Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Access limiting

Subclass of:

711 - Electrical computers and digital processing systems: memory

711100000 - STORAGE ACCESSING AND CONTROL

711154000 - Control technique

Patent class list (only not empty are listed)

Deeper subclasses:

Class / Patent application numberDescriptionNumber of patent applications / Date published
711164000 With password or key 49
Entries
DocumentTitleDate
20080276058Storage Device For Data-Smuggling - A computer-readable storage medium having computer-readable code embodied thereon including: program code for restricting access, by a file system running on a host system, to a restricted area of a storage area of a storage device; and program code for enabling at least one application to access the restricted area via the file system. Preferably, the computer-readable code further includes: program code for enabling the storage device to copy data from a non-restricted area to the restricted area. Preferably, the computer-readable code further includes: program code for directing the storage device to route host-system read-requests, directed to addresses in the restricted area, to addresses in a non-restricted area. Preferably, the computer-readable code further includes: program code for applying access commands of the host system to restricted data residing in the restricted area when the host system requests access to non-restricted data addressed to a non-restricted area.11-06-2008
20090193212FIXED LENGTH MEMORY BLOCK MANAGEMENT APPARATUS AND CONTROL METHOD THEREOF - A fixed length memory block management apparatus has a plurality of processors which execute applications, a memory which is shared by the plurality of processors, an application program, an initialization program, and an access right allocation program being stored in the memory. The apparatus has an application execution unit which starts up the application program to execute the application, an initialization unit which starts up the initialization program to set a memory block management area including a plurality of sub-blocks at the memory, and an access right allocation unit which starts up the access right allocation program to allocate an access right of a memory block of the sub-block set by the initialization unit to the application execution unit.07-30-2009
20090193211SOFTWARE AUTHENTICATION FOR COMPUTER SYSTEMS - A technique for authenticating software in a computer system is provided that can be used to prevent unauthorized users from accessing or using certain features or resources of the computer system. In accordance with the technique, a relatively small hash table is authenticated at system boot up and then used during run-time to authenticate selected portions of a software image. The technique advantageously permits software to be authenticated in a manner that does not impose significant delays upon the boot-up time associated with the computer system. The technique is applicable to both general-purpose and special-purpose computer systems, including embedded systems.07-30-2009
20090193209METHOD FOR PROTECTING DATA IN THE HARD DISK - A method for protecting data in the hard disk is provided. The method is suitable for a computer system and includes the following steps. First, a plurality of specification parameters conforming to the computer system is read. Next, a part of the specification parameters are encoded for obtaining a recognition byte. Then, when the computer system writes data to a hard disk, a specific operation is performed to a byte read or written by the hard disk and the recognition byte for maintaining a security of the data in the hard disk.07-30-2009
20100082927Secure memory interface - A secure memory interface includes a reader block, a writer block, and a mode selector for detecting fault injection into a memory device when a secure mode is activated. The mode selector activates or deactivates the secure mode using memory access information from a data processing unit. Thus, the data processing unit flexibly specifies the amount and location of the secure data stored into the memory device.04-01-2010
20130031323MEMORY DEVICE SHARING SYSTEM, MANAGING APPARATUS ACCESS CONTROL APPARATUS, METHODS THEREFOR, AND RECORDING MEDIUM - A memory device sharing system includes M (M represents an integer of 2 or greater) access control apparatus for sharing N (N represents an integer of 2 or greater) memory devices which store data, and a managing apparatus for managing access to the memory devices via the access control apparatus. The managing apparatus checks data stored in the N memory devices, generates data position information representative of the storage positions of data stored in any one of the N memory devices, and sends the data position information to the M access control apparatus. Each of the M access control apparatuses receives the data position information sent from the manager, and accesses the storage position indicated by the data position information if each of the M access control apparatuses receives an access request to access the data from an access request source.01-31-2013
20130086348Lock-Clustering Compilation for Software Transactional Memory - A lock-clustering compiler is configured to compile program code for a software transactional memory system. The compiler determines that a group of data structures are accessed together within one or more atomic memory transactions defined in the program code. In response to determining that the group is accessed together, the compiler creates an executable version of the program code that includes clustering code, which is executable to associate the data structures of the group with the same software transactional memory lock. The lock is usable by the software transactional memory system to coordinate concurrent transactional access to the group of data structures by multiple concurrent threads.04-04-2013
20110202740Storing secure page table data in secure and non-secure regions of memory - Apparatus for data processing 08-18-2011
20110202739Restricting memory areas for an instruction read in dependence upon a hardware mode and a security flag - An apparatus for processing data 08-18-2011
20130080726INPUT/OUTPUT MEMORY MANAGEMENT UNIT WITH PROTECTION MODE FOR PREVENTING MEMORY ACCESS BY I/O DEVICES - A memory management unit is configured to receive requests for memory access from a plurality of I/O devices. The memory management unit implements a protection mode wherein the unit prevents memory accesses by the plurality of I/O devices by mapping memory access requests (from the I/O devices) to the same set of memory address translation data. When the memory management unit is not in the protected mode, the unit maps memory access requests from the plurality of I/O devices to different respective sets of memory address translation data. Thus, the memory management unit may protect memory from access by I/O devices using fewer address translation tables than are typically required (e.g., none).03-28-2013
20130036283Extended Utilization Area For a Memory Device - Methods, systems and devices for configuring access to a memory device are disclosed. The configuration of the memory device may be carried out by creating a plurality of access profiles that are adapted to optimize access to the memory device in accordance with the type of access. Accordingly, when an application with specific memory access needs is initiated, the memory access profile that is most optimized for that particular access need is utilized to configure access to the memory device. The configuration may be effected for a portion of the memory device, a partition of the memory device, or even one single access location on the memory device.02-07-2013
20130036282MANAGING MEMORY OF A COMPUTER - A method for managing data in a memory of a computer. The method includes the steps of: prohibiting a specified memory area in a memory from being accessed temporarily or intermittently; and attaching, to first data, a first mark indicating that the first data has been read when a page fault has occurred as a result of an access by any process to read on the first data; where the first data is present in a specified memory area prohibited from being accessed; and where at least one of the steps is carried out using a computer device.02-07-2013
20090177858Method and Apparatus for Controlling Memory Array Gating when a Processor Executes a Low Confidence Branch Instruction in an Information Handling System - An information handling system includes a processor with an array power management controller. The array power management controller gates off a memory array, such as a cache, to conserve power whenever a group of instructions in a branch instruction queue together as a group exhibits a confidence in the accuracy of branch predictions of branch instructions therein that is less than a first predetermined threshold confidence threshold. In one embodiment of the information handling system, the array power management controller speculatively inhibits the gating off of the memory array when confidence in the accuracy of a branch prediction for a particular currently issued branch instruction exhibits less than a second predetermined threshold confidence threshold. In this manner, the array power management controller again allows access to the memory array in the event a branch redirect is likely.07-09-2009
20090172332Information processing apparatus and method of updating stack pointer - A instruction execution part of an information processing device outputs an access request including a first address information to specify an access destination based on an execution of an access command of an address space in a memory. The instruction execution part also outputs a check request including a second address information to specify a stack pointer point after extension based on an execution of a stack extension command to extend a stack included in the address space in the memory by updating a stack pointer. A protection violation detection section of the information processing device detects whether the access destination includes the plurality of the partial spaces by collating the first information with the memory protection information stored in the memory protection information storage section.07-02-2009
20090172330Protection of user-level applications based on page table information - In one embodiment, the present invention includes a virtual machine monitor (VMM) to access a protection indicator of a page table entry (PTE) of a page of a set of memory buffers and determine a state of the protection indicator, and if the protection indicator indicates that the page is a user-level page and if certain information of an agent that seeks to use the page matches that in a protected memory address array, a page table base register (PTBR) is updated to a protected page table (PPT) base address. Other embodiments are described and claimed.07-02-2009
20100106929Method and Apparatus for Providing Secure Register Access - The method and accompanying apparatus provides secure register access. In one example, as part of a secure boot process, data is written into a managed secure register (MSR) register and access policy data is written into programmable MSR policy registers. During run-time, the MSR register securely stores data in compliance with the programmable register access policy data. Access policy is enforced during run-time based on the programmable register access policy data.04-29-2010
20100106928STORAGE DEVICE, STORAGE SYSTEM, AND UNLOCK PROCESSING METHOD - According to one embodiment, a storage device manages a user data area by dividing the area into a plurality of division data areas. The storage device includes a storage module, an access authority setting module, a lock processor, a command receiver, and an unlock processor. The storage module includes the division data areas. The access authority setting module sets access authority with respect to each division data area for each user. The lock processor disables access to the storage module from a host device that reads data from and writes data to the storage module. The command receiver receives from the host device an unlock command including a basic area storing basic unlock information and an expansion area storing additional unlock information. The unlock processor unlocks each division data area, to which access is restricted for each user, based on the basic unlock information and the additional unlock information.04-29-2010
20100106927SID MANAGEMENT FOR ACCESS TO ENCRYPTED DRIVES - A method and a system for unlocking a storage device that has become locked or cannot be unlocked are disclosed. A hint is generated from a key by removing bits and adding bits. A position of removed bits, a position of added bits, the number of removed bits and the number of added bits are stored and known securely. When the key cannot unlock a storage device corresponding to the key, the position of removed bits, the position of added bits, the number of removed bits (N) and the number of added bits are retrieved. Then, the added bits are removed in the hint. Each possible N bits are placed in the hint at the position of removed bits to generate 204-29-2010
20100106926SECOND FAILURE DATA CAPTURE PROBLEM DETERMINATION USING USER SELECTIVE MEMORY PROTECTION TO TRACE APPLICATION FAILURES - The present invention discloses a solution for second failure data capture problem determination using user selective memory protection to trace application failures. In the solution, one or more data structures can be selected by a user to be allocated a unique address space from a debug heap. The address space called a region can be assigned permissions for which executable code can access the contents. Permissions can include full access (e.g., read/write), read, and no access which can “lock” the region against specific types of access. The user can permit known trusted executable code to access allocated regions. Untrusted executable code attempting to access “locked” regions will result in an application failure event (e.g., segmentation fault). The failure can be used to determine the point of memory corruption through inspection of the stack trace.04-29-2010
20090144516SYSTEMS AND METHODS FOR MANAGING DATA STORAGE MEDIA - Systems and methods are provided for passive data migration. A method is presented for distributing data that includes acts of identifying a date by which a computer readable medium is to be decommissioned and restricting distribution of data to the computer readable medium to reach a state of data content suitable for decommissioning the computer readable medium by the identified date. A system implementing data migration includes a storage medium, an interface and a processor. The interface is adapted to receive information to be stored on a storage medium, and the processor is configured to restrict storage of the data on one storage medium based on a target decommission date for that storage medium.06-04-2009
20120216001INTEGRATED CIRCUIT WITH TAMPER-DETECTION AND SELF-ERASE MECHANISMS - Methods and apparatuses for improving security of an integrated circuit (IC) are provided. A tamper condition is detected and a digital key stored in the IC is erased. The digital key is associated with a first image loaded onto the IC from a first memory. The memory may be a non-volatile memory module. A second image is loaded into a second memory module. The second memory module may be an embedded memory module, e.g., a control random access memory (CRAM) module. The first image is then erased from the first and second memory modules.08-23-2012
20120185661DOMAIN BASED ACCESS CONTROL OF PHYSICAL MEMORY SPACE - Domains can also be used to control access to physical memory space. Data in a physical memory space that has been used by a process sometimes endures after the process stops using the physical memory space (e.g., the process terminates). In addition, a virtual memory manager may allow processes of different applications to access a same memory space. To prevent exposure of sensitive/confidential data, physical memory spaces can be designated for a specific domain or domains when the physical memory spaces are allocated.07-19-2012
20120166746Security Device - A security device for securing secondary data storage devices having different levels of data security. The security device has an access to a plurality of primary and secondary storage devices, switches configured to separately enable and disable read and write operations to each of the plurality of storage devices, where at least two secondary storage devices cannot have their write access enabled at the same time. Further, the security device has a control circuit adapted to control the switches, and software that controls the switches in a manner that is transparent to the user. In one embodiment the operating system of the computing system resides on a separate storage device that is write protected when switching to a low level security storage device, the computing system and its operating system are ACPI compliant, and ready ACPI states are used in conjunction with switching the primary storage.06-28-2012
20110010516METHOD FOR CONTROLLING ACCESS TO A DATA FILE OF AN IC CARD - A method is for controlling access to a data file of an IC card and may include storing a plurality of access conditions to be evaluated for accessing the data file, and enabling access to the file if the access conditions are satisfied. The method may further include ordering the access conditions to be evaluated in a Reverse Polish Notation inside a memory queue of the IC card, and evaluating the access conditions starting from a head of the memory queue.01-13-2011
20090327634SECURE CONFIGURATION OF TRANSIENT STORAGE DEVICES - Extension fields in a provisioning certificate in the authentication silo of a transient storage device (TSD) are used to provide secure configuration options for TSDs while operating within the constraints of the current IEEE 1667 standard. Immutable values for configurable settings of the storage device are set in extension fields of a provisioning certificate. The provisioning certificate is then installed on the storage device. The method takes advantage of properties unique to the IEEE 1667 certificate silo specification and ITU-T X.509 certificate specification. The method is implemented while satisfying the security requirements for device configuration and taking advantage of the existing standards definitions as they are, without modification. The method allows particular features present in the device firmware to be enabled or disabled. An administrator may choose to set several device settings, for example, the number of addressable command targets (ACTs), the portion of total data storage area allocated to each ACT, and access settings. The method provides for these features to be implemented by the user, post retail sale, in a secure manner.12-31-2009
20090307451DYNAMIC LOGICAL UNIT NUMBER CREATION AND PROTECTION FOR A TRANSIENT STORAGE DEVICE - A dynamic logical unit number system is implemented as a storage device that includes processing logic and storage functionality. A storage device may be configured to provide a first logical unit number when the storage device is attached to a computer system or other computing device. The storage device through its dynamic logical unit number system provides a configuration interface through which the computer system can configure additional logical unit numbers and reconfigure existing logical unit numbers of the storage device. After the redefinition of the logical unit numbers, the dynamic logical unit number system may cause a reestablishment of the connection between the storage device and the computer system. Upon establishing the new connection, the computer system recognizes the redefined logical unit numbers and treats each logical unit number as a separate storage device, including assigning a different number to each logical unit number.12-10-2009
20120191934Apparatus Protecting Software of Sentinel Logic Circuitry Against Unauthorized Access - A method of protecting software for embedded applications against unauthorized access. Software to be protected is loaded into a protected memory area. Access to the protected memory area is controlled by sentinel logic circuitry. The sentinel logic circuitry allows access to the protected memory area from only either within the protected memory area or from outside of the protected memory area but through a dedicated memory location within the protected memory area. The dedicated memory location then points to protected address locations within the protected memory area.07-26-2012
20120191933Device Security Features Supporting a Distributed Shared Memory System - A memory management and protection system that incorporates device security features that support a distributed, shared memory system. The concept of secure regions of memory and secure code execution is supported, and a mechanism is provided to extend a chain of trust from a known, fixed secure boot ROM to the actual secure code execution. Furthermore, the system keeps a secure address threshold that is only programmable by a secure supervisor, and will only allow secure access requests that are above this threshold.07-26-2012
20090094430PROVIDING A PROCESS EXCLUSIVE ACCESS TO A PAGE INCLUDING A MEMORY ADDRESS TO WHICH A LOCK IS GRANTED TO THE PROCESS - Provided are a method, system, and article of manufacture for providing a process exclusive access to a page including a memory address to which a lock is granted to the process. A request is received for a memory address in a memory device from a requesting process. A lock is granted to the requested memory address to the requesting process. The requesting process is provided exclusive access to a page including the requested memory address for a page access time period. The exclusive access to the page provided to the requesting process is released in response to an expiration of the page access time period.04-09-2009
20130061016VERSATILE DATA PROCESSOR EMBEDDED IN A MEMORY CONTROLLER - A first engine and a memory access controller are each configured to receive memory operation information in parallel. In response to receiving the memory operation information, the first engine is prepared to perform a function on memory data associated with the memory operation and the memory controller is configured to prepare the memory to cause the memory operation to be performed.03-07-2013
20130061015ACCESS CONTROL APPARATUS AND ACCESS CONTROL SYSTEM - According to one embodiment, an access control apparatus includes a medium communication module configured to perform communication with a removable medium, a access module configured to perform access to the removable medium using the communication module, a wireless communication module configured to perform wireless communication with a external device, and to receive access request to the removable medium, and a controller configured to assign an access right to access the removable medium to one of the access module and the external device, the control module assigning the access right in response to a request of assignment of the access right, the request being transmitted from the external device or the access module.03-07-2013
20090276595PROVIDING A SINGLE DRIVE LETTER USER EXPERIENCE AND REGIONAL BASED ACCESS CONTROL WITH RESPECT TO A STORAGE DEVICE - A method and a storage device may be provided. The storage device may include physical storage subdivided into a number of regions. The regions may start and end based on logical block addresses specified in a region table. At least one of the regions may be mapped to a logical drive letter. One or more others of the regions may be mapped to a subfolder with respect to the logical drive letter. The storage device may include an access control table. Each entry of the access control table may correspond to a respective region of the physical storage. Each of the entries of the access control table may indicate whether the respective region is protected and whether at least one entity is permitted protected access to the respective region after being successfully authenticated.11-05-2009
20090271587CONTENT CONTROL SYSTEMS AND METHODS - What is disclosed is a control system which includes an interface configured to receive a content request from a request source wherein the content request identifies content stored on a storage medium. The control system also includes a processing system coupled to the interface and configured to process the content request to determine when the request source is a valid destination for the content based on a first identifier stored with the content on the storage medium and a second identifier provided with the content request. The interface is further configured to transfer the content to the request source when the request source is a valid destination.10-29-2009
20090271586METHOD AND SYSTEM FOR PROVIDING RESTRICTED ACCESS TO A STORAGE MEDIUM - A method of restricting file access is disclosed wherein a set of file write access commands are determined from data stored within a storage medium. The set of file write access commands are for the entire storage medium. Any matching file write access command provided to the file system for that storage medium results in an error message. Other file write access commands are, however, passed onto a device driver for the storage medium and are implemented. In this way commands such as file delete and file overwrite can be disabled for an entire storage medium.10-29-2009
20090271585DATA ACCESSING SYSTEM AND RELATED STORAGE DEVICE - A data accessing system includes a host computer and a storage device. The host computer has a first media access control (MAC) address, and the storage device includes a first storage region, a second storage region, and a controller. The first storage region is utilized for storing data. The second storage region stores a second media access control address. The controller couples to the first storage region and the second storage region for executing a security checking function to determine if the host computer is qualified to access the first storage region according to the first media access control address.10-29-2009
20090271584CONTROLLER OF STORAGE DEVICE, STORAGE DEVICE, AND CONTROL METHOD OF STORAGE DEVICE - A controller of a storage device having a user area storing an operating system, the storage device developing the operating system stored in the user area on a host device in accordance with an access from the host device. The controller includes a user authentication routine storage controlling unit that stores a user authentication routine for executing user authentication before startup of the operating system, in a predetermined area inside the user area, and an access controlling unit that permits access to the predetermined area from the host device when the user authentication routine is used, while prohibiting access to the predetermined area from the host device when the user authentication routine is not used.10-29-2009
20090271583Monitoring transactions in a data processing apparatus - Apparatus for processing data is provided comprising processing circuitry and monitoring circuitry for monitoring write transactions and performing transaction authorisations of certain transactions in dependence upon associated memory addresses. The processing circuitry is configured to enable execution of a write instruction corresponding to a write transaction to be monitored to continue to completion whilst the monitoring circuitry is performing monitoring of the write transactions and the monitoring circuitry is arranged to cause storage of write transaction data in an intermediate storage element for those transactions for which an authorisation is required. Storage of write transaction data in an intermediate storage element enables the write transaction to be reissued in dependence upon the result of the transaction authorisation although the corresponding write instruction has already completed.10-29-2009
20120226881Hard Disk Control Method, Hard Disk Control Device and Computer - A hard disk control method, a hard disk control device and a computer are provided The method includes detecting the current mode in which the system runs; determining the access frequency of the hard disk in the system when detecting the system runs in an idle mode currently; intercepting the hard disk access commands to be sent to the hard disk when the access frequency of the hard disk is lower than a predetermined access frequency threshold to make the hard disk enter into a preset power saving mode, and saving the hard disk access commands into a preset memory.09-06-2012
