Abstract: A programmable crossbar matrix or an array of steering multiplexors (MUXs) coalesces (i.e., routes) the data values from multiple known “bad” bit positions within multiple symbols of a codeword, to bit positions within a single codeword symbol. The single codeword symbol receiving the known “bad” bit positions may correspond to a check symbol (vs. a data symbol). Configuration of the routing logic may occur at boot or initialization time. The configuration of the routing logic may be based upon error mapping information retrieved from system non-volatile memory (e.g., memory module serial presence detect information), or from memory tests performed during initialization. The configuration of the routing logic may be changed on a per-rank basis.

Abstract: A new approach is proposed to support hardware-based protection for registers of an electronic device. Sources requesting access to the registers are categorized into a set of internal sources that can be trusted and a set of external sources that are untrusted. The registers are classified into a set of internal registers allowed to be accessed by the internal resources only, a set of read-only external registers that can be read by the external resources in addition to accessed by the internal resources, and a set of read/write external registers that can be read and written by both the internal and the external resources. Each access request by a source to the registers includes the source type, wherein access request is granted or denied based on the matching between the source bits in the access request and the register classification bits of the one or more registers to be accessed.

Abstract: When a request for accessing a service is received, a user object may be stored in a long-term data store, as well as in a short-term cache. The cache may be divided into a regular cache that stores full versions of the user objects, and a surrogate cache that stores compact versions of the user object. The compact version of the user object may include a field that is derived from the full user object indicating whether a subsequent request for access to a particular service should be granted. After access is granted/denied based on this value in the compact user object, the system can process an update to the full user object offline. This surrogate cache structure may be used to rapidly approve/deny requests, decoupling this procedure from the processing involved with a full user object.

Abstract: Method for processing data, in which a Petri net is encoded, written into a memory and read and executed by at least one instance, wherein transitions of the Petri net read from at least one tape and/or write on at least one tape symbols or symbol strings, with the aid of at least one head. [FIG. 1]. In an alternative, data-processing, co-operating nets are composed, the composition result is encoded, written into a memory and read and executed from the memory by at least one instance. In doing this, components can have cryptological functions. The data-processing nets can receive and process second data from a cryptological function which is executed in a protected manner. The invention enables processing of data which prevents semantic analysis of laid-open, possibly few processing steps and which can produce a linkage of the processing steps with a hardware which is difficult to isolate.

Abstract: The technology disclosed herein involves tracking contention and using the tracked contention to manage processor cache. The technology can be implemented in a processor's cache controlling logic and can enable the processor to track which locations in main memory are contentious. The technology can use the contentiousness of locations to determine where to store the data in cache and how to allocate and evict cache lines in the cache. In one example, the technology can store the data in a shared cache when the location is contentious and can bypass the shared cache and store the data in the private cache when the location is uncontentious. This may be advantageous because storing the data in shared cache can reduce or avoid having multiple copies in different private caches and can reduce the cache coherency overhead involved to keep copies in the private caches in sync.

Abstract: Certain embodiments disclosed herein reduce or eliminate a communication bottleneck at the storage manager by reducing communication with the storage manager while maintaining functionality of an information management system. In some implementations, a client obtains information for enabling a secondary storage job (e.g., a backup or restore) from a storage manager and stores the information (which may be referred to as job metadata) in a local cache. The client may then reuse the job metadata for multiple storage jobs reducing the frequency of communication with the storage manager. When a configuration of the information management system changes, or the availability of resources changes, the storage manager can push updates to the job metadata to the clients. Further, a client can periodically request updated job metadata from the storage manager ensuring that the client does not rely on out-of-date job metadata.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to detect an access request to access a computing resource while in a system management mode (SMM), determine a bit of a lock register is set to enable access to a bitmap associated with the computing resource, the bitmap to indicate an access policy for the computing resource, and determine whether the access request violate the access policy set in the bitmap. Embodiments may also include performing the access request if the access request does not violate the access policy, and causing a fault if the access request does violate the access policy.

