Class / Patent application number | Description | Number of patent applications / Date published |
711164000 | With password or key | 84 |
20080201541 | ON-CHIP SECURITY METHOD AND APPARATUS - A boot method an apparatus are described which reduce the likelihood of a security breach in a mobile device, preferably in a situation where a reset has been initiated. A predetermined security value, or password, is stored, for example in BootROM. A value of a security location within FLASH memory is read and the two values are compared. Polling of the serial port is selectively performed, depending on the result of such comparison. In a presently preferred embodiment, if the value in the security location matches the predetermined security value, then polling of the serial port is not performed. This reduces potential security breaches caused in conventional arrangements where code may be downloaded from the serial port and executed, which allows anyone to access and upload programs and data in the FLASH memory, including confidential and proprietary information. | 08-21-2008 |
20080215841 | Memory Lock System - A memory lock system ( | 09-04-2008 |
20080244207 | System as well as a method for granting a privilege to a chip holder - A system for granting a privilege to a chip holder. The system comprises at least one chip provided with at least one secret key to be activated by a chip holder and at least one associated public key. The system further comprises at least one chip reader, which is connected to a device for carrying out the privilege, and at least one privilege database, which comprises data regarding privileges associated with respective chips. In the system a request route and a reply a route are set up between the chip reader and the privilege database over at least one network, wherein a reply from the privilege database can be sent to the chip reader in encoded form via the reply route by means of a public key of the chip obtained from an encryption database. The chip holder can decode the reply by means of the secret key, after which the decoded reply can be transferred to the device for carrying out the privilege. | 10-02-2008 |
20080244208 | Memory card hidden command protocol - A memory card compatible token includes non-memory components accessed using commands hidden in the data stream of a memory card access command. A mobile computing device such as a mobile phone accesses the non-memory components by writing to a specific address, including a known data value in the data stream, or both. The token may be activated using an activation code, and a subsequently chosen password may be used to authenticate the mobile computing device to the token each time a hidden command is issued. | 10-02-2008 |
20080263301 | KEY-CONTROLLED OBJECT-BASED MEMORY PROTECTION - A method, system, and program key-controlled object-based memory protection are provided. A processing unit includes an authority check for controlling access by the processing unit to pages of memory according to whether a hardware protection key set currently loaded in an authority mask register allows access to the pages. In particular, each page of memory is assigned a page key number that indexes into the hardware protection key set. The currently loaded hardware protection key set specifies those page key numbers that are currently accessible to the processing unit for the execution context. Each hardware key within the hardware protection key set may be associated with a particular data object or group of data objects. Thus, effectively, the currently loaded hardware protection key set identifies which data objects or groups of data objects are currently accessible. Software keys are assigned to data objects and dynamically mapped to hardware protection key sets, such that when a module is called, the software keys assigned to that module are mapped to the hardware protection key set to be loaded for controlling current access to memory. | 10-23-2008 |
20080276060 | Pre-Configured Partitions With Use-Rights Limitations - A computer system comprising includes an inactive partition with a bootable operating system installed and a license manager for obtaining a license that allows the partition to be activated. | 11-06-2008 |
20080288736 | SYSTEMS AND METHODS FOR CHANGING PARAMETERS OF A CONTROLLER - Systems and methods for modifying a parameter value of a controller are described. In one embodiment, the method includes verifying a local presence at the controller, modifying a parameter value at a remote device, confirming the identity of the remote device, and storing the modified parameter value in the controller. | 11-20-2008 |
20080307181 | Disk-Resident Streaming Dictionary - A method, apparatus and computer program product for storing data in a disk storage system is presented. A dictionary data structure is defined and stored on the disk storage system. Key-value pairs can be inserted and deleted into the dictionary data structure, with full transactional semantics, at a rate that is faster than one insertion per disk-head movement. Keys can be looked up with only a logarithmic number of transfers, even for keys that have been recently inserted or deleted. Queries can be performed on ranges of key-value pairs, including recently inserted or deleted pairs, at a constant fraction of the bandwidth of the disk. The dictionary employs indirect logging for physical block logging. | 12-11-2008 |
20080320263 | METHOD, SYSTEM, AND APPARATUS FOR ENCRYPTING, INTEGRITY, AND ANTI-REPLAY PROTECTING DATA IN NON-VOLATILE MEMORY IN A FAULT TOLERANT MANNER - According to some embodiments, a method for providing encryption, integrity, and anti-replay protection of data in a fault tolerant manner is disclosed. A data blob and an anti-replay table blob are copied to a temporary storage region in a non-volatile memory. In an atomic operation, a status indicator is set and a monotonic counter is incremented after the data blob and the anti-replay table blob are copied to the temporary storage region. If a fault occurs while the status indicator is set, the data blob and the anti-replay table blob may be recovered from the temporary storage region. | 12-25-2008 |
20080320264 | CHIP CARD PROTECTED AGAINST COPYING AND METHOD FOR PRODUCTION THEREOF - A chip card is protected against copying by having a data memory for storage of data that are protected, at least in a sub-region of the data memory, against alteration by users or attackers outside of a privileged group. Members of this group can write an individual identifier for this chip card into this protected memory region once, and can write a digital signature of this identifier to an arbitrary memory region of the data memory. The digital signature can be generated with the use of a secret key for which an associated public key exists with which it can be checked whether the digital signature was generated from the individual identifier with the use of a secret key. | 12-25-2008 |
20090006797 | FENCING USING A HIERARCHICAL RELATIONSHIP - A method and apparatus for processing a write request at a storage device is provided. A write request that identifies a sender of the write request is received at a storage device. The write request is examined to determine the identity of the sender. A determination is made as to whether, within a hierarchical relationship, the sender is subordinate to any entity that has been designated as being unable to perform write requests at the storage device. Upon determining that (a) the sender is not subordinate to any entity that has been designated as being unable to perform write requests at the storage device, and (b) the sender has not been designated as being unable to perform write requests at the storage device, the sender is allowed to write to the storage device. Thereafter, the write request from the sender may be performed at the storage device. | 01-01-2009 |
