Abstract: A computer system includes a computer, a fingerprint reader, and a security apparatus to apply complete security for the benefit of an authorized user. The computer includes a first interface, a second interface, an account storage unit, and a fingerprint storage unit. The fingerprint reader can connect with the computer through the first interface for inputting fingerprint information. The security apparatus can connect with the computer through the second interface, and includes a password storage module, a first use module, a password modification module, and a normal use module.

Abstract: To protect computer programs against security attacks that attempt to corrupt pointers within the address space of the program, the value of a pointer is encrypted each time the pointer is initialized or modified, and then the value is decrypted before use, i.e., each time the pointer is read. Preferably, the encrypting and decrypting steps are effected by instructions generated by a compiler during compilation of the program. One convenient method of implementing the encrypting and decrypting steps is by XOR'ing the pointer with a predetermined encryption key value, which could be specially selected or selected at random.

Abstract: According to an aspect of an embodiment, a disk drive diagnosis apparatus is included in a RAID system in which a RAID control unit and a drive enclosure that encloses a disk drive are interconnected via a fabric switch. The apparatus comprises a virtual login processing unit configured to virtually execute a login process for a fabric switch of a disk drive and a control unit configured to notify the RAID control unit of a result of the virtual login process and disconnect from a connection line for the RAID control unit a disk drive that has not normally performed the virtual login process relative to the drive enclosure.

Abstract: A system and method of enabling a function within a module configured to be used with an information handling system is disclosed. In one form, the method of enabling functions includes detecting whether to install a custom install routine within a module configured to enable access to a hash function, and accessing a lock bit configured to lock access to the hash function. The method can further include detecting whether to set the lock bit to lock access to the hash function.

Abstract: A method and system for authenticating a user receiving device to communicate with a partner service device includes a primary service provider. A user receiving device generates a request for a first encrypted token. The user receiving device communicates the request for the first encrypted token to an authentication web service of the primary service provider. The authentication web service generates the first encrypted token. The primary service provider communicates the first encrypted token to the user receiving device. The user receiving device communicates the first encrypted token to the partner service provider. The partner service provider communicates data to the user receiving device after receiving the first encrypted token.

Abstract: Systems, methods, computer programs, and devices are disclosed herein for partitioning the namespace of a secure element in contactless smart card devices and for writing application data in the secure element using requests from a software application outside the secure element. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. A control software application resident in the same or a different secure element provides access types and access bits, for each access memory block of the secure element namespace, thereby portioning the namespace into different access types. Further, a software application outside the secure element manages the control software application by passing commands using a secure channel to the secure element, thereby enabling an end-user of the contactless smart card device or a remote computer to control the partitioning and use of software applications within the secure element.

Abstract: The subject disclosure is directed towards establishing more direct access to a storage device from unprivileged code. Using a storage infrastructure mechanism to discover and enumerate storage architecture component(s), a user mode application requests at least one portion of the storage device to store application-related data. The storage infrastructure mechanism determines whether the application is authorized to access the storage device and if satisfied, the storage infrastructure mechanism configures at least one path for performing block-level input/output between the storage device and an unprivileged storage architecture component.

Abstract: A method for detecting virtual images in a network, the network including a host system and a plurality of physical devices in operable communication with one another, includes forming a query packet at the host system; providing the query packet to at least one of the plurality of physical devices; forming at the at least of the plurality of physical devices a first vector in response to the query packet, the first vector including a bit for each possible virtual image that may be formed in the at least one of the plurality of devices and indicating which of the virtual images are configured and addressable; and providing the first vector to the host system.

Abstract: A method and apparatus for providing portable end-point security are provided. In one embodiment, a PEPS system may include a PEPS processor having a memory operatively coupled thereto, the memory having stored therein instructions which when executed by the PEPS processor causes: an automatic loader to automatically trigger loading of the PEPS system; the PEPS system including a malicious software detector to scan a main memory of the computing system for malicious software; and wherein the malicious software detector performs a scan of the main memory of the computing system following triggering of the PEPS system by the automatic loader by comparing existing data in main memory of the computing system with indicia of malicious software.

Abstract: Methods of operating memory systems and memory systems are disclosed, such as a memory system having a memory array storing a code generating program to instruct a processor to generate a code, and a register to store a code generated by the processor, where the register is configured to allow a write operation to the memory array in response to a match of a code stored in the register and where the match is controlled in response to a request from a utility program being executed by the processor.

