Abstract: A secure memory access system includes a memory control module, at least one direct memory access module, and a plurality of input/output interface modules. The direct memory access module is operative to transfer information between all of the input/output interface modules and the memory control module in response to transfer configuration information.

Abstract: This digital portable personal stereo comprises a housing containing a connection interface for connection to earphones; a digital memory immovably attached to the housing; an electronic circuit for accessing said memory; and a control interface for controlling said electronic circuit wherein that a encrypted audio content is prerecorded in the digital memory, and in that the portable personal stereo is adapted to prevent any other audio content from being written in the digital memory.

Abstract: One embodiment of the invention discloses a method for receiving in a virtual machine (VM) contents of a program for creating a virtual environment for interacting with a host platform in a computing device; and determining by the VM if the received contents comprise predetermined instructions for performing at least one unauthorized task. Another embodiment of the invention discloses a method for receiving a system call for a host platform in communication with a VM of a computing device; and determining by the VM if the received system call comprises at least one predetermined system call for performing at least one unauthorized task. Yet another embodiment of the invention discloses a method for receiving a virtualized memory address for a host platform in communication with a VM of a computing device; and determining by the VM if the received virtualized memory address comprises at least one predetermined unauthorized virtualized memory address.

Abstract: A controller of a storage device having a user area storing an operating system, the storage device developing the operating system stored in the user area on a host device in accordance with an access from the host device. The controller includes a user authentication routine storage controlling unit that stores a user authentication routine for executing user authentication before startup of the operating system, in a predetermined area inside the user area, and an access controlling unit that permits access to the predetermined area from the host device when the user authentication routine is used, while prohibiting access to the predetermined area from the host device when the user authentication routine is not used.

Abstract: A method of restricting file access is disclosed wherein a set of file write access commands are determined from data stored within a storage medium. The set of file write access commands are for the entire storage medium. Any matching file write access command provided to the file system for that storage medium results in an error message. Other file write access commands are, however, passed onto a device driver for the storage medium and are implemented. In this way commands such as file delete and file overwrite can be disabled for an entire storage medium.

Abstract: Provided is an access right managing method for a resource of a storage system, in which a management computer stores access right definition information of the resource, and resource correspondence information including information on a management program which manages another resource related to the resource managed by the management program. In case of which receiving an updating request of an access right of the resource, the management computer updates an access right based on the updating request of the access right, selects a management program of the resource whose access right is requested to be updated based on the resource correspondence information, transmits an updating request of an access right for a relative resource to a management computer which executes the selected management program, and in case of which the access right updating request of the related resource is received, updates the access right of the relative resource.

Abstract: A computer system including a copy source volume and a copy target volume which may be selectably PAIRED or SPLIT. User management information stores: an entry indicating that a first user is permitted to effect a PAIR operation and a PATH operation; and, an entry indicating that a second user is permitted to effect a PATH operation. Operation management information indicates permitted PATH and PAIR operations in relation to each user and a volume's PAIR or SPLIT status, and stores: an entry indicating that the first user is permitted to effect the PAIR operation in which the PAIR status is PAIR, or is SPLIT WITH BACKUP DISABLED; and, an entry indicating that the second user is permitted to effect the PATH operations in which the PAIR status is SPLIT WITH BACKUP ENABLED. PAIR management information stores the PAIR status and the BACKUP ENABLED or DISABLED status.

Abstract: The present invention is directed to an archival data storage system. The archival data storage system includes write once and read many (WORM) capability, data redundancy, error correction, and access control. The combination of these capabilities enable the archival storage system to be secure, error proof, and reliable. Additionally, to provide fast data access time, solid state storage devices are used in place of conventional tape drive. Solid state storage devices such as, for example, flash memory devices are fast, versatile and reliable.