20090037682 | HYPERVISOR-ENFORCED ISOLATION OF ENTITIES WITHIN A SINGLE LOGICAL PARTITION'S VIRTUAL ADDRESS SPACE - Access control to shared virtual address space within a single logical partition is provided. The access control includes: associating, by a hypervisor of the data processing system, a memory protection key with a portion of a single logical partition's virtual address space being shared by multiple entities, the key preventing access by one of the multiple entities to that portion of the virtual address space, and allowing access by another of the entities to that portion of the virtual address space; and locking by the hypervisor the memory protection key from modification by the one entity, wherein the locking prevents the one entity from modifying the key and thereby gaining access to the portion of the single logical partition's virtual address space with the associated memory protection key. In one embodiment, the one entity is the single logical partition itself, and the another entity is a partition adjunct. | 02-05-2009 |
20090063802 | DATA SECURITY SYSTEM - A data security system [ | 03-05-2009 |
20090089529 | METHOD AND APPARATUS TO CONTROL ACCESS TO DEVICE ENABLE FEATURES - An integrated circuit device includes a first plurality of non-volatile memory locations such as fuses that supply programmed values corresponding to initially selected device features such as voltage, frequency, clock speed, and cache parameters. The device is programmed with a lock value in a second plurality of non-volatile memory locations. That lock value may be a randomly generated number that is unique for each device. After initial programming of the device, access to the device is prevented by appropriately programming access control. In order to unlock the device and modify device features, an unlock key value is supplied to the device. If the unlock key value correctly corresponds to the lock value, the device features can be modified. In that way device features can be modified, but security is maintained to prevent unauthorized modification to device features. | 04-02-2009 |
20090106517 | DATA PROTECTION METHOD - A data protection method for an electronic device having a storage medium is provided, wherein the storage medium includes a plurality of partitions and a partition table. In the data protection method, a partition entry point and a partition data corresponding to the specific partition are captured and sent to an external storage device when the electronic device enters a shutdown process. Then, the partition entry point is deleted from the partition table and the partition data is removed from the storage medium. When the electronic device is turned on, a user has to provide the corresponding external storage device to restore the partition entry point and the partition data back to the storage medium. Thereby, personal data stored in the storage medium is protected and accordingly data security is ensured. | 04-23-2009 |
20090113155 | HARDWARE ANTI-PIRACY VIA NONVOLATILE MEMORY DEVICES - One embodiment of the present disclosure may take the form of protected or safeguard memory, such as a nonvolatile memory device. In operation, the nonvolatile memory device may not perform a command operation, such as a read operation, on locked password-protected sectors of a primary memory array. Once a password is provided to the nonvolatile memory device (for example, from or via an associated electronic device), the nonvolatile memory device may unlock the password-protected sectors. | 04-30-2009 |
20090150632 | Directory and Methods of Use - A method of arranging data in a directory, the directory being adapted to interface with disk storage, the method includes arranging data of a directory in a format that is configured to enable the directory data to be mapped by an operating system. The data of the directory is stored in computer-readable storage. The method also includes associating a first portion of a non-persistent computer-readable memory with the data of the directory at least in part by calling a memory map function of the operating system. The memory map function returning a pointer corresponding to the first portion of the non-persistent computer-readable memory. The method further includes synchronizing the associated first portion of the non-persistent computer-readable memory with the data of the directory stored in the computer-readable storage. | 06-11-2009 |
20090164744 | Memory access protection - A memory system is provided. The memory system includes a memory array and a memory controller in communication with the memory array. The memory controller is configured to receive a first password and to compare the first password with a second password. The second password is stored in the memory controller. If the first password matches the second password, then access is permitted to the memory array. The memory array can include a plurality of vertically stacked memory arrays. The vertically stacked memory arrays can be formed on top of a logic plane that includes active circuitry in communication with the vertically stacked memory arrays. The memory arrays can include two-terminal memory cells that store data as a plurality of conductivity profiles and retain the stored data in the absence of power. The memory arrays may be configured as non-volatile two-terminal cross-point memory arrays. | 06-25-2009 |
20090182966 | DYNAMIC ADDRESS TRANSLATION WITH FRAME MANAGEMENT - What is disclosed is a frame management function defined for a machine architecture of a computer system. In one embodiment, a frame management instruction is obtained which identifies a first and second general register. The first general register contains a frame management field having a key field with access-protection bits and a block-size indication. If the block-size indication indicates a large block then an operand address of a large block of data is obtained from the second general register. The large block of data has a plurality of small blocks each of which is associated with a corresponding storage key having a plurality of storage key access-protection bits. If the block size indication indicates a large block, the storage key access-protection bits of each corresponding storage key of each small block within the large block is set with the access-protection bits of the key field. | 07-16-2009 |
20090187724 | DYNAMIC ADDRESS TRANSLATION WITH FRAME MANAGEMENT - What is disclosed is a set key and clear frame management function defined for a machine architecture of a computer system. In one embodiment, a machine instruction is obtained which identifies a first and second general register. Obtained from the first general register is a frame size field indicating whether a storage frame is one of a small block or a large block of data. Obtained from the second general register is an operand address of a storage frame upon which the instruction is to be performed. If the storage frame is a small block, the instruction is performed only on the small block. If the indicated storage frame is a large block of data, an operand address of an initial first block of data within the large block of data is obtained from the second general register. The frame management instruction is performed on all blocks starting from the initial first block. | 07-23-2009 |
