Tue, 22 Sep 2015 08:00:00 EDTA system is disclosed comprising multiple sets of client computers each client computer having installed thereon an application program The application program comprising client computer specific log-in information, a database system coupled to the set of client computers via a network. The database system having a log-in component for logging-in the client computers, and being partitioned into multiple relational databases each one of which is assigned to one set of the sets of client computers. Each database further storing encrypted data items, each data item being encrypted with one of the user or user-group specific cryptographic keys, the key identifier of the cryptographic key with which one of the data items is encrypted being stored in the database as an attribute of the one of the encrypted data items. The log-in component comprising assignment information indicative of the assignment of the databases to the set of client computers.
Tue, 18 Aug 2015 08:00:00 EDTA data transform method and a data transformer. The method includes: importing a data transform rule; acquiring from the data transform rule a source data definition, a destination data definition and a data transform rule definition; predicting resource energy consumption parameters of a data transform node server according to the source data definition, the destination data definition and the data transform rule definition; and deploying a resource energy consumption optimization policy of the data transform node server according to the predicted resource energy consumption parameters of the data transform node server.
Tue, 21 Jul 2015 08:00:00 EDTThere is provided a power management apparatus including: a managed appliance registering unit carrying out authentication on an electronic appliance connected to a power network and registering an electronic appliance for which the authentication has succeeded as a managed appliance, a control unit controlling operation of the managed appliance and supplying of power to the managed appliance, a managed appliance information acquiring unit acquiring, from the managed appliance, as managed appliance information, at least any of appliance information including identification information that is unique to the electronic appliance, information indicating an operation state of the electronic appliance, information indicating an usage state of the electronic appliance and power information of the electronic appliance, and an appliance state judging unit judging a state of the managed appliance based on the managed appliance information acquired by the managed appliance information acquiring unit.
Tue, 09 Jun 2015 08:00:00 EDTTechniques are described to transmit commands to a display device. The commands can be transmitted in header byte fields of secondary data packets. The commands can be used to cause a target device to capture a frame, enter or exit self refresh mode, or reduce power use of a connection. In addition, a request to exit main link standby mode can cause the target enter training mode without explicit command to exit main link standby mode.
Tue, 26 May 2015 08:00:00 EDTA Virtual Single Account (VSA) system and method that provides a mobile user with automatic authentication and connection to a remote network via local access networks with a single password, where the local access networks may be independent of the remote network. A mobile user has a single authentication credential for one VSA that is utilized by a VSA client installed on a mobile computing device. The VSA client provides for automatically authenticating and connecting the user's mobile device to a current local access network, and the target remote network such as the user's office network. All authentication credentials are encrypted using a key generated from the user's VSA password that is generated from the user's single password. The VSA client derives the key from the submitted VSA password and decrypts all authentication credentials that are required in order to connect the mobile device to the current local access network and thereafter to the office network.
Tue, 26 May 2015 08:00:00 EDTA method and device for controlling content that includes plural display pages in a sequence, the method including: displaying a current page included in the content; receiving a user input to or above a display screen of the display unit for changing from the current page to another page of the content; extracting fingerprint information from the user input; determining whether the content of the another page is or is not accessible based on the extracted fingerprint information; if all of the content of the another page is determined to be accessible based on the extracted fingerprint information, displaying the another page; and if any of the content of the another page is determined not to be accessible based on the extracted fingerprint information, displaying a page following the current page without displaying content of the another page that was determined not to be accessible.
Tue, 26 May 2015 08:00:00 EDTThe disclosure is directed to a system and method for establishing a secured wireless connection allowing the exchange of information between a wireless device and aircraft equipment. The secured wireless access system may require a user controlling the wireless device to interact with an onboard interface to initiate a connection. The user may be further required to enter a randomly generated security passcode to pair the mobile device to the aircraft equipment. Further security measures may be implemented, such as tiered user access levels restricting certain equipment and/or information based upon a user identity of the user requesting access.
