Entries |
Document | Title | Date |
20080215840 | ELECTRONIC FILE SYSTEM, OPERATING DEVICE, APPROVAL DEVICE, AND COMPUTER PROGRAM - An electronic file system includes an operating device for receiving an input for performance of an operation on an electronic file and an approval device used for approving of the operation on the electronic file. The electronic file includes an operation file on which an operation is to be performed and a restriction file indicating a restriction condition (policy) for restricting an operation performable on the operation file and a request destination for approval of the restricted operation. The operating device includes determination means for determining whether the operation to be performed on the operation file is permitted in accordance with the restriction condition described in the restriction file and means for, when it is determined that the operation corresponds to the restriction condition, transmitting to the approval device described as the request destination in the restriction file an approval request for requesting approval of the operation. | 09-04-2008 |
20080229041 | Electrical Transmission System in Secret Environment Between Virtual Disks and Electrical Transmission Method Thereof - The present invention relates to a secure transmission system and secure transmission method that securely transmit data stored in a computer to different computers via a Local Area Network or the Internet. The secure transmission system includes a virtual disk, configured to allow only an authorized application program module to gain an access and read, write and edit information data; and a secure communication application module including a user information generation means for generating intrinsic user information at the time of setting up the virtual disk, a user information storage means for storing the generated user information, an outgoing file management means for searching the virtual disk for information data to be sent and compressing the found information data, generating the header information of the information data in which user information about a sender and/or a recipient is contained, and adding the generated header information to the user information, an incoming file management means for reading the header information of received information data, decompressing compressed information data, and storing the decompressed information data on the virtual disk, and a file security means for encrypting and decrypting information data to be sent or received information data. | 09-18-2008 |
20080229042 | METHOD FOR LOCKING NON VOLATILE MEMORY WORDS IN AN ELECTRONIC DEVICE FITTED WITH RF COMMUNICATION MEANS - The electronic device, in particular a transponder, includes a non volatile memory (EEPROM) having a plurality of words | 09-18-2008 |
20080235473 | PROTECTION UNIT FOR A PROGRAMMABLE DATA-PROCESSING SYSTEM - A data-processing system having at least one operating memory holding operating data is provided with a protection unit having an execution environment protected from unauthorized access. At least one monitoring logic in the execution environment is connected to the operating memory for monitoring unauthorized modifications, access, or similar protection violations of the operating data stored in the operating memory and for generating an output on detection of such a protection violation. A protection logic in the execution environment holds replacement data capable of replacing the operating data and is connected to the monitoring logic for, on generation of the output, providing to the operating memory the replacement data for the operation or for a substitute operation of the data-processing system. | 09-25-2008 |
20080235474 | METHOD AND SYSTEM FOR PROCESSING ACCESS TO DISK BLOCK - Provided are a method and a system for processing an access to a disk block. The system receives a disk block access request from an OS domain, determines whether the OS domain is permitted to access a disk block with reference to a predetermined block table and processes disk block access of the OS domain according to the determination result. Accordingly, OS domains can share caches without having data copy through memory access control in a virtual machine monitor environment. Furthermore, a device domain controls access to a disk drive so that data corruption can be prevented. | 09-25-2008 |
20080235475 | METHOD AND APPARATUS FOR INTERVALED DMA TRANSFER ACCESS - A method for intervaled memory transfer access provides periodic authorization signals to a memory access controller. The method cycles between: 1) inhibiting the memory access controller from writing data to a memory until the memory access controller receives a periodic authorization signal to cause the memory access controller to remove the inhibition and write a predetermined amount of data to the memory through a data bus, and 2) releasing the data bus following writing of the predetermined amount of data to the memory by inhibiting the memory access controller from writing further data. | 09-25-2008 |
20080235476 | Media Vaulting in an Automated Data Storage Library - Disclosed are a system, a method, and article of manufacture to provide for managing data storage media to provide secure storage of the data storage media in an automated data storage library. A logical library partition vault is created in the automated data storage library that is not accessible by any host computer. Data storage media in the logical library partition vault may only be accessed by an operator using a secure means. The logical library partition vault may comprise various components of the automated data storage library by assigning storage shelves, service bays, data storage media, data storage drives or other library components to the logical library partition vault. | 09-25-2008 |
20080244206 | METHOD OF CONTROLLING MEMORY ACCESS - Provided is a method of controlling memory access. In a system including a first layer element executed in a privileged mode having a first priority of permission to access the entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method of controlling memory access determines whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; and determines whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory. Accordingly, a memory domain allocated to a guest operating system kernel is effectively protected from an application executed in the unprivileged mode in which the guest operating system kernel is executed. | 10-02-2008 |
20080250216 | Protected function calling - Memory address space is divided into domains and instruction access control circuitry is used to detect when the memory address from which an instruction to be executed is fetched has crossed a domain boundary and changed and in such cases to conduct a check to ensure that the instruction within the new domain is a permitted instruction of a permitted form. The permitted instruction can be arranged to be a no operation instruction other than in respect of the instruction access control circuitry, in order to assist backward compatibility. | 10-09-2008 |
20080250217 | Memory domain based security control with data processing systems - Access to memory address space is controlled by memory access control circuitry using access control data. The ability to change the access control data is controlled by domain control circuitry. Whether or not an instruction stored within a particular domain, being a set of memory addresses, is able to modify the access control data is dependent upon the domain concerned. Thus, the ability to change access control data can be restricted to instructions stored within particular defined locations within the memory address space thereby enhancing security. This capability allows systems to be provided in which call forwarding to an operating system can be enforced via call forwarding code and where trusted regions of the memory address space can be established into which a secure operating system may write data with increased confidence that that data will only be accessible by trusted software executing under control of a non-secure operating system. | 10-09-2008 |
20080256317 | Storage system and computer system - A storage system that is capable of communicating with one or more host devices that issue a host input/output request, including two or more physical devices, one or more logical devices provided in the two or more physical devices, said logical devices each representing a logical volume provided in the two or more physical devices, one or more memories that store security information that is information corresponding with each of the one or more logical devices that serves to control access based on a host input/output request for the logical device, and a control device that controls access of a host input/output, said security information being used to permit or deny a read/write request requesting access to the first logical device, said read/write request including a logical unit number (LUN) related to the first logical. | 10-16-2008 |
20080263300 | Storage Media - A storage media for storing data and comprising an integral controller configured to control access to the data depending on the location of the storage media. The storage media may further comprise means to determine its location, e.g. such as a GPS receiver or a cellular network positioning solution. Alternatively, the location may be provided by an external device. | 10-23-2008 |
20080270723 | Multiprocessor System and Exclusive Control Method Therefor - A multiprocessor system that can perform for a lock variable a function equivalent to an atomic read-modify-write function. When a specified CPU asserts a read signal READ, a main lock variable LOCK is read from a lock register, and a main lock variable LOCK in a locked state “1” is written to the lock register. When the main lock variable LOCK that is read is in an unlocked state “0”, the CPU can obtain a lock. Since not only the main lock variable LOCK is read, but is also the main lock variable LOCK in the locked state “1” is written, when a different CPU asserts a read signal READ immediately after this, the main lock variable LOCK in the locked state “1” is read from the lock register in the locked state “1”, so that the different CPU can not obtain a lock. | 10-30-2008 |
20080270724 | REMOVABLE STORAGE DEVICE - In an embodiment, when a removable storage device is removably coupled to a host, the removable storage device indicates that it is non-removable to the host. The removable storage device may include a user-created secure storage area. | 10-30-2008 |
20080276058 | Storage Device For Data-Smuggling - A computer-readable storage medium having computer-readable code embodied thereon including: program code for restricting access, by a file system running on a host system, to a restricted area of a storage area of a storage device; and program code for enabling at least one application to access the restricted area via the file system. Preferably, the computer-readable code further includes: program code for enabling the storage device to copy data from a non-restricted area to the restricted area. Preferably, the computer-readable code further includes: program code for directing the storage device to route host-system read-requests, directed to addresses in the restricted area, to addresses in a non-restricted area. Preferably, the computer-readable code further includes: program code for applying access commands of the host system to restricted data residing in the restricted area when the host system requests access to non-restricted data addressed to a non-restricted area. | 11-06-2008 |
20080276059 | APPARATUS AND METHODS FOR SETTING SECURITY TO STORAGE UNIT AND COMPUTER - Methods and apparatus are provided for inhibiting data writing to an optical disc drive connected to a computer. A BIOS confirms presence of a security function of an optical disc drive. When the optical disc drive possesses the security function, the BIOS delivers a command to the optical disc drive to set it to a read-only mode. The optical disc drive that has received the command sets the drive per se to operate in the read-only mode. Since a command for setting it to the read-only mode and a command for releasing it are delivered to the optical disc drive only by the BIOS, when a control is transferred to an Operating System (OS), setting of the read-only mode cannot be released by the OS and other OS's, or application software. | 11-06-2008 |
20080288735 | Data Protection for Non-Volatile Semiconductor Memory Using Block Protection Flags - Receiving a request for canceling setting, a control circuit erases data stored in a corresponding block, changes a value of a protection flag, and cancels protection setting. When an overall protection is set for any block, the control circuit prohibits access to all blocks, except when it is an operation mode for activating a memory program contained in the microcomputer. Further, control circuit permits an access to a block M only when partial protection is set, CPU is in the mode for activating a memory program contained in the microcomputer and the access is for reading an instruction code in accordance with an instruction fetch. | 11-20-2008 |
20080301388 | INFORMATION PROCESSING APPARATUS AND COMPUTER READABLE MEDIUM - An information processing apparatus includes a restriction section, an acquisition section and a change section. The restriction section restricts maximum amount of stored data to be stored in each of information storage area in response to a reference value predetermined to each of information storage area. The acquisition section acquires relevant information about the stored data stored in each of the information storage area. The change section that changes the reference value determined to each of the information storage areas based on the acquired relevant information. | 12-04-2008 |
20080301389 | MEMORY-PROTECTION METHOD AND APPARATUS - A memory-protection method and apparatus is provided that can protect a memory that is used by components in a real time operating system environment (RTOS). The memory-protection method includes requesting access to a first memory region that a first component uses when the first component is called to execute a first task in a real time operating system, and permitting the first task to access the first memory region with reference to a task list that includes information on tasks which are permitted to access the first memory region. | 12-04-2008 |
20080307180 | VIRTUAL MACHINE CONTROL PROGRAM AND VIRTUAL MACHINE SYSTEM - The program attains compatibility of suppression of an overhead accompanying page exception handling in the case of operating a program whose amount of memory use is large on a virtual machine and suppression of the overhead accompanying page exception handling in the case of operating a first OS that has a function of making another OS run on a virtual machine. A VMM creates a shadow PT for prohibiting reading-writing of privileged memory that requires emulation of reading/writing by using a RSV-bit, and registers the shadow PT and the second PT that a second OS operating on the first OS has in an x86 compatible CPU equipped with a page exception detecting function using two PT's. When a page exception occurs, the VMM refers to a cause code of the page exception and, when a P field of the cause code is 0, determines immediately that emulation is unnecessary. | 12-11-2008 |
20080313417 | APPARATUS AND METHOD OF DETECTING AND CONTROLLING PRIVILEGE LEVEL VIOLATION PROCESS - Provided are an apparatus and method of detecting and controlling a privilege level violation process. The apparatus monitors whether higher-privileged processes depend on information provided from lower-privileged objects or denies the higher-privileged processes to access the lower-privileged objects. The apparatus is provided in a process, and monitors whether a process accesses to a lower-privileged object. The apparatus gives a warning message or denies an access of the process to the lower-privileged object when it detects that the higher-privileged process access to the lower-privileged object. Therefore, the apparatus of detecting and controlling a privilege level violation process detects weaknesses that may be caused by privilege level violation, thus allowing a system to be safely operated. | 12-18-2008 |
20080320262 | READ/WRITE LOCK WITH REDUCED READER LOCK SAMPLING OVERHEAD IN ABSENCE OF WRITER LOCK ACQUISITION - An improved reader-writer locking for synchronizing access to shared data. When writing the shared data, a writer flag is set and a lock is acquired on the shared data. The shared data may be accessed following the expiration of a grace period and a determination that there are no data readers accessing the shared data. When reading the shared data, the writer flag is tested that indicates whether a data writer is attempting to access the shared data. If the writer flag is not set, the shared data is accessed using a relatively fast read mechanism. If the writer flag is set, the shared data is accessed using a relatively slow read mechanism. | 12-25-2008 |
20090006795 | Security protection for cumputer long-term memory devices - A security protection device provides protection for computer long-term storage devices, such as hard drives. The security protection device is placed between a host computer and the storage device. The security protection device intercepts communications between the host and the storage device and examines any commands from the host to the storage device. Only “safe” commands that match commands on a pre-approved list are passed to the storage device. All other commands may be discarded. | 01-01-2009 |
20090006796 | Media Content Processing System and Non-Volatile Memory That Utilizes A Header Portion of a File - A computer readable media storing operational instructions is disclosed. The instructions includes at least one instruction to store data of an encrypted computer readable file that includes a header portion and associated content data into a storage area of a non-volatile memory. The storage area includes a secure memory area to store data from the header portion including at least one encryption ID. The storage area further includes a memory area to store the content data. The header portion further includes trailer data derived from a portion of the content data. The instructions also include at least one instruction to provide data read access to the header portion and to the content data with respect to a host device. | 01-01-2009 |
20090013141 | Information leakage detection for storage systems - A storage system compares content of new data received from a host computer with content of existing data already stored in the storage system. If the content of the new data matches the content of the existing data, the storage system determines whether the computer that sent the new data is a registered owner of the new data by determining who the registered owners are of the existing data that has the matching content. If the computer that sent the new data is not a registered owner, unauthorized information sharing is assumed to have taken place. The storage system sends a notification or takes other specified action when the computer that sent the new data is not a registered owner. An administrator or monitoring agent may thus be notified of any unauthorized file sharing or data leakage within the storage system. | 01-08-2009 |
20090019247 | Bufferless Transactional Memory with Runahead Execution - A method for executing an atomic transaction includes receiving the atomic transaction at a processor for execution, determining a transactional memory location needed in memory for the atomic transaction, reserving the transactional memory location while all computation and store operations of the atomic transaction are deferred, and performing the computation and store operations, wherein the atomic transaction cannot be aborted after the reservation, and further wherein the store operation is directly committed to the memory without being buffered. | 01-15-2009 |
20090019248 | PORTABLE DEVICE AND METHOD FOR CONTROLLING SHARED MEMORY IN PORTABLE DEVICE - A portable terminal and a method of controlling a shared memory, the portable terminal are disclosed. The portable terminal includes a memory unit, being equipped with at least 2 ports and having a storage block partitioned into partitioned blocks in a quantity of n, and a plurality of processors, reading or writing data by accessing a particular partitioned block through each dedicated port. At least one of the partitioned blocks is assigned to a common storage block, accessible by a processor having an access privilege, and the access privilege is transferred between the plurality of processors. The common storage block can be partitioned into k sub partitioned blocks, which the data type and process to be stored are predetermined. With the present invention, in the case of the common storage block for the plurality of processors, by allowing the partitioned storage blocks to be partitioned again into sub partitioned blocks depending on a type of data to be stored, the data processing/transmission speed and efficiency can be optimized. | 01-15-2009 |
20090049264 | Memory device and method having on-board address protection system for facilitating interface with multiple processors, and computer system using same - A memory device includes an address protection system that facilitates the ability of the memory device to interface with a plurality of processors operating in a parallel processing manner. The protection system is used to prevent at least some of a plurality of processors in a system from accessing addresses designated by one of the processors as a protected memory address. Until the processor releases the protection, only the designating processor can access the memory device at the protected address. If the memory device contains a cache memory, the protection system can alternatively or additionally be used to protect cache memory addresses. | 02-19-2009 |
20090055612 | SECURE PROCESSING UNIT SYSTEMS AND METHODS - A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU's hardware resources so that they can be shared between security functions and other functions performed by the same CPU. | 02-26-2009 |
20090063799 | Memory Protection For Embedded Controllers - System and method for protecting data in a system including a main processor, an embedded controller, and a memory. In response to a power-on-reset (POR), access to the memory is enabled, e.g., access by the embedded controller. First data is read from the memory (e.g., by the embedded controller) in response to the enabling, where the first data are usable to perform security operations for the system prior to boot-up of the main processor. The first data are used, e.g., by the embedded controller, to perform one or more security operations for the system, then access to the memory, e.g., by the embedded controller, is disabled, where after the disabling the memory is not accessible, e.g., until the next POR initiates enablement. | 03-05-2009 |
20090063800 | ARRANGEMENTS HAVING SECURITY PROTECTION - Access control unit sends to the access judging unit an access judging check request signal asking whether the requested address falls within one of the access-permitted areas registered in the access judging unit, the access judging unit checks whether the requested address falls within one of the access-permitted areas registered in it and returns to the access control unit an access judging check result signal indicating whether the access request is to be honored or rejected, and the access control unit permits access to the internal bus if the access judging check result signal indicates that the access request is to be honored, or rejects the access request otherwise. | 03-05-2009 |
20090063801 | Write Protection Of Subroutine Return Addresses - Exemplary methods, systems, and products are described that operate generally by moving subroutine return address protection to the processor itself, in effect proving atomic locks for subroutine return addresses stored in a stack, subject to application control. More particularly, exemplary methods, systems, and products are described that write protect subroutine return addresses by calling a subroutine, including storing in a stack memory address a subroutine return address and locking, by a computer processor, the stack memory address against write access. Calling a subroutine may include receiving in the computer processor an instruction to lock the stack memory address. Locking the stack memory address may be carried out by storing the stack memory address in a protected memory lockword. A protected memory lockword may be implemented as a portion of a protected content addressable memory. | 03-05-2009 |
20090070540 | Receiving Apparatus, Receiving Method, Transmitting Apparatus, Transmitting Method, and Medium - A receiving apparatus has a first memory area accessible by a first provider providing first contents and a second memory area accessible by a second provider providing second contents. A receiving unit receives a first access right file and a second access right file. An output unit outputs the first contents or the second contents. A memory control unit stores first information associated with the first contents in the first memory area and stores second information associated with the second contents in the second memory area. A switching unit switches from outputting the first contents to outputting the second contents. A determining unit determines whether the second provider is permitted to access the first memory area. An output controller reads the first information and outputs the second contents based on the first information to the output unit when the second provider is permitted to access the first memory area. | 03-12-2009 |
20090077333 | DOUBLE DEGRADED ARRAY PROTECTION IN AN INTEGRATED NETWORK ATTACHED STORAGE DEVICE - In one embodiment, the invention provides a method for accessing a physical storage-device array comprising a plurality of storage devices. The method includes (1) obtaining at least one parameter from a profile selected from two or more profiles concurrently defining two or more virtual arrays, each profile defining (i) a different virtual array associated with a corresponding set of storage devices and (ii) a parameter set of one or more parameters used for accessing the virtual array; and (2) generating an instruction, based on the at least one parameter, for accessing, or disallowing access to, information in the virtual array defined by the selected profile, wherein a parameter in each the parameter set defined by each profile indicates whether two or more storage devices in the corresponding virtual array are degraded. | 03-19-2009 |
20090077334 | Storage Apparatus for Preventing Falsification of Data - When a file server is to create data that does not permit falsification in an external storage, it is not possible to guarantee that the rewriting of this data can be prevented from a computer connected to the external storage without going through a file server. Provided is a storage system configured from a first storage having a file I/O processing unit and a second storage connected to this first storage, wherein the first storage includes a unit for requesting a change of access authority to the storage area in the own storage and in the second storage provided to the own storage. An access request to a storage area in a second storage from a computer connected to a second storage without going through a file I/O processing unit is restricted based on the change of access authority executed by the second storage upon receiving the request from the first storage. | 03-19-2009 |
20090083505 | System and Method for Achieving Protected Region Within Computer System - A system and method for achieving one or more protected regions within a computer system having multiple partitions are disclosed. In at least some embodiments, the system includes an intermediary device for use within the computer system having the multiple partitions. The intermediary device includes a fabric device, and a first firewall device capable of limiting communication of a signal based upon at least one of a source of the signal and an intended destination of the signal, the first firewall device being at least indirectly coupled to the fabric device. The intermediary device further includes a first conversion device that is one of integrated with the first firewall device and distinct from the first firewall device, and that is capable of converting between a processor address and a fabric address for use by the fabric device. In some embodiments, the various devices each include Control and Status Registers (CSRs). | 03-26-2009 |
20090083506 | Method and system for memory thermal load sharing using memory on die termination - Memory component temperature information is used to implement a method for ODT (on die termination) thermal load management. A respective temperature of a plurality of memory components are accessed, and based on this temperature, an ODT cycle is directed to a first of the memory components to avoid imposing a thermal load from the ODT cycle on a second of the memory components. | 03-26-2009 |
20090089526 | MEMORY DEVICES WITH DATA PROTECTION - A memory device comprises a memory array, a status register coupled with the memory array, and a security register coupled with the memory array and the status register. The memory array contains a number of memory blocks configured to have independent access control. The status register includes at least one protection bit indicative of a write-protection status of at least one corresponding block of the memory blocks that corresponds to the protection bit. The security register includes at least one register-protection bit. The register-protection bit is programmable to a memory-protection state for preventing a state change of at least the protection bit of the status register. The register-protection bit is configured to remain in the memory-protection state until the resetting of the memory device. | 04-02-2009 |
20090089527 | EXECUTING A PROTECTED DEVICE MODEL IN A VIRTUAL MACHINE - Embodiments of apparatuses, methods, and systems for executing a protected device model in a virtual machine are disclosed. In one embodiment, an apparatus includes recognition logic, memory management logic, control logic, and execution logic. The recognition logic is to recognize an indication, during execution of first code on a virtual machine, that the first code is attempting to access a device. The memory management logic is to prevent the virtual machine from accessing a portion of memory during execution of the first code, and to allow the virtual machine to access the portion of memory in response to the indication. The control logic is to transfer control of the apparatus from the first code to second code stored in the portion of memory, without exiting the virtual machine. The execution logic is to execute the second code to model the device. | 04-02-2009 |
20090089528 | STORAGE SYSTEM AND METHOD OF CONTROLLING THE SAME - A storage system is utilized to its fullest storage capacity by setting a write inhibitive attribute to a desired storage area of the storage system. The storage system has a logical volume in which data is stored and a control device which controls access to the data stored in the logical volume. A first area of a desired size is set in the logical volume, and an access control attribute is set to the first area. In response to a request made by a computer to perform access to the logical volume, the control device notifies the computer that the control device does not perform the access when an area designated by the access request contains at least a part of the first area and the access control attribute set to the first area inhibits the type of the access requested. | 04-02-2009 |
20090094429 | Generic Low Cost Hardware Mechanism for Memory Protection - There is provided a memory protection system comprising: address storage means storing the start and end addresses of each of a plurality of memory segments; control data storage means storing control data indicative of a type of permitted access to each of the plurality of memory segments; comparison means for comparing said start and end addresses with addresses of a selected memory portion to which a processor seeks access; and combination means for logically combining access data indicative of the type of access sought by the processor to the selected memory portion with said control data; wherein the comparison and combination results are indicative of whether or not the access to the selected memory portion sought by the processor is allowable. The present invention provides for the access protection of memory segments of any required size, both large and small. | 04-09-2009 |
20090094430 | PROVIDING A PROCESS EXCLUSIVE ACCESS TO A PAGE INCLUDING A MEMORY ADDRESS TO WHICH A LOCK IS GRANTED TO THE PROCESS - Provided are a method, system, and article of manufacture for providing a process exclusive access to a page including a memory address to which a lock is granted to the process. A request is received for a memory address in a memory device from a requesting process. A lock is granted to the requested memory address to the requesting process. The requesting process is provided exclusive access to a page including the requested memory address for a page access time period. The exclusive access to the page provided to the requesting process is released in response to an expiration of the page access time period. | 04-09-2009 |
20090094431 | MONITORING PATTERNS OF PROCESSES ACCESSING ADDRESSES IN A STORAGE DEVICE TO DETERMINE ACCESS PARAMETERS TO APPLY - Provided are a method, system, and article of manufacture for monitoring patterns of processes accessing addresses in a storage device to determine access parameters to apply. Processes accessing addresses of data in a storage device are monitored. The processes are granted access to the addresses according to first access parameters that indicate how to arbitrate access by processes to the addresses. A condition occurring in response to a pattern of processes accessing addresses is detected. A determination is made of one of the processes in the pattern and the address accessed by the determined process. Indication is made that second access parameters apply for the determined address. The second access parameters are used to grant access to the determined address for subsequent accesses of the indicated address. | 04-09-2009 |
20090100238 | Memory card and memory card control changeover method - A disclosed memory card includes: a control unit; a nonvolatile memory; and a program memory, wherein the program memory stores control programs for plural standards, the control programs controlling data access between the nonvolatile memory and an external device as a memory card. | 04-16-2009 |
20090100239 | DATA UPDATE HISTORY STORAGE APPARATUS AND DATA UPDATE HISTORY STORAGE METHOD - Provided is a storage apparatus that stores data update histories using an existing file system without modifying the source code of the existing file system. The storage apparatus includes an I/O command catcher that changes, when an I/O command is issued from a program stored in a memory and arbitrary update data is stored in a data area address corresponding to a buffer address storing the arbitrary update data, authorized access set for the arbitrary update data in a page management unit to readable; and a page exception catcher that issues, when the authorized access of the arbitrary update data is changed to readable, a page exception report, acquires a data area address corresponding to the buffer address storing the arbitrary update data in the address management unit, and stores the update data and its update history in an update queue. | 04-16-2009 |
20090100240 | AUTHENTICATION METHOD, CORRESPONDING PORTABLE OBJECT AND COMPUTER SOFTWARE PROGRAM - A method is provided for authenticating a carrier of a portable object having a memory for memorising at least one item of secret information. The method includes: authentication processing of a signature provided by said carrier, taking account of said secret information; supplying an item of information for the authentication decision, positive or negative, implementing, in a non volatile memory of said portable object, an incorrect signature indicator which may adopt a value indicating a normal situation and at least one value indicating an abnormal situation. The step of implementing including: after said information supplying step, writing, in said incorrect signature indicator, a value indicating an abnormal situation, if said authentication decision is negative; and before said authentication step, and if said incorrect signature indicator contains a value indicating an abnormal situation, a step generating a delay. The writing step also includes memorising at least one item of context-related information. | 04-16-2009 |
20090106516 | METHOD AND APPARATUS FOR PREVENTING ERRONEOUS WRITING OF DATA - A method for preventing erroneous writing of data includes the steps of: providing a memory positioned in a writing protection state, connecting the memory to a host computer installed with a control program, using the control program to control the memory to remove the writing protection state and writing external data into the memory. Whereby, the erroneous writing of the external data is prevented and the safety of internal data of the memory is protected accurately. | 04-23-2009 |
20090113154 | Non-Volatile Memory Apparatus and Method of Accessing the Same - A non-volatile memory apparatus and an accessing method thereof are provided. A host accesses the non-volatile memory apparatus and gets the accessing result according to the predetermined protocol. Therefore, the host can identify whether the non-volatile memory apparatus has a data area or not and switch to access the data area. The host can then access the non-volatile memory apparatus with high capacity without changing the hardware of the host. | 04-30-2009 |
20090132776 | DATA PROCESSING DEVICE, DATA PROCESSING METHOD, DATA PROCESSING PROGRAM, RECORDING MEDIUM CONTAINING THE DATA PROCESSING PROGRAM AND INTERGRATED CIRCUIT - A data processing device for processing stream data composed of a plurality of frames generated with encoded contents data, which includes a protected storage unit for storing data, being protected from external access, a non-protected storage unit for storing data, a receiving unit for receiving stream data, a separating unit for separating the stream data into protected data including frames necessary for decoding of other frames, and non-protected data not including frames necessary for decoding of other frames, and storing the protected data in the protected storage unit and storing the non-protected data in the non-protected storage unit, and a combining unit for restoring the stream data by combining the protected data stored in the protected storage unit and the non-protected data stored in the non-protected storage unit. | 05-21-2009 |
20090132777 | SYSTEMS AND METHODS FOR PROTECTING CUSTOMER SECRETS DURING VENDOR TROUBLESHOOTING - Systems, methods, and computer products for protecting information during troubleshooting are provided. A dumping mechanism includes marking at least one of a plurality of memory regions in the computer-readable medium as non-dumpable, initiating a core dump, determining which memory regions of the plurality regions are non-dumpable, and dumping the contents only of memory regions not marked as non-dumpable. | 05-21-2009 |
20090144516 | SYSTEMS AND METHODS FOR MANAGING DATA STORAGE MEDIA - Systems and methods are provided for passive data migration. A method is presented for distributing data that includes acts of identifying a date by which a computer readable medium is to be decommissioned and restricting distribution of data to the computer readable medium to reach a state of data content suitable for decommissioning the computer readable medium by the identified date. A system implementing data migration includes a storage medium, an interface and a processor. The interface is adapted to receive information to be stored on a storage medium, and the processor is configured to restrict storage of the data on one storage medium based on a target decommission date for that storage medium. | 06-04-2009 |
20090150631 | SELF-PROTECTING STORAGE DEVICE - Described are a self-protecting storage device and method that can be used to monitor attempts to access protected information. Access is allowed for authorized host systems and devices while unauthorized access is prevented. Authorization use includes inserting a watermark into access commands, such as I/O requests, sent to the storage device. The access commands are verified before access is permitted. In one embodiment, block addresses in I/O requests are encrypted at the host device and decrypted at the self-protecting storage device. Decrypted block addresses are compared to an expected referencing pattern. If a sufficient match is determined, access to the stored information is provided. Self-protection can be provided to a range of storage devices including, for example, SD flash memory, USB thumb drives, computer hard drives and network storage devices. A variety of host devices can be used with the self-protecting storage devices, such as cell phones and digital cameras. | 06-11-2009 |
20090172327 | Optimistic Semi-Static Transactional Memory Implementations - A lock-based software transactional memory (STM) implementation may determine whether a transaction's write-set is static (e.g., known in advance not to change). If so, and if the read-set is not static, the STM implementation may execute, or attempt to execute, the transaction as a semi-static transaction. A semi-static transaction may involve obtaining, possibly after incrementing, a reference version value against which to subsequently validate that memory locations, such as read-set locations, have not been modified concurrently with the semi-static transaction. The read-set locations may be validated while locks are held for the locations to be written (e.g., the write-set locations). After committing the modifications to the write-set locations and as part of releasing the locks, versioned write-locks associated with the write-set locations may be updated to reflect the previously obtained, or newly incremented, reference version value. | 07-02-2009 |
20090172328 | SYSTEM AND METHOD FOR HIGH PERFORMANCE SECURE ACCESS TO A TRUSTED PLATFORM MODULE ON A HARDWARE VIRTUALIZATION PLATFORM - A system and method for high performance secure access to a trusted platform module on a hardware virtualization platform. The virtualization platform including Virtual Machine Monitor (VMM) managed components coupled to the VMM. One of the VMM managed components is a TPM (Trusted Platform Module). The virtualization platform also includes a plurality of Virtual Machines (VMs). Each of the virtual machines includes a guest Operating System (OS), a TPM device driver (TDD), and at least one security application. The VMM creates an intra-partition in memory for each TDD such that other code and information at a same or higher privilege level in the VM cannot access the memory contents of the TDD. The VMM also maps access only from the TDD to a TPM register space specifically designated for the VM requesting access. Contents of the TPM requested by the TDD are stored in an exclusively VMM-managed protected page table that provides hardware-based memory isolation for the TDD. | 07-02-2009 |
20090172329 | Providing secure services to a non-secure application - A data processing apparatus comprising a data processor for processing data in a secure and a non-secure mode, said data processor processing data in said secure mode having access to secure data that is not accessible to said data processor processing data in said non-secure mode; and a further processing device for performing a task in response to a request from said data processor issued from said non-secure mode, said task comprising processing data at least some of which is secure data, said further processing device comprising a secure data store, said secure data store not being accessible to processes running on said data processor in non-secure mode; wherein prior to issuing any of said requests said data processor is adapted to perform a set up operation on said further data processing device, said set up operation being performed by said data processor operating in said secure mode and comprising storing secure data in said secure data store on said further processing device, said secure data being secure data required by said further processing device to perform said task; wherein in response to receipt of said request from said data processor operating in said non-secure mode said further data processing device performs said task using data stored in said secure data store to access any secure data required. | 07-02-2009 |
