The disclosed embodiments provide a system for detecting and managing inefficiency in local storage. During operation, the system obtains a first snapshot of data in local storage of a computer system, wherein the first snapshot comprises a first set of data elements in the local storage at a first time. Next, the system applies a compression technique to the first snapshot to obtain a first set of inefficiency metrics for the first set of data elements. The system then outputs the first set of inefficiency metrics with additional attributes of the data to improve management of inefficiency in the data.

A system includes a memory component and a processing device, operatively coupled with the memory component, to generate a physical presence security identification (PSID) for the memory component using a statistically random number generator. The processing device, operatively coupled with the memory component, can securely retrieve the PSID and revert the memory component to an original state using the PSID.

Methods, systems, apparatus, and program products that can write auditable traces of a data wipe to a storage device are disclosed herein. One method includes performing, by a processor, a set of overwrite operations of a data wipe on a storage device, generating a set of auditable traces for the data wipe, and writing the set of auditable traces to the storage device. Systems, apparatus, and computer program products that include hardware and/or software that can perform the methods for writing auditable traces of a data wipe to a storage device are also disclosed herein.

One or more techniques and/or computing devices are provided for secure data replication. For example, a first storage controller may host first storage within which storage resources (e.g., files, logical unit numbers (LUNs), volumes, etc.) are stored. The first storage controller may establish an access policy with a001 second storage controller to which data is to be replicated from the first storage. The access policy may define an authentication mechanism for the first storage controller to authenticate the second storage controller, an authorization mechanism specifying a type of access that the second storage controller has for a storage resource, and an access control mechanism specifying how the second storage controller's access to data of the storage resource is to be controlled. In this way, data replication requests may be authenticated and authorized so that data may be provided, according to the access control mechanism, in a secure manner.

A system and method for first changing the encryption key on a self-encrypting disk drive followed by a complete disk wipe. Either process can be separately performed, and they can be performed in any order. In fact, one embodiment of the invention, resets the symmetric key, wipes the disk a predetermined number of times with different predetermined data patterns, and then resets the key a second time. This assures that there is absolutely no way to recover the original key or to read the original plain text data, even if some of it's encrypted values remain on unallocated tracks after wiping. A user can be assured that in milliseconds after starting the wiping process, the entire disk is rendered unreadable and unrecoverable. Verifiable data can be pre-written to a device that is later read back to assure that wiping or firmware-based erase commands have worked.

An information protection method and device based on a plurality of sub-areas for an MCU chip, the MCU chip comprises an instruction bus, a data bus, a flash controller and a user area of a flash memory, the method comprises: determining a preceding sub-area when the instruction bus accesses the user area; entering corresponding preceding sub-area working state; determining the current sub-area when the instruction bus accesses the user area; when the preceding sub-area is inconsistent with the current sub-area, entering the transition state; determining whether the duration of the transition state reaches the preset waiting time; if yes, entering the corresponding current sub-area working state. The information protection method and device prevent the cooperative companies which develop the program together from stealing program from each other.

A data storage structure, comprising: a plurality of storage units, each comprising: a storage media; and a library executive configured to manage the storage media. The structure further comprises a buffer connected to a controller, the controller comprising: a host interface configured to receive the instruction from the host machine; an object aggregator configured to combine the plurality of data objects into a data segment; a persistent write buffer configured to store the data segment; a persistent map configured to identify a location of each of the plurality of objects in the data segment; an erasure coder configured to encode the data segment into an erasure code; a destager configured to transfer the data segment from the persistent write buffer to the storage media in a given storage unit; and a library controller configured to communicate with the library executive in the given storage unit.

A self-destructive storage system and method is disclosed. The system includes a digital storage, and a destruction mechanism located proximate the digital storage and configured to physically render the digital storage unreadable upon activation. The system also includes a controller having a processor and a memory. The controller is communicatively coupled to the destruction mechanism and is configured to activate the destruction mechanism in response to at least one of the receipt of a destroy command and the satisfaction of a predefined condition. The system also includes a wireless network interface that is communicatively coupled to the controller and a wireless network. The digital storage device, the controller, and the destruction mechanism are coupled to a drive enclosure.

Storage resource management in virtualized environments is provided. In this regard, when receiving a request for accessing a target general purpose partition (GPP) in a storage device, partition switching circuitry is configured to determine whether the target GPP equals a current GPP that is accessed by a list of existing requests. The partition switching circuitry adds the request into the list of existing requests if the target GPP equals the current GPP. Otherwise, the partition switching circuitry waits for the list of existing requests to be executed on the current GPP before switching to the target GPP to execute the request received from a client. By switching to the target GPP after executing the list of existing commands on the current GPP, it is possible to share a plurality of GPPs among multiple clients in a virtualized environment while maintaining data integrity and security in the storage device.

A method of operating a storage device that is connected to a host includes entering an authentication mode; and performing the authentication operation responsive to entering the authentication mode. The performing of the authentication operation includes receiving a read command and a first random authentication address from the host; performing an authentication procedure based on at least a portion of the first random authentication address; and generating result data responsive to performing the authentication algorithm.