Abstract: A boot method an apparatus are described which reduce the likelihood of a security breach in a mobile device, preferably in a situation where a reset has been initiated. A predetermined security value, or password, is stored, for example in BootROM. A value of a security location within FLASH memory is read and the two values are compared. Polling of the serial port is selectively performed, depending on the result of such comparison. In a presently preferred embodiment, if the value in the security location matches the predetermined security value, then polling of the serial port is not performed. This reduces potential security breaches caused in conventional arrangements where code may be downloaded from the serial port and executed, which allows anyone to access and upload programs and data in the FLASH memory, including confidential and proprietary information.

Abstract: Obfuscating an application program comprises reading an application program comprising code, transforming the application program code into transformed application program code that uses one of multiple opcode value encoding schemes of a dispatch table associated with the application program, and sending the transformed application program code. Executing an obfuscated application program comprises receiving an obfuscated application program comprising at least one instruction opcode value encoded using one of multiple instruction set opcode value encoding schemes, determining a dispatch table associated with the application program, and executing the application program using the associated dispatch table. The dispatch table corresponds to the one of multiple instruction set opcode value encoding schemes.

Abstract: A memory card can include a memory that is configured to store data and a memory controller that is configured to store host identification information and a password. The memory controller can be configured to control read/write access to the memory, where the memory controller can allow a host read and/or write access to the memory upon determining that the host identification information stored by the memory controller corresponds to the host.

Abstract: Processor arrangement having a first processor, a second processor, and at least one memory configured to be shared by the first processor and the second processor. The second processor has a memory interface configured to provide access to the at least one memory, and a processor communication interface configured to provide a memory access service to the first processor. The first processor has a processor communication interface configured to use the memory access service from the second processor. The first processor and the second processor use at least one cryptographic mechanism in the context of the memory access service.

Abstract: An information playback method and apparatus that includes reading first identification information from an auxiliary recording region of a recording medium, including the auxiliary recording region in which writing of content data is prohibited and a main storing region in which the content data can be written and reading second identification information from the main recording region. When first identification information is read from the auxiliary recording region and second identification information is read from the main recording region, comparing the first identification information with the second identification information, and outputting the content data read from the main recording region when the first identification information corresponds to the second identification information.

Abstract: In the information process device 1, only when it is determined that the password rewritten in the change password memory area 14a of the backup RAM 14 and the password rewritten in the change password memory area 31a of the second flash memory 31 coincide with each other (S202: YES), the menu display of the liquid crystal display 21 is conducted (S107) and it is permitted to start execution of the application program (S123) based on that the menu M2 of “2. start of game” is selected in the menu display. Further, based on that the menu M1 of “1. set of password” is selected in the menu display (S109: 1), it is permitted input of the change password by touching each of the areas 22c to 22n of the transparent touch panel 22 (S112).

Abstract: A radio frequency identification device (RFID) and method for authenticating RFIDs are disclosed. In RFIDs, data is stored in a form of data segments selectively associated with promiscuous and non-promiscuous regions of their memories. A randomly selected portion of a content of a non-promiscuous region is examined by an interrogating readers or a host computer after validating the data contained in a promiscuous region.

Abstract: A system is described in which a plurality of host computers are coupled to a storage system for storing and retrieving data in the storage system. The storage system includes individually addressable units of storage such as volumes or logical unit numbers. A security management system controls access to each of the individually addressable units of storage based upon the identification of the host permitted to access that unit of storage.

Abstract: A disk array system includes a memory that stores first key data inherent to the disk array system, and a disk controller that controls data input/output to/from disk drives. Each of the disk drives includes a disk medium, and an HDD controller, the disk medium having a system area that stores second key data inherent to a disk array system, and a data area that stores user data, the HDD controller controlling data input/output to/from the system area and the data area. The HDD controller, upon a disk drive from among the disk drives being mounted in the disk array system, comparing the first key data and the second key data, and if they do not correspond to each other, operating in an operation mode in which read access from the disk controller to the data area is prohibited.

