Abstract: A software protection method to protect the software in a host against an unauthorized usage of a memory unit used in software is provided. The software protection method comprises the steps of: starting the operation of the software; declaring the memory unit such that the software takes the control right of the memory unit; generating a status tag of the memory unit; setting the status tag as an initializing status to initialize the memory unit; setting the status tag as an access status to access the memory unit; and setting the status tag as a delete status to forgo the control right of the memory unit.

Abstract: Memory parameters are controlled. A power source capacity estimate is determined. Based on the power source capacity estimate, an amount of cache to enable is determined and is enabled.

Abstract: A memory device and an arrangement are provided for safeguarding safety-critical program parts against inadvertent execution. At least one program part is executed in a predetermined chronological sequence. At a certain time in the execution, a pattern is generated. At least at one later time, a check is then performed to determine whether the pattern is present. If the pattern is not present, the execution of the respective program part is terminated.

Abstract: Provided is a nonvolatile memory system which can be used for a boot program storage and easily controlled by a host device. At the time of reading a boot code 201 from a flash memory 200, a memory controller 100 executes a first operation mode based on an instruction from a host device 300, and specifies a physical address of the flash memory 200 so that the boot code 201 is read from a specific area of the flash memory 200.

Abstract: User data is stored in at least one record in at least one predefined, logic data storage area. One respective record ID is assigned to the at least one record. The record ID includes a uniqueness stamp that is unique in the respective predefined data storage area, a unique ID of the predefined data storage area in which the respective record is stored, and a logic position of the respective record within the respective predefined data storage area. A record test value is determined and stored for the user data and the respective associated record ID of the respective record. Data storage area information containing the ID of the respective predefined data storage area and data on at least one value range of the uniqueness stamps of the records currently stored in the respective predefined data storage area is assigned to the respective predefined data storage area.

Abstract: A data storage device provides information to an application while protecting the information from being copied. Particularly, the data storage device may include a detector to detect an access to an indicator. The indictor may be integrated with the information in such a way that a copy application will access the indicator when copying the information but another application using the information (e.g. a database application) will not access the indicator. The data storage device may further be configured to undertake a defensive response when access to the indicator is detected. Defensive responses may include terminating the access, issuing a report, or sending spurious data to the host. The configuration of the indicator and timing of the response may be chosen to impede separation of the indicator from the data.

Abstract: A method for reading data from a data storage system is provided. The method comprises requesting a virtual data volume to access data from one or more data blocks in the data storage system; requesting a virtual protection information volume to access protection information associated with the data blocks; validating the data using the protection information; and providing the data to the host interface, in response to successful validation of the data. A method for writing data to a data storage system is also provided. The method comprises receiving data to be written to one or more data blocks in the data storage system, wherein the data is stored in a cache; generating protection information to be stored on a virtual protection information volume; requesting a virtual data volume to update the data blocks with the data; and requesting the virtual protection information volume to store the protection information.

Abstract: The present invention includes means for processing received data, storage means for storing the data, means for performing an invalidation process on the data stored in the storage means, and means for storing history information about the history of the invalidation process performed.

Abstract: A disk array apparatus capable of effecting saving and operation of data through a simple construction. When a host computer sets “write inhibit” or “read/write inhibit” for an LDEV which is set on a first storage device, this setting is registered in an access attribute management table and is also reflected onto a migration management table. A migration control program moves the LDEV for which access limitation has been set to a lower-speed (lower-performance) second storage device or to an external storage device. When the access limitation is released, the moved LDEV is restored to the first storage device from the storage device to which the LDEV has been moved. By performing migration control in interlocking relation to control of access attributes, it is possible to obtain a simple data saving function and data management function.

Abstract: An external storage device accessible to a host is proposed. The external storage device includes a memory device and a processing unit. The memory device includes a protected area for storing an authentication application, a public area for storing an unlock application, and a reserved area for storing authentication information. The processing unit is used for performing an identification request from the authentication application. When the authentication information is confirmed, the host is allowed to access the protected area of the external storage device, accordingly.

Abstract: A mobile device, e.g. portable computer, location tracking and data backup-and-wipe system and method enable a lost or stolen device to be recovered by reporting to its rightful owner and optionally to others its approximate location via triangulation and the use of location service providers. Social network members may be made aware automatically of the location of a reported lost or stolen device and can assist the rightful owner in recovering it based upon their identification of the user of the device, whether by the location coordinates or by viewing a photographic image taken by the computer. Alternatively, in governmental and/or institutional settings having privacy concerns, no photographic images are sent to a public website. Instead, they are sent to a proprietary employer server and maintained behind an institutional firewall.