Abstract: A data access manager is provided on a computing device to manage access to secure files stored in memory. The data access manager intercepts function calls from applications to the memory management unit and determines whether an application is allowed to access secure data stored in the memory of the computing device. When an initial request to map the data is received, the data access manager maps both secure data and clear data, obtaining pointers to both secure and clear data. When an application has permission to access the requested data, the data access manager returns the pointer to the clear data. When an application does not have permission to access the requested data, the data access manager returns the pointer to the secure data.

Abstract: A playlist preview is generated to provide a preview of media content items identified by a media playlist. The playlist preview can be created by selecting all or some of the media content items in the playlist, determining preview portions of the selected media content items, and arranging the preview portions with or without a transition effect. The playlist preview can be easily shared with other users through, for example, social media sites.

Abstract: A wear-leveling process for a memory subsystem selects a source chunk to be removed from a usable address space of the memory subsystem to distribute wear across all available chunks in the memory subsystem. The memory subsystem has a plurality of non-volatile memory components. The plurality of non-volatile memory components includes a plurality of chunks including at least one chunk in an unusable address space of the memory subsystem. The wear-leveling process copies valid data of the source chunk to a destination chunk in the unusable address space of the memory subsystem and assigns the destination chunk to a location in the usable address space of the memory subsystem occupied by the source chunk.

Abstract: Embodiments described herein provide systems and methods to streamline the mechanism by which data users access differently regulated data through the use of one or more integrated identifiers. The integrated identifiers lessen or eliminate the need to separately maintain one set of identifiers for regulated data and another set for non-regulated data. The methods and systems may be applicable in various credit and healthcare contexts where regulations over data use are prevalent. In one or more embodiments, a data user receives a unique integrated identifier for each of the data user's current or prospective customers, and the integrated identifiers can be used to persistently identify and track the customers over time and across applications that access regulated and/or non-regulated data. In the healthcare context, a healthcare provider may utilize a patient ID as the integrated identifier. To protect privacy, the integrated identifier may not include social security numbers or birthdates.

Abstract: A content provider system includes: a repository to store a catalog of content; a storage device including at least a first port and a second port; a first hosted device connected to the first port over a first storage interface for access to the storage device, and to execute content stored in the storage device to provide the content to a first user device; a second hosted device connected to the second port over a second storage interface for access to the storage device, and to execute the content stored in the storage device to provide the content to a second user device; and one or more processing circuits to control access to the storage device from the first and second ports by the first and second hosted devices.

Abstract: Embodiments of the present disclosure provide a method, an electronic device, and a computer program product for data processing.

Abstract: According to certain aspects, a system may include a data agent configured to: process a database file residing on a primary storage device(s) to identify a subset of data in the database file for archiving, the database file generated by a database application; and extract the subset of the data from the database file and store the subset of the data in an archive file on the primary storage device(s) as a plurality of blocks having a common size; and at least one secondary storage controller computer configured to, as part of a secondary copy operation in which the archive file is copied to a secondary storage device(s): copy the plurality of blocks to the secondary storage devices to create a secondary copy of the archive file; and create a table that provides a mapping between the copied plurality of blocks and corresponding locations in the secondary storage device(s).

Abstract: A system for managing and facilitating the preview, sale and transfer of digital media files, such as digital photographs and/or digital videos, preferably through text messaging that provides streamlined transactions between photographers and/or videographers and purchasers of digital media files.

Abstract: An illustrative method includes a data protection system determining that data stored by a storage system is under a possible attack, detecting a modify request with respect to the storage system while the data stored by the storage system is under the possible attack, determining that the modify request may be related to the possible attack, and performing, in response to determining that the modify request may be related to the possible attack, a remedial action with respect to the modify request.

Abstract: Apparatuses and methods related to mitigating unauthorized memory access are described. Mitigating unauthorized memory access can include verifying whether an access command is authorized to access a protected region of a memory array. The authorization can be verified utilizing a key and a memory address corresponding to the access command. If an access command is authorized to access a protected region, then a row of the memory array corresponding to the access command can be activated. If an access command is not authorized to access the protected region, then a row of the memory array corresponding to the access command may not be activated.

