Abstract: An apparatus comprises a processing device configured to maintain a deduplication data structure comprising sub-portions associated with different compression ratio ranges and having different numbers of data block identifiers. The processing device is also configured to identify a given data block identifier and a given compression ratio for a given data block to be stored, and to determine whether the given data block identifier is in a given one of the sub-portions having a given compression ratio range including the given compression ratio. The processing device is further configured, responsive to determining that the given data block identifier is not in the given sub-portion, to write the given data block to a physical space block of the storage system and, responsive to determining that the given data block identifier is in the given sub-portion, to increment a deduplication reference count for the given data block identifier.

Abstract: A storage system receives a command from a host to overwrite data that is stored in a memory of the storage system. The command may have been issued in error or by malware, so the storage system preserves the data that the host wants to overwrite, just in case the host later wants to recover the data. To do this, the storage system associates the physical address of the location of the memory that stores the data with a logical block address that is inaccessible by the host. To recover the data, the storage system replaces the logical block address that is inaccessible by the host with a logical block address that is accessible by the host.

Abstract: A sample is received for analysis. A determination is made that the sample was compiled for a CPU architecture that is different from a host CPU architecture. The sample is executed in an emulated user space corresponding to the CPU architecture for which the sample was compiled. The emulated user space is provided by executing a user space emulation utility in a virtual machine that shares the host CPU architecture.

Abstract: Embodiments for providing end-to-end automated contextual and differentiated application level replication by dynamically creating replication profiles for asynchronous or synchronous replication at runtime to maintain any relevant service level agreement requirements. Based on relevant operating information, data sources are identified as critical and non-critical servers and their data is tagged accordingly in the replication application by using an analytics engine. The information and tags are used to produce a trained model for machine learning processes that can generated predictions for future replication operations. An error handler identifies erroneous predictions and provides a fallback mechanism to avoid any customer replication service level agreement breach at any given time.

Abstract: Apparatuses, methods, and systems are disclosed for deriving an operating system identity. One method includes determining, at a remote unit, a type of operating system used by the remote unit. The method includes determining a domain name corresponding to the type of operating system. The method includes deriving an operating system identity by applying a hash function to the domain name and a predetermined value. The method includes transmitting a first message to a mobile communication network. In such embodiments, the first message includes the operating system identity.

Abstract: A semiconductor memory device comprises: a first pad receiving a first signal; a second pad receiving a second signal; a first memory cell array; a first sense amplifier connected to the first memory cell array; a first data register connected to the first sense amplifier and configured to store user data read from the first memory cell array; and a control circuit configured to execute an operation targeting the first memory cell array. The first memory cell array comprises a plurality of first memory strings. The first memory strings each comprise a plurality of first memory cell transistors. In a first mode of this semiconductor memory device, a command set instructing the operation is inputted via the first pad. In a second mode of this semiconductor memory device, the command set is inputted via the second pad.

Abstract: During a garbage collection process of a data storage device, superblocks may be filled with dummy data, which may decrease device performance. Embodiments described herein provide systems, methods, and computer readable media for varying a size of a superblock to reduce or eliminate dummy data in a data storage device including a plurality of superblocks. Each of the plurality of superblocks including a plurality of die blocks.

Abstract: An information handling system may include at least one processor; a plurality of physical storage resources; and a network interface configured to communicatively couple the information handling system to a plurality of host systems; wherein the information handling system is configured to: determine a likelihood of compromise for each of the plurality of host systems; and in response to the likelihood of compromise for a particular host system exceeding a threshold likelihood, carry out a remedial action with respect to the particular host system, wherein the remedial action includes restricting access from the particular host system to the plurality of physical storage resources.

Abstract: A programmable crossbar matrix or an array of steering multiplexors (MUXs) coalesces (i.e., routes) the data values from multiple known “bad” bit positions within multiple symbols of a codeword, to bit positions within a single codeword symbol. The single codeword symbol receiving the known “bad” bit positions may correspond to a check symbol (vs. a data symbol). Configuration of the routing logic may occur at boot or initialization time. The configuration of the routing logic may be based upon error mapping information retrieved from system non-volatile memory (e.g., memory module serial presence detect information), or from memory tests performed during initialization. The configuration of the routing logic may be changed on a per-rank basis.