Abstract: Described are techniques for processing recovery points. One or more storage objects for which data protection processing is performed are determined. The data protection processing includes copying data for each of said one or more storage objects to one or more data protection storage devices. One or more recovery points corresponding to each of said one or more storage objects are determined. For each of the one or more recovery points corresponding to each of the one or more storage objects, performing processing including determining whether said each recovery point is at least one of recoverable in accordance with recoverable criteria and restartable in accordance with restartable criteria.

Abstract: A method includes providing a persistent common view of data, services, and infrastructure functions accessible via one or more shared storage systems of a plurality of shared storage systems of a virtual shared storage system. The method includes applying different governance policies to two or more shared storage systems of the plurality of shared storage systems. The method includes restricting access to first content accessible via a first shared storage system of the plurality of shared storage systems based on a security level associated with a data consumer. The first content corresponds to at least one of first data, a first service, and a first infrastructure function.

Abstract: A method providing a persistent common view of data, services, and infrastructure functions accessible via a plurality of shared storage systems of a virtual shared storage system. The method includes applying different governance policies at two or more shared storage systems of the virtual shared storage system. The method includes transferring content from a particular shared storage system to a requesting device without using at least one of a server session, an application-to-server session, and an application session. The content corresponds to at least one of data, a service, and an infrastructure function provided via the particular shared storage system.

Abstract: A method includes providing a persistent common view of a virtual shared storage system. The virtual shared storage system includes a first shared storage system and a second shared storage system, and the persistent common view includes information associated with data and instructions stored at the first shared storage system and the second shared storage system. The method includes automatically updating the persistent common view to include third information associated with other data and other instructions stored at a third shared storage system in response to adding the third shared storage system to the virtual shared storage system.

Abstract: Provided are a computer readable storage medium, computer apparatus, and method for securely managing the execution of screen rendering instructions in a host operating system and virtual machine. A first rendering instruction hooking section is set to a first mode to hook a screen rendering instruction issued by a virtual machine application in a virtual machine. A second rendering instruction hooking section is set to a second mode to hook instructions issued by the virtual machine application. The hooked screen rendering instruction issued by the virtual machine application are encrypted in response to the setting of the first mode to produce illegible output. The hooked screen rendering instruction issued by the virtual machine application are encrypted in response to the setting of the second mode. The encrypted hooked screen rendering instruction encrypted in the second mode are issued to a host operating system to decrypt.

Abstract: A method and apparatus for interfacing a host computer with a hard drive cartridge is disclosed in one embodiment. The virtual device interface is divided between a kernel component in a driver stack of the kernel space and a user component configured to run in user space. The kernel component passes data commands from the operating system to a cartridge dock while separating other commands that are passed to the user component. The user component authenticates the kernel component and/or the hard drive cartridge. Use of the removable hard drive cartridge is also authorized by the user component.

Abstract: A method to qualify access to a block storage device via augmentation of the device's controller and firmware flow. The method employs one or more block exclusion vectors (BEVs) that include attributes specifying allowed access operations for corresponding block address ranges. Logic in accordance with the BEVs is programmed into the controller for the block storage device, such as a disk drive controller for a disk drive. In response to an access request, a block address range corresponding to the storage block(s) requested to be accessed is determined. Based on the BEV entries, a determination is made to whether the determined logical block address range is covered by a corresponding BEV entry. If so, the attributes of the BEV are used to determine whether the access operation is allowed.

Abstract: Image data obtained by photographing an object using a camera is stored in a storage medium that can be attached to and detached from the camera. The camera includes a device program storage unit and an information writing unit. A device program that can be executed by an information processing device, which is different to the camera, is stored in the device program storage unit. The information writing unit is constituted to be capable of writing the device program to the storage medium attached to the camera. While writing the device program to the storage medium, the information writing unit writes the device program in a format enabling the information processing device to read and execute the device program automatically when the storage medium is attached to the information processing device.

Abstract: A system and method of creating and managing encryption keys in a data processing device generates subsequent encryption keys by combining the existing encryption key with an existing password and seed value. In the preferred embodiment, the initial encryption key is embedded during manufacture and is unknown to the user and manufacturer, thus ensuring that all subsequent encryption keys are derived from an unknown value. When a subsequent encryption key is generated, all data encrypted using the existing encryption key is decrypted using the existing encryption key and re-encrypted using the subsequent encryption key before the existing encryption key is overwritten. In a further aspect, during encryption/decryption the encryption key is combined with the sector address of the data to be encrypted/decrypted in order to generate a unique key for each sector of data to be encrypted/decrypted.

