Entries |
Document | Title | Date |
20080209232 | Method and Device for Controlling Access to Encrypted Data - The invention concerns a method for controlling access to encrypted data by control words (CW), said control words being received by a security module in control messages (ECM) and returned to a unit operating on (STB) the encrypted data. The method includes the following steps: receiving a first control message (ECM) comprising at least one control word (CW) and a time stamp (TS), receiving a second control message (ECM | 08-28-2008 |
20080215895 | Electronic book secure communication with home subsystem - The invention, an electronic book selection and delivery system, is a new way to distribute books and other textual information to bookstores, libraries and consumers. The primary components of the system are a subsystem for placing text in a video signal format and a subsystem for receiving and selecting text that is placed in the video signal format. The system configuration for consumer use contains additional components and optional features that enhance the system, namely: (1) an operation center, (2) a video distribution system, (3) a home subsystem, including reception, selection, viewing, transacting and transmission capabilities, and (4) a billing and collection system. The operation center and/or video distribution points perform the functions of manipulation of text data, security and coding of text, cataloging of books, messaging center, and uplink functions. The home subsystem performs the functions of connecting to a video distribution system, menu selecting text, storing text, and transacting through phone or cable communicating mechanisms. A portable book-shaped viewing device is used for viewing the textual material delivered. The billing and collection system performs the transaction, management, authorization, collection and publisher payments automatically utilizing the telephone system. | 09-04-2008 |
20080215896 | Issuing a Publisher Use License Off-Line in a Digital Rights Management (DRM) System - A publishing user publishes digital content and issues to itself a corresponding digital publisher license to allow itself to render the published digital content. The publishing user is supplied with a publishing certificate from a digital rights management (DRM) server, where the publishing certificate allows the publishing user to so publish the digital content and to so issue the publisher license. | 09-04-2008 |
20080215897 | Security Containers for Document Components - Methods, systems, computer program products, and methods of doing business whereby document components are secured or controlled using “security containers” which encapsulate the components (and other component metadata). A “security container” encapsulates the component (i.e., content) that is to be controlled within a higher-level construct such as a compound document. The security container also contains rules for interacting with the encapsulated component, and one or more encryption keys usable for decrypting the component and rules for authorized requesters. | 09-04-2008 |
20080222428 | Method for Securing Authenticity of Data in a Digital Processing System - The invention describes a method and a corresponding digital processing system for ensuring that data is unmodified while reducing the amount of one-time programmable memory in the system. The data is stored in modifiable memory and an authentication value of the data is stored in unmodifiable memory. Before the data is used according to its purpose the digital processing system authenticates that the data is unmodified, for example by using a cryptographic hash algorithm. | 09-11-2008 |
20080222429 | DATA MANAGEMENT SYSTEM - A data management system and method are provided. Specifically, the present invention includes a system for controlling access to data and ensuring that the confidentiality of the data maintained. In addition, the present invention provides a system for updating data so that confidential data, which has become non-confidential, can be identified and exposed. | 09-11-2008 |
20080229118 | Storage apparatus - Provided is a storage apparatus capable of encrypting data without affecting the business performance. This storage apparatus includes a cache memory, a first controller for controlling the writing of data in the cache memory pursuant to the write command, a second controller for controlling the writing of the data written in the cache into the storage devices, and an encryption engine for encrypting data pursuant to the write command. When the second controller reads the data from the cache memory and writes the data in said storage devices, the encryption engine encrypts the data, and the second controller writes the encrypted data in said storage devices. | 09-18-2008 |
20080229119 | Information Carrier Authentication With a Physical One-Way Function - The present invention relates to a method of enabling authentication of an information carrier ( | 09-18-2008 |
20080235521 | METHOD AND ENCRYPTION TOOL FOR SECURING ELECTRONIC DATA STORAGE DEVICES - The present invention relates to a method and an encryption tool for securing electronic data storage devices. The method and encryption tool of the present invention install a file system on the electronic data storage device. Then, an input module of the encryption tool receives a user password. A key cryptography unit generates, from the user password, at least one key. A storage module stores the at least one key on the electronic data storage device. All data that is to be stored on the electronic data storage devices is encrypted using one of the at least one key. In accordance with some embodiments of the invention, the electronic data storage device is further filled with insignificant data. | 09-25-2008 |
20080235522 | CONTENT PLAYBACK METHOD AND RECORDING AND PLAYBACK DEVICE - Where a follow-up playback is realized for content data that is recorded by changing an encryption key at predetermined intervals for copyright protection, fast feed and playback operations are provided that can get close to a video scene of a present point of time. There are two areas on the memory in which to manage key information. The key information and seed information being written into a hard disk drive are held in memory in order to allow access to the key information and seed information even as they are written. | 09-25-2008 |
20080244276 | Method and Device for Creating a Group Signature and Related Method and Device for Verifying a Group Signature - A method for creating a group signature of a message to be implemented by a member of a group in a system, the system including a trust authority, the group including at least the member provided with a secure portable electronic entity including storage elements and computing elements wherein are implanted a cryptographic algorithm. The method includes the following steps: generating via the computing elements a signature of the message using a private key common to the members of the group and integrating a data identifying the group member and a temporal data representing a temporal information of the member's membership to the group and of the date of the signature of the message, the private key common to the members of the group, the identifying data and the temporal data being stored in the storage elements. | 10-02-2008 |
20080244277 | Secure data parser method and system - The present invention provides a method and system for securing sensitive data from unauthorized access or use. The method and system of the present invention is useful in a wide variety of settings, including commercial settings generally available to the public which may be extremely large or small with respect to the number of users. The method and system of the present invention is also useful in a more private setting, such as with a corporation or governmental agency, as well as between corporation, governmental agencies or any other entity. | 10-02-2008 |
20080256368 | Method and Device For Protecting Digital Content in Mobile Applications - The present invention provides methods and devices allowing a secure way of sharing protected content. A content holder may share the content under certain restrictions. The invention offers a secure sharing method preventing copyright violations and preserving the copyright owners control over the content use, while also offering new marketing possibilities to him. A method for protecting digital content is provided which comprises receiving said digital content, encrypting said digital content using a encryption algorithm resulting in encrypted content, generating license information associated to said encrypted content, wherein said license information is provided as one or more executable code sections, which are executable on a processor-based entity. | 10-16-2008 |
20080256369 | DISC DRIVE COUNTERFEITING COUNTERMEASURE - Counterfeiting of optical disc drives used with game systems is prevented by storing an obfuscated authentication key in firmware of the disc drive. Each disc drive can implement a different obfuscation scheme. The authentication key is parsed into components and the components are stored in various locations in firmware of the disc drive. Drive specific software also is stored in the firmware. Remaining locations of the firmware are randomly populated with binary values. | 10-16-2008 |
20080263367 | DIGITAL CONTENT PROTECTION SYSTEM - The media inherent key storing unit | 10-23-2008 |
20080263368 | COMPUTER SYSTEM, MANAGEMENT TERMINAL, STORAGE SYSTEM AND ENCRYPTION MANAGEMENT METHOD - To provide a computer system in which an encryption-decryption process performed by one encryption-decryption module can be moved to the other encryption-decryption module without stopping the process for a read/write request from a host computer. The computer system has a host computer | 10-23-2008 |
20080263369 | METHOD AND APPARATUS FOR ENCRYPTING AND PROCESSING DATA IN FLASH TRANSLATION LAYER - A method for preventing a user from interpreting optional stored data information even when the user extracts the optional stored data, and an apparatus thereof. The apparatus for encrypting and processing data in a flash translation layer includes a flash memory and a controller. The flash translation layer searches at least one page of the flash memory storing the data when a write of optional data is requested from the controller, generates, corresponding to respective searched pages, a page key according to a predetermined encrypting function when the searched page supports an encryption, and encrypts and stores the data by the page key in the respective searched pages. | 10-23-2008 |
20080263370 | Cryptographic Role-Based Access Control - A hierarchical tree structure is used to facilitate the communication of encrypted keys to particular users having access to the tree. All users are in communication with a root node, but the information content of the material at the root node is decipherable only by the intended users of this information. Protected data is encrypted using a variety of data-keys specific to the data. These data-keys are encrypted using a combination of node-keys that are specific to particular users or groups of users. Users having access to the node-key associated with a particular encrypted data-key are able to decipher the data associated with the data-key; users without access to the particular node-key are unable to decrypt the data-key, and thus unable to decipher the data. The hierarchical tree is preferably structured based on a similarity of access rights among users, to minimize the overhead associated with providing user-specific access rights. | 10-23-2008 |
20080263371 | PROTECTED VOLUME ON A DATA STORAGE DEVICE WITH DUAL OPERATING SYSTEMS AND CONFIGURABLE ACCESS AND ENCRYPTION CONTROLS - A method provides a protected region of a data storage device associated with a computational device, where data in the protected region is primarily protected by preventing access without proper access authorization. The method comprises the steps of providing, in an unprotected region of the data storage device, a first operating system and associated operating system data; monitoring operating system data accessed by the computational device until a predetermined functionality becomes available; storing, in the protected region, the monitored operating system data; providing, in the protected region, a second operating system; transferring control of the computational device from the first operating system to the second operating system; storing data in the protected region; and preventing access to the stored data in the protected region without access authorization. In a further embodiment of the method, the second operating system optionally provides a second level of security by preventing decryption of data stored in the protected region without decryption authorization. | 10-23-2008 |
20080263372 | Method and apparatus for transmitting content data and recording and/or reproducing apparatus - A data transmission method and apparatus for transmitting data, such as encrypted content data. A device that is to be a destination of transmission is authenticated. If the device has not been authenticated, encrypted data read out from a storage unit is decrypted to give decoded data which then is re-encrypted based on innate key data acquired from the device that is to be the destination of transmission to give re-encrypted data. The re-encrypted data is then transmitted to the device that is to be a destination of transmission. | 10-23-2008 |
20080270807 | Method for Selective Encryption Within Documents - The present invention allows the user (author or creator) of a document to specify that certain portions of a document be selected for encryption while other portions of the document remain displayed as created. In addition, each encrypted section could have multiple encryption keys such that some viewers can review certain parts of the document while other viewers will not have that same access. The user could employ a standard word processing editor technique to highlight (or swipe) portions of a document that the user desires to be encrypted. The highlighted portion would then be tagged with a surrounding attribute indicating to the word processor that this highlighted portion of the document is to be encrypted. The highlighted sections would also have encryption keys associated with the highlighted and encrypted section. Any one of the encryption keys for that section would decrypt that section. With proper authorization, any encrypted portion of a document would be displayed as part of the document. Without proper authorization, the display of the document would only contain the unencrypted portions of the document. | 10-30-2008 |
20080276101 | DIGITAL DATA RECORDING APPARATUS, DIGITAL DATA RECORDING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM - A data communication unit receives encrypted digital data via a network and records the digital data on a primary recording medium. The digital data, having been encrypted in different encryption methods according to the distributors, include attribute information indicating the encryption methods. The encryption method of the digital data is determined and the encrypted data is decrypted by an appropriate decryption unit. Identification information of a secondary recording medium or a playback apparatus is obtained according to whether the secondary recording medium is removable from the playback apparatus. A controller selects an encryption unit among a plurality of encryption units according to the obtained identification information. The selected encryption unit creates an encryption key according to the identification information and re-encrypts the digital data. A recording unit records the digital data on the secondary recording medium. An accounting unit charges according to accounting information in the attribute information. | 11-06-2008 |
20080276102 | Data Protection Systems and Methods - Systems and methods are provided for protecting electronic content from the time it is packaged through the time it is experienced by an end user. Protection against content misuse is accomplished using a combination of encryption, watermark screening, detection of invalid content processing software and hardware, and/or detection of invalid content flows. Encryption protects the secrecy of content while it is being transferred or stored. Watermark screening protects against the unauthorized use of content. Watermark screening is provided by invoking a filter module to examine content for the presence of a watermark before the content is delivered to output hardware or software. The filter module is operable to prevent delivery of the content to the output hardware or software if it detects a predefined protection mark. Invalid content processing software is detected by a monitoring mechanism that validates the software involved in processing protected electronic content. Invalid content flows can be detected by scanning the information passed across system interfaces for the attempted transfer of bit patterns that were released from an application and/or a piece of content management software. | 11-06-2008 |
20080282094 | Optical storage media and the corresponding cryptography for data encryption thereof - Based on the demand of developing a data encryption technique for the optical storage media, the present invention discloses a cryptography for data encryption based on a design of specific hardware conditions, so as to achieve the security requirements for the encrypted digital data stored in the optical storage media and the design requirements for the security issues on the optical storage media for software vendors in the current market. | 11-13-2008 |
20080282095 | METHOD FOR TRANSFERRING AND/OR PROVIDING PERSONAL ELECTRONIC DATA OF A DATA OWNER - In a method to transfer and/or to provide personal electronic data of an owner, in particular health-related electronic data of a patient, the personal electronic data are transferred and/or provided in a form stored on a data medium, at least partially encrypted, together with at least one decryptor for at least partial decryption, as well as at least one mechanism to present and/or to access and/or to enable the presentation of and/or the access to at least one part of the personal electronic data. | 11-13-2008 |
20080282096 | SYSTEM AND METHOD FOR ORDER-PRESERVING ENCRYPTION FOR NUMERIC DATA - A system, method, and computer program product to automatically eliminate the distribution information available for reconstruction from a disguised dataset. The invention flattens input numerical values into a substantially uniformly distributed dataset, then maps the uniformly distributed dataset into equivalent data in a target distribution. The invention allows the incremental encryption of new values in an encrypted database while leaving existing encrypted values unchanged. The flattening comprises (1) partitioning, (2) mapping, and (3) saving auxiliary information about the data processing, which is encrypted and not updated. The partitioning is MDL based, and includes a growth phase for dividing a space into fine partitions and a prune phase for merging some partitions together. | 11-13-2008 |
20080288787 | Export control for a GNSS receiver - Embodiments of the present invention recite a method and system for implementing export control for a Global Navigation Satellite System (GNSS) receiver. In one embodiment, a GNSS receiver is used to determine the geographic position of an electronic device. It is then determined that the geographic region corresponds to an exclusion zone. In response to determining that the geographic region corresponds to the exclusion zone, accessing data from the electronic device is prevented. | 11-20-2008 |
20080288788 | Digital Rights Management Metafile, Management Protocol and Applications Thereof - Methods, systems and computer program products to create and manage encapsulated Digital Rights Management (DRM) metafiles, also referred to as objects, are provided herein. Each object comprises a file header section, an encrypted webpage metadata section, an encrypted preferences section, an encrypted tracking section, an encrypted license section, a media file section and an encrypted file trailer section. Each section comprises multiple attributes. A metabase is provided herein to catalog objects, sections and attributes. Instructions are provided herein to allow for setting a current object, section or attribute; retrieving an object, section or attribute; and enumerating objects, sections and attributes in a device memory. | 11-20-2008 |
20080288789 | Reducing information leakage between processes sharing a cache - A method of impeding leakage of cache access behavioural information of a section of a sensitive process to an untrusted process, said sensitive and untrusted processes being performed by a processor within a data processing apparatus, said data processing apparatus further comprising at least one cache operable to store information required by said processor while performing said sensitive and untrusted processes, the method comprising the steps of: prior to commencing processing of a section of said sensitive process by said processor, evicting information stored in locations of said at least one cache which may otherwise be evicted by said sensitive process loading information that may be required by said section of said sensitive process in said at least one cache; commencing processing of said section of said sensitive process by said processor; switching said processor during processing of said section of said sensitive process to said untrusted process in response to a switching request; on switching back to said section of said sensitive process from said untrusted process, evicting information stored in locations of said at least one cache which may otherwise be evicted by said sensitive process loading information that may be required by said section of said sensitive process in said at least one cache prior to recommencing processing of said section of said sensitive process. | 11-20-2008 |
20080294911 | Method and Apparatus for Secure Storing of Private Data on User Devices in Telecommunications Networks - A system for securely storing data is provided. The system includes a transformation component operable to scramble or encrypt the data, a dissection component operable to divide the data into a plurality of segments, and a storage component operable to store the plurality of segments in a plurality of memory locations. These components can operate various schemes identified by encoded identifiers and new schemes can be added to the system at any time. A user device can use a combination of a transformation scheme, a dissection scheme, and a storage scheme to protect stored private data at any point in time. The combination can be changed quickly by the user device autonomously or upon receiving an instruction to do so. | 11-27-2008 |
20080294912 | SEMICONDUCTOR MEMORY DEVICE - The present invention provides a semiconductor memory device capable of allocating scrambling data different every chip without the need for management and writing of seed data for scramble. If an authentication key inputted from a user to an authentication key register and a decision key set to a decision key register in advance coincide with each other, then read data RD read from a memory chip is outputted as data DT via a selector as it is. If they are found not to coincide with each other, then read data RD (scrambled data SRD) scrambled using, as seed data SD, position information on each defective memory cell, which is outputted from a fuse circuit, is selected by the selector, followed by being outputted as data DT. | 11-27-2008 |
20080294913 | DISK ARRAY CONTROLLER, DISK ARRAY CONTROL METHOD AND STORAGE SYSTEM - Provided is a disk array controller capable of speeding up the processing by simultaneously execution the encryption/decryption of a non parallel block cipher modes of operation. In a disk array controller for controlling a disk array according to a disk access request from a host system, a plurality of non parallel mode encryption/decryption target data are divided into a plurality of messages unrelated to the encryption/decryption processing, partitioning non parallel mode encryption/decryption target data belonging to the respective messages into a plurality of block data, storing each block data belonging to the respective messages by allocating it each line of Rnd[ | 11-27-2008 |
20080294914 | Trusted storage - In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decrypting the encrypted content using the FDE key. | 11-27-2008 |
20080301468 | Cryptographic Secure Program Overlays - A method, computer program product, and data processing system for executing larger-than-physical-memory applications while protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault or page fault detection are disclosed. Large applications are accommodated by providing a mechanism for secure program overlays, in which a single large application is broken into two or more smaller applications (overlays) that can be executed from the same memory space by overwriting one of the smaller applications with another of the smaller applications when the latter needs to be executed. So that the data may be shared among these smaller applications, each of the applications contains embedded cryptographic keys, which may be used to encrypt or decrypt information to be stored persistently while control is transferred from one application to the other. | 12-04-2008 |
20080301469 | Cryptographically-enabled Privileged Mode Execution - A method, computer program product, and data processing system are disclosed for protecting sensitive program code (and also data) from unauthorized access in a memory space not subject to protection fault detection. In a preferred embodiment, secure initialization hardware loads the sensitive code from a storage location accessible only to the secure initialization hardware itself and decrypts the sensitive code into a portion of the processor-accessible memory space, from which the code is executed. Once execution of the sensitive code has completed, all or at least a portion of the code is deleted before passing control to application software. If the application software needs to cause the sensitive code to be executed, the secure initialization hardware is activated to reload/decrypt a fresh copy of the sensitive code into the memory space and cause the code to be executed. Before control is returned to the application software, the sensitive code is again deleted to prevent unauthorized access. | 12-04-2008 |
20080301470 | TECHNIQUES FOR SECURING CONTENT IN AN UNTRUSTED ENVIRONMENT - Techniques for securing content in an untrusted environment are provided. Content is encrypted and stored with a content delivery service in an encrypted format. Encrypted versions of a content encryption/decryption key and a first key are also housed and distributed by the content delivery service. The first key is used to decrypt the encrypted version of the content encryption/decryption key. The content delivery service is unaware of the content encryption/decryption key and the first key; and the content held by the content delivery service is encrypted with the content encryption/decryption key. Principals securely share, create, manage, and retrieve the encrypted versions of the content encryption/decryption key and the first key from the content delivery service using secure communications. The encrypted content is obtainable via insecure communications from the content delivery service. | 12-04-2008 |
20080301471 | Systems and methods in electronic evidence management for creating and maintaining a chain of custody - Systems and methods are provided for electronic evidence management for creating and maintaining a chain of custody. The exemplary systems and methods comprise storing captured electronic evidence in a repository, and recording one or more interactions with the stored electronic evidence in one or more chain of custody logs, wherein at least one chain of custody logs is encrypted and at least one chain of custody logs is unencrypted. The exemplary systems and methods further comprise monitoring the one or more chain of custody logs for unauthorized alterations to the recorded interactions with the stored electronic evidence. | 12-04-2008 |
20080301472 | METHOD OF ENCRYPTING AND STORING DIGITAL CONTENT USING FIRMWARE REGIONAL CODE AND APPARATUS THEREFOR - A method of processing digital content performed by an apparatus for storing digital content. In the method, a hardware regional code extracted from a memory of a content storage device is compared with a firmware regional code extracted from firmware, and the digital content is selectively encrypted and stored according to a corresponding regional code only when the hardware regional code matches the firmware regional code. | 12-04-2008 |
20080307237 | Method for improving accuracy of a time estimate used to authenticate an entity to a memory device - A method for improving accuracy of a time estimate used to authenticate an entity to a memory device is disclosed. In one embodiment, a memory device receives a request to authenticate an entity. Before attempting to authenticate the entity, the memory device determines if a new time stamp is needed. If a new time stamp is needed, the memory device receives the new time stamp and then attempts to authenticate the entity using a time estimate based on the new time stamp. In another embodiment, the memory device comprises a plurality of different time stamp update policies (TUPs) that specify when a new time stamp is needed, and the determination of whether a new time stamp is needed is based on a TUP associated with the entity. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination. | 12-11-2008 |
20080313474 | SUPER ENCRYPTED STORAGE AND RETRIEVAL OF MEDIA PROGRAMS WITH SMARTCARD GENERATED KEYS - A method and apparatus for storing and retrieving program material for subsequent replay is disclosed. In summary, the present invention describes a system and method for storing and retrieving program material for subsequent replay. The method comprises the steps of accepting encrypted access control information and the program material encrypted according to a first encryption key, the access control information including a first encryption key and control data; decrypting the received access control information to produce the first encryption key; decrypting the program material using the first encryption key; re-encrypting the program material using according to a second encryption key; encrypting the second encryption key according to a third encryption key to produce a fourth encryption key; and providing the re-encrypted program material and a fourth encryption key for storage. The apparatus comprises a conditional access module, for accepting encrypted access control information and the program material encrypted according to a first encryption key, the encrypted access control information including the first encryption key and temporally-variant control data, the control access module comprising a first decryption module, for decrypting the access control information to produce the first encryption key; a first encryption module, for encrypting a second encryption key with a third encryption key to produce a fourth encryption key; and a second decryption module for decrypting the fourth encryption key to produce the second encryption key. | 12-18-2008 |
20080320318 | METHOD AND APPARATUS FOR DATA ENCRYPTION AND DECRYPTION - A method is provided for encrypting data to be stored in a data storage medium. The method includes encrypting the data using a special key associated with the electronic device. One example of the special key is a barcode of the electronic device. The encrypted data then is stored in the data storage medium. When the data stored in the data storage medium is decrypted, only the electronic device has the special key i.e., the barcode, can reproduce the encrypted data. When the data storage medium is lost or stolen, the encrypted data cannot be decrypted by another electronic device because the barcode of current electronic device is different from the original electronic device. Therefore, the encrypted data stored in the data storage medium is prevented from being read out by other electronic devices. | 12-25-2008 |
20080320319 | SYSTEM AND METHOD FOR ENCRYPTING SECONDARY COPIES OF DATA - A system and method for encrypting secondary copies of data is described. In some examples, the system encrypts a secondary copy of data after the secondary copy is created. In some examples, the system looks to information about a data storage system, and determines when and where to encrypt data based on the information. | 12-25-2008 |
20090006865 | Efficient Remotely-Keyed Symmetric Cryptography For Digital Rights Management - An efficient symmetrical-cryptographic method for using a fast but insecure host to perform encryption/decryption based on a secret key in a secure, but slow hardware token, such as a smartcard or similar device, without revealing the secret key to the host, and such that the ciphertext and plaintext are exactly the same size. The present method is suitable for use in Digital Rights Management and Software Rights Management applications which require precise interchangeability of ciphertext and plaintext in pre-allocated areas of data storage. | 01-01-2009 |
20090006866 | STORAGE APPARATUS, MEMORY CARD ACCESSING APPARATUS AND METHOD OF READING/WRITING THE SAME - A storage apparatus having a non-volatile memory and a controller is provided, wherein the non-volatile memory includes a root directory area and a data area, and a password file is stored in the root directory area. The controller identifies a user by using a password in the password file, and the user can access the data area through an encryption/decryption unit of the controller only if the user passes the identification. By using the secured storage apparatus, the risk of the password and encrypted data being cracked is reduced. Accordingly, the protection over the data stored in the storage apparatus is enhanced. | 01-01-2009 |
20090006867 | System, device and method for providing data availability for lost/stolen portable communication devices - A system, device and method for providing data availability for a portable communication device, including various combinations of the following steps: notifying an operator that the portable communication device is missing; triggering encryption of data on the portable communication device; sending a data retrieval command to the portable communication device; authenticating the data retrieval command; retrieving data from the portable communication device; identifying a portion of the data retrieved from the portable communication device that is confidential; encrypting the identified confidential data on the portable communication device; and erasing the identified confidential data from the portable communication device or recovering the portable communication device and decrypting the confidential data on the portable communication device. | 01-01-2009 |
20090006868 | Secure storage for digital rights management - Various embodiments utilize hardware-enforced boundaries to provide various aspects of digital rights management or DRM in an open computing environment. Against the backdrop of these hardware-enforced boundaries, DRM provisioning techniques are employed to provision such things as keys and DRM software code in a secure and robust way. Further, at least some embodiments utilize secure time provisioning techniques to provision time to the computing environment, as well as techniques that provide for robustly secure storage. | 01-01-2009 |
20090006869 | Techniques for synchronizing and archive-versioning of encrypted files - Techniques are presented for synchronizing and archive-versioning encrypted files. Blocks of encrypted data are managed and metadata is maintained for the blocks. The metadata identifies a maximum number of blocks and an index or parameter string. The string includes transaction identifiers and relative block numbers. The metadata is used as parameter information to a hash algorithm along with a hash key to acquire a unique initialization vector for each block. Each initialization vector when supplied to a cipher service along with a particular block of data produces an encrypted version of the data supplied or supplies a decrypted version of the data supplied. The techniques are also applied to files being archived and versioned from a storage volume. | 01-01-2009 |
20090006870 | METHOD, SYSTEM, AND APPARATUS FOR DYNAMIC DATA-DRIVEN PRIVACY POLICY PROTECTION AND DATA SHARING - A method of sharing telematics data for a vehicle with service providers can include receiving the telematics data for the vehicle, where the telematics data dynamically changes over time, and comparing the telematics data with a privacy policy associated with the vehicle. The privacy policy can specify rules for selectively releasing items of the telematics data to one or more service providers. Data items of the telematics data can be selectively provided to the service providers according to the comparing step. | 01-01-2009 |
20090013194 | TECHNIQUE FOR PROTECTING A DATABASE FROM AN ONGOING THREAT - A system for stopping an ongoing threat to a database is described. During operation, if an ongoing threat to the database is detected, the system modifies a threat-assessment condition. Then, the system selectively restricts access to one or more cryptographic keys for the database based on the threat-assessment condition. Next, the system selectively activates decryption of requested encrypted information based on the threat-assessment condition. Note that both the selective restriction of access to the one or more cryptographic keys and the selective activation of decryption can be used to stop the ongoing threat from accessing the encrypted information in the database. | 01-08-2009 |
20090013195 | Data Storing Method, Data Playback Method, Data Recording Device, Data Playback Device, and Recording Medium - Provided is a method for performing high-speed search for a content key associated with encrypted content in the case of a key-separation-type content management method where content keys and their respective pieces of encrypted content are correlated by ID information and stored in different recording media. An external recording medium is used to store a plurality of content files that contain: their respective pieces of encrypted content that are encrypted with different encryption keys; and their respective content IDs, each being associated with a corresponding piece of the encryption content, and a semiconductor recording medium is used to store a list that contains: pieces of encryption key storage location information, each indicating where a corresponding one of the encryption keys is stored; and the content IDs, the list being sorted in accordance with the content IDs. When encrypted content is played back, the list is searched to find encryption key storage location information associated with a content ID that matches the content ID of the encrypted content, and the encryption key is read based on the encryption key storage location information. | 01-08-2009 |
20090013196 | Secure Processing Device, Method and Program - A secure processing device having a power saving mode, which is used for built-in apparatuses, calculates a hash value of secure data that needs to be saved when switching to the power saving mode, stores the calculated hash value in a protection storage unit whose data is not lost even in the power saving mode, encrypts the secure data and stores the encrypted data in an external memory when switching to the power saving mode. When switching back to the normal power mode, the secure processing device decrypts the encrypted data, calculates a hash value of the decrypted data and compares the hash value with the hash value stored in the protection storage unit. The decrypted data is restored to the protection storage unit when the hash values are identical, but discarded together with the encrypted data stored in the external memory when the hash values are not identical. | 01-08-2009 |
20090019291 | BACKUP AND RESTORATION OF DRM SECURITY DATA - The present invention provides for a method of security data restoration for a user device for back-up purposes in which the said security data can be restored through the interaction of a first and at least a second portion of data, including the steps of storing the first portion of data on a storage medium remote from the device, writing the at least second portion of data to wireless storage means, and, when restoration is required, communicating the at least second portion of data from the wireless storage means to the said storage medium so as to allow for the interaction of the first and the at least second portion of data. | 01-15-2009 |
20090019292 | Secure management of information - Methods and system are devised to provide security with regard to position data recorded by an electronic pen. The position data originates from a specific area of a position-coding pattern and is destined for a specific Application Service Handler, ASH, which is allocated the specific area of the pattern. The pen stores one or more Pen Application Licenses, PALs, which each includes license data in association with an encryption key, the license data identifying an area of the pattern. The encryption key of a given PAL corresponds to an encryption key of a given ASH. Thus, the PALs enable the pen to encrypt recorded position data, originating from the specific area of the pattern, with the encryption key that is related to the encryption key of the receiving ASH. The license data may further define a group of pens and a validity period, allowing a party generating a PAL to control its use. Generating a PAL may in turn need prior authorization, given by PAL validation data derived from an authorizer. The PAL validation data, which is to be included in the PAL, may set boundaries for the license data that can be included in a PAL, and may also be digitally signed by the authorizer. The pen may be prohibited to install the PAL unless its license data can be properly validated against the PAL validation data. | 01-15-2009 |
20090019293 | AUTOMATIC DATA REVOCATION TO FACILITATE SECURITY FOR A PORTABLE COMPUTING DEVICE - Some embodiments of the present invention provide a system that automatically revokes data on a portable computing device. During operation, the system uses a key K | 01-15-2009 |
20090031143 | Method and system for securing a disk key - In accordance with an embodiment of the present invention, a trusted client includes a non-volatile memory programmed with an encrypted disk key. The encrypted disk key in the non-volatile memory is encrypted with a master key of a security processor. Accordingly, encrypted data received by the central processor from a disk's security logic is forwarded to a security processor along with the encrypted disk key. The security processor decrypts the encrypted disk key and then decrypts the encrypted data, utilizing the disk key. The disk key is never available to the central processing unit in the clear. | 01-29-2009 |
20090031144 | REVOCATION MESSAGE CYCLING IN A DIGITAL TRANSMISSION CONTENT PROTECTION SYSTEM - In a digital Content Protection System (CPS), System Renewability Messages (SRM's) are managed at an administrative level to prioritize and select SRM's depending on transmission region and/or time. The highest-priority SRM's may be selected to fit in a receiver memory size specified by a CPS. SRM's may be cycled so that different subsets of the total set of SRM's are selected for highest priority use of limited storage capacity at different times, thereby extending the effectiveness of revocation beyond the otherwise limiting factor of SRM storage capacity. | 01-29-2009 |
20090031145 | DATA PROCESSING APPARATUS, DATA PROCESSING SYSTEM, AND CONTROL METHOD THEREFOR - A data processing apparatus capable of using, without change, a password used at the time of backup as a password at the time of restoration to thereby realize backup and restoration which are high in security and user-friendliness. Upon being backed up into an external storage medium, data stored in a box in the data processing apparatus and protected by password information is encrypted with an encryption key generated based on the password information and is stored into the external storage medium. Upon restoration of the encrypted data from the external storage medium to a multifunction peripheral, password information input by a user is set as a new password, and the data decrypted with a decryption key generated based on the password information is protected with the new password. | 01-29-2009 |
20090031146 | OBFUSCATED STATE STORE FOR RIGHTS MANAGEMENT SYSTEM AND THE LIKE - A state store having state information therein is stored on a computing device. Information at least nearly unique to the computing device is obtained, and a number of locations at which at least a portion of the state store is to be stored at is determined. Pseudo-random file names and corresponding paths are generated based at least in part on the obtained information, whereby the generated file names and corresponding paths are likewise at least nearly unique to the computing device, and the generated file names and path are paired to form the locations. Thereafter, the state store is stored according to the generated locations. | 01-29-2009 |
20090037748 | METHOD AND APPARATUS FOR FORBIDDING USE OF DIGITAL CONTENT AGAINST COPY CONTROL INFORMATION - Provided is a method of preventing digital content from being used despite the presence of copy control information. In the method, a security apparatus capable of restricting use of contents generates a nonce with respect to a storage device and stores the nonce in the storage device and a memory separated from the storage device when content is stored in the storage device; updates the nonces stored in the memory and storage device when movement of the content occurs; and permits use of the content only when the nonce of the storage device, which is stored in the memory, is equal to the nonce stored in the storage device if the content is requested for use, thereby preventing a disk cloning attack. | 02-05-2009 |
20090044025 | SMART CARD DATA PROTECTION METHOD AND SYSTEM THEREOF - A data protection method and system thereof used for a smart card, wherein, the user may select a data frame in a smart card through a data access interface, and input data into the data frame. The data protection system includes a data protection module, an encryption-decryption module, and a data storage module. The data protection module is coupled respectively to a data access interface and a smart card. The encryption-decryption module is coupled to the data protection module, and is used to generate an encrypted data frame. The data protection module is used to store the fake data frame into a smart card. When it is desired to access the data frame, the data access interface is used to read out the corresponding fake data frame. | 02-12-2009 |
20090049310 | Efficient Elimination of Access to Data on a Writable Storage Media - A method and computer program product are provided for eliminating access to data within a writable storage media cartridge. If it is determined if at least a first portion of data on the writable storage media is encrypted then a second portion of data within the writable storage media cartridge related to said encrypted first portion of data is shredded. The first portion of data and the second portion are not the same portions of the writable storage media cartridge. | 02-19-2009 |
20090049311 | Efficient Elimination of Access to Data on a Writable Storage Media - A system provided for eliminating access to data within a writable storage media cartridge. The system comprises a writable storage media drive, such as a tape drive. The writable storage drive determines if at least a first portion of data on the writable storage media is encrypted. If it is determined that the first portion of data is encrypted then the writable storage drive shreds a second portion of data within the writable storage media cartridge related to said encrypted first portion of data. The first portion of data and the second portion are not the same portions of the writable storage media cartridge. | 02-19-2009 |
20090055660 | Security flash memory, data encryption device and method for accessing security flash memory - The present invention discloses a security flash memory which includes a flash memory chip with a plurality of data transmission terminals, and a data encryption device. The data encryption device includes a verifier module with default pass code, a secret key module and a switching module. The verifier module compares a pass code with the default pass code for outputting a control signal. The secret key module is used for data encryption and data decryption. The switching module is connected to the verifier module, the data transmission terminals of the flash memory chip and the secret key module, and may connect or disconnect the data transmission terminals of the flash chip and the secret key module in response to the control signal. | 02-26-2009 |
20090063871 | Method and device for managing proprietary data format content - The invention provides a method for generating a protected data object from an original content by means of digital rights management (DRM) protection techniques, wherein said original content has a proprietary data format. Further, a method for providing a proprietary data format content included in a protected data object having a MIME-type field is proposed, wherein said protected data object is generated by means of digital rights management (DRM) techniques. | 03-05-2009 |
20090063872 | MANAGEMENT METHOD FOR ARCHIVE SYSTEM SECURITY - Creating a plaintext index from a text that is extracted from a file presents the risk of a leak of confidential information from the created index. To address this problem, provided is a computer system which has a computer, a storage subsystem coupled to the computer, and a network coupling the computer and the storage subsystem. The computer has an interface coupled to the network, a first processor coupled to the interface, and a memory coupled to the first processor. The storage subsystem has a disk device which stores data. A storage area of the disk device is divided into a plurality of storage areas including, at least, a first storage area and a second storage area. The first processor reads a part of data stored in the first storage area, encrypts the part of data read from the first storage area when the data stored in the first storage area is judged as encrypted data, and writes the encrypted part of data in the second storage area. | 03-05-2009 |
20090070598 | System and Method for Secure Data Disposal - A system, method, and program product is provided that initializes expected PCRs stored in a TPM by generating and storing a random number, seeding expected PCRs with the random number, inputting a set of startup code processes to a hash algorithm resulting in a set of hash values, updating the expected PCRs using the set of hash values, and saving the expected PCRs in a nonvolatile data area that is secured by the TPM. Upon reboot, the random number is retrieved from the nonvolatile data area, the PCRs are seeded with the retrieved random number, the startup code processes are input to the hash algorithm process resulting in another set of hash values, the PCRs are updated using the resulting set of hash values, and an encrypted data object is decrypted in response to the PCRs being the same as the expected PCRs. | 03-12-2009 |
20090070599 | MEMORY CARD, APPLICATION PROGRAM HOLDING METHOD, AND HOLDING PROGRAM - A memory card of the present invention is a memory card which receives an encrypted application program from a host apparatus, the encrypted application program being downloaded to the host apparatus, the memory card including: an Integrated Circuit (IC) card unit having a tamper resistant function; and a flash memory unit, wherein the IC card unit includes: a tamper resistant storage unit; a program acquisition unit which acquires the encrypted application program from the host apparatus; a storage control unit which stores the acquired encrypted application program in the tamper resistant storage unit or the flash memory unit; and a move control unit which, when the application program stored in the tamper resistant storage unit is to be executed and the size of the to-be-executed application program in the decrypted form exceeds the size of free space of the tamper resistant storage unit, moves an arbitrary encrypted application program stored in the tamper resistant storage unit to the flash memory unit. | 03-12-2009 |
20090070600 | Method for Etching and Secure Distribution of Digital Data, Access Device and Writer - The invention relates to a method of receiving and securely recording digital data comprising a step for recording said digital data on a secured disk by a recorder/receiver belonging to a determined secured domain comprising several equipment items and defined by an identifier, a step for recording on the secured disk the identifier of the domain of the recorder/receiver to define this domain as the only domain in which the reproduction/copying of the multimedia content is authorized, wherein it comprises a prior step for recovering a disk key from the secured disk, and in that the domain identifier is encrypted by said disk key and the digital data is scrambled by title keys, said title keys being encrypted by said disk key. The invention also relates to a method of securely distributing digital data, an access device and a recorder/receiver. | 03-12-2009 |
20090070601 | METHOD AND APPARATUS FOR RECURSIVELY ANALYZING LOG FILE DATA IN A NETWORK - Method and apparatus for processing log data produced by a network is described. In one example, entries in the log data are filtered using a plurality of filters to select first entries from the entries. The first entries are filtered using a plurality of false positive filters associated with the plurality of filters to select second entries from the first entries. Unique IP addresses are identified in the second entries. The entries in the log data are then filtered using the unique IP addresses to select third set entries. The third entries are analyzed to detect one or more patterns. | 03-12-2009 |
20090077389 | SECURITY FEATURES IN AN ELECTRONIC DEVICE - A method of establishing security in an electronic device. The method includes generating a statistically unique root key value and storing the root key value in a one-time programmable memory of the device. The method also includes isolating firmware in the device from access to the root key value. The root key value is used as a root of trust that ensures that each electronic device has its own key. In general, the root key is used to encrypt other keys in the device. In different aspects, a root key test value, which is utilized to test the root key, and other security features such as a re-purpose number and a cipher block chaining re-purpose value are included to protect the electronic device from unauthorized access. An electronic device that includes these security features is also provided. | 03-19-2009 |
20090077390 | Electronic file protection system having one or more removable memory devices - The electronic file protection system includes at least one first memory device removably disposable in communicative relation with one or more computers, wherein the first memory device includes a unique identifier. The system further includes unique, non-reproducible encryption key data disposed or otherwise saved on the first memory device. The encryption key data is structured to be utilized in conjunction with at least one encryption algorithm so as to at least partially protect the electronic file, or otherwise orient the electronic file in an encrypted mode. Further, the unique identifier is reproducible and disposable in associated relation with a replacement memory device. | 03-19-2009 |
20090077391 | Method and apparatus for protecting data during storage/retrieval - For protecting data during transmission between a host device and a data storage device, the host device encrypts command-related information and sends the encrypted command-related information to the data storage device. The data storage device decrypts the encrypted command-related information, interprets the decrypted command-related information to generate interpreted commands, and executes the interpreted commands. | 03-19-2009 |
20090083547 | CONFIDENTIAL INFORMATION PROCESSING HOST DEVICE AND CONFIDENTIAL INFORMATION PROCESSING METHOD - In the case where a target device stores: m keys {Ka | 03-26-2009 |
20090083548 | SECURE DATABASE ACCESS THROUGH PARTIAL ENCRYPTION - The present invention generally is directed to systems, methods, and articles of manufacture for securing sensitive information involved in database transactions. Embodiments of the present invention selectively encrypt only portions of transactions involving sensitive data, thereby reducing or eliminating the processing overhead resulting from wastefully encrypting non-sensitive data. The sensitive data may be identified by a document. The document may be accessed by a requesting entity to determine which portions of a query should be encrypted prior to sending the query to a database server over a network. The document may also be accessed by a database server to determine which portions of query results should be encrypted prior to sending the query results to the requesting entity over the network. | 03-26-2009 |
20090089590 | MERGING EXTERNAL NVRAM WITH FULL DISK ENCRYPTION - Methods and arrangements for managing a flash drive, hard disk, or connection between the two, in a manner to ensure that sensitive data is not decrypted at any time when it would be vulnerable. Accordingly, in a first implementation, the data may preferably be encrypted as it first goes into a flash drive and decrypted when it comes out of the flash drive. In another implementation, the flash drive may be logically bound to the hard disk, so that they would both use the same encryption key. In yet another implementation, if a hard disk is moved to another system, then the flash drive may also preferably be simultaneously moved. | 04-02-2009 |
20090089591 | Data security in a disconnected environment - Systems and methods are provided for the detection and prevention of intrusions in data at rest systems such as file systems and web servers. The systems and methods regulate access to sensitive data with minimal dependency on a communications network. Data access is quantitatively limited to minimize the data breaches resulting from, e.g., a stolen laptop or hard drive. | 04-02-2009 |
20090089592 | INFORMATION PROCESSING DEVICE, LOG MANAGEMENT APPARATUS, AND LOG MANAGEMENT PROGRAM PRODUCT - Technology is provided, which allows to easily find tampering of event logs created by an information processing device and transmitted to a log management apparatus, without increasing communication load. A printer (i.e. information processing device) creates a hash value from the event log of an event every time the event occurs. The printer generates a digital signature by encrypting the hash value with its own private key. The printer transmits the signature-bound event log obtained by binding the digital signature with the event log to a server (i.e. log management apparatus). The server decrypts the hash value from the event log of the received signature-bound log information using a device public key. The server also generates a new hash value from the event log. The server verifies the coincidence of the decrypted hash value and the new hash value, and authenticates signature-bound event logs for which this coincidence has been verified. The server stores signature-bound event logs that have been authenticated. Every time an event occurs, the printer transmits an event log bound with a digital signature that is created using its private key. Only signature-bound event logs are communicated between the printer and the server. Event log tampering can easily be discovered from the signature-bound event logs. Thus, tampering of event logs can easily be discovered without increasing the communication load between the printer and server. | 04-02-2009 |
20090089593 | Recording system, information processing apparatus, storage apparatus, recording method, and program - Disclosed herein is a recording system including a storage apparatus incorporating a storage medium, and an information processing apparatus which is connectable to the storage apparatus and which holds a content to be recorded to the storage apparatus. | 04-02-2009 |
20090100273 | PREVENT DATA STORAGE DEVICE CIRCUITRY SWAP - A device comprises a data storage media storing data content and a digital signature. At least a portion of the digital signature is encrypted on the data storage media. The device also includes a removable control circuitry including a unique key. If the unique key corresponds to the encrypted portion of the digital signature, the removable control circuitry allows access to the data content. If the unique key does not correspond to the encrypted portion of the digital signature, the removable control circuitry prevents access to the data content. Embodiments of the invention may be useful to prevent a user from accessing the data content without the original control circuitry used to write the data content. For example, embodiments of the invention may prevent a user from using a different control circuitry that would readily allow unauthorized copying and distribution of the data content. | 04-16-2009 |
20090106561 | DATA MANAGEMENT APPARATUS AND DATA MANAGEMENT METHOD - A data management apparatus is adaptable to an encryption system using a common key and a pair of keys comprising a public key and a private key. The data management apparatus includes: a common key encryption unit configured to encrypt a first common key with a first public key to generate an encrypted first common key; a password setting receiving unit configured to receive a setting of a first password; and a private key encryption unit configured to encrypt a first private key with the first password to generate an encrypted first private key. | 04-23-2009 |
20090106562 | Method of protecting data saved to recording medium and data storage apparatus adopting method - An apparatus, a computer-readable recording medium, and a method of controlling data recording and reproducing to and from a disk. Controlling the recording of data includes storing password information set in a recording mode and key information to a first area of the disk, encrypting location information of the first area, storing the encrypted location information to a second area of the disk, encrypting desired data and an address of the desired data using the key information, and recording the encrypted data at the encrypted address. Controlling the reproducing of data includes, when the password information is received in a reproducing mode, reading the encrypted location information saved to the second area of the disk, decrypting the encrypted location information of the first area, reading the password information saved to the first area, comparing the received password information with the read password information, and when the received password information is identical to the read password information, reading the key information saved to the first area and reproducing the desired data and the address using the read key information. | 04-23-2009 |
20090113219 | OPTIMIZED HIERARCHICAL INTEGRITY PROTECTION FOR STORED DATA - A method for data integrity protection includes receiving items of data for storage in a storage medium. The items are grouped into multiple groups, such that at least some of the groups include respective pluralities of the items. A respective group signature is computed over each of the groups, thereby generating multiple group signatures. An upper-level signature is computed over the group signatures. Groups of the items, the group signatures, and the upper-level signature are stored in respective locations in the storage medium. | 04-30-2009 |
20090113220 | ENCRYPTED BACKUP DATA STORAGE DEVICE AND STORAGE SYSTEM USING THE SAME - An encrypted backup data storage device and a storage system using the same are provided. A backup memory stores at least one of plain-text data and a secret key. A leakage current blocking circuit includes at least one inverter and a complementary metal oxide semiconductor (CMOS) NAND gate circuit and cuts off leakage current paths formed by the lines connected to the battery backup memory. | 04-30-2009 |
20090119517 | Apparatus and Method for Securing Data on a Portable Storage Device - A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided. | 05-07-2009 |
20090119518 | Server-Implemented System And Method For Providing Private Inference Control - A server system maintains records and their associated attributes in a secure database. A plurality of queries generated by encrypting indices identifying a records and their associated attributes, by homomorphic encryption is received from a client system. A secret key is generated at a certain query count and is divided into randomly generated key shares. A key share sequence is homomorphically encrypted. A table is formed by encrypting the indices, secret key and attributes. Query responses, which each comprise the attributes for each of the records of the table of entries are provided. The key shares are decrypted sufficient to recover the secret key subject to a non-inference enabling query. | 05-07-2009 |
20090132833 | STORAGE DEVICE, TERMINAL DEVICE USING THE STORAGE DEVICE, AND METHOD THEREOF - A method of using a storage device in a terminal device connected to the storage device includes reading an identification key stored in the storage device, if the storage device is connected, recovering, based on the identification key, one or more characteristic parameters regarding at least one of the storage device and a file stored in the storage device, and authenticating the storage device using the one or more recovered characteristic parameters. If the authentication is successful, the file is decrypted using the identification key and used. As a result, increased security is provided for the file stored in the storage device. | 05-21-2009 |
20090138727 | Challenge And Response Access Control Providing Data Security In Data Storage Devices - Techniques for securing data stored on a data storage device are provided. The data storage device encrypts the data using a bulk encryption key and stores the bulk encryption key in non-volatile memory in an encrypted format. The data storage device generates a challenge and response pair, wraps a secret key with the response to generate a wrapped secret key, and stores the challenge and the wrapped secret key in the non-volatile memory. The data storage device authenticates a host by reading the challenge and the wrapped secret key from the non-volatile memory, erasing the challenge and the wrapped secret key from the non-volatile memory, sending the challenge to the host, receiving the response from the host, and unwrapping the wrapped secret key using the response from the host to regenerate the secret key. | 05-28-2009 |
20090138728 | Program update method and server - A system including a secure LSI | 05-28-2009 |
20090138729 | INFORMATION PROCESSING DEVICE, PROGRAM VERIFICATION METHOD, AND RECORDING MEDIUM - A first storage unit stores a plurality of security functions each defining a first protection attribute requiring a storage of a value of an argument for input/output of data. A second storage unit stores a program list describing a second protection attribute of a variable indicating a storage area of the data and an executing procedure of a predetermined process. An identifying unit identifies a third protection attribute of an actual argument for input/output of a security function based on the second protection attribute. When a judging unit judges not all of third protection attributes match with first protection attributes, an output unit outputs error information indicating a mismatch of the protection attributes. | 05-28-2009 |
20090138730 | Methods and Systems For Providing A Secure Electronic Mailbox - A secure electronic mailbox is provided to a customer having an electronic account. The electronic account links the secure electronic mailbox to a physical address of the customer. The customer can send and receive secure and non-secure messages via the secure electronic mailbox. The customer can also access electronic services such as electronic bill presentment and payment using the secure electronic mailbox. | 05-28-2009 |
20090144562 | Method and system for encryption of file characteristics of .ZIP files - The present invention provides a method of integrating existing strong encryption methods into the processing of a .ZIP file to provide a highly secure data container which provides flexibility in the use of symmetric and asymmetric encryption technology. The present invention adapts the well established .ZIP file format to support higher levels of security and multiple methods of data encryption and key management, thereby producing a highly secure and flexible digital container for electronically storing and transferring confidential data. | 06-04-2009 |
20090144563 | Method of detecting data tampering on a storage system - A storage system according to the invention maintains an arithmetic signature or fingerprint generated using the content of selected units of data stored on the media. The signature is stored in metadata in non-volatile storage on the system's electronics card preferably in a tamper resistant module (TRM). When reading a data unit from storage, the system uses the saved signature to verify that the data unit has not been altered by unauthorized means after it was stored. The content of the stored data is thereby bound to the metadata stored in the system's non-volatile storage so that by-passing or physically separating the bulk storage media (e.g. disks) from the system's electronics will not allow alteration of the data without detection. The method also prevents unauthorized data roll-back because the signature of old data will not match the current signature in the metadata. | 06-04-2009 |
20090144564 | DATA ENCRYPTION INTERFACE FOR REDUCING ENCRYPT LATENCY IMPACT ON STANDARD TRAFFIC - Methods and apparatus that may be utilized in systems to reduce the impact of latency associated with encrypting data on non-encrypted data are provided. Secure and non-secure data may be routed independently. Thus, non-secure data may be forwarded on (e.g., to targeted write buffers), without waiting for previously sent secure data to be encrypted. As a result, non-secure data may be made available for subsequent processing much earlier than in conventional systems utilizing a common data path for both secure and non-secure data. | 06-04-2009 |
20090144565 | Method and system for asymmetrically encrypting .ZIP files - The present invention provides a method of integrating existing strong encryption methods into the processing of a .ZIP file to provide a highly secure data container which provides flexibility in the use of symmetric and asymmetric encryption technology. The present invention adapts the well established .ZIP file format to support higher levels of security and multiple methods of data encryption and key management, thereby producing a highly secure and flexible digital container for electronically storing and transferring confidential data. | 06-04-2009 |
