ROM MIT SICHERHEITSSCHALTUNG

Mikrocomputer

Ein Mikrocomputer (40) weist ein erstes Prozessorelement (1) und ein zweites Prozessorelement (2) auf. Eine Datenübertragung erfolgt von dem zweiten Prozessorelement zu dem ersten Prozessorelement über einen RAM (41). Der RAM weist zwei unabhängige Speicherbänke auf, auf die jeweils separat von nur einem aus dem ersten Prozessorelement und dem zweiten Prozessorelement zugegriffen werden kann. In dem RAM wird zwischen einer Speicherbank, auf die von dem ersten Prozessorelement zugegriffen werden kann, und einer Speicherbank, auf die von dem zweiten Prozessorelement zugegriffen werden kann, zwischen den beiden Speicherbänken durch ein Auswahlsignal, das von dem ersten Prozessorelement ausgegeben wird, gewechselt. Außerdem weist das erste Prozessorelement nur die Erlaubnis auf, einen Lesezugriff auf jede der beiden Speicherbänke auszuführen, und das zweite Prozessorelement weist die Erlaubnis auf, einen Schreibzugriff ebenso wie einen Lesezugriff auf jede der beiden Speicherbänke auszuführen ...

SPEICHERPATRONE

SCHALTUNGSANORDNUNG ZUM SPERREN DER UEBERTRAGUNG VON DATEN INNERHALB EINES GERAETES.

Control unit e.g. advanced memory buffer, for use in e.g. fully buffered dual inline memory module, has control circuit connected with usage determination unit to compare utilization information and usage limitation information

The control unit (60) a control circuit (62) is connected with a usage determination unit (63) to compare utilization information and usage limitation information. The usage limitation information defines a limitation for utilization of the memory module to control an operation mode of the control unit based on a result of the comparison. A usage limitation memory unit (64) is provided to store the usage limitation information, where the control circuit is connected with the usage limitation memory unit to retrieve the stored usage limitation information. An independent claim is also included for a method for operating a memory module.

A method and apparatus for hardware block locking in a nonvolatile memory

System and method of using a protected non-volatile memory

Protecting memory of a virtual guest

The method for protecting memory of a virtual guest includes initializing a virtual guest on a host computing system. The host computing system includes a virtual machine manager that manages operation of the virtual guest. The virtual guest includes a distinct operating environment executing in a virtual operation platform provided by the virtual machine manager. The method includes receiving an allocation of run-time memory for the virtual guest, the allocation of run-time memory comprising a portion of run-time memory of the host computing system. The method includes setting, by the virtual guest, at least a portion of the allocation of run-time memory to be inaccessible by the virtual machine manager.

Method and apparatus for securing memory modules

A memory system for storing data that includes providing a memory module having one or more memory devices and a voltage regulator for controlling voltage levels supplied to the one or more memory devices, wherein the voltage regulator has a first state that permits write and read operations with the one or more memory devices, and a second state where the voltage regulator prevents at least read operations with the one or more memory devices the system configured to store an encryption key in ROM on the voltage regulator; copy the encryption key value from the ROM to a voltage regulator register; set a voltage regulator encryption timer for a period of time; and transition the voltage regulator to the second state in response to the voltage regulator encryption timer expiring.

Integrated circuit with asymmetric access privileges

Chip verification

Chip verification

Chip verification

PROCEDURE AND ARRANGEMENT FOR THE ACCESS CONTROL ON EEPROMS AS WELL AS AN APPROPRIATE COMPUTER PROGRAMME PRODUCT AND AN APPROPRIATE COMPUTER-READABLE STORAGE MEDIUM

PORTABLE DATA MEMORY DEVICE

MEMORY CARTRIDGE

One-chip CPU

MULTIPLEXER SECURITY SYSTEM

An input/output processing system includes a plurality of active modules, a plurality of passive modules, at least one memory module and a system interface unit having a plurality of ports, each of which connect to a different one of the modules. The active modules include an input/output processing unit which processes interrupts and executes command signals and at least one multiplexer unit which directly controls transfers between the memory module and any one of a plurality of peripheral devices coupled to different ports of the multiplexer unit. The system interface unit operatively provides connections between different ones of the modules during the execution of commands included within user programs. The multiplexer unit includes sets of registers selectable under program for accessing the memory module. Additionally, other ones of these registers store control information used to control the processing of interrupts as well as other operations independently of user programs. The ...

A SEMICONDUCTOR MEMORY CARD ACCESS APPARATUS, A COMPUTER-READABLE RECORDING MEDIUM, AN INITIALIZATION METHOD, AND A SEMICONDUCTOR MEMORY CARD

A predetermined number of erasable blocks positioned at a start of a volume area in a semiconductor memory card include volume management information. A user area following the volume management information includes a plurality of clusters. A data length NOM of an area from a master boot record and partition table sector to a partition boot sector is determined so that the plurality of clusters in the user area are not arranged so as to straddle erasable block boundaries. Since cluster boundaries and erasable block boundaries in the user area are aligned, there is no need to perform wasteful processing in which two erasable blocks are erased to rewrite one cluster.

MEMORY CARTRIDGE

PROGRAMMABLE ACCESS PROTECTION IN A FLASH MEMORY DEVICE

A memory device (100) comprises a memory array (102) having corresponding first access control bits (202, 204) to control access thereto. A second set of access control bits (104) is provided to control write access to the first access control bits. The memory array is divided into memory blocks, each block having a corresponding access control bit. At least one such block (BLK0) is further subdivided into pages, each page having a corresponding control bit.

Nonvolatile semiconductor memory device and its secret protection method

INSTALLATION AND INSPECTING DEVICE OF THE ACCESS HAVE AN ELECTRONIC MEMORY

PROCEDE DE GESTION D'UN CIRCUIT ELECTRONIQUE ET CIRCUIT METTANT EN OEUVRE UN TEL PROCEDE

L'INVENTION CONCERNE UN PROCEDE ET UN CIRCUIT DE PROTECTION DE DONNEES INFORMATIQUES. DEUX CELLULES 1, 2 SONT RESERVEES POUR PREVOIR LA SELECTION D'UN MODE DE FONCTIONNEMENT. CHAQUE MODE DE FONCTIONNEMENT IMPLIQUE UNE REGION PARTICULIERE DE LA MEMOIRE DE DONNEES, LES REGIONS CORRESPONDANT AUX MODES NON SELECTIONNES ETANT INACCESSIBLES.

Microprocessor system for use in automobile, has non-volatile memory storing software, and memory portion readable by microprocessor, where software has cache software portions that are stored in cache memory portion

Système microprocesseur du type comprenant au moins un microprocesseur, au moins un logiciel et au moins une mémoire rémanente destinée à stocker ledit logiciel, y compris lorsque le système est hors tension, une partie de ladite mémoire étant une partie mémoire cachée (17) de l'extérieur du système en ce qu'elle n'est lisible que par ledit microprocesseur, le logiciel comprenant une partie logicielle cachée (16f-16s) stockée dans ladite partie mémoire cachée (17).

METHOD OF SECURING AT LEAST ONE MEMORY AREA OF AN ELECTRONIC DEVICE, SECURITY MODULE, ELECTRONIC DEVICE AND COMPUTER SOFTWARE

L'invention propose un procédé de sécurisation d'au moins une zone mémoire d'un dispositif électronique, comprenant les étapes suivantes : • détection (10) d'une désallocation d'au moins une portion de ladite zone mémoire, dite portion désallouée (M) ; • remplacement (11) d'au moins une partie de ladite portion désallouée (M) par au moins une instruction prédéterminée, dite instruction d'alerte (J), ou au moins une combinaison d'instructions prédéterminées, dite combinaison d'instructions d'alerte ; • marquage (12) de ladite portion désallouée (M).

참조값을 이용한 메모리 디바이스 액션의 유효성 확인

... 본 문서는 값을 저장하는 메모리 디바이스 요소와 관련한 액션(예: 호스트 디바이스에 의한 읽기 또는 쓰기 등)을 참조값과 비교하여 유효하게 하는 기술을 설명한다. 참조값은 메모리의 실제 특성과 연관된다. 해당 값을 저장하는 요소는 메타데이터 저장을 위해 구성된 메모리 영역에 저장될 수 있다. 해당 요소는 메모리 디바이스가 제조된 이후 리프로그래밍이 가능하기 때문에 이 요소에 저장된 값은 호스트 디바이스에 의해 변경될 수 있으며, 이로 인해 메모리의 특성을 잘못 또는 부정확하게 반영할 수 있다. 이와 반대로, 참조값은 별도의 메모리 영역에 저장되며, 해당 참조값은 참값이다.

MEMORY SYSTEM

PURPOSE: A memory system is to provide a method to control the nonvolatile semiconductor memory possible to proceed recording of mark data and to memorize irreversible condition variation, maintaining definitely the boundary between the recorded area and the unrecorded area without causing wrong records in OTP(One Time PROM) domain. CONSTITUTION: A system equipment SYS2 reads identification information "ABC" in CIS(Card Information Structure) of a flash memory card FMC(A). Then, the system equipment SYS2 reads identification information in a file stored in the flash memory card FMC. When "ABC" is read as identification information in the file, the system equipment SYS2 recognizes the file as a regular file. COPYRIGHT 2000 KIPO ...

ACCESS DEVICE THE PLATE OF SEMICONDUTORA MEMORY, PLATE OF SEMICONDUCTING MEMORY AND METHOD OF INICIALIZAÇÃO.

Security mode data protection

CRYPTOGRAPHIC INFORMATION ASSOCIATION TO MEMORY REGIONS

Embodiments herein relate to cryptographic operations, such as encrypting and/or decrypting information to read from or written to first and second memory regions. The first cryptographic information is related to the first memory region and the second cryptographic information is related to the second memory region.

Method and apparatus for accessing system information

An option module that may be installed in a computer system is provided. The option module includes functional circuitry that is accessed by the computer system through a conventional connector and/or bus. A nonvolatile memory is also included on the option module and is used to store a variety of system information, such as serial numbers. At least a portion of this system information is protected from alteration by the computer system. A second connector is also provided on the option module. An external device when coupled to the second connector may access all of the system data, and, if desired, alter it. Moreover, the option module need not be installed in the computer system for the external device to access the contents of the memory through the second connector.

Memory card with erasure blocks and circuitry for selectively protecting the blocks from memory operations

A memory card includes a plurality of memories, each having an array that includes a first block and a second block. Control circuitry is coupled to the array for controlling memory operations of the array. A block write protect circuit is provided for storing block lock data to selectively lock control circuitry from accessing the array for the memory operations. The block write protect circuit locks the control circuit from accessing (1) the first block when the block write protect circuit stores a first datum of the data and (2) the second block when the block write protect circuit stores a second datum of the data. A control input is coupled to the block write protect circuit for applying a control signal to enable the block write protect circuit to lock the control circuitry in accordance with the data. The memory card further includes a register circuit coupled to the control input of each of the plurality of memories for storing a control datum to generate the control signal. When ...

Memory protection system

A memory protect circuit (12) is provided for protecting inadvertent alteration of data stored in a data storage unit (32) of a data processing system (10). The data processing system (10) includes a microprocessor (14) for generating an address signal to selected storage locations of the storage unit (32) and for generating a key code prior to generation of the address signal. The write protect circuitry (12) includes decode circuitry (50) for receiving the key code and for generating a decoded key code. A latch (54) receives the decoded key code and generates a control signal upon receipt of the decoded key code. A NAND gate (62) receives the control signal and the address signal to generate an access signal for application to the storage unit (32) to permit alteration of data stored at a selected storage location of the storage unit (32) through a write operation. Latch (54) prevents generation of the control signal immediately following a write operation unit receipt by the decode circuitry ...

Non-volatile memory controlling apparatus

A non-volatile memory controlling apparatus wherein a controlled circuit can be controlled by using controlling data from a controller within a device and can be externally controlled by using controlling data from an external controller through an external terminal and the above mentioned various controlling data can be memorized in a non-volatile memory, characterized in that said non-volatile memory has an area which can switch a writing permission and writing inhibition and writing into said area of said non-volatile memory will be permitted when in the controlling mode from said external controller but will be inhibited when not in that mode.

Methods and systems for programming secure data into programmable and irreversible cells

Methods and systems for programming secure data into programmable and irreversible memory cells included in electronic circuitry are provided. In general, the secure data is stored in one or more arrays integrated into or associated with an electronic device such as an IC. According to a disclosed method embodying the invention, a programmable and irreversible memory cell array has a control bit for indicating the program state of the array. The method includes reading the control bit of the array to identify a programmable state, loading and programming secure data, read-protecting and write-protecting the array. The control bit is programmed to indicate the non-programmable state of the programmed array. Aspects of the invention include monitoring for incorrectly programmed or unprotected secure data, and in the event such problems arise, programming all cells of the array in order to scuttle the programmed secure data and/or the device information specific to the IC to place the device ...

Method of protecting data stored in a memory of welding controller

A method of protecting data stored in a memory of a welding controller provided with an EEPROM as a storage element capable of storing welding control data in a welding controller, thereby enhancing reliable protection of data stored in the EEPROM. The method of protecting data stored in a memory of a welding controller comprises the steps of providing the EEPROM having write validity control function means in the controller, using the EEPROM as a storage element for storing welding control data therein, writing the welding control data into the EEPROM and storing the same in the EEPROM, reading the welding control data from the EEPROM when the welding controller is used, and rendering the EEPROM transitive from a write disable state to a write enable state by the write validity control function when the welding control data is changed.

Method and apparatus for controlling a primary operating system and an appliance operating system on the same machine

One embodiment includes a personal computer device comprising at least one machine to execute a primary user operating system, a first physical memory to be used by the primary user operating system, at least one appliance operating system that is independent from the primary user operating system, a second physical memory to be sequestered from the primary user operating system and an access violation monitor to restrict access from the at least one appliance operating system to the second physical memory, wherein the access violation monitor is to run only when the at least one appliance operating system is invoked and at least one appliance operating system is to be invoked only after the primary user operating system has been suspended to a standby state.

Integrated circuit device, information processing apparatus, memory management method for information storage device, mobile terminal apparatus, semiconductor integrated circuit device, and communication method using mobile terminal apparatus

A memory region on an IC card has a hierarchical structure. Each application allocated on the memory region is registered in a directory, and the memory region is managed in directory units. A personal identification code is set for each application and directory, and the access right is controlled in application units or directory units. If a mobile terminal is lost, the right to access each application in the IC card automatically disappears. Therefore, the right to access each application allocated to the memory region on the IC card is efficiently controlled.

Memory Card, Access Device, and Processing Method of Memory Card

Each of memory cards can have a different type and can be in a plurality of statuses. The memory cards are managed by a file system and data is read/written from/to the memory cards via an access device. Each of the memory cards has a recording area in which data is recorded and managed by an independent file system, a state storage section for storing state assigned to each of combinations of the memory card type and status and being capable of uniquely identifying the combination, and card information storage sections the number of which is identical to the number of states the memory card can have, and which store physical characteristics concerning the recording area. The access device acquires from the memory card a state enable uniquely identifying the memory card type and status. According to the state acquired, the access device identifies the type and status of the memory card and executes processing in accordance with the memory card state.

SYSTEM AND METHOD FOR HIGH PERFORMANCE SECURE ACCESS TO A TRUSTED PLATFORM MODULE ON A HARDWARE VIRTUALIZATION PLATFORM

A system and method for high performance secure access to a trusted platform module on a hardware virtualization platform. Example instructions partition resources of the host system to allocate (a) first resources of the host system for a first virtual machine and (b) second resources of the host system for a second virtual machine, wherein the resources of the host system include memory resources and a trusted platform module, the first virtual machine to run a first guest operating system and the second virtual machine to run a second guest operating system, wherein the first guest operating system is to run in a first isolated environment, the second guest operating system is to run in a second isolated environment; implement a virtual trusted platform module to support encryption for the first virtual machine; and protect the first resources and the second resources from unauthorized access. 1. At least one storage device comprising instructions that when executed by one or more processors cause the one or more processors of a host system to at least: partition resources of the host system to allocate (a) first resources of the host system for a first virtual machine and (b) second resources of the host system for a second virtual machine, wherein the resources of the host system include memory resources and a trusted platform module, the first virtual machine to run a first guest operating system and the second virtual machine to run a second guest operating system, wherein the first guest operating system is to run in a first isolated environment, the second guest operating system is to run in a second isolated environment, the first isolated environment to be isolated from the second isolated environment;', 'implement a virtual trusted platform module to support encryption for the first virtual machine; and', 'protect the first resources and the second resources from unauthorized access., 'execute a hypervisor to2. The at least one storage device of claim 1 ...

DATA PROCESSING APPARATUS

A data processing apparatus comprises a monolithic integrated circuit having a data processor, a non-volatile memory storing at least one security code, and at least one interface at the boundary of the integrated circuit via which communication with the data processor can occur. Processing by the data processor of data received at the at least one interface is controlled by the at least one security code.

Method and system for memory protection and security using credentials

A computer-implemented system and method for protecting a memory are provided. The system includes a memory section with privileged and non-privileged sections, a host gateway (HG) to generate a capability credential, a device controller (DC) to append the credential to data transmitted to the memory, and at least one IO device enabled to do direct memory access (DMA) transactions with the memory.

Multilayer Arbitration for Access to Multiple Destinations

An arbiter is provided for arbitrating for access to a shared resource by a plurality of requesters and by a background requester in a processing system. A priority value is assigned to each of the plurality of requestors. A multilayer arbitration contest is performed to resolve each conflict in transaction requests to the shared resource, however, a requester of the plurality of requesters having a highest priority value does not always win an arbitration contest. An arbitration contest will be overridden whenever the background requester initiates a transaction request, such that the background requester always wins the overridden arbitration contest. The shared resource is accessed by the winner of each arbitration contest.

Extended utilization area for a memory device

Methods, systems and devices for configuring access to a memory device are disclosed. The configuration of the memory device may be carried out by creating a plurality of access profiles that are adapted to optimize access to the memory device in accordance with a type of access. For example, when an application with specific memory access needs is initiated, the memory access profile that is designed for that particular access need may be utilized to configure access to the memory device. The configuration may apply to a portion of the memory device, a partition of the memory device, a single access location on the memory device, or any combination thereof.

Computation device with increased resistance against address probing

Some embodiments are directed to a computing device (100) configured for execution of a computer program protected against address probing. The device is configured to run at least one anomaly detector (140) for detecting an address probing on the computer program, and to selectively replace an originating computer program code part with a replacement computer program code part wherein an address probing countermeasure is added.

EXTENDED UTILIZATION AREA FOR A MEMORY DEVICE

Methods, systems and devices for configuring access to a memory device are disclosed. The configuration of the memory device may be carried out by creating a plurality of access profiles that are adapted to optimize access to the memory device in accordance with a type of access. For example, when an application with specific memory access needs is initiated, the memory access profile that is designed for that particular access need may be utilized to configure access to the memory device. The configuration may apply to a portion of the memory device, a partition of the memory device, a single access location on the memory device, or any combination thereof.

AUTHENTICATION AND SECURING OF WRITE-ONCE, READ-MANY (WORM) MEMORY DEVICES

Microcomputer with memory read protection

Microcomputer with internal RAM security during external program mode

A microcomputer which is operable in either an internal program mode, wherein the microcomputer functions in accordance with an internally stored program, or in an external program mode, wherein the microcomputer functions in accordance with a program stored in a memory external to the microcomputer, provides internal RAM security during the external program mode. The microcomputer includes an internal program memory for internally storing programs; a bus for connection to an external memory for carrying programs from the external program memory; a nonsecure RAM for storing nonsecure data; a secure RAM for storing secure data; a central processing unit for processing the stored data and/or externally provided data either in accordance with the internally stored programs or in accordance with programs stored in the external memory; and a controller for controlling interconnections between the internal program memory, the bus, the RAMs and the central processing unit in accordance with the ...