Abstract: A method, system, and program key-controlled object-based memory protection are provided. A processing unit includes an authority check for controlling access by the processing unit to pages of memory according to whether a hardware protection key set currently loaded in an authority mask register allows access to the pages. In particular, each page of memory is assigned a page key number that indexes into the hardware protection key set. The currently loaded hardware protection key set specifies those page key numbers that are currently accessible to the processing unit for the execution context. Each hardware key within the hardware protection key set may be associated with a particular data object or group of data objects. Thus, effectively, the currently loaded hardware protection key set identifies which data objects or groups of data objects are currently accessible.

Abstract: A method, system, and machine-readable medium for controlling access to data of a tape data storage medium are disclosed. In accordance with one embodiment, a method is provided which comprises conveying data access control metadata from a tape cartridge comprising a tape data storage medium to a host, receiving decrypted metadata from the host, comparing a checksum value determined utilizing the decrypted metadata with checksum data stored within the tape cartridge; and processing a request to access the tape data storage medium received from the host based upon a comparison of the checksum value and checksum data. In the described method embodiment, the data access control metadata comprises encrypted metadata corresponding to a data storage parameter, where data is stored within the tape data storage medium utilizing the data storage parameter and the decrypted metadata is generated by the host utilizing the encrypted metadata.

Abstract: A non-volatile memory device includes an input/output terminal mixing section configured to couple data input/output terminals of the memory device to data input/output terminals of a page buffer in accordance with a user selection. A user data authenticating section is configured to transmit a control signal to the input/output terminal mixing section so that the input/output terminal mixing section couples the data input/output terminals of the memory device to the data input/output terminals of the page buffer in accordance with the user selection. A spare cell is configured to store the coupling configuration of the data input/output terminals of the memory device and the data input/output terminals of the page buffer in accordance with the user selection.

Abstract: A computer includes a processor, an input device and a read only memory (“ROM”). One or more passwords are flashed in the ROM in encoded form. The encoding process may include any well-known encryption or hash process. The password may include a power-on password usable to change the operating state of the computer and/or an administrator password. Such configuration data preferably also is stored on the ROM in encoded form. The encoded nature of the passwords makes it difficult for an unauthorized entity to gain access to the usable form of the passwords. Further, by storing the passwords and configuration in ROM, such as the computer's main system ROM, it is possible to control write access to the ROM because a computer's ROM can generally only be flashed using SMI code which operates outside the control of the computer's operating system and requires entry of a correct password.

Abstract: In an encryption storage apparatus (data storage apparatus) (1), when entered an allocation request signal (a1), a key management section (7) outputs a generation request signal (b) to a random number generation section (3). The random number generation section (3) generates a pseudorandom number as an encryption key (c) at the entering timing of the generation request signal (b), and the key management section (7) causes a volatile key storage section (4) to store the encryption key (c) and returns a corresponding key number (a2) to a user side. When the user enters an encryption instructing signal (a3) and the key number (a2) to the key management section (7), the key management section (7) reads out the corresponding encryption key (c), and an encryption section (5) converts entered data (d1) into encrypted data (d2) and stores the encrypted data (d2) in a nonvolatile storage section (2).

Abstract: A memory card, flash memory drive or other removable re-programmable non-volatile memory device is configured so that at least part of the memory is not available for storage of user data until data of a message stored in the memory is at least read out by the user through a host device to which the memory device is connected. The message may be an advertisement, instructions on using the memory device, or the like, to which the user is at least exposed as a condition of having the full capacity of the memory card available thereafter for use by him or her.

Abstract: One time programming functionality is provided on an integrated circuit by receiving one time programmable (OTP) data from a source that is external to the integrated circuit. It is determined whether the received OTP data is authentic, and if so, the received OTP data is stored in a write-lockable memory device that is located on the integrated circuit. The write-lockable memory device is thereafter locked to prevent any further writing to the write-lockable memory device for so long as power is maintained to the integrated circuit. After locking the write-lockable memory device while power is maintained, the OTP data is retrieved from the write-lockable memory device whenever the OTP data is needed. A key used to authenticate the received OTP data is stored on the integrated circuit within a memory device configured to permit reading of the key only one time.