Abstract: The present invention relates to a microcontroller designed for protection of intellectual digital content. The microcontroller includes a secure CPU, a real-time cipher, and a user programmable multi-layer access control system for internal memory realized by programmable nonvolatile memory. Programmable nonvolatile memory allows in-system and in-application programming for the end user. The programmable nonvolatile memory is mainly used for program code and operating parameter storage. The multiple-layer access control is an integral part of the CPU, providing confidentiality protection to embedded digital content by controlling reading, writing, and/or execution of a code segment according to a set of user-programmed parameters. The cipher incorporates a set of cryptographic rules for data encryption and decryption with row and column manipulation for data storage. All cryptographic operations are executed in parallel with CPU run time without incurring additional latency and delay for system operation.

Abstract: Various embodiments of systems and methods of creating a memory of an HVAC device. A bootloader code is stored into a first protected memory of the HVAC device. A device designator is stored into a second protected memory of the HVAC device. A control serial number is stored into a third protected memory of the HVAC device. A control part number is stored into a fourth protected memory of the HVAC device. An application data is stored into a separate application memory of the HVAC device.

Abstract: It is an object of the present invention to provide an information processing device and a memory management method that enable execution of memory management processing for simultaneously starting up two types of applications. During execution of an application in the form of a Java application, the application starts up another an application in the form of Flash data, and then a native software in the form of a Flash Player causes a memory management unit to secures a prescribed memory area from a memory area for the native software. A native software then starts up the other application using the secured memory area.

Abstract: The present invention discloses a solution for second failure data capture problem determination using user selective memory protection to trace application failures. In the solution, one or more data structures can be selected by a user to be allocated a unique address space from a debug heap. The address space called a region can be assigned permissions for which executable code can access the contents. Permissions can include full access (e.g., read/write), read, and no access which can “lock” the region against specific types of access. The user can permit known trusted executable code to access allocated regions. Untrusted executable code attempting to access “locked” regions will result in an application failure event (e.g., segmentation fault). The failure can be used to determine the point of memory corruption through inspection of the stack trace.

Abstract: The disclosure provides an HVAC data processing and communication network and a method of manufacturing the same. In an embodiment, the network includes a user interface and a system device. The user interface is configured to publish a privilege request message to a data bus. The system device is configured to receive messages via the data bus and to store configuration data in nonvolatile memory. The system device is further configured to enable a privileged operating mode not normally available to a user of the network in response to the privilege request message.

Abstract: A device for processing information and the working method of the same are provided. The device for processing information comprises: a memory in which logic for driving a firmware is stored; a connector for connecting the memory to an external device; and a control unit for providing an interface with a host, for communicating with the host through the connector, and for reading and recording data on the memory. The control unit comprises: a first storing device in which a routine for calling the firmware logic stored in the memory is stored; and a processor for executing the firmware logic, stored in the memory, using the routine stored in the first storing device.

Abstract: A data storage device includes a storage module for storing data, a control module coupled to the storage module for detecting signals and controlling their transmission, an interface coupled to the control module for connecting the data storage device to a periphery device, a radio frequency fingerprint scanning module coupled to the control module for detecting fingerprints and transmitting fingerprint signals to the control module, and a light emitting diode (LED) indicator coupled to the control module to indicate a fingerprint scanning region on the data storage device.

Abstract: An example of a device comprises a storage which stores data which is input from outside and to which tracking information is added, a section which detects a first reading event of first data from the storage to which the tracking information is added, a section which detects, after the first reading event, a first writing event to part of character string data to the storage, a section which detects, after the first writing event, a second reading event of second data from the storage to which the tracking information is added, a section which detects, after the second reading event, a second writing event to part of the character string data to the storage, and a section which adds, when the first reading/writing event, second reading/writing event are detected, the tracking information to data to be written to the storage by the first and second writing event.

Abstract: In general, in one aspect, the disclosure describes an apparatus that includes updatable non-volatile memory to store firmware and non-updateable non-volatile memory to store an interrupt sequence. The apparatus includes a chip interface to receive an interrupt instruction from management firmware. Receipt of the interrupt instruction controls access to and initiation of the interrupt sequence. After initiation of the interrupt sequence the apparatus may receive a firmware update and/or validate the firmware is from a valid source. The validation of the firmware may include utilizing the management firmware to verify the cryptographic signature for the firmware.

