Abstract: A method for a contention-based random access procedure includes: receiving, by a base station, a first scheduled transmission message of a mobile terminal; in response to receiving the first scheduled transmission message, setting up, by the base station, a contention resolution message, wherein the contention resolution message comprises a defined part of a hash value of a mobile terminal contention resolution identity; and transmitting, by the base station, the contention resolution message to the mobile terminal.

Abstract: An environment includes various freely settable restrictions for a program executed by an edge device or the like. A software development device generates an object code from a source code and includes an evaluation module for extracting restrictions set in a source code and evaluating whether or not the source code conforms to the restrictions within an application range of the extracted restrictions. A generator module generates an object code so as to conform to the restrictions.

Abstract: Multi-level cell memory management techniques are described. In one example, the memory controller is configured to control whether a single-level cell operation or a multi-level cell operation to be used using different mapping schemes. The single-level cell operation, for instance, is usable to store a data word using two states whereas the multi-level cell operation is usable to store the data word by also using an intermediate state. In order to store the data word using two states, the memory controller is configurable to separate the data word across two word lines in the physical memory. In an implementation, use of the different operations and corresponding mapping schemes by the memory controller alternates between adjacent word lines in physical memory.

Abstract: Examples described herein relate to a computing system supporting custom page sized ranges for an application to map contiguous memory regions instead of many smaller sized pages. An application can request a custom range size. An operating system can allocate a contiguous physical memory region to a virtual address range by specifying a custom range sizes that are larger or smaller than the normal general page sizes. Virtual-to-physical address translation can occur using an address range circuitry and translation lookaside buffer in parallel. The address range circuitry can determine if a custom entry is available to use to identify a physical address translation for the virtual address. Physical address translation can be performed by transforming the virtual address in some examples.

Abstract: Aspects of a storage device provide an optimized data relocation scanning process which significantly reduces a number of page reads performed during a block relocation scan by consolidating logical addresses for multiple FMUs in a single FMU. The storage device includes a memory comprising a block including pages and FMUs, and a controller that is configured to store, in one of the FMUs, logical addresses for multiple FMUs. The controller is further configured, in response to a data relocation command, to read the logical addresses from the FMU, to determine at least one of the read logical addresses is mapped to a current FMU in a L2P mapping table, and to relocate data stored at the valid logical addresses in response to the determination. As a result, latency and power consumption associated with data relocation may be significantly reduced and storage device performance may thus be improved.

Abstract: A type restriction contextually modifies an existing type descriptor. The type restriction is imposed on a data structure to restrict the values that are assumable by the data structure. The type restriction does not cancel or otherwise override the effect of the existing type descriptor on the data structure. Rather the type restriction may declare that a value of the data structure's type is forbidden for the data structure. Additionally or alternatively, the type restriction may declare that an element count allowable for a data structure's type is forbidden for the data structure. Type restriction allows optionality (where only a singleton value for a data structure is allowed), empty sets (where no value for a data structure is allowed), and multiplicity (where only a limited element count for a data structure) to be injected into a code set independent of data type. Type restriction allows certain optimizations to be performed.

Abstract: The present technology includes a host configured to output a program request, a logical address, and data during a program operation, and a memory system configured to map a first physical address to the logical address, program the data to first memory blocks corresponding to the first physical address in a single level cell (SLC) method, program the data stored in the first memory blocks to a second memory block in a higher level cell method including a multi-level cell (MLC) method, a triple level cell (TLC) method, or a quadruple level cell (QLC) method after changing the first physical address to a second physical address, and transmit the second physical address to the host. The host outputs a read request and the second physical address to the memory system during a read operation of the data corresponding to the logical address.

Abstract: An embodiment of an electronic apparatus may include one or more substrates, and logic coupled to the one or more substrates, the logic to control access to two or more persistent storage devices, wherein at least one of the two or more persistent storage devices is to be logically organized with a namespace divided into two or more zones, determine two or more different zone size dependent parameters associated with the two or more persistent storage devices, determine a smallest aligned boundary based on each of the two or more different zone size dependent parameters, and set a zone group size for access to the two or more persistent storage devices based on the determined smallest aligned boundary. Other embodiments are disclosed and claimed.