20120226880APPARATUS, ELECTRONIC DEVICES AND METHODS ASSOCIATED WITH AN OPERATIVE TRANSITION FROM A FIRST INTERFACE TO A SECOND INTERFACE - Subject matter disclosed herein relates to an apparatus comprising memory and a controller, such as a controller which determines block locking states in association with operative transitions between two or more interfaces that share at least one block of memory. The apparatus may support single channel or multi-channel memory access, write protection state logic, or various interface priority schemes.09-06-2012
20120272028WIRELESS COMMUNICATION DEVICE - In this wireless communication device, a storage unit stores writing identification information relating to permission and prohibition of writing. An acquisition unit acquires device identification information that uniquely specifies an arbitrary wireless communication device from the arbitrary wireless communication device. A determination unit determines permission or prohibition of writing to a recording medium on the basis of the device identification information acquired by the acquisition unit and the writing identification information stored in the storage unit when a communication protocol of a session layer that performs writing to and readout from the recording medium in sector units is selected. A recording medium control unit controls permission and prohibition of writing to the recording medium on the basis of a result determined by the determination unit.10-25-2012
20090006795Security protection for cumputer long-term memory devices - A security protection device provides protection for computer long-term storage devices, such as hard drives. The security protection device is placed between a host computer and the storage device. The security protection device intercepts communications between the host and the storage device and examines any commands from the host to the storage device. Only “safe” commands that match commands on a pre-approved list are passed to the storage device. All other commands may be discarded.01-01-2009
20130166869UNLOCK A STORAGE DEVICE - Unlocking a storage device including identifying a platform configuration register value in response to a computing machine powering on, configuring a security component to seal an authorization based on the platform configuration register value and storing a sealed authorization onto non-volatile memory, and unlocking the storage device in response to the computing machine resuming from a sleep state and unsealing the sealed authorization with the security component from the non-volatile memory.06-27-2013
20080301389MEMORY-PROTECTION METHOD AND APPARATUS - A memory-protection method and apparatus is provided that can protect a memory that is used by components in a real time operating system environment (RTOS). The memory-protection method includes requesting access to a first memory region that a first component uses when the first component is called to execute a first task in a real time operating system, and permitting the first task to access the first memory region with reference to a task list that includes information on tasks which are permitted to access the first memory region.12-04-2008
20090106516METHOD AND APPARATUS FOR PREVENTING ERRONEOUS WRITING OF DATA - A method for preventing erroneous writing of data includes the steps of: providing a memory positioned in a writing protection state, connecting the memory to a host computer installed with a control program, using the control program to control the memory to remove the writing protection state and writing external data into the memory. Whereby, the erroneous writing of the external data is prevented and the safety of internal data of the memory is protected accurately.04-23-2009
20100268903COMPUTER SYSTEM COMPRISING STORAGE OPERATION PERMISSION MANAGEMENT - The system of the present invention enhances the security of settings and operations in a storage device, and copes with numerous changes of the operational status of work executed within a computer system. When it becomes necessary to issue an operating command to the storage, storage operation propriety is determined on the basis of the operational status of the work and definition of operation permission for each work operation state.10-21-2010
20090013141Information leakage detection for storage systems - A storage system compares content of new data received from a host computer with content of existing data already stored in the storage system. If the content of the new data matches the content of the existing data, the storage system determines whether the computer that sent the new data is a registered owner of the new data by determining who the registered owners are of the existing data that has the matching content. If the computer that sent the new data is not a registered owner, unauthorized information sharing is assumed to have taken place. The storage system sends a notification or takes other specified action when the computer that sent the new data is not a registered owner. An administrator or monitoring agent may thus be notified of any unauthorized file sharing or data leakage within the storage system.01-08-2009
20120005443APPARATUS, SYSTEM, AND METHOD FOR COORDINATING STORAGE REQUESTS IN A MULTI-PROCESSOR/MULTI-THREAD ENVIRONMENT - An apparatus, system, and method are disclosed for coordinating storage requests in a multi-processor/multi-thread environment. An append/invalidate module generates a first append data storage command from a first storage request and a second append data storage command from a second storage request. The storage requests overwrite existing data with first and second data including where the first and second data have at least a portion of overlapping data. The second storage request is received after the first storage request. The append/invalidate module updates an index by marking data being overwritten as invalid. A restructure module updates the index based on the first data and updates the index based on the second data. The updated index is organized to indicate that the second data is more current than the first data regardless of processing order. The modules prevent access to the index until the modules have completed updating the index.01-05-2012
20110289294INFORMATION PROCESSING APPARATUS - An information processing apparatus includes: a CPU (11-24-2011
20110289293SEMICONDUCTOR DEVICE - There is provided a semiconductor device which is simple in configuration and resistant to tampering. A user input unit receives an authentication code input by a user. A CPU determines whether a user's access is legal based on the input authentication code and activates an enable signal if the user's access is legal. A normal row decoder decodes the row address specified by the CPU and selects a normal memory cell of any row based on the result of decode. A redundancy row decoder prohibits the selection by the normal row decoder when the specified row address agrees with the row address of a predetermined normal memory cell only if the enable signal is activated and selects a redundant memory cell of any row.11-24-2011
20090089528STORAGE SYSTEM AND METHOD OF CONTROLLING THE SAME - A storage system is utilized to its fullest storage capacity by setting a write inhibitive attribute to a desired storage area of the storage system. The storage system has a logical volume in which data is stored and a control device which controls access to the data stored in the logical volume. A first area of a desired size is set in the logical volume, and an access control attribute is set to the first area. In response to a request made by a computer to perform access to the logical volume, the control device notifies the computer that the control device does not perform the access when an area designated by the access request contains at least a part of the first area and the access control attribute set to the first area inhibits the type of the access requested.04-02-2009
20110264882SYSTEM AND METHOD FOR LOCKING PORTIONS OF A MEMORY CARD - An improved integrated circuit is provided to facilitate communication between a microprocessor and a non-volatile memory. The integrated circuit comprises at least one lock status register, at least one control register and a memory controller. The lock status register comprises a plurality of lock status bits representing whether or not a corresponding unit of storage in the volatile memory has been locked. The control register stores configurable control information for the memory controller, including sizing information defining the size of the unit of storage. The memory controller is configured to receive a modification request to modify data in the non-volatile memory; determine a target unit of storage in the non-volatile memory based on a target memory address associated with the modification request; determine from the lock status register whether the target unit of storage has been locked; and implement the modification request only if the target unit storage has not been locked. A method to be implemented by the circuit is also provided.10-27-2011
20100153671SYSTEM AND METHOD TO SECURE A COMPUTER SYSTEM BY SELECTIVE CONTROL OF WRITE ACCESS TO A DATA STORAGE MEDIUM - A system and method to securing a computer system from software viruses and other malicious code by intercepting attempts by the malicious code to write data to a storage medium. The invention intercepts the write access requests made by programs and verifies that the program is authorized to write before letting the write proceed. Authorization is determined by using the identity of the program as a query element into a database where permission values are stored. Depending on the presence or value of the permission value, write access is permitted or denied. Permission values can be set by the user, downloaded from a central server, or loaded into the central server by a group of users in order to collectively determine a permission value. The interception code can operate in kernel mode.06-17-2010
20100268904APPARATUS AND METHODS FOR REGION LOCK MANAGEMENT ASSIST CIRCUIT IN A STORAGE SYSTEM - Apparatus and methods for improved region lock management in a storage controller. A region lock management circuit coupled with a memory is provided for integration in a storage controller. One or more I/O processor circuits of the storage controller transmit requests to the region lock management circuit to request a temporary lock for a region of storage on a volume of the storage system. The region lock management circuit determines whether the requested lock may be granted or whether it conflicts with other presently locked regions. Presently locked regions and regions to be locked are represented by region lock data structures. In one exemplary embodiment, the region lock data structures for each logical volume may be stored as a tree data structure. A tree assist circuit may also be provided to aid the region lock management circuit in managing the region lock tree data structures.10-21-2010
20110219202SPEICHERMEDIUM MIT UNTERSCHIEDLICHEN ZUGRIFFSMOGLICHKEITEN / MEMORY MEDIUM HAVING DIFFERENT WAYS OF ACCESSING - The invention provides a portable memory medium with a memory area and a memory management system for managing the memory area, wherein different options for access to the memory area are provided. The memory management system comprises a configuration command, the execution of which causes an activation of one of at least two different activatable memory configurations.09-08-2011
20100030990External memory management apparatus and external memory management method - An objective is to prevent a downloaded application from accessing data in an external memory unrelated to the application, and to achieve safer management of access to the external memory. An external memory function module 02-04-2010
20090287895Secure Memory Access System - A secure memory access system includes a memory control module, at least one direct memory access module, and a plurality of input/output interface modules. The direct memory access module is operative to transfer information between all of the input/output interface modules and the memory control module in response to transfer configuration information.11-19-2009
20090083506Method and system for memory thermal load sharing using memory on die termination - Memory component temperature information is used to implement a method for ODT (on die termination) thermal load management. A respective temperature of a plurality of memory components are accessed, and based on this temperature, an ODT cycle is directed to a first of the memory components to avoid imposing a thermal load from the ODT cycle on a second of the memory components.03-26-2009
20100169601SYSTEM FOR PROTECTING SUPERVISOR MODE DATA FROM USER CODE - A system for protecting supervisor mode data from user code having a processor which implements a register window architecture supporting as separate window stacks for supervisor and user modes with a transition window in one of the window stacks set with at least one invalid window bit in an invalid window mask of the architecture additional to an invalid window bit set for a reserved window of the invalid window mask for transitioning from the supervisor mode to the user mode, supervisor mode-only memory storing the supervisor mode window stack, and user mode accessible memory storing the supervisor and user mode window stacks.07-01-2010
20100169600SIGNAL PROCESSOR AND SIGNAL PROCESSING SYSTEM - In a signal processor including storage sections, a start address for starting output of data from an external memory, is input from an external controller to the start address input section. The signal output section outputs a start signal based on a download start instruction from the external controller, and outputs an end signal when download is completed. The output instruction section outputs, based on the start signal, to the external memory a data output instruction of download data for a designated storage section, starting from the start address, and stops output of the data output instruction based on the end signal. The write instruction section outputs a write instruction to the storage sections that allows data writing only to the designated storage section, and the download data is written to the designated storage section when the start signal is input to the output instruction section.07-01-2010
20100169599Security management in system with secure memory secrets - In some embodiments a Trusted Platform Module (TPM) manages a first flag that identifies whether a secure environment has ever been established. A chipset manages a second flag that identifies that there might have been secrets in memory and a reset or power failure occurred. At least one processor and/or the chipset lock, maintain a lock, and/or unlock a memory in response to the second flag. Other embodiments are described and claimed.07-01-2010
20090182965Securing data in memory device - The various embodiments of the invention relate generally to semiconductors and memory technology. More specifically, the various embodiment and examples of the invention relate to memory devices, systems, and methods that protect data stored in one or more memory devices from unauthorized access. The memory device may include third dimension memory that is positioned on top of a logic layer that includes active circuitry in communication with the third dimension memory. The third dimension memory may include multiple layers of memory that are vertically stacked upon each other. Each layer of memory may include a plurality of two-terminal memory elements and the two-terminal memory elements can be arranged in a two-terminal cross-point array configuration. At least a portion of one or more of the multiple layers of memory may include an obfuscation layer configured to conceal data stored in one or more of the multiple layers of memory.07-16-2009
20100115220COMPUTING SYSTEM INCLUDING MEMORY AND PROCESSOR - A computing system includes; a memory having first and second storage areas, and a processor sending a memory control signal to the memory to define a data access period during which data is accessed, and a read source control signal indicating whether the first storage area or the second storage area is to be accessed during the data access period. The memory activates a wait signal in response to the memory access signal and the read source control signal, and the processor is further configured to adjust the duration of the data access period in response to the wait signal.05-06-2010
20100268905MEMORY MAPPING SYSTEM, REQUEST CONTROLLER, MULTI-PROCESSING ARRANGEMENT, CENTRAL INTERRUPT REQUEST CONTROLLER, APPARATUS, METHOD FOR CONTROLLING MEMORY ACCESS AND COMPUTER PROGRAM PRODUCT - A memory mapping system is connectable to a multi-processing arrangement. The multi-processing arrangement includes a first processing unit and a second processing unit. The memory mapping system includes a main memory to which the second processing unit does not have write access, the main memory including a first memory section and a second memory section. An associated memory is associated with the second memory section. The associated memory includes a memory section to which the second processing unit has write access. A consistency control unit can maintaining consistency between data stored in the associated memory and data stored in the second memory section.10-21-2010
20090193210System for Automatic Legal Discovery Management and Data Collection - Provided is a system and method for the collection and production of documents in a judicial setting. The disclosed technology provides a rapid, cost-efficient system for document production that requires no local workstation or laptop software installation. Both a web-based solution and a hard drive based solution are provided. Collected information is stored, analyzed, filtered and indexed, all while adhering to strict document preservation and chain of custody requirements. Filtering can be based upon such criteria as file type, date range, key word searches and individual or group custodial selection. Also provided are procedures to notify parties of the need to preserve information that may be subject to disclosure. In addition, the disclosed technology provides the identification and elimination of duplicate and modified documents while preserving information, including associated metadata, associated with such files.07-30-2009
20090150631SELF-PROTECTING STORAGE DEVICE - Described are a self-protecting storage device and method that can be used to monitor attempts to access protected information. Access is allowed for authorized host systems and devices while unauthorized access is prevented. Authorization use includes inserting a watermark into access commands, such as I/O requests, sent to the storage device. The access commands are verified before access is permitted. In one embodiment, block addresses in I/O requests are encrypted at the host device and decrypted at the self-protecting storage device. Decrypted block addresses are compared to an expected referencing pattern. If a sufficient match is determined, access to the stored information is provided. Self-protection can be provided to a range of storage devices including, for example, SD flash memory, USB thumb drives, computer hard drives and network storage devices. A variety of host devices can be used with the self-protecting storage devices, such as cell phones and digital cameras.06-11-2009
20110197043METHOD FOR ADJUSTING PERFORMANCE OF SYSTEM MEMORY AND COMPUTER SYSTEM THEREOF - A method for adjusting performance of a system memory used in a computer system with a system memory includes the following steps: in an operating system in operating, preventing the computer system from accessing data of the system memory when an event is triggered; giving a memory control command to execute a performance adjust program of the system memory after the computer system is completely prevented from accessing the data of the system memory; and permitting accessing the data of the system memory after the performance adjust program is completed.08-11-2011
20100122055DATA INTEGRITY VALIDATION USING HIERARCHICAL VOLUME MANAGEMENT - A method for reading data from a data storage system is provided. The method comprises requesting a virtual data volume to access data from one or more data blocks in the data storage system; requesting a virtual protection information volume to access protection information associated with the data blocks; validating the data using the protection information; and providing the data to the host interface, in response to successful validation of the data. A method for writing data to a data storage system is also provided. The method comprises receiving data to be written to one or more data blocks in the data storage system, wherein the data is stored in a cache; generating protection information to be stored on a virtual protection information volume; requesting a virtual data volume to update the data blocks with the data; and requesting the virtual protection information volume to store the protection information.05-13-2010
20090094431MONITORING PATTERNS OF PROCESSES ACCESSING ADDRESSES IN A STORAGE DEVICE TO DETERMINE ACCESS PARAMETERS TO APPLY - Provided are a method, system, and article of manufacture for monitoring patterns of processes accessing addresses in a storage device to determine access parameters to apply. Processes accessing addresses of data in a storage device are monitored. The processes are granted access to the addresses according to first access parameters that indicate how to arbitrate access by processes to the addresses. A condition occurring in response to a pattern of processes accessing addresses is detected. A determination is made of one of the processes in the pattern and the address accessed by the determined process. Indication is made that second access parameters apply for the determined address. The second access parameters are used to grant access to the determined address for subsequent accesses of the indicated address.04-09-2009
20090094429Generic Low Cost Hardware Mechanism for Memory Protection - There is provided a memory protection system comprising: address storage means storing the start and end addresses of each of a plurality of memory segments; control data storage means storing control data indicative of a type of permitted access to each of the plurality of memory segments; comparison means for comparing said start and end addresses with addresses of a selected memory portion to which a processor seeks access; and combination means for logically combining access data indicative of the type of access sought by the processor to the selected memory portion with said control data; wherein the comparison and combination results are indicative of whether or not the access to the selected memory portion sought by the processor is allowable. The present invention provides for the access protection of memory segments of any required size, both large and small.04-09-2009
20100082929MEMORY PROTECTION METHOD, INFORMATION PROCESSING APPARATUS, AND COMPUTER-READABLE STORAGE MEDIUM THAT STORES MEMORY PROTECTION PROGRAM - A memory protection method for protecting a memory from an unauthorized access by a program, includes: executing area definition processing for dividing an undivided address space on the memory into a plurality of areas; executing combining processing for temporarily combining the divided areas before calling a procedure of the program across the divided areas; executing calling processing for calling the procedure after the areas are combined; and executing restoring processing for restoring the combined areas to a state before the combining processing after execution of the called procedure.04-01-2010
20100082928Secure Manufacturing of Programmable Devices - According to an embodiment, a programmable logic device includes a plurality of logic blocks and a logic unit. The logic blocks are grouped into one or more partitions. The logic unit controls external access to the one or more partitions, controls programming of the one or more partitions and controls interconnection and operation of the one or more partitions during operation of the programmable logic device.04-01-2010
20100082926Restricted Component Access to Application Memory - Embodiments of the present disclosure provide methods, systems, and articles for restricting access to memory of an application by a component of the application, for example, pluggable code modules. Other embodiments may also be described and claimed.04-01-2010
20110173407DATA STORAGE SYSTEM - A data storage system comprising a server computer and a data storage medium. The server computer includes an interface, such as an iSCSI interface, for communicating with a host computer. In response to receiving data from the host computer, the server computer determines whether or not the host computer has access to a virtual data storage device. If the host computer does not have access to a virtual data storage device, the server computer provides a virtual data storage device for access by the host computer, the virtual data storage device employing at least a portion of the data storage medium such that data stored to the virtual data storage device are stored to the portion of the data storage medium.07-14-2011
20120290806SELECTIVE ROUTING OF LOCAL MEMORY ACCESSES AND DEVICE THEREOF - A data processor is disclosed that accesses its local memory by routing requests through a data path that is external the data processor. A reservation/decoration controller implements specialized handling associated with a received request to access local memory. In addition to implementing special handling, a memory controller that is associated with the reservation/decoration controller routes a corresponding access request back to the data processor core to access its local memory.11-15-2012
20090063800ARRANGEMENTS HAVING SECURITY PROTECTION - Access control unit sends to the access judging unit an access judging check request signal asking whether the requested address falls within one of the access-permitted areas registered in the access judging unit, the access judging unit checks whether the requested address falls within one of the access-permitted areas registered in it and returns to the access control unit an access judging check result signal indicating whether the access request is to be honored or rejected, and the access control unit permits access to the internal bus if the access judging check result signal indicates that the access request is to be honored, or rejects the access request otherwise.03-05-2009
20110173409Secure Processing Unit Systems and Methods - A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU's hardware resources so that they can be shared between security functions and other functions performed by the same CPU.07-14-2011
20090100238Memory card and memory card control changeover method - A disclosed memory card includes: a control unit; a nonvolatile memory; and a program memory, wherein the program memory stores control programs for plural standards, the control programs controlling data access between the nonvolatile memory and an external device as a memory card.04-16-2009
20090089527EXECUTING A PROTECTED DEVICE MODEL IN A VIRTUAL MACHINE - Embodiments of apparatuses, methods, and systems for executing a protected device model in a virtual machine are disclosed. In one embodiment, an apparatus includes recognition logic, memory management logic, control logic, and execution logic. The recognition logic is to recognize an indication, during execution of first code on a virtual machine, that the first code is attempting to access a device. The memory management logic is to prevent the virtual machine from accessing a portion of memory during execution of the first code, and to allow the virtual machine to access the portion of memory in response to the indication. The control logic is to transfer control of the apparatus from the first code to second code stored in the portion of memory, without exiting the virtual machine. The execution logic is to execute the second code to model the device.04-02-2009
20110173408Securing non-volatile data in an embedded memory device - The various embodiments of the invention relate generally to semiconductors and memory technology. More specifically, the various embodiment and examples of the invention relate to memory devices, systems, and methods that protect data stored in one or more memory devices from unauthorized access. The memory device may include third dimension memory that is positioned on top of a logic layer that includes active circuitry in communication with the third dimension memory. The third dimension memory may include multiple layers of memory that are vertically stacked upon each other. Each layer of memory may include a plurality of two-terminal memory elements and the two-terminal memory elements can be arranged in a two-terminal cross-point array configuration. At least a portion of one or more of the multiple layers of memory may include an obfuscation layer configured to conceal data stored in one or more of the multiple layers of memory.07-14-2011
