Abstract: The claimed subject matter in accordance with an aspect provides systems and/or methods that generates, allocates, or utilizes strong symmetric cryptographic keys to secure storage devices. The system can include components that determine whether a storage device with an associated credential cache has been affiliated with the system. The system extracts authentication information included within the credential cache and establishes communications with a web service that utilizes the authentication information to generate and return a set strong symmetric cryptographic keys to the system. The system employs one of the set of strong symmetric cryptographic keys to encrypt or decrypt the storage device to make content persisted on the storage device available and thereafter removes the distributed set of strong symmetric cryptographic keys from the system.

Abstract: A data processing device for processing stream data composed of a plurality of frames generated with encoded contents data, which includes a protected storage unit for storing data, being protected from external access, a non-protected storage unit for storing data, a receiving unit for receiving stream data, a separating unit for separating the stream data into protected data including frames necessary for decoding of other frames, and non-protected data not including frames necessary for decoding of other frames, and storing the protected data in the protected storage unit and storing the non-protected data in the non-protected storage unit, and a combining unit for restoring the stream data by combining the protected data stored in the protected storage unit and the non-protected data stored in the non-protected storage unit.

Abstract: A method of using a storage device in a terminal device connected to the storage device includes reading an identification key stored in the storage device, if the storage device is connected, recovering, based on the identification key, one or more characteristic parameters regarding at least one of the storage device and a file stored in the storage device, and authenticating the storage device using the one or more recovered characteristic parameters. If the authentication is successful, the file is decrypted using the identification key and used. As a result, increased security is provided for the file stored in the storage device.

Abstract: An apparatus and method is provided for protecting data in a non-volatile memory by using an encryption and decryption that encrypts and decrypts the address and the data stored in the non-volatile memory using a code read only memory that stores encryption and decryption keys that are addressed by a related central processing unit at the same time data is being written or read from the non-volatile memory by the central processing unit.

Abstract: A method and apparatus of configuring the byte structure of a memory storage device, including a flash memory device, to enhance the security and error correction capability is described. In one embodiment, the method includes increasing the security of data stored in the storage device by encrypting data with a unique initialization vector and storing the initialization vector in the storage device. The method also includes using a unique initialization vector for encrypting data, to be stored in each datablock, each time data are encrypted. In one embodiment, the apparatus includes an AES controller that includes encryption and decryption modules to encrypt and decrypt data prior to writing data to or reading from the storage device. The apparatus also includes an encoder module and decoder circuits to encode and decode data prior to writing or reading from memory storage devices.

Abstract: A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided.

Abstract: A virtual-machine-based system that may protect the privacy and integrity of application data, even in the event of a total operating system compromise. An application is presented with a normal view of its resources, but the operating system is presented with an encrypted view. This allows the operating system to carry out the complex task of managing an application's resources, without allowing it to read or modify them. Different views of “physical” memory are presented, depending on a context performing the access. An additional dimension of protection beyond the hierarchical protection domains implemented by traditional operating systems and processors is provided.

Abstract: Methods and apparatus, including computer program products, implementing and using techniques for generating a hash. A data store including multiple hashing tables is provided. A set of data is received on which the hash is to be based. The set of data includes one or more components. An identifier is received. The identifier identifies one or more hashing tables to use when generating the hash. The received one or more components are processed in accordance with rules defined in the identified one or more hashing tables. The processed components are combined into a final hash.

Abstract: A method of providing new functionality to an electronic product is provided. The new functionality for the electronic product being installed via a new firmware load from a memory card. The new firmware load being released to the electronic product upon the provision of an authentication by the user of the electronic product that matches the authentification credentials stored within the memory card. In a further embodiment of the invention the authentication further supports the transfer of additional content relating to the authenticated user thereby providing the electronic device with a “personality” determined by the user. In another embodiment of the invention the new firmware load is “personalized” to the memory card such that it cannot be illegally duplicated or copied thereby allowing vendors to provide via the Internet new functionalities for electronic products on a procurement basis.

Abstract: Creating a plaintext index from a text that is extracted from a file presents the risk of a leak of confidential information from the created index. To address this problem, provided is a computer system which has a computer, a storage subsystem coupled to the computer, and a network coupling the computer and the storage subsystem. The computer has an interface coupled to the network, a first processor coupled to the interface, and a memory coupled to the first processor. The storage subsystem has a disk device which stores data. A storage area of the disk device is divided into a plurality of storage areas including, at least, a first storage area and a second storage area. The first processor reads a part of data stored in the first storage area, encrypts the part of data read from the first storage area when the data stored in the first storage area is judged as encrypted data, and writes the encrypted part of data in the second storage area.

Abstract: A data security system [100] [800] [900] [1600] [2000] includes providing a unique identification from a first system [102] to a second system [104] [108]; copying the unique identification in the second system [104] [108] by the first system [102]; and unlocking a memory [122] in the first system [102] or the second system [104] [108] only when the unique identifications in the first system [102] and the second system [104] [108] are the same.

