Abstract: Methods and apparatuses for improving security of an integrated circuit (IC) are provided. A tamper condition is detected and a digital key stored in the IC is erased. The digital key is associated with a first image loaded onto the IC from a first memory. The memory may be a non-volatile memory module. A second image is loaded into a second memory module. The second memory module may be an embedded memory module, e.g., a control random access memory (CRAM) module. The first image is then erased from the first and second memory modules.

Abstract: Electronic equipment according to the present disclosure includes a writable non-volatile memory, a plurality of volatile memories, and a sequencer. The writable non-volatile memory stores an operation parameter group required to operate the electronic equipment. Respective addresses are assigned to the plurality of volatile memories. The plurality of volatile memories includes a specified volatile memory. The specified volatile memory stores a part of the operation parameters among the operation parameter group. The specified volatile memory is accessible by inputting an Enable signal. The sequencer can read and write the non-volatile memory when the Enable signal allows an operation parameter stored in the volatile memory to be written to the non-volatile memory.

Abstract: Various embodiments comprise apparatuses and methods to allow access to a memory device by an external device. A method includes receiving, at the memory device, a request from the external device to access a storage area of the memory device and performing an unlock procedure of the storage area. The unlock procedure includes sending a first code from the memory device to the external device, and receiving a second code at the memory device from the external device. The second code is to be generated by a first encryption process performed on the first code to obtain the second code. The storage area is temporarily unlocked to allow the external device to access the storage area based on a determination that the received second code has a predetermined relationship to the first code. Additional apparatuses and methods are described.

Abstract: The present invention includes an integrated module including a plurality of data processing units including a memory device having processing instruction data stored therein. The processing instruction data including subconfiguration data for at least one of the data processing units, the subconfiguration data including a plurality of blocks. The integrated module further includes a barrier disposed between a first block and a second block of the plurality of blocks. Wherein, the data processing units process the processing instruction data from the memory device such that the barrier provides for the data processing units to observe a configuration sequence of the subconfiguration data.

Abstract: Embodiments of the present invention provide methods of reading data from and writing data to a memory, computer program products for performing such methods, and apparatus for reading data from and writing data to, a memory, which apparatus may be implemented, for example, as a Field Programmable Gate Array (FPGA). A key associated with data to be read from or written to the memory is converted into two separate values, which values are themselves converted into first and second index values, each having an associated signature value. The index values are used as indices to a signature table containing a signature value for each data entry stored in the memory from which data is to be read or to which data is to be written. In a read operation, a signature of the signature table which matches one of the signature values derived from the key is identified and a read address is calculated based on the index value associated with the matching signature value derived from the key.

Abstract: Method and system for providing information regarding a plurality of storage devices managed by a plurality of storage servers are provided. The storage space at the storage devices is presented to a plurality of computing systems as logical storage space. A plurality of searchable data structures having a plurality of data object types are stored at a temporary memory storage device of a management console that interfaces with the plurality of computing systems and the storage servers. Each data object type stores information regarding the storage device. The searchable data structure includes information regarding the storage devices and the logical storage space presented to the computing systems. A lock data structure for tracking locks that are assigned for accessing information pertaining to a storage server and a data object type is maintained to prevent unauthorized access to at least one of the searchable data structures.

Abstract: An apparatus includes a nonvolatile memory, an interface that at least receives an erase command of the nonvolatile memory, a first controller that controls the nonvolatile memory to execute data erasing on the basis of the erase command output from the interface, an external input unit which is installed independently of the interface, a second controller that controls the nonvolatile memory to execute data erasing on the basis of an erase instruction signal output from the external input unit, and a change-over circuit that switches between connection of the first controller with the nonvolatile memory and connection of the second controller with the nonvolatile memory, wherein the second controller controls the nonvolatile memory to execute data erasing on the basis of the erase instruction when the connection of the second controller with the nonvolatile memory is established by the change-over circuit.

