Abstract: A method for managing data in a memory of a computer. The method includes the steps of: prohibiting a specified memory area in a memory from being accessed temporarily or intermittently; and attaching, to first data, a first mark indicating that the first data has been read when a page fault has occurred as a result of an access by any process to read on the first data; where the first data is present in a specified memory area prohibited from being accessed; and where at least one of the steps is carried out using a computer device.

Abstract: Methods, systems and devices for configuring access to a memory device are disclosed. The configuration of the memory device may be carried out by creating a plurality of access profiles that are adapted to optimize access to the memory device in accordance with the type of access. Accordingly, when an application with specific memory access needs is initiated, the memory access profile that is most optimized for that particular access need is utilized to configure access to the memory device. The configuration may be effected for a portion of the memory device, a partition of the memory device, or even one single access location on the memory device.

Abstract: Embodiments of apparatuses, methods, and systems for executing a protected device model in a virtual machine are disclosed. In one embodiment, an apparatus includes recognition logic, memory management logic, control logic, and execution logic. The recognition logic is to recognize an indication, during execution of first code on a virtual machine, that the first code is attempting to access a device. The memory management logic is to prevent the virtual machine from accessing a portion of memory during execution of the first code, and to allow the virtual machine to access the portion of memory in response to the indication. The control logic is to transfer control of the apparatus from the first code to second code stored in the portion of memory, without exiting the virtual machine. The execution logic is to execute the second code to model the device.

Abstract: A memory device sharing system includes M (M represents an integer of 2 or greater) access control apparatus for sharing N (N represents an integer of 2 or greater) memory devices which store data, and a managing apparatus for managing access to the memory devices via the access control apparatus. The managing apparatus checks data stored in the N memory devices, generates data position information representative of the storage positions of data stored in any one of the N memory devices, and sends the data position information to the M access control apparatus. Each of the M access control apparatuses receives the data position information sent from the manager, and accesses the storage position indicated by the data position information if each of the M access control apparatuses receives an access request to access the data from an access request source.

Abstract: A method for managing a storage device including identifying a lock timing for the storage device when coupling to a device, transitioning the storage device into a locked state in response to detecting the storage device decoupling from the device, and configuring the storage device to remain in the locked state if the storage device is re-coupled to the device after the lock timing has elapsed.

Abstract: A method for data storage, including configuring a first logical volume on a first storage system and a second logical volume on a second storage system. The second logical volume is configured as a mirror of the first logical volume, so that the first and second logical volumes form a single logical mirrored volume. The method also includes receiving at the second storage system a command submitted by a host to write data to the logical mirrored volume, and transferring the command from the second storage system to the first storage system without writing the data to the second logical volume. On receipt of the command at the first storage system, the data is written to the first logical volume. Subsequent to writing the data to the first logical volume, the data is mirrored on the second logical volume.

Abstract: A memory device includes an address protection system that facilitates the ability of the memory device to interface with a plurality of processors operating in a parallel processing manner. The protection system is used to prevent at least some of a plurality of processors in a system from accessing addresses designated by one of the processors as a protected memory address. Until the processor releases the protection, only the designating processor can access the memory device at the protected address. If the memory device contains a cache memory, the protection system can alternatively or additionally be used to protect cache memory addresses.

Abstract: A directory and members are allocated to store a data set, wherein the directory stores pointers to the members to allow data stored in the members to be accessed. The directory is expanded to accommodate an expansion of the data set, causing the directory to be stored in non-contiguous pages and becoming fragmented. A computational device determines that a threshold that measures a level of fragmentation of the directory relative to an amount of storage allocated for the data set has been exceeded. The computational device reorganizes the fragmented directory, into a reorganized directory that is stored in contiguous pages at the end of the data set, in response to determining that the threshold has been exceeded.

