Abstract: One embodiment of the present disclosure may take the form of protected or safeguard memory, such as a nonvolatile memory device. In operation, the nonvolatile memory device may not perform a command operation, such as a read operation, on locked password-protected sectors of a primary memory array. Once a password is provided to the nonvolatile memory device (for example, from or via an associated electronic device), the nonvolatile memory device may unlock the password-protected sectors.

Abstract: A data protection method for an electronic device having a storage medium is provided, wherein the storage medium includes a plurality of partitions and a partition table. In the data protection method, a partition entry point and a partition data corresponding to the specific partition are captured and sent to an external storage device when the electronic device enters a shutdown process. Then, the partition entry point is deleted from the partition table and the partition data is removed from the storage medium. When the electronic device is turned on, a user has to provide the corresponding external storage device to restore the partition entry point and the partition data back to the storage medium. Thereby, personal data stored in the storage medium is protected and accordingly data security is ensured.

Abstract: Data protection is weak with the methods currently available and there are risks of corrupting important data, including system data accidentally by users or by malicious programs. We are proposing a method for improving access protection, more particularly, protection for data on mass memories by adding a hardware that will enable or disable read or write protection to portions of mass memories for each user. The hardware supports one or more users and two or more states for each supported user. The state of the hardware is manually controlled by the users. Depending on the configuration, each hardware state corresponding to a user corresponds to disabling or enabling read or write protection to some portions of a mass memory or mass memories for that user.

Abstract: An information output apparatus includes a tray determining unit that determines an output tray to which printed sheets are output, a secret information generating unit that generates first secret information corresponding to tray identification information for identifying the output tray determined, a transmitting unit that transmits the first secret information generated by the secret information generating unit to a terminal, an input accepting unit that accepts an input of second secret information from a user, and a tray controlling unit that specifies the output tray based on the first secret information when the second secret information and the first secret information coincide with each other, and allows a slot of the specified tray to be open.

Abstract: An integrated circuit device includes a first plurality of non-volatile memory locations such as fuses that supply programmed values corresponding to initially selected device features such as voltage, frequency, clock speed, and cache parameters. The device is programmed with a lock value in a second plurality of non-volatile memory locations. That lock value may be a randomly generated number that is unique for each device. After initial programming of the device, access to the device is prevented by appropriately programming access control. In order to unlock the device and modify device features, an unlock key value is supplied to the device. If the unlock key value correctly corresponds to the lock value, the device features can be modified. In that way device features can be modified, but security is maintained to prevent unauthorized modification to device features.

Abstract: A system and method for authenticating digital content is described. In one implementation, digital content recorded by a recording device is stored in a secure section of a memory device. A control system is configured to block access to the digital content stored in the secure section except to permit one or more portions of the digital content to be transmitted to a certification and validation authority where the one or more portions of the digital content is maintained in a secure repository in the event the authenticity of the digital content is questioned.

Abstract: An optical disc manufacturing apparatus (46) recording a BCA code constituted by plural marks and including a secret code which is modulated in a range capable of recognizing a position in a radial direction of an optical disc and/or a position in a track direction of the plural marks as the BCA code, a BCA history database (44) storing a history including a correspondence between the BCA code of an optical disc (1a) recording the BCA code and the secret code, and a management center (30) reading the BCA code and the secret code recorded on the optical disc so as to compare both on the basis of input of the correspondence between the BCA code and the secret code stored in the BCA history database (44) are employed, whereby an illegally manufactured optical disc (1z) can be easily found by inspecting the recorded BCA code and secret code.

Abstract: An image recording apparatus includes a CPU. An image file created by the CPU is stored in a directory which is created on a hard disk and a circularly successive directory number is assigned to. When the number of image files accumulated in a latest directory reaches “450”, the CPU determines a total number of the directories, and if the total number reaches “50”, the CPU erases an oldest directory. Furthermore, when the number of the image files accumulated in the latest directory reaches “900”, the CPU creates a new directory to which the directory number succeeding to that of the latest directory is assigned. In addition, when an arbitrary directory is erased by an operation of an erasing key, the CPU assigns the successive directory number to a remaining directory in order of a creation time.

Abstract: A system includes long-term storage (e.g., flash memory) for storing sensitive data and critical components of a consumer electronic (CE) device such as an operating system (OS) kernel, private cryptographic key values, security applications, and firmware configurations, for example. Security hardware/software designates and restricts access to secured portions of long-term storage that contain the critical components. Requests for access to these secured portions are addressed by the security hardware/software, which authenticates a cryptographic authorization code received with the request. Read-write access to the secured portions is allowed for download and installation of, for example, a software or firmware upgrade if the cryptographic authorization code is authenticated.

