Abstract: Versatility of a memory card is improved by providing a memory card where data protection mode and normal mode can be selected at discretion. A portable auxiliary storage device includes a mode setting section, a mode detecting section and a memory access control section. The mode setting section allows a user to set a normal mode permitting reading data stored in a memory section or writing the data to the memory section without restriction and a data protection mode for restricting the reading or writing. The mode detecting section detects a mode set in the mode setting section. The memory access control section controls the read or write according to a state of the mode setting section detected by the mode detecting section.

Abstract: This present disclosure combines a data storage drive, such as flash-based USB drive or a SSD drive with redundant, multiple levels of security protection. In an embodiment, the security protection includes password protection, fingerprint recognition, and real-time data encryption. The biometric sensors may be integrated into the storage device without substantially adding weight and size. Further, the secured device may have a built-in internal power source to self-sustain the protection without having to connect to a host device or an external power source. Thus, it is possible to remotely track the location of the secured device and disable or enable the security protection or manage the security setups.

Abstract: An apparatus comprising: a memory having at least two sections; a security element associated with at least one of said at least two sections; and a processor for controlling access to at least one of the at least two sections of the memory in dependence on a value of the security element. The apparatus may be an integrated circuit and the memory may be a read-only-memory storing generic code in one of the sections and code specific to a mobile communication device provider in the second section. The security element may be a permanently programmed memory element programmed by the IC manufacturer.

Abstract: A method for providing solidified software in a computing environment includes creating a new reference for a function in a function table; copying an address of the function and associating the address with the new reference; replacing the address associated with an old reference of the function with a dummy address; and substituting each old reference in normal code with the new reference, where injected code is not able to execute in the computing environment. The function table entries can be further randomized by reordering the entries, introducing intermediate mappings, or providing non-operative entries. Alternatively, all or part of the code of the function can be copied and moved to a different storage location and associated with the new reference. The copied code can be further randomized by the insertion of dummy code, utilizing reverse peephole techniques, varying the size of the copied portion, or interleaving non-operative code.

Abstract: The aim of the invention is to provide a means of encrypting company-related data which also ensures that the data can be reproduced if the key is lost. To this end, the invention provides a method or an information processing system in which a key for a symmetrical encryption method is allocated to a user (4) for encrypting the data. Allocation information associating the key with the predetermined data to be encrypted and/or the user (4) is stored and can only be accessed by an authorised third party. If necessary, the key used for the particular data can be determined and the encrypted data reproduced, i.e. rendered readable, by this authorized third party. The allocation information, associating a particular key with an element identifying the predetermined data or a user identifier, can be stored in the information processing system in a predetermined manner or be created following a request for the allocation of a key.

Abstract: Approaches for secure configuration of a programmable logic integrated circuit (IC). In one approach, a method includes programming configuration memory of the programmable logic IC with a first configuration bitstream. At least a portion of a second configuration bitstream is encrypted using values stored in a portion of the configuration memory as a key. The second configuration bitstream is input to the programmable logic IC, and the encrypted portion of the second configuration bitstream is decrypted using the values stored in the portion of the configuration memory. The configuration memory is then programmed with each decrypted portion of the second bitstream.

Abstract: Systems and methods for managing storage devices are provided. The system includes a storage device having at least one hidden area. The hidden area is created using initialization firmware, and the hidden area is allowed to be accessed by using a library. A password authentication mechanism is applied to the hidden area of the storage device. When an input password received via a specific application conforms to a predefined password of the hidden area, the hidden area is allowed to be accessed by using the library. Since the storage device may have a plurality of hidden areas, and each hidden area may have a respective password, the respective hidden areas can be independently and securely managed.

Abstract: Access control to shared virtual address space within a single logical partition is provided. The access control includes: associating, by a hypervisor of the data processing system, a memory protection key with a portion of a single logical partition's virtual address space being shared by multiple entities, the key preventing access by one of the multiple entities to that portion of the virtual address space, and allowing access by another of the entities to that portion of the virtual address space; and locking by the hypervisor the memory protection key from modification by the one entity, wherein the locking prevents the one entity from modifying the key and thereby gaining access to the portion of the single logical partition's virtual address space with the associated memory protection key. In one embodiment, the one entity is the single logical partition itself, and the another entity is a partition adjunct.

