Abstract: An apparatus comprising: a memory having at least two sections; a security element associated with at least one of said at least two sections; and a processor for controlling access to at least one of the at least two sections of the memory in dependence on a value of the security element. The apparatus may be an integrated circuit and the memory may be a read-only-memory storing generic code in one of the sections and code specific to a mobile communication device provider in the second section. The security element may be a permanently programmed memory element programmed by the IC manufacturer.

Abstract: A system, method, and computer program product for handling shared cache lines to allow forward progress among processors in a multi-processor environment is provided. A counter and a threshold are provided a processor of the multi-processor environment, such that the counter is incremented for every exclusive cross interrogate (XI) reject that is followed by an instruction completion, and reset on an exclusive XI acknowledgement. If the XI reject counter reaches a preset threshold value, the processor's pipeline is drained by blocking instruction issue and prefetching attempts, creating a window for an exclusive XI from another processor to be honored, after which normal instruction processing is resumed. Configuring the preset threshold value as a programmable value allows for fine-tuning of system performance.

Abstract: A computer system including: a file server, cache servers, and a cache management server, wherein: the cache server obtains the authority information from the cache management server, in a case of receiving a command to process a file, wherein the cache server refers to the obtained authority information, wherein the cache server executes the command to process the file, in a case where the cache server has an administration right of the cache data of the file, wherein the cache management server sends to the cache server an update command for transferring the administration right of the cache data to the other cache server, wherein the cache server sends the update command to the other cache server after receiving the update command, and executes a update procedure in which a lock management information is updated.

Abstract: An inter-machine locking mechanism coordinates the access of shared resources in a tightly-coupled cluster that includes a number of processing systems. When a requesting processing system acquires a lock to access a resource, a comparison is made between values of a global counter and a local counter. The global counter indicates the number of times the lock is acquired exclusively by any of the processing systems. Based on the comparison result, the requesting processing system determines whether the resource has been modified since the last time it held the lock.

Abstract: Various technologies and techniques are described for providing a transaction grouping feature for use in programs operating under a transactional memory system. The transaction grouping feature is operable to allow transaction groups to be created that contain related transactions. The transaction groups are used to enhance performance and/or operation of the programs. Different locking and versioning mechanisms can be used with different transaction groups. When running transactions, a hardware transactional memory execution mechanism can be used for one transaction group while a software transactional memory execution mechanism used for another transaction group.

Abstract: A method of controlling copying of an information signal, comprises the steps of: prior to recordal and/or transmission, applying to the information signal a substantially imperceptible modification representing copy control data including a password securely encoded according to a predetermined algorithm; upon reproduction for copying by a user, deriving (S1, S3) the copy control data from the modified information signal; comparing (S8, S9, S11, S13, S15) the derived securely encoded password with a reference password securely encoded according to a predetermined algorithm; and enabling (S5) copying of the information signal if the securely encoded password derived from the information signal and the securely encoded reference password have a predetermined relationship, otherwise disabling copying (S7). The reference password is sent to the user via a channel which is separate from a channel used to send the information signal to the user.

Abstract: A cache module for a central processing unit has a cache control unit coupled with a memory, and a cache memory coupled with the control unit and the memory wherein the cache memory has a plurality of cache lines, each cache line having a storage area for storing instructions to be issued sequentially and associated control bits, wherein at least one cache line of the plurality of cache lines has at least one branch trail control bit which when set provides for an automatic locking function of the cache line in case a predefined branch instruction has been issued.

Abstract: One embodiment of the present invention provides a system that facilitates avoiding locks by speculatively executing critical sections of code. During operation, the system allows a process to speculatively execute a critical section of code within a program without first acquiring a lock associated with the critical section. If the process subsequently completes the critical section without encountering an interfering data access from another process, the system commits changes made during the speculative execution, and resumes normal non-speculative execution of the program past the critical section. Otherwise, if an interfering data access from another process is encountered during execution of the critical section, the system discards changes made during the speculative execution, and attempts to re-execute the critical section.