Tue, 26 May 2015 08:00:00 EDTA system, method, and device includes a platform data storage that stores a wrap that secures an executable controller and executable sensors. The wrap is verified, optionally through a downloaded authentication driver. After verifying the wrap, the wrap is opened and a sister of the executable controller is installed into the platform memory to cooperate with the executable controller. Additionally or alternatively, the authentication driver may cooperate with the executable controller. The executable controller allows the platform processor to access data secured in a vault and/or verify the platform to create a connection to a connection server.
Tue, 26 May 2015 08:00:00 EDTA method is provided to process data so that the data can be externally stored with minimized risk of information leakage. A framework (virtual execution framework) based on virtual machines (VMs) is utilized as a substitute for a trusted institution. Encryption of consolidated data can reduce risk of information leakage and enhance security. Since the virtual execution framework can control connection and direction of communication, financial institutions are allowed to apply encryption to data on their own, which makes the data further appropriate for external storage. By allowing financial institutions to apply their own decryption, it is possible to prevent one of two financial institutions from retrieving externally stored data into the external execution framework without intervention of the other. Additionally, associated acting subjects can be provided with freedom depending on the degree of information leakage risk.
Tue, 26 May 2015 08:00:00 EDTA method uses a firmware interface setup program for a selected compute node (“node”) to cause a firmware interface to enable a trusted platform module (TPM) on the selected node to receive a physical presence (PP) signal. The selected node is selected from a plurality of nodes within a multi-node chassis, wherein each node includes a firmware interface and a TPM. A device within the multi-node chassis is manually actuated to transmit a PP signal to each of the plurality of nodes, such that each node receives the PP signal. The PP signal is asserted to the TPM of the selected node in response to both enabling the TPM of the selected node to be able to receive the PP signal and receiving the PP signal. Still further, the method allows modification of a security setting of the selected node in response to the TPM receiving the PP signal.
Tue, 26 May 2015 08:00:00 EDTMethods are provided for tracking data corresponding to a mobile device that accesses a web page. Once a mobile device is registered with a network, the mobile device is instructed to request permission before accessing a web page. An access request is received, and based on a user profile, the access request is approved such that the mobile device may access the web page. Access data that corresponds to the mobile device accessing the web page is collected so that it can be added to and stored in a database.
Tue, 26 May 2015 08:00:00 EDTVarious embodiments described herein relate to apparatus for executing software in a secure computing environment. A secure processor can be used and configured to request a context swap from a first context to a second context when switching execution from a first portion of software to a second portion of software. A context manager, which can be in communication with the secure processor, can be configured to receive and initiate a requested context swap. A trust vector verifier, which can be in communication with the secure processor and the context manager, can be configured to load a trust vector descriptor upon command from a context manager.
Tue, 26 May 2015 08:00:00 EDTA display device is disclosed. The display device comprising: a display unit; a sensor unit; a storage unit; and a processor configured to: provide feedback for indicating a security on state of selected first information when selection input for selecting the first information in the security on state is detected, when a security off input for clearing security is detected in response to the feedback, obtain the fingerprint using the display unit, and convert the first information in the security on state into a security off state when the obtained fingerprint is matched with a pre-stored fingerprint, when a security maintenance input for maintaining security is detected in response to the feedback, maintain the security on state of the first information.
Tue, 26 May 2015 08:00:00 EDTThe variable domain data access control system and method described herein use the same variable domain to describe a data security model and a variable domain data model, such as a product configuration model. A variable domain is a set of resource data that can be described using a logical relationship data structure. The variable domain utilizes logical relationship expressions, such as a Boolean logic language, to define resource data in terms of parts, rules and/or attributes, and any other property that can be accessed for viewing, manipulation, or other purposes. The data security model represents an access control list (ACL) that includes security attributes as resource data and uses the same data structure and logical relationship expressions as an associated variable domain data model. An application, such as a configuration engine, can be used to create controlled access to the variable domain data model using the data security model.
Tue, 26 May 2015 08:00:00 EDTAn access rights management system is presented in which a mobile device may be allowed to access corporately held data in a flexible manner but in which the security and integrity of the data is maintained. The mobile device is provided with a rights adjustment module which modifies the access rights for locally stored corporate data in dependence on the connectivity of the mobile device with a corporate server.