Data processing system with progressively programmable nonvolatile memory and method therefor

Electronic postage meter circuitry

SEMICONDUCTOR INTEGRATED CIRCUIT

PROBLEM TO BE SOLVED: To provide a security function regarding illegal address operation. SOLUTION: A monitoring circuit 4 is composed of comparison circuits 11-0 to 11-7 which is provided in accordance with each bit B0 to B7 (each bit A0 to A7 of an address) of a bus 3 and an NOR circuit 12. Inverters 15 to 18 hold addresses before one transfer cycle. An EXOR circuit 19 takes an exclusive logical sum of a corresponding bit of the bus 3 and an output of the inverter 18. When 'L' levels are simultaneously outputted from the comparison circuits 11-0 to 11-7, the NOR circuit 12 outputs an abnormality detection signal OUT PUT at an 'H' level. COPYRIGHT: (C)1999,JPO ...

Computer implementation of security mode within processor

A secure mode within a dual mode processor is implemented. In a general/external mode, the dual mode processor executes instructions provided from an external source. The instructions are supplied to the processor via input/output to the processor. Upon receiving a special software or hardware interrupt, the dual mode processor enters a secure/internal mode. The interrupt specifies a secure function stored in a read-only memory within the dual mode processor. Upon receiving such an interrupt, input/output to the dual mode processor is disabled. The identified secure function is executed by the processor. During execution of the secure function, any attempt to insert instructions not originating from the read-only memory are ignored. However, the processor may access data specifically identified by secure function being executed. Upon completion of performance of the secure function, an exit routine is executed to enable input/output to the processor and resume execution of instructions ...

Speicherzugangsschutzschaltung mit kryptographischem Schlüssel

INTEGRIERTE SCHALTUNGSEINRICHTUNG, INFORMATIONSVERARBEITUNGSEINRICHTUNG, INFORMATIONSAUFZEICHNUNGSEINRICHTUNGSSPEICHER-VERWALTUNGSVERFAHREN, MOBILENDGERÄTEEINRICHTUNG, INTEGRIERTE HALBLEITERSCHALTUNGSEINRICHTUNG UND KOMMUNIKATIONSVERFAHREN MIT TRAGBAREM ENDGERÄT

Halbleiterspeichervorrichtung und Schaltungsanordnung

Gemäß der Erfindung wird eine Halbleiterspeichervorrichtung (3) bereitgestellt, welche zumindest zwei Speicherbänke (B0-B3) umfaßt, DOLLAR A wobei die Halbleiterspeichervorrichtung (3) derart ausgelegt ist, daß DOLLAR A - zumindest zwei Prozessoreinheiten (1, 2) Lesezugriffe und Schreibzugriffe auf Speicherbänke (B0-B3) durchführen können; DOLLAR A - mittels eines von einer der Prozessoreinheiten (1, 2) übermittelten Sperrbefehls der Schreibzugriff der Prozessoreinheit (1, 2), welche den Sperrbefehl übermittelt hat und/oder zumindest einer der anderen Prozessoreinheiten (1, 2) auf die gesperrte Speicherbank (B0-B3) zumindest zeitweise verhindert wird. DOLLAR A Ferner wird eine Schaltungsanordnung vorgeschlagen.

MAGNETIC BUBBLE MEMORY SYSTEM

Method and apparatus for protecting flash memory

Delivering secured media using a portable memory device

Portable memory device interface speed

Provision of an interface with a faster for a hidden memory region of a portable media device, and a second lower standard speed interface. The interface of a portable memory device is used to store content information in a hidden memory region of the portable memory device. The interface may also be used to store information in a visible memory region of the portable memory device. The information stored in the visible memory region allows the content information stored in the hidden memory region to be accessed.

INPUT OUTPUT DATA PROCESSING SYSTEM

Integrated circuit with asymmetric access privileges

An integrated circuit 600 is accessed via an interface 602. Internal functions of the circuit are accessed via a bus 653 using as number of address ranges. The circuit operates in two states. In a restricted state, a programmable access control unit 640 controls which address ranges can be accessed via the interface. The address and access mode of an incoming request are compared with a policy table 642. A filter or gate 641 allows or prevents the access to the bus depending on the result of the comparison. The state may be controlled using non-volatile memory. The policy may be set when not in the restricted state. The integrated circuit may have a second interface, which has unrestricted access to the address ranges.

MICROCOMPUTER WITH INTERNAL RAM SECURITY DURING EXTERNAL PROGRAM MODE

MULTIPLEXER SECURITY SYSTEM

Method for secure storage management

Supporting a secure readable memory region for pre-boot and secure mode operations

In one embodiment, the present invention includes a method for determining whether an address map of a system includes support for a read only region of system memory, and if so configuring the region and storing protected data in the region. This data, at least some of which can be readable in both trusted and untrusted modes, can be accessed from the read only region during execution of untrusted code. Other embodiments are described and claimed.

MEMORY CARTRIDGE

CONTROL APPARATUS

A control apparatus includes an RAM capable of rewriting data; a data writing unit that writes a predetermined length of data output to the RAM in an arbitrary area of the RAM on the basis of an address signal for designating an address of the RAM and an effective area definition signal for defining an area effective in writing the predetermined length of data into the RAM; a judgment unit that judges whether the writing of the predetermined length of data into the RAM by the data writing unit is to be prohibited or not; and a rewriting prohibition unit that changes the effective area definition signal to a signal invalidating the writing of the whole predetermined length of data when the judgment unit makes a decision that the writing is to be prohibited: ...

MICROCOMPUTER WITH INTERNAL RAM SECURITY DURING EXTERNAL PROGRAM MODE

The present invention provides a microcomputer which is operable in either an internal program mode, wherein the microcomputer functions in accordance with an internally stored program, or in an external program mode, wherein the microcomputer functions in accordance with a program stored in a memory external to the microcomputer, without compromising the security of data stored in a designated internal RAM. The microcomputer of the present invention includes an internal program memory for internally storing programs; a bus for connection to an external memory for carrying programs from the external memory; a nonsecure RAM for storing nonsecure data; a secure RAM for storing secure data; a central processing unit for processing the stored data and/or externally provided data either in accordance with the internally stored programs or in accordance with programs stored in the external memory; and a controller for controlling interconnections between the internal program memory, the bus, ...

PROTECTED PROCESS OF MANAGEMENT Of a MEMORY

SAFETY DEVICE Of an ERASABLE AND REPROGRAMMABLE READ-ONLY MEMORY

Paged memory access attributes control method e.g. for DRAM, involves checking fast page lookup table and TLB based on memory page attributes, to configure memory for performing specified operations

L'invention conceme un procédé de contrôle des attributs d'accès à la mémoire paginée d'une unité de mémoire et sa structure, comportant plus particulièrement l'utilisation d'un pilote de bas niveau ou d'un processeur pour contrôler la lecture et l'écriture de zones partielles de la mémoire, essentiellement au moyen d'une mémoire tampon pour configurer les procédures de configuration locale de la mémoire et confirmer le mode opérationnel de la zone concernée et par la suite contrôler cette zone en mode de lecture seule, écriture seule, écriture unique, lecture unique, etc. afin d'éviter que des programmes qui ont été chargés en mémoire pour exécution, ou des mots de passe qui ont été vérifiés, ne soient interceptés par des pirates, des virus etc. et fournir un schéma de protection courant pour la sécurité du système.

Method of management of commands in a smart card, received from different types of card reader, allowing differentiation between contact and non-contact readers

L'invention concerne un procédé de gestion de commandes, au moins une commande pouvant être envoyée par au moins deux lecteurs de types différents à une carte utilisateur, ladite commande étant dédiée à une zone mémoire de ladite carte, ladite carte comportant au moins une zone mémoire, caractérisé en ce qu'il comporte les étapes selon lesquelles, dans la carte, on mémorise le type du lecteur envoyant ladite commande, selon le type dudit lecteur, on contrôle que la commande envoyée est exécutable dans ladite zone mémoire de ladite carte. L'invention s'applique, en particulier, aux cartes à circuit intégré comprenant deux interfaces de communication.

Method and apparatus for controlling access of a secure digital memory card

A method for controlling access of a secure digital memory card includes inserting the secure digital memory card into a card reader; an electronic device performing an application program to detect whether a first password is stored in the secure digital card when a write protection function of the secure digital memory card is enabled; inputting a second password when the first password is not stored in the secure digital memory card; and sending a first command embedded with the second password to disable a read access function of the secure digital memory card.

WRITE MECHANISM FOR STORAGE CLASS MEMORY

Storage class memory may be used in an architecture to achieve high performance, high reliability, high compatibility. In some embodiments, reads may be handled in a conventional way used in a memory based model. However writes do not use a memory based model but instead correspond to a storage based model. The hybrid nature can be achieved by setting the storage class memory to be write protected so that all writes must go through a software based block device interface. In some embodiments, the software based block device interface prevents erroneous writes to the storage class memory.

PROTECTED MODE FOR GLOBAL PLATFORM COMPLIANT SMART CARDS

A multiple application smart card (102) uses hardware firewalls (130) and an internal communications scheme to isolate applications from different service providers. A first application (116) from a first service provider is stored within a first supplemental security domain (SSD) (126) of a memory device on the multiple application smart card (102). A second application (116) from a second service provider is stored within a second SSD (128) of the memory device. A hardware firewall (130) is located between the first and second applications (116) of the first and second SSDs (128). The hardware firewall (130) prevents direct data access between the first and second applications (116) of the first and second SSDs (128).

METHOD AND APPARATUS FOR CONTROLLING WRITING TO MEMORY

The invention relates to a method and apparatus for controlling writing to a memory. The apparatus comprises control means (1-8) for the formation of a memory activation signal (C(Boolean not)E(Boolean not)) in response to the applying of a predetermined key code to the control means, the control means comprising timer means (2) which are started by applying the key code and which prevent the formation of the memory activation signal (C(Boolean not)E(Boolean not)) when a predetermined time has elapsed from the applying of the key code. In order to speed up the writing of long data blocks into a memory, the invention is characterized in that the control means further comprise means (3, 5, 6) for restarting the time means (2) within a predetermined time interval from the applying of the key code or the previous memory write operation as a result of a performed memory write operation.

MEMORY CARD, ACCESS DEVICE, AND MEMORY CARD PROCESSING METHOD

Each of memory cards (3-6) can have a different type and can be in a plurality of statuses. The memory cards are managed by a file system and data is read/written from/to the memory cards via an access device. Each of the memory cards has: a recording area (31, 41, …) where data is recorded and managed by an independent file system; a state storage unit (33, 44, …) for holding a state assigned to each of the combinations of the memory card type and status and capable of uniquely identifying the combination; and card information storage units (32, 42, …) the number of which is identical to the number of states the memory card can have, and which store physical characteristics concerning the recording area. The access device (1) acquires from the memory card a state capable of uniquely identifying the memory card type and status. According to the state acquired, the access device (1) identifies the type and status of the memory card and executes processing in accordance ...

Register protection structure for FPGA

In an FPGA having registers which are part of a user's logic functions and a configuration memory which is read and written through an addressing structure, a register protect circuit controllably protects the contects of these user logic registers from being modified by signals from the user's logic, allows these registers to be written by a microprocessor through the configuration memory addressing structure, and allows both the user's registers and lines which provide combinational signals to be read by a microprocessor through the configuration memory addressing structure.

Processor boot security device and methods thereof

A method of securing network authentication information at a data processing device includes determining a boot source from which to boot the device and comparing the boot source to an expected source. If the boot source is not the expected source, access to the network authentication information is inhibited, such as by disabling access to the portion of memory that stores the authentication information. Further, if the boot source is the expected source, boot code authentication information is retrieved from memory and verified during the boot sequence. If the device authentication information is not authenticated, access to the network authentication information is inhibited. Accordingly, access to the network authentication information is allowed only if the data processing device is booted from an expected source, and only if the boot code is authenticated, thereby reducing the likelihood of unauthorized access to the network authentication information.

SEMICONDUCTOR DEVICE AND ACCESS MANAGEMENT METHOD

A semiconductor device includes a plurality of processing units, a shared resource shared by the plurality of processing units, and a guard unit. The guard unit restricts and thereby controls access to the shared resource by a processing unit, and changes, when a processing unit has failed, control of access so that another processing unit that takes over a process of the failed processing unit is permitted to access at least a part of an access destination which the failed processing unit has been permitted to access.

DEVICE WITH PROCESSING UNIT AND INFORMATION STORAGE

Embodiments related to a processing unit and a first information storage are described and depicted. 1. A method , comprising:providing first information from a first unit into a first information storage for performing a first operation of a processing unit;wherein during the first operation of the processing unit second information is transferred between the processing unit and the at least first information storage,wherein the first information storage comprises during the first operation of the processing unit an access protection in which the first information storage is not accessible for the first unit, wherein a data processing type during the first operation of the processing unit is selectable by the first unit by writing an operation code to an operation code storage, wherein the data processing type determines an access protection type of the first operation during the first operation.2. The method according to claim 1 , wherein the first information storage is read-accessible and write-accessible during the first operation of the processing unit only for the processing unit.3. The method according to claim 1 , further comprising:providing the first information from the first information storage to the processing unit; andcalculating at least one result during the first operation based on the first information.4. The method according to claim 1 , wherein the access protection provides for at least one portion or at least one sub-storage of the first information storage a different access protection type than for another portion or another sub-storage of the first information storage.5. The method according to claim 1 , wherein the first unit is a program-controlled unit or a peripheral.6. The method according to claim 1 , wherein the first operation includes an execution of a subroutine or an execution of a sequence of subroutines or an execution of a command or an execution of a sequence of commands claim 1 , wherein the first information includes at ...

Memory apparatus and memory access restricting method

When the power of a memory apparatus is turned on, data written to a designated area of a memory of the memory apparatus is loaded to a register. When an initial state detecting portion has detected that data loaded to the register is an initial value, a gate G0 is turned on. As a result, a designated area and a hidden area become accessible. When data that is different from the initial value is written to the designated area, the designated area and the hidden area are access-restricted. When a used state detecting circuit has detected that the used capacity of the memory matches a setup value, the gate G0 is turned on. As a result, the hidden area becomes accessible. Hidden data prewritten to the hidden area is information rewarded to the user or advertisement/commercial information.

Flash memory device with improved management of protection information

A non-volatile memory device of flash type includes first memory cells for storing data, second memory cells for storing protection information of the first memory cells, and a circuit for updating the protection information that includes a circuit for writing a plurality of versions of the protection information in the second memory cells, and a circuit for identifying a current version of the protection information.

Selective management of security data

Security techniques may be selectively performed on data based on a classification of the data. One example technique includes receiving a memory access command specifying a target data block on a storage medium storing both security data and non-security data. The technique further includes determining whether data affected by the access command is security data. Response to such determination, one of multiple data management schemes is selected to implement the memory access command, where each of the data management schemes is adapted to implement the memory access command via a different series of processing operations to provide a different level of security protection for data affected by the memory access command.

Security bit for designating the security status of information stored in a nonvolatile memory

A digital processing device implemented on a single semiconductor substrate includes an nonvolatile memory for the storage of data and instructions that define operations on the data. The memory is connected to an inhibit logic interface which is in turn connected to an information bus. The information bus is connected to a central processor that performs the operations on data. An external interface is also connected to the information bus to provide information on the information bus to external devices. At least one security bit is provided for designating security status of information stored in the memory. Address logic is connected to the information bus to determine when information is being accessed from the memory. Security control circuitry is also provided and is connected to the central processing unit, the address logic, to determine when an instruction is being fetched by the central processing unit and if the instruction is being fetched from the memory. The security control ...

Secure microprocessor/microcomputer with secured memory

A digital processing device fabricated on a single semiconductor substrate includes an electrically programmable memory, a random access memory, a central processing unit, all connected by an information transfer bus. An external interface is provided connected to the information transfer bus to provide information contained on the bus to external devices. At least one security bit is provided to determine the status of data stored in the nonvolatile memory and portions of the random access memory. An external interface inhibit circuit is connected to the external interface. Address logic is connected to the information transfer bus to determine when information contained in the electrically programmable memory or the random access memory is being accessed. The address logic also determines the security status of information stored in the selected portions of the random access memory and the electrically programmable memory. In addition, the address logic is connected to the central processing ...

SELF-LOCKING MASS STORAGE SYSTEM AND METHOD OF OPERATION THEREOF

A method of operation of a self-locking mass storage system includes: providing storage media and an inactivity timer; timing a period of read/write inactivity of the storage media using the inactivity timer; comparing the period of read/write inactivity against a preset maximum idle time; locking access to the storage media when the period of read/write inactivity exceeds the preset maximum idle time; and, resetting the period of read/write inactivity following read/write activity while the self-locking mass-storage system is in an unlocked state.

Uniform storage device access using partial virtual machine executing within a secure enclave session

In a computing system having a processor package, an operating system, and a physical I/O device, a partial virtual machine is provided to instantiate a virtual I/O device corresponding to the physical I/O device, the virtual I/O device having a virtual I/O controller. The partial virtual machine includes an I/O port trap to capture an I/O request to the virtual I/O device by the operating system; an I/O controller emulator coupled to the I/O port trap to handle an I/O control request to the virtual I/O controller, when the I/O request comprises an I/O control request; an I/O device emulator coupled to the I/O port trap component to handle an I/O access request to communicate with the virtual I/O device, when the I/O request comprises an I/O access request; and a device driver coupled to the I/O controller emulator and the I/O device emulator to communicate with the physical I/O device based at least in part on the I/O control request and the I/O access request. The partial virtual machine ...

Top/bottom symmetrical protection scheme for flash

A synchronous flash memory includes an array of non-volatile memory cells. The memory device has a package configuration that is compatible with an SDRAM. The memory device can comprise an array of memory cells having N addressable sectors, and control circuitry to control erase or write operations on the array of memory cells. Protection circuitry can be coupled to the control circuitry to selectively prevent erase or write operations from being performed on both first and last sectors of the N addressable sectors. The protection circuitry can comprise a multi-bit register having a first bit corresponding to the first sector and a second bit corresponding to the last sector.

Method for performing access management in a memory device, associated memory device and controller thereof, and associated electronic device

A method for performing access management in a memory device, the associated memory device and the controller thereof, and the associated electronic device are provided. The method may include: receiving a host command and a logical address from a host device; performing a checking operation to obtain a checking result, for determining whether to load a logical-to-physical (L2P) table from the NV memory to a random access memory (RAM) of the memory device; reading the target data and associated metadata from the NV memory, wherein a latest version of the L2P table is available in the RAM when reading the target data from the NV memory is performed; and checking whether a recorded logical address within the metadata and the logical address received from the host device are equivalent to each other, to control whether to send the target data to the host device.

Memory system

A memory system includes: a normal memory area suitable for storing normal data; a security memory area suitable for storing security data; a first row hammer detection circuit suitable for sampling and counting a portion of rows that are activated in the normal memory area to select first rows that need to be refreshed; and a second row hammer detection circuit suitable for counting all rows that are activated in the security memory area to select second rows that need to be refreshed.

MEMORY SYSTEM

A memory system includes: a normal memory area suitable for storing normal data; a security memory area suitable for storing security data; a first row hammer detection circuit suitable for sampling and counting a portion of rows that are activated in the normal memory area to select first rows that need to be refreshed; and a second row hammer detection circuit suitable for counting all rows that are activated in the security memory area to select second rows that need to be refreshed.