Abstract: To provide a memory device and a password storing method thereof, according to which an improved security function is realized by resourcefully designing the storage position and/or storing order of password data stored in the memory device to prevent unauthorized password acquisition. The memory device makes a determination of whether or not rewriting and/or reading of data is permitted by verification of a password, the memory device comprising a plurality of partial memory areas which store a plurality of partial bit strings that comprise a bit string of the password, and wherein the plurality of partial memory areas are located apart from each other in a memory cell array.

Abstract: A memory card system includes a memory card and a host for generating a password confirm command and a password transmission command. The password confirm command is used for determining whether a password has been set in the memory card. Each of the password confirm command and the password transmission command may be sent via at least one of a command line or a data line between the host and the memory card.

Abstract: Systems and method for storing information of a user within a medical information card and for controlling access to the information by a third party. The medical information card comprises a storage medium adapted to store the medical records of the patient. The medical information card further comprises a processing system coupled to the storage medium adapted to receive a request for access to the medical records by the third party and to determine a subset of the medical records that the third party is authorized to access based on the request. The medical information card further comprises an interface system coupled to the processing system adapted to exchange the subset of the medical records with the external data system of the third party in response to authenticating the request.

Abstract: The present disclosure relates to attempting to monitor and control memory access and, more specifically, to attempting to limit memory access to a specific registered software agent.

Abstract: The present invention relates to an information processing apparatus that allows separately forming regions having different roles. When an area definition region #0100h is newly formed under an area definition region #0000h that is formed on an IC card, information of the area definition region #0100h is encrypted using a service key stored in an area registration service definition region #0020h that is formed in advance, and the encrypted information is supplied to the IC card. Upon receiving that information, the IC card decrypts the encrypted information using the service key stored in the area registration service definition region #0020h. Then, the area definition region #0100h is formed based on the result of decryption. The present invention may be applied to an IC card that exchanges information in a non-contact manner and to an apparatus that exchanges data with the IC card.

Abstract: A memory device is provided. The memory device includes a memory configured to store information. The memory device also includes a memory controller in communication with the memory. The memory controller is configured to encrypt the information to define a parameter and access an account on a second memory device based on the parameter to gain access to content. The content is stored in the second memory device and the memory device and the second memory device are configured to be removably coupled to a computing device.

Abstract: Described is a technique for providing shared access to an encrypted portable memory device which improves both usability and security by allowing the owner of the encrypted storage device to designate access to specified files only to the next host to mount the secure disk. The number of steps required to perform a file sharing operation is greatly reduced with this system and access to the contents of the protected storage device can be granted with greater granularity.

Abstract: An image formation system includes: an image formation device having a storage unit; a host device that outputs an image formation instruction including a predetermined code for authentication to the image formation device; a communication line that interconnects the host device with the image formation device, wherein the image formation device is adapted to store the image formation instruction in the storage unit when the image formation instruction including the code for authentication is input, and outputs an image based on the image formation instruction when an operating information matching the code for authentication is input from a user interface.

Abstract: The Computer System consists of components including more than one Computer and Storage Subsystem to which more than one Computer are connected. The Storage Subsystem is equipped with more than one Storage Unit, Management Table registering information to manage Storage Units accessible by each of the Computers and Controller to control accesses by more than one Computer to more than one Storage Unit. The controller controls the accesses according to the information set in the Management Table when the Storage Unit is accessed by the Computer.

Abstract: A security system for a computer operating system comprising a processor (37) that is independent of the host CPU (13) for controlling access between the host CPU (13) and a security partition formed in the storage device (21) for storing the operating system. A program memory (41) that is independent of the computer memory and the storage device (21) unalterably stores and provides computer programs for operating the processor (37) in a manner so as to control access to the security partition in the storage device (21). All data access by the host CPU (13) to the data storage device (21) is blocked before initialisation of the security system and is intercepted immediately after the initialisation under the control of the processor (37). The processor (37) effects independent control of the host CPU (13) and configuration of the computer (11) to prevent unauthorised access to the security partition on the storage device (21) during the interception phase.

