Abstract: A method for security monitoring of an electronic device includes determining whether a storage system of the electronic device is a secured storage system according to a signal of a first switch of the electronic device, determining whether an encryption key of the secured storage system is modifiable according to a detected signal of a second switch of the electronic device. Decrypting the secured storage system using a decryption key if the decryption key is the same as a preset decryption key in the secured storage system.

Abstract: An integrated circuit device includes a first plurality of non-volatile memory locations such as fuses that supply programmed values corresponding to initially selected device features such as voltage, frequency, clock speed, and cache parameters. The device is programmed with a lock value in a second plurality of non-volatile memory locations. That lock value may be a randomly generated number that is unique for each device. After initial programming of the device, access to the device is prevented by appropriately programming access control. In order to unlock the device and modify device features, an unlock key value is supplied to the device. If the unlock key value correctly corresponds to the lock value, the device features can be modified. In that way device features can be modified, but security is maintained to prevent unauthorized modification to device features.

Abstract: A device and method is provided for commonly and securely allowing, as access control on a memory card, a plurality of information processing apparatuses to lock/unlock the memory. On the basis of a lock command input from an information processing apparatus serving as a host, such as a PC, an information storage device, such as a memory card, determines whether (a) a standard lock key set serving as a key set prohibiting output or (b) an export lock key set serving as a key set permitting output is detected and stores corresponding key set information. Only when the export lock key set is detected, output is permitted provided that predetermined verification succeeds.

Abstract: According to an embodiment of the invention, a method for operating a data processing machine is described in which data about a state of the machine is written to a location in storage. The location is one that is accessible to software that may be written for the machine. The state data as written is encoded. This state data may be recovered from the storage according to a decoding process. Other embodiments are also described and claimed.

Abstract: A processor, circuit and method provide for fast decryption of encrypted program instructions for execution by the processor. A programmable look-up coding is used to decode a field within the instructions. The decoded field for the instructions are recombined with the remaining portion of the same instructions to yield the decoded instructions. The programmable look-up coding can be programmed and controlled by a process executing at a higher privilege level than the program represented by the instructions, so that security against code-modifying attacks is enhanced.

Abstract: A data object is stored in a hosted storage system and includes an access control list specifying access permissions for data object stored in the hosted storage system. The hosted storage system provides hosted storage to a plurality of clients that are coupled to the hosted storage system. A request to store a second data object is received. The request includes an indicator that the first data object stored in the hosted storage system should be used as an access control list for the second data object. The second data object is stored in the hosted storage system. The first data object is assigned as an access control list for the second data object stored in the hosted storage system.

Abstract: Encryption using copy-on-encrypt determines that plaintext data stored in a plaintext buffer is to be written out to an encrypted storage resource. In response to the determining, an encryption buffer is allocated. The plaintext data is copied from the plaintext buffer to the encryption buffer and the encryption buffer is encrypted. Encrypted data from the encryption buffer is written to the encrypted storage resource. The encryption buffer is de-allocated. Read or write requests from a client are satisfied by retrieving the plaintext data from the plaintext buffer.

Abstract: Embodiments are directed towards employing a plurality of single use passwords to provide phishing detection and user authentication. A user receives a plurality of single use passwords that expire within a defined time period after having been sent to a registered device. During a login attempt, the user enters a user name and a requested one of the passwords, which once entered expires. If valid, the user then enters a portion of another password to complete a displayed portion of a password, and a specified other one of passwords. If the displayed portion of the other passwords does not match any portion of one of passwords, then the user may detect a phishing attempt and terminate the login. If the user correctly the password data, the user may then access secured data. Each new login request requires a different set of passwords to be used.

Abstract: An information processing apparatus and method configured to access multiple external storage medium. The apparatus and method detect theft or loss (or otherwise unauthorized use) of the information processing apparatus with respect to data stored in multiple storage areas, back up the data to the storage medium, and record, in association with each of the storage medium, an easiness degree indicating how easily a user accesses the storage medium. The apparatus and method calculate erasure priority rankings of the data stored in a manner that an erasure priority ranking is higher as an easiness degree is higher, record the calculated erasure priority rankings in association with each of the multiple storage areas, and erases the data stored in the multiple storage areas in accordance with the erasure priority rankings when detecting theft or loss of the information processing apparatus.