Abstract: An aggregate symmetric multiprocessor (SMP) data processing system includes a first SMP computer including at least first and second processing units and a first system memory pool and a second SMP computer including at least third and fourth processing units and second and third system memory pools. The second system memory pool is a restricted access memory pool inaccessible to the fourth processing unit and accessible to at least the second and third processing units, and the third system memory pool is accessible to both the third and fourth processing units. An interconnect couples the second processing unit in the first SMP computer for load-store coherent, ordered access to the second system memory pool in the second SMP computer, such that the second processing unit in the first SMP computer and the second system memory pool in the second SMP computer form a synthetic third SMP computer.

Abstract: According to one embodiment, a multicore processor system includes: a memory region, and a multicore processor that includes plural cores, a first cache, and a second cache shared between the plural cores. The memory region permits first state in which exclusive use by using the first and second cache is granted to one core, second state in which exclusive use by using the second cache is granted to one core group, and third state in which use by using neither the first cache nor the second cache is granted to all core groups. A kernel unit writes back a first cache to the second cache when a transition of the memory region from the first state to the second state is made, and writes back a second cache to the memory region when a transition of the memory region from the second state to the third state is made.

Abstract: A data processor is disclosed that accesses its local memory by routing requests through a data path that is external the data processor. A reservation/decoration controller implements specialized handling associated with a received request to access local memory. In addition to implementing special handling, a memory controller that is associated with the reservation/decoration controller routes a corresponding access request back to the data processor core to access its local memory.

Abstract: A memory storage device and a memory controller and an access method thereof are provided. The memory storage device includes a rewritable non-volatile memory chip having a plurality of physical blocks. The access method includes configuring a plurality of logical blocks to be mapped to a part of the physical blocks and dividing the logical blocks into at least a first partition and a second partition, wherein the first partition records an auto-execute file. The access method also includes determining whether a trigger signal is existent and sending a media ready message to a host system if the trigger signal is existent, so as to allow the host system to automatically run the auto-execute file and receive a first password. The access method further includes determining whether to provide the logical blocks in the second partition to the host system according to the first password received from the host system.

Abstract: Methods and systems for selective encryption and secured extent quota management for storage servers in cloud computing are provided. A method includes associating at least one secure storage disk and at least one non-secure storage disk to a virtual disk, and associating the virtual disk to an application to allow access of the at least one secure storage disk and the at least one non-secure storage disk. The method further includes accessing the at least one secure storage disk and the at least one non-secure storage disk based on the associating of the virtual disk to the application, to write or read confidential and non-confidential data associated with the application into a respective one of the at least one secure storage disk and the at least one non-secure storage disk.

Abstract: The design of nonblocking linked data structures using single-location synchronization primitives such as compare-and-swap (CAS) is a complex affair that often requires severe restrictions on the way pointers are used. One way to address this problem is to provide stronger synchronization operations, for example, ones that atomically modify one memory location while simultaneously verifying the contents of others. We provide a simple and highly efficient nonblocking implementation of such an operation: an atomic k-word-compare single-swap operation (KCSS). Our implementation is obstruction-free. As a result, it is highly efficient in the uncontended case and relies on contention management mechanisms in the contended cases. It allows linked data structure manipulation without the complexity and restrictions of other solutions.

Abstract: Methods and an apparatuses that perform protected content data processing with limited access to system resources are described. One or more regions in a memory (including a source memory and a destination memory) can be allocated and unprocessed content data can be mapped to the source memory. A process can be initialized with the source and destination memories to process the content data. The process can be prevented from accessing resource other than the allocated regions in the memory. The processed content data can be stored in the destination memory. In one embodiment, the content data can include media content. A playing device can be instructed to play the media content based on the processed content data via the destination memory.

Abstract: In this wireless communication device, a storage unit stores writing identification information relating to permission and prohibition of writing. An acquisition unit acquires device identification information that uniquely specifies an arbitrary wireless communication device from the arbitrary wireless communication device. A determination unit determines permission or prohibition of writing to a recording medium on the basis of the device identification information acquired by the acquisition unit and the writing identification information stored in the storage unit when a communication protocol of a session layer that performs writing to and readout from the recording medium in sector units is selected. A recording medium control unit controls permission and prohibition of writing to the recording medium on the basis of a result determined by the determination unit.

