Abstract: In a transient storage device (TSD) with multiple authentication silos, a host computing device connected to the TSD is configured by the TSD to discover and act upon various types of authentication information in the silos. One or more logical combinations of authentication silos are switched to the authenticated state to grant access to an associated storage area. A particular ordering of authentication silos may be required to achieve a valid combination of authenticated silos. Ordering may be suggested by configuration information in the TSD. Ordering may also be based upon whether or not user input is required for authenticating a given authentication silo, the environment of use of the TSD, or a hierarchy from most trusted to least trusted authentication silo. With this information, the host proceeds with the most efficient authentication sequence leading to a grant of access to the storage area.

Abstract: A dynamic logical unit number system is implemented as a storage device that includes processing logic and storage functionality. A storage device may be configured to provide a first logical unit number when the storage device is attached to a computer system or other computing device. The storage device through its dynamic logical unit number system provides a configuration interface through which the computer system can configure additional logical unit numbers and reconfigure existing logical unit numbers of the storage device. After the redefinition of the logical unit numbers, the dynamic logical unit number system may cause a reestablishment of the connection between the storage device and the computer system. Upon establishing the new connection, the computer system recognizes the redefined logical unit numbers and treats each logical unit number as a separate storage device, including assigning a different number to each logical unit number.

Abstract: A method, computer program product and computer system for assigning logic storage entities of a storage device to multiple partitions of a computer system, which includes associating each logic storage entity to one of the partitions that are allowed to access the logic storage entity; configuring a partition supervisor to control accesses of the partitions to the logic storage entities, so that the partitions can share resources when accessing the logic storage entities; and providing an interceptor in the partition supervisor, so that a request or a response between a select logic storage entity and a select partition is intercepted if the select partition is not allowed to access the select storage entity.

Abstract: An apparatus providing for a secure execution environment. The apparatus includes a microprocessor that is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus. The microprocessor has a non-secure memory and a secure volatile memory. The non-secure memory is configured to store portions of the non-secure application programs for execution by the microprocessor, where the non-secure memory is observable and accessible by the non-secure application programs and by system bus resources within the microprocessor. The secure volatile memory is configured to store the secure application program for execution by the microprocessor, where the secure volatile memory is isolated from the non-secure application programs and the system bus resources within the microprocessor.

Abstract: A NoDMA cache including a super page field. The super page field indicates when a set of pages contain protected information. The NoDMA cache is used by a computer system to deny I/O device access to protected information in system memory.

Abstract: A data storage medium includes a data structure, called a disk control block, used for administration and control information for the data storage medium. One medium may contain multiple different disk control blocks, each addressing a different function. Each disk control block includes a control block identifier that specifies the function of the disk control block. Each control block also includes a set of standard access control parameters. If a drive encounters an unrecognized disk control block, the drive can still decode the standard control parameters, so that the drive behavior is not inconsistent with the requirements of the unrecognized disk control block.

Abstract: Apparatus for processing data is provided comprising processing circuitry and monitoring circuitry for monitoring write transactions and performing transaction authorisations of certain transactions in dependence upon associated memory addresses. The processing circuitry is configured to enable execution of a write instruction corresponding to a write transaction to be monitored to continue to completion whilst the monitoring circuitry is performing monitoring of the write transactions and the monitoring circuitry is arranged to cause storage of write transaction data in an intermediate storage element for those transactions for which an authorisation is required. Storage of write transaction data in an intermediate storage element enables the write transaction to be reissued in dependence upon the result of the transaction authorisation although the corresponding write instruction has already completed.

Abstract: A data accessing system includes a host computer and a storage device. The host computer has a first media access control (MAC) address, and the storage device includes a first storage region, a second storage region, and a controller. The first storage region is utilized for storing data. The second storage region stores a second media access control address. The controller couples to the first storage region and the second storage region for executing a security checking function to determine if the host computer is qualified to access the first storage region according to the first media access control address.

Abstract: A method for managing a plurality of network storages on a computer device includes: receiving login commands in response to the users' operations; simultaneously transmitting a first access request to get read/write authority with respect to the first network storage, and a second access request to get read/write authority with respect to the second network storage in response to the login commands; receiving and combining first information from the first network storage and second information from the second network storage after the first and the second access requests being authorized by the network storages; displaying the combined information on a single graphical user interface.

Abstract: An authorization method includes recognizing a request to access a data storage unit from a user, providing user identification and identifying information of the data storage unit, receiving a response from the authorization module, and passing the request to the data storage unit if the user is authorized to access the data storage unit. An access control system includes the authorization module configured to receive the request to access the data storage unit from the client device and determine whether the user is authorized to access the data storage unit.