Abstract: Methods, apparatuses, and systems related to securing memory data are described. A hardware circuit is configured to encrypt and decrypt memory data using a scrambling key unique to a computing process processing the memory data. In writing the memory data, the hardware circuit generates scrambled memory data based on encrypting the memory data according to the security key. The scrambled memory data is stored for the write operation instead of the memory data. When the same process reads back the scrambled data, the same security key can be used to decrypt the scrambled data and recover the initial unscrambled memory data.

Abstract: A circuit device includes a bus, a plurality of master circuits that are coupled to the bus and are bus masters in the bus, and a plurality of slave circuits that are coupled to the plurality of master circuits via the bus and are bus slaves in the bus. Access authority to the bus slaves is set for the plurality of master circuits, and permission setting of read access or write access from the bus masters is performed for the plurality of slave circuits. The plurality of master circuits determine whether the plurality of slave circuits are accessible based on the access authority and the permission setting.

Abstract: A computer system includes a volatile memory and at least one processor. The volatile memory includes a protected storage segment (PSS) configured to store firmware-authentication program code for authenticating firmware of the computer system. The at least one processor is configured to receive a trigger to switch to a given version of the firmware, to obtain, in response to the trigger, a privilege to access the PSS, to authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS, to switch to the given version of the firmware upon successfully authenticating the given version, and to take an alternative action upon failing to authenticate the given version.

Abstract: Embodiments of the present disclosure provide a protective apparatus for an indirect access memory controller. The apparatus can include: a bus monitoring unit configured to monitor a bus address and detect an operation type of a bus accessing the indirect access memory controller, update a corresponding window register if the operation type is a window register operation, initiate permission authentication if the operation type is a register controlling operation, and perform list entry configuration if the operation type is a permission list configuration operation; a window register unit configured to store operation addresses of different access types; a permission list unit configured to partition a memory space into several virtual memory protection areas, and independently set a access permission attribute for each memory area; and an unauthorized operation processing unit configured to process a subsequent operation performed when a permission violating access occurs.

Abstract: An illustrative method includes a data protection system identifying one or more input operations and one or more output operations performed between a source and a storage system, identifying an anomaly in a relationship between the one or more input operations and the one or more output operations, and determining, based on the identifying of the anomaly, that the storage system is possibly being targeted by a security threat.

Abstract: An illustrative method includes a data protection system detecting a request to perform a restricted operation with respect to a recovery dataset configured to be used by a storage system to recover from a data corruption event within the storage system, monitoring, in response to the request, for an occurrence of a predetermined set of one or more authorization events performed with one or more hardware tokens, and preventing the restricted operation from being executed until the each of the one or more authorization events included in the predetermined set occurs.

Abstract: An illustrative method includes determining an encryption indicator for a first recovery dataset by determining a difference in an amount or percentage of incompressible data associated with the first recovery dataset compared to an amount or percentage of incompressible data associated with a second recovery dataset that temporally precedes the first recovery dataset, the encryption indicator representative of data within or represented by the first recovery dataset that cannot be compressed more than a threshold amount; and performing, based on the encryption indicator for the first recovery dataset, an action with respect to the second recovery dataset, wherein the second recovery dataset is usable to restore data maintained by a storage system to a second state corresponding to a second point in time that temporally precedes a first point in time corresponding to the first recovery dataset.

Abstract: A method of writing data to a protected region in response to a request from a host includes receiving a first write request including a first host message authentication code and a first random number from the host, verifying the first write request based on a write count, the first random number, and the first host message authentication code, updating the write count based on a result of verifying the first write request, generating a first device message authentication code based on the updated write count and the first random number, and providing the host with a first response including the first device message authentication code and a result of the verifying of the first write request.