20090150681 | Secure Software Download - Software can be downloaded securely using a multi-encryption method, where the decryption is completed when the software is executed. In one aspect, a multi-encrypted data item is received. One or more of the encryptions on the multi-encrypted data item is decrypted, yielding a partially decrypted data item. The partially decrypted data item is stored in a reserved portion of a storage medium. The partially decrypted data item is fetched from the storage medium and decrypted to yield the data item. The decryption can be performed using one or more circuits that implement multiple decryption processes, including multiple algorithm-key combinations. | 06-11-2009 |
20090150682 | Third Party Secured Storage for Web Services and Web Applications - A system and method for providing third party secure hosting of an application. The system and method includes providing a host system with a main memory and a third party secured memory, the third party secured memory storing third party information; encrypting the third party information stored on the third party secured memory upon access by a user, the encrypting being via a security key, the security key being held at a customer location; and, enabling access to the third party information only to users having the security key. | 06-11-2009 |
20090150683 | Method and system for associating database content for security enhancement - A system and method for associating database content for security enhancement is provided, the method being applicable to a system comprising a computer configured to process a data management application and to store data in databases. According to one embodiment of the method according to the invention, the application uses an encryption key to encrypt data. The application stores the encrypted data in two or more databases. The databases may comprise a system database for storing encrypted user access data and one or more results databases for storing patient data. Databases may be stored locally, remotely, or both locally and remotely. | 06-11-2009 |
20090150684 | ANTI-ATTACKING METHOD FOR PRIVATE KEY, CONTROLLER, STORAGE DEVICE AND COMPUTER READABLE RECORDING MEDIUM HAVING THE SAME - An anti-attacking method for a private key is provided. The method includes using a plurality of storage areas for storing the same security information. The method also includes selecting one of the storage areas as a currently-used storage area for accessing the security information and synchronously updating the security information stored in the other storage areas while updating the security information stored in the currently-used used storage area when generating a digital signature by using a signature rule and the private key. The method further includes selecting one of the other storage areas as the currently-used storage area for correctly accessing the security information when detecting an attack on the security information stored in the currently-used storage area during generation of the digital signature. Therefore, it is possible to prevent the attacker from stealing the private key. | 06-11-2009 |
20090158055 | METHOD FOR CRYPTOGRAPHIC AUTHENTICATION - The invention relates to a method for cryptographic authentication in access security systems. The aim of the invention is to provide a software solution. To this end, the method for secured storage of counter states in a non-volatile memory (EEPROM) ( | 06-18-2009 |
20090164804 | SECURED STORAGE DEVICE - A method of preventing unauthorized access to digital content includes obtaining from a trusted entity a public key of a public-private key pair, encrypting content being received by a storage device using the public key, and storing the encrypted content on the storage device. The public-private key pair includes the public key and a corresponding private key. The content is encrypted on the storage device using the public key so as to be decipherable using a corresponding private key. Access to the corresponding private key is restricted to the trusted entity alone and encrypted content may be decipherable by the trusted entity, only after an indication of authorization for use of the corresponding private key is provided to the trusted entity. Also provided is a method of controlling access to encrypted content that is stored on a storage device operating as a secure storage device. | 06-25-2009 |
20090172416 | Storage and Retrieval of Encrypted Data Blocks with In-Line Message Authentication Codes - Techniques are disclosed for in-line storage of message authentication codes with respective encrypted data blocks. In one aspect, a given data block is encrypted and a message authentication code is generated for the encrypted data block. A target address is determined for storage of the encrypted data block in a memory. The target address is then modified to permit in-line storage of the message authentication code with the encrypted data block in the memory, and the encrypted data block and the message authentication code are transferred to the memory for storage at the modified address. Illustrative embodiments of the techniques advantageously facilitate secure off-chip storage of data in a processing system. | 07-02-2009 |
20090172417 | KEY MANAGEMENT METHOD FOR REMOTE COPYING - A computer system comprising a host computer and a first storage system coupled to the host computer. The first storage system includes a first controller for controlling the first storage system, a first volume for storing data written by the host computer and a second volume for storing updated data when the data stored in the first volume is updated The first controller generates update information based on write data contained in the write request upon reception of a write request from the host computer, encrypts the write data based on an encrypted status of the data stored in the second volume and an encryption key for encrypting the data stored in the second volume and stores the generated update information and the encrypted write data in the second volume. | 07-02-2009 |
20090172418 | Methods and Apparatus for Efficient Computation of One-Way Chains in Cryptographic Applications - Techniques are disclosed for efficient computation of consecutive values of one-way chains and other one-way graphs in cryptographic applications. The one-way chain or graph may be a chain of length s having positions i=1, 2, . . . s each having a corresponding value ν | 07-02-2009 |
20090172419 | DATA STORAGE DEVICE, MANAGEMENT SERVER, INTEGRATED CIRCUIT, DATA UPDATE SYSTEM, HOME ELECTRIC APPARATUSES, DATA UPDATE METHOD, ENCRYPTION METHOD, AND ENCRYPTION/DECRYPTION KEY GENERATION METHOD - Provided is a data storage device capable of safely and effectively updating software of a home electric apparatus. In the home electric apparatus ( | 07-02-2009 |
20090177894 | SYSTEMS AND METHODS FOR SECURING DATA USING MULTI-FACTOR OR KEYED DISPERSAL - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. A keyed information dispersal algorithm (keyed IDA) may also be used. The key for the keyed IDA may additionally be protected by an external workgroup key, resulting in a multi-factor secret sharing scheme. | 07-09-2009 |
20090183009 | DATA PROCESSING SYSTEM, METHOD FOR EXECUTING A CRYPTOGRAPHIC ALGORITHM AND METHOD FOR PREPARING EXECUTION OF A CRYPTOGRAPHIC ALGORITHM - A data processing system including a memory configured to store confidential data and non-confidential data; a cache memory which is configured to cache data stored in the memory and which comprises a first cache memory region and a second cache memory region; a processing circuit configured to carry out, in a first state of the data processing system, a cryptographic algorithm which operates on the confidential data and on the non-confidential data, wherein the confidential data are cached using the first cache memory region and the non-confidential data are cached using the second cache memory region; and an invalidating circuit configured to invalidate the first cache memory region when the data processing system switches from the first state into a second state. | 07-16-2009 |
20090183010 | Cloud-Based Movable-Component Binding - This document describes tools capable of enabling cloud-based movable-component binding. The tools, in some embodiments, bind protected media content to a movable component in a mobile computing device in a cryptographically secure manner without requiring the movable component to perform a complex cryptographic function. By so doing the mobile computing device may request access to content and receive permission to use the content quickly and in a cryptographically robust way. | 07-16-2009 |
20090187770 | Data Security Including Real-Time Key Generation - Methods for providing data security are described. A security device ( | 07-23-2009 |
20090187771 | Secure data storage with key update to prevent replay attacks - A key update process applied to encrypted memory in a processing system determines an address from contents of a boundary register, reads an encrypted data block from a memory location specified by the address, decrypts the encrypted data block using a first key, re-encrypts the decrypted data block using a second key, writes the re-encrypted data block back to the memory location specified by the address, and updates the boundary register. These operations are repeated for one or more additional addresses. The boundary register contents are also used to determine appropriate keys for use in other read and write transactions to the memory. The key update process can be run as a background process, separate from the other read and write transactions to the memory, so as to incur minimal processing overhead. | 07-23-2009 |
20090187772 | TAMPER EVIDENCE PER DEVICE PROTECTED IDENTITY - Various techniques are described to protect secrets held by closed computing devices. In an ecosystem where devices operate and are offered a wide range of services from a service provider, the service provider may want to prevent users from sharing services between devices. In order to guarantee that services are not shared between devices, each device can be manufactured with a different set of secrets such as per device identifiers. Unscrupulous individuals may try to gain access to the secrets and transfer secrets from one device to another. In order to prevent this type of attack, each closed computing system can be manufactured to include a protected memory location that is tied to the device. | 07-23-2009 |
20090193266 | Access control for protected and clear AV content on same storage device - A method and apparatus for storing both protected and clear data on a single storage device | 07-30-2009 |
20090193267 | Secure electronic medical record storage on untrusted portal - Patients' medical records are encrypted using a symmetric encryption algorithm and stored on a server that is accessible via a distributed data network. The keys used for encrypting the records are also encrypted, using a public key of a creator of the record, and the encrypted record keys are stored on the server. Facilities for sharing records with other users and for modifying records are also described. | 07-30-2009 |
20090199015 | METHOD FOR PROTECTING AUDIO CONTENT - Techniques for protecting information in an audio file are provided. The techniques include obtaining an audio file, detecting information bearing one or more segments in a speech signal, wherein the information comprises information sought for protection, encrypting the information sought for protection by scrambling the one or more segments using a scrambling filter, and selectively decrypting an amount of the encrypted information, wherein the amount of the encrypted information to be decrypted depends on user access privilege, and wherein selectively decrypting the amount of the encrypted information protects said amount of the encrypted information. Techniques are also provided for protecting information in an audio file. | 08-06-2009 |
20090199016 | Storage system, and encryption key management method and encryption key management program thereof - A user no longer needs to restore key information upon restoring data. Proposed is a storage system having a storage apparatus, a tape library apparatus for backing up data stored in the storage apparatus, and a management terminal for managing the storage apparatus and the tape library apparatus. The management terminal identifies a key of a tape to be restored and restores a management Information file based an a tape management file, a tape group information file and a key information file upon restoring data stored in the tape in the tape library apparatus, and commands the restoration of the tape based on the restored management information file. | 08-06-2009 |
20090204824 | SYSTEM, METHOD AND MEMORY DEVICE PROVIDING DATA SCRAMBLING COMPATIBLE WITH ON-CHIP COPY OPERATION - Data scrambling techniques implemented externally to a flash memory device are disclosed which can be used in concert with flash memory on-chip copy functionality operating internally to the flash device, thus supporting high performance copying operations. All the data stored in the flash may be scrambled, including headers and control structures. Robust file system operation may be achieved, including the capability to tolerate a power loss at any time, and yet be able to relocate data internally within the flash without having to de-scramble and then re-scramble the data. An exemplary hardware based solution has little or no impact on overall system performance, and may be implemented at very low incremental cost to increase overall system reliability. The data scrambling technique preferably uses a logical address, such as logical block address or logical page address, rather than a physical address, to determine a seed scrambling key. | 08-13-2009 |
20090204825 | INFORMATION PROCESSING APPARATUS AND METHOD, INFORMATION RECORDING MEDIUM, AND COMPUTER PROGRAM - An information processing apparatus includes a data processor configured to obtain first content stored in a first information recording medium and second content which is stored in a second information recording medium and which is usable together with the first content, and to perform content playback processing by using the first content and the second content. The data processor calculates a hash value of a certificate stored in the first information recording medium, and verifies the calculated hash value against a hash value stored in a content certificate corresponding to the first content, and on the condition that the calculated hash value and the hash value stored in the content certificate coincide with each other, the data processor performs the content playback processing by using the first content and the second content. | 08-13-2009 |
20090210724 | CONTENT MANAGEMENT METHOD AND CONTENT MANAGEMENT APPARATUS - A technique is provided which protects copyrights of contents and at the same time enhances the user's convenience. | 08-20-2009 |
20090217056 | Secure and Usable Protection of a Roamable Credentials Store - A tool which facilitates a balancing of security with usability enabling secure user access to multiple secure sites and locations from several computing devices utilizing a roamable credential store (RCS) which is highly resistant to offline attack. The RCS facilitates a protected Unified Credential Vault (UCV) via a multi-stage encryption process such that user credentials are protected by making offline dictionary attacks prohibitively expensive to an attacker without causing usability to deteriorate commensurately. | 08-27-2009 |
20090217057 | Download And Burn To Rent System - A system and method provide for content to be downloaded by an information handling system (IHS) and written to an optical storage medium. The content is protected by a content protection system. The content on the storage medium may be decrypted and displayed by a playback device. An invalid credential is written to the storage medium, for example, after display of the content. The invalid credential restricts decryption of the content. Examples of credentials that may be invalidated by writing an invalid credential to the storage medium include any keys, usage rules, or other items required for the decryption of content, for example, under content scrambling system (CSS) or advanced access content system (AACS) content protection systems. | 08-27-2009 |
20090217058 | SECURE DATA TRANSFER AFTER AUTHENTICATION BETWEEN MEMORY AND A REQUESTER - Systems and/or methods are presented that can facilitate controlling access to secure memory blocks within a memory module. The subject innovation can employ key components that can contain two or more storage locations for authentication information that can facilitate controlling access to secure memory block components. Secure memory block counter components can be employed to indicate which storage location within the key component contains current authentication information associated with the respective secure memory block components. The disclosed subject matter allows for multiple secure memory block components to have separate authentication information to provide more than one user or entity to store data in their own secure memory block component. Multiple storage locations associated with the key components to substantially alleviated or eliminate the loss of secure areas of a memory module if power is lost during the updating of the authentication information associated with the secure areas. | 08-27-2009 |
20090222674 | APPLICATION EXECUTING DEVICE, MANAGING METHOD, AND PROGRAM - A BD-ROM stores a disc root certificate | 09-03-2009 |
20090222675 | TAMPER RESISTANT MEMORY PROTECTION - Various mechanisms are disclosed for protecting the security of memory in a computing environment. A security layer can have an encryption layer and a hashing layer that can dynamically encrypt and then dynamically hash sensitive information, as it is being loaded to dynamic memory of a computing device. For example, a memory unit that can correspond to a memory page can be processed by the security layer, and header data, code, and protect-worthy data can be secured, while other non-sensitive data can be left alone. Once such information is secured and stored in dynamic memory, it can be accessed at a later time by a processor and unencrypted and hash checked. Then, it can be loaded back onto the dynamic memory, thereby preventing direct memory access attacks. | 09-03-2009 |
20090222676 | SECURITY PROCESSOR AND METHODS FOR REGISTERING ACCESS ENTITLEMENTS AND CRYPTOGRAPHIC KEYS - This security method for scrambled multimedia signal decoder comprises at least one rewritable lock ( | 09-03-2009 |
20090235091 | Computer system for indexing and storing sensitive, secured, information on a non-trusted computer storage array - Preservation of sensitive electronic data records in the face of either natural or man-made catastrophes has become important. In some fields, such as the medical and legal fields, current law requires that such data survive these events, and be available to authorized users in a timely fashion. This invention presents a method to protect sensitive data such that the systems used for preservation need be neither private nor secure. Data sets are replicated at multiple servers that can be geographically distant increasing the survivability of these records. Both the name and the contents of these files are private to the client, and are not available even to the operators of the disaster recovery system. By allowing the preserved data to be accessible on the public Internet, yet be undecipherable, the confidentiality and survival of such data is significantly improved. This preservation methodology minimizes the data to be sent by sending only new and changed files, and multiple geographic sites are supported. | 09-17-2009 |
20090235092 | Transferring data values via a data bus or storing data values using a selectable representation - Data values being stored and transferred within a data processing system | 09-17-2009 |
20090240952 | Method and system for decryption of file characteristics of .ZIP files - The present invention provides a method of integrating existing strong encryption methods into the processing of a .ZIP file to provide a highly secure data container which provides flexibility in the use of symmetric and asymmetric encryption technology. The present invention adapts the well established .ZIP file format to support higher levels of security and multiple methods of data encryption and key management, thereby producing a highly secure and flexible digital container for electronically storing and transferring confidential data | 09-24-2009 |
20090240953 | ON-DISK SOFTWARE IMAGE ENCRYPTION - A technique is introduced to support on-disk software image encryption. Image of a software component deployed to a host is encrypted when the image is created and/or its content is changed, before such image of the software component is being saved to a non-volatile storage of the host. The encrypted image of the software component is decrypted only at startup and/or resume time of the software component. Once decrypted, the image of the software component is loaded into a volatile storage of the host so that the software component can be up and running. | 09-24-2009 |
20090240954 | METHOD FOR SECURELY STORING A PROGRAMMABLE IDENTIFIER IN A COMMUNICATION STATION - Disclosed is a method for storing an identifier in a first station having a secure non-volatile data store protected by cryptographic data, an identifier flag for indicating that the identifier has been written to the secure data store, and an authenticated trust agent that prohibits writing of an identifier to the secure data store if the identifier flag is set. In the method, the identifier is written to the secure non-volatile data store, wherein the identifier written to the secure data store is encrypted using the cryptographic data. The identifier flag is irreversibly set after writing the identifier to the secure data store so that the trust agent prohibits another write of an identifier to the secure data store. | 09-24-2009 |
20090240955 | SECURE MEDIA STORAGE DEVICE AND METHOD OF SECURING MEDIA STORAGE DEVICES - A secure media storage device for an imaging device, comprising an interface ( | 09-24-2009 |
20090240956 | Transparent encryption using secure encryption device - A system and method for allowing application programs that are external to the relational database to access the sensitive data in the database in a seamless fashion are described. The application programs are allowed to use existing query statements without having to modify such statements for accessing encrypted data in the relational database. | 09-24-2009 |
20090240957 | COPY PROTECTION METHOD, CONTENT PLAYBACK APPARATUS, AND IC CHIP - An IC chip that can be added to a content recording medium and that has a chip ID which is non-rewritably and uniquely set and originally recorded therein, wherein the IC chip includes a writable/readable ID memory that stores an encrypted content ID obtained by encrypting a content ID that identifies content, and an encrypted chip ID obtained by encrypting the chip ID. | 09-24-2009 |
20090240958 | SYSTEM AND METHOD FOR GENERATING A SECURE STATE INDICATOR ON A DISPLAY - A system and method for generating a security indicator on a display of a computing device (e.g. a mobile device), to indicate when the computing device is in a secure state while locked. A determination is made (e.g. by a data protection system) as to whether at least some of the secure data stored on the computing device can be decrypted by any applications on the computing device, while the computing device is in the locked state. An icon or other identifier can be displayed to indicate that the secure state has been attained. In one embodiment, the secure state is considered to have been attained, if it is determined that all tickets that have been issued to applications on the computing device while the computing device was unlocked have been released, and any decrypted encryption keys that may be used to decrypt the secure data have been deleted. | 09-24-2009 |
20090249081 | STORAGE DEVICE ENCRYPTION AND METHOD - A hard disk drive, and methods of providing secure access to data on a hard disk drive, are shown. In one example, an access code is sent to a hard disk drive to decipher an encrypted user key stored on the hard disk drive. In one example, at least a portion of the access code is not stored anywhere within the hard disk drive, and is provided from a host. | 10-01-2009 |
20090249082 | Method and apparatus for tokenization of sensitive sets of characters - A method and system for secure handling of sensitive sets of characters in a distributed hierarchical system are disclosed, comprising at least one local server on a lower hierarchic level and at least one central server at a higher hierarchic level. The method comprises the steps: receiving a sensitive set of characters in said local server; replacing a part of said sensitive set of characters with a token to form a tokenized set of characters, said token belonging to a subset of possible tokens assigned to the local server by the central server; transferring at least one of said sensitive set of characters and said tokenized set of characters to the central server; and canceling said sensitive set of characters from said local server within a limited time from said transferring, while maintaining said tokenized set of characters in a local database connected to said local server. | 10-01-2009 |
20090249083 | Method and System for Telephone Wait User Interface Selection - In the method of the present invention, a customer of a service provider would be placed in hold while waiting to speak to a customer service representative. The method and system of the invention would recognize the telephone number of the caller using a “caller ID” system. If this call is the first time the caller has ever called, the caller would be presented with an audible listing of listening choices that would include but not be limited to the latest news, the weather (of the caller's location), financial headlines, or a selection of music stations (via cable radio, for example). The caller would then speak or type his/her preference into the keypad and the selection would be played. If the caller does not like the selection, the caller can then speak another selection or type the new selection as many times as the caller prefers. The caller selection is recorded in a caller preference database. Finally, when the same customer calls one or more additional times, the system would retain the caller's number and preferred listening selection, based on caller ID value. The listening selection would automatically be played on subsequent calls. | 10-01-2009 |
20090249084 | REMOVABLE STORAGE DEVICE AND ASSOCIATED METHODOLOGY OF DATA ENCRYPTION - A data encryption transmission system and associated methodology is provided including a data input site that compresses and encrypts data based on a shared encryption key and then transmits the compressed and encrypted data to an external network. A database server which is operably linked to the external network and stores, manages, transmits, and receives data. A removable storage stores an identification code, and a client site which is configured to receive the removable storage generates an encryption key based on the identification code, receives encrypted data from the external network, decrypts and expands the received data based on the shared encryption key, encrypts the data based on the encryption key and saves the encrypted data, and finally decrypts the encrypted data and outputs the data using the encryption key. | 10-01-2009 |
20090254761 | Secure data processing method and associated device - A secure data processing method includes the following steps: padding (E | 10-08-2009 |
20090254762 | Access control for a memory device - Access control for a memory device is provided. In one embodiment, a portable memory device is provided comprising a storage medium comprising a private area and circuitry operative to (a) receive, from a host device, a password to unlock the host device, (b) compare the password with a password stored in the portable memory device, and (c) if the passwords match, allow the host device to access the private area. In another embodiment, a portable memory device is provided comprising a storage medium comprising a private area and a public area. The public area stores computer-readable program code to facilitate interaction with the access control features of the portable memory device. Methods for use with such memory devices are also provided. Other embodiments are disclosed, and each of the embodiments can be used alone or together in combination. | 10-08-2009 |
20090259857 | System and Method for Efficient Security Domain Translation and Data Transfer - A mobile UE includes a CPU, a secure DMA module, a secure cryptographic module, secure memory, and non-secure memory. The secure cryptographic module and secure memory allow access only by secure processes, including the secure DMA module. The CPU manages cryptographic keys and initializes DMA transfers in secure mode. The CPU executes the DMA transfers in non-secure mode. A first DMA transfer moves data encrypted in a first security domain to the secure cryptographic module, and moves clear text data to the secure memory. A second DMA transfer moves the clear text data to the secure cryptographic module, and data encrypted in a second security domain out of the secure cryptographic module. The data encrypted in the second security domain are transmitted to an external device. The secure memory protects the clear text data from being copied; only encrypted data is accessible by non-secure processes. | 10-15-2009 |
20090271638 | Storage system with an encryption function - To reduce the performance degradation of storage system, this invention provides a storage system comprising a disk drive and a disk controller. The disk controller provides a storage area of the disk drive to a host computer; executes a processing of switching an encryption key that is used to encrypt data stored in the logical volume from a first encryption key to a second encryption key; encrypts write data requested to be written with the second encryption key when the write request for one of storage areas within the logical volume that stores data for which switching of encryption keys has not been finished is received while the encryption key switching processing is being executed; and writes the encrypted write data in the logical volume to switch encryption keys for data stored in the storage area where the data is requested to be written by the received write request. | 10-29-2009 |
20090282265 | METHOD AND APPARATUS FOR PREVENTING ACCESS TO ENCRYPTED DATA IN A NODE - A method of preventing access of data in a node quickly and securely when the node is lost or stolen. The data is first encrypted using an encryption algorithm with a cryptographic key-material. Heuristic methods of detecting un-authorized access to the node are implemented to generate a theft-trigger. The theft-trigger is received and sent to a central authority. The validity of the trigger is verified and the central authority sends an acknowledgement of the trigger. When approval is given from the central authority, access to the data is prevented by deleting or concealing some cryptographic key-material. | 11-12-2009 |
20090282266 | Corralling Virtual Machines With Encryption Keys - A virtual machine comprises a unique identifier that is associated with one or more encryption keys. A management server encrypts the virtual machine's virtual hard disk(s) using the one or more associated encryption keys. The management server further provides the one or more encryption keys to a limited number of one or more servers in a system. Only those one or more servers that have been provided the one or more encryption keys can be used to load, access, and/or operate the virtual machine. The management server can thus differentiate which virtual machines can be operated on which servers by differentiating which servers can receive which encryption keys. In one implementation, a management server encrypts all virtual machines in the system, but encrypts virtual machines with sensitive data with a limited set of encryption keys, and further provides those encryption keys to a limited set of trusted servers. | 11-12-2009 |
20090282267 | PARTIAL SCRAMBLING TO REDUCE CORRELATION - Decorrelation is provided between data stored in respective pairs of adjacent memory cells in a plurality of bit lines of a flash memory. Each of the pairs of adjacent memory cells is located along a respective one of the bitlines and common to two adjacent wordlines. The decorrelation is achieved by storing scrambled data in at least one memory cell of each of the pairs of adjacent memory cells and storing unscrambled data in at least one memory cell of at least one of the pairs of adjacent memory cells. | 11-12-2009 |
20090282268 | CROSS VALIDATION OF DATA USING MULTIPLE SUBSYSTEMS - A method and apparatus for cross validation of data using multiple subsystems are described. According to one embodiment of the invention, a computer comprises a first subsystem and a second subsystem; and a memory, the memory comprising a first memory region and a second memory region, the first memory region being associated with the first subsystem and a second memory region being associated with the second subsystem; upon start up of the computer, the first subsystem to validate the second memory region and the second subsystem to validate the first memory region. | 11-12-2009 |
20090287941 | INFORMATION PROCESSING APPARATUS, CONTROL METHOD THEREFOR, AND STORAGE MEDIUM - An information processing apparatus which makes it possible to store encrypted data of packets in a decrypted state, and improve the efficiency of data analysis. A network interface receives encrypted data which has been encrypted, and data which has not been encrypted, from a network. A HDD stores received data. A IPSec module is operable when an item of the received is an item of the encrypted data, to decrypt the item of the encrypted data. A packet acquisition sub application searches the data stored in HDD for an item of the encrypted data corresponding to an decrypted item of data. The packet acquisition sub application updates the item of the received encrypted data based on the decrypted item of the data. | 11-19-2009 |
20090300369 | Security unit and protection system comprising such security unit as well as method for protecting data - In order to provide a protection system ( | 12-03-2009 |
20090300370 | Enabling byte-code based image isolation - In one embodiment, the present invention includes a method for setting an extensible policy mechanism to protect a root data structure including a page table, interpreting a bytecode of a pre-boot driver in a byte code interpreter, and controlling access to a memory location based on the extensible policy mechanism. Other embodiments are described and claimed. | 12-03-2009 |
20090300371 | SEMICONDUCTOR INTEGRATED DEVICE AND METHOD OF TESTING SEMICONDUCTOR INTEGRATED DEVICE - According to one embodiment, a semiconductor integrated device which stores secret data and is capable of operating in a test mode in which a scan test with respect to an internal circuit is executed, the semiconductor integrated device comprises a mode signal receiving module configured to receive a scan mode signal designating the test mode, a mask module configured to mask the secret data when the mode signal receiving module receives the scan mode signal, and an error detection module configured to detect presence or absence of error in the secret data and to store detection result in a first flip-flop. | 12-03-2009 |
20090300372 | SOLID STATE DISK AND INPUT/OUTPUT METHOD - Disclosed is a solid state disk including a storage unit configured to store data, and a control part configured to control enciphering and writing operation for the data using a key value and an initialization vector. The initialization vector is generated by processing an address corresponding to the data. | 12-03-2009 |
20090307502 | METHOD AND APPARATUS FOR SECURING DIGITAL INFORMATION ON AN INTEGRATED CIRCUIT READ ONLY MEMORY DURING TEST OPERATING MODES - The embodiments protect an IC against Design-For-Test (DFT) or other test mode attack. Secrets in ROM or PROM are secured. One embodiment for securing information on an IC includes receiving a ROM read command, writing data from a plurality of ROM address locations to an encryption logic in response to receiving the ROM read command, and writing an encryption logic output of the encryption logic to a test control logic, the encryption logic output representing the data from the plurality of ROM address locations. Writing the data from the plurality of ROM address locations to the encryption logic may also include writing the data from the plurality of ROM address locations to a multiple input shift register (MISR) in response to the ROM read command, and writing an MISR output to the test control logic, the MISR output representing the data from the plurality of ROM address locations. | 12-10-2009 |
20090307503 | DIGITAL CONTENT MANAGEMENT SYSTEMS AND METHODS - Digital content management systems and methods are provided for mass production of one or multiple digital contents. During the digital content management, the digital contents are first composed and encrypted to obtain encrypted digital contents. Then, the encrypted digital contents are copied and stored to at least one storage device. Finally, different identification data corresponding to the digital contents is respectively offered and stored to the at least one storage device. In this application, since the digital contents are first protected by encryption, and then copied to the storage device, the risk of the digital contents to be stolen or manipulated is reduced. Additionally, since the identification data are stored to the storage device in the last stage of the digital content management system, the efficiency of the mass production of the digital contents is improved. | 12-10-2009 |
20090307504 | Method, Apparatus, and System for Managing, Reviewing, Comparing and Detecting Data on a Wide Area Network - Embodiments of the present invention are directed to a data management system, apparatus and process for uniquely identifying and protecting data. In preferred embodiments, the data management system comprises a data management server, a key generator, a source print generator and a source print detector. In some preferred embodiments, the data management system further comprises a data embedding system. Keys are created by the data management system for application to source files to create a fingerprint for the source file. The fingerprint is compared to unknown files to identify uses of the source file. | 12-10-2009 |
20090313483 | Single Instance Storage of Encrypted Data - Described is a technology by which data is efficiently and securely stored in a single instance store. A hash value is computed from data in its unencrypted form. The hash value is used to reference a single instance of that data when stored in its encrypted form. In this manner, duplicate data blocks are detectable independent of their encryption, yet stored in an encrypted form in a single instance store. In one aspect, context information for decrypting the encrypted data is stored in association with the data. When the client wants to restore the data, the client sends the hash value for that block to the single instance store service. The service returns the block and the associated context information. The client uses the context information to decrypt the block. For example, the context may comprise a key identifier which the client uses to lookup the correct key. | 12-17-2009 |
20090319806 | Extensible pre-boot authentication - In one embodiment, the present invention includes a method for obtaining a pre-boot authentication (PBA) image from a full disk encryption disk in a pre-boot environment, executing the PBA using a chipset to obtain user credential information, authorizing the user based on the user credential information and stored credential information, and storing the user credential information in a PBA metadata region of the disk. Other embodiments are described and claimed. | 12-24-2009 |
20090319807 | SYSTEMS AND METHODS FOR CONTENT PLAYBACK AND RECORDING - A method for content playback and recording may include using a computer to obtain media content from a recorded medium. Concurrently with obtaining the media content, the method may include reencrypting the encrypted media content using a secondary encryption key and storing the reencrypted media content in a storage device. | 12-24-2009 |
20090327757 | Computer system for managing storage area state of a storage system - There is provided a computer system, having a host and at least one storage system. The at least one storage system provides storage area includes at least one of an encrypted storage area and a plaintext storage area The at least one storage system is configured to: receive an instruction about what type of storage area is available to the host computer; present the encrypted storage area to the host as an available storage area separate from unavailable storage areas in the case of the type of storage area being available according to the instruction indicating “encrypted”; and present, in the case of the type of storage area being available according to the instruction indicating other than “encrypted”, one of both the encrypted storage area and the plaintext storage area to the host computer as available storage areas, and only the plaintext storage area as an available storage area. | 12-31-2009 |
20090327758 | STORAGE APPARATUS AND DATA PROCESSING METHOD FOR STORAGE APPARATUS - A storage apparatus is provided, which allows a user to properly use an encrypted text and a plain text even when the storage apparatus has an encrypting function. An adaptor controlling transmission and reception of data to and from a memory device is provided with an encrypting function. Data requiring no encryption is transmitted to an adaptor having no encrypting function, and data to be encrypted is transmitted to the adaptor having an encrypting function. Thus, a user of the storage apparatus can properly use an encrypted text and a plain text. | 12-31-2009 |
20090327759 | Encrypting data on a non-volatile memory - A non-volatile memory, such as a NAND memory, may be encrypted by reading source blocks, writing to destination blocks, and then erasing the source blocks. As part of the encryption sequence, a power fail recovery procedure, using sequence numbers, is used to reestablish a logical-to-physical translation table for the destination blocks. | 12-31-2009 |
20090327760 | Tachograph - A tachograph includes at least one chip card reading unit and, at least one chip card with secure memory. Secured data transmission can be fed to the at least one chip card reading unit. On the at least one chip card, at least one user-defined piece of identification information is securely stored which is independent of a specified piece of identification information for a specified operation of the tachograph. The tachograph is constructed so as to authenticate the at least one chip card in accordance with the at least one piece of user-defined identification information, and to read data securely from the at least one chip card and/or to store data securely on the at least one chip card. | 12-31-2009 |
20090327761 | RECORDING MEDIUM, ATTACHING KIT FOR ATTACHING ENCRYPTION KEY STICKER TO THE RECORDING MEDIUM, AND RECORDING APPARATUS AND REPRODUCING APPARATUS FOR THE RECORDING MEDIUM - A sticker ( | 12-31-2009 |
20100005317 | Securing temporary data stored in non-volatile memory using volatile memory - Temporary digital data received for storage in non-volatile memory are encoded using a key stored in volatile memory. The encoded digital data are then stored in the non-volatile memory. As long as there has been no interruption of supply of power to the volatile memory, the key is available enabling decoding of the encoded digital data stored in the non-volatile memory. Upon interruption of supply of power to the volatile memory the key is erased. Absent the key, access to the encoded digital data stored in the non-volatile memory is prevented. | 01-07-2010 |
20100005318 | Process for securing data in a storage unit - The invention is a process for securing data in a storage unit using public and private key encryption and symmetrical encryption techniques by a owner of the data for use by multiple users. The process including the steps of: 1) encrypting the data; 2) attaching encrypted meta data to the encrypted data providing access at a selected level to the data by each of the multiple users, the access level to each of the multiple users being the ability to read and change the data, or the ability to only read the data, or no access to the data; 3) storing the encrypted data and meta data in the storage unit; and 4) providing each of the multiple users with de-encryption means such that the encrypted data can be de-encrypted at the selected level granted to each of the multiple users. | 01-07-2010 |
20100005319 | HARDWARE PROTECTION FOR ENCRYPTED STRINGS AND PROTECTION OF SECURITY PARAMETERS - In one embodiment, a disk drive is provided that is adapted for security authentication. The disk drive includes: a non-volatile memory storing object code; a processor for retrieving the stored object code; a decryption engine for decrypting a retrieved shared secret from the object code; and a first memory for storing the decrypted retrieved shared secret; wherein the processor is configured to overwrite the written decrypted retrieved shared secret after it has been used in an authentication procedure. | 01-07-2010 |
20100017626 | INFORMATION PROCESSING APPARATUS, AUTHENTICATION METHOD, AND STORAGE MEDIUM - According to one embodiment, a storage medium comprises an encrypted content, key management information which is updated whenever necessary and includes a media key block including encrypted media keys obtained by encrypting a media key which is a base of an authentication key used for mutual authentication with another apparatus by using different device keys, and first and second application keys which encrypt the title keys for each application of the content and are alternately updated and encrypted when the key management information is updated. | 01-21-2010 |
20100017627 | ENSURING AUTHENTICITY IN A CLOSED CONTENT DISTRIBUTION SYSTEM - A technique for maintaining encrypted content received over a network in a secure processor without exposing a key used to decrypt the content in the clear is disclosed. | 01-21-2010 |
20100023781 | DATA PROCESSING APPARATUS, DATA STORAGE DEVICE, AND DATA PROCESSING METHOD THEREFOR - A supported encryption and authentication function is inquired of a memory card having a digital data encryption and authentication function. An encryption and authentication function to be applied to digital data is selected based on the inquiry result. The memory card is notified of the selection result, and digital data is transmitted to the memory card. | 01-28-2010 |
20100023782 | CRYPTOGRAPHIC KEY-TO-POLICY ASSOCIATION AND ENFORCEMENT FOR SECURE KEY-MANAGEMENT AND POLICY EXECUTION - Key-to-policy association and hardware-based policy enforcement for file/folder encryption (FFE) and/or full-disk encryption (FDE) are provided. A CPU independent microprocessor (CIM) is coupled to a platform and provides a secure storage service, secure non-volatile storage, secure policy enforcement engine, and system interface for communication with platform components independent of the CPU. The CIM stores a key and its associated policies by generating a hardware-derived key to wrap the key prior to securely storing it in non-volatile storage on the CIM. Upon receiving a request for key-access by an application, policy status and credentials are verified before the key is returned. | 01-28-2010 |
20100023783 | SYSTEM AND METHOD OF DECRYPTING ENCRYPTED CONTENT - System and method of decrypting content. The content may be decrypted with decryption keys stored on a secured dongle. The dongle may be connect to a computer and used to decrypt the content for the computer, limiting the decryption-based processing demands on the computer. The computer may output the decrypted content to an output device for access by a user. The dongle may be single-use device pre-configured with a number of unchangeable keys and security measures. | 01-28-2010 |
20100031056 | STORAGE SYSTEM TO WHICH REMOVABLE ENCRYPTION/DECRYPTION MODULE IS CONNECTED - A storage system comprises a connector to which a removable module is connected. The removable module comprises a storage section for storing encryption/decryption information related to encryption and decryption of data, and/or an encryption/decryption engine for encrypting/decryption data by a predetermined encryption/decryption scheme. A control section and/or a module of the storage system encrypts data using the encryption/decryption information, or decrypts encrypted data using the encryption/decryption information. Alternatively the encryption/decryption engine encrypts data or decrypts encrypted data. | 02-04-2010 |
20100031057 | Traffic analysis resistant storage encryption using implicit and explicit data - An encryption scheme for mass storage devices employing a tweakable encryption scheme to add variability to the encrypted data to resist attacks by traffic analysis. Explicit tweak and implicit tweak may be used to add variability to plaintext prior to encryption and eventual storage. The tweak information is either stored on the storage device along with the encrypted data as in the case of an explicit tweak, or it is derived from another source when needed as in the case of an implicit tweak. The ciphertext is decrypted using either the stored explicit tweak value or derive the implicit tweak value to “de-tweak” the decrypted data prior to usage. The data may be deleted by destroying the cipher key(s) to render the ciphertext useless. The tweak information alone is useless for decryption, as the ciphertext needs to be decrypted with the cipher key(s). | 02-04-2010 |
20100031058 | Computer System, Storage System and Management Computer for Backing Up and Restore Encryption Key for Storage System Incorporating Therein a Stored Data Encryption Function - To protect data from corruption due to restoration of an encryption key to a wrong storage system, there is provided a computer system including a first storage system and a second storage system, wherein: the first storage system, upon receiving a request to write first data to a first area in the first storage system, encrypts the first data by using a first key and writes the first data in the first area, and, upon receiving a request to write second data to a third area, encrypts the second data by using a second key and transmits a request to write the encrypted second data in a second area in the second storage system; and the computer system holds the first key, an identifier of the first storage system associated with the first key, the second key, and an identifier of the second storage system associated with the second key. | 02-04-2010 |
20100031059 | SECURITY DEVICE, SECURE MEMORY SYSTEM AND METHOD USING A SECURITY DEVICE - A security device including a first external interface; a second external interface; and a security controller connected to said first external interface and said second external interface, said security controller being adapted to validate an access right based on a codeword received via said first interface to perform an encrypted memory access via said second external interface to an external memory coupleable to said second external interface, and to prevent that encrypted memory access via said first external interface or prevent any output of data via said first external interface depending on data received via said second external interface in case of a negative validation. | 02-04-2010 |
20100031060 | SECURITY FOR RAID SYSTEMS - Methods and apparatus for accessing a redundant array of independent drives (RAID) storage device are disclosed. In some embodiments file data is broken into multiple segments. A cryptographic operation is performed on one or more segments to generate encrypted segment(s). One or more parity syndrome is computed from the encrypted segment(s) and the unencrypted segment(s). The encrypted segment(s), the unencrypted segment(s) and the parity syndrome(s) are striped onto different individual drives. Since the cryptographic operation is not performed on all the segments, it may also be performed concurrently with computing of parity syndrome(s) from other unencrypted segments. | 02-04-2010 |
20100031061 | Data storage device and management method of cryptographic key thereof - Embodiments of the present invention help to securely manage a data cryptographic key in a data storage device. In an embodiment of the present invention, a cryptographic processor for encrypting and decrypting data is located between a host interface and a memory manager. In parts of the hard disk drive (HDD), except for the host interface, the HDD handles user data in an encrypted state. A data cryptographic key which the cryptographic processor uses to encrypt and decrypt the user data is encrypted and stored in a magnetic disk. A multiprocessing unit (MPU) decrypts the data cryptographic key using a password and a random number to supply it to the cryptographic processor. Using the password and the random number, the HDD can manage the data cryptographic key with more security. | 02-04-2010 |
20100031062 | Storage Device and Data Processing Method of Storage Device - The present invention provides a storage device and a data processing method of the storage device which can prevent leaking of data attributed to stealing or taking out of a disk device. A storage device includes: a plurality of disk adapters each of which is connected to HDDs which constitutes at least one RAID group; and a management part which manages a storage area provided by the plurality of HDD in a state that the storage area is divided into a plurality of logical storage areas, and manages the plurality of RAID groups. The management part sets an encryption state indicative of whether or not the data is to be encrypted with respect to the RAID group when all of the disk adapters connected to the HDD which belong to the RAID group are the encryption adapters the data, and the encryption adapter encrypts, based on the encryption state set with respect to the RAID group, and stores the encrypted data in the HDD. | 02-04-2010 |
20100031063 | System for and Method of Remote Secure Backup - Systems and methods for registering a module for backup, backing up a module, and restoring a backed up module are provided. | 02-04-2010 |
20100037068 | Method to Protect Secrets Against Encrypted Section Attack - A method, system, and computer-usable medium are disclosed for controlling unauthorized access to encrypted application program code. Predetermined program code is encrypted with a first key. The hash value of an application verification certificate associated with a second key is calculated by performing a one-way hash function. Binding operations are then performed with the first key and the calculated hash value to generate a third key, which is a binding key. The binding key is encrypted with a fourth key to generate an encrypted binding key, which is then embedded in the application. The application is digitally signed with a fifth key to generate an encrypted and signed program code image. To decrypt the encrypted program code, the application verification key certificate is verified and in turn is used to verify the authenticity of the encrypted and signed program code image. The encrypted binding key is then decrypted with a sixth key to extract the binding key. The hash value of the application verification certificate associated with the second key is then calculated and used with the extracted binding key to extract the first key. The extracted first key is then used to decrypt the encrypted application code. | 02-11-2010 |
20100037069 | Integrated Cryptographic Security Module for a Network Node - A system that provides a cryptographic unit that generates secret keys that are not directly accessible to software executed by a controller. The cryptographic unit can include a restrictor device, a finite state machine, a random number generator communicatively and a memory. The memory stores values generated by the random number generator. The restrictor device and the finite state machine include hardware logic that restricts access or changes to the contents of the memory. | 02-11-2010 |
20100042851 | Method for Securely Handling Data During the Running of Cryptographic Algorithms on Embedded Systems - The invention relates to a method for handling data between two memory areas of an electronic component having at least one working memory area for carrying out operations on the component, which bring into play at least some of the data. The same memory areas are used for executing an operation, whatever the operation to be executed is, in such a manner that each operation has a hidden signal trace that is identical in terms of location leakage outside the component. | 02-18-2010 |
20100049990 | STORAGE DEVICE AND RECORDING AND REPRODUCING SYSTEM - A storage device includes a decryption section, non-volatile memory, and an encryption section. The decryption section decrypts externally input encrypted data. The non-volatile memory records data decrypted by the decryption section. The encryption section encrypts and outputs decrypted data read out from the non-volatile memory. | 02-25-2010 |
20100049991 | SAFE SELF-DESTRUCTION OF DATA - A method for securing data includes encrypting the data and storing a key ( | 02-25-2010 |
20100049992 | APPLICATION EXECUTING DEVICE, MANAGING METHOD, AND PROGRAM - A BD-ROM stores a disc root certificate | 02-25-2010 |
20100049993 | SYSTEMS AND METHODS FOR LOCKING AND EXPORTING THE LOCKING OF A REMOVABLE MEMORY DEVICE - A device and method is provided for commonly and securely allowing, as access control on a memory card, a plurality of information processing apparatuses to lock/unlock the memory. On the basis of a lock command input from an information processing apparatus serving as a host, such as a PC, an information storage device, such as a memory card, determines whether (a) a standard lock key set serving as a key set prohibiting output or (b) an export lock key set serving as a key set permitting output is detected and stores corresponding key set information. Only when the export lock key set is detected, output is permitted provided that predetermined verification succeeds. | 02-25-2010 |
20100058072 | CONTENT CRYPTOGRAPHIC FIREWALL SYSTEM - A system and method that regulates the various operations between computing stations and storage or content. Any operation that involves or may lead to the exchange or accessing of content (data) between storage or hosting content container and computing station may be regulated by means of a policy which comprise a set of rules. Rules may be defined according to specific criteria, including the type of storage, the type of content, the attributes of the content, and other attributes associated with the storage device and/or the content. The policy will be dynamically installed/updated upon a computing station for specific User(s) and will regulate the data operations that may take place between the computing stations and storage or content based on evaluation of the policy. Based on the evaluation of the policy, the requested operation is permitted, restricted in some areas, or denied. | 03-04-2010 |
20100058073 | STORAGE SYSTEM, CONTROLLER, AND DATA PROTECTION METHOD THEREOF - A storage system including a storage unit, a connector, and a controller is provided. A personal identification number (PIN) message digest and a cipher text are stored in the storage unit. When the storage system is connected to a host system through the connector, the controller requests a password from the host system and generates a message digest through a one-way hash function according to the password. After that, the controller determinates whether the message digest matches the PIN message digest. If the message digest matches the PIN message digest, the controller decrypts the cipher text in the storage unit through a first encryption/decryption function according to the password to obtain an encryption/decryption key. Eventually, the controller encrypts and decrypts user data through a second encryption/decryption function according to the encryption/decryption key. Thereby, the user data stored in the storage system can be effectively protected. | 03-04-2010 |
20100058074 | RIGHT INFORMATION ENCRYPTION MODULE, NONVOLATILE MEMORY DEVICE, RIGHT INFORMATION RECORDING SYSTEM, RIGHT INFORMATION DECRYPTION MODULE, RIGHT INFORMATION READING SYSTEM, AND RIGHT INFORMATION RECORDING/READING SYSTEM - A right information encryption module | 03-04-2010 |
20100058075 | METHOD AND APPARATUS FOR LOADING A TRUSTABLE OPERATING SYSTEM - A method and apparatus is provided for securing a region in a memory of a computer. According to one embodiment, the method comprises halting of all but one of a plurality of processors in a computer. The halted processors entering into a special halted state. Content is loaded into the region only after the halting of all but the one of the plurality of processors and the region is protected from access by the halted processors. The method further comprises placing the non-halted processor into a known privileged state, and causing the halted processors to exit the halted state after the non-halted processor has been placed into the known privileged state. | 03-04-2010 |
20100058076 | METHOD AND APPARATUS FOR LOADING A TRUSTABLE OPERATING SYSTEM - An article of manufacture is provided for securing a region in a memory of a computer. According to one embodiment, the article of manufacture comprises a machine-accessible medium including data that, when accessed by a machine, causes the machine to: halt all but one of a plurality of processing elements in a computer, where the halted processing elements enter into a special halted state; load content into the region only after the halting of all but the one of the plurality of processing elements and the region is protected from access by the halted processing elements; place the non-halted processing element into a known privileged state; and cause the halted processing elements to exit the halted state after the non-halted processing element has been placed into the known privileged state. | 03-04-2010 |
20100064145 | SEMICONDUCTOR MEMORY CARD, PLAYBACK APPARATUS, RECORDING APPARATUS, PLAYBACK METHOD, RECORDING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM - An audio stream is divided into a plurality of audio object (AOB) files that are recorded having each been encrypted using a different encryption key. At least one piece of track management information (TKI) is provided corresponding to each track. Playlist information (PLI) assigns a playback position in a playback order to each track when a plurality of tracks are to be played back one after the other. | 03-11-2010 |
20100070781 | METHOD AND SYSTEM FOR BOOTSTRAPPING A TRUSTED SERVER HAVING REDUNDANT TRUSTED PLATFORM MODULES - Multiple trusted platform modules within a data processing system are used in a redundant manner that provides a reliable mechanism for securely storing secret data at rest that is used to bootstrap a system trusted platform module. A hypervisor requests each trusted platform module to encrypt a copy of the secret data, thereby generating multiple versions of encrypted secret data values, which are then stored within a non-volatile memory within the trusted platform. At some later point in time, the encrypted secret data values are retrieved, decrypted by the trusted platform module that performed the previous encryption, and then compared to each other. If any of the decrypted values do not match a quorum of values from the comparison operation, then a corresponding trusted platform module for a non-matching decrypted value is designated as defective because it has not been able to correctly decrypt a value that it previously encrypted. | 03-18-2010 |
20100077229 | METHOD FOR EMPLOYING USB RECORD CARRIERS AND A RELATED MODULE - A method of utilizing USB record carriers is disclosed. A USB security drive is serially connected with at least a USB drive to encrypt/decrypt stored data in the USB drive and to integrate a plurality of data regions or even a plurality of encrypted data regions to provide multi-level security protections. In a more specific embodiment, the USB security drive further enables the automatic backup of data stored in the USB drive. A related assembled module by the implementation is also disclosed. | 03-25-2010 |
20100077230 | PROTECTING A PROGRAMMABLE MEMORY AGAINST UNAUTHORIZED MODIFICATION - This disclosure provides an apparatus including a programmable memory, a data write path for writing data into the memory and a data read path for reading data from the memory. The memory comprises at least one protected memory field. The data write path comprises a decryption unit that is adapted for receiving encrypted data, decrypting the encrypted data, and writing resulting plain data into the at least one protected memory field. The data read path is adapted for reading out the plain data stored in the protected memory field. The at least one protected memory field is only writable by applying the data to be written into the at least one protected memory field in encrypted form to the data write path. | 03-25-2010 |
20100077231 | METHOD AND SYSTEM FOR MAINTAINING SECURE DATA INPUT AND OUTPUT - Methods and systems for enhancing the security of data during input and output on a client computer system are provided to prevent attempts by unauthorized code to access, intercept, and/or modify data. Example embodiments provide a plurality of obfuscation techniques and security enhanced drivers that use these obfuscation techniques to prohibit unauthorized viewing/receiving of valid data. When the drivers are used together with the various obfuscation techniques, the security enhanced drivers provide mechanisms for “scheduling” the content of the storage areas used to store the data so that valid data is not available to unauthorized recipients. When unauthorized recipients attempt to access the “data,” they perceive or receive obfuscated data. The obfuscation techniques described include “copy-in,” “replace and restore,” and “in-place replacement” de-obfuscation/re-obfuscation techniques. In one embodiment, a security enhanced display driver, a security enhanced mouse driver, a security enhanced keyboard driver, and a security enhanced audio driver are provided. To complement the security enhancements, the methods and systems also provide for a watchdog mechanism to ensure that the driver is functioning as it should be and various user interface techniques for denoting security on a display device. | 03-25-2010 |
20100083003 | METHOD AND APPARATUS FOR NON-REDUNDANT ENCRYPTED STORAGE - For secure non-redundant storage of data, to store a data blocklet (sub-block), one takes a hash of each blocklet. The hash value is used as a key to encrypt the blocklet data. The key is then hashed to encrypt it and the hashed key used in the blocklet index to identify the blocklet. The blocklet index entry also conventionally includes the address of that encrypted blocklet. Unless one has a file representation which is a vector of the hash values, one cannot obtain direct information about the original blocklet from the blocklet index or the blocklet storage. To retrieve data, each original blocklet hash is hashed again to generate the index entry. Once the encrypted blocklet is located via the index, the same key (original hash) is used to decrypt the blocklet back to its original form and a file is assembled as a sequence of its blocklets. | 04-01-2010 |
20100083004 | Managing Associations Between Keys And Values - Provided are, among other things, systems, methods and techniques for managing associations between keys and values within a computer processing system. In one exemplary implementation, requests to store associations between keys and data values corresponding to the keys are input, and the associations are stored in entry nodes within a data structure represented as a hash-based directed acyclic graph (HDAG). Upon receipt of a data value request and accompanying request key, together with satisfaction of any additional access criterion, a return data value corresponding to the request key automatically is provided, the return data value having been generated based on at least one of the associations that involve the request key. | 04-01-2010 |
20100083005 | Encryption device and encryption method - Even if failure, or the like, occurs during the encryption process, the encryption process is surely resumed. A flag changing unit changes an encryption flag of one disk to being encrypted after an encryption request is received and before the encryption of the data stored on the one disk is started. The flag changing unit changes the encryption flag of the one disk to having been encrypted and changes the encryption flag of the other disk to being encrypted before copying the encrypted data from the one disk to the other disk is started. The flag changing unit changes the encryption flag of the other disk to having been encrypted after copying to the other disk is completed. | 04-01-2010 |
20100083006 | MEMORY CONTROLLER, NONVOLATILE MEMORY DEVICE, NONVOLATILE MEMORY SYSTEM, AND ACCESS DEVICE - A memory controller receives an application identifier for identifying an application from an outside, an application, reference data to be referenced by the application, and a signature for the application and writes the application and the reference data. After receiving the application identifier from the outside, the memory controller accesses memory means which manages the application identifier and the application management state and reads out the management state of the target application. According to the management state, necessary data is decided. Since the judgment result is informed to the outside, there is no need of receiving applications more than necessary and it is possible to reduce the load on the signature process and the application reception process. | 04-01-2010 |
20100088525 | EXTERNAL ENCRYPTION AND RECOVERY MANAGEMENT WITH HARDWARE ENCRYPTED STORAGE DEVICES - Hardware encrypting storage devices can provide for hardware encryption of data being written to the storage media of such storage devices, and hardware decryption of data being read from that storage media. To utilize existing key management resources, which can be more flexible and accommodating, mechanisms for storing keys protected by the existing resources, but not the hardware encryption of the storage device, can be developed. Dedicated partitions that do not have corresponding encryption bands can be utilized to store keys in a non-hardware-encrypted manner. Likewise, partitions can be defined larger than their associated encryption bands, leaving room near the beginning and end for non-hardware encrypted storage. Or a separate bit can be used to individually specify which data should be hardware encrypted. Additionally automated processes can maintain synchronization between a partition table of the computing device and a band table of the hardware encrypting storage device. | 04-08-2010 |
20100088526 | System and Method for Modular Exponentiation - To calculate the equation y=x | 04-08-2010 |
20100088527 | MEMORY PROTECTION SYSTEM AND METHOD - A memory protection method is provided with a user input key: The user input key is compared with an internal private key in a memory security circuit having an integral connection with a solid-state memory for controlling data flow therefrom. | 04-08-2010 |
20100088528 | METHOD AND APPARATUS FOR TAMPER-PROOF WIRTE-ONCE-READ-MANY COMPUTER STORAGE - Disclosed is a method for storing digital information for storage in an adversarial setting in which trusted hardware enforces digital information compliance with data storage mandates. Secure storage overhead is minimized by identifying sparsely accessing the trusted hardware based on data retention cycles. Data retention assurances are provided for information stored by a Write-Once Read-Many (WORM) storage system. | 04-08-2010 |