Tue, 26 May 2015 08:00:00 EDTAn optical disc drive (ODD) includes a radio-frequency identification (RFID) reader. The reader includes a circuit and a coil antenna which has a rotational symmetry with respect to a rotation axis of a motor, shaft and turntable of the ODD. The coil antenna can be secured to a wall of a housing of the ODD or around the motor and/or shaft. The reader can read an RFID tag on an optical disc. The RFID tag includes a circuit and a coil antenna which has a rotational symmetry with respect to the disc. As a result, the RFID tag can be read while the disc is rotating. A magnetic insulating material such as a ferrite polymer composite film is used to magnetically insulate the coil antenna. An authentication code can be read from the RFID tag to control access to content of the optical disc.
Tue, 26 May 2015 08:00:00 EDTProvided are a system and method for protecting data in an electronic communications environment. An interested entity establishes one or more controls for a received unit of data. At a source device in the electronic communications network, the unit of data is encapsulated with self-protection security data that includes the one or more controls. The encapsulated unit of data is delivered from the source device to a destination device in the electronic communications network. A data broker facilitates the delivery of the data to the destination device according to the controls. Facilitating the delivery of the data includes: identifying for the receiving device a collection of services corresponding to the controls independently of the network.
Tue, 26 May 2015 08:00:00 EDTA method of accessing a communication system and a communication device for performing the same are disclosed. The method includes transmitting, by a communication device to a node of a communication system through a communication link between the communication device and the node, a request to negotiate basic capabilities for communicating with the node, receiving, by the communication device from the node, a response to the request to negotiate basic capabilities, and, transmitting, by the communication device to the node, a request to disconnect the communication link, when the response to the request to negotiate basic capabilities indicates that the node does not support authentication.
Tue, 26 May 2015 08:00:00 EDTAn information handling system includes a host mapped general purpose input output (GPIO), a shared memory, a board management controller, and a cryptography engine. The host mapped GPIO includes a plurality of registers. The board management controller is in communication with the host mapped GPIO and with the shared memory, and is configured to control accessibility to the plurality of registers in the GPIO, and to control write accessibility of the shared memory based on a private key received from a basic input output system requesting accessibility to the plurality of registers and write accessibility of the shared memory. The cryptography engine is in communication with the board memory controller, and is configured to authenticate the private key received from the board management controller.
Tue, 26 May 2015 08:00:00 EDTA method for operating an invisible system service on Android platform is disclosed. The method for operating system services on Android platform includes selectively registering a created system service in a context manager according to a type of the created system service, where the type of the system service comprises a first type for permitting access from an outside and a second type for not permitting access from the outside, and the selectively registering comprises registering in the context manager the created system service belonging to the first type and not registering in the context manager the created system service belonging to the second type.
Tue, 26 May 2015 08:00:00 EDTMethods, devices, and systems that may be used to secure networked devices are provided. One method includes receiving, at a security device, encrypted configuration data from a management server connected to a data network, from packets addressed to a networked device. The method further includes managing, by the security device, packets between the networked device and other devices accessible through a network based upon the configuration data. The method further includes sending, by the security device, a plurality of encrypted heartbeat messages to the management server utilizing an address associated with the networked device as the originating address for packets in which the encrypted heartbeat messages are transmitted.
Tue, 26 May 2015 08:00:00 EDTAn execution environment may have a monitoring, analysis, and feedback loop that may configure and tune the execution environment for currently executing workloads. A monitoring or instrumentation system may collect operational and performance data from hardware and software components within the system. A modeling system may create an operational model of the execution environment, then may determine different sets of parameters for the execution environment. A feedback loop may change various operational characteristics of the execution environment. The monitoring, analysis, and feedback loop may optimize the performance of a computer system for various metrics, including throughput, performance, energy conservation, or other metrics based on the applications that are currently executing. The performance model of the execution environment may be persisted and applied to new applications to optimize the performance of applications that have not been executed on the system.
