Systems and methods authenticate storage devices. In one implementation, a computer-implemented method is provided for authenticating a storage device. According to the method, a manifest that identifies a destination is receive. A transfer station reads a digital signature from the storage device. The digital signature is validated and, based on the validation of the digital signature, a transfer of one or more files from the storage device via the transfer station is authorized to the destination identified in the manifest.

When having detected that key data set to an accelerator by command information is not key data permitted to use, a monitor unit issues, to a storage control unit, a suspension request for suspending processing related to writing of data, a compute unit having received an instruction from an application program reads data from the storage device, encrypts read data using the accelerator, and issues, to the storage control unit, an instruction to write encrypted data to the storage device, and when having received the suspension request, the storage control unit suspends processing related to writing of data to the storage device.

The present disclosure provides a secure booting method, apparatus, device for an embedded program and a storage medium. The method includes: when a boot program is running, acquiring data of an application program, including signature information, public key information, parameter information, encrypted data, and a digital check code; performing signature check according to the signature information; performing integrity check according to the digital check code if the signature check passes; and performing data decryption according to the public key information and the parameter information if the integrity check passes. The present disclosure may improve information security.

According to one embodiment, a memory system includes a nonvolatile memory and a controller. In response to receiving from a host a write request designating a first address for identifying data to be written, the controller encrypts the data with the first address and a first encryption key, and writes the encrypted data to the nonvolatile memory together with the first address. In response to receiving from the host a read request designating a physical address indicative of a physical storage location of the nonvolatile memory, the controller reads both the encrypted data and the first address from the nonvolatile memory on the basis of the physical address, and decrypts the read encrypted data with the first encryption key and the read first address.

Various examples are directed to systems and methods for managing a memory system. The memory system may generate a first encrypted physical address using a first clear physical address. The memory system may generate a first encrypted logical-to-physical (L2P) pointer indicating the first logical address and a first encrypted physical address. The memory system may send the first encrypted L2P pointer to a host device for storage at a host memory.

Apparatus and methods for encrypting captured media. In one embodiment, the method includes capturing media data via use of a lens of an image capture apparatus; obtaining a number used only once (NONCE) value from the captured media data; obtaining an encryption key for use in encryption of the captured media data; using the obtained NONCE value and the obtained encryption key for encrypting the captured media data; and storing the encrypted media data. In some variants, the media is encrypted prior to storage, thereby obviating any instances in which the captured media data resides in a wholly unencrypted instance. Apparatus and methods for decrypting encrypted captured media are also disclosed.

An application-specific integrated circuit (ASIC) and method are provided for executing a memory-hard algorithm requiring reading generated data. A processor or state machine executes one or more steps of the memory-hard algorithm and requests the generated data. At least one specialized circuit is provided for generating the generated data on demand in response to a request for the generated data from the processor. Specific embodiments are applied to memory-hard cryptographic algorithms, including Ethash and Equihash.

Example methods and systems are directed to reducing latency in providing trusted execution environments (TEEs). Initializing a TEE includes multiple steps before the TEE starts executing. Besides workload-specific initialization, workload-independent initialization is performed, such as adding memory to the TEE. In function-as-a-service (FaaS) environments, a large portion of the TEE is workload-independent, and thus can be performed prior to receiving the workload. Certain steps performed during TEE initialization are identical for certain classes of workloads. Thus, the common parts of the TEE initialization sequence may be performed before the TEE is requested. When a TEE is requested for a workload in the class and the parts to specialize the TEE for its particular purpose are known, the final steps to initialize the TEE are performed.

Systems and methods for memory management for virtual machines. An example method may comprise running, by a host computer system, a Level 0 hypervisor managing a Level 1 virtual machine running a Level 1 hypervisor which manages a Level 2 virtual machine. The Level 1 hypervisor may detecting execution of an operation that prevents modification to a set of entries in a Level 2 page table and generate a shadow page table where each shadow page table entry of the plurality of shadow page table entries maps a Level 2 guest virtual address of a Level 2 address space associated with the Level 2 virtual machine to a corresponding Level 1 guest physical address of a Level 1 address space associated with the Level 1 virtual machine. The Level 0 hypervisor may generate a Level 0 page table.

In an information processing apparatus, a second central processing unit (CICU) uses an alteration detection program stored in a second memory to perform alteration detection on a program to be executed at a time of activation of a first CPU stored in a first memory. In a case where no alteration is detected in the program to be executed at the time of activation, the second CPU activates the first CPU using the program to be executed at the time of activation, and uses the activated first CPU to switch a program to be executed by the second CPU from the alteration detection program stored in the second memory to another processing program stored in the first memory.