Abstract: A disk control unit of a storage system stores identifies of initiators that are capable of communications with storage devices and information of the storage devices correlated with the initiators. When an initiator performs a discovery processing, the disk control unit judges based on the information correlated with the initiator whether or not the initiator accessing to a storage device is illegal, and denies the access if illegal.

Abstract: A method to qualify access to a block storage device via augmentation of the device's controller and firmware flow. The method employs one or more block exclusion vectors (BEVs) that include attributes specifying allowed access operations for corresponding block address ranges. Logic in accordance with the BEVs is programmed into the controller for the block storage device, such as a disk drive controller for a disk drive. In response to an access request, a block address range corresponding to the storage block(s) requested to be accessed is determined. Based on the BEV entries, a determination is made to whether the determined logical block address range is covered by a corresponding BEV entry. If so, the attributes of the BEV are used to determine whether the access operation is allowed. The method may be used to secure access to firmware stored on a disk drive, thus enabling a system configuration that does not require a conventional firmware storage device.

Abstract: In the computer system including at least one host computer, and at least one storage system, the storage system includes a physical disk and a disk controller, and provides the host computer with a storage area of the physical disk as at least one logical unit, and the host computer includes at least one application program accessing the logical unit, and a storage area access control unit for, before the application program makes access to the logical unit, transmitting authentication information guaranteeing the application program as a source of the access to the storage system.

Abstract: In an embodiment, a secure module is provided that provides access keys to an unsecured system. In an embodiment, the secure module may generate passcodes and supply the passcodes to the unsecured system. In an embodiment, the access keys are sent to the unsecured system after receiving the passcode from the unsecured system. In an embodiment, after authenticating the passcode, the secure module does not store the passcode in its memory. In an embodiment, the unsecured module requires the access key to execute a set of instructions or another entity. In an embodiment, the unsecured system does not store access keys. In an embodiment, the unsecured system erases the access key once the unsecured system no longer requires the access key. In an embodiment, the unsecured system receives a new passcode to replace the stored passcode after using the stored passcode. Each of these embodiments may be used separately.

Abstract: Systems and/or methods that facilitate controlling access to memory regions in a memory component(s) are presented. A memory component can comprise an access management component that can facilitate controlling access to memory regions that can be respectively associated with authentication credentials. The access control component can facilitate access of a memory region when received authentication information matches authentication information contained in a security record associated with the memory region. The access management component can facilitate a wipe erase of a memory region(s) to facilitate secure removal of information from the memory region when predetermined criteria is satisfied. The access management component can facilitate locking a memory region when a maximum number of attempts to access a memory region are unsuccessful to facilitate security of the memory regions and/or data associated therewith, where a locked memory region remains locked until a reset is performed.

Abstract: A software installation system comprises an interface component that receives a request to access data resident upon a flash memory card. An installation component compares a unique identifier associated with the data with a unique identifier embedded within the flash memory card, and the installation component determines whether to allow access to the data based at least in part upon the comparison. The installation component prohibits access to the data if the unique identifier associated with the data does not match the unique identifier embedded within the flash memory card.

Abstract: A method of controlling copying of an information signal, comprises the steps of: prior to recordal and/or transmission, applying to the information signal a substantially imperceptible modification representing copy control data including a password securely encoded according to a predetermined algorithm; upon reproduction for copying by a user, deriving (S1, S3) the copy control data from the modified information signal; comparing (S8, S9, S11, S13, S15) the derived securely encoded password with a reference password securely encoded according to a predetermined algorithm; and enabling (S5) copying of the information signal if the securely encoded password derived from the information signal and the securely encoded reference password have a predetermined relationship, otherwise disabling copying (S7). The reference password is sent to the user via a channel which is separate from a channel used to send the information signal to the user.

Abstract: One embodiment includes a memory unit for use in connection with a plurality of fluid sample test elements, wherein the memory unit comprises a plurality of memory portions. In one aspect of the embodiment, the memory unit comprises at least one memory portion configured to communicate calibration and expiration information relating to a lot of test elements, to a meter operably connectable with such test elements, and at least one other memory portion configured for storage and communication of data, such as measurement results, relating to the use of the test elements in analyzing a fluid sample. Further embodiments include apparatuses, systems, methods, kits and combinations of test elements and memory units.

