Abstract: The external storage device has a read-only section and a read/write enabled section in a storage section. In the read-only section there is stored an antivirus software detection program adapted to detect the presence of antivirus software installed on a host computer. When the external storage device is connected to the host computer, the antivirus software detection program will be executed automatically by the host computer. When a storage section access controller provided to the external storage device receives from the antivirus software detection program a notification that the presence of antivirus software has been detected, it will allow writing to the read/write enabled section.

Abstract: In order to further develop a circuit arrangement (100) as well as a method of processing data to be protected against unauthorized access by means of encryption or decryption, by means of which method the data are stored in at least two memory modules (10, 12) in such way that a flexible configuration of any memory parts as main memory or redundancy memory is enabled, it is proposed to provide at least one real-time configurable redundancy concept for the memory modules (10, 12), by which the data can be stored redundantly in physically separate memory modules (10, 12).

Abstract: Disclosed is an operating method of a non-volatile memory device which comprises randomizing data to store the randomized data; erasing the randomized data; and outputting erase data according to information of a flag cell of the non-volatile memory device at a read operation.

Abstract: An operating method of a non-volatile memory device includes randomizing source data to form randomized source data, storing the randomized source data, generating a seed based on an address, generating a random data sequence based on the seed, and de-randomizing the randomized data using the random data sequence. Related nonvolatile memory devices and methods of reading data stored in non-volatile memory devices are also disclosed.

Abstract: A system for controlling exit of saved data from a security zone, comprising an access control device, the access control device comprising an access detection module for detecting access of an application to a security zone and access of an application to a general zone, a target checking module for comparing the application, detected by the access detection module, with a list and then controlling access of the application to the security zone and access of the application to the general zone, and a processing control module for controlling writing of data of the application to the general zone.

Abstract: Security parameters used to encrypt data stored on a storage device may be protected using embodiments of systems and methods described herein. During a resize operation, data stored on a memory unit in the storage device may be altered prior to communicating an updated partition size to a host computer. In some examples, data is altered prior to storing the updated partition sizes in the storage device. In this manner, a host system may not receive the updated partition sizes until after the data is altered. Altering data may avoid exposure encrypted data, information about one or more security parameters used to encrypt data on the memory unit or decrypt data retrieved from the memory unit, or combinations thereof.

Abstract: A log file is secured. One implementation involves maintaining a log file including one or more log entries in a storage device connected to a computer, and entering a new log entry by generating a new message authentication code based on a preceding log entry including a preceding message authentication code, and applying the message authentication code to the new log entry.

Abstract: Methods and apparatus are provided for protecting private data on a vehicle. The method comprises receiving a first signal generated by a user of the vehicle and, in response to the first signal, deleting predetermined data stored on the vehicle to prevent the private data from being accessed.

Abstract: A download security system (100) includes a server (102) and an information processing apparatus (10). The information processing apparatus (10) includes a flash memory (64) for storing data downloaded from the server (102) and a memory controller (62). A transition command for a transition to a writable mode to the flash memory (64) is transmitted from the server (102), and in response to the transition command, a memory controller (62) makes a transition to the writable mode. The data downloaded from the server (102) is written to the flash memory (64) by the memory controller (62) in the writable mode.

Abstract: Embodiments of a portable data storage device and a method of protecting data stored in the portable data storage device are provided. In one embodiment, the portable data storage device includes a device identification unique to the portable data storage device, a rights object containing information indicative of access rights and a verification identification, a memory to store the device identification and the verification identification, and controller logic. The memory is partitioned into a plurality of areas of memory, including: a first area as a protection area to store an instruction code, a second area as a partition table area to store a partition table, and a third area as a file area to store data files. In response to a request from a client external to the portable data storage device, the controller logic compares the verification identification with the device identification to allow the client to access of the data files if the verification identification matches the device identification.

Abstract: The disclosed examples of a system for providing and managing backup and restore services of one or more endpoint devices comprise at least one gateway device at a user premises and a service management center. The gateway device has a first interface for enabling bi-directional communications with one or more of the endpoint devices associated with the gateway device, a second interface for enabling bi-directional communications for the one or more endpoint devices via a wide area network, and for enabling at least some bidirectional communications with at least one storage area external to the user premises via the wide area network. The gateway device also has a processor configured to manage backups and restores of data between the one or more of the endpoint devices and the at least one storage area. The service management center is external to the user premises and communicates with the gateway device via the wide area network, and controls access by the gateway device to the at least one storage area.