20090172330 | Protection of user-level applications based on page table information - In one embodiment, the present invention includes a virtual machine monitor (VMM) to access a protection indicator of a page table entry (PTE) of a page of a set of memory buffers and determine a state of the protection indicator, and if the protection indicator indicates that the page is a user-level page and if certain information of an agent that seeks to use the page matches that in a protected memory address array, a page table base register (PTBR) is updated to a protected page table (PPT) base address. Other embodiments are described and claimed. | 07-02-2009 |
20090172331 | Securing content for playback - A graphics engine may include a decryption device, a renderer, and a sprite or overlay engine, all connected to a display. A memory may have a protected and non-protected portions in one embodiment. An application may store encrypted content on the non-protected portion of said memory. The decryption device may access the encrypted material, decrypt the material, and provide it to the renderer engine of a graphics engine. The graphics engine may then process the decrypted material using the protected portion of the memory. Only graphics devices can access the protected portion of the memory in at least one mode, preventing access by outside sources. In addition, the protected memory may be stolen memory that is not identified to the operating system, making that stolen memory inaccessible to applications running on the operating system. | 07-02-2009 |
20090172332 | Information processing apparatus and method of updating stack pointer - A instruction execution part of an information processing device outputs an access request including a first address information to specify an access destination based on an execution of an access command of an address space in a memory. The instruction execution part also outputs a check request including a second address information to specify a stack pointer point after extension based on an execution of a stack extension command to extend a stack included in the address space in the memory by updating a stack pointer. A protection violation detection section of the information processing device detects whether the access destination includes the plurality of the partial spaces by collating the first information with the memory protection information stored in the memory protection information storage section. | 07-02-2009 |
20090177858 | Method and Apparatus for Controlling Memory Array Gating when a Processor Executes a Low Confidence Branch Instruction in an Information Handling System - An information handling system includes a processor with an array power management controller. The array power management controller gates off a memory array, such as a cache, to conserve power whenever a group of instructions in a branch instruction queue together as a group exhibits a confidence in the accuracy of branch predictions of branch instructions therein that is less than a first predetermined threshold confidence threshold. In one embodiment of the information handling system, the array power management controller speculatively inhibits the gating off of the memory array when confidence in the accuracy of a branch prediction for a particular currently issued branch instruction exhibits less than a second predetermined threshold confidence threshold. In this manner, the array power management controller again allows access to the memory array in the event a branch redirect is likely. | 07-09-2009 |
20090182964 | DYNAMIC ADDRESS TRANSLATION WITH FORMAT CONTROL - What is provided is an enhanced dynamic address translation facility. In one embodiment, a virtual address to be translated and an initial origin address of a translation table of the hierarchy of translation tables are obtained. An index portion of the virtual address is used to reference an entry in the translation table. If the format control field is enabled, a frame address of a large block of data in main storage is obtained from the translation table entry. The large block of data is a block of at least 1M byte in size. The frame address is then combined with an offset portion of the virtual address to form the translated address of a desired block of data within the large block of data in main storage. The desired large block of data addressed by the translated address is then accessed. | 07-16-2009 |
20090182965 | Securing data in memory device - The various embodiments of the invention relate generally to semiconductors and memory technology. More specifically, the various embodiment and examples of the invention relate to memory devices, systems, and methods that protect data stored in one or more memory devices from unauthorized access. The memory device may include third dimension memory that is positioned on top of a logic layer that includes active circuitry in communication with the third dimension memory. The third dimension memory may include multiple layers of memory that are vertically stacked upon each other. Each layer of memory may include a plurality of two-terminal memory elements and the two-terminal memory elements can be arranged in a two-terminal cross-point array configuration. At least a portion of one or more of the multiple layers of memory may include an obfuscation layer configured to conceal data stored in one or more of the multiple layers of memory. | 07-16-2009 |
20090187723 | SECURE STORAGE SYSTEM AND METHOD FOR SECURE STORING - According to an exemplary embodiment a method for securely storing a message comprises dividing a first message into a first plurality of shares, and storing the first plurality of shares on a storing host together with a second plurality of shares of at least a second message, wherein the storing is performed in a mixed manner. | 07-23-2009 |
20090193209 | METHOD FOR PROTECTING DATA IN THE HARD DISK - A method for protecting data in the hard disk is provided. The method is suitable for a computer system and includes the following steps. First, a plurality of specification parameters conforming to the computer system is read. Next, a part of the specification parameters are encoded for obtaining a recognition byte. Then, when the computer system writes data to a hard disk, a specific operation is performed to a byte read or written by the hard disk and the recognition byte for maintaining a security of the data in the hard disk. | 07-30-2009 |
20090193210 | System for Automatic Legal Discovery Management and Data Collection - Provided is a system and method for the collection and production of documents in a judicial setting. The disclosed technology provides a rapid, cost-efficient system for document production that requires no local workstation or laptop software installation. Both a web-based solution and a hard drive based solution are provided. Collected information is stored, analyzed, filtered and indexed, all while adhering to strict document preservation and chain of custody requirements. Filtering can be based upon such criteria as file type, date range, key word searches and individual or group custodial selection. Also provided are procedures to notify parties of the need to preserve information that may be subject to disclosure. In addition, the disclosed technology provides the identification and elimination of duplicate and modified documents while preserving information, including associated metadata, associated with such files. | 07-30-2009 |
20090193211 | SOFTWARE AUTHENTICATION FOR COMPUTER SYSTEMS - A technique for authenticating software in a computer system is provided that can be used to prevent unauthorized users from accessing or using certain features or resources of the computer system. In accordance with the technique, a relatively small hash table is authenticated at system boot up and then used during run-time to authenticate selected portions of a software image. The technique advantageously permits software to be authenticated in a manner that does not impose significant delays upon the boot-up time associated with the computer system. The technique is applicable to both general-purpose and special-purpose computer systems, including embedded systems. | 07-30-2009 |
20090193212 | FIXED LENGTH MEMORY BLOCK MANAGEMENT APPARATUS AND CONTROL METHOD THEREOF - A fixed length memory block management apparatus has a plurality of processors which execute applications, a memory which is shared by the plurality of processors, an application program, an initialization program, and an access right allocation program being stored in the memory. The apparatus has an application execution unit which starts up the application program to execute the application, an initialization unit which starts up the initialization program to set a memory block management area including a plurality of sub-blocks at the memory, and an access right allocation unit which starts up the access right allocation program to allocate an access right of a memory block of the sub-block set by the initialization unit to the application execution unit. | 07-30-2009 |
20090198932 | Secure direct platter access - Bulk data transfers by directly accessing a persistent and secured area on the data storage device, e.g., a disk drive having a magnetic storage medium, without relying on the system operating system to execute its read/write operations. For a disk drive, the Protected Area Run Time Interface Extension (PARTIES) technology is applied to create and organize a secured sub-area within a secured storage area. The secured sub-area is a data buffer to and from which large data file transfers can be made with data authenticity and confidentiality. Since this new secured sub-area is not organized and protected by the operating system, it is inherently protected from attack by viruses or Trojan horse software whose effectiveness depends on their ability to maliciously direct the operating system. In addition, the read/write operations bypass command payload limits while reducing data and command validation costs. | 08-06-2009 |
20090198933 | Method and Apparatus for Handling Multiple Memory Requests Within a Multiprocessor System - A method for handling multiple memory requests within a multi-processor system is disclosed. A lock control section is initially assigned to a data block within a system memory. In response to a request for accessing the data block by a processing unit, a determination is made whether or not the lock control section of the data block has been set. If the lock control section has been set, another determination is made whether or not the requesting processing unit is located beyond a predetermined distance from a memory controller. If the requesting processing unit is located beyond a predetermined distance from the memory controller, the requesting processing unit is invited to perform other functions; otherwise, the number of the requesting processing unit is placed in a queue table. However, if the lock control section has not been set, the lock control section of the data block is set, and the access request is allowed. | 08-06-2009 |
20090198934 | FULLY ASYNCHRONOUS MEMORY MOVER - A data processing system has a processor and a memory coupled to the processor and an asynchronous memory mover coupled to the processor. The asynchronous memory mover has registers for receiving a set of parameters from the processor, which parameters are associated with an asynchronous memory move (AMM) operation initiated by the processor in virtual address space, utilizing a source effective address and a destination effective address. The asynchronous memory mover performs the AMM operation to move the data from a first physical memory location having a source real address corresponding to the source effective address to a second physical memory location having a destination real address corresponding to the destination effective address. The asynchronous memory mover has an associated off-chip translation mechanism. The AMM operation thus occurs independent of the processor, and the processor continues processing other operations independent of the AMM operation. | 08-06-2009 |
20090204776 | SYSTEM FOR SECURING AN ACCESS TO FLASH MEMORY DEVICE AND METHOD FOR THE SAME - A system for securing an access to a flash memory is provided. The system includes a first flash memory storage device having a plurality of storage elements for storing data, and a host for accessing the first flash memory storage device. The host includes a control unit, a storing unit, and an identification unit. The control unit is used for generating an identification code and assigning the identification code into a random storage element selected from the plurality of storage elements, when the first flash memory storage device is to be accessed by the host at the first time. The storing unit is used for storing the identification code and a set address corresponding to the stored storage element. The identification unit is used for examining whether the set address complies with the storage element address to be stored the identification code of the first flash memory storage device, and whether the identification code stored in the storing unit complies with an identification code of another flash memory storage device, when the first flash memory storage device is not to be accessed by the host at the first time. | 08-13-2009 |
20090204777 | Integated circuits and methods to control access to multiple layers of memory - Circuits and methods to control access to memory; for example, third dimension memory are disclosed. An integrated circuit (IC) may be configured to control access to memory cells. For example, the IC may include a memory having memory cells that are vertically disposed in multiple layers of memory. The IC may include a memory access circuit configured to control access to a first subset of the memory cells in response to access control data in a second subset of the memory cells. Each memory cell may include a non-volatile two-terminal memory element that stores data as a plurality of conductivity profiles that can be non-destructively sensed by applying a read voltage across the two terminals of the memory element. New data can be written by applying a write voltage across the two terminals of the memory element. The two-terminal memory elements can be arranged in a two-terminal cross-point array configuration. | 08-13-2009 |
20090204778 | SIMPLE NON-AUTONOMOUS PEERING ENVIRONMENT, WATERMARKING AND AUTHENTICATION - A Secure Non-autonomous Peering (SNAP) system includes a hierarchical digital watermarking scheme, a central licensing authority, licensed fabricators and assemblers. | 08-13-2009 |
20090210644 | Access Rights on a Memory Map - A microcontroller system, such as a system-on-a-chip integrated circuit, including a processor (e.g., a Von Neumann processor), memory, and a memory protection unit (MPU), where the MPU provides execute-only access rights for one or more protected areas of the memory. The MPU can allow instructions fetched from within a protected area to access data in the protected area while preventing instructions fetched from outside the protected area from accessing data in the protected area. | 08-20-2009 |
20090210645 | Recording control apparatus, one-time recording medium, recording system, and recording medium control method and program - A recording control apparatus includes an attribute information reader, a medium determining unit, and a command transmitter. When a recording medium is removably loaded into a loading unit, the attribute information reader reads attribute information therefrom. On the basis of the attribute information, the medium determining unit determines whether or not the recording medium is a one-time recording medium capable of writing data once. If the recording medium is determined to be a one-time recording medium that has been set to a write-protected state in advance, the command transmitter transmits to the recording medium an unlock command for unlocking the write-protected state thereof. | 08-20-2009 |
20090216979 | Method and system for secured drive level access for storage arrays - The present disclosure provides a methodology by which disk level access for storage drives of a storage array may be highly secured based on permission settings applied to the driver interface of the storage drives. Based on specific set of access rules, a security component applies security profiles to permit/deny access to an individual storage drive, sets the storage drive with a first security level, monitors for a triggering event, and sets the storage drive to a second (more restrictive) security access level in response to the triggering event. In addition, the security component generates an alert in response to the triggering event. Thus, disk level access permissions are applied at a driver interface layer and permissions are applied based on administrator-defined policies. The present disclosure provides for complete lock-down of data permissions, management and/or restriction of IO loads, and protection of “read-only” data integrity from overwrites. | 08-27-2009 |
20090216980 | INFORMATION STORAGE SYSTEM - A storage media and a storage area of a storage apparatus are associated, and the storage media is used to manage the contents of the storage apparatus. A storage media for storing files is detachably mounted on an information processing apparatus, the information processing apparatus is connected to a storage apparatus via the Internet, the storage apparatus stores files corresponding to the files stored in the storage media, the storage media and the storage apparatus authenticate each other via the Internet, and the information processing apparatus reads files from or writes files into the storage media or the storage apparatus on the condition that the foregoing authentication is successful. | 08-27-2009 |
20090216981 | POWER EFFICIENT FLOW CONTROL MODEL FOR USB ASYNCHRONOUS TRANSFERS - Embodiments comprising a memory and a USB host controller coupled to the memory. The power efficiency of a USB during asynchronous transfers is increased by limiting usage of an asynchronous schedule stored in the memory when servicing a scheduled asynchronous transfer endpoint. Other embodiments may be described and claimed. | 08-27-2009 |
20090216982 | SELF-LOCKING MASS STORAGE SYSTEM AND METHOD OF OPERATION THEREOF - A method of operation of a self-locking mass storage system includes: providing storage media and an inactivity timer; timing a period of read/write inactivity of the storage media using the inactivity timer; comparing the period of read/write inactivity against a preset maximum idle time; locking access to the storage media when the period of read/write inactivity exceeds the preset maximum idle time; and, resetting the period of read/write inactivity following read/write activity while the self-locking mass-storage system is in an unlocked state. | 08-27-2009 |
20090240907 | REMOTE STORAGE ACCESS CONTROL SYSTEM - An authorization method includes recognizing a request to access a data storage unit from a user, providing user identification and identifying information of the data storage unit, receiving a response from the authorization module, and passing the request to the data storage unit if the user is authorized to access the data storage unit. An access control system includes the authorization module configured to receive the request to access the data storage unit from the client device and determine whether the user is authorized to access the data storage unit. | 09-24-2009 |
20090249013 | SYSTEMS AND METHODS FOR MANAGING STALLED STORAGE DEVICES - Embodiments relate to systems and methods for managing stalled storage devices of a storage system. In one embodiment, a method for managing access to storage devices includes determining that a first storage device, which stores a first resource, is stalled and transitioning the first storage device to a stalled state. The method also includes receiving an access request for at least a portion of the first resource while the first storage device is in the stalled state and attempting to provide access to a representation of the portion of the first resource from at least a second storage device that is not in a stalled state. In another embodiment, a method of managing access requests by a thread for a resource stored on a storage device includes initializing a thread access level for an access request by a thread for the resource. The method also includes determining whether the storage device, which has a device access level, is accessible based at least in part on the thread access level and the device access level and selecting a thread operation based at least in part on the determination of whether the storage device is accessible. The thread operation may be selected from attempting the thread access request if the device is accessible and determining whether to restart the thread access request if the device is not accessible. | 10-01-2009 |
20090254725 | METHOD AND SYSTEM FOR AUTOMATICALLY PRESERVING PERSISTENT STORAGE - Computer-based methods, techniques, and systems for automatically protecting a storage device from unwanted alterations are provided. Example embodiments provide a Disk Access Redirection System, which includes a Redirection Driver, an Available Space Table (“AST”), a Protected Space Redirection Table (“PSRT”), and optionally an Unprotected Space Table (“UST”). The Redirection Driver is installed and registered with the computer operating system so that it can intercept storage device access requests (such as a disk read/write). When a storage access request for a read or write is sent, the request is intercepted by the Redirection Driver, transparent to the code that invokes the storage access request. The Redirection Driver uses the AST, PSRT, and optionally the UST, to allocate available storage space for redirected write requests, redirect write requests for protected areas of the storage device, and redirect read requests when the read request specifies a storage location that has been previously redirected. | 10-08-2009 |
20090254726 | METHOD OF ADDRESS SPACE LAYOUT RANDOMIZATION FOR WINDOWS OPERATING SYSTEMS - A system and method for address space layout randomization (“ASLR”) for a Windows operating system is disclosed. The address space layout includes one or more memory regions that are identified and then a particular implementation of the system randomizes the identified memory region in order to prevent any software vulnerabilities. | 10-08-2009 |
20090265521 | PATTERN PROTECTION METHOD AND CIRCUIT - The present invention discloses an address protection method and circuit capable of efficiently protecting inputting addresses from corruption. The predictable order of a series of original addresses is checked and then the correct addresses are generated by correcting the corrupted addresses within the original addresses. The address protection method and circuit according to the present invention can improve the accuracy of the inputting addresses and increase the validity of data in response to the inputting addresses. | 10-22-2009 |
20090265522 | ARRANGEMENTS CHANGING AN OPERATION AUTHORITY RESPONSIVE TO ATTRIBUTE CHANGES - A computer system including a copy source volume and a copy target volume which may be selectably PAIRED or SPLIT. User management information stores: an entry indicating that a first user is permitted to effect a PAIR operation and a PATH operation; and, an entry indicating that a second user is permitted to effect a PATH operation. Operation management information indicates permitted PATH and PAIR operations in relation to each user and a volume's PAIR or SPLIT status, and stores: an entry indicating that the first user is permitted to effect the PAIR operation in which the PAIR status is PAIR, or is SPLIT WITH BACKUP DISABLED; and, an entry indicating that the second user is permitted to effect the PATH operations in which the PAIR status is SPLIT WITH BACKUP ENABLED. PAIR management information stores the PAIR status and the BACKUP ENABLED or DISABLED status. | 10-22-2009 |
20090271583 | Monitoring transactions in a data processing apparatus - Apparatus for processing data is provided comprising processing circuitry and monitoring circuitry for monitoring write transactions and performing transaction authorisations of certain transactions in dependence upon associated memory addresses. The processing circuitry is configured to enable execution of a write instruction corresponding to a write transaction to be monitored to continue to completion whilst the monitoring circuitry is performing monitoring of the write transactions and the monitoring circuitry is arranged to cause storage of write transaction data in an intermediate storage element for those transactions for which an authorisation is required. Storage of write transaction data in an intermediate storage element enables the write transaction to be reissued in dependence upon the result of the transaction authorisation although the corresponding write instruction has already completed. | 10-29-2009 |
20090271584 | CONTROLLER OF STORAGE DEVICE, STORAGE DEVICE, AND CONTROL METHOD OF STORAGE DEVICE - A controller of a storage device having a user area storing an operating system, the storage device developing the operating system stored in the user area on a host device in accordance with an access from the host device. The controller includes a user authentication routine storage controlling unit that stores a user authentication routine for executing user authentication before startup of the operating system, in a predetermined area inside the user area, and an access controlling unit that permits access to the predetermined area from the host device when the user authentication routine is used, while prohibiting access to the predetermined area from the host device when the user authentication routine is not used. | 10-29-2009 |
20090271585 | DATA ACCESSING SYSTEM AND RELATED STORAGE DEVICE - A data accessing system includes a host computer and a storage device. The host computer has a first media access control (MAC) address, and the storage device includes a first storage region, a second storage region, and a controller. The first storage region is utilized for storing data. The second storage region stores a second media access control address. The controller couples to the first storage region and the second storage region for executing a security checking function to determine if the host computer is qualified to access the first storage region according to the first media access control address. | 10-29-2009 |
20090271586 | METHOD AND SYSTEM FOR PROVIDING RESTRICTED ACCESS TO A STORAGE MEDIUM - A method of restricting file access is disclosed wherein a set of file write access commands are determined from data stored within a storage medium. The set of file write access commands are for the entire storage medium. Any matching file write access command provided to the file system for that storage medium results in an error message. Other file write access commands are, however, passed onto a device driver for the storage medium and are implemented. In this way commands such as file delete and file overwrite can be disabled for an entire storage medium. | 10-29-2009 |
20090271587 | CONTENT CONTROL SYSTEMS AND METHODS - What is disclosed is a control system which includes an interface configured to receive a content request from a request source wherein the content request identifies content stored on a storage medium. The control system also includes a processing system coupled to the interface and configured to process the content request to determine when the request source is a valid destination for the content based on a first identifier stored with the content on the storage medium and a second identifier provided with the content request. The interface is further configured to transfer the content to the request source when the request source is a valid destination. | 10-29-2009 |
20090276595 | PROVIDING A SINGLE DRIVE LETTER USER EXPERIENCE AND REGIONAL BASED ACCESS CONTROL WITH RESPECT TO A STORAGE DEVICE - A method and a storage device may be provided. The storage device may include physical storage subdivided into a number of regions. The regions may start and end based on logical block addresses specified in a region table. At least one of the regions may be mapped to a logical drive letter. One or more others of the regions may be mapped to a subfolder with respect to the logical drive letter. The storage device may include an access control table. Each entry of the access control table may correspond to a respective region of the physical storage. Each of the entries of the access control table may indicate whether the respective region is protected and whether at least one entity is permitted protected access to the respective region after being successfully authenticated. | 11-05-2009 |
20090282205 | Prerecorded Digital Portable Personal Stereo - This digital portable personal stereo comprises a housing containing a connection interface for connection to earphones; a digital memory immovably attached to the housing; an electronic circuit for accessing said memory; and a control interface for controlling said electronic circuit wherein that a encrypted audio content is prerecorded in the digital memory, and in that the portable personal stereo is adapted to prevent any other audio content from being written in the digital memory. | 11-12-2009 |
20090287894 | Accessing Memory in a System with Memory Protection - The present disclosure includes, among other things, methods, systems, program products, and devices for providing access to memory in a system with memory protection. A request is received from a processor for a memory access at a first memory location. A second memory location is determined. The second memory location is associated with the first memory location and is protected from access by the processor. The requested memory access is performed at the second memory location. | 11-19-2009 |
20090287895 | Secure Memory Access System - A secure memory access system includes a memory control module, at least one direct memory access module, and a plurality of input/output interface modules. The direct memory access module is operative to transfer information between all of the input/output interface modules and the memory control module in response to transfer configuration information. | 11-19-2009 |
20090292892 | Method to Reduce Power Consumption of a Register File with Multi SMT Support - A method for reducing the power consumption of a register file of a microprocessor supporting simultaneous multithreading (SMT) is disclosed. Mapping logic and associated table entries monitor a total number of processing threads currently executing in the processor and signal control logic to disable specific register file entries not required for currently executing or pending instruction threads or register file entries not meeting a minimum access threshold using a least recently used algorithm (LRU). The register file utilization is controlled such that a register file address range selected for deactivation is not assigned for pending or future instruction threads. One or more power saving techniques are then applied to disabled register files to reduce overall power dissipation in the system. | 11-26-2009 |
20090292893 | MICROPROCESSOR HAVING SECURE NON-VOLATILE STORAGE ACCESS - An apparatus providing for a secure execution environment. The apparatus includes a microprocessor and a secure non-volatile memory. The microprocessor is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus. The secure non-volatile memory is coupled to the microprocessor via a private bus. The secure non-volatile memory is configured to store the secure application program, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor. | 11-26-2009 |
20090292894 | MICROPROCESSOR HAVING INTERNAL SECURE MEMORY - An apparatus providing for a secure execution environment. The apparatus includes a microprocessor that is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus. The microprocessor has a non-secure memory and a secure volatile memory. The non-secure memory is configured to store portions of the non-secure application programs for execution by the microprocessor, where the non-secure memory is observable and accessible by the non-secure application programs and by system bus resources within the microprocessor. The secure volatile memory is configured to store the secure application program for execution by the microprocessor, where the secure volatile memory is isolated from the non-secure application programs and the system bus resources within the microprocessor. | 11-26-2009 |
20090300307 | PROTECTION AND SECURITY PROVISIONING USING ON-THE-FLY VIRTUALIZATION - A virtualization layer is inserted between (i) an operating system of a computer system, and (ii) at least one of a memory module and a storage module of the computer system. At least one of read access and write access to at least one portion of the at least one of a memory module and a storage module is controlled, with the virtualization layer. The insertion of the virtualization layer is accomplished in an on-the-fly manner (that is, without rebooting the computer system) An additional aspect includes controlling installation of a security program from the virtualization layer. | 12-03-2009 |
20090300308 | Partitioning of a Multiple Logic-Unit-Number SCSI Target - A method, computer program product and computer system for assigning logic storage entities of a storage device to multiple partitions of a computer system, which includes associating each logic storage entity to one of the partitions that are allowed to access the logic storage entity; configuring a partition supervisor to control accesses of the partitions to the logic storage entities, so that the partitions can share resources when accessing the logic storage entities; and providing an interceptor in the partition supervisor, so that a request or a response between a select logic storage entity and a select partition is intercepted if the select partition is not allowed to access the select storage entity. | 12-03-2009 |
20090307451 | DYNAMIC LOGICAL UNIT NUMBER CREATION AND PROTECTION FOR A TRANSIENT STORAGE DEVICE - A dynamic logical unit number system is implemented as a storage device that includes processing logic and storage functionality. A storage device may be configured to provide a first logical unit number when the storage device is attached to a computer system or other computing device. The storage device through its dynamic logical unit number system provides a configuration interface through which the computer system can configure additional logical unit numbers and reconfigure existing logical unit numbers of the storage device. After the redefinition of the logical unit numbers, the dynamic logical unit number system may cause a reestablishment of the connection between the storage device and the computer system. Upon establishing the new connection, the computer system recognizes the redefined logical unit numbers and treats each logical unit number as a separate storage device, including assigning a different number to each logical unit number. | 12-10-2009 |
20090319739 | DYNAMIC OPTIMIZATION FOR REMOVAL OF STRONG ATOMICITY BARRIERS - A method and apparatus for dynamic optimization of strong atomicity barriers is herein described. During runtime compilation, code including non-transactional memory accesses that are to conflict with transactional memory accesses is patched to insert transactional barriers at the conflicting non-transactional memory accesses to ensure isolation and strong atomicity. However, barriers are omitted or removed from non-transactional memory accesses that do not conflict with transactional memory accesses to reduce barrier execution overhead. | 12-24-2009 |
20090319740 | VIRTUAL COMPUTER SYSTEM, INFORMATION PROCESSING DEVICE PROVIDING VIRTUAL COMPUTER SYSTEM, AND PROGRAM THEREOF - A virtual computer system where a plurality of guest domains run on one information processing device. The virtual computer system includes a system region for storing software, which is installed for the plurality of guest domains, to be managed by the virtual computer system in a shared manner and an update region for actually storing data when each of the plurality of guest domains makes a write access to the system region. | 12-24-2009 |
20090319741 | SECURE MEMORY MANAGEMENT SYSTEM AND METHOD - The present invention describes a system and a method for securely loading digital information from a storage device into a memory module in a data processing system, said data processing system comprising at least one storage device, one memory module and at least one processor, said data processing system further comprising a memory access controller module connected between the processor and the memory module, and a secure memory management module connected to the processor, the memory module, the storage device and the memory access controller. Requests by the processor for data are passed to the secure memory management module, which loads the data from the storage device to the memory module and configures the memory access controller such that the processor will have access to the data. | 12-24-2009 |
20090319742 | Storage Router and Method for Providing Virtual Local Storage - A storage router ( | 12-24-2009 |
20090327633 | Verifying data integrity in a data storage device - A data storage device may include one or more pages, each page having a fixed number of memory cells, each memory cell being adapted to store one unit of data; a verification page, the verification page having a corresponding fixed number of verification cells, each verification cell storing a predetermined value; and a controller configured to 1) receive a read command having an address value, and 2) upon receiving the read command, a) retrieve a predetermined value from a verification cell corresponding to the address value, b) determine whether the retrieved predetermined value is an expected value, and c) if so, providing a retrieved unit of data, and if not, initiating a protective action. Determining whether the retrieved predetermined value is the expected value may include applying a function to the address value to obtain a result and determining whether the result corresponds to the retrieved predetermined value. | 12-31-2009 |
20090327634 | SECURE CONFIGURATION OF TRANSIENT STORAGE DEVICES - Extension fields in a provisioning certificate in the authentication silo of a transient storage device (TSD) are used to provide secure configuration options for TSDs while operating within the constraints of the current IEEE 1667 standard. Immutable values for configurable settings of the storage device are set in extension fields of a provisioning certificate. The provisioning certificate is then installed on the storage device. The method takes advantage of properties unique to the IEEE 1667 certificate silo specification and ITU-T X.509 certificate specification. The method is implemented while satisfying the security requirements for device configuration and taking advantage of the existing standards definitions as they are, without modification. The method allows particular features present in the device firmware to be enabled or disabled. An administrator may choose to set several device settings, for example, the number of addressable command targets (ACTs), the portion of total data storage area allocated to each ACT, and access settings. The method provides for these features to be implemented by the user, post retail sale, in a secure manner. | 12-31-2009 |
20090327635 | Data security for use with a file system - An embodiment of the invention provides an apparatus and method for providing data security for use with a file system. The apparatus and method performs acts including: applying a mapping function to data block numbers that are associated with a file; and obtaining mapped data block numbers after applying the mapping function, wherein the mapped data block numbers are addresses of data of the file in a storage device. | 12-31-2009 |
20090327636 | COMPRESSED TRANSACTIONAL LOCKS IN OBJECT HEADERS - A software transactional memory system is provided that generates and stores compressed transactional locks in a portion of object headers. The software transactional memory system allocates preferred write log memory with a predefined size of memory that corresponds to a number of bits in the compressed transactional locks. The compressed transactional locks identify write log entries in corresponding write logs in the preferred write log memory. If the preferred write log memory becomes full, additional write log memory is allocated for write log entries and subsequent transactional locks are stored uncompressed in an auxiliary memory. A pointer that may be used to locate the uncompressed transactional lock is stored in the header. If an object header with a compressed transactional lock is needed for another use, the compressed transactional lock is uncompressed and stored in the auxiliary memory. A pointer that may be used to locate the uncompressed transactional lock is stored in the header. | 12-31-2009 |
20090327637 | SECURITY SYSTEM FOR COMPUTERS - A security system designed to trap computer viruses is described. The system storage has an external alarm configured to monitor the time every file takes to load by monitoring the drive activity LED of the storage device. The document storage location is hidden and can optionally be accessed via password. If a virus spends an unexpected amount of time attempting to access storage the alarm will trigger. Downloads and other untrusted files are stored in quarantine storage. Documents can only be transferred from the quarantine storage to the system storage via a copy and paste program. | 12-31-2009 |
20100005264 | INFORMATION PROCESSING DEVICE, INTEGRATED CIRCUIT, METHOD, AND PROGRAM - To aim to provide an information processing device capable of improving a processing capability and securely handling programs and data to be protected. According to a system LSI | 01-07-2010 |
20100005265 | METHOD FOR ISOLATING OBJECTS IN MEMORY REGION - Method for isolating an object that has not been accessed for a certain period of time in a virtual memory space. When a garbage collection operates on a computer, the following steps are executed: detecting the object which has not been accessed for a certain period of time as a non-access object; moving the non-access object to a newly reserved virtual memory region when a certain time period elapses after detecting the non-access object; and setting the newly reserved virtual memory region to be an inaccessible region so that the garbage collection does not access the inaccessible region after a certain further time period elapses after moving the non-access object to the newly reserved virtual memory region. | 01-07-2010 |
20100017575 | SECURITY SYSTEM FOR EXTERNAL DATA STORAGE APPARATUS AND CONTROL METHOD THEREOF - A security system for an external data storage apparatus and a control method thereof, in which a data storage is driven by reading an identification (ID), which is input through a key input unit for the purpose of security of the external data storage apparatus, and then checking whether or not the read ID is equal to a previously registered ID, thereby preventing data from leaking out and being damaged in advance by another person, and safely protecting the data of a user. The security system comprises a data storage, in which data is stored; a high-speed serial bus, which connects the data storage with a data terminal, which read and write the data stored in the data storage; a key input unit, which converts an ID, which is input by operation of a user, to an electrical signal and outputs the converted signal; a memory, which stores and sets the ID input by the key input unit; and a control circuit, which, when the ID input by the key input unit is applied, compares the input ID with the preset ID stored in the memory, drives the data storage based on the compared result, and re-arranges storage sectors of the data storage to prevent the data from leaking out of the data storage when an unauthorized data terminal provides access. | 01-21-2010 |