Abstract: According to an embodiment, a programmable logic device includes a plurality of logic blocks and a logic unit. The logic blocks are grouped into one or more partitions. The logic unit controls external access to the one or more partitions, controls programming of the one or more partitions and controls interconnection and operation of the one or more partitions during operation of the programmable logic device.

Abstract: Apparatus, systems, and method for content self-scanning within a storage system. Features and aspects hereof operable within a storage controller of a storage system scan blocks of data within the storage system to detect the presence of a pattern in one or more data blocks. The patterns to be matched may be stored as regular expressions in a pattern database in the storage system and may represent, for example, viruses to be detected in the data blocks of the storage system. Data blocks may be scanned, in real time, as they are received from an attached host system. Data blocks may also be retrieved from within the storage system for scanning. The storage system may cooperate with a scanning service computer to determine a file of data blocks related to any data block that matches a portion of a pattern.

Abstract: A disk apparatus is configured to be connected to a host device, and has a security program for preventing unauthorized user access to the disk apparatus. A disk medium stores a boot program for executing a boot process of the disk apparatus, and a security program storage device stores the security program. A processor is provided for retrieving the security program from the storage device and enabling the host device to execute the security program. The boot program is executed by the host device when the host device determines from executing the security system that the disk apparatus may be accessed by the user.

Abstract: Device and method for controlling caches, comprising a decoder configured to decode additional information of datasets retrievable from a memory, wherein the decoded additional information is configured to control whether particular ones of the datasets are to be stored in a cache.

Abstract: A device and method is provided for commonly and securely allowing, as access control on a memory card, a plurality of information processing apparatuses to lock/unlock the memory. On the basis of a lock command input from an information processing apparatus serving as a host, such as a PC, an information storage device, such as a memory card, determines whether (a) a standard lock key set serving as a key set prohibiting output or (b) an export lock key set serving as a key set permitting output is detected and stores corresponding key set information. Only when the export lock key set is detected, output is permitted provided that predetermined verification succeeds.

Abstract: In one embodiment, the present invention provides for extended memory protection for memory of a system. The embodiment includes a method for associating a protection indicator of a protection record maintained outside of an application's data space with a memory location, and preventing access to the memory location based on the status of the protection indicator. In such manner, more secure operation is provided, as malicious code or other malware is prevented from accessing protected memory locations. Other embodiments are described and claimed.

Abstract: Systems and methods for distributed shared caching in a clustered file system, wherein coordination between the distributed caches, their coherency and concurrency management, are all done based on the granularity of data segments rather than files. As a consequence, this new caching system and method provides enhanced performance in an environment of intensive access patterns to shared files.

Abstract: A system and method to securing a computer system from software viruses and other malicious code by intercepting attempts by the malicious code to write data to a storage medium. The invention intercepts the write access requests made by programs and verifies that the program is authorized to write before letting the write proceed. Authorization is determined by using the identity of the program as a query element into a database where permission values are stored. Depending on the presence or value of the permission value, write access is permitted or denied. Permission values can be set by the user, downloaded from a central server, or loaded into the central server by a group of users in order to collectively determine a permission value. The interception code can operate in kernel mode.

Abstract: An access instruction portion that sends an access instruction to the storage apparatus in response to being accessed from the terminal; and an access management portion that sends a confirmation notification to the access instruction portion in response to receiving the access instruction, wherein the access instruction portion comprises: an access instruction distinction step of determining whether or not the sender of the access instruction related to that confirmation notification is the access instruction portion; and an unauthorized access instruction detection portion that determines, on the basis of determination result made by the access instruction distinction portion, the access instruction received by the access management portion from a sender other than the access instruction portion as an unauthorized access instruction.

Abstract: An objective is to prevent a downloaded application from accessing data in an external memory unrelated to the application, and to achieve safer management of access to the external memory. An external memory function module 15 is a function module that controls access of an application downloaded in a cell phone 1, to an external memory 2. This external memory function module 15 has a bind ID acquirer 156 for acquiring a bind ID to specify the application downloaded, a discrimination ID acquirer 157 for acquiring a directory discrimination ID to specify an application permitted to access a directory, and an access controller 158 for checking the bind ID against the directory discrimination ID and for, when they coincide with each other, performing such control as to permit access of the application to the directory.