Abstract: A method and apparatus provide recovery from a computing device boot up error by detecting a current boot up error in the computing device, loading a plurality of recovery pre-EFI initialization modules (PEIMs), of a recovery unified extensible firmware interface (UEFI) BIOS for execution, wherein the recovery PEIMS include executable code to pre-initialize at least a processing unit and memory of the computing device in a pre-EFI initialization (PEI) phase of a multi-phase platform initialization operation, and recovering from the boot up error by booting up the computing device using the loaded plurality of recovery pre-EFI initialization modules.

Abstract: A logical-to-physical (L2P) data structure and a physical-to-logical (P2L) data structure are maintained. The L2P data structure comprises table entries that map a logical address to a physical address. The P2L data structure comprises data entries that map a physical address to a logical address. The P2L data entries also comprise a data move status, a base address, and a boundary indicator. A move operation is detected, wherein the move operation indicates that data referenced by a logical address is to be moved from a source physical address to a destination physical address. Responsive to detecting the move operation, the data move status associated with the source physical address in the P2L data structure is updated.

Abstract: The technology disclosed herein enhances a fault-based communication channel between a virtual machine and a hypervisor. An example method may include: configuring, by a hypervisor, a first memory location to generate one or more faults when accessed by a virtual machine process, wherein the first memory location is mapped to a device and a second memory location is mapped to memory; detecting, by the hypervisor, a fault caused by a first execution of an instruction of the virtual machine process, wherein the instruction comprises a reference to a register comprising the first memory location; responsive to the detecting the fault, the hypervisor performing a computing task for the virtual machine process and updating the register to comprise the second memory location; and initiating, by the hypervisor, a second execution of the instruction of the virtual machine process, wherein the second execution of the instruction accesses the second memory location.

Abstract: Disclosed deduplication techniques at a distributed data storage system guarantee that space reclamation will not affect deduplicated data integrity even without perfect synchronization between components. By understanding certain “behavioral” characteristics and schedule cadences of backup operations that generate backup copies received at the distributed data storage system, data blocks that are not re-written by subsequent backup copies are pro-actively aged, while promoting continued retention of data blocks that are re-written. An expiry scheme operates with block-level granularity. Each unique deduplicated data block is given an expiry timeframe based on the block's arrival time at the distributed data storage system (i.e., when a backup copy supplies the block) and further based on backup frequencies of the various virtual disks referencing a unique system-wide identifier of the block, which is based on the block's hash value. Communications between components are kept to an as-needed basis.

Abstract: Disclosed are various embodiments for generating location confirmation models using crowdsourced wireless fingerprints. Wireless fingerprints can be generated and associated with a given location during events that use proximity to specific locations. The wireless fingerprints can be processed to generate location confirmation models that can be used for location confirmation. Periodically, the collected wireless fingerprints can be analyzed and compared to previously collected wireless fingerprints to detect a change in a wireless infrastructure at the given location. Upon determining that a previously generated location confirmation model is invalid according to a level of significance of the change, the outdated wireless fingerprints can be identified and removed from storage or otherwise ignored for future models. An updated location confirmation model can be generated using the up-to-date wireless fingerprints.

Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.

Abstract: The present application discloses a magnetic disk management method, an apparatus and an electronic device by providing an engine layer including a plurality of space files and an encapsulation layer including a file directory tree of a space file structure; where the engine layer responds to a data management operation performed for a target space file of the file directory tree output by the engine layer, and a target magnetic disk space corresponding to the target space files is determined through the address association list of the encapsulation layer, and data management is performed on the data in the target magnetic disk space. Thereby, different data can be isolated by different space files when entering through the engine layer, which ensures that security issues such as leakage of the data in the magnetic disk will not occur.

Abstract: An illustrative method includes a data protection system directing a storage system to generate recovery datasets over time in accordance with a data protection parameter set, the recovery datasets usable to restore data maintained by the storage system to a state corresponding to a selectable point in time, determining that the storage system is possibly being targeted by a security threat, and modifying, in response to the determining that the storage system is possibly being targeted by the security threat, the data protection parameter set for one or more of the recovery datasets.