Abstract: A new approach is proposed to support hardware-based protection for registers of an electronic device. Sources requesting access to the registers are categorized into a set of internal sources that can be trusted and a set of external sources that are untrusted. The registers are classified into a set of internal registers allowed to be accessed by the internal resources only, a set of read-only external registers that can be read by the external resources in addition to accessed by the internal resources, and a set of read/write external registers that can be read and written by both the internal and the external resources. Each access request by a source to the registers includes the source type, wherein access request is granted or denied based on the matching between the source bits in the access request and the register classification bits of the one or more registers to be accessed.

Abstract: When a request for accessing a service is received, a user object may be stored in a long-term data store, as well as in a short-term cache. The cache may be divided into a regular cache that stores full versions of the user objects, and a surrogate cache that stores compact versions of the user object. The compact version of the user object may include a field that is derived from the full user object indicating whether a subsequent request for access to a particular service should be granted. After access is granted/denied based on this value in the compact user object, the system can process an update to the full user object offline. This surrogate cache structure may be used to rapidly approve/deny requests, decoupling this procedure from the processing involved with a full user object.

Abstract: The technology disclosed herein involves tracking contention and using the tracked contention to manage processor cache. The technology can be implemented in a processor's cache controlling logic and can enable the processor to track which locations in main memory are contentious. The technology can use the contentiousness of locations to determine where to store the data in cache and how to allocate and evict cache lines in the cache. In one example, the technology can store the data in a shared cache when the location is contentious and can bypass the shared cache and store the data in the private cache when the location is uncontentious. This may be advantageous because storing the data in shared cache can reduce or avoid having multiple copies in different private caches and can reduce the cache coherency overhead involved to keep copies in the private caches in sync.

Abstract: Method for processing data, in which a Petri net is encoded, written into a memory and read and executed by at least one instance, wherein transitions of the Petri net read from at least one tape and/or write on at least one tape symbols or symbol strings, with the aid of at least one head. [FIG. 1]. In an alternative, data-processing, co-operating nets are composed, the composition result is encoded, written into a memory and read and executed from the memory by at least one instance. In doing this, components can have cryptological functions. The data-processing nets can receive and process second data from a cryptological function which is executed in a protected manner. The invention enables processing of data which prevents semantic analysis of laid-open, possibly few processing steps and which can produce a linkage of the processing steps with a hardware which is difficult to isolate.

Abstract: Certain embodiments disclosed herein reduce or eliminate a communication bottleneck at the storage manager by reducing communication with the storage manager while maintaining functionality of an information management system. In some implementations, a client obtains information for enabling a secondary storage job (e.g., a backup or restore) from a storage manager and stores the information (which may be referred to as job metadata) in a local cache. The client may then reuse the job metadata for multiple storage jobs reducing the frequency of communication with the storage manager. When a configuration of the information management system changes, or the availability of resources changes, the storage manager can push updates to the job metadata to the clients. Further, a client can periodically request updated job metadata from the storage manager ensuring that the client does not rely on out-of-date job metadata.

Abstract: Various embodiments are generally directed to an apparatus, method and other techniques to detect an access request to access a computing resource while in a system management mode (SMM), determine a bit of a lock register is set to enable access to a bitmap associated with the computing resource, the bitmap to indicate an access policy for the computing resource, and determine whether the access request violate the access policy set in the bitmap. Embodiments may also include performing the access request if the access request does not violate the access policy, and causing a fault if the access request does violate the access policy.

Abstract: A data access manager is provided on a computing device to manage access to secure files stored in memory. The data access manager intercepts function calls from applications to the memory management unit and determines whether an application is allowed to access secure data stored in the memory of the computing device. When an initial request to map the data is received, the data access manager maps both secure data and clear data, obtaining pointers to both secure and clear data. When an application has permission to access the requested data, the data access manager returns the pointer to the clear data. When an application does not have permission to access the requested data, the data access manager returns the pointer to the secure data.