Abstract: A data security system [100] [800] [900] [1600] [2000] includes providing a unique identification from a first system [102] to a second system [104] [108]; copying the unique identification in the second system [104] [108] by the first system [102]; and unlocking a memory [122] in the first system [102] or the second system [104] [108] only when the unique identifications in the first system [102] and the second system [104] [108] are the same.

Abstract: A method for supervisor partitioning of client resources in a communications environment includes receiving, at a client node, an allocated set of resources over a communications network, and partitioning the allocated set of resources among one or more applications associated with the client node using a local authority. Following the partitioning, communication requests are issued from the one or more applications to a shared resource provider node without inspection by the local authority.

Abstract: A memory device includes an address protection system that facilitates the ability of the memory device to interface with a plurality of processors operating in a parallel processing manner. The protection system is used to prevent at least some of a plurality of processors in a system from accessing addresses designated by one of the processors as a protected memory address. Until the processor releases the protection, only the designating processor can access the memory device at the protected address. If the memory device contains a cache memory, the protection system can alternatively or additionally be used to protect cache memory addresses.

Abstract: The system is composed of the storage apparatuses with dynamic chunk allocation capabilities, the centralized management computer. Some storage apparatuses have the extra HDDs or volumes for providing extra capacity (extra chunks), which are concealed by a secret key. The storage apparatus with the closed segment has the key management program and key management table. The centralized management computer has the storage on demand management program, the pending request table, the priority table and the master key table. The storage apparatus may connect to the other storage apparatuses for sharing the extra capacities in the closed segment. The storage apparatus issues the chunk addition request to the centralized management computer. The centralized management computer provides a key according to the priority table and the master key table.

Abstract: Access control to shared virtual address space within a single logical partition is provided. The access control includes: associating, by a hypervisor of the data processing system, a memory protection key with a portion of a single logical partition's virtual address space being shared by multiple entities, the key preventing access by one of the multiple entities to that portion of the virtual address space, and allowing access by another of the entities to that portion of the virtual address space; and locking by the hypervisor the memory protection key from modification by the one entity, wherein the locking prevents the one entity from modifying the key and thereby gaining access to the portion of the single logical partition's virtual address space with the associated memory protection key. In one embodiment, the one entity is the single logical partition itself, and the another entity is a partition adjunct.

Abstract: Various techniques for controlling use of configuration data for and/or a design implemented as user logic in a configurable PLD (programmable logic device) include programming the configurable PLD using configuration data provided by a secure device. The programmed configurable PLD includes user logic, a configurable device authorization code generator and a comparator. The user logic is immediately disabled after it is loaded into the configurable device. A configurable device authorization code is generated in the configurable device authorization code generator in the programmed configurable PLD and is sent to the comparator. A secure device authorization code is generated by a secure device authorization code generator and also is sent to the comparator. The comparator compares the two inputs and, if the configurable device authorization code and secure device authorization code are identical, the user logic is then enabled.

Abstract: The present invention provides a nonvolatile memory card in which a program is added, modified, changed, or the like by selecting arbitrary firmware on a flash memory from a plurality of pieces of firmware on flash memories. In a memory card, in addition to a program stored in a built-in ROM, firmware on flash memories as programs for adding, changing, modifying, or the like of a function such as a patch program are stored. Firmware on a flash memory which is desired to be made valid is set in a parameter sector or the like and is loaded into an external RAM, and the CPU of a control logic executes a process.

Abstract: A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.

Abstract: A photographic printing system includes a film reader for reading photographic image of a photographic film, a printer for printing the photographic image on an image recording medium based on photographic image data obtained through the film reader, a writer for writing at least the photographic image data in a loaded optical disc of the WORM (Write Once Read Many) type, and a controller for controlling the writing process of the writer. The controller allows writing, in the optical disc, of both the image data and a display processing program for displaying the image data written in the optical disc on a monitor when the optical disc has no data pre-written therein and allows writing, in the optical disc, of the image data when the optical disc has such display processing program pre-written therein.

Abstract: Methods and systems are disclosed that relate to the nondestructive erasure of data in a data storage system. An exemplary method includes providing a program that can generate instructions, which may be interpreted by the back end of the data storage system, to overwrite data on a disk drive.

Abstract: A method and apparatus for processing a write request at a storage device is provided. A write request that identifies a sender of the write request is received at a storage device. The write request is examined to determine the identity of the sender. A determination is made as to whether, within a hierarchical relationship, the sender is subordinate to any entity that has been designated as being unable to perform write requests at the storage device. Upon determining that (a) the sender is not subordinate to any entity that has been designated as being unable to perform write requests at the storage device, and (b) the sender has not been designated as being unable to perform write requests at the storage device, the sender is allowed to write to the storage device. Thereafter, the write request from the sender may be performed at the storage device.

