Abstract: The invention relates to methods of interleaving payload data and integrity control data in an external memory interfaced with a microcontroller to improve data integrity check, enhance data confidentiality and save internal memory. Data words and are received for storing in the external memory. Each data word is used to generate a respective integrity word, while an associated logic address is translated to two physical addresses in the external memory, one for the data word and the other for the integrity word. The two physical addresses for the data and integrity words are interleaved in the external memory, and sometimes, in a periodic scheme. In particular, each data word may be associated to an integrity sub-word included in an integrity word having the same length with that of a data word. The external memory may have dedicated regions for the data words and the integrity words, respectively.

Abstract: Method and apparatus for writing data to a non-volatile memory device, such as a solid state drive (SSD). In accordance with various embodiments, a host write command is serviced by writing a newer copy of user data to a first selected empty physical location in a non-volatile memory, and by concurrently overwriting an older copy of said user data previously stored to a different, second selected occupied physical location of the non-volatile memory.

Abstract: Methods and systems for selective encryption and secured extent quota management for storage servers in cloud computing are provided. A method includes associating at least one secure storage disk and at least one non-secure storage disk to a virtual disk, and associating the virtual disk to an application to allow access of the at least one secure storage disk and the at least one non-secure storage disk. The method further includes accessing the at least one secure storage disk and the at least one non-secure storage disk based on the associating of the virtual disk to the application, to write or read confidential and non-confidential data associated with the application into a respective one of the at least one secure storage disk and the at least one non-secure storage disk.

Abstract: These embodiments relate to authentication and securing of write-once, read-many (WORM) memory devices. In one embodiment, a memory device comprises a controller operable in first and second modes of operation after stored security information is validated, wherein in the first mode of operation, the memory device operates in a read-only mode, and wherein in the second mode of operation, the memory device operates in a write-once, read-many (WORM) mode. In another embodiment, the controller is operative to perform security methods.

Abstract: According to one embodiment, a storage device includes, when power is supplied to a storage unit, counting of an elapsed time is started. If a command is input from a host device, and the elapsed time from input of a previous command to input of a current command is calculated based on time information clocked by the host device and on a counter value counted until the corresponding command is input. Matching of the time information is determined based on a temporal relation between the adding result of adding the calculated elapsed time to the time information included in the previous command and the time information included in the current command. When the mismatching is determined, data in the storage unit is invalidated.

Abstract: Methods and apparatuses for improving security of an integrated circuit (IC) are provided. A tamper condition is detected and a digital key stored in the IC is erased. The digital key is associated with a first image loaded onto the IC from a first memory. The memory may be a non-volatile memory module. A second image is loaded into a second memory module. The second memory module may be an embedded memory module, e.g., a control random access memory (CRAM) module. The first image is then erased from the first and second memory modules.

Abstract: A method for storing data in which the data to be stored is divided into a plurality of source blocks, each source block subjected to steps including defining a block key for the source block based on a random function, encrypting the source block by utilizing the defined block key, selecting at least one first storage location and one second storage location from a plurality of different available storage locations, storing control data that includes information on the defined block key at the first selected storage location, and storing encrypted data that includes information on the encrypted source block at the second selected storage location.

Abstract: A secure, dual server electronic data maintenance system and associated removable memory storage devices (e.g., smartcards). The system includes a first remote server that stores card holder identification information associated with multiple card holders, and a second remote server that stores electronic data associated with the card holders. The electronic data maintained on the second remote server cannot be correlated to the card holder identification information maintained on the first remote server based on the information contained in the first and second remote servers. To permit correlation of the files, the removable memory storage devices store correlation information sufficient to uniquely associate particular card holder identification information stored on the first remote computer server with associated card holder's electronic data stored on the second remote server. The removable memory storage device also allows the card holder to engage in monetary transactions.