Abstract: A playlist preview is generated to provide a preview of media content items identified by a media playlist. The playlist preview can be created by selecting all or some of the media content items in the playlist, determining preview portions of the selected media content items, and arranging the preview portions with or without a transition effect. The playlist preview can be easily shared with other users through, for example, social media sites.

Abstract: Embodiments described herein provide systems and methods to streamline the mechanism by which data users access differently regulated data through the use of one or more integrated identifiers. The integrated identifiers lessen or eliminate the need to separately maintain one set of identifiers for regulated data and another set for non-regulated data. The methods and systems may be applicable in various credit and healthcare contexts where regulations over data use are prevalent. In one or more embodiments, a data user receives a unique integrated identifier for each of the data user's current or prospective customers, and the integrated identifiers can be used to persistently identify and track the customers over time and across applications that access regulated and/or non-regulated data. In the healthcare context, a healthcare provider may utilize a patient ID as the integrated identifier. To protect privacy, the integrated identifier may not include social security numbers or birthdates.

Abstract: A wear-leveling process for a memory subsystem selects a source chunk to be removed from a usable address space of the memory subsystem to distribute wear across all available chunks in the memory subsystem. The memory subsystem has a plurality of non-volatile memory components. The plurality of non-volatile memory components includes a plurality of chunks including at least one chunk in an unusable address space of the memory subsystem. The wear-leveling process copies valid data of the source chunk to a destination chunk in the unusable address space of the memory subsystem and assigns the destination chunk to a location in the usable address space of the memory subsystem occupied by the source chunk.

Abstract: A content provider system includes: a repository to store a catalog of content; a storage device including at least a first port and a second port; a first hosted device connected to the first port over a first storage interface for access to the storage device, and to execute content stored in the storage device to provide the content to a first user device; a second hosted device connected to the second port over a second storage interface for access to the storage device, and to execute the content stored in the storage device to provide the content to a second user device; and one or more processing circuits to control access to the storage device from the first and second ports by the first and second hosted devices.

Abstract: A system for managing and facilitating the preview, sale and transfer of digital media files, such as digital photographs and/or digital videos, preferably through text messaging that provides streamlined transactions between photographers and/or videographers and purchasers of digital media files.

Abstract: According to certain aspects, a system may include a data agent configured to: process a database file residing on a primary storage device(s) to identify a subset of data in the database file for archiving, the database file generated by a database application; and extract the subset of the data from the database file and store the subset of the data in an archive file on the primary storage device(s) as a plurality of blocks having a common size; and at least one secondary storage controller computer configured to, as part of a secondary copy operation in which the archive file is copied to a secondary storage device(s): copy the plurality of blocks to the secondary storage devices to create a secondary copy of the archive file; and create a table that provides a mapping between the copied plurality of blocks and corresponding locations in the secondary storage device(s).

Abstract: Embodiments of the present disclosure provide a method, an electronic device, and a computer program product for data processing.

Abstract: An illustrative method includes a data protection system determining that data stored by a storage system is under a possible attack, detecting a modify request with respect to the storage system while the data stored by the storage system is under the possible attack, determining that the modify request may be related to the possible attack, and performing, in response to determining that the modify request may be related to the possible attack, a remedial action with respect to the modify request.

Abstract: Apparatuses and methods related to mitigating unauthorized memory access are described. Mitigating unauthorized memory access can include verifying whether an access command is authorized to access a protected region of a memory array. The authorization can be verified utilizing a key and a memory address corresponding to the access command. If an access command is authorized to access a protected region, then a row of the memory array corresponding to the access command can be activated. If an access command is not authorized to access the protected region, then a row of the memory array corresponding to the access command may not be activated.