Abstract: A method includes: computing a first message authentication code for each of a plurality of sets of data blocks on a data storage medium, and authenticating the sets of data blocks by computing a second message authentication code for each of the sets of data blocks to be authenticated and comparing the first and second message authentication codes. An apparatus that performs the method is also provided.

Abstract: A data storage device is disclosed comprising a non-volatile memory, a logical block address (LBA) table for storing plaintext data used to access the non-volatile memory, and control circuitry including a secure processor and a device processor. The secure processor is operable to initialize the LBA table with at least one authentication code over the plaintext data, and verify the authentication code over the plaintext data. The device processor is operable to receive an access command from a host, evaluate the plaintext data in the LBA table to determine whether to allow the access command, and when the access command is allowed, execute the access command.

Abstract: An architecture is presented that facilitates integrated security capabilities. A memory module is provided that comprises non-volatile memory that stores security software and a security processor that accesses the security software from the nonvolatile memory and performs security functions based on the security software stored. Further, a host processor located outside of the memory module arbitrates with the security processor for access to the non-volatile memory. The memory module in communication with the host processor establishes a heightened level of security that can be utilized in authentication services and secure channel communications.

Abstract: Provided is a host computer which is connected to a system resource through n (n?2) number of paths. The host computer includes: a plurality of logical partitions accessible to the system resource; an allocation unit that allocates the paths to the plurality of logical partitions; and an allocation table. The allocation table is user configurable and stores, in a correlated manner, information indicating the logical partitions and information capable of indicating the number of paths to be allocated to the logical partitions indicated by the information. The allocation unit allocates the paths to the logical partitions in accordance with the allocation table. This makes it possible to secure the I/O response also for logical partitions having a small amount of I/O.

Abstract: Proposed are a computer system and an access restriction method which enable security and reliability to be improved. In a computer system that comprises a first storage apparatus which provides a first logical volume from/to which a host apparatus reads and writes data, and a second storage apparatus which provides a virtual second logical volume obtained by virtualizing the first logical volume of the first storage apparatus, to the host apparatus, first path information which relates to a path from the host apparatus to the second logical volume is registered in the first storage apparatus in association with the first logical volume of the first storage apparatus, and reservation of and access to the first logical volume is granted only for a reservation request and access request with matching path information from the host apparatus.

Abstract: The method is for protecting the digital contents of a solid state memory including a microprocessor. A microprocessor inserts at least an interruption during a copy or a reading of the digital contents and proceeds with the copy or reading only subsequently to a verification of a PIN. In particular, the verification provides control that the PIN is inserted manually. Also, a solid state memory includes a microprocessor programmed for inserting at least an interruption in a copy or reading of digital contents of the memory, for verifying a PIN, and for proceeding with the copy or the reading, if the PIN is inserted correctly.

Abstract: An access control method of a semiconductor device includes providing an inputted password as an input of a hash operator; performing a hash operation in the hash operator and outputting a first hash value; controlling the hash operator so that the hash operation is repeatedly performed in the hash operator by providing the first hash value as an input of the hash operator when the first hash value and a second hash value stored in a nonvolatile memory do not coincide; and setting an access level with respect to the inner circuit according to the repetition number of times of the hash operation of the hash operator when the first and second hash values coincide.

Abstract: A method, system, and computer usable program product for using a dual mode reader writer lock. A contention condition is detected in the use of a lock in a data processing system, the lock being used for managing read and write access to a resource in the data processing system. A determination of the data structure used for implementing the lock is made. If the data structure is a data structure of a reader writer lock (RWL), the data structure is transitioned to a second data structure suitable for implementing the DML. A determination is made whether the DML has been expanded. If the DML is not expanded, the DML is expanded such that the data structure includes an original lock and a set of expanded locks. The original lock and each expanded lock in the set of expanded locks forms an element of the DML.

Abstract: Systems, methods and media for providing to a plurality of WPARs private access to physical storage connected to a server through a VIOS are disclosed. In one embodiment, a server is logically partitioned to form a working partition comprising a WPAR manager and individual WPARs. Each WPAR is assigned to a different virtual port. The virtual ports are created by using NPIV protocol between the WPAR and VIOS. Thereby, each WPAR has private access to the physical storage connected to the VIOS.