20100017576 | Data Transference to Virtual Memory - Some embodiments comprise a method for selecting data to be transferred to a storage space of virtual memory and include identifying a set of data and determining subsets. Determining subsets may allow for delays before transferring the subsets and allow access to memory of the subsets during the delays. Accesses during the delays may enable embodiments to select other data to be transferred to the storage space and prevent transference of the accessed data. Other embodiments comprise apparatuses that have a paging space, a page identifier, and a page transferrer to transfer pages to the paging space after a delay. The delay may prevent a number of pages from being transferred to the paging space, such as for pages that were accessed during the delay. | 01-21-2010 |
20100023718 | Methods For Data-Smuggling - The present invention discloses methods for an application, running on a host system, to access a restricted area of a storage device, the method including the steps of: providing a file system for running on the host system; restricting access, by the file system, to the restricted area; sending an indication, from the application to the storage device, that data being sent by the application to the storage device via the file system is intended for the restricted area; detecting the indication in the storage device; and making the data, residing in the restricted area, available for reading by the application upon receiving an application request. Preferably, the method further includes the step of: releasing wasted areas, of the storage device, for use by the file system. Preferably, the method further includes the step of: copying non-restricted data from a non-restricted area into the restricted area. | 01-28-2010 |
20100023719 | METHOD AND CIRCUIT FOR PROTECTION OF SENSITIVE DATA IN SCAN MODE - A reset generator for resetting at least one register in a register bank. The register generator comprises a scan mode input terminal configured to input a scan mode signal, a system reset input terminal configured to input a system reset signal, a secure reset output terminal configured to output a secure reset signal and a combination logic unit configured to combine the scan mode signal and the system reset signal. The combination is such that when the scan mode of the at least one register is activated, the secure reset signal is immediately activated for resetting the at least one register. The activation of the secure reset signal is independent of the system reset signal. The secure reset signal is deactivated when the system reset signal is deactivated and the secure reset signal follows the activation/deactivation cycles of the system reset signal after deactivation. | 01-28-2010 |
20100023720 | METHOD AND APPARATUS FOR RECOGNIZING CHANGES TO DATA - The present invention refers to a method and apparatus, in which changes to relevant data are made easily recognizable. The data is stored in the same sector of a flash memory as a program which is used for the start-up or operation of a device. Due to the characteristics of flash memory the complete sector including the program is deleted when deleting the relevant data, by which the device is no longer operable and a malfunction and damage can be avoided. Furthermore, a bitwise inverted form of the data is stored in the flash memory, and it is inspected whether the original and the inverted form of the data coincide. A change to the data, which is not recognizable by the inspection, requires the deletion of the sector, thereby also deleting the program and thus the device is no longer operable. | 01-28-2010 |
20100030990 | External memory management apparatus and external memory management method - An objective is to prevent a downloaded application from accessing data in an external memory unrelated to the application, and to achieve safer management of access to the external memory. An external memory function module | 02-04-2010 |
20100030991 | ELECTRONIC DEVICE AND METHOD FOR UPDATING BIOS THEREOF - This invention discloses a method for updating a basic input/output system (BIOS). The BIOS is stored in a memory of an electronic device. An embedded controller (EC) is electrically connected to the memory and a processor. The processor is electrically connected to the memory and executes the BIOS. The method for updating the BIOS includes the following steps. First, a write instruction is sent to the EC. Afterward, the EC receives the write instruction and sends a system management interrupt (SMI) to the processor. Then, the processor receives the SMI and sends an identification code to the EC. Then, the EC receives the identification code and determines whether the identification code matches a security code. If the identification code matches the security code, the EC allows the memory to be writable to update the BIOS. | 02-04-2010 |
20100058016 | METHOD, APPARATUS AND SOFTWARE PRODUCT FOR MULTI-CHANNEL MEMORY SANDBOX - A method, apparatus, and software product allow signalling toward a multi-channel memory subsystem within an application processing architecture, and routing of that signalling via a single sandbox which provides memory protection by controlling memory usage and blocking the signalling if it is unauthorized. The signalling via the sandbox leads to a plurality of different memory locations, and the sandbox is an intermediary for substantially all execution memory accesses to the multi-channel memory subsystem. | 03-04-2010 |
20100064112 | METHOD AND SYSTEM FOR PROVIDING DATA ACCESSIBILITY AND INTERLINKS BETWEEN A USER AND A STORAGE DEVICE - A new approach to the manipulation of data access of storage that complies with certain mapping interlinks between front-end servers and back-end storage data pool and which lessens the complexity of the interlinks and improves the efficiency of the data accessibility is disclosed. The method allocates multiple user hardware devices and the logical units to a correspondent designated sub-zone so that there is at least one sub-zone associated with two or more logical units, wherein the logical units reside inside the storage hardware or network. The method establishes the data access interlinks within the same sub-zone between users and logical units. A system that substantiates the method is also disclosed. The method and the system together comprise a new storage scheme. | 03-11-2010 |
20100070727 | Transactional Memory System - A transactional memory system is described for reporting memory access violations which occur when memory accesses made from instructions within a transaction conflict with memory accesses to the same memory location made from a non-transactional instruction. In an embodiment this is achieved by creating two mappings of a physical heap being used by a thread. The thread (which may be part of a multi-threaded process) comprises instructions for both transactional and non-transactional accesses to the physical heap which may execute concurrently as part of that thread. One of the mappings is used for non-transactional memory accesses to the physical heap. The other mapping is used for transactional memory accesses to the physical heap. Access permissions associated with the mappings are controlled to enable attempted memory access violations to be detected and reported. | 03-18-2010 |
20100082926 | Restricted Component Access to Application Memory - Embodiments of the present disclosure provide methods, systems, and articles for restricting access to memory of an application by a component of the application, for example, pluggable code modules. Other embodiments may also be described and claimed. | 04-01-2010 |
20100082927 | Secure memory interface - A secure memory interface includes a reader block, a writer block, and a mode selector for detecting fault injection into a memory device when a secure mode is activated. The mode selector activates or deactivates the secure mode using memory access information from a data processing unit. Thus, the data processing unit flexibly specifies the amount and location of the secure data stored into the memory device. | 04-01-2010 |
20100082928 | Secure Manufacturing of Programmable Devices - According to an embodiment, a programmable logic device includes a plurality of logic blocks and a logic unit. The logic blocks are grouped into one or more partitions. The logic unit controls external access to the one or more partitions, controls programming of the one or more partitions and controls interconnection and operation of the one or more partitions during operation of the programmable logic device. | 04-01-2010 |
20100082929 | MEMORY PROTECTION METHOD, INFORMATION PROCESSING APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM THAT STORES MEMORY PROTECTION PROGRAM - A memory protection method for protecting a memory from an unauthorized access by a program, includes: executing area definition processing for dividing an undivided address space on the memory into a plurality of areas; executing combining processing for temporarily combining the divided areas before calling a procedure of the program across the divided areas; executing calling processing for calling the procedure after the areas are combined; and executing restoring processing for restoring the combined areas to a state before the combining processing after execution of the called procedure. | 04-01-2010 |
20100106926 | SECOND FAILURE DATA CAPTURE PROBLEM DETERMINATION USING USER SELECTIVE MEMORY PROTECTION TO TRACE APPLICATION FAILURES - The present invention discloses a solution for second failure data capture problem determination using user selective memory protection to trace application failures. In the solution, one or more data structures can be selected by a user to be allocated a unique address space from a debug heap. The address space called a region can be assigned permissions for which executable code can access the contents. Permissions can include full access (e.g., read/write), read, and no access which can “lock” the region against specific types of access. The user can permit known trusted executable code to access allocated regions. Untrusted executable code attempting to access “locked” regions will result in an application failure event (e.g., segmentation fault). The failure can be used to determine the point of memory corruption through inspection of the stack trace. | 04-29-2010 |
20100106927 | SID MANAGEMENT FOR ACCESS TO ENCRYPTED DRIVES - A method and a system for unlocking a storage device that has become locked or cannot be unlocked are disclosed. A hint is generated from a key by removing bits and adding bits. A position of removed bits, a position of added bits, the number of removed bits and the number of added bits are stored and known securely. When the key cannot unlock a storage device corresponding to the key, the position of removed bits, the position of added bits, the number of removed bits (N) and the number of added bits are retrieved. Then, the added bits are removed in the hint. Each possible N bits are placed in the hint at the position of removed bits to generate 2 | 04-29-2010 |
20100106928 | STORAGE DEVICE, STORAGE SYSTEM, AND UNLOCK PROCESSING METHOD - According to one embodiment, a storage device manages a user data area by dividing the area into a plurality of division data areas. The storage device includes a storage module, an access authority setting module, a lock processor, a command receiver, and an unlock processor. The storage module includes the division data areas. The access authority setting module sets access authority with respect to each division data area for each user. The lock processor disables access to the storage module from a host device that reads data from and writes data to the storage module. The command receiver receives from the host device an unlock command including a basic area storing basic unlock information and an expansion area storing additional unlock information. The unlock processor unlocks each division data area, to which access is restricted for each user, based on the basic unlock information and the additional unlock information. | 04-29-2010 |
20100106929 | Method and Apparatus for Providing Secure Register Access - The method and accompanying apparatus provides secure register access. In one example, as part of a secure boot process, data is written into a managed secure register (MSR) register and access policy data is written into programmable MSR policy registers. During run-time, the MSR register securely stores data in compliance with the programmable register access policy data. Access policy is enforced during run-time based on the programmable register access policy data. | 04-29-2010 |
20100115220 | COMPUTING SYSTEM INCLUDING MEMORY AND PROCESSOR - A computing system includes; a memory having first and second storage areas, and a processor sending a memory control signal to the memory to define a data access period during which data is accessed, and a read source control signal indicating whether the first storage area or the second storage area is to be accessed during the data access period. The memory activates a wait signal in response to the memory access signal and the read source control signal, and the processor is further configured to adjust the duration of the data access period in response to the wait signal. | 05-06-2010 |
20100122054 | COPY SAFE STORAGE - A data storage device provides information to an application while protecting the information from being copied. Particularly, the data storage device may include a detector to detect an access to an indicator. The indictor may be integrated with the information in such a way that a copy application will access the indicator when copying the information but another application using the information (e.g. a database application) will not access the indicator. The data storage device may further be configured to undertake a defensive response when access to the indicator is detected. Defensive responses may include terminating the access, issuing a report, or sending spurious data to the host. The configuration of the indicator and timing of the response may be chosen to impede separation of the indicator from the data. | 05-13-2010 |
20100122055 | DATA INTEGRITY VALIDATION USING HIERARCHICAL VOLUME MANAGEMENT - A method for reading data from a data storage system is provided. The method comprises requesting a virtual data volume to access data from one or more data blocks in the data storage system; requesting a virtual protection information volume to access protection information associated with the data blocks; validating the data using the protection information; and providing the data to the host interface, in response to successful validation of the data. A method for writing data to a data storage system is also provided. The method comprises receiving data to be written to one or more data blocks in the data storage system, wherein the data is stored in a cache; generating protection information to be stored on a virtual protection information volume; requesting a virtual data volume to update the data blocks with the data; and requesting the virtual protection information volume to store the protection information. | 05-13-2010 |
20100122056 | Method and Device for Securely Storing and Securely Reading User Data - User data is stored in at least one record in at least one predefined, logic data storage area. One respective record ID is assigned to the at least one record. The record ID includes a uniqueness stamp that is unique in the respective predefined data storage area, a unique ID of the predefined data storage area in which the respective record is stored, and a logic position of the respective record within the respective predefined data storage area. A record test value is determined and stored for the user data and the respective associated record ID of the respective record. Data storage area information containing the ID of the respective predefined data storage area and data on at least one value range of the uniqueness stamps of the records currently stored in the respective predefined data storage area is assigned to the respective predefined data storage area. | 05-13-2010 |
20100131729 | INTEGRATED CIRCUIT WITH IMPROVED DEVICE SECURITY - A semiconductor device having circuitry comprising an embedded memory, an embedded processor for executing application codes, and a functional hardware element coupled with the embedded memory via a protected bus, and with the embedded processor via an unprotected bus, the hardware element being arranged to protect the protected bus, and including a locking means comprising at least one lock bit for globally locking at least part of the locking means before executing the application code. | 05-27-2010 |
20100131730 | Software protection method - A software protection method to protect the software in a host against an unauthorized usage of a memory unit used in software is provided. The software protection method comprises the steps of: starting the operation of the software; declaring the memory unit such that the software takes the control right of the memory unit; generating a status tag of the memory unit; setting the status tag as an initializing status to initialize the memory unit; setting the status tag as an access status to access the memory unit; and setting the status tag as a delete status to forgo the control right of the memory unit. | 05-27-2010 |
20100131731 | CONTROL METHOD OF DEVICE IN STORAGE SYSTEM FOR VIRTUALIZATION - In a system where a first storage system and a second storage system are connected to a third storage system, when the first storage system virtualizes and provides a device in the third storage system as a device in its own storage system, update data stored in a cache in the first storage system is written into the device of the third storage system to be reflected, attributes of the device are transferred to the second storage system, and the second storage system virtualizes the device of the third storage system as a device of its own storage system. | 05-27-2010 |
20100138623 | Memory Area Protection System and Methods - In one embodiment, a non-volatile memory device includes a plurality of protection bits denoting that an area of memory in the device must be protected from being erased or programmed. The memory device further includes a majority logic circuit for determining the logic state of the majority of the plurality of protection bits. Another embodiment includes a pattern generator for generating the logic levels to be stored in the plurality of protection bits. | 06-03-2010 |
20100146233 | Non-Volatile Memory Device Capable of Initiating Transactions - A non-volatile memory may operate, not in a master/slave arrangement, but in a peer-to-peer arrangement. In some embodiments, the memory may initiate a transaction with a device outside the memory. Thus, the memory may proactively perform tasks conventionally performed by memory controllers and other external devices. | 06-10-2010 |
20100146234 | ARRANGEMENTS HAVING SECURITY PROTECTION - An external bus interface method including: receiving, via an access control unit, an access request conveyed through an external bus, and judging, via an access judging unit connected to the access control unit, whether the access request is to be honored or rejected, wherein upon receiving the access request, the access control unit sends to the access judging unit an access judging check request signal asking whether the requested address falls within one of access-permitted areas registered in the access judging unit, the access judging unit checks whether the requested address falls within one of the access-permitted areas registered in it and returns to the access control unit, an access judging check result signal indicating whether the access request is to be honored or rejected, and if the access judging check result signal indicates that the access request is to be rejected, the access control unit nullifies the access request. | 06-10-2010 |
20100153670 | STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING - Methods and systems for administrative management of a secure data storage network are disclosed. One system includes a secure storage appliance configured to host a plurality of volumes, each volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices and having a plurality of volume management settings, wherein each volume is accessible by a group of one or more users, each user assigned an administrative access level, the volume management settings are editable by a first user from the group of one or more users associated with the volume and assigned an administrative access level sufficient to edit the volume management settings, and the volume management settings are inaccessible by a second user from outside the group of one or more users associated with the volume and assigned an administrative access level at least equal to that of the first user. | 06-17-2010 |
20100153671 | SYSTEM AND METHOD TO SECURE A COMPUTER SYSTEM BY SELECTIVE CONTROL OF WRITE ACCESS TO A DATA STORAGE MEDIUM - A system and method to securing a computer system from software viruses and other malicious code by intercepting attempts by the malicious code to write data to a storage medium. The invention intercepts the write access requests made by programs and verifies that the program is authorized to write before letting the write proceed. Authorization is determined by using the identity of the program as a query element into a database where permission values are stored. Depending on the presence or value of the permission value, write access is permitted or denied. Permission values can be set by the user, downloaded from a central server, or loaded into the central server by a group of users in order to collectively determine a permission value. The interception code can operate in kernel mode. | 06-17-2010 |
20100161926 | Data protection by segmented storage - A device, method, and system are disclosed. In one embodiment the device includes logic to handle and protect data. Specifically, the device includes logic to segment data that can receive a data object that needs to be stored. The logic within the device can segment the data object into a plurality of data segments. A segmented portion of the data object is an incomprehensible portion the data object when viewed in the segmented format. The device can then send each of the data segments to a several different storage locations. | 06-24-2010 |
20100161927 | Method for Using a CAPTCHA Challenge to Protect a Removable Mobile Flash Memory Storage Device - The embodiments described herein generally use a challenge to protect a removable mobile flash memory storage device, where the challenge may be in the form of a “Completely Automated Public Turing Test to Tell Computers and Humans Apart” (“CAPTCHA”). In one embodiment, a method is provided in which a removable mobile flash memory storage device receives a command from a host device, generates a CAPTCHA challenge, provides the CAPTCHA challenge to the host device, receives a response to the CAPTCHA challenge from the host device, determines if the response satisfies the CAPTCHA challenge, and performs the command only if the response satisfies the CAPTCHA challenge. In another embodiment, a removable mobile flash memory storage device is provided for performing these acts. | 06-24-2010 |
20100161928 | MANAGING ACCESS TO AN ADDRESS RANGE IN A STORAGE DEVICE - Enhanced configuration of security and access control for data in a storage device is disclosed. A request is received to access an addressable memory location in a storage media within the storage device. A set of addressable memory locations with contiguous addresses identified by an address range is associated with first and second characteristics. The first characteristic is applied if the addressable memory location is within the set of addressable memory locations, and an entity is currently authenticated to and authorized to access the set of addressable memory locations. The second characteristic is applied if the addressable memory location is within the set of addressable memory locations, and no entity is currently authenticated to and authorized to access the set of addressable memory locations. The set of addressable memory locations can also be a logical partition, where the first and second characteristics are stored in a logical partition table. | 06-24-2010 |
20100169599 | Security management in system with secure memory secrets - In some embodiments a Trusted Platform Module (TPM) manages a first flag that identifies whether a secure environment has ever been established. A chipset manages a second flag that identifies that there might have been secrets in memory and a reset or power failure occurred. At least one processor and/or the chipset lock, maintain a lock, and/or unlock a memory in response to the second flag. Other embodiments are described and claimed. | 07-01-2010 |
20100169600 | SIGNAL PROCESSOR AND SIGNAL PROCESSING SYSTEM - In a signal processor including storage sections, a start address for starting output of data from an external memory, is input from an external controller to the start address input section. The signal output section outputs a start signal based on a download start instruction from the external controller, and outputs an end signal when download is completed. The output instruction section outputs, based on the start signal, to the external memory a data output instruction of download data for a designated storage section, starting from the start address, and stops output of the data output instruction based on the end signal. The write instruction section outputs a write instruction to the storage sections that allows data writing only to the designated storage section, and the download data is written to the designated storage section when the start signal is input to the output instruction section. | 07-01-2010 |
20100169601 | SYSTEM FOR PROTECTING SUPERVISOR MODE DATA FROM USER CODE - A system for protecting supervisor mode data from user code having a processor which implements a register window architecture supporting as separate window stacks for supervisor and user modes with a transition window in one of the window stacks set with at least one invalid window bit in an invalid window mask of the architecture additional to an invalid window bit set for a reserved window of the invalid window mask for transitioning from the supervisor mode to the user mode, supervisor mode-only memory storing the supervisor mode window stack, and user mode accessible memory storing the supervisor and user mode window stacks. | 07-01-2010 |
20100174882 | Method for Protecting Software of Embedded Applications Against Unauthorized Access - A method of protecting software for embedded applications against unauthorized access. Software to be protected is loaded into a protected memory area. Access to the protected memory area is controlled by sentinel logic circuitry. The sentinel logic circuitry allows access to the protected memory area from only either within the protected memory area or from outside of the protected memory area but through a dedicated memory location within the protected memory area. The dedicated memory location then points to protected address locations within the protected memory area. | 07-08-2010 |
20100180095 | BUFFER CONTROL DEVICE AND BUFFER MEMORY DEVICE - The buffer control device of this invention includes: a pointer holding unit which holds a virtual pointer different from a read pointer and a write pointer; an access control unit that controls an access to a ring buffer; a judging unit that judges whether or not one of the read pointer and the write pointer has reached an address substantially identical to an address indicated by the virtual pointer; and disabling unit that disables a normal access using the one of the read pointer and the write pointer, when the judging unit judges that the one of the read pointer and the write pointer has reached the address substantially identical to the address indicated by the virtual pointer, the normal access being controlled by the access control unit, wherein the access control unit further controls a reaccess to the ring buffer. | 07-15-2010 |
20100185825 | TRANSIENT STORAGE DEVICE CONFIGURATION SILO - A device configuration silo is arranged to be accessed as an IEEE 1667-compatible silo which exposes interfaces to a host application to make changes to the presence of one or more other silos, as well as make changes to silo configurations on a per-silo basis for data and method sharing among silos across the ACTs on a storage device such as a transient storage device. The interfaces exposed by the device configuration silo are arranged to enable an authenticated provisioner, like administrator in a corporate network environment, to perform configuration changes to silos after the storage device is released into the field through a secure provisioning mechanism. In addition, users may make configuration changes to silos at runtime in some usage scenarios, for example to enable discrete portions of functionality on a storage device, by using a secure secondary authentication mechanism that is exposed by the device configuration silo. | 07-22-2010 |
20100205394 | SEMICONDUCTOR STORAGE DEVICE AND CONTROL METHOD THEREOF - When an address indicating an access destination of a data storing unit, and a command indicating a content of a process for the address are input, block information corresponding to the input address is output from an information holding unit. Whether or not to execute the command for the address is decided on the basis of the output block information and the input command. | 08-12-2010 |
20100211752 | METHODS AND APPARATUS FOR PROVIDING INDEPENDENT LOGICAL ADDRESS SPACE AND ACCESS MANAGEMENT - A command receiver receives, from an external access requesting entity, a command with which to access data, together with an address to be accessed and IOID to identify the access requesting entity. Based on the IOID, the access decision unit determines whether or not an access is one that is to be permitted for an access requesting entity to access a region of access destination. The access decision unit determines whether access of the access requesting entity is permitted or not, for each page that serves as the basic management unit of logical address in the processor space. | 08-19-2010 |
20100223438 | REGION PROTECTION UNIT, INSTRUCTION SET AND METHOD FOR PROTECTING A MEMORY REGION - A memory region protection unit is disclosed that comprises a first register for storing a memory region address, a second register for storing the memory region size, an arithmetic function block for executing an arithmetic function on a memory address provided to the region protection unit and the address value in the first register. The unit further has a comparator for comparing the output of the arithmetic function block with the size value in the second register, the comparator being coupled to an output for signalling the validity of the memory address on the bus The region protection unit has a controller configured to retrieve the memory region address and the memory region size from instructions issued to the region protection unit for associating the unit with said region, and to dissociate the unit from its memory region in response to a further instruction. | 09-02-2010 |
20100223439 | DATA PROTECTING METHOD AND MEMORY USING THEREOF - A data protecting method for a memory, which comprising a volatile memory and a non-volatile memory for storing data and data protection information, comprises the following steps. Firstly, load the data protection information to the volatile memory from the non-volatile memory. Next, protect the data stored in the memory according to the data protection information stored in the volatile memory. | 09-02-2010 |
20100223440 | Single Command Payload Transfers Block of Security Functions to a Storage Device - A storage device has a storage medium and a processor. The processor is disposed within the storage device and is adapted to receive multiple commands as a command block over an interface. The processor is adapted to extract each of the multiple commands from the single block for execution on the storage device. | 09-02-2010 |
20100228936 | ACCESSING MEMORY LOCATIONS FOR PAGED MEMORY OBJECTS IN AN OBJECT-ADDRESSED MEMORY SYSTEM - One embodiment of the present invention provides a system that accesses memory locations in an object-addressed memory system. During a memory access in the object-addressed memory system, the system receives an object identifier and an address. The system then uses the object identifier to identify a paged memory object associated with the memory access. Next, the system uses the address and a page table associated with the paged memory object to identify a memory page associated with the memory access. After determining the memory page, the system uses the address to access a memory location in the memory page. | 09-09-2010 |
20100228937 | SYSTEM AND METHOD FOR CONTROLLING EXIT OF SAVED DATA FROM SECURITY ZONE - A system for controlling exit of saved data from a security zone, comprising an access control device, the access control device comprising an access detection module for detecting access of an application to a security zone and access of an application to a general zone, a target checking module for comparing the application, detected by the access detection module, with a list and then controlling access of the application to the security zone and access of the application to the general zone, and a processing control module for controlling writing of data of the application to the general zone. | 09-09-2010 |
20100235596 | Offline Device-Side Logical Unit Number Controller - Described is a technology by which a single physical storage device such as a USB flash memory device is able to boot different computing devices via corresponding different operating systems. The storage device includes a selection mechanism that determines which virtual disk (corresponding to a LUN) is seen by the host as the currently active LUN having sector | 09-16-2010 |
20100235597 | METHOD AND APPARATUS FOR CONVERSION BETWEEN CONVENTIONAL VOLUMES AND THIN PROVISIONING WITH AUTOMATED TIER MANAGEMENT - A method for providing storage volumes, which are to be converted to thin provisioned volumes, comprises receiving from a host computer a read/write request identifying a target storage volume among the storage volumes and a target area of access; processing the read/write request and updating an access information of the target storage volume; if the target storage volume does not have access information, generating access information for the converted thin provisioned volume from initial values; and if the target storage volume has access information, generating access information for the converted thin provisioned volume based on the access information of the target storage volume. | 09-16-2010 |
20100235598 | Using Domains for Physical Address Management in a Multiprocessor System - A multi-processor computer system is provided for managing physical memory domains. The system includes at least one processor having an address interface for sending a memory access message, which includes an address in physical memory and a domain identification (ID). The system also includes a physical memory portioned into a plurality of domains, where each domain includes a plurality of physical addresses. A domain mapping unit (DMU) has an interface to accept the memory access message from the processor. The DMU uses the domain ID to access a permission list, cross-reference the domain ID to a domain including addresses in physical memory, and grant the processor access to the address in response to the address being located in the domain. | 09-16-2010 |
20100235599 | ACCESS CONTROL DEVICE, STORAGE SYSTEM, AND ACCESS CONTROL METHOD - An access control device for controlling access from a host system to a plurality of storage areas in a storage system, the access control device includes a memory for storing access management information for the plurality of storage areas, and a controller for managing and monitoring access performed by the host system, the controller monitoring frequency of access by the host system to each of the plurality of storage areas and storing information of the frequency of the access to each of the storage areas in the memory, detecting at least one of the storage areas in which the frequency of the access is less than a predetermined range, and restricting the host system from accessing to the detected storage area. | 09-16-2010 |
20100262800 | INFORMATION PROCESSING DEVICE - An information processing device in which memory bands can be significantly cut. In the present device, an access determining/managing portion ( | 10-14-2010 |
20100268903 | COMPUTER SYSTEM COMPRISING STORAGE OPERATION PERMISSION MANAGEMENT - The system of the present invention enhances the security of settings and operations in a storage device, and copes with numerous changes of the operational status of work executed within a computer system. When it becomes necessary to issue an operating command to the storage, storage operation propriety is determined on the basis of the operational status of the work and definition of operation permission for each work operation state. | 10-21-2010 |
20100268904 | APPARATUS AND METHODS FOR REGION LOCK MANAGEMENT ASSIST CIRCUIT IN A STORAGE SYSTEM - Apparatus and methods for improved region lock management in a storage controller. A region lock management circuit coupled with a memory is provided for integration in a storage controller. One or more I/O processor circuits of the storage controller transmit requests to the region lock management circuit to request a temporary lock for a region of storage on a volume of the storage system. The region lock management circuit determines whether the requested lock may be granted or whether it conflicts with other presently locked regions. Presently locked regions and regions to be locked are represented by region lock data structures. In one exemplary embodiment, the region lock data structures for each logical volume may be stored as a tree data structure. A tree assist circuit may also be provided to aid the region lock management circuit in managing the region lock tree data structures. | 10-21-2010 |
20100268905 | MEMORY MAPPING SYSTEM, REQUEST CONTROLLER, MULTI-PROCESSING ARRANGEMENT, CENTRAL INTERRUPT REQUEST CONTROLLER, APPARATUS, METHOD FOR CONTROLLING MEMORY ACCESS AND COMPUTER PROGRAM PRODUCT - A memory mapping system is connectable to a multi-processing arrangement. The multi-processing arrangement includes a first processing unit and a second processing unit. The memory mapping system includes a main memory to which the second processing unit does not have write access, the main memory including a first memory section and a second memory section. An associated memory is associated with the second memory section. The associated memory includes a memory section to which the second processing unit has write access. A consistency control unit can maintaining consistency between data stored in the associated memory and data stored in the second memory section. | 10-21-2010 |
20100287349 | INFORMATION STORAGE PROTECTOR - The present invention relates to an information storage protector that comprises:
| 11-11-2010 |
20100293351 | COMPUTER SYSTEM FOR ACCESSING STORED DATA - A computer system comprising:
| 11-18-2010 |
20100299493 | Multi-Level Security Computing System - According to one embodiment, a computing system includes two or more opto-electrical isolators coupling a corresponding two or more memory devices to a processor. Each memory device is electrically isolated from each other and configured to store data or instructions executed by the processor. Each opto-electrical isolator selectively couples its associated memory device to the processor such that only one of the two or more memory devices are writable by the processor at any instant of time. | 11-25-2010 |
20100306489 | ERROR MANAGEMENT FIREWALL IN A MULTIPROCESSOR COMPUTER - A multiprocessor computer system comprises a plurality of processors and a plurality of nodes, each node comprising one or more processors. A local memory in each of the plurality of nodes is coupled to the processors in each node, and a hardware firewall comprising a part of one or more of the nodes is operable to prevent a write from an unauthorized processor from writing to the local memory. | 12-02-2010 |
20100306490 | TRANSACTIONAL OBJECT CONTAINER - A computing device receives an object at runtime of a compiled application, wherein the object is a component of the application. The computing device generates a transactional proxy for the object, the transactional proxy including transactional logic, a transactional marker and a pointer to the object. The transactional proxy is passed to the application, wherein the application to make calls on the transactional proxy instead of on the object. | 12-02-2010 |
20100312978 | COMPUTER SYSTEM, INFORMATION PROTECTION METHOD, AND PROGRAM - A computer system increases the confidentiality of a memory to be protected and prevents invalid access that is made, for example, by replacing the memory. The computer system includes a memory in which state information AA, which indicates whether or not information to be protected is stored in a predetermined memory area, and access permission information BB, which indicates whether or not access to the memory area is permitted, are stored; and an access control unit that rewrites the state information AA when information to be protected is written to, or deleted from, the memory area and at the same time, when the system is started, rewrites the access permission information BB to permit access to the memory area if information to be protected is not written in the memory area but, otherwise, rewrites the access permission information BB to the access inhibition state. | 12-09-2010 |
20110004737 | METHOD AND APPARATUS FOR PROTECTED CONTENT DATA PROCESSING - Methods and an apparatuses that perform protected content data processing with limited access to system resources are described. One or more regions in a memory (including a source memory and a destination memory) can be allocated and unprocessed content data can be mapped to the source memory. A process can be initialized with the source and destination memories to process the content data. The process can be prevented from accessing resource other than the allocated regions in the memory. The processed content data can be stored in the destination memory. In one embodiment, the content data can include media content. A playing device can be instructed to play the media content based on the processed content data via the destination memory. | 01-06-2011 |
20110010516 | METHOD FOR CONTROLLING ACCESS TO A DATA FILE OF AN IC CARD - A method is for controlling access to a data file of an IC card and may include storing a plurality of access conditions to be evaluated for accessing the data file, and enabling access to the file if the access conditions are satisfied. The method may further include ordering the access conditions to be evaluated in a Reverse Polish Notation inside a memory queue of the IC card, and evaluating the access conditions starting from a head of the memory queue. | 01-13-2011 |
20110022812 | SYSTEMS AND METHODS FOR ESTABLISHING A CLOUD BRIDGE BETWEEN VIRTUAL STORAGE RESOURCES - Methods and systems for establishing a cloud bridge between two virtual storage resources and for transmitting data from one first virtual storage resource to the other virtual storage resource. The system can include a first virtual storage resource or cloud, and a storage delivery management service that executes on a computer and within the first virtual storage resource. The storage delivery management service can receive user credentials of a user that identify a storage adapter. Upon receiving the user credentials, the storage delivery management service can invoke the storage adapter which executes an interface that identifies a second virtual storage resource and includes an interface translation file. The storage delivery management service accesses the second virtual storage resource and establishes a cloud bridge with the second virtual storage resource using information obtained from the second virtual storage resource and information translated by the storage adapter using the interface translation file. | 01-27-2011 |
