel while pre-empting the first guest operating system in a manner that allows the first guest operating system to continue running.

46. A method comprising the steps of:
- (a) providing a computer system comprising;
  
  processing hardware that defines an OS security level and at least a first additional security level above the OS security level,a first guest operating system,a second guest operating system, anda controller kernel running on the processing hardware;
  
  (b) selectively allowing the first guest operating system to have access to the processing hardware at the OS security level under control of the controller kernel;
  
  (c) during step (b), pre-empting the second guest operating system in a manner that allows the second guest operating system to continue running;
  
  (d) selectively allowing the second guest operating system to have access to the processing hardware at the OS security level under control of the controller kernel; and
  
  (e) during step (d), pre-empting the first guest operating system in a manner that allows the first guest operating system to continue running.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
FH Innovations Limited
Original Assignee
C & S Operations, Inc.
Inventors
Peterson, David A.

Application Number

US12/234,131
Publication Number

US 20090083829A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 15/16   Combinations of two or more...

G06F 21/53   by executing in a restricte...

G06F 9/45554   Instruction set architectur...

G06F 9/45558   Hypervisor-specific managem...

COMPUTER SYSTEM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

136 Citations

46 Claims

Specification

Use Cases

Quick Links

Others

COMPUTER SYSTEM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

136 Citations

46 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others