20090282205Prerecorded Digital Portable Personal Stereo - This digital portable personal stereo comprises a housing containing a connection interface for connection to earphones; a digital memory immovably attached to the housing; an electronic circuit for accessing said memory; and a control interface for controlling said electronic circuit wherein that a encrypted audio content is prerecorded in the digital memory, and in that the portable personal stereo is adapted to prevent any other audio content from being written in the digital memory.11-12-2009
20090287894Accessing Memory in a System with Memory Protection - The present disclosure includes, among other things, methods, systems, program products, and devices for providing access to memory in a system with memory protection. A request is received from a processor for a memory access at a first memory location. A second memory location is determined. The second memory location is associated with the first memory location and is protected from access by the processor. The requested memory access is performed at the second memory location.11-19-2009
20100223440Single Command Payload Transfers Block of Security Functions to a Storage Device - A storage device has a storage medium and a processor. The processor is disposed within the storage device and is adapted to receive multiple commands as a command block over an interface. The processor is adapted to extract each of the multiple commands from the single block for execution on the storage device.09-02-2010
20080215840ELECTRONIC FILE SYSTEM, OPERATING DEVICE, APPROVAL DEVICE, AND COMPUTER PROGRAM - An electronic file system includes an operating device for receiving an input for performance of an operation on an electronic file and an approval device used for approving of the operation on the electronic file. The electronic file includes an operation file on which an operation is to be performed and a restriction file indicating a restriction condition (policy) for restricting an operation performable on the operation file and a request destination for approval of the restricted operation. The operating device includes determination means for determining whether the operation to be performed on the operation file is permitted in accordance with the restriction condition described in the restriction file and means for, when it is determined that the operation corresponds to the restriction condition, transmitting to the approval device described as the request destination in the restriction file an approval request for requesting approval of the operation.09-04-2008
20100299493Multi-Level Security Computing System - According to one embodiment, a computing system includes two or more opto-electrical isolators coupling a corresponding two or more memory devices to a processor. Each memory device is electrically isolated from each other and configured to store data or instructions executed by the processor. Each opto-electrical isolator selectively couples its associated memory device to the processor such that only one of the two or more memory devices are writable by the processor at any instant of time.11-25-2010
20080250217Memory domain based security control with data processing systems - Access to memory address space is controlled by memory access control circuitry using access control data. The ability to change the access control data is controlled by domain control circuitry. Whether or not an instruction stored within a particular domain, being a set of memory addresses, is able to modify the access control data is dependent upon the domain concerned. Thus, the ability to change access control data can be restricted to instructions stored within particular defined locations within the memory address space thereby enhancing security. This capability allows systems to be provided in which call forwarding to an operating system can be enforced via call forwarding code and where trusted regions of the memory address space can be established into which a secure operating system may write data with increased confidence that that data will only be accessible by trusted software executing under control of a non-secure operating system.10-09-2008
20080276059APPARATUS AND METHODS FOR SETTING SECURITY TO STORAGE UNIT AND COMPUTER - Methods and apparatus are provided for inhibiting data writing to an optical disc drive connected to a computer. A BIOS confirms presence of a security function of an optical disc drive. When the optical disc drive possesses the security function, the BIOS delivers a command to the optical disc drive to set it to a read-only mode. The optical disc drive that has received the command sets the drive per se to operate in the read-only mode. Since a command for setting it to the read-only mode and a command for releasing it are delivered to the optical disc drive only by the BIOS, when a control is transferred to an Operating System (OS), setting of the read-only mode cannot be released by the OS and other OS's, or application software.11-06-2008
20110208935Storing secure mode page table data in secure and non-secure regions of memory - Apparatus for data processing 08-25-2011
20090049264Memory device and method having on-board address protection system for facilitating interface with multiple processors, and computer system using same - A memory device includes an address protection system that facilitates the ability of the memory device to interface with a plurality of processors operating in a parallel processing manner. The protection system is used to prevent at least some of a plurality of processors in a system from accessing addresses designated by one of the processors as a protected memory address. Until the processor releases the protection, only the designating processor can access the memory device at the protected address. If the memory device contains a cache memory, the protection system can alternatively or additionally be used to protect cache memory addresses.02-19-2009
20090265521PATTERN PROTECTION METHOD AND CIRCUIT - The present invention discloses an address protection method and circuit capable of efficiently protecting inputting addresses from corruption. The predictable order of a series of original addresses is checked and then the correct addresses are generated by correcting the corrupted addresses within the original addresses. The address protection method and circuit according to the present invention can improve the accuracy of the inputting addresses and increase the validity of data in response to the inputting addresses.10-22-2009
20090265522ARRANGEMENTS CHANGING AN OPERATION AUTHORITY RESPONSIVE TO ATTRIBUTE CHANGES - A computer system including a copy source volume and a copy target volume which may be selectably PAIRED or SPLIT. User management information stores: an entry indicating that a first user is permitted to effect a PAIR operation and a PATH operation; and, an entry indicating that a second user is permitted to effect a PATH operation. Operation management information indicates permitted PATH and PAIR operations in relation to each user and a volume's PAIR or SPLIT status, and stores: an entry indicating that the first user is permitted to effect the PAIR operation in which the PAIR status is PAIR, or is SPLIT WITH BACKUP DISABLED; and, an entry indicating that the second user is permitted to effect the PATH operations in which the PAIR status is SPLIT WITH BACKUP ENABLED. PAIR management information stores the PAIR status and the BACKUP ENABLED or DISABLED status.10-22-2009
20080235473PROTECTION UNIT FOR A PROGRAMMABLE DATA-PROCESSING SYSTEM - A data-processing system having at least one operating memory holding operating data is provided with a protection unit having an execution environment protected from unauthorized access. At least one monitoring logic in the execution environment is connected to the operating memory for monitoring unauthorized modifications, access, or similar protection violations of the operating data stored in the operating memory and for generating an output on detection of such a protection violation. A protection logic in the execution environment holds replacement data capable of replacing the operating data and is connected to the monitoring logic for, on generation of the output, providing to the operating memory the replacement data for the operation or for a substitute operation of the data-processing system.09-25-2008
20080244206METHOD OF CONTROLLING MEMORY ACCESS - Provided is a method of controlling memory access. In a system including a first layer element executed in a privileged mode having a first priority of permission to access the entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method of controlling memory access determines whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; and determines whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory. Accordingly, a memory domain allocated to a guest operating system kernel is effectively protected from an application executed in the unprivileged mode in which the guest operating system kernel is executed.10-02-2008
20080270724REMOVABLE STORAGE DEVICE - In an embodiment, when a removable storage device is removably coupled to a host, the removable storage device indicates that it is non-removable to the host. The removable storage device may include a user-created secure storage area.10-30-2008
20120144143MOVING PICTURE CODING APPARATUS AND MOVING PICTURE DECODING APPARATUS - A video encoder (06-07-2012
20120144138Locking Access To Data Storage Shared By A Plurality Of Compute Nodes - Methods, apparatuses, and computer program products are provided for locking access to data storage shared by a plurality of compute nodes. Embodiments include maintaining, by a compute node, a queue of requests from requesting compute nodes of the plurality of compute nodes for access to the data storage, wherein possession of the queue represents possession of a mutual-exclusion lock on the data storage, the mutual-exclusion lock indicating exclusive permission for access to the data storage; and conveying, based on the order of requests in the queue, possession of the queue from the compute node to a next requesting compute node when the compute node no longer requires exclusive access to the data storage.06-07-2012
20080270723Multiprocessor System and Exclusive Control Method Therefor - A multiprocessor system that can perform for a lock variable a function equivalent to an atomic read-modify-write function. When a specified CPU asserts a read signal READ, a main lock variable LOCK is read from a lock register, and a main lock variable LOCK in a locked state “1” is written to the lock register. When the main lock variable LOCK that is read is in an unlocked state “0”, the CPU can obtain a lock. Since not only the main lock variable LOCK is read, but is also the main lock variable LOCK in the locked state “1” is written, when a different CPU asserts a read signal READ immediately after this, the main lock variable LOCK in the locked state “1” is read from the lock register in the locked state “1”, so that the different CPU can not obtain a lock.10-30-2008
20100146234ARRANGEMENTS HAVING SECURITY PROTECTION - An external bus interface method including: receiving, via an access control unit, an access request conveyed through an external bus, and judging, via an access judging unit connected to the access control unit, whether the access request is to be honored or rejected, wherein upon receiving the access request, the access control unit sends to the access judging unit an access judging check request signal asking whether the requested address falls within one of access-permitted areas registered in the access judging unit, the access judging unit checks whether the requested address falls within one of the access-permitted areas registered in it and returns to the access control unit, an access judging check result signal indicating whether the access request is to be honored or rejected, and if the access judging check result signal indicates that the access request is to be rejected, the access control unit nullifies the access request.06-10-2010
20100005265METHOD FOR ISOLATING OBJECTS IN MEMORY REGION - Method for isolating an object that has not been accessed for a certain period of time in a virtual memory space. When a garbage collection operates on a computer, the following steps are executed: detecting the object which has not been accessed for a certain period of time as a non-access object; moving the non-access object to a newly reserved virtual memory region when a certain time period elapses after detecting the non-access object; and setting the newly reserved virtual memory region to be an inaccessible region so that the garbage collection does not access the inaccessible region after a certain further time period elapses after moving the non-access object to the newly reserved virtual memory region.01-07-2010
20100005264INFORMATION PROCESSING DEVICE, INTEGRATED CIRCUIT, METHOD, AND PROGRAM - To aim to provide an information processing device capable of improving a processing capability and securely handling programs and data to be protected. According to a system LSI 01-07-2010
20100138623Memory Area Protection System and Methods - In one embodiment, a non-volatile memory device includes a plurality of protection bits denoting that an area of memory in the device must be protected from being erased or programmed. The memory device further includes a majority logic circuit for determining the logic state of the majority of the plurality of protection bits. Another embodiment includes a pattern generator for generating the logic levels to be stored in the plurality of protection bits.06-03-2010
20120198193METHOD TO QUALIFY ACCESS TO A BLOCK STORAGE DEVICE VIA AUGMENTATION OF THE DEVICE'S CONTROLLER AND FIRMWARE FLOW - A method to qualify access to a block storage device via augmentation of the device's controller and firmware flow. The method employs one or more block exclusion vectors (BEVs) that include attributes specifying allowed access operations for corresponding block address ranges. Logic in accordance with the BEVs is programmed into the controller for the block storage device, such as a disk drive controller for a disk drive. In response to an access request, a block address range corresponding to the storage block(s) requested to be accessed is determined. Based on the BEV entries, a determination is made to whether the determined logical block address range is covered by a corresponding BEV entry. If so, the attributes of the BEV are used to determine whether the access operation is allowed.08-02-2012
20110208936System and Method for Policy Based Control of NAS Storage Devices - A system and method for providing policy-based data management and control on a NAS device deployed on a network and having event enabling framework software. When a user makes a request to store, read, or manipulate data on the NAS device, the NAS device provides an indication of this request to a management tool running on a remote system through the event enabling framework software. The management tool reviews the request in light of its previously established policy-based data storage management configuration and subsequently informs the NAS device, via the event enabling framework software, to either accept or not accept the user's request to store, read or modify data on the NAS device.08-25-2011
20090132777SYSTEMS AND METHODS FOR PROTECTING CUSTOMER SECRETS DURING VENDOR TROUBLESHOOTING - Systems, methods, and computer products for protecting information during troubleshooting are provided. A dumping mechanism includes marking at least one of a plurality of memory regions in the computer-readable medium as non-dumpable, initiating a core dump, determining which memory regions of the plurality regions are non-dumpable, and dumping the contents only of memory regions not marked as non-dumpable.05-21-2009
20090083505System and Method for Achieving Protected Region Within Computer System - A system and method for achieving one or more protected regions within a computer system having multiple partitions are disclosed. In at least some embodiments, the system includes an intermediary device for use within the computer system having the multiple partitions. The intermediary device includes a fabric device, and a first firewall device capable of limiting communication of a signal based upon at least one of a source of the signal and an intended destination of the signal, the first firewall device being at least indirectly coupled to the fabric device. The intermediary device further includes a first conversion device that is one of integrated with the first firewall device and distinct from the first firewall device, and that is capable of converting between a processor address and a fabric address for use by the fabric device. In some embodiments, the various devices each include Control and Status Registers (CSRs).03-26-2009
20090182964DYNAMIC ADDRESS TRANSLATION WITH FORMAT CONTROL - What is provided is an enhanced dynamic address translation facility. In one embodiment, a virtual address to be translated and an initial origin address of a translation table of the hierarchy of translation tables are obtained. An index portion of the virtual address is used to reference an entry in the translation table. If the format control field is enabled, a frame address of a large block of data in main storage is obtained from the translation table entry. The large block of data is a block of at least 1M byte in size. The frame address is then combined with an offset portion of the virtual address to form the translated address of a desired block of data within the large block of data in main storage. The desired large block of data addressed by the translated address is then accessed.07-16-2009
20090187723SECURE STORAGE SYSTEM AND METHOD FOR SECURE STORING - According to an exemplary embodiment a method for securely storing a message comprises dividing a first message into a first plurality of shares, and storing the first plurality of shares on a storing host together with a second plurality of shares of at least a second message, wherein the storing is performed in a mixed manner.07-23-2009
20110225383METHOD FOR SECURELY STORING DATA IN A MEMORY OF A PORTABLE DATA CARRIER - A method for securely storing data in a multilevel memory of a portable data carrier. The multilevel memory includes one or several multilevel memory cells (SZ) which can assume respectively at least three levels (E, NE). The at least three levels represent a different data content, regarding which respective levels (E, NE) of a memory cell (SZ) are defined as valid or invalid. The levels (E, NE) of a respective memory cell (SZ) are selectively defined as valid or invalid in dependence on a required security level.09-15-2011
20090198934FULLY ASYNCHRONOUS MEMORY MOVER - A data processing system has a processor and a memory coupled to the processor and an asynchronous memory mover coupled to the processor. The asynchronous memory mover has registers for receiving a set of parameters from the processor, which parameters are associated with an asynchronous memory move (AMM) operation initiated by the processor in virtual address space, utilizing a source effective address and a destination effective address. The asynchronous memory mover performs the AMM operation to move the data from a first physical memory location having a source real address corresponding to the source effective address to a second physical memory location having a destination real address corresponding to the destination effective address. The asynchronous memory mover has an associated off-chip translation mechanism. The AMM operation thus occurs independent of the processor, and the processor continues processing other operations independent of the AMM operation.08-06-2009
20090198933Method and Apparatus for Handling Multiple Memory Requests Within a Multiprocessor System - A method for handling multiple memory requests within a multi-processor system is disclosed. A lock control section is initially assigned to a data block within a system memory. In response to a request for accessing the data block by a processing unit, a determination is made whether or not the lock control section of the data block has been set. If the lock control section has been set, another determination is made whether or not the requesting processing unit is located beyond a predetermined distance from a memory controller. If the requesting processing unit is located beyond a predetermined distance from the memory controller, the requesting processing unit is invited to perform other functions; otherwise, the number of the requesting processing unit is placed in a queue table. However, if the lock control section has not been set, the lock control section of the data block is set, and the access request is allowed.08-06-2009
20090198932Secure direct platter access - Bulk data transfers by directly accessing a persistent and secured area on the data storage device, e.g., a disk drive having a magnetic storage medium, without relying on the system operating system to execute its read/write operations. For a disk drive, the Protected Area Run Time Interface Extension (PARTIES) technology is applied to create and organize a secured sub-area within a secured storage area. The secured sub-area is a data buffer to and from which large data file transfers can be made with data authenticity and confidentiality. Since this new secured sub-area is not organized and protected by the operating system, it is inherently protected from attack by viruses or Trojan horse software whose effectiveness depends on their ability to maliciously direct the operating system. In addition, the read/write operations bypass command payload limits while reducing data and command validation costs.08-06-2009
20090063801Write Protection Of Subroutine Return Addresses - Exemplary methods, systems, and products are described that operate generally by moving subroutine return address protection to the processor itself, in effect proving atomic locks for subroutine return addresses stored in a stack, subject to application control. More particularly, exemplary methods, systems, and products are described that write protect subroutine return addresses by calling a subroutine, including storing in a stack memory address a subroutine return address and locking, by a computer processor, the stack memory address against write access. Calling a subroutine may include receiving in the computer processor an instruction to lock the stack memory address. Locking the stack memory address may be carried out by storing the stack memory address in a protected memory lockword. A protected memory lockword may be implemented as a portion of a protected content addressable memory.03-05-2009
20090063799Memory Protection For Embedded Controllers - System and method for protecting data in a system including a main processor, an embedded controller, and a memory. In response to a power-on-reset (POR), access to the memory is enabled, e.g., access by the embedded controller. First data is read from the memory (e.g., by the embedded controller) in response to the enabling, where the first data are usable to perform security operations for the system prior to boot-up of the main processor. The first data are used, e.g., by the embedded controller, to perform one or more security operations for the system, then access to the memory, e.g., by the embedded controller, is disabled, where after the disabling the memory is not accessible, e.g., until the next POR initiates enablement.03-05-2009
20090055612SECURE PROCESSING UNIT SYSTEMS AND METHODS - A hardware Secure Processing Unit (SPU) is described that can perform both security functions and other information appliance functions using the same set of hardware resources. Because the additional hardware required to support security functions is a relatively small fraction of the overall device hardware, this type of SPU can be competitive with ordinary non-secure CPUs or microcontrollers that perform the same functions. A set of minimal initialization and management hardware and software is added to, e.g., a standard CPU/microcontroller. The additional hardware and/or software creates an SPU environment and performs the functions needed to virtualize the SPU's hardware resources so that they can be shared between security functions and other functions performed by the same CPU.02-26-2009
20080263300Storage Media - A storage media for storing data and comprising an integral controller configured to control access to the data depending on the location of the storage media. The storage media may further comprise means to determine its location, e.g. such as a GPS receiver or a cellular network positioning solution. Alternatively, the location may be provided by an external device.10-23-2008
20110231626METHOD AND SYSTEM FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems capable of transformation of logical data objects for storage and methods of operating thereof are provided. One method includes identifying among a plurality of requests addressed to the storage device two or more “write” requests addressed to the same logical data object, deriving data chunks corresponding to identified “write” requests and transforming the derived data chunks, grouping the transformed data chunks in accordance with the order the requests have been received and in accordance with a predefined criteria, generating a grouped “write” request to the storage device, and providing mapping in a manner facilitating one-to-one relationship between the data in the obtained data chunks and the data to be read from the transformed logical object. The method further includes obtaining an acknowledging response from the storage device, multiplying the obtained acknowledging response, and sending respective acknowledgements to each source that initiated each respective “write” request.09-22-2011
20110231625SYSTEMS AND METHODS FOR TRANSFORMATION OF LOGICAL DATA OBJECTS FOR STORAGE - Systems capable of transformation of logical data objects for storage and methods of operating thereof are provided. One method includes identifying among a plurality of requests addressed to the storage device two or more “write” requests addressed to the same logical data object, deriving data chunks corresponding to identified “write” requests and transforming the derived data chunks, grouping the transformed data chunks in accordance with the order the requests have been received and in accordance with a predefined criteria, generating a grouped “write” request to the storage device, and providing mapping in a manner facilitating one-to-one relationship between the data in the obtained data chunks and the data to be read from the transformed logical object. The method further includes obtaining an acknowledging response from the storage device, multiplying the obtained acknowledging response, and sending respective acknowledgements to each source that initiated each respective “write” request.09-22-2011
20090204776SYSTEM FOR SECURING AN ACCESS TO FLASH MEMORY DEVICE AND METHOD FOR THE SAME - A system for securing an access to a flash memory is provided. The system includes a first flash memory storage device having a plurality of storage elements for storing data, and a host for accessing the first flash memory storage device. The host includes a control unit, a storing unit, and an identification unit. The control unit is used for generating an identification code and assigning the identification code into a random storage element selected from the plurality of storage elements, when the first flash memory storage device is to be accessed by the host at the first time. The storing unit is used for storing the identification code and a set address corresponding to the stored storage element. The identification unit is used for examining whether the set address complies with the storage element address to be stored the identification code of the first flash memory storage device, and whether the identification code stored in the storing unit complies with an identification code of another flash memory storage device, when the first flash memory storage device is not to be accessed by the host at the first time.08-13-2009
20090204778SIMPLE NON-AUTONOMOUS PEERING ENVIRONMENT, WATERMARKING AND AUTHENTICATION - A Secure Non-autonomous Peering (SNAP) system includes a hierarchical digital watermarking scheme, a central licensing authority, licensed fabricators and assemblers.08-13-2009
20090210644Access Rights on a Memory Map - A microcontroller system, such as a system-on-a-chip integrated circuit, including a processor (e.g., a Von Neumann processor), memory, and a memory protection unit (MPU), where the MPU provides execute-only access rights for one or more protected areas of the memory. The MPU can allow instructions fetched from within a protected area to access data in the protected area while preventing instructions fetched from outside the protected area from accessing data in the protected area.08-20-2009
