Abstract: A computing device arranged to control access by application threads to a number of data portions stored in memory on the computing device. Each thread includes a handle for each data portion for which it is arranged to access or manipulate. When an application thread includes instructions to manipulate a data portion, it calls a function. The system copies the data portion to a new memory location and applies the function which has been called to the data portion copy.

Abstract: Systems, methods, apparatus and software can utilize storage resource locks to prevent modification (including relocation) of data in the storage resource while a third-party copy operation directed at the storage resource is occurring. A data transport mechanism such as a data restore application requests that a relevant portion of the storage resource be locked. Once locked, the data transport mechanism requests a data mover to perform a third-party copy operation whereby data is moved from a data source to the locked portion of the storage resource. When the third party-copy operation is complete, the data transport mechanism requests release of the lock on the portion of the storage resource.

Abstract: A data storage system for use with a plurality of tape cartridges is provided. Each tape cartridge includes a length of tape media and an amount of flash memory. The data storage system includes a tape cartridge library having a plurality of storage cells. Each storage cell is configured to store a tape cartridge. The tape cartridge library further includes a plurality of tape drives. Each tape drive is configured to access a tape cartridge when the tape cartridge is received in the tape drive. The system further includes a robotic tape mover and a flash memory access mechanism. The robotic tape mover moves tape cartridges between the plurality of storage cells and the plurality of tape drives. The flash memory access mechanism is configured in the tape cartridge library to access the flash memory of a tape cartridge when the tape cartridge is in the tape cartridge library.

Abstract: This invention relates to a method permanently write protecting a portion of a memory card. According to the invention a bit indicating permanent write protection or permanent write protection of a portion of the memory card is set in the specific data register of the memory card to indicate that all the write protect groups protected with write protecting command are permanently write protected. In another embodiments of the invention special commands are used to control the write protection of the portion of the memory card. This invention also relates to a partially permanently write protected memory card. The invention further relates to an electronic device, a software, a system and a module utilizing the method of the invention.

Abstract: A memory device and method for adaptive protection of content are disclosed. In one embodiment, a memory device is provided comprising a memory operative to store content and a controller in communication with the memory. The controller is operative to generate a content protection algorithm that is different from at least one content protection algorithm previously generated by the controller, protect the content in accordance with the content protection algorithm, generate virtual machine code containing instructions on how to unprotect the protected content, and provide the protected content and the virtual machine code to a host in communication with the memory device.

Abstract: A memory mapping system is connectable to a multi-processing arrangement. The multi-processing arrangement includes a first processing unit and a second processing unit. The memory mapping system includes a main memory to which the second processing unit does not have write access, the main memory including a first memory section and a second memory section. An associated memory is associated with the second memory section. The associated memory includes a memory section to which the second processing unit has write access. A consistency control unit can maintaining consistency between data stored in the associated memory and data stored in the second memory section.

Abstract: Apparatus and methods for improved region lock management in a storage controller. A region lock management circuit coupled with a memory is provided for integration in a storage controller. One or more I/O processor circuits of the storage controller transmit requests to the region lock management circuit to request a temporary lock for a region of storage on a volume of the storage system. The region lock management circuit determines whether the requested lock may be granted or whether it conflicts with other presently locked regions. Presently locked regions and regions to be locked are represented by region lock data structures. In one exemplary embodiment, the region lock data structures for each logical volume may be stored as a tree data structure. A tree assist circuit may also be provided to aid the region lock management circuit in managing the region lock tree data structures.

Abstract: The system of the present invention enhances the security of settings and operations in a storage device, and copes with numerous changes of the operational status of work executed within a computer system. When it becomes necessary to issue an operating command to the storage, storage operation propriety is determined on the basis of the operational status of the work and definition of operation permission for each work operation state.

Abstract: A method for enhancing information security in a computer system includes receiving a service serial number, encoding the service serial number according to an encoding rule, to generate a first hard-disk code, storing the first hard-disk code into a hard disk of the computer system to make the hard disk to be accessed by only the computer system.

Abstract: An information processing device in which memory bands can be significantly cut. In the present device, an access determining/managing portion (105) determines whether or not write data meets access determination conditions when write-accessing a memory (104), and manages this determination result and access location data (an address in the memory (104)) during the write access as access determination results (107), and does not perform a write access if the write data does not meet the access determination conditions. On the other hand, the access determining/managing portion (105) references the access determination results (the access location data and determination result) when read-accessing the address, and if the access determination results meet the access determination conditions when read-accessing the address, the data determined by the access determining conditions is returned to the master, without read-accessing the memory (104).