Abstract: In some examples, a system includes a data storage device that stores data and a monitor device that monitors a physical domain in which the data storage device is located and conditions access to data stored by the data storage device based on communication between the monitor device and the data storage device. In some examples, the system is configured to impede access to the data when at least one of operation the monitor device fails or the monitor device is attacked. Additionally, in some examples, the monitor device is configured to restrict access to the data when the monitor device is engaged and an attacker attempts to access the data storage device directly.

Abstract: A method for making memory more reliable involves accessing data stored in a removable storage device by translating a logical memory address provided by a host digital device to a physical memory address in the device. A logical memory address is received from the host digital device. The logical memory address corresponds to a location of data stored on the removable storage device. A physical memory address corresponding to the local address is determined by accessing a lookup table corresponding to the logical zone.

Abstract: Embodiments in accordance with the invention utilize the cryptographic transformation function of an SP processor to encrypt data at rest. The use of the primary processor-based cryptographic transformation function is preferable to use of an auxiliary cryptographic processor because the transformation occurs directly, and thus can be faster and more cost effective.

Abstract: A method includes providing a persistent common view of data, services, and infrastructure functions accessible via one or more shared storage systems of a plurality of shared storage systems of a virtual shared storage system. The method includes applying different governance policies to two or more shared storage systems of the plurality of shared storage systems. The method includes restricting access to first content accessible via a first shared storage system of the plurality of shared storage systems based on a security level associated with a data consumer. The first content corresponds to at least one of first data, a first service, and a first infrastructure function.

Abstract: A memory card includes one or more memory chips that store memory quality data including a storage volume value; and a certification storing unit that stores a storage volume certification including a sum storage volume value of one or more memory chips.

Abstract: A secure USB flash drive employing digital rights management to implement secure digital media storage such as that provided by encrypted storage utilizing content protection for recordable media (CPRM) or the like. Unlike a secure digital card which provides such protection, it does not need an SD card port which is CPRM enabled, or alternatively a reader adapted for use therewith. The form factor can be that of a standard USB flash drive and a standard USB connector is employed making the device and its use familiar and comfortable to the average consumer.

Abstract: A system comprises a memory module configured to store signed page table data and a selected processing element coupled to the memory module. The selected processing element is one of a plurality of processing elements, which together comprise a portion of a multiprocessor system. The selected processing element is configured to authenticate page table management code and, based on authenticated page table management code, to sign page table data that is subsequently stored in the memory module, and to verify signed page table data that is read from the memory module.

Abstract: Subject matter disclosed herein relates to memory devices and security of same.

Abstract: A secure erase system for a solid state memory device is disclosed. A memory area provides a data block for storing data and a key block for storing at least one key. A translation unit maps a logical address to a physical address associated with the memory area. An encryption unit encrypts plaintext data to be written to the memory area with the associated key and decrypts the encrypted data to be read by a host with the associated key. The key associated with a logical erase group to be secure erased is deleted after receiving a command requesting to erase the data associated with the logical erase group.

Abstract: Methods of securely authenticating a host to a storage system are provided. A series of authentication sessions are illustratively performed. Each of the authentication sessions includes the host transmitting an authentication request to the storage system. The storage system authenticates the host based at least in part upon a content of the authentication request. After each successful authentication of the host to the storage system, an encryption key that was utilized in encrypting the authentication request that was transmitted to the storage system is deleted. After each encryption key deletion, a new encryption key that is different than the previous key is optionally stored and is utilized in the next authentication session.

Abstract: An information processing terminal (101) includes: a storage area (206), in which general information (211) and confidential information (210) are recorded; an input/output receiving unit (201) which receives an access command to general information (211) or confidential information (210); a route information holding unit (203) in which route information is held, the route information indicating an area of activity in which access to the confidential information (210) is allowed; a current location acquisition unit (304) which acquires current location information indicating the current location of the information processing terminal (101); an access determination unit (305) which allows access to the confidential information (210) when the location of the information processing terminal (101) indicated by the current location information is in the route information; and a confidential information access unit (306) which accesses the confidential information (210) in response to the access allowance by the ac

Abstract: According to one embodiment, an image processing apparatus includes a first nonvolatile storage medium, a second nonvolatile storage medium, a generation unit, and a control unit. The generation unit is configured to generate an encrypting key for encrypting image data. The control unit is configured to store the encrypting key on the first nonvolatile storage medium, and store an encrypting key which copies the encrypting key on the second nonvolatile storage medium.