Abstract: A device and method is provided for maintaining, upon unlocking of a memory, the lock status of the memory prior to the memory being unlocked and recreating the lock status when power is turned on again. An information storage device, such as a memory card, performs unlocking of a memory in response to a command input from an information processing apparatus and stores lock status data prior to the memory being unlocked in a non-volatile memory (NVM). When the information storage device is turned off and then on, the information storage device recreates a lock status of the memory on the basis of the lock status data stored in the storage means and performs memory access control based on the recreated lock status.

Abstract: A write-protection module for a storage device and the method thereof are disclosed. The write-protection module includes a power supply circuit, a fingerprint sensor, a database, and a microprocessor. The microprocessor for receiving the working power produced by the power supply circuit to maintain operation is respectively coupled to the power supply circuit, the fingerprint sensor, and the database. The fingerprint sensor receives the fingerprint input of a user, and the microprocessor receives the output signal of the fingerprint sensor and converts the output signal into an input cryptograph. Finally, the microprocessor compares the input cryptograph with a predetermined cryptograph stored in the database to produce a comparison information, and determines whether or not the user may access data.

Abstract: A method, in one embodiment, can include a server receiving a message to deactivate a partition key of an object based storage system. A token of the object based storage system is signed by the partition key. The object based storage system includes the server. Additionally, after receiving the message, the server can deactivate the partition key to block access to a partition of the object based storage system by a client. The server includes the partition.

Abstract: There is provided an image processing apparatus which is capable of maintaining high data security and provide high convenience and high security. When a print request is transmitted from a client PC to a printer in a security print mode, a main CPU of the printer determines whether or not print data received from the client PC is for printing in the security print mode. If the print data received from the client PC is determined to be for printing in the security print mode, the main CPU causes all of the print data and temporary data to be erased from the hard disk.

Abstract: The disclosed embodiments relate to a security module and a method of operating a security module. The method may comprise the acts of detecting a second security module, determining whether a key associated with the second security module is available to the first security module, and obtaining the key associated with the second security module if the key associated with the second security module is not available to the first security module. The security module may comprise a detector that is adapted to detect another security module and determine whether one of a plurality of keys is associated with the other security module, and a device that obtains at least one key associated with the other security module if the one of the plurality of keys is not associated with the other security module.

Abstract: I/O blocks include input, output, and output enable circuits for interfacing with memory devices. The input circuit includes registers for capturing a double data rate signal, converting it into single data rate signals, and resynchronizing the single data rate signals. Multiple devices may be accessible with each device potentially having a different clock signal for resynchronizing. Another clock signal may be used to align/synchronize resulting signals from multiple devices. The resynchronized single rate signals can be converted into half-rate data signals, and the four half-rate data signals can be provided to resources in the programmable device core. The input circuit also may provide a half-rate clock signal synchronized with the half-rate data signals to the programmable device core. The half rate clock signal can be derived from the full-rate clock signal using a data strobe signal, a full-rate clock signal, or a half-rate clock signal as an input.

Abstract: A method, system, and computer instructions for changing the lock-bits combination used to lock a resource upon receiving a system reset exception. The present invention forces the software to use different lock-bits combinations based on the number of occurrences of system reset exceptions. When a system reset exception is received, a system reset exception bit value in a special purpose register is updated based on the history of system reset exception occurrences. Based on the updated value in the system reset exception bit, the lock-bits combination for locking a resource is changed to allow the data processing system to reuse the resource with bad lock-bits. In this manner, the deadlocked resource is resolved, and a processor is not able to obtain an indefinitely held lock on system resources caused by system reset exceptions.

Abstract: The present invention discloses systems and methods for communicating with a storage device configured to store signed program files, the method including the steps of: generating, by a program process, a respective command number associated with a process command; issuing, by the program process, the process command with the respective command number to the storage device; and according to the respective command number, verifying, by the storage device, whether the process command originated from a trusted program process launched from the program files stored in the storage device. Preferably, the step of verifying includes: generating, by the storage device, a respective initial command number associated with a requested program file; and attaching, by the storage device, the respective initial command number to a copy of the requested program file.