20100088529 | Data-Mover Controller With Plural Registers For Supporting Ciphering Operations - A data processing system ciphers and transfers data between a first memory unit and a second memory unit, such as, for example, between a share memory architecture (SMA) static random access memory (SRAM) and a double data rate (DDR) synchronous dynamic random access memory (SDRAM). The system includes a ciphering engine and a data-mover controller. The data-mover controller includes at least one register having a field that specifies whether or not the transferred data should be ciphered. If the field specifies that the transferred data should be ciphered, the field also specifies the type of ciphering that is to be performed, such as a third generation partnership project (3GPP) standardized confidentially cipher algorithm “f8” or integrity cipher algorithm “f9”. | 04-08-2010 |
20100095134 | PROGRAMMING NON-VOLATILE MEMORY IN A SECURE PROCESSOR - An improved secure programming technique involves reducing the size of bits programmed in on-chip secret non-volatile memory, at the same time enabling the typical secure applications supported by secure devices. A technique for secure programming involves de-coupling chip manufacture from the later process of connecting to ticket servers to obtain tickets. A method according to the technique may involve sending a (manufacturing) server signed certificate from the device prior to any communication to receive tickets. A device according to the technique may include chip-internal non-volatile memory to store the certificate along with the private key, in the manufacturing process. | 04-15-2010 |
20100095135 | Method and system for processing forward- locked DRM contents, and portable device adapted thereto - A method and system and a portable device are disclosed that can process forward-locked DRM contents in a portable device. The method includes receiving forward-locked Digital Rights Management (DRM) contents, encrypting the forward-locked DRM contents using a unique number of the portable device, and storing the encrypted forward-locked DRM contents. The encrypting process includes extracting the unique number, setting the unique number as an encrypting key, and encrypting the forward-locked DRM contents using the encrypting key. Therefore, although the portable device lacks the capacity of the internal storage medium thereof, it can store a large amount of contents in mobile storage media connectable thereto. | 04-15-2010 |
20100100749 | Single-Chip Computer and Tachograph - A single-chip computer includes at least one first processor core and at least one second processor core constructed on a common chip. The at least one first and the at least one second processor cores are interconnected via a processor interface. Data can be read via a separate or common memory interface from a separate or common data memory respectively and/or stored in said data memory. The single-chip computer includes an encryption and decryption unit which is assigned to the at least one processor core and which is constructed and functionally arranged between the at least one second processor core and the memory interface in such a way that the data which can be exchanged between the at least one second processor core and the data memory can be encrypted and decrypted by the encryption and decryption unit. | 04-22-2010 |
20100106980 | SEARCHABLE ENCRYPTION FOR OUTSOURCING DATA ANALYTICS - A method for performing data analytics on outsourced data may include receiving, at a data analyst, cipher text representing data from a data owner such that the data remains hidden from the data analyst, generating a query token using a constant provided by the data analyst such that the constant remains hidden from the data owner, and analyzing the cipher text using the query token. | 04-29-2010 |
20100125741 | OPTICAL DISC EMULATOR - A system and method that maps an emulated optical disc file structure to a secure region of a data storage device, and translates cryptographic challenges received from a media player licensed under a digital rights management specification into firmware command sets of the data storage device. | 05-20-2010 |
20100131773 | System and Method for Providing Data Integrity - Systems and methods for providing data integrity for stored data are disclosed. A method may include, in connection with the receipt of a read command at a storage resource, reading a data block from the storage resource, the data block including a data field, a data integrity field indicating the integrity the data field, and an encryption indicator field indicating whether the data block is encrypted with a current cryptographic key for the storage resource. The method may further include determining whether the data field is encrypted with the current cryptographic key based at least on the encryption indicator field. The method may additionally include returning at least a portion of the data block in reply to the read command in response to determining that the data field is encrypted with a cryptographic key other than the current cryptographic key. | 05-27-2010 |
20100131774 | Method for Secure Storage and Delivery of Media Content - The memory device contains control structures that allow media content to be stored securely and distributed in a manner envisioned by the content owner, or service providers involved in the distribution. A wide variety of different avenues become available for distributing media content using such memory devices, such as where the devices contain one or more of the following: abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content. The memory device has a type of control structures that enable a service provider (who can also be the content owner) to create a secure environment for media content distribution where end users and terminals register with the service provider, and gain access to the content in a manner controlled by the service provider. The various components to be loaded (e.g. abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content) may be generated and loaded in a secure and efficient manner. | 05-27-2010 |
20100131775 | Method for Secure Storage and Delivery of Media Content - The memory device contains control structures that allow media content to be stored securely and distributed in a manner envisioned by the content owner, or service providers involved in the distribution. A wide variety of different avenues become available for distributing media content using such memory devices, such as where the devices contain one or more of the following: abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content. The memory device has a type of control structures that enable a service provider (who can also be the content owner) to create a secure environment for media content distribution where end users and terminals register with the service provider, and gain access to the content in a manner controlled by the service provider. The various components to be loaded (e.g. abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content) may be generated and loaded in a secure and efficient manner. | 05-27-2010 |
20100138672 | RAID CONTROLLER, STORAGE CONTROL DEVICE, AND STORAGE CONTROL METHOD - A RAID controller selecting a plurality of storages forming RAID includes a data input part having a plurality of data input terminals; a control signal input part having a control signal input terminal to which a control signal related to path setting is inputted; a data output part having a plurality of data output terminals; and a path selection part connecting a data input terminal selected from among the plurality of data input terminals with a data output terminal selected from among the plurality of data output terminals based on the control signal when the control signal is inputted to the control signal input terminal. | 06-03-2010 |
20100138673 | Method for Secure Storage and Delivery of Media Content - The memory device contains control structures that allow media content to be stored securely and distributed in a manner envisioned by the content owner, or service providers involved in the distribution. A wide variety of different avenues become available for distributing media content using such memory devices, such as where the devices contain one or more of the following: abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content. The memory device has a type of control structures that enable a service provider (who can also be the content owner) to create a secure environment for media content distribution where end users and terminals register with the service provider, and gain access to the content in a manner controlled by the service provider. The various components to be loaded (e.g. abridged preview media content, encrypted unabridged media content, prepaid content, rights and/or rules governing access to such content) may be generated and loaded in a secure and efficient manner. | 06-03-2010 |
20100146301 | PRIVACY PROTECTION SYSTEM - Novel system and methodology for protecting privacy of a computer device's user. A privacy protection device interacts with the computer device to enable the user to operate in multiple private modes. The system involves a data storage coupled to the privacy protection device, via a secure link, such as a Secure Sockets Layer (SSL) tunnel that provides an encryption protocol. The data storage is divided into multiple storage sections corresponding to the multiple private modes. Each section is configured for storing encrypted data supporting a particular private mode. The privacy protection device enables the user to set a selected private mode and runs software applications that use the data from the storage section corresponding to the selected mode. | 06-10-2010 |
20100146302 | Microcontroller and Method for Starting an Application Program on a Microcontroller - A microcontroller comprises a microprocessor ( | 06-10-2010 |
20100146303 | PROTECTING EXTERNAL VOLATILE MEMORIES USING LOW LATENCY ENCRYPTION/DECRYPTION - A data processing apparatus includes a volatile memory, a random number generator adapted for generating random numbers from which one or more keys are generated, and a memory encryption unit (MEU). The MEU is configured to receive an N-bit block of data and to divide the N-bit block of data into two more sub-blocks of data, where each sub-block contains fewer than N-bits. The MEU is further configured to encrypt each sub-block of data using the one more keys, to combine the encrypted sub-blocks into an N-bit block of encrypted data, and to write the encrypted N-bit block of data to the volatile memory. | 06-10-2010 |
20100153746 | MEMORY CONTROLLER, SECURE MEMORY CARD, AND SECURE MEMORY CARD SYSTEM - The present patent application is for solving a problem of occurrence of efforts required to replace a signature and consumption of time induced by the efforts. | 06-17-2010 |
20100153747 | PARALLEL ENCRYPTION/DECRYPTION - The present disclosure includes methods and devices for parallel encryption/decryption. In one or more embodiments, an encryption/decryption device includes an input logic circuit, an output logic circuit, and a number of encryption/decryption circuits arranged in parallel between the input logic circuit and the output logic circuit. For example, each encryption/decryption circuit can be capable of processing data at an encryption/decryption rate, and the number of encryption/decryption circuits can be equal to or greater than an interface throughput rate divided by the encryption/decryption rate. | 06-17-2010 |
20100153748 | Method for reencryption of a database - The present invention relates to a method for encryption of the content in a database, for accomplishing increased protection against unauthorised access to the data. The method assures that every row and item is re-encrypted with a valid key. More specifically this process, the so-called KeyLife process, is executed every time a row is inserted, updated or retrieved after a scanning operation. The key life value, defining the number of days a key is valid for each item, could differ for the items, and could typically be between 30 and 90 days. The scanning operation, checking the validity of the presently used keys, the so-called KeyLife checking, is executed each time a new key generation is created. | 06-17-2010 |
20100153749 | DEVICE-ACCESS CONTROL PROGRAM, DEVICE-ACCESS CONTROL PROCESS, AND INFORMATION PROCESSING APPARATUS FOR CONTROLLING ACCESS TO DEVICE - In a computer on which operating systems (OSs) run in parallel: a key storage with a memory area different from that used by the Oss stores keys for use by the OSs in encryption-related processing of data which is to be inputted into or outputted from a device, in correspondence with the OSs; and an encryption processor encrypts first data outputted from a first OS by using a first key corresponding to the first OS in response to a first request by the first OS for access to the device before transferring the first data to the device, and decrypts second data being encrypted and outputted from the device, by using a second key corresponding to a second OS in response to a second request by the second OS for access to the device before transferring the second data to the second OS. | 06-17-2010 |
20100162001 | SECURE NETWORK ATTACHED STORAGE DEVICE USING CRYPTOGRAPHIC SETTINGS - A secure storage network includes a secure storage appliance connected to a client via an IP network. The secure storage appliance facilitates storing and reading data in the secure storage network. The secure storage appliance presents a virtual disk to the client via the IP network. The virtual disk is associated with a volume mapped to shares stored on physical storage devices. The secure storage appliance receives various requests from the client. In response to a request to store data to the volume, the secure storage appliance splits and encrypts data into secondary blocks of data and stores the secondary blocks of data to the shares. In response to a request to read data from the volume, the secure storage appliance reconstitutes data from at least a portion of the secondary blocks of data stored in the shares on the physical storage devices. | 06-24-2010 |
20100162002 | VIRTUAL TAPE BACKUP ARRANGEMENT USING CRYPTOGRAPHICALLY SPLIT STORAGE - Methods and systems for providing data backup are disclosed. One method includes receiving at a virtual tape backup system a data image to be maintained, and transmitting the contents of the data image to a secure storage appliance. The method also includes processing the contents of the data image with the secure storage appliance to cryptographically split one or more blocks of data of the data image such that each of the one or more blocks of data is split into a plurality of secondary data blocks. The method further includes storing the plurality of secondary data blocks in a corresponding plurality of shares located on a plurality of physical storage devices. | 06-24-2010 |
20100162003 | RETRIEVAL OF CRYPTOGRAPHICALLY-SPLIT DATA BLOCKS FROM FASTEST-RESPONDING STORAGE DEVICES - A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client. | 06-24-2010 |
20100162004 | STORAGE OF CRYPTOGRAPHICALLY-SPLIT DATA BLOCKS AT GEOGRAPHICALLY-SEPARATED LOCATIONS - A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary data blocks by performing splitting and encrypting operations on a primary data block received from the client for storage on the virtual disk. For security, the secondary data blocks are stored at geographically-distributed locations. The secure storage appliance is also capable of executing program instructions configured to reconstitute the primary data block from at least a portion of the plurality of secondary data blocks stored in shares on corresponding physical storage devices in response to a request from the client. | 06-24-2010 |
20100162005 | STORAGE COMMUNITIES OF INTEREST USING CRYPTOGRAPHIC SPLITTING - Methods and systems of presenting data in a secure data storage network are disclosed. One method includes defining a community of interest capable of accessing data stored in a secure data storage network, the community of interest including a plurality of users desiring access to a common set of data. The method also includes associating the community of interest with a workgroup key. and, upon identification of a client device as associated with a user from among the plurality of users in the community of interest, presenting a virtual disk to the client device, the virtual disk associated with the workgroup key and a volume containing the common set of data, the volume including a plurality of shares stored on a plurality of physical storage devices. | 06-24-2010 |
20100169667 | Protecting content on client platforms - A method, computer system, and computer-readable medium with instructions to provide a client security management layer and a content player that ensure that the content is protected from malware on the receiving computer system. The client security management layer controls access to a protected portion of a memory of a computer system on behalf of a component, such as the content player, running on the processor of the computer system. The client security management layer receives an encrypted content key from the component, confirms the integrity of the component, decrypts the encrypted content key to provide a decrypted content key, and places the decrypted content key in the protected portion of the memory in response to confirming the integrity of the component. Other embodiments are described and claimed. | 07-01-2010 |
20100169668 | Obtaining backups using a portable storage device - A backup site and a client are coupled to a network and the backup site obtains backup data for the client using a portable storage device by providing a direct coupling between the portable storage device and the backup site. The portable storage device contains full backup data for the client. The direct coupling is separate from the network. Full backup data is uploaded from the portable storage device to the backup site via the direct coupling. At least one incremental backup, based on the prior full backup, is performed to transfer data from the client to the backup site through the network. The network may be the Internet. The direct coupling may be USB, Firewire, or eSATA. Only a subset of data corresponding to a backup dataset may be provided on the portable storage device. Data on the portable storage device may be encrypted. | 07-01-2010 |
20100169669 | Method and apparatus for enforcing use of danbury key management services for software applied full volume encryption - A method, system, and computer-readable storage medium containing instructions for controlling access to data stored on a plurality of storage devices associated with a first platform. The method includes authenticating a user to access the first platform, wherein the first platform includes first and second storage devices, chipset encryption hardware, and a memory. Data stored on the storage devices are encrypted, with first data on the first storage device being encrypted by the chipset encryption hardware and second data stored on the second storage device being encrypted by another encryption mechanism. The data are decrypted and the user is allowed to access the first data and the second data. | 07-01-2010 |
20100169670 | SYSTEM AND METHOD FOR ENCRYPTING AND DECRYPTING DATA - A system for encrypting and decrypting data being transmitted between a data processing device and a storage device is provided. The system includes a password storing unit, an input unit, an authentication unit, a read unit, a key generator, an encrypting unit, and a decrypting unit. The password storing unit stores an initial password. The input unit is for receiving a current password. The authentication unit is for determining if the current password matches with the initial password. The read unit is for reading the initial password and an identification number of the system. The key generator is for generating an encrypting key and a decrypting key using the initial password and the identification number. If the current password matches with the initial password, the encrypting unit and the decrypting unit are operable to encrypt and decrypt the data using the encrypting key and the decrypting key correspondingly. | 07-01-2010 |
20100169671 | CRYPTOPROCESSOR WITH IMPROVED DATA PROTECTION - The invention relates to an electronic circuit comprising: a first random-access data storage element, a processing module designed to delete the first storage element, and an access terminal which is connected to the processing module and receives a first power signal supplied by a first power source external to the electronic circuit. The circuit also includes a second random-access storage element in which a key is stored, said key being used to encrypt the data and a second power source which is built into the electronic circuit and supplies a second power signal to the processing module. The processing module is designed to detect an unauthorized access attempt by comparing the first and second power signals and to delete the key when the processing module is powered by the second power source. | 07-01-2010 |
20100169672 | ENCRYPTION PROGRAM OPERATION MANAGEMENT SYSTEM AND PROGRAM - According to one embodiment, an encryption program operation management system includes an encryption key table creation module which creates encryption keys and creates an encryption key table including encrypted versions of the encryption keys and items of plaintext index information for recognizing the encryption keys, and an installation package creation module which creates an installation package including an encryption program, the encryption key table, and an installation program for installing the encryption program into a computer. The installation program causes the computer to carry out an operation of selecting one of the encrypted versions of encryption keys and an operation of creating and storing encryption key information including the selected one of the encrypted versions of encryption key and one of the items of plaintext index information associated with the selected one of the encrypted versions of encryption keys. | 07-01-2010 |
20100174920 | DATA PROCESSING APPARATUS - A data processing apparatus comprises an integrated circuit containing a data processor and a non-volatile store storing at least one security code. A first memory external to the integrated circuit stores data, the data being cryptographically protected in a first format. A second memory external to the integrated circuit is provided for storing data. The apparatus is arranged to transfer data from the first memory via the integrated circuit to the second memory to be accessed by the data processor from the second memory. The integrated circuit is arranged to validate during the transfer the data read from the first memory using a security code stored in the non-volatile store. If the data is validated, cryptographic protection is applied in a second format to the validated data using a security code stored in the non-volatile store. The protected data is stored in the second memory in the second format. | 07-08-2010 |
20100174921 | DEVICE SIDE HOST INTEGRITY VALIDATION - Described is a technology by which a transient storage device or secure execution environment-based (e.g., including an embedded processor) device validates a host computer system. The device compares hashes of host system data against valid hashes maintained in protected storage of the device. The host data may be a file, data block, and/or memory contents. The device takes action when the host system data does not match the information in protected storage, such as to log information about the mismatch and/or provide an indication of validation failure, e.g., via an LED and/or display screen output. Further, the comparison may be part of a boot process validation, and the action may prevent the boot process from continuing, or replace an invalid file. Alternatively, the validation may take place at anytime. | 07-08-2010 |
20100174922 | ENCRYPTION BRIDGE SYSTEM AND METHOD OF OPERATION THEREOF - A method of operation of an encryption bridge system that includes: authenticating a user using a self-authenticating encryption bridge; and controlling encryption using the self-authenticating encryption bridge disposed between a computer system and a storage system in response to the authenticating of the user. | 07-08-2010 |
20100180130 | Cryptographic Protection of Usage Restrictions in Electronic Devices - An electronic device requires valid control keys to change any usage restriction setting. The device is provided control keys, a secret key, and a signed software object including a batch ID and a hash of the secret key. For each control key, the device generates a cryptographic footprint bound to the device and the secret key. A message authentication code (MAC) of each usage restriction setting is generated, the MAC bound to the device and a control key. To change a usage restriction, the device receives a control key, validates it against the stored footprint, changes the usage restriction settings, and generates a new usage restriction setting MAC. The control key footprints are bound to the secret key, but the device retains only a hash of the secret key. | 07-15-2010 |
20100191983 | SYSTEM AND METHOD FOR SECURE LOGGING OF DOCUMENT PROCESSING DEVICE MESSAGES - The subject application is directed to a system and method for secure logging of document processing device messages. A duration for capturing status messages is first defined and unencrypted document processing device status messages are received during the defined duration. An encryption key is generated for association with the duration and is thereafter associated with the duration. Each of the unencrypted document processing status messages is then encrypted using the key as it is received. The encrypted messages are then stored in an associated data storage. Following a completion of the defined duration, each of the encrypted messages is decrypted and then stored in a single, signed storage file. The signed storage file is then encrypted using the generated encryption key, and the encrypted storage file is associatively stored with the key. | 07-29-2010 |
20100199108 | Device Enforced File Level Protection - Described is a technology by which files that are hardware protected on a storage device, such as a USB flash drive, are managed on a host, including by integration with an existing file system. Each file maintained on a storage device is associated with a protection attribute that corresponds to that file's device hardware protection level. Requests directed towards accessing metadata or actual file data are processed based upon the protection attribute and a state of authentication, e.g., to allow or deny access, show file icons along with their level of protection, change levels, and so forth. Also described is splitting a file system file table into multiple file tables, one file table for each level of protection. Entries in the split file tables are maintained based on each file's current level; space allocation tracking entries are also maintained to track the space used by other split tables. | 08-05-2010 |
20100205460 | ENCRYPTION METHOD FOR DIGITAL DATA MEMORY CARD AND ASSEMBLY FOR PERFORMING THE SAME - Embodiments of a portable data storage device and a method of protecting data stored in the portable data storage device are provided. In one embodiment, the portable data storage device includes a device identification unique to the portable data storage device, a rights object containing information indicative of access rights and a verification identification, a memory to store the device identification and the verification identification, and controller logic. The memory is partitioned into a plurality of areas of memory, including: a first area as a protection area to store an instruction code, a second area as a partition table area to store a partition table, and a third area as a file area to store data files. In response to a request from a client external to the portable data storage device, the controller logic compares the verification identification with the device identification to allow the client to access of the data files if the verification identification matches the device identification. | 08-12-2010 |
20100205461 | METHOD FOR GENERATING DATA FOR DETECTION OF TAMPERING, AND METHOD AND APPARATUS FOR DETECTION OF TAMPERING - In a target apparatus which stores at least one piece of domain key information in a first area and a plurality of pieces of content key information each associated with any one of the domain key information in a second area, a method for generating data for detecting tampering of the content key information. The method comprises the steps of encrypting the content key information associated with one of the domain key information using a chain encryption technique; extracting data at predetermined positions in the encrypted content key information, concatenating the pieces of data extracted at the predetermined positions in the encrypted content key information to obtain concatenated data, performing a hash calculation with respect to the concatenated data to obtain a hash value, storing check values corresponding to the data at the predetermined positions in plain text, in the target apparatus, and storing the hash value in the target apparatus. | 08-12-2010 |
20100211802 | Storage Volume Protection Supporting Legacy Systems - A storage volume is encrypted using a particular encryption technique, the storage volume including an access application and one or more cover files. The access application can be executed by a computing device having an operating system lacking support for the particular encryption technique, and allows the computing device to access data on the storage volume encrypted using the particular encryption technique. | 08-19-2010 |
20100211803 | Multi-Valued Scrambling and Descrambling of Digital Data on Optical Disks and Other Storage Media - Method and apparatus for writing scrambled multi-value data to a physical media and for reading scrambled multi-value data from a physical media, are disclosed. The physical media can be an optical disk. The scrambling can be performed by a multi-valued LFSR scrambler and the descrambling can be performed by a multi-valued LFSR descrambler. Further, the multi-valued data that is scrambled can include synchronization data and/or user data. Error correction coding can be used during the writing process and processing to correct for errors can be used during the reading process. Also, methods and apparatus for synchronizing multi-valued data written to and read from physical media are disclosed. Multi-value correlation methods and apparatus are also disclosed. | 08-19-2010 |
20100223479 | Method for Protection of A Chip Card From Unauthorized Use, Chip Card and Chip Card Terminal - A method for protection of a chip card from unauthorized use includes: inputting a first identification into a chip card terminal, producing a cipher of at least one first communication parameter using a first symmetric key derived from the first identification, a protected first communication channel being definable between the chip card terminal and the chip card, using the communication parameter, transmitting the cipher via a predefined communication channel from the chip card terminal to the chip card, attempting to decrypt the cipher using a second symmetric key by means of the chip card, the result of decryption only being the first communication parameter if the first symmetric key is identical to the second symmetric key so that the protected first communication channel can only be defined between the chip card terminal and the chip card if the first identification is correct. | 09-02-2010 |
20100229003 | METHOD, SYSTEM AND COMPUTER PROGRAM FOR SECURELY STORING DATA - A method of securely storing data comprising the steps of:
| 09-09-2010 |
20100229004 | PROTECTION OF SECURITY PARAMETERS IN STORAGE DEVICES - Security parameters used to encrypt data stored on a storage device may be protected using embodiments of systems and methods described herein. During a resize operation, data stored on a memory unit in the storage device may be altered prior to communicating an updated partition size to a host computer. In some examples, data is altered prior to storing the updated partition sizes in the storage device. In this manner, a host system may not receive the updated partition sizes until after the data is altered. Altering data may avoid exposure encrypted data, information about one or more security parameters used to encrypt data on the memory unit or decrypt data retrieved from the memory unit, or combinations thereof. | 09-09-2010 |
20100229005 | DATA WHITENING FOR WRITING AND READING DATA TO AND FROM A NON-VOLATILE MEMORY - Systems, apparatuses, and methods are provided for whitening and managing data for storage in non-volatile memories, such as Flash memory. In some embodiments, an electronic device such as media player is provided, which may include a system-on-a-chip (SoC) and a non-volatile memory. The SoC may include SoC control circuitry and a memory interface that acts as an interface between the SoC control circuitry and the non-volatile memory. The SoC can also include an encryption module, such as a block cipher based on the Advanced Encryption Standard (AES). The memory interface can direct the encryption module to whiten all types of data prior to storage in the non-volatile memory, including sensitive data, non-sensitive data, and memory management data. This can, for example, prevent or reduce program-disturb problems or other read/write/erase reliability issues. | 09-09-2010 |
20100229006 | Memory for Protecting Data, Memory System Including the Memory, and Method of Driving the Memory - A memory for protecting data includes a first storage area storing N-number of encryption keys, where N is a natural number, a second storage area receiving the N-number of encryption keys from the first storage area and storing again the received N-number of encryption keys, and a selection unit selecting one of the N-number of encryption keys stored in the second storage area according to a control signal, and encoding data input from outside the memory using a selected encryption key or decoding the data stored in the first storage area using the selected encryption key. | 09-09-2010 |
20100229007 | Nonvolatile Memory Device and Operating Method Thereof - An operating method of a non-volatile memory device includes randomizing source data to form randomized source data, storing the randomized source data, generating a seed based on an address, generating a random data sequence based on the seed, and de-randomizing the randomized data using the random data sequence. Related nonvolatile memory devices and methods of reading data stored in non-volatile memory devices are also disclosed. | 09-09-2010 |
20100241874 | Method and Apparatus to Scramble Data Stored in Memories Accessed by Microprocessors - A scrambler/descrambler module included in an integrated circuit device is operable for receiving a scrambling key and constant data that is unique to the integrated circuit device. The scrambler/descrambler module includes a first layer or circuit arrangement that uses a scrambling key to generate first scrambled data. The scrambler/descrambler module includes a second layer or second circuit arrangement that uses data that is unique to the integrated circuit device, and that is constant over the life of the integrated circuit device, to scramble the first scrambled data to generate second scrambled data. | 09-23-2010 |
20100241875 | EXTERNAL STORAGE DEVICE AND METHOD OF CONTROLLING THE SAME - The external storage device has a read-only section and a read/write enabled section in a storage section. In the read-only section there is stored an antivirus software detection program adapted to detect the presence of antivirus software installed on a host computer. When the external storage device is connected to the host computer, the antivirus software detection program will be executed automatically by the host computer. When a storage section access controller provided to the external storage device receives from the antivirus software detection program a notification that the presence of antivirus software has been detected, it will allow writing to the read/write enabled section. | 09-23-2010 |
20100250968 | DEVICE FOR DATA SECURITY USING USER SELECTABLE ONE-TIME PAD - Devices for securing data and method of managing a one-time pad stored in nonvolatile memory of a device. In one embodiment, the device for securing data includes: (1) a nonvolatile memory, (2) a nonvolatile memory controller coupled to the nonvolatile memory and configured to cooperate with the nonvolatile memory to make a key available when a password provided to the device is valid and (3) a self-destruct circuit coupled to the nonvolatile memory and configured to corrupt at least part of the nonvolatile memory when the password is invalid. | 09-30-2010 |
20100250969 | Privacy-Enhanced Searches Using Encryption - Encryption with keys that form an Abelian group are used in combination with a semi-trusted party that converts queries that are encrypted with the key of a querier to queries that are encrypted with the key of the encrypted database, without knowing the actual keys. In an illustrative embodiment, encryption is done with Bloom filters that employ Pohlig-Hellman encryption. Since the querier's key is not divulged, neither the semi-trusted party nor the publisher of the database can see the original queries. Provision can be made for fourth party “warrant servers”, as well as “censorship sets” that limit the data to be shared. | 09-30-2010 |
20100250970 | STORAGE DEVICE - The storage device used in connection with an information processing apparatus is provided. The storage device includes: an authentication storage area storing an authentication program in advance, wherein the authentication program is executed to authenticate whether each user operating the information processing apparatus is an approved user; an operating system storage area storing an operating system in advance, wherein the operating system is encrypted and is used by the information processing apparatus; an access controller configured to control accesses the authentication storage area and the operating system storage area from the information processing apparatus; and a decoder configured to decrypt the encrypted operating system, wherein upon notification of successful authentication representing that the user is authenticated as the approved user by the authentication program, the access controller allows an access the operating system storage area from the information processing apparatus. | 09-30-2010 |
20100262841 | METHOD FOR SECURE PROGRAM CODE EXECUTION IN AN ELECTRONIC DEVICE - The invention relates to a method for secure piecemeal execution of a program code. In the method, the program code is split to a number of pieces in a first electronic device. The pieces are provided one after another to a second electronic device, which computes a message authentication code from the pieces and returns the authenticated pieces back to the first electronic device. In order to execute the program, the authenticated pieces are provided for execution to the second electronic device, which verifies the message authentication codes in the pieces to allow the execution of the pieces in the second electronic device. | 10-14-2010 |
20100268966 | Efficient and secure data storage utilizing a dispersed data storage system - A method of securely storing data to a dispersed data storage system is disclosed. A data segment is arranged along the columns or rows of an appropriately sized matrix. Data slices are then created based on either the columns or the rows so that no consecutive data is stored in a data slice. Each data slice is then stored in a separate storage node. | 10-21-2010 |
20100268967 | INFORMATION PROCESSING APPARATUS, AND METHOD AND COMPUTER PROGRAM PRODUCT FOR VERIFICATION - An information processing apparatus includes a main memory unit storing while on-power; an auxiliary storage unit functionable even off-power; a control unit performing hibernation of generating operating-state data indicating a state when the power is lost, storing the data in the auxiliary storage unit, and, when restored, reading the data from the auxiliary storage unit; and a security chip that including a configuration register, encrypts data, and storing the data in the auxiliary storage unit. The control unit includes: a first registration unit performing, when the data is generated, calculation based thereon to obtain a calculated value; a second registration unit performing, when the data is read from the auxiliary storage unit at the hibernation, calculation based on the data to obtain a calculated value to write it into the configuration register; and a verification unit performing verification at boot-up from the hibernation based on the value written. | 10-21-2010 |
20100275038 | Memory Device and Method for Adaptive Protection of Content - A memory device and method for adaptive protection of content are disclosed. In one embodiment, a memory device is provided comprising a memory operative to store content and a controller in communication with the memory. The controller is operative to generate a content protection algorithm that is different from at least one content protection algorithm previously generated by the controller, protect the content in accordance with the content protection algorithm, generate virtual machine code containing instructions on how to unprotect the protected content, and provide the protected content and the virtual machine code to a host in communication with the memory device. In another embodiment, a method for adaptive protection of content is provided comprising generating a content protection algorithm that is different from at least one previously-generated content protection algorithm, protecting content in accordance with the content protection algorithm, generating virtual machine code containing instructions on how to unprotect the protected content, and providing the protected content and the virtual machine code to a host in communication with the memory device. | 10-28-2010 |
20100275039 | SECURE ARCHIVE - Storage apparatus ( | 10-28-2010 |
20100281274 | System and Method for Executing Code Securely in General Purpose Computer - The various embodiments of the invention provide a method for executing code securely in a general purpose computer. According to one embodiment, a code is downloaded into a cache memory of a computer in which the code is to be executed. The code downloaded into the cache memory is encrypted in the cache memory. Then the encrypted code in the cache memory is decrypted using a decryption algorithm to obtain the decrypted code. The decrypted code is executed in the cache to generate a result. The decrypted code is destroyed in the cache memory after the forwarding the result to a user. | 11-04-2010 |
20100281275 | METHOD OF RECORDING CONTENT ON DISC, METHOD OF PROVIDING TITLE KEY, APPARATUS FOR RECORDING CONTENT ON DISC, AND CONTENT PROVIDING SERVER - Provided are a method of recording content, a method of providing a title key, an apparatus for recording content, and a content providing server, which can prevent unauthorized users from recording the title key on a plurality of discs. The method of recording content downloaded from a network includes: receiving a title key, which is encrypted with a disc key of a disc on which content is to be recorded in a recording apparatus, from a server; and recording the received title key and the content on the disc. | 11-04-2010 |
20100287385 | SECURING DATA CACHES THROUGH ENCRYPTION - Encryption techniques for securing data in a data cache are generally disclosed. Example methods may include one or more of reading the cache to identify data, determining whether the data is encrypted to identify previously unencrypted data and/or previously encrypted data, and encrypting selectively at least a portion of the previously unencrypted data. The present disclosure also generally relates to a computer system data processor configured to read a cache to identify data, determine whether the read data is encrypted, and encrypt selectively at least a portion of the previously unencrypted data. The present disclosure also generally relates to computer accessible mediums containing computer-executable instructions for data encryption upon execution of the instructions by a data processor. The instructions may configure the data processor to perform procedures that read the cache to identify data, determine whether the data is encrypted, and selectively encrypt data determined as unencrypted. | 11-11-2010 |
20100287386 | SECURE INTEGRATED CIRCUIT COMPRISING MEANS FOR DISCLOSING COUNTERPART MASK VALUES - An integrated circuit includes a communication interface circuit, a cryptographic algorithm, a countermeasure configured to protect the cryptographic algorithm against side-channel attacks, and a mask generator configured to provide the countermeasure with mask values. The integrated circuit is configured to execute a specific command requiring the disclosure of mask values used by the countermeasures to protect the cryptographic algorithm during a cryptographic session, and, in response to such a command, to send the mask values through the communication interface circuit. | 11-11-2010 |
20100293392 | SEMICONDUCTOR DEVICE HAVING SECURE MEMORY CONTROLLER - A secure memory controller includes a memory unit and a controller. The memory unit stores the information of the predetermined scenario in accordance with an application to be executed. The controller gives the right to access the memory area based on the set scenario. The controller judges whether the bus master which is requesting an access to the memory area has the right to access. | 11-18-2010 |
20100293393 | Memory Controller, Memory System Including the Same, and Method for Operating the Same - A memory controller includes a first interface unit, a processor, a randomization unit, a state conversion unit, and a second interface unit. The first interface unit exchanges data with an external device, and the processor determines whether to randomize or state-convert the received data. The randomization unit randomizes data received through the first interface unit in response to the processor and generates randomization information in response to the randomization operation. The state conversion unit state-converts data received through the first interface unit in response to the processor and generates conversion information in response to the state conversion operation. The second interface unit receives the randomized data and the randomization information from the randomization unit, receives the state-converted data and the conversion information from the state conversion unit, and exchanges at least one of the randomized data, the randomization information, the state-converted data and the conversion information with a memory. | 11-18-2010 |
20100299539 | ENCRYPTION BASED STORAGE LOCK - In one embodiment an encryption based storage lock comprises at least one storage media, at least one processor, at least one drive controller, and logic to; store at least a first encryption key in a persistent memory location, establish a logical association between the first encryption key and a first drive, receive a write operation in a drive controller, wherein the write operation is associated with the first drive in the network attached storage device, encrypt data associated with the write operation using the first encryption key, and store the encrypted data in the first drive in the network attached storage device. | 11-25-2010 |
20100306554 | DISTRIBUTED KEY ENCRYPTION IN SERVERS - Architecture that stores specific passwords on behalf of users, and encrypts the passwords using encryption keys managed by a distributed key management system. The encryption keys are stored in a directory service (e.g., hierarchical) in an area that is inaccessible by selected entities (e.g., administrative users) having superior permissions such as supervisory administrators, but accessible to the account components that need to access the unencrypted passwords. The distributed key management system makes the encryption key stored in the directory service available to all hardware/software components that need the key to encrypt or decrypt the passwords. | 12-02-2010 |
20100306555 | Storage apparatus and authentication method - A storage apparatus includes a key control part to judge a validity of a data access from a request source based on authorization information received therefrom and authorization information created from an enciphering key included in enciphering key information received from a key management apparatus, and a control part to make the data access to the recording medium using the enciphering key in response to an access request from the request source, if the validity of the data access is confirmed. The authorization information from the request source includes a unique code created from the enciphering key if an authentication is successful in the key management apparatus in response to an authentication request from the request source. | 12-02-2010 |
20100306556 | METHOD AND SYSTEM FOR RANDOM DATA ACCESS FOR SECURITY APPLICATIONS - A method for securely handling processing of information in a chip may include randomly selecting one of a plurality of data processes based on a random process index. A time interval may be randomly allocated on the chip, for processing the randomly selected one of the plurality of data processes. When the randomly allocated time interval has elapsed, the randomly selected one of the plurality of data processes may be initiated. The randomly selected one of the plurality of data processes may include one or both of accessing data and acquiring the data. Data may be verified by the randomly selected one of the plurality of data processes prior to the processing of the data. The data may be verified utilizing at least one digital signature verification algorithm, such as a Rivest-Shamir-Adelman (RSA) algorithm and/or a secure hash algorithm (SHA-1). | 12-02-2010 |
20100313040 | Segment deduplication system with encryption and compression of segments - A system for storing encrypted compressed data comprises a processor and a memory. The processor is configured to determine whether an encrypted compressed segment has been previously stored. The encrypted compressed segment was determined by breaking a data stream, a data block, or a data file into one or more segments and compressing and then encrypting each of the one or more segments. The processor is further configured to store the encrypted compressed segment in the event that the encrypted compressed segment has not been previously stored. The memory is coupled to the processor and configured to provide the processor with instructions. | 12-09-2010 |
20100318812 | SECURE AND PRIVATE BACKUP STORAGE AND PROCESSING FOR TRUSTED COMPUTING AND DATA SERVICES - A digital escrow pattern is provided for backup data services including searchable encryption techniques for backup data, such as synthetic full backup data, stored at remote site or in a cloud service, distributing trust across multiple entities to avoid a single point of data compromise. In one embodiment, an operational synthetic full is maintained with encrypted data as a data service in a cryptographically secure manner that addresses integrity and privacy requirements for external or remote storage of potentially sensitive data. The storage techniques supported include backup, data protection, disaster recovery, and analytics on second copies of primary device data. Some examples of cost-effective cryptographic techniques that can be applied to facilitate establishing a high level of trust over security and privacy of backup data include, but are not limited to, size-preserving encryption, searchable-encryption, or Proof of Application, blind fingerprints, Proof of Retrievability, and others. | 12-16-2010 |
20100332853 | NETWORK TRANSMISSION METHOD, NETWORK TRANSMISSION SYSTEM AND NETWORK TRANSMISSION DEVICE THEREOF - The present invention discloses a network transmission system, network transmission method, and network transmission device thereof. The network transmission device is connected to an operating center and a user device, and comprises at least one storage device. The operating center is capable of transmitting data to the network transmission device and storing the data in the storage device. Moreover, the operating center is able to control the network transmission device to transmit the data stored in the storage device to the user device | 12-30-2010 |
20100332854 | STORAGE DEVICE, METHOD OF CONTROLLING STORAGE DEVICE, AND COMPUTER PROGRAM PRODUCT - A storage device with an authentication feature providing enhanced convenience during locking. The device is a USB hard disk designed for connection to a personal computer, and includes a disk, an access controller, and a push-button. The access controller includes an encryption/decryption module | 12-30-2010 |
20110016331 | APPARATUS AND METHOD FOR MANAGEMENT FOR FILE AGGREGATES AND FILE DIRECTORIES - A method for accessing data in a data storage system is presented. The method includes supplying a host computer that is in communication with the data storage system, where the data storage system includes a data storage medium and a holographic data storage medium. A first request is generated to access a directory encoded in the data storage medium and includes a first encryption key. The requested directory recites a listing of data files encoded in the holographic storage medium. If the first encryption key decrypts the directory, the directory is read and a data file encoded in the holographic data storage medium is identified. A second request is then generated to access the data file and includes a second encryption key. Finally, if the second encryption key decrypts the data file, then it is read. | 01-20-2011 |
20110022856 | Key Protectors Based On Public Keys - In accordance with one or more aspects, a key protector for a storage volume is created by generating an intermediate key and protecting, based at least in part on a public/private key pair, the intermediate key. A volume master key for encrypting and decrypting one or more volume encryption keys that are used to encrypt the storage volume can be encrypted in different manners, including being encrypted based at least in part on the intermediate key. A key protector for the storage volume is stored that includes both the encrypted volume master key and information indicating how to obtain the intermediate key. Subsequently, the key protector can be accessed and, based at least in part on a private key of the entity associated with the key protector, the intermediate key can be decrypted. The intermediate key can then be used to decrypt the volume master key. | 01-27-2011 |
20110029786 | METHOD FOR ACCESSING AND TRANSFERRING DATA LINKED TO AN APPLICATION INSTALLED ON A SECURITY MODULE ASSOCIATED WITH A MOBILE TERMINAL, AND ASSOCIATED SECURITY MODULE, MANAGEMENT SERVER AND SYSTEM - A method is provided for transferring data linked to an application installed on a security module associated with a mobile terminal, the data being stored in a first secure memory area of the security module, suitable for receiving a request to access the data, to read the data, and to transmit or store the data after encryption. A method is also provided for accessing these data suitable for transmitting a request to access, to receive and to decrypt the encrypted data. A security module, a management server, and a system implementing the transfer and access methods are also provided. | 02-03-2011 |
20110035602 | DATA SCRAMBLING, DESCRAMBLING, AND DATA PROCESSING METHOD, AND CONTROLLER AND STORAGE SYSTEM USING THE SAME - A data scrambling method for scrambling raw data from a host system is provided. The data scrambling method includes generating a random number and storing the random number into a storage unit. The data scrambling method also includes receiving a user password from the host system, generating a padded value by using a first function unit based on the random number and the user password, and generating a nonce value by using a second function unit based on the padded value and a key. The data scrambling method further includes generating scrambled data corresponding to the raw data by using a third function unit based on the nonce value and the raw data. Accordingly, the raw data of the host system can be effectively protected. | 02-10-2011 |
20110035603 | Apparatus and Method for Securing Data on a Portable Storage Device - A portable storage device including a microprocessor and a secure user data area, the microprocessor operable to perform on-the-fly encryption/decryption of secure data stored on the storage device under a user password, the microprocessor also operable to exclude access to the secure user data area unless the user password is provided. | 02-10-2011 |
20110035604 | Dual-Interface Key Management - In one embodiment, a device includes a first interface, a second interface, a memory, and a processor coupled to the first and second interfaces and to the memory. The processor is configured to receive key-management information via the second interface, and to store the key-management information in a protected portion of the memory as stored key-management information. The processor is also configured to perform a challenge-response authentication interaction via the first interface. The challenge-response authentication interaction is based at least in part on the stored key-management information. The device is configured to prevent data in the protected portion of the memory from being modified in response to information received via the first interface. | 02-10-2011 |
20110040986 | METHOD, SYSTEM, AND PROGRAM FOR SECURELY PROVIDING KEYS TO ENCODE AND DECODE DATA IN A STORAGE CARTRIDGE - Provided is a method, system, and program for enabling access to data in a storage medium within one of a plurality of storage cartridges capable of being mounted into a interface device. An association is provided of at least one coding key to a plurality of storage cartridges. A determination is made of one coding key associated with one target storage cartridge, wherein the coding key is capable of being used to access data in the storage medium within the target storage cartridge. The determined coding key is encrypted. The coding key is subsequently decrypted to use to decode and code data stored in the storage medium. | 02-17-2011 |
20110055593 | METHOD AND APPARATUS FOR PROTECTING ACCOUNT NUMBERS AND PASSWORDS - A method and apparatus are provided for protecting confidential information. The method includes the steps of providing a plurality of files where each file contains at least one item of secret information, such as a password for a private account. Access to the plurality of files is password protected with a master password. To access the plurality of files, the master password must be entered into a master password entry field. The files are deleted upon successive entry of incorrect passwords into the master password entry field a predetermined number of times. | 03-03-2011 |
20110066864 | Methods And Apparatus For Use In Transferring User Data Between Two Different Mobile Communication Devices Using A Removable Memory Card - Methods and apparatus for use in transferring user data from a first (“source”) mobile communication device to a second (“target”) mobile communication device using a removable memory card are disclosed. The source and target devices may be possessed and/or owned by the same end user. The source device is initially enabled to maintain data synchronization with a host server over a wireless communication network via a first wireless transceiver for user data of an application program associated with the user account. To enable the target device for the communications associated with the user account, the source device is operative to establish a programming session with the target device via a second wireless transceiver. During the programming session, the source device causes user account data (e.g. at least one encryption/decryption key for the data-synchronized communications) for the user account to be transmitted to the target device via the second wireless transceiver. Preferably, the user account data is encrypted based on a passkey for the programming session. The user data associated with the application program may then be transferred from the source device to the target device via a removable memory card such as a secure digital (SD) card. | 03-17-2011 |
20110072278 | DATA PROCESSING APPARATUS AND DIGITAL SIGNATURE METHOD - A data processing apparatus includes, an input unit to accept information on one or more deletion-target data blocks specified from a plurality of data blocks, a hash generating unit to calculate a hash value of each of the plurality of data blocks, an auxiliary data generating unit to calculate auxiliary data β=g | 03-24-2011 |
20110087896 | SECURE STORAGE OF TEMPORARY SECRETS - Temporarily sensitive information can be stored in the non-volatile storage of a TPM, from which it can be securely, and irretrievably, deleted. Additionally, information stored in a TPM can secure information stored on communicationally disconnectable storage media such that, when communicationally disconnected, the information stored on such media is inaccessible. A whole volume encryption service key can be protected by a key stored in a TPM and, even if the protector remains accessible, the secure deletion of the key from the TPM prevents unauthorized disclosure of the whole volume encryption service key. Additionally, TPM stored data can be released only when a computing device is in a particular state, as determined by the PCRs. A hibernation image can be encrypted and the key stored with the TPM such that it is released to decrypt the image and restore active computing only if the state has not materially changed during hibernation. | 04-14-2011 |
20110087897 | Hardware-Based Key Generation and Recovery - A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry. | 04-14-2011 |
20110087898 | SAVING ENCRYPTION KEYS IN ONE-TIME PROGRAMMABLE MEMORY - Described embodiments provide encryption/decryption of data transferred between a media controller and a storage device. The media controller provides encryption/decryption based on a root key (RK). Storage in a one-time programmable (OTP) memory is provided as a plurality of un-burned slots. The OTP memory is initially provided without the RK, which is generated with a random number generator. A control module performs the steps of i) burning the RK to an initial slot of the OTP memory, and ii) validating the burned RK (bRK) stored at the initial slot based on a comparison of the RK and the burned RK. If the control module validates the burned RK, the burned RK is employed by the media controller. Otherwise, one or more subsequent slots of the OTP memory are burned with the RK until the control module validates the corresponding burned RK. | 04-14-2011 |
20110087899 | FIREWALL PLUS STORAGE APPARATUS, METHOD AND SYSTEM - A storage firewall architecture, method and system that works in parallel with existing security technologies and, inter alia, provides application software authentication, user authentication & authorization in the execution of an application, examination, verification, and authentication of all storage access requests, monitoring of protected storage to detect & repair anomalous changes, encryption of protected storage, both data and software, provisioning (deployment) of patches, configuration changes, and software through a secure synchronization link to a configuration and patch management server, and server-based system administration & configuration to prevent malware from penetrating local configuration mechanisms. | 04-14-2011 |
20110093723 | Display of a verification image to confirm security - A handheld device | 04-21-2011 |
20110099388 | METHOD AND COMPUTER SYSTEM FOR LONG-TERM ARCHIVING OF QUALIFIED SIGNED DATA - The current invention describes a method for long term archiving of qualifiedly signed data in accordance with the current invention, which comprises the steps of hashing the data, encrypting the data through a cryptography algorithm, hashing the encrypted data, signing the hashed data with an advanced time stamp, generating a hash tree over the whole data file or the subgroups thereof and signing the hash tree(s) with a qualified time stamp. Furthermore, a computer system for conducting the method is disclosed. | 04-28-2011 |
20110107112 | DISTRIBUTED STORAGE NETWORK AND METHOD FOR ENCRYPTING AND DECRYPTING DATA USING HASH FUNCTIONS - A distributed storage network received a data segment. The data segment is partitioned into two or more portions. A first portion hash is calculated from the first portion of data and used to encrypt the second portion of data. A hash of the encrypted second portion of data is then used to either encrypt the next portion of data (in this case, a third portion of data) or to circle back to the beginning and encrypt the first portion of the data if the second portion of data is the last in data segment. This iterative process continues until all portions of the data segment are encrypted in a sequence. In essence, the data portions of the segment are sequentially processed in some order to encrypt the various portions in that progressing order. A reverse order is used to derive the hash values and decrypt the encrypted data portions into decrypted original data to recreate the data segment. | 05-05-2011 |
20110107113 | DISTRIBUTED STORAGE NETWORK DATA REVISION CONTROL - Multiple revisions of an encoded data slice are generated, with each revision having the same slice name. Each of the data slices represents the same original data portion, but each is encoded so that no single data slice can be used to reconstruct the original data portion. Appropriate revision numbers are associated with each encoded data slice, and the encoded data slices and associated revision numbers are transmitted for storage in selected storage units of a distributed storage network. If write confirmations are received from at least a write threshold number of storage units, a commit command is transmitted so that the most recently written data slices will be available for access. After a commit command is issued, a current directory used to access the encoded data slices can be sliced, encoded, and stored in the same way as the data slices. | 05-05-2011 |
20110107114 | ELECTRONIC DEVICE AND METHOD FOR SECURITY MONITORING THEREOF - A method for security monitoring of an electronic device includes determining whether a storage system of the electronic device is a secured storage system according to a signal of a first switch of the electronic device, determining whether an encryption key of the secured storage system is modifiable according to a detected signal of a second switch of the electronic device. Decrypting the secured storage system using a decryption key if the decryption key is the same as a preset decryption key in the secured storage system. | 05-05-2011 |
20110113259 | RE-KEYING DURING ON-LINE DATA MIGRATION - A method of migrating data comprises migrating source encrypted data from a source storage device to a target storage device and re-keying while migrating the source encrypted data. The method further comprises while re-keying and migrating the source encrypted data, performing an access request to the source encrypted data apart from the migrating and re-keying. | 05-12-2011 |
20110113260 | Block Encryption Security for Integrated Microcontroller and External Memory System - A secure microcontroller system comprising an integrated cache sub-system, crypto-engine, buffer sub-system and external memory is described according to various embodiments of the invention. The secure microcontroller incorporates block encryption methods to ensure that content communicated between the integrated microcontroller and external memory is protected and real-time performance of the system is maintained. Additionally, the microcontroller system provides a user-configurable memory write policy in which memory write protocols may be selected to balance data coherency and system performance. | 05-12-2011 |
20110119503 | COPY-PROTECTED SOFTWARE CARTRIDGE - A cartridge preferably for use with a game console. The cartridge comprises a ROM, a non-volatile memory, a processor and an encryption unit. An application running on the console may read data from the ROM, read data from the non-volatile memory, and write data in the non-volatile memory. Data to be written in the non-volatile memory is encrypted by the encryption unit, but data to be read is returned in encrypted form for decryption by a decryption function of the game application. Data may also be received encrypted to be decrypted and returned. The encryption or decryption unit may also receive data from the non-volatile memory and send it to the interface. The invention improves on the prior art copy protection as a hacker must reverse engineer the game application in order to copy it, if the encryption unit is unknown. The invention also provides an optical medium equipped with a RFID circuit. | 05-19-2011 |
20110119504 | CONTENT PROTECTING METHOD, CONTENT REPRODUCING APPARATUS, AND PROGRAM - A content reproducing apparatus includes a viewing expiration time determining unit which determines lapse of a viewing expiration time, a decryption key temporary storage unit which temporarily stores a decryption key, a decryption key moving unit which moves the decryption key from a recording medium to the decryption key temporary storage unit and returns the decryption key onto the recording medium, and a content protection control unit which controls the movement and the return of the decryption key. The content protection control unit performs control to move, when a reproduction start instruction is received, the decryption key from the recording medium to the decryption key temporary storage unit, return, when the reproduction of the content ends, the decryption key onto the recording medium when the viewing expiration time has not lapsed, and not return the decryption key onto the recording medium if the viewing expiration time has lapsed. | 05-19-2011 |
20110119505 | SAVING AND RETRIEVING DATA BASED ON PUBLIC KEY ENCRYPTION - In accordance with certain aspects, data is received and a digital signature is generated and output. The digital signature can be a digital signature of the data and one or more conditions that are to be satisfied in order for the data to be revealed, or a digital signature over data generated using a private key associated with a bound key that is bound to one or more processors. | 05-19-2011 |
20110126026 | EFFICIENT STORAGE OF ENCRYPTED DATA IN A DISPERSED STORAGE NETWORK - A method begins with a processing module obtaining data to store and determining whether substantially similar data to the data is stored. When the substantially similar data is not stored, the method continues with the processing module generating a first encryption key based on the data, encoding the first encryption key into encoded data slices in accordance with an error coding dispersal storage function, and storing the encoded data slices in a dispersed storage network (DSN) memory. The method continues with the processing module encrypting the data using an encryption key of the substantially similar data in accordance with an encryption function to produce encrypted data, compressing the encrypted data in accordance with a compression function to produce compressed data, storing the compressed data when the substantially similar data is stored. | 05-26-2011 |