Tue, 26 May 2015 08:00:00 EDTTechniques for implementing identification and management of unsafe optimizations are disclosed. A method of the disclosure includes receiving, by a managed runtime environment (MRE) executed by a processing device, a notice of misprediction of optimized code, the misprediction occurring during a runtime of the optimized code, determining, by the MRE, whether a local misprediction counter (LMC) associated with a code region of the optimized code causing the misprediction exceeds a local misprediction threshold (LMT) value, and when the LMC exceeds the LMT value, compiling, by the MRE, native code of the optimized code to generate a new version of the optimized code, wherein the code region in the new version of the optimized code is not optimized.
Tue, 26 May 2015 08:00:00 EDTArrangements for restarting data transmission on a serial low-power inter-chip media bus (SLIMbus) are presented. A clock signal may be provided in an active mode to a component communicatively coupled with the SLIMbus. Immediately prior to the clock signal in the active mode being provided, the clock signal may have been in a paused mode. While the clock signal was in the paused mode at least until the clock signal is provided in the active mode, the data line may have been inactive (e.g., a toggle on the data line may not have been present). Frame synchronization data for a frame may be transmitted. The frame synchronization data for the frame, as received by the component, may not match expected frame synchronization data. Payload data may be transmitted as part of the frame to the component, wherein the payload data is expected to be read properly by the component.
Tue, 26 May 2015 08:00:00 EDTAn integrated-circuit memory controller outputs to a memory device a first signal in a first state to enable operation of synchronous data transmission and reception circuits within the memory device. A transaction queue within the memory controller stores memory read and write requests that, to be serviced, require operation of the synchronous data transmission and reception circuits, respectively, within the memory device. Power control circuitry within the memory controller determines that the transaction queue has reached a predetermined state and, in response, outputs the first signal to the memory device in a second state to disable operation of the synchronous data transmission and reception circuits within the memory device.
Tue, 26 May 2015 08:00:00 EDTAn SOC implements a security enclave processor (SEP). The SEP may include a processor and one or more security peripherals. The SEP may be isolated from the rest of the SOC (e.g. one or more central processing units (CPUs) in the SOC, or application processors (APs) in the SOC). Access to the SEP may be strictly controlled by hardware. For example, a mechanism in which the CPUs/APs can only access a mailbox location in the SEP is described. The CPU/AP may write a message to the mailbox, which the SEP may read and respond to. The SEP may include one or more of the following in some embodiments: secure key management using wrapping keys, SEP control of boot and/or power management, and separate trust zones in memory.
Tue, 26 May 2015 08:00:00 EDTAccording to an embodiment, a control system includes a detector, an estimating unit, a determining unit, and a controller. The detector detects an idle state. The estimating unit estimates an idle period. When the idle state is detected, the determining unit determines whether a first power consumption when writeback of data which needs to be written back to a main storage device is performed and supply of power to a cache memory is stopped, is larger than a second power consumption when writeback of the data is not performed and supply of power is continued for the idle period. The controller stops the supply of power to the cache memory when the first power consumption is determined to be smaller than the second power consumption and continues the supply of power when the first power consumption is determined to be larger than the second power consumption.
Tue, 26 May 2015 08:00:00 EDTAn image forming apparatus is connected to a host device including first and second power domains which are separately supplied with power and includes first and second memories to be disposed in the second power domain, a main controller disposed in the first power domain and to perform a control operation using the first memory in a normal mode, and a sub-controller disposed in the second power domain and perform a control operation using the second memory in a power-saving mode, where when the normal mode is changed to the power-saving mode a power supply to the first power domain is shut off, the first memory operates in a self-refresh mode, and the main controller copies central processing unit (CPU) context information into a context storage unit, and when the power-saving mode is changed to the normal mode, the main controller is booted using the CPU context information stored in the context storage unit.