Abstract: Systems and methods for implementing a distributed shared memory (DSM) in a computer cluster in which an unreliable underlying message passing technology is used, such that the DSM efficiently maintains coherency and reliability. DSM agents residing on different nodes of the cluster process access permission requests of local and remote users on specified data segments via handling procedures, which provide for recovering of lost ownership of a data segment while ensuring exclusive ownership of a data segment among the DSM agents detecting and resolving a no-owner messaging deadlock, pruning of obsolete messages, and recovery of the latest contents of a data segment whose ownership has been lost.

Abstract: A memory management and protection system that manages memory access requests from a number of requestors. Memory accesses are allowed or disallowed based on the permissions assigned to the request based on the memory segment being accessed. The decision to allow or disallow access is made by the extended memory controller by merging the permissions assigned to the memory segment being accessed, and the permissions assigned to the access request by the originating memory controller or other endpoint.

Abstract: A security system for an external data storage apparatus and control method thereof are disclosed. The system utilizes a preset identification (ID) and input ID to selectively permit data to be written and/or read.

Abstract: Embodiments of the present disclosure provide methods and systems for securely installing software on a computing device, such as a mobile device. In one embodiment, the device executes an installer that securely installs the software. In order to perform installations securely, the installer configures one or more secure containers for the software and installs the software exclusively in these containers. In some embodiments, the installer randomly determines the identifiers for the containers. These identifiers remain unknown to the software to be installed. Instead, an installation framework maintains the correspondence between an application and its container. Other methods and apparatuses are also described.

Abstract: An information terminal of an embodiment has a communication section, a nonvolatile storage medium and a control section. The communication section performs transmission and reception with a predetermined server via the Internet. The nonvolatile storage medium stores information about a last date and time when an operating system is logged into. When the communication section receives a special command from the predetermined server, the control section performs control to transmit the information about the last date and time when the operating system is logged into, which is stored in the nonvolatile storage medium, to the predetermined server via the Internet.

Abstract: In electronic equipment 1, a limitation level on reading data from a USB flash drive (storage device) 2 is set to a setting section 3 in advance. The USB flash drive 2 ascertains the setting at the setting section 3 when connected to the electronic equipment 1 and limits reading data based on the determined setting. If the limitation level does not match with the condition for permitting data read-out as determined in USB flash drive 2, the USB flash drive 2 prohibits the electronic equipment 1 from reading out data. By executing the processing for limiting data read-out at the side of the USB flash drive 2, unauthorized leakage of data can easily be prevented.

Abstract: One or a plurality of copy pairs are disposed in a plurality of storage systems. A management server determines the propriety of execution of an operation request for each user for either a local copy pair or a remote copy pair. As operation requests, a pair create, a split, a resync, a restore, and a pair delete can be cited.

Abstract: A method for protecting data in the hard disk is provided. The method is suitable for a computer system and includes the following steps. First, a plurality of specification parameters conforming to the computer system is read. Next, a part of the specification parameters are encoded for obtaining a recognition byte. Then, when the computer system writes data to a hard disk, a specific operation is performed to a byte read or written by the hard disk and the recognition byte for maintaining a security of the data in the hard disk.

Abstract: A memory management and protection system that manages memory access requests from a number of requestors. Memory accesses are allowed or disallowed based on the privilege level of the master, usually a CPU originating the request based on a Privilege Identifier that accompanies each memory access request. Deputy masters such as DMA controllers inherit the Privilege Identifier of the originating master. An extended memory controller selects the appropriate set of segment registers based on the Privilege Identifier to insure that the request is compared to and translated by the segment register associated with the master originating the request.