Abstract: A method and apparatus for processing a write request at a storage device is provided. A write request that identifies a sender of the write request is received at a storage device. The write request is examined to determine the identity of the sender. A determination is made as to whether, within a hierarchical relationship, the sender is subordinate to any entity that has been designated as being unable to perform write requests at the storage device. Upon determining that (a) the sender is not subordinate to any entity that has been designated as being unable to perform write requests at the storage device, and (b) the sender has not been designated as being unable to perform write requests at the storage device, the sender is allowed to write to the storage device. Thereafter, the write request from the sender may be performed at the storage device.

Abstract: A semiconductor integrated circuit includes an encryption unit for generating encrypted data by encrypting data to be stored in an external memory disposed outside the semiconductor integrated circuit, a write unit for writing the encrypted data into the external memory, a reading unit for reading out the encrypted data from the external memory, and a decryption unit for decrypting the readout encrypted data.

Abstract: Techniques are presented for synchronizing and archive-versioning encrypted files. Blocks of encrypted data are managed and metadata is maintained for the blocks. The metadata identifies a maximum number of blocks and an index or parameter string. The string includes transaction identifiers and relative block numbers. The metadata is used as parameter information to a hash algorithm along with a hash key to acquire a unique initialization vector for each block. Each initialization vector when supplied to a cipher service along with a particular block of data produces an encrypted version of the data supplied or supplies a decrypted version of the data supplied. The techniques are also applied to files being archived and versioned from a storage volume.

Abstract: A memory management unit manages a memory that stores a code, and sets that the memory that stores the code to be executed is valid to make a processor execute the code stores a verification key used to verify a validity of the code in a verification-key storing unit. When the code is stored in the memory and ready to be executed by the processor, the memory management unit verifies the validity of the code using the verification key stored in the verification-key storing unit and verification information assigned to the code. The memory management unit controls to set that the memory is valid when the validity is verified by the verifying unit, and not to set that the memory is valid when the validity is not verified by the verifying unit.

Abstract: A circuitry access system for controlling access to addressable circuit elements of an integrated circuit. The circuitry access system includes a first storage element having a first listing of unique identifiers each identifier representing one of the addressable circuit elements. A selector distinguishes a first subset of unique identifiers from the first listing. A second storage element receives and stores the first subset in an arrangement that does not include an indication of the absence of any unique identifier of the first listing that is not included in the first subset. An output of second storage element allows a user of the integrated circuit to access one or more of the addressable circuit elements corresponding to the first subset of unique identifiers. A method of controlling access to addressable circuit elements is also provided.

Abstract: A system is communicably coupled to an external device at least when rewriting, at least in a module, a first application program stored in a first memory of the system into a second application program stored in the external device. In the system, a receiving unit is configured to receive an identifier sent from the external device. The identifier decides a sending timing of the second application program from the external device. In the system, an identification unit is configured to identify that write target data sent from the external device is at least a module of the second application program after the identifier is received by the receiving unit.

Abstract: A microcontroller system, such as a system-on-a-chip integrated circuit, including a processor (e.g., a Von Neumann processor), memory, and a memory protection unit (MPU), where the MPU provides execute-only access rights for one or more protected areas of the memory. The MPU can allow instructions fetched from within a protected area to access data in the protected area while preventing instructions fetched from outside the protected area from accessing data in the protected area.

Abstract: To provide a memory device and a password storing method thereof, according to which an improved security function is realized by resourcefully designing the storage position and/or storing order of password data stored in the memory device to prevent unauthorized password acquisition. The memory device makes a determination of whether or not rewriting and/or reading of data is permitted by verification of a password, the memory device comprising a plurality of partial memory areas which store a plurality of partial bit strings that comprise a bit string of the password, and wherein the plurality of partial memory areas are located apart from each other in a memory cell array.

Abstract: A computing device having controlled access and a method for controlling access there to are provided, the computing device comprising a memory device, a display device, and an input device. Data for rendering a map is retrieved from the memory device. The display device is controlled to render the map using the data. Geographic location data representative of a sequence of geographic locations selected from the map is received, via the input device. The geographic location data is converted to received password data. The received password data is compared to stored password data. If a match is found, access is granted to the computing device.