20110126027 | SECURE SEED MEDIA - Accessing a data set with secret and non-secret data. A method includes accessing a data set image. The data set image comprises secret data. The data set image is derived from an authorized data set associated with a master key that authorizes access to the secret data. The master key is not provided with the data set image. The method further comprises restoring the data set image to a computing system to create a degraded data set. Data in the degraded data set other than the secret data is accessed without restoring the master key. | 05-26-2011 |
20110145600 | NONVOLATILE MEMORY INTERNAL SIGNATURE GENERATION - A nonvolatile memory device generates a signature using a private key and contents within the memory device. The signature is stored in a secure area within the nonvolatile memory device. A processor having the same private key also generates a signature that is stored in the clear. The processor validates the contents of the nonvolatile memory by comparing the signatures. | 06-16-2011 |
20110145601 | METHOD FOR OPERATING A SECURITY DEVICE - A method for operating a security device includes a microcontroller, a protected memory area, in which at least one item of protection-worthy information is stored, and a unit, the microcontroller being connected to the protected memory area via the unit, the at least one item of protection-worthy information being accessed by the microcontroller via the unit when the method is carried out. | 06-16-2011 |
20110145602 | SYSTEMS AND METHODS FOR SECURE TRANSACTION MANAGEMENT AND ELECTRONIC RIGHTS PROTECTION - The present invention provides systems and methods for secure transaction management and electronic rights protection. Electronic appliances such as computers equipped in accordance with the present invention help to ensure that information is accessed and used only in authorized ways, and maintain the integrity, availability, and/or confidentiality of the information. Such electronic appliances provide a distributed virtual distribution environment (VDE) that may enforce a secure chain of handling and control, for example, to control and/or meter or otherwise monitor use of electronically stored or disseminated information. Such a virtual distribution environment may be used to protect rights of various participants in electronic commerce and other electronic or electronic-facilitated transactions. Distributed and other operating systems, environments and architectures, such as, for example, those using tamper-resistant hardware-based processors, may establish security at each node. These techniques may be used to support an all-electronic information distribution, for example, utilizing the “electronic highway.” | 06-16-2011 |
20110154060 | IMPLEMENTING SECURE ERASE FOR SOLID STATE DRIVES - A method and apparatus are provided for implementing secure erase for solid state drives (SSDs). An encryption key is used to encrypt data being written to SSD. A controller identifies a key storage option, and responsive to the identified key storage option, stores a key for data encryption and decryption. The controller deletes the key within the SSD responsive to the identified key storage option, ensuring that once the key is deleted, the key is not recoverable and data is effectively erased. | 06-23-2011 |
20110154061 | DATA SECURE MEMORY/STORAGE CONTROL - A method includes encrypting, in a security engine associated with a memory/storage controller of a memory/storage device in a data processing device, a pre-encrypted/unencrypted data stream associated with a multimedia content in accordance with a data write request to transfer the pre-encrypted/unencrypted data stream to the memory/storage device using a security key configured to uniquely identify the data processing device during each data write session and a security flag configured to uniquely identify each data write session during a secure mode of operation. The method also includes transmitting the security engine encrypted data stream to the memory/storage device in accordance with the data write request, and decrypting the security engine encrypted data stream using the security key and the security flag in accordance with a data read request to read the security engine encrypted data stream stored in the memory/storage device. | 06-23-2011 |
20110154062 | PROTECTION OF ELECTRONIC SYSTEMS FROM UNAUTHORIZED ACCESS AND HARDWARE PIRACY - A method of designing an electronic system is provided to protect the electronic system from unauthorized access and hardware piracy. The method includes describing the electronic system in a first design and replacing a portion of the electronic system with a reconfigurable module to generate a second design. The reconfigurable module includes a reconfigurable logic block and a configuration block for storing configuration data. The method also includes encrypting configuration data and saving the encrypted configuration data separately from the reconfigurable module. The reconfigurable logic block is configured to correspond to the portion of the electronic system in the first design when the configuration data is loaded in the configuration block. | 06-23-2011 |
20110154063 | INFORMATION MANAGEMENT SYSTEM, INFORMATION MANAGEMENT METHOD AND APPARATUS, AND ENCRYPTION METHOD AND PROGRAM - An information management system provided with an encrypting means for encrypting an original file to prepare an encrypted file, a data storage memory which stores the encrypted file, a decrypting means, a general memory, an information managing means for decrypting the encrypted file to an editable display file etc. and storing it in the general memory in a regular operational processing cycle, performing the required editing in the form of the display file etc., converting the display file etc. after editing to an encrypted file by the encrypting means, and storing this in the data storage memory, and an information management file which controls processing of or operations on the encrypted file by the information managing means. This standardizes information management at the different levels of an organization, managers, etc., enables secure protection and management of information contained in the different machinery and equipment, lightens the load of information management, prevents leakage of information, and preserves and protects files and prevents their destruction, tampering, and alteration. | 06-23-2011 |
20110161678 | CONTROLLER FOR CONTROLLING NAND FLASH MEMORY AND DATA STORAGE SYSTEM - According to one embodiment, a controller controlling a storage device connected to a host device and storing data includes a pseudorandom number generator, and a scramble circuit. The pseudorandom number generator generates a pseudorandom number based on identification information of the controller. The scramble circuit scrambles data received from the host device using the pseudorandom number. | 06-30-2011 |
20110161679 | TIME BASED DISPERSED STORAGE ACCESS - A method begins with a processing module receiving a data retrieval request and obtaining a real-time indicator corresponding to when the data retrieval request was received. The method continues with the processing module determining a time-based data access policy based on the data retrieval request and the real-time indicator and accessing a plurality of dispersed storage (DS) units in accordance with the time-based data access policy to retrieve encoded data slices. The method continues with the processing module decoding the threshold number of encoded data slices in accordance with an error coding dispersal storage function when a threshold number of the encoded data slices have been retrieved. | 06-30-2011 |
20110161680 | DISPERSED STORAGE OF SOFTWARE - A data de-duplication method begins by a processing module receiving a plurality of data storage requests from a plurality of requesting devices wherein a data storage request includes the data and a requester identifier (ID). The method continues with the processing module obtaining a data identifier (ID) for the data. For each of the plurality of data storage requests, the method continues with the processing module producing a requester storage record, dispersed storage error encoding the requester storage record to produce a set of encoded requester storage record slices, and sending the set of encoded requester storage record slices to a dispersed storage network (DSN) memory for storage therein. The method continues with the processing module dispersed storage error encoding at least a portion of the data to produce a set of encoded data slices and sending the set of encoded data slices to the DSN memory for storage therein. | 06-30-2011 |
20110161681 | DIRECTORY SYNCHRONIZATION OF A DISPERSED STORAGE NETWORK - A method begins by a processing module dispersed storage error encoding data to produce a set of encoded data slices and generating a transaction identifier regarding storage of the set of encoded data slices. The method continues with the processing module outputting a plurality of write request messages to a plurality of dispersed storage (DS) units, wherein each of the plurality of write request messages includes the transaction identifier and a corresponding one of the set of encoded data slices. The method continues with the processing module receiving write response messages from at least some of the DS units, wherein each of the write response messages includes a reference to the transaction identifier. The method continues with the processing module updating directory information regarding storage of the data to produce updated directory information when at least a write threshold number of the write response messages have been received. | 06-30-2011 |
20110167278 | Secure processor and a program for a secure processor - The instruction code including an instruction code stored in the area where the encrypted instruction code is stored in a non-rewritable format is authenticated using a specific key which is specific to the core where the instruction code is executed or an authenticated key by a specific key to perform an encryption processing for the input and output data between the core and the outside. | 07-07-2011 |
20110167279 | METHOD FOR PROTECTING A PROGRAMMABLE CRYPTOGRAPHY CIRCUIT, AND CIRCUIT PROTECTED BY SAID METHOD - A programmable cryptography circuit includes memory-based cells defining the logic function of each cell, integrating a differential network capable of carrying out calculations on pairs of binary variables, including a first network of cells implementing logic functions on the first component of the pairs and a second network of dual cells operating in complementary logic on the second component of the pair. A calculation step includes a precharge phase, in which the variables are put into a known state at the output of the cells, and an evaluation phase in which a calculation is made by the cells. A phase of synchronizing the variables is inserted before the evaluation phase or the precharge phase in each cell capable of receiving several signals conveying input variables, the synchronization being carried out on the most delayed signal. | 07-07-2011 |
20110173458 | Secure portable data storage device - A portable memory device for use with a host device includes an array of non-volatile memory and a memory controller for performing memory access operations. A processor issues an authorization challenge to a host device prior to enabling external access to the memory. Upon receipt of a valid authorization from the host device, access is enabled. In one embodiment, the processor preconditions at least one signal in the interface between the host device and the memory controller. The preconditioning results in a desynchronization of synchronized signals applied at the memory device interface, thereby interfering with proper operation of the memory device. Attempts to access the memory device prior to authorization lead to intentional corruption of data stored in the memory. | 07-14-2011 |
20110173459 | BIOS LOCK ENCODE/DECODE DRIVER - Systems and methods for preventing the unauthorized access to data stored on removable media, such as software, include storing a predetermined signature in the area of non-volatile memory in a computer system. Upon initialization of the computer system, a check is made to verify the signature. Only if the signature is verified will decoding software operate. | 07-14-2011 |
20110173460 | INFORMATION PROCESSING DEVICE, METHOD, PROGRAM, AND INTEGRATED CIRCUIT - The aim is to provide high-speed data synchronization. To achieve the aim, in data synchronization using a plurality of key databases with respect to same data pieces, a key for one key database, which has been determined in advance, is used for updating the data piece managed under the other key database. This reduces the number of key decryption operations. A key management software | 07-14-2011 |
20110179290 | AUTHENTICATING A CHIP CARD INTERFACE DEVICE - A system is configured for authenticating a chip card interface device (CCID) during a transaction with the CCID. The system has a communication device configured for communicating with the CCID over a network and a processing device coupled with the communication device. The processing device is configured for receiving a transaction initiation communication from the CCID and instructing the communication device to communicate a request for authentication information including a random number to the CCID. The CCID encrypts the random number with a unique chip key (UCK) previously created with a master chip key (MCK). Then, the CCID communicates the encrypted random number to the system along with a serial number. The system recalculates the UCK using the serial number, encrypts a copy of the random number using the recalculated UCK and compares the encrypted copy with the encrypted random number received from the CCID to authenticate the CCID. | 07-21-2011 |
20110185192 | STORAGE SYSTEM, CONTROL METHOD THEREFOR, AND PROGRAM - It is made possible to correctly decrypt data in a storage area in a computer system (storage system) having various encryption execution sections (such as a storage device or encryption appliance having an encryption function). In the case where storage areas may be encrypted by the various encryption execution sections, there is a possibility that, when a storage area is copied or the configuration of the computer system is changed, the storage area cannot be correctly decrypted unless it is managed where the storage area has been encrypted or whether the storage area is not encrypted. To prevent this, a management computer manages the key and the encryption execution section for each storage area in the system. Furthermore, when copying a storage area or the like is performed, the management computer determines which storage area's state and key should be changed together with performing the copy operation is performed, and instructs the encryption execution section to change the state and key for the storage area if it is necessary to change it. | 07-28-2011 |
20110191598 | DOCK FOR A PORTABLE HARD DISK AND A METHOD FOR ACCESSING CONTENT ON A HOST DEVICE USING THE DOCK - There is provided a first dock for a portable hard disk, where the first dock is connectable to a host device. There is also provided a corresponding method for accessing content on the host device during use of the dock. It is advantageous that the host device is able to access content from portable hard disks that are docked with the first dock and a second dock. | 08-04-2011 |
20110191599 | Apparatus and method for providing hardware security - A technique to provide a hardware security module that provides a secure boundary for retention of a secure key within the secure boundary and prevention of unauthorized accesses from external sources outside of the secure boundary to obtain the secure key. The hardware security module includes a security processor to unwrap and authenticate a secure key within the secure boundary to decrypt or encrypt data and to provide data through a single interface that communicates with external sources, so that all data transfers between the secure boundary, formed by the hardware security module, and external sources are transferred only through the interface. The hardware security module ensures no unwrapped key leaves the secure boundary established by the hardware security module. | 08-04-2011 |
20110191600 | System, Method and device for playing back recorded audio, video or other content from non-volatile memory cards, compact disks, or other media - A secure software package for original equipment manufacturers to run in electronic devices in order to access and dynamically decrypt encrypted audio video or other content from a memory storage device such as a memory card, optical or hard disk such that the user interface of the device need only send simple commands and the decrypted content is output. | 08-04-2011 |
20110202776 | Storage Device Content Authentication - Systems and methods that support storage device content authentication are provided. A system that verifies storage device content received from a storage device may comprise, for example, a security processor coupled to the storage device. The security processor may be adapted to receive a partitioned storage device region from the storage device. The partitioned storage device region may comprise, for example, regional content and first hashed regional content. The security processor may generate, for example, second hashed regional content by performing a hashing function on the regional content received by the security processor. The security processor may compare, for example, the first hashed regional content to the second hashed regional content. The security processor may verify the regional content received by the security processor if the first hashed regional content is the same as the second hashed regional content. | 08-18-2011 |
20110208978 | METHODS, APPARATUSES, AND PRODUCTS FOR A SECURE CIRCUIT - Methods, systems, apparatuses and products are disclosed for providing security circuits. Exemplary embodiments including semiconductor chips on circuit boards are shown, together with application in a movie stick/movie player pair. | 08-25-2011 |
20110208979 | Method and Apparatus for Implementing Secure and Selectively Deniable File Storage - The invention concerns a method for writing data to a memory device arrangement comprising a first and a second memory device in which the first memory device comprises data blocks numbered with block numbers and the second memory device comprises at least one reference calculated from a data block digest and its physical block number. The invention is characterized in that it comprises the following steps: calculating the digest from at least part of the data block content, receiving at least one physical block number, to which the data block contents in the first memory device is stored, encrypting the data block content, storing the data block content to the first memory device to the position pointed by the physical block number, and storing or issuing a command to save the digest, or a number derived from it, and at least one said physical block number to the second memory device. Also a system, a computer program and server computer in accordance to the invention are presented. | 08-25-2011 |
20110213989 | OPTICAL STORAGE MEDIA AND THE CORRESPONDING CRYPTOGRAPHY FOR DATA ENCRYPTION THEREOF - Based on the demand of developing a data encryption technique for the optical storage media, the present invention discloses a cryptography for data encryption based on a design of specific hardware conditions, so as to achieve the security requirements for the encrypted digital data stored in the optical storage media and the design requirements for the security issues on the optical storage media for software vendors in the current market. | 09-01-2011 |
20110213990 | APPARATUS AND METHOD FOR CONTENT PROTECTION USING ONE-WAY BUFFERS - Method and apparatus for content protection using one-way buffers. In one embodiment, the method includes storage of content decrypted by a host processor within a reserved range of memory. In one embodiment, a peripheral device requires the host processor to decrypt the received content for playback by the peripheral device. The decrypted content is stored within a reserved range of memory that is not accessible by malicious software. Hence, content is transferred from the reserved range of memory to a device driver of the peripheral device. In one embodiment, access to the reserved range of memory consists of write-only access by the host processor and read-only access by the peripheral device. In one embodiment, prior to storage of the content within the reserved range of memory, the content is re-encrypted prior to storage and decryption prior to transfer to the peripheral device. Other embodiments are described and claimed. | 09-01-2011 |
20110219241 | ENCRYPTION PROGRAM OPERATION MANAGEMENT SYSTEM AND PROGRAM - According to one embodiment, an encryption program operation management system includes an encryption key table creation module which creates encryption keys and creates an encryption key table including encrypted versions of the encryption keys and items of plaintext index information for recognizing the encryption keys, and an installation package creation module which creates an installation package including an encryption program, the encryption key table, and an installation program for installing the encryption program into a computer. The installation program causes the computer to carry out an operation of selecting one of the encrypted versions of encryption keys and an operation of creating and storing encryption key information including the selected one of the encrypted versions of encryption key and one of the items of plaintext index information associated with the selected one of the encrypted versions of encryption keys. | 09-08-2011 |
20110219242 | METHOD AND SYSTEM FOR MANAGING SECURE CODE LOADING IN PC-SLAVE DEVICES - A secure processor in a PC-slave device may manage secure loading of execution code and/or data, which may be stored, in encrypted form, in a PC hard-drive. The secure processor may cause decryption of the execution code and/or data by the PC-slave device, and storage of the decrypted execution code and/or data in a restricted portion of a memory that is dedicated for use by the PC-slave device, with the restricted portion of the dedicated memory being only accessible by the PC-slave device. The secure processor may validate decrypted execution code and/or data. The secure processor may block operations of a main processor in the PC-slave device during secure loading of execution code and/or data, and may discontinue that blocking after validating the decrypted execution code and/or data. The secure processor may store encryption keys that are utilized during decryption of the encrypted execution code and/or data. | 09-08-2011 |
20110246790 | SECURED REMOVABLE STORAGE DEVICE - This present disclosure combines a data storage drive, such as flash-based USB drive or a SSD drive with redundant, multiple levels of security protection. In an embodiment, the security protection includes password protection, fingerprint recognition, and real-time data encryption. The biometric sensors may be integrated into the storage device without substantially adding weight and size. Further, the secured device may have a built-in internal power source to self-sustain the protection without having to connect to a host device or an external power source. Thus, it is possible to remotely track the location of the secured device and disable or enable the security protection or manage the security setups. | 10-06-2011 |
20110246791 | MEMORY CHIP, INFORMATION STORING SYSTEM, AND READING DEVICE - According to one embodiment, a memory chip, which is connected to a writing device that writes data and to a reading device that reads data, includes: a memory including a first area that is a predetermined data storage area; a second encryption key generating unit that receives second key information stored in the reading device and generates a third key; and a sending unit that transmits, to the reading device, second encrypted data obtained by encrypting data stored in the memory using the third key. The second encrypted data is received by the reading device and is decrypted by using a fourth key that is stored in the reading device and that corresponds to the third key. | 10-06-2011 |
20110246792 | METHOD, SYSTEM AND MEDIUM FOR ANALOG ENCRYPTION IN A FLASH MEMORY - A system and method for analog encryption and decryption. A threshold level encryption key stream is generated and a programming level for each bit of a cipher data stream, with each bit having a one or zero state, is determined, where a threshold for distinguishing between the one or zero state for each bit varies based on a corresponding entry in the threshold level encryption key steam. Each bit of the cipher data stream in a cell of a memory is programmed based on the programming level. | 10-06-2011 |
20110258462 | METHOD, SYSTEM AND INTEGRATED CIRCUIT FOR ENABLING ACCESS TO A MEMORY ELEMENT - A system comprises signal processing logic that is operably coupled to at least one memory element and is arranged to enable access to the at least one memory element. The signal processing logic is arranged to receive a security key, generate a system key using the received security key and a system specific seed, perform a comparison of the generated system key to a reference key stored in an area of memory of the at least one memory element. The signal processing logic is also arranged to configure a level of access to the at least one memory element based at least partly on the comparison of the generated system key to the reference key stored in memory. | 10-20-2011 |
20110264925 | SECURING DATA ON A SELF-ENCRYPTING STORAGE DEVICE - Disclosed embodiments relate to a method for securing data on a self-encrypting storage device. The method may comprise, for example, receiving, by a self-encrypting storage device, information indicating a procedure for securing data stored on the self-encrypting storage device and selecting, by the self-encrypting storage device, a procedure for securing data stored on the self-encrypting storage device based on the received information. The procedure may comprise replacing data stored on the self-encrypting storage device or deleting a decryption key associated with data stored on the self-encrypting storage device. In one embodiment, the method further involves performing, by the self-encrypting storage device, the selected procedure. | 10-27-2011 |
20110264926 | USE OF A SECURE ELEMENT FOR WRITING TO AND READING FROM MACHINE READABLE CREDENTIALS - A method for conducting secure communications with credential cards using existing reader/writer hardware that enhances the security of the provisioning process is provided. The method moves the sensitive data contained in these communications together with the program that uses this sensitive data for the purpose of interacting with a credential card inside a secure computational element such as an integrated circuit card. The provisioning program inside the secure element issues commands to readers/writers of existing art in order to establish secure communication with the credential card and then uses the secure channel so created for the purpose of direction communication between the secure computation element and the credential card. | 10-27-2011 |
20110271121 | DATA PROCESSING APPARATUS, DATA PROCESSING SYSTEM, AND METHOD FOR CONTROLLING THE SAME - A data processing apparatus acquires content, generates an encryption key by using an initial value written in an unwritten memory block in a write-once recording medium, encrypts the content by using the encryption key, and writes to the write-once recording medium the encrypted content and an address table for identifying the memory block storing the initial value used for generating the encryption key. | 11-03-2011 |
20110276809 | Method of Storing Data in a Memory Device and a Processing Device for Processing Such Data - In a method of storing data in a memory device, which data comprise content to be processed in a processing device in which the memory device is installed, the method comprises the steps of writing encrypted content (Enc_K | 11-10-2011 |
20110296207 | Combinative encryption flash disk - A combinative encryption flash disk with two data disks and an encryption system at least for digital data encrypted and accessed via an operating system is characteristic of (1) Function of keeping digital data secret and safe; (2) Consumer's reduced cost and a specific plug-in sequence for a promoted secrecy function by two cascaded data disks at least plugged into a single port; (3) Plain interface and simple operation in favor of one user configuring and operating. | 12-01-2011 |
20110302428 | METHOD, SYSTEM AND MEDIUM FOR ANALOG ENCRYPTION IN A FLASH MEMORY - A system and method for analog encryption and decryption, in which the encryption and encoding processes are interrelated, such that by failing to decrypt the retrieved data, decryption fails. | 12-08-2011 |
20110314304 | MASS STORAGE DEVICE MEMORY ENCRYPTION METHODS, SYSTEMS, AND APPARATUS - Mass storage devices and methods for securely storing data are disclosed. The mass storage device includes a communication interface for communicating with a connected host computer, a mass-memory storage component for storing data, a secure key storage component adapted to securely store at least one master secret, and an encryption-decryption component different from the secure key storage component and connected to the secure key storage component and the mass-memory storage component. The encryption-decryption component may be adapted to encrypt data received from the host computer using an encryption algorithm and at least one encryption key and to write the encrypted data into the mass-memory storage component. The encryption-decryption component may also be adapted to decrypt encrypted data stored in the mass-memory storage component for returning the data to the host computer in response to a read data command from the host computer using a decryption algorithm and at least one decryption key the security of which is protected using a master secret securely stored in the secure key storage component. | 12-22-2011 |
20120005485 | STORAGE DEVICE AND INFORMATION PROCESSING APPARATUS - According to one embodiment, a storage device includes a data storage unit, a receiving unit, a selecting unit, and an authenticating unit. The data storage unit includes a secret area that becomes readable when authentication has been made by using reading authentication information and that becomes writable when authentication has been made by using writing authentication information. The receiving unit receives an access request that is either a write request indicating that data should be written into the secret area or a read request indicating that data should be read from the secret area. The selecting unit selects the writing authentication information if the access request is the write request and selects the reading authentication information if the access request is the read request. The authenticating unit authenticates an access to the secret area by using one of the writing authentication information and the reading authentication information that has been selected. | 01-05-2012 |
20120005486 | METHOD OF PROCESSING DATA TO ENABLE EXTERNAL STORAGE THEREOF WITH MINIMIZED RISK OF INFORMATION LEAKAGE - A method is provided to process data so that the data can be externally stored with minimized risk of information leakage. A framework (virtual execution framework) based on virtual machines (VMs) is utilized as a substitute for a trusted institution. Encryption of consolidated data can reduce risk of information leakage and enhance security. Since the virtual execution framework can control connection and direction of communication, financial institutions are allowed to apply encryption to data on their own, which makes the data further appropriate for external storage. By allowing financial institutions to apply their own decryption, it is possible to prevent one of two financial institutions from retrieving externally stored data into the external execution framework without intervention of the other. Additionally, associated acting subjects can be provided with freedom depending on the degree of information leakage risk. | 01-05-2012 |
20120005487 | IMAGE CAPTURE APPARATUS - An image capture apparatus captures an image, and performs an authentication process with an external device. The image capture apparatus encrypts a captured image to generate an encrypted image if the authentication unit succeeds in performing the authentication process, and stores the encrypted image in a recording medium. The image capture apparatus displays whether the authentication unit succeeded in performing the authentication process, and whether the external device includes key information used in encrypting the captured image. | 01-05-2012 |
20120005488 | ENCRYPTION PROCESSOR OF MEMORY CARD AND METHOD FOR WRITING AND READING DATA USING THE SAME - An encryption processor, for storing encrypted data in a memory chip of a memory card, includes a FIFO memory for sequentially outputting m-bit data in response to a first signal, and an encryption key generator for generating m-bit encrypted keys (m being a positive integer) in response to a second signal and for sequentially outputting the keys in response to a third signal. A logic operator performs a logic operation on the data from the FIFO memory with the keys from the encryption key generator during a data write operation to sequentially encrypt the data. The logic operator performs a logic operation on the encrypted data received from a memory interface with the keys output from the encryption key generator during a data read operation in order to sequentially decode the encrypted data. The second signal is simultaneously generated with one of the write command or the read command. | 01-05-2012 |
20120011372 | Encryption flash disk - An encryption flash disk comprises a memory module, an encryption system, and a switch device wherein the memory module has a substrate accommodating an inner surface provided with a memory chip as well as a control device at least and a plurality of metal contacts; the encryption system is installed in the memory chip electrically connected to the control device and comprises a public zone and a private zone at least and a public program wherein the public program has a password configure module used to configure, input, and clear a password; the switch device is electrically connected to the memory module's control device. Accordingly, the encryption flash disk is capable of keeping digital data secret and safe. | 01-12-2012 |
20120011373 | System and Method for Secure Device Key Storage - Disclosed are systems and methods for protecting secret device keys, such as High-bandwidth Digital Content Protection (HDCP) device keys. Instead of storing secret device keys in the plain, a security algorithm and one or more protection keys are stored on the device. The security algorithm is applied to the secret device keys and the one or more protection keys to produce encrypted secret device keys. The encrypted secret device keys are then stored either on chip or off-chip. | 01-12-2012 |
20120011374 | DATA SECURITY FOR DIGITAL DATA STORAGE - A computing system includes data encryption in the data path between a data source and data storage devices. The data encryption may utilize a key which is derived at least in part from an identification code stored in a nonvolatile memory. The key may also be derived at least in part from user input to the computer. | 01-12-2012 |
20120011375 | Multimedia Storage Systems and Methods - An article of manufacture includes a machine-readable medium that stores a multimedia content file in a first format and multiple program sets. Each program set is a version of software that, when executed by a respective electronic system, produces the multimedia content file in a second format for use in the respective electronic system. A first program set is compatible with a first operating system executed by a first electronic system and a second program set is compatible with a second operating system executed by a second electronic system. The second operating system is distinct from the first operating system. | 01-12-2012 |
20120017098 | Computer Memory With Cryptographic Content Authentication - A computer memory with cryptographic content authentication that provides a means of verifying that the contents of the memory are those intended. | 01-19-2012 |
20120023338 | MEMORY CONTROL DEVICE, SEMICONDUCTOR MEMORY DEVICE, MEMORY SYSTEM, AND MEMORY CONTROL METHOD - A technique for improving data security is provided. To be specific, in a memory system including an information processing apparatus and a semiconductor memory device, the semiconductor memory device has an interface section that transmits, to the information processing apparatus, data read out from a memory core according to a plurality of communication protocols having different signal transmission/reception methods. Based on a switch command inputted from the information processing apparatus, a communication protocol selection section inputs, to the interface section, a selection signal for selecting a particular communication protocol from the plurality of communication protocols. | 01-26-2012 |
20120036373 | Method system and device for secure firmware programming - The present invention provides a secure firmware programming technique wherein a corrupted version of the binary image code to be programmed in microcontroller devices is loaded into a modified programmer device which is adapted to receive the corrupted binary image code, transfer code sections of the corrupted binary image code to the memory of the programmed microcontroller, restore corrupted code sections of the corrupted binary image code and transfer them to the programmed microcontroller in order to restore the binary image code stored therein into its original executable state. | 02-09-2012 |
20120060040 | FLASH MEMORY DISTRIBUTION OF DIGITAL CONTENT - Methods, apparatuses, and computer-readable media for distributing digital content. One embodiment comprises an apparatus comprising: a device ( | 03-08-2012 |
20120066517 | DISPERSED SECURE DATA STORAGE AND RETRIEVAL - A computer-implemented method that includes secure storage and retrieval of data is described herein. | 03-15-2012 |
20120066518 | CANISTER-BASED STORAGE SYSTEM SECURITY - Security is provided for a data set stored in a data storage canister. The data set has a data size when received for storage within the canister. At least one data security operation is performed on the received data set to generate secure data having a secure data size that may be different than the set data size. The secure data is stored on at least one data storage device within the canister. Any information about the secure data size is kept from the data producer sending the data set for storage. | 03-15-2012 |
20120079288 | SECURE HOST AUTHENTICATION USING SYMMETRIC KEY CRYTOGRAPHY - Methods of securely authenticating a host to a storage system are provided. A series of authentication sessions are illustratively performed. Each of the authentication sessions includes the host transmitting an authentication request to the storage system. The storage system authenticates the host based at least in part upon a content of the authentication request. After each successful authentication of the host to the storage system, an encryption key that was utilized in encrypting the authentication request that was transmitted to the storage system is deleted. After each encryption key deletion, a new encryption key that is different than the previous key is optionally stored and is utilized in the next authentication session. | 03-29-2012 |
20120079289 | SECURE ERASE SYSTEM FOR A SOLID STATE NON-VOLATILE MEMORY DEVICE - A secure erase system for a solid state memory device is disclosed. A memory area provides a data block for storing data and a key block for storing at least one key. A translation unit maps a logical address to a physical address associated with the memory area. An encryption unit encrypts plaintext data to be written to the memory area with the associated key and decrypts the encrypted data to be read by a host with the associated key. The key associated with a logical erase group to be secure erased is deleted after receiving a command requesting to erase the data associated with the logical erase group. | 03-29-2012 |
20120084573 | SECURITY PROTECTION FOR MEMORY CONTENT OF PROCESSOR MAIN MEMORY - Subject matter disclosed herein relates to memory devices and security of same. | 04-05-2012 |
20120084574 | INFORMATION STORAGE APPARATUS, INFORMATION STORAGE METHOD, AND ELECTRONIC DEVICE - According to one embodiment, there is provided an information storage apparatus, including: a plurality of nonvolatile memories configured to store encryption information so that the stored encryption information are read out therefrom; a plurality of encryption processing modules provided correspondingly with the respective memories, and configured to encrypt the information to be stored in the memories and to decrypt the encryption information read out from the memories; and a storage processing module configured to collectively store a plurality of key information that are utilized when the encryption processing modules encrypt the information to be stored or decrypt the encryption information read out. | 04-05-2012 |
20120096284 | CONTENT DATA REPRODUCTION SYSTEM AND RECORDING DEVICE - To exclude any unauthorized device from a system and thereby prevent illegal use of content data, a memory card | 04-19-2012 |
20120102337 | STORAGE MEDIUM HAVING AN ENCRYPTING DEVICE - A storage medium having an encrypting device, including an electronic memory area, a read-in device, a read-out device, a key memory, in which a secret key is or can be stored, an encrypting device, and a decrypting device. The read-in device is designed to encrypt any data input at the interface for storage in the memory area using the key stored in the key memory and to store said encrypted data in the memory area. The read-out device has a direct read-out channel, by means of which stored encrypted data can be output to the interface in encrypted form by circumventing the decrypting device, and a decrypting read-out channel, by means of which stored encrypted data in the memory area can be decrypted by means of the decrypting device using the key stored in the key memory or a decryption key stored in the key memory and corresponding to the key and can be output to the interface in decrypted form. | 04-26-2012 |
20120124394 | System and Method for Providing a Virtual Secure Element on a Portable Communication Device - A system for providing a virtual secure element on a portable communication device having a secured element. The system comprising memory; a card management module operably associated with the secure element providing an application programming interface to the secure element and controlling writing to and reading from at least a portion of the memory; a virtual encryption key preferably stored within the secured element; and an encryption engine capable of encrypting data before its placed in the memory and decrypting that data using the virtual encryption key. | 05-17-2012 |
20120144209 | METHODS FOR PROCESS KEY ROLLOVER/RE-ENCRYPTION AND SYSTEMS THEREOF - A method according to one embodiment includes defining a new encryption band with a length that is consistent with a redundant array of inexpensive disks (RAID) parity strip; freeing a working extent in a working stride on the RAID. In an iterative process until each stride in a source band is depleted of data: marking a source extent in a source stride from which to gather data to be re-encrypted; marking parity inconsistent in the working stride in the new encryption band; performing a second iterative process; and freeing the working extent. The second iterative process is performed until each extent in a source stride is depleted of data. Additional systems, methods and computer program products are also presented. | 06-07-2012 |
20120144210 | ATTRIBUTE-BASED ACCESS-CONTROLLED DATA-STORAGE SYSTEM - The current application is directed to computationally efficient attribute-based access control that can be used to secure access to stored information in a variety of different types of computational systems. Many of the currently disclosed computationally efficient implementations of attribute-based access control employ hybrid encryption methodologies in which both an attribute-based encryption or a similar, newly-disclosed policy-encryption method as well as a hierarchical-key-derivation method are used to encrypt payload keys that are employed, in turn, to encrypt data that is stored into, and retrieved from, various different types of computational data-storage systems. | 06-07-2012 |
20120151223 | METHOD FOR SECURING A COMPUTING DEVICE WITH A TRUSTED PLATFORM MODULE-TPM - Methods, systems and computer program products for securing a computing device with data storage, power-on firmware—BIOS, geolocation and mobile data module—GPS/GSM, and a Trusted Platform Module—TPM, including establishing a shared-secret between the BIOS and the TPM, requesting the TPM to generate suitable encryption keys, namely for encrypting the data storage, supplying the user of the computing device suitable keys for external storage, calculating a hash-based message authentication codes over the BIOS, MBR, unique ID of the TPM, unique ID of the GPS/GSM module and unique ID of the BIOS; using user provided password and/or token device; using mobile data messages to secure the device if misplaced. | 06-14-2012 |
20120151224 | SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object. | 06-14-2012 |
20120159195 | WRITING APPLICATION DATA TO A SECURE ELEMENT - Systems, methods, computer programs, and devices are disclosed herein for partitioning the namespace of a secure element in contactless smart card devices and for writing application data in the secure element using requests from a software application outside the secure element. The secure element is a component of a contactless smart card incorporated into a contactless smart card device. A control software application resident in the same or a different secure element provides access types and access bits, for each access memory block of the secure element namespace, thereby portioning the namespace into different access types. Further, a software application outside the secure element manages the control software application by passing commands using a secure channel to the secure element, thereby enabling an end-user of the contactless smart card device or a remote computer to control the partitioning and use of software applications within the secure element. | 06-21-2012 |
20120159196 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND PROGRAM - A content providing system includes: a server which provides to a host apparatus a first encrypted content including an encrypted area having applied thereto a replacement key; a host apparatus which receives the first encrypted content and replacement key application area information indicating the encrypted area having applied thereto the replacement key from the server; and a data storage device which receives the replacement key from the server and an individual key set in terms of content distribution processing from the server and performs key replacement processing for changing the replacement key application area of the first encrypted content to an encrypted area by the individual key to store a second encrypted content after the key replacement processing in a data recording area. | 06-21-2012 |
20120159197 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. | 06-21-2012 |
20120166817 | Secured Data Display Method, Data Storage Device and Encryption Chip Card - The present invention discloses secured data display method capable of non-intrusively and non-destructively displaying secured data in a secured data storage device of an encryption system. The secured data display method includes steps of receiving and storing a secured data transmitted via a first encryption mechanism according to a first communication protocol, and receiving an output data transmitted by a data access device of the encryption system according to a second communication protocol. The secured data and the output data comprise a same content. | 06-28-2012 |
20120166818 | SYSTEMS AND METHODS FOR SECURE MULTI-TENANT DATA STORAGE - Systems and methods are provided for transmitting data for secure storage. For each of two or more data sets, a plurality of shares are generated containing a distribution of data from an encrypted version of the data set. The shares are then stored in a shared memory device, wherein a data set may be reconstructed from a threshold number of the associated plurality of shares using an associated key. Also provided are systems and methods for providing access to secured data. A plurality of shares containing a distribution of data from an encrypted version of a data set are stored in a memory device. A client is provided with a virtual machine that indicates the plurality of shares, and the capability to reconstruct the data set from the plurality of shares using an associated key. | 06-28-2012 |
20120173885 | KEY MANAGEMENT USING TRUSTED PLATFORM MODULES - Described herein are techniques for distributed key management (DKM) in cooperation with Trusted Platform Modules (TPMs). The use of TPMs strengthens the storage and processing security surrounding management of distributed keys. DKM-managed secret keys are not persistently stored in clear form. In effect, the TPMs of participating DKM nodes provide security for DKM keys, and a DKM key, once decrypted with a TPM, is available to be used from memory for ordinary cryptographic operations to encrypt and decrypt user data. TPM public keys can be used to determine the set of trusted nodes to which TPM-encrypted secret keys can be distributed. | 07-05-2012 |
20120173886 | ELECTRONIC DEVICE WITH A FILE AUTHORIZATION MANAGEMENT FUNCTION AND METHOD THEREOF - An electronic device for managing file authorization is provided. The electronic device stores encrypted files. Each encrypted file presets a predetermined password. When receiving an operation signal of one of the encrypted file, the electronic device determines whether the operation signal matches the predetermined password of the selected file. The electronic device processes the file in response to the operation signal if the input matches the predetermined password of the selected file, and does not respond to the operation of the selected file if the input does not match the predetermined password of the selected file. | 07-05-2012 |
20120173887 | METHOD AND SYSTEM FOR PROVIDING DATA FIELD ENCRYPTION AND STORAGE - An approach is provided for securely storing and managing sensitive data. A system and method are provided that include a central device that receives an actual data value from a requestor, encrypts the actual data value, obtains a replacement value for the encrypted actual data value, obtains a secondary replacement value based on the encrypted actual data value, and transmits the replacement value to the requestor for storage by the requestor. The system and method also includes a storage device for storing the secondary replacement value in association with the encrypted actual data value at a secure location. The requestor can later use the replacement value to retrieve the actual data value from the central device. | 07-05-2012 |
20120179919 | SECURING IMPLEMENTATION OF A CRYPTOGRAPHIC PROCESS HAVING FIXED OR DYNAMIC KEYS - In the field of computer enabled cryptography, such as a keyed block cipher having a plurality of rounds, the cipher is hardened against attack by protecting the round keys by (1) combining several cipher operations using a pair of sub-keys (round keys) into one table look-up, or (2) a key masking process which obscures the round keys by providing a masked version of the key operations for carrying out encryption or decryption using the cipher. This approach is especially advantageous in an insecure “White Box” environment where an attacker has full access to execution of the cipher algorithm, including the algorithm's internal state during its execution. | 07-12-2012 |
20120179920 | SECURING CRYPTOGRAPHIC PROCESS KEYS USING INTERNAL STRUCTURES - In the field of cryptography, such as for a computer enabled block cipher, a cipher or other cryptographic process is hardened against an attack by protecting the cipher key or subkeys by using a masking process for these keys. The subkeys are thereby protected by applying to them a mask or set of masks to hide their contents. This is especially advantageous in a “White Box” computing environment where an attacker has full access to the cipher algorithm, including the algorithm's internal state during execution. Further, this method and the associated apparatus are useful where the key is derived through a process and so is unknown when the software code embodying the cipher is compiled. This is typically the case where there are many users of the cipher and each has his own key or where each user session has its own key. | 07-12-2012 |
20120185701 | DOCUMENT SECURITY SYSTEM AND METHOD - A method and system for document security are described. The method decrypts a key-map file located a composite document with embedded access control, decrypts a content part from the composite document with embedded access control, wherein the key-map file provides a key to access the content part, loads the content part in decrypted form into a document serialization maintained in a transient memory where the content part in decrypted form is maintained exclusively in the transient memory, and erases the content part in decrypted form upon termination of a program to access the decrypted content part from the document serialization. | 07-19-2012 |
20120185702 | STORAGE CONTROL APPARATUS TO WHICH THIN PROVISIONING IS APPLIED - A storage control apparatus stores a device attribute that indicates whether a physical storage device that is made to be a basis of a pool of a creation target is an encryption device (a physical storage device that is provided with an encryption function) or an unencryption device (a physical storage device that is not provided with an encryption function) as a pool attribute for the pool. In the case in which a pool attribute that has been stored for a pool with which a virtual volume that is a virtual logical volume of a creation target is associated indicates both of an encryption and an unencryption, the storage control apparatus associates the virtual volume of a creation target with a physical storage device that conforms to an attribute that has been specified as a volume attribute of the virtual volume of a creation target among an encryption device and an unencryption device that are a basis of a pool of the associated destination. The storage control apparatus stores a volume attribute of the virtual volume of a creation target. | 07-19-2012 |
20120198243 | PROGRAM EXECUTION DEVICE - A program execution device capable of protecting a program against unauthorized analysis and alteration is provided. The program execution device includes an execution unit, a first protection unit, and a second protection unit. The execution unit executes a first program and a second program, and is connected with an external device that is capable of controlling the execution. The first protection unit disconnects the execution unit from the external device while the execution unit is executing the first program. The second protection unit protects the first program while the execution unit is executing the second program. | 08-02-2012 |
20120198244 | HARDWARE-BASED KEY GENERATION AND RECOVERY - A system and method of recovering encoded information contained in a device by storing and retrieving at least part of the necessary decoding data by setting and measuring the physical characteristics of the device. Storage and recovery options include, but are not limited to, measurement of electronic or optical characteristics of electrically or optically conductive portions of the device using a range of measurement techniques that include, but are not limited to, time-domain reflectometry. | 08-02-2012 |
20120204040 | AUTHENTICATING FERROELECTRIC RANDOM ACCESS MEMORY (F-RAM) DEVICE AND METHOD - An F-RAM authenticating memory device and method providing secure mutual authentication between a Host system and a memory in order to gain read/write access to the F-RAM user memory contents. The device and technique of the present invention uses an Advanced Encryption Standard AES128 encryption module in conjunction with a true hardware random number generator and basic exclusive OR (XOR) functions in order to achieve a secure algorithm with a relatively small amount of processing. Due to inherently faster write times than that of conventional floating gate non-volatile memory technologies, the use of F-RAM significantly reduces the time available to interfere with a critical security parameter (CSP) update. Moreover, unlike floating gate technologies, F-RAM's read vs. write current signature is balanced making it less prone to side channel attacks while also providing relatively faster erase times. | 08-09-2012 |
20120216052 | EFFICIENT VOLUME ENCRYPTION - A computer system comprises a first region including a base image in the form of machine readable code stored on a non-volatile storage medium, a second region including a machine image in the form of machine readable code stored on a non-volatile storage medium, and a deduplicator. The second region machine image comprises a base part sufficiently similar to the base image for deduplication, and a part special to the second region machine image. The first region base image and the second region machine image are deduplicated by the deduplicator. The second region special part is encrypted by full disk encryption using a key not available to the first region. Methods of, and computer programs for, implementing such a system are described. | 08-23-2012 |
20120221865 | METHOD AND APPARATUS FOR PROTECTING CACHED STREAMS - A system and method for protecting cached streamed data is disclosed. The method may include the steps of generating an encryption key from the streamed data itself, encrypting the streamed data stored in the storage device and requesting the portion of the streamed data from the content server again when later playback is desired so as to allow the content server to enforce access limitations or takedown policies relating to the streamed data. The method may also include procedures for handling key generation over reliable or unreliable protocols. | 08-30-2012 |
20120221866 | SYSTEM AND METHOD FOR SECURELY STORING FIRMWARE - A mechanism for creating secure storage for firmware for a computing device. A designated secure storage area holding firmware that is executable prior to a loading of an operating system for the computing device is created during a build of a ROM image. The creating marks one or more files as requiring encrypted storage and the one or marked files are combined during the build into the designated secure storage area. The designated secure storage area is located outside the ROM image and includes, during the build of the ROM image, a reference to the designated secure storage area in a build of firmware placed in the ROM image. The reference includes a flag indicating a current encrypted status of the designated secure storage area. | 08-30-2012 |
20120221867 | SECURE CACHING TECHNIQUE FOR SHARED DISTRIBUTED CACHES - The present invention relates to a secure caching technique for shared distributed caches. A method in accordance with an embodiment of the present invention includes: encrypting a key K to provide a secure key, the key K corresponding to a value to be stored in a cache; and storing the value in the cache using the secure key. | 08-30-2012 |
20120226915 | Content Playback APIS Using Encrypted Streams - One embodiment of the present invention sets forth a technique for decrypting digital content in a secure environment. The technique includes the steps of receiving a digital rights management (DRM) license associated with a first frame of encrypted data from a DRM server, where the DRM license includes a decryption key for decrypting the first frame of encrypted data, transmitting the DRM license to a secure content playback pipeline for storage, and transmitting the first frame of encrypted data to the secure content playback pipeline for decryption, where, in response to receiving the first frame of encrypted data, a trusted processing entity within the secure content playback pipeline decrypts the first frame of encrypted data based on the decryption key included in the DRM license to generate a first set of decrypted data and store the first set of decrypted data in a secure memory space. | 09-06-2012 |
20120226916 | PROTECTED HEALTH CARE DATA MARKETING SYSTEM AND METHOD - Personally-identifying, protected health information (“PHI”) is stored in encrypted form in protected data records, and hash values derived from the PHI are stored in associated search records. A healthcare marketer may identify market segments of individuals by querying the search records using hashed query predicates, identifying protected data records based on the search record results, and providing anonymized data-record results to the healthcare marketer. Once a market segment has been anonymously identified, the marketer may cause personalized marketing messages to be generated for individuals in the market-segment without the marketer having been exposed to PHI associated with those individuals. | 09-06-2012 |
20120226917 | Data Content Checking - A data content checker arrangement for protecting communication between a sensitive computer system ( | 09-06-2012 |
20120239943 | STORAGE SYSTEM, STORAGE CONTROL APPARATUS, AND STORAGE CONTROL METHOD - In a storage system, a storage apparatus has an encryption key generator and an encryption processor that encrypts data to be recorded in a storage region using an encryption key from the encryption key generator, and is able to change an encryption key for each divided region set in the storage region. A control apparatus has a logical volume setting unit that requests the encryption processor to set an individual divided region for each storage region set as a logical volume in the storage region of the storage apparatus and a data erasure processor that requests the encryption processor to change the encryption key used for encryption in the divided region corresponding to the logical volume to be erased. | 09-20-2012 |
20120239944 | Selective Encryption of Data Stored on Removable Media in an Automated Data Storage Library - In an automated data storage library, selective encryption for data stored or to be stored on removable media is provided. One or more encryption policies are established, each policy including a level of encryption, one or more encryption keys and the identity of one or more data cartridges. The encryption policies are stored in a policy table and the encryption keys are stored in a secure key server. A host requests access to a specified data cartridge and the cartridge is transported from a storage shelf in the library to a storage drive. Based on the identity of the specified cartridge, the corresponding encryption policy is selected from the table and the appropriate encryption key is obtained from the key server. The storage drive encrypts data in accordance with the key and stores the data on the media within the specified data cartridge. | 09-20-2012 |
20120246488 | BORN ENCRYPTED OPTICAL DATA - A device for generating a born encrypted optical file includes a photovoltaic matrix for converting an optical image into a digital file. The digital file is a collection of digital data that has not been processed by any image processing logic and thus cannot be used to directly generate a reproduced image of the object. An encryption logic converts the digital file into an encrypted digital file that can be exported from the device to an authorized device to create a decrypted digital file. This decrypted digital file is capable of being used by a display logic to display an image of the object. | 09-27-2012 |
20120246489 | ENCRYPTING AND STORING CONFIDENTIAL DATA - Data storage circuitry for securely storing confidential data and a data processing apparatus for processing and storing the data and a method are disclosed. The data storage circuitry comprises: a data store comprising a plurality of data storage locations for storing data; an input for receiving requests to access the data store; renaming circuitry for mapping architectural data storage locations specified in the access requests to physical data storage locations within the data store; encryption circuitry for encrypting data prior to storing the data in the data store, the encryption circuitry being configured to generate an encryption key in dependence upon a physical data storage location the data is to be stored in; and decryption circuitry for decrypting data read from the data store, the decryption circuitry being configured to generate a decryption key in dependence upon the physical data storage location the data is read from. | 09-27-2012 |
20120246490 | TAMPERING MONITORING SYSTEM, PROTECTION CONTROL MODULE, AND DETECTION MODULE - Tampering monitoring system | 09-27-2012 |
20120254629 | Read and Write Optimization for Protected Area of Memory - A system (and method) to update content of a secure area of a secure digital (SD) card is disclosed. The system performs a first authenticated key exchange to access the secure area of the secure digital memory. The system reads content from the secure area in response to successful performance of the first authenticated key exchange. The system modifies the content in a memory of a computer system. The system performs a second authenticated key exchange to access the secure area of the secure digital card in preparation to write to the secure area of the secure digital memory. The system then writes modified content to the secure area of the secure digital memory in response to successful performance of the second authenticated key exchange. | 10-04-2012 |
20120254630 | METHOD, HOST, STORAGE, AND MACHINE-READABLE STORAGE MEDIUM FOR PROTECTING CONTENT - Methods and apparatus are provided for protecting content of a storage. First authentication information regarding a first module is acquired. The first module is one of a plurality of modules included in the storage. The first module is authenticated based on first Unique Individual Information (UII) of the first module and the first authentication information. Second authentication information regarding a second module is acquired. The second module is another of the plurality of modules included in the storage. The second module is authenticated based on second UII of the second module and the second authentication information. Access to content stored in the storage is permitted when at least the first module and the second module are successfully authenticated. | 10-04-2012 |
20120278635 | Cascaded Data Encryption Dependent on Attributes of Physical Memory - Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location. | 11-01-2012 |
20120284534 | Memory Device and Method for Accessing the Same - A method is provided for accessing a memory device that stores a master key and at least one encrypted data file and that includes a data-key storage portion being encrypted using the master key and having at least one data key. In the method, a control unit is configured to receive a personal identification number (PIN), to determine whether the received PIN is authentic, to obtain the master key from the memory device upon determining that the PIN is authentic, to decrypt the encrypted data-key storage portion using the master key to obtain the at least one data key, and to decrypt the at least one encrypted data file using the data key to obtain a data file. | 11-08-2012 |
20120284535 | INFORMATION PROCESSING APPARATUS CAPABLE OF REDUCING LABOR FOR DATA MANAGEMENT OPERATION, AND DATA MANAGEMENT METHOD AND STORAGE MEDIUM THEREFOR - An information processing apparatus capable of reducing user's labor required for a data management operation by enabling the user to leave the data management operation to a serviceman without lowering the security of user data. User data and serviceman data both stored in a data storage unit are encrypted by an encryption unit with an encryption key generated based on information set in advance in the information processing apparatus and with an encryption key generated based on information input by a serviceman, respectively. These encrypted data are output from an export unit to an auxiliary storage unit. | 11-08-2012 |
20120284536 | Method and System for Mixed Symmetric and Asymmetric Decryption of .ZIP Files - The present invention provides a method of integrating existing strong encryption methods into the processing of a .ZIP file to provide a highly secure data container which provides flexibility in the use of symmetric and asymmetric encryption technology. The present invention adapts the well established .ZIP file format to support higher levels of security and multiple methods of data encryption and key management, thereby producing a highly secure and flexible digital container for electronically storing and transferring confidential data. | 11-08-2012 |
20120290851 | METHOD AND COMPUTER PROGRAM FOR SECURELY STORING DATA - A method of securely storing data comprising the steps of: dividing the data into a plurality of secure components; encrypting the secure components; moving each secure component to a different location which is substantially inaccessible to an unauthorized request; storing the secure components at the different locations for a period of time; repeating the moving and storing steps; moving all of the secure components to a single location in response to an authorized request; decrypting each of the secure components; and assembling the plurality of secure components to reconstruct the original data. | 11-15-2012 |
20120297204 | Security Architecture For Using Host Memory in the Design of A Secure Element - Embodiments of a security architecture for securely storing applications, such as Near Field Communication (NFC) applications, in host memory of a mobile device are provided. The mobile device includes a host application processor, a non-volatile memory, a NFC controller, and an embedded Secure Element (eSE). The eSE is configured to encrypt code and state data associated with a NFC application; store the code and the state data, after having been encrypted, in the non-volatile memory as a binary large object (blob); load the blob from the non-volatile memory in response to an action performed by the host application processor or the NFC controller; decrypt and authenticate the code and the state data; and execute the code to exchange data with a contactless communication device via the NFC controller. The non-volatile memory is external to the eSE. | 11-22-2012 |
20120297205 | Secure User/Host Authentication - A portable storage device has a storage peripheral interface connecting to a computer. An encrypted data storage is available to the computer connected to the interface. The encrypted data storage includes a first part accessible after an authentication. A controller has a first operation mode performing encryption and decryption of data of the first part after the authentication of a first combined credential. The encryption and the decryption rely on a cipher key derived from a second combined credential. The first combined credential and the second combined credential are derived from at least a computer signature of the computer connected to the interface and a user credential of a user of the computer connected to the portable storage device. | 11-22-2012 |