20090249014 | SECURE MANAGEMENT OF MEMORY REGIONS IN A MEMORY - Systems and/or methods that facilitate controlling access to memory regions in a memory component(s) are presented. A memory component can comprise an access management component that can facilitate controlling access to memory regions that can be respectively associated with authentication credentials. The access control component can facilitate access of a memory region when received authentication information matches authentication information contained in a security record associated with the memory region. The access management component can facilitate a wipe erase of a memory region(s) to facilitate secure removal of information from the memory region when predetermined criteria is satisfied. The access management component can facilitate locking a memory region when a maximum number of attempts to access a memory region are unsuccessful to facilitate security of the memory regions and/or data associated therewith, where a locked memory region remains locked until a reset is performed. | 10-01-2009 |
20090307452 | STORAGE DEVICE HAVING AN ANTI-MALWARE PROTECTION - A storage device is protected, when interfaced with a host device, by operating a security processor of the storage device in a “security” mode in which the security processor filters commands that are received from the host device and are targeted to the storage controller, and upon determining by the security processor that the “security” mode is no longer required, by operating the security processor in a “safe” mode in which the security processor (i) does not filter commands it receives from the host device and (ii) forwards to a storage controller of the storage device such unfiltered commands. | 12-10-2009 |
20100070728 | METHOD AND APPARATUS FOR AUTHENTICATING USER ACCESS TO DISK DRIVE - A disk apparatus is configured to be connected to a host device, and has a security program for preventing unauthorized user access to the disk apparatus. A disk medium stores a boot program for executing a boot process of the disk apparatus, and a security program storage device stores the security program. A processor is provided for retrieving the security program from the storage device and enabling the host device to execute the security program. The boot program is executed by the host device when the host device determines from executing the security system that the disk apparatus may be accessed by the user. | 03-18-2010 |
20100077167 | DATA STORAGE DEVICE HAVING SMART CARD BASED COPY PROTECTION FUNCTION, AND METHOD FOR STORING AND TRANSMITTING DATA THEREOF - A data storage device having a smart card based copy protection function is provided. The data storage device encodes data using the temper resistant key of the smart card as the encoding seed, stores the encoded data, and transmits the encoded data to other device. Therefore, it is impossible to modulate or to make the illegal copy of stored or transmitted data, and the reliability of the storage device can be improved. | 03-25-2010 |
20100153672 | CONTROLLED DATA ACCESS TO NON-VOLATILE MEMORY - A method of controlling data access to non-volatile memory is disclosed. The method includes storing a data file in a non-volatile memory. The non-volatile memory includes a memory array including a plurality of address ranges one or more of which corresponding to a protected portion of the memory array and one or more of which corresponding to an unprotected portion of the memory array. The method also includes communicating to a host device an indication that a memory request with respect to the protected portion of the memory array is denied. The indication is communicated for instructing the host device to avoid a timeout when the memory request is denied. | 06-17-2010 |
20100185826 | ACCESS KEY GENERATING APPARATUS AND INFORMATION PROCESSING APPARATUS - An access key generating apparatus includes: a bit field converting unit which converts a partial bit field into a reduced bit field having a bit width shorter than a bit width of the partial bit field; an access key retaining unit which retains a plurality of access keys to control access to a memory from peripheral devices in association with each of the peripheral devices; and an indexing unit which indexes the access keys from the access key retaining unit using an index address including the reduced bit field if the conversion of the partial bit field into the reduced bit field is successful, and indexes the access keys from the access key retaining unit using an index address including the partial bit field if the conversion of the partial bit field into the reduced bit field is unsuccessful. | 07-22-2010 |
20100250887 | Password Accessible Microelectronic Memory - A microelectronic memory may be password access protected. A controller may maintain a register with requirements for accessing particular memory locations to initiate a security protocol. A mapping may correlate which regions within a memory array are password protected. Thus, a controller can use a register and the mapping to determine whether a particular granularity of memory is password protected, what the protection is, and what protection should be implemented. As a result, in some embodiments, a programmable password protection scheme may be utilized to control a variety of different types of accesses to particular regions of a memory array. | 09-30-2010 |
20100262801 | TYPE SYSTEM SUPPORT FOR MEMORY ISOLATION PERMISSIONS - An object reference is tagged with an isolation permission modifier. At least two permissions can be included, and in an example three permissions are included. In implementing the permissions, type modifiers for controlling access to type members through references pointing at an object are defined. One of the type modifiers is associated with each occurrence of a type name. Each of the of type modifiers defines a different access permission to restrict operations on the object to which the reference points. | 10-14-2010 |
20100332783 | SEMICONDUCTOR DEVICE HAVING MULTI ACCESS LEVEL AND ACCESS CONTROL METHOD THEREOF - An access control method of a semiconductor device includes providing an inputted password as an input of a hash operator; performing a hash operation in the hash operator and outputting a first hash value; controlling the hash operator so that the hash operation is repeatedly performed in the hash operator by providing the first hash value as an input of the hash operator when the first hash value and a second hash value stored in a nonvolatile memory do not coincide; and setting an access level with respect to the inner circuit according to the repetition number of times of the hash operation of the hash operator when the first and second hash values coincide. | 12-30-2010 |
20110010517 | ELECTRONIC DEVICE, PASSWORD DELETION METHOD, AND PROGRAM - An electronic device that can automatically unlock an external storage device with a password without adding a function to the external storage device is provided. An electronic device | 01-13-2011 |
