A storage system is connected to a computer and includes a controller that processes an IO request from the computer and a storage device that reads or writes data in response to the IO request, and the controller configures a volume constituted by the storage device, manages a time at which data is stored at a virtual address of the volume from the computer, calculates a standard deviation indicating a variation in the write time to the virtual address of the volume, and outputs a timing at which a value of the standard deviation starts to decrease as a restoration time.

A data storage device having self-destruction function is disclosed. The data storage device is inserted into a host and includes a controller, a plurality of flash memories, a trigger, and a backup power module. When the data storage device is pulled out of the host, the trigger is triggered and transmits a physical-destruction activating signal to the backup power module, and the backup power module outputs a high voltage to the flash memories according to the physical-destruction activating signal so that the flash memories can be destroyed by the high voltage.

Methods, apparatus, systems, and articles of manufacture to partition a database are disclosed. An example apparatus includes memory, instructions in the apparatus, and processor circuitry to execute the instructions to identify a first variant associated with a request query received from a source, select a first partition based on the first variant, the first partition storing first data associated with the request query, identify a second variant associated with the request query, select a second partition based on the second variant, the second partition storing second data associated with the request query different from the first data, cause execution of a first query on the first partition, cause execution of a second query on the second partition, aggregate data associated with the request query based on a first result of the first query and a second result of the second query, and return the aggregated data to the source.

Embodiments of methods and apparatuses for defending against speculative side-channel analysis on a computer system are disclosed. In an embodiment, a processor includes a decoder, a cache, address translation circuitry, a cache controller, and a memory controller. The decoder is to decode an instruction. The instruction is to specify a first address associated with a data object, the first address having a first memory tag. The address translation circuitry is to translate the first address to a second address, the second address to identify a memory location of the data object. The comparator is to compare the first memory tag and a second memory tag associated with the second address. The cache controller is to detect a cache miss associated with the memory location. The memory controller is to, in response to the comparator detecting a match between the first memory tag and the second memory tag and the cache controller detecting the cache miss, load the data object from the memory location into the cache. Other embodiments include encryption of memory tags together with addresses.

The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

Disclosed is a microcircuit card includes a module for identification within a mobile telephone network storing a first piece of data, and a memory module storing a second piece of data. wherein the first piece of data and the second piece of data comply with a predetermined rule. Also disclosed is a method for verifying this microcircuit card when the card is housed in an electronic device includes a step of verifying that the first piece of data and the second piece of data comply with a predetermined rule, as well as methods for personalizing the microcircuit card, the microcircuit card, and the electronic device are also described.

A method of data reduction in a partially encrypted volume includes receiving data to be stored on a storage array, decrypting the data using a first encryption key to generate first decrypted data, and decrypting the data using a second encryption key to generate second decrypted data. The method further includes comparing, by a storage array controller, a first compressibility value of the first decrypted data to a second compressibility value of the second decrypted data. The method further includes storing the first decrypted data if the first compressibility value is greater than or equal to the second compressibility value. The method further includes storing the second decrypted data if the second compressibility value is greater than the first compressibility value.

The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

It is described an electronic device, comprising a secure element domain that further comprises: i) a physical memory region configured to store a plurality of data sets; and ii) a control device, coupled to the physical memory region, and configured to transfer at least one data set away from the physical memory region, wherein transferring the data set comprises at least one of: a) transferring the data set as a first data blob to a virtual memory region of the secure element domain; b) off-loading the data set as a second data blob to an external domain.

A memory system includes a nonvolatile memory and a controller that controls the nonvolatile memory. The controller is configured to generate information relating to encryption and decryption of data based on a location of the memory system and to enable at least one process of encrypting data to be written to the nonvolatile memory or decrypting data read from the nonvolatile memory by using the information.