Abstract: An interface for coupling an agent to a fabric supports a load/store interconnect protocol and includes a header channel implemented on a first subset of a plurality of physical lanes, the first subset of lanes including first lanes to carry a header of a packet based on the interconnect protocol and second lanes to carry metadata for the header. The interface additionally includes a data channel implemented on a separate second subset of the plurality of physical lanes, the second subset of lanes including third lanes to carry a payload of the packet and fourth lanes to carry metadata for the payload.

Abstract: An apparatus comprises: processing circuitry to perform data processing in one of a plurality of security domains including at least a secure domain and a less secure domain, and memory access checking circuitry to check whether a memory access is allowed depending on security attribute data indicating which domain is associated with a target address. In response to a given change of program flow from processing in the less secure domain to a target instruction having an address associated with the secure domain: a fault is triggered when the target instruction is an instruction other than a gateway instruction indicating a valid entry point to the secure domain. When the target instruction is said gateway instruction, a stack pointer verifying action is triggered to verify whether it is safe to use a selected stack pointer stored in a selected stack pointer register.

Abstract: A monitoring system for a machine having database, a memory storing first instructions, and a controller configured to execute the first instructions. The controller may be configured to receive a first input including selection of a sensor associated with a component of the machine, and a second input specifying a machine state, defining a first operating condition associated with the component. The controller may also be configured to receive a third input specifying generation of a component parameter based on a measurement from the sensor, and a fourth input specifying a fault condition associated with at least one of the measurement and the component parameter. The controller may generate a rule-set, including second instructions based on the first input, the second input, the third input, and the fourth input. The controller may also store the rule-set in the database.

Abstract: A model generation system for a machine having a database, a memory to store instructions, and a controller configured to execute the instructions to generate a plurality of interrelated data tables. The data tables may have a sensor table having a sensor row including sensor attributes, a calculation table having a calculation row including calculation attributes associated with a measurement from the sensor, and a fault indicator table including fault indicator attributes based on the measurement or the calculation. The controller may highlight the sensor row using a first color when the sensor table includes a tag identifier associated with the sensor, and highlight the sensor row using a second color when the sensor table does not include the tag identifier. The controller may display the highlighted sensor table on a display device and store the data tables in the database.

Abstract: A data processing device includes: a first controller requiring a first activation time; a second controller requiring a second activation time, which is shorter than the first activation time; and a data processor for switching a mode, in which data is processed, between a first processing mode without collaboration with the first controller, and a second processing mode in collaboration with the first controller. The data processor processes data in the first processing mode after completing the activation of the second controller and before completing the activation of the first controller; processes data in the second processing mode after completing the activation of the first controller; and processes data in the first processing mode after a fault occurs in the first controller.

Abstract: An information processing apparatus includes a plurality of arithmetic processing devices, a common timer unit configured to measure time in common among the plurality of arithmetic processing devices, a plurality of individual timer units to measure execution time of a program per plurality of arithmetic processing devices, a comparing unit configured to compare the program execution time of each of the plurality of arithmetic processing devices, the program execution time being measured by the plurality of individual timer units, with time measured by the common timer unit, and a control unit configured to control processing of the plurality of arithmetic processing devices on the basis of a result of the comparison made by the comparing unit.

Abstract: The invention discloses a method and a system for power-fail protection of communication equipments, and a power controller. The method is applied to a system comprising a power controller, a power detection unit, and an energy storage conversion unit. The method includes: a power controller acquires the information of one or more circuit boards requiring protection in an equipment; when the power controller determines the equipment is currently in power-fail status, the power controller indicates to gate the switches between an energy storage conversion unit and one or more circuit boards, and provides the pre-stored electric energy to the one or more circuit boards.

Abstract: A chip including a processor for performing a predetermined operation, a provider for providing a clock signal, with which the processor is clocked, a counter for decrementing or incrementing a count based on the clock signal, a monitor for signaling the predetermined operation to be prevented, depending on the count, and a non-volatile storage for non-volatily storing the count.

Abstract: In a method for allocating space on a logical disk, a computer receives an allocation request to allocate a number of requested logical disk extents. The computer selects one of a first group having an array of logical disk extents and a second group having an array of logical disk extents. The computer selects a group having a number of free logical disk extents that is greater than or equal to the number of requested logical disk extents. The logical disk extents in the array of the first group and in the array of the second group correspond to disk blocks on a logical disk. The logical disk spans one or more physical random access disks. The computer locks the selected group to prevent allocating a logical disk extent other than in response to the allocation request.