20120198192Programmable Mapping of External Requestors to Privilege Classes for Access Protection - A memory management and protection system that manages memory access requests from a number of requestors. Memory accesses are allowed or disallowed based on the privilege level of the requestor, based on a Privilege Identifier that accompanies each memory access request. An extended memory controller selects the appropriate set of segment registers based on the Privilege Identifier to insure that the request is compared to and translated by the segment register associated with the master originating the request. A set of mapping registers allow flexible mapping of each Privilege Identifier to the appropriate access permission.08-02-2012
20090240907REMOTE STORAGE ACCESS CONTROL SYSTEM - An authorization method includes recognizing a request to access a data storage unit from a user, providing user identification and identifying information of the data storage unit, receiving a response from the authorization module, and passing the request to the data storage unit if the user is authorized to access the data storage unit. An access control system includes the authorization module configured to receive the request to access the data storage unit from the client device and determine whether the user is authorized to access the data storage unit.09-24-2009
20090254726METHOD OF ADDRESS SPACE LAYOUT RANDOMIZATION FOR WINDOWS OPERATING SYSTEMS - A system and method for address space layout randomization (“ASLR”) for a Windows operating system is disclosed. The address space layout includes one or more memory regions that are identified and then a particular implementation of the system randomizes the identified memory region in order to prevent any software vulnerabilities.10-08-2009
20090254725METHOD AND SYSTEM FOR AUTOMATICALLY PRESERVING PERSISTENT STORAGE - Computer-based methods, techniques, and systems for automatically protecting a storage device from unwanted alterations are provided. Example embodiments provide a Disk Access Redirection System, which includes a Redirection Driver, an Available Space Table (“AST”), a Protected Space Redirection Table (“PSRT”), and optionally an Unprotected Space Table (“UST”). The Redirection Driver is installed and registered with the computer operating system so that it can intercept storage device access requests (such as a disk read/write). When a storage access request for a read or write is sent, the request is intercepted by the Redirection Driver, transparent to the code that invokes the storage access request. The Redirection Driver uses the AST, PSRT, and optionally the UST, to allocate available storage space for redirected write requests, redirect write requests for protected areas of the storage device, and redirect read requests when the read request specifies a storage location that has been previously redirected.10-08-2009
20080307180VIRTUAL MACHINE CONTROL PROGRAM AND VIRTUAL MACHINE SYSTEM - The program attains compatibility of suppression of an overhead accompanying page exception handling in the case of operating a program whose amount of memory use is large on a virtual machine and suppression of the overhead accompanying page exception handling in the case of operating a first OS that has a function of making another OS run on a virtual machine. A VMM creates a shadow PT for prohibiting reading-writing of privileged memory that requires emulation of reading/writing by using a RSV-bit, and registers the shadow PT and the second PT that a second OS operating on the first OS has in an x86 compatible CPU equipped with a page exception detecting function using two PT's. When a page exception occurs, the VMM refers to a cause code of the page exception and, when a P field of the cause code is 0, determines immediately that emulation is unnecessary.12-11-2008
20100153670STORAGE SECURITY USING CRYPTOGRAPHIC SPLITTING - Methods and systems for administrative management of a secure data storage network are disclosed. One system includes a secure storage appliance configured to host a plurality of volumes, each volume associated with a plurality of shares stored on a corresponding plurality of physical storage devices and having a plurality of volume management settings, wherein each volume is accessible by a group of one or more users, each user assigned an administrative access level, the volume management settings are editable by a first user from the group of one or more users associated with the volume and assigned an administrative access level sufficient to edit the volume management settings, and the volume management settings are inaccessible by a second user from outside the group of one or more users associated with the volume and assigned an administrative access level at least equal to that of the first user.06-17-2010
20100161926Data protection by segmented storage - A device, method, and system are disclosed. In one embodiment the device includes logic to handle and protect data. Specifically, the device includes logic to segment data that can receive a data object that needs to be stored. The logic within the device can segment the data object into a plurality of data segments. A segmented portion of the data object is an incomprehensible portion the data object when viewed in the segmented format. The device can then send each of the data segments to a several different storage locations.06-24-2010
20120246431ELECTRONIC EQUIPMENT SYSTEM AND STORAGE DEVICE - In electronic equipment 09-27-2012
20130219143VIRTUALIZING PHYSICAL MEMORY IN A VIRTUAL MACHINE SYSTEM - A processor including a virtualization system of the processor with a memory virtualization support system to map a reference to guest-physical memory made by guest software executable on a virtual machine which in turn is executable on a host machine in which the processor is operable to a reference to host-physical memory of the host machine.08-22-2013
20100180095BUFFER CONTROL DEVICE AND BUFFER MEMORY DEVICE - The buffer control device of this invention includes: a pointer holding unit which holds a virtual pointer different from a read pointer and a write pointer; an access control unit that controls an access to a ring buffer; a judging unit that judges whether or not one of the read pointer and the write pointer has reached an address substantially identical to an address indicated by the virtual pointer; and disabling unit that disables a normal access using the one of the read pointer and the write pointer, when the judging unit judges that the one of the read pointer and the write pointer has reached the address substantially identical to the address indicated by the virtual pointer, the normal access being controlled by the access control unit, wherein the access control unit further controls a reaccess to the ring buffer.07-15-2010
20100161928MANAGING ACCESS TO AN ADDRESS RANGE IN A STORAGE DEVICE - Enhanced configuration of security and access control for data in a storage device is disclosed. A request is received to access an addressable memory location in a storage media within the storage device. A set of addressable memory locations with contiguous addresses identified by an address range is associated with first and second characteristics. The first characteristic is applied if the addressable memory location is within the set of addressable memory locations, and an entity is currently authenticated to and authorized to access the set of addressable memory locations. The second characteristic is applied if the addressable memory location is within the set of addressable memory locations, and no entity is currently authenticated to and authorized to access the set of addressable memory locations. The set of addressable memory locations can also be a logical partition, where the first and second characteristics are stored in a logical partition table.06-24-2010
20100185825TRANSIENT STORAGE DEVICE CONFIGURATION SILO - A device configuration silo is arranged to be accessed as an IEEE 1667-compatible silo which exposes interfaces to a host application to make changes to the presence of one or more other silos, as well as make changes to silo configurations on a per-silo basis for data and method sharing among silos across the ACTs on a storage device such as a transient storage device. The interfaces exposed by the device configuration silo are arranged to enable an authenticated provisioner, like administrator in a corporate network environment, to perform configuration changes to silos after the storage device is released into the field through a secure provisioning mechanism. In addition, users may make configuration changes to silos at runtime in some usage scenarios, for example to enable discrete portions of functionality on a storage device, by using a secure secondary authentication mechanism that is exposed by the device configuration silo.07-22-2010
20090100239DATA UPDATE HISTORY STORAGE APPARATUS AND DATA UPDATE HISTORY STORAGE METHOD - Provided is a storage apparatus that stores data update histories using an existing file system without modifying the source code of the existing file system. The storage apparatus includes an I/O command catcher that changes, when an I/O command is issued from a program stored in a memory and arbitrary update data is stored in a data area address corresponding to a buffer address storing the arbitrary update data, authorized access set for the arbitrary update data in a page management unit to readable; and a page exception catcher that issues, when the authorized access of the arbitrary update data is changed to readable, a page exception report, acquires a data area address corresponding to the buffer address storing the arbitrary update data in the address management unit, and stores the update data and its update history in an update queue.04-16-2009
20100262800INFORMATION PROCESSING DEVICE - An information processing device in which memory bands can be significantly cut. In the present device, an access determining/managing portion (10-14-2010
20100161927Method for Using a CAPTCHA Challenge to Protect a Removable Mobile Flash Memory Storage Device - The embodiments described herein generally use a challenge to protect a removable mobile flash memory storage device, where the challenge may be in the form of a “Completely Automated Public Turing Test to Tell Computers and Humans Apart” (“CAPTCHA”). In one embodiment, a method is provided in which a removable mobile flash memory storage device receives a command from a host device, generates a CAPTCHA challenge, provides the CAPTCHA challenge to the host device, receives a response to the CAPTCHA challenge from the host device, determines if the response satisfies the CAPTCHA challenge, and performs the command only if the response satisfies the CAPTCHA challenge. In another embodiment, a removable mobile flash memory storage device is provided for performing these acts.06-24-2010
20090077334Storage Apparatus for Preventing Falsification of Data - When a file server is to create data that does not permit falsification in an external storage, it is not possible to guarantee that the rewriting of this data can be prevented from a computer connected to the external storage without going through a file server. Provided is a storage system configured from a first storage having a file I/O processing unit and a second storage connected to this first storage, wherein the first storage includes a unit for requesting a change of access authority to the storage area in the own storage and in the second storage provided to the own storage. An access request to a storage area in a second storage from a computer connected to a second storage without going through a file I/O processing unit is restricted based on the change of access authority executed by the second storage upon receiving the request from the first storage.03-19-2009
20090077333DOUBLE DEGRADED ARRAY PROTECTION IN AN INTEGRATED NETWORK ATTACHED STORAGE DEVICE - In one embodiment, the invention provides a method for accessing a physical storage-device array comprising a plurality of storage devices. The method includes (1) obtaining at least one parameter from a profile selected from two or more profiles concurrently defining two or more virtual arrays, each profile defining (i) a different virtual array associated with a corresponding set of storage devices and (ii) a parameter set of one or more parameters used for accessing the virtual array; and (2) generating an instruction, based on the at least one parameter, for accessing, or disallowing access to, information in the virtual array defined by the selected profile, wherein a parameter in each the parameter set defined by each profile indicates whether two or more storage devices in the corresponding virtual array are degraded.03-19-2009
20100235597METHOD AND APPARATUS FOR CONVERSION BETWEEN CONVENTIONAL VOLUMES AND THIN PROVISIONING WITH AUTOMATED TIER MANAGEMENT - A method for providing storage volumes, which are to be converted to thin provisioned volumes, comprises receiving from a host computer a read/write request identifying a target storage volume among the storage volumes and a target area of access; processing the read/write request and updating an access information of the target storage volume; if the target storage volume does not have access information, generating access information for the converted thin provisioned volume from initial values; and if the target storage volume has access information, generating access information for the converted thin provisioned volume based on the access information of the target storage volume.09-16-2010
20100235596Offline Device-Side Logical Unit Number Controller - Described is a technology by which a single physical storage device such as a USB flash memory device is able to boot different computing devices via corresponding different operating systems. The storage device includes a selection mechanism that determines which virtual disk (corresponding to a LUN) is seen by the host as the currently active LUN having sector 09-16-2010
20100211752METHODS AND APPARATUS FOR PROVIDING INDEPENDENT LOGICAL ADDRESS SPACE AND ACCESS MANAGEMENT - A command receiver receives, from an external access requesting entity, a command with which to access data, together with an address to be accessed and IOID to identify the access requesting entity. Based on the IOID, the access decision unit determines whether or not an access is one that is to be permitted for an access requesting entity to access a region of access destination. The access decision unit determines whether access of the access requesting entity is permitted or not, for each page that serves as the basic management unit of logical address in the processor space.08-19-2010
20100235599ACCESS CONTROL DEVICE, STORAGE SYSTEM, AND ACCESS CONTROL METHOD - An access control device for controlling access from a host system to a plurality of storage areas in a storage system, the access control device includes a memory for storing access management information for the plurality of storage areas, and a controller for managing and monitoring access performed by the host system, the controller monitoring frequency of access by the host system to each of the plurality of storage areas and storing information of the frequency of the access to each of the storage areas in the memory, detecting at least one of the storage areas in which the frequency of the access is less than a predetermined range, and restricting the host system from accessing to the detected storage area.09-16-2010
20100235598Using Domains for Physical Address Management in a Multiprocessor System - A multi-processor computer system is provided for managing physical memory domains. The system includes at least one processor having an address interface for sending a memory access message, which includes an address in physical memory and a domain identification (ID). The system also includes a physical memory portioned into a plurality of domains, where each domain includes a plurality of physical addresses. A domain mapping unit (DMU) has an interface to accept the memory access message from the processor. The DMU uses the domain ID to access a permission list, cross-reference the domain ID to a domain including addresses in physical memory, and grant the processor access to the address in response to the address being located in the domain.09-16-2010
20120144139CONTENT MODIFICATION CONTROL USING READ-ONLY TYPE DEFINITIONS - Disclosed are methods, systems and products, including a method that includes establishing in a computing environment, implemented using at least one processor-based device, a non-immutable object as being a read-only object, the computing environment not allowing performance of operations that cause modification of the read-only non-immutable object. The method also includes preventing by the at least one processor-based device performance of an operation on the read-only non-immutable object that would cause the read-only non-immutable object to be modified.06-07-2012
20110113212Systems for Accessing Memory Card and Methods for Accessing Memory Card by a Control Unit - A system for accessing a memory card is provided. The system includes a control unit having a control pin and a processor. The processor senses a card-insertion signal from a socket via the control pin for indicating whether the memory card has been inserted into the socket. The processor provides a power control signal via the control pin to supply an operating voltage to the memory card when the sensed card-insertion signal indicates that the memory card has been inserted into the socket. The processor detects whether a write protection function of the memory card is present via the control pin.05-12-2011
20090327635Data security for use with a file system - An embodiment of the invention provides an apparatus and method for providing data security for use with a file system. The apparatus and method performs acts including: applying a mapping function to data block numbers that are associated with a file; and obtaining mapped data block numbers after applying the mapping function, wherein the mapped data block numbers are addresses of data of the file in a storage device.12-31-2009
20090327633Verifying data integrity in a data storage device - A data storage device may include one or more pages, each page having a fixed number of memory cells, each memory cell being adapted to store one unit of data; a verification page, the verification page having a corresponding fixed number of verification cells, each verification cell storing a predetermined value; and a controller configured to 1) receive a read command having an address value, and 2) upon receiving the read command, a) retrieve a predetermined value from a verification cell corresponding to the address value, b) determine whether the retrieved predetermined value is an expected value, and c) if so, providing a retrieved unit of data, and if not, initiating a protective action. Determining whether the retrieved predetermined value is the expected value may include applying a function to the address value to obtain a result and determining whether the result corresponds to the retrieved predetermined value.12-31-2009
20090210645Recording control apparatus, one-time recording medium, recording system, and recording medium control method and program - A recording control apparatus includes an attribute information reader, a medium determining unit, and a command transmitter. When a recording medium is removably loaded into a loading unit, the attribute information reader reads attribute information therefrom. On the basis of the attribute information, the medium determining unit determines whether or not the recording medium is a one-time recording medium capable of writing data once. If the recording medium is determined to be a one-time recording medium that has been set to a write-protected state in advance, the command transmitter transmits to the recording medium an unlock command for unlocking the write-protected state thereof.08-20-2009
20090204777Integated circuits and methods to control access to multiple layers of memory - Circuits and methods to control access to memory; for example, third dimension memory are disclosed. An integrated circuit (IC) may be configured to control access to memory cells. For example, the IC may include a memory having memory cells that are vertically disposed in multiple layers of memory. The IC may include a memory access circuit configured to control access to a first subset of the memory cells in response to access control data in a second subset of the memory cells. Each memory cell may include a non-volatile two-terminal memory element that stores data as a plurality of conductivity profiles that can be non-destructively sensed by applying a read voltage across the two terminals of the memory element. New data can be written by applying a write voltage across the two terminals of the memory element. The two-terminal memory elements can be arranged in a two-terminal cross-point array configuration.08-13-2009
20090319740VIRTUAL COMPUTER SYSTEM, INFORMATION PROCESSING DEVICE PROVIDING VIRTUAL COMPUTER SYSTEM, AND PROGRAM THEREOF - A virtual computer system where a plurality of guest domains run on one information processing device. The virtual computer system includes a system region for storing software, which is installed for the plurality of guest domains, to be managed by the virtual computer system in a shared manner and an update region for actually storing data when each of the plurality of guest domains makes a write access to the system region.12-24-2009
20090319742Storage Router and Method for Providing Virtual Local Storage - A storage router (12-24-2009
20090319741SECURE MEMORY MANAGEMENT SYSTEM AND METHOD - The present invention describes a system and a method for securely loading digital information from a storage device into a memory module in a data processing system, said data processing system comprising at least one storage device, one memory module and at least one processor, said data processing system further comprising a memory access controller module connected between the processor and the memory module, and a secure memory management module connected to the processor, the memory module, the storage device and the memory access controller. Requests by the processor for data are passed to the secure memory management module, which loads the data from the storage device to the memory module and configures the memory access controller such that the processor will have access to the data.12-24-2009
20090319739DYNAMIC OPTIMIZATION FOR REMOVAL OF STRONG ATOMICITY BARRIERS - A method and apparatus for dynamic optimization of strong atomicity barriers is herein described. During runtime compilation, code including non-transactional memory accesses that are to conflict with transactional memory accesses is patched to insert transactional barriers at the conflicting non-transactional memory accesses to ensure isolation and strong atomicity. However, barriers are omitted or removed from non-transactional memory accesses that do not conflict with transactional memory accesses to reduce barrier execution overhead.12-24-2009
20100223438REGION PROTECTION UNIT, INSTRUCTION SET AND METHOD FOR PROTECTING A MEMORY REGION - A memory region protection unit is disclosed that comprises a first register for storing a memory region address, a second register for storing the memory region size, an arithmetic function block for executing an arithmetic function on a memory address provided to the region protection unit and the address value in the first register. The unit further has a comparator for comparing the output of the arithmetic function block with the size value in the second register, the comparator being coupled to an output for signalling the validity of the memory address on the bus The region protection unit has a controller configured to retrieve the memory region address and the memory region size from instructions issued to the region protection unit for associating the unit with said region, and to dissociate the unit from its memory region in response to a further instruction.09-02-2010
20090113154Non-Volatile Memory Apparatus and Method of Accessing the Same - A non-volatile memory apparatus and an accessing method thereof are provided. A host accesses the non-volatile memory apparatus and gets the accessing result according to the predetermined protocol. Therefore, the host can identify whether the non-volatile memory apparatus has a data area or not and switch to access the data area. The host can then access the non-volatile memory apparatus with high capacity without changing the hardware of the host.04-30-2009
20100223439DATA PROTECTING METHOD AND MEMORY USING THEREOF - A data protecting method for a memory, which comprising a volatile memory and a non-volatile memory for storing data and data protection information, comprises the following steps. Firstly, load the data protection information to the volatile memory from the non-volatile memory. Next, protect the data stored in the memory according to the data protection information stored in the volatile memory.09-02-2010
20120144142SERIAL ADVANCED TECHNOLOGY ATTACHMENT WRITE PROTECTION: MASS STORAGE DATA PROTECTION DEVICE - A mass storage device protection system may have a mass storage device, a processor configured to generate at least one serial write command signal to the mass storage device via a serial communication link, and a storage protector configured for communication with the processor and mass storage device, the storage protector configured to do the following: intercept the at least one serial write command signal, and determine whether the at least one serial write command signal comprises an authorized command signal or an unauthorized command signal.06-07-2012
20120144140Memory Protection Unit and a Method for Controlling an Access to a Memory Device - A memory protection unit includes at least a first access control unit and a second access control unit programmed for controlling an access to a memory device. Further a method to operate a processing system comprising multiple processing devices and multiple memory protection units associated to the multiple processing devices, The access to the memory by a processing device is approved if first access control unit and second access control unit of the memory protection associated to the processing device approves the access and access is rejected if first access control unit or second access control unit rejects the access. The first access control unit is programmable by the associated processing device alone and the programming of the second access control unit is readable by an additional processing device which is to be used in a system with multiple programming devices, not the associate processing device.06-07-2012
20120144141Storage Device and Method for Storage Device State Recovery - A storage device and method for storage device state recovery are provided. In one embodiment, a storage device commences an authentication process to authenticate a host device. The authentication process comprises a plurality of phases, and the storage device stores the state of the authentication process, wherein the state indicates the phase(s) of the authentication process that have been successfully completed. After a power loss, the storage device retrieves the state of the authentication process and resumes an operation with the host device without re-performing the phase(s) of the authentication process that have been completed.06-07-2012
20100306489ERROR MANAGEMENT FIREWALL IN A MULTIPROCESSOR COMPUTER - A multiprocessor computer system comprises a plurality of processors and a plurality of nodes, each node comprising one or more processors. A local memory in each of the plurality of nodes is coupled to the processors in each node, and a hardware firewall comprising a part of one or more of the nodes is operable to prevent a write from an unauthorized processor from writing to the local memory.12-02-2010
20130132694MICROCOMPUTER AND METHOD FOR CONTROLLING MEMORY ACCESS - A microcomputer includes a CPU, a protection information storage configured to store memory protection information specifying an access permission or a prohibited state to a memory space by a program executed by the CPU, a memory access control apparatus configured to determine whether or not to allow a memory access request from the CPU according to the memory protection information, and a reset apparatus configured to invalidate the memory protection information stored in the protection information storage according to a reset request signal output from the CPU to a switching of programs executed by the CPU, the reset request signal being based on a state of execution of the program by the CPU. The reset apparatus sets all valid bit storing fields of a plurality of protection setting registers of the protection information storage to invalid state in response to the reset request signal output by the CPU.05-23-2013