Abstract: A storage device is capable of sequentially inputting a command, which includes address information and attached information, from an information processor through an input/output unit. The storage device includes a storage unit for storing data; an extractor for extracting the address information and the attached information from an input command inputted through the input/output unit; a generator for, in response to input of the input command, generating transition information that transitions according to rules using an initial value; a comparator for determining whether the attached information and the transition information agree with each other; and an output controller for, only when the attached information and the transition information agree with each other, outputting storage data out of the data, which corresponds to the address information extracted by the extractor, through the input/output unit.

Abstract: In a nonvolatile semiconductor memory device according to the present invention, a password protection function is enabled or disabled based on a first specified value M and a second state specified value P such that when both of the first specified value M and the second state specified value P are in a set state, the password protection function is enabled and when at least the second specified value P is in a reset state, the password protection function is disabled, and the first state specified value M maintains a previous state and the second state specified value P follows the state of the first state specified value M in response to a reset operation, and the cancel operation to shift the second state specified value P to the reset state can be performed only when the password is inputted correctly.

Abstract: In accordance with one aspect of attesting to a value of a register and/or memory region, an operating system of a device receives a request, in response to an ATTEST operation being invoked, to make a signed attestation of a value. The operating system signs a statement that includes the value using a private key of a pair of public and private keys of a processor of the device. The value may be stored in a register and/or a region of memory.

Abstract: In a computer system in which one or more computers on which one or more initiators operate and a storage device on which one or more targets operate are connected with each other through a network, an authentication table for authenticating validity of a user of a computer is associated with an authorization table for authorizing access of an initiator to a certain target, to limit such accesses.

Abstract: Aspects for integrating encryption functionality into a database system are described. The aspects include providing at least two functions to support data encryption in a database system. The at least two functions are utilized within structured query language statements to preserve confidentiality of user-specified data in the database system.

Abstract: A DDR SDRAM DIMM for a mainframe main storage subsystem has a plurality of DDR SDRAMs on a rectangular printed circuit board having a first side and a second side, a length (152 MM=6 inch) between 149 and 153 millimeters and optimized at 149.15 mm or 151.35 mm in length and first and second ends having a width smaller than the length; a first plurality of connector locations on the first side extending along a first edge of the board that extends the length of the board, a second plurality of connector locations of the second side extending on the first edge of the board, a locating key having its center positioned on the first edge and located between 80 mm and 86 mm and optimized with a locating key 1.5 mm wide centered at 81.58 or 85.67 mm from the first end of the board and located between 64 and 70 mm and optimized with the locating key centered at 67.58 or 65.675 from the second end of the board.

Abstract: A method and a circuit for controlling the access to all or part of the content of a memory that is integrated with a microprocessor, a priority-holding interrupt, at least one register of keys, and at least one access control algorithm contained in a second auxiliary memory are used. The content of at least one also integrated storage element and the content of the key register, the content of the auxiliary memory being programmable only once.

Abstract: A disk array controller reliably detects disk drive power-on-reset events that may cause a disk drive that has uncommitted write data stored in its cache to lose such data. The methods for detecting the power-on-reset events include operating the disk drives in an ATA security mode in which a power-on-reset of a disk drive will cause the drive to enter a locked state in which data transfer commands are aborted; and tracking power cycle count attributes of the disk drives over time. When a disk drive power-on-reset event is detected, the disk array may be efficiently maintained in an operational state by re-executing or “replaying” a set of write commands that are cached within the disk array controller. The invention is also applicable to single-disk-drive storage systems.

Abstract: An apparatus, system, and method are disclosed for autonomically disposing a computer such as a workstation. The computer's local persistent storage medium is configured with pre-boot image which is configured with a set of functional modules that facilitate disposal or recycling of the computer to the next user. The disposal and recycle methods are automated, require minimal user intervention, and facilitate moving configuration options and data to a different computer. The entire process may execute from the pre-boot image on the computer's local persistent storage medium without ever booting the primary operating system.