Abstract: A hardware monitor arranged to detect out-of-bounds violations in a hardware design for an electronic device. The hardware monitors include monitor and detection logic configured to monitor the current operating state of an instantiation of the hardware design and detect when the instantiation of the hardware design implements a fetch of an instruction from memory; and assertion evaluation logic configured to evaluate one or more assertions that assert a formal property that compares the memory address of the fetched instruction to an allowable memory address range associated with the current operating state of the instantiation of the hardware design to determine whether there has been an out-of-bounds violation. The hardware monitor may be used by a formal verification tool to exhaustively verify that the hardware design does not cause an instruction to be fetched from an out-of-bounds address.

Abstract: An illustrative method includes a data protection system determining a first compressibility metric associated with write traffic processed by a storage system, the first compressibility metric indicating an amount of storage space saved if the write traffic is compressed; determining a second compressibility metric associated with read traffic processed by a storage system, the second compressibility metric indicating an amount of storage space saved if the read traffic is compressed; determining, based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic; determining, based on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and performing, based on the determining that the storage system is possibly being targeted by the security threat, a remedial action with respect to the storage system.

Abstract: There is provided a method and system for digital rights enforcement. The method includes: determining digital content requested by a user via a selected user device; determining digital rights associated with the digital content; reviewing the digital rights to determine access rights relating to authorized devices for the user; determining whether the user has exhausted the access rights; and if the access rights are exhausted: determining at least one use factor for each of the user's previously authorized user devices; determining a previously authorized user device on which to revoke access to the digital content based on the at least one use factor; and revoking access rights to the previously authorized user associated device; otherwise downloading the digital content on the selected user device. The system includes a content review module and a revoker module.

Abstract: An illustrative method includes a data protection system determining a delta metric between a first recovery dataset generated by a storage system at a first time and a second recovery dataset generated by the storage system at a second time subsequent to the first time and determining, based on the delta metric, whether data maintained by the storage system is possibly being targeted by a security threat.

Abstract: Apparatuses and techniques are described for detecting and isolating defective blocks of memory cells in a multi-plane operation such as program or erase. In one aspect, a program operation begins in a multi-plane mode, for one block in each plane. If fewer than all blocks complete programming by the time a trigger number of program loops have been performed, one or more unpassed blocks are programmed further, one at a time, in a single plane mode. If the one or more unpassed blocks do not complete programming when a maximum allowable number of program loops have been performed, they are marked as bad blocks and disabled from further operations. In another aspect, when a trigger number of program loops have been performed, one or more unpassed blocks are subject to a word line leakage detection operation.

Abstract: An illustrative method includes a storage system receiving attribute data representative of one or more attributes of a known attack against data maintained by a target system other than the storage system, updating an extensible attack monitoring process executed by the storage system with the attribute data, and monitoring, using the extensible attack monitoring process updated with the attribute data, storage operation requests of the storage system for one or more attributes that match the one or more attributes of the known attack.

Abstract: An illustrative method includes a data protection system detecting, for a storage system, a potential data corruption in the storage system, analyzing, in response to the detecting of the potential data corruption, one or more metrics of the storage system, and determining, based on the analyzing of the one or more metrics of the storage system, a corruption-free recovery point for potential use to recover from the potential data corruption.

Abstract: A method includes determining, by component of a memory sub-system, workload characteristics corresponding to a workload to be received by the memory sub-system. The method can further include dynamically altering a performance attribute of the memory sub-system based, at least in part, based on the determined workload characteristics.

Abstract: In an information management system that manages encrypted personal information on a user stored in a storage device, a personal information appropriateness/inappropriateness determination section determines whether or not the personal information stored in the storage device is appropriate when access permission information is received from a user terminal used by the user, the access permission information instructing that a requesting entity requesting the personal information be permitted to access the personal information. A personal information access management section enables the requesting entity to access the personal information stored in the storage device when it is determined by the personal information appropriateness/inappropriateness determination section that the personal information stored in the storage device is appropriate.