Tue, 26 May 2015 08:00:00 EDTA multi-cluster processing system and a method of operating a multi-cluster processing system are provided. The multi-cluster processing system includes: a first cluster including a plurality of first-type cores: a second cluster including a plurality of second-type cores; and a control unit configured to monitor loads of the first-type cores and the second-type cores, wherein when utilization of at least one of enabled first-type cores exceeds a predetermined threshold utilization of each of the first-type cores, the control unit enables at least one of disabled first-type cores in a first mode, and the control unit enables at least one of the disabled second-type cores and disables the first cluster in a second mode, wherein an amount of computation per unit of time of each of the second-type cores is greater than an amount of computation per unit of time of each of the first-type cores.
Tue, 26 May 2015 08:00:00 EDTWe report methods, integrated circuit devices, and fabrication processes relating to power management transitions of multiple compute units sharing a cache. One method includes indicating that a first compute unit of a plurality of compute units of an integrated circuit device is attempting to enter a low power state, determining if the first compute unit is the only compute unit of the plurality in a normal power state, and in response to determining the first compute unit is the only compute unit in the normal power state: saving a state of a shared cache unit of the integrated circuit device, flushing at least a portion of a cache of the shared cache unit, repeating the flushing until either a second compute unit exits the low power state or the cache is completely flushed, and permitting the first compute unit to enter the low power state.
Tue, 26 May 2015 08:00:00 EDTMethods and apparatuses to manage working states of a data processing system. At least one embodiment of the present invention includes a data processing system with one or more sensors (e.g., physical sensors such as tachometer and thermistors, and logical sensors such as CPU load) for fine grain control of one or more components (e.g., processor, fan, hard drive, optical drive) of the system for working conditions that balance various goals (e.g., user preferences, performance, power consumption, thermal constraints, acoustic noise). In one example, the clock frequency and core voltage for a processor are actively managed to balance performance and power consumption (heat generation) without a significant latency. In one example, the speed of a cooling fan is actively managed to balance cooling effort and noise (and/or power consumption).
Tue, 26 May 2015 08:00:00 EDTPower consumption in a microprocessor platform is managed by setting a peak power level for power consumed by a multi-core microprocessor platform executing multi-threaded applications. The multi-core microprocessor platform contains a plurality of physical cores, and each physical core is configurable into a plurality of logical cores. A simultaneous multithreading level in at least one physical core is adjusted by changing the number of logical cores on that physical core in response to a power consumption level of the multi-core microprocessor platform exceeding the peak power level. Performance and power data based on simultaneous multi-threading levels are used in selecting the physical core to be adjusted.
Tue, 26 May 2015 08:00:00 EDTA power controller can set the power state of a processor bridge based on which processor modules are in a communicative state. In addition, for a power state where selected processor modules are expected to be non-communicative, the power controller can set the supplied voltage to have a reduced voltage guard band as compared to other power states. These power management techniques can reduce the power consumed by the processor.
Tue, 26 May 2015 08:00:00 EDTA method and apparatus for power-efficiency management in a virtualized cluster system. The virtualized cluster system includes a front-end physical host and at least one back-end physical host, and each of the at least one back-end physical host comprises at least one virtual machine and a virtual machine manager. Flow characteristics of the virtualized cluster system are detected at a regular time cycle, then a power-efficiency management policy is generated for each of the at least one back-end physical host based on the detected flow characteristics, and finally the power-efficiency management policies are performed. The method can detect the real-time flow characteristics of the virtualized cluster system and make the power-efficiency management policies thereupon to control the power consumption of the system and perform admission control on the whole flow, thereby realizing optimal power saving while meeting the quality of service requirements.
Tue, 26 May 2015 08:00:00 EDTA system and method for low-cost, fault tolerant, EMI robust data communications, particularly for an EV environment. A data communications method, including a) enabling a transmission of a wake signal from a host to a remote client through an isolator disposed at the remote client when the wake signal is asserted from the host at a host-portion of the isolator concurrent with a periodic enablement of a client-portion of the isolator by the remote client; and thereafter b) transmitting the wake signal from the host to the remote client through the isolator; c) controlling enablement of the client-portion responsive to the wake signal transmitted through the isolator; and thereafter d) disabling the transmission by deassertion of the wake signal at the host.