Abstract: Embodiments of the present invention provide a method of managing access of multiple client computers to a storage system that supports a limited number of logins. The method comprises, in response to a request to enable a subset of the clients to access resources of the storage system to perform a task, automatically configuring the storage system to provide the subset of the clients access to the resources, and, when the task is completed, automatically re-configuring the storage system so that the subset of the clients is no longer provided with access to the resources of the storage system.

Abstract: A detachable storage device can comprise a memory, circuitry, and a user interface. The memory may comprise a storage partition. The circuitry may be configured to authorize access to the storage partition to a digital device when the detachable storage device is coupled to the digital device based, at least in part, on a user code. The user interface may be configured to receive the user code while the detachable storage device is within a detached state and provide the user code to the circuitry to allow access to the storage partition.

Abstract: A memory for protecting data includes a first storage area storing a number of encryption keys, a second storage area receiving the encryption keys from the first storage area and storing again the received encryption keys, and a selection unit selecting one of the encryption keys stored in the second storage area according to a control signal, and encoding data input from outside the memory using a selected encryption key or decoding the data stored in the first storage area using the selected encryption key.

Abstract: A storage device in which file data is divided into multiple blocks for storage on a recording medium. The storage device includes an additional data storing section for storing additional data to be recorded on the recording medium in association with the data to be written, a position determining section for determining recording positions on the recording medium where the blocks should be respectively written, based on the additional data, and a block writing section for writing the respective blocks on the recording positions on the recording medium determined by the recording position determining section. The additional data thus defines a gap length between blocks of recorded data. During a read operation, if the gap length does not comport with the additional data, then an error is assumed.

Abstract: A memory card of one published standard, such as the Multi-Media Card (MMC) or Secure Digital Card (SD), is modified to include the function of a Subscriber Identity Module (SIM) according to another published standard. The controller of the memory card communicates between electrical contacts on the outside of the card and both the memory and the SIM. In one specific form, the memory card has the physical configuration of the current Plug-in SIM card with a few external contacts added to accommodate the memory controller and data memory. In another specific form, the memory card has the physical configuration of the current SD card, including external contacts.

Abstract: A method and system for authenticating a partner service provider and a primary service provider includes a network and, a partner service provider generating a request for a first encrypted token from a partner service provider and communicating the request to the network. An authentication web service receives the request for the first encrypted token from the network and generates the first encrypted token. The partner service provider generates a request for data with the first encrypted token and communicates the request for data to the network. A data web service receives the request for data and communicates the request for data from the data web service to the authentication web service. The authentication web service validates the request for data and communicates a validation result to the data web service. The data web service communicates data to the partner service provider from the data web service after validating.

Abstract: A server receives a consumer request pertaining to product asset management from a client. The consumer request comprises one or more product-related certificates that associates the client with one or more products. The product-related certificate comprises at least one extended attribute object identifier that has a corresponding product attribute. For each extended attribute object identifier, the server searches a data store to identify a product that corresponds to the extended attribute object identifier and generates a response to the consumer request based on the product that is identified in the data store.

Abstract: A monitoring system includes at least one monitoring devices coupled to electrical power distribution system at selected locations for collecting data related to the operation of the monitored system. The monitoring device(s) includes a communication port and processors programmed to segment the collected data into blocks optimized for user analysis operations, encrypt the segmented blocks of data, bundle the encrypted blocks of data with unencrypted metadata that identifies the data blocks by at least the monitoring location at which the encrypted blocks of data were obtained and the type of data, and transmit the encrypted blocks of data with the unencrypted metadata. The system includes at least one client device that has a communication port that is coupled to the monitoring device(s) and the client device and that has a processor programmed to generate and transmit queries regarding selected ones of the encrypted blocks of data.

Abstract: A platform and method for secure handling of events in an isolated environment. A processor executing in isolated execution “IsoX” mode may leak data when an event occurs as a result of the event being handled in a traditional manner based on the exception vector. By defining a class of events to be handled in IsoX mode, and switching between a normal memory map and an IsoX memory map dynamically in response to receipt of an event of the class, data security may be maintained in the face of such events.

Abstract: A key device with external storage and its method of use, which relates to the computer security technology field, is disclosed herein. The key device with external storage consists of a micro-controller unit and an off-chip mass storage. The micro-controller unit comprises a host interface module, a CPU, a key data storage module, a firmware program storage module, and an off-chip mass storage interface module. The method of using the key device with external storage includes: the key device builds connection with the host and reports itself as a mass storage device; the host starts the application program; and the user uses and manages the information. The usability of the key device is improved by adding off-chip mass storage in the key device, which makes the user use and manage the files in the key device easily as well.