Abstract: A system and method is disclosed for fast lock acquisition and release in a lock-based software transactional memory system. The method includes determining that a group of shared memory areas are likely to be accessed together in one or more atomic memory transactions executed by one or more threads of a computer program in a transactional memory system. In response to determining this, the system associates the group of memory areas with a single software lock that is usable by the transactional memory system to coordinate concurrent transactional access to the group of memory areas by the threads of the computer program. Subsequently, a thread of the program may gain access to a plurality of the memory areas of the group by acquiring the single software lock.

Abstract: Various embodiments are directed to a gaming device that uses an internal hard drive for primary media storage. The software is installed on the hard drive without requiring physical access to the hard drive including, but not limited to, removal or replacement of the hard drive. According to one method, an install flash program is used to format and/or reformat an internal hard drive. Additionally, the install flash program is used to install media stored on a removable storage device onto the internal hard drive.

Abstract: A method, in one embodiment, can include a server receiving a message to deactivate a partition key of an object based storage system. A token of the object based storage system is signed by the partition key. The object based storage system includes the server. Additionally, after receiving the message, the server can deactivate the partition key to block access to a partition of the object based storage system by a client. The server includes the partition.

Abstract: Various approaches for managing storage for data objects. In one approach, data describing a plurality of allocation control areas are stored. Each allocation control area references a respective set of free pages that are available for allocation for storing data objects. In response to a request to delete a data object, a non-blocking exclusive lock is sought on an initial one of the allocation control areas. If the lock is granted, each page having data of the data object is returned to the respective set of free pages of the initial one of the allocation control areas. If the lock is denied, another one of the allocation control areas to which a non-blocking exclusive lock can be granted is determined, and each page is returned to the respective set of free pages of the other one of the allocation control areas.

Abstract: A system migrates data between a source device and a target device in a storage system. A processor is operational within a local domain of the storage system. A redundant array of independent disks (RAID) controller electrically connected to the processor. The RAID controller divides a capacity of the source device into a plurality of sub-regions, locks the sub-regions from storage activity, establishes a mirroring relationship for write data updates between the source device and target device, and assigns the processor to copy data from the source device to the target device. A method of migrating data includes dividing a capacity of a source device into a plurality of sub-regions, locking the sub-regions from storage activity, establishing a mirroring relationship for write data updates between the source device and a target device, and assigning a local processor to copy data from the source device to the target device.

Abstract: A processing unit includes an authority check for controlling access by the processing unit to pages of memory according to whether a hardware protection key set currently loaded in an authority mask register allows access to the pages. In particular, each page of memory is assigned a page key number that indexes into the hardware protection key set. The currently loaded hardware protection key set specifies those page key numbers that are currently accessible to the processing unit for the execution context. Each hardware key within the hardware protection key set is associated with a particular data object or group of data objects. Thus, effectively, the currently loaded hardware protection key set identifies which data objects or groups of data objects are currently accessible.

Abstract: A data scrambling method for scrambling raw data from a host system is provided. The data scrambling method includes generating a random number and storing the random number into a storage unit. The data scrambling method also includes receiving a user password from the host system, generating a padded value by using a first function unit based on the random number and the user password, and generating a nonce value by using a second function unit based on the padded value and a key. The data scrambling method further includes generating scrambled data corresponding to the raw data by using a third function unit based on the nonce value and the raw data. Accordingly, the raw data of the host system can be effectively protected.

Abstract: An electronic device that can automatically unlock an external storage device with a password without adding a function to the external storage device is provided. An electronic device 100B has memory card connection means 108 for connecting a memory card 200 that can be locked with a password, password holding means 101 for holding card unique ID and a password, card unique ID acquisition means 104 for acquiring connection identification information indicating the card unique ID of the memory card 20 connected to the memory card connection means 108, and password deletion means 109 for deleting connection identification information and the password corresponding to the connection identification information stored in the password holding means 101 if the connection identification information is contained in the password holding means 101.