DELIVERY OF A MESSAGE TO A USER OF A PORTABLE DATA STORAGE DEVICE AS A CONDITION OF ITS USE

METHOD FOR CONTROLLING A MEMORY INTERFACE AND ASSOCIATED INTERFACE

METHOD AND APPARATUS FOR CONTROLLING WRITING TO MEMORY

The invention relates to a method and apparatus for controlling writing to a memory. The apparatus comprises control means (1-8) for the formation of a memory activation signal (C(Boolean not)E(Boolean not)) in response to the applying of a predetermined key code to the control means, the control means comprising timer means (2) which are started by applying the key code and which prevent the formation of the memory activation signal (C(Boolean not)E(Boolean not)) when a predetermined time has elapsed from the applying of the key code. In order to speed up the writing of long data blocks into a memory, the invention is characterized in that the control means further comprise means (3, 5, 6) for restarting the time means (2) within a predetermined time interval from the applying of the key code or the previous memory write operation as a result of a performed memory write operation.

Removable devices

Methods and removable devices are provided. Some such removable devices may include a secure partition and a public partition. The secure partition is not accessible by an operating system of a host for some embodiments. The secure partition is configured to store information so that formatting/reformatting does not alter the stored information for other embodiments.

Semiconductor device

A semiconductor device includes a nonvolatile memory, and an interface configured to transfer data to and from the nonvolatile memory. The interface includes a security logic unit which controls a security level for the data written to the nonvolatile memory, in accordance with a plurality of preset security codes and a lock code that is written to a specific area in the nonvolatile memory.

Memory device capable of preventing specific data from being erased

According to one embodiment, a memory device includes a nonvolatile semiconductor memory, and control section. The nonvolatile semiconductor memory includes a first memory area, and second memory area other than the first memory area. The control section receives a first command from a host, and permits use of the second memory area on the basis of the first command. The control section receives a second command from the host, and transmits a parameter indicating the capacity of the first memory area to the host on the basis of the second command. The control section further receives a third command from the host, and accesses the first memory area on the basis of the third command. When use of the second memory area is permitted, the control section receives the third command from the host, and accesses the second memory area on the basis of the third command.

Processor boot security device and methods thereof

A method of securing network authentication information at a data processing device includes determining a boot source from which to boot the device and comparing the boot source to an expected source. If the boot source is not the expected source, access to the network authentication information is inhibited, such as by disabling access to the portion of memory that stores the authentication information. Further, if the boot source is the expected source, boot code authentication information is retrieved from memory and verified during the boot sequence. If the device authentication information is not authenticated, access to the network authentication information is inhibited. Accordingly, access to the network authentication information is allowed only if the data processing device is booted from an expected source, and only if the boot code is authenticated, thereby reducing the likelihood of unauthorized access to the network authentication information.

SEMICONDUCTOR MEMORY CARD ACCESS APPARATUS, A COMPUTER-READABLE RECORDING MEDIUM, AN INITIALIZATION METHOD, AND A SEMICONDUCTOR MEMORY CARD

A predetermined number of erasable blocks positioned at a start of a volume area in a semiconductor memory card are provided so as to include volume management information. A user area following the volume management information includes a plurality of clusters. A data length NOM of an area from a master boot record & partition table sector to a partition boot sector is determined so that the plurality of clusters in the user area are not arranged so as to straddle erasable block boundaries. Since cluster boundaries and erasable block boundaries in the user area are aligned, there is no need to perform wasteful processing in which two erasable blocks are erased to rewrite one cluster. 117-. (canceled)18. An access apparatus for performing file access on a semiconductor memory module that has a memory area comprising of a plurality of sectors , by managing one or more sectors as a cluster , and managing one or more clusters as a file , some consecutive sectors in the memory area forming a block , the block being a smallest unit on which data erasure can be performed , the access apparatus comprising:a calculation unit operable to calculate a size of volume management information based on a number of clusters in the memory area that are to be managed, the volume management information including a master boot record, a partition table, partition boot sector information, and a file allocation table that indicates, for each file, links between clusters corresponding to the file;a reserving unit operable to reserve (1) a first area for recording the volume management information, (2) a second area for recording a block including a root directory entry, (3) a third area for recording user data, the first area being formed from blocks that are each larger in size than the calculated size of the volume management information, and (4) a backup area for recording attribute information of the file recorded therein, and the third area being formed from blocks following the first ...

Nonvolatile memory, reading method of nonvolatile memory, and memory system including nonvolatile memory

A nonvolatile memory device includes a memory cell array and a read/write circuit connected to the memory cell array through bit lines. The read method of the nonvolatile memory device includes receiving a security read request, receiving security information, and executing a security read operation in response to the security read request. The security read operation includes reading of security data from the memory cell array using the read/write circuit, storing of the read security data in a register, performing security decoding on the read security data stored in the register using the received security information, resetting the read/write circuit, and outputting a result of the security decoding.

Dynamic Address Change Optimizations

A method of setting an address of a component that includes determining a characterization value associated with a consumable, calculating a number of address change operations based upon the characterization value, and setting a last address generated from the number of address change operations as the new address of the component, wherein the characterization value is determined based upon a usage of the consumable.

Method and apparatus for securing memory modules

A memory system for storing data that includes providing a memory module having one or more memory devices and a voltage regulator for controlling voltage levels supplied to the one or more memory devices, wherein the voltage regulator has a first state that permits write and read operations with the one or more memory devices, and a second state where the voltage regulator prevents at least read operations with the one or more memory devices the system configured to store an encryption key in ROM on the voltage regulator; copy the encryption key value from the ROM to a voltage regulator register; set a voltage regulator encryption timer for a period of time; and transition the voltage regulator to the second state in response to the voltage regulator encryption timer expiring.

Cache coherent system including master-side filter and data processing system including same

An application processor is provided. The application processor includes a cache coherent interconnect, a first master device connected to the cache coherent interconnect, a second master device, and a master-side filter connected between the cache coherent interconnect and the second master device. The master-side filter receives a snoop request from the first master device through the cache coherent interconnect, compares a second security attribute of the second master device with a first security attribute of the first master device which is included in the snoop request, and determines whether to transmit an address included in the snoop request to the second master device according to a comparison result.

A COMPUTATION DEVICE WITH INCREASED RESISTANCE AGAINST ADDRESS PROBING

Some embodiments are directed to a computing device () configured for execution of a computer program protected against address probing. The device is configured to run at least one anomaly detector () for detecting an address probing on the computer program, and to selectively replace an originating computer program code part with a replacement computer program code part wherein an address probing countermeasure is added. 1. A computing device configured for execution of a computer program wherein the memory circuit is arranged to store computer program code and computer program data,', 'wherein the computer program code comprises multiple computer program code parts,', 'wherein the computer program code is configured to operate upon the computer program data,', 'wherein addresses of the computer program code and/or computer program data are randomized in an address space; and, 'a memory circuit,'} wherein the processor circuit is configured to execute the computer program code,', 'wherein the processor circuit is configured to monitor the execution of the computer program code by running at least one anomaly detector,', 'wherein the anomaly detector is configured to detect an address probing on the computer program,', 'wherein the processor circuit is configured to locate an offending portion of the computer program code from which the address probing originated,', 'wherein the processor circuit is configured to selectively replace the offending portion of the computer program code part with a replacement computer program code,', 'wherein an address probing countermeasure is added to the replacement computer code., 'a processor circuit,'}2. The computing device as in claim 1 , wherein the anomaly detector is a portion of the computer program code.3. The computing device as in claim 1 , wherein the anomaly detector is configured for one or more of the following:detecting a read or write operation to an invalid address;intercepting a system call and inspecting a ...

System and Method for Conflict-Free Cloud Storage Encryption

A system and method for conflict-free cloud storage encryption include selecting, from a set of computing devices configured to download data from a shared storage platform, a first device, obtaining, by a first module on the first computing device, a parameter for processing data, selecting, by the first module, a data object stored on the first device and processing the selected data object, using the parameter, to produce a processed data object. The processed data object may be uploaded to the shared storage platform. The parameter may be provided to a second module on a second computing device included in the set and used, by the second module, to reproduce the data object based on the processed data object. 1. A method comprising:selecting, from a set of computing devices configured to download data from a shared storage platform, a first computing device;obtaining, by a first module on the first computing device, a parameter for processing data;selecting, by the first module, a data object stored on the first computing device and processing the selected data object, using the parameter, to produce a processed data object;uploading the processed data object to the shared storage platform;providing the parameter to a second module on a second computing device included in the set; andusing the parameter, by the second module, to reproduce the data object based on the processed data object.2. The method of claim 1 , comprising replacing claim 1 , by the first module claim 1 , an unprocessed data object stored in the shared storage platform with the processed data object.3. The method of claim 1 , comprising replacing claim 1 , by the first module claim 1 , a processed data object stored in the shared storage platform by an unprocessed data object.4. The method of claim 1 , wherein selecting the first device is based on at least one of: a creator of the data object claim 1 , a selection by a central server claim 1 , a property of the first device and a property of ...

USING SECURE MEMORY ENCLAVES FROM THE CONTEXT OF PROCESS CONTAINERS

Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request. 1. A computing system comprising:one or more processors; and identifying a container image having a security component that is used for attesting to a particular security configuration that is used by a host system running on a first security domain, the security component being stored at a memory address of the host system;', 'using the container image to instantiate a new container, the new container being configured to utilize enclave memory in a second security domain of a host system based on a security component stored at an address of the host system, the new container including a copy of the security component with a particular memory address that is a purported link from the container to the memory address of the security component stored at the host system; and', 'during or after instantiation of the new container, modifying the purported link from the container to the particular memory address of the security component stored at the host system so that the purported link from the container to the memory address is modified to verifiably link the container to the memory address of the host system., 'one or more computer-readable storage medium having stored computer ...

Methods and systems for resilient encryption of data in memory

A method for encrypting and decrypting data, that includes using an encryption key and an address associated with a memory device or a software instance. The method for encrypting and decrypting data may be performed by a hypervisor or by a configured processor. The method may include receiving a read or write request specifying an address; performing a first lookup, in an address mapping table, to identify a memory module address of a memory module associated with the address; performing a second lookup to identify an encryption key associated with the read or write request; generating a decryption or encryption request that includes the memory module address; and the encryption key; and sending the decryption or encryption request to the memory module.

Secure spin torque transfer magnetic random access memory (sttmram)

A magnetic memory device includes a main memory made of magnetic memory, the main memory and further includes a parameter area used to store parameters used to authenticate data. Further, the magnetic memory device has parameter memory that maintains a protected zone used to store protected zone parameters, and an authentication zone used to store authentication parameters, the protection zone parameters and the authentication parameters being associated with the data that requires authentication. Upon modification of any of the parameters stored in the parameter memory by a user, a corresponding location of the parameter area of the main memory is also modified.

SYSTEM AND METHOD FOR HIGH PERFORMANCE SECURE ACCESS TO A TRUSTED PLATFORM MODULE ON A HARDWARE VIRTUALIZATION PLATFORM

A system and method for high performance secure access to a trusted platform module on a hardware virtualization platform. The virtualization platform including Virtual Machine Monitor (VMM) managed components coupled to the VMM. One of the VMM managed components is a TPM (Trusted Platform Module). The virtualization platform also includes a plurality of Virtual Machines (VMs). Each of the virtual machines includes a guest Operating System (OS), a TPM device driver (TDD), and at least one security application. The VMM creates an intra-partition in memory for each TDD such that other code and information at a same or higher privilege level in the VM cannot access the memory contents of the TDD. The VMM also maps access only from the TDD to a TPM register space specifically designated for the VM requesting access. Contents of the TPM requested by the TDD are stored in an exclusively VMM-managed protected page table that provides hardware-based memory isolation for the TDD. 1Virtual Machine Monitor (VMM) managed components coupled to a VMM, wherein one of the VMM managed components comprises a Trusted Platform Module (TPM); anda plurality of Virtual Machines (VMs), each of the virtual machines including a guest operating system (OS), a TPM device driver (TDD), and at least one security application,wherein the VMM to create an intra-partition in memory for the TDD such that other code and information at a same or higher privilege level within the VM cannot access the memory contents of the TDD and to map accesses from only the TDD to a TPM register space specifically designated for the VM requesting access.. A virtual platform comprising: This application is a continuation of U.S. application Ser. No. 14/510,534, entitled “System and Method for High Performance Secure Access to a Trusted Platform Module on a Hardware Virtualization Platform,” which was filed on Oct. 9, 2014, and which is a divisional application of U.S. application Ser. No. 13/305,902, entitled “System ...

SYSTEM AND METHOD FOR HIGH PERFORMANCE SECURE ACCESS TO A TRUSTED PLATFORM MODULE ON A HARDWARE VIRTUALIZATION PLATFORM

A system and method for high performance secure access to a trusted platform module on a hardware virtualization platform. The virtualization platform including Virtual Machine Monitor (VMM) managed components coupled to the VMM. One of the VMM managed components is a TPM (Trusted Platform Module). The virtualization platform also includes a plurality of Virtual Machines (VMs). Each of the virtual machines includes a guest Operating System (OS), a TPM device driver (TDD), and at least one security application. The VMM creates an intra-partition in memory for each TDD such that other code and information at a same or higher privilege level in the VM cannot access the memory contents of the TDD. The VMM also maps access only from the TDD to a TPM register space specifically designated for the VM requesting access. Contents of the TPM requested by the TDD are stored in an exclusively VMM-managed protected page table that provides hardware-based memory isolation for the TDD. 120-. (canceled)21. One or more machine-readable storage media comprising a plurality of instructions stored thereon that , in response to execution by a computing device , cause the computing device to:issue a call, by a requesting entity of the computing device, for a hardware cryptographic device to perform an operation;determine whether the call is an initial request by the requesting entity to the hardware cryptographic device;verify authentication information provided with a first access associated with the initial request in response to a determination that the call is not the initial request;enable access to a subset of hardware registers of the hardware cryptographic device based on an identification of a virtual machine of the requesting entity;perform, by the hardware cryptographic device, the requested operation; andstore, by the hardware cryptographic device, results of the performed operation in a protected page table accessible from outside the hardware cryptographic device by only ...

Hacking-Resistant Computer Design

A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition. 1a bus controller configured to be coupled to a first computer and at least one second computer;wherein the bus controller is configured to receive a pull command from the first computer and to execute the pull command to read data from the at least one second computer through a bus and write the data read from the at least one second computer to at least one memory module of the first computer in a memory address range configured for data read from the at least one second computer;wherein the bus controller is configured to receive a push command from the first computer and to execute the push command to send data to the at least one second computer through the bus;wherein the bus controller will not permit a push command from the at least one second computer to the first computer;wherein the bus controller will not permit a pull command from the at least one second computer to the first computer; andwherein the hardware circuitry of the bus controller does not permit the at least one second computer to access the at least one ...

MEMORY MODULE DATA OBJECT PROCESSING SYSTEMS AND METHODS

The present disclosure provides methods, apparatus, and systems for implementing and operating a memory module, for example, in a computing that includes a network interface, which may be coupled to a network to enable communication with a client device, and host processing circuitry, which may be coupled to the network interface via a system bus and programmed to perform first data processing operations based on user inputs received from the client device. The memory module may be coupled to the system bus and include memory devices and a memory controller coupled to the memory devices via an internal bus. The memory controller may include memory processing circuitry programmed to perform a second data processing operation that facilitates performance of the first data processing operations by the host processing circuitry based on context of the data block indicated by the metadata. 1. A computing system comprising one or more host computing devices , wherein the one or more host computing devices comprise:a network interface communicatively coupled to a system bus, wherein the network interface is configured to communicatively couple the one or more host computing devices to a first client computing device via a communication network to enable the one or more host computing devices to provide the first client computing device a first virtual machine; the memory sub-system is configured to store a plurality of data objects; and', 'a first data object of the plurality of data objects comprises a first copy of first virtual machine data and first tag metadata that indicates that the first data object is associated with the first virtual machine; and, 'a memory sub-system communicatively coupled to the system bus, whereinhost processing circuitry communicatively to the system bus, wherein the host processing circuitry is configured to process the first data object to provide the first virtual machine; anda service processor communicatively coupled to the memory sub- ...

MEMORY FRACTIONATION SOFTWARE PROTECTION

A method of protecting software in a computer system includes defining a memory fractionation configuration for an application software program in the computer system, fractionating at least one page of the application software program into fractions according to the memory fractionation configuration, and running the application in such a manner that, at any particular point in time when the application is running, at least a first one of the fractions is stored in a manner that is not accessible from a user space or a kernel space of the computer system. 1. A method of protecting software in a computer system , the method comprising:defining a first memory fractionation configuration for an application software program in the computer system;fractionating at least one page of the application software program into fractions according to the first memory fractionation configuration; andrunning the application in such a manner that, at any particular point in time when the application is running, at least a first one of the fractions is stored in a manner that is not accessible from a user space or a kernel space of the computer system, according to the first memory fractionation configuration.2. The method of claim 1 , wherein at the particular point in time when the application is running claim 1 , at least a second one of the fractions is stored in a manner that is accessible from the user space or the kernel space of the computer system.3. The method of claim 2 , further comprising:switching, over time, which of the fractions is accessible from the user space or the kernel space and which of the fractions is not accessible from the user space or the kernel space, between at least the first one of the fractions and the second one of the fractions.4. The method of claim 3 , further comprising:providing a fractionator to perform the switching,wherein the fractionator is implemented in the user space, the kernel space or a hypervisor space.5. The method of claim 1 , ...

SYSTEM AND METHOD FOR PROTECTING DATA STORED ON A REMOVABLE DATA STORAGE DEVICE

A system for protecting data stored in a removable data storage device includes a personal electronic device, a removable solid state data storage device operatively coupled to the personal electronic device, and a circuit configured to protect data stored in the data storage device in response to detecting impending removal of the data storage device from the personal electronic device. 1. A system for protecting data stored in a removable data storage device , comprising:a personal electronic device;a removable solid state data storage device operatively coupled to the personal electronic device; anda circuit configured to protect data stored in the data storage device in response to detecting impending removal of the data storage device from the personal electronic device.2. The system of claim 1 , wherein the personal electronic device comprises at least one of a mobile phone claim 1 , a smart phone claim 1 , a personal digital assistant claim 1 , and a pager.3. The system of claim 1 , wherein the personal electronic device comprises at least one of a personal computer claim 1 , a laptop computer claim 1 , a tablet computer claim 1 , and a handheld computer.4. The system of claim 1 , wherein the personal electronic device comprises at least one of a camera and an audio recording device.5. The system of claim 1 , wherein the removable data storage device comprises a Subscriber Identity Module (SIM).6. The system of claim 1 , wherein the removable data storage device comprises at least one of a Secure Digital (SD) memory card claim 1 , an integrated circuit (IC) memory claim 1 , a Universal Serial Bus (USB) drive claim 1 , a Universal Integrated Circuit Card (UICC) claim 1 , and a Removable User Identity Module (R-UIM).7. The system of claim 1 , wherein the circuit is disposed on the personal electronic device.8. The system of claim 1 , wherein the circuit is disposed on the data storage device.9. The system of claim 1 , wherein the circuit comprises a removal ...