Abstract: A logically-partitioned computer system provides support for multiple logical partitions to access a single file system, thereby allowing the logical partitions to share a file without the overhead of communicating over a VLAN. An area of shared memory is defined that multiple logical partitions may access. One or more file control blocks that control access to the files in the file system are then created in the shared memory. Existing mechanisms for locking a file system between processes may then be used across logical partitions to serialize access to the file system by all processes in all logical partitions that share the file system. In this manner the sharing of files in a file system is enabled by leveraging existing technology that is used within a single logical partition to extend across multiple logical partitions.

Abstract: Systems and methods of connection control for wireless mobile communication devices enabled for communication via a plurality of communication connections are provided. Connection control information associates software applications with communication connections. When a connection request specifying a requested connection is received from a software application, it is determined whether the requested connection is permitted by the connection control information. Where the requested connection is permitted by the connection control information, the requested connection is opened. If the requested connection is a first connection opened by the software application, then the software application is associated with the requested connection in the connection control information.

Abstract: A method is adopted in a control apparatus for controlling ID information stored in a storage medium in conjunction with a terminal for reading the ID information from the storage medium and used to catalog information for the storage medium into a memory employed in the control apparatus. In an operation to catalog information into the memory of the control apparatus, the terminal receives the information, reads the ID information from the storage medium and transmits the information and the ID information to the control apparatus and the control apparatus catalogs the information and the ID information in the memory by associating the information with the ID information.

Abstract: An operating system copies data from memory pages into a paging file on disk, in order to free up space in the memory. A mechanism is disclosed that causes the data to be encrypted as it is copied into the paging file, thereby protecting the paged data from unauthorized (or otherwise undesired) observation. The data that is stored in the paging file is encrypted with a session key, that is generated shortly after the machine on which the paging file exists is started. The session key, which is used both for encryption and decryption of the paging file data, is stored in volatile memory, so that the key is not persisted across boots of the machine. Since the key is not persisted across boots, old paging file data that was stored prior to the most recent boot cannot be recovered in clear text, thereby protecting the data from observation.

Abstract: A method of serializing administrative operations on virtual volumes includes operating a storage system to maintain a plurality of virtual volumes that share a pool of block storage, where each of the virtual volumes containing data stored on one or more physical storage devices. Administrative access to each of the virtual volumes is controlled individually by imposing serialization on administrative operations directed to each virtual volume.

Abstract: In order to securely back up data that is recorded in a mobile storage device, a storage device that connects to an external device so as to communicate with the external device includes a switch for switching functions of a control section under the control, a section for holding unique information belong to the storage device, a section for receiving a unique key belonging to the external device from the external device, a section for generating a backup key by use of the unique key belonging to the external device which has been obtained from the external device and the unique information belonging to the storage device, a section for encrypting a copy of digital data that has been recorded in the storage device by use of the backup key.

Abstract: An active-active RAID system includes first and second active-active RAID controllers which efficiently share access to SATA drives. SAS expanders connect the RAID controllers to the drives. The controllers establish an affiliation within the SAS expanders with respectively-owned first and second subsets of the SATA drives. The controllers directly transmit to the SAS expanders commands destined for affiliated drives, but forward to the other RAID controller, via an inter-controller communications link, commands destined for unaffiliated drives for transmission by the other RAID controller. The controllers handle drive ownership changes by clearing previously-established affiliations, updating ownership data stored on the drives, including forwarding the update commands as necessary, and re-establishing affiliations based on the new ownership.

Abstract: An approach to managing stored-value data objects, such as electronic tickets, comprises secure systems and procedures for ticket issuing, storage, and redemption. With these systems and procedures in place, stored-value data objects may be securely transferred to remote systems, such as a user's personal electronic device, for subsequent secure redemption, thus allowing the user to gain access to the desired goods or service upon redeeming the data object. Techniques provide secure delivery of the requested data object to the requesting device, and provide secure redemption and disposal of the data object. Ticket issuing systems may be Internet-accessible systems, and users may purchase and redeem tickets using mobile terminals or other devices adapted for wireless communication. Standardized WPKI and Internet access procedures may be employed in ticket issuance and redemption.