Abstract: Access control unit sends to the access judging unit an access judging check request signal asking whether the requested address falls within one of the access-permitted areas registered in the access judging unit, the access judging unit checks whether the requested address falls within one of the access-permitted areas registered in it and returns to the access control unit an access judging check result signal indicating whether the access request is to be honored or rejected, and the access control unit permits access to the internal bus if the access judging check result signal indicates that the access request is to be honored, or rejects the access request otherwise.

Abstract: A system provided for eliminating access to data within a writable storage media cartridge. The system comprises a writable storage media drive, such as a tape drive. The writable storage drive determines if at least a first portion of data on the writable storage media is encrypted. If it is determined that the first portion of data is encrypted then the writable storage drive shreds a second portion of data within the writable storage media cartridge related to said encrypted first portion of data. The first portion of data and the second portion are not the same portions of the writable storage media cartridge.

Abstract: A method and computer program product are provided for eliminating access to data within a writable storage media cartridge. If it is determined if at least a first portion of data on the writable storage media is encrypted then a second portion of data within the writable storage media cartridge related to said encrypted first portion of data is shredded. The first portion of data and the second portion are not the same portions of the writable storage media cartridge.

Abstract: A storage system is defined by multiple hard drives (HDDs) which are divided into several HDD Groups. Each HDD Group consists of one or several HDDs. A storage administrator can set security related attributes to each HDD Group. The storage system may have logical volumes mapped onto corresponding selected HDD Group. When the storage system assigns a logical volume to a host computer, the storage system receives security related requirements for the logical volume from the host computer. The storage system then compares the HDD Groups attributes and to the requirements and assigns an appropriate free space that meets requirements as a logical volume.

Abstract: The invention provides security policy generation methods and devices for generating a security policy that is set up for an information processing apparatus comprises a step of generating an application model having a transmitter and a receiver of a message decided, for each of a plurality of messages that are communicated, a step of storing in advance a plurality of security patterns with a signer of electronic signature appended to the message as an undecided parameter, a step of selecting a security pattern that is a model of security policy to be set up for the transmitter or receiver of the message, corresponding to each of the plurality of messages included in the application model, and a step of substituting the identification information of the transmitter or receiver of each message included in the application model for the undecided parameter of the security pattern selected corresponding to the message.

Abstract: Embodiments of apparatuses, articles, methods, and systems for secure vault service for software components within an execution environment are generally described herein. An embodiment includes the ability for a Virtual Machine Monitor, Operating System Monitor, or other underlying platform capability to restrict memory regions for access only by specifically authenticated, authorized and verified software components, even when part of an otherwise compromised operating system environment. The underlying platform to lock and unlock secrets on behalf of the authenticated/authorized/verified software component provided in protected memory regions only accessible to the authenticated/authorized/verified software component. Other embodiments may be described and claimed.

Abstract: The present invention provides for a method of security data restoration for a user device for back-up purposes in which the said security data can be restored through the interaction of a first and at least a second portion of data, including the steps of storing the first portion of data on a storage medium remote from the device, writing the at least second portion of data to wireless storage means, and, when restoration is required, communicating the at least second portion of data from the wireless storage means to the said storage medium so as to allow for the interaction of the first and the at least second portion of data.

Abstract: A computer readable media storing operational instructions is disclosed. The instructions includes at least one instruction to store data of an encrypted computer readable file that includes a header portion and associated content data into a storage area of a non-volatile memory. The storage area includes a secure memory area to store data from the header portion including at least one encryption ID. The storage area further includes a memory area to store the content data. The header portion further includes trailer data derived from a portion of the content data. The instructions also include at least one instruction to provide data read access to the header portion and to the content data with respect to a host device.

Abstract: To provide a backup management device that deletes a content so as to be restorable in the future while protecting a copyright of the content, in a case where there exists a backup of the content. In an HD recorder 100, a first information storage unit 102 stores a content, a second information storage unit 103 stores a backup of the content, a secure storage unit 104 stores a hash value of the content. If receiving an instruction to delete the content so as to be restorable, a control unit 113 deletes the content from the first information storage unit 102. When the content is played back, an encryption processing unit 109 applies a calculation to the content to generate detection information, and the control unit 113 compares the hash value with the detection information to judge whether the content has been tampered.

Abstract: A method and devices for providing secure data backup from a mobile communication device to an external computing device is described. In accordance with one example embodiment, there is provided a method of backing up data from a mobile communication device to an external computing device, the mobile communication device being connected to the external computing device for exchanging data with each other, the method comprising: receiving a request to backup one or more data items in a plurality of data items stored on the mobile communication device; encrypting a data item using an encryption key stored in memory of the mobile communication device; transferring the encrypted data item to the external computing device; and storing a backup file comprising the encrypted data item in the memory of the external computing device.

Abstract: A solid state disk system is disclosed. The system comprises a user token and at least one level secure virtual storage controller, coupled to the host system. The system includes a plurality of virtual storage devices coupled to at least one secure virtual storage controller. A system and method in accordance with the present invention could be utilized in flash based storage, disk storage systems, portable storage devices, corporate storage systems, PCs, servers, wireless storage, and multimedia storage systems.