20110040944 | INFORMATION EQUIPMENT, METHOD FOR SUPPORTING OPERATION THEREOF, AND COMPUTER-READABLE STORAGE MEDIUM FOR COMPUTER PROGRAM - Information equipment having a memory area for which access restrictions are set is provided. The information equipment makes a determination, in response to operation for turning a security mode into a security level enhanced mode, on data in the memory area, whether or not any one of the following conditions satisfy security requirements after the security level is enhanced: access restrictions set for the data itself; access restrictions set for the memory area; and authentication information for a user who has stored the data, and sends, to the user who has stored the corresponding data in the memory area or a user who has set the access restrictions for the memory area storing the corresponding data therein, a message to prompt one of the users to perform operation for satisfying the security requirements. | 02-17-2011 |
20110040945 | SECURING NON-VOLATILE DATA IN AN EMBEDDED MEMORY DEVICE - The various embodiments of the invention relate generally to semiconductors and memory technology. More specifically, the various embodiment and examples of the invention relate to memory devices, systems, and methods that protect data stored in one or more memory devices from unauthorized access. The memory device may include third dimension memory that is positioned on top of a logic layer that includes active circuitry in communication with the third dimension memory. The third dimension memory may include multiple layers of memory that are vertically stacked upon each other. Each layer of memory may include a plurality of two-terminal memory elements and the two-terminal memory elements can be arranged in a two-terminal cross-point array configuration. At least a portion of one or more of the multiple layers of memory may include an obfuscation layer configured to conceal data stored in one or more of the multiple layers of memory. | 02-17-2011 |
20110055507 | SYSTEM AND METHOD FOR RESTRICTING THE FUNCTION OF A STORAGE DEVICE BASED ON GEOGRAPHICAL LOCATION - A storage device capable of restricting its functions based on its geographical location is disclosed. In one embodiment, the storage device comprises a storage module for storing data; a positioning module, the positioning module determines the current location of the storage device; and a control module, the control module determines if the storage device is located within an area for function-restriction; and if so, one or more storage functions of the storage module is restricted; if not, the storage module assumes normal operation. | 03-03-2011 |
20110066820 | OVERFLOW HANDLING OF SPECULATIVE STORE BUFFERS - A method, a system and a computer program product for handling speculative stores. The system determines when a speculative store buffer is not full. An indicator is generated when the speculative store buffer is not full, and the speculative stores are input into the speculative store buffer. When the speculative store buffer is full, a full buffer indicator is generated. Speculative stores prevented from entering the speculative store buffer are overflow stores. The overflow list is searched to determine whether one or more addresses of the overflow stores are present in the overflow list. When one or more addresses of the overflow stores are not present in the overflow list, the overflow stores are stored in the overflow list. | 03-17-2011 |
20110078399 | Content approving apparatus - The present invention aims to provide an apparatus capable of determining whether or not content is permitted to be taken out, by managing contents permitted to be taken out. One aspect of the invention is characterized by comprising: a storage means that stores therein taking-out-permitted-content identification data which is data generated on the basis of a part or entirety of each content permitted to be taken out; and a generating means that generates the taking-out-permitted-content identification data. Another aspect of the present invention is characterized by comprising: a storage means that stores therein taking-out-permitted-content identification data which is data generated on the basis of a part or entirety of each content permitted to be taken out to the outside; and an approving means that determines whether a content is permitted to be taken out, with reference to the taking-out-permitted-content identification data. | 03-31-2011 |
20110082993 | HARD WARE DATA PROTECTION DEVICE - A device is connected between an storage device controller and a storage device, providing data storage device protection in a manner transparent to the computing system and to the user of the computing system independent of operating system. The device protects the user from malicious code by preventing its execution and the unauthorized or unwanted user data modification by making the contents of one of the storage device read only. All the operations of the device are invisible to the computing system and to the user independent of installed operating system. The device can be disabled by a switch or by other means. When this happens the effect is the same as if the device were physically removed of the computing system. | 04-07-2011 |
20110087852 | METHOD OF AND SYSTEM FOR CONTROLLING THE PROGRAMMING OF MEMORY DEVICES - In order to further develop a method of and a system ( | 04-14-2011 |
20110099347 | MANAGING ALLOCATION AND DEALLOCATION OF STORAGE FOR DATA OBJECTS - Various approaches for managing storage for data objects. In one approach, data describing a plurality of allocation control areas are stored. Each allocation control area references a respective set of free pages that are available for allocation for storing data objects. In response to a request to delete a data object, a non-blocking exclusive lock is sought on an initial one of the allocation control areas. If the lock is granted, each page having data of the data object is returned to the respective set of free pages of the initial one of the allocation control areas. If the lock is denied, another one of the allocation control areas to which a non-blocking exclusive lock can be granted is determined, and each page is returned to the respective set of free pages of the other one of the allocation control areas. | 04-28-2011 |
20110099348 | CONTROLLING MEMORY VISIBILITY - Embodiments are disclosed herein that are related to controlling the visibility of a portion of memory in a hardware device. For example, one disclosed embodiment provides a hardware device comprising a communications interface configured to connect to a complementary communications interface on a computing device. The hardware device further comprises a portion of memory having a first ID configured to cause the portion of memory to be visible to a user of the computing device to which the hardware device is connected. Further still, the hardware device comprises instructions stored in the portion of memory which are executable by and transferable to the computing device to cause the installation of a computer program related to the hardware device, and to cause the portion of memory to be hidden from the user of the computing device upon transferring of the instructions to the computing device. | 04-28-2011 |
20110107047 | Enforcing a File Protection Policy by a Storage Device - A file attribute, which is called herein “enforcement bit”, is used for each file that is stored in a storage device. If the protection particulars associated with a stored file are allowed to be changed, the enforcement bit is set to a first value, and if the protection particulars or properties are not to be changed, the enforcement bit is set to a second value. When the storage device is connected to a host device, the storage device provides to the host device protection particulars and an enforcement bit, which collectively form a “file protection policy”, for each stored file in response to a file system read command that the host device issues, in order to notify the host device of files in the storage device whose protection particulars are allowed to be changed freely, and of files whose protection particulars are not allowed to be changed by unauthorized users or devices. | 05-05-2011 |
20110113210 | CONCURRENT ACCESS TO A MEMORY POOL SHARED BETWEEN A BLOCK ACCESS DEVICE AND A GRAPH ACCESS DEVICE - A graph access device and block access device can simultaneously access a memory pool shared between the devices. The memory pool may include one or more memory arrays accessed as a single logical memory. The block access device accesses the memory pool as a flat array of memory blocks, and the graph access device accesses the memory pool as hierarchical file system. The simultaneous access is accomplished by monitoring one or more memory block access operations performed by the block access device, while it is accessing the memory pool. The block access operations are translated into a graph data structure including a plurality of pointers mapping the memory pool to the hierarchical file system. A processor regulates access to the memory pool, and is configured to permit the graph access device to access the memory pool concurrently with the block access device, in accordance with the graph data structure. | 05-12-2011 |
20110113211 | SYSTEMS AND METHODS OF QUOTA ACCOUNTING - Embodiments of the invention relate generally to incremental computing. Specifically, embodiments of the invention include systems and methods that provide for the concurrent processing of multiple, incremental changes to a data value while at the same time monitoring and/or enforcing threshold values for that data value. For example, a method is provided that implements domain quotas within a data storage system. | 05-12-2011 |
20110113212 | Systems for Accessing Memory Card and Methods for Accessing Memory Card by a Control Unit - A system for accessing a memory card is provided. The system includes a control unit having a control pin and a processor. The processor senses a card-insertion signal from a socket via the control pin for indicating whether the memory card has been inserted into the socket. The processor provides a power control signal via the control pin to supply an operating voltage to the memory card when the sensed card-insertion signal indicates that the memory card has been inserted into the socket. The processor detects whether a write protection function of the memory card is present via the control pin. | 05-12-2011 |
20110131386 | DEVICE, CONTROL METHOD THEREOF, AND PROGRAM - An unmount state storing unit configured to store a state of unmount processing to end access processing to a memory card attached to a device from a host computer is provided. During a period from immediately after a host computer executes the unmount processing until detaching of the memory card is detected, a value of the host computer unmount state storing unit is stored as “true”. During the period in which this value is “true”, a host computer mount request from another host computer is denied. Consequently, after the access processing to the memory card attached to a device by the host computer has ended, contents of the memory card cannot be read from the other host computer while the memory card is still attached. | 06-02-2011 |
20110138141 | EXECUTE ONLY ACCESS RIGHTS ON A VON NEUMAN ARCHITECTURES - A microcontroller system, such as a system-on-a-chip integrated circuit, including a processor (e.g., a Von Neumann processor), memory, and a memory protection unit (MPU), where the MPU provides execute-only access rights for one or more protected areas of the memory. The MPU can allow instructions fetched from within a protected area to access data in the protected area while preventing instructions fetched from outside the protected area from accessing data in the protected area. | 06-09-2011 |
20110138142 | METHOD AND SYSTEM FOR AUTOMATICALLY PRESERVING PERSISTENT STORAGE - Computer-based methods, techniques, and systems for automatically protecting a storage device from unwanted alterations are provided. Example embodiments provide a Disk Access Redirection System, which includes a Redirection Driver, an Available Space Table (“AST”), a Protected Space Redirection Table (“PSRT”), and optionally an Unprotected Space Table (“UST”). The Redirection Driver is installed and registered with the computer operating system so that it can intercept storage device access requests (such as a disk read/write). When a storage access request for a read or write is sent, the request is intercepted by the Redirection Driver, transparent to the code that invokes the storage access request. The Redirection Driver uses the AST, PSRT, and optionally the UST, to allocate available storage space for redirected write requests, redirect write requests for protected areas of the storage device, and redirect read requests when the read request specifies a storage location that has been previously redirected. | 06-09-2011 |
20110145530 | LEVERAGING MEMORY ISOLATION HARDWARE TECHNOLOGY TO EFFICIENTLY DETECT RACE CONDITIONS - One embodiment includes method acts for detecting race conditions. The method includes beginning a critical section, during which conflicting reads and writes should be detected to determine if a race condition has occurred. This is performed by executing at a thread one or more software instructions to place a software lock on data. As a result of executing one or more software instructions to place a software lock on data, several additional acts are performed. In particular, the thread places a software lock on the data locking the data for at least one of exclusive writes or reads by the thread. And, at a local cache memory local to the thread, the thread enters the thread's memory isolation mode enabling local hardware buffering of memory writes and monitoring of conflicting writes or reads to or from the cache memory to detect reads or writes by non-lock respecting agents. | 06-16-2011 |
20110145531 | INFORMATION PROCESSING APPARATUS AND MEMORY PROTECTION METHOD - A memory protection method of dividing the address space of a memory into two or more protection regions, and protecting the memory from an unauthorized access to a protection region by a program includes a definition step of defining the relation between protection regions, a determination step of, when the relation between the protection regions is an inclusion relation, determining that an included protection region cannot directly access an including protection region and the including protection region can directly access the included protection region, and a step of, when an access to the protection region determined to be able to be directly accessed is requested, permitting a direct access to the protection region determined to be able to be directly accessed, and prohibiting a direct access to the protection region determined to be unable to be directly accessed. | 06-16-2011 |
20110153969 | DEVICE AND METHOD TO CONTROL COMMUNICATIONS BETWEEN AND ACCESS TO COMPUTER NETWORKS, SYSTEMS OR DEVICES - A network security device and method for one way or secure communication are disclosed. At least one processor is connected to a higher level network port and a lower level network port, and is connectable to a shared memory. The at least one processor is configured to send a data to the lower level network port via the shared memory in response to receiving the data from the higher level network port and to decline or ignore any request from the lower level network port to write to the shared memory. The at least one processor, which may be a higher level processor, may be further configured to decline or ignore any request from the higher level network port to read the shared memory. A lower level processor, connected to the lower level network port, may be at least conditionally disabled from writing to the shared memory. | 06-23-2011 |
20110153970 | Method and Apparatus for the Execution of a Program - An apparatus and a method is provided for the execution of a program by a program-controlled device, in which the program-controlled device receives instructions and automatically executes the program if it receives an access instruction for accessing a protected memory area. The invention further relates to a programmable transponder containing at least one such program-controlled device. | 06-23-2011 |
20110161610 | COMPILER-ENFORCED AGENT ACCESS RESTRICTION - A compiler that enforces, at compile time, domain data access permissions and/or agent data access permissions on at least one agent to be created within a domain. The compiler identifies domain data of a domain to be created, and an agent to be created within the domain at runtime. The domain access permissions of the agent are also identified. As part of compilation of an expression of an agent, a reference to the domain data is identified. Then, the compiler evaluates an operation that the reference to the domain data would impose on the domain data upon evaluating the expression at runtime. The compiler then determines whether or not the operation is in violation of the domain access permissions of the agent with respect to the identified domain data. Agent data access may also be evaluated depending on whether the access occurs by a function or a method. | 06-30-2011 |
20110161611 | METHOD FOR CONTROLLING SEMICONDUCTOR STORAGE SYSTEM CONFIGURED TO MANAGE DUAL MEMORY AREA - A method for controlling a semiconductor storage system configured to manage dual memory areas for protecting the system against abrupt and abnormal power disruptions is presented. The semiconductor storage systems has a first physical area and a second physical area, in which first data having a first logical block address are stored in the first physical area. The method includes providing a write command so that the first data is updated to second data. The method also includes writing the second data in a second physical area in response to the write command. When writing the second data in the second physical area, a corresponding invalid logical address is allocated to the second physical area. | 06-30-2011 |
20110161612 | STORAGE APPARATUS MOUNTING FRAME, STORAGE EXTENSION APPARATUS, AND METHOD OF CONTROLLING STORAGE APPARATUS - By having a storage apparatus attachment portion that secures a storage apparatus; a data read prevention processing unit that makes at least a part of data stored in the storage apparatus unreadable; and an input device that inputs a read prevention instruction for the storage apparatus, and configuring such that the data read prevention processing unit makes the data stored in the storage apparatus unreadable in response to a read prevention instruction received from the input device, data on the storage apparatus is reliably and easily set unreadable, as well as preventing data leakage from a typical storage apparatus with lower cost. | 06-30-2011 |
20110173407 | DATA STORAGE SYSTEM - A data storage system comprising a server computer and a data storage medium. The server computer includes an interface, such as an iSCSI interface, for communicating with a host computer. In response to receiving data from the host computer, the server computer determines whether or not the host computer has access to a virtual data storage device. If the host computer does not have access to a virtual data storage device, the server computer provides a virtual data storage device for access by the host computer, the virtual data storage device employing at least a portion of the data storage medium such that data stored to the virtual data storage device are stored to the portion of the data storage medium. | 07-14-2011 |
20110173408 | Securing non-volatile data in an embedded memory device - The various embodiments of the invention relate generally to semiconductors and memory technology. More specifically, the various embodiment and examples of the invention relate to memory devices, systems, and methods that protect data stored in one or more memory devices from unauthorized access. The memory device may include third dimension memory that is positioned on top of a logic layer that includes active circuitry in communication with the third dimension memory. The third dimension memory may include multiple layers of memory that are vertically stacked upon each other. Each layer of memory may include a plurality of two-terminal memory elements and the two-terminal memory elements can be arranged in a two-terminal cross-point array configuration. At least a portion of one or more of the multiple layers of memory may include an obfuscation layer configured to conceal data stored in one or more of the multiple layers of memory. | 07-14-2011 |
20110173409 | Secure Processing Unit Systems and Methods - A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU's hardware resources so that they can be shared between security functions and other functions performed by the same CPU. | 07-14-2011 |
20110191561 | AUGMENTED ADVISORY LOCK MECHANISM FOR TIGHTLY-COUPLED CLUSTERS - An inter-machine locking mechanism coordinates the access of shared resources in a tightly-coupled cluster that includes a number of processing systems. When a requesting processing system acquires a lock to access a resource, a comparison is made between values of a global counter and a local counter. The global counter indicates the number of times the lock is acquired exclusively by any of the processing systems. Based on the comparison result, the requesting processing system determines whether the resource has been modified since the last time it held the lock. | 08-04-2011 |
20110191562 | Apparatus and method for partitioning, sandboxing and protecting external memories - A technique to provide an integrated circuit that performs memory partitioning to partition a memory into a plurality of regions, in which the memory is accessed by a plurality of heterogeneous processing devices that operate to access the memory. The integrated circuit also assigns a security level for each region of the memory and permits a memory access by a transaction to a particular region of the memory, only when a level of security assigned to the transaction meets or exceeds the assigned security level for the particular region. The integrated circuit also performs sandboxing by assigning which of the plurality of processing devices are permitted access to each of the plurality of regions. The integrated circuit may implement only the security level function or only the sandboxing function, or the integrated circuit may implement them both. In some instances, a scrambling/descrambling function is included to scramble/descramble data. In one application, the integrated circuit is included within a mobile phone. | 08-04-2011 |
20110197043 | METHOD FOR ADJUSTING PERFORMANCE OF SYSTEM MEMORY AND COMPUTER SYSTEM THEREOF - A method for adjusting performance of a system memory used in a computer system with a system memory includes the following steps: in an operating system in operating, preventing the computer system from accessing data of the system memory when an event is triggered; giving a memory control command to execute a performance adjust program of the system memory after the computer system is completely prevented from accessing the data of the system memory; and permitting accessing the data of the system memory after the performance adjust program is completed. | 08-11-2011 |
20110202739 | Restricting memory areas for an instruction read in dependence upon a hardware mode and a security flag - An apparatus for processing data | 08-18-2011 |
20110202740 | Storing secure page table data in secure and non-secure regions of memory - Apparatus for data processing | 08-18-2011 |
20110208935 | Storing secure mode page table data in secure and non-secure regions of memory - Apparatus for data processing | 08-25-2011 |
20110208936 | System and Method for Policy Based Control of NAS Storage Devices - A system and method for providing policy-based data management and control on a NAS device deployed on a network and having event enabling framework software. When a user makes a request to store, read, or manipulate data on the NAS device, the NAS device provides an indication of this request to a management tool running on a remote system through the event enabling framework software. The management tool reviews the request in light of its previously established policy-based data storage management configuration and subsequently informs the NAS device, via the event enabling framework software, to either accept or not accept the user's request to store, read or modify data on the NAS device. | 08-25-2011 |
20110213940 | VIRTUALIZED DATA STORAGE VAULTS ON A DISPERSED DATA STORAGE NETWORK - A method begins with a slice server receiving a request to access a virtual digital data storage vault. The method continues by determining whether the virtual digital data storage vault is a first virtual digital data storage vault or a second virtual digital data storage vault. The slice server supports a portion of each of the first and the second virtual digital data storage vaults. When the virtual digital data storage vault is the first or the second virtual digital data storage vault, the method continues by determining whether the request is valid. When the request is valid, the method continues by executing the request to generate a response. | 09-01-2011 |
20110219202 | SPEICHERMEDIUM MIT UNTERSCHIEDLICHEN ZUGRIFFSMOGLICHKEITEN / MEMORY MEDIUM HAVING DIFFERENT WAYS OF ACCESSING - The invention provides a portable memory medium with a memory area and a memory management system for managing the memory area, wherein different options for access to the memory area are provided. The memory management system comprises a configuration command, the execution of which causes an activation of one of at least two different activatable memory configurations. | 09-08-2011 |
20110225383 | METHOD FOR SECURELY STORING DATA IN A MEMORY OF A PORTABLE DATA CARRIER - A method for securely storing data in a multilevel memory of a portable data carrier. The multilevel memory includes one or several multilevel memory cells (SZ) which can assume respectively at least three levels (E, NE). The at least three levels represent a different data content, regarding which respective levels (E, NE) of a memory cell (SZ) are defined as valid or invalid. The levels (E, NE) of a respective memory cell (SZ) are selectively defined as valid or invalid in dependence on a required security level. | 09-15-2011 |
20110231625 | SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems capable of transformation of logical data objects for storage and methods of operating thereof are provided. One method includes identifying among a plurality of requests addressed to the storage device two or more “write” requests addressed to the same logical data object, deriving data chunks corresponding to identified “write” requests and transforming the derived data chunks, grouping the transformed data chunks in accordance with the order the requests have been received and in accordance with a predefined criteria, generating a grouped “write” request to the storage device, and providing mapping in a manner facilitating one-to-one relationship between the data in the obtained data chunks and the data to be read from the transformed logical object. The method further includes obtaining an acknowledging response from the storage device, multiplying the obtained acknowledging response, and sending respective acknowledgements to each source that initiated each respective “write” request. | 09-22-2011 |
20110231626 | METHOD AND SYSTEM FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems capable of transformation of logical data objects for storage and methods of operating thereof are provided. One method includes identifying among a plurality of requests addressed to the storage device two or more “write” requests addressed to the same logical data object, deriving data chunks corresponding to identified “write” requests and transforming the derived data chunks, grouping the transformed data chunks in accordance with the order the requests have been received and in accordance with a predefined criteria, generating a grouped “write” request to the storage device, and providing mapping in a manner facilitating one-to-one relationship between the data in the obtained data chunks and the data to be read from the transformed logical object. The method further includes obtaining an acknowledging response from the storage device, multiplying the obtained acknowledging response, and sending respective acknowledgements to each source that initiated each respective “write” request. | 09-22-2011 |
20110238939 | MEMORY DEVICES WITH DATA PROTECTION - A memory device comprises a memory array, a status register, a status-register write-protect bit and a security register. The memory array contains a number of memory blocks. The status register includes at least one protection bit indicative of a protection status of at least one corresponding block of the memory blocks. The status-register write-protect bit is coupled with the status register for preventing a state change of the at least one protection bit. The security register includes at least one register-protection bit for preventing the state change in one of the at least one protection bit of the status register and the status-register write-protect bit. | 09-29-2011 |
20110246738 | STORAGE DEVICE, DATA PROCESSING DEVICE, REGISTRATION METHOD, AND RECORDING MEDIUM - A storage device includes a switching unit which switches an access destination in a storage area between a first storage area and a second storage area in response to an access request from a host device; and a nonvolatile storage medium which stores a first host device information used to identify the host device in the second storage area, and a software module executed by a CPU provided in the host device, the software module comprising causing the an authority grant unit which transmits a control signal for switching the access destination to the first storage area to the switching unit of the storage device, when the acquired first and second host device information are compared to find that the first and second host device information match with each other. | 10-06-2011 |
20110252209 | DATA ACCESS METHOD AND SYSTEM, STORAGE MEDIUM CONTROLLER AND STORAGE SYSTEM - A data access method for writing data into a storage apparatus is provided, wherein the storage apparatus has a storage unit, the storage unit has a partition, the storage property of the partition is set as a write protect mode and the storage apparatus is coupled to a host system having an operation system. The data access method includes transmitting a command from the host system to the storage apparatus through a human interface device path and setting the storage property of the first partition as a writable mode in response the command. The data access method also includes storing data into the partition by using built-in commands of the operation system. Accordingly, the data access method can write data into a partition that has been at the write protect mode when a user logins the operation system with a limited user authority mode. | 10-13-2011 |
20110258409 | MEMORY DEVICE, HOST DEVICE, AND MEMORY SYSTEM - A memory device is provided including: a storage section configured to store a content with a time limit for use; an elapsed time counting section configured to count the time limit; a battery section configured to be supplied with power from an external device accessing the time-limited content so as to be charged with power for operating the elapsed time counting section; and a control section configured to include a function of determining an expected time period during which the battery section can sustain the elapsed time counting section operating to count the time limit. | 10-20-2011 |
20110264882 | SYSTEM AND METHOD FOR LOCKING PORTIONS OF A MEMORY CARD - An improved integrated circuit is provided to facilitate communication between a microprocessor and a non-volatile memory. The integrated circuit comprises at least one lock status register, at least one control register and a memory controller. The lock status register comprises a plurality of lock status bits representing whether or not a corresponding unit of storage in the volatile memory has been locked. The control register stores configurable control information for the memory controller, including sizing information defining the size of the unit of storage. The memory controller is configured to receive a modification request to modify data in the non-volatile memory; determine a target unit of storage in the non-volatile memory based on a target memory address associated with the modification request; determine from the lock status register whether the target unit of storage has been locked; and implement the modification request only if the target unit storage has not been locked. A method to be implemented by the circuit is also provided. | 10-27-2011 |
20110264883 | Device for selecting and configuring a default storage section and the corresponding method - The present invention concerns a device and a method at the device for selecting and configuring a default storage section. The device comprises connecting means for connecting at least one storage device comprising storing means to the device, characterized in that it comprises a selector for selecting a storage device, the selected storage device becoming the default storage section, configuring means for, on selection of a default storage section, partitioning the storing means of the default storage section into more than one directory, and securing means for defining access rights to the more than one directory. | 10-27-2011 |
20110271069 | DISMOUNTING A STORAGE VOLUME - In response to an instruction to dismount a storage volume, for example, an object in the storage volume is identified and a handle that references the object is closed. Once an exclusive lock on the storage volume is acquired, the storage volume can be dismounted. The storage volume can then remounted. | 11-03-2011 |
20110289293 | SEMICONDUCTOR DEVICE - There is provided a semiconductor device which is simple in configuration and resistant to tampering. A user input unit receives an authentication code input by a user. A CPU determines whether a user's access is legal based on the input authentication code and activates an enable signal if the user's access is legal. A normal row decoder decodes the row address specified by the CPU and selects a normal memory cell of any row based on the result of decode. A redundancy row decoder prohibits the selection by the normal row decoder when the specified row address agrees with the row address of a predetermined normal memory cell only if the enable signal is activated and selects a redundant memory cell of any row. | 11-24-2011 |
20110289294 | INFORMATION PROCESSING APPARATUS - An information processing apparatus includes: a CPU ( | 11-24-2011 |
20110307677 | DEVICE FOR MANAGING DATA BUFFERS IN A MEMORY SPACE DIVIDED INTO A PLURALITY OF MEMORY ELEMENTS - In a device for managing data buffers in a memory space distributed over a plurality of memory elements, the memory space is allocatable by memory pages, each buffer including one or more memory pages. The buffers are usable by at least one processing unit for the execution of an application, the application being executed by a plurality of processing units executing tasks in parallel. The memory elements are accessible in parallel by the processing units. The device includes means for allocating buffers to the tasks during the execution of the application and means for managing access rights to the buffers. The means for managing the access rights to the buffers include means for managing access rights to the pages in a given buffer, to verify that writing to a given page does not modify data currently being read from the page or that reading from a given page does not access data currently being written to the page, in such a way as to share the buffer between unsynchronized tasks. | 12-15-2011 |
20110314243 | METHOD AND APPARATUS FOR RESTRICTING ACCESS TO WRITABLE PROPERTIES AT RUNTIME - A processing device executing an application receives a user command to update a specified writeable property of the application. The processing device determines whether the specified writeable property has metadata that distinguishes the specified writeable property as a user updateable property. In one embodiment, this is determined by using a reflection mechanism to examine metadata of the specified writeable property. In another embodiment, this is determined by examining a dynamic changeable properties list that was created and populated at runtime of the application. If the specified writeable property has the metadata that distinguishes the specified writeable property as a user updateable property, the processing device updates the specified writeable property in accordance with the user command. | 12-22-2011 |
20110320753 | DATA PROCESSING APPARATUS, COMPUTER PROGRAM THEREFOR, AND DATA PROCESSING METHOD - A data processing apparatus uses a characteristic where an OS or an application program divides a file in units of cluster and writes information when information is written in an HDD and changes (redirect) a writing place in the units of cluster, thereby classifying and storing confidential information with a small consumption amount of the HDD. Therefore, the present invention provides a data processing apparatus that can classify and store confidential information and normal information with a small consumption amount of the HDD. | 12-29-2011 |
20120005442 | STORAGE DEVICE, ACCESS CONTROL PROGRAM RECORDING MEDIUM, AND CONTROL METHOD OF STORAGE DEVICE - A storage device for storing data includes a device configured to store data read or written by a host, a command storage unit configured to store commands transmitted by the host to acquire information relating to the device, a command acquisition unit configured to acquire commands issued to the device when the host requests access to the data stored in the device, and an access determination unit configured to permit the access, if the commands acquired by the command acquisition unit have been stored in the command storage unit. | 01-05-2012 |
20120005443 | APPARATUS, SYSTEM, AND METHOD FOR COORDINATING STORAGE REQUESTS IN A MULTI-PROCESSOR/MULTI-THREAD ENVIRONMENT - An apparatus, system, and method are disclosed for coordinating storage requests in a multi-processor/multi-thread environment. An append/invalidate module generates a first append data storage command from a first storage request and a second append data storage command from a second storage request. The storage requests overwrite existing data with first and second data including where the first and second data have at least a portion of overlapping data. The second storage request is received after the first storage request. The append/invalidate module updates an index by marking data being overwritten as invalid. A restructure module updates the index based on the first data and updates the index based on the second data. The updated index is organized to indicate that the second data is more current than the first data regardless of processing order. The modules prevent access to the index until the modules have completed updating the index. | 01-05-2012 |
20120030442 | MANAGEMENT SYSTEM AND MANAGEMENT METHOD FOR MANAGING COMPUTER SYSTEM - A management system, coupled to a computer system including one or more types of storage apparatus, stores management information. The management information includes: (a) information containing, for each request by an administrator, information indicating a storage function (a function of a storage apparatus) required in order to achieve a function satisfying the administrator request; and (b) information containing, for each storage apparatus, information indicating storage functions. The management system: (A) receives a request of an administrator; (B) identifies an implementation pattern including a storage apparatus having a storage function required to achieve a function satisfying the received administrator request, on the basis of the information (a) and (b), and (C) performs setup in order to achieve a function satisfying the received administrator request, in respect of any of the identified one or more implementation patterns. | 02-02-2012 |
20120030443 | PROTECTION OF SECRET KEYS - A method for protecting at least first data of a non-volatile memory from which the extraction of this first data is triggered by the reading or the writing, by a processor from or into the memory, of second data independent from the first data, said first data being provided to a circuit which the processor cannot access. | 02-02-2012 |
20120042144 | Memory access control - A data processing system | 02-16-2012 |
20120042145 | USER-LEVEL SECMENTATION MECHANISM THAT FACILITATES SAFELY EXECUTING UNTRUSTED NATIVE CODE - A system that uses segmentation to safely execute native code. This system includes a processing element that executes the native code and a memory which stores code and data for the processing element. The processing element includes a segmentation mechanism which limits the native code executing on the processing element to accessing a specified segment of memory. The processing element also includes an instruction-processing unit, which is configured to execute a user-level instruction that causes the segmentation mechanism to limit memory accesses by the native code to the specified segment of the memory. | 02-16-2012 |
20120047342 | FACILITATION OF SIMULTANEOUS STORAGE INITIALIZATION AND DATA DESTAGE - Various embodiments for storage initialization and data destage in a computing storage environment are provided. At least a portion of data on a storage device is initialized using a background process, while one of simultaneously and subsequently destaging the at least the portion of the data to the storage device using a foreground process is performed. A persistent metadata bitmap, adapted to indicate whether the at least the portion of the data has been initialized, is staged to cache, the cache operable in the computing storage environment. The background process maintains a volatile bitmap indicating a status of the initialization of the at least the portion of the data in direct correspondence to the metadata bitmap. As the background process initializes the at least the portion of the data, an applicable bit on the persistent metadata bitmap is cleared and a corresponding bit is set on the volatile bitmap. | 02-23-2012 |
20120060007 | TRAFFIC CONTROL METHOD AND APPARATUS OF MULTIPROCESSOR SYSTEM - A method and apparatus for controlling traffic of multiprocessor system or multi-core system is provided. The traffic control apparatus of a multiprocessor system according to the present invention includes a request handler for processing a traffic request of a first processor, and a Quality of Service (QoS) manager for receiving a QoS guaranty start instruction for a second processor from the multiprocessor system, and for transmitting, when traffic of the second processor is detected, a traffic adjustment signal to the request handler. The request handler adjusts the traffic of the first processor according to the received traffic adjustment signal. The traffic control method and apparatus of the present invention is capable of adjusting the required bandwidths of individual technologies and guaranteeing the real-timeness in the multiprocessor system or multi-core system. | 03-08-2012 |
20120060008 | INFORMATION PROCESSING TRMINAL, METHOD, PROGRAM, AND INTEGRATED CIRCUIT FOR CONTROLLING ACCESS TO CONFIDENTIAL INFORMATION, AND RECORDING MEDIUM HAVING THE PROGRAM RECORDED THEREON - An information processing terminal ( | 03-08-2012 |
20120072692 | DATA ACCESS MANAGEMENT - Apparatus, systems, and methods may operate to assert a first semi-exclusive write lock with respect to a storage medium area by storing lock information when assertion of another semi-exclusive write lock with respect to the area is not detected. Additional activities may include writing data to the area by a writing entity that has asserted the first semi-exclusive write lock after determining the lock information has not changed, while substantially simultaneously de-asserting the first semi-exclusive write lock. Reading from the area may be determined as successful by determining that the semi-exclusive write lock was not asserted prior to or during the reading by checking the status of the lock information. Additional apparatus, systems, and methods are disclosed. | 03-22-2012 |