20110040946 | METHOD AND APPARATUS FOR CONTROLLING ACCESS TO A COMPUTING DEVICE - A computing device having controlled access and a method for controlling access there to are provided, the computing device comprising a memory device, a display device, and an input device. Data for rendering a map is retrieved from the memory device. The display device is controlled to render the map using the data. Geographic location data representative of a sequence of geographic locations selected from the map is received, via the input device. The geographic location data is converted to received password data. The received password data is compared to stored password data. If a match is found, access is granted to the computing device. | 02-17-2011 |
20110119460 | RESTRICTING ACCESS TO OBJECT BASED STORAGE - A method, in one embodiment, can include a server receiving a message to deactivate a partition key of an object based storage system. A token of the object based storage system is signed by the partition key. The object based storage system includes the server. Additionally, after receiving the message, the server can deactivate the partition key to block access to a partition of the object based storage system by a client. The server includes the partition. | 05-19-2011 |
20110213941 | SYSTEMS AND METHODS FOR MANAGING STORAGE DEVICES - Systems and methods for managing storage devices are provided. The system includes a storage device having at least one hidden area. The hidden area is created using initialization firmware, and the hidden area is allowed to be accessed by using a library. A password authentication mechanism is applied to the hidden area of the storage device. When an input password received via a specific application conforms to a predefined password of the hidden area, the hidden area is allowed to be accessed by using the library. Since the storage device may have a plurality of hidden areas, and each hidden area may have a respective password, the respective hidden areas can be independently and securely managed. Additionally, since the predefined password can be changed by a purchasing company, the manufacturer of the storage device or the microcontroller company which designed the microcontroller of the storage device is prohibited from accessing the hidden area by any means after the predefined password of the hidden area is changed by the purchasing company. | 09-01-2011 |
20110258410 | Selective Management Controller Authenticated Access Control to Host Mapped Resources - An information handling system includes a host mapped general purpose input output (GPIO), a shared memory, a board management controller, and a cryptography engine. The host mapped GPIO includes a plurality of registers. The board management controller is in communication with the host mapped GPIO and with the shared memory, and is configured to control accessibility to the plurality of registers in the GPIO, and to control write accessibility of the shared memory based on a private key received from a basic input output system requesting accessibility to the plurality of registers and write accessibility of the shared memory. The cryptography engine is in communication with the board memory controller, and is configured to authenticate the private key received from the board management controller. | 10-20-2011 |
20110314244 | COMPOSITION OF LOCKS IN SOFTWARE TRANSACTIONAL MEMORY - A software transactional memory (STM) system allows the composition of traditional lock based synchronization with transactions in STM code. The STM system acquires each traditional lock the first time that a corresponding traditional lock acquire is encountered inside a transaction and defers all traditional lock releases until a top level transaction in a transaction nest commits or aborts. The STM system maintains state information associated with traditional lock operations in transactions and uses the state information to eliminate deferred traditional lock operations that are redundant. The STM system integrates with systems that implement garbage collection. | 12-22-2011 |
20110314245 | SECURE MEDIA SYSTEM - In one embodiment a network attached storage device comprises at least one storage media, a detection module to detect a connection of a media source to the network attached storage device, a network interface to receive, in the network attached storage device, an activation key associated with the media source, an activation module to determine whether the activation key is stored in a computer-readable memory coupled to the network attached storage device, and in response to a determination that the activation key is not stored in a computer-readable memory coupled to the network attached storage device, to associate the activation key with a device identifier for the network attached storage device and to store the activation key and the device identifier in the computer-readable memory coupled to the network attached storage device, an imaging module to create an image of at least a portion of the media content on the media source in a computer-readable memory coupled to the network attached storage device, and a security module binding the image of the media content to the network attached storage device. | 12-22-2011 |
20120047343 | USE OF TEST PROTECTION INSTRUCTION IN COMPUTING ENVIRONMENTS THAT SUPPORT PAGEABLE GUESTS - Management of storage used by pageable guests of a computing environment is facilitated. A query instruction is provided that details information regarding the storage location indicated in the query. It specifies whether the storage location, if protected, is protected by host-level protection or guest-level protection. | 02-23-2012 |
20120066467 | USING A DUAL MODE READER WRITER LOCK - A method, system, and computer usable program product for using a dual mode reader writer lock. A contention condition is detected in the use of a lock in a data processing system, the lock being used for managing read and write access to a resource in the data processing system. A determination of the data structure used for implementing the lock is made. If the data structure is a data structure of a reader writer lock (RWL), the data structure is transitioned to a second data structure suitable for implementing the DML. A determination is made whether the DML has been expanded. If the DML is not expanded, the DML is expanded such that the data structure includes an original lock and a set of expanded locks. The original lock and each expanded lock in the set of expanded locks forms an element of the DML. | 03-15-2012 |
20120084526 | NONVOLATILE MEMORY UNIT - An apparatus includes a nonvolatile memory, an interface that at least receives an erase command of the nonvolatile memory, a first controller that controls the nonvolatile memory to execute data erasing on the basis of the erase command output from the interface, an external input unit which is installed independently of the interface, a second controller that controls the nonvolatile memory to execute data erasing on the basis of an erase instruction signal output from the external input unit, and a change-over circuit that switches between connection of the first controller with the nonvolatile memory and connection of the second controller with the nonvolatile memory, wherein the second controller controls the nonvolatile memory to execute data erasing on the basis of the erase instruction when the connection of the second controller with the nonvolatile memory is established by the change-over circuit. | 04-05-2012 |