Abstract: In one embodiment, a peripheral controller coupled to a processor can include a storage controller. This storage controller can control access to a non-volatile storage coupled to the peripheral controller. The storage may include both secure and open partitions, and the storage controller can enable access to the secure partition only when the processor is in a secure mode. In turn, during unsecure operation such as third party code execution, visibility of the secure partition can be prevented. Other embodiments are described and claimed.

Abstract: A method for protecting at least first data of a non-volatile memory from which the extraction of this first data is triggered by the reading or the writing, by a processor from or into the memory, of second data independent from the first data, said first data being provided to a circuit which the processor cannot access.

Abstract: A secure demand paging system (1020) includes a processor (1030) operable for executing instructions, an internal memory (1034) for a first page in a first virtual machine context, an external memory (1024) for a second page in a second virtual machine context, and a security circuit (1038) coupled to the processor (1030) and to the internal memory (1034) for maintaining the first page secure in the internal memory (1034).

Abstract: A technique for improving data security is provided. To be specific, in a memory system including an information processing apparatus and a semiconductor memory device, the semiconductor memory device has an interface section that transmits, to the information processing apparatus, data read out from a memory core according to a plurality of communication protocols having different signal transmission/reception methods. Based on a switch command inputted from the information processing apparatus, a communication protocol selection section inputs, to the interface section, a selection signal for selecting a particular communication protocol from the plurality of communication protocols.

Abstract: A data encryption device is connected between an HDD and an HDD controller that controls the HDD. The data encryption device encrypts data that is stored from the HDD controller to the HDD, and decrypts data that is read from the HDD. A CPU of the data encryption device receives a command issued from the HDD controller to the HDD, and determines whether the command is executable at the HDD. When it is determined that the command is executable, the command is issued to the HDD. On the other hand, when it is determined that the command is unexecutable, the CPU prohibits issuance of the command to the HDD. Furthermore, when a command issued to the HDD is a specific command, the CPU bypasses data transferred between the HDD controller and the HDD without encryption or decryption.

Abstract: An information processing apparatus includes: a CPU (1201) that has, as an operating mode, a privileged mode and an unprivileged mode; a trusted memory (1270) that stores protected data, the protected data being accessed when the CPU (1201) is in the unprivileged mode; and a trusted memory control unit (1203) that controls access to the trusted memory (1270). When the CPU (1201) accesses the trusted memory (1270), the trusted memory control unit (1203) determines the operating mode of the CPU (1201) and, in the case where the operating mode of the CPU (1201) is the unprivileged mode, denies the access to the trusted memory (1270) by the CPU (1201).

Abstract: A host device is provided comprising an interface configured to communicate with a storage device having a public memory area and a private memory area, wherein the public memory area stores a virtual file that is associated with content stored in the private memory area. The host device also comprises a cache, a host application, and a server. The server is configured to receive a request for the virtual file from the host application, send a request to the storage device for the virtual file, receive the content associated with the virtual file from the private memory area of the storage device, wherein the content is received by bypassing the cache, generate a response to the request from the host application, the response including the content, and send the response to the host application. In one embodiment, the server is a hypertext transfer protocol (HTTP) server.

Abstract: A personal communication system (PCS) incorporates a secure storage device, which includes a device processor, a CPU interface, and a system interface, a storage means and a removable storage media component. The device processor is communicably connected to the CPU of the PCS through the CPU interface, which exclusively enables communications between the device processor and the CPU. The system interface enables the device processor to manage one or more hardware components of the PCS. A network interface is also included to enable the device processor to communicate over a network with select file servers to the exclusion of other file servers. The storage means is communicably connected to the device processor and includes first and second designated storage sections. The device processor has read-write access to both storage sections and gives the CPU read-only access to the first storage section and read-write access to the second storage section.