Abstract: Methods, apparatuses, and systems related to securing memory data are described. A hardware circuit is configured to encrypt and decrypt memory data using a scrambling key unique to a computing process processing the memory data. In writing the memory data, the hardware circuit generates scrambled memory data based on encrypting the memory data according to the security key. The scrambled memory data is stored for the write operation instead of the memory data. When the same process reads back the scrambled data, the same security key can be used to decrypt the scrambled data and recover the initial unscrambled memory data.

Abstract: A computer system includes a volatile memory and at least one processor. The volatile memory includes a protected storage segment (PSS) configured to store firmware-authentication program code for authenticating firmware of the computer system. The at least one processor is configured to receive a trigger to switch to a given version of the firmware, to obtain, in response to the trigger, a privilege to access the PSS, to authenticate the given version of the firmware by executing the firmware-authentication program code from the PSS, to switch to the given version of the firmware upon successfully authenticating the given version, and to take an alternative action upon failing to authenticate the given version.

Abstract: A circuit device includes a bus, a plurality of master circuits that are coupled to the bus and are bus masters in the bus, and a plurality of slave circuits that are coupled to the plurality of master circuits via the bus and are bus slaves in the bus. Access authority to the bus slaves is set for the plurality of master circuits, and permission setting of read access or write access from the bus masters is performed for the plurality of slave circuits. The plurality of master circuits determine whether the plurality of slave circuits are accessible based on the access authority and the permission setting.

Abstract: Embodiments of the present disclosure provide a protective apparatus for an indirect access memory controller. The apparatus can include: a bus monitoring unit configured to monitor a bus address and detect an operation type of a bus accessing the indirect access memory controller, update a corresponding window register if the operation type is a window register operation, initiate permission authentication if the operation type is a register controlling operation, and perform list entry configuration if the operation type is a permission list configuration operation; a window register unit configured to store operation addresses of different access types; a permission list unit configured to partition a memory space into several virtual memory protection areas, and independently set a access permission attribute for each memory area; and an unauthorized operation processing unit configured to process a subsequent operation performed when a permission violating access occurs.

Abstract: An illustrative method includes determining an encryption indicator for a first recovery dataset by determining a difference in an amount or percentage of incompressible data associated with the first recovery dataset compared to an amount or percentage of incompressible data associated with a second recovery dataset that temporally precedes the first recovery dataset, the encryption indicator representative of data within or represented by the first recovery dataset that cannot be compressed more than a threshold amount; and performing, based on the encryption indicator for the first recovery dataset, an action with respect to the second recovery dataset, wherein the second recovery dataset is usable to restore data maintained by a storage system to a second state corresponding to a second point in time that temporally precedes a first point in time corresponding to the first recovery dataset.

Abstract: An illustrative method includes a data protection system identifying one or more input operations and one or more output operations performed between a source and a storage system, identifying an anomaly in a relationship between the one or more input operations and the one or more output operations, and determining, based on the identifying of the anomaly, that the storage system is possibly being targeted by a security threat.

Abstract: An illustrative method includes a data protection system detecting a request to perform a restricted operation with respect to a recovery dataset configured to be used by a storage system to recover from a data corruption event within the storage system, monitoring, in response to the request, for an occurrence of a predetermined set of one or more authorization events performed with one or more hardware tokens, and preventing the restricted operation from being executed until the each of the one or more authorization events included in the predetermined set occurs.

Abstract: A method of writing data to a protected region in response to a request from a host includes receiving a first write request including a first host message authentication code and a first random number from the host, verifying the first write request based on a write count, the first random number, and the first host message authentication code, updating the write count based on a result of verifying the first write request, generating a first device message authentication code based on the updated write count and the first random number, and providing the host with a first response including the first device message authentication code and a result of the verifying of the first write request.

Abstract: A method and apparatus provide recovery from a computing device boot up error by detecting a current boot up error in the computing device, loading a plurality of recovery pre-EFI initialization modules (PEIMs), of a recovery unified extensible firmware interface (UEFI) BIOS for execution, wherein the recovery PEIMS include executable code to pre-initialize at least a processing unit and memory of the computing device in a pre-EFI initialization (PEI) phase of a multi-phase platform initialization operation, and recovering from the boot up error by booting up the computing device using the loaded plurality of recovery pre-EFI initialization modules.

