Abstract: Systems of reversible USB type-A connectors which can be functionally mated with standard USB type-A connectors in each of two coupling orientations can also be reversibly mated with each other. Each plug and each receptacle includes at least one displaceable element which assumes: (a) a neutral configuration prior to coupling with the standard USB receptacle, (b) a first displaced configuration when coupled with the standard USB receptacle in a first coupling orientation, and (c) a second displaced configuration when coupled with the standard USB receptacle in a second coupling orientation. The reversible plug and the reversible receptacle are adapted for functionally mating with each other in each of two relative coupling orientations such that the displaceable element of a pre-selected one of the connectors assumes the corresponding first displaced configuration independent of the relative coupling orientation between the connectors.

Abstract: Data are encoded as a systematic or nonsystematic codeword that is stored in a memory such as a flash memory. A representation of the codeword is read from the memory. A plurality of bits related to the representation of the codeword is decoded iteratively. The plurality of bits could be, for example, part or all of the representation of the codeword itself or part or all of the results of preliminary processing of part or all of the representation of the codeword.

Abstract: Data stored in a memory are provided to a host by monitoring how the host accesses the data, and by responding to a deviation of the access from a dynamic access profile that corresponds to the data, e.g. by terminating the access, by issuing a report of the deviation, or by sending spurious data to the host. Preferably, the dynamic access profile is stored in the memory in association with the data. A data storage device includes a memory for storing the data and an access control mechanism.

Abstract: Side channel attacks against a computing device are prevented by combinations of scrambling data to be stored in memory and scrambling the memory addresses of the data using software routines to execute scrambling and descrambling functions. Encrypted versions of variables, data and lookup tables, commonly employed in cryptographic algorithms, are thus dispersed into pseudorandom locations. Data and cryptographic primitives that require data-dependent memory accesses are thus shielded from attacks that could reveal memory access patterns and compromise cryptographic keys.

Abstract: A method for storing data includes providing a memory package including an integrated circuit containing a non-volatile memory and counter circuitry. The data is written to the non-volatile memory. The counter circuitry is operated to maintain a count of write operations performed on the non-volatile memory. The data and the count from the memory package are received at a controller, separate from the memory package, and the data is authenticated in response to the count.

Abstract: A method for data integrity protection includes receiving items of data for storage in a storage medium. The items are grouped into multiple groups, such that at least some of the groups include respective pluralities of the items. A respective group signature is computed over each of the groups, thereby generating multiple group signatures. An upper-level signature is computed over the group signatures. Groups of the items, the group signatures, and the upper-level signature are stored in respective locations in the storage medium.

Abstract: A method for data cryptography includes accepting input data, which contains a section that is to undergo a cryptographic operation and starts at an offset with respect to a beginning of the input data, by a Direct Memory Access (DMA) module. The input data is aligned by the DMA module to cancel out the offset. The aligned input data is read out of the DMA module, and the cryptographic operation is performed on the section.

Abstract: A method for data integrity protection includes arranging in an integrity hierarchy a plurality of data blocks, which contain data. The integrity hierarchy includes multiple levels of signature blocks containing signatures computed respectively over lower levels in the hierarchy, wherein the levels culminate in a top-level block containing a top-level signature computed over the hierarchy. A modification to be made in the data stored in a given data block is received. One or more of the signatures is recomputed in response to the modification, including the top-level signature. Copies of the given data block, and of the signature blocks, including a copy of the top-level block, are stored in respective locations in a storage medium. An indication that the copy is a valid version of the top-level block is recorded in the copy of the top-level block.

Abstract: A method for data storage includes employing a first CPU to execute code from a ROM associated therewith. A second CPU is employed to upload code from a flash memory to a code RAM associated with the first CPU, while the first CPU is available to perform other tasks.

Abstract: A method for data integrity protection includes storing items of data in a plurality of data blocks in a storage medium. Respective block signatures are stored in an integrity structure in the storage medium. A block signature of the given data block is computed in response to a first request to read a first data item from a given data block, and the computed signature is verified against a stored signature read from the integrity structure. The verified block signature is saved in a secure cache. The block signature is recomputed upon receiving a second request to read a second data item, subsequent to the first request, and is verified against the verified block signature in the secure cache. The data item is output from the storage medium in response to verifying the recomputed block signature.

