Abstract: Active intelligent content is aware of its own timeline, lifecycle, capabilities, limitations, and related information. The active intelligent content is aware of its surroundings and can convert automatically into a format or file type more conducive to the device or environment it is stored in. If the active intelligent content does not have the required tools to make such a transformation, it is self-aware enough to seek out the tools and/or information to make that transformation. Such active intelligent content can be used for enhanced file portability, target advertising, personalization of media, and selective encryption, enhancement, and restriction. The content can also be used to collaborate with other content and provide users with enhanced information based on user preferences, ratings, costs, genres, file types, and the like.

Abstract: A cartridge preferably for use with a game console. The cartridge comprises a ROM, a non-volatile memory, a processor and an encryption unit. An application running on the console may read data from the ROM, read data from the non-volatile memory, and write data in the non-volatile memory. Data to be written in the non-volatile memory is encrypted by the encryption unit, but data to be read is returned in encrypted form for decryption by a decryption function of the game application. Data may also be received encrypted to be decrypted and returned. The encryption or decryption unit may also receive data from the non-volatile memory and send it to the interface. The invention improves on the prior art copy protection as a hacker must reverse engineer the game application in order to copy it, if the encryption unit is unknown. The invention also provides an optical medium equipped with a RFID circuit.

Abstract: A secure microcontroller system comprising an integrated cache sub-system, crypto-engine, buffer sub-system and external memory is described according to various embodiments of the invention. The secure microcontroller incorporates block encryption methods to ensure that content communicated between the integrated microcontroller and external memory is protected and real-time performance of the system is maintained. Additionally, the microcontroller system provides a user-configurable memory write policy in which memory write protocols may be selected to balance data coherency and system performance.

Abstract: A graph access device and block access device can simultaneously access a memory pool shared between the devices. The memory pool may include one or more memory arrays accessed as a single logical memory. The block access device accesses the memory pool as a flat array of memory blocks, and the graph access device accesses the memory pool as hierarchical file system. The simultaneous access is accomplished by monitoring one or more memory block access operations performed by the block access device, while it is accessing the memory pool. The block access operations are translated into a graph data structure including a plurality of pointers mapping the memory pool to the hierarchical file system. A processor regulates access to the memory pool, and is configured to permit the graph access device to access the memory pool concurrently with the block access device, in accordance with the graph data structure.

Abstract: A method of migrating data comprises migrating source encrypted data from a source storage device to a target storage device and re-keying while migrating the source encrypted data. The method further comprises while re-keying and migrating the source encrypted data, performing an access request to the source encrypted data apart from the migrating and re-keying.

Abstract: A distributed storage network received a data segment. The data segment is partitioned into two or more portions. A first portion hash is calculated from the first portion of data and used to encrypt the second portion of data. A hash of the encrypted second portion of data is then used to either encrypt the next portion of data (in this case, a third portion of data) or to circle back to the beginning and encrypt the first portion of the data if the second portion of data is the last in data segment. This iterative process continues until all portions of the data segment are encrypted in a sequence. In essence, the data portions of the segment are sequentially processed in some order to encrypt the various portions in that progressing order. A reverse order is used to derive the hash values and decrypt the encrypted data portions into decrypted original data to recreate the data segment.

Abstract: Multiple revisions of an encoded data slice are generated, with each revision having the same slice name. Each of the data slices represents the same original data portion, but each is encoded so that no single data slice can be used to reconstruct the original data portion. Appropriate revision numbers are associated with each encoded data slice, and the encoded data slices and associated revision numbers are transmitted for storage in selected storage units of a distributed storage network. If write confirmations are received from at least a write threshold number of storage units, a commit command is transmitted so that the most recently written data slices will be available for access. After a commit command is issued, a current directory used to access the encoded data slices can be sliced, encoded, and stored in the same way as the data slices.

Abstract: A system and method provide for a reception of data at a computer processor. The data relates to a dataset in a computer system. The computer processor calculates a weight for the dataset as a function of the data, and the processor executes an action on the dataset as a function of the weight. In an embodiment, the action is a backup of data on the computer system, and through recalculation of the weight over a period of time, the backup schedule, backup media, and other parameters are altered based on the changing weight for a dataset.

Abstract: A method for security monitoring of an electronic device includes determining whether a storage system of the electronic device is a secured storage system according to a signal of a first switch of the electronic device, determining whether an encryption key of the secured storage system is modifiable according to a detected signal of a second switch of the electronic device. Decrypting the secured storage system using a decryption key if the decryption key is the same as a preset decryption key in the secured storage system.