Abstract: A data storage device is secured by extracting timing information encoded within a password-related symbol stream received by the storage device and denying access if the timing information is incorrect or the symbol stream is not identical to a valid authentication sequence. In one embodiment, each symbol corresponds to a password, and at least one symbol is transmitted within a specified timing window while at least one other symbol must be transmitted at a random time that varies with each authentication attempt. In certain embodiments, a computing device associated with the data storage device is configured to provide a single password prompt, receive a character sequence corresponding to a plurality of passwords from a user, and communicate an encrypted symbol stream to the storage device with a specified timing pattern imposed thereon.

Abstract: A data storage device is secured by extracting timing information encoded within a password-related symbol stream received by the storage device and denying access if the timing information is incorrect or the symbol stream is not identical to a valid authentication sequence. In one embodiment, each symbol corresponds to a password, and at least one symbol is transmitted within a specified timing window while at least one other symbol must be transmitted at a random time that varies with each authentication attempt. In certain embodiments, a computing device associated with the data storage device is configured to provide a single password prompt, receive a character sequence corresponding to a plurality of passwords from a user, and communicate an encrypted symbol stream to the storage device with a specified timing pattern imposed thereon.

Abstract: Methods and systems for accessing protected memory are disclosed. Aspects of one method may include enabling access to protected memory on a chip when a user access key for the chip matches a customer specific access key that is pre-programmed and stored in a one-time programmable memory within the chip. The protected memory in the chip may comprise non-volatile memory. Portions of the protected memory may be allocated for access by different users. Accordingly, each user may have a different user access key to access the portion of the protected memory allocated to that user. A user may use offset to objects when sending commands to access the protected memory. The object may indicate memory address and data size. This may allow a level of abstraction where a customer may not need to know specific addresses for the portion of the protected memory being accessed.

Abstract: A memory card of one published standard, such as the Multi-Media Card (MMC) or Secure Digital Card (SD), is modified to include the function of a Subscriber Identity Module (SIM) according to another published standard. The controller of the memory card communicates between electrical contacts on the outside of the card and both the memory and the SIM. In one specific form, the memory card has the physical configuration of the current Plug-in SIM card with a few external contacts added to accommodate the memory controller and data memory. In another specific form, the memory card has the physical configuration of the current SD card, including external contacts.

Abstract: Use of storage access keys is facilitated to enable flexible control of storage access. Any selected storage access key is usable to access storage. Storage access keys may be specified in user registers and can override storage access keys indicated in system registers.

Abstract: The present invention provides a nonvolatile memory card in which a program is added, modified, changed, or the like by selecting arbitrary firmware on a flash memory from a plurality of pieces of firmware on flash memories. In a memory card, in addition to a program stored in a built-in ROM, firmware on flash memories as programs for adding, changing, modifying, or the like of a function such as a patch program are stored. Firmware on a flash memory which is desired to be made valid is set in a parameter sector or the like and is loaded into an external RAM, and the CPU of a control logic executes a process.

Abstract: The present invention relates to an information-processing system, an information-processing apparatus and an information-processing method. At a step S1, a PDA transmits a request for purchase of a content to a server. At steps S11, S12 and S14, the server receives the request for purchase of a content from the PDA and transmits the content to the PDA. At a step S5, the PDA transmits a request for preservation of the content to the server. At a step S16, the server generates a preservation ID based on a user ID for identifying the user of the PDA and based on a content ID for identifying the content, and issues the preservation ID to the PDA. At the next step S17, the server stores the issued preservation ID in a preservation-ID database by associating the preservation ID with the content ID. At a step S6, the PDA receives the issued preservation ID from the server and stores the preservation ID in a memory. The present invention can also be applied to an information management system.