Abstract: A logical-to-physical (L2P) data structure and a physical-to-logical (P2L) data structure are maintained. The L2P data structure comprises table entries that map a logical address to a physical address. The P2L data structure comprises data entries that map a physical address to a logical address. The P2L data entries also comprise a data move status, a base address, and a boundary indicator. A move operation is detected, wherein the move operation indicates that data referenced by a logical address is to be moved from a source physical address to a destination physical address. Responsive to detecting the move operation, the data move status associated with the source physical address in the P2L data structure is updated.

Abstract: Disclosed deduplication techniques at a distributed data storage system guarantee that space reclamation will not affect deduplicated data integrity even without perfect synchronization between components. By understanding certain “behavioral” characteristics and schedule cadences of backup operations that generate backup copies received at the distributed data storage system, data blocks that are not re-written by subsequent backup copies are pro-actively aged, while promoting continued retention of data blocks that are re-written. An expiry scheme operates with block-level granularity. Each unique deduplicated data block is given an expiry timeframe based on the block's arrival time at the distributed data storage system (i.e., when a backup copy supplies the block) and further based on backup frequencies of the various virtual disks referencing a unique system-wide identifier of the block, which is based on the block's hash value. Communications between components are kept to an as-needed basis.

Abstract: The technology disclosed herein enhances a fault-based communication channel between a virtual machine and a hypervisor. An example method may include: configuring, by a hypervisor, a first memory location to generate one or more faults when accessed by a virtual machine process, wherein the first memory location is mapped to a device and a second memory location is mapped to memory; detecting, by the hypervisor, a fault caused by a first execution of an instruction of the virtual machine process, wherein the instruction comprises a reference to a register comprising the first memory location; responsive to the detecting the fault, the hypervisor performing a computing task for the virtual machine process and updating the register to comprise the second memory location; and initiating, by the hypervisor, a second execution of the instruction of the virtual machine process, wherein the second execution of the instruction accesses the second memory location.

Abstract: Disclosed are various embodiments for generating location confirmation models using crowdsourced wireless fingerprints. Wireless fingerprints can be generated and associated with a given location during events that use proximity to specific locations. The wireless fingerprints can be processed to generate location confirmation models that can be used for location confirmation. Periodically, the collected wireless fingerprints can be analyzed and compared to previously collected wireless fingerprints to detect a change in a wireless infrastructure at the given location. Upon determining that a previously generated location confirmation model is invalid according to a level of significance of the change, the outdated wireless fingerprints can be identified and removed from storage or otherwise ignored for future models. An updated location confirmation model can be generated using the up-to-date wireless fingerprints.

Abstract: The present application discloses a magnetic disk management method, an apparatus and an electronic device by providing an engine layer including a plurality of space files and an encapsulation layer including a file directory tree of a space file structure; where the engine layer responds to a data management operation performed for a target space file of the file directory tree output by the engine layer, and a target magnetic disk space corresponding to the target space files is determined through the address association list of the encapsulation layer, and data management is performed on the data in the target magnetic disk space. Thereby, different data can be isolated by different space files when entering through the engine layer, which ensures that security issues such as leakage of the data in the magnetic disk will not occur.

Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.

Abstract: An illustrative method includes a data protection system directing a storage system to generate recovery datasets over time in accordance with a data protection parameter set, the recovery datasets usable to restore data maintained by the storage system to a state corresponding to a selectable point in time, determining that the storage system is possibly being targeted by a security threat, and modifying, in response to the determining that the storage system is possibly being targeted by the security threat, the data protection parameter set for one or more of the recovery datasets.

