Provided is a control method of controlling locking or unlocking of storage using a blockchain. The control method includes: determining, when first request information indicating a lock/unlock request, that is a lock request or an unlock request, is received from a terminal, whether a keyholder identified by reading keyholder information stored in the blockchain matches an owner of the terminal that has transmitted the first request information, the keyholder information indicating a person having the authority to lock or unlock the storage; performing lock/unlock processing when the keyholder is determined to match the owner, the lock/unlock processing being processing for causing the storage to lock or unlock in accordance with the first request information; and performing first storage processing after the lock/unlock processing is performed, the first storage processing being processing of storing, in the blockchain, transaction data indicating that the lock/unlock processing has been performed.

Disclosed are devices, systems, apparatus, circuits, methods, products, and other implementations, including a method that includes obtaining, during execution of a process associated with a particular privilege level, data content from a memory location, and determining by a hardware-based detection circuit whether the data content matches at least one of one or more token values, with the one or more token values stored in one or more pre-determined memory locations, and with access of any of the pre-determined one or more memory locations indicating a potential anomalous condition. The method further includes triggering, in response to a determination that the data content matches the at least one of the one or more token values, another process with a higher or same privilege level as the particular privilege level associated with the process, to handle occurrence of a potential system violation condition.

A method for providing and maintaining secure storage of target data includes, during a first time period in which a server provides a first mapping between user-specific cloaking sequence elements and hidden sequence elements, cloaking the target data using a first set of user-specific cloaking sequences and the first mapping, and storing the cloaked data in a persistent memory. The method further includes, during a later, second time period in which the server provides a different, second mapping between the user-specific cloaking sequence elements and the hidden sequence elements, re-cloaking the cloaked data using the first set of user-specific cloaking sequences and the second mapping, and storing the re-cloaked data in the persistent memory.

A method for protecting data includes encrypting information to generate a first tweak, combining a data block with the first tweak, encrypting the tweaked data block to form encrypted data, combining the encrypted data with the first tweak, and providing the combined encrypted data for storage in a memory address. Storing the combined encrypted data at the memory address generates a first stimulus different from a second stimulus generated by storing same encrypted data combined with a second tweak at the memory address. The first stimulus is generated based on the first tweak and the second stimulus is generated based on the second tweak.

An illustrative method includes a data protection system detecting a request provided by a source to perform an operation with respect to a storage system, the request including a logical address that comprises a logical element representative of a storage location within the storage system, determining whether the logical address further comprises an authorization element indicating that the source is authorized to initiate operations with respect to the storage system, and performing, based on the determining whether the logical address includes the authorization element, an action with respect to the operation.

Generally discussed herein are devices, systems, and methods for software memory tagging that provides buffer overflow protection. A method can include responsive to a memory write operation to write data to a heap of a memory, identifying a first tag value associated with a first address of the memory write operation in the bit map, comparing, for each address after the first address affected by the memory write operation, respective tag values in a bit map of the memory to the identified first tag value, and halting execution of the application if any of the respective tag values do not match the first tag value.

In at least one implementation, technology disclosed herein provides a method including generating a plurality of shares of an encryption key such that a combination of shares having a cardinality above a threshold cardinality is sufficient to retrieve data encrypted with the encryption key, distributing the plurality of shares among a plurality of devices, the plurality of devices including one or more disc drive cartridges and one or more printed circuit board assemblies (PCBAs) configured to host one or more of the disc drive cartridges, receiving one or more of the plurality of shares from the plurality of devices, and in response to determining that cardinality of the received one or more of the plurality of shares is above the threshold cardinality, retrieving the data encrypted with the key.

An integrated circuit (122) includes an on-chip boot ROM (132) holding boot code, a non-volatile security identification element (140) having non-volatile information determining a less secure type or more secure type, and a processor (130). The processor (130) is coupled to the on-chip boot ROM (132) and to the non-volatile security identification element (140) to selectively execute boot code depending on the non-volatile information of the non-volatile security identification element (140). Other technology such as processors, methods of operation, processes of manufacture, wireless communications apparatus, and wireless handsets are also disclosed.

Devices and techniques for efficient host assisted logical-to-physical (L2P) mapping are described herein. For example, a command can be executed that results in a change as to which physical address of a memory device corresponds to a logical address. The change can be obfuscated as part of an obfuscated L2P map for the memory device and written to storage on the memory device. The change can then be provided a host from the storage.

Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.