Abstract: A method, apparatus, and computer program product are disclosed in a data processing system for prohibiting unauthorized access of data that is stored on storage drives. Multiple logical partitions are generated. A different unique randomizer seed is associated with each one of the logical partitions. In response to one of the logical partitions needing to access a storage drive, the logical partition transmits a seed to the storage drive. The transmitted seed is associated with the one of the logical partitions. A transmitting one of the logical partitions is unable to transmit a seed that is other than a seed that is associated with the transmitting one of the logical partitions. The storage drive utilizes the transmitted seed to randomize and de-randomize data for the one of the logical partitions. Data randomized for one of the logical partitions cannot be de-randomized for a different one of the logical partitions.

Abstract: Embodiments of the invention relate a hybrid hardware and software implementation of transactional memory accesses in a computer system. A processor including a transactional cache and a regular cache is utilized in a computer system that includes a policy manager to select one of a first mode (a hardware mode) or a second mode (a software mode) to implement transactional memory accesses. In the hardware mode the transactional cache is utilized to perform read and write memory operations and in the software mode the regular cache is utilized to perform read and write memory operations.

Abstract: One embodiment of the present invention provides a system that facilitates avoiding locks by speculatively executing critical sections of code. During operation, the system allows a process to speculatively execute a critical section of code within a program without first acquiring a lock associated with the critical section. If the process subsequently completes the critical section without encountering an interfering data access from another process, the system commits changes made during the speculative execution, and resumes normal non-speculative execution of the program past the critical section. Otherwise, if an interfering data access from another process is encountered during execution of the critical section, the system discards changes made during the speculative execution, and attempts to re-execute the critical section.

Abstract: Systems, methods, apparatus and software can utilize storage resource locks to prevent modification (including relocation) of data in the storage resource while a third-party copy operation directed at the storage resource is occurring. A data transport mechanism such as a data restore application requests that a relevant portion of the storage resource be locked. Once locked, the data transport mechanism requests a data mover to perform a third-party copy operation whereby data is moved from a data source to the locked portion of the storage resource. When the third party-copy operation is complete, the data transport mechanism requests release of the lock on the portion of the storage resource.

Abstract: A system controller includes an output unit which transfers an access request from an access source coupled to the system controller to an other system controller; a local snoop control unit that determines whether a destination of the access request from the access source is a local memory unit coupled to the system controller, and locks the destination when the destination is the local memory unit; a receiving unit which receives the access request from the output unit and an access request from an other system controller; a global snoop control unit which sends a response indicating whether the access request is executable or not, and controls locking of the destination of the access request when the destination is the local memory unit; and an access processing unit which unlocks the locking and accesses the memory unit when the access request from the access source becomes executable.

Abstract: Object-based conflict detection is described in the context of software transactional memory. In one example, a pointer is received for a block of instructions, the block of instructions having allocated objects. The lower bits of the pointer are masked if the pointer is in a small object space to obtain a block header for the block, and a size of the allocated objects is determined using the block header.

Abstract: An integrated circuit card including a processor unit associated with RAM and with data exchange means for exchanging data with an external device, the RAM including a memory zone dedicated to exchanged data, and the processor unit being arranged to secure the dedicated memory zone and to store the exchanged data in said zone, and a method of managing the RAM of such a card.

Abstract: An access key generating apparatus includes: a bit field converting unit which converts a partial bit field into a reduced bit field having a bit width shorter than a bit width of the partial bit field; an access key retaining unit which retains a plurality of access keys to control access to a memory from peripheral devices in association with each of the peripheral devices; and an indexing unit which indexes the access keys from the access key retaining unit using an index address including the reduced bit field if the conversion of the partial bit field into the reduced bit field is successful, and indexes the access keys from the access key retaining unit using an index address including the partial bit field if the conversion of the partial bit field into the reduced bit field is unsuccessful.

Abstract: Provided is a technology for controlling partial avoidance or simultaneous access to multimedia contents. This research provides a multimedia contents consuming apparatus, which includes: a receiver for receiving a multimedia content and license data representing a condition for prohibiting partial avoidance of the multimedia content; a license analyzer for receiving the license data from the receiver, analyzes the license condition for the multimedia content, and creating a control signal for partial avoidance; and a controller for controlling avoidance for a predetermined part of the multimedia content according to the control signal.