Abstract: Computer-based methods, techniques, and systems for automatically protecting a storage device from unwanted alterations are provided. Example embodiments provide a Disk Access Redirection System, which includes a Redirection Driver, an Available Space Table (“AST”), a Protected Space Redirection Table (“PSRT”), and optionally an Unprotected Space Table (“UST”). The Redirection Driver is installed and registered with the computer operating system so that it can intercept storage device access requests (such as a disk read/write). When a storage access request for a read or write is sent, the request is intercepted by the Redirection Driver, transparent to the code that invokes the storage access request.

Abstract: Embodiments relate to systems and methods for managing stalled storage devices of a storage system. In one embodiment, a method for managing access to storage devices includes determining that a first storage device, which stores a first resource, is stalled and transitioning the first storage device to a stalled state. The method also includes receiving an access request for at least a portion of the first resource while the first storage device is in the stalled state and attempting to provide access to a representation of the portion of the first resource from at least a second storage device that is not in a stalled state. In another embodiment, a method of managing access requests by a thread for a resource stored on a storage device includes initializing a thread access level for an access request by a thread for the resource.

Abstract: A user data protection method in which a management server includes an address replacement table having correspondence relation of memory addresses of a memory assigned to a virtual server and memory addresses of a memory assigned to a virtualization mechanism which is different from that at usual time, comprising the steps of: making, when an event occurs, the virtual server send virtual server identifier information for identifying the virtual server to the management server; making the management server detect the event; making the management server specify the virtual server in which the event occurs in accordance with the virtual server identifier information; sending the address replacement table to the virtualization mechanism of the physical server including the specified virtual server; and changing the correspondence relation of the memory addresses of the virtual server and the memory addresses of the virtualization mechanism on the basis of the address replacement table.

Abstract: One embodiment of the present application includes a microcontroller (30) that has an embedded memory (46), a programmable processor (32), and a test interface (34). The memory (46) is accessible through the test interface (34). In response to resetting this microcontroller (30), a counter is started and the test interface (34) is initially set to a disabled state while an initiation program is executed. The test interface (34) is changed to an enabled state—such that access to the embedded memory (46) is permitted through it—when the counter reaches a predefined value unless the microcontroller (30) executes programming code before the predefined value is reached to provide the disabled state during subsequent microcontroller (30) operation.

Abstract: A method of scanning for viruses in the memory of a computing device in which only memory pages marked as executable need to be scanned. The trigger for the scan can be either via an API that changes a page from writeable to executable, or via a kernel notification that an executable page has been modified. This invention is efficient, in that it makes much previous scanning of file systems redundant; this saves power and causes devices to execute faster. It is also more secure, as it detects viruses that other methods cannot reach, and does so at the point of execution.

Abstract: A method and apparatus for managing a folder is provided. The method includes: setting a drive correspondence table showing a correspondence relation of first location information including location information of an apparent drive allocated to the folder in the operating system and second location information including location information of a target drive to be actually allocated to the folder; and changing, in response to a request for an access to the folder requested by the operating system, location information allocated to the folder from the first location information of the apparent drive allocated to the folder to the second location information of the target drive allocated to the folder in accordance with the drive correspondence table without notifying the operating system of a change of location information of the drive allocated to the folder, whereby enabling the operating system to consequently access the folder in the target drive.

Abstract: A microcontroller system, such as a system-on-a-chip integrated circuit, including a processor (e.g., a Von Neumann processor), memory, and a memory protection unit (MPU), where the MPU provides execute-only access rights for one or more protected areas of the memory. The MPU can allow instructions fetched from within a protected area to access data in the protected area while preventing instructions fetched from outside the protected area from accessing data in the protected area.

Abstract: A Secure Non-autonomous Peering (SNAP) system includes a hierarchical digital watermarking scheme, a central licensing authority, licensed fabricators and assemblers.

Abstract: A method and apparatus for protecting access to sensitive information stored in vulnerable storage areas (e.g., public memory, registers, cache) of a microprocessor. A microprocessor having a reset port to receive external reset commands may have a reset diversion circuit that may be selectively enabled. The microprocessor may operate in an open mode or a secure mode, indicating the absence or the potential presence, respectively, of sensitive information in the vulnerable storage areas. In open mode, the reset diversion circuit may be disabled such that external reset requests triggers a hardware reset. In secure mode, sensitive information may be recorded on vulnerable storage areas. The reset diversion circuit may be enabled to divert external reset requests to an interrupt which may trigger execution of a software code. The software code, when executed, may perform a secured system clean-up routine to erase the vulnerable storage areas prior to reset.