20120084525 | METHOD AND DEVICE FOR LOADING AND EXECUTING INSTRUCTIONS WITH DETERMINISTIC CYCLES IN A MULTICORE AVIONIC SYSTEM HAVING A BUS OF WHICH THE ACCESS TIME IS NOT PREDICTABLE - A method and device for loading and executing a plurality of instructions in an avionics system including a processor including at least two cores and a memory controller, each of the cores including a private memory. The plurality of instructions is loaded and executed by execution slots such that, during a first execution slot, a first core has access to the memory controller for transmitting at least one piece of data stored in the private memory thereof and for receiving and storing at least one datum and an instruction from the plurality of instructions in the private memory thereof, while the second core does not have access to the memory controller and executes at least one instruction previously stored in the private memory thereof and such that, during a second execution slot, the roles of the two cores are reversed. | 04-05-2012 |
20120102282 | VARIABLE LENGTH DATA PROTECTED BY SEQLOCK - Various embodiments of systems and methods for variable length data protected by Seqlock are described herein. Seqlock is a special locking mechanism used in data structures for multithreaded applications that can be read very quickly, when there are no changes being made, at the cost of needing to repeat a read operation when writing has occurred. A Seqlock, in normal use, can only protect a fixed-size data structure with no pointers. This is because the writing thread may invalidate a pointer after a reading thread has followed it. The embodiments specify an algorithm where a Seqlock-protected pointer, once written, is never invalidated. This removes the “no pointers” restriction, allowing the Seqlock to protect a simple singly-linked list, which can be safely increased in size while being read by other threads. The innovation includes the use of the write-once head and next pointers, and the always valid end iterator. | 04-26-2012 |
20120102283 | MULTIFUNCTION PERIPHERAL AND STORAGE MEDIUM - The storage section of the multifunction peripheral stores location information containing a storage location of software which transmits a control command whose execution is permissible. The execution permission judging section of the multifunction peripheral includes (I) a storage location detecting section which detects a storage location of software which has participated in a transmission of a received control command and (II) a command permitting/prohibiting section which (i) prohibits execution of the received control command when a storage location indicated by the location information is not detected by the storage location detecting section but (ii) permits execution of the received control command when the storage location is detected by the storage location detecting section. | 04-26-2012 |
20120102284 | METHOD FOR DETECTING ACCESS TO OBJECT, AND COMPUTER AND COMPUTER PROGRAM PRODUCT FOR THE SAME - A method for detecting access to an object, and a computer and a computer program product including steps and components for converting an original pointer to the object into a pointer pointing to a read-write-protected area by manipulating the original pointer and a step of reversely converting the converted pointer into the original pointer using occurrence of an exception in response to a request to access the read-write-protected area. Additionally, the step of reversely converting may include a step of acquiring, with reference to an instruction that has caused the exception, the manipulated pointer from the instruction that has caused the exception and a step of reversely converting the acquired pointer and acquiring a pointer to a head of the object pointed to by the reversely converted original pointer. | 04-26-2012 |
20120102285 | PROVIDING PROTECTED ACCESS TO CRITICAL MEMORY REGIONS - In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing hardware of a virtualized processor based system detecting a specified type of memory access to an identified region of memory and in response to the detecting generating an interrupt for a virtual machine monitor (VMM) of the virtualized processor based system. | 04-26-2012 |
20120110291 | SYSTEM AND METHOD FOR I/O COMMAND MANAGEMENT - Systems and methods for input/output command management. In embodiments of the invention an input/output command fully executes after a lock has been obtained for the command on all storage segments relating to the command, in a predetermined order. Some embodiments of the invention allow overlapping access to storage and/or to individual storage segments by a plurality of input/output commands. In some embodiments of the invention, prioritization of commands is facilitated through the usage of a sharing policy and/or wakeup policy. | 05-03-2012 |
20120110292 | METHOD FOR ACCESSING A PORTABLE DATA STORAGE MEDIUM WITH AUXILIARY MODULE AND PORTABLE DATA STORAGE MEDIUM - The invention describes a method for accessing a portable storage data carrier ( | 05-03-2012 |
20120117348 | TECHNIQUES FOR SECURITY MANAGEMENT PROVISIONING AT A DATA STORAGE DEVICE - Techniques for a data storage device to locally implement security management functionality. In an embodiment, a security management process of the data storage device is to determine whether an access to non-volatile media of the data storage device is authorized. In certain embodiments, the data storage device is to restrict access to a secure region of the non-volatile storage media, the secure region to store information used and/or generated by a security management process of the data storage device. | 05-10-2012 |
20120124312 | HOST DISCOVERY AND HANDLING OF ALUA PREFERENCES AND STATE TRANSITIONS - Various systems and methods can discover asymmetric logical unit (LUN) access (ALUA) preferences and/or state transitions and use those preferences and/or state transitions to control how a host accesses a LUN in an ALUA array. One such method involves detecting a preferred controller for a LUN and then detecting that a current owner controller of the LUN is not the preferred controller. In response, the method can initiate an ownership change from the current owner controller to the preferred controller. Another method involves detecting an initial state of a first controller with respect to a LUN. The method then detects a subsequent state of the first controller with respect to the LUN subsequent to detecting the initial state. The method can then cause a computing device to access the LUN via a second controller, in response to the subsequent state not being the active optimized state. | 05-17-2012 |
20120124313 | MULTI-CHANNEL MEMORY WITH EMBEDDED CHANNEL SELECTION - Subject matter disclosed herein relates to a memory device, and more particularly to a multi-channel memory device and methods of selecting one or more channels of same. | 05-17-2012 |
20120124314 | RECORDING MEDIUM - A recording medium according to an embodiment includes: a storing section including a first area in which a number-of-reproductions limited file is written and a second area in which at least one determination address in an address range of the first area, in which the number-of-reproductions limited file is written, and a number of readable times of the number-of-reproductions limited file are written; and a control section configured not to perform, after the number of readouts of reading out of data in the at least one determination address reaches the number of readable times, output of the number-of-reproductions limited file in response to a readout request for the number-of-reproductions limited file. | 05-17-2012 |
20120144138 | Locking Access To Data Storage Shared By A Plurality Of Compute Nodes - Methods, apparatuses, and computer program products are provided for locking access to data storage shared by a plurality of compute nodes. Embodiments include maintaining, by a compute node, a queue of requests from requesting compute nodes of the plurality of compute nodes for access to the data storage, wherein possession of the queue represents possession of a mutual-exclusion lock on the data storage, the mutual-exclusion lock indicating exclusive permission for access to the data storage; and conveying, based on the order of requests in the queue, possession of the queue from the compute node to a next requesting compute node when the compute node no longer requires exclusive access to the data storage. | 06-07-2012 |
20120144139 | CONTENT MODIFICATION CONTROL USING READ-ONLY TYPE DEFINITIONS - Disclosed are methods, systems and products, including a method that includes establishing in a computing environment, implemented using at least one processor-based device, a non-immutable object as being a read-only object, the computing environment not allowing performance of operations that cause modification of the read-only non-immutable object. The method also includes preventing by the at least one processor-based device performance of an operation on the read-only non-immutable object that would cause the read-only non-immutable object to be modified. | 06-07-2012 |
20120144140 | Memory Protection Unit and a Method for Controlling an Access to a Memory Device - A memory protection unit includes at least a first access control unit and a second access control unit programmed for controlling an access to a memory device. Further a method to operate a processing system comprising multiple processing devices and multiple memory protection units associated to the multiple processing devices, The access to the memory by a processing device is approved if first access control unit and second access control unit of the memory protection associated to the processing device approves the access and access is rejected if first access control unit or second access control unit rejects the access. The first access control unit is programmable by the associated processing device alone and the programming of the second access control unit is readable by an additional processing device which is to be used in a system with multiple programming devices, not the associate processing device. | 06-07-2012 |
20120144141 | Storage Device and Method for Storage Device State Recovery - A storage device and method for storage device state recovery are provided. In one embodiment, a storage device commences an authentication process to authenticate a host device. The authentication process comprises a plurality of phases, and the storage device stores the state of the authentication process, wherein the state indicates the phase(s) of the authentication process that have been successfully completed. After a power loss, the storage device retrieves the state of the authentication process and resumes an operation with the host device without re-performing the phase(s) of the authentication process that have been completed. | 06-07-2012 |
20120144142 | SERIAL ADVANCED TECHNOLOGY ATTACHMENT WRITE PROTECTION: MASS STORAGE DATA PROTECTION DEVICE - A mass storage device protection system may have a mass storage device, a processor configured to generate at least one serial write command signal to the mass storage device via a serial communication link, and a storage protector configured for communication with the processor and mass storage device, the storage protector configured to do the following: intercept the at least one serial write command signal, and determine whether the at least one serial write command signal comprises an authorized command signal or an unauthorized command signal. | 06-07-2012 |
20120144143 | MOVING PICTURE CODING APPARATUS AND MOVING PICTURE DECODING APPARATUS - A video encoder ( | 06-07-2012 |
20120151167 | SYSTEMS AND METHODS FOR MANAGING READ-ONLY MEMORY - Systems, methods, and computer storage mediums for managing read-only memory are provided. A system includes a memory device including a real memory and a tracking mechanism configured to track relationships between multiple virtual memory addresses and real memory. The system further includes a processor configured to perform the below method and/or execute the below computer program product. One method includes mapping a first virtual memory address to a real memory in a memory device and mapping a second virtual memory address to the real memory. Here, the first virtual memory address is authorized to modify data in the real memory and the second virtual memory address is not authorized to modify the data in the real memory. One computer storage medium includes a computer program product for performing the above method. | 06-14-2012 |
20120151168 | VIRTUALIZING PROCESSOR MEMORY PROTECTION WITH "L1 ITERATE AND L2 SWIZZLE" - Methods for providing shadow page tables that virtualize processor memory protection. In one embodiment, two shadow L2 page tables are maintained for each section, for example, each 1 MB section, of guest address space covered by a shadow L1 descriptor. | 06-14-2012 |
20120159103 | SYSTEM AND METHOD FOR PROVIDING STEALTH MEMORY - The described implementations relate to computer memory. One implementation provides a technique that can include providing stealth memory to an application. The stealth memory can have an associated physical address on a memory device. The technique can also include identifying a cache line of a cache that is mapped to the physical address associated with the stealth page, and locking one or more other physical addresses on the memory device that also map to the cache line. | 06-21-2012 |
20120159104 | SECURE MEMORY ACCESS SYSTEM AND METHOD - A secure memory access system and method for providing secure access to Hyper Management Mode memory ranges is presented. | 06-21-2012 |
20120166746 | Security Device - A security device for securing secondary data storage devices having different levels of data security. The security device has an access to a plurality of primary and secondary storage devices, switches configured to separately enable and disable read and write operations to each of the plurality of storage devices, where at least two secondary storage devices cannot have their write access enabled at the same time. Further, the security device has a control circuit adapted to control the switches, and software that controls the switches in a manner that is transparent to the user. In one embodiment the operating system of the computing system resides on a separate storage device that is write protected when switching to a low level security storage device, the computing system and its operating system are ACPI compliant, and ready ACPI states are used in conjunction with switching the primary storage. | 06-28-2012 |
20120166747 | DYNAMIC NEST LEVEL DETERMINATION FOR NESTED TRANSACTIONAL MEMORY ROLLBACK - Embodiments of the present invention address deficiencies of the art in respect to nested transaction rollback and provide a method, system and computer program product for dynamic nest level determination for nested transaction rollback. In an embodiment of the invention, a nested transaction rollback method can be provided. The method can include detecting a violation of a block of memory accessed within a set of nested transactions, retrieving a tentative rollback level for the violation, discarding a speculative state for the block of memory at each level of the set of nested transactions up to and including the tentative rollback level, refining the tentative rollback level to a lower level in the set of nested transactions, and additionally discarding a speculative state for the block of memory at additional levels in the set of nested transactions up to and including the refined rollback level. | 06-28-2012 |
20120179888 | METHOD AND APPARATUS FOR SETTING ACCESS RESTRICTION INFORMATION - The storage system includes a host computer; a management computer coupled to the host computer; a first storage device coupled to the host computer and the management computer, and including first port management information; and a second storage device coupled to the host computer, the management computer and the first storage device, and including second port management information. The first port management information and the second port management information include an identifier of a port on each storage device, an identifier of a volume in each storage device, an access restriction and an identifier of a port permitted access from the host computer to each storage device. | 07-12-2012 |
20120185661 | DOMAIN BASED ACCESS CONTROL OF PHYSICAL MEMORY SPACE - Domains can also be used to control access to physical memory space. Data in a physical memory space that has been used by a process sometimes endures after the process stops using the physical memory space (e.g., the process terminates). In addition, a virtual memory manager may allow processes of different applications to access a same memory space. To prevent exposure of sensitive/confidential data, physical memory spaces can be designated for a specific domain or domains when the physical memory spaces are allocated. | 07-19-2012 |
20120185662 | Limited use data storing device - Embodiments of methods and systems for controlling access to information stored on memory or data storage devices are disclosed. In various embodiments, methods of retrieving information from a data storage device previously deactivated by modification or degradation of at least a portion of the data storage device are disclosed. | 07-19-2012 |
20120191933 | Device Security Features Supporting a Distributed Shared Memory System - A memory management and protection system that incorporates device security features that support a distributed, shared memory system. The concept of secure regions of memory and secure code execution is supported, and a mechanism is provided to extend a chain of trust from a known, fixed secure boot ROM to the actual secure code execution. Furthermore, the system keeps a secure address threshold that is only programmable by a secure supervisor, and will only allow secure access requests that are above this threshold. | 07-26-2012 |
20120191934 | Apparatus Protecting Software of Sentinel Logic Circuitry Against Unauthorized Access - A method of protecting software for embedded applications against unauthorized access. Software to be protected is loaded into a protected memory area. Access to the protected memory area is controlled by sentinel logic circuitry. The sentinel logic circuitry allows access to the protected memory area from only either within the protected memory area or from outside of the protected memory area but through a dedicated memory location within the protected memory area. The dedicated memory location then points to protected address locations within the protected memory area. | 07-26-2012 |
20120198192 | Programmable Mapping of External Requestors to Privilege Classes for Access Protection - A memory management and protection system that manages memory access requests from a number of requestors. Memory accesses are allowed or disallowed based on the privilege level of the requestor, based on a Privilege Identifier that accompanies each memory access request. An extended memory controller selects the appropriate set of segment registers based on the Privilege Identifier to insure that the request is compared to and translated by the segment register associated with the master originating the request. A set of mapping registers allow flexible mapping of each Privilege Identifier to the appropriate access permission. | 08-02-2012 |
20120198193 | METHOD TO QUALIFY ACCESS TO A BLOCK STORAGE DEVICE VIA AUGMENTATION OF THE DEVICE'S CONTROLLER AND FIRMWARE FLOW - A method to qualify access to a block storage device via augmentation of the device's controller and firmware flow. The method employs one or more block exclusion vectors (BEVs) that include attributes specifying allowed access operations for corresponding block address ranges. Logic in accordance with the BEVs is programmed into the controller for the block storage device, such as a disk drive controller for a disk drive. In response to an access request, a block address range corresponding to the storage block(s) requested to be accessed is determined. Based on the BEV entries, a determination is made to whether the determined logical block address range is covered by a corresponding BEV entry. If so, the attributes of the BEV are used to determine whether the access operation is allowed. | 08-02-2012 |
20120203989 | Device with Processing Unit and Information Storage - Embodiments related to a processing unit and a first information storage are described and depicted. | 08-09-2012 |
20120210085 | METHOD FOR EXECUTING SECURITY-RELEVANT AND NON-SECURITY-RELEVANT SOFTWARE COMPONENTS ON A HARDWARE PLATFORM - A method for executing safety-relevant and non-safety-relevant software components on a hardware platform comprising a computer, memory and a monitoring component that operates independently of the computer. The safety-relevant software component erects a memory protection against access of a non-safety-relevant function to at least one area of the memory of the safety-relevant function before execution of the non-safety-relevant software component, so that the non-safety-relevant software component does not have access to the areas of the memory being used for safety-relevant components. After the return from the non-safety-relevant component, the memory protection is deactivated and the monitoring function monitors the safety-relevant function for its proper operation. | 08-16-2012 |
20120216001 | INTEGRATED CIRCUIT WITH TAMPER-DETECTION AND SELF-ERASE MECHANISMS - Methods and apparatuses for improving security of an integrated circuit (IC) are provided. A tamper condition is detected and a digital key stored in the IC is erased. The digital key is associated with a first image loaded onto the IC from a first memory. The memory may be a non-volatile memory module. A second image is loaded into a second memory module. The second memory module may be an embedded memory module, e.g., a control random access memory (CRAM) module. The first image is then erased from the first and second memory modules. | 08-23-2012 |
20120216002 | REMOTE PERMISSIONS PROVISIONING FOR STORAGE IN A CACHE AND DEVICE THEREFOR - A system and method are disclosed for determining whether to allow or deny an access request based upon one or more descriptors at a local memory protection unit and based upon one or more descriptors a system memory protection unit. When multiple descriptors of a memory protection unit apply to a particular request, the least-restrictive descriptor will be selected. System access information is stored at a cache of a local core in response to a cache line being filled. The cached system access information is merged with local access information, wherein the most-restrictive access is selected. | 08-23-2012 |
20120216003 | SEMICONDUCTOR DEVICE AND MEMORY PROTECTION METHOD - According to one embodiment, a semiconductor device includes a processor, and a memory device. The memory device has a nonvolatile semiconductor storage device and is configured to serve as a main memory for the processor. When the processor executes a plurality of programs, the processor manages pieces of information required to execute the programs as worksets for the respective programs, and creates tables, which hold relationships between pieces of information required for the respective worksets and addresses of the pieces of information in the memory device, for the respective worksets. The processor accesses to the memory device with reference to the corresponding tables for the respective worksets. | 08-23-2012 |
20120226880 | APPARATUS, ELECTRONIC DEVICES AND METHODS ASSOCIATED WITH AN OPERATIVE TRANSITION FROM A FIRST INTERFACE TO A SECOND INTERFACE - Subject matter disclosed herein relates to an apparatus comprising memory and a controller, such as a controller which determines block locking states in association with operative transitions between two or more interfaces that share at least one block of memory. The apparatus may support single channel or multi-channel memory access, write protection state logic, or various interface priority schemes. | 09-06-2012 |
20120226881 | Hard Disk Control Method, Hard Disk Control Device and Computer - A hard disk control method, a hard disk control device and a computer are provided The method includes detecting the current mode in which the system runs; determining the access frequency of the hard disk in the system when detecting the system runs in an idle mode currently; intercepting the hard disk access commands to be sent to the hard disk when the access frequency of the hard disk is lower than a predetermined access frequency threshold to make the hard disk enter into a preset power saving mode, and saving the hard disk access commands into a preset memory. | 09-06-2012 |
20120233427 | Data Storage Device and Data Management Method Thereof - An embodiment of the invention provides a data storage device and data management method thereof. The data storage device is coupled to a host, and includes a storage media having data sectors for storing data and a controller. The controller is coupled to the storage media for sequentially receiving one or more read commands and corresponding one or more logical addresses thereto, reads a plurality of first data sectors from the storage media according to the read commands and the corresponding logical addresses, outputs data of the first data sectors to the host, calculates a valid duration required for the one or more read commands, calculates an average data throughput according to the number of the first data sectors and the valid duration, and determines whether the average data throughput exceeds a predetermined threshold. When the average data throughput exceeds the predetermined threshold, the controller performs a blocking procedure to prevent the storage media from being accessed. | 09-13-2012 |
20120233428 | APPARATUS AND METHOD FOR SECURING PORTABLE STORAGE DEVICES - An apparatus and method for controlling and securing information stored on portable USB storage devices. Using the software application stored on the USB storage device in conjunction with functionality performed by a designed server, use of the storage device is limited to authorized users, PCs and locations, and other criteria while information contained within the device is protected from unauthorized access. | 09-13-2012 |
20120239895 | Memory Management Unit that Applies Rules Based on Privilege Identifier - A memory management and protection system that manages memory access requests from a number of requestors. Memory accesses are allowed or disallowed based on the privilege level of the master, usually a CPU originating the request based on a Privilege Identifier that accompanies each memory access request. Deputy masters such as DMA controllers inherit the Privilege Identifier of the originating master. An extended memory controller selects the appropriate set of segment registers based on the Privilege Identifier to insure that the request is compared to and translated by the segment register associated with the master originating the request. | 09-20-2012 |
20120246431 | ELECTRONIC EQUIPMENT SYSTEM AND STORAGE DEVICE - In electronic equipment | 09-27-2012 |
20120254572 | INFORMATION TERMINAL AND SECURITY MANAGEMENT METHOD - An information terminal of an embodiment has a communication section, a nonvolatile storage medium and a control section. The communication section performs transmission and reception with a predetermined server via the Internet. The nonvolatile storage medium stores information about a last date and time when an operating system is logged into. When the communication section receives a special command from the predetermined server, the control section performs control to transmit the information about the last date and time when the operating system is logged into, which is stored in the nonvolatile storage medium, to the predetermined server via the Internet. | 10-04-2012 |
20120260054 | SECURITY SYSTEM FOR EXTERNAL DATA STORAGE APPARATUS AND CONTROL METHOD THEREOF - A security system for an external data storage apparatus and control method thereof are disclosed. The system utilizes a preset identification (ID) and input ID to selectively permit data to be written and/or read. | 10-11-2012 |
20120272027 | Memory Protection Unit with Support for Distributed Permission Checks - A memory management and protection system that manages memory access requests from a number of requestors. Memory accesses are allowed or disallowed based on the permissions assigned to the request based on the memory segment being accessed. The decision to allow or disallow access is made by the extended memory controller by merging the permissions assigned to the memory segment being accessed, and the permissions assigned to the access request by the originating memory controller or other endpoint. | 10-25-2012 |
20120272028 | WIRELESS COMMUNICATION DEVICE - In this wireless communication device, a storage unit stores writing identification information relating to permission and prohibition of writing. An acquisition unit acquires device identification information that uniquely specifies an arbitrary wireless communication device from the arbitrary wireless communication device. A determination unit determines permission or prohibition of writing to a recording medium on the basis of the device identification information acquired by the acquisition unit and the writing identification information stored in the storage unit when a communication protocol of a session layer that performs writing to and readout from the recording medium in sector units is selected. A recording medium control unit controls permission and prohibition of writing to the recording medium on the basis of a result determined by the determination unit. | 10-25-2012 |
20120278576 | EFFICIENT NON-BLOCKING K-COMPARE-SINGLE-SWAP OPERATION - The design of nonblocking linked data structures using single-location synchronization primitives such as compare-and-swap (CAS) is a complex affair that often requires severe restrictions on the way pointers are used. One way to address this problem is to provide stronger synchronization operations, for example, ones that atomically modify one memory location while simultaneously verifying the contents of others. We provide a simple and highly efficient nonblocking implementation of such an operation: an atomic k-word-compare single-swap operation (KCSS). Our implementation is obstruction-free. As a result, it is highly efficient in the uncontended case and relies on contention management mechanisms in the contended cases. It allows linked data structure manipulation without the complexity and restrictions of other solutions. Additionally, as a building block of some implementations of our techniques, we have developed the first nonblocking software implementation of load-linked/store-conditional that does not severely restrict word size. | 11-01-2012 |
20120278577 | METHOD AND APPARATUS FOR PROTECTED CONTENT DATA PROCESSING - Methods and an apparatuses that perform protected content data processing with limited access to system resources are described. One or more regions in a memory (including a source memory and a destination memory) can be allocated and unprocessed content data can be mapped to the source memory. A process can be initialized with the source and destination memories to process the content data. The process can be prevented from accessing resource other than the allocated regions in the memory. The processed content data can be stored in the destination memory. In one embodiment, the content data can include media content. A playing device can be instructed to play the media content based on the processed content data via the destination memory. | 11-01-2012 |
20120290806 | SELECTIVE ROUTING OF LOCAL MEMORY ACCESSES AND DEVICE THEREOF - A data processor is disclosed that accesses its local memory by routing requests through a data path that is external the data processor. A reservation/decoration controller implements specialized handling associated with a received request to access local memory. In addition to implementing special handling, a memory controller that is associated with the reservation/decoration controller routes a corresponding access request back to the data processor core to access its local memory. | 11-15-2012 |
20120290807 | CHANGING OWNERSHIP OF CARTRIDGES - Exemplary method, system, and computer program product embodiments for changing ownership of cartridges, such as virtual cartridges between remotely located virtual tape libraries, are provided. In one embodiment, by way of example only, processes and protocols for the changing ownership of the cartridges are controlled from a primary location to a secondary location. The production site is moved for the cartridges. The ownership of the cartridges is waived. Access is allowed to the cartridges. Additional data is written and replicated using resources of the cartridges. | 11-15-2012 |
20120311285 | Method and System for Context Specific Hardware Memory Access Protection - Methods and systems are provided that provide a hardware based memory access protection system which may prevent access to secret data due to either accidental hardware or software failure, or inappropriate access via a system attack. This system includes a memory protection module and divides global memory space into two classes—a “highly protected region” and an “other” region. In some implementations, the system may be entirety located on hardware on a system chip, making unauthorized manipulation difficult. In some implementations, this system may allow a user to pre-program every allowable operation which may be performed by any given bus master, not only the allowable operations of a processor. Register pairs are used to control access to protected regions of memory by masters on the bus. | 12-06-2012 |
20120324189 | AGGREGATE DATA PROCESSING SYSTEM HAVING MULTIPLE OVERLAPPING SYNTHETIC COMPUTERS - A first SMP computer has first and second processing units and a first system memory pool, a second SMP computer has third and fourth processing units and a second system memory pool, and a third SMP computer has at least fifth and sixth processing units and third, fourth and fifth system memory pools. The fourth system memory pool is inaccessible to the third, fourth and sixth processing units and accessible to at least the second and fifth processing units, and the fifth system memory pool is inaccessible to the first, second and sixth processing units and accessible to at least the fourth and fifth processing units. A first interconnect couples the second processing unit for load-store coherent, ordered access to the fourth system memory pool, and a second interconnect couples the fourth processing unit for load-store coherent, ordered access to the fifth system memory pool. | 12-20-2012 |
20120324190 | AGGREGATE SYMMETRIC MULTIPROCESSOR SYSTEM - An aggregate symmetric multiprocessor (SMP) data processing system includes a first SMP computer including at least first and second processing units and a first system memory pool and a second SMP computer including at least third and fourth processing units and second and third system memory pools. The second system memory pool is a restricted access memory pool inaccessible to the fourth processing unit and accessible to at least the second and third processing units, and the third system memory pool is accessible to both the third and fourth processing units. An interconnect couples the second processing unit in the first SMP computer for load-store coherent, ordered access to the second system memory pool in the second SMP computer, such that the second processing unit in the first SMP computer and the second system memory pool in the second SMP computer form a synthetic third SMP computer. | 12-20-2012 |
20120331255 | SYSTEM AND METHOD FOR ALLOCATING MEMORY RESOURCES - System and method for allocating memory resources are disclosed. The system utilizes a bus system coupled to a plurality of requestors and a plurality of memory systems coupled to the bus system. Each memory system includes a memory component and a memory management module including a value that represents access rights to the memory component. The memory management module is configured to receive an access request from a first requestor of the plurality of requestors and to grant access to the memory component only if the value indicates that the first requestor has access rights to the memory component. The memory management module is configurable to change the value to give the access rights to the memory component to a second requestor of the plurality of requestors. | 12-27-2012 |
20130007393 | MEMORY DEVICE - According to one embodiment, a memory device includes a semiconductor memory, a memory controller which controls the semiconductor memory according to a request from outside the device, a radio section for wireless communication, and a controller. The controller manages storing data in the device according to a procedure for protecting copyright, obtains the latest version of a parameter for protecting copyright which can be updated from outside the device via the radio section, includes a comparator which compares the parameter stored in the device with the latest version of the parameter, and includes an update manager which updates the stored parameter to the latest version of the parameter when they are different. | 01-03-2013 |
20130007394 | REORGANIZATION OF A FRAGMENTED DIRECTORY OF A STORAGE DATA STRUCTURE COMPRISED OF THE FRAGMENTED DIRECTORY AND MEMBERS - A directory and members are allocated to store a data set, wherein the directory stores pointers to the members to allow data stored in the members to be accessed. The directory is expanded to accommodate an expansion of the data set, causing the directory to be stored in non-contiguous pages and becoming fragmented. A computational device determines that a threshold that measures a level of fragmentation of the directory relative to an amount of storage allocated for the data set has been exceeded. The computational device reorganizes the fragmented directory, into a reorganized directory that is stored in contiguous pages at the end of the data set, in response to determining that the threshold has been exceeded. | 01-03-2013 |
20130013876 | MEMORY DEVICE AND METHOD HAVING ON-BOARD ADDRESS PROTECTION SYSTEM FOR FACILITATING INTERFACE WITH MULTIPLE PROCESSORS, AND COMPUTER SYSTEM USING SAME - A memory device includes an address protection system that facilitates the ability of the memory device to interface with a plurality of processors operating in a parallel processing manner. The protection system is used to prevent at least some of a plurality of processors in a system from accessing addresses designated by one of the processors as a protected memory address. Until the processor releases the protection, only the designating processor can access the memory device at the protected address. If the memory device contains a cache memory, the protection system can alternatively or additionally be used to protect cache memory addresses. | 01-10-2013 |
20130019078 | ACTIVE-ACTIVE REMOTE CONFIGURATION OF A STORAGE SYSTEM - A method for data storage, including configuring a first logical volume on a first storage system and a second logical volume on a second storage system. The second logical volume is configured as a mirror of the first logical volume, so that the first and second logical volumes form a single logical mirrored volume. The method also includes receiving at the second storage system a command submitted by a host to write data to the logical mirrored volume, and transferring the command from the second storage system to the first storage system without writing the data to the second logical volume. On receipt of the command at the first storage system, the data is written to the first logical volume. Subsequent to writing the data to the first logical volume, the data is mirrored on the second logical volume. | 01-17-2013 |
20130024637 | MEMORY ACCESS UNLOCK - In one implementation, a controller is provided such that when an operation is performed at a first memory location, the controller unlocks access to a second memory location. | 01-24-2013 |
20130024638 | STORAGE DEVICE IN A LOCKED STATE - A method for managing a storage device including identifying a lock timing for the storage device when coupling to a device, transitioning the storage device into a locked state in response to detecting the storage device decoupling from the device, and configuring the storage device to remain in the locked state if the storage device is re-coupled to the device after the lock timing has elapsed. | 01-24-2013 |
20130031323 | MEMORY DEVICE SHARING SYSTEM, MANAGING APPARATUS ACCESS CONTROL APPARATUS, METHODS THEREFOR, AND RECORDING MEDIUM - A memory device sharing system includes M (M represents an integer of 2 or greater) access control apparatus for sharing N (N represents an integer of 2 or greater) memory devices which store data, and a managing apparatus for managing access to the memory devices via the access control apparatus. The managing apparatus checks data stored in the N memory devices, generates data position information representative of the storage positions of data stored in any one of the N memory devices, and sends the data position information to the M access control apparatus. Each of the M access control apparatuses receives the data position information sent from the manager, and accesses the storage position indicated by the data position information if each of the M access control apparatuses receives an access request to access the data from an access request source. | 01-31-2013 |
20130036282 | MANAGING MEMORY OF A COMPUTER - A method for managing data in a memory of a computer. The method includes the steps of: prohibiting a specified memory area in a memory from being accessed temporarily or intermittently; and attaching, to first data, a first mark indicating that the first data has been read when a page fault has occurred as a result of an access by any process to read on the first data; where the first data is present in a specified memory area prohibited from being accessed; and where at least one of the steps is carried out using a computer device. | 02-07-2013 |
20130036283 | Extended Utilization Area For a Memory Device - Methods, systems and devices for configuring access to a memory device are disclosed. The configuration of the memory device may be carried out by creating a plurality of access profiles that are adapted to optimize access to the memory device in accordance with the type of access. Accordingly, when an application with specific memory access needs is initiated, the memory access profile that is most optimized for that particular access need is utilized to configure access to the memory device. The configuration may be effected for a portion of the memory device, a partition of the memory device, or even one single access location on the memory device. | 02-07-2013 |
20130054915 | Performing An Atomic Operation Without Quiescing An Interconnect Structure - In one embodiment, the present invention includes a method for receiving a lock message for an address in a processor from a quiesce master of a system. This lock message indicates that a requester agent of the system is to enter a locking phase with respect to the address. Responsive to receipt of this message, logic of the processor can write an entry in a tracking buffer of the processor for the address and thereafter allow a transaction to be sent from the processor via an interconnect if an address of the transaction does not match any address stored in the tracking buffer. Other embodiments are described and claimed. | 02-28-2013 |
20130054916 | BLOCKED BASED END-TO-END DATA PROTECTION FOR EXTENDED COUNT KEY DATA (ECKD) - Exemplary method, system, and computer program product embodiments for block based end-to-end data protection for extended count key data (ECKD) in a computing environment are provided. In one embodiment, by way of example only, information units (IU's) are aligned in a block boundary format. Block protection trailer data is added to each one of the IU's. Additional system and computer program product embodiments are disclosed and provide related advantages. | 02-28-2013 |
20130054917 | EFFICIENT SECURE DATA MARSHALING THROUGH AT LEAST ONE UNTRUSTED INTERMEDIATE PROCESS - Secure marshaling of data via one or more intermediate processes is provided. A source process may create a named shared memory section resulting in a first handle to the shared memory section. The source process may populate the shared memory section with information. An access control list may secure the shared memory section by preventing the one or more intermediate processes from accessing content of the shared memory section, while allowing a target process to access the content. The first handle and a name of the shared memory section may be marshaled to a first intermediate process resulting in a respective new handle to the shared memory section. A last intermediate process may marshal the name to a target process, which may use the name to obtain access to the content of the shared memory section. | 02-28-2013 |
