A data storage device 100 comprising: a non-volatile storage medium 108 configured to store user data 109; a data port 106 configured to transmit data and power between a host computer system 130 and the data storage device 100; a data access state indicator 140; and a controller 110 configured to: selectively set a data access state of the data storage device 100 to either: an unlocked state to enable access to the user data 109; or a locked state to disable access to the user data 109; and generate an indicator control signal to cause the data access state indicator 140 to indicate the data access state, wherein the data access state indicator 140 is configured to indicate the data access state irrespective of whether the data storage device 100 is powered through the data port 106.

Systems, methods, circuits, devices, and apparatus including computer-readable mediums for managing tamper detections in secure memory devices. In one aspect, a secure memory device includes: a memory cell array, one or more tamper detectors each configured to detect a respective type of tamper event on at least part of the secure memory device, and a tamper detection status register storing one or more values each indicating a tamper detection status detected by a corresponding tamper detector. The secure memory device can include a command interface coupled to the tamper detection status register and configured to output the values stored in the tamper detection status register when receiving a trigger. The secure memory device can also include an output pin coupled to the tamper detection status register and be configured to automatically output the values stored in the tamper detection status register via the output pin.

In an example embodiment, a specialized in-memory database abstraction component is introduced in a cloud cluster. The in-memory database abstraction component may receive lifecycle commands from a client-facing application and interface with a container service to create an in-memory database resource. When parameters are received by the in-memory database abstraction component from the client-facing application, the in-memory database abstraction component may act to validate the parameters, determine if a service plan is available, and determine whether the parameters meet the service plan requirements. If the service plan requirements are not met, the in-memory database abstraction component translates the parameters for the in-memory database resource.

Systems and methods are provided for implementing one-time programmable features for storage devices. In some embodiments, an Information Handling System (IHS) may include: a processor; and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: initialize a one-time programmable (OTP) security storage device; and transmit a command to the OTP security storage device, where the OTP security device is configured to be set in security or non-security mode in response to the command, and where the OTP security storage device is configured to deny or ignore any subsequent command to set the OTP security storage device in a security mode or a non-security mode.

Techniques for obfuscating and/or de-obfuscating data using bit-level shard masks are disclosed. Shard masks are generated. The shard masks are designed to shard a block of data into a number of shards for distribution and storage among a number of storage arrays. The shard masks shard the block of data at a bit-level granularity. The shard masks are applied to the block of data to generate the shards. The shards are then distributed among the storage arrays for storage on the storage arrays.

According to one embodiment, when data is to be written to a first physical storage location that is designated by a first physical address, a memory system encrypts the data with the first physical address and a first encryption key, and writes the encrypted data to the first physical storage location. When the encrypted data is to be copied to a second physical storage location, the memory system decrypts the encrypted data with the first physical address and the first encryption key, and re-encrypts the decrypted data with a second encryption key and a copy destination physical address indicative of the second physical storage location.

The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly.

A method for managing data includes obtaining data from a host, wherein the data is associated with an object identifier (ID), initiating a classification mapping update to obtain a classification entry, applying an erasure coding procedure to the data to obtain a plurality of data chunks and at least one parity chunk, deduplicating the plurality of data chunks to obtain a plurality of deduplicated data chunks, generating storage metadata associated with the plurality of deduplicated data chunks and the at least one parity chunk, generating an object entry associated with the plurality of data chunks, and the at least one parity chunk, wherein the object entry comprises the object ID and a classification ID, storing the storage metadata and the object entry in an accelerator pool, and storing the plurality of deduplicated data chunks and the at least one parity chunk.

Physical storage devices (PSDs) of a protection group cluster (PGC) may be represented by a protection group matrix (PGM) having a plurality of rows and a plurality of columns, where each row corresponds to a PSD of the PGC, and each column corresponds to a partition of each PSD. The value specified in each cell at an intersection of a row and column specifies the protection group of the PGC to which the partition of the PSD represented by the column and row, respectively, is (or will be) assigned. In response to one or more of PSDs being added to a PGC, the PGM may be reconfigured, including adding new rows, and transposing portions of columns to the new rows, or transposing portions of rows to portions of columns of the new rows. Protection members of the PGC may be re-assigned based on the reconfiguration.

Hardware enforced CPU core protection by identification of digital blocks as instructions or data. A method includes, at a memory controller shim, receiving, from a CPU core, a memory read request. The memory read request comprises an address for a block. The block at the address is requested from a memory. The block is received from the memory. At least one of a decryption key or an authentication key is accessed. At least one of a decryption transformation or an authentication transformation is performed on the block using the decryption key or the authentication key. When the decryption transformation or authentication transformation is deemed valid, a plain text version of the block is returned to the CPU core for consumption. When the decryption transformation or authentication transformation is deemed invalid, the CPU core is prevented from consuming the plain text version of the block.