Abstract: Shared storage architectures are provided. A particular shared storage architecture includes an Enterprise Service Bus (ESB) system. The ESB system includes shared storage including data and file system metadata separated from the data. The file system metadata includes location data specifying storage location information related to the data. An infrastructure function of the ESB system is provided to enable messaging between providers and consumers through the shared storage.

Abstract: A microelectronic memory may be password access protected. A controller may maintain a register with requirements for accessing particular memory locations to initiate a security protocol. A mapping may correlate which regions within a memory array are password protected. Thus, a controller can use a register and the mapping to determine whether a particular granularity of memory is password protected, what the protection is, and what protection should be implemented. As a result, in some embodiments, a programmable password protection scheme may be utilized to control a variety of different types of accesses to particular regions of a memory array.

Abstract: Devices for securing data and method of managing a one-time pad stored in nonvolatile memory of a device. In one embodiment, the device for securing data includes: (1) a nonvolatile memory, (2) a nonvolatile memory controller coupled to the nonvolatile memory and configured to cooperate with the nonvolatile memory to make a key available when a password provided to the device is valid and (3) a self-destruct circuit coupled to the nonvolatile memory and configured to corrupt at least part of the nonvolatile memory when the password is invalid.

Abstract: The external storage device has a read-only section and a read/write enabled section in a storage section. In the read-only section there is stored an antivirus software detection program adapted to detect the presence of antivirus software installed on a host computer. When the external storage device is connected to the host computer, the antivirus software detection program will be executed automatically by the host computer. When a storage section access controller provided to the external storage device receives from the antivirus software detection program a notification that the presence of antivirus software has been detected, it will allow writing to the read/write enabled section.

Abstract: Described in detail herein are systems and methods for managing connections in a data storage system. For example, the systems and methods may be used to manage connections between two or more computing devices for purposes of performing storage operations on the data of one of the computing devices. The data storage system includes at least two computing devices. A first computing device includes an unauthorized connection data structure and a connection manager component. The connection manager component receives a connection request from a second computing device. If the second computing device is not identified on the unauthorized connection data structure, the connection manager component can request that an authentication manager authenticate the second computing device and/or determine whether the second computing device is properly authorized. If so, the connection manager component can allow the second computing device to connect to the first computing device.

Abstract: A new form of software transactional memory based on maps for which data goes through three stages. Updates to shared memory are first redirected to a transaction-private map which associates each updated memory location with its transaction-private value. Maps are then added to a shared queue so that multiple versions of memory can be used concurrently by running transactions. Maps are later removed from the queue when the updates they refer to have been applied to the corresponding memory locations. This design offers a very simple semantic where starting a transaction takes a stable snapshot of all transactional objects in memory. It prevents transactions from aborting or seeing inconsistent data in case of conflict. Performance is interesting for long running transactions as no synchronization is needed between a transaction's start and commit, which can themselves be lock free.

Abstract: The aircraft includes: means for causing data of a predetermined type to be stored on board solely in one or more memories; and automatic means for acting, when a predetermined event occurs, to destroy the data stored in this way.

Abstract: A multi-processor computer system is provided for managing physical memory domains. The system includes at least one processor having an address interface for sending a memory access message, which includes an address in physical memory and a domain identification (ID). The system also includes a physical memory portioned into a plurality of domains, where each domain includes a plurality of physical addresses. A domain mapping unit (DMU) has an interface to accept the memory access message from the processor. The DMU uses the domain ID to access a permission list, cross-reference the domain ID to a domain including addresses in physical memory, and grant the processor access to the address in response to the address being located in the domain.

Abstract: A data protecting method for a memory, which comprising a volatile memory and a non-volatile memory for storing data and data protection information, comprises the following steps. Firstly, load the data protection information to the volatile memory from the non-volatile memory. Next, protect the data stored in the memory according to the data protection information stored in the volatile memory.

Abstract: A command receiver receives, from an external access requesting entity, a command with which to access data, together with an address to be accessed and IOID to identify the access requesting entity. Based on the IOID, the access decision unit determines whether or not an access is one that is to be permitted for an access requesting entity to access a region of access destination. The access decision unit determines whether access of the access requesting entity is permitted or not, for each page that serves as the basic management unit of logical address in the processor space.

Abstract: Secure erase of files and unallocated sectors on storage media such that any previous data is non-recoverable. The database contains sets of data patterns used to overwrite the data on different physical media. The software programs manage the overwriting process automatically when a file has been deleted. When de-allocated sectors in the file system are pruned from a file or escaped the file deletion process also finds them. Data will never be found on deleted sectors or on pruned sectors is overwritten.