Abstract: A method, system, and computer program product for safeguarding nonvolatile storage (NVS) data by a processor in communication with a memory device following a power loss event is provided. A first portion of the NVS data is encrypted using a first buffer module. Subsequently the first portion of the NVS data is transferred to at least one shared storage device, while a second portion of the NVS data is simultaneously encrypted using a second buffer module. The second portion of the NVS data is subsequently transferred to the at least one shared storage device.

Abstract: According to one embodiment, an encryption device uses N extended keys (N: a natural number not less than 2) obtained by extending one encryption key, and includes a first memory, a comparison circuit, a second memory, a selector, and an extension calculator. The first memory stores a flag corresponding to an initial value of a key. The comparison circuit outputs a signal indicating comparison matching when a command and the key are related to encryption. The selector loads the key in the first memory into the second memory upon receiving the signal. The extension calculator calculates the extended keys based on the key in the second memory and inputs them to the selector. Except when loading the initial value of the key into the second memory, the selector loads the extended keys into the second memory to extend the encryption key to from the first to N-th extended keys.

Abstract: A multi-cloud data replication method includes providing a data replication cluster comprising at least a first host node and at least a first online storage cloud. The first host node is connected to the first online storage cloud via a network and comprises a server, a cloud array application and a local cache. The local cache comprises a buffer and a first storage volume comprising data cached in one or more buffer blocks of the local cache's buffer. Next, requesting authorization to perform cache flush of the cached first storage volume data to the first online storage cloud. Upon receiving approval of the authorization, encrypting the cached first storage volume data in each of the one or more buffer blocks with a data private key. Next, assigning metadata comprising at lest a unique identifier to each of the one or more buffer blocks and then encrypting the metadata with a metadata private key.

Abstract: A memory data protection apparatus including a storage device, a cipher, and a validator is provided. The storage device is embedded in a chip electrically coupled to an external memory for storing an offset value, a signature and a key. The cipher electrically coupled to the storage device and the external memory to receive the key includes an encrypter and a decrypter. The encrypter is capable of executing an encryption to output an encrypted data and an encrypted certified data. The decrypter is capable of executing a decryption to output a decrypted data. The validator electrically coupled to the storage device receives the signature, the offset value and the certified data and determines an access limit of the external memory by validating the certified data with the signature and the offset value. The memory data protection apparatus accesses an original data in the external memory according to the access limit.

Abstract: A semiconductor memory includes a memory control section and a memory core section. A command judgment circuit in the memory control section changes the operating mode of the semiconductor memory in response to a command sent from a controller of an information processing apparatus. In a first mode, a decryption process is performed in a command decryption circuit, and data outputted from the memory core section is not scrambled. In a second mode, the decryption process is not performed in the command decryption circuit, and the command outputted from the memory core section is scrambled.

Abstract: A system for enabling the reading on a reader of content stored in an external storage device is disclosed. The reader is a read-only device and has a display, a processor for controlling the operation of the reader, and a port for operative connection of the external storage device. The external storage device has a non-volatile storage and a central processor. The central processor is able to download to the reader the content stored in the non-volatile storage upon a pre-condition being established. The pre-condition is at least one of receipt of a correct encryption key from the reader, and arrival at a start date and time as determined by a real-time clock. The reader, external storage device, and a corresponding method are also disclosed.

Abstract: A data processing apparatus comprises an integrated circuit containing a data processor and a non-volatile store storing at least one security code. A first memory external to the integrated circuit stores data, the data being cryptographically protected in a first format. A second memory external to the integrated circuit is provided for storing data. The apparatus is arranged to transfer data from the first memory via the integrated circuit to the second memory to be accessed by the data processor from the second memory. The integrated circuit is arranged to validate during the transfer the data read from the first memory using a security code stored in the non-volatile store. If the data is validated, cryptographic protection is applied in a second format to the validated data using a security code stored in the non-volatile store. The protected data is stored in the second memory in the second format.

Abstract: In some embodiments a Trusted Platform Module (TPM) manages a first flag that identifies whether a secure environment has ever been established. A chipset manages a second flag that identifies that there might have been secrets in memory and a reset or power failure occurred. At least one processor and/or the chipset lock, maintain a lock, and/or unlock a memory in response to the second flag. Other embodiments are described and claimed.

Abstract: Embodiments of the present disclosure provide methods, apparatuses, articles, and removable storage devices for pre-boot recovery of a locked computer system. Other embodiments may also be described and claimed.