Abstract: Protection entries and techniques for providing fine granularity computer memory protection. A method of protecting a computer memory may include separating or parsing the computer memory, containing data or code, into blocks and creating protection entries for each block. The protection entries optionally include a reference field for identifying a block of memory, and a protection field for specifying one or more levels of access to the identified block of memory. The protection entries may then be used to pass messages between various system entities, the messages specifying one or more levels of access to the one or more blocks of memory or code.

Abstract: The present disclosure provides a methodology by which disk level access for storage drives of a storage array may be highly secured based on permission settings applied to the driver interface of the storage drives. Based on specific set of access rules, a security component applies security profiles to permit/deny access to an individual storage drive, sets the storage drive with a first security level, monitors for a triggering event, and sets the storage drive to a second (more restrictive) security access level in response to the triggering event. In addition, the security component generates an alert in response to the triggering event. Thus, disk level access permissions are applied at a driver interface layer and permissions are applied based on administrator-defined policies. The present disclosure provides for complete lock-down of data permissions, management and/or restriction of IO loads, and protection of “read-only” data integrity from overwrites.

Abstract: A method of operation of a self-locking mass storage system includes: providing storage media and an inactivity timer; timing a period of read/write inactivity of the storage media using the inactivity timer; comparing the period of read/write inactivity against a preset maximum idle time; locking access to the storage media when the period of read/write inactivity exceeds the preset maximum idle time; and, resetting the period of read/write inactivity following read/write activity while the self-locking mass-storage system is in an unlocked state.

Abstract: A data processing system has a processor and a memory coupled to the processor and an asynchronous memory mover coupled to the processor. The asynchronous memory mover has registers for receiving a set of parameters from the processor, which parameters are associated with an asynchronous memory move (AMM) operation initiated by the processor in virtual address space, utilizing a source effective address and a destination effective address. The asynchronous memory mover performs the AMM operation to move the data from a first physical memory location having a source real address corresponding to the source effective address to a second physical memory location having a destination real address corresponding to the destination effective address. The asynchronous memory mover has an associated off-chip translation mechanism. The AMM operation thus occurs independent of the processor, and the processor continues processing other operations independent of the AMM operation.

Abstract: The various embodiments of the invention relate generally to semiconductors and memory technology. More specifically, the various embodiment and examples of the invention relate to memory devices, systems, and methods that protect data stored in one or more memory devices from unauthorized access. The memory device may include third dimension memory that is positioned on top of a logic layer that includes active circuitry in communication with the third dimension memory. The third dimension memory may include multiple layers of memory that are vertically stacked upon each other. Each layer of memory may include a plurality of two-terminal memory elements and the two-terminal memory elements can be arranged in a two-terminal cross-point array configuration. At least a portion of one or more of the multiple layers of memory may include an obfuscation layer configured to conceal data stored in one or more of the multiple layers of memory.

Abstract: A mass storage device protection system may have a mass storage device, a processor configured to generate at least one serial write command signal to the mass storage device via a serial communication link, and a storage protector configured for communication with the processor and mass storage device, the storage protector configured to do the following: intercept the at least one serial write command signal, and determine whether the at least one serial write command signal comprises an authorized command signal or an unauthorized command signal.

Abstract: A lock-based software transactional memory (STM) implementation may determine whether a transaction's write-set is static (e.g., known in advance not to change). If so, and if the read-set is not static, the STM implementation may execute, or attempt to execute, the transaction as a semi-static transaction. A semi-static transaction may involve obtaining, possibly after incrementing, a reference version value against which to subsequently validate that memory locations, such as read-set locations, have not been modified concurrently with the semi-static transaction. The read-set locations may be validated while locks are held for the locations to be written (e.g., the write-set locations). After committing the modifications to the write-set locations and as part of releasing the locks, versioned write-locks associated with the write-set locations may be updated to reflect the previously obtained, or newly incremented, reference version value.

Abstract: A memory system is provided. The memory system includes a memory array and a memory controller in communication with the memory array. The memory controller is configured to receive a first password and to compare the first password with a second password. The second password is stored in the memory controller. If the first password matches the second password, then access is permitted to the memory array. The memory array can include a plurality of vertically stacked memory arrays. The vertically stacked memory arrays can be formed on top of a logic plane that includes active circuitry in communication with the vertically stacked memory arrays. The memory arrays can include two-terminal memory cells that store data as a plurality of conductivity profiles and retain the stored data in the absence of power. The memory arrays may be configured as non-volatile two-terminal cross-point memory arrays.