Abstract: Methods and apparatus are provided for protecting private data on a vehicle. The method comprises receiving a first signal generated by a user of the vehicle and, in response to the first signal, deleting predetermined data stored on the vehicle to prevent the private data from being accessed.

Abstract: A communication channel has an associated channel authenticator that includes a channel identifier, a use policy identifying how an owner of the communication channel indicates the communication channel is used, and a digital signature over the channel identifier and use policy. The identifier of the communication channel and the use policy can be verified by a computing device, and a check made as to whether a current security policy of the computing device is satisfied by the use policy. An access that the computing device is allowed to have to the communication channel is determined based at least in part on both whether the current security policy is satisfied by the use policy and whether the identifier of the communication channel and the use policy are verified.

Abstract: A content-aware digital media storage device includes a host device interface for exchanging digital information with a host device, a memory array for storing digital information received from the host device via the host interface, a peripheral module configured to communicate the digital information stored in the memory array to a receiver located remote from the digital media storage device, and a controller communicatively coupled to the host device interface, the memory array and the peripheral module and configured to interpret directory information associated with the digital information stored in the memory array so as to selectively access said digital information and communicate such accessed digital information to the peripheral module for transmission to the remote receiver. Digital images stored in the memory array may be transmitted to a remote host via a wireless network access point with which the peripheral module of the storage device is associated.

Abstract: The invention is related to non-volatile storage devices. The invention proposes a non-volatile storage device comprising a storage unit, means for receiving an access change indication and means for changing access to said storage unit in response to said access change indication wherein access prior to reception of said access change indication is such that data can be stored in said storage unit and already stored data can be altered and access after said access change is such that at least some of the already stored data is unalterable but still can be read wherein access to said at least some of the already stored data is irreversible after access change in response to receiving said access change indication. This combines the advantages of permanent, forgery-proof storage with the advantages of erasable storage.

Abstract: Some embodiments comprise an apparatus for processing data, the apparatus having a second configurable processor configured to process data using second configuration data, and a configuration data re-manipulator configured to retrieve manipulated second configuration data and first data of a first processor, to re-manipulate the manipulated second configuration data depending on the first data, and to feed the re-manipulated second configuration data to the second configurable processor as the second configuration data.

Abstract: A scan image management apparatus configured to manage scan image data acquired by scanning an original document, the scan image management apparatus includes: an ID-information acquiring unit configured to acquire, with a CPU, ID information of a portable recording medium recorded in the portable recording medium; and a use-information recording unit configured to record, with the CPU, the ID information acquired by the ID-information acquiring unit and information for specifying an original document, which is a reading source of scan image data that should be recorded in the portable recording medium, which is an acquisition source of the ID information, in association with each other.

Abstract: An integrated circuit having an array of programmable processing elements and a memory interface linked by an on-chip communication network. Each processing element includes a plurality of processing cores and a local memory. The memory interface block is operably coupled to external memory and to the on-chip communication network. The memory interface supports accessing the external memory in response to messages communicated from the processing elements of the array over the on-chip communication network. A portion of the local memory for a plurality of the processing elements of the array as well as a portion of the external memory are both allocated to store data shared by a plurality of processing elements of the array during execution of programmed operations distributed thereon.

Abstract: This document describes tools capable of enabling a protection agent to determine, from memory inaccessible from an operating-system privilege mode, whether one or more resources of an operating system have been modified. In some instances, these tools may enable the protection agent to reside within a virtual machine monitor. In other instances, the tools may enable the protection agent to reside within a distinct virtual partition provided by the virtual machine monitor. By operating outside of the operating-system privilege mode, the protection agent may be less vulnerable to attacks by entities operating within the operating-system privilege mode.

Abstract: A device configuration silo is arranged to be accessed as an IEEE 1667-compatible silo which exposes interfaces to a host application to make changes to the presence of one or more other silos, as well as make changes to silo configurations on a per-silo basis for data and method sharing among silos across the ACTs on a storage device such as a transient storage device. The interfaces exposed by the device configuration silo are arranged to enable an authenticated provisioner, like administrator in a corporate network environment, to perform configuration changes to silos after the storage device is released into the field through a secure provisioning mechanism. In addition, users may make configuration changes to silos at runtime in some usage scenarios, for example to enable discrete portions of functionality on a storage device, by using a secure secondary authentication mechanism that is exposed by the device configuration silo.