20120159105 | PARTITIONING THE NAMESPACE OF A CONTACTLESS SMART CARD - Systems, methods, computer programs, and devices are disclosed herein for partitioning the namespace of a secure element in contactless smart card devices and for writing application data in the secure element using requests from a software application outside the secure element. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. A control software application resident in the same or a different secure element provides access types and access bits, for each access memory block of the secure element namespace, thereby portioning the namespace into different access types. Further, a software application outside the secure element manages the control software application by passing commands using a secure channel to the secure element, thereby enabling an end-user of the contactless smart card device or a remote computer to control the partitioning and use of software applications within the secure element. | 06-21-2012 |
20120203990 | METHOD FOR STORING AND RECOVERING DATA, UTILIZATION OF THE METHOD IN A STORAGE CLOUD, STORAGE SERVER AND COMPUTER PROGRAM PRODUCT - A method for storing data in which the data to be stored is divided into a plurality of source blocks, each source block subjected to steps including defining a block key for the source block based on a random function, encrypting the source block by utilizing the defined block key, selecting at least one first storage location and one second storage location from a plurality of different available storage locations, storing control data that includes information on the defined block key at the first selected storage location, and storing encrypted data that includes information on the encrypted source block at the second selected storage location. | 08-09-2012 |
20120284473 | MEMORY STORAGE DEVICE AND MEMORY CONTROLLER AND ACCESS METHOD THEREOF - A memory storage device and a memory controller and an access method thereof are provided. The memory storage device includes a rewritable non-volatile memory chip having a plurality of physical blocks. The access method includes configuring a plurality of logical blocks to be mapped to a part of the physical blocks and dividing the logical blocks into at least a first partition and a second partition, wherein the first partition records an auto-execute file. The access method also includes determining whether a trigger signal is existent and sending a media ready message to a host system if the trigger signal is existent, so as to allow the host system to automatically run the auto-execute file and receive a first password. The access method further includes determining whether to provide the logical blocks in the second partition to the host system according to the first password received from the host system. | 11-08-2012 |
20120297158 | MASS STORAGE DEVICE CAPABLE OF ACCESSING A NETWORK STORAGE - A mass storage device capable of accessing a network storage in response to an access request of an electronic device electrically connected to the mass storage device, the mass storage device includes a first memory unit comprising a file management table for storing a first mapping relationship between a logical address and a network address of the network storage, and a controller for receiving an access request corresponding to the logical address from the electronic device and accessing a file in the network storage according to the network address through a network interface. | 11-22-2012 |
20120331256 | Virtualizing Storage for WPAR Clients Using Key Authentication - Systems, methods and media for providing to a plurality of WPARs private access to physical storage connected to a server through a VIOS are disclosed. In one embodiment, a server is logically partitioned to form a working partition comprising a WPAR manager and individual WPARs. Each WPAR is assigned to a different virtual port. The virtual ports are created by using NPIV protocol between the WPAR and VIOS. Thereby, each WPAR has private access to the physical storage connected to the VIOS. | 12-27-2012 |
20130007395 | Computer System and Access Restriction Method - Proposed are a computer system and an access restriction method which enable security and reliability to be improved. | 01-03-2013 |
20130007396 | METHOD FOR PROTECTING DIGITAL CONTENTS OF A SOLID STATE MEMORY - The method is for protecting the digital contents of a solid state memory including a microprocessor. A microprocessor inserts at least an interruption during a copy or a reading of the digital contents and proceeds with the copy or reading only subsequently to a verification of a PIN. In particular, the verification provides control that the PIN is inserted manually. Also, a solid state memory includes a microprocessor programmed for inserting at least an interruption in a copy or reading of digital contents of the memory, for verifying a PIN, and for proceeding with the copy or the reading, if the PIN is inserted correctly. | 01-03-2013 |
20130067184 | ACCESSING PRIVATE DATA ABOUT THE STATE OF A DATA PROCESSING MACHINE FROM STORAGE THAT IS PUBLICLY ACCESSIBLE - According to an embodiment of the invention, a method for operating a data processing machine is described in which data about a state of the machine is written to a location in storage. The location is one that is accessible to software that may be written for the machine. The state data as written is encoded. This state data may be recovered from the storage according to a decoding process. Other embodiments are also described and claimed. | 03-14-2013 |
20130086349 | COMPUTER SYSTEM - A computer system includes: a first storage apparatus; a second storage apparatus; a first volume of the first storage apparatus; and a second volume of the second storage apparatus; wherein the first volume and the second volume have a copy pair relationship and a host system recognizes the second volume as the same volume as the first volume; and wherein the first storage apparatus sends reservation information of the first volume to the second storage apparatus; and the second storage apparatus controls access from the host system on the basis of the received reservation information. | 04-04-2013 |
20130138907 | USE OF TEST PROTECTION INSTRUCTION IN COMPUTING ENVIRONMENTS THAT SUPPORT PAGEABLE GUESTS - Management of storage used by pageable guests of a computing environment is facilitated. A query instruction is provided that details information regarding the storage location indicated in the query. It specifies whether the storage location, if protected, is protected by host-level protection or guest-level protection. | 05-30-2013 |
20130159655 | STORAGE SYSTEM FOR SUPPORTING USE OF MULTIPLE KEYS - A storage system that enables the use of a plurality of keys respectively stored in a plurality of storage units of a storage device is provided. The storage system includes a storage device including a first storage unit and a second storage unit that are recognized as a single storage device, wherein the first storage unit is configured to store a first key, the second storage unit is configured to store a second key different from the first key, and a controller is configured to transmit to the storage device one of a first key-read control signal that includes information about the first storage unit and a second key-read control signal that includes information about the second storage unit and receive the first key and the second key as identification information of the storage device in response to the first key-read control signal and the second key-read control signal, respectively. | 06-20-2013 |