Abstract: Systems and methods of storage device access are provided, where the operating system copies permission and mapping information to the storage array and/or to the application program's memory. The application program can then access the storage device without the operating system's intervention and the storage device will check whether the application has permission to access the data. As a result, in most cases, neither the operating system nor the file system needs to be invoked, and since both of them increase the amount of time required to access the data in the file system, considerable performance improvements are possible.

Abstract: Embodiments of apparatus, systems and methods facilitate deployment of distributed computing applications on hybrid public-private infrastructures by facilitating secure access to selected services running on private infrastructures by distributed computing applications running on public cloud infrastructures. In some embodiments, a secure tunnel may be established between proxy processes on the public and private infrastructures and communication between the distributed computing application and the selected services may occur through the proxy processes over the secure tunnel.

Abstract: A memory management and protection system that manages memory access requests from a number of requestors. Memory accesses are allowed or disallowed based on the privilege level of the requestor, based on a Privilege Identifier that accompanies each memory access request. An extended memory controller selects the appropriate set of segment registers based on the Privilege Identifier to insure that the request is compared to and translated by the segment register associated with the requestor originating the request. A set of mapping registers allow flexible mapping of each Privilege Identifier to the appropriate access permission. The segment registers translate the logical address from the requestor to a physical address within a larger address space.

Abstract: The present invention extends to methods, systems, and computer program products for memory pinning through buffer encapsulation. Within a managed execution environment, a wrapper object encapsulates a memory buffer that is to be shared with a native routine executing in a native execution environment. The wrapper object manages operation of a memory manager on a memory heap corresponding to the memory buffer. The wrapper object includes a first function which sets a pin on the memory buffer and returns a pointer identifying the memory buffer. Setting the pin causes the memory manager to cease moving the memory buffer within the memory heap. The wrapper object also includes a second function which releases the pin on the memory buffer.

Abstract: A software transactional memory (STM) system allows the composition of traditional lock based synchronization with transactions in STM code. The STM system acquires each traditional lock the first time that a corresponding traditional lock acquire is encountered inside a transaction and defers all traditional lock releases until a top level transaction in a transaction nest commits or aborts. The STM system maintains state information associated with traditional lock operations in transactions and uses the state information to eliminate deferred traditional lock operations that are redundant. The STM system integrates with systems that implement garbage collection.

Abstract: Method and system for generating a migration plan for migrating information from a source storage location to a destination storage location, where storage space at the source storage location is presented as a plurality of storage volumes to a plurality of computing systems is provided. A parsed data structure is generated for a processor executable planning module used for generating the migration plan. The parsed data structure stores information regarding a plurality of computing systems that access the storage volumes for storing information at a storage device managed by a storage controller; information regarding a plurality of adapters used by the plurality of computing systems and the storage controller; and information regarding logical unit numbers (LUNs) that are presented for storing the information at the storage device.

Abstract: A storage device in which file data is divided into multiple blocks for storage on a recording medium is provided. The storage device includes an additional data storing section for storing additional data to be recorded on the recording medium in association with the data to be written, a position determining section for determining recording positions on the recording medium where the blocks should be respectively written, based on the additional data, and a block writing section for writing the respective blocks on the recording positions on the recording medium determined by the recording position determining section. The additional data this defines a gap length between blocks of recorded data. During a read operation, if the gap length does not comport with the additional data, then an error is assumed.

Abstract: A storage device includes a switching unit which switches an access destination in a storage area between a first storage area and a second storage area in response to an access request from a host device; and a nonvolatile storage medium which stores a first host device information used to identify the host device in the second storage area, and a software module executed by a CPU provided in the host device, the software module comprising causing an authority grant unit which transmits a control signal for switching the access destination to the first storage area to the switching unit of the storage device, when the acquired first and second host device information are compared to find that the first and second host device information match with each other.

Abstract: Implementations described and claimed herein provide systems and methods for allocating and managing resources for a deduplication table. In one implementation, an upper limit to an amount of memory allocated to a deduplication table is established. The deduplication table has one or more checksum entries, and each checksum entry is associates a checksum with unique data. A new checksum entry corresponding to new unique data is prevented from being added to the deduplication table where adding the new checksum entry will cause the deduplication table to exceed a size limit. The new unique data has a checksum that is different from the checksums in the one or more checksum entries in the deduplication table.

Abstract: Provided are a computer program product, system, and method for managing a lock to a resource shared among a plurality of processors. Slots in a memory implement the lock on the shared resource. The slots correspond to counter values that are consecutively numbered and indicate one of busy and free. A requesting processor fetches a counter value comprising a fetched counter value. A determination is made as to whether the slot corresponding to the fetched counter value indicates free. A processor identifier of the requesting processor is inserted into the slot corresponding to the fetched counter value in response to determining that the slot corresponding to the fetched counter value indicates not free. The requesting processor accesses the shared resource in response to determining that the slot corresponding to the fetched counter value indicates free.