20130132695METHOD OF CONTROLLING MEMORY ACCESS - Provided is a method of controlling memory access. In a system including a first layer element executed in a privileged mode having a first priority of permission to access the entire region of a memory and second and third layer elements executed in an unprivileged mode having a second priority of permission to access a partial region of the memory, the method of controlling memory access determines whether the memory is accessible for each page that is an address space unit, based on which mode a layer element currently accessing the memory is executed in between the privileged mode and the unprivileged mode; and determines whether the memory is accessible based on which one of the first, second and third layer elements corresponds to a domain currently being attempted to be accessed from among a plurality of domains of the memory. Accordingly, a memory domain allocated to a guest operating system kernel is effectively protected from an application executed in the unprivileged mode in which the guest operating system kernel is executed.05-23-2013
20090070540Receiving Apparatus, Receiving Method, Transmitting Apparatus, Transmitting Method, and Medium - A receiving apparatus has a first memory area accessible by a first provider providing first contents and a second memory area accessible by a second provider providing second contents. A receiving unit receives a first access right file and a second access right file. An output unit outputs the first contents or the second contents. A memory control unit stores first information associated with the first contents in the first memory area and stores second information associated with the second contents in the second memory area. A switching unit switches from outputting the first contents to outputting the second contents. A determining unit determines whether the second provider is permitted to access the first memory area. An output controller reads the first information and outputs the second contents based on the first information to the output unit when the second provider is permitted to access the first memory area.03-12-2009
20100312978COMPUTER SYSTEM, INFORMATION PROTECTION METHOD, AND PROGRAM - A computer system increases the confidentiality of a memory to be protected and prevents invalid access that is made, for example, by replacing the memory. The computer system includes a memory in which state information AA, which indicates whether or not information to be protected is stored in a predetermined memory area, and access permission information BB, which indicates whether or not access to the memory area is permitted, are stored; and an access control unit that rewrites the state information AA when information to be protected is written to, or deleted from, the memory area and at the same time, when the system is started, rewrites the access permission information BB to permit access to the memory area if information to be protected is not written in the memory area but, otherwise, rewrites the access permission information BB to the access inhibition state.12-09-2010
20130138906ELECTRONIC DEVICE SYSTEM AND STORAGE DEVICE - When an SD card is connected to an SD socket of an electronic device, a control unit of the SD card obtains permission/inhibition information (an output signal) outputted from a setting unit of the electronic device. Based on the obtained permission/inhibition information, the control unit starts the operation of a DC-DC converter corresponding to a memory unit from which reading-out of data is permitted. By virtue of this, reading-out of data from the memory unit is achieved in correspondence to the permission/inhibition information.05-30-2013
20110022812SYSTEMS AND METHODS FOR ESTABLISHING A CLOUD BRIDGE BETWEEN VIRTUAL STORAGE RESOURCES - Methods and systems for establishing a cloud bridge between two virtual storage resources and for transmitting data from one first virtual storage resource to the other virtual storage resource. The system can include a first virtual storage resource or cloud, and a storage delivery management service that executes on a computer and within the first virtual storage resource. The storage delivery management service can receive user credentials of a user that identify a storage adapter. Upon receiving the user credentials, the storage delivery management service can invoke the storage adapter which executes an interface that identifies a second virtual storage resource and includes an interface translation file. The storage delivery management service accesses the second virtual storage resource and establishes a cloud bridge with the second virtual storage resource using information obtained from the second virtual storage resource and information translated by the storage adapter using the interface translation file.01-27-2011
20100205394SEMICONDUCTOR STORAGE DEVICE AND CONTROL METHOD THEREOF - When an address indicating an access destination of a data storing unit, and a command indicating a content of a process for the address are input, block information corresponding to the input address is output from an information holding unit. Whether or not to execute the command for the address is decided on the basis of the output block information and the input command.08-12-2010
20110113210CONCURRENT ACCESS TO A MEMORY POOL SHARED BETWEEN A BLOCK ACCESS DEVICE AND A GRAPH ACCESS DEVICE - A graph access device and block access device can simultaneously access a memory pool shared between the devices. The memory pool may include one or more memory arrays accessed as a single logical memory. The block access device accesses the memory pool as a flat array of memory blocks, and the graph access device accesses the memory pool as hierarchical file system. The simultaneous access is accomplished by monitoring one or more memory block access operations performed by the block access device, while it is accessing the memory pool. The block access operations are translated into a graph data structure including a plurality of pointers mapping the memory pool to the hierarchical file system. A processor regulates access to the memory pool, and is configured to permit the graph access device to access the memory pool concurrently with the block access device, in accordance with the graph data structure.05-12-2011
20110145531INFORMATION PROCESSING APPARATUS AND MEMORY PROTECTION METHOD - A memory protection method of dividing the address space of a memory into two or more protection regions, and protecting the memory from an unauthorized access to a protection region by a program includes a definition step of defining the relation between protection regions, a determination step of, when the relation between the protection regions is an inclusion relation, determining that an included protection region cannot directly access an including protection region and the including protection region can directly access the included protection region, and a step of, when an access to the protection region determined to be able to be directly accessed is requested, permitting a direct access to the protection region determined to be able to be directly accessed, and prohibiting a direct access to the protection region determined to be unable to be directly accessed.06-16-2011
20110145530LEVERAGING MEMORY ISOLATION HARDWARE TECHNOLOGY TO EFFICIENTLY DETECT RACE CONDITIONS - One embodiment includes method acts for detecting race conditions. The method includes beginning a critical section, during which conflicting reads and writes should be detected to determine if a race condition has occurred. This is performed by executing at a thread one or more software instructions to place a software lock on data. As a result of executing one or more software instructions to place a software lock on data, several additional acts are performed. In particular, the thread places a software lock on the data locking the data for at least one of exclusive writes or reads by the thread. And, at a local cache memory local to the thread, the thread enters the thread's memory isolation mode enabling local hardware buffering of memory writes and monitoring of conflicting writes or reads to or from the cache memory to detect reads or writes by non-lock respecting agents.06-16-2011
20110040945SECURING NON-VOLATILE DATA IN AN EMBEDDED MEMORY DEVICE - The various embodiments of the invention relate generally to semiconductors and memory technology. More specifically, the various embodiment and examples of the invention relate to memory devices, systems, and methods that protect data stored in one or more memory devices from unauthorized access. The memory device may include third dimension memory that is positioned on top of a logic layer that includes active circuitry in communication with the third dimension memory. The third dimension memory may include multiple layers of memory that are vertically stacked upon each other. Each layer of memory may include a plurality of two-terminal memory elements and the two-terminal memory elements can be arranged in a two-terminal cross-point array configuration. At least a portion of one or more of the multiple layers of memory may include an obfuscation layer configured to conceal data stored in one or more of the multiple layers of memory.02-17-2011
20110040944INFORMATION EQUIPMENT, METHOD FOR SUPPORTING OPERATION THEREOF, AND COMPUTER-READABLE STORAGE MEDIUM FOR COMPUTER PROGRAM - Information equipment having a memory area for which access restrictions are set is provided. The information equipment makes a determination, in response to operation for turning a security mode into a security level enhanced mode, on data in the memory area, whether or not any one of the following conditions satisfy security requirements after the security level is enhanced: access restrictions set for the data itself; access restrictions set for the memory area; and authentication information for a user who has stored the data, and sends, to the user who has stored the corresponding data in the memory area or a user who has set the access restrictions for the memory area storing the corresponding data therein, a message to prompt one of the users to perform operation for satisfying the security requirements.02-17-2011
20110113211SYSTEMS AND METHODS OF QUOTA ACCOUNTING - Embodiments of the invention relate generally to incremental computing. Specifically, embodiments of the invention include systems and methods that provide for the concurrent processing of multiple, incremental changes to a data value while at the same time monitoring and/or enforcing threshold values for that data value. For example, a method is provided that implements domain quotas within a data storage system.05-12-2011
20100146233Non-Volatile Memory Device Capable of Initiating Transactions - A non-volatile memory may operate, not in a master/slave arrangement, but in a peer-to-peer arrangement. In some embodiments, the memory may initiate a transaction with a device outside the memory. Thus, the memory may proactively perform tasks conventionally performed by memory controllers and other external devices.06-10-2010
20110213940VIRTUALIZED DATA STORAGE VAULTS ON A DISPERSED DATA STORAGE NETWORK - A method begins with a slice server receiving a request to access a virtual digital data storage vault. The method continues by determining whether the virtual digital data storage vault is a first virtual digital data storage vault or a second virtual digital data storage vault. The slice server supports a portion of each of the first and the second virtual digital data storage vaults. When the virtual digital data storage vault is the first or the second virtual digital data storage vault, the method continues by determining whether the request is valid. When the request is valid, the method continues by executing the request to generate a response.09-01-2011
20100228937SYSTEM AND METHOD FOR CONTROLLING EXIT OF SAVED DATA FROM SECURITY ZONE - A system for controlling exit of saved data from a security zone, comprising an access control device, the access control device comprising an access detection module for detecting access of an application to a security zone and access of an application to a general zone, a target checking module for comparing the application, detected by the access detection module, with a list and then controlling access of the application to the security zone and access of the application to the general zone, and a processing control module for controlling writing of data of the application to the general zone.09-09-2010
20100228936ACCESSING MEMORY LOCATIONS FOR PAGED MEMORY OBJECTS IN AN OBJECT-ADDRESSED MEMORY SYSTEM - One embodiment of the present invention provides a system that accesses memory locations in an object-addressed memory system. During a memory access in the object-addressed memory system, the system receives an object identifier and an address. The system then uses the object identifier to identify a paged memory object associated with the memory access. Next, the system uses the address and a page table associated with the paged memory object to identify a memory page associated with the memory access. After determining the memory page, the system uses the address to access a memory location in the memory page.09-09-2010
20110078399Content approving apparatus - The present invention aims to provide an apparatus capable of determining whether or not content is permitted to be taken out, by managing contents permitted to be taken out. One aspect of the invention is characterized by comprising: a storage means that stores therein taking-out-permitted-content identification data which is data generated on the basis of a part or entirety of each content permitted to be taken out; and a generating means that generates the taking-out-permitted-content identification data. Another aspect of the present invention is characterized by comprising: a storage means that stores therein taking-out-permitted-content identification data which is data generated on the basis of a part or entirety of each content permitted to be taken out to the outside; and an approving means that determines whether a content is permitted to be taken out, with reference to the taking-out-permitted-content identification data.03-31-2011
20090089526MEMORY DEVICES WITH DATA PROTECTION - A memory device comprises a memory array, a status register coupled with the memory array, and a security register coupled with the memory array and the status register. The memory array contains a number of memory blocks configured to have independent access control. The status register includes at least one protection bit indicative of a write-protection status of at least one corresponding block of the memory blocks that corresponds to the protection bit. The security register includes at least one register-protection bit. The register-protection bit is programmable to a memory-protection state for preventing a state change of at least the protection bit of the status register. The register-protection bit is configured to remain in the memory-protection state until the resetting of the memory device.04-02-2009
20090172329Providing secure services to a non-secure application - A data processing apparatus comprising a data processor for processing data in a secure and a non-secure mode, said data processor processing data in said secure mode having access to secure data that is not accessible to said data processor processing data in said non-secure mode; and a further processing device for performing a task in response to a request from said data processor issued from said non-secure mode, said task comprising processing data at least some of which is secure data, said further processing device comprising a secure data store, said secure data store not being accessible to processes running on said data processor in non-secure mode; wherein prior to issuing any of said requests said data processor is adapted to perform a set up operation on said further data processing device, said set up operation being performed by said data processor operating in said secure mode and comprising storing secure data in said secure data store on said further processing device, said secure data being secure data required by said further processing device to perform said task; wherein in response to receipt of said request from said data processor operating in said non-secure mode said further data processing device performs said task using data stored in said secure data store to access any secure data required.07-02-2009
20100131730Software protection method - A software protection method to protect the software in a host against an unauthorized usage of a memory unit used in software is provided. The software protection method comprises the steps of: starting the operation of the software; declaring the memory unit such that the software takes the control right of the memory unit; generating a status tag of the memory unit; setting the status tag as an initializing status to initialize the memory unit; setting the status tag as an access status to access the memory unit; and setting the status tag as a delete status to forgo the control right of the memory unit.05-27-2010
20100131729INTEGRATED CIRCUIT WITH IMPROVED DEVICE SECURITY - A semiconductor device having circuitry comprising an embedded memory, an embedded processor for executing application codes, and a functional hardware element coupled with the embedded memory via a protected bus, and with the embedded processor via an unprotected bus, the hardware element being arranged to protect the protected bus, and including a locking means comprising at least one lock bit for globally locking at least part of the locking means before executing the application code.05-27-2010
20110087852METHOD OF AND SYSTEM FOR CONTROLLING THE PROGRAMMING OF MEMORY DEVICES - In order to further develop a method of and a system (04-14-2011
20100064112METHOD AND SYSTEM FOR PROVIDING DATA ACCESSIBILITY AND INTERLINKS BETWEEN A USER AND A STORAGE DEVICE - A new approach to the manipulation of data access of storage that complies with certain mapping interlinks between front-end servers and back-end storage data pool and which lessens the complexity of the interlinks and improves the efficiency of the data accessibility is disclosed. The method allocates multiple user hardware devices and the logical units to a correspondent designated sub-zone so that there is at least one sub-zone associated with two or more logical units, wherein the logical units reside inside the storage hardware or network. The method establishes the data access interlinks within the same sub-zone between users and logical units. A system that substantiates the method is also disclosed. The method and the system together comprise a new storage scheme.03-11-2010
20090249013SYSTEMS AND METHODS FOR MANAGING STALLED STORAGE DEVICES - Embodiments relate to systems and methods for managing stalled storage devices of a storage system. In one embodiment, a method for managing access to storage devices includes determining that a first storage device, which stores a first resource, is stalled and transitioning the first storage device to a stalled state. The method also includes receiving an access request for at least a portion of the first resource while the first storage device is in the stalled state and attempting to provide access to a representation of the portion of the first resource from at least a second storage device that is not in a stalled state. In another embodiment, a method of managing access requests by a thread for a resource stored on a storage device includes initializing a thread access level for an access request by a thread for the resource. The method also includes determining whether the storage device, which has a device access level, is accessible based at least in part on the thread access level and the device access level and selecting a thread operation based at least in part on the determination of whether the storage device is accessible. The thread operation may be selected from attempting the thread access request if the device is accessible and determining whether to restart the thread access request if the device is not accessible.10-01-2009
20110252209DATA ACCESS METHOD AND SYSTEM, STORAGE MEDIUM CONTROLLER AND STORAGE SYSTEM - A data access method for writing data into a storage apparatus is provided, wherein the storage apparatus has a storage unit, the storage unit has a partition, the storage property of the partition is set as a write protect mode and the storage apparatus is coupled to a host system having an operation system. The data access method includes transmitting a command from the host system to the storage apparatus through a human interface device path and setting the storage property of the first partition as a writable mode in response the command. The data access method also includes storing data into the partition by using built-in commands of the operation system. Accordingly, the data access method can write data into a partition that has been at the write protect mode when a user logins the operation system with a limited user authority mode.10-13-2011
20090216982SELF-LOCKING MASS STORAGE SYSTEM AND METHOD OF OPERATION THEREOF - A method of operation of a self-locking mass storage system includes: providing storage media and an inactivity timer; timing a period of read/write inactivity of the storage media using the inactivity timer; comparing the period of read/write inactivity against a preset maximum idle time; locking access to the storage media when the period of read/write inactivity exceeds the preset maximum idle time; and, resetting the period of read/write inactivity following read/write activity while the self-locking mass-storage system is in an unlocked state.08-27-2009
20090216981POWER EFFICIENT FLOW CONTROL MODEL FOR USB ASYNCHRONOUS TRANSFERS - Embodiments comprising a memory and a USB host controller coupled to the memory. The power efficiency of a USB during asynchronous transfers is increased by limiting usage of an asynchronous schedule stored in the memory when servicing a scheduled asynchronous transfer endpoint. Other embodiments may be described and claimed.08-27-2009
20090216980INFORMATION STORAGE SYSTEM - A storage media and a storage area of a storage apparatus are associated, and the storage media is used to manage the contents of the storage apparatus. A storage media for storing files is detachably mounted on an information processing apparatus, the information processing apparatus is connected to a storage apparatus via the Internet, the storage apparatus stores files corresponding to the files stored in the storage media, the storage media and the storage apparatus authenticate each other via the Internet, and the information processing apparatus reads files from or writes files into the storage media or the storage apparatus on the condition that the foregoing authentication is successful.08-27-2009
20090216979Method and system for secured drive level access for storage arrays - The present disclosure provides a methodology by which disk level access for storage drives of a storage array may be highly secured based on permission settings applied to the driver interface of the storage drives. Based on specific set of access rules, a security component applies security profiles to permit/deny access to an individual storage drive, sets the storage drive with a first security level, monitors for a triggering event, and sets the storage drive to a second (more restrictive) security access level in response to the triggering event. In addition, the security component generates an alert in response to the triggering event. Thus, disk level access permissions are applied at a driver interface layer and permissions are applied based on administrator-defined policies. The present disclosure provides for complete lock-down of data permissions, management and/or restriction of IO loads, and protection of “read-only” data integrity from overwrites.08-27-2009
20100058016METHOD, APPARATUS AND SOFTWARE PRODUCT FOR MULTI-CHANNEL MEMORY SANDBOX - A method, apparatus, and software product allow signalling toward a multi-channel memory subsystem within an application processing architecture, and routing of that signalling via a single sandbox which provides memory protection by controlling memory usage and blocking the signalling if it is unauthorized. The signalling via the sandbox leads to a plurality of different memory locations, and the sandbox is an intermediary for substantially all execution memory accesses to the multi-channel memory subsystem.03-04-2010
20100306490TRANSACTIONAL OBJECT CONTAINER - A computing device receives an object at runtime of a compiled application, wherein the object is a component of the application. The computing device generates a transactional proxy for the object, the transactional proxy including transactional logic, a transactional marker and a pointer to the object. The transactional proxy is passed to the application, wherein the application to make calls on the transactional proxy instead of on the object.12-02-2010
20100122056Method and Device for Securely Storing and Securely Reading User Data - User data is stored in at least one record in at least one predefined, logic data storage area. One respective record ID is assigned to the at least one record. The record ID includes a uniqueness stamp that is unique in the respective predefined data storage area, a unique ID of the predefined data storage area in which the respective record is stored, and a logic position of the respective record within the respective predefined data storage area. A record test value is determined and stored for the user data and the respective associated record ID of the respective record. Data storage area information containing the ID of the respective predefined data storage area and data on at least one value range of the uniqueness stamps of the records currently stored in the respective predefined data storage area is assigned to the respective predefined data storage area.05-13-2010
20090327637SECURITY SYSTEM FOR COMPUTERS - A security system designed to trap computer viruses is described. The system storage has an external alarm configured to monitor the time every file takes to load by monitoring the drive activity LED of the storage device. The document storage location is hidden and can optionally be accessed via password. If a virus spends an unexpected amount of time attempting to access storage the alarm will trigger. Downloads and other untrusted files are stored in quarantine storage. Documents can only be transferred from the quarantine storage to the system storage via a copy and paste program.12-31-2009
20090327636COMPRESSED TRANSACTIONAL LOCKS IN OBJECT HEADERS - A software transactional memory system is provided that generates and stores compressed transactional locks in a portion of object headers. The software transactional memory system allocates preferred write log memory with a predefined size of memory that corresponds to a number of bits in the compressed transactional locks. The compressed transactional locks identify write log entries in corresponding write logs in the preferred write log memory. If the preferred write log memory becomes full, additional write log memory is allocated for write log entries and subsequent transactional locks are stored uncompressed in an auxiliary memory. A pointer that may be used to locate the uncompressed transactional lock is stored in the header. If an object header with a compressed transactional lock is needed for another use, the compressed transactional lock is uncompressed and stored in the auxiliary memory. A pointer that may be used to locate the uncompressed transactional lock is stored in the header.12-31-2009
20110153970Method and Apparatus for the Execution of a Program - An apparatus and a method is provided for the execution of a program by a program-controlled device, in which the program-controlled device receives instructions and automatically executes the program if it receives an access instruction for accessing a protected memory area. The invention further relates to a programmable transponder containing at least one such program-controlled device.06-23-2011
20110153969DEVICE AND METHOD TO CONTROL COMMUNICATIONS BETWEEN AND ACCESS TO COMPUTER NETWORKS, SYSTEMS OR DEVICES - A network security device and method for one way or secure communication are disclosed. At least one processor is connected to a higher level network port and a lower level network port, and is connectable to a shared memory. The at least one processor is configured to send a data to the lower level network port via the shared memory in response to receiving the data from the higher level network port and to decline or ignore any request from the lower level network port to write to the shared memory. The at least one processor, which may be a higher level processor, may be further configured to decline or ignore any request from the higher level network port to read the shared memory. A lower level processor, connected to the lower level network port, may be at least conditionally disabled from writing to the shared memory.06-23-2011