Abstract: Bulk data transfers by directly accessing a persistent and secured area on the data storage device, e.g., a disk drive having a magnetic storage medium, without relying on the system operating system to execute its read/write operations. For a disk drive, the Protected Area Run Time Interface Extension (PARTIES) technology is applied to create and organize a secured sub-area within a secured storage area. The secured sub-area is a data buffer to and from which large data file transfers can be made with data authenticity and confidentiality. Since this new secured sub-area is not organized and protected by the operating system, it is inherently protected from attack by viruses or Trojan horse software whose effectiveness depends on their ability to maliciously direct the operating system. In addition, the read/write operations bypass command payload limits while reducing data and command validation costs.

Abstract: A method for protecting data in the hard disk is provided. The method is suitable for a computer system and includes the following steps. First, a plurality of specification parameters conforming to the computer system is read. Next, a part of the specification parameters are encoded for obtaining a recognition byte. Then, when the computer system writes data to a hard disk, a specific operation is performed to a byte read or written by the hard disk and the recognition byte for maintaining a security of the data in the hard disk.

Abstract: Provided is a system and method for the collection and production of documents in a judicial setting. The disclosed technology provides a rapid, cost-efficient system for document production that requires no local workstation or laptop software installation. Both a web-based solution and a hard drive based solution are provided. Collected information is stored, analyzed, filtered and indexed, all while adhering to strict document preservation and chain of custody requirements. Filtering can be based upon such criteria as file type, date range, key word searches and individual or group custodial selection. Also provided are procedures to notify parties of the need to preserve information that may be subject to disclosure. In addition, the disclosed technology provides the identification and elimination of duplicate and modified documents while preserving information, including associated metadata, associated with such files.

Abstract: A processor-based method, system and apparatus to comprise a method, system and apparatus to access a memory location in an on-chip memory based on a virtual processing element identification associated with an instruction. The system comprises multiple virtual processing elements, an access list and a comparator coupled to the memory and the access list. In response to an instruction from a virtual processing element to access a memory location in the memory, the comparator compares a first virtual processing identification associated with the instruction to a second virtual processing identification stored in the access list and grants access to the virtual processing element to read from or write to the memory location if the first virtual processing element identification is equal to the second virtual processing element identification. The data in the memory is allocated and de-allocated by software.

Abstract: A fixed length memory block management apparatus has a plurality of processors which execute applications, a memory which is shared by the plurality of processors, an application program, an initialization program, and an access right allocation program being stored in the memory. The apparatus has an application execution unit which starts up the application program to execute the application, an initialization unit which starts up the initialization program to set a memory block management area including a plurality of sub-blocks at the memory, and an access right allocation unit which starts up the access right allocation program to allocate an access right of a memory block of the sub-block set by the initialization unit to the application execution unit.

Abstract: A system and method is introduced for protecting software from being altered, duplicated, inspected or used in an unauthorized manner. An autonomous software protection device is presented, containing encryption and decryption unit along with an independent execution environment such as a Java Virtual Machine to carry out computations in a protected environment. The software protection device carries out protected code and may make use of protected data to carry out protected computations. Unsecured memory may be used securely by software protection device through an internal virtual memory mechanism managed by the independent execution environment. The software protection device may serve an external computing device for making computations that are protected from software and data alteration and inspection while preventing duplication and usage not as intended by the software and data owner.

Abstract: According to an exemplary embodiment a method for securely storing a message comprises dividing a first message into a first plurality of shares, and storing the first plurality of shares on a storing host together with a second plurality of shares of at least a second message, wherein the storing is performed in a mixed manner.