Abstract: Disclosed embodiments relate to a method for securing data on a self-encrypting storage device. The method may comprise, for example, receiving, by a self-encrypting storage device, information indicating a procedure for securing data stored on the self-encrypting storage device and selecting, by the self-encrypting storage device, a procedure for securing data stored on the self-encrypting storage device based on the received information. The procedure may comprise replacing data stored on the self-encrypting storage device or deleting a decryption key associated with data stored on the self-encrypting storage device. In one embodiment, the method further involves performing, by the self-encrypting storage device, the selected procedure.

Abstract: A system for resource sharing across multi-cloud storage arrays includes a plurality of storage arrays and a cloud array storage (CAS) application. The plurality of storage resources are distributed in one or more cloud storage arrays, and each storage resource comprises a unique object identifier that identifies location and structure of the corresponding storage resource at a given point-in-time. The cloud array storage (CAS) application manages the resource sharing process by first taking an instantaneous copy of initial data stored in a first location of a first storage resource at a given point-in-time and then distributing copies of the instantaneous copy to other storage resources in the one or more cloud storage arrays.

Abstract: In accordance with one or more aspects, a storage volume is transformed into an encrypted storage volume or an unencrypted storage volume using a multi-phase process. One or more parts of the storage volume that have not yet been transformed are identified, and one or more parts of the storage volume that are allocated for use are identified. In a first phase of the multi-phase process, one or more parts of the storage volume that have not yet been transformed and that are allocated for use are transformed. In a second phase of the multi-phase process, after the first phase is finished, one or more parts of the storage volume that have not yet been transformed and are not allocated for use are transformed.

Abstract: Apparatus, systems, and methods may operate to allocating encrypted memory locations to store encrypted information, the information to be encrypted and decrypted using a single hypervisor. Further activity may include permitting access to a designated number of the encrypted memory locations to a single application executed by an associated virtual machine (VM) subject to the hypervisor, and denying access to the designated number of the encrypted memory locations to any other application executed by the associated VM, or any other VM. In some embodiments, the operational state of the associated VM may be restored using the encrypted information. Additional apparatus, systems, and methods are disclosed.

Abstract: A semiconductor device has: as security states to which the nonvolatile memory device can transition, an unprotected state in which, when secret information is not set in the nonvolatile memory device, rewriting the nonvolatile memory device is permitted, and reading the stored information is permitted; a protection unlocked state in which, when the secret information is set in the nonvolatile memory device, rewriting the nonvolatile memory device is permitted on condition that a result of authentication using the secret information is correct, and reading the stored information is permitted; and a protection locked state in which, when the secret information is set in the nonvolatile memory device, rewriting the nonvolatile memory device is inhibited until correctness as a result of authentication using the secret information is confirmed, and reading the stored information is inhibited under a predetermined condition.

Abstract: Systems capable of transformation of logical data objects for storage and methods of operating thereof are provided. One method includes identifying among a plurality of requests addressed to the storage device two or more “write” requests addressed to the same logical data object, deriving data chunks corresponding to identified “write” requests and transforming the derived data chunks, grouping the transformed data chunks in accordance with the order the requests have been received and in accordance with a predefined criteria, generating a grouped “write” request to the storage device, and providing mapping in a manner facilitating one-to-one relationship between the data in the obtained data chunks and the data to be read from the transformed logical object. The method further includes obtaining an acknowledging response from the storage device, multiplying the obtained acknowledging response, and sending respective acknowledgements to each source that initiated each respective “write” request.