Abstract: A masked logic gate protected against side-channel attacks using Boolean masking with d+1 shares for each input variable, where d is an integer at least equal to 1 representing the protection order is described. The masked logic gate includes a first input configured to receive a number of shares yj (j=0, 1, 2 . . . ); a second input configured to receive (d+1)2 shares xi (i=0, 1, 2 . . . ) representative of an intermediate result output by one layer of a tree of gates implementing low-latency masking with a protection order of d; and a (d+1)-share output obtained by applying a logic function of the masked logic gate to the shares of the first and second inputs using domain-oriented masking.

Abstract: There are provided mechanisms for handling instances of enclaves on an execution platform. The execution platform comprises a secure component. The secure component serves as a trusted interface between a trusted platform module of the execution platform and enclaves of an enclave environment on the execution platform. Only a single enclave, denoted base enclave, in the enclave environment is enabled to communicate with the secure component. A method comprises receiving, by the base enclave, an indication from another enclave in the enclave environment upon start-up of a new instance of the so-called another enclave. The method comprises determining, by the base enclave, to enable continued running of the new instance only when number of currently running instances of the so-called another enclave is within an interval of allowed number of running instances of the so-called another enclave.

Abstract: One embodiment of the present invention relates to a heap overflow detection system that includes an arithmetic logic unit, a datapath, and address violation detection logic. The arithmetic logic unit is configured to receive an instruction having an opcode and an operand and to generate a final address and to generate a compare signal on the opcode indicating a heap memory access related instruction. The datapath is configured to provide the opcode and the operand to the arithmetic logic unit. The address violation detection logic determines whether a heap memory access is a violation according to the operand and the final address on receiving the compare signal from the arithmetic logic unit.

Abstract: Embodiments related to a processing unit and a first information storage are described and depicted. First information is provided from a first unit into a first information storage for performing a first operation of the processing unit. During the first operation of the processing unit second information is transferred between the processing unit and the first information storage. The first information storage comprises during the first operation of the processing unit an access protection for the first unit.

Abstract: A chip including a processor for performing a predetermined operation, a provider for providing a clock signal, with which the processor is clocked, a counter for decrementing or incrementing a count based on the clock signal, a monitor for signaling the predetermined operation to be prevented, depending on the count, and a non-volatile storage for non-volatily storing the count.

Abstract: A method, apparatus, and system of exclusive access during a critical sub-operation to enable simultaneous operations are disclosed. In one embodiment, a method of a host device includes identifying a critical sub-operation of an operation associated with a storage system, applying a lock associated with the critical sub-operation based on a type of the sub-operation, providing exclusive access of the critical sub-operation to a first instance requiring the critical sub-operation, denying other instances access to the critical sub-operation during an interval comprising a period when the first instance executes the critical sub-operation, and releasing the lock when the critical sub-operation is no longer required by the first instance. The first instance and the other instances may originate on different host devices.

Abstract: According to one embodiment, an access control apparatus includes a medium communication module configured to perform communication with a removable medium, a access module configured to perform access to the removable medium using the communication module, a wireless communication module configured to perform wireless communication with a external device, and to receive access request to the removable medium, and a controller configured to assign an access right to access the removable medium to one of the access module and the external device, the control module assigning the access right in response to a request of assignment of the access right, the request being transmitted from the external device or the access module.

Abstract: A technique for managing pinned memory in a data processing system includes determining whether a first loadable module is completely utilizing pinned memory assigned to the first loadable module. In response to determining the first loadable module is not completely utilizing the pinned memory assigned to the first loadable module, the pinned memory that is not being utilized by the first loadable module is converted to kernel lock memory. In response to a second loadable module requesting pinned memory and non-kernel lock memory not being available to meet the request, one or more pages of the kernel lock memory are assigned to the second loadable module. In response to the second loadable module requesting the pinned memory and the non-kernel lock memory being available to meet the request, one or more pages of the non-kernel lock memory are assigned to the second loadable module.