Abstract: A system and method provide for integrating a Basic Input/Output System (BIOS) Read-Only-Memory (ROM) image. A method includes but is not limited to opening a BIOS modification application; opening a target BIOS binary image within the BIOS modification application; and adding an electronic security and tracking system and method (ESTSM) ROM image to the target BIOS binary image.

Abstract: A content addressable storage (CAS) system is provided in which each storage unit is assigned to one of a plurality of sibling groups. Each sibling group is assigned the entire hash space. Within each sibling group, the hash space is partitioned into hash segments which are assigned to the individual storage units that belong to the sibling group. Chunk retrieval requests are submitted to all sibling groups. Chunk storage requests are submitted to a single sibling group. The sibling group to which a storage request is submitted depends on whether any sibling group already stores the chunk, and which sibling groups are considered full.

Abstract: An encryption device can include a tweaking value manager that is configured to generate an array of tweaking values corresponding to the array of data blocks based on a tweaking encryption key, a first encryption unit that is configured to encrypt a first portion of the array of data blocks into a first portion of encrypted data blocks based on corresponding tweaking values and a data encryption key, a second encryption unit that is configured to encrypt a second portion of the array of data blocks into a second portion of encrypted data blocks based on corresponding tweaking values and the data encryption key, and a data block combiner that is configured to combine the first portion of encrypted data blocks and the second portion of encrypted data blocks into an array of encrypted data blocks.

Abstract: An object reference is tagged with an isolation permission modifier. At least two permissions can be included, and in an example three permissions are included. In implementing the permissions, type modifiers for controlling access to type members through references pointing at an object are defined. One of the type modifiers is associated with each occurrence of a type name. Each of the of type modifiers defines a different access permission to restrict operations on the object to which the reference points.

Abstract: A computer-implemented method for data-loss prevention may include: 1) identifying data associated with a user, 2) determining that the data is subject to a data-loss-prevention scan, 3) identifying a data-loss-prevention reputation associated with the user, and then 4) performing a data-loss-prevention operation based at least in part on the data-loss-prevention reputation associated with the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system, method, and medium for implementing I/O fencing in a virtual machine cluster sharing virtual storage objects. A volume manager driver receives access requests from virtual machines directed to a virtual storage object such as a volume. The volume manager driver then translates the access request to point to a storage device underlying the volume. The access request includes keys and/or other group reservation data required to implement an I/O fencing method so as to prevent access to shared data by malfunctioning or non-responsive virtual machines.

Abstract: In order to reduce power consumption and shorten the waiting time until printing, the PC, controlling the MFP that is maintained in a sleep mode instead of being switched to a standby mode when a print job having a printing method set to confidential printing is received while it is in the sleep mode, includes a setting accepting portion to accept setting for printing, a job generating portion to generate a print job based on the accepted setting, a job transmitting portion to transmit the generated print job to the MFP, and a command transmitting portion to transmit a wake-up command to switch the MFP to the standby mode when the setting of the confidential printing as the printing method is accepted and when there is a wake-up instruction.

Abstract: Embodiments of the present disclosure provide methods and systems for managing securely installed applications. After installation, an installation framework performs a bind process to correlate the randomly assigned identifier with the unique identifier of the application. The installation framework also manages the execution of the application. When an application is launched, the application framework performs a search for that application's randomly assigned identifier and locates the application's container. The application is then allowed to execute within its container. During execution, the software application may also be restricted in various ways by the installation framework to its dynamic containers. The installer may also work with a trusted operating system component, such as the kernel, to help enforce the container restrictions. In addition, if desired, the use of random identifiers for containers may be used in conjunction with other security mechanisms, such as the use of code signing.

Abstract: A storage device is protected, when interfaced with a host device, by operating a security processor of the storage device in a “security” mode in which the security processor filters commands that are received from the host device and are targeted to the storage controller, and upon determining by the security processor that the “security” mode is no longer required, by operating the security processor in a “safe” mode in which the security processor (i) does not filter commands it receives from the host device and (ii) forwards to a storage controller of the storage device such unfiltered commands.

Abstract: A secure data system employs a storage media and a storage drive. A storage media identification key is embedded in a non-user modifiable area of the storage media and associated with data recorded on the storage media. The storage drive includes a memory having a storage drive identification key embedded therein. In operation, the storage drive allows access to the data recorded on the storage media based on a validation by the storage drive of the storage drive identification key as a function of the storage media identification key.