Abstract: A system and method for efficiently performing user storage virtualization for data stored in a storage system including a plurality of solid-state storage devices. A data storage subsystem supports multiple mapping tables. Records within a mapping table are arranged in multiple levels. Each level stores pairs of a key value and a pointer value. The levels are sorted by time. New records are inserted in a created newest (youngest) level. No edits are performed in-place. All levels other than the youngest may be read only. The system may further include an overlay table which identifies those keys within the mapping table that are invalid.

Abstract: According to one embodiment, a memory chip, which is connected to a controller that controls reading and writing of data in response to a request from an external device, includes: a memory including a special area that is a predetermined data storage area; a key storage unit that stores therein a second key that corresponds to a first key used by the external device to convert the data; a converting unit that receives, from the controller, data to be written into the special area and generates converted data by converting the data to be written using the second key; and a writing unit that writes the converted data into the special area.

Abstract: Disclosed are a method and apparatus for a data storage library comprising a plurality of drives and a combination bridge controller device adapted to direct and make compatible communication traffic between a client and the plurality of drives. The combination bridge controller device is further adapted to encrypt a first data package received from the client. The combination bridge controller device is further adapted to transmit the encrypted first data package, a first moniker and a first message authentication code to one of the plurality of drives for storage to a cooperating mobile storage medium. The combination bridge controller device is further adapted to decrypt the first data package when used in combination with a first key associated with the first moniker and guarantee the decryption of the first data package was successfully accomplished with authentication of the first message authentication code.

Abstract: A semiconductor memory may be provided with a built-in test mode that is accessible through a password protection scheme. This enables access to a built-in test mode after manufacturing, if desired. At the same time, the password protection prevents use of the built-in test mode to bypass security features of the memory.

Abstract: A system employs a white list of authorized transactions to control access to system registers. In an embodiment, the white list is loaded into filter registers during system boot. Routing logic monitors a logical interconnect fabric of the system for register access requests. The routing logic parses source, destination information from a request to index the white list. If the white list includes an entry corresponding to the processing entity indicated in the source information and the register indicated in the destination information, the routing logic will permit the requested access.

Abstract: Imaging devices incorporating semi-volatile memory are described herein. According to various embodiments, device driver information may be stored in the semi-volatile NAND flash memory. Other embodiments may be described and claimed.

Abstract: Tenant driven security in a storage cloud is provided. A method includes determining whether a tenant places a physical key into a slot associated with a hard disk provided by a service provider. The method further includes allowing the tenant to have access to the hard disk after determining that the tenant has placed the physical key into the slot.

Abstract: Digital rights management to protect copyrighted materials is a common element of consumers accessing content for a variety of uses including business and recreational. Such techniques have been generally deployed on small items of multimedia content such as individual tracks of music. However, at present despite the penetration of portable electronic devices for texting, telephony, email, and music their use by consumers for video, film, and large multimedia content has been limited in part due to the issues of downloading and handling individual files of hundreds or thousands of MB. It would therefore be beneficial to provide a means to download large multimedia content files and render these upon a variety of portable electronic devices while allowing the downloaded multimedia content to be securely stored within a portable memory device allowing the user to render the content upon their own electronic devices or other electronic devices without re-distributing the content.

Abstract: According to one embodiment, a storage system includes a host device and a secure storage. The host device and the secure storage produce a bus key which is shared only by the host device and the secure storage by authentication processing, and which is used for encoding processing. The host device produces a message authentication code including a message which can be stored in the secure storage based on the bus key, and sends the produced message authentication code to the secure storage. The secure storage stores the message included in the message authentication code in accordance with instructions of the host device. The host device verifies whether the message stored in the secure storage is intended contents.

