Implementations provide self-consistent, temporary, secure storage of information. An example system includes short-term memory storing a plurality of key records and a cache storing a plurality of data records. The key records and data records are locatable using participant identifiers. Each key record includes a nonce and each data record includes an encrypted portion. The key records are deleted periodically. The system also includes memory storing instructions that cause the system to receive query parameters that include first participant identifiers and to obtain a first nonce. The first nonce is associated with the first participant identifiers in the short-term memory. The instructions also cause the system to obtain data records associated with the first participant identifiers in the cache, to build an encryption key using the nonce and the first participant identifiers, and to decrypt the encrypted portion of the obtained data records using the encryption key.

An apparatus is provided for determining, for use in a tag-guarded memory, a selected tag value from a plurality of tag values. The apparatus comprises ordered list generation circuitry to receive an excluded tag vector comprising a plurality of fields, where each field is associated with a tag value and identifies whether the associated tag value is excluded from use. The ordered list generation circuitry is arranged to generate, from the excluded tag vector, an ordered list of non-excluded tag values. The apparatus further comprises count determination circuitry to determine, using the excluded tag vector and an identified start tag value, a count value indicative of a number of non-excluded tag values occurring in a region of the excluded tag vector bounded by an initial field and a field corresponding to the start tag value. The apparatus also comprises tag selection circuitry to determine the selected tag value from the ordered list based on the count value and an identified offset which indicates a required number of non-excluded tag values between the start tag value and the selected tag value.

A method can include storing first instruction data in a first region of a nonvolatile memory device; mapping addresses of the first region to predetermined memory address spaces of a processor device; executing the first instruction data from the first region with the processor device; receiving second instruction data for the processor device. While the first instruction data remains available to the processor device, the second instruction data can be written into a second region of the nonvolatile memory device. By operation of the processor device, addresses of the second region can be remapped to the predetermined memory address spaces of the processor device; and executing the second instruction data from the second region with the processor device.

A storage system and method for host memory access are provided. In one embodiment, a storage system is provided comprising a memory and a controller. The controller is configured to receive a write command from the host that is recognized by the storage system as a read host memory command; in response to receiving the write command, send an identification of a location in the host memory to the host; and receive, from the host, data that is stored in the location in the host memory. Other embodiments are provided.

A data access manager is provided on a computing device to manage access to secure files stored in memory. The data access manager intercepts function calls from applications to the memory management unit and determines whether an application is allowed to access secure data stored in the memory of the computing device. When an initial request to map the data is received, the data access manager maps both secure data and clear data, obtaining pointers to both secure and clear data. When an application has permission to access the requested data, the data access manager returns the pointer to the clear data. When an application does not have permission to access the requested data, the data access manager returns the pointer to the secure data.

An embodiment of an integrated circuit comprises circuitry to store memory protection information for a non-host memory in a memory protection cache, and perform one or more memory protection checks on a translated access request for the non-host memory based on the stored memory protection information. Other embodiments are disclosed and claimed.

An example authentication device disclosed herein is to access a message received via a wireless interface from an adapter, the message to indicate that a host device has connected to the adapter, the host device different from the authentication device. The disclosed example authentication device is also to determine whether to allow the host device to access a storage device. The disclosed example authentication device is further to transmit authentication data to the adapter via the wireless interface, the authentication data to specify whether the host device is allowed to access the storage device.

An example method for restricting read access to content in the component circuitry and securing data in the supply item is disclosed. The method identifies the status of a read command, and depending upon whether the status disabled or enabled, either blocks the accessing of encrypted data stored in the supply chip, or allows the accessing of the encrypted data stored in the supply chip.

An computer-implemented method according to examples includes receiving, by a secure interface control of a computing system, a request by a requestor to access a page in a memory of the computing system. The method further includes, responsive to determining that the requestor is a non-secure requestor and responsive to a secure-storage bit being set, prohibiting access to the page without performing an authorization check. The method further includes, responsive to determining that the requestor is a secure requestor, performing the authorization check.

Embodiments are directed to trusted local memory management in a virtualized GPU. An embodiment of an apparatus includes one or more processors including a trusted execution environment (TEE); a GPU including a trusted agent; and a memory, the memory including GPU local memory, the trusted agent to ensure proper allocation/deallocation of the local memory and verify translations between graphics physical addresses (PAs) and PAs for the apparatus, wherein the local memory is partitioned into protection regions including a protected region and an unprotected region, and wherein the protected region to store a memory permission table maintained by the trusted agent, the memory permission table to include any virtual function assigned to a trusted domain, a per process graphics translation table to translate between graphics virtual address (VA) to graphics guest PA (GPA), and a local memory translation table to translate between graphics GPAs and PAs for the local memory.