According to one embodiment, a memory system includes a nonvolatile memory and a controller. In response to receiving from a host a write request designating a first address for identifying data to be written, the controller encrypts the data with the first address and a first encryption key, and writes the encrypted data to the nonvolatile memory together with the first address. In response to receiving from the host a read request designating a physical address indicative of a physical storage location of the nonvolatile memory, the controller reads both the encrypted data and the first address from the nonvolatile memory on the basis of the physical address, and decrypts the read encrypted data with the first encryption key and the read first address.

In different example embodiments, a system-on-chip is provided. The system-on-chip can have a control circuit with a plurality of control circuit areas, wherein the control circuit is configured to control a device, a security circuit which has a separately secured key memory and a hardware accelerator for cryptographic operations, wherein the security circuit is configured to electively enable either a read-only access or a read and write access to at least one of the control circuit areas, wherein the security circuit is furthermore configured to provide a communication path by means of the key memory and the hardware accelerator for the secured communication with a diagnostic system disposed outside the security circuit, to make the selection between the read access and the read and write access to the at least one selected area of the control circuit depending on a certificate supplied to the security circuit and authenticated by means of information stored in the key memory, and to execute the read access or the read and write access.

Memory devices, systems including memory devices, and methods of operating memory devices are described, in which security measures may be implemented to control access to a fuse array (or other secure features) of the memory devices based on a secure access key. In some cases, a customer may define and store a user-defined access key in the fuse array. In other cases, a manufacturer of the memory device may define a manufacturer-defined access key (e.g., an access key based on fuse identification (FID), a secret access key), where a host device coupled with the memory device may obtain the manufacturer-defined access key according to certain protocols. The memory device may compare an access key included in a command directed to the memory device with either the user-defined access key or the manufacturer-defined access key to determine whether to permit or prohibit execution of the command based on the comparison.

The disclosed technology relates to a system configured to detect a modification to a node in a tree data structure. The node is associated with a content item managed by a content management service as well as a filename. The system may append the filename and a separator to a filename array, determine a location of the filename in the filename array, and store the location of the filename in the node.

Described herein are systems, methods, and products utilizing a cache coherent switch on chip. The cache coherent switch on chip may utilize Compute Express Link (CXL) interconnect open standard and allow for multi-host access and the sharing of resources. The cache coherent switch on chip provides for resource sharing between components while independent of a system processor, removing the system processor as a bottleneck. Cache coherent switch on chip may further allow for cache coherency between various different components. Thus, for example, memories, accelerators, and/or other components within the disclose systems may each maintain caches, and the systems and techniques described herein allow for cache coherency between the different components of the system with minimal latency.

An apparatus and method for tagged memory management. For example, one embodiment of a processor comprises: execution circuitry to execute instructions and process data, at least one instruction to generate a system memory access request having a first address pointer; and address translation circuitry to determine whether to translate the first address pointer with or without metadata processing, wherein if the first address pointer is to be translated with metadata processing, the address translation circuitry to: perform a lookup in a memory metadata table to identify a memory metadata value, determine a pointer metadata value associated with the first address pointer, and compare the memory metadata value with the pointer metadata value, the comparison to generate a validation of the memory access request or a fault condition, wherein if the comparison results in a validation of the memory access request, then accessing a set of one or more address translation tables to translate the first address pointer to a first physical address and to return the first physical address responsive to the memory access request.

An apparatus is provided for determining, for use in a tag-guarded memory, a selected tag value from a plurality of tag values. The apparatus comprises ordered list generation circuitry to receive an excluded tag vector comprising a plurality of fields, where each field is associated with a tag value and identifies whether the associated tag value is excluded from use. The ordered list generation circuitry is arranged to generate, from the excluded tag vector, an ordered list of non-excluded tag values. The apparatus further comprises count determination circuitry to determine, using the excluded tag vector and an identified start tag value, a count value indicative of a number of non-excluded tag values occurring in a region of the excluded tag vector bounded by an initial field and a field corresponding to the start tag value. The apparatus also comprises tag selection circuitry to determine the selected tag value from the ordered list based on the count value and an identified offset which indicates a required number of non-excluded tag values between the start tag value and the selected tag value.

A system includes a memory device configured to store data at addressable locations in the memory device, a physically unclonable function (PUF) device including an array of PUF elements, and a memory interface coupled to the memory device and the PUF device. The memory interface is configured to receive a request to store first data in the memory device, store the first data in the memory device at a first location of the memory device, and transmit the first data and the first location to the PUF device. The PUF device is configured to create a first challenge value using the first data and the first location, generate a first response value using the first challenge value, and store the first response value as a first data integrity tag in the memory device, wherein the first data integrity tag is associated with the first data.

Embodiments relate to a system, program product, and method for protecting cache access in a multi-tenant environment, and, more specifically, for allowing access to specified data, encrypted or unencrypted, in a shared cache to authorized tenants, while denying access to the data for unauthorized tenants. The system includes a server including one or more shared cache and a plurality of tenant devices coupled to the server. The server is configured to run one or more applications thereon, where each tenant has access to one or more authorized instances of the applications. The system also includes a cache proxy coupled to the tenant devices and the shared cache. The cache proxy facilitates enforcing one or more schemes to provide for separation of data for authorized tenants and their users using the shared cache from unauthorized tenants and users.

Memory devices, systems including memory devices, and methods of operating memory devices are described, in which security measures may be implemented to control access to a fuse array (or other secure features) of the memory devices based on a secure access key. In some cases, a customer may define and store a user-defined access key in the fuse array. In other cases, a manufacturer of the memory device may define a manufacturer-defined access key (e.g., an access key based on fuse identification (FID), a secret access key), where a host device coupled with the memory device may obtain the manufacturer-defined access key according to certain protocols. The memory device may compare an access key included in a command directed to the memory device with either the user-defined access key or the manufacturer-defined access key to determine whether to permit or prohibit execution of the command based on the comparison.