Abstract: In an embodiment, a secure module is provided that provides access keys to an unsecured system. In an embodiment, the secure module may generate passcodes and supply the passcodes to the unsecured system. In an embodiment, the access keys are sent to the unsecured system after the receiving the passcode from the unsecured system. In an embodiment, after authenticating the passcode, the secure module does not store the passcode in its memory. In an embodiment, the unsecured module requires the access key to execute a set of instructions or another entity. In an embodiment, the unsecured system does not store access keys. In an embodiment, the unsecured system erases the access key once the unsecured system no longer requires the access key. In an embodiment, the unsecured system receives a new passcode to replace the stored passcode after using the stored passcode. In an embodiments, a registration code is generated using non-determinism. In an embodiments, a key is generated using non-determinism.

Abstract: In the conventional method of maintaining the confidential a program, wherein a program to be executed in an information processing device is stored in a hard disk, etc., in an encrypted state and the program is decrypted when it is executed, because a decrypted program is written in memory, the program may be illicitly analyzed by a third person. Provided is memory management method wherein code information or data of a program written in a virtual memory is data which is encrypted and inaccessible by a CPU, and when code fetching or data access to the encrypted area occurs, an interruption process is performed wherein with respect to a management unit of the memory management device including the area, an inaccessible state is changed to an accessible state to perform decryption.

Abstract: The storage system includes first and second disk arrays. The first disk array has a first port coupled to a second port of the second disk array, a port controller controlling the first port, a plurality of disk devices to store data, and a controller managing a plurality of logical units on the plurality of disk drives. The first port controller controls the first port so as to execute, in a time-sharing manner, data transfer corresponding to a initiator task and data transfer corresponding to a target task. The initiator task is generated to execute the data transfer from a first logical unit on the plurality of disk drives of the first disk array to a second logical unit on a plurality of disk drives of the second disk array. The target task is generated to execute the data transfer to receive data from the second disk array.

Abstract: Embodiments of the present invention provide an approach for memory protection at a level of granularity above a “page” level (e.g., enhancing the protection provided by a memory key-based system). The approach further provides such a level of protection at a process or task level by associating the physical page key with a virtual key that corresponds to a particular process/task. When access to the data is requested for a particular process or task, it is determined if a protection bit for the data is set, and if the physical page keys and/or virtual keys submitted pursuant to the request match that previously stored for the data and process/task. If so, access to the data is allowed for the particular process/task.

Abstract: A microprocessor includes a model specific register (MSR) having an address, fuses manufactured with a first predetermined value, and a control register. The microprocessor initially loads the first predetermined value from fuses into the control register. The microprocessor also receives a second predetermined value into the control register from system software of a computer system comprising the microprocessor subsequent to initially loading the first predetermined value into the control register. The microprocessor prohibits access to the MSR by an instruction that provides a first password generated by encrypting a function of the first predetermined value and the MSR address with a secret key manufactured into the first instance of the microprocessor and enables access to the MSR by an instruction that provides a second password generated by encrypting the function of the second predetermined value and the MSR address with the secret key.

Abstract: A system and method for efficiently performing user storage virtualization for data stored in a storage system including a plurality of solid-state storage devices. A data storage subsystem supports multiple mapping tables. Records within a mapping table are arranged in multiple levels. Each level stores pairs of a key value and a pointer value. The levels are sorted by time. New records are inserted in a created newest (youngest) level. No edits are performed in-place. All levels other than the youngest may be read only. The system may further include an overlay table which identifies those keys within the mapping table that are invalid.

Abstract: A lock mechanism can be supported in a transactional middleware system to protect transaction data in a shared memory when there are concurrent transactions. The transactional middleware machine environment comprises a semaphore provided by an operating system running on a plurality of processors. The plurality of processors operates to access data in the shared memory. The transactional middleware machine environment also comprises a test-and-set (TAS) assembly component that is associated with one or more processes. Each said process operates to use the TAS assembly component to perform one or more TAS operations in order to obtain a lock for data in the shared memory. Additionally, a process operates to be blocked on the semaphore and waits for a release of a lock on data in the shared memory, after the TAS component has performed a number of TAS operations and failed to obtain the lock.