Abstract: A method and system for extending the life span of a flash memory device. The flash memory device is dynamically configurable to store data in the single bit per cell (SBC) storage mode or the multiple bit per cell (MBC) mode, such that both SBC data and MBC data co-exist within the same memory array. One or more tag bits stored in each page of the memory is used to indicate the type of storage mode used for storing the data in the corresponding subdivision, where a subdivision can be a bank, block or page. A controller monitors the number of program-erase cycles corresponding to each page for selectively changing the storage mode in order to maximize lifespan of any subdivision of the multi-mode flash memory device.

Abstract: In some embodiments a Trusted Platform Module (TPM) manages a first flag that identifies whether a secure environment has ever been established. A chipset manages a second flag that identifies that there might have been secrets in memory and a reset or power failure occurred. At least one processor and/or the chipset lock, maintain a lock, and/or unlock a memory in response to the second flag. Other embodiments are described and claimed.

Abstract: A method to enabling interoperability of a locking synchronization method with a lock-free synchronization method in a multi-threaded environment is presented. The method examines a class file for mutable fields contained in critical code sections. The mutable fields are transferred to a shadow record and a pointer is substituted in the class field for each transferred mutable field. Code is altered so that the lock-free synchronization method is used if a lock is not held on the object. Atomic compare and swap operations are employed after mutable fields are updated during execution of the lock-free synchronization method.

Abstract: A data storage device having a smart card based copy protection function is provided. The data storage device encodes data using the temper resistant key of the smart card as the encoding seed, stores the encoded data, and transmits the encoded data to other device. Therefore, it is impossible to modulate or to make the illegal copy of stored or transmitted data, and the reliability of the storage device can be improved.

Abstract: The present invention provides an apparatus for security of accessing data, comprising a storage device including an address transform detector, a first lock bit register and a data comparator, the address transform detector providing a predetermined correction signal, data outputted from the storage device could be correctly identified when a memory address signal matches the predetermined correction signal and a latch signal is provided to the first lock bit register; and a micro-control unit for receiving data outputted from the storage device, the outputted data being stored in a second lock bit register and encoded by a serial encoding unit, a locking signal being feedback to the storage device; wherein a data encoded signal outputted from the first lock bit register and the locking signal are provided to a data comparator for comparison and determining whether output correct data to an encoding control unit according to the comparison.

Abstract: Methods of operating memory systems and memory systems are disclosed, such as a memory system having a memory array storing a code generating program to instruct a processor to generate a code, and a register to store a code generated by the processor, where the register is configured to allow a write operation to the memory array in response to a match of a code stored in the register and where the match is controlled in response to a request from a utility program being executed by the processor.

Abstract: Systems and methods for storing data and retrieving data from a smart storage device is provided, where smart storage includes processing capabilities along with the ability to store information. In one aspect, a method includes detecting via bidirectional settings one or more capabilities of rules enforcement logic associated with a storage device and selecting a set of criteria and policies to be downloaded from a host or a management server that are to be downloaded onto the storage device. This includes dynamically generating conditional context aware policies syntax based on user settings or network policy and downloading a set of policies onto the storage device for future policy enforcement.

Abstract: One or more techniques are provided for restricting access to protected modes of operation in a memory device. In one embodiment, detection circuitry is provided and configured to receive and evaluate a protected mode entry sequence for accessing a protected mode of operation. The detection circuitry may be further configured to temporarily enable an output pin on a serial interface between the memory device and a master device to receive inputs, such that a entry sequence may be entered on both the input and output pins. In another embodiment, the detection circuitry may be enabled only if a security code is first provided, thus requiring both the correct security code and entry sequence before protected mode access is allowed. The memory device may also include a parallel NAND memory array, and detection logic may be further configured to enable a serial-to-parallel NAND translator once protected mode access is allowed.

