A method includes authenticating, by a computing device, a first connection between one or more storage units and at least one of the computing device and a first user computing device. The method further includes determining, by the computing device, to add a second connection between the one or more storage units and at least one of the computing device and a second user computing device. The method further includes generating, by the computing device, a secret code and sending the secret code to the one or more storage units via the first connection. The method further includes sending, by the one or more storage units, responses to the secret code to the computing device via the second connection. The method further includes authenticating, by the computing device, the second connection based on the authentication of the first connection and the responses from the one or more storage units.

Methods and apparatus related to performance of telemetry, data gathering, and failure isolation using non-volatile memory are described. In one embodiment, a Non-Volatile Memory (NVM) controller logic stores data in a portion of an NVM device. The portion of the NVM device is determined based at least in part on a type or an identity of a sender of the data. Also, the data is encrypted in accordance with a public key provided by the sender. Other embodiments are also disclosed and claimed.

A memory device including at least one memory location for storing information representing data written using a first encryption/decryption method, and a read channel using a second encryption/decryption method for reading and decrypting information as written is disclosed. The memory device also includes an apparatus that prevents the reading of the at least one memory location using the second encryption/decryption method, in response to an indication that the at least one memory location was written using the first encryption/decryption method. In another embodiment, a reading of a predefined or custom code is returned in response to an indication of another encryption/decryption method.

A method includes monitoring processing of a writing process associated with a plurality of sets of encoded data slices to storage units of the storage network in accordance with error encoding parameters to produce write processing performance information, where for a set of encoded data slices of the plurality of sets of encoded data slices, the error encoding parameters include an error coding number and a decode threshold number. When the write processing performance information compares unfavorably to a desired write performance range, the method further includes adjusting at least one of the error coding number and the decode threshold number to produce adjusted error encoding parameters for writing subsequent sets of encoded data slices of the plurality of sets of encoded data slices.

A host controller that controls a storage device includes an encryption unit that is selectively configured in response to file encryption information and disk encryption information to encrypt data. The encryption unit encrypts the data using a file encryption operation based on the file encryption information and/or a disk encryption operation based on the disk encryption information.

A method begins by generating an audit object that includes at least one record regarding the device's use of a dispersed storage network (DSN). The method continues by dispersed storage error encoding the audit object to produce a set of encoded data slices and generating a set of slice names for the set of encoded data slices, wherein each slice name of the set of slice name includes a pillar number section that contains a unique pillar number for a corresponding encoded data slice of the set of slice names and a common section that contains audit object identifying information. The method continues by sending the set of encoded data slices in accordance with the set of slice names to a set of storage units of the DSN, wherein the set of slice names corresponds to logical DSN addresses for the set of encoded data slices.

A method for managing access to encrypted data of a data storage system storing snapshot data, a snapshot providing a previous point-in-time copy of data in a volume of the data storage system, wherein the data storage system utilizes changing encryption keys for write data. For each snapshot, the method stores at least one decryption key identifier for each decryption key corresponding to an encryption key utilized to encrypt data written to a volume since a previous snapshot was committed to disk, and associates the at least one decryption key identifier with the snapshot. A key table associating decryption key identifiers with corresponding decryption keys is provided, and based on the key table and the at least one decryption key identifier associated with the snapshot, one or more decryption keys required for accessing encrypted data associated with the snapshot are determined. Decryption key identifiers may be stored in snapshot metadata.

Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.

A method for accessing data in a storage area network is provided. The method initiates with receiving a request for a list of targets on the storage area network. All the targets on the storage area network are exposed to the requestor and authentication requiring a password is requested from the requestor to grant access to the targets on the storage are network. Access to the targets is granted if the password is acceptable, and access to the targets is refused if the password is unacceptable.

Techniques for cryptographic computing isolation are described. A processor includes circuitry to be coupled to memory configured to store one or more instructions. The circuitry is to execute the one or more instructions to instantiate a first process based on an application. To instantiate the first process is to include creating a context table to be used by the first process, identifying a software component to be invoked during the first process, encrypting the software component using a first cryptographic key, and creating a first entry in the context table. The first entry is to include first context information identifying the encrypted software component and second context information representing the first cryptographic key. In more specific embodiments, third context information representing a first load address of the encrypted software component is stored in the first entry of the context table.