Abstract: A method for transmitting and dispatching data stream, which is used for transmitting data stream to a storage device having a non-volatile memory and a smart card chip from a host, is provided. The method includes: setting a key between the host and the storage device; creating a temporary file in the non-volatile memory; verifying the temporary file based on the key; recording a logical block address of the temporary file when verification of the temporary file is successful; and judging whether the data stream from the host is written at the logical block address, wherein the data stream is identified to be a command-application protocol data unit (C-APDU) and is dispatched to the smart card chip when the data stream from the host is written at the logical block address. Accordingly, it is possible to efficiently distinguish a general data from a command of the smart card chip.

Abstract: What is provided is an enhanced dynamic address translation facility. In one embodiment, a virtual address to be translated and an initial origin address of a translation table of the hierarchy of translation tables are obtained. An index portion of the virtual address is used to reference an entry in the translation table. If the format control field is enabled, a frame address of a large block of data in main storage is obtained from the translation table entry. The large block of data is a block of at least 1M byte in size. The frame address is then combined with an offset portion of the virtual address to form the translated address of a desired block of data within the large block of data in main storage. The desired large block of data addressed by the translated address is then accessed.

Abstract: A semiconductor memory card that has a sufficient storage capacity when an EC application writes data to a storage is provided. A usage area for the EC application in an EEPROM 3 in a TRM 1 is expanded. The expansion is such that a partition generated in a flash memory 2 outside the TRM 1 is assigned to the EC application while a partition table is allocated in the internal EEPROM 3. Because the partition table is in the TRM 1, only a CPU 7 in the TRM 1 is able to access the generated partition table. Secrecy of stored contents increases because the access to the expanded area is limited to the CPU 7 in the TRM 1.

Abstract: A storage control system in which a first storage controller is connected to a storage device in a second storage controller and the first storage controller is configured to be able to read and write data from/to the storage device in the second storage controller in response to a request from a host device connected to the first storage apparatus, the first storage controller including: a controller for controlling data transmission and reception between the host device and the storage device in the second storage controller; and a cache memory for temporarily storing the data, wherein the controller sets a threshold value for storage capacity in the cache memory assigned to the storage device according to the properties of the storage device.

Abstract: A fiscal data recorder for storing transaction related data in a point of sale system is provided with a processing unit receiving the transaction related data. Memory in communication with the processing unit is operable to store the transaction related data. A protection circuit acting between the processing unit and the memory inhibits the electronic tampering with the transaction data stored in the memory.

Abstract: A graphics engine may include a decryption device, a renderer, and a sprite or overlay engine, all connected to a display. A memory may have a protected and non-protected portions in one embodiment. An application may store encrypted content on the non-protected portion of said memory. The decryption device may access the encrypted material, decrypt the material, and provide it to the renderer engine of a graphics engine. The graphics engine may then process the decrypted material using the protected portion of the memory. Only graphics devices can access the protected portion of the memory in at least one mode, preventing access by outside sources. In addition, the protected memory may be stolen memory that is not identified to the operating system, making that stolen memory inaccessible to applications running on the operating system.

Abstract: A hybrid Single-Compare-Single-Store (SCSS) operation may exploit best-effort hardware transactional memory (HTM) for good performance in the case that it succeeds, and may transparently resort to software-mediated transactions if the hardware transactional mechanisms fail. The SCSS operation may compare a value in a control location to a specified expected value, and if they match, may store a new value in a separate data location. The control value may include a global lock, a transaction status indicator, and/or a portion of an ownership record, in different embodiments. If another transaction in progress owns the data location, the SCSS operation may abort the other transaction or may help it complete by copying the other transactions' write set into its own right set before acquiring ownership. A hybrid SCSS operation, which is usually nonblocking, may be applied to building software transactional memories (STMs) and/or hybrid transactional memories (HyTMs), in some embodiments.