20120297206 | Securing Encrypted Virtual Hard Disks - Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key. | 11-22-2012 |
20120303974 | Secure Removable Media and Method for Managing the Same - The invention provides a secure removable media. In one embodiment, the secure removable media comprises a non-volatile memory and a controller. The non-volatile memory corresponds to a media identifier, and comprises a public area, a hidden area, and a reserved hidden area for data storage, wherein a security program is stored in the public area, and a first firmware for retrieving the media identifier and a second firmware for accessing the hidden area are stored in the reserved hidden area. The controller receives secure data from an external device. The security program uses the first firmware to retrieve the media identifier from the secure removable media, generates an encryption key according to the media identifier given by the first firmware, encrypt the secure data according to the encryption key to obtain an encrypted secure data, and uses the second firmware to write the encrypted secure data to the hidden area. When the secure data is to be retrieved from the secure removable media, the security program reads the encrypted secure data from the hidden area, retrieves the media identifier from the non-volatile memory, generates a decryption key according to the media identifier given by the first firmware, and decrypts the encrypted secure data according to the decryption key to obtain the secure data. | 11-29-2012 |
20120303975 | DATA CONVERSION METHOD ON STORAGE MEDIUM, APPARATUS AND PROGRAM - In a data conversion auxiliary module which is at a higher level than a file system in a disk management hierarchy, data stored in a storage medium, which becomes an object, is successively accessed. Then, a data conversion module captures a sector-unit access request to a device driver from the file system, converts data of a sector which is returned from the device driver, and writes the conversion data in the sector. Thereby, data conversion can be executed on a specific region of the storage medium, which is associated with the data in the storage medium. | 11-29-2012 |
20120317424 | Switching between unsecure system software and secure system software - Unsecure system software and secure system software on the same computer system is switched between. A computer system includes one or more processors, which may not have any built-in security features, memory, and firmware. The memory stores secure system software and unsecure system software. In response to receiving a user signal, the firmware switches from the unsecure system software running on the processors to the secure system software running on the processors (and back again). While the unsecure system software is running, the secure system software is protected from tampering by the unsecure system software. | 12-13-2012 |
20120324244 | KIOSK DISTRIBUTION OF LICENSED CONTENT TO PORTABLE DEVICE WITHIN DVD AVAILABILITY WINDOW - A system and method are disclosed for kiosk distribution of licensed content to one or more portable devices. The system stores and distributes licensed content in such a manner as to be compatible with the DVD window such that MFN contract provisions are not triggered during the window. Therefore consumers can use the system to purchase additional content or watch content that has been previously purchased without any blackout period as experienced using other content distribution methods such as Internet video streaming or other types of digital download services. | 12-20-2012 |
20130007470 | SECURE HOSTED EXECUTION ARCHITECTURE - In general, in one aspect, the invention relates to a method for executing applications. The method includes accessing a secure storage element via a host device including a computer processor; executing, by the computer processor, a hosted execution runtime environment (HERE) on the host device; identifying a persistent memory image of the HERE within the secure storage element; executing, by the computer processor, an application using the HERE; and applying, based on executing the application, a first set of changes to the persistent memory image. | 01-03-2013 |
20130007471 | SYSTEMS AND METHODS FOR SECURING CRYPTOGRAPHIC DATA USING TIMESTAMPS - Systems and methods for authenticating playback devices using timestamp validation in accordance with embodiments of the invention are disclosed. One embodiment includes securely storing at least one timestamp in memory within a playback device in response to the occurrence of at least one predetermined event, where a stored timestamp is based on the current time of a system clock when an event occurs, generating a cryptographic key using the at least one timestamp, securing cryptographic data using the cryptographic key, receiving a request to playback encrypted content, where the encrypted content is accessible using the cryptographic data, accessing the at least one timestamp, generating the cryptographic key, accessing the cryptographic data using at least the cryptographic key, and playing back the content using the playback device. | 01-03-2013 |
20130007472 | ELECTRONIC DEVICE - An electronic device causing a removable storage medium to store data, the electronic device includes a removable storage medium, a storage medium interface connecting to the storage medium, and a control unit generating an encryption key at a predetermined time, encrypting data to be stored in the storage medium using the encryption key, storing encrypted data in the storage medium, and storing the encryption key in the storage medium in association with the encrypted data if it is detected that a removal operation of the storage medium has been made by a user. | 01-03-2013 |
20130019109 | METHOD AND APPARATUS FOR USING NON-VOLATILE STORAGE DEVICEAANM KANG; Bo-GyeongAACI Suwon-siAACO KRAAGP KANG; Bo-Gyeong Suwon-si KRAANM Kwon; Moon-SangAACI SeoulAACO KRAAGP Kwon; Moon-Sang Seoul KRAANM Lee; Byung-RaeAACI SeoulAACO KRAAGP Lee; Byung-Rae Seoul KRAANM Lee; Jae-BumAACI Yongin-siAACO KRAAGP Lee; Jae-Bum Yongin-si KR - A method and apparatus for using a non-volatile storage device includes reading device identification information from the non-volatile storage device, application identification information corresponding to a content application related to a type of content to be protected or utilized among a plurality of content applications is acquired, usage identification information is generated using the device identification information and the application identification information, and protecting or utilizing content using the usage identification information. | 01-17-2013 |
20130019110 | APPARATUS AND METHOD FOR PREVENTING COPYING OF TERMINAL UNIQUE INFORMATION IN PORTABLE TERMINALAANM LEE; Ji-HyunAACI Yongin-siAACO KRAAGP LEE; Ji-Hyun Yongin-si KRAANM JUNG; Hyung-ChulAACI Suwon-siAACO KRAAGP JUNG; Hyung-Chul Suwon-si KRAANM RIM; Heung-SoonAACI Yongin-siAACO KRAAGP RIM; Heung-Soon Yongin-si KRAANM CHO; Sung-KyuAACI Suwon-siAACO KRAAGP CHO; Sung-Kyu Suwon-si KR - An apparatus and a method for preventing copying of terminal unique information in a portable terminal are provided. The method includes storing a root public key for certifying the terminal unique information and a first model class ID of the portable terminal in an One-Time Programmable (OTP) region, encrypting the terminal unique information and certification information of the terminal unique information for certifying the terminal unique information with a terminal unique value and storing the encrypted terminal unique information and the encrypted certification information thereof, obtaining the certification information based on the root public key if certification with respect to the terminal unique information is requested, and certifying the terminal unique information based on the certification information. | 01-17-2013 |
20130019111 | SECURE DATA RECORDERAANM Martin; ThomasAACI SharjahAACO AEAAGP Martin; Thomas Sharjah AE - A method and apparatus for securely encrypting data is disclosed. Conventional protections against the loss or theft of sensitive data such as full disk encryption are not effective if the device is, or has recently been, running when captured or found because the keys used for full disk encryption will still be in memory and can be used to decrypt the data stored on the disk. Some devices, such as devices which gather sensitive data in use, must run in environments in which they might be captured by a person seeking access to the sensitive data already recorded by the device. An encryption method is proposed in which files on a recorder's persistent memory are initialised with pseudo-random masking data whilst the recorder is in a relatively secure environment. One or more parameters which can be used to re-create the pseudo-random masking data are encrypted with a public key using a public-key encryption algorithm and stored on the recorder. The device's memory is then purged to remove the one or more parameters. Later, when miming in a relatively insecure environment, the sensitive data is encrypted ( | 01-17-2013 |
20130031376 | REMOVABLE STORAGE DEVICE DATA PROTECTION - Devices, methods and products are described that provide removable storage device data protection. One aspect provides a method comprising: ascertaining a protected removable storage device connected to an information handling device, said protected removable storage device having a first partition for storing data according to a first file system type, and a second partition for storing user data according to a second file system type; and responsive to said information handling device recognizing said second file system type, querying for user credentials to decrypt a data encryption key used to encrypt said user data of said second partition. Other embodiments are described. | 01-31-2013 |
20130036313 | Persistent Encryption with XML Encryption - A method for storing encrypted data in XML format is provided where parallel access by multiple users is possible | 02-07-2013 |
20130046996 | INFORMATION PROCESSING APPARATUS AND CONTROL METHOD THEREOF - An information processing apparatus capable of communicating with a document management service and a terminal device, the apparatus comprises: acceptance means for accepting, from the terminal device, an instruction about a document stored in the document management service; and instruction means for, when the document file has not been encrypted according to a public key cryptosystem, transmitting an instruction to the document management service to execute processing corresponding to the instruction accepted by the acceptance means, and when the document file has been encrypted according to the public key cryptosystem, transmitting an instruction to the document management service to directly transmit the encrypted document to the terminal device. | 02-21-2013 |
20130054979 | SECTOR MAP-BASED RAPID DATA ENCRYPTION POLICY COMPLIANCE - To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, a sector map is accessed. The sector map identifies one or more sectors of a storage volume and also identifies, for each of the one or more sectors of the storage volume, a signature of the content of the sector. In response to a request to read the content of a sector, the content of the sector is returned without decrypting the content if the sector is one of the one or more sectors and the signature of the content of the sector matches the signature of the sector identified in the sector map. Otherwise, the content of the sector is decrypted and the decrypted content is returned. | 02-28-2013 |
20130054980 | Secure Flash-based Memory System with Fast Wipe Feature - A Flash-based storage system, card, and/or module comprises a Flash controller configured to encrypt the data pages of a page stripe by shuffling the data pages, including loading each data page into a data shuffling buffer in a sequential order relative to other data pages in the page stripe, and thereafter unloading each data page in a non-sequential order relative to other data pages in the page stripe. The Flash controller is also configured to scramble the data pages of the page stripe by performing a bitwise logical operation on the data pages that are unloaded from the data shuffling buffer. A user key and one or more system keys are used to perform the shuffling and scrambling. The Flash controller is further configured to flush the user key by bypassing the system's backup power supply and performing an emergency system shutdown without backing up system data. | 02-28-2013 |
20130061062 | DATA COPYRIGHT MANAGEMENT - A data copyright management apparatus for handling data copyrights, and data of digital cash and video conference system is provided. The data copyright management apparatus comprises a CPU, ROM, EEPROM, and RAM. The ROM, EEPROM, and RAM are connected to the CPU bus, and a system bus of a device which utilizes the data can be connected to the CPU bus. A data copyright management system program, cryptographic algorithm, and user information are stored in the ROM, and a first public-key, a first private-key, a second public-key, a second private-key, a first secret-key, a second secret-key, and copyright information are stored in the EEPROM. The data copyright management apparatus may be configured in the form of a monolithic or hybrid IC, a thin IC card, PC card, insertion board, and further, may be incorporated in a computer, television set, set-top box, digital video tape recorder, digital video disk recorder, digital audio tape apparatus, or personal digital assistants, and the like. | 03-07-2013 |
20130061063 | Physical Digital Media Delivery - The inventions relate to the delivery, transfer of cement, and return of uniquely customized physical digital media. Digital content is specifically encrypted for use on a target player associated with a specific customer account. After use, the media is returned to a receiving location where use information is read from the media. Attention is given to cost of delivery, security of content, user experience in selecting, choosing, paying for, viewing or utilizing the content, and usage information created as a result of the content being utilized, rented, purchased, loaded or deleted. | 03-07-2013 |
20130067242 | MANAGING SELF-ENCRYPTING DRIVES IN DECENTRALIZED ENVIRONMENTS - A self-encrypting drive allows finely grained control, i.e., the ability to create, protect, lock and unlock, of different volumes on the same drive. The different volumes enable multiple different operating systems to be booted, depending on the volume that is selected for booting. | 03-14-2013 |
20130067243 | Secure Data Synchronization - Techniques for secure data synchronization are described. In one or more implementations, techniques may be employed to conserve high cost data storage by storing larger portions of encrypted data in low cost storage, while storing relatively smaller encryption keys in higher cost storage. A device that is granted access to the encryption keys can retrieve the encrypted data from the low cost storage and use the encryption keys to decrypt the encrypted data. | 03-14-2013 |
20130067244 | Use of Media Storage Structure with Multiple Pieces of Content in a Content-Distribution System - A method for distributing content. The method distributes a single media storage structure to a device (e.g., a computer, portable player, etc.). The media storage structure includes first and second pieces of encrypted content. Based on whether the device is allowed to access the first piece of content, the second piece of content, or both, the method provides the device with a set of keys for decrypting the pieces of the content that the device is able to access. The provided set of keys might include one or more keys for decrypting only one of the two encrypted pieces of content. Alternatively, it might include one or more keys for decrypting both encrypted pieces of content. For instance, the selected set of keys might include a first key for decrypting the first encrypted piece and a second key for decrypting the second encrypted piece. | 03-14-2013 |
20130067245 | SOFTWARE CRYPTOPROCESSOR - Security of information—both code and data—stored in a computer's system memory is provided by an agent loaded into and at run time resident in a CPU cache. Memory writes from the CPU are encrypted by the agent before writing and reads into the CPU are decrypted by the agent before they reach the CPU. The cache-resident agent also optionally validates the encrypted information stored in the system memory. Support for I/O devices and cache protection from unsafe DMA of the cache by devices is also provided. | 03-14-2013 |
20130067246 | Dynamic Trampoline and Structured Code Generation in a Signed Code Environment - A method and apparatus for performing a function based on an executable code in response to receiving a request including function parameters are described. The executable code may be validated when loaded in a memory according to a signature statically signed over the executable code. A data location in the memory for storing the function parameters may be determined according location settings included inside the executable code. A target code location for storing a copy of the executable code may be determined based on the location parameters and the determined data location. A function is performed by executing the executable code from the target code location referencing the stored function parameters. | 03-14-2013 |
20130073870 | SECURE RELOCATION OF ENCRYPTED FILES - Systems and methods are disclosed for secure relocation of encrypted files for a system having non-volatile memory (“NVM”). A system can include an encryption module that is configured to use a temporary encryption seed (e.g., a randomly generated key and a corresponding initialization vector) to decrypt and encrypt data files in an NVM. These data files may have originally been encrypted with different encryption seeds. Using such an approach, data files can be securely relocated even if the system does not have access to the original encryption seeds. In addition, the temporary encryption seed allows the system to bypass a default key scheme. | 03-21-2013 |
20130073871 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM - An information processing apparatus, including: a data processing section reproducing contents stored in a medium having a general purpose area in which encrypted contents and utilization controlling information corresponding to the contents are stored, and a protected area configured from a plurality of blocks to which access limitation is set and which include a block in which an encryption key for decrypting the contents and information of a plurality of validity periods indicative of content utilization permission periods applied to the application contents of the encryption key are stored, wherein the data processing section acquires the utilization controlling information of a reproduction object content, extracts selection information of validity period information to be applied to the content, and decides whether or not content reproduction is to be permitted by comparison between the validity period information selected from within the block and current date information in accordance with the selection information. | 03-21-2013 |
20130073872 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND PROGRAM - Disclosed herein is an information processing apparatus, including: a data processing section reproducing contents stored in a medium having a general purpose area storing encrypted contents and utilization controlling information corresponding to the contents, and a protected area including blocks to which access limitation is set and which include a title key storage block in which an encryption key for decrypting the contents and validity period information applied to the application contents of the encryption key are stored and a status storage block in which date information upon content first-time reproduction is stored; the data processing section acquires validity period information indicative of the content utilization permission period determined in response to date information upon the content first-time reproduction from the title key storage block and decides whether or not content reproduction is to be permitted based on comparison between the acquired validity period information and current date information. | 03-21-2013 |
20130073873 | SIGNATURE GENERATION APPARATUS, SIGNATURE METHOD, NON-TRANSITORY COMPUTER READABLE MEDIUM STORING SIGNATURE GENERATION PROGRAM - A signature generation apparatus ( | 03-21-2013 |
20130080792 | Safety Management Method For An Electronic Document - A method of encrypting/decrypting the document and a safety management storage device and system method of its safety management, using for the safety management of electronic documents, the said system comprising a PC or mainframe installed with common reading software and a storage device of safety management connected to the said PC/mainframe through hot-plug; when connected to the mainframe, the said storage device is enumerated as a USB CDROM device at least. The user owns the said storage device can encrypt the electronic documents by using the encryption keys to generate an encrypted document with the same file type, also can open the encrypted document by using common reading software, and then use the document according to the predetermined operation authority. | 03-28-2013 |
20130086394 | STORAGE SYSTEM, STORAGE CONTROL APPARATUS, AND STORAGE CONTROL METHOD - A storage system in which a storage control apparatus writes data in each of divided areas defined by division of one or more storage areas in one or more storage devices, after encryption of the data with an encryption key unique to each divided area. When the storage control apparatus receives, from a management apparatus, designation of one or more of the divided areas allocated as one or more physical storage areas for a virtual storage area to be invalidated and an instruction to invalidate data stored in the one or more of the divided areas, the storage control apparatus invalidates one or more encryption keys associated with the designated one or more of the divided areas. In addition, the storage control apparatus may further overwrite at least part of the designated one or more of the divided areas with initialization data for data erasion. | 04-04-2013 |
20130111220 | PROTECTING SENSITIVE DATA IN A TRANSMISSION | 05-02-2013 |
20130111221 | STORAGE SYSTEM AND ITS MANAGEMENT METHOD | 05-02-2013 |
20130117578 | METHOD FOR VERIFYING A MEMORY BLOCK OF A NONVOLATILE MEMORY - In a method for verifying a memory block of a nonvolatile memory, at a first point in time, a first authentication code for the memory block is determined while using a secret keyword and is stored in an authentication code memory table, and at a second point in time, for the verification, a second authentication code for the memory block is determined while using the secret keyword and is compared to the first authentication code and the memory block is verified if the first authentication code and the second authentication code agree. | 05-09-2013 |
20130117579 | APPARATUS AND METHOD OF PORTABLE TERMINAL FOR APPLICATION DATA PROTECTION - A method of operating a portable terminal for encrypting application data is provided. The method includes receiving data input to an application, encrypting the received data by using at least one of an application unique key and a combination of a device unique key of the portable terminal and an application IDentification (ID) that is globally unique, and storing the encrypted data. | 05-09-2013 |
20130124876 | DATA ENCRYPTION AND/OR DECRYPTION BY INTEGRATED CIRCUIT - In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment. | 05-16-2013 |
20130124877 | COMMUNICATION METHOD, COMMUNICATION EQUIPMENT, AND STORAGE EQUIPMENT - A communication equipment, method and storage device cooperate to assist in connecting a storage device between different devices. The equipment includes an interface configured to be electrically connected to information terminal equipment. It also includes a communication mechanism that performs communication with storage equipment that has a region assigned to the communication equipment. It further includes a controller that transmits device class information indicating that the communication equipment is of a mass storage class to information terminal equipment in response to the communication equipment being connected to the information terminal equipment via the interface. The controller transfers an accepted inquiry command relating to a memory region to the storage equipment, and the controller receives memory region information relating to the assigned region from the storage equipment by the communication mechanism and transfers the received memory region information to the information terminal equipment. | 05-16-2013 |
20130132738 | Externally Powered System Access - A method, programmed medium and system are provided for an enhanced interface connection for a primary electronic device such that system storage devices (e.g. hard drives, solid state drives, flash drives, etc.) within the primary device may be made available to other nearby devices in the event of a power supply failure or battery failure or to preserve-battery power in the primary system whereby the data on a storage device within a primary system becomes accessible by external devices, without necessitating the removal of the storage medium or full powering-up of the primary system. | 05-23-2013 |
20130132739 | STORAGE DEVICE - A storage device started when connected to a computer so as to be able to communicate. The storage device includes: an interface for controlling communication with the computer, a data storage unit for storing data received from the computer via the interface, a radio signal processing unit for receiving radio signals including ID information at a predetermined timing and for authenticating the received ID information, and a control unit for encrypting data using the authenticated ID information as a key, for sending the encrypted data to a data storage unit, and for disabling communication with the computer via the interface when radio signals including the authenticated ID information are not received by the radio signal processing unit within a predetermined period of time. | 05-23-2013 |
20130138974 | SYSTEM AND METHOD FOR ENCRYPTING AND STORING DATA - A computing device connects with a vision measuring machine (VMS). Then the computing device generates a one time password (OTP). A size of the OTP, the OTP are stored in a predefined file. The computing device obtains a size of measurement program codes of the VMS. The size of the OTP and the size of the measurement program codes are stored in the predefined file. The measurement program codes are encrypted by the OTP. If the measurement data includes image data of an object which is measured by the VMS, the computing device stores the encrypted program codes, a type of the image data, image data, and a size of the image data in the predefined file. | 05-30-2013 |
20130138975 | PROTECTION OF MEMORY AREAS - A method for loading a program, contained in at least a first memory, into a second memory accessible by an execution unit, in which the program is in a cyphered form in the first memory, a circuit for controlling the access to the second memory is configured from program initialization data, instructions of the program, and at least initialization data being decyphered to be transferred into the second memory after configuration of the circuit. | 05-30-2013 |
20130145177 | MEMORY LOCATION SPECIFIC DATA ENCRYPTION KEY - Contents of a memory are encrypted using an encryption key that is generated based on a random number and a memory location at which the contents are stored. Each of a plurality of locations of a memory can be associated with a respective unique pointer value, and an encryption key may be generated based on the unique pointer value and the random number. In some examples, the random number is unique to a power-up cycle of a system comprising the memory or is generated based on a time at which the data to be stored by the memory at the selected memory location is written to the memory. | 06-06-2013 |
20130145178 | PORTABLE SECURE DATA FILES - A portable secure data file includes an encrypted data portion and a metadata portion. When a request associated with a current user of a device to access a portable secure data file is received, one or more records in the metadata portion are accessed to determine whether the current user is permitted to access the file data in the encrypted data portion. If a record indicates the user is permitted to access the file data, a content encryption key in that record is used to decrypt the encrypted data portion. | 06-06-2013 |
20130145179 | Corralling Virtual Machines With Encryption Keys - A virtual machine comprises a unique identifier that is associated with one or more encryption keys. A management server encrypts the virtual machine's virtual hard disk(s) using the one or more associated encryption keys. The management server further provides the one or more encryption keys to a limited number of one or more servers in a system. Only those one or more servers that have been provided the one or more encryption keys can be used to load, access, and/or operate the virtual machine. The management server can thus differentiate which virtual machines can be operated on which servers by differentiating which servers can receive which encryption keys. In one implementation, a management server encrypts all virtual machines in the system, but encrypts virtual machines with sensitive data with a limited set of encryption keys, and further provides those encryption keys to a limited set of trusted servers. | 06-06-2013 |
20130151866 | METHOD AND SYSTEM FOR SECURE DATA STORAGE - A method and system for secure data storage and retrieval is provided. A sequence of data units is divided into multiple subsets of data units corresponding to multiple data channels. The multiple data channels are assigned to multiple data writers based on a key code. Then, each subset of data units is transferred to a writer via an assigned channel for writing to storage media. Thereafter, to securely retrieve the stored data, each subset of data units is read from the storage media using a data reader. The original sequence of data units can only be reassembled using the key code for properly reassembling the subsets of data units into their original sequence. | 06-13-2013 |
20130159732 | PASSWORD-LESS SECURITY AND PROTECTION OF ONLINE DIGITAL ASSETS - Digital assets stored on an asset server by an asset owner are protected without a password. Instead, the digital assets are functionally handicapped by removing at least a portion of digital data (or a key) associated with the digital asset and discarding the key after being sent to an enabling device. The portion of digital data (or a key) is then handicapped by the enabling device by a cryptographic key which is formed from a human gesture and subsequently discarded. When access to the digital asset is requested, an asset owner is notified by the enabling device for approval. A human gesture from the asset owner first provides a key to reconstitute the digital data portion which is transmitted to the asset server to reconstitute the digital asset upon which the access is granted and logged. | 06-20-2013 |
20130159733 | MEMORY DEVICE WHICH PROTECTS SECURE DATA, METHOD OF OPERATING THE MEMORY DEVICE, AND METHOD OF GENERATING AUTHENTICATION INFORMATION - In one embodiment, the memory device includes a first memory area and a second memory area. The first memory area stores secure data. The first memory area is inaccessible by an external device. The second memory area is configured to store encrypted secure data. The second memory area is accessible by the external device, and the encrypted secure data is an encrypted version of the secure data in the first memory area. | 06-20-2013 |
20130166922 | METHOD AND SYSTEM FOR FRAME BUFFER PROTECTION - When content, such as premium video or audio, is decoded, the content is stored in protected memory segments. Read access to the protected memory segments from a component not in a frame buffer protected (FBP) mode is blocked by a memory controller. The memory controller also blocks components in the FBP mode from writing to unprotected memory segments. The content may be processed by a processing engine operating in the FBP mode and may only be written back to protected memory segments. The memory segment may later be marked as unprotected if the memory segment is no longer needed. If the content is encrypted in protected memory, the encrypting key associated with the memory segment may be removed. If the content is stored in the clear, the protected memory segments are scrubbed before releasing the segments for use as unprotected memory segments. | 06-27-2013 |
20130166923 | AUTOMATIC VIRTUALIZATION MEDIUM, AUTOMATIC VIRTUALIZATION METHOD, AND INFORMATION PROCESSING APPARATUS - A computer-readable recording medium having stored therein a program for causing a computer to execute an automatic virtualization process includes creating a copy of information stored in a storage unit in a migration source, storing the created copy in a migration destination apparatus; and encrypting the storage unit in the migration source after storing the copy in the migration destination apparatus. | 06-27-2013 |
20130173930 | ADDING OR REPLACING DISKS WITH RE-KEY PROCESSING - In a network of multiple storage devices, a storage device may become faulty and need to be replaced or additional capacity may need to be added through additional storage devices. When the storage devices communicate through a secure communications link using an encryption key for cryptographically splitting data, replacement or new storage devices may be re-keyed using an encryption key from an existing or prior storage device on the secure data network. After the storage device is re-keyed, the new or replacement storage device may continue to function on the secure data network without requiring changes to clients accessing the secure data network. | 07-04-2013 |
20130173931 | Host Device and Method for Partitioning Attributes in a Storage Device - A host device and method for partitioning attributes in a storage device are provided. In one embodiment, a host device is provided that is in communication with a storage device storing a table associating logical address ranges with an encryption key and read/write permissions. The host device sends a request to the storage device to add a column to the table and then sends a request to the storage device to add an attribute to a cell of the added column to the table associated with a particular logical address range. The table and commands can be those compatible with the Trusted Computing Group's (TCG's) Opal standard. | 07-04-2013 |
20130191651 | MEMORY ADDRESS TRANSLATION-BASED DATA ENCRYPTION WITH INTEGRATED ENCRYPTION ENGINE - A method and circuit arrangement utilize an integrated encryption engine within a processing core of a multi-core processor to perform encryption operations, i.e., encryption and decryption of secure data, in connection with memory access requests that access such data. The integrated encryption engine is utilized in combination with a memory address translation data structure such as an Effective To Real Translation (ERAT) or Translation Lookaside Buffer (TLB) that is augmented with encryption-related page attributes to indicate whether pages of memory identified in the data structure are encrypted such that secure data associated with a memory access request in the processing core may be selectively streamed to the integrated encryption engine based upon the encryption-related page attribute for the memory page associated with the memory access request. | 07-25-2013 |
20130219193 | ENCRYPTED BIOMETRIC DATA MANAGEMENT AND RETRIEVAL - Aspects of the present invention provide a solution for managing and retrieving encrypted biometric data. A plurality of biometric entries is obtained and each one is encrypted with a unique non-invertible encryption function to get a plurality of encrypted biometric entries. A biometric measurement to be compared against the biometric entries is obtained, a predetermined noise is applied to the biometric measurement, and then the biometric measurement if encrypted using the non-invertible encryption function, resulting in a scrambled encrypted biometric. For each comparison, one of the encrypted biometric entries is subtracted from the scrambled encrypted biometric to get a calculated noise. This calculated noise is then compared with the predetermined noise to determine whether a match exists. Based on a determination that a match exists any information associated with the encrypted biometric entry is forwarded to the requestor. | 08-22-2013 |
20130227303 | LOG STRUCTURED VOLUME ENCRYPTION FOR VIRTUAL MACHINES - Methods, systems, and apparatus, including a method for providing data. The method comprises receiving a first request from a first virtual machine (VM) to store data, obtaining the data and an access control list (ACL) of authorized users, obtaining a data key that has a data key identifier, encrypting the data key and the ACL using a wrapping key to generate a wrapped blob, encrypting the data, storing the wrapped blob and the encrypted data, and providing the data key identifier to users on the ACL. The method further comprises receiving a second request from a second VM to obtain a data snapshot, obtaining an unwrapped blob, obtaining the data key and the ACL from the unwrapped blob, authenticating a user associated with the second request, authorizing the user against the ACL, decrypting the data using the data key, and providing a snapshot of the data to the second VM. | 08-29-2013 |
20130227304 | DISK ARRAY DEVICE AND DATA MANAGEMENT METHOD FOR DISK ARRAY DEVICE - A disk array device comprises a first storage unit that stores encrypted user data, a second storage unit that is different from the first storage unit and locks and stores configuration information including a first encrypted authentication key that unlocks the encrypted user data, a management unit that includes a decoder that decodes the first encrypted authentication key and a control unit that unlocks the locked configuration information using a second authentication key, the management unit managing data using the first and second authentication keys. the management unit includes a configuration information recovery portion that unlocks the locked configuration information by using the second authentication key and recovers the configuration information during booting and a user data unlocking portion that decodes the first encrypted authentication key included in the configuration information and unlocks the encrypted user data stored in the first storage unit by using the first decoded authentication key. | 08-29-2013 |
20130227305 | BORN ENCRYPTED OPTICAL DATA - A device for generating a born encrypted optical file includes a photovoltaic matrix for converting an optical image into a digital file. The digital file is a collection of digital data that has not been processed by any image processing logic and thus cannot be used to directly generate a reproduced image of the object. An encryption logic converts the digital file into an encrypted digital file that can be exported from the device to an authorized device to create a decrypted digital file. This decrypted digital file is capable of being used by a display logic to display an image of the object. | 08-29-2013 |
20130232344 | TECHNIQUE FOR SUPPORTING MULTIPLE SECURE ENCLAVES - A technique to enable secure application and data integrity within a computer system. In one embodiment, one or more secure enclaves are established in which an application and data may be stored and executed. | 09-05-2013 |
20130232345 | System and Method for Implementing a Trusted Dynamic Launch and Trusted Platform Module (TPM) Using Secure Enclaves - An apparatus and method are described for implementing a trusted dynamic launch and trusted platform module (TPM) using a secure enclave. For example, a computer-implemented method according to one embodiment of the invention comprises: initializing a secure enclave in response to a first command, the secure enclave comprising a trusted software execution environment which prevents software executing outside the enclave from having access to software and data inside the enclave; and executing a trusted platform module (TPM) from within the secure enclave, the trusted platform module securely reading data from a set of platform control registers (PCR) in a processor or chipset component into a memory region allocated to the secure enclave. | 09-05-2013 |
20130238906 | ENHANCING USEABILITY OF MOBILE DEVICES THAT SECURELY STORE DATA - Methods, computer-readable media, and systems for enhancing useability of mobile devices that securely store data. An input to transfer a computer software application executing on a mobile device from a foreground state of the mobile device to a background state of the mobile device is received. In response, noise data based on application data associated with the application is generated. Both the application data and the noise data are encrypted using the same encryption mechanism, but using different keys. When another input to transfer the application from the background state to the foreground state is received, then the encryption mechanism is executed on the application data and the noise data using a key requested in response to the other input. The application is transferred to the foreground state if the received key matches the key with which the application data was previously encrypted. Other items of data are discarded. | 09-12-2013 |
20130238907 | SYSTEMS AND METHODS FOR MANAGING CRYPTOGRAPHIC KEYS IN A SECURE MICROCONTROLLER - The present invention relates to key management in a secure microcontroller, and more particularly, to systems, devices and methods of automatically and transparently employing logic or physical address based keys that may also be transferred using dedicated buses. A cryptographic engine translates a logic address to at least one physical address, and processes a corresponding data word based on at least one target key. The target key is selected from a plurality of keys based on the logic or physical address. A universal memory controller stores each processed data word in the corresponding physical address within a memory. Each key is associated with a memory region within the memory, and therefore, the logic or physical address associated with a memory region may be used to automatically identify the corresponding target key. A dedicated secure link may be used to transport key request commands and the plurality of keys. | 09-12-2013 |
20130238908 | COMPUTER PROGRAM AND METHOD FOR BIOMETRICALLY SECURED, TRANSPARENT ENCRYPTION AND DECRYPTION - A computer program for enabling secured, transparent encryption and decryption provides a user interface that allows a user to drag and drop files into and out of a secure repository and automatically encrypts files transferred into the repository and automatically decrypts files transferred out of the repository. The user can transfer file folders into the repository, wherein the program encrypts all of the files within the folder and retains the original file/folder structure, such that individual files can be moved within the repository, moved out of the repository, and opened or executed directly from the repository. The program requires the user to submit biometric data and grants access to the secure repository only if the biometric data is authenticated. The program generates an encryption key based at least in part on biometric data received from the user. Additionally, the program destroys the key after termination of each encryption/decryption session. | 09-12-2013 |
20130246811 | STORAGE METHOD, SYSTEM AND APPARATUS - The present invention discloses a storage method, system and apparatus. The method comprises: encrypting data with a storage key to obtain encrypted data; encrypting the storage key with two different encryption methods to generate a personal key and a data key, respectively, wherein the personal key can be decrypted with a key from the user who owns the data to obtain the storage key, and the data key can be decrypted with the unencrypted data to obtain the storage key; saving the encrypted data, personal key and data key in a server. The technical scheme of the present invention can prevent saving duplicate files while ensuring that the unencrypted data cannot be accessed by any other users and storage service providers. | 09-19-2013 |
20130246812 | SECURE STORAGE OF SECRET DATA IN A DISPERSED STORAGE NETWORK - A method for secure storage of secret data begins with an originating device transforming the secret data to produce a plurality of secret data shares and encrypting the plurality of secret data shares using unique encryption values of trusted agent modules of a dispersed storage network (DSN) to produce a plurality of encrypted secret data shares for storage in storage nodes of the DSN. Retrieval of the secret data begins with the originating device sending a secret data retrieval request to the trusted agent modules and recovering, by the trusted agent modules, the plurality of encrypted secret data shares from the storage nodes. The method continues with the trusted agent modules decrypting the plurality of encrypted secret data shares using a decryption function corresponding to the unique encryption values and sending the plurality of secret data shares to the originating device. | 09-19-2013 |
20130246813 | DATABASE ENCRYPTION SYSTEM, METHOD, AND PROGRAM - A user apparatus connected to database apparatus via network comprises: unit that manages key information in order to encrypt and decrypt; storage unit that stores security configuration information of data and/or metadata; application response unit that determines whether or not encryption is necessary for database operation command, and if encryption is necessary, selects encryption algorithm corresponding to data and/or metadata, performs encryption, and transmits result to database control unit to cause database control unit to execute database operation, if encryption is not necessary, transmits database operation command to database control unit to cause database control unit to execute database operation, and receives processing result transmitted by database control unit, and if decryption or conversion of data and/or metadata of processing result is necessary, performs necessary decryption or conversion, and returns response to database operation command; and security configuration unit that configures security information of data stored in database. | 09-19-2013 |
20130254558 | SYSTEMS AND METHODS FOR SECURE THIRD-PARTY DATA STORAGE - A computer-implemented method for secure third-party data storage may include 1) identifying, at a server-side computing device, a request from a client system to access an encrypted file stored under a user account, 2) identifying, in response to the request, an asymmetric key pair designated for the user account that includes an encryption key and a decryption key that has been encrypted with a client-side key, 3) receiving, from the client system, the client-side key, 4) decrypting the decryption key with the client-side key, and 5) using the decryption key to access an unencrypted version of the encrypted file. Various other methods, systems, and computer-readable media are also disclosed. | 09-26-2013 |
20130254559 | ACCESS-CONTROLLED DATA STORAGE MEDIUM - The invention relates to a data carrier having a semiconductor chip. In order to prevent an attacker from determining secret data of the chip from intercepted signal patterns of the chip, security-relevant operations are performed only with commands or command strings of the operating program whose use does not permit the processed data to be inferred from the signal patterns. | 09-26-2013 |
20130262879 | SECURE TYPE STORAGE DEVICE AND INFORMATION SECURITY SYSTEM - A secure type storage device applies to data link with a mainframe, wherein the memory module thereof includes hidden and open storage spaces, for storing encrypted data and a file allocation table, respectively; the file allocation table registering storage location and property of the encrypted data accepts external queries, but the encrypted data does not be accessed through direct link; the secure type storage device and management software of the mainframe jointly implement the authentication process, respond the requirement issued by the mainframe after the read/write authorization is produced, access the hidden storage space, and decrypt and output the encrypted data to the mainframe, or receive and encrypt external information to store in the hidden storage space; thus, through the secure type storage device, the storage details is free checked, but the information does not be accessed arbitrarily, to prevent information from being arbitrarily modified or copied and spread. | 10-03-2013 |
20130262880 | SECURE MEMORY ACCESS CONTROLLER - A memory access circuit and a corresponding method are provided. The memory access circuit includes a crypto block in communication with a memory that encrypts data of a data block on a block basis. The memory access circuit also includes a fault injection block configured to inject faults to the data in the data block. The memory access circuit further includes a data scrambler and an address scrambler. The data scrambler is configured to scramble data in the memory by shuffling data bits within the data block in a plurality of rounds and mash the shuffled data bits with random data. The address scrambler is configured to distribute the scrambled data across the memory. A memory system including the memory access circuit is also disclosed to implement the corresponding method. | 10-03-2013 |
20130262881 | Binary Data Store - A method for storing binary data, preferably in the form of Binary Large Objects (BLOBs), in more than one location. The method includes the steps of encrypting the data when it is stored using two encryption keys; storing one of the keys, in an access token, and passing the access token to a requesting application when the storage is complete. | 10-03-2013 |
20130262882 | SECURE ISLAND COMPUTING SYSTEM AND METHOD - A method for generating an n-bit result includes a secured containment device (SCD) receiving a request to generate the n-bit result. The request includes an n-bit generator input and a master secret identifier. The request is sent from an application executing on a host system using an input/output (I/O) interface. The SCD disables all I/O interfaces on the SCD between the host system and the SCD. After disabling all the I/O interfaces on the SCD between the host system and the SCD, the SCD provides the n-bit generator input and the master secret identifier to a secured hardware token over a second I/O interface, receives the n-bit result from the secured hardware token over the second I/O interface, enables at least the first I/O interface after the n-bit result is generated, and provides, after enabling the first I/O interface, the n-bit result to the application using the first I/O interface. | 10-03-2013 |
20130268778 | SEMICONDUCTOR MEMORY CARD ACCESS APPARATUS, A COMPUTER-READABLE RECORDING MEDIUM, AN INITIALIZATION METHOD, AND A SEMICONDUCTOR MEMORY CARD - A predetermined number of erasable blocks positioned at a start of a volume area in a semiconductor memory card are provided so as to include volume management information. A user area following the volume management information includes a plurality of clusters. A data length NOM of an area from a master boot record & partition table sector to a partition boot sector is determined so that the plurality of clusters in the user area are not arranged so as to straddle erasable block boundaries. Since cluster boundaries and erasable block boundaries in the user area are aligned, there is no need to perform wasteful processing in which two erasable blocks are erased to rewrite one cluster. | 10-10-2013 |
20130275771 | Removable, Active, Personal Storage Device, System and Method - A storage device is configured to communicate with a host device over a Bluetooth connection. The storage device includes a flash memory, a processor, and a Bluetooth controller. The memory stores at least one permission for determining access to the memory. The processor manages access to the memory, independently of the host device, based on a comparison of a request at the removable storage device to access the memory to at least one permission. The comparison is independent, requiring no management by an operating system of the host device, such that if the at least one permission includes a particular access type that matches the access requested in the request, the processor provides access to the memory. | 10-17-2013 |
20130275772 | ACCESSING PRIVATE DATA ABOUT THE STATE OF A DATA PROCESSING MACHINE FROM STORAGE THAT IS PUBLICLY ACCESSIBLE - According to an embodiment of the invention, a method for operating a data processing machine is described in which data about a state of the machine is written to a location in storage. The location is one that is accessible to software that may be written for the machine. The state data as written is encoded. This state data may be recovered from the storage according to a decoding process. Other embodiments are also described and claimed. | 10-17-2013 |
20130275773 | SYSTEMS AND METHODS FOR SECURING DATA USING MULTI-FACTOR OR KEYED DISPERSAL - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. A keyed information dispersal algorithm (keyed IDA) may also be used. The key for the keyed IDA may additionally be protected by an external workgroup key, resulting in a multi-factor secret sharing scheme. | 10-17-2013 |
20130275774 | TRUSTED STORAGE SYSTEMS AND METHODS - Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited. | 10-17-2013 |
20130275775 | STORAGE DEVICE, PROTECTION METHOD, AND ELECTRONIC DEVICE - According to one embodiment, a storage device encrypts/decrypts data with an encryption key to write/read the data to/from the storage area. In the storage device, an elapsed time counter starts counting triggered by turning on of the storage device. A receiver receives a command containing a password and time information from a host device. The time information indicates current date and time. A calculator calculates elapsed the from last command input to current command input based on the time information and a counter value. An adder adds the elapsed time to time information contained in a command received last time. A time information determination module determines the consistency of the time information. A disabling module disables the encryption key if the time information is not consistent. An authentication module authenticates the password if the time information is consistent and allows access to the storage area if the password is successfully authenticated. | 10-17-2013 |
20130275776 | ENCRYPTING DISTRIBUTED COMPUTING DATA - A method begins by a dispersed storage (DS) processing module encoding data to produce slices and redundancy slices and selecting primary and redundancy storage and execution units. The method continues with the DS processing module assigning partial tasks to the primary storage and execution units and generating a unique key set for each of the primary storage and execution units. The method continues with the DS processing module encrypting each of the slices with a corresponding one of the unique key sets to produce encrypted slices and sending the encrypted slices and an indication of the assigned partial tasks to the primary storage and execution units for storage and execution of the assigned partial tasks on the encrypted slices. The method continues with the DS processing module sending the redundancy slices to the set of redundancy storage and execution units for storage therein. | 10-17-2013 |
20130283065 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. | 10-24-2013 |
20130290738 | MEMORY CHIP - According to one embodiment, a memory chip, which is connected to a controller that controls reading and writing of data in response to a request from an external device, includes: a memory including a special area that is a predetermined data storage area; a key storage unit that stores therein a second key that corresponds to a first key used by the external device to convert the data; a converting unit that receives, from the controller, data to be written into the special area and generates converted data by converting the data to be written using the second key; and a writing unit that writes the converted data into the special area. | 10-31-2013 |
20130297948 | SYSTEM ON CHIP, METHOD OF OPERATING THE SAME, AND DEVICES INCLUDING THE SYSTEM ON CHIP - A method of operating a system on chip (SoC) includes converting plain data into cipher data by using an encryption key and transmitting the cipher data directly to a memory controller which controls an operation of a non-volatile memory. The encryption key may be output by a one-time programmable (OTP) memory. | 11-07-2013 |
20130305060 | DISTRIBUTED STORAGE NETWORK DATA REVISION CONTROL - Multiple revisions of an encoded data slice are generated, with each revision having the same slice name. Each of the data slices represents the same original data portion, but each is encoded so that no single data slice can be used to reconstruct the original data portion. Appropriate revision numbers are associated with each encoded data slice, and the encoded data slices and associated revision numbers are transmitted for storage in selected storage units of a distributed storage network. If write confirmations are received from at least a write threshold number of storage units, a commit command is transmitted so that the most recently written data slices will be available for access. After a commit command is issued, a current directory used to access the encoded data slices can be sliced, encoded, and stored in the same way as the data slices. | 11-14-2013 |
20130305061 | DATA STORAGE DEVICE AND DATA PROTECTION METHOD - A flash memory includes a plurality of blocks. A controller encrypts a first file to produce a first encrypted file and stores the first encrypted file to the flash memory, wherein the controller further comprises a key generation module, an encryption/decryption module and a key eliminating module. The key generation module produces a first key according to a first write command of a host device, wherein the first key is stored in a first block of the blocks. The encryption/decryption module encrypts the first file according to the first key to produce a first encrypted file, wherein the first encrypted file is stored in at least one second block of the blocks. The key eliminating module deletes the first key stored in the first block according to a first eliminating command in order to invalidate the first encrypted file stored in the second block. | 11-14-2013 |
20130305062 | DEVICE AND METHOD FOR PROTECTING A SECURITY MODULE FROM MANIPULATION ATTEMPTS IN A FIELD DEVICE - A device for protecting a security module from manipulation attempts in a field device. A control device is configured to control the field device, a security module is configured to provide cryptographic key data which is to be used by the control device, and an interface device is connected to the control device. The security module is configured to allow the control device access to the cryptographic key data in the security module and to prevent access to the cryptographic key data in the event of a manipulation attempt on the field device. | 11-14-2013 |
20130311789 | BLOCK-LEVEL DATA STORAGE SECURITY SYSTEM - A secure storage appliance is disclosed, along with methods of storing and reading data in a secure storage network. The secure storage appliance is configured to present to a client a virtual disk, the virtual disk mapped to the plurality of physical storage devices. The secure storage appliance is capable of executing program instructions configured to generate a plurality of secondary blocks of data by performing splitting and encrypting operations on a block of data received from the client for storage on the virtual disk and reconstitute the block of data from at least a portion of the plurality of secondary blocks of data stored in shares on corresponding physical storage devices in response to a request from the client. | 11-21-2013 |
20130311790 | Secure Three-Dimensional Mask-Programmed Read-Only Memory - A secure three-dimensional mask-programmed read-only memory (3Dm-ROM | 11-21-2013 |
20130318361 | ENCRYPTING AND STORING BIOMETRIC INFORMATION ON A STORAGE DEVICE - A method for encrypting biometric information by an electronic device is described. The method includes obtaining biometric data. The method also includes generating a biometric template based on the biometric data. The method also includes encrypting the biometric template. The method also includes sending the encrypted biometric template to a storage device. | 11-28-2013 |
20130318362 | LOGICAL-TO-PHYSICAL ADDRESS TRANSLATION FOR A REMOVABLE DATA STORAGE DEVICE - A method for making memory more reliable involves accessing data stored in a removable storage device by translating a logical memory address provided by a host digital device to a physical memory address in the device. A logical memory address is received from the host digital device. The logical memory address corresponds to a location of data stored on the removable storage device. A physical memory address corresponding to the local address is determined by accessing a lookup table corresponding to the logical zone. | 11-28-2013 |
20130318363 | SECURITY SYSTEM FOR CODE DUMP PROTECTION AND METHOD THEREOF - A security system for code dump protection includes a storage device, a processor, and a decryption unit. The storage device has a protected storage area storing at least an encrypted code segment. The processor is utilized for issuing at least one address pattern to the storage device for obtaining at least one information pattern corresponding to the address pattern. The decryption unit checks the address pattern and the information pattern to generate a check result, and determines whether to decrypt the encrypted code segment in the protected storage area to generate a decrypted code segment to the processor according to the check result. | 11-28-2013 |
20130339756 | MANUFACTURING METHOD OF A MEMORY DEVICE TO BE AUTHENTICATED - According to one embodiment, a manufacturing method of a device to be authenticated, wherein the device includes a first memory area which is prohibited from data-reading and data-writing after shipping from a memory vendor; a second memory area which is allowed to data-read from outside after shipping from the memory vendor; and a third memory area which is allowed to data-read and data-write from outside after sipping from the memory vendor. | 12-19-2013 |
20140006805 | Protecting Secret State from Memory Attacks | 01-02-2014 |
20140006806 | EFFECTIVE DATA PROTECTION FOR MOBILE DEVICES | 01-02-2014 |
20140019775 | ANTI-WIKILEAKS USB/CD DEVICE - A method for encrypting and storing data on a removable medium includes: obtaining a medium key uniquely associated with the removable medium; encrypting the data using the medium key to generate encrypted data; and writing the encrypted data onto the removable medium | 01-16-2014 |
20140019776 | METHODS OF PROVIDING FAST SEARCH, ANALYSIS, AND DATA RETRIEVAL OF ENCRYPTED DATA WITHOUT DECRYPTION - Methods and systems of providing remote coded data storage, data analysis, and search and retrieval, with assurance of data security are described. Data security is such that it protects the data from any provider, administrator of remote services, or anyone breaking into the servers housing the data at the remote site. The methods include a coding schema such that both the storage and the associated services, such as data analysis, search and retrieval, can be provided even more efficiently and more responsively than without the coding. Possible applications of the methods include data storage, powerful data search and analysis services which can all be provided “in the Cloud” over the Internet, completely securely, even when a customer's private data set needs to be uploaded to the remote site. The efficiency of analysis, and search means that the methods may be useful even when security of data is not an issue. | 01-16-2014 |
20140025962 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, INFORMATION PROCESSING SYSTEM, AND PROGRAM - There is provided an information processing apparatus including a communication unit configured to acquire encrypted information that is encrypted with a local code from another information processing apparatus, and a control unit configured to decrypt the encrypted information to generate content and store the content into a removable medium. | 01-23-2014 |
20140025963 | DISCARDING SENSITIVE DATA FROM PERSISTENT POINT-IN-TIME IMAGE - A network storage server implements a method to discard sensitive data from a Persistent Point-In-Time Image (PPI). The server first efficiently identifies a dataset containing the sensitive data from a plurality of datasets managed by the PPI. Each of the plurality of datasets is read-only and encrypted with a first encryption key. The server then decrypts each of the plurality of datasets, except the dataset containing the sensitive data, with the first encryption key. The decrypted datasets are re-encrypted with a second encryption key, and copied to a storage structure. Afterward, the first encryption key is shredded. | 01-23-2014 |
20140025964 | MOBILE TERMINAL ENCRYPTION METHOD, HARDWARE ENCRYPTION DEVICE AND MOBILE TERMINAL - The present invention belongs to the field of mobile communications technologies and specifically discloses a mobile terminal encryption method, a hardware encryption device, and a mobile terminal, aiming to prevent a hacker from easily acquiring or tampering key data in the mobile terminal and protect the interests of a terminal manufacturer. The method in embodiments includes: performing, according to stored authentication data., authentication between the hardware encryption device and a main control chip of the mobile terminal, where the hardware encryption device stores encryption data and the authentication data; if the authentication succeeds, permitting, by the hardware encryption device, the main control chip to load the encryption data; and if the authentication fails, prohibiting, by the hardware encryption device, the main control chip from loading the encryption data. The embodiments of the present invention may be applied to a mobile terminal encryption technology and a network locking technology. | 01-23-2014 |
20140032933 | PROVIDING ACCESS TO ENCRYPTED DATA - Embodiments of methods, systems, and storage medium associated with providing access to encrypted data for authorized users are disclosed herein. In one instance, the method may include obtaining a derived value for an authenticated user based on user personalization data of the authenticated user, and generating a user-specific encryption key based on the derived value. The derived value may have entropy in excess of a predetermined level. The user-specific encryption key may enable the authenticated user to access the encrypted data stored at the storage device. Other embodiments may be described and/or claimed. | 01-30-2014 |
20140032934 | STORAGE SYSTEM IN WHICH FICTITIOUS INFORMATION IS PREVENTED - According to one embodiment, a storage system includes a host device and a secure storage. The host device and the secure storage produce a bus key which is shared only by the host device and the secure storage by authentication processing, and which is used for encoding processing. The host device produces a message authentication code including a message which can be stored in the secure storage based on the bus key, and sends the produced message authentication code to the secure storage. The secure storage stores the message included in the message authentication code in accordance with instructions of the host device. The host device verifies whether the message stored in the secure storage is intended contents. | 01-30-2014 |
20140032935 | MEMORY SYSTEM AND ENCRYPTION METHOD IN MEMORY SYSTEM - An encryption method used in the memory system includes; generating a private key using physical unique identification (PUID) information of a nonvolatile memory device, encrypting data using the private key, and then programming the encrypted data in the nonvolatile memory device. | 01-30-2014 |
20140032936 | INFORMATION PROCESSING APPARATUS, CONTROL METHOD FOR INFORMATION PROCESSING APPARATUS, AND STORAGE MEDIUM - An information processing apparatus includes a volatile storage unit, nonvolatile storage unit, and control unit configured, in a case where a factor to shift the information processing apparatus to a state in which power supply to the volatile storage unit is stopped exists, to encrypt and store information, stored in a specific region in the volatile storage unit, in the nonvolatile storage unit, and to store, in the nonvolatile storage unit in unencrypted form, information stored in a region other than the specific region, and configured, in a case where a factor to shift the information processing apparatus to a state in which power is supplied to the volatile storage unit exists, to decrypt and store the encrypted information, stored in the nonvolatile storage unit, in the volatile storage unit, and to store, in the volatile storage unit, the unencrypted information stored in the nonvolatile storage unit. | 01-30-2014 |
20140032937 | SYSTEMS AND METHODS FOR INFORMATION SECURITY USING ONE-TIME PAD - Methods of encryption and decryption using a key generated from a common document are disclosed. In one embodiment, the method of encryption includes: (1) generating a single pointer to a position in a common document, wherein the pointer includes either a page number and a line number of the common document or a chapter number and a paragraph number of the common document, (2) receiving a message to be encrypted, (3) retrieving, from a computer memory, a key from the common document based on the pointer and having a length at least equaling a length of the message, (4) applying a cryptographic function to characters of the message based on characters of the key (5) causing the message to be stored in a memory device and (6) generating a new pointer to a different position in the common document. | 01-30-2014 |
20140040637 | Encrypting data on primary storage device and on cache storage device - A primary storage device stores a first encrypted version of data. The first encrypted version of the data is encrypted in accordance with a first encryption-decryption approach. A cache storage device for the primary storage device stores a second encrypted version of the data. The second encrypted version of the data is encrypted in accordance with a second encryption-decryption approach different than the first encryption-decryption approach. | 02-06-2014 |
20140040638 | Policy-Based Application Management - Improved techniques for managing enterprise applications on mobile devices are described herein. Each enterprise mobile application running on the mobile device has an associated policy through which it interacts with its environment. The policy selectively blocks or allows activities involving the enterprise application in accordance with rules established by the enterprise. Together, the enterprise applications running on the mobile device form a set of managed applications. Managed applications are typically allowed to exchange data with other managed applications, but are blocked from exchanging data with other applications, such as the user's own personal applications. Policies may be defined to manage data sharing, mobile resource management, application specific information, networking and data access solutions, device cloud and transfer, dual mode application software, enterprise app store access, and virtualized application and resources, among other things. | 02-06-2014 |