20080320262READ/WRITE LOCK WITH REDUCED READER LOCK SAMPLING OVERHEAD IN ABSENCE OF WRITER LOCK ACQUISITION - An improved reader-writer locking for synchronizing access to shared data. When writing the shared data, a writer flag is set and a lock is acquired on the shared data. The shared data may be accessed following the expiration of a grace period and a determination that there are no data readers accessing the shared data. When reading the shared data, the writer flag is tested that indicates whether a data writer is attempting to access the shared data. If the writer flag is not set, the shared data is accessed using a relatively fast read mechanism. If the writer flag is set, the shared data is accessed using a relatively slow read mechanism.12-25-2008
20080313417APPARATUS AND METHOD OF DETECTING AND CONTROLLING PRIVILEGE LEVEL VIOLATION PROCESS - Provided are an apparatus and method of detecting and controlling a privilege level violation process. The apparatus monitors whether higher-privileged processes depend on information provided from lower-privileged objects or denies the higher-privileged processes to access the lower-privileged objects. The apparatus is provided in a process, and monitors whether a process accesses to a lower-privileged object. The apparatus gives a warning message or denies an access of the process to the lower-privileged object when it detects that the higher-privileged process access to the lower-privileged object. Therefore, the apparatus of detecting and controlling a privilege level violation process detects weaknesses that may be caused by privilege level violation, thus allowing a system to be safely operated.12-18-2008
20080229042METHOD FOR LOCKING NON VOLATILE MEMORY WORDS IN AN ELECTRONIC DEVICE FITTED WITH RF COMMUNICATION MEANS - The electronic device, in particular a transponder, includes a non volatile memory (EEPROM) having a plurality of words 09-18-2008
20120203989Device with Processing Unit and Information Storage - Embodiments related to a processing unit and a first information storage are described and depicted.08-09-2012
20110055507SYSTEM AND METHOD FOR RESTRICTING THE FUNCTION OF A STORAGE DEVICE BASED ON GEOGRAPHICAL LOCATION - A storage device capable of restricting its functions based on its geographical location is disclosed. In one embodiment, the storage device comprises a storage module for storing data; a positioning module, the positioning module determines the current location of the storage device; and a control module, the control module determines if the storage device is located within an area for function-restriction; and if so, one or more storage functions of the storage module is restricted; if not, the storage module assumes normal operation.03-03-2011
20110258409MEMORY DEVICE, HOST DEVICE, AND MEMORY SYSTEM - A memory device is provided including: a storage section configured to store a content with a time limit for use; an elapsed time counting section configured to count the time limit; a battery section configured to be supplied with power from an external device accessing the time-limited content so as to be charged with power for operating the elapsed time counting section; and a control section configured to include a function of determining an expected time period during which the battery section can sustain the elapsed time counting section operating to count the time limit.10-20-2011
20110264883Device for selecting and configuring a default storage section and the corresponding method - The present invention concerns a device and a method at the device for selecting and configuring a default storage section. The device comprises connecting means for connecting at least one storage device comprising storing means to the device, characterized in that it comprises a selector for selecting a storage device, the selected storage device becoming the default storage section, configuring means for, on selection of a default storage section, partitioning the storing means of the default storage section into more than one directory, and securing means for defining access rights to the more than one directory.10-27-2011
20100293351COMPUTER SYSTEM FOR ACCESSING STORED DATA - A computer system comprising: 11-18-2010
20120151167SYSTEMS AND METHODS FOR MANAGING READ-ONLY MEMORY - Systems, methods, and computer storage mediums for managing read-only memory are provided. A system includes a memory device including a real memory and a tracking mechanism configured to track relationships between multiple virtual memory addresses and real memory. The system further includes a processor configured to perform the below method and/or execute the below computer program product. One method includes mapping a first virtual memory address to a real memory in a memory device and mapping a second virtual memory address to the real memory. Here, the first virtual memory address is authorized to modify data in the real memory and the second virtual memory address is not authorized to modify the data in the real memory. One computer storage medium includes a computer program product for performing the above method.06-14-2012
20120311285Method and System for Context Specific Hardware Memory Access Protection - Methods and systems are provided that provide a hardware based memory access protection system which may prevent access to secret data due to either accidental hardware or software failure, or inappropriate access via a system attack. This system includes a memory protection module and divides global memory space into two classes—a “highly protected region” and an “other” region. In some implementations, the system may be entirety located on hardware on a system chip, making unauthorized manipulation difficult. In some implementations, this system may allow a user to pre-program every allowable operation which may be performed by any given bus master, not only the allowable operations of a processor. Register pairs are used to control access to protected regions of memory by masters on the bus.12-06-2012
20100122054COPY SAFE STORAGE - A data storage device provides information to an application while protecting the information from being copied. Particularly, the data storage device may include a detector to detect an access to an indicator. The indictor may be integrated with the information in such a way that a copy application will access the indicator when copying the information but another application using the information (e.g. a database application) will not access the indicator. The data storage device may further be configured to undertake a defensive response when access to the indicator is detected. Defensive responses may include terminating the access, issuing a report, or sending spurious data to the host. The configuration of the indicator and timing of the response may be chosen to impede separation of the indicator from the data.05-13-2010
20110082993HARD WARE DATA PROTECTION DEVICE - A device is connected between an storage device controller and a storage device, providing data storage device protection in a manner transparent to the computing system and to the user of the computing system independent of operating system. The device protects the user from malicious code by preventing its execution and the unauthorized or unwanted user data modification by making the contents of one of the storage device read only. All the operations of the device are invisible to the computing system and to the user independent of installed operating system. The device can be disabled by a switch or by other means. When this happens the effect is the same as if the device were physically removed of the computing system.04-07-2011
20120151168VIRTUALIZING PROCESSOR MEMORY PROTECTION WITH "L1 ITERATE AND L2 SWIZZLE" - Methods for providing shadow page tables that virtualize processor memory protection. In one embodiment, two shadow L2 page tables are maintained for each section, for example, each 1 MB section, of guest address space covered by a shadow L1 descriptor.06-14-2012
20110138142METHOD AND SYSTEM FOR AUTOMATICALLY PRESERVING PERSISTENT STORAGE - Computer-based methods, techniques, and systems for automatically protecting a storage device from unwanted alterations are provided. Example embodiments provide a Disk Access Redirection System, which includes a Redirection Driver, an Available Space Table (“AST”), a Protected Space Redirection Table (“PSRT”), and optionally an Unprotected Space Table (“UST”). The Redirection Driver is installed and registered with the computer operating system so that it can intercept storage device access requests (such as a disk read/write). When a storage access request for a read or write is sent, the request is intercepted by the Redirection Driver, transparent to the code that invokes the storage access request. The Redirection Driver uses the AST, PSRT, and optionally the UST, to allocate available storage space for redirected write requests, redirect write requests for protected areas of the storage device, and redirect read requests when the read request specifies a storage location that has been previously redirected.06-09-2011
20110138141EXECUTE ONLY ACCESS RIGHTS ON A VON NEUMAN ARCHITECTURES - A microcontroller system, such as a system-on-a-chip integrated circuit, including a processor (e.g., a Von Neumann processor), memory, and a memory protection unit (MPU), where the MPU provides execute-only access rights for one or more protected areas of the memory. The MPU can allow instructions fetched from within a protected area to access data in the protected area while preventing instructions fetched from outside the protected area from accessing data in the protected area.06-09-2011
20090300308Partitioning of a Multiple Logic-Unit-Number SCSI Target - A method, computer program product and computer system for assigning logic storage entities of a storage device to multiple partitions of a computer system, which includes associating each logic storage entity to one of the partitions that are allowed to access the logic storage entity; configuring a partition supervisor to control accesses of the partitions to the logic storage entities, so that the partitions can share resources when accessing the logic storage entities; and providing an interceptor in the partition supervisor, so that a request or a response between a select logic storage entity and a select partition is intercepted if the select partition is not allowed to access the select storage entity.12-03-2009
20090300307PROTECTION AND SECURITY PROVISIONING USING ON-THE-FLY VIRTUALIZATION - A virtualization layer is inserted between (i) an operating system of a computer system, and (ii) at least one of a memory module and a storage module of the computer system. At least one of read access and write access to at least one portion of the at least one of a memory module and a storage module is controlled, with the virtualization layer. The insertion of the virtualization layer is accomplished in an on-the-fly manner (that is, without rebooting the computer system) An additional aspect includes controlling installation of a security program from the virtualization layer.12-03-2009
20090292894MICROPROCESSOR HAVING INTERNAL SECURE MEMORY - An apparatus providing for a secure execution environment. The apparatus includes a microprocessor that is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus. The microprocessor has a non-secure memory and a secure volatile memory. The non-secure memory is configured to store portions of the non-secure application programs for execution by the microprocessor, where the non-secure memory is observable and accessible by the non-secure application programs and by system bus resources within the microprocessor. The secure volatile memory is configured to store the secure application program for execution by the microprocessor, where the secure volatile memory is isolated from the non-secure application programs and the system bus resources within the microprocessor.11-26-2009
20090292893MICROPROCESSOR HAVING SECURE NON-VOLATILE STORAGE ACCESS - An apparatus providing for a secure execution environment. The apparatus includes a microprocessor and a secure non-volatile memory. The microprocessor is configured to execute non-secure application programs and a secure application program, where the non-secure application programs are accessed from a system memory via a system bus. The secure non-volatile memory is coupled to the microprocessor via a private bus. The secure non-volatile memory is configured to store the secure application program, where transactions over the private bus between the microprocessor and the secure non-volatile memory are isolated from the system bus and corresponding system bus resources within the microprocessor.11-26-2009
20090292892Method to Reduce Power Consumption of a Register File with Multi SMT Support - A method for reducing the power consumption of a register file of a microprocessor supporting simultaneous multithreading (SMT) is disclosed. Mapping logic and associated table entries monitor a total number of processing threads currently executing in the processor and signal control logic to disable specific register file entries not required for currently executing or pending instruction threads or register file entries not meeting a minimum access threshold using a least recently used algorithm (LRU). The register file utilization is controlled such that a register file address range selected for deactivation is not assigned for pending or future instruction threads. One or more power saving techniques are then applied to disabled register files to reduce overall power dissipation in the system.11-26-2009
20110191562Apparatus and method for partitioning, sandboxing and protecting external memories - A technique to provide an integrated circuit that performs memory partitioning to partition a memory into a plurality of regions, in which the memory is accessed by a plurality of heterogeneous processing devices that operate to access the memory. The integrated circuit also assigns a security level for each region of the memory and permits a memory access by a transaction to a particular region of the memory, only when a level of security assigned to the transaction meets or exceeds the assigned security level for the particular region. The integrated circuit also performs sandboxing by assigning which of the plurality of processing devices are permitted access to each of the plurality of regions. The integrated circuit may implement only the security level function or only the sandboxing function, or the integrated circuit may implement them both. In some instances, a scrambling/descrambling function is included to scramble/descramble data. In one application, the integrated circuit is included within a mobile phone.08-04-2011
20110191561AUGMENTED ADVISORY LOCK MECHANISM FOR TIGHTLY-COUPLED CLUSTERS - An inter-machine locking mechanism coordinates the access of shared resources in a tightly-coupled cluster that includes a number of processing systems. When a requesting processing system acquires a lock to access a resource, a comparison is made between values of a global counter and a local counter. The global counter indicates the number of times the lock is acquired exclusively by any of the processing systems. Based on the comparison result, the requesting processing system determines whether the resource has been modified since the last time it held the lock.08-04-2011
20100070727Transactional Memory System - A transactional memory system is described for reporting memory access violations which occur when memory accesses made from instructions within a transaction conflict with memory accesses to the same memory location made from a non-transactional instruction. In an embodiment this is achieved by creating two mappings of a physical heap being used by a thread. The thread (which may be part of a multi-threaded process) comprises instructions for both transactional and non-transactional accesses to the physical heap which may execute concurrently as part of that thread. One of the mappings is used for non-transactional memory accesses to the physical heap. The other mapping is used for transactional memory accesses to the physical heap. Access permissions associated with the mappings are controlled to enable attempted memory access violations to be detected and reported.03-18-2010
20100030991ELECTRONIC DEVICE AND METHOD FOR UPDATING BIOS THEREOF - This invention discloses a method for updating a basic input/output system (BIOS). The BIOS is stored in a memory of an electronic device. An embedded controller (EC) is electrically connected to the memory and a processor. The processor is electrically connected to the memory and executes the BIOS. The method for updating the BIOS includes the following steps. First, a write instruction is sent to the EC. Afterward, the EC receives the write instruction and sends a system management interrupt (SMI) to the processor. Then, the processor receives the SMI and sends an identification code to the EC. Then, the EC receives the identification code and determines whether the identification code matches a security code. If the identification code matches the security code, the EC allows the memory to be writable to update the BIOS.02-04-2010
20100023720METHOD AND APPARATUS FOR RECOGNIZING CHANGES TO DATA - The present invention refers to a method and apparatus, in which changes to relevant data are made easily recognizable. The data is stored in the same sector of a flash memory as a program which is used for the start-up or operation of a device. Due to the characteristics of flash memory the complete sector including the program is deleted when deleting the relevant data, by which the device is no longer operable and a malfunction and damage can be avoided. Furthermore, a bitwise inverted form of the data is stored in the flash memory, and it is inspected whether the original and the inverted form of the data coincide. A change to the data, which is not recognizable by the inspection, requires the deletion of the sector, thereby also deleting the program and thus the device is no longer operable.01-28-2010
20100023719METHOD AND CIRCUIT FOR PROTECTION OF SENSITIVE DATA IN SCAN MODE - A reset generator for resetting at least one register in a register bank. The register generator comprises a scan mode input terminal configured to input a scan mode signal, a system reset input terminal configured to input a system reset signal, a secure reset output terminal configured to output a secure reset signal and a combination logic unit configured to combine the scan mode signal and the system reset signal. The combination is such that when the scan mode of the at least one register is activated, the secure reset signal is immediately activated for resetting the at least one register. The activation of the secure reset signal is independent of the system reset signal. The secure reset signal is deactivated when the system reset signal is deactivated and the secure reset signal follows the activation/deactivation cycles of the system reset signal after deactivation.01-28-2010
20100023718Methods For Data-Smuggling - The present invention discloses methods for an application, running on a host system, to access a restricted area of a storage device, the method including the steps of: providing a file system for running on the host system; restricting access, by the file system, to the restricted area; sending an indication, from the application to the storage device, that data being sent by the application to the storage device via the file system is intended for the restricted area; detecting the indication in the storage device; and making the data, residing in the restricted area, available for reading by the application upon receiving an application request. Preferably, the method further includes the step of: releasing wasted areas, of the storage device, for use by the file system. Preferably, the method further includes the step of: copying non-restricted data from a non-restricted area into the restricted area.01-28-2010
20120042145USER-LEVEL SECMENTATION MECHANISM THAT FACILITATES SAFELY EXECUTING UNTRUSTED NATIVE CODE - A system that uses segmentation to safely execute native code. This system includes a processing element that executes the native code and a memory which stores code and data for the processing element. The processing element includes a segmentation mechanism which limits the native code executing on the processing element to accessing a specified segment of memory. The processing element also includes an instruction-processing unit, which is configured to execute a user-level instruction that causes the segmentation mechanism to limit memory accesses by the native code to the specified segment of the memory.02-16-2012
20110307677DEVICE FOR MANAGING DATA BUFFERS IN A MEMORY SPACE DIVIDED INTO A PLURALITY OF MEMORY ELEMENTS - In a device for managing data buffers in a memory space distributed over a plurality of memory elements, the memory space is allocatable by memory pages, each buffer including one or more memory pages. The buffers are usable by at least one processing unit for the execution of an application, the application being executed by a plurality of processing units executing tasks in parallel. The memory elements are accessible in parallel by the processing units. The device includes means for allocating buffers to the tasks during the execution of the application and means for managing access rights to the buffers. The means for managing the access rights to the buffers include means for managing access rights to the pages in a given buffer, to verify that writing to a given page does not modify data currently being read from the page or that reading from a given page does not access data currently being written to the page, in such a way as to share the buffer between unsynchronized tasks.12-15-2011
20090172331Securing content for playback - A graphics engine may include a decryption device, a renderer, and a sprite or overlay engine, all connected to a display. A memory may have a protected and non-protected portions in one embodiment. An application may store encrypted content on the non-protected portion of said memory. The decryption device may access the encrypted material, decrypt the material, and provide it to the renderer engine of a graphics engine. The graphics engine may then process the decrypted material using the protected portion of the memory. Only graphics devices can access the protected portion of the memory in at least one mode, preventing access by outside sources. In addition, the protected memory may be stolen memory that is not identified to the operating system, making that stolen memory inaccessible to applications running on the operating system.07-02-2009
20090172328SYSTEM AND METHOD FOR HIGH PERFORMANCE SECURE ACCESS TO A TRUSTED PLATFORM MODULE ON A HARDWARE VIRTUALIZATION PLATFORM - A system and method for high performance secure access to a trusted platform module on a hardware virtualization platform. The virtualization platform including Virtual Machine Monitor (VMM) managed components coupled to the VMM. One of the VMM managed components is a TPM (Trusted Platform Module). The virtualization platform also includes a plurality of Virtual Machines (VMs). Each of the virtual machines includes a guest Operating System (OS), a TPM device driver (TDD), and at least one security application. The VMM creates an intra-partition in memory for each TDD such that other code and information at a same or higher privilege level in the VM cannot access the memory contents of the TDD. The VMM also maps access only from the TDD to a TPM register space specifically designated for the VM requesting access. Contents of the TPM requested by the TDD are stored in an exclusively VMM-managed protected page table that provides hardware-based memory isolation for the TDD.07-02-2009
20090172327Optimistic Semi-Static Transactional Memory Implementations - A lock-based software transactional memory (STM) implementation may determine whether a transaction's write-set is static (e.g., known in advance not to change). If so, and if the read-set is not static, the STM implementation may execute, or attempt to execute, the transaction as a semi-static transaction. A semi-static transaction may involve obtaining, possibly after incrementing, a reference version value against which to subsequently validate that memory locations, such as read-set locations, have not been modified concurrently with the semi-static transaction. The read-set locations may be validated while locks are held for the locations to be written (e.g., the write-set locations). After committing the modifications to the write-set locations and as part of releasing the locks, versioned write-locks associated with the write-set locations may be updated to reflect the previously obtained, or newly incremented, reference version value.07-02-2009
20120047342FACILITATION OF SIMULTANEOUS STORAGE INITIALIZATION AND DATA DESTAGE - Various embodiments for storage initialization and data destage in a computing storage environment are provided. At least a portion of data on a storage device is initialized using a background process, while one of simultaneously and subsequently destaging the at least the portion of the data to the storage device using a foreground process is performed. A persistent metadata bitmap, adapted to indicate whether the at least the portion of the data has been initialized, is staged to cache, the cache operable in the computing storage environment. The background process maintains a volatile bitmap indicating a status of the initialization of the at least the portion of the data in direct correspondence to the metadata bitmap. As the background process initializes the at least the portion of the data, an applicable bit on the persistent metadata bitmap is cleared and a corresponding bit is set on the volatile bitmap.02-23-2012
20120210085METHOD FOR EXECUTING SECURITY-RELEVANT AND NON-SECURITY-RELEVANT SOFTWARE COMPONENTS ON A HARDWARE PLATFORM - A method for executing safety-relevant and non-safety-relevant software components on a hardware platform comprising a computer, memory and a monitoring component that operates independently of the computer. The safety-relevant software component erects a memory protection against access of a non-safety-relevant function to at least one area of the memory of the safety-relevant function before execution of the non-safety-relevant software component, so that the non-safety-relevant software component does not have access to the areas of the memory being used for safety-relevant components. After the return from the non-safety-relevant component, the memory protection is deactivated and the monitoring function monitors the safety-relevant function for its proper operation.08-16-2012
20120005442STORAGE DEVICE, ACCESS CONTROL PROGRAM RECORDING MEDIUM, AND CONTROL METHOD OF STORAGE DEVICE - A storage device for storing data includes a device configured to store data read or written by a host, a command storage unit configured to store commands transmitted by the host to acquire information relating to the device, a command acquisition unit configured to acquire commands issued to the device when the host requests access to the data stored in the device, and an access determination unit configured to permit the access, if the commands acquired by the command acquisition unit have been stored in the command storage unit.01-05-2012
20120060008INFORMATION PROCESSING TRMINAL, METHOD, PROGRAM, AND INTEGRATED CIRCUIT FOR CONTROLLING ACCESS TO CONFIDENTIAL INFORMATION, AND RECORDING MEDIUM HAVING THE PROGRAM RECORDED THEREON - An information processing terminal (03-08-2012
20120117348TECHNIQUES FOR SECURITY MANAGEMENT PROVISIONING AT A DATA STORAGE DEVICE - Techniques for a data storage device to locally implement security management functionality. In an embodiment, a security management process of the data storage device is to determine whether an access to non-volatile media of the data storage device is authorized. In certain embodiments, the data storage device is to restrict access to a secure region of the non-volatile storage media, the secure region to store information used and/or generated by a security management process of the data storage device.05-10-2012