Memory device with configurable performance and defectivity management

A memory device comprises a memory control unit including a processor configured to control operation of the memory array according to a first memory management protocol for memory access operations, the first memory management protocol including boundary conditions for multiple operating conditions comprising program/erase (P/E) cycles, error management operations, drive writes per day (DWPD), and power consumption; monitor operating conditions of the memory array for the PIE cycles, error management operations, DWPD, and power consumption; determine when a boundary condition for one of the multiple operating conditions is met; and in response to determining that a first boundary condition for a first monitored operating condition is met, change one or more operating conditions of the first memory management protocol to establish a second memory management protocol for the memory access operations, the second memory management protocol including a change boundary condition of a second monitored operating condition.

STORAGE MANAGEMENT DEVICE AND STORAGE MANAGEMENT METHOD

A storage management method includes: determining whether receives a creation request for creating a group storage space from one user group, wherein the creation request comprises an identity of the user group and a request size of the group storage space. Assigning a group storage space with the request size to the user group and assigning a corresponding storage gateway address to the user group. Setting an administrator identity of the group storage space and permissions of an administrator with the administrator identity. In addition, creating or deleting sub-group storage spaces and personal storage spaces in the group storage space in response to operations of the administrator. 1. A storage management device comprising:a communication unit configured to connect to at least one terminal device of a user of a user group;a plurality of storage devices, one or more of the plurality of storage devices storing a plurality of modules which are collection of instructions; andat least one processing device configured to execute the plurality of modules which are collection of instructions, the modules comprising:a request receiving module configured to receive a creation request for creating a group storage space from one user group, wherein the creation request comprises an identity of the user group and a request size of the group storage space;a creation module configured to assign a group storage space with the request size from the storage management device to the user group and assign a corresponding storage gateway address to the user group, the group storage space and the storage gateway address being associated with the identity of the user group; and a permission setting module configured to set an administrator identity of the group storage space and permissions of an administrator with the administrator identity; and', 'an assignment management module configured to create or delete sub-group storage spaces and personal storage spaces in the group storage ...

WRITE PROTECTION MANAGEMENT SYSTEMS

Write protection management systems are disclosed. In this regard, in one exemplary aspect, a security control system is provided to authorize and write a specified number of data blocks to a write-protected region in a storage device. In another exemplary aspect, a write control system is provided to keep track of data blocks written to the write-protected region. The write control system automatically re-enables write protection on the write-protected region after the specified number of data blocks has been written to the write-protected region. By automatically protecting the write-protected region after writing the specified number of data blocks, it is possible to prevent unauthorized attempts to write to the write-protected region, thus ensuring data security and integrity in the write-protected region. 1. A host device comprising a security control system configured to:validate a request for writing a specified number of data blocks to a write-protected region in a storage device communicatively coupled to a host device;disable write protection on the write-protected region;write the specified number of data blocks to the write-protected region; andstop writing any more data blocks to the write-protected region and enable the write protection on the write-protected region after writing the specified number of data blocks to the write-protected region.2. The host device of claim 1 , wherein the specified number of data blocks is a specified number of data bytes.3. The host device of claim 1 , wherein the security control system comprises:a trust zone configured to validate the request for writing the specified number of data blocks to the write-protected region;a replay protected memory block (RPMB) controller configured to disable the write protection on the write-protected region based on an instruction received from the trust zone; anda storage device driver configured to write the specified number of data blocks to the write-protected region after the ...

Electronic Apparatus and Management Method Thereof

An electronic apparatus operating with a memory includes an operating module, a management module, a database and a filtering module. When the operating module needs to use the memory for performing a task, the operating module issues a memory request. The management module determines whether the memory request is to be permitted. When the memory request is permitted, the management module generates a requested data chunk according to the memory request. The filtering module receives the requested data chunk from the management module, and determines whether to store the requested data chunk into the data base according to a predetermined filtering condition. 1. An electronic apparatus , operating with a memory , comprising:an operating module, configured to issue a memory request when the operating module needs to use the memory for performing a task;a management module, configured to determine whether the memory request is to be permitted, and to generate a requested data chunk when the memory request is permitted;a database; anda filtering module, configured to receive the requested data chunk from the management module, and to determine whether to store the requested data chunk into the database according to a predetermined filtering condition.2. The electronic apparatus according to claim 1 , wherein the requested data chunk comprises at least one of identity information of the task claim 1 , a memory address the management module designates to the memory request claim 1 , and a memory usage amount.3. The electronic apparatus according to claim 1 , wherein a plurality of requested data chunks in the database are sorted according to task identity information claim 1 , a memory address or a memory usage amount.4. The electronic apparatus according to claim 1 , wherein the predetermined filtering condition comprises at least one of a predetermined time interval and a predetermined memory address interval.5. The electronic apparatus according to claim 1 , further ...

System and method for split storage stack

In certain embodiments, a method includes starting an application as a first process within a user space of an operating system. The application instantiates a data storage system associated with the operating system. The method also includes starting a block device service as a second process within the user space of the operating system, the block device service being configured to manage a persistent storage device of the computing device. In addition, the method includes receiving, by a kernel of the operating system, a system call request from the application to communicate with the block device service, the system call request is generated by the application using the data storage system and comprises an access request to access the persistent storage device. The method further includes providing the application, in response to the system call request, access to the block device service through the IPC channel.

MEMORY CARD AND HOST DEVICE THEREOF

A memory card is attached to a host device, and includes a data control circuit which transfers data with respect to the host device in synchronism with a rise edge and a fall edge of a clock signal. 1. (canceled)2. A storage device comprising:a command terminal;a plurality of data terminals;a clock terminal;a power terminal for a power supply voltage;a ground terminal for a ground voltage;a nonvolatile memory; anda controller coupled to the command terminal, the data terminals, the clock terminal, the power terminal, and the ground terminal,wherein the controller is configured to receive the clock signal through the clock terminal from the outside of the storage device,wherein the controller is configured to output a first status data through at least one of the data terminals to the outside of the storage device, in accordance with only one of a rising edge and a falling edge of the clock signal, in a first transfer mode,wherein the controller is configured to output data through at least one of the data terminals to the outside of the storage device, in accordance with both the rising edge and the falling edge of the clock signal, in a second transfer mode, andwherein the controller is configured to receive and respond to commands via the command terminal in accordance with only one of a rising edge and a falling edge of the clock signal while outputting data through at least one of the data terminals to the outside of the storage device in accordance with both the rising edge and the falling edge of the clock signal, in the second transfer mode.3. The storage device according to claim 2 ,wherein the controller is configured to read data from the nonvolatile memory and output the read data through at least one of the data terminals.4. The storage device according to claim 2 ,wherein the nonvolatile memory is a semiconductor memory.5. The storage device according to claim 4 ,wherein the semiconductor memory is a NAND type flash memory.6. The storage device ...

BATTERY MANAGEMENT APPARATUS AND METHOD

A battery management apparatus according to an embodiment of the present disclosure includes a processor including a plurality of cores respectively provided with a cache memory and configured to set a core storing a record-target data in the cache memory thereof among the plurality of cores as a main core and set a core other than the main core among the plurality of cores as a sub core; and a main memory configured to store the record-target data by the main core, wherein the main core is configured to block an authority of the sub core to access the main memory while the record-target data is being recorded in the main memory, and endow an authority to access the main memory to the sub core after the record-target data is recorded in the main memory. 1. A battery management apparatus for preventing data inconsistency in a multi-core environment , comprising:{'claim-text': ['set a core storing a record-target data in the cache memory thereof among the plurality of cores as a main core; and', 'set a core other than the main core among the plurality of cores as a sub core; and'], '#text': 'a processor including a plurality of cores, each respectively provided with a cache memory, the processor being configured to:'}a main memory configured to store the record-target data by the main core,{'claim-text': ['block an authority of the sub core to access the main memory while the record-target data is being recorded in the main memory, and', 'endow an authority to access the main memory to the sub core after the record-target data is recorded in the main memory.'], '#text': 'wherein the main core is configured to:'}2. The battery management apparatus according to claim 1 , wherein the processor is further configured to set the main core and the sub core claim 1 , when a record request for recording the record-target data in the main memory is input from the core storing the record-target data in the cache memory thereof.3. The battery management apparatus according to ...

AUTOMATIC MEMORY SECURITY

A computing device has a security module that (i) receives a request to decrypt encrypted data; (ii) sets up an uninterruptible timer based on a specified time interval; (iii) decrypts the encrypted data to generate and stores corresponding decrypted data in a memory within the computing device; and (iv) provides a trigger signal to delete the decrypted data from the memory after expiration of the specified time interval as determined by the timer. The security module limits the duration that the decrypted data is stored in the memory and thus reduces the chance the data can be subject to unauthorized accessed. 1. An article of manufacture comprising a computing device comprising a security module configured to:receive a request to decrypt encrypted data;set up an uninterruptible timer based on a specified time interval;decrypt the encrypted data to generate and store corresponding decrypted data in a memory within the computing device; andprovide a trigger signal to delete the decrypted data from the memory after expiration of the specified time interval as determined by the uninterruptible timer.2. The article of claim 1 , wherein:the encrypted data is part of a key blob further comprising an encrypted blob key; and decrypt the encrypted blob key using a blob-key encryption key to generate a decrypted version of a blob key; and', 'decrypt the encrypted data using the decrypted version of the blob key to generate the decrypted data., 'the security module is configured to3. The article of claim 2 , wherein the security module is further configured to:encrypt data using the blob key to generate the encrypted data;encrypt the blob key using the blob-key encryption key to generate the encrypted blob key; andcombine the encrypted data and the encrypted blob key to generate the key blob.4. The article of claim 3 , wherein the computing device comprises:a random number generator configured to generate the blob key; anda register configured to store the blob-key encryption ...

Access to Memory Region Including Confidential Information

Embodiments herein relate to accessing a memory region including confidential information. A memory request from a process may be received. The memory request may include a process ID (PID) of the process, a requested memory address, and a requested access type. The memory request may be compared to a permission set associated with a memory region including the confidential information. Access to the memory region by the process may be controlled based on the comparison. 1. A device comprising:a permission module to receive a memory request from a process, the memory request including a process ID (PID) of the process, a requested memory address, and a requested access type, whereinthe permission module compares the memory request to a permission set associated with a memory region storing confidential information, andthe permission module controls access to the memory region by the process based on the comparison.2. The device of claim 1 , wherein claim 1 ,the permission set includes one more allowed PIDs, a memory address range, and one or more allowed access types associated with the memory region,the access types include at least one of read, write and reference types, andthe reference type relates to providing a pointer to the requested memory address.3. The device of claim 2 , wherein the permission module includes claim 2 ,a PID module to compare the PID of the process to the one or more allowed PIDs;an address module to compare the requested memory address to the memory address range; andan access type module to compare the requested access type to the one or more allowed access types, whereinthe permission module allows access to the memory region by the process based on the comparisons of the PID, address, and access type modules.4. The device of claim 2 , wherein claim 2 ,the memory request further includes a user ID (UID) field to identify at least one of a type of user and an identity of the user, andthe permission set includes a plurality of instances ...

CACHE SET PERMUTATIONS BASED ON GALOIS FIELD OPERATIONS

Systems, apparatuses and methods provide for technology that determines that first data associated with a first security domain is to be stored in a first permutated cache set, where the first permuted cache set is identified based on a permutation function that permutes at least one of a plurality of first cache indexes. The technology further determines that second data associated with a second security domain is to be stored in a second permutated cache set, where the second permuted cache set is identified based on the permutation function. The second permutated cache set may intersect the first permutated cache set at one data cache line to cause an eviction of first data associated with the first security domain from the one data cache line and bypass eviction of data associated with the first security domain from at least one other data cache line of the first permuted cache set. 1. A computing system comprising:a processor to be associated with execution of a plurality of security domains including a first security domain and a second security domain; anda cache to store data associated with the execution of the plurality of security domains; and determine that first data associated with the first security domain is to be stored in a first permutated cache set associated with the cache, wherein the first permuted cache set is to be identified based on a permutation function that is to permute at least one of a plurality of first cache indexes; and', 'determine that second data associated with the second security domain is to be stored in a second permutated cache set associated with the cache, wherein the second permuted cache set is to be identified based on the permutation function, and wherein the second permutated cache set intersects the first permutated cache set at one data cache line to cause an eviction of first data associated with the first security domain from the one data cache line and bypass eviction of data associated with the first security ...

NON-VOLATILE MEMORY DEVICE WITH REDUCED AREA

A memory device includes a substrate, a semiconductor fin over the substrate and extending in a first direction, and a first gate electrode and a second gate electrode over the substrate and extending in a second direction. The semiconductor fin extends through the second gate electrode and terminates on the first gate electrode. The memory device further includes a first conductive via over and electrically coupled to the first gate electrode. 1. A memory device , comprising:a substrate;a semiconductor fin over the substrate and extending in a first direction;a first gate electrode and a second gate electrode over the substrate and extending in a second direction, the semiconductor fin extending through the second gate electrode and terminating on the first gate electrode; anda first conductive via over and electrically coupled to the first gate electrode,wherein the first gate electrode and the second gate electrode are formed of different materials.2. The memory device of claim 1 , further comprising a second conductive via electrically coupled to the second gate electrode.3. The memory device of claim 1 , further comprising a dielectric layer between the first gate electrode and the semiconductor fin claim 1 , wherein the first conductive via is operable to receive a first voltage to cause an electrical breakdown of the dielectric layer.4. The memory device of claim 3 , wherein the dielectric layer covers a lateral sidewall of the semiconductor fin claim 3 , wherein the lateral sidewall extends in the second direction.5. The memory device of claim 1 , further comprising an isolation region over the substrate and defining the semiconductor fin claim 1 , the isolation region extending below the first gate electrode.6. The memory device of claim 1 , further comprising an inter-layer dielectric (ILD) layer over the substrate and covering an entirety of a sidewall of the first gate electrode.7. The memory device of claim 6 , wherein the ILD layer at least partially ...

PROCESSING SECURE DATA

An electronic device is provided. The electronic device includes a first control module including a normal module and a security module, and a second control module distinct from the first control module. The normal module sets a secure memory which the security module and the second control module access, and the security module determines validity of the set secure memory. 1. An electronic device comprising:a first control module including a normal module and a security module; anda second control module distinct from the first control module,wherein the normal module is configured to set a secure memory which is accessible by the security module and the second control module, andwherein the security module is configured to determine validity of the set secure memory.2. The electronic device of claim 1 , wherein the secure memory comprises an input buffer at which secure data is written.3. The electronic device of claim 1 , wherein the secure memory comprises an output buffer at which a processing result of secure data is written.4. The electronic device of claim 1 , wherein the secure memory is configured to:operate as an input buffer at which secure data is written, andoperate as an output buffer at which a processing result of secure data is written after the secure data is read.5. The electronic device of claim 2 , wherein the security module is configured to:write the secure data at the input buffer, andrequest the second module to process a portion or a whole of the secure data.6. The electronic device of claim 5 , wherein the security module is configured to provide the second control module with a memory address of the input buffer and a memory address claim 5 , at which a processing result on the portion or the whole of the secure data is to be written claim 5 , together with the request.7. The electronic device of claim 6 , wherein the security module is configured to provide the second control module with the request and the memory address through the ...

USING MEMORY AS A BLOCK IN A BLOCK CHAIN

The present disclosure includes apparatuses, methods, and systems for using memory as a block in a block chain. An embodiment includes a memory, and circuitry configured to generate a block in a block chain for validating data stored in the memory, wherein the block includes a cryptographic hash of a previous block in the block chain and a cryptographic hash of the data stored in the memory, and the block has a digital signature associated therewith that indicates the block is included in the block chain.

MULTIPLE MEMORY TYPE MEMORY MODULE SYSTEMS AND METHODS

The present disclosure provides methods, apparatuses, and systems for implementing and operating a memory module, for example, in a computing device that includes a network interface, which is coupled to a network to enable communication with a client device, and processing circuitry, which is coupled to the network interface via a data bus and programmed to perform operations based on user inputs received from the client device. The memory module includes memory devices, which may be non-volatile memory or volatile memory, and a memory controller coupled between the data bus and the of memory devices. The memory controller may be programmed to determine when the processing circuitry is expected to request a data block and control data storage in the memory devices. 1. An apparatus , comprising: a first portion of the plurality of memory devices is implemented to provide volatile memory; and', 'a second portion of the plurality of memory devices is implemented to provide non-volatile memory; and, 'a plurality of memory devices, wherein the buffer memory comprises static random-access memory;', 'the memory controller is communicatively coupled to each of the plurality of memory devices; and', 'the memory controller is configured to deterministically store data blocks in either the volatile memory on the apparatus or the non-volatile memory implemented on the apparatus based at least in part on when the data blocks are expected to be requested from the apparatus., 'a memory controller comprising buffer memory, wherein2. The apparatus of claim 1 , wherein the memory controller is configured to predict when the data blocks will be requested based at least in part on analysis of data access parameters associated with the data blocks using machine learning techniques.3. The apparatus of claim 1 , wherein claim 1 , to deterministically store data blocks in either the volatile memory or the non-volatile memory claim 1 , the memory controller is configured to:store a first ...

Information Handling System Secret Protection Across Multiple Memory Devices

Information handling system secret protection is enhanced by encrypting secrets into a common file and breaking up the encrypted file into plural portions stored at plural memory devices, such as across plural DIMMs disposed in the information handling system. In one embodiment, a decryption key to decrypt the encrypted file is broken into plural portions stored at the plural memory devices. Upon detection of a predetermined security factor, such as an indication of removal of a the encrypted file is removed from the plural portions. 1. An information handling system comprising:a chassis;a processor disposed in the chassis and operable to process information;memory disposed in the chassis and interfaced with the processor, the memory operable to store the information, the memory having at least first and second separate memory devices;a memory controller interfaced with the memory and operable to manage locations in the memory devices to store the information; anda security module interfaced with the memory controller, the security module operable to identify sensitive information based upon predetermined conditions and to locate first and second portions of the sensitive information on the first and second memory devices.2. The system of wherein:the first and second memory devices comprise at least first and second random access memory (RAM) modules;the first portion comprises encrypted information; andthe second portion comprises a password to decrypt the encrypted information.3. The system of wherein:the first and second memory devices comprise at least first and second RAM modules;the first portion comprises less than all of an encrypted file having encrypted information and less than all of a password to decrypt the encrypted information; andthe second portion comprises less than all of the encrypted file and less than all of the password to decrypt the encrypted information.4. The system of wherein:the first and second memory devices comprise first and second ...

HARDWARE-BASED SHARED DATA COHERENCY

Apparatuses, systems, and methods for coherently sharing data across a multi-node network is described. A coherency protocol for such data sharing can include identifying a memory access request from a requesting node for an I/O block of data in a shared I/O address space of a multi-node network, determining a logical ID and a logical offset of the I/O block, identifying an owner of the I/O block, negotiating permissions with the owner of the I/O block, and performing the memory access request on the I/O block. 1. An apparatus comprising circuitry configured to:identify a memory access request from a requesting node for an I/O block of data in a shared I/O address space of a multi-node network;determine a logical identifier (ID) and a logical offset of the I/O block;identify an owner of the I/O block;negotiate permissions with owner of the I/O block; andperform the memory access request on the I/O block.2. The apparatus of claim 1 , wherein the owner is a home node for the I/O block coupled to the requesting node through a network fabric of the multi-node network.3. The apparatus of claim 2 , wherein the memory access request is a Read for Ownership (RFO) and claim 2 , in negotiating permissions claim 2 , the circuitry is further configured to:set a coherency state of the I/O block to “exclusive”; andsend the I/O block to the requesting node.4. The apparatus of claim 3 , wherein claim 3 , in setting the coherency state of the I/O block to “exclusive claim 3 ,” the circuitry is further configured to:identify a sharing node of the I/O block;set the coherency state of the I/O block to “invalid” at the sharing node; andwait for an acknowledgment from the sharing node before the I/O block is sent to the requesting node.5. The apparatus of claim 4 , wherein claim 4 , in setting the coherency state of the I/O block to “exclusive” claim 4 , the circuitry is further configured to:identify that the coherency state of the I/O block at the sharing node is set to “modified”; ...