Tue, 26 May 2015 08:00:00 EDTAn energy management system has an application storage, an application executing unit, a plurality of network interfaces, a policy setting unit configured to set whether each application should be permitted to access each of the network interfaces, a policy storage configured to store identification information for each application set by the policy setting unit, and access permit/inhibit information showing whether the application is permitted to access each of the network interfaces, an I/F management unit managing a correspondence relationship between a network address and each of the network interfaces, and to specify a network interface used by the application executed by the application executing unit, and an access controller configured to judge whether the application executed by the application executing unit is permitted to access the network interface to be used thereby, based on the access permit/inhibit information stored in the policy storage.
Tue, 26 May 2015 08:00:00 EDTA power-saving network management server, which is coupled to a network system including a network device and manages a state of power to the network device, wherein the power-saving network management server is configured to: store network configuration information and task allocation information; determine starting or stopping of the power supply to the port of the network device based on the updated network configuration information and task allocation information; store a determination result of the starting or stopping of the power supply to the port as a port determination result; and control the power supply to the port of the network device based on the port determination result.
Tue, 26 May 2015 08:00:00 EDTA data processing system on an integrated circuit includes a core that performs switching operations responsive to a system clock that draws current from the power supply network. An IR-drop detector includes a resistor ladder having outputs representative of an IR-drop caused by the core during the switching operations. The system further includes a plurality of amplifiers coupled to the outputs indicative of the IR-drop, a plurality of flip-flops coupled to the amplifiers, and a variable clock generator. The variable clock generator outputs a sampling clock comprising a group consisting of a variable phase or a variable frequency to the plurality of flip-flops. The flip-flops are triggered by the sampling clock so that the IR-drop at a time during a clock cycle of the system clock can be detected, and the peak IR-drop value for can be tracked.
Tue, 26 May 2015 08:00:00 EDTThe disclosure discloses a power management method, for setting a power supply arrangement of an electronic device intelligently, comprising providing at least two sensors, corresponding to at least one threshold respectively; detecting a state of the electronic device for generating a detecting signal respectively; comparing the at least two detecting signals with the at least one threshold corresponding to the at least two sensors respectively; generating at least two situation signals when the at least two detecting signals meet the at least one threshold corresponding to the at least two sensors respectively; looking up a look-up table according to the at least two detecting signals for generating a control command; and writing in at least one independent bit of a register according to the control command for changing or maintaining a power supply arrangement of at least one peripheral component.
Tue, 26 May 2015 08:00:00 EDTA source device to provide power through a network cable and a user device is to draw power from the network cable. A database is to store a parameter associated with the user device. The source device is to access the stored parameter based on receipt of information related to the user device and is to compare at least one of a current power drawn and an additional power requested by the user device to a power limit of the user device based on the accessed parameters. The source device is to send a power message to the user device based on the comparison, the power message to relate to an amount of the power the user device is to draw.
Tue, 26 May 2015 08:00:00 EDTA device incorporating a data communication function 15 having a power supply circuit 38 of a dispersed power supply system is provided with a terminal 51-2 for receiving power supply from another device 14 which initiates data communication and a drive circuit 53-2 for performing the data communication with the another device 14, wherein when the terminal 51-2 is supplied with power, the power supplied to the terminal 51-2 is supplied to the drive circuit 53-2 in an off state of the power supply circuit 38. It thereby reduces self-power-loss and ensures reliability of performance.
Tue, 26 May 2015 08:00:00 EDTA method begins with a processing module obtaining data to store and determining whether substantially similar data to the data is stored. When the substantially similar data is not stored, the method continues with the processing module generating a first encryption key based on the data, encoding the first encryption key into encoded data slices in accordance with an error coding dispersal storage function, and storing the encoded data slices in a dispersed storage network (DSN) memory. The method continues with the processing module encrypting the data using an encryption key of the substantially similar data in accordance with an encryption function to produce encrypted data, compressing the encrypted data in accordance with a compression function to produce compressed data, storing the compressed data when the substantially similar data is stored.
