A drive subsystem engages in data communication with a storage controller by establishing first and second communication ports, wherein the second port is configured for decryption and forwarding of decrypted communications to the first port. The drive subsystem receives and processes data communications having selective encryption and identification of target port, by (1) for a security command containing secret data (e.g. a passphrase) enabling operation of a target drive, receiving the security command at the second port, decrypting the security command and forwarding it to the first port for delivery to the target drive, and (2) for data commands by which the storage controller stores and retrieves data to/from the target drive, receiving the data commands in non-encrypted form at the first port directly from the storage controller for delivery to the target drive.

Failure-domain-specific cryptographic keys for use in control of access to data within failure domains of a storage drive. A unique failure domain-specific cryptographic key may be associated with each of a plurality of failure domains in a storage drive. The failure domains may correspond to any portion of the storage media of a drive that is susceptible to failure while leaving other portions of the storage drive functional. In turn, upon detection of a condition associated with a failure (e.g., an actual or predicted failure) of a failure domain, the associated failure domain-specific cryptographic key may be deleted to preclude further access to data in the failed failure domain. Deletion of the failure domain-specific cryptographic key may be before or after data in the failed failure domain is rebuilt in another portion of a storage drive that is functional.

An ephemeral peripheral system includes an ephemeral memory system and controller circuit for securing user data for a smartphone application. Different secure operating modes are provided for customizing user security requirements across end-to-end communications links, including in exchanges of electronic data between smartphone devices.

An ephemeral peripheral system includes an ephemeral memory system and controller circuit for securing user data for a smartphone application. Different secure operating modes are provided for customizing user security requirements across end-to-end communications links, including in exchanges of electronic data between smartphone devices.

The present application discloses a magnetic disk management method, an apparatus and an electronic device by providing an engine layer including a plurality of space files and an encapsulation layer including a file directory tree of a space file structure; where the engine layer responds to a data management operation performed for a target space file of the file directory tree output by the engine layer, and a target magnetic disk space corresponding to the target space files is determined through the address association list of the encapsulation layer, and data management is performed on the data in the target magnetic disk space. Thereby, different data can be isolated by different space files when entering through the engine layer, which ensures that security issues such as leakage of the data in the magnetic disk will not occur.

Examples are disclosed for access to a storage device maintained at a server. In some examples, a network input/output device coupled to the server may allocate, in a memory of the server, a buffer, a doorbell, and a queue pair accessible to a client remote to the server. For these examples, the network input/output device may assign an Non-Volatile Memory Express (NVMe) namespace context to the client. For these examples, indications of the allocated buffer, doorbell, queue pair, and namespace context may be transmitted to the client. Other examples are described and claimed.

Examples are disclosed for access to a storage device maintained at a server. In some examples, a network input/output device coupled to the server may allocate, in a memory of the server, a buffer, a doorbell, and a queue pair accessible to a client remote to the server. For these examples, the network input/output device may assign an Non-Volatile Memory Express (NVMe) namespace context to the client. For these examples, indications of the allocated buffer, doorbell, queue pair, and namespace context may be transmitted to the client. Other examples are described and claimed.

Examples are disclosed for access to a storage device maintained at a server. In some examples, a network input/output device coupled to the server may allocate, in a memory of the server, a buffer, a doorbell, and a queue pair accessible to a client remote to the server. For these examples, the network input/output device may assign an Non-Volatile Memory Express (NVMe) namespace context to the client. For these examples, indications of the allocated buffer, doorbell, queue pair, and namespace context may be transmitted to the client. Other examples are described and claimed.

Examples are disclosed for access to a storage device maintained at a server. In some examples, a network input/output device coupled to the server may allocate, in a memory of the server, a buffer, a doorbell, and a queue pair accessible to a client remote to the server. For these examples, the network input/output device may assign an Non-Volatile Memory Express (NVMe) namespace context to the client. For these examples, indications of the allocated buffer, doorbell, queue pair, and namespace context may be transmitted to the client. Other examples are described and claimed.

Provided is a more versatile technique that makes it possible to input dummy information in response to an attacker seeking to collect normal information that cannot be replaced with dummy information. In the present invention, a dummy information insertion device inserts dummy information into a second location that is determined using: first location information indicating a first location that contains normal information, from among all normal information in a computer, which cannot be replaced with other information; and insertion condition information that indicates conditions for determining the second location into which dummy information is to be inserted, with such dummy information resembling the normal information that cannot be replaced and not being present in the computer or in a local network connected to the computer.