Protection against side-channel attacks on non-volatile memory

A non-volatile memory (NVM) device includes an NVM array, which is configured to store data, and control logic. The control logic is configured to receive data values for storage in the NVM array, and to write at least some of the received data values to the NVM array and simultaneously to write complements of the at least some of the received data values.

USING SECURE MEMORY ENCLAVES FROM THE CONTEXT OF PROCESS CONTAINERS

Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request. 1. A computing system comprising:one or more processors; andone or more computer-readable storage medium having stored computer executable instructions which are executable by the one or more processors for configuring the computing system to implement a method for performing attestation for a container-based memory enclave, and by at least configuring the computing system to:identify one or more containers, each of the one or more containers being configured to reference enclave memory residing in a security domain that is different than a first security domain of the host system and using a security component for attesting to a particular security configuration for the enclave memory, the security component being loaded at a memory address of the host system and being linked to by one or more references to the security component at the one or more containers;obtain a single attestation report from a remote attestation service regarding security guarantees of a security configuration of the one or more containers based on the security component;receive a request to attest to the security guarantees for a particular container of the one or more containers subsequent to receiving the ...

Semiconductor device and data processing method

A semiconductor device has: as security states to which the nonvolatile memory device can transition, an unprotected state in which, when secret information is not set in the nonvolatile memory device, rewriting the nonvolatile memory device is permitted, and reading the stored information is permitted; a protection unlocked state in which, when the secret information is set in the nonvolatile memory device, rewriting the nonvolatile memory device is permitted on condition that a result of authentication using the secret information is correct, and reading the stored information is permitted; and a protection locked state in which, when the secret information is set in the nonvolatile memory device, rewriting the nonvolatile memory device is inhibited until correctness as a result of authentication using the secret information is confirmed, and reading the stored information is inhibited under a predetermined condition.

Controlled use of a hardware security module

Methods are provided for using a hardware module connectable to multiple computer systems, where the multiple computer systems are connectable to a server within a common network. The method includes: providing a network address of the server in persistent memory of the hardware security module; providing an encrypted secret entity in the persistent memory of the hardware security module; providing a private key in the persistent memory of the hardware security module; and based on the hardware security module being connectable to one of the computer systems, the method includes: establishing a secure connection between the hardware security module and the server; retrieving, via the secure connection, a wrapping key from the server and storing it in volatile memory of the hardware security module; and decrypting the encrypted secret entity with the wrapping key and storing the decrypted secret entity in the volatile memory of the hardware security module.

TECHNIQUES FOR TAMPER DETECTION AND PROTECTION OF A MEMORY MODULE

Techniques for tamper detection of a memory module having non-volatile memory devices resident on a printed circuit board (PCB) by circuitry of a controller also resident on the PCB. Examples include determining resistance values of a character pattern sprayed on a side of a cover facing the non-volatile memory devices using conductive ink following first and second boots of the memory module and asserting a bit of a register to indicate tampering of the memory modules based on a comparison of the resistance values. Tamper policy actions may be initiated based on detection of tampering. 1. An apparatus comprising: determine, responsive to a first boot of the memory module, a first resistance value for a character pattern sprayed on a side of a heat spreader cover that faces non-volatile memory devices resident on a first side of the PCB, wherein the character pattern is to be sprayed on using conductive ink;', 'determine, responsive a second boot of the memory module, a second resistance value for the character pattern; and', 'assert a bit of a register accessible to the circuitry to indicate tampering of the memory module based on the second resistance value not matching the first resistance value within a threshold resistance value., 'a controller to reside on a printed circuit board (PCB) of a memory module, the controller to include circuitry to2. The apparatus of claim 1 , further comprising the circuitry to:store the first resistance value to a first set of bits of the register accessible to the circuitry of the controller; andstore the second resistance value to a second set of bits of the register, wherein the first and second set of bits do not include the bit asserted to indicate tampering of the memory module.3. The apparatus of claim 2 , further comprising the circuitry to:convert the first resistance value to a first digital formatted number and store the first digital formatted number to the first set of bits of the register; andconvert the second ...

MEMORY SYSTEMS AND DEVICES INCLUDING EXAMPLES OF GENERATING ACCESS CODES FOR MEMORY REGIONS USING AUTHENTICATION LOGIC

Examples of systems and method described herein or generating, in a memory controller and/or memory device, access codes for memory regions of the memory device using authentication logic, and for accessing the memory device using the access codes. For example, a memory controller and/or a coupled memory device may generate access codes that a host computing device may include in a memory access request to access one or more memory regions of the memory device. Data read or written at the memory device may in some examples only be accessed in accordance with the access codes for memory regions of the memory device. Accordingly, the systems and methods described herein may provide security for specific memory regions of a memory device because the access code are updated periodically (e.g., based on obtained reset indication) or in accordance with an updated count value from a counter. 1. A method comprising:generating, at a memory controller comprising authentication logic, a plurality of access codes, each access code of the plurality of access codes for a respective memory region of a plurality of memory regions of a memory device of a plurality of memory devices based partly on a provisioned key;writing the plurality of access codes to a cache coupled to the memory controller; andwriting, via a memory bus, each respective access code of the plurality of access codes to a cache of the memory device.2. The method of claim 1 , further comprising:obtaining a reset indication and a count value from a counter of the memory controller o reset the plurality of access codes;{'img': {'@id': 'CUSTOM-CHARACTER-00001', '@he': '2.96mm', '@wi': '53.51mm', '@file': 'US20220171887A1-20220602-P00999.TIF', '@alt': 'text missing or illegible when filed', '@img-content': 'character', '@img-format': 'tif'}, 'responsive to the reset indication, generating , another plurality of access codes, each other access code of the other plurality of access codes for the respective memory region ...

MEMORY DEVICE, METHOD OF OPERATING MEMORY DEVICE, AND COMPUTER SYSTEM INCLUDING MEMORY DEVICE

A memory device comprises a memory cell region including a first metal pad, and a peripheral circuit region including a second metal pad and vertically connected to the memory cell region by the first metal pad and the second metal pad, wherein the memory cell region includes a first memory area having first memory cells storing N-bit data and a second memory area having second memory cells storing M-bit data, where ‘M’ and ‘N’ are natural numbers and M is greater than N, and the peripheral circuit region includes a controller configured to read data stored in the first memory area using a first read operation, read data stored in the second memory area using a second read operation different from the first read operation, and selectively store data in one of the first memory area and the second memory area based on a frequency of use (FOU) of the data. 1. A memory device comprising:a memory cell region including a first metal pad; anda peripheral circuit region including a second metal pad and vertically connected to the memory cell region by the first metal pad and the second metal pad;wherein the memory cell region includes a first memory area having first memory cells storing N-bit data and a second memory area having second memory cells storing M-bit data, where ‘M’ and ‘N’ are natural numbers and M is greater than N; andthe peripheral circuit region includes a controller configured to read data stored in the first memory area using a first read operation, read data stored in the second memory area using a second read operation different from the first read operation, and selectively store data in one of the first memory area and the second memory area based on a frequency of use (FOU) of the data.2. The memory device of claim 1 , wherein the controller is further configured to compare the FOU of the data with a FOU reference value claim 1 , and to store the data in the second memory area upon determining that the FOU of the data is less than or equal to the ...

METHOD FOR PERFORMING ACCESS MANAGEMENT IN A MEMORY DEVICE, ASSOCIATED MEMORY DEVICE AND CONTROLLER THEREOF, AND ASSOCIATED ELECTRONIC DEVICE

A method for performing access management in a memory device, the associated memory device and the controller thereof, and the associated electronic device are provided. The method may include: receiving a host command and a logical address from a host device; performing a checking operation to obtain a checking result, for determining whether to load a logical-to-physical (L2P) table from the NV memory to a random access memory (RAM) of the memory device; reading the target data and associated metadata from the NV memory, wherein a latest version of the L2P table is available in the RAM when reading the target data from the NV memory is performed; and checking whether a recorded logical address within the metadata and the logical address received from the host device are equivalent to each other, to control whether to send the target data to the host device. 1. A method for performing access management in a memory device , the memory device comprising a non-volatile (NV) memory , the NV memory comprising at least one NV memory element , the method comprising:receiving a host command and a logical address from a host device, wherein the host command is a read command, and a combination of the host command and the logical address is directed to a request of accessing target data corresponding to the logical address from the NV memory;with regard to the request of accessing the target data corresponding to the logical address from the NV memory, performing a checking operation to obtain a checking result, for determining whether to load a logical-to-physical (L2P) table from the NV memory to a random access memory (RAM) of the memory device, wherein the L2P table comprises address mapping information for accessing the target data;reading the target data and associated metadata from the NV memory, wherein a latest version of the L2P table is available in the RAM when reading the target data from the NV memory is performed; andchecking whether a recorded logical address ...

DEVICE, METHOD AND SYSTEM TO SELECTIVELY PROVIDE DATA VALIDATION FUNCTIONALITY

Techniques and mechanisms for configuring services which variously facilitate data protection. In an embodiment, circuitry coupled to a memory comprises both a first circuit which calculates integrity information based on data, and a second circuit which evaluates data validity based on such integrity information. A configuration of the circuitry provides a combination of one or more services which is specific to a corresponding domain of the memory. With respect to accesses to the corresponding domain, the configuration prevents an access to the first circuit while an access to the second circuit is permitted. In another embodiment, a processor signals the circuitry to transition to another configuration which, with respect to accesses to the corresponding domain, permits access to both the first circuit and the second circuit. 1. An integrated circuit comprising: a first circuit to calculate integrity information based on data communicated with the processor and the memory; and', 'a second circuit to determine data validity based on the integrity information; and, 'first circuitry to couple to a processor and to a memory, the first circuitry comprising detect an instruction from the processor, the instruction indicating a first domain of the memory; and', 'configure a state of the first circuitry based on the instruction, wherein, with respect to servicing accesses to the first domain by the processor, the state is to prevent an access to the second circuit while an access to the first circuit is permitted., 'second circuitry coupled to the first circuitry, the second circuitry configured to2. The integrated circuit of claim 1 , wherein the state corresponds multiple domains of the memory each with a respective one of:a first mode, wherein, with respect to servicing accesses to a domain to which the mode corresponds, the access to the second circuit is prevented while the access to the first circuit is permitted; ora second mode, wherein, with respect to servicing ...

Semiconductor device with secure access key and associated methods and systems

Memory devices, systems including memory devices, and methods of operating memory devices are described, in which security measures may be implemented to control access to a fuse array (or other secure features) of the memory devices based on a secure access key. In some cases, a customer may define and store a user-defined access key in the fuse array. In other cases, a manufacturer of the memory device may define a manufacturer-defined access key (e.g., an access key based on fuse identification (FID), a secret access key), where a host device coupled with the memory device may obtain the manufacturer-defined access key according to certain protocols. The memory device may compare an access key included in a command directed to the memory device with either the user-defined access key or the manufacturer-defined access key to determine whether to permit or prohibit execution of the command based on the comparison.

ENHANCING MEMORY SAFE PROGRAMMING USING A PAGE FRAME TAG MECHANISM

A technique for mitigating against return-oriented programming (ROP) attacks that occur during execution of an application includes receiving source code to compile into an executable application. During a compilation of the source code, one or more functions within the source code that are associated with gadgets in an ROP attack are determined, each of the one or more functions is assigned to one or more protected pages of memory for the executable application, and a tag is assigned to each of the one or more functions. The tag for each function maps to the protected page of memory to which the function is assigned. 1. A computer-implemented method for mitigating against return-oriented programming (ROP) attacks that occur during execution of an application , the computer-implemented method comprising:receiving source code to compile into an executable application;determining, during a compilation of the source code, one or more functions within the source code that are associated with gadgets in an ROP attack;assigning, during the compilation of the source code, each of the one or more functions to one or more protected pages of memory for the executable application; andassigning, during the compilation of the source code, a tag to each of the one or more functions, wherein the tag for each function maps to the protected page of memory to which the function is assigned.2. The computer-implemented method of claim 1 , wherein determining the one or more functions within the source code that are associated with gadgets in the ROP attack comprises receiving a list of the one or more functions that are associated with gadgets in the ROP attack from a developer of the source code.3. The computer-implemented method of claim 1 , wherein determining the one or more functions within the source code that are associated with gadgets in the ROP attack comprises:determining one or more types of functions that can be used as gadgets in the ROP attack, based on an evaluation of ...

METHODS OF OPERATING STORAGE SYSTEMS INCLUDING ENCRYPTING A KEY SALT

A method of operating a storage system includes using a device driver coupled to a storage device to encrypt a key salt and a number of iterations, storing the encrypted key salt and the encrypted number of iterations in a secure storage area of the storage device, using the device driver to combine a password, the key salt, and the number of iterations to generate a primary key, using the device driver to generate a key schedule from the primary key, receiving an encrypted master key at the device driver, and using the device driver to decrypt the encrypted master key with the key schedule. 1. A method of operating a storage system , comprising:using a device driver coupled to a storage device to encrypt a key salt and a number of iterations;storing the encrypted key salt and the encrypted number of iterations in a secure storage area of the storage device;using the device driver to combine a password, the key salt, and the number of iterations to generate a primary key;using the device driver to generate a key schedule from the primary key;receiving an encrypted master key at the device driver; andusing the device driver to decrypt the encrypted master key with the key schedule.2. The method of claim 1 , wherein using the device driver to combine the password claim 1 , the key salt claim 1 , and the number of iterations comprises the device driver using an exclusive “OR” or Boolean functions.3. The method of claim 1 , further comprising storing a portion of the primary key in the secure storage area of the storage device.4. The method of claim 1 , wherein receiving the encrypted master key at the device driver claim 1 , comprises receiving the encrypted master key at the device driver from the secure area of the storage device.5. The method of claim 1 , wherein the primary key is used by the device driver to determine whether a user is allowed to change the password.6. The method of claim 5 , wherein the primary key being used by the device driver to determine ...

Adaptive Intrusion Detection Based on Monitored Data Transfer Commands

Apparatus and method for data security using adaptive selection of intrusion traps in relation to workload. In some embodiments, a data storage device has a non-volatile memory (NVM). A device controller circuit services data transfer commands received from a host device to transfer data between the host device and the NVM. A security controller circuit monitors the received data transfer commands and enacts a change in security policy to implement one or more intrusion traps associated with the NVM in response to the received data transfer commands. The intrusion traps constitute memory locations that are configured to normally store user data, but are not normally accessed during the servicing of the currently received data transfer commands.

MEMORY CARD AND HOST DEVICE THEREOF

A memory card is attached to a host device, and includes a data control circuit which transfers data with respect to the host device in synchronism with a rise edge and a fall edge of a clock signal. 1a command line;a plurality of data lines;a clock line;a nonvolatile memory; anda controller coupled to the command line, the data lines and the clock line, wherein:the controller is configured to receive a clock signal through the clock line;the controller is configured to receive data and output a first response through the data lines, in accordance with either one of a rise edge and a fall edge of the clock signal, in a first transfer mode;the controller is configured to receive data and output a first response through the data lines, in accordance with both the rise edge and the fall edge of the clock signal, in a second transfer mode;the controller is configured to receive a first command and output a second response through the command line, in accordance with either one of the rise edge and the fall edge of the clock signal; andthe controller is configured to set the storage device into the second transfer mode in response to the first command.. A storage device comprising: This application is a continuation of and claims the benefit of priority under 35 U.S.C. § 120 from U.S. application Ser. No. 15/816,767 filed Nov. 17, 2017, which is a continuation of U.S. application Ser. No. 15/263,950 filed Sep. 13, 2016 (now U.S. Pat. No. 9,857,991 issued Jan. 2, 2018), which is a continuation of U.S. application Ser. No. 14/508,380 filed Oct. 7, 2014 (now U.S. Pat. No. 9,465,545 issued Oct. 11, 2016), which is a continuation of U.S. application Ser. No. 13/005,910 filed Jan. 13, 2011 (now U.S. Pat. No. 8,924,678 issued Dec. 30, 2014), which is a continuation of U.S. application Ser. No. 12/351,889 filed Jan. 12, 2009 (now U.S. Pat. No. 7,890,729 issued Feb. 15, 2011), which is a continuation of U.S. application Ser. No. 11/476,853 filed Jun. 29, 2006 (now U.S. Pat. No. 7 ...

FUNCTIONALLY EXPANDABLE VEHICLE CONTROL DEVICE AND METHOD FOR SUPPLEMENTING THE FUNCTIONALITY OF A VEHICLE CONTROL DEVICE

A vehicle control device for supplementing/changing the functionality of a vehicle control device. A vehicle control device is created having at least one processor, a memory coupled to the processor, a plurality of application modules, and at least one communication interface for interchanging data with other vehicle control devices or an external vehicle device. Also disclosed is a method for supplementing/changing the functionality of a vehicle control device. 1. A vehicle controller , comprising:at least one processor;a memory coupled to the processor, wherein the memory stores program codes from an operating system that are able to be executed on the processor;a plurality of application modules that provide functionalities of the vehicle controller; andat least one communication interface for data interchange with other vehicle controllers or with an external vehicle device,wherein the application modules each have the program and data memory areas of the memory that are needed for their respective execution statically associated with them, andwherein the operating system is designed to allow the individual application modules access to the processor at previously statically stipulated intervals of time for the purpose of executing their program code,wherein one of the plurality of application modules is in the form of an update module in order to use the at least one communication interface to receive program code from one or more augmenting modules and to store it in the memory in order to prompt an expansion and/or change in the functionality of the vehicle controller,wherein one of the plurality of application modules is in the form of a runtime environment module that provides a runtime environment in order to execute the program code of the one or more augmenting modules, andwherein the update module is designed to store the program code of the augmenting module(s) in the program memory associated with the runtime environment module, wherein the runtime ...

METHOD FOR PERFORMING ACCESS MANAGEMENT IN A MEMORY DEVICE, ASSOCIATED MEMORY DEVICE AND CONTROLLER THEREOF, AND ASSOCIATED ELECTRONIC DEVICE

A method for performing access management in a memory device, the associated memory device and the controller thereof, and the associated electronic device are provided. The method may include: receiving a host command and a logical address from a host device; performing a checking operation to obtain a checking result, for determining whether to load a logical-to-physical (L2P) table from the NV memory to a random access memory (RAM) of the memory device; reading the target data and associated metadata from the NV memory, wherein a latest version of the L2P table is available in the RAM when reading the target data from the NV memory is performed; and checking whether a recorded logical address within the metadata and the logical address received from the host device are equivalent to each other, to control whether to send the target data to the host device. 1. A method for performing access management in a memory device , the memory device comprising a non-volatile (NV) memory , the NV memory comprising at least one NV memory element , the method comprising:receiving a host command, as well as mapping information, index information and a logical address carried by the host command, from a host device, wherein the host command is a read command, the mapping information is related to mapping the logical address to a physical address of the NV memory, and a combination of the host command and the logical address is directed to a request of accessing target data corresponding to the logical address from the NV memory;performing a checking operation regarding correctness of the mapping information to obtain a checking result by comparing the index information with index information stored in a random access memory (RAM) of the memory device, wherein when the checking result is positive, confirming the mapping information stored in the RAM is a correct version, and when the checking result is negative, loading a logical-to-physical (L2P) table from the NV memory to the ...