Abstract: A security memory device includes a memory cell array that stores a plurality of contents, including a mine, which is stored as a portion of the plurality of contents. The mine is triggered when it is accessed, typically such that the mine erases the memory contents. Also, control logic is included that controls access to the plurality of contents. In one aspect, the memory cell array can include a protected-cell zone and a free-cell zone. In this aspect, the security memory device can further include a lock that provides protection for contents stored in the protected-cell zone from access and a key that is capable of unlocking the lock.

Abstract: A method of operation of a self-locking mass storage system includes: providing storage media and an inactivity timer; timing a period of read/write inactivity of the storage media using the inactivity timer; comparing the period of read/write inactivity against a preset maximum idle time; locking access to the storage media when the period of read/write inactivity exceeds the preset maximum idle time; and, resetting the period of read/write inactivity following read/write activity while the self-locking mass-storage system is in an unlocked state.

Abstract: A data protection method for an electronic device having a storage medium is provided, wherein the storage medium includes a plurality of partitions and a partition table. In the data protection method, a partition entry point and a partition data corresponding to the specific partition are captured and sent to an external storage device when the electronic device enters a shutdown process. Then, the partition entry point is deleted from the partition table and the partition data is removed from the storage medium. When the electronic device is turned on, a user has to provide the corresponding external storage device to restore the partition entry point and the partition data back to the storage medium. Thereby, personal data stored in the storage medium is protected and accordingly data security is ensured.

Abstract: Provided are a method, system, and article of manufacture for providing a process exclusive access to a page including a memory address to which a lock is granted to the process. A request is received for a memory address in a memory device from a requesting process. A lock is granted to the requested memory address to the requesting process. The requesting process is provided exclusive access to a page including the requested memory address for a page access time period. The exclusive access to the page provided to the requesting process is released in response to an expiration of the page access time period.

Abstract: An integrated circuit device includes a first plurality of non-volatile memory locations such as fuses that supply programmed values corresponding to initially selected device features such as voltage, frequency, clock speed, and cache parameters. The device is programmed with a lock value in a second plurality of non-volatile memory locations. That lock value may be a randomly generated number that is unique for each device. After initial programming of the device, access to the device is prevented by appropriately programming access control. In order to unlock the device and modify device features, an unlock key value is supplied to the device. If the unlock key value correctly corresponds to the lock value, the device features can be modified. In that way device features can be modified, but security is maintained to prevent unauthorized modification to device features.

Abstract: A data security system [100] [800] [900] [1600] [2000] includes providing a unique identification from a first system [102] to a second system [104] [108]; copying the unique identification in the second system [104] [108] by the first system [102]; and unlocking a memory [122] in the first system [102] or the second system [104] [108] only when the unique identifications in the first system [102] and the second system [104] [108] are the same.

Abstract: The system is composed of the storage apparatuses with dynamic chunk allocation capabilities, the centralized management computer. Some storage apparatuses have the extra HDDs or volumes for providing extra capacity (extra chunks), which are concealed by a secret key. The storage apparatus with the closed segment has the key management program and key management table. The centralized management computer has the storage on demand management program, the pending request table, the priority table and the master key table. The storage apparatus may connect to the other storage apparatuses for sharing the extra capacities in the closed segment. The storage apparatus issues the chunk addition request to the centralized management computer. The centralized management computer provides a key according to the priority table and the master key table.

Abstract: A chip card is protected against copying by having a data memory for storage of data that are protected, at least in a sub-region of the data memory, against alteration by users or attackers outside of a privileged group. Members of this group can write an individual identifier for this chip card into this protected memory region once, and can write a digital signature of this identifier to an arbitrary memory region of the data memory. The digital signature can be generated with the use of a secret key for which an associated public key exists with which it can be checked whether the digital signature was generated from the individual identifier with the use of a secret key.

Abstract: According to some embodiments, a method for providing encryption, integrity, and anti-replay protection of data in a fault tolerant manner is disclosed. A data blob and an anti-replay table blob are copied to a temporary storage region in a non-volatile memory. In an atomic operation, a status indicator is set and a monotonic counter is incremented after the data blob and the anti-replay table blob are copied to the temporary storage region. If a fault occurs while the status indicator is set, the data blob and the anti-replay table blob may be recovered from the temporary storage region.