Abstract: A method, computer system, and computer-readable medium with instructions to provide a client security management layer and a content player that ensure that the content is protected from malware on the receiving computer system. The client security management layer controls access to a protected portion of a memory of a computer system on behalf of a component, such as the content player, running on the processor of the computer system. The client security management layer receives an encrypted content key from the component, confirms the integrity of the component, decrypts the encrypted content key to provide a decrypted content key, and places the decrypted content key in the protected portion of the memory in response to confirming the integrity of the component. Other embodiments are described and claimed.

Abstract: Methods and systems to assign an application and a video frame buffer to a protected memory domain to render an image of a keyboard from the protected memory domain to a random position of the video frame buffer and correlate user input from a pointing device to the rendered keyboard image. The keyboard image may be randomly repositioned following a user input. The keyboard image may be rendered over a secure user image. An acknowledgment image may be rendered from the protected memory domain to a random position of the video frame buffer, and may be randomly repositioned in response to a user input that does not correlate to the acknowledgment image. User inputs that do not correlate to a randomly positioned image may be counted, and one or more processes may be aborted when the number of non-correlated user inputs exceeds a threshold.

Abstract: Techniques are described for securing data on data cartridges, such as a Linear Tape-Open (LTO) data cartridge. The techniques include modifying a portion of a cartridge memory (CM) chip of the cartridge in a way that a cartridge drive will be unable to access the data cartridge and to prevent modification of the CM chip by the cartridge drive. In one embodiment, a system includes a data cartridge including a CM chip, a chip reader to read data from and write data to the CM chip, and a computing device to control the chip reader. The computing device causes the chip reader to read data from the cartridge memory chip of the data cartridge and to modify a portion of memory of the chip to prevent unauthorized reads and writes to the data cartridge, without rendering the modification irreversible.

Abstract: Methods and systems for providing data backup are disclosed. One method includes receiving at a virtual tape backup system a data image to be maintained, and transmitting the contents of the data image to a secure storage appliance. The method also includes processing the contents of the data image with the secure storage appliance to cryptographically split one or more blocks of data of the data image such that each of the one or more blocks of data is split into a plurality of secondary data blocks. The method further includes storing the plurality of secondary data blocks in a corresponding plurality of shares located on a plurality of physical storage devices.

Abstract: A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client.

Abstract: A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client.

Abstract: Methods and systems of presenting data in a secure data storage network are disclosed. One method includes defining a plurality of communities of interest, each community of interest capable of accessing data stored in a secure data storage network and including a plurality of users desiring access to a common set of data, wherein each of the plurality of communities of interest has a set of security rights. The method also includes associating each of the plurality of communities of interest with a different workgroup key.

Abstract: A system for authenticating personal use of contents by using a portable storage medium includes: a portable personal use authentication device configured to store domain authentication information; and a contents personal use authentication apparatus configured to extract playback information for playing a provided content based on the domain authentication information and provide the extracted playback information to a player

Abstract: In a computer on which operating systems (OSs) run in parallel: a key storage with a memory area different from that used by the Oss stores keys for use by the OSs in encryption-related processing of data which is to be inputted into or outputted from a device, in correspondence with the OSs; and an encryption processor encrypts first data outputted from a first OS by using a first key corresponding to the first OS in response to a first request by the first OS for access to the device before transferring the first data to the device, and decrypts second data being encrypted and outputted from the device, by using a second key corresponding to a second OS in response to a second request by the second OS for access to the device before transferring the second data to the second OS.

Abstract: Methods and systems for administrative management of a secure data storage network are disclosed. One system includes a secure storage appliance configured to host a plurality of volumes, each volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices and having a plurality of volume management settings, wherein each volume is accessible by a group of one or more users, each user assigned an administrative access level, the volume management settings are editable by a first user from the group of one or more users associated with the volume and assigned an administrative access level sufficient to edit the volume management settings, and the volume management settings are inaccessible by a second user from outside the group of one or more users associated with the volume and assigned an administrative access level at least equal to that of the first user.

Abstract: An external bus interface method including: receiving, via an access control unit, an access request conveyed through an external bus, and judging, via an access judging unit connected to the access control unit, whether the access request is to be honored or rejected, wherein upon receiving the access request, the access control unit sends to the access judging unit an access judging check request signal asking whether the requested address falls within one of access-permitted areas registered in the access judging unit, the access judging unit checks whether the requested address falls within one of the access-permitted areas registered in it and returns to the access control unit, an access judging check result signal indicating whether the access request is to be honored or rejected, and if the access judging check result signal indicates that the access request is to be rejected, the access control unit nullifies the access request.