Abstract: Embodiments are described for a method for controlling access to memory in a processor-based system comprising monitoring a number of interference events, such as bank contentions, bus contentions, row-buffer conflicts, and increased write-to-read turnaround time caused by a first core in the processor-based system that causes a delay in access to the memory by a second core in the processor-based system; deriving a control signal based on the number of interference events; and transmitting the control signal to one or more resources of the processor-based system to reduce the number of interference events from an original number of interference events.

Abstract: A removable mass storage device includes a controller and a memory storage area. A secured portion of the memory storage area may be a permanently write-protected portion. Programs provided by the operating system, e.g., application programming interface (API), for accessing the memory storage area cannot disable the write-protection of the permanently write-protected portion, preventing them from writing to the permanently write-protected portion. The controller does not enforce the write-protection against a security command of a secure library, allowing writing to the permanently write-protected portion using the security command. The security command may be issued by an API of the secure library. The secured portion of the memory storage area may also be a hidden portion that is not visible to the operating system, but is accessible by way of the secure library.

Abstract: A memory mapping apparatus for a multi-processing unit includes at least one memory matching unit configured to perform matching between a plurality of processing units and a plurality of memories, a memory controller configured to perform access control and arbitration for the respective memories, a memory mapping unit configured to include a window map for the respective processing units, make correspond the memories to the respective processing units with reference to the window map, and assign part of the entire address region of the corresponding memory, and a window map change unit configured to change a window map for a processing unit in which a request to use the memory has occurred in response to a request to use the memory from any one of the processing units.

Abstract: In a processor, an instruction sequence including, in order, a load-and-reserve instruction specifying a read access to a target memory block, an instruction delimiting transactional memory access instructions belonging to a memory transaction, and a store-conditional instruction specifying a conditional write access to the target memory block is detected. In response to detecting the instruction sequence, the processor causes the conditional write access to the target memory block to fail.

Abstract: A system and method for adapting a secure application execution environment to support multiple configurations includes determining a maximum configuration for the secure application execution environment, determining an optimal configuration for the secure application environment, and, at load time, configuring the secure application execution environment for the optimal configuration.

Abstract: Embodiments of techniques and systems for protected access to virtual memory are described. In embodiments, a protected memory management architecture (“PMMA”) may be configured to control accesses to protected physical memory. The PMMA may provide a protected virtual memory window for dynamic allocation of protected memory regions. During forward translation of virtual memory addresses, the PMMA may check a region ID of a process before allowing access. During reverse translation of a physical memory address, the PMMA may prevent accesses to protected physical memory addresses. The PMMA may also dynamically allocate physical memory to protected memory regions in virtual memory and may authenticate the physical memory as available before allocation. Other embodiments may be described and claimed.

Abstract: A method for obtaining a measurement of storage usage includes sending a request, by a processor, for the measurement of storage usage during execution of an application by the processor; counting blocks of storage to generate the measurement of storage usage by the application; and providing the measurement of storage usage to the application.

Abstract: A mechanism for zeroed logical volume management is disclosed. A method includes assigning, by a computing device, a bit value to each of storage blocks in a data volume of an operating system. The method also includes permitting, by the computing device, data in the storage blocks of the data volume to be read if the bit value is set to 1. The method further includes preventing, by the computing device, the data in the storage blocks of the data volume to be read if the bit value is set to 0.

Abstract: Various embodiments of the present invention provide systems, methods and circuits for use of a memory system. As one example, an electronics system is disclosed that includes a memory bank, a memory access controller circuit, and an encoding circuit. The memory bank includes a plurality of multi-bit memory cells that each is operable to hold at least two bits. The memory access controller circuit is operable to determine a use frequency of a data set maintained in the memory bank. The encoding circuit is operable to encode the data set to yield an encoded output for writing to the memory bank. The encoding level for the data set is selected based at least in part on the use frequency of the data set.