20140040639 | ENCRYPTED-TRANSPORT SOLID-STATE DISK CONTROLLER - An encrypted transport SSD controller has an interface for receiving commands, storage addresses, and exchanging data with a host for storage of the data in a compressed (and optionally encrypted) form in Non-Volatile Memory (NVM), such as flash memory. Encrypted data received from the host is decrypted and compressed using lossless compression for advantageously reducing flash memory write amplification. The compressed data is re-encrypted and stored in the flash memory. The stored data is retrieved, decrypted, decompressed, and re-encrypted before delivery to the host. When implemented within a secure physical boundary, such as a single integrated circuit, the SSD controller protects the encrypted data, from receipt through storage within the flash memory, including delivery to the host. In specific embodiments, the controller exchanges session encryption/decryption keys with the host and/or uses a security protocol such as TCG Opal to determine encryption/decryption keys. | 02-06-2014 |
20140047246 | FLASH MEMORY DEVICE INCLUDING KEY CONTROL LOGIC AND ENCRYPTION KEY STORING METHOD - A flash memory device is provided which includes a plurality of memory cells connected with a word line and including a key cell to store an encryption key; a data input/output circuit configured to receive the encryption key; and key control logic configured to control a program operation on the key cell and to use a column address of the key cell as the encryption key. | 02-13-2014 |
20140053001 | SECURITY CENTRAL PROCESSING UNIT MANAGEMENT OF A TRANSCODER PIPELINE - A method for managing a transcoder pipeline includes partitioning a memory with a numbered region; receiving an incoming media stream to be transcoded; and atomically loading, using a security central processing unit (SCPU), a decryption key, a counterpart encryption key and an associated region number of the memory into a slot of a key table, the key table providing selection of decryption and encryption keys during transcoding. The atomically loading the decryption and encryption keys and the associated numbered region ensures that the encryption key is selected to encrypt a transcoded version of the media stream when the media stream has been decrypted with the decryption key and the transcoded media stream is retrieved from the associated numbered region of the memory. | 02-20-2014 |
20140053002 | SYSTEM AND METHOD FOR ENCRYPTING SECONDARY COPIES OF DATA - A system and method for encrypting secondary copies of data is described. In some examples, the system encrypts a secondary copy of data after the secondary copy is created. In some examples, the system looks to information about a data storage system, and determines when and where to encrypt data based on the information. | 02-20-2014 |
20140068277 | Secure Deletion of Data Stored in a Memory - In accordance with some embodiments, a granularity of memory such as block, may be deleted in a way to make it very difficult for an interloper to ever gain access to that block. Moreover the deletion may be done in a sufficiently efficient way and in a way that does not overly burden the user. In some embodiments, the encryption of the granularity of memory (such as a block) may be handled entirely within the memory. Then the encryption process cannot be accessed from the outside and the user need not be burdened with the sequence of encryption sequence since it is done automatically within the storage device. | 03-06-2014 |
20140068278 | MANUFACTURING METHOD - According to one embodiment, a manufacturing method of a device to be authenticated, wherein the device includes a first memory area which is prohibited from data-reading and data-writing after shipping from a memory vendor; a second memory area which is allowed to data-read from outside after shipping from the memory vendor; and a third memory area which is allowed to data-read and data-write from outside after sipping from the memory vendor. | 03-06-2014 |
20140068279 | SYSTEMS, METHODS, AND MEDIUMS FOR SECURE INFORMATION ACCESS - Systems, methods, and tangible computer-readable storage mediums for secure access to information are presented. More particularly, embodiments relate to encrypting at least part of the information using an information-specific key or a key symmetric to the information-specific key; encrypting the information-specific key using a first public key; encrypting a first private key; and storing in memory the encrypted information, encrypted first private key, and the encrypted information-specific key. Some further embodiments include: decrypting the first private key; decrypting the information-specific key using the first private key; and decrypting at least part of the information using the information-specific key. | 03-06-2014 |
20140075206 | METHODS AND SYSTEMS FOR PROVIDING ACCESS CONTROL TO SECURED DATA - In a system for providing access control management to electronic data, techniques to secure the electronic data and keep the electronic data secured at all times are disclosed. According to one embodiment, a secured file or secured document includes two parts: an attachment, referred to as a header, and an encrypted document or data portion. The header includes security information that points to or includes the access rules and a file key. The access rules facilitate restrictive access to the secured document and essentially determine who/when/how/where the secured document can be accessed. The file key is used to encrypt/decrypt the encrypted data portion. Only those who have the proper access privileges are permitted to retrieve the file key to encrypt/decrypt the encrypted data portion. | 03-13-2014 |
20140075207 | APPARATUS, METHOD, AND COMPUTER PROGRAM PRODUCT FOR PROCESSING INFORMATION - An information processing apparatus performs mutual authentication with another information processing apparatus storing key management information and at least one of apparatus secret keys, the key management information containing encrypted secret keys each being a secret key encrypted with a different one of the apparatus secret keys respectively assigned to information processing apparatuses. The apparatus transmits, to the other apparatus, designation information specifying one of the encrypted secret keys decryptable with the apparatus secret key, out of the encrypted secret keys contained in the key management information usable by the apparatus, receives the encrypted secret key specified by the designation information out of the encrypted secret keys contained in the key management information stored in the other apparatus from the other apparatus, obtains the secret key by decrypting the encrypted secret key with the apparatus secret key, and performs authentication with the other apparatus based on the secret key. | 03-13-2014 |
20140075208 | DATA WHITENING FOR WRITING AND READING DATA TO AND FROM A NON-VOLATILE MEMORY - Systems, apparatuses, and methods are provided for whitening and managing data for storage in non-volatile memories, such as Flash memory. In some embodiments, an electronic device such as media player is provided, which may include a system-on-a-chip (SoC) and a non-volatile memory. The SoC may include SoC control circuitry and a memory interface that acts as an interface between the SoC control circuitry and the non-volatile memory. The SoC can also include an encryption module, such as a block cipher based on the Advanced Encryption Standard (AES). The memory interface can direct the encryption module to whiten all types of data prior to storage in the non-volatile memory, including sensitive data, non-sensitive data, and memory management data. This can, for example, prevent or reduce program-disturb problems or other read/write/erase reliability issues. | 03-13-2014 |
20140075209 | METHOD FOR CONTENT USE, DEVICE FOR CONTENT USE, MOBILE TERMINAL, AND RECORDING MEDIUM - The present invention relates to a content service technology, and more particularly to an apparatus and a method for content use, a device for content use, a mobile terminal and a recording medium capable of providing a streaming service while preventing the unauthorized use, illegal reproduction, and illegal falsification of content. | 03-13-2014 |
20140082372 | SECURE SPIN TORQUE TRANSFER MAGNETIC RANDOM ACCESS MEMORY (STTMRAM) - A magnetic memory device includes a main memory made of magnetic memory, the main memory and further includes a parameter area used to store parameters used to authenticate data. Further, the magnetic memory device has parameter memory that maintains a protected zone used to store protected zone parameters, and an authentication zone used to store authentication parameters, the protection zone parameters and the authentication parameters being associated with the data that requires authentication. Upon modification of any of the parameters stored in the parameter memory by a user, a corresponding location of the parameter area of the main memory is also modified. | 03-20-2014 |
20140082373 | METHOD AND SYSTEM FOR SECURELY UPDATING FIRMWARE IN A COMPUTING DEVICE - Embodiments of a method are disclosed. One embodiment is a method for securely updating firmware in a computing device, in which the computing device includes a host processor and a non-volatile memory. The method involves receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key. The method also involves receiving the second crypto-key from an external key source, decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image, storing the encrypted firmware image in the non-volatile memory of the computing device, reading the encrypted firmware image from the non-volatile memory of the computing device, decrypting the encrypted firmware image using the first crypto-key, and executing the firmware on the computing device. | 03-20-2014 |
20140082374 | MOBILE DEVICE USING SECURE SPIN TORQUE TRANSFER MAGNETIC RANDOM ACCESS MEMORY (STTMRAM) - A mobile device includes an application processor, an RF modem for connection to cellular networks, wireless device for connection to wireless networks, a display coupled to the application processor, audio devices coupled to the application processor, power management for providing power through a main battery; and charging the battery, a hybrid memory including a magnetic memory, the magnetic memory further including a parameter area configured to store parameters used to authenticate access to certain areas of the main memory, and a parameter memory that maintains a first area, used to store protected zone parameters, and a second area used to store authentication parameters, the protection zone parameters and the authentication parameters being associated with access to the certain areas in the main memory that requires authentication. Upon modification of any of the parameters stored in the parameter memory by a user, a corresponding location of the parameter area of the main memory is also modified. | 03-20-2014 |
20140082375 | DATA SECURITY FOR DIGITAL DATA STORAGE - A computing system includes data encryption in the data path between a data source and data storage devices. The data encryption may utilize a key which is derived at least in part from an identification code stored in a nonvolatile memory. The key may also be derived at least in part from user input to the computer. | 03-20-2014 |
20140082376 | System, Method and Apparatus for Securely Saving/Retrieving Data on a Data Storage - A system, method and apparatus securely save data by receiving a file from a user device, wherein the file contains an encrypted data and has a file name. The encrypted data is then split into two or more encrypted data chunks having a specified size. A chunk number is assigned to each of the two or more encrypted data chunks. Each of the two or more encrypted data chunks is saved in a chunk file having a chunk file name comprising a combination of the file name and the chunk number. Each chunk file name is then encrypted, and each chunk file having the encrypted chunk file name is sent to the data storage. The process is essentially reversed to retrieve the data. | 03-20-2014 |
20140089683 | MULTI-DRIVE COOPERATION TO GENERATE AN ENCRYPTION KEY - A system, method, and computer-readable storage medium for protecting a set of storage devices using a secret sharing scheme. The data of each storage device is encrypted with a key, and the key is encrypted based on a shared secret and a device-specific value. Each storage device stores a share and its encrypted key, and if a number of storage devices above a threshold are available, then the shared secret can be reconstructed from the shares and used to decrypt the encrypted keys. Otherwise, the secret cannot be reconstructed if less than the threshold number of storage devices are accessible, and then data on the storage devices will be unreadable. | 03-27-2014 |
20140089684 | METHOD AND APPARATUS FOR PROTECTING FILE - Embodiments of the present invention provide a method and a system for protecting a file, which belong to the field of information security. The method includes: replacing a secure file header of a file to be protected with its original file header to convert the file to be protected to a secure file; and preventing, by the secure file header of the secure file acquired by the conversion, another peripheral from performing an access operation on content of the secure file. By using this method, in a terminal device such as an Android mobile phone or a computer, without affecting normal use by a subscriber, the protection of files such as multimedia files can be realized and content of a protected secure file in a mobile phone is not allowed to be opened on another device to achieve a purpose of avoiding private information leakage and protecting personal privacy. | 03-27-2014 |
20140089685 | KEY INFORMATION GENERATION DEVICE AND KEY INFORMATION GENERATION METHOD - In initial generation (for example, shipping from the factory), a security device generates an identifier w specific to the security device, with the PUF technology, generates key information k (k=HF(k)) from the identifier w, generates encrypted confidential information x by encrypting (x=Enc(mk, k)) confidential information mk with the key information k, and stores the encrypted confidential information x and an authentication code h (h=HF′(k)) of the key information k, in a nonvolatile memory. In operation, the security device generates the identifier w with the PUF technology, generates the key information k from the identifier w, and decrypts the encrypted confidential information x with the key information k. At a timing where the identifier w is generated in the operation, the security device checks whether the current operating environment has largely changed from the initial generation (S | 03-27-2014 |
20140095895 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR SECURELY COLLECTING, SAFEGUARDING, AND DISSEMINATING ELECTRONICALLY STORED INFORMATION - Applicant has created methods, systems, and computer readable media for securely collecting, safeguarding, and disseminating electronically stored information to facilitate an account owner's management of her personal, private, business, and legal documents. The method for safeguarding can include a double authentication process that only grants exclusive access to an account owner's encrypted information through the use of a uniquely generated security key. The method for collecting information can include a real-time encryption process to permit an account holder to securely upload and store electronic media in category-based compartmentalized locations. Further, the method can include a process for generating category-based advertisements through an integrated marketing platform with geo-fencing capabilities to facilitate the account owner's selection of a variety of services related to the stored information. Finally, the method for disseminating information can include authenticating a request to disseminate the stored information to one or more trustees. | 04-03-2014 |
20140101461 | PARALLELIZED COUNTER TREE WALK FOR LOW OVERHEAD MEMORY REPLAY PROTECTION - A processor includes a memory encryption engine that provides replay and confidentiality protections to a memory region. The memory encryption engine performs low-overhead parallelized tree walks along a counter tree structure. The memory encryption engine upon receiving an incoming read request for the protected memory region, performs a dependency check operation to identify dependency between the incoming read request and an in-process request and to remove the dependency when the in-process request is a read request that is not currently suspended. | 04-10-2014 |
20140108822 | CONTROLLER TO BE INCORPORATED IN STORAGE MEDIUM DEVICE, STORAGE MEDIUM DEVICE, SYSTEM FOR MANUFACTURING STORAGE MEDIUM DEVICE, AND METHOD FOR MANUFACTURING STORAGE MEDIUM DEVICE - Provided is a controller capable of preventing card makers from conducting unauthorized acts. The controller includes: a controller key storage unit configured to hold a controller key that has been embedded by a controller manufacturing device in advance; a decryption unit configured to receive encrypted media key information that has been generated by a key issuance center that is authorized and to decrypt the received encrypted media key by using the controller key, the encrypted key information generated through encryption of key information with use of the controller key; and an encryption unit configured to encrypt the decrypted media key again by using an individual key that is unique to the controller. | 04-17-2014 |
20140108823 | SECURITY PROTECTION FOR MEMORY CONTENT OF PROCESSOR MAIN MEMORY - Subject matter disclosed herein relates to memory devices and security of same. | 04-17-2014 |
20140108824 | DEVICE - A device includes a first memory area being used to store a first key and unique secret identification information, the first memory area being restricted from being read and written from outside; a second memory area being used to store encrypted secret identification information generated by encrypting the secret identification information, the second memory area being allowed to be read-only from outside; a third memory area being readable and writable from outside; a first data generator configured to generate a second key by using the first key; a second data generator configured to generate a session key by using the second key; and a one-way function processor configured to generate an authentication information by processing the secret identification information with the session key in one-way function operation, wherein the encrypted secret identification information and the authentication information are output to outside. | 04-17-2014 |
20140108825 | System and Method for Hardware Based Security - An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session. | 04-17-2014 |
20140115346 | METHOD AND APPARATUS FOR IMPLEMENTING MEMORY SEGMENT ACCESS CONTROL IN A DISTRIBUTED MEMORY ENVIRONMENT - Various methods for implementing memory segment access control in a distributed memory environment are provided. One example method may comprise during a first write state for a memory segment receiving a cryptographic key stream in association with a request from a first device for use of shared storage capacity of a second device and causing the cryptographic key stream to be stored in the memory segment. Further, during the second write state for the memory segment, the example method may comprise receiving data content, transforming the date content using the cryptographic key stream to form encrypted data content, and causing the encrypted data content to be stored in the memory segment. Finally, during the first read state, the example method may comprise causing the encrypted data content to be provided to one or more requesting devices. Similar and related example methods, example apparatuses, and example computer program products are also provided. | 04-24-2014 |
20140115347 | INFORMATION PROCESSING APPARATUS, SOFTWARE UPDATE METHOD, AND IMAGE PROCESSING APPARATUS - An information processing apparatus, a software update method, and an image processing apparatus capable of encrypting and decrypting information using values uniquely calculated from booted primary modules or booted backup modules with less effort are disclosed. The information processing apparatus includes primary modules and the same kinds of backup modules, and includes a value storage unit storing values calculated from the modules, an encryption information storage unit storing information unique to the modules, an information decryption unit decrypting the information unique to the modules using the values in the value storage unit, and an encryption information update unit, when the module is updated, encrypting the information unique to the modules based on a value calculated from the each kind of the primary modules or the backup modules after the update. | 04-24-2014 |
20140122901 | Device and Method For Secure Memory Access - In a secure computing environment, a method, system and device are provided for loading stored encryption key data from a protected non-volatile memory of a portable device. A boot loader program is initiated after the portable device is powered on, encryption key data is loaded from the protected non-volatile memory of the portable device, and access to the protected non-volatile memory is disabled after a predetermined time after the portable device is powered on. In this way, the encryption key data is loaded from the protected non-volatile memory of a portable device before the boot operating system is loaded. | 05-01-2014 |
20140122902 | INFORMATION PROCESSING APPARATUS - According to one embodiment, a first processor of an information processing apparatus switches between a secure mode and a non-secure mode and reports its mode. When the first processor is in the secure mode, a second processor accesses to a protected area of a storage module. A boot program for the first processor and a program which activates the first processor in the non-secure mode are verified. Furthermore, a program which activates the first processor in the secure mode is encrypted, and its decryption key is stored in the protected area of the storage module. | 05-01-2014 |
20140122903 | SEMICONDUCTOR DEVICE AND ENCRYPTION KEY WRITING METHOD - A semiconductor device includes a CPU, an EEPROM, and a ROM. The ROM includes an encryption area and a non-encryption area and the encrypted firmware is stored in the encryption area. The semiconductor device includes a decrypter which holds the encryption key, decrypts the encrypted firmware, and supplies the decrypted firmware to the CPU. The EEPROM includes a system area to which an access from the CPU is forbidden in a user mode. The encryption key is divided into split keys of plural bit strings, and stored in the distributed address areas in the system area. An encryption key reading program which is not encrypted is stored in the non-encryption area of the ROM. Executing the encryption key reading program, the CPU reads and reconfigures plural split keys stored in the EEPROM in a distributed manner to restore the encryption key and supplies the restored encryption key to the decrypter. | 05-01-2014 |
20140129847 | Trusted Storage - In one embodiment, a method for authenticating access to encrypted content on a storage medium, wherein the encrypted content is encrypted according to a full disk encryption (FDE) key, the storage medium including an encrypted version of the FDE key and an encrypted version of a protected storage area (PSA) key, and wherein the encrypted version of the FDE key is encrypted according to the PSA key, the method comprising: providing an authenticated communication channel between a host and a storage engine associated with the storage medium; at the storage engine, receiving a pass code from the host over the authenticated communication channel; hashing the pass code to form a derived key, wherein the encrypted version of the PSA key is encrypted according to the derived key; verifying an authenticity of the pass code; if the pass code is authentic, decrypting the encrypted version of the PSA key to recover the PSA key; decrypting the encrypted FDE key using the recovered PSA key to recover the FDE key; and decrypting the encrypted content using the FDE key. | 05-08-2014 |
20140129848 | Method and Apparatus for Writing and Reading Hard Disk Data - Embodiments provide a method and an apparatus for writing and reading hard disk data. Plain-text data is encrypted by using an encryption key to obtain cipher-text data and a decryption key. The cipher-text data is written into an available area of a hard disk, and the decryption key is written into a reserved area of the hard disk. | 05-08-2014 |
20140129849 | SEMICONDUCTOR DEVICE INCLUDING ENCRYPTION SECTION, SEMICONDUCTOR DEVICE INCLUDING EXTERNAL INTERFACE, AND CONTENT REPRODUCTION METHOD - A secure LSI device | 05-08-2014 |
20140136855 | SECURE KEY ACCESS WITH ONE-TIME PROGRAMMABLE MEMORY AND APPLICATIONS THEREOF - A device includes a key store memory that stores one or more cryptographic keys. A rule set memory stores a set of rules for accessing the cryptographic keys. A key store arbitration module grants access to the cryptographic keys in accordance with the set of rules. The device can be used in conjunction with a key ladder. The device can include a one-time programmable memory and a load module that transfers the cryptographic keys from the one one-time programmable memory to the key store memory and the set of rules to the rule set memory. A validation module can validate the cryptographic keys and the set of rules stored in the key store and rule set memories, based on a signature defined by a signature rule. | 05-15-2014 |
20140136856 | SYSTEM AND METHOD FOR UPDATING FIRMWARE - A mechanism that allows firmware for a computing device to be updated in a secure manner by utilizing an update validation procedure included in a ROM image is discussed. | 05-15-2014 |
20140143554 | Methods, Systems and Apparatus for Managing Data Entries on a Database - A method for securely storing password information in a memory of a computer device. The stored password information is protected by a master password. The method includes receiving a text string corresponding to password information. The method also includes converting the text string to a media file. When the media file is passed to an output the password information is presented to a user. The method also includes storing the media file in the memory such that it is protected by the master password. | 05-22-2014 |
20140143555 | STORAGE AND RECOVERY OF CRYPTOGRAPHIC KEY IDENTIFIERS - Example embodiments provide various techniques for storing and recovering a cryptographic key identifier that may be used to recover encrypted data. The cryptographic key identifier may be stored with the encrypted data itself. In an example, the cryptographic key identifier may be stored in particular blocks on a logical disk that are specifically designated to store the cryptographic key identifier. To store the cryptographic key identifiers in the designated blocks, the data within the blocks is compressed to fit the cryptographic key identifiers within the blocks. This cryptographic key identifier can be recovered at a later time by locating the designated blocks and retrieving the cryptographic key identifier from the blocks. | 05-22-2014 |
20140143556 | Meta-Complete Data Storage - The invention described herein generally relates to systems and methods of securely storing data so that the data contains information about the data and/or the encryption of the data, systems and methods of providing secure access to real world data through data transformations, and systems and methods of managing security parameters for data. | 05-22-2014 |
20140157005 | METHOD AND APPARATUS FOR A SECURE AND DEDUPLICATED WRITE ONCE READ MANY VIRTUAL DISK - A method and apparatus is provided for the operation of a secure and deduplicated write once read many virtual disk which exceeds the write performance of traditional cryptographic methods. This is achieved through the utilization of a time-memory tradeoff via the empty space on a virtual disk at format time. Traditionally empty space is zeroed to indicate that data is not present. When implementing the apparatus, the empty space is filled with the output of a symmetric-key algorithm uniquely keyed for that specific disk. From an information theoretic point of view, the format operation stores cryptographically structured data, rather than purely redundant data, enabling the write operation that encodes data to be stored on the disk to operate without additional cryptographic computation. This reduced computation requirement for encoding enables the computation required deduplication to operate as if encoding was not being performed, resulting in a net throughput increase. | 06-05-2014 |
20140157006 | NONVOLATILE MEMORY MODULES AND AUTHORIZATION SYSTEMS AND OPERATING METHODS THEREOF - Memory modules and authorization systems include a nonvolatile memory, an authentication engine configured to receive an initialization request from a user system, configured to generate a certification value based on device identifiers of devices includes in the user system in response to the initialization request and configured to control access to the nonvolatile memory based on the certification value, and a certification value storage configured to store the certification value. | 06-05-2014 |
20140164790 | STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING - Methods and systems for administrative management of a secure data storage network are disclosed. One system includes a secure storage appliance configured to host a plurality of volumes, each volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices and having a plurality of volume management settings, wherein each volume is accessible by a group of one or more users, each user assigned an administrative access level, the volume management settings are editable by a first user from the group of one or more users associated with the volume and assigned an administrative access level sufficient to edit the volume management settings, and the volume management settings are inaccessible by a second user from outside the group of one or more users associated with the volume and assigned an administrative access level at least equal to that of the first user. | 06-12-2014 |
20140164791 | SECURE VIRTUAL MACHINE MEMORY - Apparatus, systems, and methods may operate to restore an operational state of an associated virtual machine (VM) using encrypted information stored in encrypted memory locations. A single hypervisor may be used to encrypt and decrypt the information. Access may be permitted to a designated number of the encrypted memory locations only to a single application executed by the associated VM subject to the hypervisor. Access may be denied to any other application executed by the associated VM, or any other VM. | 06-12-2014 |
20140164792 | Securing Encrypted Virtual Hard Disks - Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key. | 06-12-2014 |
20140164793 | CRYPTOGRAPHIC INFORMATION ASSOCIATION TO MEMORY REGIONS - Embodiments herein relate to cryptographic operations, such as encrypting and/or decrypting information to read from or written to first and second memory regions. The first cryptographic information is related to the first memory region and the second cryptographic information is related to the second memory region. | 06-12-2014 |
20140173294 | TECHNIQUES FOR EMULATING AN EEPROM DEVICE - Disclosed are various embodiments of an emulation device for generating a cryptographic hash value associated with program data stored in a memory of a computing device. Validation data is generated based upon the cryptographic hash value and a flush counter of the computing device. The program data is encrypted in the computing device using an implementation of an encryption algorithm configured with at least a key stored in the memory. The program data is stored in a flash memory that is external to a processor of the computing device. | 06-19-2014 |
20140173295 | METHOD AND APPARATUS FOR SECURING TRANSFER OF SECURE CONTENT TO A DESTINATION - A computer implemented method and apparatus for securing transfer of secure content to a destination. The method comprises receiving a request to copy selected content from a secure source document; extracting one or more security settings associated with at least one of the selected content or the source document; encrypting the selected content with the one or more extracted security settings; and storing the encrypted content and the one or more extracted security settings. | 06-19-2014 |
20140189370 | MEMORY DEVICES, AND SYSTEMS AND METHODS FOR VERIFYING SECURE DATA STORAGE - A memory device includes an input/output (I/O) interface, a secure logic for receiving a storage verifying command including an expected value of secure data via the I/O interface, an I/O logic for receiving an input request for inputting user data into the memory device and/or an output request for outputting user data therefrom and perform one of the input request and/or the output request, and a memory unit including a secure area, accessible by the secure logic, for storing the secure data and a normal area, accessible by the I/O logic, for storing the user data. The secure logic reads the secure data from the secure area in response to the input of the storage verifying command and outputs a storage verifying result to the external device, without outputting the secure data to the external device, according to whether the secure data expected value is identical with the secure data. | 07-03-2014 |
20140189371 | METHOD AND APPARATUS FOR A TRUST PROCESSOR - In an embodiment, an apparatus includes a cryptographic processor within a wireless device. The cryptographic processor includes at least one cryptographic unit. The cryptographic processor also includes a nonvolatile memory to store one or more microcode instructions, wherein at least one of the one or more microcode instructions is related to a sensitive operation. The cryptographic processor also includes a controller to control execution of the one or more microcode instructions by the at least one cryptographic unit, wherein the controller is to preclude execution of the sensitive operation if the apparatus is within an untrusted state. | 07-03-2014 |
20140189372 | COMPUTER IMPLEMENTED METHOD FOR ANALYZING DATA OF A USER WITH THE DATA BEING STORED PSEUDONYMOUSLY IN A DATABASE - The invention relates to a computer implemented method for analyzing data of a first user, wherein an asymmetric cryptographic key pair is associated with the first user, said asymmetric cryptographic key pair comprising a public key and a private key, the data being stored pseudonymously in a database with the data being assigned to an identifier, wherein the identifier comprises the public key, the method comprising:
| 07-03-2014 |
20140189373 | METHOD FOR HARD PARTITIONING THE RESOURCES OF A SECURE COMPUTER SYSTEM - This invention relates to a method for hard partitioning the resources of a secure computer system. The system hardware comprises a hardware mechanism designed to: generate an encryption key with each new program detected by the system, the key being specific to each program, store the said key associated with a program identifier in the system resources, encrypt and store all the data created by the program in the system resources with the key that is specific to it, decrypt the data of the program with the key specific to it in response to a manipulation, call, read and/or write request from a requesting program. | 07-03-2014 |
20140195825 | METHOD AND SYSTEM FOR RUNNING ENCRYPTED FILES - A computer-implemented method for running an encrypted file and system are provided, where the method includes the following steps: receiving a file running instruction; invoking an encrypted target file according to the file running instruction, and performing memory-based decryption on the encrypted target file according to key information corresponding to the encrypted target file; and running the encrypted target file on which the memory-based decryption is performed. | 07-10-2014 |
20140201539 | AUTHORIZING REMOVABLE MEDIUM ACCESS - For authorizing removable medium access, a reassembly module retrieves a medium portion of an encryption key from a removable medium. The encryption key encrypts encrypted data stored on the removable medium and includes a plurality of portions. The reassembly module further retrieves the user portion of the encryption key assigned to a user requesting the removable medium. The reassembly module reassembles the encryption key using at least the medium portion and the user portion of the plurality of portions. The decryption module decrypts the encrypted data with the reassembled encryption key. | 07-17-2014 |
20140201540 | SECURE KEY STORAGE USING PHYSICALLY UNCLONABLE FUNCTIONS - Some implementations disclosed herein provide techniques and arrangements for provisioning keys to integrated circuits/processors. A processor may include physically unclonable functions component, which may generate a unique hardware key based at least on at least one physical characteristic of the processor. The hardware key may be employed in encrypting a key such as a secret key. The encrypted key may be stored in a memory of the processor. The encrypted key may be validated. The integrity of the key may be protected by communicatively isolating at least one component of the processor. | 07-17-2014 |
20140201541 | SECURE ONLINE DISTRIBUTED DATA STORAGE SERVICES - The data vaporizer provides secure online distributed data storage services that securely store and retrieve data in a public distributed storage substrate such as public cloud. The data vaporizer vaporizes (e.g., fragmented into tiny chunks of configurable sizes) data and distributes the fragments to multiple storage nodes so that the data is not vulnerable to local disk failures, secures data so that even if some of the storage nodes are compromised, the data is undecipherable to the attacker, stores data across multiple cloud storage providers and/or parties using keys (e.g., tokens) provided by multiple parties (including the owners of the data) and maintains data confidentiality and integrity even where one or more data storage provider is compromised. The data vaporizer is configurable for different domain requirements including data privacy and anonymization requirements, encryption mechanisms, regulatory compliance of storage locations, and backup and recovery constraints. | 07-17-2014 |
20140208125 | ENCRYPTION AND DECRYPTION DEVICE FOR PORTABLE STORAGE DEVICE AND ENCRYPTION AND DECRYPTION METHOD THEREOF - An encryption and decryption device for a portable storage device and an encryption and decryption method thereof are provided. The encryption and decryption device includes a storage element, a control element and an encryption and decryption circuit. The control element receives a password, saves the password to the storage element and provides an encryption and decryption command. The encryption and decryption circuit is electrically connected to a portable storage device, receives the encryption and decryption command, reads the password stored in the storage element according to the encryption and decryption command, and encrypts or decrypts data stored in the portable storage device by utilizing the password according to whether the data have been encrypted. After the data are encrypted or decrypted, the encryption and decryption circuit clears the password in the storage element. | 07-24-2014 |
20140215226 | METHOD AND SYSTEM FOR PREVENTING TAMPERING WITH SOFTWARE AGENT IN A VIRTUAL MACHINE - Techniques are disclosed for monitoring a software agent running in a virtual machine to prevent execution of the software agent from being tampered with. In one embodiment, the software agent bootstraps such monitoring by ensuring that its code is present in memory and providing the code, memory addresses associated with the code, and a cryptographic signature of the code, to a monitoring process upon request. In response to receiving the code, the monitoring process checks the code using the cryptographic signatures and further ensures that the code is present in memory at the provided address. The monitoring process may then placing write traces on all memory pages of the agent and execution trace(s) on certain pages of the agent. By tracking writes to and execution of the respective pages, the monitoring process may determine whether the agent has been modified and whether the agent is still running | 07-31-2014 |
20140215227 | SYSTEM AND METHOD FOR PROVIDING ENHANCEMENTS OF BLOCK-LEVEL STORAGE - A block storage service provides block-level storage to a plurality of distinct computing instances for a plurality of distinct users. For each of one or more of the plurality of distinct computing instances, information about data being stored in the block storage service is determined. Based on the information about the data being stored in the block storage service, a block storage transaction enhancement for the data being stored in the block storage service is determined. The block storage service performs the selected block storage transaction enhancement with respect to the data being stored in the block storage service. | 07-31-2014 |
20140223196 | Methods and Systems for Storing and Retrieving Data - Through use of the technologies of the present invention, one is able to store and to retrieve data efficiently. One may realize these efficiencies by coding the data and storing coded data that is of a smaller size than original data. | 08-07-2014 |
20140223197 | METHOD AND APPARATUS FOR MEMORY ENCRYPTION WITH INTEGRITY CHECK AND PROTECTION AGAINST REPLAY ATTACKS - A method and apparatus to provide cryptographic integrity checks and replay protection to protect against hardware attacks on system memory is provided. A mode of operation for block ciphers enhances the standard XTS-AES mode of operation to perform memory encryption by extending a tweak to include a “time stamp” indicator. A tree-based replay protection scheme uses standard XTS-AES to encrypt contents of a cache line in the system memory. A Message-Authentication Code (MAC) for the cache line is encrypted using enhanced XTS-AES and a “time stamp” indicator associated with the cache line. The “time stamp indicator” is stored in a processor. | 08-07-2014 |
20140223198 | SECURE REPLAY PROTECTED STORAGE - Embodiments of the invention create an underlying infrastructure in a flash memory device (e.g., a serial peripheral interface (SPI) flash memory device) such that it may be protected against user attacks—e.g., replacing the SPI flash memory device or a man-in-the-middle (MITM) attack to modify the SPI flash memory contents on the fly. In the prior art, monotonic counters cannot be stored in SPI flash memory devices because said devices do not provide replay protection for the counters. A user may also remove the flash memory device and reprogram it. Host platforms alone cannot protect against such hardware attacks. | 08-07-2014 |
20140237263 | NONVOLATILE SEMICONDUCTOR MEMORY DEVICE AND MEMORY SYSTEM USING THE SAME - According to one embodiment, a nonvolatile semiconductor memory device includes a memory cell array and an encryption arithmetic module. The memory cell array includes a first storage area and a second storage area. The first storage area is inhibited from being written into and read from and stores secret key data. The second storage area is inhibited from being written into and permitted to be read from and stores encrypted key data and an expected value. The encryption arithmetic module carries out an authentication operation based on the secret key data and message data. The expected value is the result of carrying out the authentication operation. | 08-21-2014 |
20140237264 | AUTHENTICATION METHOD - According to one embodiment, an authentication method comprising: generating a second key by the first key, the first key being stored in a memory and being prohibited from being read from outside; generating a session key by the second key; generating first authentication information, the secret identification information stored in a memory and being prohibited from being read from outside; transmitting encrypted secret identification information to an external device and receiving second authentication information from the external device, the encrypted secret identification information stored in a memory and readable, the second authentication information generated based on the encrypted secret identification information; and determining whether the first authentication information and the second authentication information match. | 08-21-2014 |
20140237265 | LOGICAL-TO-PHYSICAL ADDRESS TRANSLATION FOR A REMOVABLE DATA STORAGE DEVICE - A method for making memory more reliable involves accessing data stored in a removable storage device by translating a logical memory address provided by a host digital device to a physical memory address in the device. A logical memory address is received from the host digital device. The logical memory address corresponds to a location of data stored on the removable storage device. A physical memory address corresponding to the local address is determined by accessing a lookup table corresponding to the logical zone. | 08-21-2014 |
20140237266 | Secure Memory System with Fast Wipe Feature - A Flash-based storage system, card, and/or module comprises a Flash controller configured to encrypt the data pages of a page stripe by shuffling the data pages, including loading each data page into a data shuffling buffer in a sequential order relative to other data pages in the page stripe, and thereafter unloading each data page in a non-sequential order relative to other data pages in the page stripe. The Flash controller is also configured to scramble the data pages of the page stripe by performing a bitwise logical operation on the data pages that are unloaded from the data shuffling buffer. A user key and one or more system keys are used to perform the shuffling and scrambling. The Flash controller is further configured to flush the user key by bypassing the system's backup power supply and performing an emergency system shutdown without backing up system data. | 08-21-2014 |
20140245027 | DEVICE AND METHOD FOR PROVIDING SAFETY OF DATA BY USING MULTIPLE MODES IN DEVICE - A device and method for providing the security of data by using multiple modes in the device are provided. The device includes a storage unit that includes a normal mode data area and a security mode data area which is isolated from the normal mode data area and access to which is allowed only in a security mode; and a controller that processes data in the normal mode data area during a normal mode, and processes data in the security mode data area during the security mode. | 08-28-2014 |
20140250308 | CONTENT DATA REPRODUCTION SYSTEM AND RECORDING DEVICE - To exclude any unauthorized device from a system and thereby prevent illegal use of content data, a memory card | 09-04-2014 |
20140258735 | PORTABLE RECORDING MEDIUM, SYSTEM INCLUDING THE PORTABLE RECORDING MEDIUM, AND DATA RECOVERY METHOD OF THE PORTABLE RECORDING MEDIUM - A technique of the present invention includes a storage section for storing contents data and an encryption flag indicating that any one of an encryption recording mode and a non-encryption recording mode is set, an encrypting engine for encrypting contents data using an encryption key when the encryption recording mode is set, and a control section for controlling a storage section so that the encryption key and the encrypted contents data are stored when the encryption recording mode is set. Further, when the setting is changed from the encryption recording mode into the non-encryption recording mode, the control section controls the storage section so that the encryption flag is changed to indicate the setting of the non-encryption recording mode with the continuous storage of the encryption key. | 09-11-2014 |
20140258736 | Systems and Methods for Maintaining Integrity and Secrecy in Untrusted Computing Platforms - A method for operating a computing system with a trusted processor include generating a secret cryptographic key based on a physically unclonable function in at least one hardware component in the trusted processor, generating a first public key and first private key using first secret cryptographic key, and executing instruction code corresponding to a first software program. The method further includes generating output data with the trusted processor during execution of the first software program, generating encrypted data corresponding to the output data using the first public key for at least a portion of the encryption, generating a signature of the encrypted data, and transmitting with an input/output (I/O) interface operatively connected to the trusted processor the encrypted data and the signature for storage in an untrusted memory. | 09-11-2014 |
20140281582 | PROTECTING VISIBLE DATA DURING COMPUTERIZED PROCESS USAGE - Embodiments of the present invention provide an approach for protecting visible data during computerized process usage. Specifically, in a typical embodiment, when a computerized process is identified, a physical page key (PPK) is generated (e.g., a unique PPK may be generated for each page of data) and stored in at least one table. Based on the PPK a virtual page key (VPK) is generated and stored in at least one register. When the process is later implemented, and a request to access a set of data associated the process is received, it will be determined whether the VPK is valid (based on the PPK). Based on the results of this determination, a data access determination is made. | 09-18-2014 |
20140281583 | STORING ENCRYPTED CONTENTS IN DIGITAL ARCHIVES - A digital archive for storing encrypted content includes a header section and a body. The header section includes real headers, wherein at least a portion of each real headers is encrypted, and fake headers, wherein each of the fake headers is filled with cryptographically random bytes, wherein the fake headers are substantially more than the real headers. The body includes real contents, wherein at least a portion of each real content is encrypted, and fake contents in the rest of the body, wherein the fake content contains additional cryptographically random bytes, wherein the amount of the fake content is substantially greater than the amount of the real contents, wherein each of the real headers refers to a corresponding real content in the body and contains decryption information for the corresponding real content. | 09-18-2014 |
20140281584 | Apparatus And Method To Protect Digital Content - In an embodiment of the present invention, a processor includes content storage logic to parse digital content into portions and to cause each portion to be stored into a corresponding page of a memory. The processor also includes protection logic to receive a write instruction having a destination address within the memory, and if the destination address is associated with a memory location stores a portion of the digital content, erase the page associated with the memory location. If the destination address is associated with another memory location that does not store any of the digital content, the protection logic is to permit execution of the write instruction. Other embodiments are described and claimed. | 09-18-2014 |
20140281585 | COMPRESSION OF STATE INFORMATION FOR DATA TRANSFER OVER CLOUD-BASED NETWORKS - Aspects of the present disclosure describe systems and methods for compressing a set of RAM data that may have some portions duplicated in a set of ROM data. The ROM data may be divided into a plurality of data chunks and hashed to obtained unique key values. Then a second hash may be performed on the RAM to see if there are any RAM data chunks that match the ROM data chunks. RAM data chunks with matching key values are replaced with pointers to the location of the data in the ROM. It is emphasized that this abstract is provided to comply with the rules requiring an abstract that will allow a searcher or other reader to quickly ascertain the subject matter of the technical disclosure. It is submitted with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. | 09-18-2014 |
20140281586 | Systems and methods for secure access modules - Various embodiments of the invention provide a strong logical link between a SAM and a secure terminal to combat SAM counterfeiting and misuse. The link is based on mutual validation methods using firmware and cryptographic protocols. Once the SAM is removed from a terminal that it has been tied to, or the link is broken by a tampering attempt of a potential intruder, the SAM and/or the terminal are disabled. | 09-18-2014 |
20140281587 | SYSTEMS, METHODS AND APPARATUSES FOR USING A SECURE NON-VOLATILE STORAGE WITH A COMPUTER PROCESSOR - The systems, methods and apparatuses described herein provide a system for accessing data stored securely external of a computer processor. In one aspect, the computer processor may comprise a central processing unit (CPU) and a memory controller. The memory controller may comprise a storage to store a key, a first set of circuitry and a security module. The first set of circuitry may be configured to receive a request for a piece of data from the CPU, determine that the requested piece of data needs to be read from an external storage stored in a secured format and read the piece of data from the external storage in the secured format. The security module may be configured to perform at least one of authentication and decryption on the piece of data in the secured format using the key stored in the storage. | 09-18-2014 |
20140281588 | GENERATING EFFICIENT READS FOR A SYSTEM HAVING NON-VOLATILE MEMORY - Systems and methods are disclosed for generating efficient reads for a system having non-volatile memory (“NVM”). A read command can be separated by a host processor of the system into two phases: a) transmitting a command to a storage processor of the system, where the command is associated with one or more logical addresses, and b) generating data transfer information. The host processor can generate the data transfer information while the storage processor is processing the command from the host processor. Once the data transfer information has been generated and data has been read from the NVM, the data can be transferred. | 09-18-2014 |
20140281589 | SECURE DATABASE SEARCHING - Method and system for securely storing data in a database comprising: receiving data to be stored. Dividing the data into a plurality of elements. Encrypting each element of the plurality of elements with an encryption function. Combining the encrypted elements to form a data attribute. Storing the data attribute in the database. Method and system for searching a database having encrypted data attributes comprising: receiving a search term. Encrypting the search term with an encryption function. Searching a database for records having data attributes matching the encrypted search term. | 09-18-2014 |
20140289537 | ENCRYPTION SYSTEM AND METHOD OF ENCRYPTING A DEVICE - An encryption system ( | 09-25-2014 |
20140289538 | SEMICONDUCTOR DEVICE - A semiconductor device in related art has a problem that security on confidential information stored is insufficient. A semiconductor device of the present invention has a unique code which is unique to a device and generates unique code corresponding information from the unique code. The semiconductor device has a memory region in which specific information obtained by encrypting confidential information is stored in a region associated with the unique code corresponding information. The specific information read from the memory region is encrypted with the unique code corresponding information to generate the confidential information. | 09-25-2014 |
20140289539 | METHODS AND SYSTEMS FOR STORAGE OF LARGE DATA OBJECTS - A storage service receives a binary large object (blob) for storage, and the service creates first and second sets of data chunks from the blob. The chunks in the first set together equal the blob, and the service uses one or more encryption keys to encrypt each of the data chunks in the first set. The chunks in the second set also together equal the blob. The service assigns a message authentication code (MAC) to each data chunk in the second set. The service stores the encrypted data chunks in one or more data stores, and it stores the encryption keys and the MACs as metadata in a metadata memory. | 09-25-2014 |
20140298041 | PORTABLE COMPUTING DEVICE WITH METHODOLOGIES FOR CLIENT-SIDE ANALYTIC DATA COLLECTION - A portable computing device with methodologies for client-side analytic data collection are described. In one embodiment, for example, a method performed by a portable computing device having volatile and non-volatile memory includes obtaining a plurality of events to be logged; serializing the events to be logged; storing the serialized events in the volatile memory; encrypting the serialized events to produce serialized and encrypted events; storing the serialized and encrypted events in the non-volatile memory; decrypting the serialized and encrypted events to produce serialized and decrypted events; storing the serialized and decrypted events in the volatile memory; compressing the serialized and decrypted events to produce compressed, serialized, and decrypted events; encrypting the compressed, serialized, and decrypted events to produce encrypted, compressed, and serialized events and storing the encrypted, compressed, and serialized events in the non-volatile memory. | 10-02-2014 |
20140298042 | MEASURING DEVICE, INFORMATION PROCESSOR, KEY MANAGEMENT DEVICE, AND CONSUMPTION CALCULATING SYSTEM - A measuring device has a consumption measurer to measure a consumption of at least one target equipment at every unit time within a predetermined measurement area, a consumption storage to store the measured consumption, a secret key storage to store a secret key shared with a key management device, an encryption key updater to update an encryption key at every predetermined period based on the secret key and time information, an encryption key storage to store the encryption key, an encryptor to generate encrypted data by encrypting the consumption using the encryption key stored in the encryption key storage, an encrypted data storage to store the encrypted data, and a communication controller to control transmission of the encrypted data, which is stored in the encrypted data storage, to a total consumption detecting device. | 10-02-2014 |
20140298043 | MEMORY CHIP - According to one embodiment, a memory chip, which is connected to a controller that controls reading and writing of data in response to a request from an external device, includes: a memory including a special area that is a predetermined data storage area; a key storage unit that stores therein a second key that corresponds to a first key used by the external device to convert the data; a converting unit that receives, from the controller, data to be written into the special area and generates converted data by converting the data to be written using the second key; and a writing unit that writes the converted data into the special area. | 10-02-2014 |
20140304524 | SYSTEM AND METHOD FOR ENCRYPTING SECONDARY COPIES OF DATA - A system and method for encrypting secondary copies of data is described. In some examples, the system encrypts a secondary copy of data after the secondary copy is created. In some examples, the system looks to information about a data storage system, and determines when and where to encrypt data based on the information. | 10-09-2014 |
20140304525 | KEY/VALUE STORAGE DEVICE AND METHOD - One embodiment of the invention relates to a key/value storage device. The key/value storage device includes a storage medium for storing data, a network interface for receiving commands sent by multiple servers, and a controller. The controller processes a put command from a server to store a binary data object on the storage medium. The put command passes a key associated with the binary data object, and returns a unique digest of the binary data object to the server via the network interface. Another embodiment relates to a storage drive. The storage drive includes a network interface for receiving, and a controller for processing, multiple commands from multiple servers. Other embodiments, aspects and features are also disclosed. | 10-09-2014 |
20140304526 | DATA DEDUPLICATION IN A DISPERSED STORAGE SYSTEM - An efficient data deduplication method for use in a dispersed storage network (DSN). After a data object is received for storage in the DSN, it is determined whether a substantially identical data object has previously been encrypted and stored. The determination may be made, for example, by comparing an encryption key reference value relating to the data object to key reference information stored in DSN memory. If not detected, the data object is encrypted using an encryption key based on the data object. The encrypted data object is then compressed and stored. The encryption key and a key reference value are also stored as encoded key slices in DSN memory. If the data object was previously stored, it is encrypted using a retrieved encryption key that is substantially identical to the data object. The data object may then be compressed for storage using a pattern based data compression function. | 10-09-2014 |
20140304527 | EFFICIENT MEMORY UTILIZATION IN A DISPERSED STORAGE SYSTEM - A method for improving memory utilization in a dispersed storage network (DSN). After a data object is received for storage in the DSN, it is determined whether a substantially identical data portion of the data object has previously been encrypted and stored. The determination may be made, for example, by comparing a portion reference value relating to the data object to portion reference information stored in DSN memory. If not detected, the data object is encrypted using an encryption pattern sequence and encryption key, at least one of which substantially identical to at least a portion of the data portion. The encrypted data object is then compressed using a pattern based data compression function, and the compressed data object is stored. The portion reference value is also stored in DSN memory. | 10-09-2014 |
20140310534 | DATA SCRAMBLING IN MEMORY DEVICES USING COMBINED SEQUENCES - A method for data storage includes generating a first scrambling sequence and a second scrambling sequence that is different from the first scrambling sequence. A combined sequence, which is equal to a bit-wise XOR between the first and second scrambling sequences, is generated. Data is copied from a first location in a memory in which the data is scrambled using the first scrambling sequence, to a second location in the memory in which the data is to be scrambled using the second scrambling sequence, by reading the data from the first location, scrambling the read data using the combined sequence, and then storing the data in the second location. | 10-16-2014 |
20140310535 | Electronic Device with Flash Memory Component - Electronic device ( | 10-16-2014 |
20140310536 | STORAGE DEVICE ASSISTED INLINE ENCRYPTION AND DECRYPTION - Various features pertain to inline encryption and decryption. In one aspect, inline read/write operations are performed by configuring an off-chip storage device to provide parameters to facilitate inline encryption/decryption of data by a host storage controller of a system-on-a-chip (SoC.) The parameters provided by the storage device to the host storage controller include an identifier that is the same for read and write operations for a particular block of data but differs from one block of data to another. The host storage controller employs the parameters as initial vectors to generate encryption keys for use in encrypting/decrypting data. Exemplary read and write operations of the host storage controller and the off-chip storage device are described herein. Examples are also described wherein the parameters are obtained from host memory rather than from the storage device. | 10-16-2014 |
20140317419 | SECURE COMPUTING - Techniques and logic are presented for encrypting and decrypting programs and related data within a multi-processor system to prevent tampering. The decryption and encryption may be performed either between a system bus and a processor's individual L1 cache memory or between a processor's instruction and execution unit and their respective L1 caches. The logic may include one or more linear feedback shift registers (LFSRs) that may be used for generation of unique sequential address related codes to perform the decryption of instructions and transformation logic that may be used for generation of equivalent offset address related codes to perform decryption and encryption of data. The logic may also be programmable and may be used for test purposes. | 10-23-2014 |
20140317420 | ENCRYPTED DATA STORAGE APPARATUS - The present invention relates to a secure memory storage system. In particular there is a data storage device having a receiver for receiving data, an encrypted persistent memory to store received data and a transmission control device physically independent of the data storage device. The apparatus is arranged such that when a connection between the transmission control device and the data storage device is established, transmission of data between the data storage device and a further device (e.g. a PC) is enabled. Wireless connection between the transmission control device and data storage device is not established, and transmission of data between the data storage device and the further device (e.g. PC) is non-enabled. The transmission control device therefore controls data transfer between the data storage device and the further device. | 10-23-2014 |
20140317421 | DATA STORAGE SYSTEM AND METHOD BY SHREDDING AND DESHREDDING - A system and method for data storage by shredding and deshredding of the data allows for various combinations of processing of the data to provide various resultant storage of the data. Data storage and retrieval functions include various combinations of data redundancy generation, data compression and decompression, data encryption and decryption, and data integrity by signature generation and verification. Data shredding is performed by shredders and data deshredding is performed by deshredders that have some implementations that allocate processing internally in the shredder and deshredder either in parallel to multiple processors or sequentially to a single processor. Other implementations use multiple processing through multi-level shredders and deshredders. Redundancy generation includes implementations using non-systematic encoding, systematic encoding, or a hybrid combination. Shredder based tag generators and deshredder based tag readers are used in some implementations to allow the deshredders to adapt to various versions of the shredders. | 10-23-2014 |
20140325242 | ENCRYPT DATA OF STORAGE DEVICE - A request from a host is received requesting data from a storage device. Data of the storage device is written into a buffer of the host. The data at the buffer is to be encrypted and written back to the storage device. The requested data of the request is written to the buffer after the encrypted data is written back to the storage device. | 10-30-2014 |
20140331063 | Disrupting Password Attack Using Compression - Methods and systems for disrupting password attacks using compression are described. A user password may be stored on a mobile computing device. The password may be compressed, for example, using a Huffman compression algorithm, and may be subsequently encrypted using a short secret as a key. The user password may be stored as the compressed and encrypted key. The compressed and encrypted password may be stored such that a brute force password attack, for example, using every possible short secret, would reveal too may possible matches to allow an attacker to select the real password. | 11-06-2014 |
20140331064 | KEY REVOCATION IN SYSTEM ON CHIP DEVICES - Methods and apparatus relating to key revocation in system on chip (also referred to as SOC or SoC) devices are described. In an embodiment, a storage device stores an identifier of an Original Equipment Manufacturer (OEM) and key versioning information corresponding to the OEM. At least a portion of the storage device is updated by a security engine in response to a determination that a first OEM key has been replaced with a second OEM key. Other embodiments are also claimed and described. | 11-06-2014 |
20140331065 | SECURING A DATA SEGMENT FOR STORAGE - A method begins by a dispersed storage (DS) processing module encrypting a data segment utilizing an encryption key to produce an encrypted data segment and performing a deterministic function on the encrypted data to produce a transformed representation of the encrypted data. The method continues with the DS processing module masking the encryption key utilizing the transformed representation of the encrypted data to produce a masked key, partitioning the masked key into a plurality masked key partitions, partitioning the encrypted data segment into a plurality of encrypted data segment partitions, and combining the plurality of masked key partitions with the plurality of encrypted data segment partitions to produce a plurality of combined partitions. For a combined partition of the plurality of combined partitions, the method continues with the DS processing module encoding the combined partition using a dispersed storage error coding function to produce a set of encoded data slices. | 11-06-2014 |
20140337640 | VIRTUAL ZEROISATION SYSTEM AND METHOD - A system for protecting data includes a virtual zeroisation device which receives data to be encrypted and key material for encrypting the data. The key material is stored in a storage device. As the encryption unit encrypts the data using the key material, the encrypted data is stored in the storage device and overwrites the key material. | 11-13-2014 |
20140337641 | SYSTEM AND METHOD FOR PROVIDING DATA INTEGRITY - Systems and methods for providing data integrity for stored data are disclosed. A method may include, in connection with the receipt of a read command at a storage resource, reading a data block from the storage resource, the data block including a data field, a data integrity field indicating the integrity the data field, and an encryption indicator field indicating whether the data block is encrypted with a current cryptographic key for the storage resource. The method may further include determining whether the data field is encrypted with the current cryptographic key based at least on the encryption indicator field. The method may additionally include returning at least a portion of the data block in reply to the read command in response to determining that the data field is encrypted with a cryptographic key other than the current cryptographic key. | 11-13-2014 |
20140344586 | SECURE DIGITAL DOWNLOAD STORAGE DEVICE - A secure USB flash drive employing digital rights management to implement secure digital media storage such as that provided by encrypted storage utilizing content protection for recordable media (CPRM) or the like. Unlike a secure digital card which provides such protection, it does not need an SD card port which is CPRM enabled, or alternatively a reader adapted for use therewith. The form factor can be that of a standard USB flash drive and a standard USB connector is employed making the device and its use familiar and comfortable to the average consumer. | 11-20-2014 |
