Systems and methods authenticate storage devices. In one implementation, a computer-implemented method is provided for authenticating a storage device. According to the method, a manifest that identifies a destination is receive. A transfer station reads a digital signature from the storage device. The digital signature is validated and, based on the validation of the digital signature, a transfer of one or more files from the storage device via the transfer station is authorized to the destination identified in the manifest.

Systems and methods authenticate storage devices. In one implementation, a computer-implemented method is provided for authenticating a storage device. According to the method, a manifest that identifies a destination is receive. A transfer station reads a digital signature from the storage device. The digital signature is validated and, based on the validation of the digital signature, a transfer of one or more files from the storage device via the transfer station is authorized to the destination identified in the manifest.

A method for managing keys and encrypting data is provided. The method includes receiving data to be written to a logical disk, generating an encryption table indicating one or more locations on the logical disk for storing the data and indicating a key used for encrypting the data, encrypting the data to be written to the logical disk, and transmitting the encrypted data and the encryption table to a storage array.

A method for managing keys and encrypting data is provided. The method includes receiving data to be written to a logical disk, generating an encryption table indicating one or more locations on the logical disk for storing the data and indicating a key used for encrypting the data, encrypting the data to be written to the logical disk, and transmitting the encrypted data and the encryption table to a storage array.

Systems for low-latency data access in distributed computing systems. A method embodiment commences upon generating a first storage area in local storage of a first computing node. Access to the first storage area is provided through the first computing node. A second storage area is generated wherein the second storage area comprises a first set of metadata that comprises local storage device locations of at least some of the local storage areas of the first storage area. A set of physical access locations of the second storage area is stored to a database that manages updates to the second set of metadata pertaining to the second storage area. Accesses to the first storage area are accomplished by querying the database to retrieve a location of the second set of metadata, and then accessing the first storage area through one or more additional levels of metadata that are node-wise collocated.

A command to perform a data operation at a memory device is received. The command includes an encryption key tag. A first key table is accessed from local memory. The first key table includes a first set of key entries corresponding to a first set of encryption keys. The first key table is searched to determine whether it includes an entry corresponding to the encryption key tag. Based on determining the first key table does not include an entry corresponding to the tag, a second key table is accessed from RAM. The second key table includes a second set of key entries corresponding to a second set of encryption keys. A key entry corresponding to the encryption key tag is identified from the second key table. The key entry includes an encryption key corresponding to the encryption key tag. The command is processed using the encryption key.

A method for discarding personal information comprises at least one among partial overwriting, SLC programming, and applying an erase pulse. The method for discarding personal information comprises a step for acquiring the program status of personal information-containing data of a memory block to be erased, generating data having a status that is equal to or higher than the program status corresponding to the personal information, and carrying out a partial overwriting operation on the personal information by using the generated data.

A data storage device including a biometric reader for biometric authentication to enable access to a storage medium. The data storage device is configured for remote registration of a remote user of the data storage device, wherein registration includes receiving a record of a biometric authentication data set of the remote user from a secure database. Alternatively, a secure authorizing command is received remotely from an authorization server to enable the data storage device to directly read and store biometric data of the remote user. The data storage device can be unlocked by biometric authentication to enable a host device to access user data in the storage medium.

A first storage controller includes a first input and output controller performs input and output processing on host data, and a first management controller. A second storage controller includes a second input and output controller performs input and output processing on host data, and a second management controller. The first management controller is configured to verify software to be executed by the first management controller and software to be executed by the first input and output controller. The second management controller is configured to verify software to be executed by the second management controller and software to be executed by the second input and output controller. The first management controller is configured to verify the software to be executed by the second input and output controller in place of the second management controller when a failure is detected from the second management controller.

The present invention relates to a structure and a method for digital data memory card encryption. In a main body, a memory is provided in a memory card, and the memory itself is provided with a read controller that cooperates with a reader and a protection area, and is further divided into a hard disk partition table area and a file area. A portable storage identification (PSID) is written into any of the above-mentioned areas by using an application programming interface (API). Moreover, before the writing of the portable storage identification (PSID) by the application programming interface (API), a key instruction produced by means of an encryption and decryption logic is provided to the read controller by the application programming interface (API). The read controller first decrypts the key instruction, and transmits the result to the application programming interface (API) to further improve the security.