Abstract: A data processing apparatus comprising a data processor for processing data in a secure and a non-secure mode, said data processor processing data in said secure mode having access to secure data that is not accessible to said data processor processing data in said non-secure mode; and a further processing device for performing a task in response to a request from said data processor issued from said non-secure mode, said task comprising processing data at least some of which is secure data, said further processing device comprising a secure data store, said secure data store not being accessible to processes running on said data processor in non-secure mode; wherein prior to issuing any of said requests said data processor is adapted to perform a set up operation on said further data processing device, said set up operation being performed by said data processor operating in said secure mode and comprising storing secure data in said secure data store on said further processing device, said secure data being

Abstract: Methods and apparatus for a solid state non-volatile storage sub-system of a computer is provided. The storage sub-system may include a write-once storage sub-system memory device and a write-many storage sub-system memory device. Numerous other aspects are provided.

Abstract: Systems and/or methods that provide for the accuracy of address translations in a memory system that decouples the system address from the physical address. Address-modifying transactions are recorded in a non-volatile write buffer to couple the last-in-time translation physical address/location with the current translated physical location/address. In addition, integrity check protection may be applied to the translation and to the written data to limit the amount of data that may be lost in the event of a failure/error occurring during the write operation. Transaction recording and integrity check protection allows for recovery of write operations that may not have fully completed due to the failure/error.

Abstract: A data management system enables data on a network such as an internal LAN to be managed and is able to reliably prevent the data from leakage. The data management system has a network to which a management server for data management, a plurality of client PCs having a data processing function, and an optical disk publisher that issues a CD or a DVD into which the data is recorded are connected. The optical disk publisher issues the CD to only an authorized user.

Abstract: In a system comprising a first storage system providing plural first logical volumes including real logical volume and a virtual logical volume with a host, a second storage system having a second logical volume, and a management computer, when the first storage system receives an access request to the virtual logical volume, it accesses a second logical volume associated with the virtual logical volume. In this system, when the management computer receives a request to guard one of the plural first logical volumes, it checks whether a target first logical volume of the request is a real logical volume or a virtual logical volume, in case of the virtual logical volume, generates and provides a possible at least one option to guard the virtual logical volume by considering a program for volume guard, which each of the first storage system and the second storage system has.

Abstract: The invention provides a method for accessing the mass memory of a data carrier with a mass memory and a chip. The data carrier has been or is personalized by an individual date of a use device which is or has already been stored in(to) the chip to a use device for accessing the data carrier, so that the data carrier can only be used with this use device.

Abstract: Systems, methods, and computer products for protecting information during troubleshooting are provided. A dumping mechanism includes marking at least one of a plurality of memory regions in the computer-readable medium as non-dumpable, initiating a core dump, determining which memory regions of the plurality regions are non-dumpable, and dumping the contents only of memory regions not marked as non-dumpable.

Abstract: A method for detecting the operation behavior of the program includes: obtaining the destructive operation behavior of the known virus program; setting the corresponding control and process program according to the destructive operation behavior; making the control and process program get the control right of destructive operation behavior; the destructive operation behavior of the program to be detected calling the corresponding control and process program, the corresponding control and process program recording the operation behavior of the said program to be detected. The method can also return the success response information by the control and process program, so as to induce the program to be detected to perform the next behavior, but the program to be detected don't perform in practicality. That is, the present invention can provide a virtual environment for the program to be detected in order to record a series behavior of it.

Abstract: A data processing device for processing stream data composed of a plurality of frames generated with encoded contents data, which includes a protected storage unit for storing data, being protected from external access, a non-protected storage unit for storing data, a receiving unit for receiving stream data, a separating unit for separating the stream data into protected data including frames necessary for decoding of other frames, and non-protected data not including frames necessary for decoding of other frames, and storing the protected data in the protected storage unit and storing the non-protected data in the non-protected storage unit, and a combining unit for restoring the stream data by combining the protected data stored in the protected storage unit and the non-protected data stored in the non-protected storage unit.