20140351604 | ELECTRONIC DEVICE AND ENCRYPTION CONTROL METHOD - According to at least one embodiment, an electronic device includes a storage comprising a plurality of sectors and a processor configured to encrypt data in the plurality of sectors of the storage. The processor is configured to cause to be stored in a storage area address information indicating a defective sector from which data cannot be read, when the defective sector is detected during encryption. | 11-27-2014 |
20140351605 | SYSTEM AND METHOD FOR WIPING ENCRYPTED DATA ON A DEVICE HAVING FILE-LEVEL CONTENT PROTECTION - Disclosed herein are systems, methods, and non-transitory computer-readable storage media for erasing user data stored in a file system. The method includes destroying all key bags containing encryption keys on a device having a file system encrypted on a per file and per class basis, erasing and rebuilding at least part of the file system associated with user data, and creating a new default key bag containing encryption keys. Also disclosed herein is a method of erasing user data stored in a remote file system encrypted on a per file and per class basis. The method includes transmitting obliteration instructions to a remote device, which cause the remote device to destroy all key bags containing encryption keys on the remote device, erase and rebuild at least part of the file system associated with user data, and create on the remote device a new default key bag containing encryption keys. | 11-27-2014 |
20140351606 | POLICY DRIVEN CLOUD STORAGE MANAGEMENT AND CLOUD STORAGE POLICY ROUTER - Techniques are disclosed for a policy driven cloud storage management broker and a cloud storage policy router, along with methods for registering tenant applications with the cloud storage management broker and for sending (and retrieving) files to/from a cloud storage service. A tenant application may be configured to generate a user interface that allows a user to specify metadata to associate with a file along with a link to a cloud storage service to which the file is uploaded. The tenant application may collect and store the metadata attributes (along with a reference to the file stored in the cloud) in an enterprise database, while the file itself may be transmitted to the cloud storage service directly. The cloud storage policy router may learn the capabilities of different cloud storage providers using an advertisement routing protocol. | 11-27-2014 |
20140351607 | REMOVABLE, ACTIVE, PERSONAL STORAGE DEVICE, SYSTEM AND METHOD - A storage device is configured to communicate with a host device over a Bluetooth connection. The storage device includes a flash memory, a processor, and a Bluetooth controller. The memory stores at least one permission for determining access to the memory. The processor manages access to the memory, independently of the host device, based on a comparison of a request at the removable storage device to access the memory to at least one permission. The comparison is independent, requiring no management by an operating system of the host device, such that if the at least one permission includes a particular access type that matches the access requested in the request, the processor provides access to the memory. | 11-27-2014 |
20140365785 | MIGRATION OF ENCRYPTED DATA FOR DATA STORAGE SYSTEMS - Systems and methods for compression, formatting, and migration of data for data storage systems are disclosed. In some embodiments, data repacking can be used in any situation where embedded metadata needs to be accessed, such as during data migration, and where the underlying data is encrypted. In some embodiments, performance is increased because encrypted data is repacked without first performing decryption. In addition, data may also be compressed and repacking can be performed without performing decompression. Advantageously, there is no need to retrieve or wait for the availability of encryption key (or keys) or expand resources in decrypting (and decompressing) data before repacking it and encrypting repacked data. Available capacity for storing user data, reliability, and performance of the data storage system can be increased. | 12-11-2014 |
20140365786 | COMMUNICATION DEVICE, COMMUNICATION METHOD, COMPUTER PROGRAM PRODUCT, AND COMMUNICATION SYSTEM - According to an embodiment, a communication device includes an acquirer and a determiner. The acquirer is configured to acquire a first history value for each of one or more applications that use an encryption key. The first history value indicates a history value of a volume of the encryption key used by the each of one or more applications. The determiner is configured to determine a volume of the encryption key to be assigned to the corresponding application, according to the first history value. | 12-11-2014 |
20140380063 | INFORMATION PROCESSING DEVICE, INFORMATION STORAGE DEVICE, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - Provided is an information storage device including a storage unit configured to store encrypted content and an encryption key to be applied to decryption of the encrypted content, wherein the storage unit stores a converted encryption key generated through an arithmetic operation of the encryption key and an electronic signature that is constituent data of an encrypted content signature file set corresponding to the encrypted content, wherein the electronic signature is an electronic signature for data that includes constituent data of the encrypted content and the encryption key, and wherein a reproduction device configured to read the encrypted content from the storage unit and execute a decryption process is able to be caused to perform acquisition of the encryption key through an arithmetic operation of applying the electronic signature to the converted encryption key. | 12-25-2014 |
20140380064 | DELETING ENCODED DATA SLICES IN A DISPERSED STORAGE NETWORK - A method begins by a dispersed storage (DS) processing module receiving a request regarding at least a portion of corresponding encoded data slices, wherein a collection of encrypted and encoded data slices of a plurality of collections of encrypted and encoded data slices includes a common data aspect, wherein encrypted and encoded data slices of the collection of encrypted and encoded data slices are produced by individually encrypting corresponding encoded data slices using a common encrypting character string and representations of the corresponding encoded data slices. The method continues with the DS processing module identifying the common encrypting character string of the corresponding encoded data slices. When the request is to delete the corresponding encoded data slices, the method continues with the DS processing module obfuscating the common encrypting character string in a local memory such that the collection of encrypted and encoded data slices are effectively incomprehensible. | 12-25-2014 |
20150012758 | System, Method, and Device for Delivering Communications and Storing and Delivering Data - A system, method, and device includes a platform data storage that stores a wrap that secures an executable controller and executable sensors. The wrap is verified, optionally through a downloaded authentication driver. After verifying the wrap, the wrap is opened and a sister of the executable controller is installed into the platform memory to cooperate with the executable controller. Additionally or alternatively, the authentication driver may cooperate with the executable controller. The executable controller allows the platform processor to access data secured in a vault and/or verify the platform to create a connection to a connection server. | 01-08-2015 |
20150019879 | Optimal Re-Encryption Strategy for Joins in Encrypted Databases - Methods, systems, and computer-readable storage media for selecting columns for re-encryption in join operations. In some implementations, actions include determining a first column and a second column to be joined, receiving a first key corresponding to the first column and a second key corresponding to the second column, receiving a first rank associated with the first key and a second rank associated with the second key, selecting the second column for re-encryption based on the first rank and the second rank, and providing the first column, the second column, and the first key for performing a join operation, the second column being re-encrypted based on the first key. | 01-15-2015 |
20150019880 | ELECTRONIC DEVICE, SYSTEM FOR PAIRING ELECTRONIC DEVICES AND METHOD FOR PAIRING ELECTRONIC DEVICES - An electronic device includes: a data acquiring unit configured to detect an encryption apparatus in a preset distance range and to read preset data in the detected encryption apparatus; a data storage unit configured to store the preset data; and a connection establishing unit configured to establish power line communication connections, according to the preset data, with other electronic devices reading and storing the preset data. The disclosure further proposes a system for pairing electronic devices and a method for pairing electronic devices. With the technical solutions of the invention, power line communication connections between the electronic devices can be established rapidly, conveniently and more accurately. | 01-15-2015 |
20150019881 | ACCELERATED CRYPTOGRAPHY WITH AN ENCRYPTION ATTRIBUTE - Methods and systems for encrypting and decrypting are presented. In one embodiment, the method comprises encrypting one or more segments of a data with a key. The data is associated with at least one encryption attribute and having a plurality of segments. The encryption attribute includes information to identify one or more segments of the data to encrypt. The method further comprises encrypting the encryption attribute and storing the data including the partly encrypted data and the encrypted encryption attribute. | 01-15-2015 |
20150026484 | SMART STORAGE DEVICE - A smart storage device can have a smart-card portion with access control circuitry and integrated memory, a controller in selective communication with the smart-card portion, and a memory device in communication with the controller. The memory device can be separate from the smart-card portion and can store one or more smart-card applications. | 01-22-2015 |
20150033035 | Apparatus and Method for Accessing an Encrypted Memory Portion - An apparatus for accessing an encrypted memory portion of a memory is provided. The apparatus includes a plurality of signature generators, wherein each signature generator of the plurality of signature generators is configured to generate a signature of a plurality of signatures depending on an instruction of a plurality of instructions, wherein each of the plurality of instructions is a processor instruction for controlling a processor. Moreover, the apparatus includes a key modifier for generating a processed key depending on a standard key and on the plurality of signatures. Furthermore, the apparatus includes a controller for accessing the encrypted memory portion of the memory, wherein the memory access controller is configured to employ the processed key to access the encrypted memory portion of the memory. | 01-29-2015 |
20150033036 | SECURING BACKING STORAGE DATA PASSED THROUGH A NETWORK - Techniques described herein generally relate to methods, data processing devices and computer readable media to ensure that data stored in a remote backing storage device are in encrypted form before that data is transferred to another device or over a network. In some examples, the methods, data processing devices and computer readable media may be arranged to encrypt the data passed to the network when the data stored in the backing storage device is in unencrypted form. Also disclosed are methods, data processing devices and computer readable media that identify when the data stored in the backing storage device is in unencrypted form, including methods that may detect that the data may appear to be in encrypted form as a result of the data being compressed. | 01-29-2015 |
20150033037 | KEY ROTATION FOR A MEMORY CONTROLLER - Systems, methods, and other embodiments associated with rotating keys for a memory are described. According to one embodiment, a memory system comprises a memory controller configured to control access to a memory and to process memory access requests. Rrekeying logic is configured to rotate a first key that was used to scramble data in the memory and re-scramble the data with a second key by: determining when the memory controller is in an idle cycle and performing a rekeying operation on a portion of the memory during the idle cycle, and pausing the rekeying operation when the memory controller is not in an idle cycle to allow memory access requests to be performed and resuming the rekeying operation during a next idle cycle. | 01-29-2015 |
20150033038 | METHODS, APPARATUS, AND SYSTEMS FOR SECURE DEMAND PAGING AND OTHER PAGING OPERATIONS FOR PROCESSOR DEVICES - A secure demand paging system ( | 01-29-2015 |
20150033039 | SECTOR MAP-BASED RAPID DATA ENCRYPTION POLICY COMPLIANCE - To comply with a policy for a computing device indicating that data written by the computing device to the storage volume after activation of the policy be encrypted, a sector map is accessed. The sector map identifies one or more sectors of a storage volume and also identifies, for each of the one or more sectors of the storage volume, a signature of the content of the sector. In response to a request to read the content of a sector, the content of the sector is returned without decrypting the content if the sector is one of the one or more sectors and the signature of the content of the sector matches the signature of the sector identified in the sector map. Otherwise, the content of the sector is decrypted and the decrypted content is returned. | 01-29-2015 |
20150039908 | System and Method for Securing A Credential Vault On A Trusted Computing Base - A method for utilizing a secure credential vault on a mobile computing device includes: prompting a user for and receiving from the user a credential vault password; prompting a user for and receiving a near-field communication (NFC) security token from a NFC-enabled device; verifying the credential vault password and the received NFC security token; and opening a secure session with the secure credential vault in response to successful verification. | 02-05-2015 |
20150039909 | COMMAND EXECUTING METHOD, MEMORY CONTROLLER AND MEMORY STORAGE APPARATUS - A command executing method for a memory storage apparatus is provided. The method includes grouping logical addresses into logical address groups and assigning a key for each of the logical address groups independently. The method also includes receiving a write command and write data corresponding to the write command and temporarily storing the write data into a buffer memory. The method further includes executing the write command, enabling a direct memory access once to transfer the write data from the buffer memory to a writable non-volatile memory module of the memory apparatus and encrypting each sector data of the write data with keys corresponding to the logical address groups that the logical address storing the sector data belong to. | 02-05-2015 |
20150039910 | SIDE CHANNEL POWER ATTACK DEFENSE WITH PSEUDO RANDOM CLOCK OPERATION - Apparatus and methods are provided for defending an electronic circuit secret algorithm and secret parameter values against a side-attack. In an example, a method can include receiving first one or more parameters for altering a clock signal of the electronic device at a non-volatile memory register, and altering a frequency of the clock signal of the electronic device during execution of an authentication routine according to the first one or more parameters. | 02-05-2015 |
20150039911 | COMPLIMENTARY BIT SLICING SIDE CHANNEL ATTACK DEFENSE - This document discusses, among other things, systems and methods to communicate data over a data bus during a first period of a clock signal with a uniform power distribution, including providing a complimentary bit state of the data during a first portion of the first period of the clock signal and providing an actual bit state of the data during a second portion of the first period of the clock signal. In an example, the first period can include first, second, third, and fourth portions, and the systems and methods can include providing a complimentary bit state of the data during first and fourth portions of the first period of the clock signal and an actual bit state of the data during a second portion of the first period of the clock signal. | 02-05-2015 |
20150039912 | Homomorphic Database Operations Apparatuses, Methods and Systems - The HOMOMORPHIC DATABASE OPERATIONS APPARATUSES, METHODS AND SYSTEMS (“HEDO”) transform transaction storage requests and homomorphic model queries using HEDO components into homomorphic model query results. In some implementations, the disclosure provides a processor-implemented method of securely querying a shared homomorphically encrypted data repository and performing cross-table homomorphic joins. | 02-05-2015 |
20150052369 | Local Keying for Self-Encrypting Drives (SED) - A method and system self encrypts a disk storage device. Given a plurality of data storage devices, the system establishes an encryption key for the plurality of data storage devices. The system locally stores the encryption key in a piecewise manner throughout the plurality of data storage devices such that the encryption key is rendered undeterminable with less than a threshold subset of the plurality of data storage devices. This results in the plurality of data storage devices being self encrypting. Upon an increase or decrease in the plurality, the system resplits the encryption key and locally stores the resulting pieces throughout the changed (increased/decreased) plurality of data storage devices. This renders the encryption key undeterminable with less than a new or revised threshold each time the plurality is changed. | 02-19-2015 |
20150052370 | Cascaded Data Encryption Dependent on Attributes of Physical Memory - Apparatus and method for providing data security through cascaded encryption. In accordance with various embodiments, input data are encrypted in relation to a first auxiliary data value to provide first level ciphertext. The first level ciphertext are encrypted using a second auxiliary data value associated with a selected physical location in a memory to produce second level ciphertext, which are thereafter stored to the selected physical location. In some embodiments, migration of the stored data to a new target location comprises partial decryption and re-encryption of the data using a third auxiliary data value associated with a new target physical location to produce third level ciphertext, and the storage of the third level ciphertext to the new target physical location. | 02-19-2015 |
20150058640 | SYSTEM AND METHOD FOR RECOVERY KEY MANAGEMENT - A system and method for managing the recovery key of a computer system is disclosed. The computer system includes a security layer, and the recovery key is stored locally to a memory location on the computer system, including, as examples, flash memory on the motherboard of the computer system or a USB port on the computer system. In operation, when it becomes necessary for the computer system to authenticate the recovery key, the recovery key may be retrieved from the local memory. The retrieval and storage of the recovery key may be managed by a remote administrator. The recovery key may be stored in a hidden partition in the storage location, and the recovery key may be cryptographically wrapped to add an additional layer of security. | 02-26-2015 |
20150067353 | STORAGE MANAGEMENT DEVICE AND STORAGE MANAGEMENT METHOD - A storage management method includes: determining whether receives a creation request for creating a group storage space from one user group, wherein the creation request comprises an identity of the user group and a request size of the group storage space. Assigning a group storage space with the request size to the user group and assigning a corresponding storage gateway address to the user group. Setting an administrator identity of the group storage space and permissions of an administrator with the administrator identity. In addition, creating or deleting sub-group storage spaces and personal storage spaces in the group storage space in response to operations of the administrator. | 03-05-2015 |
20150067354 | STORAGE MANAGEMENT DEVICE AND STORAGE MANAGEMENT METHOD - A storage management method includes: verifying an identity of the user in response to a login operation of the user to login a group storage space; determining storage spaces to which the user has access permission according to the identity of the user when the user is an authorized user; obtaining a group secret key of the user group that the user belongs to when the user stores data to a target storage space and encrypting the data by using the group secret key; and storing the encrypted data to the target storage space. | 03-05-2015 |
20150067355 | SECURE MEMORY CONTROL PARAMETERS IN TABLE LOOK ASIDE BUFFER DATA FIELDS AND SUPPORT MEMORY ARRAY - Techniques and apparatus for utilizing bits in a translation look aside buffer (TLB) table to identify and access security parameters to be used in securely accessing data are provided. Any type of bits in the TLB may be used, such as excess bits in a translated address, excess attribute bits, or special purpose bits added specifically for security purposes. In some cases, the security parameters may include an index into a key table for use in retrieving a set of one or more keys to use for encryption and/or decryption. | 03-05-2015 |
20150074425 | System and Method for Encrypted Disk Drive Sanitizing - A system and method for first changing the encryption key on a self-encrypting disk drive followed by a complete disk wipe. Either process can be separately performed, and they can be performed in any order. In fact, one embodiment of the invention, resets the symmetric key, wipes the disk a predetermined number of times with different predetermined data patterns, and then resets the key a second time. This assures that there is absolutely no way to recover the original key or to read the original plain text data, even if some of it's encrypted values remain on unallocated tracks after wiping. A user can be assured that in milliseconds after starting the wiping process, the entire disk is rendered unreadable and unrecoverable. | 03-12-2015 |
20150074426 | Generating and Using an Enhanced Initialization Vector - Embodiments for generating and using an enhanced initialization vector are disclosed. In one embodiment, data and a record identifier to which the data is to be written are received. An initialization vector for encrypting the data is then generated. The initialization vector is based on the record identifier and a value that changes every time that the record identifier is to be written to. The value can be generated, for example, by a counter that increments every time the record identifier is to be written to or by a random number generator that generates a random number every time the record identifier is to be written to. In some embodiments, the generated initialization vector is also based on a second value, such as, for example, a value that is shared by other storage modules or a value that is unique to the storage module. | 03-12-2015 |
20150074427 | SYSTEM AND METHOD TO SECURE ON-BOARD BUS TRANSACTIONS - A technique for securing on-board bus transactions in a computing device is discussed. A shared key is generated and then programmed into the read-only non-volatile write-once storage of two on-board components. The shared key may be generated during the manufacturing process. Once complete, all transactions between the two on-board components are encrypted by the components using the shared key without exposing the key on any external bus. | 03-12-2015 |
20150074428 | SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems and methods for encrypting a plaintext logical data object for storage in a storage device operable with at least one storage protocol, creating, reading, writing, optimization and restoring thereof. Encrypting the plaintext logical data object comprises creating in the storage device an encrypted logical data object comprising a header and one or more allocated encrypted sections with predefined size; encrypting one or more sequentially obtained chunks of plaintext data corresponding to the plaintext logical data object thus giving rise to the encrypted data chunks; and sequentially accommodating the processed data chunks into said encrypted sections in accordance with an order said chunks received, wherein said encrypted sections serve as atomic elements of encryption/decryption operations during input/output transactions on the logical data object. | 03-12-2015 |
20150074429 | System and Method for Secure Distribution and/or Storage of Data Files with Long Term File Integrity Verification - Systems and methods for securely uploading, distributing, managing and/or storing any type of data file within a subscriber-based system maintained by a third party administrator are disclosed. The subscriber-based system acts as an electronic repository to ensure that data files remain intact, secure, and unaltered from their original form. Systems and methods for long term verification of data file integrity using checksum records stored in a public checksum directory are also disclosed. | 03-12-2015 |
20150074430 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. | 03-12-2015 |
20150082053 | INFORMATION PROCESSING APPARATUS AND PROGRAM EXECUTION METHOD - According to one embodiment, an information processing apparatus includes a processor, a main memory, and a memory controller. The memory controller executes an access restriction for each memory region. A first program decodes a protected program which was encrypted in a secure mode. The first program places the protected program which was decoded in a memory region. A second program executes the protected program in a secure mode. The processor places a code region and a protected data region in the protected program which was decoded in a memory region having an access restriction by using the first program. When an access to the protected data region is confirmed, the processor confirms by using the second program that the access is caused by a command from the code region placed by the first program, and then, executes the command. | 03-19-2015 |
20150082054 | System and Method for Establishing a Secure Digital Environment - Systems and methods for providing secure data using a two-layered security mechanism. The systems and methods generate key data based on received input and generate a hash for a given key. The generated hash is utilized as an asymmetric or symmetric encryption key for encrypting data and is simultaneously used as an identifier for subsequent identification and retrieval. | 03-19-2015 |
20150089244 | DATA SECURITY USING REQUEST-SUPPLIED KEYS - Requests are submitted to a request processing entity where the requests include a cryptographic key to be used in fulfilling the request. The request processing entity, upon receipt of the request, extracts the key from the request and uses the key to perform one or more cryptographic operations to fulfill the request. The one or more cryptographic operations may include encryption/decryption of data that to be/is stored, in encrypted form, by a subsystem of the request processing entity. Upon fulfillment of the request, the request processing entity may perform one or more operations to lose access to the key in the request, thereby losing the ability to use the key. | 03-26-2015 |
20150089245 | DATA STORAGE IN PERSISTENT MEMORY - Embodiments include systems, methods, and apparatuses associated with storing data in a persistent memory are disclosed herein. In embodiments, a memory controller may be configured to encrypt data with an encryption key, and the encrypted data may be stored in persistent memory. The memory controller may be further configured to alter and/or destroy the encryption key in response to a reset event. Other embodiments may be disclosed and/or claimed. | 03-26-2015 |
20150089246 | INFORMATION PROCESSING APPARATUS AND COMPUTER PROGRAM PRODUCT - According to an embodiment, an information processing apparatus includes a secure OS, a non-secure OS, and a monitor. The monitor is configured to switch between the OSs. The secure OS includes a memory protection setting controller, a processing determination controller, and a secure device access controller. The memory protection setting controller is configured to set a protection address in a memory for each certain processing. The processing determination controller is configured to receive an access type, a physical address of an access destination, and data to be written, acquire a list of processing, and determine a type of processing to be performed. The secure device access controller is configured to receive the access type, the physical address of an access destination, and data to be written, and access a peripheral identified by the physical address. | 03-26-2015 |
20150089247 | STORAGE MEDIUM HAVING SECURITY FUNCTION AND SECURITY METHOD THEREOF - A security method based on a memory unit for a user is provided. The security method includes receiving, from a server, a security code including a security service command for the user terminal and verification information certifying the security service command; determining whether the received verification information matches verification information stored in the memory unit; and performing, by the memory unit, a security action corresponding to the security service command, when the received verification information matches the stored verification information. | 03-26-2015 |
20150095661 | Flexible Memory Addressing For Data Security - Regions of system memory in a computer system are managed to maintain privacy and integrity of data. A system address space for memory is divided into a plurality of aliased addressed spaces. Each of the aliased address spaces is associated with its own unique encryption key. The system address space is managed using the aliased address spaces to provide data isolation and privacy for different system processes. One or more aliased address spaces can be provided with additional data integrity capabilities. Data associated with an integrity-checked aliased address space is subjected to data integrity checking, using authentication-based techniques such as hashing, for example. Additionally, a set of contiguous addresses in the aliased address space is defined, while being mapped to a set of non-contiguous addresses in the corresponding physical address space for additional data security. | 04-02-2015 |
20150095662 | METHOD FOR SECURING CONTENT IN DYNAMICALLY ALLOCATED MEMORY USING DIFFERENT DOMAIN-SPECIFIC KEYS - A method operational within a memory controller is provided for securing content stored in memory. The memory controller may allocate logical memory regions within a memory device to different domains. A different domain-specific key is obtained for each of the different domains, where each domain-specific key is a function of at least a master key and domain-specific information. During write operations, content/data is encrypted, at the memory controller, as it is written into each logical memory region using a domain-specific key corresponding to a domain providing the content and to which the logical memory region is allocated. Similarly, during read operations, content/data is decrypted, at the memory controller, as it is read from each memory region using a domain-specific key corresponding to a domain requesting the content and to which the logical memory region, where the content is stored, is allocated. | 04-02-2015 |
20150095663 | DATA PROCESSING METHOD, MEMORY STORAGE DEVICE AND MEMORY CONTROL CIRCUIT UNIT - A data processing method, a memory storage device, and a memory control circuit unit are provided. Here, each physical address corresponds to one flag. The data processing method includes: receiving a reading command; reading first data stored in the physical addresses of a physical programming unit; determining whether a first flag in the physical programming unit is in a first status or a second status; transmitting decrypted first data or decrypted specific-format data to a host system according to whether the first flag is in the first status or the second status. Accordingly, the encryption operation may be simplified. | 04-02-2015 |
20150095664 | ENCRYPTED DATABASE SYSTEM, LINKING METHOD, AND MEDIUM - This encrypted database system is constituted by the connection of client terminal, which encrypts and outputs a first table having row a and row b data that has been input and a second table having row c data by means of a secret key stored in advance and sends a partial connection command that connects the row b and row c as a key for data in which the value for row a is greater than or equal to p and less than q in this table to the outside with a range search key generated from the secret key, and an encrypted database server, which receives and records the encrypted first and second tables, extracts data for each in which the values for row a from the encrypted first and second tables are greater than or equal to p and less than q using the range search key, and connects and returns row b and row c for this extracted data as a key. | 04-02-2015 |
20150100795 | Secure Storage Devices, Authentication Devices, and Methods Thereof - Various devices may benefit from enhanced security. For example, secure storage devices and authentication devices may benefit from security that permits isolation of the devices from the operating system and data ports of a host computer. An apparatus can include a first interface configured to connect to a non-volatile storage device. The apparatus can also include circuitry configured to supply an encryption key over the first interface to decrypt data on the non-volatile storage device. The first interface is configured to connect directly to the non-volatile storage device. | 04-09-2015 |
20150100796 | FLEXIBLE ARCHITECTURE AND INSTRUCTION FOR ADVANCED ENCRYPTION STANDARD (AES) - A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers. | 04-09-2015 |
20150100797 | FLEXIBLE ARCHITECTURE AND INSTRUCTION FOR ADVANCED ENCRYPTION STANDARD (AES) - A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers. | 04-09-2015 |
20150100798 | FLEXIBLE ARCHITECTURE AND INSTRUCTION FOR ADVANCED ENCRYPTION STANDARD (AES) - A flexible aes instruction set for a general purpose processor is provided. The instruction set includes instructions to perform a “one round” pass for aes encryption or decryption and also includes instructions to perform key generation. An immediate may be used to indicate round number and key size for key generation for 128/192/256 bit keys. The flexible aes instruction set enables full use of pipelining capabilities because it does not require tracking of implicit registers. | 04-09-2015 |
20150106631 | SECURING A DEVICE AND DATA WITHIN THE DEVICE - Systems and methods are provided for securing a self-securing device and information that is stored in memory within the device. The self-securing device comprising a processor unit and memory external to the processor unit. The processor unit contains a processor and processor unit memory. Upon initialization of the self-securing device, the processor unit determines whether a secure key is stored in the processor unit memory. If no secure key is stored, then the processor unit generates a secure key and stores it in the processor unit memory. The processor unit uses the secure key to decrypt information read from the memory external to the processor unit and to encrypt information to be stored in memory external to the processor unit. | 04-16-2015 |
20150106632 | METHOD FOR STORING DATA IN A RELATIONAL DATABASE AND RELATIONAL DATABASE SERVER - The invention relates to a method for storing data in a relational database, comprising a plurality of tables, wherein the data is stored in these tables, wherein each row of each table is provided with an original primary key for identification, and wherein foreign keys are provided for cross-referencing different tables of the relational database, wherein the primary keys are encrypted, wherein the foreign keys are encrypted based on the encrypted primary keys and wherein for each table where a primary key is referenced as a foreign key an encrypted pointer is stored to link the corresponding encrypted foreign key to the encrypted primary key. The present invention further relates to a relational database server. | 04-16-2015 |
20150106633 | System and Method for General Purpose Encryption of Data - Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, and an encryption accelerator communicatively coupled to the processor. The encryption accelerator may be configured to encrypt and decrypt information in accordance with a plurality of cryptographic functions, receive a command from the processor to perform an encryption or decryption task upon data associated with an input/output operation, and in response to receiving the command, encrypt or decrypt the data associated with the input/output operation based on a particular one of the plurality of cryptographic functions. | 04-16-2015 |
20150113291 | CYPTOGRAPHIC BRANDING OF DATA CONTAINERS - Embodiments described are generally directed to ensuring a data storage device originated from a first location. The data storage device including a unique identifier visibly attached to said data storage device and the unique identifier digitally retained by the data storage device. At a first location a first hash of said unique identifier is generated via a hash function. Also at the first location a public key and a private key are created. The first hash is cryptographically signed using the private key. Before sending the data storage device to a second location the cryptographically signed hash is stored to the data storage device along with the public key. At the second location, a second hash of said unique identifier is generated using the same hash function used at the first location. The second hash is compared with a recovered version of the cryptographically signed hash which is decrypted by pairing the cryptographically signed hash with said public key. If the second hash is the same as the recovered first hash the data storage device is validated as originating from the first location. | 04-23-2015 |
20150113292 | CLIENT COMPUTER FOR QUERYING A DATABASE STORED ON A SERVER VIA A NETWORK - The invention relates to a client computer for querying a database stored on a server via a network, the server being coupled to the client computer via the network, wherein the database comprises a set of first relations, wherein each first relation in the set of the first relations comprises first data items, wherein for each first relation the first data items are encrypted with a respective first cryptographic key in the first relation, wherein the first data items form a partially ordered set in each first relation, in each first relation the partial order being formed with respect to the first data items of said first relation in non-encrypted form. | 04-23-2015 |
20150113293 | TRUSTED STORAGE SYSTEMS AND METHODS - Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited. | 04-23-2015 |
20150121088 | METHOD OF MANAGING ALIGNED AND UNALIGNED DATA BANDS IN A SELF ENCRYPTING SOLID STATE DRIVE - An apparatus includes a storage medium and a controller. The storage medium generally stores user data in logical pages. The controller may be configured to encrypt and decrypt user data during write and read operations, respectively. The user data is generally in a plurality of data bands. Each data band is encrypted and decrypted using a unique media encryption key. When a boundary between a pair of data bands is within a logical page, the controller may be configured to create two logical page instances, a first logical page instance storing data from a first data band of the pair of data bands and a second logical page instance storing data from a second data band of the pair of data bands. The first and second logical page instances are encrypted and decrypted using the unique media encryption key of the first and second data bands, respectively. | 04-30-2015 |
20150121089 | SYSTEM AND METHOD FOR COPYING FILES BETWEEN ENCRYPTED AND UNENCRYPTED DATA STORAGE DEVICES - Disclosed are systems, methods and computer program products for copying encrypted and unencrypted files between data storage devices. In one aspect, the system detects a request to copy a file from a first data storage device to a second data storage device, determines one or more parameters of the copied file, the first data storage device and the second data storage device, selects, based on the one or more parameters, a file encryption policy for the copies file, and applies the selected encryption policy to the copied file. | 04-30-2015 |
20150121090 | Method and Apparatus for Secure Execution Using a Secure Memory Partition - A processor capable of secure execution. The processor contains an execution unit and secure partition logic that secures a partition in memory. The processor also contains cryptographic logic coupled to the execution unit that encrypts and decrypts secure data and code. | 04-30-2015 |
20150127956 | STORED DEVICE WITH PARTITIONS - A storage device includes a disk controller and a non-volatile memory coupled to the disk controller and operable to save one or more passwords. The storage device further includes a media with more than one partition, the disk controller making each partition to be accessible to one or more users based on the saved one or more passwords. | 05-07-2015 |
20150143134 | SECURE DATA ENCRYPTION IN SHARED STORAGE USING NAMESPACES - A data storage device in a distributed computing system has physical block addresses that are each allocated to multiple namespaces. To access the data storage device, a host system issues a command to the data storage device that includes an access key and a virtual block address to be accessed. The data storage device converts the virtual block address to a physical block address of the data storage device using a mapping associated with the access key. Access to a physical data block associated with a particular namespace is granted only if an access key for that namespace is provided to the data storage device. | 05-21-2015 |
20150143135 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - The present disclosure realizes a structure that can unify the management of the storage block for the encryption key to be used in decrypting encrypted content stored in a memory card. This structure includes: an information processing apparatus that stores content into an information storage device such as a memory card including an access allowed block based on an access right check made on each block, and uses the content; a content usage managing server that provides content usage permission information to the information processing apparatus; and a content correspondence information providing server that provides the encryption key to be used in decrypting the encrypted content stored in the information storage device. The content usage managing server determines the block for storing the encryption key and notifies the content correspondence information providing server of a block identifier that is the identifier of the determined block, and the content correspondence information providing server performs a process to write the encryption key into the block corresponding to the received block identifier. | 05-21-2015 |
20150143136 | DELETION OF CONTENT IN DIGITAL STORAGE SYSTEMS - A data processing and storage apparatus has a hardware security module and a data storage medium storing encrypted data objects and a hierarchical data maintenance structure of encrypted partition tables and hash-nodes forming a rooted tree, where a given partition table comprises a first reference to a given encrypted data object and a first cryptographic key for decryption thereof, where a given hash-node comprises a second reference to a partition tables or hash-node and a second cryptographic key being suitable for decryption thereof, and where the root node is decipherable using a master cryptographic key stored in the hardware security module, the given data object being assigned to the root node via the first and second references of the given partition table and the given hash-nodes forming a set of successive nodes in the rooted tree. | 05-21-2015 |
20150149789 | MEMORY SYSTEM, HOST SYSTEM, AND METHOD OF PERFORMING WRITE OPERATION IN MEMORY SYSTEM - A write operation is performed in a memory system by encoding, in the memory system, original data transmitted from a host system, according to a first type of host command, to produce an encoding result, transmitting information about the encoding result to the host system after the encoding, and writing the encoding result or the original data into a nonvolatile memory device, according to a second host command, wherein the second host command is transmitted from the host system based on the information about the encoding result. | 05-28-2015 |
20150149790 | NONVOLATILE MEMORY AND ELECTRONIC DEVICE - The embodiments of the present invention disclose a nonvolatile memory and an electronic device, where each time the nonvolatile memory is powered on, an exchanger is used to implement a random exchange of at least one address subsignal and its inverted signal in a bank decoder and/or a row decoder in a bank and/or a column decoder in a bank, which causes that data stored before the nonvolatile memory is powered off is interrupted when the nonvolatile memory is powered off and then powered on and that data stored in the nonvolatile memory cannot be read sequentially from original storage addresses to achieve an encrypting effect and increase security of the data stored in the nonvolatile memory. | 05-28-2015 |
20150293748 | Random Number Generator and Method for Generating Random Numbers - A random number generator for generating random numbers using a solid-state memory is proposed. The random number generator includes a determination unit for determining management data stored in the solid-state memory and for managing the solid-state memory during operation. The random number generator also includes a computing unit for calculating a starting value on the basis of the determined management data. The random number generator also includes a generation unit for generating a random number on the basis of the calculated starting value. | 10-15-2015 |
20150293857 | ENCRYPTION KEY STORAGE AND MODIFICATION IN A DATA STORAGE DEVICE - Methods, systems, and devices are described for encryption key storage and modification in a data storage device. A portion of an encryption key may be stored in a first storage medium, and one or more bits of the encryption key may be stored in a one-time writable storage location. Data received at the data storage device may be encrypted using the encryption key, and may be stored in a storage medium. In the event that it is no longer desired to allow users to access the encrypted data stored in the storage medium, the one or more bits of the encryption key stored in a one-time writable storage location may be modified. Such modification thereby prevents decryption of the encrypted data and effectively precludes access to the encrypted data. | 10-15-2015 |
20150293858 | Encrypted Transport Solid-State Disk Controller - Method and apparatus for transferring protected data. In some embodiments, an encrypted transport solid state drive (SSD) has a non-volatile memory and a controller circuit. The controller circuit is configured to, responsive to receipt of a write command from a host device to store an encrypted data set to the non-volatile memory, decrypt the encrypted data set using a first encryption key to generate a decrypted data set, apply lossless compression to the decrypted data set to generate a decrypted compressed data set, encrypt the decrypted compressed data set using a second encryption key to generate an encrypted compressed data set, and to direct storage of the encrypted compressed data set in the non-volatile memory. | 10-15-2015 |
20150294122 | METHOD AND APPARATUS FOR DOWNLOADABLE DRM IN A TRUSTED EXECUTION ENVIRONMENT - An apparatus, system, and method to support downloadable DRM in a trusted execution environment is disclosed. A determination is made whether a platform supports the DRM requirements for protected content and an appropriate DRM module is downloaded if it is required. A DRM coordination agent in the trusted execution environment supports downloading a DRM module. A browser may include features to support utilizing the downloadable DRM module. | 10-15-2015 |
20150294123 | SYSTEM AND METHOD FOR SHARING DATA SECURELY - Embodiments of systems and methods disclosed herein provide simple and effective methods for secure processes to share selected data with other processes, either secure or not, in a safe and secure manner. More specifically, in certain embodiments, systems and methods are disclosed that enable a secure data cache system to write certain data to main memory unencrypted. In other embodiments, systems and methods are disclosed that enable a secure data cache system to write encrypted data from one secure process to main memory, and to enable the decryption of the data by another secure process. In other embodiments, the ownership of data lines in a secure data cache is selectively changed from one process to another, effectively allowing different secure processes to share data. | 10-15-2015 |
20150295711 | Method and System for Verification and Authentication Using Optically Encoded QR Codes - An optical security method for object authentication using photon-counting encryption implemented with phase encoded QR codes. By combining the full phase double-random-phase encryption with photon-counting imaging method and applying an iterative Huffman coding technique, encryption and compression of an image containing primary information about the object is achieved. This data can then be stored inside of an optically phase-encoded QR code for robust read out, decryption, and authentication. The optically encoded QR code is verified by examining the speckle signature of the optical masks using statistical analysis. | 10-15-2015 |
20150302148 | METHOD AND SYSTEM FOR SECURING ELECTRONIC HEALTH RECORDS - A method for securing electronic health records (EHRs). The method includes receiving an EHR for a patient, obtaining patient metadata for the patient, generating a message digest using at least a portion of the patient metadata, extracting from the message digest a derived file name and a file encryption key, encrypting using the file encryption key the EHR to obtain encrypted file content, associating the encrypted file content with the derived file name and decoy file metadata to obtain an encrypted HER, and storing the encrypted EHR in a file directory. | 10-22-2015 |
20150302218 | METHOD AND SYSTEM FOR FILE HIDING - A method for hiding a file. The method includes receiving the file to hide, wherein the file comprises file metadata, and file content, obtaining the file metadata from the file, generating a message digest using at least a portion of the file metadata, extracting, from the message digest, a derived file name and a file encryption key. The method further includes encrypting, using the file encryption key, the file to obtain encrypted file content, associating the encrypted file content with the derived file name and decoy file metadata to obtain an encrypted file, and storing the encrypted file in a file directory. | 10-22-2015 |
20150304105 | Methods and Apparatuses of Processing Sealed Data with Field Programmable Gate Array - The present invention describes a data processing apparatus comprising, at least one field-programmable gate array device, at least one transceiver, at least one storage device wherein said storage device stores at least one key, a key translator in the form of bitstream or reconfigurable circuit wherein said key translator can decrypt an encrypted key, a data sealer wherein said data sealer can encrypt data stored in the field-programmable gate array device or the electronic memory device, and a data unsealer wherein said data unsealer can decrypt data stored in the field-programmable gate array device or the electronic memory device. | 10-22-2015 |
20150304108 | Encryption Key Destruction For Secure Data Erasure - Techniques for encryption key destruction for secure data erasure via an external interface or physical key removal are described. Electrical destruction of key material retained in a memory of a storage device renders the device securely erased, even when the device is otherwise inoperable. The memory (e.g. non-volatile, such as flash) stores key material for encrypting/decrypting storage data for the device. An eraser provides power and commands to the memory, even when all or any portion of the device is inoperable. The commands (e.g. erase or write) enable zeroizing or destroying the key material, rendering data encrypted with the destroyed key material inaccessible, and therefore securely erased. Alternatively, the memory is a removable component (e.g. an external security device or smartcard) coupled to the device during storage operation. Removing and physically destroying the memory renders the device securely erased. The device and/or the memory are sealed to enable tamper detection. | 10-22-2015 |
20150309946 | STORAGE DEVICE, PROTECTION METHOD, AND ELECTRONIC APPARATUS - According to one embodiment, a storage device includes, when power is supplied to a storage unit, counting of an elapsed time is started. If a command is input from a host device, and the elapsed time from input of a previous command to input of a current command is calculated based on time information clocked by the host device and on a counter value counted until the corresponding command is input. Matching of the time information is determined based on a temporal relation between the adding result of adding the calculated elapsed time to the time information included in the previous command and the time information included in the current command. When the mismatching is determined, data in the storage unit is invalidated. | 10-29-2015 |
20150310221 | METHOD AND APPARATUS TO ROTATE DATA ENCRYPTION KEYS IN DATABASES WITH NO DOWN TIME - A database includes a first instance and a second instance. The first and second instances of the database are encrypted with a first encryption key and have content that is synchronized. Database queries from a user computing device are directed to the first instance of the database. A third instance of the database is created from one of the existing two instances of the database. The third instance is decrypted from the first encryption key and is encrypted with a second encryption key. Database queries from the user computing device are redirected from the first instance of the database to the third instance of the database without interrupting service to the user computing device. The process is repeated by creating additional instances of the database, encrypting the additional instances with new encryption keys, and by redirecting database queries to the additional instances of the database. | 10-29-2015 |
20150312253 | Secure Computer Architectures, Systems, and Applications - Secure computer architectures, systems, and applications are provided herein. An exemplary computing system may include a trusted environment having a trusted processor and memory that provides a trusted computing environment that performs computing functions that could expose the computing device to a security risk, and a legacy environment having a secondary processor and memory for providing a legacy computing environment that manages computing functions exposed to unsecure environments. | 10-29-2015 |
20150317255 | Secure Printed Memory - Copyright protection for printed memory is more difficult than writable memory. Accordingly, the present invention discloses a secure printed memory. Its printed-memory module stores the same content data for all devices in a same family; its writable-memory module stores different encryption keys for different devices in the same family. Because different devices in the same family are encrypted with different keys, compromising a single device does not compromise other devices in the family. | 11-05-2015 |
20150324301 | STORAGE CONTROL APPARATUS AND COMPUTER-READABLE STORAGE MEDIUM STORING COMPUTER PROGRAM - A storage unit stores a first control program that includes an encryption program and version information indicating the version number of the encryption program. When backing up configuration data, an operation unit stores encrypted data obtained by encrypting the configuration data, a first part of the encryption program used for the encryption, and the version information in a non-volatile storage medium. After the first control program is updated to a second control program, the operation unit obtains a second part of the encryption program corresponding to the version number registered in the non-volatile storage medium from the second control program, and then generates the encryption program to be used for decrypting the encrypted data stored in the non-volatile storage medium, using the second part and the first part stored in the non-volatile storage medium. | 11-12-2015 |
20150324302 | WHITE BOX ENCRYPTION SYSTEM AND METHOD - A white box encryption device is provided. The device included in a second device among a first device and the second device performing wired or wireless communication, and performing an encryption/decryption operation using a white box encryption table consisting of a look-up table set, includes, a non-volatile memory configured to store an incomplete look-up table set in which at least one look-up table or a portion of entire look-up table is removed, a volatile memory configured to store the incomplete look-up table set received from the non-volatile memory and the at least one look-up table received from the first device at a time of the encryption/decryption operation, and construct a complete look-up table set, and an encryption/decryption operation unit configured to perform the encryption/decryption operation using the complete look-up table set. | 11-12-2015 |
20150324303 | SYSTEMS AND METHODS FOR SECURE HYBRID THIRD-PARTY DATA STORAGE - The disclosed computer-implemented method for secure hybrid third-party data storage may include (1) identifying, at a trusted proxy system, an access request from a client system to access an encrypted file stored under a user account at a third-party storage system, where the requested access requires decryption of the encrypted file, (2) retrieving, from the third-party storage system, (i) the encrypted file and (ii) a decryption key that has been encrypted with a cryptographic key, where an asymmetric key pair designated for the user account includes an encryption key and the encrypted decryption key, (3) decrypting, at the trusted proxy system, the decryption key with the cryptographic key, and (4) using the decryption key to access an unencrypted version of the encrypted file at the trusted proxy system. Various other methods, systems, and computer-readable media are also disclosed. | 11-12-2015 |
20150324613 | METHOD AND APPARATUS FOR PROTECTING BINARY DATA IN NON-VOLATILE MEMORY - A method and an apparatus of protecting binary data stored in non-volatile memory are disclosed herein. The apparatus for protecting binary data in non-volatile memory includes a reception unit, a detection unit, a generation unit, an encryption unit, and a storage unit. The reception unit receives program code. The detection unit detects the binary pattern of binary data constituting the program code by analyzing the received program code. The generation unit generates unique pattern information corresponding to the binary pattern based on the detected binary pattern. The encryption unit encrypts the program code using the generated unique pattern information as a key value. The storage unit stores the encrypted program code in memory. | 11-12-2015 |
20150326546 | Secure Archive - Storage apparatus ( | 11-12-2015 |
20150331811 | SECURE COMPACT FLASH - Methods and apparatus are provided, such as a memory card with a processor and nonvolatile memory coupled thereto. The nonvolatile memory has a secure area configured to store a user password and a serial number in encrypted form. The card is configured to grant access to the secure area when the card receives a password that matches the stored user password and the card is coupled to a system having the serial number. | 11-19-2015 |
20150332058 | METHOD FOR ENCRYPTING A 3D MODEL FILE AND SYSTEM THEREOF - The invention discloses a method for encrypting a 3D model file and system thereof. The system of the invention comprises a data reading module used to read data of the 3D model file; a mesh shifting module for selecting at least one triangle mesh and shifting the coordinates of the vertexes of the selected triangle mesh by a vector; a gap filling module for filling a gap generated from shifting the vertexes of the selected triangle mesh by the vector to generate a revised 3D model file; and a model generating module for storing the revised 3D model file to generate an encrypted 3D model file. Compared to the prior art, the invention provides the users for previewing the 3D model file, and the invention only provides the authorized users for correctly printing the original 3D model. Therefore, the invention can achieve the purpose for encrypting the 3D model file. | 11-19-2015 |
20150340075 | PORTABLE ELECTRONIC DEVICE, PROGRAM, TERMINAL DEVICE AND METHOD OF CONTROLLING DECODING OF DATA - A portable electronic device of an embodiment has a storage section, a storage controller, and a decoding controller. The storage section has a first area to store first corresponding information indicating first identification information to identify data and first decoding information relating to decoding corresponding to the first identification information, and a second area to store second corresponding information indicating second identification information to identify data and second decoding information relating to decoding corresponding to the second identification information. The storage controller stores the second corresponding information in the second area. The decoding controller, when identification information to identify data included in a command received from an outside is included in the second corresponding information stored in the second area, controls decoding of the data included in the command, based on the second decoding information corresponding to the second identification information. | 11-26-2015 |
20150347319 | KERNEL KEY HANDLING - According to one example, a method performed by a computing system includes determining that a size of key data to be stored within a kernel memory is greater than a threshold value. The threshold value is based on a size value associated with maintaining the key data outside of the kernel memory. The method further includes allocating a block of memory within a volatile memory store, the block of memory being outside the kernel memory, storing the key data within the block of memory, and storing, within the kernel memory, a pointer to the key data. | 12-03-2015 |
20150347320 | ENCRYPTION FOR SOLID STATE DRIVES (SSDs) - Disclosed herein are techniques for encrypting data stored on a solid-state drive (SSD) managed by a system (e.g., a computing device). Specifically, the system is configured to track block units of a larger size on the SSD so that a mapping table associated with the SSD can be kept small. After running SSD encryption using the large size block units, the entire SSD can be fully encrypted without requiring clear text to be written onto the SSD subsequent to SSD encryption being activated. Thereafter, the entire SSD can be defragmented to produce a single physical extent of encrypted data. | 12-03-2015 |
20150347365 | SYSTEM AND METHOD FOR DISTRIBUTING CENSORED AND ENCRYPTED VERSIONS OF A DOCUMENT - A portion of a document is altered in response to a user selection input to protect that portion. As a result, an original content provided in the selected portion of the document is not viewable, while original content in other portions of the document are viewable. A copy of the document with the portion unaltered is stored in encrypted form. One or more recipients that are permitted to view the document in its entirety are identified. The copy of the document with the portion unaltered is provided to the one or more recipients. | 12-03-2015 |
20150347767 | DIGITAL MULTI-FUNCTION PERIPHERAL AND DATA PROTECTION METHOD OF EXTERNAL MEMORY - In accordance with one embodiment, a digital multi-function peripheral comprises an interface, a data storage section, a memory and a processor. The interface connects an external memory device. The processor holds the authentication information of a user who connects the external memory device, generates a hash value from the information containing the authentication information of the user who connects the external memory device in a case where the state of connection of the external memory device with the interface meets a data saving condition, stores the data obtained by encrypting the data in the external memory device using the generated hash value in the data storage section, and erases the data in the external memory device. | 12-03-2015 |
20150349967 | ENCRYPTION ENGINE WITH TWIN CELL MEMORY ARRAY - Described are a hardware encryption engine, and secret key registration and authentication system recoverable binary bit using knowing an initial secret key stored in the master system. The secret key is overwritten in each authentication, updating it to the master and encryption engine independently. The secret key over write command can be preferably given to the chip as a CHG, and the non recoverable binary bit from the sense amplifier is used for response. | 12-03-2015 |
20150356028 | STORAGE DEVICE - According to one embodiment, a storage device comprises a cipher processing unit, a memory, and a key processing unit. The cipher processing unit encrypts data using a key. The memory stores the encrypted data. The key processing unit replaces a first key having been used by the cipher processing unit with a second key. The key processing unit comprises a generating unit, a history managing unit, a computing unit, and a comparing unit. The history managing unit converts the first key into first information by an operation and stores the first information. The computing unit converts a candidate key generated by the generating unit into second information by the operation. The comparing unit compares the first information and the second information, and, if the two do not coincide, determines the candidate key as the second key and, if the two coincide, discards the candidate key. | 12-10-2015 |
20150356321 | PROGRAMMABLE INTELLIGENT SEARCH MEMORY ENABLED SECURE DRAM - Systems comprising a processor and a dynamic random access memory (DRAM). The DRAM comprises a programmable intelligent search memory (PRISM). | 12-10-2015 |
20150358299 | COERCED ENCRYPTION ON CONNECTED DEVICES - Techniques for coercing users to encrypt synchronized content stored at their personal computing devices. In some aspects, one or more computing devices receive, from a personal computing device, an indication of whether data stored in at least a portion of a storage device of the personal computing device is protected by disk encryption. In response to determining, based on the indication, that the portion of the storage device is not protected by encryption, synchronization data for synchronizing a copy of one or more synchronized content items stored in the portion of the storage device with another copy of the synchronized content items stored at one or more server computing devices is withheld from the personal computing device until disk encryption on the personal computing device is enabled so as to coerce the user to enable disk encryption on the personal computing device. | 12-10-2015 |
20150363332 | HARDWARE PROTECTION OF INLINE CRYPTOGRAPHIC PROCESSOR - A real time, on-the-fly data encryption system is shown operable to encrypt and decrypt the data flow between a secure processor and an unsecure external memory system. Multiple memory segments are supported, each with it's own separate encryption capability, or no encryption at all. Data integrity is ensured by hardware protection from code attempting to access data across memory segment boundaries. Protection is also provided against dictionary attacks by monitoring multiple access attempts to the same memory location. | 12-17-2015 |
20150363333 | HIGH PERFORMANCE AUTONOMOUS HARDWARE ENGINE FOR INLINE CRYPTOGRAPHIC PROCESSING - A real time, on-the-fly data encryption system is shown operable to encrypt and decrypt the data flow between a secure processor and an unsecure external memory system. Multiple memory segments are supported, each with its own separate encryption capability, or no encryption at all. A Message Authentication Code is also employed to detect any memory corruption or unauthorized memory modification. | 12-17-2015 |
20150363334 | SPECULATIVE CRYPTOGRAPHIC PROCESSING FOR OUT OF ORDER DATA - A real time, on-the-fly data encryption system is shown operable to encrypt and decrypt the data flow between a secure processor and an unsecure external memory system. Multiple memory segments are supported, each with it's own separate encryption capability, or no encryption at all. Speculative decryption operations may be started when the memory used is capable of returning read data out of order. The full or partial results of the speculative operations are cached in order to allow matching the cryptographic operation to the read data when it arrives. | 12-17-2015 |
20150363496 | METHODS OF PROVIDING FAST SEARCH, ANALYSIS, AND DATA RETRIEVAL OF ENCRYPTED DATA WITHOUT DECRYPTION - Methods and systems of providing remote coded data storage, data analysis, and search and retrieval, with assurance of data security are described. Data security is such that it protects the data from any provider, administrator of remote services, or anyone breaking into the servers housing the data at the remote site. The methods include a coding schema such that both the storage and the associated services, such as data analysis, search and retrieval, can be provided even more efficiently and more responsively than without the coding. Possible applications of the methods include data storage, powerful data search and analysis services which can all be provided “in the Cloud” over the Internet, completely securely, even when a customer's private data set needs to be uploaded to the remote site. The efficiency of analysis, and search means that the methods may be useful even when security of data is not an issue. | 12-17-2015 |
20150370704 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM - A An information processing apparatus for processing data using a main memory device and a nonvolatile secondary storage device includes a nonvolatile main memory unit, a volatile main memory unit, a determination unit that determines whether the data is designated as confidential data, and a control unit that stores the data in the volatile main memory unit if the determination unit determines that the data is designated as confidential data and stores the data in the nonvolatile main memory unit if the determination unit determines that the data is not designated as confidential data. | 12-24-2015 |
20150370725 | ENCRYPTED PURGING OF DATA FROM CONTENT NODE STORAGE - Described herein are methods, systems, and software for encrypting and erasing data objects in a content node. In one example, a method of operating a content node that caches content divided into one or more data objects includes encrypting the one or more data objects using separate encryption keys for each of the one or more data objects, the separate encryption keys comprising a common portion shared by the one or more data objects and an individualized portion unique to each data object. The method further provides receiving a purge request to erase at least one data object and, responsive to the purge request, erasing at least one of the common portion or the individualized portion for the at least one data object based on the purge request. | 12-24-2015 |