Abstract: A distributed storage processing unit encodes data objects into multiple encoded data slices to prevent reconstruction of the original data object using a single encoded data slice, but to allow reconstruction using at least a threshold number of encoded data slices. The distributed storage processing unit can decide to whether and where to cache frequently requested data slices. When retrieving data slices related to a particular data object, a check can be made to determine if the data slices are cached in a temporary memory associated with the distributed storage processing unit, or elsewhere in the distributed storage network. This check can be facilitated by storing data slices and a hash table identifying the location of stored data slices in the same temporary memory.

Abstract: Embodiments relate to systems and methods for secure distributed storage. In aspects, a set of remote storage hosts, such as personal computers, servers, media devices, cell phones, or others, can subscribe or register to provide storage via a cloud-based or other distributed network. Source data from an originating computer, such as a data file, can be decomposed into data storage subunits, each of which is encrypted via a cloud management system or other logic or control. The data storage subunits can comprise data blocks or even or uneven size. The set of encrypted data storage subunits can be registered to a table or other record, and disseminated to the remote storage hosts. In the event of data loss at the originating computer or at other times, the remotely stored data storage subunits can be extracted, decrypted, and reassembled to reconstruct the original source data.

Abstract: A Write-Once Read-Many (WORM) memory controller receives data from a processing system that is addressed to a location in a storage device, stores the data and a tag at the location, receives second data from the processing system that is addressed to the location, determines that the location includes the tag, and prevents the second data from being stored at the location based upon the presence of the tag. A WORM memory device sends a reply to a controller in response to an initialization command. The reply includes an address number that corresponds with the storage capacity of the WORM memory device. The WORM memory device sends another reply to another controller in response to another initialization command. The initialization commands are different from each other. The other initialization reply includes an address number of zero.

Abstract: Methods and removable storage devices are provided. Some such removable storage devices may include a file specifying a name of a program to be executed automatically by a host, may include settings for a secure storage area, where the settings are user-configurable, may include a secure partition that is not accessible by an operating system of a host, may be configured to cause a health of the removable device to be automatically checked when the removable device is coupled to a host, may be configured to cause a program for formatting the removable device to be executed when the removable device is coupled to a host, or may include a secure partition configured to store information so that formatting/reformatting does not alter the stored information.

Abstract: These embodiments relate to authentication and securing of write-once, read-many (WORM) memory devices. In one embodiment, a memory device comprises a controller operable in first and second modes of operation after stored security information is validated, wherein in the first mode of operation, the memory device operates in a read-only mode, and wherein in the second mode of operation, the memory device operates in a write-once, read-many (WORM) mode. In another embodiment, the controller is operative to perform security methods.

Abstract: A data processing apparatus includes, an input unit to accept information on one or more deletion-target data blocks specified from a plurality of data blocks, a hash generating unit to calculate a hash value of each of the plurality of data blocks, an auxiliary data generating unit to calculate auxiliary data ?=gH1(mod N) of a signer based on predetermined values g and N and a product H1 of the hash values of one or more deletion-target data blocks, a digital signature generating unit to calculate intermediate data ?=gH2(mod N) based on the predetermined values g and N and a product H2 of the hash values of one or more remaining data blocks to generate a digital signature for a combination of the intermediate data ? and position data of one or more deletion-target data blocks with a signing key of a modifier.

Abstract: Methods and apparatus for use in transferring user data from a first (“source”) mobile communication device to a second (“target”) mobile communication device using a removable memory card are disclosed. The source and target devices may be possessed and/or owned by the same end user. The source device is initially enabled to maintain data synchronization with a host server over a wireless communication network via a first wireless transceiver for user data of an application program associated with the user account. To enable the target device for the communications associated with the user account, the source device is operative to establish a programming session with the target device via a second wireless transceiver. During the programming session, the source device causes user account data (e.g. at least one encryption/decryption key for the data-synchronized communications) for the user account to be transmitted to the target device via the second wireless transceiver.

Abstract: Devices and methods for securely upgrading devices, such as field upgradeable units, are disclosed. In response to receiving an update object, a device may determine whether a predefined location of memory includes a predetermined value. Based on the value in the predefined location, the device may store the received update object in a verification portion of the memory. After verifying the authenticity of the update object, the device may copy the update object from the verification portion of the memory to an inactive portion. The inactive portion of the memory can be swapped with an active portion of the memory, such that the inactive portion becomes active.

