A High Performance Computing (HPC) machine comprising several computing processors interconnected through at least one network, and at least one primary management unit, in a vicinity of at least one computing processor. The at least one primary management unit powers on the at least one processor. The at least one primary management unit (comprises a random data item generator, and a secure storage memory for storing a secret data item, common to all computing processors of the HPC machine, and used for authentication of each computing processor of the HPC machine for data exchange in the HPC machine.

A method of protecting confidentiality of air-gapped logs comprises: generating, during a first log processing cycle, a data processor key and a drive encryption key, wherein the data processor key and the drive encryption key are unique to a log drive mounted to at least one computer processor; wrapping the drive encryption key with the computer processor key; storing the drive encryption key wrapped by the computer processor key in a database, where the database is mapped to data uniquely identifying the log drive; wrapping the drive encryption key with a default key that is known to at least one originator device; wiping the log drive; and writing the drive encryption key wrapped by the default key to the log drive. Some methods described also include a method of processing logs by an originator. Systems and computer program products are also provided.

An embodiment of an IC is provided. The IC includes a memory, a controller, an intrusion detector and a memory clear circuit. The memory is configured to store sensitive data. The controller is configured to access the memory. The intrusion detector is configured to detect whether an intrusion event is present in response to an input signal. The memory clear circuit is configured to clear the sensitive data of the memory when the intrusion detector detects the intrusion event.

An example operation includes one or more of determining a portion of memory in a transport for storing sensitive temporary data, setting a hardware threshold of a maximum number of reads of the data from the portion of memory, and clearing the data from the portion of memory with a hardware-enabled trigger in response to the maximum number of reads is reached.

A method, computer program product, and computing system for receiving a selection of one or more secure snapshots to remove from a storage system. A snapshot deletion key may be received from the storage system. The selection of the one or more secure snapshots and the snapshot deletion key may be provided to a storage system support service. A snapshot deletion response may be received from the storage system support service. The snapshot deletion response and the selection of the one or more secure snapshots may be authenticated via the storage system. In response to authenticating the snapshot deletion response and the selection of the one or more secure snapshots, the one or more secure snapshots may be unlocked for deletion.

An information processor that keeps confidential information existing in an own device, and includes: a storage that saves data and encrypts the data with an encryption key; first non-secure memory for saving the encryption key; second secure memory that can be mounted additionally to save the encryption key; a display that shows various setting menus; an inputter with which a user makes various types of input; and a controller that controls saving of the encryption key and displaying on the display. When an instruction to save the encryption key in the second memory is input to the inputter in a state where the storage is encrypted and the second memory is mounted, the controller saves the encryption key in the second memory.

Apparatuses and methods related to memory disablement for memory security. Disabling the memory for memory security can include, responsive to receiving a trigger signal, provide a voltage, which may be in excess of an operating or nominal voltage, to the access circuitry. The voltage may thus be sufficient to render the access circuitry inoperable for accessing data stored in the memory array.

This disclosure is directed to embodiments of systems and methods for containerizing files and managing policy data applied to the resulting containers. In some of the disclosed embodiments, a computing system determines that a file stored in storage medium is to be included in a container to be sent to at least one computing component associated with a device including a user interface. The computing system determines that the file is of a particular type and also determines code that can be used to access files of the particular type. The computing system combines the file and the code into the container such that container is configured to be executed by the at least one computing component so as to cause content of the file to be presented by the user interface. The computing system then sends the container to the at least one computing component. In some implementations, the container may further include policy information defining at least one of whether, how, where, when, or by whom the file can be accessed using the code. A communication link may be established between the computing system and the container at the at least one computing component and an instruction may be sent via the communication link that causes a change to the policy information.

An input switching circuit dynamically connects, based on an input mapping table, input streams to inputs of a wavefront pre-transform circuit. An output switching circuit dynamically connects, based on an output mapping table, output data at outputs of the wavefront pre-transform circuit to transport streams. A controller controls, based on a wiping command, at least one of the input and output switching circuits to alter at least one of the input and output mapping tables such that the at least one of the input and output switching circuits is disabled for connection. A first subset of the transport streams operates in a foreground mode available to a user and is transported for storage in remote storage sites at a network and a second subset of the transport streams operates in a background mode available to an administrator and is not transported for storage in the remote storage sites.

A computing device includes an intrusion switch and a battery-backed volatile memory. The battery-backed volatile memory is configured to indicate a physical intrusion when the physical intrusion is detected by the intrusion switch. The triggering of the intrusion switch interrupts a power supply to the battery-backed volatile memory. A method of detecting hardware intrusion in a computing device is also described.