Abstract: A method, system, and program key-controlled object-based memory protection are provided. A processing unit includes an authority check for controlling access by the processing unit to pages of memory according to whether a hardware protection key set currently loaded in an authority mask register allows access to the pages. In particular, each page of memory is assigned a page key number that indexes into the hardware protection key set. The currently loaded hardware protection key set specifies those page key numbers that are currently accessible to the processing unit for the execution context. Each hardware key within the hardware protection key set may be associated with a particular data object or group of data objects. Thus, effectively, the currently loaded hardware protection key set identifies which data objects or groups of data objects are currently accessible.

Abstract: A portable data access device is applicable to a data processing system. The portable data access device includes at least a first data access sector preset to be a read-only data access sector, for storing at least data and/or application programs executable by the data processing system; at least a second data access sector set to be a general data access sector; and a controller for interfacing with the data processing system and controlling data access to the first data access sector and the second data access sector. The data processing system may execute the application programs and/or access the data through the portable data access device, and the risk of modifying or damaging the data and/or application programs can be reduced by the read-only data access sector.

Abstract: An apparatus for providing storage control in a network of storage controllers is disclosed. The apparatus includes an owner storage controller; an I/O performing component, an ownership assignment component, a lock manager and a messaging component. The ownership assignment component assigns ownership of metadata for data to an owner storage controller. The lock manager controls the locking of metadata during I/O. The messaging component passes messages among storage controllers to request metadata state, to grant locks, to request release of locks, and to signal lock release. The I/O is performed on data whose metadata is owned by an owner storage controller, subject to compliance with metadata lock protocols controlled by the owner storage controller, and any copy of the data held from time to time is maintained in a coherency relation with the data.

Abstract: A boot method an apparatus are described which reduce the likelihood of a security breach in a mobile device, preferably in a situation where a reset has been initiated. A predetermined security value, or password, is stored, for example in BootROM. A value of a security location within FLASH memory is read and the two values are compared. Polling of the serial port is selectively performed, depending on the result of such comparison. In a presently preferred embodiment, if the value in the security location matches the predetermined security value, then polling of the serial port is not performed. This reduces potential security breaches caused in conventional arrangements where code may be downloaded from the serial port and executed, which allows anyone to access and upload programs and data in the FLASH memory, including confidential and proprietary information.

Abstract: According to one embodiment, a magnetic disk apparatus comprises a storage-medium unit including a storage medium, a magnetic-disk medium unit including a magnetic disk medium, a storing unit configured to store data transmitted from a host system in the storage medium, a first comparator configured to compare an input password with a password stored in the storage medium or in a semiconductor memory provided on a substrate on which the storage medium is provided, and a control unit provided in the storage-medium unit and configured to control an access to the magnetic disk medium in accordance with a comparison result obtained by the first comparator.

Abstract: To provide a memory device and a password storing method thereof, according to which an improved security function is realized by resourcefully designing the storage position and/or storing order of password data stored in the memory device to prevent unauthorized password acquisition. The memory device makes a determination of whether or not rewriting and/or reading of data is permitted by verification of a password, the memory device comprising a plurality of partial memory areas which store a plurality of partial bit strings that comprise a bit string of the password, and wherein the plurality of partial memory areas are located apart from each other in a memory cell array.

Abstract: A memory card system includes a memory card and a host for generating a password confirm command and a password transmission command. The password confirm command is used for determining whether a password has been set in the memory card. Each of the password confirm command and the password transmission command may be sent via at least one of a command line or a data line between the host and the memory card.

Abstract: Described is a technique for providing shared access to an encrypted portable memory device which improves both usability and security by allowing the owner of the encrypted storage device to designate access to specified files only to the next host to mount the secure disk. The number of steps required to perform a file sharing operation is greatly reduced with this system and access to the contents of the protected storage device can be granted with greater granularity.