Abstract: A processing unit includes an authority check for controlling access by the processing unit to pages of memory according to whether a hardware protection key set currently loaded in an authority mask register allows access to the pages. In particular, each page of memory is assigned a page key number that indexes into the hardware protection key set. The currently loaded hardware protection key set specifies those page key numbers that are currently accessible to the processing unit for the execution context. Each hardware key within the hardware protection key set is associated with a particular data object or group of data objects. Thus, effectively, the currently loaded hardware protection key set identifies which data objects or groups of data objects are currently accessible.

Abstract: A data scrambling method for scrambling raw data from a host system is provided. The data scrambling method includes generating a random number and storing the random number into a storage unit. The data scrambling method also includes receiving a user password from the host system, generating a padded value by using a first function unit based on the random number and the user password, and generating a nonce value by using a second function unit based on the padded value and a key. The data scrambling method further includes generating scrambled data corresponding to the raw data by using a third function unit based on the nonce value and the raw data. Accordingly, the raw data of the host system can be effectively protected.

Abstract: A system and method are provided to method and system for portset data management. The system comprises a mass storage device to store a list of portset records; a network drivers layer to receive a request to add a new portset record to a list of portset records; and a portset update component to process the request. A portset may include a set of ports that provides access to logical unit numbers (LUNs). When the system receives a request to add a new portset, the portset update component may determine an available common index for the new portset record, associate the new portset record with the available common index, and update in memory representation of the list of records with the new portset record. The new portset record is then stored at a location on disk associated with the available common index for the new portset record.

Abstract: Provided are a semiconductor device and a data transmitting method thereof. The method includes transmitting data into a memory through at least one data line, scrambling the data corresponding to at least one mask data, and determining, using the at least one mask data, data integrity of the data transmitted through the at least one data line. The method may also include storing the data transmitted through the at least one data line in the memory according to a data integrity determination result.

Abstract: Provided is a data processing device that can prevent data used by a program from being used by another program in an unauthorized manner, regardless of the quality of the programs. The data processing device includes: a CPU 0201 for executing programs; and an unauthorized operation prevention circuit 0105 that prevents unauthorized accesses to data between programs. An unauthorized operation prevention control unit 0106, which operates in the protected mode and controls the circuit 0105, judges whether or not to permit a program B 0103 that runs in the normal mode to use a memory area that is used by a program A 0102 that runs in the normal mode, based on a function flag assigned to the program B 0103. If it judges to permit, the circuit 0105 is set so that the program B 0103 can use the memory area.

Abstract: An electronic device that can automatically unlock an external storage device with a password without adding a function to the external storage device is provided. An electronic device 100B has memory card connection means 108 for connecting a memory card 200 that can be locked with a password, password holding means 101 for holding card unique ID and a password, card unique ID acquisition means 104 for acquiring connection identification information indicating the card unique ID of the memory card 20 connected to the memory card connection means 108, and password deletion means 109 for deleting connection identification information and the password corresponding to the connection identification information stored in the password holding means 101 if the connection identification information is contained in the password holding means 101.

Abstract: A computing system includes: first and second I/O interfaces that are associated with a server; and an I/O management unit that connects the server with the first and second I/O interfaces. The I/O management unit includes: an I/O buffer; an I/O mapping unit that stores an access request of the server to the first I/O interface in the I/O buffer in response to a change start request of the first I/O interface associated with the server to the second I/O interface; an I/O changing unit that associates the second I/O interface with the server; and an I/O synchronizing unit that converts the access request stored in the I/O buffer into an access request to the second I/O interface, in response to the completion of the association by the I/O changing unit, and executes the converted access request.

Abstract: A storage device with an authentication feature providing enhanced convenience during locking. The device is a USB hard disk designed for connection to a personal computer, and includes a disk, an access controller, and a push-button. The access controller includes an encryption/decryption module 35; and, as functions executed by the CPU, an authentication module, an authenticated status holding module, and a decryption restricting module. When the push-button is depressed (S210: YES), the access controller resets itself (Step S220). When the access controller is reset, the startup control routine is executed again, and the access controller enters the locked state requiring password authentication by an operator.