Abstract: Various embodiments of the present invention provide systems and methods for selecting data encoding. As an example, some embodiments of the present invention provide methods that include receiving a data set to be written to a plurality of multi-bit memory cells that are each operable to hold at least two bits. In addition, the methods include determining a characteristic of the data set, and encoding the data set. The level of encoding is selected based at least in part on the characteristic of the data set. In some instances of the aforementioned embodiments, the characteristic of the data set indicates an expected frequency of access of the data set from the plurality of multi-bit memory cells.

Abstract: Apparatus, systems, and methods may operate to receive from a requesting device, at a memory device, a request to access a memory domain associated with the memory device, and to deny, by the memory device, the request if the memory domain comprises any part of a secure domain, and the requesting device has not asserted a secure transfer indication. Additional operations may include granting the request if the memory domain comprises some part of the secure domain and the requesting device has asserted the secure transfer signal, or if the memory domain comprises only a non-secure domain. Additional apparatus, systems, and methods are disclosed.

Abstract: An electronic system includes multiple data access components (DACs), a semaphores module, and a memory protection unit (MPU). Any of the DACs may issue an access request, which requests access to a shared system resource. A region descriptor associated with the shared system resource specifies default access permissions for the DACs. The semaphores module implements a semaphore for the shared system resource, and produces semaphore signals indicating which one, if any, of the DACs has locked the semaphore for the shared system resource. More particularly, an access evaluation circuit of the MPU receives the default access permissions and the semaphore signals. When the semaphore is properly enabled, as indicated in the region descriptor, the access evaluation circuit produces effective access permissions for the DACs by potentially altering the default access permissions based on the semaphore signals. The MPU grants or denies the access request based on the effective access permissions.

Abstract: A method, system, and computer program product for safe management of data storage using a VM are provided in the illustrative embodiments. An I/O request is received from the VM. A determination is made whether the I/O request requests a data manipulation on the data storage in an address range that overlaps with an address range of a VM signature stored on the data storage. In response to determining that the address range of the data manipulation overlaps with the address range of the VM signature, a determination is made whether an identifier of the VM matches an identifier of a second VM associated with the signature. In response to determining that the identifier of the VM does not match the identifier of the second VM, the I/O request is failed, thereby preventing an unsafe overwriting of the signature on the data storage.

Abstract: A computing system includes computer memory of a number of different memory types. An application program compiled for execution on the computing system controls access to a field of a record in the computer memory of the computing system by defining a record that includes one or more fields, the one or more fields including a restricted field having a specification of restricted accessibility when the restricted field is allocated in a particular memory type; allocating an instance of the record in memory of the particular memory type; and denying each attempted access of the restricted field while the record is allocated in the particular memory type.

Abstract: The present invention allows load balancing between processor units without impacting the I/O performance of the storage system. An LDEV owner right is changed on the basis of static information that does not dynamically change in accordance with the number of I/O commands relating to a LDEV. This information is a load index determined for each LDEV. Any of a plurality of processor units selects a processor unit that is to be an assignment destination of the owner right of a target LDEV, based on the load index that has been assigned to each processor unit and the load index of the target LDEV, and assigns this owner right to the selected processor unit. The load index assigned to the processor unit is a value based on the load index of one or more LDEV respectively corresponding to one or more owner rights assigned to this processor unit.

Abstract: Embodiments of the present invention address deficiencies of the art in respect to nested transaction rollback and provide a method, system and computer program product for dynamic nest level determination for nested transaction rollback. In an embodiment of the invention, a nested transaction rollback method can be provided. The method can include detecting a violation of a block of memory accessed within a set of nested transactions, retrieving a tentative rollback level for the violation, discarding a speculative state for the block of memory at each level of the set of nested transactions up to and including the tentative rollback level, refining the tentative rollback level to a lower level in the set of nested transactions, and additionally discarding a speculative state for the block of memory at additional levels in the set of nested transactions up to and including the refined rollback level.