20130054918 | BLOCKED BASED END-TO-END DATA PROTECTION FOR EXTENDED COUNT KEY DATA (ECKD) - For block based end-to-end data protection for extended count key data (ECKD) in a computing environment, information units (IU's) are aligned in a block boundary format. Block protection trailer data is added to each one of the IU's. | 02-28-2013 |
20130061015 | ACCESS CONTROL APPARATUS AND ACCESS CONTROL SYSTEM - According to one embodiment, an access control apparatus includes a medium communication module configured to perform communication with a removable medium, a access module configured to perform access to the removable medium using the communication module, a wireless communication module configured to perform wireless communication with a external device, and to receive access request to the removable medium, and a controller configured to assign an access right to access the removable medium to one of the access module and the external device, the control module assigning the access right in response to a request of assignment of the access right, the request being transmitted from the external device or the access module. | 03-07-2013 |
20130061016 | VERSATILE DATA PROCESSOR EMBEDDED IN A MEMORY CONTROLLER - A first engine and a memory access controller are each configured to receive memory operation information in parallel. In response to receiving the memory operation information, the first engine is prepared to perform a function on memory data associated with the memory operation and the memory controller is configured to prepare the memory to cause the memory operation to be performed. | 03-07-2013 |
20130080726 | INPUT/OUTPUT MEMORY MANAGEMENT UNIT WITH PROTECTION MODE FOR PREVENTING MEMORY ACCESS BY I/O DEVICES - A memory management unit is configured to receive requests for memory access from a plurality of I/O devices. The memory management unit implements a protection mode wherein the unit prevents memory accesses by the plurality of I/O devices by mapping memory access requests (from the I/O devices) to the same set of memory address translation data. When the memory management unit is not in the protected mode, the unit maps memory access requests from the plurality of I/O devices to different respective sets of memory address translation data. Thus, the memory management unit may protect memory from access by I/O devices using fewer address translation tables than are typically required (e.g., none). | 03-28-2013 |
20130086348 | Lock-Clustering Compilation for Software Transactional Memory - A lock-clustering compiler is configured to compile program code for a software transactional memory system. The compiler determines that a group of data structures are accessed together within one or more atomic memory transactions defined in the program code. In response to determining that the group is accessed together, the compiler creates an executable version of the program code that includes clustering code, which is executable to associate the data structures of the group with the same software transactional memory lock. The lock is usable by the software transactional memory system to coordinate concurrent transactional access to the group of data structures by multiple concurrent threads. | 04-04-2013 |
20130091335 | RESOURCE RECOVERY FOR CHECKPOINT-BASED HIGH-AVAILABILITY IN A VIRTUALIZED ENVIRONMENT - A computer-implemented method, computer program product and data processing system provide checkpoint high-available for an application in a virtualized environment with reduced network demands. An application executes on a primary host machine comprising a first virtual machine. A virtualization module receives a designation from the application of a portion of the memory of the first virtual machine as purgeable memory, wherein the purgeable memory can be reconstructed by the application when the purgeable memory is unavailable. Changes are tracked to a processor state and to a remaining portion that is not purgeable memory and the changes are periodically forwarded at checkpoints to a secondary host machine. In response to an occurrence of a failure condition on the first virtual machine, the secondary host machine is signaled to continue execution of the application by using the forwarded changes to the remaining portion of the memory and by reconstructing the purgeable memory. | 04-11-2013 |
20130103915 | SECURE MEMORY ACCESS SYSTEM AND METHOD - A secure memory access system and method for providing secure access to Hyper Management Mode memory ranges is presented. | 04-25-2013 |
20130111168 | SYSTEMS AND METHODS FOR SEMAPHORE-BASED PROTECTION OF SHARED SYSTEM RESOURCES | 05-02-2013 |
20130111169 | ENGINE CONTROL UNIT FOR AN INTERNAL COMBUSTION ENGINE | 05-02-2013 |
20130132694 | MICROCOMPUTER AND METHOD FOR CONTROLLING MEMORY ACCESS - A microcomputer includes a CPU, a protection information storage configured to store memory protection information specifying an access permission or a prohibited state to a memory space by a program executed by the CPU, a memory access control apparatus configured to determine whether or not to allow a memory access request from the CPU according to the memory protection information, and a reset apparatus configured to invalidate the memory protection information stored in the protection information storage according to a reset request signal output from the CPU to a switching of programs executed by the CPU, the reset request signal being based on a state of execution of the program by the CPU. The reset apparatus sets all valid bit storing fields of a plurality of protection setting registers of the protection information storage to invalid state in response to the reset request signal output by the CPU. | 05-23-2013 |
20130132695 | METHOD OF CONTROLLING MEMORY ACCESS - Provided is a method of controlling memory access. In a system including a first layer element executed in a privileged mode having a first priority of permission to access the entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method of controlling memory access determines whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; and determines whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory. Accordingly, a memory domain allocated to a guest operating system kernel is effectively protected from an application executed in the unprivileged mode in which the guest operating system kernel is executed. | 05-23-2013 |
20130138906 | ELECTRONIC DEVICE SYSTEM AND STORAGE DEVICE - When an SD card is connected to an SD socket of an electronic device, a control unit of the SD card obtains permission/inhibition information (an output signal) outputted from a setting unit of the electronic device. Based on the obtained permission/inhibition information, the control unit starts the operation of a DC-DC converter corresponding to a memory unit from which reading-out of data is permitted. By virtue of this, reading-out of data from the memory unit is achieved in correspondence to the permission/inhibition information. | 05-30-2013 |
20130145112 | TIME MANAGED READ AND WRITE ACCESS TO A DATA STORAGE DEVICE - Time managed read and write access to a data storage device. As a part of time managed read and write access to a data storage device, a request for read and/or write access to the data storage device is accessed and it is determined whether the request for read and/or write access to the data storage device is to be granted. Based on the determination, read and/or write access to the data storage device is either allowed or blocked. If read and/or write access is allowed, read and/or write access is terminated after passage of a predetermined period of time. | 06-06-2013 |
20130145113 | MEMORY PINNING THROUGH BUFFER ENCAPSULATION - The present invention extends to methods, systems, and computer program products for memory pinning through buffer encapsulation. Within a managed execution environment, a wrapper object encapsulates a memory buffer that is to be shared with a native routine executing in a native execution environment. The wrapper object manages operation of a memory manager on a memory heap corresponding to the memory buffer. The wrapper object includes a first function which sets a pin on the memory buffer and returns a pointer identifying the memory buffer. Setting the pin causes the memory manager to cease moving the memory buffer within the memory heap. The wrapper object also includes a second function which releases the pin on the memory buffer. | 06-06-2013 |
20130145114 | CONTROL OF PAGE ACCESS IN MEMORY - The present techniques provide systems and methods of controlling access to more than one open page in a memory component, such as a memory bank. Several components may request access to the memory banks. A controller can receive the requests and open or close the pages in the memory bank in response to the requests. In some embodiments, the controller assigns priority to some components requesting access, and assigns a specific page in a memory bank to the priority component. Further, additional available pages in the same memory bank may also be opened by other priority components, or by components with lower priorities. The controller may conserve power, or may increase the efficiency of processing transactions between components and the memory bank by closing pages after time outs, after transactions are complete, or in response to a number of requests received by masters. | 06-06-2013 |
20130159653 | Predictive Lock Elision - In at least one embodiment, a method includes determining whether to elide a lock operation based on success of or failure of one or more previous transactional memory operations associated with one or more respective previous lock elisions. In at least one embodiment of the method, the lock operation is associated with a first access of a shared resource and the one or more previous lock elisions are associated with respective one or more previous accesses of the shared resource. | 06-20-2013 |
20130159654 | Electronic Device and Save Data Recording Method - A virtual capacity acquisition unit acquires a size of virtual capacity of a save data area from an application. A storage capacity acquisition unit acquires a size of save data of the application. A writing control unit prohibits the application from writing the save data exceeding the virtual capacity in a recording device. A free space acquisition unit acquires a size of free space of the recoding device, and the writing control unit prohibits the writing of save data whose size is larger than that of the free space. | 06-20-2013 |
20130166869 | UNLOCK A STORAGE DEVICE - Unlocking a storage device including identifying a platform configuration register value in response to a computing machine powering on, configuring a security component to seal an authorization based on the platform configuration register value and storing a sealed authorization onto non-volatile memory, and unlocking the storage device in response to the computing machine resuming from a sleep state and unsealing the sealed authorization with the security component from the non-volatile memory. | 06-27-2013 |
20130198474 | METHOD AND SYSTEM FOR PROVIDING RESTRICTED ACCESS TO A STORAGE MEDIUM - A system, apparatus, method, or computer program product of restricting file access is disclosed wherein a set of file write access commands are determined from data stored within a storage medium. The set of file write access commands are for the entire storage medium. Any matching file write access command provided to the file system for that storage medium results in an error message. Other file write access commands are, however, passed onto a device driver for the storage medium and are implemented. In this way commands such as file delete and file overwrite can be disabled for an entire storage medium. | 08-01-2013 |
20130212348 | Secure Memory Interface - A secure memory interface includes a reader block, a writer block, and a mode selector for detecting fault injection into a memory device when a secure mode is activated. The mode selector activates or deactivates the secure mode using memory access information from a data processing unit. Thus, the data processing unit flexibly specifies the amount and location of the secure data stored into the memory device. | 08-15-2013 |
20130219143 | VIRTUALIZING PHYSICAL MEMORY IN A VIRTUAL MACHINE SYSTEM - A processor including a virtualization system of the processor with a memory virtualization support system to map a reference to guest-physical memory made by guest software executable on a virtual machine which in turn is executable on a host machine in which the processor is operable to a reference to host-physical memory of the host machine. | 08-22-2013 |
20130227235 | EXTENSIBLE HARDWARE DEVICE CONFIGURATION USING MEMORY - The present disclosure provides a system and method for implementing extensible hardware configuration using memory. A memory containing an Info Block is provided. The Info Block contains a set of descriptors, which comprises an address part and a data part. The OTP Engine reads each valid descriptor stored in the Info Block, and writes the data in the data part into the memory location specified by the address part. The OTP Engine interacts with the Info Block by accessing the Info Block Controller registers via the central system bus. | 08-29-2013 |
20130232314 | COMMUNICATION MANAGEMENT APPARATUS, COMMUNICATION MANAGEMENT METHOD, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, a communication management apparatus mediates data between an information processing terminal having a temporary memory and an external memory device that is installed outside the information processing terminal. The apparatus includes a receiving unit configured to receive a write request issued by a device other than the information processing terminal for writing the data in the external memory device; a reading-writing unit configured to control reading of the data from the external memory device and control writing of the data in the external memory device; and a delete command issuing unit configured to, when the write request with respect to the external memory device is received, issue a delete command to the information processing terminal for deleting temporary data that is stored in the temporary memory. | 09-05-2013 |
20130246727 | ELECTRONIC CIRCUIT AND ARBITRATION METHOD - An electronic circuit including, a plurality of memory masters that access a memory, and an arbitration circuit that arbitrates between the plurality of memory masters requesting access to the memory. The arbitration circuit performs the following processing, when one of the plurality of memory masters has succeeded in accessing the memory, priority of the one memory master is decreased, and priority of the other one of the plurality of masters is increased, for each of the plurality of memory masters, a correction value to be applied to the priority is determined according to the number of accesses made to the memory during a certain past period, and permission to access the memory is granted to a memory master selected from along the plurality of memory masters according to the priority corrected by adding the correction value. | 09-19-2013 |
20130246728 | INFORMATION PROCESSING APPARATUS - A processor determines whether a first program is under execution when a second program is executed, and changes a setting of a memory management unit based on access prohibition information so that a fault occurs when the second program makes an access to a memory when the first program is under execution. Then, the processor determines whether an access from the second program to a memory area used by the first program is permitted based on memory restriction information when the fault occurs while the first program and the second program are under execution, and changes the setting of the memory management unit so that the fault does not occur when the access to the memory area is permitted. | 09-19-2013 |
20130246729 | Method for Managing a Memory of a Computer System, Memory Management Unit and Computer System - A method for managing a memory of a computer system, a memory management unit and a computer system are provided. The method includes: receiving an allocation request sent by a user process; allocating the memory for the user process according to the allocation request and setting an offline flag for the memory; receiving a locking request sent by the user process; locking the memory according to the locking request and the offline flag of the memory; and taking the memory offline according to the offline flag of the memory. The computer system includes at least one memory and a memory management unit according to an embodiment of the present invention. Thus, through the interaction between a kernel and the user process and setting an offline mode for the memory, the memory locked by the user process is taken offline. | 09-19-2013 |
20130254505 | SCSI PROTOCOL EMULATION FOR VIRTUAL STORAGE DEVICE STORED ON NAS DEVICE - A virtualization technique, in accordance with one embodiment of the present invention, includes emulating the small computing system interface (SCSI) protocol to access a virtual SCSI storage device backed by a file stored on network attached storage (NAS). | 09-26-2013 |
20130262806 | MULTIPROCESSOR SYSTEM, APPARATUS AND METHODS - Embodiments of the present invention provide methods and apparatus in a multiprocessor system, whereby a set of rules relating to memory access are created and implemented in a hardware element. The rules can be updated dynamically, for example by the sequence processor (or sequencer) used to control the multiple processing elements. | 10-03-2013 |
20130268740 | Self-Destructing Files in an Object Storage System - An object storage system providing a secure object destruction and deletion service is provided. The destruction and deletion of files can be handled through secure overwriting of files on a storage medium or through cryptographic scrambling of file contents followed by subsequent deletion from a file table. The triggering of secure deletion can be periodically scheduled or dependent upon some particular event, making files self-destructing. Methods and systems for periodic re-authorization of files are also provided, allowing self-destructing files to be persisted in an available state. | 10-10-2013 |
20130275701 | MANAGEMENT OF DATA PROCESSING SECURITY IN A SECONDARY PROCESSOR - A data processing apparatus comprises a primary processor, a secondary processor configured to perform secure data processing operations and non-secure data processing operations and a memory configured to store secure data used by the secondary processor when performing the secure data processing operations and configured to store non-secure data used by the secondary processor when performing the non-secure data processing operations, wherein the secure data cannot be accessed by the non-secure data processing operations, wherein the secondary processor comprises a memory management unit configured to administer accesses to the memory from the secondary processor, the memory management unit configured to perform translations between virtual memory addresses used by the secondary processor and physical memory addresses used by the memory, wherein the translations are configured in dependence on a page table base address, the page table base address identifying a storage location in the memory of a set of descriptors defining the translations, wherein the page table base address is defined by the primary processor and cannot be amended by the secondary processor. | 10-17-2013 |
20130275702 | SEMICONDUCTOR MEMORY DEVICE AND METHOD FOR READING OUT DATA - Unique output control is carried out in allowing or prohibiting an output unit to deliver data to outside from a memory unit, when the data at a designated address is read out of the memory unit in response to an address signal designating that address. The memory unit has an output enable/disable flag stored at a predetermined address. This flag is indicative of whether to permit the data to be delivered to outside. After power is turned on, the output unit prohibits the delivery of the data to outside until the output enable/disable flag indicates permission for data delivery to outside and the address signal designating the predetermined address is continuously supplied over N times the clock period of a clock signal. N is an integer equal to or greater than two. | 10-17-2013 |
20130290662 | INFORMATION SECURITY TECHNIQUES INCLUDING DETECTION, INTERDICTION AND/OR MITIGATION OF MEMORY INJECTION ATTACKS - Methods of detecting malicious code injected into memory of a computer system are disclosed. The memory injection detection methods may include enumerating memory regions of an address space in memory of computer system to create memory region address information. The memory region address information may be compared to loaded module address information to facilitate detection of malicious code memory injection. | 10-31-2013 |
20130297901 | MEMORY PROTECTION CIRCUIT, PROCESSING UNIT, AND MEMORY PROTECTION METHOD - A memory protection circuit | 11-07-2013 |
20130297902 | VIRTUAL DATA CENTER - A system and method are provided for securely sharing storage resources in a storage network. One or more organizations are modeled in a structure where each organization includes one or more units. Users are assigned to a unit and are also assigned a command access level. The command access level grants access to certain management commands that may be performed on storage resources. Storage resources are then bound to units in the organization and may be accessed by users in the unit. Once command access levels are assigned and storage resources are bound, access for a user in the unit is restricted to the command access level assigned to the user and the storage resources bound to the user's unit. When a command from a user is received, the command access level of the user and the bound storage resources for the unit of the user is determined. Then, a management command is performed using the bound storage for the user's unit if the command is available for the command access level. | 11-07-2013 |
20130305006 | METHOD, SYSTEM AND APPARATUS FOR REGION ACCESS CONTROL - Techniques and mechanisms for providing access to a storage device of a computer platform. In an embodiment, an agent executing on the platform may be registered for access to the storage device, the agent being allocated a memory space by a host operating system of the platform. Registration of the agent may result in a location in the allocated memory space being mapped to a location in the storage device. In another embodiment, the agent may write to the location in the allocated memory space to request access to the storage device, wherein the request is independent of any system call to the host OS which describes the requested access. | 11-14-2013 |
20130311737 | SECURE STORAGE DEVICE - A communication and security device for a portable computer is disclosed including a housing, a connector provided on the housing for physical connection to the portable computer, a computer interface coupled to the connector for communicating data with the portable computer, a wireless modem coupled to the computer interface for communicating data between the portable computer and a remote device via a wireless network, a regulator operable to regulate power in the communication and storage device, and a processor coupled to control the regulator, the processor coupled to the wireless modem and arranged to process at least one security command received by the wireless modem to control the regulator in response to the received command. | 11-21-2013 |
20130311738 | EFFICIENT LOCKING OF MEMORY PAGES - An apparatus is described that contains a processing core comprising a CPU core and at least one accelerator coupled to the CPU core. The CPU core comprises a pipeline having a translation look aside buffer. The CPU core comprising logic circuitry to set a lock bit in attribute data of an entry within the translation look-aside buffer entry to lock a page of memory reserved for the accelerator. | 11-21-2013 |
20130318319 | SYSTEMS AND METHODS FOR MANAGING ZEROED LOGICAL VOLUME - A mechanism for zeroed logical volume management is disclosed. A method includes assigning, by a computing device, a bit value to each of storage blocks in a data volume of an operating system. The method also includes permitting, by the computing device, data in the storage blocks of the data volume to be read if the bit value is set to 1. The method further includes preventing, by the computing device, the data in the storage blocks of the data volume to be read if the bit value is set to 0. | 11-28-2013 |
20130326179 | HOST MEMORY LOCKING IN VIRTUALIZED SYSTEMS WITH MEMORY OVERCOMMIT - A system and method for handling requests by virtual machines (VMs) to lock portions of main memory are disclosed. In accordance with one embodiment, a host operating system (OS) of a computer system receives a request by the guest OS of a VM to lock a portion of main memory of the computer system. The host OS determines whether locking the portion of main memory violates any of a set of constraints pertaining to main memory. The host OS locks the portion of main memory when locking does not violate any of the set of constraints. The locking prevents any page of the portion of main memory from being swapped out to a storage device. The host OS can still swap out pages of main memory that are not allocated to this VM and are not locked by any other VM. | 12-05-2013 |
20130326180 | MECHANISM FOR OPTIMIZED INTRA-DIE INTER-NODELET MESSAGING COMMUNICATION - Point-to-point intra-nodelet messaging support for nodelets on a single chip that obey MPI semantics may be provided. In one aspect, a local buffering mechanism is employed that obeys standard communication protocols for the network communications between the nodelets integrated in a single chip. Sending messages from one nodelet to another nodelet on the same chip may be performed not via the network, but by exchanging messages in the point-to-point messaging buckets between the nodelets. The messaging buckets need not be part of the memory system of the nodelets. Specialized hardware controllers may be used for moving data between the nodelets and each messaging bucket, and ensuring correct operation of the network protocol. | 12-05-2013 |
20130326181 | PROVIDING USAGE STATISTICS FOR VIRTUAL STORAGE - A method for obtaining a measurement of storage usage includes sending a request, by a processor, for the measurement of storage usage during execution of an application by the processor; counting blocks of storage to generate the measurement of storage usage by the application; and providing the measurement of storage usage to the application. | 12-05-2013 |
20130339646 | SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR UTILIZING CODE STORED IN A PROTECTED AREA OF MEMORY FOR SECURING AN ASSOCIATED SYSTEM - A security system, method, and computer program product are provided. In use, code is stored in a protected area of memory. In addition, the stored code is utilized for securing a system associated with the protected area of memory. | 12-19-2013 |
20130346717 | Method and Industrial Automation Component for Indirect Memory Addressing - An automation component and method for indirect addressing by a program of an industrial automation component, wherein to accesses a number of cells in the memory, an associated address is ascertained at runtime of the program, such that during writing of the program, an association between a structure and the addresses is created and stored, where at the runtime, for accessing the memory, a relevant element of the structure is ascertained in a first step, the associated address is read from the stored association in a second step, and the memory is accessed via the address in a third step. | 12-26-2013 |
20140006737 | PROTECTED ACCESS TO VIRTUAL MEMORY | 01-02-2014 |
20140006738 | METHOD OF AUTHENTICATING A MEMORY DEVICE BY A HOST DEVICE | 01-02-2014 |
20140006739 | Systems, Apparatuses, and Methods for Implementing Temporary Escalated Privilege | 01-02-2014 |
20140019699 | METHODS AND SYSTEMS FOR IMPLEMENTING TIME-LOCKS - A computer accesses a storage device. The computer includes a processor and a non-transitory computer-readable storage medium storing computer-readable instructions, when executed by the processor, the computer-readable instructions cause the computer to perform: storing a first time-lock and a second time-lock in the storage device; and, when both the first time-lock and the second time-lock are successfully stored in the storage device by the computer, to obtain an exclusive access privilege during a particular time interval associated with the first time-lock and the second time-lock. | 01-16-2014 |
20140019700 | WATER MARKING IN A DATA INTERVAL GAP - A storage device in which file data is divided into multiple blocks for storage on a recording medium is provided. The storage device includes an additional data storing section for storing additional data to be recorded on the recording medium in association with the data to be written, a position determining section for determining recording positions on the recording medium where the blocks should be respectively written, based on the additional data, and a block writing section for writing the respective blocks on the recording positions on the recording medium determined by the recording position determining section. The additional data this defines a gap length between blocks of recorded data. During a read operation, if the gap length does not comport with the additional data, then an error is assumed. | 01-16-2014 |
20140032865 | STORAGE SYSTEM IN WHICH INFORMATION IS PREVENTED - According to one embodiment, a storage system includes a host device, a first storing medium, and a second storing medium. The first storing medium includes: a memory provided with a protected first storing region which stores first information sent from the host device, and a second storing region which stores encoded contents; and a controller which carries out authentication processing for accessing the first storing region. The host device and the storing medium produce a bus key which is shared only by the host device and the storing medium by authentication processing, and which is used for encoding processing when information of the first storing region is sent and received between the host device and the storing medium. The host device has the capability to request the storing medium to send a status. | 01-30-2014 |
20140040584 | Multi-layer content protecting microcontroller - The present invention relates to a microcontroller designed for protection of intellectual digital content. The microcontroller includes a secure CPU, a real-time cipher, and a user programmable multi-layer access control system for internal memory realized by programmable nonvolatile memory. Programmable nonvolatile memory allows in-system and in-application programming for the end user. The programmable nonvolatile memory is mainly used for program code and operating parameter storage. The multiple-layer access control is an integral part of the CPU, providing confidentiality protection to embedded digital content by controlling reading, writing, and/or execution of a code segment according to a set of user-programmed parameters. The cipher incorporates a set of cryptographic rules for data encryption and decryption with row and column manipulation for data storage. All cryptographic operations are executed in parallel with CPU run time without incurring additional latency and delay for system operation. | 02-06-2014 |
20140047205 | INTERACTION OF TRANSACTIONAL STORAGE ACCESSES WITH OTHER ATOMIC SEMANTICS - In a processor, an instruction sequence including, in order, a load-and-reserve instruction specifying a read access to a target memory block, an instruction delimiting transactional memory access instructions belonging to a memory transaction, and a store-conditional instruction specifying a conditional write access to the target memory block is detected. In response to detecting the instruction sequence, the processor causes the conditional write access to the target memory block to fail. | 02-13-2014 |
20140047206 | INFORMATION PROCESSING APPARATUS, MEMORY CONTROL APPARATUS, AND CONTROL METHOD THEREOF - A memory control circuit is configured to take a priority for each transfer instruction into account but not the priority in a memory access unit, and thus processing of a high-priority transfer instruction received during a memory access needs to wait for a long time. The memory control apparatus divides the received transfer instruction into a memory access unit and, when the transfer instruction having a higher priority is received during the memory access, the memory access based on a low-priority transfer instruction is interrupted and starts the memory access based on the high-priority transfer instruction. | 02-13-2014 |
20140052950 | SYSTEM CONTROLLING APPARATUS, INFORMATION PROCESSING SYSTEM, AND CONTROLLING METHOD OF SYSTEM CONTROLLING APPARATUS - A system controlling apparatus that controls an information processing apparatus, includes: an issuing unit that, in accessing a component provided in the information processing apparatus, issues to the component an access request including address information specifying an address in a register provided in the component and count information indicating a number of times to access the component by the access; and an executing unit that accesses the component when a response indicating that the component permits the access request is received from the information processing apparatus. | 02-20-2014 |
20140059316 | CONCURRENT ACCESS TO A MEMORY POOL SHARED BETWEEN A BLOCK ACCESS DEVICE AND A GRAPH ACCESS DEVICE - A graph access device and block access device can simultaneously access a memory pool shared between the devices. The memory pool may include one or more memory arrays accessed as a single logical memory. The block access device accesses the memory pool as a flat array of memory blocks, and the graph access device accesses the memory pool as hierarchical file system. The simultaneous access is accomplished by monitoring one or more memory block access operations performed by the block access device, while it is accessing the memory pool. The block access operations are translated into a graph data structure including a plurality of pointers mapping the memory pool to the hierarchical file system. A processor regulates access to the memory pool, and is configured to permit the graph access device to access the memory pool concurrently with the block access device, in accordance with the graph data structure. | 02-27-2014 |
20140068217 | STORAGE SYSTEM, VIRTUALIZATION CONTROL APPARATUS, INFORMATION PROCESSING APPARATUS, AND METHOD FOR CONTROLLING STORAGE SYSTEM - An information processing apparatus is configured to make access to a storage device via a first path. A virtualization control apparatus is configured to control access to a virtual storage device via a second path, where the virtual storage device is provided by virtualizing the storage device. The virtualization control apparatus sends an identifier of the storage device in response to a query from the information processing apparatus which requests information about a storage space that is accessible via the second path. The information processing apparatus incorporates the second path as an inactive standby path when the identifier received as a response to the query matches with an identifier of the storage device accessible via the first path. | 03-06-2014 |
20140089616 | Enabling Virtualization Of A Processor Resource - In one embodiment, a processor includes an access logic to determine whether an access request from a virtual machine is to a device access page associated with a device of the processor and if so, to re-map the access request to a virtual device page in a system memory associated with the VM, based at least in part on information stored in a control register of the processor. Other embodiments are described and claimed. | 03-27-2014 |
20140089617 | Trust Zone Support in System on a Chip Having Security Enclave Processor - An SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory. | 03-27-2014 |
20140095822 | SECURE REMOVABLE MASS STORAGE DEVICES - A removable mass storage device includes a controller and a memory storage area. A secured portion of the memory storage area may be a permanently write-protected portion. Programs provided by the operating system, e.g., application programming interface (API), for accessing the memory storage area cannot disable the write-protection of the permanently write-protected portion, preventing them from writing to the permanently write-protected portion. The controller does not enforce the write-protection against a security command of a secure library, allowing writing to the permanently write-protected portion using the security command. The security command may be issued by an API of the secure library. The secured portion of the memory storage area may also be a hidden portion that is not visible to the operating system, but is accessible by way of the secure library. | 04-03-2014 |
20140101401 | RESOURCE RECOVERY FOR CHECKPOINT-BASED HIGH-AVAILABILITY IN A VIRTUALIZED ENVIRONMENT - A computer-implemented method provides checkpoint high-available for an application in a virtualized environment with reduced network demands. An application executes on a primary host machine comprising a first virtual machine. A virtualization module receives a designation from the application of a portion of the memory of the first virtual machine as purgeable memory, wherein the purgeable memory can be reconstructed by the application when the purgeable memory is unavailable. Changes are tracked to a processor state and to a remaining portion that is not purgeable memory and the changes are periodically forwarded at checkpoints to a secondary host machine. In response to an occurrence of a failure condition on the first virtual machine, the secondary host machine is signaled to continue execution of the application by using the forwarded changes to the remaining portion of the memory and by reconstructing the purgeable memory. | 04-10-2014 |
20140122820 | SYSTEM-ON-CHIP PROCESSING SECURE CONTENTS AND MOBILE DEVICE COMPRISING THE SAME - A mobile device is provided which includes a working memory having a memory area divided into a secure domain and a non-secure domain; and a system-on-chip configured to access and process contents stored in the secure domain. The system-on-chip includes a processing unit driven by at least one of a secure operating system and a non-secure operating system; at least one hardware block configured to access the contents according to control of the processing unit comprising a master port and a slave port which are set to have different security attributes; at least one memory management unit configured to control access of the at least one hardware block to the working memory; and an access control unit configured to set security attributes of the slave port and the master port or an access authority on each of the secure domain and the non-secure domain of the working memory. | 05-01-2014 |
20140129792 | PERMISSIONS OF OBJECTS IN HOSTED STORAGE - A data object is stored in a hosted storage system and includes an access control list specifying access permissions for data object stored in the hosted storage system. The hosted storage system provides hosted storage to a plurality of clients that are coupled to the hosted storage system. A request to store a second data object is received. The request includes an indicator that the first data object stored in the hosted storage system should be used as an access control list for the second data object. The second data object is stored in the hosted storage system. The first data object is assigned as an access control list for the second data object stored in the hosted storage system. | 05-08-2014 |
20140136806 | Authenticated Operations and Event Counters - Subject matter disclosed herein relates to memory devices and security of same. | 05-15-2014 |
20140143515 | VIRTUAL WRITE PROTECTION SYSTEM - An optical medium containing virtual write protect information can be recorded in drives and systems without first changing the write protection from on to off by receiving valid user input. The virtual write protection may also be enabled or disabled by additional information on the disc. | 05-22-2014 |
20140149703 | CONTENTION BLOCKING BUFFER - In response to a processor receiving data associated with a shared memory location, a contention blocking buffer stores a memory address of the shared memory location. In response to a probe seeking to take ownership of the shared memory location, the contention blocking buffer determines if the memory address indicated by the probe is stored at the contention blocking buffer. If so, the contention blocking buffer blocks the probe, thereby preventing another processor from taking ownership of the shared memory location. | 05-29-2014 |
20140149704 | MEMORY ACCESS AUTHORITY CONTROL METHOD AND MEMORY MANAGEMENT SYSTEM THEREOF - A memory access authority control method and a memory management system utilizing the method. By partitioning and designating permissible memory access intervals to different service programs in one system, it is ensured that each service program cannot access other service programs' confidential data. Thus, the security of confidential data is guaranteed. | 05-29-2014 |
20140156959 | CONCURRENT ARRAY-BASED QUEUE - According to one embodiment, a method for implementing an array-based queue in memory of a memory system that includes a controller includes configuring, in the memory, metadata of the array-based queue. The configuring comprises defining, in metadata, an array start location in the memory for the array-based queue, defining, in the metadata, an array size for the array-based queue, defining, in the metadata, a queue top for the array-based queue and defining, in the metadata, a queue bottom for the array-based queue. The method also includes the controller serving a request for an operation on the queue, the request providing the location in the memory of the metadata of the queue. | 06-05-2014 |
20140156960 | MANAGING PERMISSIONS FOR LOGICAL VOLUME MANAGERS - A logical volume manager (LVM) may manage a plurality of logical volumes and a plurality of drives in a logical data storage using metadata stored on plurality of drives. The metadata may include a first set of permissions for a storage location in one of the logical volumes. The LVM may analyze permission data associated with the storage location and may override metadata (e.g., the permissions in the metadata) with a second set of permissions obtained from the permission data. The LVM may use the second set of permission data to access the storage location. | 06-05-2014 |
20140156961 | Access to Memory Region Including Confidential Information - Embodiments herein relate to accessing a memory region including confidential information. A memory request from a process may be received. The memory request may include a process ID (PID) of the process, a requested memory address, and a requested access type. The memory request may be compared to a permission set associated with a memory region including the confidential information. Access to the memory region by the process may be controlled based on the comparison. | 06-05-2014 |
20140164725 | SYSTEM ON CHIP TO PERFORM A SECURE BOOT, AN IMAGE FORMING APPARATUS USING THE SAME, AND METHOD THEREOF - A system on chip is provided. The system on chip includes a first memory to store a plurality of encryption keys, a second memory, a third memory to store an encryption key setting value, and a CPU to decrypt encrypted data which is stored in an external non-volatile memory using an encryption key corresponding to the encryption key setting value from among the plurality of encryption keys, to store the decrypted data in the second memory, and to perform a boot using data stored in the second memory. Accordingly, security of a boot operation can be improved. | 06-12-2014 |