Abstract: A hard disk drive is provided for enhancing random number generation. In particular embodiments, the hard disk drive includes a storage subsystem and a controller. The controller generates a random number based on information associated with the storage subsystem. The controller transmits the random number to a host system.

Abstract: Systems and methods are provided for preventing unauthorized modification of an operating system. The system includes an operating system comprised of kernel code for controlling access to operation of a processing unit. The system further includes an enforcement agent executing at a higher privilege than the kernel code such that any changes to the kernel code are approved by the enforcement agent prior to execution.

Abstract: A method for network storage access rights management operates storage access rights of network storage directories or network storage files that an authorizing user sets for an authorized user. Authorization may be set for an authorized user in the network storage access rights metadata of the authorizing user according to the storage access rights information that the authorizing user requests to operate. Accordingly, the authorized user is allowed to access network storage locations of the authorizing user. A method for network storage access control and an apparatus for network storage access rights management are also provided.

Abstract: A reset generator for resetting at least one register in a register bank. The register generator comprises a scan mode input terminal configured to input a scan mode signal, a system reset input terminal configured to input a system reset signal, a secure reset output terminal configured to output a secure reset signal and a combination logic unit configured to combine the scan mode signal and the system reset signal. The combination is such that when the scan mode of the at least one register is activated, the secure reset signal is immediately activated for resetting the at least one register. The activation of the secure reset signal is independent of the system reset signal. The secure reset signal is deactivated when the system reset signal is deactivated and the secure reset signal follows the activation/deactivation cycles of the system reset signal after deactivation.

Abstract: The present invention discloses methods for an application, running on a host system, to access a restricted area of a storage device, the method including the steps of: providing a file system for running on the host system; restricting access, by the file system, to the restricted area; sending an indication, from the application to the storage device, that data being sent by the application to the storage device via the file system is intended for the restricted area; detecting the indication in the storage device; and making the data, residing in the restricted area, available for reading by the application upon receiving an application request. Preferably, the method further includes the step of: releasing wasted areas, of the storage device, for use by the file system. Preferably, the method further includes the step of: copying non-restricted data from a non-restricted area into the restricted area.

Abstract: Computer programs are preprocessed to produce normalized or standard versions to remove obfuscation that might prevent the detection of embedded malware through comparison with standard malware signatures. The normalization process can provide an unpacking of compressed or encrypted malware, a reordering of the malware into a standard form, and the detection and removal of semantically identified nonfunctional code added to disguise the malware.

Abstract: The invention relates to a non-volatile memory device comprising: an input for providing external data (D1) to be stored on the non-volatile memory device; and a first non-volatile memory block (100) and a second non-volatile memory block (200), the first non-volatile memory block (100) and the second non-volatile memory block (200) being provided on a single die (10), wherein the first non-volatile memory block (100) and second non-volatile memory block (200) are of a different type such that the first non-volatile memory block (100) and the second non-volatile memory block (200) require incompatible external attack techniques in order to retrieve data there from, the external data (D1) being stored in a distributed way (D1?, D1?) into both the first non-volatile memory block (100) and the second non-volatile memory block (200). The invention further relates to method of protecting data in a non-volatile memory device.

Abstract: A data storage device may include one or more pages, each page having a fixed number of memory cells, each memory cell being adapted to store one unit of data; a verification page, the verification page having a corresponding fixed number of verification cells, each verification cell storing a predetermined value; and a controller configured to 1) receive a read command having an address value, and 2) upon receiving the read command, a) retrieve a predetermined value from a verification cell corresponding to the address value, b) determine whether the retrieved predetermined value is an expected value, and c) if so, providing a retrieved unit of data, and if not, initiating a protective action. Determining whether the retrieved predetermined value is the expected value may include applying a function to the address value to obtain a result and determining whether the result corresponds to the retrieved predetermined value.

Abstract: An embodiment of the invention provides an apparatus and method for providing data security for use with a file system. The apparatus and method performs acts including: applying a mapping function to data block numbers that are associated with a file; and obtaining mapped data block numbers after applying the mapping function, wherein the mapped data block numbers are addresses of data of the file in a storage device.

Abstract: Methods, systems, and computer program products for controlling information read/write processing. The method includes assigning a plurality of division areas to a shared storage area for storing a shared object: specifying a division area used for read/write processing in accordance with user identification information for identifying a user; and executing the read processing for reading information from a specified division area and the write processing for writing information to the specified division area. The shared object is shared among a plurality of processes.