Abstract: An embodiment of the invention provides a data storage device and data management method thereof. The data storage device is coupled to a host, and includes a storage media having data sectors for storing data and a controller. The controller is coupled to the storage media for sequentially receiving one or more read commands and corresponding one or more logical addresses thereto, reads a plurality of first data sectors from the storage media according to the read commands and the corresponding logical addresses, outputs data of the first data sectors to the host, calculates a valid duration required for the one or more read commands, calculates an average data throughput according to the number of the first data sectors and the valid duration, and determines whether the average data throughput exceeds a predetermined threshold. When the average data throughput exceeds the predetermined threshold, the controller performs a blocking procedure to prevent the storage media from being accessed.

Abstract: An apparatus and method for controlling and securing information stored on portable USB storage devices. Using the software application stored on the USB storage device in conjunction with functionality performed by a designed server, use of the storage device is limited to authorized users, PCs and locations, and other criteria while information contained within the device is protected from unauthorized access.

Abstract: A detachable storage device can comprise a memory, circuitry, and a user interface. The memory may comprise a storage partition. The circuitry may be configured to authorize access to the storage partition to a digital device when the detachable storage device is coupled to the digital device based, at least in part, on a user code. The user interface may be configured to receive the user code while the detachable storage device is within a detached state and provide the user code to the circuitry to allow access to the storage partition.

Abstract: The configuration of a copy pair is prevented in which data replication is conducted from a secondary system to a primary system and data is protected. A first storage device manages first information including a first measurement result related to a command received from a first host, and a second storage device manages second information including a second measurement result related to a command received from a second host. When a management computer makes an instruction to configure data replication from a first volume to a second volume, a storage system determines whether data replication from the first volume to the second volume or data replication from the second volume to the first volume is replication from the primary system to the secondary system based on the managed first information and second information, and the determined result is displayed on the management computer.

Abstract: Examples of methods, systems, and computer-readable media for detection of sensitive information on hierarchical storage management mainframes are described using multiple techniques. The techniques may include determining if data has been migrated from a first storage medium to a second storage medium, recalling the migrated data from a second storage medium to the first storage medium, reading the migrated data, then remigrating the data to the second storage medium.

Abstract: According to one embodiment, a semiconductor device includes a processor, and a memory device. The memory device has a nonvolatile semiconductor storage device and is configured to serve as a main memory for the processor. When the processor executes a plurality of programs, the processor manages pieces of information required to execute the programs as worksets for the respective programs, and creates tables, which hold relationships between pieces of information required for the respective worksets and addresses of the pieces of information in the memory device, for the respective worksets. The processor accesses to the memory device with reference to the corresponding tables for the respective worksets.

Abstract: A system and method are disclosed for determining whether to allow or deny an access request based upon one or more descriptors at a local memory protection unit and based upon one or more descriptors a system memory protection unit. When multiple descriptors of a memory protection unit apply to a particular request, the least-restrictive descriptor will be selected. System access information is stored at a cache of a local core in response to a cache line being filled. The cached system access information is merged with local access information, wherein the most-restrictive access is selected.

Abstract: A system and method are disclosed for determining whether to allow or deny an access request based upon one or more descriptors at a local memory protection unit and based upon one or more descriptors a system memory protection unit. When multiple descriptors of a memory protection unit apply to a particular request, the least-restrictive descriptor will be selected. System access information is stored at a cache of a local core in response to a cache line being filled. The cached system access information is merged with local access information, wherein the most-restrictive access is selected.

Abstract: A flash memory storage system including a controller and a flash memory chip is provided, wherein the controller is disposed with a rewritable non-volatile memory. When the controller writes a security data into the flash memory chip, the controller randomly generates a data token and generates a message digest according to the security data and the data token by using a one-way hash function, wherein the data token and the message digest are respectively stored in the rewritable non-volatile memory and the flash memory chip. Subsequently, when the controller reads the security data from the flash memory chip, the controller determinates whether the security data is falsified according to the data token and the message digest respectively stored in the rewritable non-volatile memory and the flash memory chip. Thereby, the security data in the flash memory chip can be effectively protected.