20130198475 | CONTENT ADDRESSABLE STORES BASED ON SIBLING GROUPS - A content addressable storage (CAS) system is provided in which each storage unit is assigned to one of a plurality of sibling groups. Each sibling group is assigned the entire hash space. Within each sibling group, the hash space is partitioned into hash segments which are assigned to the individual storage units that belong to the sibling group. Chunk retrieval requests are submitted to all sibling groups. Chunk storage requests are submitted to a single sibling group. The sibling group to which a storage request is submitted depends on whether any sibling group already stores the chunk, and which sibling groups are considered full. | 08-01-2013 |
20130346718 | Storage Device Access Using Unprivileged Software Code - The subject disclosure is directed towards establishing more direct access to a storage device from unprivileged code. Using a storage infrastructure mechanism to discover and enumerate storage architecture component(s), a user mode application requests at least one portion of the storage device to store application-related data. The storage infrastructure mechanism determines whether the application is authorized to access the storage device and if satisfied, the storage infrastructure mechanism configures at least one path for performing block-level input/output between the storage device and an unprivileged storage architecture component. | 12-26-2013 |
20140025915 | PROTECTION OF ONE-TIME PROGRAMMABLE (OTP) MEMORY - Aspects of the invention provide for masking a current profile of a one-time programmable (OTP) memory. In one embodiment, a circuit includes: a first one-time programmable (OTP) memory configured to receive a data input for a plurality of address fields; and a second OTP memory configured to receive an inverse of the data input for a plurality of address fields, wherein a current profile for a programming supply for the first OTP memory and the second OTP memory is masked, such that the data input for the first OTP memory is undetectable. | 01-23-2014 |
20140032866 | STORAGE SYSTEM IN WHICH INFORMATION IS PREVENTED - According to one embodiment, a storage system includes a host device, | 01-30-2014 |
20140032867 | STORAGE SYSTEM IN WHICH INFORMATION IS PREVENTED - According to one embodiment, a storage system includes a host device, 2 storing medium. The secure storing medium includes: a memory provided with a protected first storing region which stores secret information sent from the host device, and a second storing region which stores encoded contents; and a controller which carries out authentication processing for accessing the first storing region. The host device and the secure storing medium produce a bus key which is shared only by the host device and the secure storing medium by authentication processing, and which is used for encoding processing when information of the first storing region is sent and received between the host device and the secure storing medium. The host device has the capability to request the secure storing medium to send a status. | 01-30-2014 |
20140032868 | STORAGE SYSTEM IN WHICH INFORMATION IS PREVENTED - According to one embodiment, a storage system includes a host device, 2 storing medium. The secure storing medium includes: a memory provided with a protected first storing region which stores secret information sent from the host device, and a second storing region which stores encoded contents; and a controller which carries out authentication processing for accessing the first storing region. The host device and the secure storing medium produce a bus key which is shared only by the host device and the secure storing medium by authentication processing, and which is used for encoding processing when information of the first storing region is sent and received between the host device and the secure storing medium. The host device has the capability to request the secure storing medium to send a status. | 01-30-2014 |
20140136807 | METHOD AND SYSTEM FOR SECURE ACCESS TO DATA FILES COPIED ONTO A SECOND STORAGE DEVICE FROM A FIRST STORAGE DEVICE - A method and system for secure access to data files copied onto a second storage device from a first storage device. A computer receives data from a first storage device that is in communication with the computer. A data file is stored to a second storage device. A passkey is generated and associated with the data file. A passkey image file corresponding to the passkey is generated. The passkey image file is transmitted to the first storage device for storage. Subsequent access to the data file on the second storage device requires entry of the passkey. The passkey is only accessible to a user that has access to read the passkey image file on the first storage device. | 05-15-2014 |
20140149705 | USE OF TEST PROTECTION INSTRUCTION IN COMPUTING ENVIRONMENTS THAT SUPPORT PAGEABLE GUESTS - Management of storage used by pageable guests of a computing environment is facilitated. A query instruction is provided that details information regarding the storage location indicated in the query. It specifies whether the storage location, if protected, is protected by host-level protection or guest-level protection. | 05-29-2014 |
20140195758 | BLOCK OR PAGE LOCK FEATURES IN SERIAL INTERFACE MEMORY - Embodiments are provided for protecting boot block space in a memory device. Such a memory device may include a memory array having a protected portion and a serial interface controller. The memory device may have a register that enables or disables access to the portion when data indicating whether to enable or disable access to the portion is written into the register via a serial data in (SI) input. | 07-10-2014 |
20140223129 | KEY-BASED DATA SECURITY MANAGEMENT - Embodiments of the present invention provide an approach for memory protection at a level of granularity above a “page” level (e.g., enhancing the protection provided by a memory key-based system). The approach further provides such a level of protection at a process or task level by associating the physical page key with a virtual key that corresponds to a particular process/task. When access to the data is requested for a particular process or task, it is determined if a protection bit for the data is set, and if the physical page keys and/or virtual keys submitted pursuant to the request match that previously stored for the data and process/task. If so, access to the data is allowed for the particular process/task. | 08-07-2014 |
20140244957 | STORAGE SYSTEM IN WHICH FICTITIOUS INFORMATION IS PREVENTED - According to one embodiment, a storage system includes a host device and a secure storage. The host device and the secure storage produce a bus key which is shared only by the host device and the secure storage by authentication processing, and which is used for encoding processing. The host device produces a message authentication code including a message which can be stored in the secure storage based on the bus key, and sends the produced message authentication code to the secure storage. The secure storage stores the message included in the message authentication code in accordance with instructions of the host device. The host device verifies whether the message stored in the secure storage is intended contents. | 08-28-2014 |
