A storage device for booting a host computing device includes a first storage memory region having a first storage memory controller, a second storage memory region having a second storage memory controller, and a resilient boot controller. The resilient boot controller is configured to store boot code in the first storage memory region, prevent write access by the host computing device through the first storage memory controller to the first storage memory region, detect a reset of the host computing device through the input/output interface, copy at least a portion of the boot code from the first storage memory region to the second storage memory region, responsive to detection of the reset of the host computing device, and enable read access of the copied boot code by the host computing device through the second storage memory controller of the second storage memory region, responsive to the copy operation.

An access revocation system for removing user data from a service provider device includes a processing device and a memory storing instructions for performing an access revocation method. The method includes receiving user data from a user device via a data channel, storing the user data in a data storage module, and receiving an access revocation message via a request channel separate from the data channel. The method also includes decrypting the access revocation message and performing at least one action defined by the access revocation message, the at least one action including scrubbing of user data from the data storage module.

The disclosed computer-implemented method may include (1) receiving, by a first internal physical processor of an accelerator from an external processor, a request to access a result of executing a sensitive application within a secure execution zone of the accelerator having (a) a second internal physical processor and (b) physical memory accessible to the second internal physical processor but inaccessible to the first internal physical processor and the external processor, (2) executing, by the second internal physical processor within the secure execution zone, the sensitive application from the physical memory to generate the result, (3) making, by the second internal physical processor, the result accessible outside of the secure execution zone, and (4) relaying, by the first internal physical processor, the result to the external processor. Various other methods, systems, and computer-readable media are also disclosed.

Cloud storage provides for accessible interfaces, near-instant elasticity and scalability, multi-tenancy, and metered resources within a framework of distributed resources acting to provide highly fault tolerant solutions with high data durability. However, cloud storage also has drawbacks and limitations with information uploading and how information is subsequently accessed. To date the lack of automated tools for managing tens, hundreds and thousands of users and/or documents within enterprises and organizations means that for most migrating is a massive undertaking. Accordingly, knowledge workers require a human interface to the data ingested from third-party systems that manages the data in original folder contexts/locations for each knowledge worker within the interfaces. It would be further beneficial for knowledge workers to have tools for incremental ingestion of changes from data sources to a cloud storage repository as well as determining/centralizing cloud storage repository ingestion from the data sources.

Systems and methods herein secure computer memory from potential hacks. In one embodiment, a system includes a computer memory, and a memory protection module communicatively coupled to the computer memory. The memory protection module is operable to assign a counter value to a write Input/Output (I/O) request, to encrypt data of the write I/O request based on the counter value, and to write the encrypted data to a location of the computer memory. The counter value comprises a version number of the write I/O request and, for example, the location of the computer memory to where the data of the write I/O request is being written in the computer memory. The memory protection module is further operable to compute the version number based on memory access patterns of an application writing to the computer memory.

Virtualization software installed in a standalone host is remediated according to a desired state model using a desired image of a virtualization software that is used to remediate virtualization software running in hosts which are logically grouped as a cluster of hosts not including the standalone host. The method of remediating the virtualization software installed in the standalone host includes the steps of generating a desired image of the virtualization software of the standalone host from a desired image of the virtualization software of the hosts in the cluster, and upon detecting a difference between an image of the virtualization software currently running in the standalone host and the desired image of the virtualization software of the standalone host, instructing the standalone host to remediate the image of the virtualization software currently running therein to match the desired image of the virtualization software of the standalone host.

The invention relates to a method for securing component data assigned to an automation component (D1, D2, DN), wherein the component data is transmitted to at least one portion of computing nodes of a distributed registry (BN1, BN2, BN3), wherein the distributed registry (BN1, BN2, BN3) functions to authenticate the component data, preferably component data of multiple automation components (BN1, BN2, BN3).

A method for access control of resources in a distributed storage system using an API level model. An ownership object is created corresponding to a volume. The ownership object includes a string defining the owner of the resource. Access rights are given to collaborators or groups and stored as property list fields in the ownership object. Any requestor not listed as the owner, a collaborator, or part of a user group is denied access to the resource.

An apparatus and method for processing sensitive data. The apparatus includes one or more processors and executable memory for storing at least one program executed by the one or more processors. The at least one program is configured to, in an unprotected data area, read sensitive data from a storage device and transmit the same to a protected data area using the sensitive-data storage endpoint of the protected data area; to, in the protected data area, process the sensitive data using at least one endpoint when a command for a sensitive-data service requested by a client device is received from the unprotected data area; and to, in the unprotected data area, transmit the result of processing the sensitive data to the client device.

A method including determining, by a first device for a folder, a folder access key pair including a folder access public key and a folder access private key; determining, by the first device, a sharing encryption key based on the folder access private key and an assigned public key associated with a second device; and encrypting, by the first device, the folder access private key based on utilizing the sharing encryption key; determining, by a second device, a sharing decryption key based on the folder access public key and an assigned private key associated with the second device; decrypting, by the second device, the folder access private key based on utilizing the sharing decryption key; and accessing, by the second device, the folder based on utilizing the folder access private key. Various other aspects are contemplated.