Abstract: A hardware monitor arranged to detect out-of-bounds violations in a hardware design for an electronic device. The hardware monitors include monitor and detection logic configured to monitor the current operating state of an instantiation of the hardware design and detect when the instantiation of the hardware design implements a fetch of an instruction from memory; and assertion evaluation logic configured to evaluate one or more assertions that assert a formal property that compares the memory address of the fetched instruction to an allowable memory address range associated with the current operating state of the instantiation of the hardware design to determine whether there has been an out-of-bounds violation. The hardware monitor may be used by a formal verification tool to exhaustively verify that the hardware design does not cause an instruction to be fetched from an out-of-bounds address.

Abstract: An illustrative method includes a data protection system determining a delta metric between a first recovery dataset generated by a storage system at a first time and a second recovery dataset generated by the storage system at a second time subsequent to the first time and determining, based on the delta metric, whether data maintained by the storage system is possibly being targeted by a security threat.

Abstract: There is provided a method and system for digital rights enforcement. The method includes: determining digital content requested by a user via a selected user device; determining digital rights associated with the digital content; reviewing the digital rights to determine access rights relating to authorized devices for the user; determining whether the user has exhausted the access rights; and if the access rights are exhausted: determining at least one use factor for each of the user's previously authorized user devices; determining a previously authorized user device on which to revoke access to the digital content based on the at least one use factor; and revoking access rights to the previously authorized user associated device; otherwise downloading the digital content on the selected user device. The system includes a content review module and a revoker module.

Abstract: Apparatuses and techniques are described for detecting and isolating defective blocks of memory cells in a multi-plane operation such as program or erase. In one aspect, a program operation begins in a multi-plane mode, for one block in each plane. If fewer than all blocks complete programming by the time a trigger number of program loops have been performed, one or more unpassed blocks are programmed further, one at a time, in a single plane mode. If the one or more unpassed blocks do not complete programming when a maximum allowable number of program loops have been performed, they are marked as bad blocks and disabled from further operations. In another aspect, when a trigger number of program loops have been performed, one or more unpassed blocks are subject to a word line leakage detection operation.

Abstract: An illustrative method includes a data protection system determining a first compressibility metric associated with write traffic processed by a storage system, the first compressibility metric indicating an amount of storage space saved if the write traffic is compressed; determining a second compressibility metric associated with read traffic processed by a storage system, the second compressibility metric indicating an amount of storage space saved if the read traffic is compressed; determining, based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic; determining, based on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and performing, based on the determining that the storage system is possibly being targeted by the security threat, a remedial action with respect to the storage system.

Abstract: An illustrative method includes a storage system receiving attribute data representative of one or more attributes of a known attack against data maintained by a target system other than the storage system, updating an extensible attack monitoring process executed by the storage system with the attribute data, and monitoring, using the extensible attack monitoring process updated with the attribute data, storage operation requests of the storage system for one or more attributes that match the one or more attributes of the known attack.

Abstract: An illustrative method includes a data protection system detecting, for a storage system, a potential data corruption in the storage system, analyzing, in response to the detecting of the potential data corruption, one or more metrics of the storage system, and determining, based on the analyzing of the one or more metrics of the storage system, a corruption-free recovery point for potential use to recover from the potential data corruption.

Abstract: A method includes determining, by component of a memory sub-system, workload characteristics corresponding to a workload to be received by the memory sub-system. The method can further include dynamically altering a performance attribute of the memory sub-system based, at least in part, based on the determined workload characteristics.

Abstract: A method and apparatus for performing access control of a memory device with aid of aggressor bit information are provided. The method includes: receiving a first host read command from a host device; sending a first read command to the NV memory in order to try reading first data from a first page; sending a second read command to the NV memory to obtain soft-decoding information and performing a first soft-decoding operation according to the soft-decoding information in order to try obtaining the first data from the first soft-decoding operation; reading multiple bits from at least one aggressor page to be the aggressor bit information; converting the soft-decoding information into adjusted soft-decoding information according to the aggressor bit information of the at least one aggressor page; and performing a second soft-decoding operation according to the adjusted soft-decoding information to obtain the first data from the second soft-decoding operation.