20140281321 | REGISTER ACCESS WHITE LISTING - A system employs a white list of authorized transactions to control access to system registers. In an embodiment, the white list is loaded into filter registers during system boot. Routing logic monitors a logical interconnect fabric of the system for register access requests. The routing logic parses source, destination information from a request to index the white list. If the white list includes an entry corresponding to the processing entity indicated in the source information and the register indicated in the destination information, the routing logic will permit the requested access. | 09-18-2014 |
20140325175 | PIPELINE CONFIGURATION PROTOCOL AND CONFIGURATION UNIT COMMUNICATION - The present invention includes an integrated module including a plurality of data processing units including a memory device having processing instruction data stored therein. The processing instruction data including subconfiguration data for at least one of the data processing units, the subconfiguration data including a plurality of blocks. The integrated module further includes a barrier disposed between a first block and a second block of the plurality of blocks. Wherein, the data processing units process the processing instruction data from the memory device such that the barrier provides for the data processing units to observe a configuration sequence of the subconfiguration data. | 10-30-2014 |
20140325176 | SECURITY MEMORY ACCESS METHOD AND APPARATUS - Various embodiments comprise apparatuses and methods to allow access to a memory device by an external device. A method includes receiving, at the memory device, a request from the external device to access a storage area of the memory device and performing an unlock procedure of the storage area. The unlock procedure includes sending a first code from the memory device to the external device, and receiving a second code at the memory device from the external device. The second code is to be generated by a first encryption process performed on the first code to obtain the second code. The storage area is temporarily unlocked to allow the external device to access the storage area based on a determination that the received second code has a predetermined relationship to the first code. Additional apparatuses and methods are described. | 10-30-2014 |
20140344542 | KEY-VALUE PAIRS DATA PROCESSING APPARATUS AND METHOD - Data processing apparatuses and data processing methods are provided. The data processing apparatus includes a storage unit, an interface, and a processor. The storage unit stores a first key-value set including a plurality of first key-value pairs. Each of the first key-value pairs has a first key and a first value. The interface receives an instruction regarding a set operation and a function. The processor generates a plurality of second keys by applying the set operation to the first keys. Each of the second keys includes at least one of the first keys. The processor generates a second value for each of the second keys by applying the function to at least one datum corresponding to the at least one first key comprised in the second key. Each second key and the corresponding second value form a second key-value pair and the second key-value pairs form a second key-value set. | 11-20-2014 |
20140344543 | METHOD AND SYSTEM FOR MEMORY ACCESS PROTECTION - Aspects of the disclosure provide a method for null address handling. The method includes compiling code without adding a null check code before a memory access code, storing a first address of the memory access code in association with a second address of a handling code for null address, determining, in response to an exception that occurs at the first address during an execution of the compiled code, the second address based on the stored information, and executing the handling code at the second address. | 11-20-2014 |
20150032984 | METHOD AND SYSTEM FOR RESPONDING TO CLIENT REQUESTS FOR INFORMATION MAINTAINED BY STORAGE SYSTEMS - Method and system for providing information regarding a plurality of storage devices managed by a plurality of storage servers are provided. The storage space at the storage devices is presented to a plurality of computing systems as logical storage space. A plurality of searchable data structures having a plurality of data object types are stored at a temporary memory storage device of a management console that interfaces with the plurality of computing systems and the storage servers. Each data object type stores information regarding the storage device. The searchable data structure includes information regarding the storage devices and the logical storage space presented to the computing systems. A lock data structure for tracking locks that are assigned for accessing information pertaining to a storage server and a data object type is maintained to prevent unauthorized access to at least one of the searchable data structures. | 01-29-2015 |
20150067288 | CORRUPTING DATA STRUCTURES FOR PRIVACY PROTECTION - Methods, systems, and apparatuses, including computer programs encoded on computer-readable media, for storing data in both defaultable and non-defaultable memory on a unit in such a way that if a pluggable device is removed from the unit, the defaultable memory is reset to some default state. Further, non-defaultable memory may have data, but that data is unintelligible without data in the defaultable memory. | 03-05-2015 |
20150095602 | Creating A Program Product Or System For Executing A Perform Frame Management Instruction - Creating a computer program product or a computer system to execute a frame management instruction which identifies a first and second general register. The first general register contains a frame management field having a key field with access-protection bits and a block-size indication. If the block-size indication indicates a large block then an operand address of a large block of data is obtained from the second general register. The large block of data has a plurality of small blocks each of which is associated with a corresponding storage key having a plurality of storage key access-protection bits. If the block size indication indicates a large block, the storage key access-protection bits of each corresponding storage key of each small block within the large block is set with the access-protection bits of the key field. | 04-02-2015 |
20150100748 | USE OF TEST PROTECTION INSTRUCTION IN COMPUTING ENVIRONMENTS THAT SUPPORT PAGEABLE GUESTS - Management of storage used by pageable guests of a computing environment is facilitated. A query instruction is provided that details information regarding the storage location indicated in the query. It specifies whether the storage location, if protected, is protected by host-level protection or guest-level protection. | 04-09-2015 |
20150113243 | METHOD FOR BACKING UP DATA OUTSIDE A SECURE MICROCIRCUIT - The present invention relates to a method for managing the memory of a secure microcircuit, including steps executed by the microcircuit of: forming a data block with executable code and/or data stored in a volatile memory of the microcircuit, and to be backed up outside the microcircuit, calculating a signature of the data block using a first signature key, inserting the calculated signature of the data block into a signature block, obtaining a current value of a non-volatile counter internal to the microcircuit, calculating a signature of the signature block associated with the current value of the internal counter, using a second signature key, and sending outside the microcircuit, the data block, the signature block and the signature of the signature block. | 04-23-2015 |