Abstract: A chip card is protected against copying by having a data memory for storage of data that are protected, at least in a sub-region of the data memory, against alteration by users or attackers outside of a privileged group. Members of this group can write an individual identifier for this chip card into this protected memory region once, and can write a digital signature of this identifier to an arbitrary memory region of the data memory. The digital signature can be generated with the use of a secret key for which an associated public key exists with which it can be checked whether the digital signature was generated from the individual identifier with the use of a secret key.

Abstract: According to some embodiments, a method for providing encryption, integrity, and anti-replay protection of data in a fault tolerant manner is disclosed. A data blob and an anti-replay table blob are copied to a temporary storage region in a non-volatile memory. In an atomic operation, a status indicator is set and a monotonic counter is incremented after the data blob and the anti-replay table blob are copied to the temporary storage region. If a fault occurs while the status indicator is set, the data blob and the anti-replay table blob may be recovered from the temporary storage region.

Abstract: The present invention discloses a USB memory card such as an intelligent stick, of which a control of data encryption is included to enhance data security and meet the data security requirement. The USB memory card of this invention is applicable for the traditional smart card market, like as e-commerce, ID token in internet, as well as featuring a low system cost and a popular USB interface. The size of such USB memory card is small, easy-to-carry, and easy-to-use.

Abstract: Methods and arrangements are provided which associate a first user with a second user in a first device, and selectively provide information about the association of the first and second user to a second device as directed by the first user, without requiring the second user to be logged in to either the first or second device. The information about the association of the first and second user is provided to the second device via a validation code or validation protocol that essentially identifies the first user and the second user, when the first user is logged in to the second device. Here, for example, the validation code may identify the second user by an identifier and a name, and possibly provide modifications to a consent parameter associated with the second user. In certain implementations, at least a portion of the validation code may be encrypted when sent from the first device to the second device. By way of example, in certain instances, the first user may be a parent/guardian to the second user.

Abstract: A method, apparatus and computer program product for storing data in a disk storage system is presented. A dictionary data structure is defined and stored on the disk storage system. Key-value pairs can be inserted and deleted into the dictionary data structure, with full transactional semantics, at a rate that is faster than one insertion per disk-head movement. Keys can be looked up with only a logarithmic number of transfers, even for keys that have been recently inserted or deleted. Queries can be performed on ranges of key-value pairs, including recently inserted or deleted pairs, at a constant fraction of the bandwidth of the disk. The dictionary employs indirect logging for physical block logging.

Abstract: An apparatus, system, and storage medium are disclosed for utilizing data protection by a storage device to minimize loss of sensitive data on a storage medium. The apparatus includes a monitor module, a verification module, and a process module. The monitor module recognizes a write-type command from a host connected to an electronic data storage device. The verification module determines a presence of a passkey associated with the write-type command. The process module processes the write-type command according to the determination of the presence of the passkey. The apparatus, system, and storage medium provide protection of sensitive data at the device level so that a designated protected area on the electronic data storage device is protected against an inadvertent data overlay.

Abstract: A Method and a terminal intended for securing information in a local memory device which is couplable to a terminal having a data link interface. At the terminal, the method comprises the following steps. The method divides 801 original data included in the information to be secured, a division of the original data resulting in a first portion and a second portion. The method stores 802 the first portion in the local memory device and sends 803 the second portion via the data link interface for storage in a remote memory device. The method includes obtaining 804 an authorized read request targeted to the original data and responsive to the authorized read request reconstructs the original data. In more detail, the method retrieves 805 via the data link interface the second portion and combines 806 the second portion and the first portion which was stored in the local memory device.

Abstract: A wireless module security system and method is provided which includes, in one embodiment providing security data to a wireless module. The security data including a security code provided to the wireless module after the wireless module has been activated. The method for providing the security code includes encrypting the security code after establishing a wireless module account, issuing the security code through wireless transmission to the wireless module, and decrypting and storing the security code inside the wireless module. The security system and method also utilizes user authorized associated peripheral devices which may be connected to the wireless module to provide further combinations of security data. In one embodiment, the wireless module is provided with an electronic serial number and that electronic serial number is stored to the peripheral device for a security measure.

Abstract: The present invention provides a secure JTAG interface to an application-specific integrated circuit (ASIC). In the preferred embodiment the invention operates through the combined efforts of a Security Module (SM) comprising a state machine that controls the security modes for the ASIC, and a Test Control Module (TCM) which contains the JTAG interface. The TCM operates in either a restricted mode or an unrestricted mode, depending on the state of the SM state machine. In a restricted mode, only limited access to memory content is permitted. In an unrestricted mode, full access to memory content is permitted.