Abstract: Methods and apparatus provide for placing an apparatus into at least one of a plurality of operational modes, wherein: the apparatus includes a local memory, a bus operable to carry information to and from the local memory, one or more arithmetic processing units operable to process data and operatively coupled to the local memory, and a security circuit operable to place the apparatus into the operational modes; and the plurality of operational modes includes: (i) a first mode whereby the apparatus and an external device are operable to initiate a transfer of information into or out of the memory over the bus, (ii) a second mode whereby neither the apparatus nor the external device are operable to initiate a transfer of information into or out of the memory over the bus, and (iii) a third mode whereby the apparatus is operable to initiate a transfer of information into or out of the local memory over the bus, but the external device is not operable to initiate a transfer of information into or out of the loc

Abstract: A software-defined radio includes a radio circuit and an executable radio software system operable with the radio circuit and conforming to the software communications architecture (SCA) specification and defining an operating environment that allows a waveform application to operate with the radio circuit for transmitting and receiving voice and data. A write-protected non-volatile memory is operable with the radio circuit and executable radio software system and has a write enable controlled by a non-driver program such that a wear leveling correction sequence is deferred.

Abstract: A wireless device having a memory is provided. The memory or a protected portion of the memory is subject to a hard erasure of the memory vs. a soft erasure of the memory if a plurality of sensors indicate a threat to the device exists. The threat may be detected by a plurality of sensors, such as, a timer, a connectivity sensor, a location sensor or geo-fence, a breech sensor, an authentication procedure or the like.

Abstract: A method for data integrity protection includes storing items of data in a plurality of data blocks in a storage medium. Respective block signatures are stored in an integrity structure in the storage medium. A block signature of the given data block is computed in response to a first request to read a first data item from a given data block, and the computed signature is verified against a stored signature read from the integrity structure. The verified block signature is saved in a secure cache. The block signature is recomputed upon receiving a second request to read a second data item, subsequent to the first request, and is verified against the verified block signature in the secure cache. The data item is output from the storage medium in response to verifying the recomputed block signature.

Abstract: One embodiment of the present disclosure may take the form of protected or safeguard memory, such as a nonvolatile memory device. In operation, the nonvolatile memory device may not perform a command operation, such as a read operation, on locked password-protected sectors of a primary memory array. Once a password is provided to the nonvolatile memory device (for example, from or via an associated electronic device), the nonvolatile memory device may unlock the password-protected sectors.

Abstract: A memory system includes a main memory, a sub-memory, a controller, first and second data readers and a comparator. The main memory stores data and the sub-memory stores data extracted from the data stored in the main memory for detection of an attack. The controller controls operations of the memory system through interfacing with a host. The first data reader is configured to read first data from the main memory based on address information from the controller. The second data reader is configured to store information relating to second data stored in the sub-memory and to read the second data from the sub-memory based on address information from the controller which is the same as the address information received by the first data reader. The comparator compares the first data read by the first data reader with the second data read by the second data reader to detect the attack.

Abstract: A multi-port memory device includes a refresh register and a refresh controller for preventing refresh starvation in a shared memory unit of the memory device. The memory device further includes a plurality of ports sharing access to the shared memory unit. The refresh register stores information regarding at least one refresh command. The refresh controller determines whether to activate an internal refresh operation at a transition in port authority according to such information stored in the refresh register.

Abstract: A method for protecting data, adapted for a computer system, is provided. The computer system includes a storage device. The method includes: when the computer system executes a power-off procedure, inspecting whether a preset external storage device is connected to the computer system; if it is determined that the preset external storage device is connected to the computer system, when the computer system executes the power-off procedure, backing up data of a predetermined segment of the storage device to the preset external storage device, and generating a back-up data, and then writing a specific data template to the predetermined segment for covering original data of the predetermined segment.

Abstract: A disclosed memory card includes: a control unit; a nonvolatile memory; and a program memory, wherein the program memory stores control programs for plural standards, the control programs controlling data access between the nonvolatile memory and an external device as a memory card.

Abstract: The illustrative embodiments described herein provide an apparatus for copying data onto a secondary storage device. In one embodiment, a process identifies data associated with a data processing system to form a first set of data. The first set of data is stored on a primary storage device. The process copies the first set of data from the primary storage device to the secondary storage device to form a second set of data. The process also restricts an operating system in the data processing system from accessing the secondary storage device.