A non-volatile memory (NVM) integrated circuit device includes an NVM array of memory cells partitioned into a first physical region to store a first firmware stack and a second physical region to store a second firmware stack. The NVM integrated circuit device also includes a processing device that enables a host microcontroller to execute in place the first firmware stack stored within a first set of logical addresses that is mapped to the first physical region. The processing device tracks accesses, by the host microcontroller, to the first set of logical addresses. The processing device, in response to detecting one of a certain number or a certain type of the accesses by the host microcontroller, initiates a recovery operation including to remap the first set of logical addresses to the second physical region.

A method for covertly acquiring data. Information about an activity associated with a first hand-held device is monitored by initiating covert application software in a first configuration in which a log-in must first be input to the first device. When running the software in the first configuration, no image which overtly exhibits a self-evident association with the software can be viewed on the display to identify the software or indicate that the software is running on the client. Prior to initiating monitoring with the software, a feature having no self-evident association with the covert application software can be accessed on a touch screen display of the device to initiate the software.

According to various embodiments of the disclosure, a server device may include a memory, a communication interface, and a processor. The processor may be configured to transmit a service blocking request for a specified user, to an authentication server processing a request of a user terminal, to receive user data for the user from a first server, to transmit the user data to a second server, and to notify the authentication server that the transmission is completed, when the transmission of the user data is completed.

A method and apparatus for performing data protection regarding a non-volatile memory (NVM) are provided. The method includes: obtaining a first die-dependent seed and a second die-dependent seed, where the first die-dependent seed and the second die-dependent seed correspond to a die for implementing the NVM; performing rearrangement on multiple sets of address information of an address according to the first die-dependent seed, for protecting the address carried by at least one address signal between the controller and the NVM; and performing rearrangement on multiple subsets of a set of data according to the second die-dependent seed, for protecting the set of data carried by at least one data signal between the controller and the NVM.

An Integrated Circuit (IC) includes a non-volatile memory (NVM) and secure power-up circuitry. The NVM is configured to store an operational state of the IC. The secure power-up circuitry is configured to (i) during a power-up sequence of the IC, perform a first readout of the operational state from the NVM while a supply voltage of the IC is within a first voltage range, (ii) if the operational state read from the NVM in the first readout is a state that permits access to a sensitive resource of the IC, verify that the supply voltage is within a second voltage range, more stringent than the first voltage range, and then perform a second readout of the operational state from the NVM, and (iii) initiate a responsive action in response to a discrepancy between the operational states read from the NVM in the first readout and in the second readout.

According to one embodiment, a memory system includes a non-volatile memory with a plurality of blocks. The minimum unit of a data erasing operation in the memory system is a block. A controller is electrically connected to the non-volatile memory and configured to execute, in response to a first command from a host requesting a secure erase of secure erase target data stored in a first logical area identified by a first logical area identifier, a copy operation copying valid data other than any secure erase target data from one or more first blocks of the plurality in which the secure erase target data is stored to one or more copy destination blocks of the plurality. The controller executes the data erasing operation on the one or more first blocks after the copy operation.

A data protection method, a memory storage device and a memory control circuit unit are provided. The method includes: setting a plurality of disk array tags corresponding to a plurality of word lines and a plurality of memory planes, and the plurality of disk array tags corresponding to one of the word lines connected to one of the memory planes are at least partially identical to the plurality of disk array tags corresponding to another one of the word lines connected to another one of the memory planes; receiving a write command and data corresponding to the write command from a host system; and sequentially writing the data into the plurality of word lines and the plurality of memory planes corresponding to the plurality of disk array tags.

The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for data storage. One of the methods includes: receiving data for storage from a service platform, wherein the data includes mutable data, immutable data, and index data identified by the service platform; storing the mutable data in a cache storage, wherein the mutable data is to be executed by a smart contract; initiating, a consensus algorithm to record the immutable data on a blockchain; in response to successfully performing the consensus algorithm, recording, based on invoking the smart contract, the immutable data on the blockchain, wherein the blockchain is stored in a database that has lower storage cost than the cache storage; and linking, based on invoking the smart contract, the mutable data and the immutable data based on the index data.

The present disclosure is directed to systems and methods for detecting side-channel exploit attacks such as Spectre and Meltdown. Performance monitoring circuitry includes first counter circuitry to monitor CPU cache misses and second counter circuitry to monitor DTLB load misses. Upon detecting an excessive number of cache misses and/or load misses, the performance monitoring circuitry transfers the first and second counter circuitry data to control circuitry. The control circuitry determines a CPU cache miss to DTLB load miss ratio for each of a plurality of temporal intervals. The control circuitry the identifies, determines, and/or detects a pattern or trend in the CPU cache miss to DTLB load miss ratio. Upon detecting a deviation from the identified CPU cache miss to DTLB load miss ratio pattern or trend indicative of a potential side-channel exploit attack, the control circuitry generates an output to alert a system user or system administrator.