Tue, 26 May 2015 08:00:00 EDTIn an embodiment, an apparatus includes a cryptographic processor within a wireless device. The cryptographic processor includes at least one cryptographic unit. The cryptographic processor also includes a nonvolatile memory to store one or more microcode instructions, wherein at least one of the one or more microcode instructions is related to a sensitive operation. The cryptographic processor also includes a controller to control execution of the one or more microcode instructions by the at least one cryptographic unit, wherein the controller is to preclude execution of the sensitive operation if the apparatus is within an untrusted state.
Tue, 26 May 2015 08:00:00 EDTA network storage server implements a method to discard sensitive data from a Persistent Point-In-Time Image (PPI). The server first efficiently identifies a dataset containing the sensitive data from a plurality of datasets managed by the PPI. Each of the plurality of datasets is read-only and encrypted with a first encryption key. The server then decrypts each of the plurality of datasets, except the dataset containing the sensitive data, with the first encryption key. The decrypted datasets are re-encrypted with a second encryption key, and copied to a storage structure. Afterward, the first encryption key is shredded.
Tue, 26 May 2015 08:00:00 EDTA method for encrypting data on a disk drive using self encrypting drive is provided. The method includes encryption of data chunks of a computing device. The method further includes associating the encrypted data chunks with encryption key indexes of the computing device. Moreover, the method further includes receiving the encryption key indexes for given logical block addresses of the data chunks. The method further includes determining the encryption keys to be used to encrypt the data chunks based on the encryption key indexes of the data chunks to the disk drive.
Tue, 26 May 2015 08:00:00 EDTEmbodiments of the present invention provide an approach for protecting visible data during computerized process usage. Specifically, in a typical embodiment, when a computerized process is identified, a physical page key (PPK) is generated (e.g., a unique PPK may be generated for each page of data) and stored in at least one table. Based on the PPK a virtual page key (VPK) is generated and stored in at least one register. When the process is later implemented, and a request to access a set of data associated the process is received, it will be determined whether the VPK is valid (based on the PPK). Based on the results of this determination, a data access determination is made.
Tue, 26 May 2015 08:00:00 EDTA disk array device comprises a first storage unit that stores encrypted user data, a second storage unit that is different from the first storage unit and locks and stores configuration information including a first encrypted authentication key that unlocks the encrypted user data, a management unit that includes a decoder that decodes the first encrypted authentication key and a control unit that unlocks the locked configuration information using a second authentication key, the management unit managing data using the first and second authentication keys. the management unit includes a configuration information recovery portion that unlocks the locked configuration information by using the second authentication key and recovers the configuration information during booting and a user data unlocking portion that decodes the first encrypted authentication key included in the configuration information and unlocks the encrypted user data stored in the first storage unit by using the first decoded authentication key.
Tue, 26 May 2015 08:00:00 EDTA system comprises a basic-input-output-system (“BIOS”), a disk drive, and a security system configured to prevent unauthenticated access to the disk drive. For each of at least two users out of a plurality of users, the BIOS authenticates the user based on the user's token. The BIOS also accesses secured data based on the authentication, and provides the secured data to the security system without input from the user.
Tue, 26 May 2015 08:00:00 EDTSecurity measures for tokens comprise storing security rules associated with a generated token in a memory. A processor, communicatively coupled to the memory, accesses the security rules associated with the generated token and determines whether to encrypt the generated token by applying at least a portion of the security rules to the generated token. The processor encrypts the generated token. An interface, communicatively coupled to the processor, communicates the encrypted token to a mobile device associated with a user.
Tue, 26 May 2015 08:00:00 EDTThe present invention provides for an electronic device having cryptographic computation means arranged to generate cryptographic data within the device for enhancing security of communications therewith, the device including an onboard power supplying means arranged to provide for the driving of the said cryptographic computational means, and so as to provide a device by way of a manufacturing phase and a post manufacturing phase arranged for distribution and/or marketing of the device, and wherein the step of generating the cryptographic data occurs during the post manufacturing phase.