Abstract: A method to qualify access to a block storage device via augmentation of the device's controller and firmware flow. The method employs one or more block exclusion vectors (BEVs) that include attributes specifying allowed access operations for corresponding block address ranges. Logic in accordance with the BEVs is programmed into the controller for the block storage device, such as a disk drive controller for a disk drive. In response to an access request, a block address range corresponding to the storage block(s) requested to be accessed is determined. Based on the BEV entries, a determination is made to whether the determined logical block address range is covered by a corresponding BEV entry. If so, the attributes of the BEV are used to determine whether the access operation is allowed.

Abstract: A data processor is disclosed that definitively determines an effective address being calculated and decoded will be associated with an address range that includes a memory local to a data processor unit, and will disable a cache access based upon a comparison between a portion of a base address and a corresponding portion of an effective address input operand. Access to the local memory can be accomplished through a first port of the local memory when it is definitively determined that the effective address will be associated with an address range. Access to the local memory cannot be accomplished through the first port of the local memory when it is not definitively determined that the effective address will be associated with the address range.

Abstract: A block management method for managing blocks of a flash memory storage device is provided. The flash memory storage device includes a flash memory controller. The block management method includes the following steps. At least a part of the blocks is grouped into a first partition and a second partition. Whether an authentication code exists is determined. When the authentication code exists, the blocks belonging to the first partition are provided for a host system to access, so the host system displays the first partition and hides the second partition. An authentication information is received from the host system. Whether the authentication information and the authentication code are identical is authenticated. When the authentication information and the authentication code are identical, the blocks belonging to the second partition are provided for the host system to access, so the host system displays the second partition and hides the first partition.

Abstract: Domains can also be used to control access to physical memory space. Data in a physical memory space that has been used by a process sometimes endures after the process stops using the physical memory space (e.g., the process terminates). In addition, a virtual memory manager may allow processes of different applications to access a same memory space. To prevent exposure of sensitive/confidential data, physical memory spaces can be designated for a specific domain or domains when the physical memory spaces are allocated.

Abstract: A method for protecting data, adapted for a computer system, is provided. The computer system includes a storage device. The method includes: when the computer system executes a power-off procedure, inspecting whether a preset external storage device is connected to the computer system; if it is determined that the preset external storage device is connected to the computer system, when the computer system executes the power-off procedure, backing up data of a predetermined segment of the storage device to the preset external storage device, and generating a back-up data, and then writing a specific data template to the predetermined segment for covering original data of the predetermined segment.

Abstract: The present invention provides a semiconductor device and a method for controlling the semiconductor device, the semiconductor device including memory regions; program prohibition information units storing program prohibition information to be used for determining whether to prohibit or allow programming in the memory regions corresponding to the program prohibition information units; a first prohibition information control circuit that prohibits a change of the program prohibition information from a program prohibiting state with respect to a memory region based on first prohibition information; and a second prohibition information control circuit that prohibits a change of the program prohibition information from a program allowing state to a program prohibiting state with respect to the corresponding memory region based on second prohibition information with respect to the corresponding memory region.

Abstract: An information storage apparatus that includes a memory unit, a first controller that reads data from the memory unit, and a second controller included in the memory unit that reads a first identification and outputs the first identification in response to an external instruction, wherein the first identification may only be read by the second controller.

Abstract: A computer system including a copy source volume and a copy target volume which may be selectably PAIRED or SPLIT. User management information stores: an entry indicating that a first user is permitted to effect a PAIR operation and a PATH operation; and, an entry indicating that a second user is permitted to effect a PATH operation. Operation management information indicates permitted PATH and PAIR operations in relation to each user and a volume's PAIR or SPLIT status, and stores: an entry indicating that the first user is permitted to effect the PAIR operation in which the PAIR status is PAIR, or is SPLIT WITH BACKUP DISABLED; and, an entry indicating that the second user is permitted to effect the PATH operations in which the PAIR status is SPLIT WITH BACKUP ENABLED. PAIR management information stores the PAIR status and the BACKUP ENABLED or DISABLED status.