Abstract: Systems capable of transformation of logical data objects for storage and methods of operating thereof are provided. One method includes identifying among a plurality of requests addressed to the storage device two or more “write” requests addressed to the same logical data object, deriving data chunks corresponding to identified “write” requests and transforming the derived data chunks, grouping the transformed data chunks in accordance with the order the requests have been received and in accordance with a predefined criteria, generating a grouped “write” request to the storage device, and providing mapping in a manner facilitating one-to-one relationship between the data in the obtained data chunks and the data to be read from the transformed logical object. The method further includes obtaining an acknowledging response from the storage device, multiplying the obtained acknowledging response, and sending respective acknowledgements to each source that initiated each respective “write” request.

Abstract: A semiconductor memory device includes a controller module as well as a universal interface module and a semiconductor memory medium module, which are connected electrically with the controller module respectively. The device also includes a one-time programmable memory, which stores a unique serial number. This one-time programmable memory is provided within the controller module or the semiconductor memory medium module. The number sequence of the unique serial number contained in each of the semiconductor memory device is different from that of another semiconductor memory device. While providing a mobile data storage function, this invention adopts a security technology to prevent from illegal data reading/writing. This increases significantly the difficulty in decrypting the data of a legal user, subsequently improving the security of the stored data of the user greatly. This invention also provides a method for realizing secure data storage with this semiconductor memory device.

Abstract: The invention concerns a method for writing data to a memory device arrangement comprising a first and a second memory device in which the first memory device comprises data blocks numbered with block numbers and the second memory device comprises at least one reference calculated from a data block digest and its physical block number. The invention is characterized in that it comprises the following steps: calculating the digest from at least part of the data block content, receiving at least one physical block number, to which the data block contents in the first memory device is stored, encrypting the data block content, storing the data block content to the first memory device to the position pointed by the physical block number, and storing or issuing a command to save the digest, or a number derived from it, and at least one said physical block number to the second memory device. Also a system, a computer program and server computer in accordance to the invention are presented.

Abstract: Encryption key rotation is performed in computing environments having mirrored volumes by initializing a target storage media with a new key, performing a mirror revive operation from a first storage media to the target storage media, and configuring the first storage media and the target storage media to comprise a mirrored volume.

Abstract: An embodiment of the invention provides a system including a secure media device having one or more security keys stored therein. The secure media device is housed in a device that is connected to a television unit and a network. Secure application environments are housed in the device, wherein each secure application environment is operationally isolated from one another. The secure application environments receive and process information sent over the network only if the information includes a security code corresponding to the security key in the secure media device. The security code is obtained from a clearinghouse when the information satisfies predetermined criteria. More specifically, the clearinghouse receives a copy of the security key from a manufacturer of the secure media device and creates the security code based on the security key.

Abstract: A method begins by a processing module obtaining at least an ordering threshold number of encoded data slices to produce obtained encoded data slices. The method continues with the processing module ordering the obtained encoded data slices based on a pseudo-random de-sequencing order to produce a plurality of sets of encoded data slices. The method continues with the processing module dispersed storage error decoding the plurality of sets of encoded data slices to produce a plurality of encrypted data segments. The method continues with the processing module decrypting the plurality of encrypted data segments to produce a plurality of data segments. The method continues with the processing module aggregating the plurality of data segments to produce a data stream.

Abstract: A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU's hardware resources so that they can be shared between security functions and other functions performed by the same CPU.

Abstract: The various embodiments of the invention relate generally to semiconductors and memory technology. More specifically, the various embodiment and examples of the invention relate to memory devices, systems, and methods that protect data stored in one or more memory devices from unauthorized access. The memory device may include third dimension memory that is positioned on top of a logic layer that includes active circuitry in communication with the third dimension memory. The third dimension memory may include multiple layers of memory that are vertically stacked upon each other. Each layer of memory may include a plurality of two-terminal memory elements and the two-terminal memory elements can be arranged in a two-terminal cross-point array configuration. At least a portion of one or more of the multiple layers of memory may include an obfuscation layer configured to conceal data stored in one or more of the multiple layers of memory.