Abstract: A data scrambling method for scrambling raw data from a host system is provided. The data scrambling method includes generating a random number and storing the random number into a storage unit. The data scrambling method also includes receiving a user password from the host system, generating a padded value by using a first function unit based on the random number and the user password, and generating a nonce value by using a second function unit based on the padded value and a key. The data scrambling method further includes generating scrambled data corresponding to the raw data by using a third function unit based on the nonce value and the raw data. Accordingly, the raw data of the host system can be effectively protected.

Abstract: In one embodiment, a device includes a first interface, a second interface, a memory, and a processor coupled to the first and second interfaces and to the memory. The processor is configured to receive key-management information via the second interface, and to store the key-management information in a protected portion of the memory as stored key-management information. The processor is also configured to perform a challenge-response authentication interaction via the first interface. The challenge-response authentication interaction is based at least in part on the stored key-management information. The device is configured to prevent data in the protected portion of the memory from being modified in response to information received via the first interface.

Abstract: A computer system to prevent intervention and falsification by setting encrypted transfer between a host computer and a first storage device that provides a virtual volume and between the first storage device and second and third storage devices that provide a real volume corresponding to the virtual volume. A management computer specifies the second and third storage device that provide the real volume corresponding to the virtual volume by providing a volume corresponding to the virtual volume used by a host computer in which encrypted transfer becomes necessary, and setting the encrypted transfer to communication between the first storage device and the second and third storage devices, makes a reconnection thereof, and also sets the encrypted transfer to an I/O port used for the communication with the host computer in the first storage device.

Abstract: A computing system contains and uses a partitioning microkernel (PMK) or equivalent means for imposing memory partitioning and isolation prior to exposing data to a target operating system or process, and conducts continuing memory management whereby data is validated by security checks before or between sequential processing steps. The PMK may be used in conjunction with an Object Request Broker.

Abstract: A set of security claims for a communication channel are obtained, the set of security claims including one or more security claims each identifying a security characteristic of the communication channel. The security claims are stored, as is a digital signature generated over the set of security claims by an entity. The security claims and digital signature are subsequently accessed when a computing device is to transfer data to and/or from the communication channel. The set of security claims is compared to a security policy of the computing device, and the entity that digitally signed the set of security claims is identified. One or more security precautions that the computing device is to use in transferring data to and/or from the communication channel are determined based at least in part on the comparing and the entity that has digitally signed the set of security claims.

Abstract: A license managing device sets a security area for storing a license file, maintains the security area as an encoded file in an inactive state of the security area by encoding the security area, maintains the security area as a directory in an active state of the security area by decoding the security area, and encodes a license file by using a file encoding key according to the user's request and stores the same in a security area in an active state of the security area.

Abstract: A method for optimizing data transfer through retrieval and identification of non-redundant components. Efficiently packing each network transmission block using sequence search criteria. A hierarchical skipping method. Avoidance of sending undesired pieces. Segmentation of each file and object into a hierarchy of pieces in a plurality of types.

Abstract: An access control method of a semiconductor device includes providing an inputted password as an input of a hash operator; performing a hash operation in the hash operator and outputting a first hash value; controlling the hash operator so that the hash operation is repeatedly performed in the hash operator by providing the first hash value as an input of the hash operator when the first hash value and a second hash value stored in a nonvolatile memory do not coincide; and setting an access level with respect to the inner circuit according to the repetition number of times of the hash operation of the hash operator when the first and second hash values coincide.

Abstract: A memory device and method for updating a security module are disclosed. In one embodiment, a memory device is provided comprising a memory operative to store content and a controller in communication with the memory. The controller is configured to send an identification of the memory device's security module to a host and receive an identification of the host's security module. If the memory device's security module is out-of-date with respect to the host's security module, the memory device receives a security module update from the host. If the host's security module is out-of-date with respect to the memory device's security module, the memory device sends a security module update to the host.

Abstract: A method (and structure) of enhancing efficiency in processing using a secure environment on a computer, includes, for each line of a cache, providing an associated object identification label field associated with the line of cache, the object identification label field storing a value that identifies an owner of data currently stored in the line of cache.