Abstract: A storage system that enables the use of a plurality of keys respectively stored in a plurality of storage units of a storage device is provided. The storage system includes a storage device including a first storage unit and a second storage unit that are recognized as a single storage device, wherein the first storage unit is configured to store a first key, the second storage unit is configured to store a second key different from the first key, and a controller is configured to transmit to the storage device one of a first key-read control signal that includes information about the first storage unit and a second key-read control signal that includes information about the second storage unit and receive the first key and the second key as identification information of the storage device in response to the first key-read control signal and the second key-read control signal, respectively.

Abstract: A method performed by two or more devices of a group of devices in a distributed data replication system may include receiving a group of chunks having a same unique temporary identifier, the group of chunks comprising an object to be uploaded; creating an entry for the object in a replicated index, the entry being keyed by the unique temporary identifier, and the replicated index being replicated at each of the two or more devices; and determining, by an initiating device of the two or more devices, that a union of the group of chunks contains all data of the object. The method may also include calculating a content-based identifier to the object; creating another entry for the object in the replicated index, the other entry being keyed by the content-based identifier; and updating the replicated index to point from the unique temporary identifier to the content-based identifier.

Abstract: A data management method for a data storage device includes receiving a write request; partitioning the file into first and second portions; encrypting the first portion, and storing the encrypted first portion in a first storage medium and the second portion in a second storage medium.

Abstract: The present invention describes a method for performing one or more social engineering attacks on a plurality of humans connected in a network for assessing vulnerabilities of the humans, wherein the Network comprises at least one of a plurality of data processing devices, memory devices and a plurality of communication links. The method includes gathering information about human profiles including collecting information about target users from actively used social and search sites and performing an automated Social Engineering (SE) phase and updating an Information Model based on the gathered information. Furthermore, the method includes generating a Multiple Attack Vector (MAV) graph based on the information gathered and one or more scan parameters. Moreover, the method includes launching one or more social engineering attacks based on the MAV graph to assess vulnerabilities in the humans in the Network.

Abstract: A method is for controlling access to a data file of an IC card and may include storing a plurality of access conditions to be evaluated for accessing the data file, and enabling access to the file if the access conditions are satisfied. The method may further include ordering the access conditions to be evaluated in a Reverse Polish Notation inside a memory queue of the IC card, and evaluating the access conditions starting from a head of the memory queue.

Abstract: Management of storage used by pageable guests of a computing environment is facilitated. A query instruction is provided that details information regarding the storage location indicated in the query. It specifies whether the storage location, if protected, is protected by host-level protection or guest-level protection.

Abstract: A method and apparatus are utilized to manage keys associated with encrypted stored information. Sensitive information is stored in an encrypted form, and by creating and deleting the keys needed to decrypt information according to a time-based policy, the convenient expiration of stored data can be realized. By periodically erasing old keys and creating new keys, information that has not been written recently becomes virtually deleted. A refresh policy can be utilized to cause information that is read to be re-encrypted using a newer key, thereby extending the time before it will become inaccessible.

Abstract: A memory device and method for embedding host-identification information into content are disclosed. In one embodiment, a memory device is provided comprising a memory operative to store content and a controller in communication with the memory. The controller is operative to receive a credential comprising host-identification information from a host in communication with the memory device, authenticate the host using the credential, receive a request from the host to play content stored in the memory, embed the host-identification information into the content, and send the content with the embedded host-identification information to the host.

Abstract: A secure memory card with encryption capabilities comprises various life cycle states that allow for testing of the hardware and software of the card in certain of the states. The testing mechanisms are disabled in certain other of the states thus closing potential back doors to secure data and cryptographic keys. Controlled availability and generation of the keys required for encryption and decryption of data is such that even if back doors are accessed that previously encrypted data is impossible to decrypt and thus worthless even if a back door is found and maliciously pried open.

Abstract: A key data recording device includes a key data recording medium section which stores key data of the encrypted data; and a reading/writing section which reads and writes the key data from and into the key data recording medium section, which sections are contained in a cartridge casing accommodatable in a library unit. When the cartridge casing is irregularly ejected from the library unit, the key data recorded in the key data recording medium section is deleted. This configuration can enhance the confidentiality of encrypted data because the key data is not leaked even when the recording medium in which key data of the encrypted data is recorded is carried away.

Abstract: In a memory system using a removable recording medium and data stored in the recording medium, identifying information for identifying each recording medium from others is held in the recording medium, and when data stored in the recording medium is used, the identifying information of the recording medium is required. As a result, when a flash memory card, etc. is used, a copyright is reliably protected.