System and method for memory access token reassignment

A network device is described. The network device includes a plurality of ingress interfaces, a plurality of memory units configured to store packets received at the plurality of ingress interfaces, a first pool of memory access tokens, and one or more integrated circuits that implement a memory controller. The memory access tokens correspond to respective memory units and are distinct within the first pool. The memory controller is configured to selectively assign at least one individual memory access token to the ingress interfaces to govern write access to the memory units. The ingress interfaces write packets to memory units identified by the corresponding assigned memory access tokens. The network controller is configured to reassign a first memory access token from a first ingress interface to a second ingress interface between consecutive write commands from the first ingress interface based on a write access scheme to access non-sequential memory units.

Dynamic Address Change Optimizations

Component circuitry for a replaceable printer component, including an address generator which selectively generates component addresses, wherein following an event, the component circuitry performs in succession a plurality of sets of operations, each set of operations including receiving an address change request from a master and changing the component address in response, a last one of the changed component addresses being available as the component address for the component circuitry in one or more subsequent communications with the master. 1an interface for coupling to a master; andan address generator, the address generator selectively generating component addresses, wherein following an event, the component circuitry performs in succession a plurality of sets of operations, each set of operations comprising receiving, by the interface, an address change request from the master and changing the component address in response, wherein the component circuitry uses a last one of the changed component addresses as the component address for one or more subsequent communications with the master, the event comprising at least one of the component circuitry being coupled to the master, the component circuitry initially receiving power and the component circuitry being reset.. Component circuitry, comprising: This application is related to U.S. patent application Ser. No. 12/474,052, filed on May 28, 2009, entitled, “Dynamic Address Change for Slave Devices on a Shared Bus,” and assigned to the assignee of the present application.Pursuant to 37 C.F.R. § 1.78, this application is a continuation application and claims the benefit of the earlier filing date of application Ser. No. 14/930,276, filed Nov. 2, 2015, entitled, “Dynamic Address Change Optimizations,” which itself is a continuation of application Ser. No. 14/456,012, filed Aug. 11, 2014, entitled, “Dynamic Address Change Optimizations,” which itself is a continuation of application Ser. No. 14/047,671, filed Oct. ...

METHOD FOR PERFORMING ACCESS MANAGEMENT IN A MEMORY DEVICE, ASSOCIATED MEMORY DEVICE AND CONTROLLER THEREOF, AND ASSOCIATED ELECTRONIC DEVICE

A method for performing access management in a memory device, the associated memory device and the controller thereof, and the associated electronic device are provided. The method may include: receiving a host command and a logical address from a host device; performing at least one checking operation to obtain at least one checking result, for determining whether to load a logical-to-physical (L2P) table from the NV memory to a random access memory (RAM) of the memory device, wherein the L2P table includes address mapping information for accessing the target data, and performing the at least one checking operation to obtain at least one checking result includes checking whether a first L2P-table index pointing toward the L2P table and a second L2P-table index sent from the host device are equivalent to each other; and reading the target data from the NV memory, and sending the target data to the host device. 1. A method for performing access management in a memory device , the memory device comprising a non-volatile (NV) memory , the NV memory comprising at least one NV memory element , the method comprising:receiving a host command, as well as a logical address carried by the host command, from a host device, wherein the host command is a read command, and a combination of the host command and the logical address is directed to a request of accessing target data corresponding to the logical address from the NV memory;with regard to the request of accessing the target data corresponding to the logical address from the NV memory, according to at least one checking result, determining whether to load a logical-to-physical (L2P) table from the NV memory to a random access memory (RAM) of the memory device, wherein the L2P table comprises address mapping information for accessing the target data, and the at least one checking result indicates whether a first L2P-table index pointing toward the L2P table and a second L2P-table index sent from the host device are ...

Hacking-Resistant Computer Design

A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition. 1. A computer system comprising: a first CPU, and', at least one memory address range for program code, wherein the program code comprises computer-executable code, and which is configured and protected from alteration by hardware circuitry;', 'at least one memory address range for other data, comprising data read from the second partition; and, 'a first memory module, comprising, 'wherein the first CPU is hardware-configured to execute only the computer-executable code in the memory address range for program code;, 'a first partition comprising a second CPU,', 'a second memory module, and', 'at least one communication module configured to couple to a network;, 'a second partition comprisingwherein the first CPU can access the second CPU and the second memory module; andwherein the second CPU is restricted from accessing the first CPU or the first memory module.2. The computer system of claim 1 , wherein the memory addressing structure comprises:a first memory unit for the at least one memory address range for program code; anda ...

AUTOMATED VERIFICATION CODE GENERATION BASED ON A HARDWARE DESIGN AND DESIGN DATA

A method for performing verification and testing of a device under test (DUT) is described. The method includes receiving, by a processing device, inputs from a user regarding a hardware design for the DUT. The processing device presents cover group attribute suggestions to the user based on the hardware design and receives cover group information from the user corresponding to one or more cover group attributes of one or more cover groups based on the cover group attribute suggestions. Based on the cover group information, the processing device automatically generates verification code, including one or more cover group definitions. 1. A method comprising:receiving, by a processing device, inputs from a user regarding a hardware design for a device under test (DUT);presenting, by the processing device, cover group attribute suggestions to the user based on the hardware design;receiving, by the processing device, cover group information from the user corresponding to one or more cover group attributes of one or more cover groups based on the cover group attribute suggestions; andgenerating automatically, by the processing device, verification code, including one or more cover group definitions, based on the cover group information.2. The method of claim 1 , further comprising:receiving, by the processing device, inputs from the user regarding a verification plan for the DUT; andmapping, by the processing device, each of the one or more cover groups to items of the verification plan.3. The method of claim 2 , further comprising:receiving, by the processing device, inputs from the user regarding development/design data for the DUT,wherein items from the verification plan are mapped to portions of the development/design data.4. The method of claim 3 , further comprising:receiving, by the processing device, verification/testing results corresponding to the hardware design and the one or more cover groups; andmapping, by the processing device, portions of the ...

MEMORY SYSTEM

According to one embodiment, there is provided a memory system including a nonvolatile semiconductor memory, a bus, and a controller. The nonvolatile semiconductor memory includes a first chip and a second chip. The bus is connected to the first chip and the second chip in common. The controller issues a first command to the first chip via the bus. The controller queues a second command whose access destination is identified to be the first chip at a first timing while the first chip is executing the first command. The controller issues to the second chip a third command whose access destination is identified to be the second chip after the first timing, via the bus in priority over the second command, while the first chip is executing the first command or after the execution of the first command finishes. 1. A memory system comprising:a nonvolatile semiconductor memory including a first chip and a second chip;a bus connected to the first chip and the second chip in common; anda controller that issues a first command to the first chip via the bus, the controller queuing a second command whose access destination is identified to be the first chip at a first timing while the first chip is executing the first command, the controller issuing to the second chip a third command whose access destination is identified to be the second chip after the first timing, via the bus in priority over the second command, while the first chip is executing the first command or after the execution of the first command finishes.2. The memory system according to claim 1 , whereinthe controller has a host interface and a processor,wherein the first command includes multiple subcommands which a first request received by the host interface is divided by the processor to create,wherein the second command includes multiple subcommands which a second request received by the host interface after the first request is divided by the processor to create, andwherein the third command includes the ...

SECURITY MODE DATA PROTECTION

In one embodiment, a device containing sensitive information may be placed in a data security mode. In such a data security mode, certain activities may trigger the partial or full erasure of the sensitive date before the data can be retrieved by an unauthorized user. In one embodiment, the data security mode may be a “park” mode in which unauthorized physical movement of the device triggers the partial or full erasure of the sensitive data stored in a nonvolatile memory before the data can be retrieved by an unauthorized user. In another aspect of the present description, the earth's magnetic field may be used to detect movement of a device in the park mode, and may be used to power the erasure of sensitive data as the device is moved relative to the earth's magnetic field. Other aspects are described herein. 1. An apparatus , comprising:a memory configured to store sensitive information in at least a portion of the memory;a detector configured to detect a security event;a selector input configured to input a security mode selection; anda controller coupled to the detector, memory and selector input, said controller configured to receive a security mode selection, and to protect sensitive information stored as data in the at least a portion of the memory, including said controller configured to:place the apparatus carrying the memory in a security mode in response to a received security mode selection; andin response to said detector detecting a first security event while the controller is in the security mode, change bits of said data of said sensitive information to prevent recovery of at least a portion of said sensitive information by reading said portion of said memory.2. The apparatus of wherein said detector is a motion detector configured to detect motion of the apparatus wherein said detecting a first security event includes detecting motion of the apparatus carrying said nonvolatile memory.3. The apparatus of wherein the motion detector includes a coil ...

Semiconductor device, security process execution device, and security process execution method

It is possible to prevent a central processing unit and a security processing unit from accessing of a non-volatile memory at the same time. A data flash 13 includes a secure area 31 and a user area 32. In the secure area 31, a plurality of pieces of security information used in a security process is stored. A security IP 12 reads out a portion of the plurality of pieces of security information from the secure area 31 and stores it in the secure RAM 22. When the security information to be used in the security process is stored in the secure RAM, the security IP 12 reads out the security information from the secure RAM 22 and uses it.

SECURE MEMORY ACCESS USING MEMORY READ RESTRICTION

An apparatus includes a memory, an interface and read restriction logic. The read restriction logic is configured to receive via the interface a request to read a data value from a specified address of the memory, to retrieve the data value from the specified address, to check, upon finding that the specified address falls in an address range that is predefined as restricted, whether the retrieved data value belongs to a predefined set of permitted data values, to respond to the request with the retrieved data value when the retrieved data value belongs to the set of permitted data values, and, otherwise, when the retrieved data value does not belong to the set of permitted data values, to respond to the request with a dummy data value. 1. An apparatus , comprising:a memory;an interface; receive via the interface a request to read a data value from a specified address of the memory;', 'retrieve the data value from the specified address;', 'upon finding that the specified address falls in an address range that is predefined as restricted, check whether the retrieved data value belongs to a predefined set of permitted data values;', 'when the retrieved data value belongs to the set of permitted data values, respond to the request with the retrieved data value; and', 'otherwise, when the retrieved data value does not belong to the set of permitted data values, respond to the request with a dummy data value; and, 'read restriction logic, which is configured to run a first software process;', 'permit the first software process to read any data value from the address range predefined as restricted; and', 'permit a second software process, which runs in the processor after the first software process, to read the data values from the address range predefined as restricted only if the read data values belong to the set of permitted data values., 'a controller configured to2. (canceled)3. An apparatus , comprising:a memory;an interface; and receive via the interface a request ...

Electronic control apparatus

An electronic control apparatus is communicable with an external device through a communication line and receives a communication request. The electronic control apparatus includes: control portions; resources that individually correspond to each of the control portions; linking information that links the resources individually corresponding to each of the control portions with respect to the control portions without individually overlapping; a communication propriety determination portion that determines a communication propriety with the external device; and a communication portion that responds to the communication request and communicates with the external device. The communication propriety determination portion determines that the communication is permitted when the resource information indicates the resource linked with the corresponding control portion; and determines that the communication is not permitted when the resource information does not indicate the resource linked with the corresponding control portion.

Mitigation of Malicious Operations with Respect to Storage Structures

An exemplary method includes a monitoring system detecting that a storage system receives a request to perform an operation that affects a capacity of a storage structure within the storage system, identifying an attribute of at least one of the request and the storage system, determining, based on the attribute, that the request is indicative of a malicious action, and performing, in response to the determining that the request is indicative of the malicious action, a remedial action with respect to the requested operation.

REORGANIZATION OF VIRTUALIZED COMPUTER PROGRAMS

In an embodiment, a data processing method comprises detecting that a computer is loading a dynamic loader in a user space, the dynamic loader intending to load computer program code; allowing loading the dynamic loader into memory and then suspending operation of the dynamic loader; reorganizing the computer program code into reorganized code by re-ordering a plurality of code segments into a new order that is potentially different than an original order of the plurality of code segments; modifying the dynamic loader in memory to redirect one or more system or library call instructions of the dynamic loader to cause referencing the reorganized code; updating a binary header of the reorganized code to reflect the new order; allowing the dynamic loader to load the reorganized code based on the binary header after the updating. 1. A computer-implemented method comprising:detecting that a computer is loading a dynamic loader in a user space, wherein the dynamic loader is configured to load computer program code;allowing loading the dynamic loader into memory and then suspending operation of the dynamic loader;reorganizing the computer program code into reorganized code by re-ordering a plurality of code segments into a new order that is different than an original order of the plurality of code segments;modifying the dynamic loader in memory to redirect one or more system or library call instructions of the dynamic loader to cause referencing the reorganized code;updating a binary header of the reorganized code to reflect the new order;after the updating, allowing the dynamic loader to load the reorganized code based on the binary header;wherein the method is performed by one or more computing devices.2. The method of claim 1 , wherein the modifying comprises modifying one or more file OPEN calls to redirect the dynamic loader to a different file that contains the reorganized code.3. The method of claim 1 , wherein the modifying comprises:creating and storing a private ...

APPARATUS AND METHOD OF DETECTING POTENTIAL SECURITY VIOLATIONS OF DIRECT ACCESS NON-VOLATILE MEMORY DEVICE

An apparatus and method of providing direct access to a non-volatile memory of a non-volatile memory device and detecting potential security violations are provided. A method for providing access to a non-volatile memory of a non-volatile memory device may include tracking a parameter related to a plurality of direct access transactions of the non-volatile memory. A threshold behavior pattern of the host activity may be determined based upon the tracked parameters. The direct access transactions may be reviewed to determine whether the threshold behavior pattern is exceeded. 1. A method for providing access to a non-volatile memory of a non-volatile memory device , comprising:tracking a parameter related to a plurality of direct access transactions of the non-volatile memory;determining a threshold behavior pattern based upon the tracked parameter; anddetermining whether the threshold behavior pattern has been exceeded by one of the direct access transactions.2. The method of claim 1 , wherein the threshold behavior pattern is determined through online tracking of a rate of change of the tracked parameter.3. The method of claim 1 , wherein the threshold behavior pattern is determined through offline generation of a lookup table.4. The method claim 1 , wherein the threshold behavior pattern is set by a user mode page.5. The method of claim 1 , wherein the threshold behavior pattern is determined by analyzing contents of an accessed data from the direct access transaction.6. The method of claim 1 , wherein the parameter is selected from a group consisting of LBA addresses accessed claim 1 , timing of direct access transactions claim 1 , transaction sizes of the direct access transactions claim 1 , sources of a direct access transaction claim 1 , and types of access requested in the plurality of direction access transactions.7. The method of claim 1 , wherein a plurality of parameters are tracked for each direct access transaction of the plurality of direction access ...

READER-WRITER LOCK

A method and system for implementing a reader-writer lock having a write lock requested by a thread is disclosed. The reader-writer lock is structured to have counters and a flag. The counters use an atomic process to count read locks held or outstanding read lock requests. The flag identifies a counter and is configured to distinguish between counters. A read lock is prepared, acquired, and released. The atomic process is used and the flag or flagged counter is polled. A write lock is prepared, acquired, and released. 1. A method for implementing a reader-writer lock having a write lock requested by a thread , the method comprising: a first counter configured to count, using an atomic process to increment the first counter in response to a first bit of the first counter being enabled, a number of read locks held, wherein the first bit is initially set to be enabled;', 'a second counter configured to count, using the atomic process to increment the second counter in response to a second bit of the second counter being enabled, a number of outstanding read lock requests, wherein the second bit is initially set to be disabled; and', 'a flag, identifying either the first counter or the second counter but not both, configured to discern the first counter from the second counter, wherein the flag is initially set to identify the first counter;, 'structuring the reader-writer lock to havepreparing, using the atomic process in association with at least one counter of the first and second counters, a read lock associated with a flagged counter of the first and second counters;acquiring, by polling the flag to identify the flagged counter of the first and second counters, the read lock;releasing, using the flagged counter to decrement a value of the flagged counter, the read lock;preparing, by disabling the flagged counter and enabling an unflagged counter of the first and second counters, a write lock;acquiring, by polling the flagged counter until the value of the flagged ...

METHOD FOR THE COEXISTENCE OF SOFTWARE HAVING DIFFERENT SAFETY LEVELS IN A MULTICORE PROCESSOR SYSTEM

A method for the coexistence of software having different safety levels in a multicore processor which has at least two processor cores (). A memory range () is associated with each processor core () and a plurality of software (SW SW) is processed on one of the processor cores () having a predefined safety level. The plurality of software (SW SW) is processed having a predefined safety level only on the processor core () with which the same safety level is associated, in which during the processing of the plurality of software (SW SW), the processor core () accesses only the protected memory range () which is permanently associated with this processor core (). 12342122321443781911154. A method for the coexistence of software having different safety levels in a multicore processor which includes at least two processor cores ( , ) , wherein a memory range () is associated with a processor core () and a plurality of software parts (SW , SW) , each having one predefined safety level , are processed each on one of the processor cores ( , ) , characterized in that the processor core () processing a first software part (SW) , with which the protected memory range () is associated , accesses this range () , wherein an access of at least one of the additional processor cores ( , , ) of the multicore processor ( , , , ) to this associated protected memory range () is prevented.262345452345. The method according to claim 1 , characterized in that a memory protection device () configured between the processor cores ( claim 1 , ) and the memory ranges ( claim 1 , ) allows access to the memory range ( claim 1 , ) only to the processor core ( claim 1 , ) which is associated with the protected memory range ( claim 1 , ).3623456. The method according to claim 2 , characterized in that the two-stage memory protection device () makes possible an access by a processor core ( claim 2 , ) to the respective protected memory range ( claim 2 , ) via a hierarchical layer formed in the ...

ETHERNET-ATTACHED SSD FOR AUTOMOTIVE APPLICATIONS

A data storage device includes: a housing integrating a control logic, a data protection logic, and a non-volatile storage; and a network interface connector integrated to the housing and is configured to be directly inserted into a network switch. The control logic is configured to store a vehicle data including a video stream in the non-volatile storage. The video stream is received from a video camera that is connected to the network switch. The data protection logic is configured to detect a vehicle event and change an operating mode of the data storage device to a read-only mode prohibiting the vehicle data stored in the non-volatile storage from being erased or tampered. 1. A data storage device comprising:a control logic, a data protection logic, and a non-volatile storage; anda network interface connector configured to be connected to a network switch,wherein the data storage device is accessible using a network address,wherein the control logic is configured to store a data in the non-volatile storage,wherein the data is received from one or more sensors that are connected to the network switch, andwherein the data protection logic is configured to detect an event based on the data received from the one or more sensors and change an operating mode of the data storage device to a read-only mode based on detection of the event.2. The data storage device of claim 1 , wherein the event is a vehicle event including one or more of an airbag deployment claim 1 , a sensor trigger claim 1 , a power loss due to water submersion claim 1 , and a fire due to a crash.3. The data storage device of claim 1 , wherein the control logic stores the data in the data storage device for a predetermined period of time after the event.4. The data storage device of claim 1 , wherein the network interface connector has a small form-factor pluggable (SFP) claim 1 , quad small form-factor pluggable (QSFP) claim 1 , or modular connector form factor.5. The data storage device of claim 1 ...