Abstract: Systems and methods are disclosed for performing data storage operations, including content-indexing, containerized deduplication, and policy-driven storage, within a cloud environment. The systems support a variety of clients and cloud storage sites that may connect to the system in a cloud environment that requires data transfer over wide area networks, such as the Internet, which may have appreciable latency and/or packet loss, using various network protocols, including HTTP and FTP. Methods are disclosed for content indexing data stored within a cloud environment to facilitate later searching, including collaborative searching. Methods are also disclosed for performing containerized deduplication to reduce the strain on a system namespace, effectuate cost savings, etc. Methods are disclosed for identifying suitable storage locations, including suitable cloud storage sites, for data files subject to a storage policy.

Abstract: The present invention discloses a network transmission system, network transmission method, and network transmission device thereof. The network transmission device is connected to an operating center and a user device, and comprises at least one storage device. The operating center is capable of transmitting data to the network transmission device and storing the data in the storage device.

Abstract: A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others.

Abstract: A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others.

Abstract: A system for storing encrypted compressed data comprises a processor and a memory. The processor is configured to determine whether an encrypted compressed segment has been previously stored. The encrypted compressed segment was determined by breaking a data stream, a data block, or a data file into one or more segments and compressing and then encrypting each of the one or more segments. The processor is further configured to store the encrypted compressed segment in the event that the encrypted compressed segment has not been previously stored. The memory is coupled to the processor and configured to provide the processor with instructions.

Abstract: An information processing apparatus includes an authentication section that executes authentication with a first recording medium, and a decryption section that executes decryption of encrypted data stored on a second recording medium. The decryption section acquires data stored on the first recording medium on the condition that authentication with the first recording medium is established, and performs decryption of encrypted data recorded on the second recording medium by using the acquired data.

Abstract: A storage apparatus includes a key control part to judge a validity of a data access from a request source based on authorization information received therefrom and authorization information created from an enciphering key included in enciphering key information received from a key management apparatus, and a control part to make the data access to the recording medium using the enciphering key in response to an access request from the request source, if the validity of the data access is confirmed. The authorization information from the request source includes a unique code created from the enciphering key if an authentication is successful in the key management apparatus in response to an authentication request from the request source.

Abstract: A method for securely handling processing of information in a chip may include randomly selecting one of a plurality of data processes based on a random process index. A time interval may be randomly allocated on the chip, for processing the randomly selected one of the plurality of data processes. When the randomly allocated time interval has elapsed, the randomly selected one of the plurality of data processes may be initiated. The randomly selected one of the plurality of data processes may include one or both of accessing data and acquiring the data. Data may be verified by the randomly selected one of the plurality of data processes prior to the processing of the data. The data may be verified utilizing at least one digital signature verification algorithm, such as a Rivest-Shamir-Adelman (RSA) algorithm and/or a secure hash algorithm (SHA-1).

Abstract: A secure processing device may include an external memory storing encrypted data, and a processor cooperating with the external memory. The processor is configured to generate address requests for the encrypted data in the external memory, cache keystreams based upon an encryption key, and generate decrypted plaintext based upon the cached keystreams and the encrypted data requested from the external memory. For example, the processor may be further configured to predict a future address request, and the future address request may be associated with a cached keystream.

Abstract: According to one embodiment, a computing system includes two or more opto-electrical isolators coupling a corresponding two or more memory devices to a processor. Each memory device is electrically isolated from each other and configured to store data or instructions executed by the processor. Each opto-electrical isolator selectively couples its associated memory device to the processor such that only one of the two or more memory devices are writable by the processor at any instant of time.

Abstract: The systems and methods provide a dynamic process for obtaining and managing informed consent documentation. In general, the dynamic informed consent process (DICP) makes use of an intermediary organization, e.g., a trusted intermediary, which: (a) provides ICFs which have been dynamically generated for a specified trial or medical procedure and based on particular state or federal requirements, if any; and (b) archives copies of signed ICFs. In certain preferred embodiments, there may also be a procedure to provide training materials, such as audio or video presentations, to be viewed by prospective participants. In certain preferred embodiments, the process also includes contacting subjects who have signed ICFs in the event that there is a change of circumstance which the subject may deem material to whether s/he would continue to consent, or whether the participant needs to provide a different type of consent to participate in particular event or trial.

Abstract: Systems and methods authenticate storage devices. In one implementation, a computer-implemented method is provided for authenticating a storage device. According to the method, a manifest that identifies a destination is receive. A transfer station reads a digital signature from the storage device. The digital signature is validated and, based on the validation of the digital signature, a transfer of one or more files from the storage device via the transfer station is authorized to the destination identified in the manifest.