20140173236 | SECURE COMPUTER SYSTEM FOR PREVENTING ACCESS REQUESTS TO PORTIONS OF SYSTEM MEMORY BY PERIPHERAL DEVICES AND/OR PROCESSOR CORES - A computer system is provided for preventing peripheral devices and/or processor cores from accessing restricted portions of system memory. For example, the computer system can include a host bridge, system memory coupled to the host bridge via a first access bus, a security processor coupled to the host bridge via a memory access bus that allows the security processor to access system memory and to access the peripheral device, and a security processor memory management unit (SPMMU) coupled between the peripheral device and the host bridge. The security processor is configured to program the SPMMU via the memory access bus to specify a first restricted range of physical addresses in the system memory that the peripheral device is not permitted to access. The SPMMU can then process access requests from the peripheral device and deny access requests that are determined to be within the first restricted range. | 06-19-2014 |
20140173237 | STORAGE DEVICE, AND METHOD FOR PROTECTING DATA IN STORAGE DEVICE - A storage device includes a memory including a first storage area configured to store area information that indicates a geographical area, and a second storage area configured to store data, and a processor coupled to the memory and configured to append data storage information, which indicates a location of the storage device, to the data to be stored in the second storage area, and allow a piece of the data stored in the second storage area to become available, the piece having the data storage information indicating that the location of the storage device falls within an area indicated by the area information, while the storage device is located within the area indicated by the area information. | 06-19-2014 |
20140173238 | Methods and Circuits for Securing Proprietary Memory Transactions - Described are systems and method for protecting data and instructions shared over a memory bus and stored in memory. Independent and separately timed stream ciphers for write and read channels allow timing variations between write and read transactions. Data and instructions can be separately encrypted prior to channel encryption to further secure the information. pad generators and related cryptographic circuits are shared for read and write data, and to secure addresses. The cryptographic circuits can support variable data widths, and in some embodiments memory devices incorporate security circuitry that can implement a shared-key algorithm using repurposed memory circuitry. | 06-19-2014 |
20140181448 | TAGGING IN A STORAGE DEVICE - In an embodiment, a command issued by an entity may be acquired by a controller contained in a storage device. The command may be issued by the entity to access a block in the storage device. The entity may be associated with a tag that may identify the entity. The tag may be associated with the block. Information about the association between the tag and the block may be stored in the storage device. | 06-26-2014 |
20140181449 | MEMORY CONTROLLER AND MEMORY SYSTEM INCLUDING THE SAME - A memory system includes a memory unit and a memory controller. The memory unit includes a plurality of memory banks, wherein an information stored in a memory bank is accessed via a word line and a bit line. The memory controller is configured to limit repetitive accessing of a same word line or a same bit line so that the number of consecutive access is less than a predetermined critical value. | 06-26-2014 |
20140189274 | APPARATUS AND METHOD FOR PAGE WALK EXTENSION FOR ENHANCED SECURITY CHECKS - An apparatus and method for managing a protection table by a processor. For example, a processor according to one embodiment of the invention comprises: protection table management logic to manage a protection table, the protection table having an entry for each protected page or each group of protected pages in memory; wherein the protection table management logic prevents direct access to the protection table by user application program code and operating system program code but permits direct access by the processor. | 07-03-2014 |
20140189275 | PROVIDING VERSIONING IN A STORAGE DEVICE - Provided are a computer program product, system and method for managing Input/Output (I/O) requests to a storage device. A write request is received having write data for a logical address, wherein data for the logical address is at a first physical location in the storage device and has an indicated version number. Writing the write data to a second physical location in the storage device. Determining whether a preserve mode is enabled. In response to determining that the preserve mode is enabled, indicating the second physical location as having a current version number of the logical address and indicating the first physical location to have a previous version number of the logical address. | 07-03-2014 |
20140208052 | ELECTRONIC DEVICE AND METHOD FOR PROTECTING MEMORY THEREOF - An electronic device includes a memory, an addressing unit, a status determination unit, and a control unit. The memory unit stores a memory status parameter. The addressing unit is configured for addressing an address of the memory status parameter of the memory. The status determination unit is configured for determining a status of the memory according to a value at the addressed address. The status of the memory can be a read-only status or a writable status. The control unit is configured for modifying the value at the address of the memory status parameter to make the memory be in the read-only status when the memory is in the writable status | 07-24-2014 |
20140215174 | Accessing Memory with Security Functionality - A memory device includes a first memory portion and a second memory portion. The second memory portion includes a security functionality. The size of the first memory portion and the size of the second memory portion are adjustable. | 07-31-2014 |
20140223127 | SYSTEM AND METHOD FOR VIRTUAL HARDWARE MEMORY PROTECTION - A memory protection unit including hardware logic. The hardware logic receives a transaction from a virtual central processing unit (CPU) directed at a bus slave, the transaction being associated with a virtual CPU identification (ID), wherein the virtual CPU is implemented on a physical CPU. The hardware logic also determines whether to grant or deny access to the bus slave based on the virtual CPU ID. The virtual CPU ID is different than an ID of the physical CPU on which the virtual CPU is implemented. | 08-07-2014 |
20140223128 | MEMORY DEVICE AND METHOD FOR ORGANIZING A HOMOGENEOUS MEMORY - A memory device comprising a memory controller and a homogeneous memory accessible by the memory controller, wherein the homogeneous memory is divided by the memory controller in a first memory partition and a second memory partition, wherein the first memory partition is allocated to a first type of information comprising user data and ECC data that are arranged interleaved with the user data, and wherein the second memory partition is allocated to a second type of information comprising further user data. | 08-07-2014 |
20140237206 | Managing Personal Information on a Network - Devices, systems, and methods are provided for managing personal information by providing a centralized source or database for a user's information and enabling the user to regulate privacy levels for each information item or category of information. Templates are provided as a table of hierarchies or an onion layers model. Private information may be stored in an inner layer while public information may be stored in an outer layer, and multiple layers and categories can be defined and customized within the template. A requesting entity requests information via a disseminating server that acts as a gateway for authenticating, authorizing, and providing access to the requesting entity. The user may therefore control and regulate their online presence simply by monitoring who requests their information and adjusting privacy levels accordingly. | 08-21-2014 |
20140244956 | STORAGE SYSTEM IN WHICH FICTITIOUS INFORMATION IS PREVENTED - According to one embodiment, a storage system includes a host device and a secure storage. The host device and the secure storage produce a bus key which is shared only by the host device and the secure storage by authentication processing, and which is used for encoding processing. The host device produces a message authentication code including a message which can be stored in the secure storage based on the bus key, and sends the produced message authentication code to the secure storage. The secure storage stores the message included in the message authentication code in accordance with instructions of the host device. The host device verifies whether the message stored in the secure storage is intended contents. | 08-28-2014 |
20140258663 | METHOD AND APPARATUS FOR PREVENTING UNAUTHORIZED ACCESS TO CONTENTS OF A REGISTER UNDER CERTAIN CONDITIONS WHEN PERFORMING A HARDWARE TABLE WALK (HWTW) - A security apparatus and method are provided for performing a security algorithm that prevents unauthorized access to contents of a physical address (PA) that have been loaded into a storage element of the computer system as a result of performing a prediction algorithm during a hardware table walk that uses a predictor to predict a PA based on a virtual address (VA). When the predictor is enabled, it might be possible for a person with knowledge of the system to configure the predictor to cause contents stored at a PA of a secure portion of the main memory to be loaded into a register in the TLB. In this way, a person who should not have access to contents stored in secure portions of the main memory could indirectly gain unauthorized access to those contents. The apparatus and method prevent such unauthorized access to the contents by masking the contents under certain conditions. | 09-11-2014 |
20140258664 | METHOD AND APPARATUSES FOR READING DATA - A method of reading data includes setting first addresses defining a full image and second addresses defining a blocking region included in the full image and not reading blocking region data corresponding to the blocking region among image data corresponding to the full image using the first addresses and the second addresses. | 09-11-2014 |
20140258665 | STORAGE DEVICE, DATA PROCESSING DEVICE, REGISTRATION METHOD, ADN RECORDING MEDIUM - A storage device includes a switching unit which switches an access destination in a storage area between a first storage area and a second storage area in response to an access request from a host device; and a nonvolatile storage medium which stores a first host device information used to identify the host device in the second storage area, and a software module executed by a CPU provided in the host device, the software module comprising causing an authority grant unit which transmits a control signal for switching the access destination to the first storage area to the switching unit of the storage device, when the acquired first and second host device information are compared to find that the first and second host device information match with each other. | 09-11-2014 |
20140281318 | EFFICIENTLY SEARCHING AND MODIFYING A VARIABLE LENGTH QUEUE - Embodiments relate to ensuring that serialization is maintained between separate transactions while searching and/or modifying a variable length queue is provided. An aspect includes searching a queue using a transaction. A first sequence number is retrieved from a queue header and a second sequence number is retrieved from local storage for the transaction. The first sequence number is compared with the second sequence number according to embodiments. The search of the queue is resumed using an address of a next element saved from a previous transaction responsive to the first sequence number matching the second sequence number. The search of the queue is restarted at a first element responsive to the first sequence number not matching the second sequence number. | 09-18-2014 |
20140281319 | SYSTEM AND METHOD FOR PROTECTING DATA - A system and method are provided for protecting data. In operation, a request to read data from memory is received. Additionally, it is determined whether the data is stored in a predetermined portion of the memory. If it is determined that the data is stored in the predetermined portion of the memory, the data and a protect signal are returned for use in protecting the data. In certain embodiments of the invention, data stored in the predetermined portion of the memory may be further processed and written hack to the predetermined portion of the memory. In other embodiments of the invention, such processing may involve unprotected data stored outside the predetermined portion of the memory. | 09-18-2014 |
20140281320 | Forensic Computer Examination Systems and Methods - Systems, methods, and computer program products for facilitating write-protected virtual access to a target computing device, wherein the use and inspection of the computer device may occur without altering the digital data thereon, are disclosed. In an aspect, a user inserts a virtualization media device, which will boot the computer system in a write-protected mode. The computing device will operate through an operating system on the target computing device and instantiate the subject computer through a virtual machine environment. Such virtualization will protect target computing device files from accidental alteration during, for example, investigatory searches of the target computing device storage device. | 09-18-2014 |
20140289488 | SYSTEM FOR SECURING CONTENTS OF REMOVABLE MEMORY - This disclosure includes a method for securing a memory of an electronic system that includes initializing the memory, creating a security key, transmitting the security key to memory, storing the security key in the memory, transmitting the current security key and a a new security key to the memory by the memory controller. If the current security key transmitted is the same as the security key stored in memory, then access to the memory is enabled and the current security key in the memory is replaced with the new security key. If the current security key transmitted is not the same as the security key stored in the memory, then access to the memory is disabled. | 09-25-2014 |
20140317371 | METHOD AND SYSTEM FOR ACCESS BASED DIRECTORY ENUMERATION - Method and system for access based directory enumeration is provided. When a directory is enumerated for a first time, user credentials are verified against an access control list (ACL) entry that is referenced by an ACL inode (referred to as Xnode). The Xnode number is obtained from a file handle for a directory entry. The verification is recorded in a data structure that stores the Xnode identifier and user identifier. When the directory is enumerated again, the data structure is used to verify that the user has been validated before, instead of loading and checking against an ACL entry. | 10-23-2014 |
20140317372 | DATA FRAME SECURITY - A method of securing a data frame is provided. The method includes receiving a request from a memory client to read or write decoded data in a memory. The memory may be partitioned to have a secure memory region and an unsecure memory region. The method also includes determining if the request is associated with the secure memory region or the unsecure memory region. The method also includes determining whether the memory client has access privileges to the secure memory region if the request is associated with the secure memory region. The method also includes granting the request if the memory client is determined to have access privileges. | 10-23-2014 |
20140325174 | ACCESS CONTROL APPARATUS, ACCESS CONTROL METHOD, AND COMPUTER PROGRAM PRODUCT - According to an embodiment, an access control apparatus includes a determiner and a controller. The determiner is configured to determine whether an access state of a first device to a storage device satisfies an exclusion criterion for access to the storage device from a second device. The controller is configured to prohibit the access to the storage device from the second device when the access state of the first device satisfies the exclusion criterion. | 10-30-2014 |
20140331019 | INSTRUCTION SET SPECIFIC EXECUTION ISOLATION - A system on a chip (SoC) or other integrated system can include a first processor and at least one additional processor sharing a page table. The shared page table can include permission bits including a first permission indicator supporting the processor and a second permission indicator supporting at least one of the at least one additional processor. In one implementation, that page table can include at least one additional bit to accommodate encodings that support the at least one additional processor. When one of the processors accesses memory, a method is performed in which a shared page table is accessed and a value of the permission indicator(s) is read from the page table to determine permissions for performing certain actions including executing a page; read/write of the page; or kernel mode with respect to the page. | 11-06-2014 |
20140337596 | GROUPING METHOD AND DEVICE FOR ENHANCING REDUNDANCY REMOVING PERFORMANCE FOR STORAGE UNIT - The present invention relates to a grouping method and device for enhancing redundancy removing performance for a storage unit such as a hard disk, a solid state disk (SSD), etc. The grouping method for enhancing performance of a redundancy removing technology may include: extracting samples from data that is stored in a buffer of a memory and is standing by to be processed; performing remaining calculations on the extracted samples; and grouping samples by connecting them to a bucket corresponding to a resultant value of the remaining calculations. | 11-13-2014 |
20140351541 | Bundling File Permissions For Sharing Files - When files or other objects are to be shared, a storage system creates a bundle object that identifies the objects to be shared, and the permissions associated with objects in that bundle object. Each object is marked as being associated with a bundle object. When the object is accessed, the storage system determines if the object is associated with a bundle object. The bundle object in turn is accessed to determine the permissions to be associated with that object for the entity accessing the object. Files and other objects can be shared without copying or moving them. Any collection of files or other objects, however selected or identified, can be shared through this mechanism. Using this mechanism, a user can select several files, and then share those files in one operation without copying or moving those files or creating a new folder for those files. | 11-27-2014 |
20140351542 | POWER SAVING METHOD AND APPARATUS FOR FIRST IN FIRST OUT (FIFO) MEMORIES - In various embodiments, apparatuses and methods are disclosed to keep a memory clock gated when the data for a current memory address is the same as the data in the immediate previous memory address. For a write function, new data will only be written into the current memory address if it is different from the data in the immediate previous memory address. Similarly, for a read function, the data will only be read out of the current memory address if it is different from the data in the immediate previous memory address. Each row in the memory may have one associated status bit outside the memory. Data may only be written to or read from the current memory address when the status bit is set. Clock gating the memory ports may reduce the overall power consumption of the memory. | 11-27-2014 |
20140351543 | Method for Restricting Access to Data Stored on a Memory Card and a Memory Card - There is provided a method for restricting access to data stored on a memory card, whereby the restriction of access relates to what is able to be carried out to the data stored on the memory card during wireless communications with the memory card. Furthermore, there is also provided a memory card which is able to restrict access to data stored on it during wireless communications with it. | 11-27-2014 |
20140351544 | DEVICE SIDE HOST INTEGRITY VALIDATION - Described is a technology by which a transient storage device or secure execution environment-based (e.g., including an embedded processor) device validates a host computer system. The device compares hashes of host system data against valid hashes maintained in protected storage of the device. The host data may be a file, data block, and/or memory contents. The device takes action when the host system data does not match the information in protected storage, such as to log information about the mismatch and/or provide an indication of validation failure, e.g., via an LED and/or display screen output. Further, the comparison may be part of a boot process validation, and the action may prevent the boot process from continuing, or replace an invalid file. Alternatively, the validation may take place at anytime. | 11-27-2014 |
20140359239 | APPARATUS FOR HARDWARE ACCELERATED RUNTIME INTEGRITY MEASUREMENT - Techniques are described for providing processor-based dedicated fixed function hardware to perform runtime integrity measurements for detecting attacks on system supervisory software, such as a hypervisor or native Operating System (OS). The dedicated fixed function hardware is provided with memory addresses of the system supervisory software for monitoring. After obtaining the memory addresses and other information required to facilitate integrity monitoring, the dedicated fixed function hardware activates a lock-out to prevent reception of any additional information, such as information from a corrupted version of the system supervisory software. The dedicated fixed function hardware then automatically performs periodic integrity measurements of the system supervisory software. Upon detection of an integrity failure, the dedicated fixed function hardware uses out-of-band signaling to report that an integrity failure has occurred. | 12-04-2014 |
20140359240 | VIRTUALIZING PROCESSOR MEMORY PROTECTION WITH "L1 ITERATE AND L2 DROP/REPOPULATE" - A computing system includes a guest domain access control register (DACR), and guest first and second level page tables, the page tables containing domain identifiers used to obtain domain access information and access permission information, and the domain access information and the access permission information providing an effective guest access permission. The computing system provides a shadow page table, in which domain identifiers are used to identify domain access information in a processor DACR that are mapped from domain access information in the guest DACR, and in which access permissions are mapped from effective access permission information in the guest page tables and guest DACR. A memory management unit in the processor traverses the shadow page table, accesses the processor DACR, and combines the mapped domain access information in the processor with the mapped access permission in the shadow page table to reflect the guest intended effective access permissions. | 12-04-2014 |
20140365742 | SYSTEMS AND METHODS FOR PREVENTING UNAUTHORIZED STACK PIVOTING - An example processing system may comprise: a lower stack bound register configured to store a first memory address, the first memory address identifying a lower bound of a memory addressable via a stack segment; an upper stack bound register configured to store a second memory address, the second memory address identifying an upper bound of the memory addressable via the stack segment; and a stack bounds checking logic configured to detect unauthorized stack pivoting, by comparing a memory address being accessed via the stack segment with at least one of the first memory address and the second memory address. | 12-11-2014 |
20140372719 | SECURE PRIVILEGE LEVEL EXECUTION AND ACCESS PROTECTION - The subject disclosure is directed towards using one or more of hardware, a hypervisor, and privileged mode code to prevent system mode code from accessing user mode data and/or running user mode code at the system privilege level, or vice-versa. Also described is (in systems with a hypervisor) preventing non-hypervisor code from running in hypervisor mode or accessing hypervisor-only data, or vice-versa. A register maintained by hardware, hypervisor, or system mode code contains data access and execution polices for different chunks of addressable space with respect to which requesting entities (hypervisor mode code, system mode code, user mode code) have access to or can execute code in a given chunk. When a request to execute code or access data with respect to an address is received, the request is processed to determine to which chunk the address corresponds. The policy for that chunk is evaluated to determine whether to allow or deny the request. | 12-18-2014 |
20140380008 | MEMORY SYSTEM AND OPERATING METHOD THEREOF - A memory system and an operating method thereof stably supplies power, so that it is possible to improve performance of a memory system by omitting an operation, which has been performed in order to prevent an error due to the blocking of a power supply, in a condition in which an error due to the blocking of the power supply may not be generated. | 12-25-2014 |
20140380009 | PROTECTED MEMORY VIEW FOR NESTED PAGE TABLE ACCESS BY VIRTUAL MACHINE GUESTS - Generally, this disclosure provides systems, methods and computer readable media for a protected memory view in a virtual machine (VM) environment enabling nested page table access by trusted guest software outside of VMX root mode. The system may include an editor module configured to provide access to a nested page table structure, by operating system (OS) kernel components and by user space applications within a guest of the VM, wherein the nested page table structure is associated with one of the protected memory views. The system may also include a page handling processor configured to secure that access by maintaining security information in the nested page table structure. | 12-25-2014 |
20140380010 | SYSTEM AND APPARTUS FOR CONTROLLING USE OF MASS STORAGE DEVICES - Disclosed is a software program, USB monitoring software agent. USB monitoring software agent is a software program that monitors all USB ports of a computer and provides real-time detection of all USB devices connected to a USB port. As a USB device is detected, the device is identified, categorized, catalogued and logged in a secure persistent store, prompted for a challenge policy of use if so configured, prevent the USB device from being used if so configured, transmit information about the detected USB device to a local or remote repository by a selected industry standard telecommunication method. A method of creating a digital photograph and/or a video recording to record and identify a user of the computer contemporaneous with the insertion/removal/ejection of a USB device into or out of the computer is disclosed also. | 12-25-2014 |
20140380011 | DATA SECURITY SYSTEM - A data security system includes providing a unique identification from a first system to a second system; copying the unique identification in the second system by the first system; and unlocking a memory in the first system or the second system only when the unique identifications in the first system and the second system are the same. | 12-25-2014 |
20150026425 | ELECTRONIC DEVICE, OPERATING SYSTEM AND ACCESS CONTROL METHOD - An electronic device includes a memory protection unit configured to protect an access to a register of a device arranged in an address space. An operating system sets an access right to the register by using the memory protection unit. A process requests the operating system to operate the device when the process operates the device, and the operating system makes an access to the corresponding register in accordance with the request for the operation to operate the device. | 01-22-2015 |
20150026426 | SYSTEM AND METHOD FOR HIGH PERFORMANCE SECURE ACCESS TO A TRUSTED PLATFORM MODULE ON A HARDWARE VIRTUALIZATION PLATFORM - A system and method for high performance secure access to a trusted platform module on a hardware virtualization platform. The virtualization platform including Virtual Machine Monitor (VMM) managed components coupled to the VMM. One of the VMM managed components is a TPM (Trusted Platform Module). The virtualization platform also includes a plurality of Virtual Machines (VMs). Each of the virtual machines includes a guest Operating System (OS), a TPM device driver (TDD), and at least one security application. The VMM creates an intra-partition in memory for each TDD such that other code and information at a same or higher privilege level in the VM cannot access the memory contents of the TDD. The VMM also maps access only from the TDD to a TPM register space specifically designated for the VM requesting access. Contents of the TPM requested by the TDD are stored in an exclusively VMM-managed protected page table that provides hardware-based memory isolation for the TDD. | 01-22-2015 |
20150052325 | DATA PROCESSING SYSTEMS - A data processing system includes a host processor and a graphics processing unit operable to process data under the control of an operating system executing on the host processor. The graphics processing unit can be switched between a normal mode of operation in which the it has read and write access to data that is stored in non-protected memory regions | 02-19-2015 |
20150058586 | Guarded Memory Access in a Multi-Thread Safe System Level Modeling Simulation - Methods, systems, and machine readable medium for multi-thread safe system level modeling simulation (SLMS) of a target system on a host system. An example of a SLMS is a SYSTEMC simulation. During the SLMS, SLMS processes are executed in parallel via a plurality of threads. SLMS processes represent functional behaviors of components within the target system, such as functional behaviors of processor cores. Deferred execution may be used to defer execution of operations of SLMS processes that access a shared resource. Multi-thread safe direct memory interface (DMI) access may be used by a SLMS process to access a region of the memory in a multi-thread safe manner. Access to regions of the memory may also be guarded if they are at risk of being in a transient state when being accessed by more than one SLMS process. | 02-26-2015 |
20150058587 | METHOD AND APPARATUS FOR SECURING COMPUTER MASS STORAGE DATA - In general, embodiments of the invention include methods and apparatuses for securely storing computer system data. Embodiments of the invention encrypt and decrypt SATA data transparently to software layers. That makes it unnecessary to make any software modifications to the file system, device drivers, operating system, or application. Encryption key management is performed either remotely on a centralized Remote Management System or locally. Embodiments of the invention implement background disk backups using snapshots. Additional security features that are included in embodiments of the invention include virus scanning, a virtual/network drive, a RAM drive and a port selector that provides prioritized and/or background access to SATA mass storage to a secure subsystem. | 02-26-2015 |
20150058588 | SEMICONDUCTOR DEVICE AND MEMORY PROTECTION METHOD - According to one embodiment, a semiconductor device includes a processor, and a memory device. The memory device has a nonvolatile semiconductor storage device and is configured to serve as a main memory for the processor. When the processor executes a plurality of programs, the processor manages pieces of information required to execute the programs as worksets for the respective programs, and creates tables, which hold relationships between pieces of information required for the respective worksets and addresses of the pieces of information in the memory device, for the respective worksets. The processor accesses to the memory device with reference to the corresponding tables for the respective worksets. | 02-26-2015 |
20150058589 | OBTAINING ADDITIONAL DATA STORAGE FROM ANOTHER DATA STORAGE SYSTEM - A main data storage system has a main computer-implemented storage control and data storage, and a user interface, the main storage control in communication with a local computer-implemented storage control of a local data storage system with local data storage. In response to a request to increase data storage from the user interface, the main storage control determines whether the main data storage is out of space. If so, the main storage control sends a command to the local storage control to create data space in local data storage. The local storage control creates the data space and associates the data space with the main storage control; and, in response to the local storage control creating data space in the local data storage and notifying the main storage control, the main storage control updates its metadata with respect to the data space. | 02-26-2015 |
20150067287 | DISTRIBUTED DYNAMIC MEMORY MANAGEMENT UNIT (MMU)-BASED SECURE INTER-PROCESSOR COMMUNICATION - A first processor and a second processor are configured to communicate secure inter-processor communications (IPCs) with each other. The first processor effects secure IPCs and non-secure IPCs using a first memory management unit (MMU) to route the secure and non-secure IPCs via a memory system. The first MMU accesses a first page table stored in the memory system to route the secure IPCs and accesses a second page table stored in the memory system to route the non-secure IPCs. The second processor effects at least secure IPCs using a second MMU to route the secure IPCs via the memory system. The second MMU accesses the second page table to route the secure IPCs. | 03-05-2015 |
20150074366 | APPARATUS AND METHOD FOR IMPROVED LOCK ELISION TECHNIQUES - An apparatus and method for improving the efficiency with which speculative critical sections are executed within a transactional memory architecture. For example, a method in accordance with one embodiment comprises: waiting to execute a speculative critical section of program code until a lock is freed by a current transaction; responsively executing the speculative critical section to completion upon detecting that the lock has been freed, regardless of whether the lock is held by another transaction during the execution of the speculative critical section; once execution of the speculative critical section is complete, determining whether the lock is taken; and if the lock is not taken, then committing the speculative critical section and, if the lock is taken, then aborting the speculative critical section. | 03-12-2015 |
20150089173 | SECURE MEMORY REPARTITIONING - Secure memory repartitioning technologies are described. A processor includes a processor core and a memory controller coupled between the processor core and main memory. The main memory includes a memory range including a section of convertible pages are convertible to secure pages or non-secure pages. The processor core, in response to a page conversion instruction, is to determine from the instruction a convertible page in the memory range to be converted and convert the convertible page to be at least one of a secure page or a non-secure page. The memory range may also include a hardware reserved section are convertible in response to a section conversion instruction. | 03-26-2015 |
20150089174 | DATA ACCESS SYSTEM AND INSTRUCTION MANAGEMENT DEVICE THEREOF - A data access system includes a storage device, an instruction management device, and a host device. The host device is configured to transmit an access instruction associated with an access operation directed to an intended physical address of the storage device to the instruction management device, which compares the access instruction with a specified instruction list. When the instruction management device determines that the access instruction conforms with an instruction included in the specified instruction list, the instruction management device is configured to generate a modified access instruction associated with an access operation directed to a target physical address that is different from the intended physical address of the storage device. | 03-26-2015 |
20150089175 | BUS SYSTEM AND METHOD OF PROTECTED MEMORY ACCESS - A bus system includes a functional unit to which a unit identifier is assigned, a memory module for storage of data that has a storage region, and a bus. The functional unit is connected to the memory module via the bus. The storage region is configured such that one or more multiple global authorized identifiers are assigned thereto, so that the functional unit only has reading or writing access to the storage region if the unit identifier assigned to the functional unit corresponds to one of the global authorized identifiers assigned to the storage region. | 03-26-2015 |
20150095600 | ATOMIC TRANSACTIONS TO NON-VOLATILE MEMORY - Durable atomic transactions for non-volatile media are described. A processor includes an interface to a non-volatile storage medium and a functional unit to perform instructions associated with an atomic transaction. The instructions are to update data at a set of addresses in the non-volatile storage medium atomically. The functional unit is operable to perform a first instruction to create the atomic transaction that declares a size of the data to be updated atomically. The functional unit is also operable to perform a second instruction to start execution of the atomic transaction. The functional unit is further operable to perform a third instruction to commit the atomic transaction to the set of addresses in the non-volatile storage medium, wherein the updated data is not visible to other functional units of the processing device until the atomic transaction is complete. | 04-02-2015 |
20150095601 | INTERFACE METHODS AND APPARATUS FOR MEMORY DEVICES - A disclosed example apparatus includes an interface ( | 04-02-2015 |
20150113240 | RESTRICTING ACCESS TO SENSITIVE DATA IN SYSTEM MEMORY DUMPS - Embodiments relate to restricting access to sensitive data in system memory dumps. An aspect includes defining a memory object containing sensitive data as a secure memory object. The secure memory object is then designated to be included or excluded in system memory dumps. The secure memory object is omitted from system memory dumps if the secure memory object is designated to be excluded. On the other hand, the secure memory object is included in system memory dumps if the secure memory object is designated to be included. Although the secure memory object may be included in the system memory dump, access to the secure memory object is prevented unless a cipher is provided. | 04-23-2015 |
20150113241 | ESTABLISHING PHYSICAL LOCALITY BETWEEN SECURE EXECUTION ENVIRONMENTS - Embodiments of an invention for establishing physical locality between secure execution environments are disclosed. In one embodiment, a processor includes a storage location and an execution core. The storage location is to store a locality nonce. The execution core is to execute a first instruction to create a secure execution environment. The execution core is also to execute, from within the secure execution environment, a second instruction to read the locality nonce from the storage location. | 04-23-2015 |
20150113242 | RESTRICTING ACCESS TO SENSITIVE DATA IN SYSTEM MEMORY DUMPS - Embodiments relate to restricting access to sensitive data in system memory dumps. An aspect includes defining a memory object containing sensitive data as a secure memory object. The secure memory object is then designated to be included or excluded in system memory dumps. The secure memory object is omitted from system memory dumps if the secure memory object is designated to be excluded. On the other hand, the secure memory object is included in system memory dumps if the secure memory object is designated to be included. Although the secure memory object may be included in the system memory dump, access to the secure memory object is prevented unless a cipher is provided. | 04-23-2015 |
20150121027 | ELECTRONIC APPARATUS AND METHOD - According to one embodiment, an apparatus includes a receiver, a requesting controller, a substitution operation controller, a reflection controller, and an access controller. The receiver receives protection area information transmitted from a first application. The protection area information describes a protection area within storage. The requesting controller requests a second application to register first data based on the protection area information in a data file within a nonvolatile memory device. The substitution operation controller attempts to register the first data in the data file. The reflection controller reflects the protection area information in a kernel setting. The access controller controls access to data within the storage based on the kernel setting. | 04-30-2015 |
20150127917 | DISTRIBUTED RESERVATION SYSTEMS AND METHODS - Example distributed reservation systems and methods are described. In one implementation, multiple storage nodes are configured to store distributed data. Multiple clients are coupled to the multiple storage nodes and access data from the multiple storage nodes. A management server is coupled to the multiple storage nodes and the multiple clients. The management server manages the access of data by the multiple clients and manages reservation of the multiple storage nodes by a particular client. | 05-07-2015 |
20150127918 | CASE SECURE COMPUTER ARCHITECTURE - Two computing subsystems are disclosed, one a control subsystem, the other a user subsystem, each using engines with augmented conventional instruction sets, together with hardware and/or firmware, to compartmentalize execution of user programs to insure their behavior does not exceed defined bounds. Programs hidden in data cannot execute. User programs cannot alter the control program that manages the overall system. | 05-07-2015 |
20150134925 | GRANTING AND REVOKING SUPPLEMENTAL MEMORY ALLOCATION REQUESTS - Provided are a computer program product, system, and method for granting and revoking supplemental memory allocation requests. Supplemental memory allocations of memory resources are granted to applications following initial memory allocations of the memory resources to the applications. In response to determining that available memory resources have fallen below an availability threshold, determining a weighting factor for each supplemental memory allocation based on at least one of an amount of the memory resources allocated to the supplemental memory allocation and a measured duration during which the memory resources have been allocated. At least one of the supplemental memory allocations is selected to revoke based on the determined weighting factors of the supplemental memory allocations. | 05-14-2015 |
20150143067 | METHOD AND SYSTEM FOR QUALIFICATION OF AN ELEMENT - A method and a system for creating and qualifying one or more elements, such as multimedia content or, more generally, a performance by an author. The invention more particularly aims at associating a qualification level with an element so that a consultation work can be available, as regards relevance, robustness, skills and authorisation, and thus a degree of objective reliability can be granted to said element. Preferably, the invention relates to the generation of a bank of elements such as questions for television or radio quiz shows, on-line games, etc. | 05-21-2015 |
20150293859 | Memory Access Processing Method, Memory Chip, and System Based on Memory Chip Interconnection - A memory access processing method is based on memory chip interconnection, a memory chip, and a system, which relate to the field of electronic devices, and can shorten a time delay in processing a memory access request and improve a utilization rate of system bandwidth. The method of the present invention includes: receiving, by a first memory chip, a memory access request; and if the first memory chip is not a target memory chip corresponding to the memory access request, sending, according to a preconfigured routing rule, the memory access request to a next memory chip connected with the first memory chip, until the target memory chip corresponding to the memory access request is determined. Embodiments of the present invention are mainly used in a process of processing a memory access request. | 10-15-2015 |