Abstract: In an embodiment, when a removable storage device is removably coupled to a host, the removable storage device indicates that it is non-removable to the host. The removable storage device may include a user-created secure storage area.

Abstract: A method for preventing a user from interpreting optional stored data information even when the user extracts the optional stored data, and an apparatus thereof. The apparatus for encrypting and processing data in a flash translation layer includes a flash memory and a controller. The flash translation layer searches at least one page of the flash memory storing the data when a write of optional data is requested from the controller, generates, corresponding to respective searched pages, a page key according to a predetermined encrypting function when the searched page supports an encryption, and encrypts and stores the data by the page key in the respective searched pages.

Abstract: Adequately designed transportable data carriers are used for different applications.

Abstract: A memory device including at least one storage area for storing data and a protection control structure adapted to selectively allow an external device access to the at least one storage area of the memory, the storage area being not freely accessible by the external device if protected. The memory device further includes a control logic adapted to identify an access request by the external device to the at least one storage area and cooperating with the protection control structure for managing an unlock procedure for selectively granting the external device at least temporary access rights to the storage area if protected.

Abstract: A non-volatile memory device includes an input/output terminal mixing section configured to couple data input/output terminals of the memory device to data input/output terminals of a page buffer in accordance with a user selection. A user data authenticating section is configured to transmit a control signal to the input/output terminal mixing section so that the input/output terminal mixing section couples the data input/output terminals of the memory device to the data input/output terminals of the page buffer in accordance with the user selection. A spare cell is configured to store the coupling configuration of the data input/output terminals of the memory device and the data input/output terminals of the page buffer in accordance with the user selection.

Abstract: Systems and methods that facilitate processing data, such as by encryption/decryption, and storing and retrieving data to/from memory such that actual data can be distinguished from information associated with, or representative of, erased/blank memory locations. A processor can include a comparing component that compares information input to the processor to determine whether such information is associated with actual data, or associated with, or representative of, erased/blank memory locations. Information associated with, or representative of, an erased/blank memory location can be processed so that it can be interpreted as such by other components. If actual data is processed such that the comparing component interprets the processed data to be equivalent to an erased/blank memory location, then the data can be re-processed, so it is not interpreted as such, before being forwarded to its next destination.

Abstract: In some embodiments, the invention involves system and method for resuming from sleep mode using protected storage accessible to an embedded controller. The boot script information is stored in memory that is available only to the embedded controller. Neither the firmware nor OS have access to the boot script. Upon a wake event, the embedded controller either plays the boot script itself, or sends the information to firmware for processing. Other embodiments are described and claimed.

Abstract: A system, method, and logic are disclosed for automatic hardware bus encryption/decryption. The logic receives a memory access request comprising a physical address of a memory location from a processor. The logic translates the physical address, and uses the translated physical address and a seed value in a pseudo random number generator to produce an output value. The logic then uses the output value to non-deterministically select an encryption key from a plurality of encryption keys. If the memory access request is a read operation, the logic uses the selected key to decrypt the contents of the memory location; and provides the decrypted contents to the processor. If the memory access request is a write operation, the logic uses the selected key to encrypt a value comprised in the memory access request; and writes the encrypted value in the memory location.

Abstract: A data storage system providing transparent encryption. The data storage system has a hardware encryption/decryption engine and a register coupled to the hardware encryption/decryption engine. The register is for securely storing a key for encrypting and decrypting data. The key may not be read from outside the data storage system. More specifically, the key may not be read by the operating system. The user does not have access to the encryption key, but may have a password that is passed to a controller coupled to the encryption/decryption engine. The controller verifies the password and causes data received from main memory to be encrypted by the hardware encryption/decryption engine using the key. The controller also transfers the encrypted data to the data storage device.

Abstract: A data storage system providing transparent encryption. The data storage system has a hardware encryption/decryption engine and a register coupled to the hardware encryption/decryption engine. The register is for securely storing a key for encrypting and decrypting data. The key may not be read from outside the data storage system. More specifically, the key may not be read by the operating system. The user does not have access to the encryption key, but may have a password that is passed to a controller coupled to the encryption/decryption engine. The controller verifies the password and causes data received from main memory to be encrypted by the hardware encryption/decryption engine using the key. The controller also transfers the encrypted data to the data storage device.

Abstract: Described is a technique for providing shared access to an encrypted portable memory device which improves both usability and security by allowing the owner of the encrypted storage device to designate access to specified files only to the next host to mount the secure disk. The number of steps required to perform a file sharing operation is greatly reduced with this system and access to the contents of the protected storage device can be granted with greater granularity.

Abstract: An image file format and a method of creating and restoring an image file is provided by the present invention. The image file format includes a plurality of streams such as a control stream, a data stream, a bitmap stream, and a cluster map stream. An audit trail stream, properties stream and fix-up stream may also be provided. The present invention allows the contents of a storage media to be captured and stored as an image file. The image file is used to restore the storage media to a previous state or allows multiple computers to be provided with a common configuration. The plurality of streams further allow the image file to be viewed, edited or otherwise manipulated.