20120060007TRAFFIC CONTROL METHOD AND APPARATUS OF MULTIPROCESSOR SYSTEM - A method and apparatus for controlling traffic of multiprocessor system or multi-core system is provided. The traffic control apparatus of a multiprocessor system according to the present invention includes a request handler for processing a traffic request of a first processor, and a Quality of Service (QoS) manager for receiving a QoS guaranty start instruction for a second processor from the multiprocessor system, and for transmitting, when traffic of the second processor is detected, a traffic adjustment signal to the request handler. The request handler adjusts the traffic of the first processor according to the received traffic adjustment signal. The traffic control method and apparatus of the present invention is capable of adjusting the required bandwidths of individual technologies and guaranteeing the real-timeness in the multiprocessor system or multi-core system.03-08-2012
20120159104SECURE MEMORY ACCESS SYSTEM AND METHOD - A secure memory access system and method for providing secure access to Hyper Management Mode memory ranges is presented.06-21-2012
20120159103SYSTEM AND METHOD FOR PROVIDING STEALTH MEMORY - The described implementations relate to computer memory. One implementation provides a technique that can include providing stealth memory to an application. The stealth memory can have an associated physical address on a memory device. The technique can also include identifying a cache line of a cache that is mapped to the physical address associated with the stealth page, and locking one or more other physical addresses on the memory device that also map to the cache line.06-21-2012
20120072692DATA ACCESS MANAGEMENT - Apparatus, systems, and methods may operate to assert a first semi-exclusive write lock with respect to a storage medium area by storing lock information when assertion of another semi-exclusive write lock with respect to the area is not detected. Additional activities may include writing data to the area by a writing entity that has asserted the first semi-exclusive write lock after determining the lock information has not changed, while substantially simultaneously de-asserting the first semi-exclusive write lock. Reading from the area may be determined as successful by determining that the semi-exclusive write lock was not asserted prior to or during the reading by checking the status of the lock information. Additional apparatus, systems, and methods are disclosed.03-22-2012
20120110291SYSTEM AND METHOD FOR I/O COMMAND MANAGEMENT - Systems and methods for input/output command management. In embodiments of the invention an input/output command fully executes after a lock has been obtained for the command on all storage segments relating to the command, in a predetermined order. Some embodiments of the invention allow overlapping access to storage and/or to individual storage segments by a plurality of input/output commands. In some embodiments of the invention, prioritization of commands is facilitated through the usage of a sharing policy and/or wakeup policy.05-03-2012
20110066820OVERFLOW HANDLING OF SPECULATIVE STORE BUFFERS - A method, a system and a computer program product for handling speculative stores. The system determines when a speculative store buffer is not full. An indicator is generated when the speculative store buffer is not full, and the speculative stores are input into the speculative store buffer. When the speculative store buffer is full, a full buffer indicator is generated. Speculative stores prevented from entering the speculative store buffer are overflow stores. The overflow list is searched to determine whether one or more addresses of the overflow stores are present in the overflow list. When one or more addresses of the overflow stores are not present in the overflow list, the overflow stores are stored in the overflow list.03-17-2011
20120110292METHOD FOR ACCESSING A PORTABLE DATA STORAGE MEDIUM WITH AUXILIARY MODULE AND PORTABLE DATA STORAGE MEDIUM - The invention describes a method for accessing a portable storage data carrier (05-03-2012
20110107047Enforcing a File Protection Policy by a Storage Device - A file attribute, which is called herein “enforcement bit”, is used for each file that is stored in a storage device. If the protection particulars associated with a stored file are allowed to be changed, the enforcement bit is set to a first value, and if the protection particulars or properties are not to be changed, the enforcement bit is set to a second value. When the storage device is connected to a host device, the storage device provides to the host device protection particulars and an enforcement bit, which collectively form a “file protection policy”, for each stored file in response to a file system read command that the host device issues, in order to notify the host device of files in the storage device whose protection particulars are allowed to be changed freely, and of files whose protection particulars are not allowed to be changed by unauthorized users or devices.05-05-2011
20110099348CONTROLLING MEMORY VISIBILITY - Embodiments are disclosed herein that are related to controlling the visibility of a portion of memory in a hardware device. For example, one disclosed embodiment provides a hardware device comprising a communications interface configured to connect to a complementary communications interface on a computing device. The hardware device further comprises a portion of memory having a first ID configured to cause the portion of memory to be visible to a user of the computing device to which the hardware device is connected. Further still, the hardware device comprises instructions stored in the portion of memory which are executable by and transferable to the computing device to cause the installation of a computer program related to the hardware device, and to cause the portion of memory to be hidden from the user of the computing device upon transferring of the instructions to the computing device.04-28-2011
20110099347MANAGING ALLOCATION AND DEALLOCATION OF STORAGE FOR DATA OBJECTS - Various approaches for managing storage for data objects. In one approach, data describing a plurality of allocation control areas are stored. Each allocation control area references a respective set of free pages that are available for allocation for storing data objects. In response to a request to delete a data object, a non-blocking exclusive lock is sought on an initial one of the allocation control areas. If the lock is granted, each page having data of the data object is returned to the respective set of free pages of the initial one of the allocation control areas. If the lock is denied, another one of the allocation control areas to which a non-blocking exclusive lock can be granted is determined, and each page is returned to the respective set of free pages of the other one of the allocation control areas.04-28-2011
20090132776DATA PROCESSING DEVICE, DATA PROCESSING METHOD, DATA PROCESSING PROGRAM, RECORDING MEDIUM CONTAINING THE DATA PROCESSING PROGRAM AND INTERGRATED CIRCUIT - A data processing device for processing stream data composed of a plurality of frames generated with encoded contents data, which includes a protected storage unit for storing data, being protected from external access, a non-protected storage unit for storing data, a receiving unit for receiving stream data, a separating unit for separating the stream data into protected data including frames necessary for decoding of other frames, and non-protected data not including frames necessary for decoding of other frames, and storing the protected data in the protected storage unit and storing the non-protected data in the non-protected storage unit, and a combining unit for restoring the stream data by combining the protected data stored in the protected storage unit and the non-protected data stored in the non-protected storage unit.05-21-2009
20120124313MULTI-CHANNEL MEMORY WITH EMBEDDED CHANNEL SELECTION - Subject matter disclosed herein relates to a memory device, and more particularly to a multi-channel memory device and methods of selecting one or more channels of same.05-17-2012
20120124312HOST DISCOVERY AND HANDLING OF ALUA PREFERENCES AND STATE TRANSITIONS - Various systems and methods can discover asymmetric logical unit (LUN) access (ALUA) preferences and/or state transitions and use those preferences and/or state transitions to control how a host accesses a LUN in an ALUA array. One such method involves detecting a preferred controller for a LUN and then detecting that a current owner controller of the LUN is not the preferred controller. In response, the method can initiate an ownership change from the current owner controller to the preferred controller. Another method involves detecting an initial state of a first controller with respect to a LUN. The method then detects a subsequent state of the first controller with respect to the LUN subsequent to detecting the initial state. The method can then cause a computing device to access the LUN via a second controller, in response to the subsequent state not being the active optimized state.05-17-2012
20120124314RECORDING MEDIUM - A recording medium according to an embodiment includes: a storing section including a first area in which a number-of-reproductions limited file is written and a second area in which at least one determination address in an address range of the first area, in which the number-of-reproductions limited file is written, and a number of readable times of the number-of-reproductions limited file are written; and a control section configured not to perform, after the number of readouts of reading out of data in the at least one determination address reaches the number of readable times, output of the number-of-reproductions limited file in response to a readout request for the number-of-reproductions limited file.05-17-2012
20120166747DYNAMIC NEST LEVEL DETERMINATION FOR NESTED TRANSACTIONAL MEMORY ROLLBACK - Embodiments of the present invention address deficiencies of the art in respect to nested transaction rollback and provide a method, system and computer program product for dynamic nest level determination for nested transaction rollback. In an embodiment of the invention, a nested transaction rollback method can be provided. The method can include detecting a violation of a block of memory accessed within a set of nested transactions, retrieving a tentative rollback level for the violation, discarding a speculative state for the block of memory at each level of the set of nested transactions up to and including the tentative rollback level, refining the tentative rollback level to a lower level in the set of nested transactions, and additionally discarding a speculative state for the block of memory at additional levels in the set of nested transactions up to and including the refined rollback level.06-28-2012
20120216002REMOTE PERMISSIONS PROVISIONING FOR STORAGE IN A CACHE AND DEVICE THEREFOR - A system and method are disclosed for determining whether to allow or deny an access request based upon one or more descriptors at a local memory protection unit and based upon one or more descriptors a system memory protection unit. When multiple descriptors of a memory protection unit apply to a particular request, the least-restrictive descriptor will be selected. System access information is stored at a cache of a local core in response to a cache line being filled. The cached system access information is merged with local access information, wherein the most-restrictive access is selected.08-23-2012
20100174882Method for Protecting Software of Embedded Applications Against Unauthorized Access - A method of protecting software for embedded applications against unauthorized access. Software to be protected is loaded into a protected memory area. Access to the protected memory area is controlled by sentinel logic circuitry. The sentinel logic circuitry allows access to the protected memory area from only either within the protected memory area or from outside of the protected memory area but through a dedicated memory location within the protected memory area. The dedicated memory location then points to protected address locations within the protected memory area.07-08-2010
20120216003SEMICONDUCTOR DEVICE AND MEMORY PROTECTION METHOD - According to one embodiment, a semiconductor device includes a processor, and a memory device. The memory device has a nonvolatile semiconductor storage device and is configured to serve as a main memory for the processor. When the processor executes a plurality of programs, the processor manages pieces of information required to execute the programs as worksets for the respective programs, and creates tables, which hold relationships between pieces of information required for the respective worksets and addresses of the pieces of information in the memory device, for the respective worksets. The processor accesses to the memory device with reference to the corresponding tables for the respective worksets.08-23-2012
20090100240AUTHENTICATION METHOD, CORRESPONDING PORTABLE OBJECT AND COMPUTER SOFTWARE PROGRAM - A method is provided for authenticating a carrier of a portable object having a memory for memorising at least one item of secret information. The method includes: authentication processing of a signature provided by said carrier, taking account of said secret information; supplying an item of information for the authentication decision, positive or negative, implementing, in a non volatile memory of said portable object, an incorrect signature indicator which may adopt a value indicating a normal situation and at least one value indicating an abnormal situation. The step of implementing including: after said information supplying step, writing, in said incorrect signature indicator, a value indicating an abnormal situation, if said authentication decision is negative; and before said authentication step, and if said incorrect signature indicator contains a value indicating an abnormal situation, a step generating a delay. The writing step also includes memorising at least one item of context-related information.04-16-2009
20120179888METHOD AND APPARATUS FOR SETTING ACCESS RESTRICTION INFORMATION - The storage system includes a host computer; a management computer coupled to the host computer; a first storage device coupled to the host computer and the management computer, and including first port management information; and a second storage device coupled to the host computer, the management computer and the first storage device, and including second port management information. The first port management information and the second port management information include an identifier of a port on each storage device, an identifier of a volume in each storage device, an access restriction and an identifier of a port permitted access from the host computer to each storage device.07-12-2012
20100017576Data Transference to Virtual Memory - Some embodiments comprise a method for selecting data to be transferred to a storage space of virtual memory and include identifying a set of data and determining subsets. Determining subsets may allow for delays before transferring the subsets and allow access to memory of the subsets during the delays. Accesses during the delays may enable embodiments to select other data to be transferred to the storage space and prevent transference of the accessed data. Other embodiments comprise apparatuses that have a paging space, a page identifier, and a page transferrer to transfer pages to the paging space after a delay. The delay may prevent a number of pages from being transferred to the paging space, such as for pages that were accessed during the delay.01-21-2010
20100017575SECURITY SYSTEM FOR EXTERNAL DATA STORAGE APPARATUS AND CONTROL METHOD THEREOF - A security system for an external data storage apparatus and a control method thereof, in which a data storage is driven by reading an identification (ID), which is input through a key input unit for the purpose of security of the external data storage apparatus, and then checking whether or not the read ID is equal to a previously registered ID, thereby preventing data from leaking out and being damaged in advance by another person, and safely protecting the data of a user. The security system comprises a data storage, in which data is stored; a high-speed serial bus, which connects the data storage with a data terminal, which read and write the data stored in the data storage; a key input unit, which converts an ID, which is input by operation of a user, to an electrical signal and outputs the converted signal; a memory, which stores and sets the ID input by the key input unit; and a control circuit, which, when the ID input by the key input unit is applied, compares the input ID with the preset ID stored in the memory, drives the data storage based on the compared result, and re-arranges storage sectors of the data storage to prevent the data from leaking out of the data storage when an unauthorized data terminal provides access.01-21-2010
20120233428APPARATUS AND METHOD FOR SECURING PORTABLE STORAGE DEVICES - An apparatus and method for controlling and securing information stored on portable USB storage devices. Using the software application stored on the USB storage device in conjunction with functionality performed by a designed server, use of the storage device is limited to authorized users, PCs and locations, and other criteria while information contained within the device is protected from unauthorized access.09-13-2012
20120185662Limited use data storing device - Embodiments of methods and systems for controlling access to information stored on memory or data storage devices are disclosed. In various embodiments, methods of retrieving information from a data storage device previously deactivated by modification or degradation of at least a portion of the data storage device are disclosed.07-19-2012
20120084525METHOD AND DEVICE FOR LOADING AND EXECUTING INSTRUCTIONS WITH DETERMINISTIC CYCLES IN A MULTICORE AVIONIC SYSTEM HAVING A BUS OF WHICH THE ACCESS TIME IS NOT PREDICTABLE - A method and device for loading and executing a plurality of instructions in an avionics system including a processor including at least two cores and a memory controller, each of the cores including a private memory. The plurality of instructions is loaded and executed by execution slots such that, during a first execution slot, a first core has access to the memory controller for transmitting at least one piece of data stored in the private memory thereof and for receiving and storing at least one datum and an instruction from the plurality of instructions in the private memory thereof, while the second core does not have access to the memory controller and executes at least one instruction previously stored in the private memory thereof and such that, during a second execution slot, the roles of the two cores are reversed.04-05-2012
20120260054SECURITY SYSTEM FOR EXTERNAL DATA STORAGE APPARATUS AND CONTROL METHOD THEREOF - A security system for an external data storage apparatus and control method thereof are disclosed. The system utilizes a preset identification (ID) and input ID to selectively permit data to be written and/or read.10-11-2012
20090019248PORTABLE DEVICE AND METHOD FOR CONTROLLING SHARED MEMORY IN PORTABLE DEVICE - A portable terminal and a method of controlling a shared memory, the portable terminal are disclosed. The portable terminal includes a memory unit, being equipped with at least 2 ports and having a storage block partitioned into partitioned blocks in a quantity of n, and a plurality of processors, reading or writing data by accessing a particular partitioned block through each dedicated port. At least one of the partitioned blocks is assigned to a common storage block, accessible by a processor having an access privilege, and the access privilege is transferred between the plurality of processors. The common storage block can be partitioned into k sub partitioned blocks, which the data type and process to be stored are predetermined. With the present invention, in the case of the common storage block for the plurality of processors, by allowing the partitioned storage blocks to be partitioned again into sub partitioned blocks depending on a type of data to be stored, the data processing/transmission speed and efficiency can be optimized.01-15-2009
20090019247Bufferless Transactional Memory with Runahead Execution - A method for executing an atomic transaction includes receiving the atomic transaction at a processor for execution, determining a transactional memory location needed in memory for the atomic transaction, reserving the transactional memory location while all computation and store operations of the atomic transaction are deferred, and performing the computation and store operations, wherein the atomic transaction cannot be aborted after the reservation, and further wherein the store operation is directly committed to the memory without being buffered.01-15-2009
20120233427Data Storage Device and Data Management Method Thereof - An embodiment of the invention provides a data storage device and data management method thereof. The data storage device is coupled to a host, and includes a storage media having data sectors for storing data and a controller. The controller is coupled to the storage media for sequentially receiving one or more read commands and corresponding one or more logical addresses thereto, reads a plurality of first data sectors from the storage media according to the read commands and the corresponding logical addresses, outputs data of the first data sectors to the host, calculates a valid duration required for the one or more read commands, calculates an average data throughput according to the number of the first data sectors and the valid duration, and determines whether the average data throughput exceeds a predetermined threshold. When the average data throughput exceeds the predetermined threshold, the controller performs a blocking procedure to prevent the storage media from being accessed.09-13-2012
20080301388INFORMATION PROCESSING APPARATUS AND COMPUTER READABLE MEDIUM - An information processing apparatus includes a restriction section, an acquisition section and a change section. The restriction section restricts maximum amount of stored data to be stored in each of information storage area in response to a reference value predetermined to each of information storage area. The acquisition section acquires relevant information about the stored data stored in each of the information storage area. The change section that changes the reference value determined to each of the information storage areas based on the acquired relevant information.12-04-2008
20110004737METHOD AND APPARATUS FOR PROTECTED CONTENT DATA PROCESSING - Methods and an apparatuses that perform protected content data processing with limited access to system resources are described. One or more regions in a memory (including a source memory and a destination memory) can be allocated and unprocessed content data can be mapped to the source memory. A process can be initialized with the source and destination memories to process the content data. The process can be prevented from accessing resource other than the allocated regions in the memory. The processed content data can be stored in the destination memory. In one embodiment, the content data can include media content. A playing device can be instructed to play the media content based on the processed content data via the destination memory.01-06-2011
20110131386DEVICE, CONTROL METHOD THEREOF, AND PROGRAM - An unmount state storing unit configured to store a state of unmount processing to end access processing to a memory card attached to a device from a host computer is provided. During a period from immediately after a host computer executes the unmount processing until detaching of the memory card is detected, a value of the host computer unmount state storing unit is stored as “true”. During the period in which this value is “true”, a host computer mount request from another host computer is denied. Consequently, after the access processing to the memory card attached to a device by the host computer has ended, contents of the memory card cannot be read from the other host computer while the memory card is still attached.06-02-2011
20120239895Memory Management Unit that Applies Rules Based on Privilege Identifier - A memory management and protection system that manages memory access requests from a number of requestors. Memory accesses are allowed or disallowed based on the privilege level of the master, usually a CPU originating the request based on a Privilege Identifier that accompanies each memory access request. Deputy masters such as DMA controllers inherit the Privilege Identifier of the originating master. An extended memory controller selects the appropriate set of segment registers based on the Privilege Identifier to insure that the request is compared to and translated by the segment register associated with the master originating the request.09-20-2012
20080288735Data Protection for Non-Volatile Semiconductor Memory Using Block Protection Flags - Receiving a request for canceling setting, a control circuit erases data stored in a corresponding block, changes a value of a protection flag, and cancels protection setting. When an overall protection is set for any block, the control circuit prohibits access to all blocks, except when it is an operation mode for activating a memory program contained in the microcomputer. Further, control circuit permits an access to a block M only when partial protection is set, CPU is in the mode for activating a memory program contained in the microcomputer and the access is for reading an instruction code in accordance with an instruction fetch.11-20-2008
20120324190AGGREGATE SYMMETRIC MULTIPROCESSOR SYSTEM - An aggregate symmetric multiprocessor (SMP) data processing system includes a first SMP computer including at least first and second processing units and a first system memory pool and a second SMP computer including at least third and fourth processing units and second and third system memory pools. The second system memory pool is a restricted access memory pool inaccessible to the fourth processing unit and accessible to at least the second and third processing units, and the third system memory pool is accessible to both the third and fourth processing units. An interconnect couples the second processing unit in the first SMP computer for load-store coherent, ordered access to the second system memory pool in the second SMP computer, such that the second processing unit in the first SMP computer and the second system memory pool in the second SMP computer form a synthetic third SMP computer.12-20-2012
20120324189AGGREGATE DATA PROCESSING SYSTEM HAVING MULTIPLE OVERLAPPING SYNTHETIC COMPUTERS - A first SMP computer has first and second processing units and a first system memory pool, a second SMP computer has third and fourth processing units and a second system memory pool, and a third SMP computer has at least fifth and sixth processing units and third, fourth and fifth system memory pools. The fourth system memory pool is inaccessible to the third, fourth and sixth processing units and accessible to at least the second and fifth processing units, and the fifth system memory pool is inaccessible to the first, second and sixth processing units and accessible to at least the fourth and fifth processing units. A first interconnect couples the second processing unit for load-store coherent, ordered access to the fourth system memory pool, and a second interconnect couples the fourth processing unit for load-store coherent, ordered access to the fifth system memory pool.12-20-2012
20120272027Memory Protection Unit with Support for Distributed Permission Checks - A memory management and protection system that manages memory access requests from a number of requestors. Memory accesses are allowed or disallowed based on the permissions assigned to the request based on the memory segment being accessed. The decision to allow or disallow access is made by the extended memory controller by merging the permissions assigned to the memory segment being accessed, and the permissions assigned to the access request by the originating memory controller or other endpoint.10-25-2012
20110161610COMPILER-ENFORCED AGENT ACCESS RESTRICTION - A compiler that enforces, at compile time, domain data access permissions and/or agent data access permissions on at least one agent to be created within a domain. The compiler identifies domain data of a domain to be created, and an agent to be created within the domain at runtime. The domain access permissions of the agent are also identified. As part of compilation of an expression of an agent, a reference to the domain data is identified. Then, the compiler evaluates an operation that the reference to the domain data would impose on the domain data upon evaluating the expression at runtime. The compiler then determines whether or not the operation is in violation of the domain access permissions of the agent with respect to the identified domain data. Agent data access may also be evaluated depending on whether the access occurs by a function or a method.06-30-2011