Abstract: A memory management and protection system that incorporates device security features that support a distributed, shared memory system. The concept of secure regions of memory and secure code execution is supported, and a mechanism is provided to extend a chain of trust from a known, fixed secure boot ROM to the actual secure code execution. Furthermore, the system keeps a secure address threshold that is only programmable by a secure supervisor, and will only allow secure access requests that are above this threshold.

Abstract: A memory management and protection system that manages memory access requests from a number of requestors. Memory accesses are allowed or disallowed based on the privilege level of the requestor, based on a Privilege Identifier that accompanies each memory access request. An extended memory controller selects the appropriate set of segment registers based on the Privilege Identifier to insure that the request is compared to and translated by the segment register associated with the master originating the request. A set of mapping registers allow flexible mapping of each Privilege Identifier to the appropriate access permission.

Abstract: A detachable storage device can comprise a ram cache, a device controller, and a storage system. The ram cache may be configured to receive data from a digital device. The device controller may be configured to transfer the data from the ram cache to the storage system. The storage system may be configured to store the data at a predetermined event.

Abstract: Embodiments of computer processing systems and methods are provided that include a memory protection unit (MPU), and a plurality of region descriptors associated with the MPU. The region descriptors include address range and translation identifier values for a respective region of memory. Control logic determines whether a translation identifier control indicator is in a first state, and if the translation identifier control indicator is in the first state, the control logic allows a first process being executed by the processing system to access a memory region allocated to a second process being executed by the processing system.

Abstract: A storage device in which file data is divided into multiple blocks for storage on a recording medium. The storage device includes an additional data storing section for storing additional data to be recorded on the recording medium in association with the data to be written, a position determining section for determining recording positions on the recording medium where the blocks should be respectively written, based on the additional data, and a block writing section for writing the respective blocks on the recording positions on the recording medium determined by the recording position determining section. The additional data thus defines a gap length between blocks of recorded data. During a read operation, if the gap length does not comport with the additional data, then an error is assumed.

Abstract: According to an embodiment, a communication management apparatus mediates data between an information processing terminal having a temporary memory and an external memory device that is installed outside the information processing terminal. The apparatus includes a receiving unit configured to receive a write request issued by a device other than the information processing terminal for writing the data in the external memory device; a reading-writing unit configured to control reading of the data from the external memory device and control writing of the data in the external memory device; and a delete command issuing unit configured to, when the write request with respect to the external memory device is received, issue a delete command to the information processing terminal for deleting temporary data that is stored in the temporary memory.

Abstract: A computing device initiates a transaction, corresponding to an application, which includes operations for accessing data stored in a shared memory and buffering alterations to the data as speculative alterations to the shared memory. The computing device detects a transaction abort scenario corresponding to the transaction and notifies the application regarding the transaction abort scenario. The computing device determines whether to abort the transaction based on instructions received from the application regarding the transaction abort scenario. When the transaction is to be aborted, the computing device restores the transaction to an operation prior to accessing the data stored in the shared memory and buffering alterations to the data as speculative alterations to the shared memory. When the transaction is not to be aborted, the computing device enables the transaction to continue.

Abstract: The present invention extends to methods, systems, and computer program products for memory pinning through buffer encapsulation. Within a managed execution environment, a wrapper object encapsulates a memory buffer that is to be shared with a native routine executing in a native execution environment. The wrapper object manages operation of a memory manager on a memory heap corresponding to the memory buffer. The wrapper object includes a first function which sets a pin on the memory buffer and returns a pointer identifying the memory buffer. Setting the pin causes the memory manager to cease moving the memory buffer within the memory heap. The wrapper object also includes a second function which releases the pin on the memory buffer.

Abstract: When an SD card is connected to an SD socket of an electronic device, a control unit of the SD card obtains permission/inhibition information (an output signal) outputted from a setting unit of the electronic device. Based on the obtained permission/inhibition information, the control unit starts the operation of a DC-DC converter corresponding to a memory unit from which reading-out of data is permitted. By virtue of this, reading-out of data from the memory unit is achieved in correspondence to the permission/inhibition information.

Abstract: A fixed length memory block management apparatus has a plurality of processors which execute applications, a memory which is shared by the plurality of processors, an application program, an initialization program, and an access right allocation program being stored in the memory. The apparatus has an application execution unit which starts up the application program to execute the application, an initialization unit which starts up the initialization program to set a memory block management area including a plurality of sub-blocks at the memory, and an access right allocation unit which starts up the access right allocation program to allocate an access right of a memory block of the sub-block set by the initialization unit to the application execution unit.

