A secure engine method includes providing an embedded microcontroller in an embedded device, the embedded microcontroller having internal memory. The method also includes providing a secure environment in the internal memory. The secure environment method recognizes a boot sequence and restricts user-level access to the secure environment by taking control over the secure environment memory. Taking such control may include disabling DMA controllers, configuring at least one memory controller for access to the secure environment, preventing the execution of instructions fetched from outside the secure environment, and only permitting execution of instructions fetched from within the secure environment. Secure engine program instructions are then executed to disable interrupts, perform at least one secure operation, and re-enable interrupts after performing the at least one secure operation. Control over the secure environment memory is released, which can include clearing memory, re-enabling DMA controllers, and restoring memory controller parameters.

Apparatuses, methods, systems, and program products are disclosed to securely erase user data using storage regions on a shared computing device. Memory stores code executable by the processor. The code is executable to configure a nonvolatile storage device of a shared device that may be used by multiple users but is exclusively used by one user at a time. The nonvolatile storage device has shared files storing system data and a data region storing user data associated with a user. The code executes to assign read-only privileges to the system region and read-write privileges to the data region before sharing the device with the user. Requests to write data to the nonvolatile storage device while the device is shared are serviced on the data region. When the user returns the shared device to the originator the code executes to erase the data region.

The disclosure relates to a method for enabling the secure functions of a chipset (1) and especially the encryption of the content of the secure memory (7) when the device goes into low power mode. The content of the secure memory (7) may be encrypted and stored in an external memory (20) during low power mode of the chipset (1).

According to one embodiment, a memory system includes a non-volatile memory with a plurality of blocks. The minimum unit of a data erasing operation in the memory system is a block. A controller is electrically connected to the non-volatile memory and configured to execute, in response to a first command from a host requesting a secure erase of secure erase target data stored in a first logical area identified by a first logical area identifier, a copy operation copying valid data other than any secure erase target data from one or more first blocks of the plurality in which the secure erase target data is stored to one or more copy destination blocks of the plurality. The controller executes the data erasing operation on the one or more first blocks after the copy operation.

A system for suspending a computing device suspected of being infected by a malicious code is configured to receive a signal to initiate a suspension procedure of the computing device. The system captures states of instructions that are being executed by a processor of the computing device, where the instructions comprise the malicious code. The system prioritizes the operation of a kill switch button over the instructions being executed by the processor. The system sends notification signals to servers managing a user account associated with a user currently logged in at the computing device, indicating that the computing device is suspected of having been infected by the malicious code. In response to sending the notification signals to the servers, the user account is suspended. The system terminates network connections of the computing device such that the computing device is disconnected from other devices.

Technologies are described herein for remotely configuring multi-mode dual in-line memory modules (“multi-mode DIMMs”) using a firmware or a baseboard management controller (“BMC”). Technologies are also described for simultaneously initiating multiple commands for configuring multi-mode DIMMs using a BMC and for updating inventory data regarding multi-mode DIMMs stored by a BMC.

A process for preserving chain of custody for digital evidence captured at a portable device. The portable device transmits a request to upload the digital evidence to the cloud server via an intermediary storage device. The request includes digitally signed evidence metadata with data integrity code and authentication credentials. The portable device receives a response indicating approval to upload the digital evidence to the cloud server via the intermediary storage device. The portable device transmits the digital evidence to the intermediary storage device for uploading to the cloud server, and further transmits a request for approval to delete the digital evidence from the portable device. The portable device deletes the digital evidence only after receiving a response from the cloud server indicating an approval to delete the digital evidence from the portable device.

A network-compatible device with a security function for destroying user data includes the a signal input configured to receive a control signal and a configuration signal; a memory configured to store first user data; and a controller configured, upon receipt of the control signal, to carry out a safety function which destroys the first user data in the memory. The network-capable device is inoperable when the first user data is destroyed, and the controller is further configured, upon receipt of the configuration signal, which includes second user data, to store the second user data in the memory to enable the network-compatible device to operate based on the second user data.

Apparatuses, methods, systems, and program products are disclosed for digital password protection. An apparatus includes a processor and a memory that stores code executable by the processor. The memory stores code executable by the processor to monitor a volatile data storage area for data written to and read from the volatile data storage area. The memory stores code executable by the processor to, in response to data being one of written to and read from the volatile data storage area, analyze the data to identify a potential password. The memory stores code executable by the processor to perform one or more actions for protecting the identified potential password prior to the potential password being one of written to and read from the volatile data storage area.

Reversing deletion of a virtual machine including managing, by a storage system, a repository of virtual machine snapshots on a datastore; receiving, by the storage system, a request to recover a deleted virtual machine from the datastore; accessing, by the storage system, the repository of virtual machine snapshots on the datastore to generate a list of deleted virtual machines associated with virtual machine snapshots in the repository of virtual machine snapshots; receiving, by the storage system, a selection of one of the deleted virtual machines in the list of deleted virtual machines; and recovering, by the storage system, the selected deleted virtual machine using a virtual machine snapshot for the selected deleted virtual machine.