A method includes receiving a command, from a host, to an address of a memory device, the command comprising a different address. The method also includes determining based on the address whether to perform a hash operation and, responsive to determining to perform the hash operation, accessing data stored in memory cells having the different address. The method further includes performing the hash operation using the data to generate a signature for the data and providing the host access to the signature to determine whether the data is duplicate data.

An integrated circuit, comprising: a volatile memory module configured to store a cryptographic key; a capacitor array for providing power to the volatile memory module; and a power switching logic arranged to connect and disconnect the memory module from the capacitor array, the power switching logic being configured to operate in at least one of a first operating mode and a second operating mode, wherein, when the power switching logic operates in the first operating mode, the power switching logic is configured to disconnect the capacitor array from the volatile memory module in response to detecting a change of state of a break line, and, when the power switching logic operates in the second operating mode, the power switching logic is configured to disconnect the capacitor array from the volatile memory module in response to detecting that a voltage at a connection terminal of the integrated circuit exceeds a threshold.

Techniques involving migrating authenticated content on a network towards the consumer of the content. One representative technique includes a network node receiving an encrypted seed having at least a location of the user data at a network service that stores the user data, and a cryptographic key to access the user data. The seed is received in response to a user login attempt to the network service. The user data is requested from the location using at least the received cryptographic key. The method further includes receiving and storing the user data at the network node, where the network node is physically closer to a location of the user than is the location of the network service. If the user is successfully authenticated, user access is provided to the stored user data at the network node rather than from the network service.

The present disclosure provides an off-chip memory address scrambling apparatus and method for a system on chip. The apparatus includes a true random number generator, a key memory and an on-chip security controller. The on-chip security controller is connected to the true random number generator, the key memory and an off-chip memory respectively and is configured to read or write data in the off-chip memory and perform address scrambling processing on the data. The on-chip security controller includes: a memory interface module, and an address scrambling module configured to read a random key stored in the key memory, to select according to a valid/invalid state of the random key to directly invoke the read random key or read again a random key that is generated by the true random number generator and stored into the key memory, and then to perform according to the random key scrambling algorithm processing on an unscrambled address inputted by the memory interface module to form a scrambled address, and output the scrambled address to an address scrambling module of the off-chip memory. The present disclosure can improve the security while high efficiency.

A method for the interception-proof transmission of at least one cryptographic parameter from a user to an encrypted offline storage medium, comprising steps of: cloaking an upward portion of a substrate with an upper plate, characterized in that said upper plate comprises a multitude of indicia, wherein each indicium has a corresponding manipulation indicator; sequentially positioning a manipulation apparatus over one or more of the manipulation indicators; mechanically manipulating the substrate, after each sequential positioning of the manipulation apparatus, using said manipulation apparatus, characterized in that the manipulation indicator of the desired indicium overlaps with one mechanical manipulation unit of the substrate; and deconstructing said substrate in two or more complementary units, characterized in that said complementary units each comprises at least one mechanical manipulation unit administered by the manipulation apparatus.

In some examples, a device includes a set of data storage elements, wherein each data storage element of the set of data storage elements is associated with a respective valid address vector, and wherein a bit flip in any bit of any of the valid address vectors leads to one of a set of invalid address vectors not associated with any of the set of data storage elements. The device also includes a decoder configured to receive a first address vector as part of a request and to check whether the first address vector corresponds to one of the valid address vectors or to one of the invalid address vectors. The decoder is also configured to select an associated data storage element in response to receiving the request and in response to determining that the first address vector corresponds to one of the valid address vectors.

Systems and methods are disclosed for determining segments of online users from a correlated dataset. One method includes receiving, over a network, a plurality of datasets including user-related data of a plurality of users, each dataset being transmitted from a data owner; correlating, by at least one processor, the plurality of datasets into a correlated dataset; receiving a segmentation request for determining a plurality of users that qualify for a segment, the segmentation request including a set of segment rules to apply to the correlated dataset; determining, by accessing the correlated dataset, whether each user of the plurality of users qualifies for the segment based on the segment rule; and storing an indication of the segment in the correlated dataset for each user determined to qualify for the segment.

A method, a computer program product, and a system for initializing components to monitor for unauthorized encryptions of filesystem objects stored on a computing system. The method includes configuring an encryption monitor register to establish monitoring preferences of filesystem objects and allocating a predetermined size of persistent memory as a backup memory area for storing pre-encrypted versions of the filesystem objects. The method also includes inserting a starting address of the backup memory area in data bits of the encryption monitor register, and setting encryption monitor bits of page table entries in a hardware page table that correspond to at least one filesystem object, thereby establishing encryption monitoring of the filesystem object.

An exemplary method includes a data protection system detecting one or more delete requests to delete one or more recovery datasets of a storage system, determining that the one or more delete requests are inconsistent with a recovery dataset deletion pattern associated with the storage system, and determining, based on the determining that the one or more delete requests are inconsistent with the recovery dataset deletion pattern, that data stored by the storage system is possibly being targeted by a security threat.

Technologies for secure I/O data transfer include a computing device having a processor and an accelerator. Each of the processor and the accelerator includes a memory encryption engine. The computing device configures both memory encryption engines with a shared encryption key and transfers encrypted data from a source component to a destination component via an I/O link. The source may be processor and the destination may be the accelerator or vice versa. The computing device may perform a cryptographic operation with one of the memory encryption engines and bypass the other memory encryption engine. The computing device may read encrypted data from a memory of the source, bypass the source memory encryption engine, and transfer the encrypted data to the destination. The destination may receive encrypted data, bypass the destination memory encryption engine, and store the encrypted data in a memory of the destination. Other embodiments are described and claimed.