Abstract: Embodiments of the present invention provide a media library controller that can communicate with multiple physical libraries that are physically separate from each other (i.e., that cannot pass media back and forth). The media library controller can maintain a virtualized aggregate media library representing the physical media libraries with which it is in communication. From the physical media libraries, the media library controller can establish a virtual media library and associate a host with the virtual media library. The virtual media library can represent the portions of a physical media library to which the host is allowed access.

Abstract: In a system comprising a first storage system providing plural first logical volumes including real logical volume and a virtual logical volume with a host, a second storage system having a second logical volume, and a management computer, when the first storage system receives an access request to the virtual logical volume, it accesses a second logical volume associated with the virtual logical volume. In this system, when the management computer receives a request to guard one of the plural first logical volumes, it checks whether a target first logical volume of the request is a real logical volume or a virtual logical volume, in case of the virtual logical volume, generates and provides a possible at least one option to guard the virtual logical volume by considering a program for volume guard, which each of the first storage system and the second storage system has.

Abstract: Described are a self-protecting storage device and method that can be used to monitor attempts to access protected information. Access is allowed for authorized host systems and devices while unauthorized access is prevented. Authorization use includes inserting a watermark into access commands, such as I/O requests, sent to the storage device. The access commands are verified before access is permitted. In one embodiment, block addresses in I/O requests are encrypted at the host device and decrypted at the self-protecting storage device. Decrypted block addresses are compared to an expected referencing pattern. If a sufficient match is determined, access to the stored information is provided. Self-protection can be provided to a range of storage devices including, for example, SD flash memory, USB thumb drives, computer hard drives and network storage devices. A variety of host devices can be used with the self-protecting storage devices, such as cell phones and digital cameras.

Abstract: Versatility of a memory card is improved by providing a memory card wherein data protection mode and normal mode can be selected at discretion.

Abstract: A building management system (1) for the control of plural actuators (10) arranged in a distributed manner, comprised of a central control unit (2) and at least one actuator (10) controlled by the central control unit (2), wherein the actuator (10) has a control device (11) which is formed to receive control commands from the central control unit (2) and to operate the actuator (10) in dependence upon these control commands, and a memory part (13) for storing function-relevant information. In accordance with the invention the memory part (13) is separate or separable from the control device (11).

Abstract: A method for storing data includes providing a memory package including an integrated circuit containing a non-volatile memory and counter circuitry. The data is written to the non-volatile memory. The counter circuitry is operated to maintain a count of write operations performed on the non-volatile memory. The data and the count from the memory package are received at a controller, separate from the memory package, and the data is authenticated in response to the count.

Abstract: A method for preventing erroneous writing of data includes the steps of: providing a memory positioned in a writing protection state, connecting the memory to a host computer installed with a control program, using the control program to control the memory to remove the writing protection state and writing external data into the memory. Whereby, the erroneous writing of the external data is prevented and the safety of internal data of the memory is protected accurately.

Abstract: An information processing apparatus comprising a secure information unit that is set to the state not requiring security in the case where the data is transferred from a user memory space to a general purpose register, and that is set to the state requiring security in the case where the data is transferred from a secure memory space to the general purpose register. An encryption key in the secure memory space is prevented from being stolen by prohibiting the data transfer to the user memory space from the general purpose register with the value of the secure information unit set to the state requiring security.

Abstract: A method is provided for authenticating a carrier of a portable object having a memory for memorising at least one item of secret information. The method includes: authentication processing of a signature provided by said carrier, taking account of said secret information; supplying an item of information for the authentication decision, positive or negative, implementing, in a non volatile memory of said portable object, an incorrect signature indicator which may adopt a value indicating a normal situation and at least one value indicating an abnormal situation. The step of implementing including: after said information supplying step, writing, in said incorrect signature indicator, a value indicating an abnormal situation, if said authentication decision is negative; and before said authentication step, and if said incorrect signature indicator contains a value indicating an abnormal situation, a step generating a delay.

Abstract: Provided is a storage apparatus that stores data update histories using an existing file system without modifying the source code of the existing file system. The storage apparatus includes an I/O command catcher that changes, when an I/O command is issued from a program stored in a memory and arbitrary update data is stored in a data area address corresponding to a buffer address storing the arbitrary update data, authorized access set for the arbitrary update data in a page management unit to readable; and a page exception catcher that issues, when the authorized access of the arbitrary update data is changed to readable, a page exception report, acquires a data area address corresponding to the buffer address storing the arbitrary update data in the address management unit, and stores the update data and its update history in an update queue.