Abstract: A storage router (56) and storage network (50) provide virtual local storage on remote SCSI storage devices (60, 62, 64) to Fibre Channel devices. A plurality of Fibre Channel devices, such as workstations (58), are connected to a Fibre Channel transport medium (52), and a plurality of SCSI storage devices (60, 62, 64) are connected to a SCSI bus transport medium (54) The storage router (56) interfaces between the Fibre Channel transport medium (52) and the SCSI bus transport medium (54). The storage router (56) maps between the workstations (58) and the SCSI storage devices (60, 62, 64) and implements access controls for storage space on the SCSI storage devices (60, 62, 64). The storage router (56) then allows access from the workstations (58) to the SCSI storage devices (60, 62, 64) using native low level, block protocol in accordance with the mapping and the access controls.

Abstract: The present invention describes a system and a method for securely loading digital information from a storage device into a memory module in a data processing system, said data processing system comprising at least one storage device, one memory module and at least one processor, said data processing system further comprising a memory access controller module connected between the processor and the memory module, and a secure memory management module connected to the processor, the memory module, the storage device and the memory access controller. Requests by the processor for data are passed to the secure memory management module, which loads the data from the storage device to the memory module and configures the memory access controller such that the processor will have access to the data.

Abstract: A method of writing data into a semiconductor memory (11) in which nonvolatile memory cells (MC) each having a gate connected to a word line (WL) are connected in series, the method comprising selecting (S13) a scrambling method for the data according to a word line address for memory cells (MC) into which data is to be written, scrambling (S14) the data, and writing (S15) the scrambled data into the memory cells (MC) according to the word line address. The data is scrambled using the selected scrambling method.

Abstract: A virtual computer system where a plurality of guest domains run on one information processing device. The virtual computer system includes a system region for storing software, which is installed for the plurality of guest domains, to be managed by the virtual computer system in a shared manner and an update region for actually storing data when each of the plurality of guest domains makes a write access to the system region.

Abstract: According to the present invention, there is provided a system for securing data with a storage system. The system includes at least one storage device. In addition, the system includes a security mechanism for recognizing an attempt to insert or remove the storage device. Moreover, the system includes a management unit to control the insertion and removal of the storage device.

Abstract: A wireless virtual storage apparatus and a remote file accessing method are utilized for a multimedia electronic device accessing remote files in a remote database. The apparatus includes a wireless network interface, microprocessor, and bus interface. The microprocessor runs a file system program, so as to create a virtual partition. Then the processor connects to a removable storage media reader of the multimedia electronic device via the bus interface, and the virtual partition is mounted by the multimedia electronic device. The microprocessor logs in the remote database via the wireless network interface, and creates virtual files in the virtual partition corresponding to the remote files. When the multimedia electronic device accessing the virtual files, the microprocessor loads the remote files from the remote database and changes the accessing path of the multimedia electronic device to the loaded remote files.

Abstract: According to an aspect of the present invention, there is provided an information processing apparatus including: a date generating module configured to generate date information in a real time; a nonvolatile recording module configured to record the date information in a given area; and a recording control module configured to access to the given area when specific software is started, wherein the recording control module is configured to record present date information generated by the date generating module in the given area when the date information is not recorded in the given area.

Abstract: An emulation apparatus includes a translator, a first memory map, a second memory map, and a rewriting unit. The translator translates an instruction output from the target program to an instruction executable by the emulation apparatus. The first memory map is located in a memory region for use by the target program and is write-protected based on operation environment of the emulation apparatus. The second memory map is write-protected based on at least one of the execution environment of the target program and content of the instruction from the target program. The rewriting unit rewrites a first write instruction output from the translator to a second write instruction to the second memory map when the first write instruction causes a write protection violation to the first memory map.

Abstract: An apparatus providing for a secure execution environment. The apparatus includes a microprocessor and a secure non-volatile memory. The microprocessor is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus. The secure non-volatile memory is coupled to the microprocessor via a private bus. The secure non-volatile memory is configured to store the secure application program, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor.

Abstract: An embodiment of the present invention is a technique to protect memory. A memory identifiers storage stores memory identifiers associated with protected components. The memory identifiers include exclusive memory identifiers and shared memory identifiers. The memory identifier storage is protected from access by a host operating system. A memory identifier management service (MMS) manages the memory identifiers. The MMS resides in a protected environment. An access control enforcer (ACE) enforces an access control policy with the memory identifiers.