Abstract: A method and apparatus for performing access control of a memory device with aid of aggressor bit information are provided. The method includes: receiving a first host read command from a host device; sending a first read command to the NV memory in order to try reading first data from a first page; sending a second read command to the NV memory to obtain soft-decoding information and performing a first soft-decoding operation according to the soft-decoding information in order to try obtaining the first data from the first soft-decoding operation; reading multiple bits from at least one aggressor page to be the aggressor bit information; converting the soft-decoding information into adjusted soft-decoding information according to the aggressor bit information of the at least one aggressor page; and performing a second soft-decoding operation according to the adjusted soft-decoding information to obtain the first data from the second soft-decoding operation.

Abstract: An illustrative method includes a data protection system detecting a request to perform an operation with respect to a storage system, identifying one or more attributes of the request, determining, based on the one or more attributes, that the request is possibly related to a security threat against the storage system, and throttling, based on the determining that the request is possibly related to the security threat against the storage system, a performance of the operation.

Abstract: Example implementation described herein are directed to a mechanism to provision data volume which requires remote data copy between separated clusters, especially for the container platform. For a request to create a volume made to the clusters, example implementations can involve creating a first volume in a first cluster; obtaining volume information of a corresponding second volume from a second cluster; configuring the first volume and the corresponding second volume in the second cluster to have a remote copy relationship based on the obtained volume information; and setting access from the container to the first volume and the corresponding second volume based on the remote copy relationship.

Abstract: An integrated circuit including an input terminal and an output terminal, signal generator circuitry that generates a pseudo-random digital signal provided at the output terminal, and comparator circuitry that compares an input signal received via the input terminal with the pseudo-random digital signal for providing a tamper detection signal indicative thereof. The signal generator circuitry may be a pseudo-random binary sequence generator or may be a linear-feedback shift register with software triggered reloading. The comparator circuitry may include a Boolean logic exclusive-OR gate for comparing the output and input signals. A method of detecting tampering including generating and providing a pseudo-random digital signal at an output terminal and comparing an input signal received via an input terminal with the pseudo-random digital signal for providing a tamper detection signal indicative thereof.

Abstract: An engineering system for an industrial process automation system, wherein components of the industrial process automation system are each represented by a computer-based object within the engineering system and are continuously stored in an engineering database, where functions of the engineering system are made available as services via a standard service interface, process sequences and states for retrieving or processing objects stored in the engineering database are stored in an order database that is separate from the engineering database, and access to process sequences and states that are stored in the order database occurs via an order interface that is separate from the standard service interface.

Abstract: A computing device determines, for a first time period, a usage-based file list identifying one or more executable files. The computing device determines, for each of the one or more executable files identified by the usage-based file list, whether to perform a malware scan upon the executable file based on a cached record for the executable file. The computing device schedules, for execution during a preceding time period before the first time period, a malware scan for at least one of the one or more executable files based on the corresponding determination of whether to perform a malware scan. Each scheduled malware scan is initiated as a low priority thread for execution. The computing device performs each scheduled malware scan during the preceding time period.

Abstract: Disclosed is an electronic apparatus. The electronic apparatus includes: a non-volatile memory having no internal controller; and a controller configured to: control the non-volatile memory, and transmit, to the non-volatile memory, first data and a generated first message authentication code (MAC). Accordingly, it is possible to efficiently defend against a replay attack in a non-volatile memory having no internal controller.

Abstract: An embodiment includes deriving usage data associated with records of a database by monitoring requests to perform read operations on the records of the database. The embodiment generates record correlation data representative of correlations between respective groups of records of the database by parsing the usage data associated with the records of the database. The embodiment stores a plurality of records received as respective write requests during a first time interval in an intermediate storage medium. The embodiment identifies a correlation in the record correlation data between a first record of the plurality of records and a second record of the plurality of records. The embodiment selects, responsive to identifying the correlation, a first location in the database for writing the first record and a second location in the database for writing the second record based on a proximity of the first location to the second location.