Abstract: A multiple computer environment is disclosed in which an application program executes simultaneously on a plurality of computers (M1, M2, . . . Mn) interconnected by a communications network (53) and in which the local memory of each computer is maintained substantially the same by updating in due course. A lock mechanism is provided to permit exclusive access to an asset, object, or structure (ie memory location) by acquisition and release of the lock. In particular, before a new lock can be acquired by any other computer on a memory location previously locked by one computer, any re-written content(s) for the previously locked memory location are transmitted to all the other computers and their corresponding memory locations (before the in due course updating). Thus when the new lock is acquired all the corresponding memory locations of all computers have been updated.

Abstract: The buffer control device of this invention includes: a pointer holding unit which holds a virtual pointer different from a read pointer and a write pointer; an access control unit that controls an access to a ring buffer; a judging unit that judges whether or not one of the read pointer and the write pointer has reached an address substantially identical to an address indicated by the virtual pointer; and disabling unit that disables a normal access using the one of the read pointer and the write pointer, when the judging unit judges that the one of the read pointer and the write pointer has reached the address substantially identical to the address indicated by the virtual pointer, the normal access being controlled by the access control unit, wherein the access control unit further controls a reaccess to the ring buffer.

Abstract: An external storage device includes a storage device and a bridge. The storage device stores data transmitted from a computer host. The bridge includes a memory unit and a control unit. The memory unit stores a virtual device datum, and the virtual device datum includes an application program. The control unit generates a virtual storage device in the computer host according to the virtual device datum, and executes a security function of the storage device according to the application program.

Abstract: One aspect of the present invention includes an operation to efficiently erase data from a storage device with the use of a multiple-write secure erasure technique. One embodiment includes a hardware command that sends an I/O operation to the control unit to erase a set of selected tracks (“dirty tracks”) from a storage device, and replace the set of dirty tracks within the storage device with unallocated but available tracks retrieved from an available storage pool. After allocating the previously unallocated tracks to the available storage in the storage device, the operation performs the secure erasure of the dirty tracks in the background with a secure erasure algorithm. Once the secure erasure algorithm has fully erased the dirty tracks, the tracks are then added back to the available storage pool for subsequent use within the storage system.

Abstract: Methods and systems to assign an application and a video frame buffer to a protected memory domain to render an image of a keyboard from the protected memory domain to a random position of the video frame buffer and correlate user input from a pointing device to the rendered keyboard image. The keyboard image may be randomly repositioned following a user input. The keyboard image may be rendered over a secure user image. An acknowledgment image may be rendered from the protected memory domain to a random position of the video frame buffer, and may be randomly repositioned in response to a user input that does not correlate to the acknowledgment image. User inputs that do not correlate to a randomly positioned image may be counted, and one or more processes may be aborted when the number of non-correlated user inputs exceeds a threshold.

Abstract: Embodiments of the present disclosure provide methods, apparatuses, articles, and removable storage devices for pre-boot recovery of a locked computer system. Other embodiments may also be described and claimed.

Abstract: In a signal processor including storage sections, a start address for starting output of data from an external memory, is input from an external controller to the start address input section. The signal output section outputs a start signal based on a download start instruction from the external controller, and outputs an end signal when download is completed. The output instruction section outputs, based on the start signal, to the external memory a data output instruction of download data for a designated storage section, starting from the start address, and stops output of the data output instruction based on the end signal. The write instruction section outputs a write instruction to the storage sections that allows data writing only to the designated storage section, and the download data is written to the designated storage section when the start signal is input to the output instruction section.

Abstract: A device, method, and system are disclosed. In one embodiment the device includes logic to handle and protect data. Specifically, the device includes logic to segment data that can receive a data object that needs to be stored. The logic within the device can segment the data object into a plurality of data segments. A segmented portion of the data object is an incomprehensible portion the data object when viewed in the segmented format. The device can then send each of the data segments to a several different storage locations.

Abstract: The embodiments described herein generally use a challenge to protect a removable mobile flash memory storage device, where the challenge may be in the form of a “Completely Automated Public Turing Test to Tell Computers and Humans Apart” (“CAPTCHA”). In one embodiment, a method is provided in which a removable mobile flash memory storage device receives a command from a host device, generates a CAPTCHA challenge, provides the CAPTCHA challenge to the host device, receives a response to the CAPTCHA challenge from the host device, determines if the response satisfies the CAPTCHA challenge, and performs the command only if the response satisfies the CAPTCHA challenge. In another embodiment, a removable mobile flash memory storage device is provided for performing these acts.

Abstract: Techniques are described for securing data on data cartridges, such as a Linear Tape-Open (LTO) data cartridge. The techniques include modifying a portion of a cartridge memory (CM) chip of the cartridge in a way that a cartridge drive will be unable to access the data cartridge and to prevent modification of the CM chip by the cartridge drive. In one embodiment, a system includes a data cartridge including a CM chip, a chip reader to read data from and write data to the CM chip, and a computing device to control the chip reader. The computing device causes the chip reader to read data from the cartridge memory chip of the data cartridge and to modify a portion of memory of the chip to prevent unauthorized reads and writes to the data cartridge, without rendering the modification irreversible.