20150379276 | SYSTEM ON A CHIP, CONTROLLER AND METHOD FOR SECURING DATA - A system on a chip for securing data is described. The system on a chip comprises: a controller arranged to: partition a data block into a plurality of segments; and determine and extract a subset of the plurality of segments to be compressed. A compressor logic circuit is arranged to receive and compress the subset of the plurality of segments. The controller is arranged to retrieve the compressed subset of the plurality of segments from the compressor logic circuit and attach the compressed subset of the plurality of segments to a remainder of the partitioned data block for transmission. | 12-31-2015 |
20150379299 | PRIVACY RESTRICTIONS FOR COLUMNAR STORAGE - In privacy restrictions for columnar storage, a query including operations on one or more protected columns is received. The one or more protected columns are specified with one or more access restricting metadata in a columnar table. It is determined whether the received query comprises operations on the one or more protected columns specified with the one or more access restricting metadata. The execution of the query is restricted and a constraint violation is displayed, based on the determination. | 12-31-2015 |
20150379304 | DETECTION METHOD - A detection method, used in a mobile terminal, includes at least the following steps: receiving a test instruction; obtaining current storage integrity information of the mobile terminal according to the test instruction; matching the current storage integrity information and original storage integrity information, and outputting information indicating that the current system of the mobile terminal is an incomplete system when the matching fails. | 12-31-2015 |
20150379306 | Management of Authenticated Variables - An embodiment includes an apparatus comprising: an out-of-band cryptoprocessor coupled to secure non-volatile storage; and at least one storage medium having firmware instructions stored thereon for causing, during runtime and after an operating system for the apparatus has booted, the cryptoprocessor to (a) store a key within the secure non-volatile storage, (b) sign an object with the key, while the key is within the cryptoprocessor, to produce a signature, and (c) verify the signature. Other embodiments are described herein. | 12-31-2015 |
20150381589 | ASYNCHRONOUS ENCRYPTION AND DECRYPTION OF VIRTUAL MACHINE MEMORY FOR LIVE MIGRATION - Examples perform asynchronous encrypted live migration of virtual machines (VM) from a source host to a destination host. The encryption of the memory blocks of the VM is performed optionally before a request for live migration is received or after said request. The more resource intensive decryption of the memory blocks of the VM is performed by the destination host in a resource efficient manner, reducing the downtime apparent to users. Some examples contemplate decrypting memory blocks of the transmitted VM on-demand and opportunistically, according to a pre-determined rate, or in accordance with parameters established by a user. | 12-31-2015 |
20160004646 | ENCRYPTION AND RECORDING APPARATUS, ENCRYPTION AND RECORDING SYSTEM, AND ENCRYPTION AND RECORDING METHOD - An encryption and recording apparatus storing data, the apparatus including: a first nonvolatile memory; a second nonvolatile memory; and an encryption and decryption control unit, wherein the encryption and decryption control unit: manages an area included in the second nonvolatile memory on a per-block basis, and manages association between a block and a block-unique key using key management information stored in the first nonvolatile memory; receives the data and corresponding information associated with the data; encrypts the data, using one or more block-unique keys associated with one or more blocks included in the second nonvolatile memory and writes the data to the one or more blocks; and stores the corresponding information into the key management information, associating the corresponding information and the one or more block-unique keys. | 01-07-2016 |
20160004878 | IMAGE PROCESSING APPARATUS AND CONTROL METHOD THEREOF - An image processing apparatus includes: a central processing unit (CPU) configured to process data; a random access memory (RAM) which includes a first storage area which stores the data processed by the CPU and a second storage area different from the first storage area; and a RAM controller configured to authorize the CPU to access the first storage area and block the CPU from accessing the second storage area so that the data loaded to the second storage area can be prevented from being copied by the CPU. | 01-07-2016 |
20160004879 | SELECTIVE ENCRYPTION OF DATA STORED ON REMOVEABLE MEDIA IN AN AUTOMATED DATA STORAGE LIBRARY - In an automated data storage library, selective encryption for data stored or to be stored on removable media is provided. One or more encryption policies are established, each policy including a level of encryption, one or more encryption keys and the identity of one or more data cartridges. The encryption policies are stored in a policy table and the encryption keys are stored in a secure key server. A host requests access to a specified data cartridge and the cartridge is transported from a storage shelf in the library to a storage drive. Based on the identity of the specified cartridge, the corresponding encryption policy is selected from the table and the appropriate encryption key is obtained from the key server. The storage drive encrypts data in accordance with the key and stores the data on the media on an encryption table within the specified data cartridge. | 01-07-2016 |
20160004885 | Securing Encrypted Virtual Hard Disks - Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key. | 01-07-2016 |
20160012256 | Data storage arrangement and key distribution | 01-14-2016 |
20160019396 | TOKENIZATION USING MULTIPLE REVERSIBLE TRANSFORMATIONS - Technologies for tokenizing data including a computing device to extract plaintext data from an input file to be tokenized. The computing device performs data domain-specific format-preserving encryption on the extracted plaintext data based on a first cryptographic key to generate encrypted data and replaces one or more portions of the encrypted data with corresponding portions of alternative data based on a mapping table that maps encrypted data to alternative data. The computing device further performs data domain-specific format-preserving encryption on the alternative data based on a second cryptographic key to generate a token and stores the token in an output file. | 01-21-2016 |
20160026582 | ENCRYPT DATA OF STORAGE DEVICE - A request from a host is received requesting data from a storage device. Data of the storage device is written into a buffer of the host. The data at the buffer is to be encrypted and written back to the storage device. The requested data of the request is written to the buffer after the encrypted data is written back to the storage device. | 01-28-2016 |
20160026808 | SECURE STORAGE SYSTEM - A storage system includes a plurality of drives that write and read data to and from removable storage media communicatively connected to a storage controller. The storage controller receives comprehensible data and divides the comprehensible data into the plurality of data segments comprising the plurality of data units, manipulates one or more of the plurality of data units within each data segment to form the plurality of unintelligible data segments, generates a decoding key based upon the division and the manipulation, and sends each respective unintelligible data segment to the plurality of drives to store upon the removable storage media. The comprehensible data includes a sufficient number of data units arranged in an order of inherent meaning and the unintelligible data segments include an insufficient number of data units to be comprehensible arranged in an order such that the unintelligible data segments are incomprehensible. | 01-28-2016 |
20160026810 | METHOD FOR PROTECTING DATA STORED WITHIN A DISK DRIVE OF A PORTABLE COMPUTER - A portable computer capable of protecting an encryption key that is sent out to a disk drive after a preboot process has ended is disclosed. The portable computer includes a disk drive for encrypting a volume as a whole, and for decoding data at the volume in response to a receipt of an encryption key from a system. The portable computer also includes a key transfer mechanism, a tamper detection mechanism and a protecting mechanism. In response to a boot process starting from a power-off state, the key transfer mechanism automatically sends the encryption key to the disk drive. The tamper detection mechanism detects a physical tampering of the disk drive. In response to a detection of a physical tampering by the tamper detection mechanism, the protecting mechanism prevents an operation of automatically sending the encryption key to the disk drive by the key transfer mechanism. | 01-28-2016 |
20160026811 | PROTECTION OF MEMORY AREAS - A method for loading a program, contained in at least a first memory, into a second memory accessible by an execution unit, in which the program is in a cyphered form in the first memory, a circuit for controlling the access to the second memory is configured from program initialization data, instructions of the program, and at least initialization data being decyphered to be transferred into the second memory after configuration of the circuit. | 01-28-2016 |
20160026816 | METHOD FOR STRONGLY ENCRYPTING .ZIP FILES - The present invention provides a method of integrating existing strong encryption methods into the processing of a .ZIP file to provide a highly secure data container which provides flexibility in the use of symmetric and asymmetric encryption technology. The present invention adapts the well-established .ZIP file format to support higher levels of security and multiple methods of data encryption and key management, thereby producing a highly secure and flexible digital container for electronically storing and transferring confidential data. | 01-28-2016 |
20160026827 | Method and System for Adding Dynamic Labels to a File and Encrypting the File - The present invention relates to a method and system for adding dynamic labels to a file and encrypting the file, after having the file be converted and added at least one label related to information about the file and user, the file is encrypted for reading after decryption. First, transferring at least one file by a file upload unit; converting the file from the file upload unit into PDF format by a first file conversion unit, and adding at least one label corresponding to information about the file and its users via a label-adding unit; encrypting the file from the first file conversion unit by an encryption unit to form an encrypted file, and then generating a decryption key corresponding to the encrypted file; saving the encrypted file and the decryption key respectively in a first storage unit and a second storage unit. | 01-28-2016 |
20160028546 | METHODS, SYSTEMS AND APPARATUS TO SELF AUTHORIZE PLATFORM CODE - Methods and apparatus are disclosed to self authorize platform code. A disclosed example apparatus to verify safety of a policy data structure (PDS) of a computing platform includes a processor and a memory including instructions that, when executed, cause the processor to, at least retrieve a hash of a PDS stored in a Trusted Platform Module (TPM), the PDS stored in the TPM at a first time and indicative of a combination of platform control registers (PCRs) to be used with the platform, calculate a hash of a PDS associated with platform update code in response to a platform code update request at a second time; and verify the hash of the PDS associated with the platform update code is safe when (a) the comparison between the hash of the PDS associated with the platform update code matches the hash of the PDS in the TPM and (b) the combination of the PCRs in the PDS stored in the TPM at the first time matches a combination of PCRs represented in the platform update code at the second time. | 01-28-2016 |
20160034719 | STORAGE SYSTEM AND METHOD FOR CONTROLLING STORAGE SYSTEM - The storage system according to the present invention has a function to encrypt write data from the host and store the same in a storage media. Further, validation information of write data is added to the write data during storage thereof, and the data having the validation information added thereto is encrypted and stored in the storage media. When starting the storage system or restoring the encryption key information, the encrypted data stored in the storage media is read from the disk and decrypted prior to receiving a data access request from the host, and validation of data is performed using the validation information added to the decrypted data, so as to determine whether the encryption key stored in a storage controller is valid or not. | 02-04-2016 |
20160034720 | PROCESSING INFORMATION - A method and system for processing information. An apparatus divides target information into N pieces of divided data using a secret sharing scheme in which a predetermined number (K) of pieces of the N pieces of divided data is required to restore the target information, wherein N>K. The apparatus is an information processing device or an external storage device. The apparatus selects M pieces from the N pieces (KM−K). | 02-04-2016 |
20160034721 | STORAGE SYSTEM AND STORAGE SYSTEM CONTROL METHOD - The present invention curbs encryption key information used in a virtual logical volume and improves security. A storage management function | 02-04-2016 |
20160036587 | Secure Key Derivation Functions - Secure key derivation within a virtualized execution environment may involve a key derivation module executing within a platform layer of the execution environment. An application executing within an application layer of the execution environment may access the key derivation module in order to generate a cryptographic key according to a key derivation function. Instead of being returned to the application, the derived key may be stored within a secure storage area of the execution environment without being stored, even temporarily in the application layer, or other non-secure areas, of the execution environment. The application may receive a reference to the derived key usable by other cryptographic processes. The application may pass the key reference to a method of a cryptographic module and the cryptographic module may use the key reference to access the derived key from the secure storage for use in performing any of various cryptographic processes. | 02-04-2016 |
20160041929 | SYSTEMS, METHODS, AND DEVICES FOR ENCRYPTED DATA MANAGEMENT - Key management for and automount of encrypted files, including recovering a master vault key file from an encoded vault key file, storing the vault key file within a previously mounted crypto key management virtual drive so as to provide a secure scratch pad area for temporary storage of the master vault key file. An open and mount module may then invoke a file mounting procedure by providing the vault key file name and a path corresponding to the crypto key management virtual drive to a virtual drive mounting module. The method of passing the vault key file to the file mounting utility module may comprise passing command line arguments equal to a pathname and filename to the file mounting utility. | 02-11-2016 |
20160048460 | REMOTE LOAD AND UPDATE CARD EMULATION SUPPORT - Remote load and update card emulation support may include providing emulation support for an emulated card by executing a command set from command sets that include an encrypted read write command set that uses a secure communication read write (SCRW) key, a plain read write command set that uses a plain communication read write (PCRW) key, and an encrypted read command set that uses a secure communication read only (SCR) key. | 02-18-2016 |
20160048461 | ENCRYPTING AND DECRYPTING A VIRTUAL DISC - Encryption of virtual disc image is accomplished by increasing the size of a virtual disc to support the inclusion of a master boot record and a decryption program. Encrypting portions of a virtual disc image on the virtual disc, but leaving the boot record and decryption program unencrypted and accessible, where the decryption program will decrypt the encrypted portions if the appropriate cryptographic key is supplied. Subsequent decryption is accomplished by initiating a boot sequence through the master boot record, receiving the appropriate cryptographic key, appropriately ordering the decrypted disc image. | 02-18-2016 |
20160048462 | SYSTEM AND METHOD FOR HARDWARE BASED SECURITY - An asset management system is provided, which includes a hardware module operating as an asset control core. The asset control core generally includes a small hardware core embedded in a target system on chip that establishes a hardware-based point of trust on the silicon die. The asset control core can be used as a root of trust on a consumer device by having features that make it difficult to tamper with. The asset control core is able to generate a unique identifier for one device and participate in the tracking and provisioning of the device through a secure communication channel with an appliance. The appliance generally includes a secure module that caches and distributes provisioning data to one of many agents that connect to the asset control core, e.g. on a manufacturing line or in an after-market programming session. | 02-18-2016 |
20160048688 | Restricting System Calls using Protected Storage - Systems and techniques are provided for restricting system calls using protected storage. A system call to a restricted system component may be received from an application. The application may be determined to have permission to make the system call to the restricted system component. A signature associated with the application may be verified using a public key from a protected storage. The public key may be sent to the protected storage by a computing device of a party authorized to modify data in the protected storage. The restricted system component may be permitted to perform a function indicated by the system call when the public key successfully verifies the signature associated with application. | 02-18-2016 |
20160048690 | GENETIC INFORMATION STORAGE APPARATUS, GENETIC INFORMATION SEARCH APPARATUS, GENETIC INFORMATION STORAGE PROGRAM, GENETIC INFORMATION SEARCH PROGRAM, GENETIC INFORMATION STORAGE METHOD, GENETIC INFORMATION SEARCH METHOD, AND GENETIC INFORMATION SEARCH SYSTEM - An object is to enable to search genetic information in an encrypted state. An encryption apparatus ( | 02-18-2016 |
20160048694 | System and Method for Secure Transport of Data from an Operating System to a Pre-operating System Environment - An information handling system includes a trusted platform module (TPM) and a storage device, the TPM provides boot authentication for the information handling system such that, during a pre-boot phase, the TPM can access a platform configuration register (PCR). During a first instance of the pre-boot phase, the information handling system provides a public/private key pair including a public key and a private key, stores the private key to an encrypted storage of the TPM, seals the private key in the encrypted storage to the PCR, and stores the public key to the storage device. During an operating system phase that is after the first instance of the pre boot phase, the information handling system retrieves the public key from the storage device, encrypts transfer data using the public key, and stores the encrypted transfer data to the storage device. | 02-18-2016 |
20160048699 | METHODS AND SYSTEMS FOR DELETING REQUESTED INFORMATION - A method of deleting log records may include identifying a plurality of log records generated during a time period, for each identified log record, determining whether a delete request associated with the log record has been made, and, in response to determining that a delete request has not been received, identifying a unique identifier associated with the log record, searching a user activity table for an entry having a key table index associated with the unique identifier, where the entry is associated with a timestamp, using the key table index and the timestamp to identify a key associated with the unique identifier and the timestamp from a key table, encrypting at least a portion of the log record with the identified key to generate an encrypted value, and storing the encrypted value as an entry in the log record database that is associated with the identified log record. | 02-18-2016 |
20160050071 | DEVICE AND METHOD FOR PROVIDING TRUSTED PLATFORM MODULE SERVICES - The invention concerns a circuit having a first processing device which has one or more first platform configuration registers for storing one or more data values based on boot measurements relating to a boot sequence implemented by the first processing device. The first processing device also has a secure element, which has its own processing device and one or more second platform configuration registers. The first and second platform configuration registers are coupled together via a communications interface adapted to copy the one or more data values from the one or more first platform configuration registers to the one or more second platform configuration registers. | 02-18-2016 |
20160055101 | METHOD AND APPARATUS TO GENERATE ZERO CONTENT OVER GARBAGE DATA WHEN ENCRYPTION PARAMETERS ARE CHANGED - A memory device including at least one memory location for storing information representing data written using a first encryption/decryption method, and a read channel using a second encryption/decryption method for reading and decrypting information as written. The memory device also includes an apparatus that prevents the reading of the at least one memory location using the second encryption/decryption method, in response to an indication that the at least one memory location was written using the first encryption/decryption method. In another embodiment, a reading of all zeroes is returned in response to an indication of another encryption/decryption method. | 02-25-2016 |
20160055102 | Managing Security in a System on a Chip (SOC) that Powers Down a Secure Processor - An SOC includes a secure processor and an always-on component. The always-on component may remain powered even during times that other parts of the SOC are powered off. Particularly, the secure processor and related circuitry may be powered off, while various state for the secure processor may be stored in memory in an encrypted form. Certain state may be stored in the always-on component. When the secure processor is powered on again, the secure processor may check for the state in the always-on component. If the state is found, the secure processor may retrieve the state and use the state to access the encrypted memory state. | 02-25-2016 |
20160055348 | DOUBLE KEY CODING METHODS OF PROVIDING FAST SEARCH, ANALYSIS, AND DATA RETRIEVAL OF ENCRYPTED DATA WITHOUT DECRYPTION - Methods and systems of providing remote coded data storage, data analysis, and search and retrieval may include assignment of codes to data components of a vocabulary. Some embodiments utilize a double key. | 02-25-2016 |
20160055352 | Method and System for Secure System-on-a-Chip Architecture for Multimedia Data Processing - Aspects of a method and apparatus for a secure system-on-a-chip (SOC) architecture for multimedia data processing are provided. A processor may configure at least one subsystem within the SOC via at least one unsecured bus while a security processor enables secure functionalities in configured subsystems via at least one secure bus. The unsecure buses may comprise a data bus and/or a control bus, for example. The secure buses may comprise a secure control bus and/or a secure key bus, for example. The configurable subsystems may be multimedia processing units, input and output modules, and/or memory controllers. The security processor may program bits in security registers within the subsystems to enable secure functionalities, such as data routing paths and/or key loading paths, for example. Moreover, the security processor may validate code to be executed by a processor for configuring the SOC subsystems. | 02-25-2016 |
20160057142 | COMMUNITY-BASED DE-DUPLICATION FOR ENCRYPTED DATA - Technologies for de-duplicating encrypted content include fragmenting a file into blocks on a computing device, encrypting each block, and storing each encrypted block on a content data server with associated keyed hashes and member identifications. The computing device additionally transmits each encrypted block with an associated member encryption key and member identification to a key server. As part of the de-duplication process, the content data server stores only one copy of the encrypted data for a particular associated keyed hash, and the key server similarly associates a single member encryption key with the keyed hash. To retrieve the file, the computing device receives the encrypted blocks with their associated keyed hashes and member identifications from the content data server and receives the corresponding member decryption key from the key server. The computing device decrypts each block using the member decryption keys and combines to blocks to generate the file. | 02-25-2016 |
20160057491 | INFORMATION PROCESSING DEVICE, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING METHOD, AND PROGRAM - Provided is an information processing device including: a data processing unit that performs format conversion of converting MPEG-2 TS format data into MP4 format data, wherein the MPEG-2 TS format data is data that includes each segment region having a plurality of pieces of variation data decryptable with different keys, and wherein the data processing unit selects encrypted MP4 variation data from the segment region of the MPEG-2 TS format data and stores the MP4 variation data as MP4 format structure data in an MP4 file, while the encrypted variation data remains, without performing a decryption process and a re-encryption process for the selected MP4 variation data. | 02-25-2016 |
20160062918 | Receipt, Data Reduction, and Storage of Encrypted Data - Embodiments of the invention relate to processing streams of encrypted data received from multiple users. As the streams are processed, smaller partitions in the form of data chunks are created and subject to individual decryption. The data chunks are placed into sub-stream based on a master key associated with its owning entity. Prior to processing, the data chunks in each stream are decrypted, and advanced functions, including but not limited to de-duplication and compression, are individually applied to the data chunks, followed by aggregation of processed data chunks into data units and encryption of the individual data units including use of a master key from the data's owning entity. Individual encryption units are created by encrypting the data unit(s) with an encryption key, thereby limiting access to the data unit. Confidentiality of data is maintained, and the ability of storage systems to perform data reduction functions is supported. | 03-03-2016 |
20160062920 | ADDRESS-DEPENDENT KEY GENERATION WITH A SUBSTITUTION-PERMUTATION NETWORK - A method of providing security in a computer system includes producing an initial block of data from a respective address of a memory location. An updated block of data may be calculated for each round of a plurality of rounds in a substitution-permutation network. This may include mixing an input block through a substitution layer including a plurality of substitution boxes, and a linear transformation layer including a permutation, to produce the updated block, before or after which respectively the input block or updated block may be mixed with a round key. The input block may be the initial block for the first round, and the updated block for an immediately preceding round for each round thereafter. A block of ciphertext may be produced with a key composed of the updated block for the last round, and the block of ciphertext may be written at the memory location. | 03-03-2016 |
20160065371 | PRIVATE PARTITION WITH HARDWARE UNLOCKING - Systems and methods for controlling access to a private partition on a storage device are disclosed for. An example system includes a token reader that detects a hardware token storing a private key and obtains the private key stored on the hardware token. The system also includes a partition controller that determines whether the private key unlocks a private partition on a storage device. In response to determining that the private key unlocks the private partition, the partition controller unlocks the private partition on the storage device. The private partition is invisible to an operating system executing in the computer system when the private partition is locked. | 03-03-2016 |
20160070655 | SYSTEM AND METHOD FOR INTERCEPT OF UEFI BLOCK I/O PROTOCOL SERVICES FOR BIOS BASED HARD DRIVE ENCRYPTION SUPPORT - An information handling system and method performs Unified Extensible Firmware Interface (UEFI) interception and pre-processing of data associated with block input/output (I/O) commands targeting encrypted storage devices. A UEFI interceptor block (IB) I/O driver intercepts each block I/O command targeting block addresses on a storage device and identifies whether any of the target block addresses is encrypted. In response to identifying an encrypted block address among the target block addresses, the UEFI IB I/O driver forwards data associated with the encrypted block address to an encryption-decryption module to perform one of an encryption and a decryption of the data. Final handling of the block I/O command is performed using a block I/O driver chained to the UEFI IB I/O driver. Data associated with I/O commands targeting encrypted block addresses is first processed by the encryption-decryption module before final handling of the I/O command is performed by the block I/O driver. | 03-10-2016 |
20160072628 | SYSTEMS AND METHODS FOR MANAGING CRYPTOGRAPHIC KEYS IN A SECURE MICROCONTROLLER - The present invention relates to key management in a secure microcontroller, and more particularly, to systems, devices and methods of automatically and transparently employing logic or physical address based keys that may also be transferred using dedicated buses. A cryptographic engine translates a logic address to at least one physical address, and processes a corresponding data word based on at least one target key. The target key is selected from a plurality of keys based on the logic or physical address. A universal memory controller stores each processed data word in the corresponding physical address within a memory. Each key is associated with a memory region within the memory, and therefore, the logic or physical address associated with a memory region may be used to automatically identify the corresponding target key. A dedicated secure link may be used to transport key request commands and the plurality of keys. | 03-10-2016 |
20160077977 | SECURE PROOFS OF STORAGE FOR DEDUPLICATION - Storage providers can securely store data and avoid data duplication with secure derivative data and offload the responsibility of generating the secure derivative data to the data owners. Initially, a data source will provide an encrypted version of data and the secure derivative data to a remote storage provider. The secure derivative data can include a hash of the data, a hash of the encrypted version of the data, a hash tree generated from the data, and an encrypted version of the key used to encrypt the data. When the remote storage provider later receives a request to store the same data, the remote storage provider uses the secure derivative data for secure proofs of storage and for proof of data possession. | 03-17-2016 |
20160078245 | DATA STORAGE SYSTEMS AND METHODS - Data storage systems are disclosed for automatically generating encryption rules based on a set of training files that are known to include sensitive information. The system may use a number of heuristic algorithms to generate one or more encryption rules for determining whether a file includes sensitive information. Further, the system may apply the heuristic algorithms to the content of the files, as determined by using natural language processing algorithms, to generate the encryption rules. Moreover, systems are disclosed that are capable of automatically determining whether to encrypt a file based on the generated encryption rules. The content of the file may be determined using natural language processing algorithms and then the encryption rules may be applied to the content of the file to determine whether to encrypt the file. | 03-17-2016 |
20160078251 | KEY STORAGE AND REVOCATION IN A SECURE MEMORY SYSTEM - A technique for providing access to a first storage structure of a system includes exposing a first key of a plurality of first keys stored in a second storage structure in response to a select code based on a plurality of corresponding select records stored in one-time programmable storage elements of the second memory structure. The technique includes providing the first key as a current first key of a memory access controller. Only one of the plurality of first keys stored in the second storage structure may be exposed at a time and other first keys of the plurality of first keys stored in the second storage structure are inaccessible from the second storage structure at the time. | 03-17-2016 |
20160080148 | METHOD FOR MAINTENANCE OR EXCHANGE OF ENCRYPTION FUNCTION IN STORAGE SYSTEM AND STORAGE DEVICE - In order to quickly perform maintenance or exchange of a controller of a storage device having an encryption function in a storage system, a first controller in a Ready state spoofs a second controller subjected to maintenance or exchange to acquire key information from a key management server and to store the information in a memory, and a second controller reads the key information from the memory of the first controller to store the information in an own memory to convert the second controller into a Ready state. Then, the first controller deletes acquired key information from an own memory to convert the controller into a Halt state. | 03-17-2016 |
20160080150 | SYSTEM AND METHOD FOR SECURING SENSITIVE DATA - An approach is provided for securing data in a technical environment. In one embodiment, a processor obtains a first file, which when executed installs a first portion of a second file and an assembly key to assemble the second file. The processor executes this first file and then obtains the second portion of the second file. The processor assembles the second file using the first portion, the second portion, and the assembly key. | 03-17-2016 |
20160085692 | ENCRYPTION INTEGRITY CHECK IN MEMORY - Apparatus, systems, and methods for AES integrity check in memory are described. In one embodiment, a controller comprises logic to receive a write request from a host device to write a line of data to the memory device, determine a first plaintext cyclic redundancy check from the line of data, encrypt the line of data, encrypt the first plaintext CRC with a unique value to generate a first encrypted CRC, and store the encrypted line of data and the first encrypted CRC in memory. Other embodiments are also disclosed and claimed. | 03-24-2016 |
20160085693 | Secure Memory System with Fast Wipe Feature - A Flash-based storage system, card, and/or module comprises a Flash controller configured to encrypt the data pages of a page stripe by shuffling the data pages, including loading each data page into a data shuffling buffer in a sequential order relative to other data pages in the page stripe, and thereafter unloading each data page in a non-sequential order relative to other data pages in the page stripe. The Flash controller is also configured to scramble the data pages of the page stripe by performing a bitwise logical operation on the data pages that are unloaded from the data shuffling buffer. A user key and one or more system keys are used to perform the shuffling and scrambling. The Flash controller is further configured to flush the user key by bypassing the system's backup power supply and performing an emergency system shutdown without backing up system data. | 03-24-2016 |
20160085694 | SYSTEM AND METHOD FOR EXECUTING CODE SECURELY IN GENERAL PURPOSE COMPUTER - The various embodiments of the invention provide a method for executing code securely in a general purpose computer. According to one embodiment, a code is downloaded into a cache memory of a computer in which the code is to be executed. The code downloaded into the cache memory is encrypted in the cache memory. Then the encrypted code in the cache memory is decrypted using a decryption algorithm to obtain the decrypted code. The decrypted code is executed in the cache to generate a result. The decrypted code is destroyed in the cache memory after the forwarding the result to a user. | 03-24-2016 |
20160085996 | SECURE HIGH SPEED DATA STORAGE, ACCESS, RECOVERY, AND TRANSMISSION - A method for storing a first data object includes: decomposing the first data object into a first fragment associated with a first original record locator and a second fragment associated with a second original record locator; obfuscating the first original record locator to generate a first obfuscated record locator and the second original record locator to generate a second obfuscated record locator; encrypting the first fragment using a first encryption key and the second fragment using a second encryption key; and storing, to at least a first of a plurality of storage locations, the first encrypted fragment with the corresponding first obfuscated record locator and the second encrypted fragment with the second obfuscated record locator. | 03-24-2016 |
20160085997 | Programmable Device Personalization - A semiconductor device may include a secure memory configured to store a programmable key, an interface for programming the programmable key in the secure memory, and a plurality of configurable features of the semiconductor device that are associated with the programmable key, each configurable feature having a set of multiple selectable configurations, wherein a value of the key defines a selection of one of the multiple configurations for each of the configurable features. For example, the key may include multiple sub-keys, each associated with one of the configurable features, wherein a value of each sub-key defines a selection of one of the multiple configurations for the configurable feature associated with that sub-key. In addition, the full programmable key may enable an additional functionality of the semiconductor device. | 03-24-2016 |
20160087805 | POST-PROCESSING MECHANISM FOR PHYSICALLY UNCLONABLE FUNCTIONS - In accordance with embodiments disclosed herein, there is provided systems and methods for providing a post-processing mechanism for physically unclonable functions. An integrated circuit includes a physically unclonable function (PUF) unit including an adaptive PUF logic. The adaptive PUF logic receives a PUF response having a plurality of bits. The adaptive PUF logic also determines whether a record exists for bit among the plurality of bits in the PUF response. The record includes a stored bit location and a stored bit value corresponding to the stored bit location. The adaptive PUF logic also overrides a bit value of the bit in the PUF response with the stored bit value when it is determined that the record exists for the bit in the PUF response. The bit value of the bit in the PUF response is different from the stored bit value. | 03-24-2016 |
20160092374 | CHUNK-LEVEL CLIENT SIDE ENCRYPTION IN HIERARCHICAL CONTENT ADDRESSABLE STORAGE SYSTEMS - Techniques for chunk-level client side encryption are provided. In a content-addressable storage system, a plurality of chunks is used to implement a hierarchical file system. The hierarchical file system supports both encrypted and non-encrypted volumes. A folders and files layer makes calls directly to a chunk system layer for operations involving non-encrypted volumes. The folders and files layer makes calls to a volume encryption layer for operations involving encrypted volumes. The volume encryption layer receives calls from the folders and files layer through an API that matches the API through which the chunk system layer receives calls from the folders and files layer. | 03-31-2016 |
20160092678 | Protecting Application Secrets from Operating System Attacks - Various embodiments provide techniques and devices for protecting application secrets from operating system attacks. In some examples, applications execute with an isolated user mode of a secure execution environment, while relying on an operating system executing within a separate execution environment for resource management and system services. A proxy kernel can control access by the operating system to data associated with the secure execution environment. Further, the proxy kernel can act as a transparent interface between isolated user mode applications and the operating system during the provision of resource management and system services. | 03-31-2016 |
20160092680 | APPARATUS AND METHOD COMPRISING A CARRIER WITH CIRCUIT STRUCTURES - An apparatus having a carrier with circuit structures including a complex impedance has a measurement unit implemented to measure the complex impedance of the circuit structures at a first time to get a first result and at a later second time to get a second result. Further, either a control implemented to enable operation of a component or to judge whether unauthorized to the component has taken place in dependence on whether the first result matches the second result, or an interface implemented to transmit the first result and the second result in a wireless or wired manner to such a control are provided. | 03-31-2016 |
20160094556 | COMMAND ORIGIN FILTERING - A communication and security device for a portable computer is disclosed including a housing, a connector provided on the housing for physical connection to the portable computer, a computer interface coupled to the connector for communicating data with the portable computer, a wireless modem coupled to the computer interface for communicating data between the portable computer and a remote device via a wireless network, a controller configured to control access to the data storage based on an identifier in a security message received via the wireless network. | 03-31-2016 |
20160098359 | System and Method for Secured Host-slave Communication - Slave device circuitry, including processing circuitry which is configured to determine a new session identification value; determine a seed value using a secure hash algorithm on a previously determined seed value; determine a slave number from using the secure hash algorithm on the new session identification value, the determined seed value, and a serial number of the slave device associated with the slave device circuitry; receive a host number from the host imaging apparatus and calculate a session key using a hash-based algorithm computation on the host number, the slave number, the new session identification value, and a stored encryption key. The session key has a first portion for performing encryption and decryption operations on data to be transmitted and data received by the slave device, respectively, and a second portion for generating a new address value of the slave device for communicating with the host. | 04-07-2016 |
20160098569 | AVOIDING ENCRYPTION IN A DEDUPLICATION STORAGE - Avoiding encryption in a deduplication vault. In one example embodiment, a method may include analyzing an allocated plain text block stored in the source storage to determine if the block is already stored in the deduplication storage, in response to the block not being stored, encrypting the allocated plain text block and analyzing the encrypted block to determine if the encrypted block is already stored in the deduplication storage, analyzing a second allocated plain text block stored in the source storage to determine if the block is already stored in the deduplication storage, in response to the block already being stored, avoiding encryption of the second allocated plain text block by not encrypting the second allocated plain text block and instead associating the location of the second allocated plain text block in the source storage with the location of the duplicate block already stored. | 04-07-2016 |
20160099810 | Key-Value Data Storage Device with Hybrid Architecture - A key-value storage device and method of using the same. In some embodiments, keys are stored in a key store in a first non-volatile memory and corresponding values associated with the keys are stored in a value store of a second non-volatile memory. An input command is received from a host device, the input command having a key associated with a value. Different first and second hash values are generated by applying a hash function to the key. The input command is executed responsive to the first and second hash values. | 04-07-2016 |
20160103770 | TAPE BACKUP METHOD - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths. | 04-14-2016 |
20160103994 | STORAGE MEDIUM HAVING STORED THEREIN BOOT PROGRAM, INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, SEMICONDUCTOR APPARATUS, AND STORAGE MEDIUM HAVING STORED THEREIN PROGRAM - Identification information of a program read from outside, such as firmware, is acquired, and usability of a piece of key data in a range corresponding to the identification information is set, among a plurality of pieces of key data to be used for the program. As another example, based on new key data generated based on key data stored in advance in a memory and identification information, firmware corresponding to the identification information is decrypted. | 04-14-2016 |
20160110297 | Storage Module, Host, and Method for Securing Data with Application Information - A storage module, host, and method for securing data with application information are disclosed. In one embodiment, a storage module is provided comprising a memory and a controller. The controller is configured to store data and information about an application that generated the data and allow the data to be read only if information about an application attempting to read the data matches the information about the application that generated the data. Other embodiments are possible, and each of the embodiments can be used alone or together in combination. | 04-21-2016 |
20160117260 | Method and Computing Device for Encrypting Data Stored in Swap Memory - The following embodiments generally relate to the use of a “swap area” in a non-volatile memory as an extension to volatile memory in a computing device. These embodiments include techniques to use both volatile memory and non-volatile swap memory to pre-load a plurality of applications, to control the bandwidth of swap operations, to encrypt data stored in the swap area, and to perform a fast clean-up of the swap area. | 04-28-2016 |
20160117261 | RESPONSE VALIDATION MECHANISM FOR TRIGGERING NON-INVASIVE RE-TEST ACCESS OF INTEGRATED CIRCUITS - In an embodiment of the invention, response validation offers increased integrated circuit security by using a unique password or re-test key for every integrated circuit manufactured. Non-invasive re-test of an IC can be performed using an encryption input. | 04-28-2016 |
20160117264 | SYSTEMS AND METHODS FOR PREVENTING DATA REMANENCE IN MEMORY - A system for preventing data remanence in memory is provided. The system includes a computing device, a memory chip coupled to the computing device and including memory, and a heater, the heater configured to prevent data remanence in a memory by providing heat to at least a portion of the memory. The memory includes a plurality of bits configured to electronically store data. | 04-28-2016 |
20160117449 | MEDICAL DEVICE WITH CRYPTOSYSTEM AND METHOD OF IMPLEMENTING THE SAME - A medical device and a method of implementing a cryptosystem on the medical device include storing a data structure on a memory component of the medical device. An encryption key is stored in the data structure. Usage data related to usage of the medical device is provided. The encryption key is read from the data structure. The usage data is encrypted with the read encryption key. The encryption key is eliminated such that the encryption key is no longer present in the medical device. | 04-28-2016 |
20160119144 | DATA ENCRYPTION AND/OR DECRYPTION BY INTEGRATED CIRCUIT - In an embodiment, an apparatus is provided that may include an integrated circuit to be removably communicatively coupled to at least one storage device. The integrated circuit of this embodiment may be capable of encrypting and/or and decrypting, based at least in part upon a first key, data to be, in at least in part, stored in and/or retrieved from, respectively, at least one region of the at least one storage device. The at least one region and a second key may be associated with at least one access privilege authorized, at least in part, by an administrator. The second key may be stored, at least in part, externally to the at least one storage device. The first key may be obtainable, at least in part, based, at least in part, upon at least one operation involving the second key. Of course, many alternatives, modifications, and variations are possible without departing from this embodiment. | 04-28-2016 |
20160124868 | IN-FIELD SMART DEVICE UPDATES - Methods and systems for causing a device to join a network or fabric. A joining device sends an indication that the electronic device is not connected to a network type and receives a device ID for an assisting device to assist the electronic device in joining a network of the network type. Moreover, the assisting device resides on the network. The joining device then authenticates to the assisting device from the assisting device and receives network credentials for the network. Furthermore, the joining device joins the network using the network credentials. | 05-05-2016 |
20160127337 | SYSTEMS AND METHODS FOR CLOUD DATA SECURITY - Techniques for providing data security services with respect to cloud-based services are described. Examples include a security service provider (“SSP”) configured to perform or provide one or more security-related services or functions with respect to or on behalf of some other system or service. The other system or service may be, for example, a cloud-based system that provides network-accessible services. The SSP allows a user of the cloud-based service to provide and manage one or more security-related services, such as data storage, encryption, decryption, key management, and the like. By using and controlling the SSP, the user can be confident that his or her data is being securely represented and stored, even though it is being operated upon by a cloud-based service that is not under the user's control. | 05-05-2016 |
20160132437 | PROCESSOR EXTENSIONS FOR EXECUTION OF SECURE EMBEDDED CONTAINERS - Methods and apparatus relating to processor extensions for execution of secure embedded containers are described. In an embodiment, a scalable solution for manageability function is provided, e.g., for UMPC environments or otherwise where utilizing a dedicated processor or microcontroller for manageability is inappropriate or impractical. For example, in an embodiment, an OS (Operating System) or VMM (Virtual Machine Manager) Independent (generally referred to herein as “OI”) architecture involves creating one or more containers on a processor by dynamically partitioning resources (such as processor cycles, memory, devices) between the HOST OS/VMM and the OI container. Other embodiments are also described and claimed. | 05-12-2016 |
20160132685 | COMMUNICATION BETWEEN KEY MANAGER AND STORAGE SUBSYSTEM KERNEL VIA MANAGEMENT CONSOLE - System, computer program product, and method embodiments for communication between a kernel operational on a storage subsystem and a key manager (KM) through a hardware management console (HMC) to provide encryption support are provided. In one embodiment, an event request is initiated by the kernel to the KM to execute an event flow. Pursuant to a communication request by the kernel to the HMC, a socket of the HMC is opened along a communication path between the KM and the kernel according to an event flow type selected by the KM for the event flow. Data including a data payload is sent by the KM to the kernel, the data payload corresponding to the selected event flow type. | 05-12-2016 |
20160132699 | Split-Key Arrangement in a Multi-Device Storage Enclosure - Apparatus and method for data security in a multi-device data storage enclosure. In some embodiments, the storage enclosure has a housing with opposing first and second ends. A plurality of active elements are disposed within the housing including an array of data storage devices, a control board, and an interconnection arrangement which mechanically and electrically interconnects the plurality of storage devices with the control board. A control circuit encrypts user data stored on a selected data storage device using a cryptographic encryption function and an associated cryptographic key. The key is partitioned into a plurality of portions, with each portion stored in a different one of the active elements. | 05-12-2016 |
20160140055 | Least Privileged Operating System - A method and system encrypts data in a least privileged operating system. The method includes determining a first encryption scheme to be used with software code to be mapped to a virtual memory. The method includes mapping a first portion of the virtual memory with the software code for access by a processor using the first encryption scheme. The method includes receiving a call for an entry point of the operating system. The method includes determining a second encryption scheme to be used with the entry point when mapped to the virtual memory. The method includes mapping a second portion of the virtual memory for executing entry point code associated with the entry point for access by the processor using the second encryption scheme. The processor executing the software code is permitted to access only data from the first and second portions of the virtual memory. | 05-19-2016 |
20160140057 | SEMICONDUCTOR DEVICE AND ENCRYPTION KEY WRITING METHOD - A semiconductor device includes a central processing unit (CPU), a first memory which stores a plurality of split keys, a second memory which stores an encryption code as at least one of an encrypted instruction and encrypted data, the plurality of split keys including an encryption key for decrypting the encryption code, and a decrypter which reads the encryption code from the second memory, decrypts the encryption code with the use of the encryption key, and supplies the decrypted encryption code to the CPU. The second memory stores an encryption key reading program which is executed by the CPU to restore the encryption key and to supply the encryption key to the decrypter, by reading and reconfiguring the split keys stored in the first memory in a distributed manner. | 05-19-2016 |
20160140364 | SECURE CONTROL OF SELF-ENCRYPTING STORAGE DEVICES - Generally, this disclosure provides systems, devices, methods and computer readable media for secure control of access control enablement and activation on self-encrypting storage devices. In some embodiments, the device may include a non-volatile memory (NVM) and a secure access control module. The secure access control module may include a command processor module configured to receive a request to enable access controls of the NVM from a user, and to enable the access controls. The secure access control module may also include a verification module configured to verify a physical presence of the user. The secure access control module may further include an encryption module to encrypt at least a portion of the NVM in response to an indication of success from the verification module. | 05-19-2016 |
20160148021 | Systems and Methods for Trading of Text based Data Representation - A method for sharing encrypted data and encryption keys through a system comprised of the following data types, but not limited to a; 1) Record and its encryption key, 2) RecordSet and its encryption key, and 3) Entity and its encryption key. A Record is encrypted using an encryption key, furthermore, the Record encryption key is encrypted using a RecordSet encryption key, and finally, both the encrypted Record and its encrypted encryption key are wrapped as a single unit, to avoid key the expensive operations of key lookup and general key operation overhead. Access control to the RecordSet encryption keys are provided by a combination of data types, but not limited to a; 1) Entity and its encryption key, 2) Ciphers, and 3) Trusted Entity Lists. For each Entity which is authorized access to access a RecordSet, an encrypted Cipher, made of both the Entity encryption key and RecordSet encryption key, is added to a Trusted Entity List. Tokens are protected by user defined secrets, comprised of Entity encryption keys. | 05-26-2016 |
20160154744 | PROVISIONING OF SECURE STORAGE FOR BOTH STATIC AND DYNAMIC RULES FOR CRYPTOGRAPHIC KEY INFORMATION | 06-02-2016 |
20160154746 | SECURE COMPUTING | 06-02-2016 |
20160155466 | INFORMATION PROCESSING DEVICE, INFORMATION RECORDING MEDIUM, INFORMATION PROCESSING METHOD, AND PROGRAM | 06-02-2016 |
20160156468 | CONTENT MANAGEMENT SYSTEM, HOST DEVICE AND CONTENT KEY ACCESS METHOD | 06-02-2016 |
20160162418 | INFORMATION PROCESSING APPARATUS CAPABLE OF BACKING UP AND RESTORING KEY FOR DATA ENCRYPTION AND METHOD FOR CONTROLLING THE SAME - An information processing apparatus includes a storage device configured to store data, an encryption chip configured to store an encryption key therein, a nonvolatile memory configured to store a backup encryption key, and a control unit configured to confirm whether the data stored in the storage device has been correctly decrypted by using the encryption key, and when the data has not been correctly decrypted, restore the backup encryption key to the encryption chip, and when the data has been correctly decrypted, back up the backup encryption key, which is a backup of the encryption key, stored in the encryption chip into the nonvolatile memory. | 06-09-2016 |
20160162419 | Methods and Systems for Protecting Data in USB Systems - The various embodiments described below are directed to providing authenticated and confidential messaging from software executing on a host (e.g. a secure software application or security kernel) to and from I/O devices operating on a USB bus. The embodiments can protect against attacks that are levied by software executing on a host computer. In some embodiments, a secure functional component or module is provided and can use encryption techniques to provide protection against observation and manipulation of USB data. In other embodiments, USB data can be protected through techniques that do not utilized (or are not required to utilize) encryption techniques. In accordance with these embodiments, USB devices can be designated as “secure” and, hence, data sent over the USB to and from such designated devices can be provided into protected memory. Memory indirection techniques can be utilized to ensure that data to and from secure devices is protected. | 06-09-2016 |
20160170907 | RESILIENT DEVICE AUTHENTICATION SYSTEM WITH METADATA BINDING | 06-16-2016 |
20160170909 | METHOD AND APPARATUS TO GENERATE ZERO CONTENT OVER GARBAGE DATA WHEN ENCRYPTION PARAMETERS ARE CHANGED | 06-16-2016 |
20160171222 | INFORMATION RIGHTS MANAGEMENT USING DISCRETE DATA CONTAINERIZATION | 06-16-2016 |
20160171252 | BUFFER ACCESS FOR SIDE-CHANNEL ATTACK RESISTANCE | 06-16-2016 |
20160173454 | JURISDICTIONAL CLOUD DATA ACCESS | 06-16-2016 |
20160179702 | Memory Encryption Engine Integration | 06-23-2016 |
20160179703 | METHOD AND DEVICE FOR SECURE PROCESSING OF ENCRYPTED DATA | 06-23-2016 |
20160182220 | ENCODING DATA USING DYNAMIC SYSTEM COUPLING | 06-23-2016 |
20160182225 | Secure Method for Processing Content Stored Within a Component, and Corresponding Component | 06-23-2016 |
20160188494 | CACHE STRUCTURE FOR A COMPUTER SYSTEM PROVIDING SUPPORT FOR SECURE OBJECTS - A method that protects a confidentiality and an integrity of information in a secure object from other software on the system, said secure object comprising information that is cryptographically protected from the other software on the system, said method includes decrypting and integrity-checking information in the secure object as said information is brought into a cache from external memory. | 06-30-2016 |
20160188911 | PROCESS AUTHENTICATED MEMORY PAGE ENCRYPTION - A memory controller encrypts contents of a page frame based at least in part on a frame key associated with the page frame. The memory controller generates a first encrypted version of the frame key based at least in part on a first process key associated with a first process, wherein the first encrypted version of the frame key is stored in a first memory table associated with the first process. The memory controller generates a second encrypted version of the frame key based at least in part on a second process key associated with a second process, wherein the second encrypted version of the frame key is stored in a second memory table associated with the second process, the first process and the second process sharing access to the page frame using the first encrypted version of the frame key and the second encrypted version of the frame key, respectively. | 06-30-2016 |
20160191235 | MEMORY CONTROLLERS, OPERATING METHODS THEREOF, AND MEMORY SYSTEMS INCLUDING THE SAME - An operating method of a memory controller may include: enabling a security mode in response to a first command received from a host; generating a security key based on a host key received from the host; storing the security key in a security key storing unit; and/or performing a first data processing operation of encrypting data received from the host and decrypting data stored in a non-volatile memory device, based on the security key, when the security mode is enabled. The security key storing unit may be a volatile memory. | 06-30-2016 |
20160196081 | EFFICIENT ELIMINATION OF ACCESS TO DATA ON A WRITABLE STORAGE MEDIA | 07-07-2016 |
20160196218 | Secure distributed backup for personal device and cloud data | 07-07-2016 |
20160196435 | METHOD AND ELECTRONIC DEVICE FOR MANAGING DATA | 07-07-2016 |
20160197722 | LOGICAL-TO-PHYSICAL ADDRESS TRANSLATION FOR A REMOVABLE DATA STORAGE DEVICE | 07-07-2016 |
20160197937 | HARDWARE SECRET USAGE LIMITS | 07-07-2016 |
20160203086 | DATA PROTECTION METHOD, MEMORY CONTROL CIRCUIT UNIT AND MEMORY STORAGE DEVICE | 07-14-2016 |
20160203323 | METHOD AND SYSTEM FOR SECURING DATA | 07-14-2016 |
20160203342 | MEMORY SYSTEM AND INFORMATION PROCESSING SYSTEM | 07-14-2016 |
20160204931 | SELF-ENCRYPTING FLASH DRIVE | 07-14-2016 |
20160204940 | ENCRYPTED MASS-STORAGE DEVICE WITH SELF RUNNING APPLICATION | 07-14-2016 |
20160254905 | MEMORY INTEGRITY | 09-01-2016 |
20160254911 | CODE ANALYSIS TOOL FOR RECOMMENDING ENCRYPTION OF DATA WITHOUT AFFECTING PROGRAM SEMANTICS | 09-01-2016 |
20160378687 | TECHNOLOGIES FOR MEMORY CONFIDENTIALITY, INTEGRITY, AND REPLAY PROTECTION - Technologies for memory encryption include a computing device to generate a keyed hash of a data line based on a statistical counter value and a memory address to which to write the data line and to store the keyed hash to a cache line. The statistical counter value has a reference probability of incrementing at each write operation. The cache line includes a plurality of keyed hashes and each of the keyed hashes corresponds with a different data line. The computing device further encrypts the data line based on the keyed hash, the memory address, and the statistical counter value. | 12-29-2016 |
20160378690 | SYSTEM AND METHODS FOR EXECUTING ENCRYPTED CODE - The present disclosure relates systems and methods for executing an encrypted code section in a shieldable CPU memory cache. Functional characteristics of the software product of a vendor, such as gaming or video, may be partially encrypted to allow for protected and functional operability and avoid hacking and malicious usage of non-licensed user. The encrypted instructions may be written to the CPU memory cache and decrypted only once the CPU memory cache is switched into a shielded state. The decrypted code instructions may be executed from a designated cache-line of said CPU memory cache still in the shielded state. | 12-29-2016 |
20160378976 | SECURE TRUSTED EXECUTION ENVIRONMENT DATA STORE - Systems, apparatuses and methods may provide for receiving, from a host driver, factory data including one or more of calibration data, platform identifier data, manufacturer data or wireless carrier data, and verifying integrity of the factory data. Additionally, the factory data may be provisioned into non-volatile memory (NVM) in accordance with an operating system independent format managed by a platform root-of-trust such as a Trusted Execution Environment (TEE). In one example, provisioning the factory data includes defining one or more partitions in the NVM, initiating storage of the factory data to the NVM along the one or more partitions, and specifying a restriction profile for the one or more partitions, wherein the restriction profile includes one or more of read restrictions, write restrictions, time bound restrictions or location bound restrictions. | 12-29-2016 |
20160379015 | Implementing Replay Protected Storage - In one embodiment, a data storage client may establish a virtual replay protected storage system with an agnostic data storage. The virtual replay protected storage system may maintain a trusted counter and a secret key in a trusted client environment. The virtual replay protected storage system may encode a hash message authentication code signature based on the trusted counter, the secret key, and a data set. The virtual replay protected storage system may send a write request of the data set with the hash message authentication code signature to an agnostic data storage. | 12-29-2016 |
20160380769 | METHOD AND APPARATUS FOR SECURE RECORDATION OF TIME OF ATTEMPTED BREACH OF IC PACKAGE - An integrated circuit (IC) package includes a storage element and a protection component coupled to the storage element. The protection component includes a breach detection component configured to detect an attempted breach of the IC package. The protection component further includes a time detection component configured to determine a breach timestamp associated with a time of occurrence of the attempted breach and configured to store a representation of the breach timestamp in the storage element. The storage element may be configured to store a sensitive datum, and the time detection component may be configured to store the representation of the breach timestamp by overwriting the sensitive datum in the storage element with the representation of the breach timestamp. | 12-29-2016 |
20170235964 | USER AUTHENTICATION | 08-17-2017 |
20170235971 | METHODS AND APPARATUS FOR SECURITY ENHANCED PORTABLE DATA STORE AND PROCESSOR FOR ALLOWING SECURE AND SELECTIVE ACCESS TO GENOMIC DATA | 08-17-2017 |
20170237563 | CONTROLLED STORAGE DEVICE ACCESS | 08-17-2017 |
20170237573 | DATA PROCESSING DEVICES AND METHODS FOR RECONSTRUCTING A PUF VALUE | 08-17-2017 |
20180024942 | USING ENCRYPTION KEYS TO MANAGE DATA RETENTION | 01-25-2018 |
20180025165 | METHOD OF CONTROLLING MOBILE HARD DRIVE VIA MOBILE DEVICE | 01-25-2018 |
20180025167 | METHOD FOR STORING A DATA FILE OF A CLIENT ON A STORAGE ENTITY | 01-25-2018 |
20180025172 | DATA STORAGE APPARATUS, DATA PROCESSING METHOD, AND COMPUTER READABLE MEDIUM | 01-25-2018 |
20180025177 | METHOD FOR PROTECTING PIN CODE ON ANDROID PLATFORM | 01-25-2018 |
20180025183 | Management of Authenticated Variables | 01-25-2018 |
20180026785 | DATA STORAGE APPARATUS, DATA UPDATING SYSTEM, DATA PROCESSING METHOD, AND COMPUTER READABLE MEDIUM | 01-25-2018 |
20190146931 | NAMESPACE ENCRYPTION IN NON-VOLATILE MEMORY DEVICES | 05-16-2019 |
20190147172 | DEVICE AND METHOD FOR INCREASING THE SECURITY OF A DATABASE | 05-16-2019 |
20190147194 | SYNCHRONIZED HARDWARE-BASED SECURITY FOR A COMMUNICATION SYSTEM | 05-16-2019 |
20190147770 | DATA PROCESSING SYSTEM AND DATA PROCESSING METHOD | 05-16-2019 |
20190149317 | HOMOMORPHIC DATABASE OPERATIONS APPARATUSES, METHODS AND SYSTEMS | 05-16-2019 |
20190149318 | DATA DISTRIBUTION AGAINST CREDENTIAL INFORMATION LEAK | 05-16-2019 |
20220138113 | SECURE DATA COMMUNICATION WITH MEMORY SUB-SYSTEM - Various embodiments described herein provide for secure data communication between a host system and a memory sub-system. For example, some embodiments use a salt value, symmetric encryption, and asymmetric encryption to facilitate secure data communication between the host system and the memory sub-system. | 05-05-2022 |
20220138352 | Multi-Cloud Framework for Data Protection Using Threshold-Based File Reconstruction - Techniques are provided for multi-cloud data protection using threshold-based file reconstruction. One method comprises obtaining a file comprising metadata and data for storage in a cloud environment; generating a plurality of encrypted file portions from the data; and uploading each of the encrypted file portions with the metadata as cloud objects to multiple different cloud environments. A threshold number of the encrypted file portions are needed from at least two different cloud environments to reconstruct the file. For file reconstruction, the threshold number of encrypted file portions can be validated, merged and decrypted. | 05-05-2022 |
20220138354 | NUCLEIC ACID BASED DATA STORAGE - Provided herein are compositions, devices, systems and methods for the generation and use of biomolecule-based information for storage. Additionally, devices described herein for de novo synthesis of nucleic acids encoding information related to the original source information may be rigid or flexible material. Further described herein are highly efficient methods for long term data storage with 100% accuracy in the retention of information. Also provided herein are methods and systems for efficient transfer of preselected polynucleotides from a storage structure for reading stored information. | 05-05-2022 |
20220141012 | DATA PROTECTION AND RECOVERY SYSTEMS AND METHODS - A method of securely replacing a first data value with a second data value and related systems are disclosed. The method includes generating a first public key and a first private key, generating a cryptographic seed value, and passing the cryptographic seed value through an elliptic curve to generate a second public key and a second private key. The method further includes combining the first public key with the second private key using public key cryptography to create a shared encryption key and passing the shared encryption key through a symmetric algorithm to encrypt the cryptographic seed value. | 05-05-2022 |
20220141013 | ENCRYPTION AT REST USING KMS AND TPM - One example method includes receiving clear text data at a storage system, generating, at the storage system, a clear text data encryption key, requesting a key management system to encrypt the clear text data encryption key with a master key to create an encrypted data encryption key, and the requesting is performed by the storage system, receiving, at the storage system, the encrypted data encryption key from the key management system, encrypting, at the storage system, the clear text data with the clear text data encryption key to create encrypted data, and storing, together, the encrypted data and the encrypted data encryption key. | 05-05-2022 |