METHOD, APPARATUS, AND SYSTEM FOR DYNAMIC MANAGEMENT OF INTEGRITY-PROTECTED MEMORY

In certain aspects of the disclosure, an apparatus, comprises a first memory having a plurality of bits. Each bit of the plurality of bits of the first memory is associated with a region of a second memory, and each bit indicates whether the associated region of the second memory is to be integrity-protected. The first memory further stores a first minimum set of data necessary for integrity protection (MSD) of an associated first integrity protection tree when a first bit of the plurality of bits is set to a value indicating that the first associated region of the second memory is to be integrity-protected. Regions of the second memory that are integrity-protected may be non-contiguous, and may be adjusted during run-time. 1. An apparatus , comprising:a first memory comprising a plurality of bits, each bit of the plurality of bits of the first memory associated with a region of a second memory, and each bit indicating whether the associated region of the second memory is to be integrity-protected.2. The apparatus of claim 1 , wherein a first bit of the plurality of bits of the first memory is associated with a first region of the second memory claim 1 , wherein a second bit of the plurality of bits of the first memory is associated with a second region of the second memory claim 1 , and wherein the first region of the second memory and the second region of the second memory are non-contiguous.3. The apparatus of claim 1 , wherein the first memory is an on-die memory.4. The apparatus of claim 1 , wherein the first memory is configured to store a first minimum set of data necessary for integrity protection (MSD) of an associated first integrity protection tree when a first bit of the plurality of bits is set to a value indicating that a first associated region of the second memory is to be integrity-protected.5. The apparatus of claim 4 , wherein the second memory is an off-die memory.6. The apparatus of claim 5 , wherein the first associated region of the second ...

Continuous Memory Tamper Detection Through System Management Mode Integrity Verification

An information handling system includes a plurality of memory locations, an embedded controller, and a basic input/output system (BIOS). The embedded controller provides an interrupt signal at random intervals. The BIOS is in communication with the embedded controller, and receives data associated with the plurality of memory locations including a first memory location. In response to the interrupt signals, the BIOS performs data integrity verification of the first memory location based on the data associated with the plurality of memory locations. 1. An information handling system comprising:a plurality of memory locations;an embedded controller configured to provide an interrupt signal at random intervals; anda basic input/output system (BIOS) in communication with the embedded controller, the BIOS to receive data associated with the plurality of memory locations including a first memory location, and in response to the interrupt signals, to perform data integrity verification on the first memory location based on the data associated with the memory locations.2. The information handling system of claim 1 , wherein claim 1 , while the data integrity verification is performed claim 1 , the BIOS is configured to read data stored at the first memory location claim 1 , to produce a hash of the data at the first memory location claim 1 , and to compare the produced hash with a stored hash for the first memory location.3. The information handling system of claim 2 , wherein the data integrity verification fails in response to the produced hash not being the same as the stored hash for the first memory location.4. The information handling system of claim 3 , wherein the BIOS is further configured to produce an entry in an error log in response to the data integrity verification of the first memory location failing.5. The information handling system of claim 1 , wherein the data includes a hash of each of the specific memory locations claim 1 , policy data for the data ...

MEMORY CARD AND HOST DEVICE THEREOF

A memory card is attached to a host device, and includes a data control circuit which transfers data with respect to the host device in synchronism with a rise edge and a fall edge of a clock signal. 1. (canceled)2. A method of controlling a storage device including a command terminal; a plurality of data terminals; a clock terminal; a power terminal for a power supply voltage; a ground terminal for a ground voltage; and a nonvolatile memory ,the method comprising:receiving a clock signal through the clock terminal from an outside of the storage device;latching data received through at least one of the data terminals from the outside of the storage device, in accordance with only one of a rising edge and a falling edge of the clock signal, in a first transfer mode;latching data received through at least one of the data terminals from the outside of the storage device, in accordance with both the rising edge and the falling edge of the clock signal, in a second transfer mode;receiving a first command of a check function whose mode bit being a first value through the command terminal;outputting first status data that includes information indicating that the storage device supports the second transfer mode, through one of the data terminals to the outside of the storage device, in response to the first command of the check function whose the mode bit being the first value;receiving a first command of a set function whose the mode bit being a second value through the command terminal from the outside of the storage device;setting the storage device into the second transfer mode in response to the first command of the set function whose the mode bit being the second value; andswitching the check function and the set function in response to the first value and the second value of the mode bit in the first command.3. The method according to claim 2 , wherein the first value and the second value of the mode bit in the first command respectively determines the check function ...

MULTIPLE MEMORY TYPE MEMORY MODULE SYSTEMS AND METHODS

The present disclosure provides methods, apparatuses, and systems for implementing and operating a memory module, for example, in a computing device that includes a network interface, which is coupled to a network to enable communication with a client device, and processing circuitry, which is coupled to the network interface via a data bus and programmed to perform operations based on user inputs received from the client device. The memory module includes memory devices, which may be non-volatile memory or volatile memory, and a memory controller coupled between the data bus and the of memory devices. The memory controller may be programmed to determine when the processing circuitry is expected to request a data block and control data storage in the memory devices. 1. An apparatus , comprising:a memory module comprising a plurality of memory devices that includes at least a plurality of non-volatile memory devices and a plurality of volatile memory devices; and predict whether a first data block will be requested by processing circuitry within a duration threshold, wherein the first data block comprises instructions executable by the processing circuitry to provide a first virtual machine;', 'transfer the first data block from the plurality of non-volatile memory devices to the plurality of volatile memory devices when the first data block is stored in the plurality of non-volatile memory devices and when the first data block is predicted to be requested within the duration threshold; and', 'bypass buffer memory implemented in the memory controller when the first data block is actually requested by the processing circuitry within the duration threshold to enable the memory module to output the first data block directly from the plurality of volatile memory devices., 'a memory controller communicatively coupled to the memory module, wherein the memory controller is configured to2. The apparatus of claim 1 , wherein the prediction of whether the first data block will ...

MULTIPLE MEMORY TYPE MEMORY MODULE SYSTEMS AND METHODS

The present disclosure provides methods, apparatuses, and systems for implementing and operating a memory module, for example, in a computing device that includes a network interface, which is coupled to a network to enable communication with a client device, and processing circuitry, which is coupled to the network interface via a data bus and programmed to perform operations based on user inputs received from the client device. The memory module includes memory devices, which may be non-volatile memory or volatile memory, and a memory controller coupled between the data bus and the of memory devices. The memory controller may be programmed to determine when the processing circuitry is expected to request a data block and control data storage in the memory devices. 1. An apparatus comprising:a memory sub-system; perform a first operation based at least in part on a first data block stored in the memory sub-system; and', 'perform a second operation after the first operation based at least in part on a second data block stored in the memory sub-system; and, 'processing circuitry configured to receive the first data block from the memory sub-system in response to a first memory access request targeting the first data block; and', 'receive the second data block from the memory sub-system along with the first data block in response to the first memory access request identifying the first data block when the processing circuitry is expected to target the second data block less than a duration threshold after the first data block., 'a bus interface communicatively coupled to the processing circuitry, wherein the bus interface is configured to be communicatively coupled to the memory sub-system via a data bus to enable the processing circuitry to2. The apparatus of claim 1 , wherein:the bus interface is configured to output the first memory access request identifying the first data block to the memory sub-system via the data bus; and output a second memory access request ...

INTERRUPTIBLE STORE EXCLUSIVE

In one example, there is disclosed herein a processor configured for interruptible atomic exclusive memory operations. For example, a load exclusive (LDEX) may be followed by a store exclusive (STREX), with the two together forming an atom. To facilitate timely handling of interrupts, the STREX operation is split into two parts. The STREX_INIT is not interruptible but has a determinate execution time because it takes a fixed number of clock cycles. The STREX_INIT sends the value out to the memory bus. It is followed by a STREX_SYNC operation that polls a flag for whether a return value is available. STREX_SYNC is interruptible, and methods are disclosed for determining whether, upon return from an interrupt, atomicity of the operation has been broken. If atomicity is broken, the instruction fails, while if atomicity is preserved, the instruction completes. 1. A system on a chip comprising:a memory;a memory bus communicatively coupled to the memory; and a store exclusive initialize (STREX_INIT) instruction, the STREX_INIT instruction operable to initiate an exclusive store transaction to a location in the memory;', 'a store exclusive synchronize (STREX_SYNC) instruction, the STREX_SYNC instruction operable to monitor an XWAVAIL indicator, the XWAVAIL indicator operable to indicate that an XWRESULT response to the STREX_INIT primitive is available, the XWRESULT response operable to indicate whether the exclusive store transaction to the location in memory was successful., 'a processor communicatively coupled to the memory via the memory bus, the processor including circuitry for providing store exclusive functionality comprising2. The system on a chip of claim 1 , wherein the memory has stored therein an operating system claim 1 , including instructions to provide semaphore handling via the store exclusive functionality.3. The system on a chip of claim 1 , wherein the memory has stored therein an operating system claim 1 , including instructions to perform an ...

Method of operating storage device including nonvolatile memory and memory controller

Provided is a method for operating a storage device including a nonvolatile memory and a memory controller controlling the nonvolatile memory. The method include receiving a kill request by the memory controller, performing authentication based on the received kill request by the memory controller, and entering a locked state, by the memory controller, according to the kill request when the authentication is successfully performed. In the locked state, the memory controller denies a request for access to a selected area of the nonvolatile memory.

NON-VOLATILE MEMORY DEVICE WITH REDUCED AREA

A memory device includes a substrate, a semiconductor fin over the substrate and extending in a first direction, and a first gate electrode and a second gate electrode over the substrate and extending in a second direction. The semiconductor fin extends through the second gate electrode and terminates on the first gate electrode at one end. The memory device further includes a first conductive via over and electrically coupled to the first gate electrode. The one end of the semiconductor fin is surrounded by the first gate electrode. 1. A memory device , comprising:a substrate;a semiconductor fin over the substrate and extending in a first direction;a first gate electrode and a second gate electrode over the substrate and extending in a second direction, the semiconductor fin extending through the second gate electrode and terminating on the first gate electrode at one end; anda first conductive via over and electrically coupled to the first gate electrode,wherein the one end of the semiconductor fin is surrounded by the first gate electrode.2. The memory device of claim 1 , further comprising a second conductive via electrically coupled to the second gate electrode.3. The memory device of claim 1 , further comprising a dielectric layer between the first gate electrode and the semiconductor fin claim 1 , wherein the first conductive via is operable to receive a first voltage to cause an electrical breakdown of the dielectric layer.4. The memory device of claim 3 , wherein the dielectric layer covers a lateral sidewall of the semiconductor fin claim 3 , wherein the lateral sidewall extends in the second direction.5. The memory device of claim 1 , further comprising an isolation region over the substrate and defining the semiconductor fin claim 1 , the isolation region extending below the first gate electrode.6. The memory device of claim 1 , further comprising an inter-layer dielectric (ILD) layer over the substrate and covering an entirety of a sidewall of the first ...

PIPELINE CONFIGURATION PROTOCOL AND CONFIGURATION UNIT COMMUNICATION

The present invention includes an integrated module including a plurality of data processing units including a memory device having processing instruction data stored therein. The processing instruction data including subconfiguration data for at least one of the data processing units, the subconfiguration data including a plurality of blocks. The integrated module further includes a barrier disposed between a first block and a second block of the plurality of blocks. Wherein, the data processing units process the processing instruction data from the memory device such that the barrier provides for the data processing units to observe a configuration sequence of the subconfiguration data. 13-. (canceled)4. An integrated module including a plurality of data processing units comprising:a memory device having processing instruction data stored therein, the processing instruction data including subconfiguration data for at least one of the data processing units, the subconfiguration data including a plurality of blocks; anda barrier disposed between a first block and a second block of the plurality of blocks;wherein the data processing units process the processing instruction data from the memory device such that the barrier provides for the data processing units to observe a configuration sequence of the subconfiguration data.5. The integrated module of claim 4 , wherein the barrier is a token.6. The integrated module of claim 5 , the token providing for the token to be skipped by the data processing units only if a subconfiguration has been rejected.7. The integrated module of further comprising:at least one configuration unit having a plurality of configuration words stored therein, the subconfiguration including a plurality of configuration words.8. The integrated module of claim 7 , wherein the data processing unit is configurable in response to at least one of the configuration words.9. The integrated module of claim 4 , further comprising:a plurality of ...

MEMORY MODULE, OPERATION METHOD THEROF, AND OPERATION METHOD OF HOST

A memory module includes a random access memory (RAM) device that includes a first storage region and a second storage region, a nonvolatile memory device, and a controller that controls the RAM device or the nonvolatile memory device under control of a host. The controller includes a data buffer that temporarily stores first data received from the host, and a buffer returning unit that transmits first release information to the host when the first data are moved from the data buffer to the first storage region or the second storage region of the RAM device and transmits second release information to the host when the first data are moved from the second storage region to the nonvolatile memory device. 1. A memory module comprising:a random access memory (RAM) device comprising a first storage region and a second storage region;a nonvolatile memory device; anda controller configured to control the RAM device and/or the nonvolatile memory device based on communication from a host,wherein the controller comprises:a data buffer configured to temporarily store first data received from the host; anda buffer returning unit configured to transmit first release information to the host when the first data are moved from the data buffer to the first storage region and/or to the second storage region of the RAM device and configured to transmit second release information to the host when the first data are moved from the second storage region to the nonvolatile memory device.2. The memory module of claim 1 , further comprising:an auxiliary power device configured to supply an auxiliary power to the second storage region,wherein the second storage region is physically separated from the first storage region.3. The memory module of claim 1 ,wherein the data buffer comprises a plurality of first unit buffers,wherein the second storage region of the RAM device comprises a plurality of second unit buffers, andwherein the first data are temporarily stored in one of the plurality of ...

STORAGE DEVICE AND METHOD OF OPERATING THE SAME

Provided herein may be a storage device and a method of operating the same. The method of operating a storage device including a replay protected memory block (RPMB) may include receiving a write request for the RPMB from an external host, selectively storing data in the RPMB based on an authentication operation, receiving a read request from the external host, and providing result data to the external host in response to the read request, wherein the read request includes a message indicating that a read command to be subsequently received from the external host is a command related to the result data. 1. A method of operating a storage device including a replay protected memory block (RPMB) , the method comprising:receiving a write request for the RPMB from an external host;selectively storing data in the RPMB based on an authentication operation;receiving a read request from the external host; andproviding result data to the external host in response to the read request,wherein the read request includes a message indicating that a read command to be subsequently received from the external host is a command related to the result data.2. The method according to claim 1 , wherein the RPMB is an area claim 1 , accessed by an authentication key claim 1 , in a memory area of a memory device of the storage device.3. The method according to claim 2 , wherein the authentication key is stored in a one-time programmable (OTP) register of the memory area.4. The method according to claim 1 , wherein receiving the write request comprises:receiving, from the external host, a block count set command for setting a number of data blocks to be stored in the RPMB;receiving, from the external host, a multi-block write command for blocks that are set in response to the block count set command; andreceiving write data that includes a message indicating that the multi-block write command is a write request for the RPMB.5. The method according to claim 4 , where selectively storing the ...

MEMORY DATA SECURITY

A memory module secures data stored on the memory module. A request for the data from a computer system is received by the memory module. A verification key from the computer system is also received by the memory module. A reference key is retrieved by the memory module, the reference key is stored on the memory module. A comparison status is generated by the memory module by comparing the verification key with the reference key. A response is sent to the computer by the memory module that is dependent upon the comparison status. 1. A method for securing data on at least one memory chip of a memory module , the method comprising:receiving, by the memory module, a request for the data from a computer system;receiving, by the memory module, a verification key from the computer system;retrieving, by the memory module, a reference key, the reference key stored on the memory module;generating, by the memory module, a comparison status in response to comparing the verification key with the reference key; andsending, by the memory module, a response to the computer system in response to the comparison status.2. The method of claim 1 , wherein the response is the data from the at least one memory chip and the comparison status is that the verification key and the reference key match.3. The method of claim 1 , wherein the response is false data and the comparison status is that the verification key and the reference key do not match.4. The method of claim 3 , wherein the false data is selected from the group consisting of all zeros claim 3 , all ones claim 3 , random characters claim 3 , and nothing.5. The method of claim 1 , wherein the response is the serial number of the memory module and the comparison status is that the verification key and the reference key match.6. The method of claim 1 , wherein the response is the status of the memory module and the comparison status is that the verification key and the reference key match.7. The method of claim 1 , wherein the ...

MEMORY DATA SECURITY

A memory module secures data stored on the memory module. A request for the data from a computer system is received by the memory module. A verification key from the computer system is also received by the memory module. A reference key is retrieved by the memory module, the reference key is stored on the memory module. A comparison status is generated by the memory module by comparing the verification key with the reference key. A response is sent to the computer by the memory module that is dependent upon the comparison status. 1receiving, by the memory module, a request for the data from a computer system;receiving, by the memory module, a verification key from the computer system;retrieving, by the memory module, a reference key, the reference key stored on the memory module;generating, by the memory module, a first set of one or more voltages based on the verification key;generating, by the memory module, a second set of one or more voltages based on the reference key;comparing, by the memory module, the first set of voltages to the second set of voltages;determining, by the memory module and based on the comparison of the first set of voltages and the second set of voltages, the verification key does not match the reference key;sending, by the memory module and based on the determined non-match between the verification key and the reference key, a response to the request, wherein the response contains random characters, the response also contains date of manufacture of the memory module, and the response also contains the serial number of the memory module;receiving, by the memory module, a second request for the data from the computer system;receiving, by the memory module, a second verification key from the computer system;retrieving, a second time and by the memory module, the reference key;generating, by the memory module, a third set of one or more voltages based on the second verification key;generating, a second time and by the memory module, the second ...

KERNEL TRANSITIONING IN A PROTECTED KERNEL ENVIRONMENT

Methods, systems, and computer program products are included for providing one or more additional kernels kernel in a protected kernel environment. A method includes providing, by a hypervisor, a virtual machine that includes a first kernel. A first portion of memory of the virtual machine is allocated for the first kernel and a second portion of memory of the virtual machine is allocated for a second kernel. The virtual machine executes the first kernel. The hypervisor disables access privileges corresponding to the second portion of memory. Execution is transitioned from the first kernel to the second kernel by clearing memory corresponding to the first kernel, enabling access privileges corresponding to the second portion of the memory, and executing the second kernel on the virtual machine. 1. A method for providing multiple kernels in a protected kernel environment , the method comprising:providing, by a hypervisor, a virtual machine that includes a first kernel;allocating a first portion of memory for the first kernel and a second portion of memory for a second kernel;executing the first kernel that is stored in the first portion of memory;disabling, by the hypervisor, access privileges corresponding to the second portion of memory; and clearing, by the hypervisor, at least some of the first portion of memory;', 'enabling, by the hypervisor, access privileges corresponding to the second portion of the memory; and', 'after the enabling, executing the second kernel on the virtual machine., 'transitioning from executing the first kernel to executing the second kernel, the transitioning comprising2. The method of claim 1 , further comprising:prior to the disabling, providing the hypervisor with a memory range corresponding to the second portion of the memory.3. The method of claim 1 , wherein the disabling access privileges comprises modifying one or more host page table entries to indicate that memory pages corresponding to the second portion of memory are non- ...