Abstract: A storage subsystem and a storage controller adapted to take advantage of high data transfer rates of fiber channels while offering enhanced reliability and availability and capable of connecting with a plurality of host computers having multiple different interfaces. A loop is provided to serve as a common loop channel having fiber channel interfaces. Host interface controllers (HIFC) connected to host computers having different interfaces permit conversion between the fiber channel interface and a different interface as needed. Control processors, shared by the host interface controllers, each reference FCAL (fiber channel arbitrated loop) management information to capture a frame having an address of the processor in question from among the frames passing through the loop. I/O processing is then carried out by the controller in accordance with a range of logical unit numbers (LUN) set in the captured frame.

Abstract: Systems and methods for modifying a parameter value of a controller are described. In one embodiment, the method includes verifying a local presence at the controller, modifying a parameter value at a remote device, confirming the identity of the remote device, and storing the modified parameter value in the controller.

Abstract: A disk control unit of a storage system stores identifiers of initiators that are capable of communications with storage devices and information of the storage devices correlated with the initiators. When an initiator performs a discovery processing, the disk control unit judges based on the information correlated with the initiator whether or not the initiator accessing to a storage device is illegal, and denies the access if illegal.

Abstract: A recording medium on which copyright information is recorded, and an apparatus and method therefor. The recording medium contains remake content made using at least one original content, original copyright information on the original content, and remake copyright information on the remake content. According to the recording medium and the apparatus and method therefor, the copyright of original content is protected and the personal user right of an individual user on the original content is guaranteed.

Abstract: Apparatus and method for generating an individual key for accessing a predetermined addressable unit of a memory divided into addressable units. The apparatus includes a calculator for calculating a page pre-key based on a page address, a determiner for determining the individual key based on the page pre-key and a unit address, a memory for storing the calculated page pre-key, and a checker for checking whether during a next access to a further predetermined unit to which a further unique address is associated, an already calculated page pre-key exists in a temporary memory, which has been calculated based on a page address of a unique address, which is identical to the page address of the further unique address, and, if so, transmitting the already calculated page pre-key to the determiner by bypassing the calculator, and, if not, transmitting the page address of the further unique address to the calculator.

Abstract: A computer-readable storage medium having computer-readable code embodied thereon including: program code for restricting access, by a file system running on a host system, to a restricted area of a storage area of a storage device; and program code for enabling at least one application to access the restricted area via the file system. Preferably, the computer-readable code further includes: program code for enabling the storage device to copy data from a non-restricted area to the restricted area. Preferably, the computer-readable code further includes: program code for directing the storage device to route host-system read-requests, directed to addresses in the restricted area, to addresses in a non-restricted area. Preferably, the computer-readable code further includes: program code for applying access commands of the host system to restricted data residing in the restricted area when the host system requests access to non-restricted data addressed to a non-restricted area.

Abstract: A computer system comprising includes an inactive partition with a bootable operating system installed and a license manager for obtaining a license that allows the partition to be activated.

Abstract: This invention is a system and method related to restoring data in a data storage environment and includes program logic.

Abstract: A method and a system for blocking an integrated circuit after detection of an attempt of unauthorized access to information that it contains, in which a first program of generation of a second program to be executed in a random access memory of the integrated circuit is executed, the second program including several instruction sequences and each sequence ending with a branching to another sequence; and the second program is executed.

Abstract: A single lock word comprises an identifier field for storing a thread identifier associated with a first thread obtaining a lock on an object; an inflation field for storing a fat lock bit upon inflation of the lock on the object; and a contention field for storing a contention bit in response to an attempt by a second thread to obtain a lock on the object. The values of the single lock word are verified with a single memory fetch instruction. When unlocking an object, a single memory fetch instruction can be used to read the lock word to: (1) determine whether thread T is still the current owner of the lock, and (2) determine the states of inflation and/or contention (i.e., determine whether the fat lock and/or contention bits have been set).

Abstract: A method, system, and program key-controlled object-based memory protection are provided. A processing unit includes an authority check for controlling access by the processing unit to pages of memory according to whether a hardware protection key set currently loaded in an authority mask register allows access to the pages. In particular, each page of memory is assigned a page key number that indexes into the hardware protection key set. The currently loaded hardware protection key set specifies those page key numbers that are currently accessible to the processing unit for the execution context. Each hardware key within the hardware protection key set may be associated with a particular data object or group of data objects. Thus, effectively, the currently loaded hardware protection key set identifies which data objects or groups of data objects are currently accessible.