Abstract: A memory controller for a slave memory that controls an order of data access requests is disclosed. There is a read and write channel having streams of requests with corresponding barrier transactions within the request streams indicating where reordering should not occur. The controller has barrier response generating circuitry located on the read and said write channels and being responsive to receipt of one of said barrier transactions: to issue a response to the received barrier transaction such that subsequent requests in said stream of requests are not blocked by the barrier transaction and can be received and to terminate the received barrier transaction and not transmit the received barrier transaction further; and to mark requests subsequent to the received barrier transaction in the stream of requests with a barrier context value identifying the received barrier transaction.

Abstract: Disk based emulation of tape libraries is provided with features that allow easier management and administration of a backup system and also allow increased flexibility to both archive data on tape at a remote location and also have fast restore access to archived data files. Features include automatic emulation of physical libraries, and the retention and write protection of virtual tapes that correspond to exported physical tapes.

Abstract: A first SMP computer has first and second processing units and a first system memory pool, a second SMP computer has third and fourth processing units and a second system memory pool, and a third SMP computer has at least fifth and sixth processing units and third, fourth and fifth system memory pools. The fourth system memory pool is inaccessible to the third, fourth and sixth processing units and accessible to at least the second and fifth processing units, and the fifth system memory pool is inaccessible to the first, second and sixth processing units and accessible to at least the fourth and fifth processing units. A first interconnect couples the second processing unit for load-store coherent, ordered access to the fourth system memory pool, and a second interconnect couples the fourth processing unit for load-store coherent, ordered access to the fifth system memory pool.

Abstract: A multiple application smart card (102) uses hardware firewalls (130) and an internal communications scheme to isolate applications from different service providers. A first application (116) from a first service provider is stored within a first supplemental security domain (SSD) (126) of a memory device on the multiple application smart card (102). A second application (116) from a second service provider is stored within a second SSD (128) of the memory device. A hardware firewall (130) is located between the first and second applications (116) of the first and second SSDs (128). The hardware firewall (130) prevents direct data access between the first and second applications (116) of the first and second SSDs (128).

Abstract: Methods and apparatuses for improving security of an integrated circuit (IC) are provided. A tamper condition is detected and a digital key stored in the IC is erased. The digital key is associated with a first image loaded onto the IC from a first memory. The memory may be a non-volatile memory module. A second image is loaded into a second memory module. The second memory module may be an embedded memory module, e.g., a control random access memory (CRAM) module. The first image is then erased from the first and second memory modules.

Abstract: Embodiments related to a processing unit and a first information storage are described and depicted.

Abstract: The storage system includes a host computer; a management computer coupled to the host computer; a first storage device coupled to the host computer and the management computer, and including first port management information; and a second storage device coupled to the host computer, the management computer and the first storage device, and including second port management information. The first port management information and the second port management information include an identifier of a port on each storage device, an identifier of a volume in each storage device, an access restriction and an identifier of a port permitted access from the host computer to each storage device.

Abstract: A security device for securing secondary data storage devices having different levels of data security. The security device has an access to a plurality of primary and secondary storage devices, switches configured to separately enable and disable read and write operations to each of the plurality of storage devices, where at least two secondary storage devices cannot have their write access enabled at the same time. Further, the security device has a control circuit adapted to control the switches, and software that controls the switches in a manner that is transparent to the user. In one embodiment the operating system of the computing system resides on a separate storage device that is write protected when switching to a low level security storage device, the computing system and its operating system are ACPI compliant, and ready ACPI states are used in conjunction with switching the primary storage.