Abstract: Embodiments of archival storage system are disclosed. The archival storage system includes one or more removable disk drives that provide random access and are readily expandable. One or more application servers can store archival data to the one or more removable disk drives. Further, the archival storage system provides an audit trail that stores information about actions taken on the archival data. The audit trail data providing a list of the actions and information about the actions that can be used to determine changes to the archival data.

Abstract: Provided are a method, system, and article of manufacture for providing a process exclusive access to a page including a memory address to which a lock is granted to the process. A request is received for a memory address in a memory device from a requesting process. A lock is granted to the requested memory address to the requesting process. The requesting process is provided exclusive access to a page including the requested memory address for a page access time period. The exclusive access to the page provided to the requesting process is released in response to an expiration of the page access time period.

Abstract: There is provided a memory protection system comprising: address storage means storing the start and end addresses of each of a plurality of memory segments; control data storage means storing control data indicative of a type of permitted access to each of the plurality of memory segments; comparison means for comparing said start and end addresses with addresses of a selected memory portion to which a processor seeks access; and combination means for logically combining access data indicative of the type of access sought by the processor to the selected memory portion with said control data; wherein the comparison and combination results are indicative of whether or not the access to the selected memory portion sought by the processor is allowable. The present invention provides for the access protection of memory segments of any required size, both large and small.

Abstract: In some embodiments, a method of detecting pre-operating system malicious software and firmware using chipset general purpose direct memory access hardware capabilities is presented. In this regard, a security agent is introduced to access system memory used by instructions executing on a host processor or microcontroller, to copy contents from the system memory to an internal chipset memory, and to scan the internal memory with an embedded processor for a malicious software pattern. Other embodiments are also disclosed and claimed.

Abstract: An object of the present invention is to provide a computer system and virus-scan method that are capable of full-scanning the logical volume of a SUTOSEN PC with high frequency while limiting the number of virus-scan devices. A computer system including a primary volume storing data from a personal computer, a snapshot volume storing the status of the primary volume at a given point in time, and a save destination volume storing an updated memory area within the primary volume as information on an updated block address reflected in a bitmap, the updated block address corresponding to a memory area within the primary volume, wherein the computer system detects only an updated file in the primary volume from the snapshot volume and the save destination volume, creates an updated volume for storing a relevant updated file, and thereby executes a virus-scan on the updated volume.

Abstract: When a file server is to create data that does not permit falsification in an external storage, it is not possible to guarantee that the rewriting of this data can be prevented from a computer connected to the external storage without going through a file server. Provided is a storage system configured from a first storage having a file I/O processing unit and a second storage connected to this first storage, wherein the first storage includes a unit for requesting a change of access authority to the storage area in the own storage and in the second storage provided to the own storage. An access request to a storage area in a second storage from a computer connected to a second storage without going through a file I/O processing unit is restricted based on the change of access authority executed by the second storage upon receiving the request from the first storage.

Abstract: A method for combating malware monitors all attempts by any software executing on a computer to write data to the computer's digital storage medium and records details of the attempts in a system database having a causal tree structure. The method also intercepts unauthorized attempts by executing objects to modify the memory allocated to other executing objects or to modify a selected set of protected objects stored on the digital storage medium, and may also intercept write attempts by executing objects that have a buffer overflow or that are executing in a data segment of memory. The method may include a procedure for switching the computer into a quasi-safe mode that disables all non-essential processes. Preferably, the database is automatically organized into software packages classified by malware threat level. Entire or packages or portions thereof may be easily selected and neutralized by a local or remote user.

Abstract: A receiving apparatus has a first memory area accessible by a first provider providing first contents and a second memory area accessible by a second provider providing second contents. A receiving unit receives a first access right file and a second access right file. An output unit outputs the first contents or the second contents. A memory control unit stores first information associated with the first contents in the first memory area and stores second information associated with the second contents in the second memory area. A switching unit switches from outputting the first contents to outputting the second contents. A determining unit determines whether the second provider is permitted to access the first memory area. An output controller reads the first information and outputs the second contents based on the first information to the output unit when the second provider is permitted to access the first memory area.

Abstract: Access control unit sends to the access judging unit an access judging check request signal asking whether the requested address falls within one of the access-permitted areas registered in the access judging unit, the access judging unit checks whether the requested address falls within one of the access-permitted areas registered in it and returns to the access control unit an access judging check result signal indicating whether the access request is to be honored or rejected, and the access control unit permits access to the internal bus if the access judging check result signal indicates that the access request is to be honored, or rejects the access request otherwise.