Abstract: A part information restoration method is adapted to an electronic apparatus having first and second parts which are replaceable and are provided with a nonvolatile memory for storing part information unique to the part. The method includes storing, in a first nonvolatile memory of the first part, part information of the first part, and saving part information of the second part as a first reference information at least when replacing the second part, storing, in a second nonvolatile memory of the second part, the part information of the second part, and saving the part information of the first part as second reference information at least when replacing the first part. The method restores the first reference information in the second nonvolatile memory or restores the second reference information in the first nonvolatile memory, after replacing the first or second part.

Abstract: A system and method in one embodiment includes modules for detecting an access attempt to a critical address space (CAS) of a guest operating system (OS) that has implemented address space layout randomization in a hypervisor environment, identifying a process attempting the access, and taking an action if the process is not permitted to access the CAS. The action can be selected from: reporting the access to a management console of the hypervisor, providing a recommendation to the guest OS, and automatically taking an action within the guest OS. Other embodiments include identifying a machine address corresponding to the CAS by forcing a page fault in the guest OS, resolving a guest physical address from a guest virtual address corresponding to the CAS, and mapping the machine address to the guest physical address.

Abstract: A lock mechanism can be supported in a transactional middleware system to protect transaction data in a shared memory when there are concurrent transactions. The transactional middleware machine environment comprises a semaphore provided by an operating system running on a plurality of processors. The plurality of processors operates to access data in the shared memory. The transactional middleware machine environment also comprises a test-and-set (TAS) assembly component that is associated with one or more processes. Each said process operates to use the TAS assembly component to perform one or more TAS operations in order to obtain a lock for data in the shared memory. Additionally, a process operates to be blocked on the semaphore and waits for a release of a lock on data in the shared memory, after the TAS component has performed a number of TAS operations and failed to obtain the lock.

Abstract: A memory management unit is configured to receive requests for memory access from a plurality of I/O devices. The memory management unit implements a protection mode wherein the unit prevents memory accesses by the plurality of I/O devices by mapping memory access requests (from the I/O devices) to the same set of memory address translation data. When the memory management unit is not in the protected mode, the unit maps memory access requests from the plurality of I/O devices to different respective sets of memory address translation data. Thus, the memory management unit may protect memory from access by I/O devices using fewer address translation tables than are typically required (e.g., none).

Abstract: A storage set (e.g., an array of hard disk drives) may experience a failure, such as a loss of power, a software crash, or a disconnection of a storage device, while writes to the storage set are in progress. Recover from the failure may involve scanning the storage set to detect and correct inconsistencies (e.g., comparing mirrors of a data set or testing checksums). However, lacking information about the locations of pending writes to the storage set during the failure, this “cleaning” process may involve scanning the entire storage set, resulting in protracted recovery processes. Presented herein are techniques for tracking writes to the storage set by apportioning the storage set into regions of a region size (e.g., one gigabyte), and storing on the nonvolatile storage medium descriptors of “dirty” regions comprising in-progress writes. The post-failure recovery process may then be limited to the regions identified as dirty.

Abstract: A secure memory interface includes a reader block, a writer block, and a mode selector for detecting fault injection into a memory device when a secure mode is activated. The mode selector activates or deactivates the secure mode using memory access information from a data processing unit. Thus, the data processing unit flexibly specifies the amount and location of the secure data stored into the memory device.

Abstract: According to one embodiment, an access control apparatus includes a medium communication module configured to perform communication with a removable medium, a access module configured to perform access to the removable medium using the communication module, a wireless communication module configured to perform wireless communication with a external device, and to receive access request to the removable medium, and a controller configured to assign an access right to access the removable medium to one of the access module and the external device, the control module assigning the access right in response to a request of assignment of the access right, the request being transmitted from the external device or the access module.

Abstract: For block based end-to-end data protection for extended count key data (ECKD) in a computing environment, information units (IU's) are aligned in a block boundary format. Block protection trailer data is added to each one of the IU's.

Abstract: Secure marshaling of data via one or more intermediate processes is provided. A source process may create a named shared memory section resulting in a first handle to the shared memory section. The source process may populate the shared memory section with information. An access control list may secure the shared memory section by preventing the one or more intermediate processes from accessing content of the shared memory section, while allowing a target process to access the content. The first handle and a name of the shared memory section may be marshaled to a first intermediate process resulting in a respective new handle to the shared memory section. A last intermediate process may marshal the name to a target process, which may use the name to obtain access to the content of the shared memory section.