Abstract: A microcontroller comprises a microprocessor (1), a test interface (4) and an internal non-erasable memory (2). First control means (6) are provided which are able to activate and deactivate the test interface (4), and second control means (7) are provided which are able to activate and deactivate the internal non-erasable memory (2). The microprocessor (1) of the microcontroller comprises control outputs (101) which are connected with the first and second control means (6, 7). With appropriate timing of activation and deactivation of the test interface (4) and the internal non-erasable memory (2), the microcontroller offers the possibility of preventing an unauthorized access to contents of the internal non-erasable memory (2) without limiting the usability of the test interface (4) for the development of application programs.

Abstract: The memory device contains control structures that allow media content to be stored securely and distributed in a manner envisioned by the content owner, or service providers involved in the distribution. A wide variety of different avenues become available for distributing media content using such memory devices, such as where the devices contain one or more of the following: abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content. The memory device has a type of control structures that enable a service provider (who can also be the content owner) to create a secure environment for media content distribution where end users and terminals register with the service provider, and gain access to the content in a manner controlled by the service provider. The various components to be loaded (e.g.

Abstract: Systems and methods for providing data integrity for stored data are disclosed. A method may include, in connection with the receipt of a read command at a storage resource, reading a data block from the storage resource, the data block including a data field, a data integrity field indicating the integrity the data field, and an encryption indicator field indicating whether the data block is encrypted with a current cryptographic key for the storage resource. The method may further include determining whether the data field is encrypted with the current cryptographic key based at least on the encryption indicator field. The method may additionally include returning at least a portion of the data block in reply to the read command in response to determining that the data field is encrypted with a cryptographic key other than the current cryptographic key.

Abstract: In a system where a first storage system and a second storage system are connected to a third storage system, when the first storage system virtualizes and provides a device in the third storage system as a device in its own storage system, update data stored in a cache in the first storage system is written into the device of the third storage system to be reflected, attributes of the device are transferred to the second storage system, and the second storage system virtualizes the device of the third storage system as a device of its own storage system.

Abstract: The memory device contains control structures that allow media content to be stored securely and distributed in a manner envisioned by the content owner, or service providers involved in the distribution. A wide variety of different avenues become available for distributing media content using such memory devices, such as where the devices contain one or more of the following: abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content. The memory device has a type of control structures that enable a service provider (who can also be the content owner) to create a secure environment for media content distribution where end users and terminals register with the service provider, and gain access to the content in a manner controlled by the service provider. The various components to be loaded (e.g.

Abstract: The memory device contains control structures that allow media content to be stored securely and distributed in a manner envisioned by the content owner, or service providers involved in the distribution. A wide variety of different avenues become available for distributing media content using such memory devices, such as where the devices contain one or more of the following: abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content. The memory device has a type of control structures that enable a service provider (who can also be the content owner) to create a secure environment for media content distribution where end users and terminals register with the service provider, and gain access to the content in a manner controlled by the service provider. The various components to be loaded (e.g.

Abstract: A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client.

Abstract: An object is to allocate a storage area to a business application by taking a security evaluation of the storage area and a security evaluation value of the business application into consideration. A management server includes a business management table to store a calculated security evaluation value of a business application to be executed in a host in association with information concerning the business application, and a management table to store a calculated encryption level of a virtual pool in a storage device in association with information concerning the virtual pool. The management server retrieves a virtual pool having an encryption level which is the same in value as the evaluation value, and allocates the retrieved virtual pool to the business application.

Abstract: A method and a system for unlocking a storage device that has become locked or cannot be unlocked are disclosed. A hint is generated from a key by removing bits and adding bits. A position of removed bits, a position of added bits, the number of removed bits and the number of added bits are stored and known securely. When the key cannot unlock a storage device corresponding to the key, the position of removed bits, the position of added bits, the number of removed bits (N) and the number of added bits are retrieved. Then, the added bits are removed in the hint. Each possible N bits are placed in the hint at the position of removed bits to generate 2N possible keys. Then, each of 2N possible key are tried to unlock the storage device.

Abstract: The present invention relates to a microcontroller designed for protection of intellectual digital content. The microcontroller includes a secure CPU, a real-time cipher, and a user programmable multi-layer access control system for internal memory realized by programmable nonvolatile memory. Programmable nonvolatile memory allows in-system and in-application programming for the end user. The programmable nonvolatile memory is mainly used for program code and operating parameter storage. The multiple-layer access control is an integral part of the CPU, providing confidentiality protection to embedded digital content by controlling reading, writing, and/or execution of a code segment according to a set of user-programmed parameters. The cipher incorporates a set of cryptographic rules for data encryption and decryption with row and column manipulation for data storage. All cryptographic operations are executed in parallel with CPU run time without incurring additional latency and delay for system operation.