Abstract: Embodiments are provided for protecting boot block space in a memory device. Such a memory device may include a memory array having a protected portion and a serial interface controller. The memory device may have a register that enables or disables access to the portion when data indicating whether to enable or disable access to the portion is written into the register via a serial data in (SI) input.

Abstract: A stealth appliance may be coupled between a storage controller and a disk array. The stealth appliance may be configured to receive a request from the storage controller encrypted with a first community-of-interest (COI) key, to decrypt the request with the first COI key, to encrypt the request with a second COI key, and to transmit the encrypted request to the disk array.

Abstract: A host in an encrypted data storage system sends encryption metadata associated with an encrypted logical volume (LV) from a key controller module to an encryption endpoint via a storage I/O stack. The encryption metadata identifies an encryption key and encrypted regions of the LV, and the sending results in establishment of one or more shared associations between the key controller module and the encryption endpoint which associates the encrypted LV with the encryption metadata for the encrypted LV. A data storage operation is performed on the encrypted LV by sending a data storage command from the key controller module to an encrypted region of the encryption endpoint via the storage I/O stack. The encryption endpoint uses the encryption metadata associated with the encrypted LV to cryptographically process data of the data storage operation.

Abstract: A method and system of binding content at first access is disclosed. A non-volatile storage device may provide a content access script and a content binding script in order to access protected content. An accessing application may attempt to access the protected content by executing a content access script. The accessing application must have permission to access and execute the content access script. If the accessing application cannot access or execute the content access script, the accessing application may access and execute the content binding script. The content binding script contains instructions that enable the accessing application to successfully execute the content access script. The content binding script, when executed, may disable itself from being executed again by moving critical information associated with the access to protected data. Thus, the content binding script may be executed once to enable an accessing application to successfully execute the content access script.

Abstract: A data storage device that can be reversibly associated with one or more of a plurality of hosts. A “trusted” host on which the device is mounted is allowed access to a secure data area of the device automatically, without the user having to enter a password. Ways in which a host is designated as “trusted” include storing the host's ID in a trusted host list of the device, storing a representation of the host's ID that was encrypted using a trust key of the device in a cookie in the host, or storing a storage password of the device in a password list of the host. Alternatively, an untrusted host is allowed access to the secure data area if a user enters a correct user password.

Abstract: Management of storage used by pageable guests of a computing environment is facilitated. A query instruction is provided that details information regarding the storage location indicated in the query. It specifies whether the storage location, if protected, is protected by host-level protection or guest-level protection.

Abstract: A printing apparatus to perform a printing operation by driving hardware provided thereto according to a printing command received from a user, including a firmware unit to store function information of a plurality of models of the printing apparatus, and selectively perform the function of one of the plurality of models which corresponds to a model index designated as the printing apparatus is initialized.

Abstract: A method and system for secure access to data files copied onto a second storage device from a first storage device. A computer receives data from a first storage device that is in communication with the computer. A data file is stored to a second storage device. A passkey is generated and associated with the data file. A passkey image file corresponding to the passkey is generated. The passkey image file is transmitted to the first storage device for storage. Subsequent access to the data file on the second storage device requires entry of the passkey. The passkey is only accessible to a user that has access to read the passkey image file on the first storage device.

Abstract: Apparatus, systems, and methods may operate to provide, to a memory device, an obfuscated clear-page address derived from a clear-page address that is not the same as a key-page address and/or providing, to the memory device, an obfuscated key-page address derived from the key-page address when the obfuscated clear-page address is the same as the key-page address. Additional apparatus, systems, and methods are disclosed.

Abstract: A storage device in which file data is divided into multiple blocks for storage on a recording medium is provided. The storage device includes an additional data storing section for storing additional data to be recorded on the recording medium in association with the data to be written, a position determining section for determining recording positions on the recording medium where the blocks should be respectively written, based on the additional data, and a block writing section for writing the respective blocks on the recording positions on the recording medium determined by the recording position determining section. The additional data this defines a gap length between blocks of recorded data. During a read operation, if the gap length does not comport with the additional data, then an error is assumed.