Abstract: According to one embodiment, a controller controlling a storage device connected to a host device and storing data includes a pseudorandom number generator, and a scramble circuit. The pseudorandom number generator generates a pseudorandom number based on identification information of the controller. The scramble circuit scrambles data received from the host device using the pseudorandom number.

Abstract: A method begins by a processing module obtaining a unique retrieval matrix based on an identity of the playback device and sending a request for retrieval of a set of encoded broadcast data slices to a dispersed storage network (DSN) memory, wherein the request includes the unique retrieval matrix and identity of the set of encoded broadcast data slices. The method continues with the processing module receiving a subset of the set of encoded broadcast data slices from the DSN memory, wherein the subset of the set of encoded broadcast data slices is based on the unique retrieval matrix. The method continues with the processing module storing the subset of the sets of encoded broadcast data slices.

Abstract: A method begins by a processing module dispersed storage error encoding data to produce a set of encoded data slices and generating a transaction identifier regarding storage of the set of encoded data slices. The method continues with the processing module outputting a plurality of write request messages to a plurality of dispersed storage (DS) units, wherein each of the plurality of write request messages includes the transaction identifier and a corresponding one of the set of encoded data slices. The method continues with the processing module receiving write response messages from at least some of the DS units, wherein each of the write response messages includes a reference to the transaction identifier. The method continues with the processing module updating directory information regarding storage of the data to produce updated directory information when at least a write threshold number of the write response messages have been received.

Abstract: A method begins with a processing module receiving a data retrieval request and obtaining a real-time indicator corresponding to when the data retrieval request was received. The method continues with the processing module determining a time-based data access policy based on the data retrieval request and the real-time indicator and accessing a plurality of dispersed storage (DS) units in accordance with the time-based data access policy to retrieve encoded data slices. The method continues with the processing module decoding the threshold number of encoded data slices in accordance with an error coding dispersal storage function when a threshold number of the encoded data slices have been retrieved.

Abstract: A method includes encrypting, in a security engine associated with a memory/storage controller of a memory/storage device in a data processing device, a pre-encrypted/unencrypted data stream associated with a multimedia content in accordance with a data write request to transfer the pre-encrypted/unencrypted data stream to the memory/storage device using a security key configured to uniquely identify the data processing device during each data write session and a security flag configured to uniquely identify each data write session during a secure mode of operation. The method also includes transmitting the security engine encrypted data stream to the memory/storage device in accordance with the data write request, and decrypting the security engine encrypted data stream using the security key and the security flag in accordance with a data read request to read the security engine encrypted data stream stored in the memory/storage device.

Abstract: One embodiment includes a memory unit for use in connection with a plurality of fluid sample test elements, wherein the memory unit comprises a plurality of memory portions. In one aspect of the embodiment, the memory unit comprises at least one memory portion configured to communicate calibration and expiration information relating to a lot of test elements, to a meter operably connectable with such test elements, and at least one other memory portion configured for storage and communication of data, such as measurement results, relating to the use of the test elements in analyzing a fluid sample. Further embodiments include apparatuses, systems, methods, kits and combinations of test elements and memory units.

Abstract: A storage device and method for using a virtual file in a public memory area to access a plurality of protected files in a private memory area are disclosed. In one embodiment, a storage device receives a request from a host for access to a virtual file in the public memory area, wherein the virtual file is associated with a plurality of protected files stored in the private memory area. The storage device responds to the request by selecting and providing the host with access to one of the plurality of protected files stored in the private memory area. The storage device receives an additional request from the host for access to the virtual file and responds to the additional request by selecting and providing the host with access to a different one of the plurality of protected files stored in the private memory area.

Abstract: A method, computer management apparatus, and computer program product are provided for processing data stored on a sequential storage media within a computational computing environment. A block reference table and most often read blocks are loaded from a modified tape format of a sequential storage media into an internal memory of a sequential storage media device. During write command processing, a data deduplication procedure is performed using a modified block reference table. It is determined if entries from the block reference table must be deleted and responsive to this identifying and deleting host block and device block entries from the block reference table.