Abstract: A method of managing a software license comprises loading a software program into volatile memory, obtaining authorization data, modifying a portion of the volatile memory relied upon by the program in accordance with the authorization data, executing the program, and causing the modifications to be deleted from the volatile memory. In some embodiments, selection criteria compared with the authorization data does not contain information corresponding to all of the content of the authorization data, thereby denying a software attacker the benefit of identifying and exploiting the selection criteria.

Abstract: A print-order receiving apparatus includes a first memory unit for storing an administrator password used to determine whether or not to allow access to administrative information, a second memory unit for storing an order-confirmation password used to determine whether or not to perform printing, a first data-reading unit for reading image data from a first portable recording medium, a password requesting unit for requesting input of the order-confirmation password during an operation of receiving a print-order regarding the read image data, a second data-reading unit for reading password data from a second portable recording medium when the order-confirmation password is requested, and a print-determination unit for checking whether the read password data and the order-confirmation password match and for determining whether or not to print the image data.

Abstract: A method, in one embodiment, can include a server receiving a message to deactivate a partition key of an object based storage system. A token of the object based storage system is signed by the partition key. The object based storage system includes the server. Additionally, after receiving the message, the server can deactivate the partition key to block access to a partition of the object based storage system by a client. The server includes the partition.

Abstract: Embodiments of methods to securely bind a disk cache encryption key to a cache device are generally described herein. Other embodiments may be described and claimed.

Abstract: A microcontroller system, such as a system-on-a-chip integrated circuit, including a processor (e.g., a Von Neumann processor), memory, and a memory protection unit (MPU), where the MPU provides execute-only access rights for one or more protected areas of the memory. The MPU can allow instructions fetched from within a protected area to access data in the protected area while preventing instructions fetched from outside the protected area from accessing data in the protected area.

Abstract: An automatic banking machine includes a card reader for reading user cards, and a cash dispenser. The automated banking machine carries out banking transactions related to user accounts based on information read from cards. The automated banking machine provides a printed receipt for transactions conducted. The machine carries out transactions when operatively connected to a source of AC power and a transaction network. The machine also carries out certain exception instructions when disconnected from its power source and/or network connection.

Abstract: A mass storage device capable of accessing a network storage in response to an access request of an electronic device electrically connected to the mass storage device, the mass storage device includes a first memory unit comprising a file management table for storing a first mapping relationship between a logical address and a network address of the network storage, and a controller for receiving an access request corresponding to the logical address from the electronic device and accessing a file in the network storage according to the network address through a network interface.

Abstract: Apparatuses, methods, and systems for reconfiguring a secure system are disclosed. In one embodiment, an apparatus includes a configuration storage location, a lock, and lock override logic. The configuration storage location is to store information to configure the apparatus. The lock is to prevent writes to the configuration storage location. The lock override logic is to allow instructions executed from sub-operating mode code to override the lock.

Abstract: Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, and a computer-readable medium communicatively coupled to the processor. The computer-readable medium may have instructions stored thereon, the instructions configured to, when executed by the processor: (i) periodically store, during an encryption or decryption operation performed on the computer-readable medium, one or more variables indicative of an encryption status of a volume of the computer-readable medium; (ii) determine, based on the one or more variables, whether the volume is in a partially encrypted or decrypted state; and (iii) in response to a determination that the volume is in a partially encrypted or decrypted state, boot from the volume and continue the encryption or decryption operation.

Abstract: A method and device for writing a binary count of a length n to a memory having a limited number of write cycles, a physical storage location of bits (R-bits) of the count in the memory are periodically changed, fixed bits of the count are stored at fixed physical storage locations, and a bit value pattern of the fixed bits is used as an indicator for the physical storage locations of the changing bits (R-bits).

Abstract: An access key generating apparatus includes: a bit field converting unit which converts a partial bit field into a reduced bit field having a bit width shorter than a bit width of the partial bit field; an access key retaining unit which retains a plurality of access keys to control access to a memory from peripheral devices in association with each of the peripheral devices; and an indexing unit which indexes the access keys from the access key retaining unit using an index address including the reduced bit field if the conversion of the partial bit field into the reduced bit field is successful, and indexes the access keys from the access key retaining unit using an index address including the partial bit field if the conversion of the partial bit field into the reduced bit field is unsuccessful.