Abstract: In one implementation, a controller is provided such that when an operation is performed at a first memory location, the controller unlocks access to a second memory location.

Abstract: A computer system comprises: a central processing unit (CPU); an input/output control hub (IOCH) connected to the CPU; a storage device; the input/output control hub (IOCH) comprising a direct data access control (DDAC) being connected to the storage device; the DDAC providing protected regions and unprotected regions on the storage device (HDD). The IOCH comprises in addition to the DDAC an interface for semantic control of data access (SCDA), the SCDA storing custom configuration data which can be loaded only by a dedicated service which controls protected code running on the CPU. Via the SCDA, files in protected regions can be accessed on a record or even field level, whereby each record or field can have different access rights.

Abstract: A dynamic repository (either storing digital data content or pointers to stored digital data content) works in conjunction with a plurality of interfaces to manage digital content and digital rights policies associated with one or more users. Digital rights policies are unique to each user and such policies define access to digital content in the repository. The user's digital rights policy indicates the level of access a user has to digital content in the repository (e.g., the policy could indicate that the user has authorized access to a particular file for a period of seven days). The interfaces linked with the content repository are used to access and manipulate the digital data content (based upon each user's digital rights policy) and the digital rights policies stored in the content repository.

Abstract: A method includes storing defined memory address segments and defined memory address segment attributes for a processor. The processor is operated in accordance with the defined memory address segments and defined memory address segment attributes.

Abstract: Methods and systems are provided that provide a hardware based memory access protection system which may prevent access to secret data due to either accidental hardware or software failure, or inappropriate access via a system attack. This system includes a memory protection module and divides global memory space into two classes—a “highly protected region” and an “other” region. In some implementations, the system may be entirety located on hardware on a system chip, making unauthorized manipulation difficult. In some implementations, this system may allow a user to pre-program every allowable operation which may be performed by any given bus master, not only the allowable operations of a processor. Register pairs are used to control access to protected regions of memory by masters on the bus.

Abstract: A mass storage device capable of accessing a network storage in response to an access request of an electronic device electrically connected to the mass storage device, the mass storage device includes a first memory unit comprising a file management table for storing a first mapping relationship between a logical address and a network address of the network storage, and a controller for receiving an access request corresponding to the logical address from the electronic device and accessing a file in the network storage according to the network address through a network interface.

Abstract: Exemplary method, system, and computer program product embodiments for changing ownership of cartridges, such as virtual cartridges between remotely located virtual tape libraries, are provided. In one embodiment, by way of example only, processes and protocols for the changing ownership of the cartridges are controlled from a primary location to a secondary location. The production site is moved for the cartridges. The ownership of the cartridges is waived. Access is allowed to the cartridges. Additional data is written and replicated using resources of the cartridges.

Abstract: A computing device and method for managing security of a memory or storage device without the need for administer privileges. To access the secure memory, a host provides a data block containing a control command and authentication data to the memory device. The memory device includes a controller for controlling access to a secure memory in the memory device. The memory device identifies the control command in the data block, authenticates the control command based on the authentication data, and executes the control command to allow the host device to access the secure memory.

Abstract: A computing device and method for managing security of a memory or storage device without the need for administer privileges. To access the secure memory, a host provides a data block containing a control command and authentication data to the memory device. The memory device includes a controller for controlling access to a secure memory in the memory device. The memory device identifies the control command in the data block, authenticates the control command bused on the authentication data, and executes the control command to allow the host device to access the secure memory.

Abstract: For at least one storage resource object associated with at least one of the plurality of resource groups by a resource group attribute, at least one policy is defined for limiting host requests to the storage resources in the at least one of the plurality of resource groups to prevent an issuance of the host requests to an unowned one of the storage resources.

Abstract: A virtual address pager and method for use with a bulk erase memory is disclosed. The virtual address pager includes a page protection controller configured with a heap manager interface configured to receive only bulk erase memory-backed page requests for a plurality of memory pages. A RAM object cache controller is configured to store and bulk write data for a portion of the bulk erase memory. The page protection controller may have an operating system interface configured to generate a page memory access permission for each of the plurality of memory pages. The page protection controller may be configured to receive a virtual memory allocation request and generate the page memory access permission based on the virtual memory allocation request.

Abstract: In a disclosed embodiment, a data processing system comprises a memory protection unit (MPU); and a plurality of region descriptors associated with the MPU. Each region descriptor is associated with one of multiple subsets of the region descriptors and includes an address range, protection settings, and attributes for a respective region of memory. The subsets include data-only region descriptors, instruction-only region descriptors, and shared region descriptors. The shared region descriptors are used to access memory regions for data and instruction memory requests.