Abstract: A Method and a terminal intended for securing information in a local memory device which is couplable to a terminal having a data link interface. At the terminal, the method comprises the following steps. The method divides 801 original data included in the information to be secured, a division of the original data resulting in a first portion and a second portion. The method stores 802 the first portion in the local memory device and sends 803 the second portion via the data link interface for storage in a remote memory device. The method includes obtaining 804 an authorized read request targeted to the original data and responsive to the authorized read request reconstructs the original data. In more detail, the method retrieves 805 via the data link interface the second portion and combines 806 the second portion and the first portion which was stored in the local memory device.

Abstract: A method and apparatus for moving contents are discussed. According to an embodiment, the method includes determining whether or not a content is to be moved from a first device to a second device based on copy and movement control information, the copy and movement control information indicating whether or not the content is to be moved; performing an authentication to authenticate the first and second devices with each other; and moving the content from the first device to the second device based on the determination result and the authentication result.

Abstract: A computer-readable storage medium having computer-readable code embodied thereon including: program code for restricting access, by a file system running on a host system, to a restricted area of a storage area of a storage device; and program code for enabling at least one application to access the restricted area via the file system. Preferably, the computer-readable code further includes: program code for enabling the storage device to copy data from a non-restricted area to the restricted area. Preferably, the computer-readable code further includes: program code for directing the storage device to route host-system read-requests, directed to addresses in the restricted area, to addresses in a non-restricted area. Preferably, the computer-readable code further includes: program code for applying access commands of the host system to restricted data residing in the restricted area when the host system requests access to non-restricted data addressed to a non-restricted area.

Abstract: A method of controlling a shared memory and a user terminal controlling the operation of the shared memory are disclosed. The portable terminal according to an embodiment of the present invention has a memory unit with a storage area partitioned to blocks in a quantity of n and a plurality of processors reading or writing data by accessing a partitioned block. At least one of the partitioned blocks is assigned as a common storage area, accessible by a processor having an access privilege, and the processor having the access privilege performs an operation of maintaining the data stored in the common storage area. With the present invention, the common storage area can be accessed by a plurality of processors, and thus the data transmission time between the processors can be minimized.

Abstract: A storage system that is capable of communicating with one or more host devices that issue a host input/output request, including two or more physical devices, one or more logical devices provided in the two or more physical devices, said logical devices each representing a logical volume provided in the two or more physical devices, one or more memories that store security information that is information corresponding with each of the one or more logical devices that serves to control access based on a host input/output request for the logical device, and a control device that controls access of a host input/output, said security information being used to permit or deny a read/write request requesting access to the first logical device, said read/write request including a logical unit number (LUN) related to the first logical.

Abstract: Systems and methods that facilitate processing data and securing data written to or read from memory. A processor can include a host memory interface that monitors all bus traffic between a host processor and memory. The host memory interface can analyze commands generated by the host processor and determine the validity of the commands. Valid commands can proceed for further analysis; invalid commands can be aborted, for example, with the host memory interface and memory each set to an idle state. The host memory interface can analyze authentication information obtained via an authentication component, and information regarding memory partition rights, to determine whether a command partition violation exists as to the command. If a violation exists, the host memory interface can prevent the improper command from executing in the memory, and can cause a different operation to occur thereby allowing the memory to be placed in a known state.

Abstract: Exemplary embodiments include a method for enhancing lock acquisition in a multiprocessor system, the method including: sending a lock-load instruction from a first processor to a cache; setting a reservation flag for the first processor, storing a reservation address, storing a shadow register number, and sending lock data to the first processor in response to the lock-load instruction; placing the lock data in target and shadow registers of the first processor; determining from the lock data whether lock is taken; resending the lock-load instruction from the first processor to the cache upon a determination that the lock is taken; determining whether the reservation flag is still set and its main memory address and shadow register number match with the saved reservation address and shadow register number for the first processor; sending a status-quo signal to the first processor without resending the lock data to the first processor upon a determination that the reservation flag is still set for the first p

Abstract: The invention relates to a system and method for controlling implementation of a command to a memory device. In the method, it comprises the following steps: monitoring an instruction stream destined for the memory device for an assertion of a command for the memory device; if the command is detected, evaluating whether the command is a restricted command; and if the command is a restricted command, preventing assertion of the command on the memory device.

Abstract: An image formation system includes: an image formation device having a storage unit; a host device that outputs an image formation instruction including a predetermined code for authentication to the image formation device; a communication line that interconnects the host device with the image formation device, wherein the image formation device is adapted to store the image formation instruction in the storage unit when the image formation instruction including the code for authentication is input, and outputs an image based on the image formation instruction when an operating information matching the code for authentication is input from a user interface.

Abstract: A NoDMA cache including a super page field. The super page field indicates when a set of pages contain protected information. The NoDMA cache is used by a computer system to deny I/O device access to protected information in system memory.