Abstract: An access control method of a semiconductor device includes providing an inputted password as an input of a hash operator; performing a hash operation in the hash operator and outputting a first hash value; controlling the hash operator so that the hash operation is repeatedly performed in the hash operator by providing the first hash value as an input of the hash operator when the first hash value and a second hash value stored in a nonvolatile memory do not coincide; and setting an access level with respect to the inner circuit according to the repetition number of times of the hash operation of the hash operator when the first and second hash values coincide.

Abstract: The present invention relates to an application of the Universal Serial Bus (USB) technology, and more particularly, to a USB apparatus with data storage and security token and control method therein. In an embodiment of the present invention, both mass storage and security token are implemented in a USB apparatus with a single controller. Thus, the host needs to enumerate the apparatus only once, and then may operate differentially in response to different commands. The mass storage is capable of swapping a mass of data, and has a file allocation table compatible with the system. The security token can be used for authenticating a person through digital certificates or biometric characteristics, maintaining the security of the computer and network applications.

Abstract: A solid state drive (SSD) device is provided. The SSD device includes: a first memory device storing data; a memory controller, connected to a host, and controlling the memory device; and a security device encoding and storing the data using a key and decoding the stored data using the key, wherein the security device stores the key and is detachable from the memory controller.

Abstract: A controller unit for the storage apparatus executes the following: giving each data block, which is a data constituent unit, an identification number indicating that the relevant data has been sent from a host computer in response to an arbitrary write request from the host computer; storing, in a memory unit, a storage location in a hard disk drive unit to store the data, as well as the identification number, as an expected value, for the data to be stored in the hard disk drive unit; and in response to a read request from the host computer, comparing the identification number given to each data block, the constituent unit of the data read from the hard disk drive unit, with the expected value of the read data, thereby verifying that the read data is the data written to the hard disk drive in response to the arbitrary write request.

Abstract: A logically-partitioned computer system provides support for multiple logical partitions to access a single file system, thereby allowing the logical partitions to share a file without the overhead of communicating over a VLAN. An area of shared memory is defined that multiple logical partitions may access. One or more file control blocks that control access to the files in the file system are then created in the shared memory. Existing mechanisms for locking a file system between processes may then be used across logical partitions to serialize access to the file system by all processes in all logical partitions that share the file system. In this manner the sharing of files in a file system is enabled by leveraging existing technology that is used within a single logical partition to extend across multiple logical partitions.

Abstract: Systems and methods authenticate storage devices. In one implementation, a computer-implemented method is provided for authenticating a storage device. According to the method, a manifest that identifies a destination is receive. A transfer station reads a digital signature from the storage device. The digital signature is validated and, based on the validation of the digital signature, a transfer of one or more files from the storage device via the transfer station is authorized to the destination identified in the manifest.

Abstract: A design structure for a circuitry access system for controlling access to addressable circuit elements of an integrated circuit. The circuitry access system includes a first storage element having a first listing of unique identifiers each identifier representing one of the addressable circuit elements. A selector distinguishes a first subset of unique identifiers from the first listing. A second storage element receives and stores the first subset in an arrangement that does not include an indication of the absence of any unique identifier of the first listing that is not included in the first subset. An output of second storage element allows a user of the integrated circuit to access one or more of the addressable circuit elements corresponding to the first subset of unique identifiers.

Abstract: Systems, methods, apparatus and software can utilize storage resource locks to prevent modification (including relocation) of data in the storage resource while a third-party copy operation directed at the storage resource is occurring. A data transport mechanism such as a data restore application requests that a relevant portion of the storage resource be locked. Once locked, the data transport mechanism requests a data mover to perform a third-party copy operation whereby data is moved from a data source to the locked portion of the storage resource. When the third party-copy operation is complete, the data transport mechanism requests release of the lock on the portion of the storage resource.

Abstract: In a memory system using a removable recording medium and data stored in the recording medium, identifying information for identifying each recording medium from others is held in the recording medium, and when data stored in the recording medium is used, the identifying information of the recording medium is required. As a result, when a flash memory card, etc. is used, a copyright is reliably protected.