Abstract: Disclosed are a mobile DLP system and method. The mobile DLP system includes a general storage that allows an access in a normal mode and a security mode, an encrypted virtual storage that disallows an access in the normal mode and allows an access in the security mode, a management program that designates the general storage as a write/read area in the normal mode and designates the general storage and the virtual storage as the write/read area in the security mode, a fuse that intercepts a file input/output of an application program including the management program to again set a file input/output path as the virtual storage according to a command of the management program in the security mode, and a VFS engine that performs a bridge function between the application program of an application layer and the fuse of a kernel layer.

Abstract: A method and apparatus for performing a function based on an executable code in response to receiving a request including function parameters are described. The executable code may be validated when loaded in a memory according to a signature statically signed over the executable code. A data location in the memory for storing the function parameters may be determined according location settings included inside the executable code. A target code location for storing a copy of the executable code may be determined based on the location parameters and the determined data location. A function is performed by executing the executable code from the target code location referencing the stored function parameters.

Abstract: There is provided an information processing system having a reader/writer and an information processing apparatus. The reader/writer include a processing section for executing service processing, a processing completion determining section for determining completion of the processing, a control information generating section for generating control information, depending on the determination result and a control information transmitting section for transmitting the control information, and the information processing apparatus includes an internal memory having an access control area, an in-chip communication section for receiving the control information, an internal memory managing section for storing the received control information in the internal memory, a control information obtaining section for obtaining the control information from the internal memory and an access control managing section for setting the access control for the access control area based on the control information.

Abstract: A system and method implementing revocable secure remote keys is disclosed. A plurality of indexed base secrets is stored in a register of a coprocessor of a local node coupled with a local memory. When it is determined that a selected base secret expired, the base secret stored in the register based on the base secret index is changed, thereby invalidating remote keys generated based on the expired base secret. A remote key with validation data and a base secret index is received from a node requesting access to the local memory. A validation base secret is obtained from the register based on the base secret index. The coprocessor performs hardware validation on the validation data based on the validation base secret. Hardware validation fails if the base secret associated with the base secret index has been changed in the register of the selected coprocessor.

Abstract: A method performed by two or more devices of a group of devices in a distributed data replication system may include receiving a group of chunks having a same unique temporary identifier, the group of chunks comprising an object to be uploaded; creating an entry for the object in a replicated index, the entry being keyed by the unique temporary identifier, and the replicated index being replicated at each of the two or more devices; and determining, by an initiating device of the two or more devices, that a union of the group of chunks contains all data of the object. The method may also include calculating a content-based identifier to the object; creating another entry for the object in the replicated index, the other entry being keyed by the content-based identifier; and updating the replicated index to point from the unique temporary identifier to the content-based identifier.

Abstract: Apparatuses, methods, and systems for reconfiguring a secure system are disclosed. In one embodiment, an apparatus includes a configuration storage location, a lock, and lock override logic. The configuration storage location is to store information to configure the apparatus. The lock is to prevent writes to the configuration storage location. The lock override logic is to allow instructions executed from sub-operating mode code to override the lock.

Abstract: A system and method for modifying material related to computer software. The system receives an original disclosure for a software system. A masquerading algorithm is applied to the original disclosure to generate a new disclosure. The subject matter of the new disclosure is different from the original disclosure but has the same functionality. The system also receives original source code for the software system and applies a camouflaging algorithm to the original source code to generate modified source code and conversion data for converting between the modified source code and the original source code.

Abstract: A computing device and method for managing security of a memory or storage device without the need for administer privileges. To access the secure memory, a host provides a data block containing a control command and authentication data to the memory device. The memory device includes a controller for controlling access to a secure memory in the memory device. The memory device identifies the control command in the data block, authenticates the control command based on the authentication data, and executes the control command to allow the host device to access the secure memory.