Abstract: Embodiments of the present invention address deficiencies of the art in respect to nested transaction rollback and provide a method, system and computer program product for dynamic nest level determination for nested transaction rollback. In an embodiment of the invention, a nested transaction rollback method can be provided. The method can include detecting a violation of a block of memory accessed within a set of nested transactions, retrieving a tentative rollback level for the violation, discarding a speculative state for the block of memory at each level of the set of nested transactions up to and including the tentative rollback level, refining the tentative rollback level to a lower level in the set of nested transactions, and additionally discarding a speculative state for the block of memory at additional levels in the set of nested transactions up to and including the refined rollback level.

Abstract: A video encoder (70) for coding moving pictures comprising a buffer (16c) with a plurality of memory areas capable of storing frames composed of top fields and bottom fields, a motion estimation unit (19) operable to code, field by field, inputted pictures performing moving estimation and moving compensation by referring, field by field, to the picture data stored in a memory area, a motion compensation unit (16d), a subtractor (11), a transformation unit (13) and a quantization unit (14), a memory management unit (71) operable to manage, frame by frame, a plurality of memory areas, an inverse quantization unit (16a) and inverse discrete cosine transform unit (16b) operable to decode picture data in coded fields and store the picture data in the decoded field in any of the plurality of memory areas under the management by the memory management unit (71).

Abstract: According to one embodiment, a storage device electrically connected to a host includes a storage module, an access restriction module, a first restricted access open module, and a second restricted access open module. The storage module is configured to store therein data. The access restriction module is configured to restrict an access from the host to the storage module after power of the storage device is turned on. The first restricted access open module is configured to open the restricted access from the host to the storage module based on a first command for opening the restricted access from the host. The second restricted access open module is configured to open the restricted access from the host to the storage module based on a second command for carrying out an operation different from the opening of the restricted access from the host.

Abstract: The present invention relates to a methodology and computer program product for data storage migration that comprises monitoring a plurality of entities that comprise a storage area network for a predetermined set of information gathering cycles, constructing a resource graph that is representative of the entities that are comprised within the storage area network, and analyzing the resource graph. Further comprised are the determining of a data storage source and a data storage target for the migration of data stored at the data storage source, determining a time period and an execution point for the migration of the stored data, determining a data migration schedule, migrating the stored data according to the determined data migration schedule, and monitoring the data migration operation until the completion of the data migration operation.

Abstract: Subject matter disclosed herein relates to a memory device, and more particularly to a multi-channel memory device and methods of selecting one or more channels of same.

Abstract: Management of storage used by pageable guests of a computing environment is facilitated. A query instruction is provided that details information regarding the storage location indicated in the query. It specifies whether the storage location, if protected, is protected by host-level protection or guest-level protection.

Abstract: Management of storage used by pageable guests of a computing environment is facilitated. An enhanced suppression-on-protection facility is provided that enables the determination of which level of protection (host or guest) caused a fault condition, in response to an attempted storage access.

Abstract: Method of securing exchanges between two electronic devices, by using an imprint of at least one of the two devices. This imprint is obtained on the basis of all or part of the electronic components of which this device is composed. This imprint will serve, either to protect the confidentiality of the data exchanged, or to attest to the identity of the device issuing the data.

Abstract: Transparent hypervisor pinning of critical memory areas is provided for a shared memory partition data processing system. The transparent hypervisor pinning includes receiving at a hypervisor a hypervisor call initiated by a logical partition to register a logical memory area of the logical partition with the hypervisor. Responsive to this hypervisor call, the hypervisor transparently determines whether the logical memory is a critical memory area for access by the hypervisor. If the logical memory area is a critical memory area, then the hypervisor automatically pins the logical memory area to physical memory of the shared memory partition data processing system, thereby ensuring that the memory area will not be paged-out from physical memory to external storage, and thus ensuring availability of the logic memory area to the hypervisor.

Abstract: In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing hardware of a virtualized processor based system detecting a specified type of memory access to an identified region of memory and in response to the detecting generating an interrupt for a virtual machine monitor (VMM) of the virtualized processor based system.