20110238939MEMORY DEVICES WITH DATA PROTECTION - A memory device comprises a memory array, a status register, a status-register write-protect bit and a security register. The memory array contains a number of memory blocks. The status register includes at least one protection bit indicative of a protection status of at least one corresponding block of the memory blocks. The status-register write-protect bit is coupled with the status register for preventing a state change of the at least one protection bit. The security register includes at least one register-protection bit for preventing the state change in one of the at least one protection bit of the status register and the status-register write-protect bit.09-29-2011
20120278577METHOD AND APPARATUS FOR PROTECTED CONTENT DATA PROCESSING - Methods and an apparatuses that perform protected content data processing with limited access to system resources are described. One or more regions in a memory (including a source memory and a destination memory) can be allocated and unprocessed content data can be mapped to the source memory. A process can be initialized with the source and destination memories to process the content data. The process can be prevented from accessing resource other than the allocated regions in the memory. The processed content data can be stored in the destination memory. In one embodiment, the content data can include media content. A playing device can be instructed to play the media content based on the processed content data via the destination memory.11-01-2012
20120278576EFFICIENT NON-BLOCKING K-COMPARE-SINGLE-SWAP OPERATION - The design of nonblocking linked data structures using single-location synchronization primitives such as compare-and-swap (CAS) is a complex affair that often requires severe restrictions on the way pointers are used. One way to address this problem is to provide stronger synchronization operations, for example, ones that atomically modify one memory location while simultaneously verifying the contents of others. We provide a simple and highly efficient nonblocking implementation of such an operation: an atomic k-word-compare single-swap operation (KCSS). Our implementation is obstruction-free. As a result, it is highly efficient in the uncontended case and relies on contention management mechanisms in the contended cases. It allows linked data structure manipulation without the complexity and restrictions of other solutions. Additionally, as a building block of some implementations of our techniques, we have developed the first nonblocking software implementation of load-linked/store-conditional that does not severely restrict word size.11-01-2012
20120331255SYSTEM AND METHOD FOR ALLOCATING MEMORY RESOURCES - System and method for allocating memory resources are disclosed. The system utilizes a bus system coupled to a plurality of requestors and a plurality of memory systems coupled to the bus system. Each memory system includes a memory component and a memory management module including a value that represents access rights to the memory component. The memory management module is configured to receive an access request from a first requestor of the plurality of requestors and to grant access to the memory component only if the value indicates that the first requestor has access rights to the memory component. The memory management module is configurable to change the value to give the access rights to the memory component to a second requestor of the plurality of requestors.12-27-2012
20110320753DATA PROCESSING APPARATUS, COMPUTER PROGRAM THEREFOR, AND DATA PROCESSING METHOD - A data processing apparatus uses a characteristic where an OS or an application program divides a file in units of cluster and writes information when information is written in an HDD and changes (redirect) a writing place in the units of cluster, thereby classifying and storing confidential information with a small consumption amount of the HDD. Therefore, the present invention provides a data processing apparatus that can classify and store confidential information and normal information with a small consumption amount of the HDD.12-29-2011
20120102285PROVIDING PROTECTED ACCESS TO CRITICAL MEMORY REGIONS - In accordance with disclosed embodiments, there are provided methods, systems, and apparatuses for implementing hardware of a virtualized processor based system detecting a specified type of memory access to an identified region of memory and in response to the detecting generating an interrupt for a virtual machine monitor (VMM) of the virtualized processor based system.04-26-2012
20120102284METHOD FOR DETECTING ACCESS TO OBJECT, AND COMPUTER AND COMPUTER PROGRAM PRODUCT FOR THE SAME - A method for detecting access to an object, and a computer and a computer program product including steps and components for converting an original pointer to the object into a pointer pointing to a read-write-protected area by manipulating the original pointer and a step of reversely converting the converted pointer into the original pointer using occurrence of an exception in response to a request to access the read-write-protected area. Additionally, the step of reversely converting may include a step of acquiring, with reference to an instruction that has caused the exception, the manipulated pointer from the instruction that has caused the exception and a step of reversely converting the acquired pointer and acquiring a pointer to a head of the object pointed to by the reversely converted original pointer.04-26-2012
20120102283MULTIFUNCTION PERIPHERAL AND STORAGE MEDIUM - The storage section of the multifunction peripheral stores location information containing a storage location of software which transmits a control command whose execution is permissible. The execution permission judging section of the multifunction peripheral includes (I) a storage location detecting section which detects a storage location of software which has participated in a transmission of a received control command and (II) a command permitting/prohibiting section which (i) prohibits execution of the received control command when a storage location indicated by the location information is not detected by the storage location detecting section but (ii) permits execution of the received control command when the storage location is detected by the storage location detecting section.04-26-2012
20120102282VARIABLE LENGTH DATA PROTECTED BY SEQLOCK - Various embodiments of systems and methods for variable length data protected by Seqlock are described herein. Seqlock is a special locking mechanism used in data structures for multithreaded applications that can be read very quickly, when there are no changes being made, at the cost of needing to repeat a read operation when writing has occurred. A Seqlock, in normal use, can only protect a fixed-size data structure with no pointers. This is because the writing thread may invalidate a pointer after a reading thread has followed it. The embodiments specify an algorithm where a Seqlock-protected pointer, once written, is never invalidated. This removes the “no pointers” restriction, allowing the Seqlock to protect a simple singly-linked list, which can be safely increased in size while being read by other threads. The innovation includes the use of the write-once head and next pointers, and the always valid end iterator.04-26-2012
20120290807CHANGING OWNERSHIP OF CARTRIDGES - Exemplary method, system, and computer program product embodiments for changing ownership of cartridges, such as virtual cartridges between remotely located virtual tape libraries, are provided. In one embodiment, by way of example only, processes and protocols for the changing ownership of the cartridges are controlled from a primary location to a secondary location. The production site is moved for the cartridges. The ownership of the cartridges is waived. Access is allowed to the cartridges. Additional data is written and replicated using resources of the cartridges.11-15-2012
20130013876MEMORY DEVICE AND METHOD HAVING ON-BOARD ADDRESS PROTECTION SYSTEM FOR FACILITATING INTERFACE WITH MULTIPLE PROCESSORS, AND COMPUTER SYSTEM USING SAME - A memory device includes an address protection system that facilitates the ability of the memory device to interface with a plurality of processors operating in a parallel processing manner. The protection system is used to prevent at least some of a plurality of processors in a system from accessing addresses designated by one of the processors as a protected memory address. Until the processor releases the protection, only the designating processor can access the memory device at the protected address. If the memory device contains a cache memory, the protection system can alternatively or additionally be used to protect cache memory addresses.01-10-2013
20100131731CONTROL METHOD OF DEVICE IN STORAGE SYSTEM FOR VIRTUALIZATION - In a system where a first storage system and a second storage system are connected to a third storage system, when the first storage system virtualizes and provides a device in the third storage system as a device in its own storage system, update data stored in a cache in the first storage system is written into the device of the third storage system to be reflected, attributes of the device are transferred to the second storage system, and the second storage system virtualizes the device of the third storage system as a device of its own storage system.05-27-2010
20130019078ACTIVE-ACTIVE REMOTE CONFIGURATION OF A STORAGE SYSTEM - A method for data storage, including configuring a first logical volume on a first storage system and a second logical volume on a second storage system. The second logical volume is configured as a mirror of the first logical volume, so that the first and second logical volumes form a single logical mirrored volume. The method also includes receiving at the second storage system a command submitted by a host to write data to the logical mirrored volume, and transferring the command from the second storage system to the first storage system without writing the data to the second logical volume. On receipt of the command at the first storage system, the data is written to the first logical volume. Subsequent to writing the data to the first logical volume, the data is mirrored on the second logical volume.01-17-2013
20110161612STORAGE APPARATUS MOUNTING FRAME, STORAGE EXTENSION APPARATUS, AND METHOD OF CONTROLLING STORAGE APPARATUS - By having a storage apparatus attachment portion that secures a storage apparatus; a data read prevention processing unit that makes at least a part of data stored in the storage apparatus unreadable; and an input device that inputs a read prevention instruction for the storage apparatus, and configuring such that the data read prevention processing unit makes the data stored in the storage apparatus unreadable in response to a read prevention instruction received from the input device, data on the storage apparatus is reliably and easily set unreadable, as well as preventing data leakage from a typical storage apparatus with lower cost.06-30-2011
20110161611METHOD FOR CONTROLLING SEMICONDUCTOR STORAGE SYSTEM CONFIGURED TO MANAGE DUAL MEMORY AREA - A method for controlling a semiconductor storage system configured to manage dual memory areas for protecting the system against abrupt and abnormal power disruptions is presented. The semiconductor storage systems has a first physical area and a second physical area, in which first data having a first logical block address are stored in the first physical area. The method includes providing a write command so that the first data is updated to second data. The method also includes writing the second data in a second physical area in response to the write command. When writing the second data in the second physical area, a corresponding invalid logical address is allocated to the second physical area.06-30-2011
20130024638STORAGE DEVICE IN A LOCKED STATE - A method for managing a storage device including identifying a lock timing for the storage device when coupling to a device, transitioning the storage device into a locked state in response to detecting the storage device decoupling from the device, and configuring the storage device to remain in the locked state if the storage device is re-coupled to the device after the lock timing has elapsed.01-24-2013
20130024637MEMORY ACCESS UNLOCK - In one implementation, a controller is provided such that when an operation is performed at a first memory location, the controller unlocks access to a second memory location.01-24-2013
20080256317Storage system and computer system - A storage system that is capable of communicating with one or more host devices that issue a host input/output request, including two or more physical devices, one or more logical devices provided in the two or more physical devices, said logical devices each representing a logical volume provided in the two or more physical devices, one or more memories that store security information that is information corresponding with each of the one or more logical devices that serves to control access based on a host input/output request for the logical device, and a control device that controls access of a host input/output, said security information being used to permit or deny a read/write request requesting access to the first logical device, said read/write request including a logical unit number (LUN) related to the first logical.10-16-2008
20080250216Protected function calling - Memory address space is divided into domains and instruction access control circuitry is used to detect when the memory address from which an instruction to be executed is fetched has crossed a domain boundary and changed and in such cases to conduct a check to ensure that the instruction within the new domain is a permitted instruction of a permitted form. The permitted instruction can be arranged to be a no operation instruction other than in respect of the instruction access control circuitry, in order to assist backward compatibility.10-09-2008
20080235476Media Vaulting in an Automated Data Storage Library - Disclosed are a system, a method, and article of manufacture to provide for managing data storage media to provide secure storage of the data storage media in an automated data storage library. A logical library partition vault is created in the automated data storage library that is not accessible by any host computer. Data storage media in the logical library partition vault may only be accessed by an operator using a secure means. The logical library partition vault may comprise various components of the automated data storage library by assigning storage shelves, service bays, data storage media, data storage drives or other library components to the logical library partition vault.09-25-2008
20080235475METHOD AND APPARATUS FOR INTERVALED DMA TRANSFER ACCESS - A method for intervaled memory transfer access provides periodic authorization signals to a memory access controller. The method cycles between: 1) inhibiting the memory access controller from writing data to a memory until the memory access controller receives a periodic authorization signal to cause the memory access controller to remove the inhibition and write a predetermined amount of data to the memory through a data bus, and 2) releasing the data bus following writing of the predetermined amount of data to the memory by inhibiting the memory access controller from writing further data.09-25-2008
20080235474METHOD AND SYSTEM FOR PROCESSING ACCESS TO DISK BLOCK - Provided are a method and a system for processing an access to a disk block. The system receives a disk block access request from an OS domain, determines whether the OS domain is permitted to access a disk block with reference to a predetermined block table and processes disk block access of the OS domain according to the determination result. Accordingly, OS domains can share caches without having data copy through memory access control in a virtual machine monitor environment. Furthermore, a device domain controls access to a disk drive so that data corruption can be prevented.09-25-2008
20080229041Electrical Transmission System in Secret Environment Between Virtual Disks and Electrical Transmission Method Thereof - The present invention relates to a secure transmission system and secure transmission method that securely transmit data stored in a computer to different computers via a Local Area Network or the Internet. The secure transmission system includes a virtual disk, configured to allow only an authorized application program module to gain an access and read, write and edit information data; and a secure communication application module including a user information generation means for generating intrinsic user information at the time of setting up the virtual disk, a user information storage means for storing the generated user information, an outgoing file management means for searching the virtual disk for information data to be sent and compressing the found information data, generating the header information of the information data in which user information about a sender and/or a recipient is contained, and adding the generated header information to the user information, an incoming file management means for reading the header information of received information data, decompressing compressed information data, and storing the decompressed information data on the virtual disk, and a file security means for encrypting and decrypting information data to be sent or received information data.09-18-2008
20110246738STORAGE DEVICE, DATA PROCESSING DEVICE, REGISTRATION METHOD, AND RECORDING MEDIUM - A storage device includes a switching unit which switches an access destination in a storage area between a first storage area and a second storage area in response to an access request from a host device; and a nonvolatile storage medium which stores a first host device information used to identify the host device in the second storage area, and a software module executed by a CPU provided in the host device, the software module comprising causing the an authority grant unit which transmits a control signal for switching the access destination to the first storage area to the switching unit of the storage device, when the acquired first and second host device information are compared to find that the first and second host device information match with each other.10-06-2011
20130145112TIME MANAGED READ AND WRITE ACCESS TO A DATA STORAGE DEVICE - Time managed read and write access to a data storage device. As a part of time managed read and write access to a data storage device, a request for read and/or write access to the data storage device is accessed and it is determined whether the request for read and/or write access to the data storage device is to be granted. Based on the determination, read and/or write access to the data storage device is either allowed or blocked. If read and/or write access is allowed, read and/or write access is terminated after passage of a predetermined period of time.06-06-2013
20130145113MEMORY PINNING THROUGH BUFFER ENCAPSULATION - The present invention extends to methods, systems, and computer program products for memory pinning through buffer encapsulation. Within a managed execution environment, a wrapper object encapsulates a memory buffer that is to be shared with a native routine executing in a native execution environment. The wrapper object manages operation of a memory manager on a memory heap corresponding to the memory buffer. The wrapper object includes a first function which sets a pin on the memory buffer and returns a pointer identifying the memory buffer. Setting the pin causes the memory manager to cease moving the memory buffer within the memory heap. The wrapper object also includes a second function which releases the pin on the memory buffer.06-06-2013
20120254572INFORMATION TERMINAL AND SECURITY MANAGEMENT METHOD - An information terminal of an embodiment has a communication section, a nonvolatile storage medium and a control section. The communication section performs transmission and reception with a predetermined server via the Internet. The nonvolatile storage medium stores information about a last date and time when an operating system is logged into. When the communication section receives a special command from the predetermined server, the control section performs control to transmit the information about the last date and time when the operating system is logged into, which is stored in the nonvolatile storage medium, to the predetermined server via the Internet.10-04-2012
20110271069DISMOUNTING A STORAGE VOLUME - In response to an instruction to dismount a storage volume, for example, an object in the storage volume is identified and a handle that references the object is closed. Once an exclusive lock on the storage volume is acquired, the storage volume can be dismounted. The storage volume can then remounted.11-03-2011
20130091335RESOURCE RECOVERY FOR CHECKPOINT-BASED HIGH-AVAILABILITY IN A VIRTUALIZED ENVIRONMENT - A computer-implemented method, computer program product and data processing system provide checkpoint high-available for an application in a virtualized environment with reduced network demands. An application executes on a primary host machine comprising a first virtual machine. A virtualization module receives a designation from the application of a portion of the memory of the first virtual machine as purgeable memory, wherein the purgeable memory can be reconstructed by the application when the purgeable memory is unavailable. Changes are tracked to a processor state and to a remaining portion that is not purgeable memory and the changes are periodically forwarded at checkpoints to a secondary host machine. In response to an occurrence of a failure condition on the first virtual machine, the secondary host machine is signaled to continue execution of the application by using the forwarded changes to the remaining portion of the memory and by reconstructing the purgeable memory.04-11-2013
20130103915SECURE MEMORY ACCESS SYSTEM AND METHOD - A secure memory access system and method for providing secure access to Hyper Management Mode memory ranges is presented.04-25-2013
20130145114CONTROL OF PAGE ACCESS IN MEMORY - The present techniques provide systems and methods of controlling access to more than one open page in a memory component, such as a memory bank. Several components may request access to the memory banks. A controller can receive the requests and open or close the pages in the memory bank in response to the requests. In some embodiments, the controller assigns priority to some components requesting access, and assigns a specific page in a memory bank to the priority component. Further, additional available pages in the same memory bank may also be opened by other priority components, or by components with lower priorities. The controller may conserve power, or may increase the efficiency of processing transactions between components and the memory bank by closing pages after time outs, after transactions are complete, or in response to a number of requests received by masters.06-06-2013
20090006796Media Content Processing System and Non-Volatile Memory That Utilizes A Header Portion of a File - A computer readable media storing operational instructions is disclosed. The instructions includes at least one instruction to store data of an encrypted computer readable file that includes a header portion and associated content data into a storage area of a non-volatile memory. The storage area includes a secure memory area to store data from the header portion including at least one encryption ID. The storage area further includes a memory area to store the content data. The header portion further includes trailer data derived from a portion of the content data. The instructions also include at least one instruction to provide data read access to the header portion and to the content data with respect to a host device.01-01-2009
20100287349INFORMATION STORAGE PROTECTOR - The present invention relates to an information storage protector that comprises: 11-11-2010
20130159653Predictive Lock Elision - In at least one embodiment, a method includes determining whether to elide a lock operation based on success of or failure of one or more previous transactional memory operations associated with one or more respective previous lock elisions. In at least one embodiment of the method, the lock operation is associated with a first access of a shared resource and the one or more previous lock elisions are associated with respective one or more previous accesses of the shared resource.06-20-2013
20130159654Electronic Device and Save Data Recording Method - A virtual capacity acquisition unit acquires a size of virtual capacity of a save data area from an application. A storage capacity acquisition unit acquires a size of save data of the application. A writing control unit prohibits the application from writing the save data exceeding the virtual capacity in a recording device. A free space acquisition unit acquires a size of free space of the recoding device, and the writing control unit prohibits the writing of save data whose size is larger than that of the free space.06-20-2013
20110314243METHOD AND APPARATUS FOR RESTRICTING ACCESS TO WRITABLE PROPERTIES AT RUNTIME - A processing device executing an application receives a user command to update a specified writeable property of the application. The processing device determines whether the specified writeable property has metadata that distinguishes the specified writeable property as a user updateable property. In one embodiment, this is determined by using a reflection mechanism to examine metadata of the specified writeable property. In another embodiment, this is determined by examining a dynamic changeable properties list that was created and populated at runtime of the application. If the specified writeable property has the metadata that distinguishes the specified writeable property as a user updateable property, the processing device updates the specified writeable property in accordance with the user command.12-22-2011
20120030443PROTECTION OF SECRET KEYS - A method for protecting at least first data of a non-volatile memory from which the extraction of this first data is triggered by the reading or the writing, by a processor from or into the memory, of second data independent from the first data, said first data being provided to a circuit which the processor cannot access.02-02-2012
20120030442MANAGEMENT SYSTEM AND MANAGEMENT METHOD FOR MANAGING COMPUTER SYSTEM - A management system, coupled to a computer system including one or more types of storage apparatus, stores management information. The management information includes: (a) information containing, for each request by an administrator, information indicating a storage function (a function of a storage apparatus) required in order to achieve a function satisfying the administrator request; and (b) information containing, for each storage apparatus, information indicating storage functions. The management system: (A) receives a request of an administrator; (B) identifies an implementation pattern including a storage apparatus having a storage function required to achieve a function satisfying the received administrator request, on the basis of the information (a) and (b), and (C) performs setup in order to achieve a function satisfying the received administrator request, in respect of any of the identified one or more implementation patterns.02-02-2012
20130198474METHOD AND SYSTEM FOR PROVIDING RESTRICTED ACCESS TO A STORAGE MEDIUM - A system, apparatus, method, or computer program product of restricting file access is disclosed wherein a set of file write access commands are determined from data stored within a storage medium. The set of file write access commands are for the entire storage medium. Any matching file write access command provided to the file system for that storage medium results in an error message. Other file write access commands are, however, passed onto a device driver for the storage medium and are implemented. In this way commands such as file delete and file overwrite can be disabled for an entire storage medium.08-01-2013
20120042144Memory access control - A data processing system 02-16-2012
20130212348Secure Memory Interface - A secure memory interface includes a reader block, a writer block, and a mode selector for detecting fault injection into a memory device when a secure mode is activated. The mode selector activates or deactivates the secure mode using memory access information from a data processing unit. Thus, the data processing unit flexibly specifies the amount and location of the secure data stored into the memory device.08-15-2013

Patent applications in class Access limiting

Patent applications in all subclasses Access limiting