CHIP VERIFICATION

There is described a chip comprising a one-time programmable (OTP) memory programmable to store chip configuration data, and a verification module operable to access the OTP memory. The verification module is operable to receive a verification request relating to a specified portion of the OTP memory, the verification request comprising mask data defining the specified portion of the OTP memory. In response to the verification request, the verification module is operable to use the mask data and the OTP memory to generate verification data relating to the specified portion of the OTP memory, the verification data further being generated based on a secret key of the chip. 1. A chip comprising:a one-time programmable (OTP) memory programmable to store chip configuration data; anda verification module operable to access the OTP memory;wherein the verification module is operable to receive a verification request relating to a specified portion of the OTP memory, the verification request comprising mask data defining the specified portion of the OTP memory; andwherein, in response to the verification request, the verification module is operable to use the mask data and the OTP memory to generate verification data relating to the specified portion of the OTP memory, the verification data further being generated based on a secret key of the chip.2. The chip of further comprising a plurality of functional modules claim 1 , wherein the chip configuration data is operable to selectively enable or disable each of the plurality of functional modules.3. The chip of wherein the OTP memory comprises a bit array (B) and the mask data comprises a bit mask (M) defining a specified portion of the bit array.4. The chip of wherein the verification request further comprises a nonce claim 1 , and the verification data is further generated based on the nonce.5. The chip of wherein the verification module is operable to generate the verification data using a keyed cryptographic hash ...

Two-Step Authentication And Activation of Quad Small Form Factor Pluggable (QFSP+) Transceivers

A method and apparatus for providing a two-step authentication and activation process for QSFP+ transceivers is presented. A first hashed password is generated using a first encoding library, the first hashed password used for validating a component, the component having a memory, the memory having a protected part and an unprotected part. A first hidden hash string is generated using the first encoding library, the first hidden hash string used for validating the component. The first hashed password is used to program the first hashed password into a protected part of the component and to write the first hidden hash string into the protected part of the component, which are later verified when the component is integrated into the system. The component is only useable if the verification is successful. 1. A computer-implemented method comprising:generating a first hashed password using a first encoding library, said first hashed password used for validating a component, said component having a memory, said memory having a protected part and an unprotected part;generating a first hidden hash string using said first encoding library, said first hidden hash string used for validating said component;using said first hashed password to unlock said protected part of said component and write said first hashed password into said protected part of said component; andusing said first hashed password to unlock said protected part of said component and write said first hidden hash string into said protected part of said component.2. The method of further comprising validating said component claim 1 , said validating comprising:using said first hashed password to unlock and read a portion of said protected part of said component; andcomparing said first hidden hash sting from said protected memory with said first hash string generated using said first encoding library.3. The method of wherein said first hashed password and said first hash string are unique for every component.4. ...

Hardware-assisted in-memory healing

A method for use in a computing system, comprising: storing, in a random-access memory, a working copy of a data item, the working copy of the data item being stored in the random-access memory by a first processor; registering, with a second processor, a respective address in the random-access memory where the working copy of the data item is stored; and correcting, by the second processor, any modifications to the working copy of the data item that are made after the working copy of the data item is stored in the random-access memory, the modifications being corrected in parallel with the first processor executing software based on the working copy of the data item.

INFORMATION PROCESSING DEVICE AND SHARED MEMORY MANAGEMENT METHOD

An access blocking unit blocks an access to a failed segment by using tokens in hardware and a replacing unit performs a process for replacing the failed segment with a replacement segment. For each segment of a shared memory, an application recognizing unit recognizes the node numbers of nodes that are given access permission and PIDs of applications and records them in the management table. When a failure occurs in the shared memory, an access stopping unit identifies applications that use the failed segment including applications of different nodes by using the management table and informs the applications of stop of the use of the failed segment. 1. An information processing device that configures an information processing system together with a different information processing device and that includes a shared memory that is accessed by the different information processing device , the information processing device comprising:a blocking unit that, when an access failure is detected in a first area of the shared memory, blocks access to the first area by using permission control information that is used to control permission for the different information processing device to access the first area; anda replacing unit that replaces the first area for which access is blocked by the blocking unit with a normal second area and controls permission to access the second area according to the permission control information.2. The information processing device according to claim 1 , further comprising:a recognizing unit that recognizes the different information processing device that is permitted to access each area of the shared memory;a stop informing unit that, when an access failure is detected in the first area, informs the different information processing device, which is recognizes by the recognizing unit regarding the permission to access the first area, of stop of access to the first area; anda restart informing unit that, when the replacing unit replaces the ...

METHOD AND APPARATUS FOR DATA STORAGE SERVICE

Embodiments of the present disclosure provide a method and apparatus for providing data storage service. The method comprises: receiving a storage service template from an user, the storage service template specifying a storage service policy for the user and a service instance to launch; and providing a storage service according to the storage service template; wherein the storage service policy defines a storage function to be performed for data of the user. With the method and apparatus according to embodiments of the present disclosure, a unified solution for overall orchestration of storage functions can be provided to enable the user to customize the required storage function flexibly. 1. A method for a storage service , comprising:receiving a storage service template from an user, the storage service template specifying a storage service policy for the user and a service instance to launch; andproviding the storage service according to the storage service template,wherein the storage service policy defines a storage function to be performed on data of the user.2. The method according to claim 1 , wherein the storage service template specifies the storage service policy for the user by indicating at least one storage service policy from a predefined set of storage service policies.3. The method according to claim 1 , wherein the storage service policy is defined with a work flow engine claim 1 , and wherein a task in the work flow engine corresponds to a storage function node or a type of storage service.4. The method according to claim 1 , wherein the storage service template further specifies a network for providing the storage service.5. The method according to claim 1 , wherein the storage service policy further defines at least one of an execution module for the storage function and a parameter for performing the storage function.6. The method according to claim 5 , wherein the execution module for the storage function includes a virtual machine or a ...

ETHERNET-ATTACHED SSD FOR AUTOMOTIVE APPLICATIONS

A data storage device includes: a housing integrating a control logic, a data protection logic, and a non-volatile storage; and a network interface connector integrated to the housing and is configured to be directly inserted into a network switch. The control logic is configured to store a vehicle data including a video stream in the non-volatile storage. The video stream is received from a video camera that is connected to the network switch. The data protection logic is configured to detect a vehicle event and change an operating mode of the data storage device to a read-only mode prohibiting the vehicle data stored in the non-volatile storage from being erased or tampered. 1. A data storage device comprising:a control logic, a data protection logic, and a non-volatile storage; anda network interface adapter configured to connect to a network,wherein the control logic is configured to store a data in the non-volatile storage,wherein the data is received from a sensor connected to the network, andwherein the data protection logic is configured to detect an event based on the data received from the sensor and change an operating mode of the data storage device from a first mode to a second mode based on detection of the event.2. The data storage device of claim 1 , wherein the event is a vehicle event including one or more of an airbag deployment claim 1 , a sensor trigger claim 1 , a power loss due to water submersion claim 1 , and a fire due to a crash.3. The data storage device of claim 1 , wherein the control logic stores the data in the data storage device for a predetermined period of time after the event.4. The data storage device of claim 1 , wherein the network interface adapter has a small form-factor pluggable (SFP) claim 1 , quad small form-factor pluggable (QSFP) claim 1 , or modular connector form factor.5. The data storage device of claim 1 , wherein the data storage device is a network-attached solid-state drive (SSD).6. The data storage device of ...

LOW-OVERHEAD DETECTION OF UNAUTHORIZED MEMORY MODIFICATION USING TRANSACTIONAL MEMORY

Technologies for detecting unauthorized memory accesses include a computing device having transactional memory support. The computing device executes a transactional memory execution envelope within a security thread. Within the transactional envelope, the security thread reads one or more memory locations. The computing device detects a transactional abort originating from the transactional envelope, and determines whether a security event has occurred. A security event may include an unauthorized write to the monitored memory locations from outside the transactional envelope, including from non-transactional code. The computing device reports any security events that are detected. The computing device may execute several security threads that each monitor a different, non-overlapping memory location. The computing device may spawn a new security thread to monitor a memory location while a previous security thread is handling a transactional abort. Other embodiments are described and claimed. 1. A computing device for detecting unauthorized memory accesses , the computing device comprising:a security thread dispatch module to start a security thread; and start a transactional memory envelope within the security thread;', 'access a monitored memory location within the transactional memory envelope;', 'detect a transactional abort in response to the access of the monitored memory location;', 'determine whether a security event has occurred in response to detection of the transactional abort, the security event indicative of an unauthorized write to the monitored memory location that originates from outside of the transactional memory envelope; and', 'report the security event in response to a determination that the security event has occurred., 'a security thread module to2. The computing device of claim 1 , wherein the monitored memory location comprises a system call table of the computing device claim 1 , security software of the computing device claim 1 , part of ...

Cache Memory

A cache memory includes a tag memory array and a data memory array. A control register records a reconfiguration status of at least one cache way, a start address of the tag memory array, and a start address of the data memory array. A memory controller is electrically connected to the tag memory array, the data memory array, and the control register. The memory controller controls a data access state of the tag memory array according to the mode byte and the tag base address. The memory controller controls a data access state of the data memory array according to the mode byte and the data base address. A selection module is electrically connected between the tag memory array, the data memory array, and the memory controller. The cache memory solves the problem of idle tag memory of the tag memory array. 1. A cache memory comprising:a tag memory array including at least one tag memory;a data memory array including at least one data memory, with the at least one data memory and the at least one tag memory together forming at least one cache way;a control register for storing a mode byte, a tag base address, and a data base address, with the mode byte recording a reconfiguration status of the at least one cache way, with the tag base address being a start address of the tag memory array, and with the data base address being a start address of the data memory array;a memory controller electrically connected to the tag memory array, the data memory array, and the control register, with the memory controller controlling a data access state of the tag memory array according to the mode byte and the tag base address, and with the memory controller controlling a data access state of the data memory array according to the mode byte and the data base address; anda selection module electrically connected between the tag memory array, the data memory array, and the memory controller, with the selection module permitting the memory controller to control the tag memory array and ...

PHYSICAL UNCLONABLE FUNCTION AT A MEMORY DEVICE

Various examples are directed to systems and methods for providing a digital fingerprint of a selected portion of a memory device to a host device. A host device executing at a host device may send a to a driver a command to produce digital fingerprint data. The command may include an output pointer indicating a memory location of the local memory. The driver may generate a modified command that does not include the output pointer. The driver may send the modified command to a memory device. The driver may receive a reply comprising the digital fingerprint data and write the digital fingerprint data to a location at the memory location of local memory of the host device indicated by the output pointer. 1. A system for providing a digital fingerprint of a selected portion of a memory device to a host device , comprising:a memory device; sending, by the host application and to the driver, a command to produce digital fingerprint data, the command including an output pointer to a memory location of the local memory for the digital fingerprint data to be written;', 'generating, by the driver, a modified command, wherein the modified command does not include the output pointer;', 'sending, by the driver, the modified command to the memory device;', 'receiving, by the driver, a reply comprising the digital fingerprint data describing a selected portion of the memory device; and', 'writing the digital fingerprint data to a location at the memory location of the local memory indicated by the output pointer., 'a host device comprising a local memory separate from the memory device, the host device to execute a driver and a host application, wherein the host device is configured to perform operations comprising2. The system of claim 1 , wherein the host device is further configured to perform operations comprising claim 1 , before writing the digital fingerprint data to the location at the local memory indicated by the output pointer claim 1 , decrypting the digital ...

MULTIPLE MEMORY TYPE MEMORY MODULE SYSTEMS AND METHODS

The present disclosure provides methods, apparatuses, and systems for implementing and operating a memory module, for example, in a computing device that includes a network interface, which is coupled to a network to enable communication with a client device, and processing circuitry, which is coupled to the network interface via a data bus and programmed to perform operations based on user inputs received from the client device. The memory module includes memory devices, which may be non-volatile memory or volatile memory, and a memory controller coupled between the data bus and the of memory devices. The memory controller may be programmed to determine when the processing circuitry is expected to request a data block and control data storage in the memory devices. 1. An apparatus , comprising:a network interface configured to be communicatively coupled to a communication network to enable data communication between the apparatus and a first client device via the communication network;processing circuitry communicatively coupled to the network interface via a data bus, wherein the processing circuitry is configured to perform first operations based at least in part on user inputs received from the first client device; and a plurality of memory devices, wherein the plurality of memory devices comprises a non-volatile memory device and a volatile memory device; and', determine, relative to a previous request from the processing circuitry, timing of a first memory access request that identifies a first data block comprising instructions executable to perform the first operations; and', 'control data storage in the plurality of memory devices to store the first data block in the volatile memory device before receiving the first memory access request from the processing circuitry., 'a memory controller communicatively coupled between the data bus and the plurality of memory devices, wherein the memory controller configured to], 'a memory sub-system communicatively ...

MEMORY MODULE DATA OBJECT PROCESSING SYSTEMS AND METHODS

The present disclosure provides methods, apparatus, and systems for implementing and operating a memory module, for example, in a computing that includes a network interface, which may be coupled to a network to enable communication with a client device, and host processing circuitry, which may be coupled to the network interface via a system bus and programmed to perform first data processing operations based on user inputs received from the client device. The memory module may be coupled to the system bus and include memory devices and a memory controller coupled to the memory devices via an internal bus. The memory controller may include memory processing circuitry programmed to perform a second data processing operation that facilitates performance of the first data processing operations by the host processing circuitry based on context of the data block indicated by the metadata. 1. An apparatus , comprising:a network interface configured to be communicatively coupled to a communication network to enable data communication between the apparatus and a first client device via the communication network;host processing circuitry communicatively coupled to the network interface via a system bus, wherein the host processing circuitry is configured to perform first data processing operations based at least in part on user inputs received from the first client device; and a plurality of memory devices; and', 'a memory controller communicatively coupled to the plurality of memory devices via an internal bus, wherein the memory controller comprises memory processing circuitry configured to, when the memory controller receives a first data object comprising a first data block and first metadata, perform a second data processing operation that facilitates performance of the first data processing operations by the host processing circuitry based at least in part on context of the first data block indicated by the first metadata., 'a first memory sub-system communicatively ...

MULTIPLE MEMORY TYPE MEMORY MODULE SYSTEMS AND METHODS

The present disclosure provides methods, apparatuses, and systems for implementing and operating a memory module, for example, in a computing device that includes a network interface, which is coupled to a network to enable communication with a client device, and processing circuitry, which is coupled to the network interface via a data bus and programmed to perform operations based on user inputs received from the client device. The memory module includes memory devices, which may be non-volatile memory or volatile memory, and a memory controller coupled between the data bus and the of memory devices. The memory controller may be programmed to determine when the processing circuitry is expected to request a data block and control data storage in the memory devices. 1. A computing system comprising:a processor comprising processing circuitry configured to perform a first operation based at least in part on a first data block; and a plurality of memory devices communicatively coupled to the data bus, wherein the plurality of memory devices comprises a non-volatile memory device and a volatile memory device; and', the memory controller comprises buffer memory communicatively coupled to the data bus; and', store a first copy of the first data block from the plurality of memory devices into the buffer memory; and', 'output the first data block directly from the buffer memory to the processor via the data bus when the memory sub-system receives a first memory access request identifying the first data block to enable the processing circuitry to perform the first operation based at least in part on the first data block., 'the memory controller configured to], 'a memory controller communicatively coupled to each of the plurality of memory devices, wherein], 'a memory sub-system communicatively coupled to the processor via a data bus, wherein the memory sub-system comprises2. The computing system of claim 1 , wherein claim 1 , when the first memory access request identifying ...

MEMORY MODULE DATA OBJECT PROCESSING SYSTEMS AND METHODS

The present disclosure provides methods, apparatus, and systems for implementing and operating a memory module, for example, in a computing that includes a network interface, which may be coupled to a network to enable communication with a client device, and host processing circuitry, which may be coupled to the network interface via a system bus and programmed to perform first data processing operations based on user inputs received from the client device. The memory module may be coupled to the system bus and include memory devices and a memory controller coupled to the memory devices via an internal bus. The memory controller may include memory processing circuitry programmed to perform a second data processing operation that facilitates performance of the first data processing operations by the host processing circuitry based on context of the data block indicated by the metadata. 1. A computing system comprising one or more host computing devices , wherein the one or more host computing devices comprise:a network interface communicatively coupled to a system bus, wherein the network interface is configured to communicatively couple the one or more host computing devices to a first client computing device via a communication network to enable the one or more host computing devices to provide the first client computing device a first virtual machine; the memory sub-system is configured to store a plurality of data objects; and', 'a first data object of the plurality of data objects comprises a first copy of first virtual machine data and first tag metadata that indicates that the first data object is associated with the first virtual machine; and, 'a memory sub-system communicatively coupled to the system bus, whereinhost processing circuitry communicatively to the system bus, wherein the host processing circuitry is configured to process the first data object to provide the first virtual machine; anda service processor communicatively coupled to the memory sub- ...

SYSTEM AND METHOD FOR SECURELY ISOLATING A SYSTEM FEATURE

Operations include isolating one or more system features. A system stores a set of signal states, comprising a signal state for each system feature. Hardware of the system is configurable to a lockdown state, in which the set of signal states cannot be modified. The hardware of the system is also configurable to a non-lockdown state, in which the set of signal states can be modified. Hardware logic configures functionality of the set of system features based on the signal states. 1. A system comprising:non-volatile memory storing a set of signal states for signals to each of a set of one or more system features; (a) a lockdown state in which the set of signal states stored in the non-volatile memory cannot be modified;', '(b) a non-lockdown state in which the set of signal states stored in the non-volatile memory can be modified;, 'the system comprising hardware being configurable tohardware logic that configures functionality of the set of system features based on the signal states.2. The system of claim 1 , wherein the hardware logic can be reprogrammed during the non-lockdown state claim 1 , and wherein the hardware logic cannot be reprogrammed during the lockdown state.3. The system of claim 1 , wherein the hardware logic comprises hardened logic that cannot be reprogrammed during either of the lockdown state or the non-lockdown state.4. The system of claim 1 , the system further comprises a controller claim 1 , external to the hardware logic claim 1 , which includes functionality to modify the set of signal states stored in the non-volatile memory when the hardware is in the non-lockdown state claim 1 , wherein the controller cannot modify the set of signal states stored in the non-volatile memory when the hardware is in the lockdown state.5. The system of claim 4 , wherein the controller is a Baseboard Management Controller (BMC).6. The system of claim 4 , wherein the controller includes functionality to read the set of signal states stored in the non-volatile ...

Hacking-Resistant Computer Design

A computer architecture is disclosed for implementing a hacking-resistant computing device. The computing device, which could be a mainframe computer, personal computer, smartphone, or any other computing device suitable for network communication, comprises a first partition and a second partition. The second partition can communicate over a network such as the Internet. In contrast, the first partition cannot connect to the Internet, and can directly communicate only with the second partition or with input/output devices directly connected to the first partition. Further, the first partition segments its memory addressing for program code and hardware-protects it from alteration. The second partition is hardware-limited from reading or writing to the memory addressing of the first partition. As a result, the critical data files and program code stored on the first partition are protected from malicious code affecting the second partition. 1. A computer system comprising:at least one CPU;a bus;at least one I/O module configured to connect to a network through the bus; at least one memory address range for program code, configured by hardware circuitry, wherein the program code comprises computer-executable code; and', 'at least one memory address range for other data, wherein the other data comprises data read from the network;, 'at least one memory module, comprisingwherein the at least one CPU is hardware-configured to execute only the computer-executable code in the memory address range for program code;wherein the computer system is configured to execute a pull command through the bus to read the other data from the network and write the other data only to the at least one memory address range for other data;wherein the computer system is configured to execute a push command through the bus to send data to the network;wherein the bus is configured not to accept a push command from the network or a pull command from the network; andwherein the hardware circuitry ...

Systems and methods for restricting write access to non-volatile memory

A method for restricting write access to a non-volatile memory. The method includes receiving a request to write to a protected location in the non-volatile memory and determining whether the protected location is in a write-protected state. If the protected location is not in a write-protected state, the method includes writing data indicated by the request to the protected location. If the protected location is in a write-protected state, the method includes rejecting the request. The protected location stores a validation key to validate the contents of another portion of the non-volatile memory.