Abstract: A method and a system of secured data storage and recovery are provided. First, a secured key and an encrypted user password of a storage device are obtained by using a controller of a storage device. Then, the secured key is encrypted by using the encrypted user password to generate a first private key, the encrypted user password is encrypted by using the secured key to generate a second private key, and data to be stored is encrypted by using the secured key. Finally, the encrypted data, the first private key, and the second private key are transmitted to a remote device for storage through a host. Thereby, the security of data storage is enhanced and data recovery mechanism is provided when the storage device is damaged or lost.

Abstract: A non-volatile mass storage device is provided comprising memory circuitry accessible to a host data processing device via a communication link. The non-volatile mass storage device comprises processing circuitry for locally accessing the memory circuitry of the file system and is capable of triggering generation of a file for storage on the memory circuitry by connection of the non-volatile mass storage device to the host data processing device. The generated file comprises information dependent upon a state of the non-volatile mass storage device. A corresponding method of operating a non-volatile mass storage device is provided and a computer program is provided for obtaining the information dependent upon the state of the non-volatile mass storage device, for locally accessing the memory circuitry and for generating the file for storage on the memory circuitry.

Abstract: A memory controller receives an application identifier for identifying an application from an outside, an application, reference data to be referenced by the application, and a signature for the application and writes the application and the reference data. After receiving the application identifier from the outside, the memory controller accesses memory means which manages the application identifier and the application management state and reads out the management state of the target application. According to the management state, necessary data is decided. Since the judgment result is informed to the outside, there is no need of receiving applications more than necessary and it is possible to reduce the load on the signature process and the application reception process.

Abstract: Embodiments of methods to securely bind a disk cache encryption key to a cache device are generally described herein. Other embodiments may be described and claimed.

Abstract: This disclosure provides an apparatus including a programmable memory, a data write path for writing data into the memory and a data read path for reading data from the memory. The memory comprises at least one protected memory field. The data write path comprises a decryption unit that is adapted for receiving encrypted data, decrypting the encrypted data, and writing resulting plain data into the at least one protected memory field. The data read path is adapted for reading out the plain data stored in the protected memory field. The at least one protected memory field is only writable by applying the data to be written into the at least one protected memory field in encrypted form to the data write path.

Abstract: The owner of proprietor interest is in a better position to control access to the encrypted content in the medium if the encryption-decryption key is stored in the medium itself and substantially inaccessible to external devices. Only those host devices with the proper credentials are able to access the key. An access policy may be stored which grants different permissions (e.g. to different authorized entities) for accessing data stored in the medium. A system incorporating a combination of the two above features is particularly advantageous. On the one hand, the content owner or proprietor has the ability to control access to the content by using keys that are substantially inaccessible to external devices and at the same time has the ability to grant different permissions for accessing content in the medium. Thus, even where external devices gain access, their access may still be subject to the different permissions set by the content owner or proprietor recorded in the storage medium.

Abstract: Provided is computer implemented method for logging system events, comprising: allocating a memory area for a log; receiving data indicative of a log event; storing said data in said memory area; synchronising data in said memory area to a log file stored in non-volatile storage, the non-volatile storage and the memory area being inaccessible to a user or an administrator.

Abstract: A method (100) is disclosed of generating an identifier from a semiconductor device (600) comprising a volatile memory (610) having a plurality of memory cells. The method comprises causing (110) the memory cells to assume a plurality of pseudo-random bit values inherent to variations in the microstructure of the memory cells; retrieving (120) the bit values from at least a subset of the plurality of memory cells; and generating the identifier from the retrieved bit values. The method (100) is based on the realization that a substantial amount of the cells of a volatile memory can assume a bit value that is governed by underlying variations in manufacturing process parameters; this for instance occurs at power-up for an SRAM or after a time period without refresh for a DRAM.

Abstract: A device includes a key store memory, a rule set memory, a plurality of cryptographic clients, and a key store arbitration module. The key store memory stores a plurality of cryptographic keys and the rule set memory stores a set of rules for accessing the cryptographic keys. A cryptographic client is operable to issue a request to access a cryptographic key(s) and, when access to the cryptographic key is granted, execute a cryptographic function regarding at least a portion of the cryptographic key to produce a cryptographic result. The key store arbitration module is operable to determine whether the request to access the cryptographic key is valid; when the request is valid, interpret the request to produce an interpreted request; access the rule set memory based on the interpreted request to retrieve a rule of the set of rules; and grant access to the cryptographic key in accordance with the rule.