Technologies disclosed herein provide cryptographic computing with cryptographically encoded pointers in multi-tenant environments. An example method comprises executing, by a trusted runtime, first instructions to generate a first address key for a private memory region in the memory and generate a first cryptographically encoded pointer to the private memory region in the memory. Generating the first cryptographically encoded pointer includes storing first context information associated with the private memory region in first bits of the first cryptographically encoded pointer and performing a cryptographic algorithm on a slice of a first linear address of the private memory region based, at least in part, on the first address key and a first tweak, the first tweak including the first context information. The method further includes permitting a first tenant in the multi-tenant environment to access the first address key and the first cryptographically encoded pointer to the private memory region.

The present technology pertains to a organization directory hosted by a synchronized content management system. The corporate directory can provide access to user accounts for all members of the organization to all content items in the organization directory on the respective file systems of the members' client devices. Members can reach any content item at the same path as other members relative to the organization directory root on their respective client device. In some embodiments novel access permissions are granted to maintain path consistency.

A system and method for distributing data over a plurality of remote storage nodes. Data are split into segments and each segment is encoded into a number of codeword chunks. None of the codeword chunks contains any of the segments. Each codeword chunk is packaged with at least one encoding parameter and identifier, and metadata are generated for at least one file and for related segments of the at least one file. The metadata contains information to reconstruct from the segments, and information for reconstructing from corresponding packages. Further, metadata are encoded into package(s), and correspond to a respective security level and a protection against storage node failure. A plurality of packages are assigned to remote storage nodes to optimize workload distribution. Each package is transmitted to at least one respective storage node as a function iteratively accessing and retrieving the packages of metadata and file data.

Methods, systems, and devices for command block management are described. A memory device may receive a command (e.g., from a host device). The memory device may determine whether the command is defined by determining if the command is included within a set of defined commands. In the case that a received command is absent from the set of defined commands (e.g., the command is undefined), the memory device may block the command from being decoded for execution by the memory device. In some cases, the memory device may switch from a first operation mode to a second operation mode based on receiving an undefined command. The second operation mode may restrict an operation of the memory device, while the first mode may be less restrictive, in some cases. Additionally or alternatively, the memory device may indicate the undefined command to another device (e.g., the host device).

A system includes a plurality of data input ports, each port corresponding to one of a plurality of different levels of security classification; a security device, configured for cryptographic processing, coupled to receive incoming data from each of the plurality of input ports, wherein the incoming data includes first data having a first classification level; a key manager configured to select and tag-identified first set of keys from a plurality of key sets, each of the key sets corresponding to one of the different levels of security classification, wherein the first set of keys is used by the security device to encrypt the first data; and a common encrypted data storage, coupled to receive the encrypted first data from the security device for storage.

Provided is a control method of controlling locking or unlocking of storage using a blockchain. The control method includes: determining, when first request information indicating a lock/unlock request, that is a lock request or an unlock request, is received from a terminal, whether a keyholder identified by reading keyholder information stored in the blockchain matches an owner of the terminal that has transmitted the first request information, the keyholder information indicating a person having the authority to lock or unlock the storage; performing lock/unlock processing when the keyholder is determined to match the owner, the lock/unlock processing being processing for causing the storage to lock or unlock in accordance with the first request information; and performing first storage processing after the lock/unlock processing is performed, the first storage processing being processing of storing, in the blockchain, transaction data indicating that the lock/unlock processing has been performed.

Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.

In some embodiments, a system for synchronizing content with client devices receives a request from a client device to synchronize operations pertaining to content items associated with a user account registered at the system. The request can include the operations and a cursor identifying a current position of the client in a journal of revisions on the system. Based on the operations, the system generates linearized operations associated with the content items. The linearized operations can include a respective operation derived for each of the content items from one or more of the operations. The system converts each respective operation in the linearized operations to a respective revision for the journal of revisions and, based on the cursor, determines whether the respective revision conflicts with revisions in the journal. When the respective revision does not conflict with revisions in the journal, the system adds the respective revision to the journal.

Systems, methods, and circuitries are disclosed for a per-process memory encryption system. At least one translation lookaside buffer (TLB) is configured to encode key identifiers for keys in one or more bits of either the virtual memory address or the physical address. The process state memory configured to store a first process key table for a first process that maps key identifiers to unique keys and a second process key table that maps the key identifiers to different unique keys. The active process key table memory configured to store an active key table. In response to a request for data corresponding to a virtual memory address, the at least one TLB is configured to provide a key identifier for the data to the active process key table to cause the active process key table to return the unique key mapped to the key identifier.

Memory devices, systems including memory devices, and methods of operating memory devices are described, in which security measures may be implemented to control access to a fuse array (or other secure features) of the memory devices based on a secure access key. In some cases, a customer may define and store a user-defined access key in the fuse array. In other cases, a manufacturer of the memory device may define a manufacturer-defined access key (e.g., an access key based on fuse identification (FID), a secret access key), where a host device coupled with the memory device may obtain the manufacturer-defined access key according to certain protocols. The memory device may compare an access key included in a command directed to the memory device with either the user-defined access key or the manufacturer-defined access key to determine whether to permit or prohibit execution of the command based on the comparison.