Abstract: A method for random number generation includes generating random number sequences using a Random Number Generator (RNG) circuit having an externally-modifiable configuration. The RNG circuit generates a first random number sequence having a first measure of randomness, and modifies the configuration of the RNG circuit, causing the RNG circuit to generate a second random number sequence having a second measure of the randomness, indicating a degree of the randomness that is no less than the first measure.

Abstract: A method for data integrity protection includes arranging data in a plurality of data blocks. A respective block signature is computed over each of the data blocks, thereby generating multiple block signatures. The data blocks and the block signatures in an integrity hierarchy are stored in a storage medium, the hierarchy comprising multiple levels of signature blocks containing signatures computed over lower levels in the hierarchy, culminating in a top-level block containing a top-level signature computed over all of the hierarchy. A modification is made in the data stored in a given data block within the hierarchy. The respective block signature of the given data block is recomputed in response to the modification, and the recomputed block signature is stored in the top-level block for use in verifying a subsequent requests to read data from the given data block.

Abstract: A method for protection of data includes maintaining a control parameter indicative of a current version of the data. The data is partitioned into multiple segments. Respective signatures of the segments are computed, responsively to the control parameter, the segments and respective signatures forming respective signed input segments, which are stored in a memory. After the signed input segments are stored, a signed output segment is fetched from the memory. The signature of the signed output segment is verified responsively to the control parameter, and the data in the signed output segment is processed responsively to verifying the signature.

Abstract: A method for protecting information in a device includes providing a device with a non-secure hardware domain, a processor having a software-controlled mode of operation, and a secure hardware domain having a secure memory that is inaccessible by the processor when the processor is operating in the software-controlled mode of operation. Data from the non-secure hardware domain is established in the secure hardware domain. Computing operations are executed on the data in the secure hardware domain to produce a result. The secure hardware domain is purged, while retaining the result therein. The result is thereafter returned from the secure hardware domain into the non-secure hardware domain.

Abstract: A method for data storage includes supplying data to and from a host to a storage memory via a secure data path. A first CPU is employed to control operation of the storage memory, and a second CPU is employed to control operation of the secure data path.

Abstract: A counting device includes a set of memory cells, including multiple groups of the memory cells configured to store count words of a count code, which include a less significant word and a more significant word. A controller assigns first and second groups of the memory cells to store the less significant word and the more significant word. The controller increments the less significant word from an initial value up to a first limit in each plurality of successive first iterations and increments the more significant word from an initial value up to a second limit in each of a plurality of successive second iterations in response to reaching the first limit. Upon reaching the second limit, the controller makes a new assignment of the groups of the memory cells that are to store the less significant word and the more significant word.

Abstract: A driver for a data storage device includes an access command and a verification command. The access command initiates an access (write, erase or read) of the data storage device while allowing a calling application to continue running without having to wait for the completion of the access. The verification command queries a preceding access. If the query indicates failure of the preceding access, the verification command repeats the preceding access until the preceding access succeeds. The verification command is called by the access command before the access command initiates a new access. The verification command also is called by an application following a sequence of related access command calls. A write access command saves the data to be written in a memory separate from the data storage device, in case the verification command needs that data to repeat a failed write.

Abstract: The present invention discloses methods for storing data in a flash-memory storage device, the method including the steps of: receiving, by the device, primary data to be stored in the device and to be read from the device at a primary reading speed; storing at least part of the primary data only in fast pages in the device, wherein the fast pages are located in multi-level cells of the device; designating, by the device, secondary data to be read from the device at a secondary reading speed, wherein the secondary reading speed is slower than the primary reading speed; and storing at least part of the secondary data only in slow pages in the device, wherein the slow pages are located in the multi-level cells. Preferably, the method further includes the step of: moving the secondary data from a previously-stored area in the device to the slow pages.

Abstract: A method of managing a plurality of files according to their respective instances of a property of the files, a data processing device that uses the method, and a computer readable storage medium bearing code for implementing the method. The files of at least one of the instances are managed according to a management protocol respective to that/those instance(s). Preferably, all the other files are managed according to a common default management protocol. Different protocols trade off performance vs. ruggedness, trade off average performance vs. latency, or include different defragmentation policies.