Abstract: A microcomputer includes a CPU, a protection information storage configured to store memory protection information specifying an access permission or prohibited state to a memory space by a program executed by the CPU, a memory access control apparatus configured to determine whether or not to allow a memory access request from the CPU according to the memory protection information and a reset apparatus configured to invalidate the memory protection information stored in the protection information storage according to a reset request signal output from the CPU.

Abstract: A method and apparatus for performing a function based on an executable code in response to receiving a request including function parameters are described. The executable code may be validated when loaded in a memory according to a signature statically signed over the executable code. A data location in the memory for storing the function parameters may be determined according location settings included inside the executable code. A target code location for storing a copy of the executable code may be determined based on the location parameters and the determined data location. A function is performed by executing the executable code from the target code location referencing the stored function parameters.

Abstract: A memory storage device and a memory controller and an access method thereof are provided. The memory storage device includes a rewritable non-volatile memory chip having a plurality of physical blocks. The access method includes configuring a plurality of logical blocks to be mapped to a part of the physical blocks and dividing the logical blocks into at least a first partition and a second partition, wherein the first partition records an auto-execute file. The access method also includes determining whether a trigger signal is existent and sending a media ready message to a host system if the trigger signal is existent, so as to allow the host system to automatically run the auto-execute file and receive a first password. The access method further includes determining whether to provide the logical blocks in the second partition to the host system according to the first password received from the host system.

Abstract: Systems and methods for managing storage devices are provided. The system includes a storage device having at least one hidden area. The hidden area is created using initialization firmware, and the hidden area is allowed to be accessed by using a library. A password authentication mechanism is applied to the hidden area of the storage device. When an input password received via a specific application conforms to a predefined password of the hidden area, the hidden area is allowed to be accessed by using the library. Since the storage device may have a plurality of hidden areas, and each hidden area may have a respective password, the respective hidden areas can be independently and securely managed.

Abstract: Methods are disclosed for determining, based on a pass code inputted by a user, whether the user can access a particular feature of a mobile device. Features may include access to the device itself, products, services, applications, or the like. The mobile device requests access to the feature, and is sent display information for a plurality of icons, which indicates where each icon is to be displayed. An ordered selection of icons is received to determine whether the ordered selection matches a predetermined ordered selection. If they match, the user is allowed to access the feature of the mobile device.

Abstract: The present invention relates to a computer information security system and method, the system includes a connection device and a sensor. When the connection device plug in to the predetermined computer, the sensor and the connection device are conjoint, a first identification code can be stored to the computer through the connection device, and generated an initialization setting of the second identification code to the sensor through the connection device.

Abstract: A method of protecting data in a computer system against attack from viruses and worms comprising; modifying micro-code of a processor of system to be protected to remove homogeneity between processors from a manufacturer; modifying op-codes of an application to match modified micro-code of the processor prior to execution.

Abstract: Processor arrangement having a first processor, a second processor, and at least one memory configured to be shared by the first processor and the second processor. The second processor has a memory interface configured to provide access to the at least one memory, and a processor communication interface configured to provide a memory access service to the first processor. The first processor has a processor communication interface configured to use the memory access service from the second processor. The first processor and the second processor use at least one cryptographic mechanism in the context of the memory access service.

Abstract: A method for protecting data in the hard disk is provided. The method is suitable for a computer system and includes the following steps. First, a plurality of specification parameters conforming to the computer system is read. Next, a part of the specification parameters are encoded for obtaining a recognition byte. Then, when the computer system writes data to a hard disk, a specific operation is performed to a byte read or written by the hard disk and the recognition byte for maintaining a security of the data in the hard disk.

Abstract: The present invention aims to provide an apparatus capable of determining whether or not content is permitted to be taken out, by managing contents permitted to be taken out. One aspect of the invention is characterized by comprising: a storage means that stores therein taking-out-permitted-content identification data which is data generated on the basis of a part or entirety of each content permitted to be taken out; and a generating means that generates the taking-out-permitted-content identification data. Another aspect of the present invention is characterized by comprising: a storage means that stores therein taking-out-permitted-content identification data which is data generated on the basis of a part or entirety of each content permitted to be taken out to the outside; and an approving means that determines whether a content is permitted to be taken out, with reference to the taking-out-permitted-content identification data.