Abstract: Data storage apparatus comprises a tape drive and a tape cartridge, the tape cartridge having a data storage tape on which write-once-read-many (WORM) data is stored. The data storage apparatus is controlled by providing a format command to the tape drive commanding a formatting operation that conditions the tape for erasure or overwriting of the WORM data. A format command key is provided with the format command to be compared with a key recorded in the cartridge. The format command is enabled in dependence upon the comparison between the format command key and the recorded key.

Abstract: A device includes a processor and a hard disk drive coupled to the processor. The hard disk drive stores various data associated with the device and includes a first partition and a second partition. Data stored in the first partition is cleared during a system reset operation. Data stored in the second partition is not cleared during the system reset operation. The first partition stores saved application data, device configuration information, and the like. The second partition stores a console application that implements a user interface to the device. The second partition also stores a reset application that implements a system reset operation.

Abstract: A device includes a processor and a hard disk drive coupled to the processor. The hard disk drive stores various data associated with the device and includes a first partition and a second partition. Data stored in the first partition is cleared during a system reset operation. Data stored in the second partition is not cleared during the system reset operation. The first partition stores saved application data, device configuration information, and the like. The second partition stores a console application that implements a user interface to the device. The second partition also stores a reset application that implements a system reset operation.

Abstract: A memory card compatible token includes non-memory components accessed using commands hidden in the data stream of a memory card access command. A mobile computing device such as a mobile phone accesses the non-memory components by writing to a specific address, including a known data value in the data stream, or both. The token may be activated using an activation code, and a subsequently chosen password may be used to authenticate the mobile computing device to the token each time a hidden command is issued.

Abstract: A portable data access device is applicable to a data processing system. The portable data access device includes at least a first data access sector preset to be a read-only data access sector, for storing at least data and/or application programs executable by the data processing system; at least a second data access sector set to be a general data access sector; and a controller for interfacing with the data processing system and controlling data access to the first data access sector and the second data access sector. The data processing system may execute the application programs and/or access the data through the portable data access device, and the risk of modifying or damaging the data and/or application programs can be reduced by the read-only data access sector.

Abstract: A system for granting a privilege to a chip holder. The system comprises at least one chip provided with at least one secret key to be activated by a chip holder and at least one associated public key. The system further comprises at least one chip reader, which is connected to a device for carrying out the privilege, and at least one privilege database, which comprises data regarding privileges associated with respective chips. In the system a request route and a reply a route are set up between the chip reader and the privilege database over at least one network, wherein a reply from the privilege database can be sent to the chip reader in encoded form via the reply route by means of a public key of the chip obtained from an encryption database. The chip holder can decode the reply by means of the secret key, after which the decoded reply can be transferred to the device for carrying out the privilege.

Abstract: An apparatus, system, and method for avoiding unexpected exposure of important data in a storage system include a table that contains permission and conversion information regarding data transfer. When a storage system transfers a certain set of data from one logical device or volume to another area, e.g., a host, a tape storage or another logical device or volume inside or outside of the storage system, the storage system refers to the table to determine if transfer is permitted and whether conversion of the data is required before transfer. A storage controller converts the data if necessary, and transfers the data to the target destination if permitted. Keys are maintained within the storage system so that the management of securing data is centralized.

Abstract: A method, system, and program key-controlled object-based memory protection are provided. A processing unit includes an authority check for controlling access by the processing unit to pages of memory according to whether a hardware protection key set currently loaded in an authority mask register allows access to the pages. In particular, each page of memory is assigned a page key number that indexes into the hardware protection key set. The currently loaded hardware protection key set specifies those page key numbers that are currently accessible to the processing unit for the execution context. Each hardware key within the hardware protection key set may be associated with a particular data object or group of data objects. Thus, effectively, the currently loaded hardware protection key set identifies which data objects or groups of data objects are currently accessible.

Abstract: A memory lock system (900) is provided that includes: providing a controller (212); providing a connector (204) connected to the controller (212) for providing data to the controller (212); providing a memory (216) connected to the controller (212) for receiving and storing information from the controller (212); and manipulating an input device (206) connected to the controller (212) to unlock or lock data transfer between the connector (204) and the controller (212), in the controller (212), between the connector (204) and the memory (216), or in the memory (216).

Abstract: A system, device, and method for managing file security attributes in a computer file storage system generates a set of Windows file security attributes from a set of UNIX file security attributes. The set of Windows file security attributes includes a UNIX-specific SID for a UNIX name that could not be translated into a Windows name. The set of Windows file security attributes also includes a set of Windows file permissions derived from a set of UNIX file permissions.