Abstract: Systems, methods, and computer-readable and executable instructions are provided for managing shared memory. A method for managing shared memory can include statically assigning a first number of locks to the shared memory during compile-time and dynamically assigning a second number of locks to the shared memory during runtime.

Abstract: A secure demand paging (SDP) system includes a dynamic random access memory (DRAM), a microprocessor having a secure internal memory and coupled to said DRAM, and a non-volatile memory storing a representation of operations accessible by the microprocessor. The stored representation of operations includes a coded physical representation of operations to configure an SDP space in the DRAM, to organize the SDP space into virtual machine contexts, to organize at least one of the virtual machine contexts into block book keeping blocks and book keeping spaces in the block book keeping blocks, and to execute a secure demand paging process between said secure internal memory and said DRAM.

Abstract: Methods for providing shadow page tables that virtualize processor memory protection. In one embodiment, virtualization software maintains the following: (a) a mapping ? from guest domain identifier to a set of shadow L2 page tables that back guest L1 sections marked with a domain identifier; and (b) with each such shadow L2 page table, a set ? of back-pointers to “potentially referencing” shadow L1 descriptors.

Abstract: A mass storage device protection system may have a mass storage device, a processor configured to generate at least one serial write command signal to the mass storage device via a serial communication link, and a storage protector configured for communication with the processor and mass storage device, the storage protector configured to do the following: intercept the at least one serial write command signal, and determine whether the at least one serial write command signal comprises an authorized command signal or an unauthorized command signal.

Abstract: A memory protection unit includes at least a first access control unit and a second access control unit programmed for controlling an access to a memory device. Further a method to operate a processing system comprising multiple processing devices and multiple memory protection units associated to the multiple processing devices, The access to the memory by a processing device is approved if first access control unit and second access control unit of the memory protection associated to the processing device approves the access and access is rejected if first access control unit or second access control unit rejects the access. The first access control unit is programmable by the associated processing device alone and the programming of the second access control unit is readable by an additional processing device which is to be used in a system with multiple programming devices, not the associate processing device.

Abstract: A method, computer program product, and system are provided for accessing a memory device. For instance, the method can include partitioning one or more memory banks of the memory device into a first and a second set of memory banks. The method also can allocate a first plurality of memory cells within the first set of memory banks to a first memory operation of a first client device and a second plurality of memory cells within the second set of memory banks to a second memory operation of a second client device. This memory allocation can allow access to the first and second sets of memory banks when a first and a second memory operation are requested by the first and second client devices, respectively. Further, access to a data bus between the first client device, or the second client device, and the memory device can also be controlled based on whether the first memory address or the second memory address is accessed to execute the first or second memory operation.

Abstract: Disclosed are methods, systems and products, including a method that includes establishing in a computing environment, implemented using at least one processor-based device, a non-immutable object as being a read-only object, the computing environment not allowing performance of operations that cause modification of the read-only non-immutable object. The method also includes preventing by the at least one processor-based device performance of an operation on the read-only non-immutable object that would cause the read-only non-immutable object to be modified.

Abstract: A memory controller including a control unit for limiting the number of memory requests that are executed within a predetermined time period to regulate power consumption. The control unit may determine a memory request limit indicating the maximum number of memory requests that are allowed to be executed during the predetermined time period based on at least a carry-over limit and a new request limit. The carry-over limit may indicate the maximum number of carry-over memory requests that are allowed during the predetermined time period. The new request limit may indicate the maximum number of new memory requests that are allowed during the predetermined time period. The control unit may further control the number of memory requests that are executed in each of a sequence of predetermined time periods.