According to one embodiment, a key search circuit includes a hit determination circuit that determines whether a key search request hits a content stored in a search result buffer, and an update determination circuit that determines whether to update the content stored in the search result buffer. When the hit determination circuit determines that the key search request hits the search result buffer, the key search circuit outputs the search result stored in the search result buffer to an encryption/decryption circuit. When the update determination circuit determines to update the search result buffer, the key search circuit updates the content stored in the search result buffer with the key search request and a search result obtained from a range table.

An apparatus comprising memory access circuitry to perform a tag-guarded memory access in response to a received target address and methods of operation of the same are disclosed. In the tag-guarded memory access a guard-tag retrieval operation seeks to retrieve a guard tag stored in association with a block of one or more memory locations comprising an addressed location identified by the received target address, and a guard-tag check operation compares an address tag associated with the received target address with the guard tag retrieved by the guard-tag retrieval operation. When the guard-tag retrieval operation is unsuccessful in retrieving the guard tag, a substitute guard tag value is stored as the guard tag in association with the block of one or more memory locations comprising the addressed location identified by the target address.

A self-encrypting drive (SED) comprises an SED controller and a nonvolatile storage medium (NVSM) responsive to the SED controller. The SED controller enables the SED to perform operations comprising: (a) receiving an encrypted media encryption key (eMEK) for a client; (b) decrypting the eMEK into an unencrypted media encryption key (MEK); (c) receiving a write request from the client, wherein the write request includes data to be stored and a key tag value associated with the MEK; (d) using the key tag value to select the MEK for the write request; (e) using the MEK for the write request to encrypt the data from the client; and (f) storing the encrypted data in a region of the NVSM allocated to the client. Other embodiments are described and claimed.

Techniques performed by a data processing system for caching data herein include initializing a single instance of a persisted cache service on the data processing system, receiving data requests from a plurality of single page applications (SPAs) on the data processing system, processing the data requests using the persisted cache service to obtain requested data from a cache implemented on the data processing system or from one or more remote data sources via a network connection, and providing the requested data obtained from the cache or the one or more remote data sources to an SPA of the plurality of SPAs from which each data request originated.

The present technology pertains to a organization directory hosted by a synchronized content management system. The corporate directory can provide access to user accounts for all members of the organization to all content items in the organization directory on the respective file systems of the members' client devices. Members can reach any content item at the same path as other members relative to the organization directory root on their respective client device. In some embodiments novel access permissions are granted to maintain path consistency.

According to one embodiment, a storage system includes a processor, a storage device, and a first memory. The storage device includes a nonvolatile memory, a control circuit, and a second memory. The processor retrieves, based on a retrieval key and retrieval information stored in the first memory, location information of data including the retrieval key and a value, and transmits the location information and the retrieval key to the control circuit. The control circuit reads the data from the nonvolatile memory based on the location information and the retrieval key, stores the data in the second memory, retrieves the value corresponding to the retrieval key from the data, and transmits the value to the processor.

In one embodiment, the method includes receiving, at a storage device, a request. The request includes a request message authentication code and write protect information. The write protect information includes at least one of start address information and length information. The start address information indicates a logical block address at which a memory area in a non-volatile memory of the storage device starts, and the length information indicates a length of the memory area. The method also includes generating, at the storage device, a message authentication code based on (1) at least one of the start address information and the length information, and (2) a key stored at the storage device; authenticating, at the storage device, the request based on the generated message authentication code and the request message authentication code; and processing, at the storage device, the request based on a result of the authenticating.

Methods, systems, and devices for command block management are described. A memory device may receive a command (e.g., from a host device). The memory device may determine whether the command is defined by determining if the command is included within a set of defined commands. In the case that a received command is absent from the set of defined commands (e.g., the command is undefined), the memory device may block the command from being decoded for execution by the memory device. In some cases, the memory device may switch from a first operation mode to a second operation mode based on receiving an undefined command. The second operation mode may restrict an operation of the memory device, while the first mode may be less restrictive, in some cases. Additionally or alternatively, the memory device may indicate the undefined command to another device (e.g., the host device).

An access request is received. The access request comprises a physical page address corresponding to a primary memory block of a memory device, an input security key, and a logical page address corresponding to the physical page address. The input security key is provided as input to a (CAM) block that stores a plurality of security keys to verify that the input security key matches a stored security key. A location of the stored security key is checked to verify that it corresponds to the logical page address included in the access request based a predetermined mapping. Based on verifying that the stored security key corresponds to the logical page address included in the access request, the physical page address corresponding to the primary memory block is accessed.

Enforcing memory operand types using protection keys is generally described herein. A processor system to provide sandbox execution support for protection key rights attacks includes a processor core to execute a task associated with an untrusted application and execute the task using a designated page of a memory; and a memory management unit to designate the page of the memory to support execution of the untrusted application.