Abstract: A system and method for efficiently performing user storage virtualization for data stored in a storage system including a plurality of solid-state storage devices. A data storage subsystem supports multiple mapping tables. Records within a mapping table are arranged in multiple levels. Each level stores pairs of a key value and a pointer value. The levels are sorted by time. New records are inserted in a created newest (youngest) level. No edits are performed in-place. All levels other than the youngest may be read only. The system may further include an overlay table which identifies those keys within the mapping table that are invalid.

Abstract: A computer system includes: a first storage apparatus; a second storage apparatus; a first volume of the first storage apparatus; and a second volume of the second storage apparatus; wherein the first volume and the second volume have a copy pair relationship and a host system recognizes the second volume as the same volume as the first volume; and wherein the first storage apparatus sends reservation information of the first volume to the second storage apparatus; and the second storage apparatus controls access from the host system on the basis of the received reservation information.

Abstract: The present disclosure describes apparatuses and techniques for fail-safe key zeroization. In some aspects a periodic counter is activated that is configured to indicate an amount of time that content of a one-time-programmable (OTP) memory is accessible and overwriting of the content of the OTP is caused when the periodic counter reaches a predetermined value effective to zeroize the content. In other aspects a periodic counter is started in response to a power event and one or more encryption keys stored in OTP memory are zeroized if an indication of media drive security is not received within a predetermined amount of time.

Abstract: According to one embodiment, a storage system includes a host device, 2 storing medium. The secure storing medium includes: a memory provided with a protected first storing region which stores secret information sent from the host device, and a second storing region which stores encoded contents; and a controller which carries out authentication processing for accessing the first storing region. The host device and the secure storing medium produce a bus key which is shared only by the host device and the secure storing medium by authentication processing, and which is used for encoding processing when information of the first storing region is sent and received between the host device and the secure storing medium. The host device has the capability to request the secure storing medium to send a status.

Abstract: According to one embodiment, a storage system includes a host device, 2 storing medium. The secure storing medium includes: a memory provided with a protected first storing region which stores secret information sent from the host device, and a second storing region which stores encoded contents; and a controller which carries out authentication processing for accessing the first storing region. The host device and the secure storing medium produce a bus key which is shared only by the host device and the secure storing medium by authentication processing, and which is used for encoding processing when information of the first storing region is sent and received between the host device and the secure storing medium. The host device has the capability to request the secure storing medium to send a status.

Abstract: According to one embodiment, a storage system includes a host device, 2 storing medium. The secure storing medium includes: a memory provided with a protected first storing region which stores secret information sent from the host device, and a second storing region which stores encoded contents; and a controller which carries out authentication processing for accessing the first storing region. The host device and the secure storing medium produce a bus key which is shared only by the host device and the secure storing medium by authentication processing, and which is used for encoding processing when information of the first storing region is sent and received between the host device and the secure storing medium. The host device has the capability to request the secure storing medium to send a status.

Abstract: A detachable storage device can comprise a ram cache, a device controller, and a storage system. The ram cache may be configured to receive data from a digital device. The device controller may be configured to transfer the data from the ram cache to the storage system. The storage system may be configured to store the data at a predetermined event.

Abstract: Aspects of the invention provide for masking a current profile of a one-time programmable (OTP) memory. In one embodiment, a circuit includes: a first one-time programmable (OTP) memory configured to receive a data input for a plurality of address fields; and a second OTP memory configured to receive an inverse of the data input for a plurality of address fields, wherein a current profile for a programming supply for the first OTP memory and the second OTP memory is masked, such that the data input for the first OTP memory is undetectable.

Abstract: A computer system includes a computer, a fingerprint reader, and a security apparatus to apply complete security for the benefit of an authorized user. The computer includes a first interface, a second interface, an account storage unit, and a fingerprint storage unit. The fingerprint reader can connect with the computer through the first interface for inputting fingerprint information. The security apparatus can connect with the computer through the second interface, and includes a password storage module, a first use module, a password modification module, and a normal use module.