20150301761 | System and method of protecting data in dynamically-allocated regions of memory - Embodiments of the claimed subject matter provide systems and methods for protecting data in dynamically allocated regions of memory. The method can include receiving the read request where the read request comprises a virtual address associated with a memory and determining a physical address associated with the virtual address. The further includes determining whether the physical address associated with the virtual address is read protected and determining whether the read request is from a component allowed to access read protected memory. The read protected memory was dynamically allocated on a per page basis. The method further includes in response to determining that the read request is to a read protected physical address and determining that the component is allowed to access read protected memory, sending the data from the physical address in the memory. | 10-22-2015 |
20150301955 | EXTENDING PROTECTION DOMAINS TO CO-PROCESSORS - Systems and methods relate to safely and efficiently operating a multiprocessing system involving cooperation of a first processor and a second processor. For example, with regard to a first process of a first processor to be handed off to a second processor for execution, a first memory protection domain (PD) is created in a common memory, the first memory PD corresponding to the first process. The first memory PD is extended between the first processor and the second processor such that the second processor is enabled to execute the first process within the first memory PD. With regard to the first process, accesses to the common memory by the first and second processors are limited to the first memory PD, which ensures safety of the first and second processors from one another. | 10-22-2015 |
20150317254 | SECURE RESERVATION MODE FOR LOGICAL UNIT NUMBERS AND PERSISTENT RESERVATIONS - A mapping system and method that enables a secure reservation mode for a plurality of logical unit numbers of a storage system, generates a plurality of secret reservation keys, and instructs a distributed client to utilize at least one of the secret reservation keys to register with the storage system and to issue secure persistent reserves to the plurality of logical unit numbers. | 11-05-2015 |
20150317259 | Memory Management Unit That Applies Rules Based on Privilege Identifier - A memory management and protection system that manages memory access requests from a number of requestors. Memory accesses are allowed or disallowed based on the privilege level of the master, usually a CPU originating the request based on a Privilege Identifier that accompanies each memory access request. Deputy masters such as DMA controllers inherit the Privilege Identifier of the originating master. An extended memory controller selects the appropriate set of segment registers based on the Privilege Identifier to insure that the request is compared to and translated by the segment register associated with the master originating the request. | 11-05-2015 |
20150324133 | SYSTEMS AND METHODS FACILITATING MULTI-WORD ATOMIC OPERATION SUPPORT FOR SYSTEM ON CHIP ENVIRONMENTS - Systems and methods that facilitate multi-word atomic operation support for systems on chip are described. One method involves: receiving an instruction associated with a calling process, and determining a first memory width associated with execution of the instruction based on an operator of the instruction and a width of at least one operand of the instruction. The instruction can be associated with an atomic operation. In some embodiments, the instruction contains a message having a first field identifying the operator and a second field identifying the operand. | 11-12-2015 |
20150331812 | INPUT/OUTPUT (I/O) PROCESSING VIA A PAGE FAULT DOORBELL MECHANISM - Systems and methods are disclosed for processing an input/output (I/O) operation. An example system includes a kernel interface that receives a notification of a page fault. The page fault is responsive to an application attempting to perform an operation on a memory region that is set to a first access mode. When the memory region is set to the first access mode, the application does not have permission to perform the operation on the memory region. The system also includes a handler that responsive to the notification (i) sets the memory region to a second access mode and (ii) spawns a kernel thread to drain data from the memory region. When the memory region is set to the second access mode, the application has permission to perform the operation on the memory region. The system further includes an I/O module that stores the data in the memory region for processing. | 11-19-2015 |
20150347050 | METHODS AND APPARATUS FOR DIVIDING SECONDARY STORAGE - Methods and apparatus for restricting access by one or more processors to an area of a secondary storage unit are presented herein. The methods and apparatus may comprise an independent programmable storage controller logic that divides a storage area of the secondary storage unit into at least a first area and a second area and controls usage of the areas as at least two virtual secondary storage units such that the processor(s) access the at least two virtual secondary storage units as if accessing at least two physical secondary storage units by selecting one of the at least two virtual secondary storage units as an active virtual secondary storage unit to provide the processor(s) access to the active virtual secondary storage unit based on a secondary storage unit configuration. Each virtual secondary storage unit may contain at least one region of which an access permission setting is modifiable. | 12-03-2015 |
20150347051 | ACCELERATION OF MEMORY ACCESS - Technologies are generally described for systems, devices and methods effective to accelerate memory access. A memory unit, including a memory and a programmable circuit, may be in communication with a processor executing a virtual machine. The memory unit may receive from the processor, a request to configure the programmable circuit in accordance with a program. The program may be associated with the virtual machine. The programmable circuit may be configured in accordance with the program. The programmable circuit may then be operated to perform one or more operations on data in the memory. | 12-03-2015 |
20150347052 | VIRTUALISATION SUPPORTING GUEST OPERATING SYSTEMS USING MEMORY PROTECTION UNITS - A processor ( | 12-03-2015 |
20150347321 | PARALLEL BLOCK ALLOCATION FOR DECLUSTERED LOGICAL DISKS - In a method for allocating space on a logical disk, a computer receives an allocation request to allocate a number of requested logical disk extents. The computer selects one of a first group having an array of logical disk extents and a second group having an array of logical disk extents. The computer selects a group having a number of free logical disk extents that is greater than or equal to the number of requested logical disk extents. The logical disk extents in the array of the first group and in the array of the second group correspond to disk blocks on a logical disk. The logical disk spans one or more physical random access disks. The computer locks the selected group to prevent allocating a logical disk extent other than in response to the allocation request. | 12-03-2015 |
20150356029 | HANDLING MEMORY ACCESS OPERATIONS IN A DATA PROCESSING APPARATUS - A processing apparatus has a memory protection unit (MPU) | 12-10-2015 |
20150370500 | MEMORY TRANSACTION HAVING IMPLICIT ORDERING EFFECTS - In at least some embodiments, a processor core executes a code segment including a memory transaction and a non-transactional memory access instructions preceding the memory transaction in program order. The memory transaction includes at least an initiating instruction, a transactional memory access instruction, and a terminating instruction. The initiating instruction has an implicit barrier that imparts the effect of ordering execution of the transactional memory access instruction within the memory transaction with respect to the non-transactional memory access instructions preceding the memory transaction in program order. Executing the code segment includes executing the transactional memory access instruction within the memory transaction concurrently with at least one of the non-transactional memory access instructions preceding the memory transaction in program order and enforcing the barrier implicit in the initiating instruction following execution of the initiating instruction. | 12-24-2015 |
20150370724 | Systems And Methods For Dynamically Protecting A Stack From Below The Operating System - Described systems and methods allow protecting a host system against malware, using hardware virtualization technology. A memory introspection engine executes at the level of a hypervisor, protecting a virtual machine (VM) from exploits targeting the call stack of a thread executing within the respective VM. The introspection engine identifies a virtual memory page reserved for the stack, but not committed to the stack, and intercepts an attempt to write to the respective page. In response to intercepting the write attempt, the memory introspection engine marks the respective page as non-executable, thus protecting the stack against exploits. | 12-24-2015 |
20150370726 | MEMORY MANAGEMENT DEVICE AND NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM - In one embodiment, a storage unit stores a table tree and verifier tree. The table tree includes parent and child tables. The verifier tree includes parent and child verifiers associated with the parent and child tables, respectively. The parent verifier is used for verifying the child table and child verifier. A device stores a secure table tree corresponded to the table tree and used for address translation and a secure verifier tree corresponded to the verifier tree, to a secure storage unit. The device executes verification, based on verification information calculated based on a first child table and first child verifier in the storage unit and a first parent verifier in the secure verifier tree. The device sets the second address of the secure table tree such that the second address designates data in the first storage unit. | 12-24-2015 |
20150370727 | MEMORY MANAGEMENT DEVICE AND NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM - In one embodiment, a device executes reading and writing for a storage unit storing a table tree and verifier tree. The table tree includes a parent table and child table. The verifier tree includes a parent verifier associated with the parent table, and a child verifier associated with the child table. The parent verifier is used for verifying the child table and child verifier. The device stores a secure table tree being a part of the table tree and used for address translation, and a secure verifier tree being a part of the verifier tree, to a secure storage unit. The device executes verification, based on verification information calculated based on a first child table and first child verifier in the storage unit and a first parent verifier in the secure verifier tree. | 12-24-2015 |
20150370728 | MEMORY MANAGEMENT DEVICE AND NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM - In one embodiment, a device executes reading and writing for a storage unit storing a table tree and verifier tree. The table tree includes a parent table and child table. The verifier tree includes a parent verifier associated with the parent table, and a child verifier associated with the child table. The parent verifier is used for verifying the child table and the child verifier. The device stores a secure table tree being a part of the table tree and used for address translation, and a secure verifier tree being a part of the verifier tree, to a secure storage unit. The device, when data has a read-only attribute, calculates verification information based on the data and a secure value varying according as the data is updated, and executes verification based on a verifier corresponded to the data and the verification information. | 12-24-2015 |
20150378633 | METHOD AND APPARATUS FOR FINE GRAIN MEMORY PROTECTION - An apparatus and method for fine grain memory protection. For example, one embodiment of a method comprises: performing a first lookup operation using a virtual address to identify a physical address of a memory page, the memory page comprising a plurality of sub-pages; determining whether sub-page permissions are enabled for the memory page; if sub-page permissions are enabled, then performing a second lookup operation to determine permissions associated with one or more of the sub-pages of the memory page; and implementing the permissions associated with the one or more sub-pages. | 12-31-2015 |
20150378936 | DYNAMIC MEMORY ACCESS MANAGEMENT - A system, a method and a computer program product for managing memory access of an avionics control system having at least one control computer having at least one memory control device. The method includes assigning a memory access of at least one unique memory region of at least one memory unit to each of at least one application task or task set. A memory access of at least one application data update task is assigned to at least one subregion of one or more of the at least one unique memory region. At least one data parameter is written to the at least one subregion and the assigned memory access of the at least one application data update task de-activated. | 12-31-2015 |
20160004850 | SECURE DOWNLOAD FROM INTERNET MARKETPLACE - A method and system for secure download includes generating a path to a location where a downloadable object is temporarily stored. The method can include receiving a request for a downloadable object, generating one or more unique identifiers, creating a path to the requested object using the unique identifiers, storing a copy of the requested object in a temporary location indicated by the path, and returning the generated path to the requestor. The method can further include receiving a path to a downloadable object and, responsive to a determination that the path is valid, returning the downloadable object. A generated path can be rendered obsolete and its corresponding file removed from the temporary location after a predefined time interval has elapsed. A database of the generated paths and associated files may be periodically checked, and those paths and files that have been stored in the database beyond a pre-definable expiry time can be removed. | 01-07-2016 |
20160011992 | VARIABLE HANDLES | 01-14-2016 |
20160026404 | OBJECT CLASSIFICATION AND IDENTIFICATION FROM RAW DATA - Raw data is accessed from a storage device. A sample survey technique is used on the raw data to select a sample data. A data science technique is used on the sample data to determine a sample data category. The raw data is classified at least in part by considering the sample data category. A tier of storage is identified for the raw data on the storage device based on the classification. | 01-28-2016 |
20160026583 | Memory Access During Memory Calibration - A multi-rank memory system in which calibration operations are performed between a memory controller and one rank of memory while data is transferred between the controller and other ranks of memory. A memory controller performs a calibration operation that calibrates parameters pertaining to transmission of data via a first data bus between the memory controller and a memory device in a first rank of memory. While the controller performs the calibration operation, the controller also transfers data with a memory device in a second rank of memory via a second data bus. | 01-28-2016 |
20160034404 | MANAGING ACCESS TO STORAGE - A method, system, and computer program product for managing data in a storage facility is disclosed. A data set is selected for management based on a usage factor and a value factor. In a control block for the data set, a permissible address-range for access to a unit of storage space is established. A requested address-range of an access request configured for the unit of storage space is identified. By comparing the permissible address-range and the requested address-range, a determination is made whether to process the access request. An event response is initiated in response to determining to disallow processing of the access request. | 02-04-2016 |
20160041785 | CONTROL OF PAGE ACCESS IN MEMORY - The present techniques provide systems and methods of controlling access to more than one open page in a memory component, such as a memory bank. Several components may request access to the memory banks. A controller can receive the requests and open or close the pages in the memory bank in response to the requests. In some embodiments, the controller assigns priority to some components requesting access, and assigns a specific page in a memory bank to the priority component. Further, additional available pages in the same memory bank may also be opened by other priority components, or by components with lower priorities. The controller may conserve power, or may increase the efficiency of processing transactions between components and the memory bank by closing pages after time outs, after transactions are complete, or in response to a number of requests received by masters. | 02-11-2016 |
20160041928 | SPLIT MODE ADDRESSING A PERSISTENT MEMORY - A system and method for addressing split modes of persistent memory are described herein. The system includes a non-volatile memory comprising regions of memory, each region comprising a range of memory address spaces. The system also includes a memory controller (MC) to control access to the non-volatile memory. The system further includes a device to track a mode of each region of memory and to define the mode of each region of memory. The mode is a functional use model. | 02-11-2016 |
20160048334 | SYSTEM AND METHOD FOR CALIBRATION OF A MEMORY INTERFACE - A system includes memory unit having one or more storage arrays, and a memory interface unit that may be coupled between a memory controller and the memory unit. The memory interface unit may include a timing unit that may generate timing signals for controlling read and write access to the memory unit, and a control unit that may calibrate the timing unit at predetermined intervals. However, in response to an occurrence of a given predetermined interval, the memory interface unit may be configured to calibrate the timing unit using a number of partial calibration segments. | 02-18-2016 |
20160048457 | DYNAMIC MEMORY ADDRESS REMAPPING IN COMPUTING SYSTEMS - A method provides security in a computing system including a processor having a logical address space and external system memory having physical address space. The method comprises hiding memory access patterns, including dynamically remapping the logical address space to the physical address space in response to data accesses to the logical address space. | 02-18-2016 |
20160048458 | Computer Security Systems and Methods Using Hardware-Accelerated Access To Guest Memory From Below The Operating System - Described systems and methods allow computer security software to access a memory of a host system with improved efficiency. A processor and a memory management unit (MMU) of the host system may be configured to perform memory access operations (read/write) in a target memory context, which may differ from the implicit memory context of the currently executing process. In some embodiments, the instruction set of the processor is extended to include new categories of instructions, which, when called from outside a guest virtual machine (VM) exposed by the host system, instruct the processor of the host system to perform memory access directly in a guest context, e.g., in a memory context of a process executing within the guest VM. | 02-18-2016 |
20160048463 | ASSIGNMENT CONTROL METHOD, SYSTEM, AND RECORDING MEDIUM - An assignment control method including: assigning, by circuitry, a processor core among a plurality of processor cores to a thread in accordance with receiving an instruction for starting a process for the thread; identifying, by the circuitry, address information of memory area, with which the processor core assigned to the thread accesses, based on identification information identifying the processor core assigned to the thread and associating information stored in a storage unit, the associating information associating identification information of the plurality of processor cores with address information of different memory areas each of which corresponds to one of the plurality of processor cores executing the process of the thread; and controlling, by the circuitry, the processor core assigned to the thread to access corresponding memory area using the identified address information. | 02-18-2016 |
20160048465 | WIRELESS AUTHENTICATION SYSTEM AND METHOD FOR UNIVERSAL SERIAL BUS STORAGE DEVICE - A wireless authentication system for universal serial bus (USB) storage device has a USB storage device mounted on a computer unit with the storage device wirelessly connected to a remote device. The remote device has a dedicated application installed therein and transmitting authentication information to the storage device for establishing a dedicated link. A storage space of the storage device is set by the computer unit to be accessible. When users activate the remote device for sending out an operation command, the operation command includes at least one encryption command and at least one decryption command. The storage device performs a corresponding data management mode according to the operation command. Accordingly, the storage device can be wirelessly managed to enhance personal data security and operational convenience of the storage device. | 02-18-2016 |
20160055103 | APPARATUS, ELECTRONIC DEVICES AND METHODS ASSOCIATED WITH AN OPERATIVE TRANSITION FROM A FIRST INTERFACE TO A SECOND INTERFACE - Subject matter disclosed herein relates to an apparatus comprising memory and a controller, such as a controller which determines block locking states in association with operative transitions between two or more interfaces that share at least one block of memory. The apparatus may support single channel or multi-channel memory access, write protection state logic, or various interface priority schemes. | 02-25-2016 |
20160062917 | Control for Authenticated Accesses to a Memory Device - The embodiments of the invention describe settings, commands, command signals, flags, attributes, parameters or the like for signed access prior to allowing data to be written to (e.g., a write access), read from (e.g., a read access) or erased from (e.g., an erase access) protected areas of a memory device (e.g., a region, logical unit, or a portion of memory in the storage module). | 03-03-2016 |
20160070499 | Configuring Circuitry with Memory Access Constraints for a Program - Techniques are disclosed relating to configuring an interlock memory system. In one embodiment, a method includes determining a sequence of memory access requests for a program and generating information specifying memory access constraints based on the sequence of memory accesses, where the information is usable to avoid memory access hazards for the sequence of memory accesses. In this embodiment, the method further includes configuring first circuitry using the information, where the first circuitry is included in or coupled to a memory. In this embodiment, after the configuring, the first circuitry is operable to perform memory access requests to the memory corresponding to the sequence of memory accesses while avoiding the memory access hazards, without receiving other information indicating the memory access hazards. | 03-10-2016 |
20160070656 | WRITE PROTECTION MANAGEMENT SYSTEMS - Write protection management systems are disclosed. In this regard, in one exemplary aspect, a security control system is provided to authorize and write a specified number of data blocks to a write-protected region in a storage device. In another exemplary aspect, a write control system is provided to keep track of data blocks written to the write-protected region. The write control system automatically re-enables write protection on the write-protected region after the specified number of data blocks has been written to the write-protected region. By automatically protecting the write-protected region after writing the specified number of data blocks, it is possible to prevent unauthorized attempts to write to the write-protected region, thus ensuring data security and integrity in the write-protected region. | 03-10-2016 |
20160070657 | Electronic Apparatus and Management Method Thereof - An electronic apparatus operating with a memory includes an operating module, a management module, a database and a filtering module. When the operating module needs to use the memory for performing a task, the operating module issues a memory request. The management module determines whether the memory request is to be permitted. When the memory request is permitted, the management module generates a requested data chunk according to the memory request. The filtering module receives the requested data chunk from the management module, and determines whether to store the requested data chunk into the data base according to a predetermined filtering condition. | 03-10-2016 |
20160085695 | MEMORY INITIALIZATION IN A PROTECTED REGION - Secure memory allocation technologies are described. A processor includes a processor core and a memory controller that is coupled between the processor core and main memory. The main memory comprises a protected region including secured pages. The processor, in response to a content copy instruction, is to initialize a target page in the protected region of an application address space. The processor, in response to the content copy instruction, is also to select content of a source page in the protected region to be copied. The processor, in response to the content copy instruction, is also to copy the selected content to the target page in the protected region of the application address space. | 03-24-2016 |
20160092133 | DATA ALLOCATION CONTROL APPARATUS AND DATA ALLOCATION CONTROL METHOD - When access to a second data block located in a second storage area occurs immediately after access to a first data block located in a first storage area, a data allocation control apparatus updates access information indicating an access sequence of the data blocks, based on identification information of the first data block and identification information of the second data block. The data allocation control apparatus determines whether to perform relocation of a first data group related to the first data block and a second data group related to the second data block, based on the access information and allocation information indicating an allocation status of the data blocks in the first storage area and the second storage area. | 03-31-2016 |
20160092376 | PROCESSING SECURE DATA - An electronic device is provided. The electronic device includes a first control module including a normal module and a security module, and a second control module distinct from the first control module. The normal module sets a secure memory which the security module and the second control module access, and the security module determines validity of the set secure memory. | 03-31-2016 |
20160092377 | METHOD FOR FAST ACCESS TO A SHARED MEMORY - A system, a method, and an apparatus are disclosed. In an embodiment, a system includes a host processor with a communications unit, a memory coupled to the communications unit, and a coprocessor coupled to the communications unit. The memory may include at least a first area and a second area. The coprocessor may be configured to request access to the first area of the memory via the communications unit. The communications unit may be configured to verify an identity of the coprocessor, and grant access to the first area of the memory responsive to a positive identification of the coprocessor. | 03-31-2016 |
20160092378 | PROCESSING DATA - A method for executing a program code is suggested, the method comprising: checking a memory access policy resource based on a trigger; and comparing a current program counter with a program counter information provided by the memory access policy resource and, in case the comparison of the current program counter and the program counter information fulfills a predefined condition, conducting a memory access policy check to allow permitted operations. | 03-31-2016 |
20160110130 | SECURE DATA STORAGE BASED ON PHYSICALLY UNCLONABLE FUNCTIONS - Technologies are generally described for partial programming of memory having physically unclonable functions for secure data storage. In some examples, a sender that wishes to securely send data to a recipient using a physical memory may measure a program threshold average and a program threshold variation for bits in the memory and group the bits into different bins based on the measured average and variation. The sender may partially program the data to a set of bits selected from one or more of the bins by applying partial program pulses to the bits based on the program threshold average and the program threshold variation. The sender may then provide the partially-programmed memory to the recipient. The recipient may then partially program the received memory based on the program threshold average and the program threshold variation to recover the programmed data. | 04-21-2016 |
20160139808 | USING COUNTERS AND A TABLE TO PROTECT DATA IN A STORAGE DEVICE - Provided are a system, memory controller, and method for using counters and a table to protect data in a storage device. Upon initiating operations to modify a file in the storage device, a storage write counter is incremented in response to initiating the operations to modify the file. In response to incrementing the storage write counter, write table operations are initiated including setting a table write counter to a storage write counter and setting a table commit counter to the storage commit counter plus a value. The operation to modify the file in response to completing the write table operations. The system commit counter is incremented by the value in response to completing the operation to modify the file. | 05-19-2016 |
20160139845 | STORAGE LEVEL ACCESS CONTROL FOR DATA GROUPING STRUCTURES - One or more techniques and/or systems are provided for implementing storage level access control for data grouping structures. For example, a storage level access guard may be defined for a data grouping structure (e.g., a Qtree, a portion of a volume, etc.) of a storage device. The storage level access guard may be defined at a storage level of the storage device such that clients and/or certain administrators such as domain administrators may be restricted from accessing and/or changing the storage level access guard, which may increase data security. A hidden and unmodifiable property may be applied to the storage level access guard, which may be stored in a directory associated with the data grouping structure so that a logical replication of the data grouping structure may also replicate the storage level access guard. | 05-19-2016 |
20160139846 | METHOD AND AN INTEGRATED CIRCUIT FOR EXECUTING A TRUSTED APPLICATION WITHIN A TRUSTED RUNTIME ENVIRONMENT - A method and an integrated circuit ( | 05-19-2016 |
20160139850 | MANAGING METHOD OF STORAGE DEVICE, COMPUTER SYSTEM AND STORAGE MEDIUM - According to one embodiment, a managing method of a storage device including a storage unit capable of being divided into a plurality of storage areas, and being capable of setting an access restriction for each of the storage areas, the method includes setting access restriction information on the access restriction to a desired one of the storage areas, and setting predetermined information which indicates whether the desired storage area is accessible or not and which is capable of being recognized by a host system. | 05-19-2016 |
20160147667 | ADDRESS TRANSLATION IN MEMORY - According to one general aspect, a computational memory may include memory cells configured to store data and a page table, wherein the page table maps, at least in part, a virtual address to a physical address. The computational memory may also include at least one processor-in-memory. Each processor-in-memory may be configured to: receive a request to execute an instruction utilizing the portion of the data stored by the memory cells, wherein the request includes the virtual address, request the physical address from a translator, and execute the instruction utilizing the physical address. The computational memory may further include the translator which may be configured to, for each processor-in-memory, convert, by accessing the page table, a virtual address associated with a portion of the data to a physical address associated with the portion of the data. | 05-26-2016 |
20160147672 | DEVICE HAVING MEMORY ACCESS PROTECTION - A device has a protection unit for controlling access to a memory. Indirect memory access requests have control data indicative of a memory access control register to be written to provide indirect access to a target memory and requested address data indicative of at least one memory address of the target memory to be accessed. The protection unit contains protection data defining access rights of source units to access specified address ranges of the target memory, and a system bus interface interfacing to a source unit and a memory bus interface interfacing to the target memory via a controller. The protection unit has a control monitor for detecting an indirect memory access request, and an indirect address monitor for comparing requested address data to specified address ranges and subsequently grant the indirect memory access in accordance with access rights of the respective source unit. | 05-26-2016 |
20160147673 | MICROCOMPUTER AND METHOD FOR CONTROLLING MEMORY ACCESS - A memory control system includes a memory connected to a memory bus, the memory including a plurality of access areas, a memory controller connected to the memory bus, a plurality of registers corresponding to the plurality of access areas, each of the plurality of registers configured to set an access permission or prohibition for a corresponding access area, a CPU (Central Processing Unit) configured to issue a first access request for accessing one of the plurality of access areas, and a memory access controller configured to determine whether an access to the memory is permissible or prohibited using the first access request and the plurality of registers, the memory access controller outputting a second access request in accordance with a determination result. | 05-26-2016 |
20160147674 | SYSTEMS AND METHODS FOR PROTECTION OF REFLECTIVE MEMORY SYSTEMS - A computing device within a reflective memory system includes a memory block and a special purpose processor. The memory block includes a plurality of memory areas, which are configured to store data of a corresponding one of a plurality of external devices. The special purpose processor is configured to intercept a write request. The write request is associated with a first external device of the plurality of external devices, and the first external device is associated with a first memory area of the plurality of memory areas. The special purpose processor is configured to determine whether the write request is valid or invalid, write the data of the first external device to the first memory area if the write request is valid, and prevent the data of the first external device from being written to the memory block if the write request is invalid. | 05-26-2016 |
20160170653 | SYSTEM AND METHOD FOR BALLOONING WTH ASSIGNED DEVICES | 06-16-2016 |
20160170680 | DATA COMMUNICATION SYSTEM DEVICE AND METHOD | 06-16-2016 |
20160170910 | GENERATING AND/OR EMPLOYING A DESCRIPTOR ASSOCIATED WITH A MEMORY TRANSLATION TABLE | 06-16-2016 |
20160179696 | METHOD AND APPARATUS TO ALLOW SECURE GUEST ACCESS TO EXTENDED PAGE TABLES | 06-23-2016 |
20160179704 | System and Method for Providing Kernel Intrusion Prevention and Notification | 06-23-2016 |
20160188242 | COMPUTER INSTRUCTIONS FOR LIMITING ACCESS VIOLATION REPORTING WHEN ACCESSING STRINGS AND SIMILAR DATA STRUCTURES - Embodiments are directed to a method of accessing a data frame. The method includes, based at least in part on a determination that the data frame spans first and second memory blocks, and further based at least in part on a determination that the processor has access to the first and second memory blocks, accessing the data frame. The method includes, based at least in part on a determination that the data frame spans the first and second memory blocks, and based at least in part on a determination that the processor has access to the first memory block but does not have access to the second memory block, accessing a first portion of the data frame that is in the first memory block, and accessing at least one default character as a replacement for accessing a second portion of the data frame that is in the second memory block. | 06-30-2016 |
20160188243 | MEMORY ACCESS PROTECTION USING PROCESSOR TRANSACTIONAL MEMORY SUPPORT - Technologies for detecting unauthorized memory accesses include a computing device with a processor having transactional memory support. The computing device executes a security assistance thread that starts a transaction using the transactional memory support. Within the transaction, the security assistance thread writes arbitrary data to one or more monitored memory locations. The security assistance thread waits without committing the transaction. The security assistance thread may loop endlessly. The transactional memory support of the computing device detects a transactional abort caused by an external read of the monitored memory location. The computing device analyzes the transactional abort and determines whether a security event has occurred. The computing device performs a security response if a security event has occurred. The monitored memory locations may include memory-mapped operating system libraries, kernel data structures, executable images, or other memory structures that may be scanned by malicious software. Other embodiments are described and claimed. | 06-30-2016 |
20160188244 | Apparatus and method for providing security for memory in electronic device - A method of operating an electronic device includes storing access authority information indicating whether access to each of memory units of at least one access-restricted region from among a plurality of regions in a storage space is allowed or not. The method further includes, when an access request to the at least one access-restricted region is generated, determining whether to allow access based on the access authority information. | 06-30-2016 |
20160196083 | METHOD AND DEVICE FOR MONITORING DATA INTEGRITY IN SHARED MEMORY ENVIRONMENT | 07-07-2016 |
20160202917 | Apparatus and Data Processing Systems for Accessing an Object | 07-14-2016 |
20160203089 | EXPANDER DATA ROUTING | 07-14-2016 |
20160378381 | MAILBOX COMMUNICATION MECHANISM WITH OWNERSHIP LOCKING - A Lock register can be associated with a mailbox. The Lock register can store a claim ID of a process that has allocated the mailbox. The Lock register can include a Lock port and a Lock Clear port, used to claim and release the Lock register. The Lock register only permits data to be written to the Lock Register when the Lock register is not currently allocated, and the Lock Clear port only permits the process that has allocated the Lock register to write a value. | 12-29-2016 |
20160378383 | NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM, CONCEALMENT DETERMINATION APPARATUS, AND CONCEALMENT DETERMINATION METHOD - A non-transitory computer-readable storage medium that stores a concealment determination program causing a computer to perform a process including determining whether, upon reception of a request to update data stored in a storage unit, the data that is updated is to be concealed based on the updated data, storing a result of the determining in the storage unit in association with the updated data, and determining, upon reception of a request from a device to read out the updated data, whether to return the updated data to the device by referring the result of the determining associated with the updated data. | 12-29-2016 |
20160378678 | DYNAMIC PAGE TABLE EDIT CONTROL - Generally, this disclosure provides systems, methods and computer readable media for a page table edit controller configured to control access to guest page tables by virtual machine (VM) guest software through the manipulation of extended page tables. The system may include a translation look-aside buffer (TLB) to maintain a policy to lock one or more guest linear addresses (GLAs) to one or more allowable guest physical addresses (GPAs); a page walk processor to update the TLB based on the guest page tables; and a page table edit control (PTEC) module to: identify entries of the guest page tables that map GLAs associated with the policy to a first GPA; verify that the mapping conforms to the policy; and place the guest page table into one of a plurality of restricted accessibility states based on the verification, the restricted accessibility applied to the VM guests and to the page walk processor. | 12-29-2016 |
20160378685 | VIRTUALIZED TRUSTED STORAGE - Particular embodiments described herein provide for an electronic device that can be configured to receive a request from a process to access data is a system, determine if the data is in a virtualized protected area of memory in the system, and allow access to the data if the data is in the virtualized protected area of memory and the process is a trusted process. The electronic device can also be configured to determine if new data should be protected, store the new data in the virtualized protected area of memory in the system if the new data should be protected, and store the new data in an unprotected area of memory in the system if the new data should not be protected. | 12-29-2016 |
20160378691 | SYSTEM, APPARATUS AND METHOD FOR PROTECTING A STORAGE AGAINST AN ATTACK - In one embodiment, an apparatus includes a storage controller to couple to a storage device. The storage controller may include a first counter to maintain a first count of incoming read requests to the storage device, a second counter to maintain a second count of incoming write requests to the storage device, and a workload analysis logic to calculate a workload ratio based at least in part on the first count and the second count, compare the workload ratio to an estimated workload ratio, and issue a tamper alert based at least in part on the comparison. Other embodiments are described and claimed. | 12-29-2016 |
20170235509 | METHOD AND AN APPARATUS, AND RELATED COMPUTER-PROGRAM PRODUCTS, FOR MANAGING ACCESS REQUEST IN MULTI-TENANCY ENVIRONMENTS | 08-17-2017 |
20170235683 | AUTHENTICATION METHOD, AUTHENTICATION PROGRAM MEDIUM, AND INFORMATION PROCESSING APPARATUS | 08-17-2017 |
20170235944 | Hacking-Resistant Computer Design | 08-17-2017 |
20180024763 | MEMORY SYSTEM STORING BLOCK PROTECTION INFORMATION | 01-25-2018 |
20180024943 | RISK IDENTIFICATION BASED ON ADDRESS MATCHING | 01-25-2018 |
20190146693 | ADDRESS SPACE ACCESS CONTROL | 05-16-2019 |
20220137838 | METHOD AND SYSTEM FOR MANAGING DATA IN A COMPUTER SYSTEM - Apparatus and methods for managing data in a computer system are disclosed. An example apparatus is to at least: facilitate storage of first subsidiary data, the first subsidiary data representing information related to a customer account; facilitate storage of second subsidiary data, the second subsidiary data representing at least a portion of the information related to the customer account; determine a geographic location of a computing device that is remote to the data storage device; determine whether the geographic location of the computing device satisfies a predefined criterion; and, when the geographic location of the computing device satisfies the predefined criterion, change the first subsidiary data and change the second subsidiary data. | 05-05-2022 |
20220138115 | SECURE DATA STREAM PROCESSING USING TRUSTED EXECUTION ENVIRONMENTS - A method for securing data stream processing includes implementing a stage of a data processing pipeline in a trusted execution environment. A state of the stage is represented by a graph-based data structure. Protected memory of the trusted execution environment is reserved for computations of the stage. A key-value store is maintained in the protected memory. The key-value store includes hashes of graph segments of the graph-based data structure for the computations and memory locations of the graph segments. A state part of the computations is moved from the protected memory to unprotected memory. The state part of the computations is loaded back to the protected memory. An integrity of a computation using the state part of the computations is checked using the hashes in the key-value store. | 05-05-2022 |