Abstract: A detachable storage device can comprise a memory, circuitry, and a user interface. The memory may comprise a storage partition. The circuitry may be configured to authorize access to the storage partition to a digital device when the detachable storage device is coupled to the digital device based, at least in part, on a user code. The user interface may be configured to receive the user code while the detachable storage device is within a detached state and provide the user code to the circuitry to allow access to the storage partition.

Abstract: An access instruction portion that sends an access instruction to the storage apparatus in response to being accessed from the terminal; and an access management portion that sends a confirmation notification to the access instruction portion in response to receiving the access instruction, wherein the access instruction portion comprises: an access instruction distinction step of determining whether or not the sender of the access instruction related to that confirmation notification is the access instruction portion; and an unauthorized access instruction detection portion that determines, on the basis of determination result made by the access instruction distinction portion, the access instruction received by the access management portion from a sender other than the access instruction portion as an unauthorized access instruction.

Abstract: A system and method for controlling a memory card are provided. The system may include a memory card and a host. The memory card may have a plurality of data transceiving channels, and the host may selectively activate the data transceiving channels in the memory card and transmit a plurality of commands to the activated data transceiving channels.

Abstract: A facility for securing text captured from a rendered document is described. The facility receives data including an encryption of text captured from a rendered document. The facility decrypts the captured text included in the received data.

Abstract: In one embodiment, a method for information management comprises monitoring output from an application, wherein the output is monitored substantially continuously; determining if the output is associated with a predetermined type of version; and saving data associated with the output if the output is associated with the predetermined type of version.

Abstract: A method for preventing a user from interpreting optional stored data information even when the user extracts the optional stored data, and an apparatus thereof. The apparatus for encrypting and processing data in a flash translation layer includes a flash memory and a controller. The flash translation layer searches at least one page of the flash memory storing the data when a write of optional data is requested from the controller, generates, corresponding to respective searched pages, a page key according to a predetermined encrypting function when the searched page supports an encryption, and encrypts and stores the data by the page key in the respective searched pages.

Abstract: To provide a move function that can restore copy-once contents even if the contents are failed to be moved midway, an information storage device 10 comprises data moving unit 14 for making program data 12 stored on a first storage medium 11 unreproducible and for moving the program data 12 to a second storage medium 13, abnormality detecting unit 15 for monitoring an abnormal termination of the data moving unit 14, storage medium verifying unit 16 for verifying whether or not the second storage medium 13 is the same as the second storage medium 13 used when the abnormality detecting unit 15 detects the abnormal termination of the data moving unit 14, medium initializing unit 17 for initializing the second storage medium 13, and reactivating unit 18 for making the program data 12, which is made unreproducible by the data moving unit 14, reproducible.

Abstract: A method and apparatus for embedded memory security is disclosed. One embodiment protects data in a memory block from unauthorized reading. When writing or reading data to or from the memory block an error correction code is used to calculate an ECC value, wherein the calculation of the ECC value is based on a combination of the data and a access identifier provided to the memory block prior to reading. The access identifier identifies the requesting program. A read error is signalled in case the calculated ECC value does not match a stored value thus indicating an access violation.

Abstract: A computing device and method for managing security of a memory or storage device without the need for administer privileges. To access the secure memory, a host provides a data block containing a control command and authentication data to the memory device. The memory device includes a controller for controlling access to a secure memory in the memory device. The memory device identifies the control command in the data block, authenticates the control command based on the authentication data, and executes the control command to allow the host device to access the secure memory.

Abstract: A method for storing data in which the data to be stored is divided into a plurality of source blocks, each source block subjected to steps including defining a block key for the source block based on a random function, encrypting the source block by utilizing the defined block key, selecting at least one first storage location and one second storage location from a plurality of different available storage locations, storing control data that includes information on the defined block key at the first selected storage location, and storing encrypted data that includes information on the encrypted source block at the second selected storage location.

Abstract: A fixed disc drive includes a built-in user level security system. The system includes instructions that create an user interface upon a computer allowing interaction with security features of the drive without relying upon BIOS compatibility. In a specific embodiment, the user level security interface is provided by the disc drive during the system boot sequence. A method of disc drive security includes receiving a request from a computer to provide an operating system, and responsively providing user level security interface instructions. The user level security instructions are then executed by the computer to generate a user level security interface. If the drive is in a locked state, the interface requires an user to provide an acceptable password otherwise access to data on the drive is forbidden or otherwise restricted.