20150121028 | STORAGE DEVICE SECURITY SYSTEM - A storage device security system includes a server that is coupled to a storage device, a storage controller, a configuration IHS, and a remote access controller. The remote access controller receives a storage device access key request and a storage controller Globally Unique Identifier (GUID) from the storage controller. The remote access controller also receives a server GUID from the server. The remote access controller also receives a security key from the configuration IHS over a network. The remote access controller is configured to use a remote access controller Media Access Control (MAC) address, the storage controller GUID, the server IHS GUID, and the security key to generate a storage device access key. The remote access controller may then provide the storage device access key to the storage controller, and storage controller may use the storage device access key to access the storage device coupled to the server IHS. | 04-30-2015 |
20150332068 | AUTHORIZATION FOR TRANSIENT STORAGE DEVICES WITH MULTIPLE AUTHENTICATION SILOS - In a transient storage device (TSD) with multiple authentication silos, a host computing device connected to the TSD is configured by the TSD to discover and act upon various types of authentication information in the silos. One or more logical combinations of authentication silos are switched to the authenticated state to grant access to an associated storage area. A particular ordering of authentication silos may be required to achieve a valid combination of authenticated silos. Ordering may be suggested by configuration information in the TSD. Ordering may also be based upon whether or not user input is required for authenticating a given authentication silo, the environment of use of the TSD, or a hierarchy from most trusted to least trusted authentication silo. With this information, the host proceeds with the most efficient authentication sequence leading to a grant of access to the storage area. | 11-19-2015 |
20160077978 | ASSOCIATING KEYS WITH DATA AND COMPUTE OBJECTS IN A STORAGE COMPUTE DEVICE - A definition is received of at least one data object and a compute object from a host at a storage compute device. A first key is associated with the at least one data object and a second key is associated with the compute object. A command is received from the host to perform a computation that links the first and second keys. The computation is defined by the compute object and acts on the data object. The computation is performed via the storage compute device using the compute object and the data object in response to the command. | 03-17-2016 |
20160077979 | NON-VOLATILE MEMORY TO STORE RESETTABLE DATA - A non-volatile memory (NVM) is to store data and a first password. The first password is to protect the data. A controller is to selectively enable interaction with the data based on authenticating the first password against a second password. A temporary region is to store the second password. The second password is discarded in response to a status change of the apparatus. The data, the first password, and the second password are resettable by the controller in response to a reset request to bypass the first password, such that the apparatus is restorable to an unused state without authenticating the first password. | 03-17-2016 |
20160085696 | USING ACCESS INFORMATION TO DETERMINE A STORAGE TIER FOR STORING DATA - Provided are a computer program product, system, and method for providing access information to a storage controller to determine a storage tier for storing data. Access information is maintained for each data record in a data store, wherein the access information indicates a level of access to each data record in the data store. A write request directed to a data record in the data store is received. A command is generated identifying the data record and including the access information for the data record. The command is transmitted to the storage controller, wherein the storage controller uses the access information to determine one of the plurality of storage tiers on which to store the data record. | 03-24-2016 |
20160094339 | SCRAMBLING SCHEMES FOR SCRAMBLING AND DESCRAMBLING DATA - A storage module may be configured to scramble data before the data is stored in memory. The storage module may scramble the data in accordance with a scrambling scheme that identifies a plurality of scrambling keys to use to scramble the data and a pattern in which to use the scrambling keys. The scrambling scheme may be applied to a plurality of sets of pages of the data, and may be repeated for each of the sets. The scrambling scheme may also be used when descrambling the scrambled data, or a copy of the scrambled data. | 03-31-2016 |
20160117124 | Storage System Having Security Storage Device and Management System Therefor - The present invention relates to a storage system of a computer and, more particularly, to a storage system and method having a security storage device including a secured disk area, wherein the existence or absence of the secured disk area cannot be known through the application of an operating system in a deactivated state, and the secured disk area can be activated and used only by a digital key and password when a user's password is input through an application including the digital key. | 04-28-2016 |
20160124870 | SYSTEM AND METHOD FOR LOGICAL DELETION OF STORED DATA OBJECTS - Systems and methods for providing object versioning in a storage system may support the logical deletion of stored objects. In response to a delete operation specifying both a user key and a version identifier, the storage system may permanently delete the specified version of an object having the specified key. In response to a delete operation specifying a user key, but not a version identifier, the storage system may create a delete marker object that does not contain object data, and may generate a new version identifier for the delete marker. The delete marker may be stored as the latest object version of the user key, and may be addressable in the storage system using a composite key comprising the user key and the new version identifier. Subsequent attempts to retrieve the user key without specifying a version identifier may return an error, although the object was not actually deleted. | 05-05-2016 |
20160147675 | ELECTRONIC SYSTEM, ELECTRONIC APPARATUS AND ACCESS AUTHENTICATION METHOD THEREOF - An electronic system, an electronic apparatus, and an access authentication method thereof are provided. The electronic system includes a master apparatus and a slave apparatus. The slave apparatus is coupled to the master apparatus through a serial transmission interface. The slave apparatus includes a data storage unit protected by the slave apparatus with a predetermined key. The master apparatus sends an access request to the data storage unit through the serial transmission interface. The slave apparatus determines whether the master apparatus is allowed to access the data storage unit according to the predetermined key and a key inputted by the master apparatus for authentication. | 05-26-2016 |
20160170908 | STORAGE DEVICE AUTHENTICATION | 06-16-2016 |
20160202929 | DATA PROTECTION METHOD AND ELECTRONIC DEVICE USING THE SAME | 07-14-2016 |
20160253271 | MEMORY DATA SECURITY | 09-01-2016 |
20160253272 | MEMORY DATA SECURITY | 09-01-2016 |