Abstract: A secure memory controller includes a memory unit and a controller. The memory unit stores the information of the predetermined scenario in accordance with an application to be executed. The controller gives the right to access the memory area based on the set scenario. The controller judges whether the bus master which is requesting an access to the memory area has the right to access.

Abstract: A multipoint general-purpose input/output control interface device is provided, which is a control interface device that is applicable to, but not limited to, PCI transmission interface, and can be installed in or removed from a computer system or a game machine as desired to use the computer system or the game machine to control a timer and access or encrypt static random access memory and general purpose input/output (GPIO).

Abstract: The present invention relates to an information storage protector that comprises: a memory device with a memory interface mounted at its front end; wherein, the memory device is mounted a data storage block and a hidden block,a reader linked to a host computer; wherein, the reader is mounted a fingerprint sensor and characteristic authentication processing unit while the interior of hidden block in the memory device is stored the characteristic data of fingerprint from a plurality of users that allows the user to proceed the reading/writing data from/in the memory device provided that the user is recognized by the fingerprint sensor and the characteristic authentication processing unit; and a read & write control software installed in the interior of the abovementioned host computer; wherein, to store the data in the memory device can be proceeded only through the read & write control software.

Abstract: Techniques are generally described for methods, systems, data processing devices and computer readable media configured to decrypt data to be stored in a data cache when a particular condition indicative of user authentication or data security has occurred. The described techniques may also be arranged to terminate the storage of decrypted data in the cache when a particular condition that may compromise the security of the data is detected. The describe techniques may further be arranged to erase the decrypted data stored in the cache when a particular condition that may compromise the security of the data is detected.

Abstract: A memory device and method for adaptive protection of content are disclosed. In one embodiment, a memory device is provided comprising a memory operative to store content and a controller in communication with the memory. The controller is operative to generate a content protection algorithm that is different from at least one content protection algorithm previously generated by the controller, protect the content in accordance with the content protection algorithm, generate virtual machine code containing instructions on how to unprotect the protected content, and provide the protected content and the virtual machine code to a host in communication with the memory device.

Abstract: Storage apparatus (20) includes a memory (30) and an encryption processor (28), which is configured to receive and encrypt data transmitted from one or more computers (24) for storage in the memory. A one-way link (32) couples the encryption processor to the memory so as to enable the encryption processor to write the encrypted data to the memory but not to read from the memory.

Abstract: A system for formatting memory in a peripheral device. The system includes a peripheral device comprising the memory communicatively coupled with a controller. A host is communicatively coupled with the peripheral device via a communication path. An interface is communicatively coupled with the controller and the host computer. The controller is configured to receive a first command from the host computer. The controller is further configured to format at least a portion of the memory based on the first command. The host computer sends a second command to the peripheral device via the communication path to complete the format.

Abstract: After an initialization process (S10), the access controller of the external storage device performs authentication using a password (S20, S30). If authentication is successful, the successfully authenticated state is saved, and the host computer is notified that the HD storage portion is accessible (S40). Subsequently, it is decided whether SOF packets are being periodically sent from the host computer (S50), and if periodic sending has been interrupted (S50: NO), the connection to the host computer will be deemed lost, and the saved authenticated state will be deleted (S60).

Abstract: A system for facilitating data access and management on a smart card is provided. According to one exemplary aspect of the system, a storage architecture is provided in the smart card which allows data stored thereon to be shared by multiple parties. Access to data stored on the smart card is controlled by various access methods depending on the actions to be taken with respect to the data to be accessed.

Abstract: Devices for securing data and method of managing a one-time pad stored in nonvolatile memory of a device. In one embodiment, the device for securing data includes: (1) a nonvolatile memory, (2) a nonvolatile memory controller coupled to the nonvolatile memory and configured to cooperate with the nonvolatile memory to make a key available when a password provided to the device is valid and (3) a self-destruct circuit coupled to the nonvolatile memory and configured to corrupt at least part of the nonvolatile memory when the password is invalid.

Abstract: A computer storage apparatus. In one embodiment, the apparatus includes: (1) primary file storage, (2) a controller coupled to said primary file storage and configured to provide an interface by which data is communicated therewith, (3) formula/offset file storage coupled to said controller and configured to store at least one formula/offset and (4) pointer file storage coupled to said controller and configured to store at least one pointer, said controller further configured to provide said interface based on interaction with said formula/offset file storage and said pointer file storage.