Abstract: A cellular phone. The cellular phone comprises a connector, a first memory module, a second memory module, and a controller. The connector is used for physically connecting the cellular phone to an external device. The first memory module stores phone data. The second memory module stores application data received from the external device. The controller determines whether the connector is connected to the external device. If the connector is not connected to the external device, access right of both the first and second memory modules is granted exclusively to the cellular phone. If the connector is connected to the external device, access right of the first memory is granted exclusively to the cellular phone, and access right of the second memory module is granted exclusively to the external device.

Abstract: A system and method to securing a computer system from software viruses and other malicious code by intercepting attempts by the malicious code to write data to a storage medium. The invention intercepts the write access requests made by programs and verifies that the program is authorized to write before letting the write proceed. Authorization is determined by using the identity of the program as a query element into a database where permission values are stored. Depending on the presence or value of the permission value, write access is permitted or denied. Permission values can be set by the user, downloaded from a central server, or loaded into the central server by a group of users in order to collectively determine a permission value. The interception code can operate in kernel mode.

Abstract: A method for utilizing a secure memory in an electronic device for launching/running an application may include copying at least a portion of the application into the secure memory of the electronic device, and permanently storing the at least one portion of the application in the secure memory. The permanent storage of the at least one portion of the application in the secure memory obviates the need re-copy the application to the secure memory if/when the application is subsequently executed by the electronic device.

Abstract: While a semiconductor memory operates in a first operation mode with high security, an encrypted command is inputted and then decoded to acquire the first address information. After the semiconductor memory comes into a second operation mode where the level of security is lower than that of the first operation mode, a command is inputted. Then, the second address information is acquired from the command. A control circuit in the semiconductor memory generates an address of 10 bits by using the first address information as a high-order 4 bits and the second address information as a low-order 6 bits and outputs the address to a memory array. With this operation, it becomes possible to read/write data from/to the memory array.

Abstract: A system and method of securing a computer system by controlling write access to a storage medium by monitoring an application; detecting an attempt by the application to write data to said storage medium; interrogating a rules database in response to said detection; and permitting or denying write access to the storage medium by the application in dependence on said interrogation, where the interrogation requests are queued in order manage multiple applications running on the same system. The system can further monitor the activity of unknown processes and continually match the sequence of activity against known malware activity sequences. In the case of a match, the user is warned or the process is blocked.

Abstract: A microcontroller comprises a microprocessor (1), a test interface (4) and an internal non-erasable memory (2). First control means (6) are provided which are able to activate and deactivate the test interface (4), and second control means (7) are provided which are able to activate and deactivate the internal non-erasable memory (2). The microprocessor (1) of the microcontroller comprises control outputs (101) which are connected with the first and second control means (6, 7). With appropriate timing of activation and deactivation of the test interface (4) and the internal non-erasable memory (2), the microcontroller offers the possibility of preventing an unauthorized access to contents of the internal non-erasable memory (2) without limiting the usability of the test interface (4) for the development of application programs.

Abstract: A method for protecting memory data is provided, by extracting bad block addresses stored in the bad block information obtained during the memory scanning testing as memory label, and using an algorithm to compute an identification based on the memory label so that the memory will check the identification and whether the blocks pointed by memory label being bad blocks when an external device request data reading so as to prevent the unauthorized data from being read and achieve the object of protecting memory data.

Abstract: In a memory controller according to the present invention, an external I/F unit receives ID information associated with data from the outside of a non-volatile memory, and a recording controller manages a recording position of the data in the non-volatile memory based on the ID information, so that an amount of time necessary for the retrieval of rights information based on the ID information is reduced.

Abstract: In one embodiment, a non-volatile memory device includes a plurality of protection bits denoting that an area of memory in the device must be protected from being erased or programmed. The memory device further includes a majority logic circuit for determining the logic state of the majority of the plurality of protection bits. Another embodiment includes a pattern generator for generating the logic levels to be stored in the plurality of protection bits.

Abstract: Secure boot ROM emulation with locking storage device. A locking storage device is provided by combining a nonvolatile memory device such as flash or EEPROM with one-shot locking logic which write enables at least a portion of the nonvolatile memory device upon power cycling of the overall digital device. This write enable is cleared during the stage 1 bootloader process, thus providing a protected update interval for updating a stage 2 bootloader once per power cycle.