An integrated circuit includes protected container access control logic to perform a set of access control checks and to determine whether to allow a device protected container module (DPCM) and an input and/or output (I/O) device to communicate securely through one of direct memory access (DMA) and memory-mapped input/output (MMIO). The DPCM and the I/O device are allowed to communicate securely if it is determined that at least the DPCM and the I/O device are mapped to one another, an access address associated with the communication resolves into a protected container memory, and a page of the protected container memory into which the access address resolves allows for the aforementioned one of DMA and MMIO. In some cases, a Security Attributes of Initiator (SAI) or security identifier may be used to obtain a DPCM identifier or attest that access is from a DPCM mapped to the I/O device. In some cases, a determination may be made that a type of access is compatible with one or more allowed access types for the page as represented in a protected container page metadata structure.

An example authentication device disclosed herein is to access a message received via a wireless interface from an adapter, the message to indicate that a host device has connected to the adapter, the host device different from the authentication device. The disclosed example authentication device is also to determine whether to allow the host device to access a storage device. The disclosed example authentication device is further to transmit authentication data to the adapter via the wireless interface, the authentication data to specify whether the host device is allowed to access the storage device.

Creating a replica of a storage system, including: receiving, by a first storage system from a computing device, data to be stored on the first storage system; reducing, by the first storage system, the data using one or more data reduction techniques; sending, from the first storage system to the second storage system, the reduced data, wherein the reduced data is encrypted; and sending, from the second storage system to a third storage system, the reduced data, wherein the reduced data is encrypted.

A method for controlling public access of resources in a secure distributed storage system using an API level model. A request to access a volume is checked for authentication. If the request does not include an authentication token ID, a guest role is created and assigned to the requestor. The guest role can only access public volumes or owned volumes that specifically allow public access. The guest role can be updated using API management.

The present invention relates to a structure and a method for digital data memory card encryption. In a main body, a memory is provided in a memory card, and the memory itself is provided with a read controller that cooperates with a reader and a protection area, and is further divided into a hard disk partition table area and a file area. A portable storage identification (PSID) is written into any of the above-mentioned areas by using an application programming interface (API). Moreover, before the writing of the portable storage identification (PSID) by the application programming interface (API), a key instruction produced by means of an encryption and decryption logic is provided to the read controller by the application programming interface (API). The read controller first decrypts the key instruction, and transmits the result to the application programming interface (API) to further improve the security.

A first correspondence table indicates a correspondence relation between logical blocks of a first file and physical blocks of a physical storage. A second correspondence table indicates a correspondence relation between logical blocks of a second file and the logical blocks of the first file. An access request receiving section receives an access request for the second file. A block conversion section refers to the second correspondence table, identifies a logical block of the first file associated with the logical block of the second file that is subject to the access request, and then refers to the first correspondence table to identify a physical block of the physical storage associated with the identified logical block of the first file. An accessing section accesses the identified physical block.

Systems and techniques for securing network communications are described. A network device comprises a network interface and at least one accelerator. The network device inspects obtained data using the accelerator. The network device determines, based on the inspection, that the data is indicative of a violation of a security policy, and generates a response to the violation.

Techniques are described for managing access of executing programs to non-local block data storage. In some situations, a block data storage service uses multiple server storage systems to reliably store copies of network-accessible block data storage volumes that may be used by programs executing on other physical computing systems, and snapshot copies of some volumes may also be stored (e.g., on remote archival storage systems). A group of multiple server block data storage systems that store block data volumes may in some situations be co-located at a data center, and programs that use volumes stored there may execute on other computing systems at that data center, while the archival storage systems may be located outside the data center. The snapshot copies of volumes may be used in various ways, including to allow users to obtain their own copies of other users' volumes (e.g., for a fee).

Embodiments of the present invention provide a system for securing and allowing access to electronic data in a data storage container. The system is configured for identifying initiation of a connection with an data storage container, determining establishment of the connection with the data storage container, instantaneously crawling into the data storage container to access data that is associated with the data storage container, instantaneously performing one or more operations associated with the data, storing information associated with the one or more operations in a data store, identifying initiation of a connection with an entity system, determining establishment of the connection with the entity system, instantaneously transferring the information associated with the one or more operations to the entity system, and performing one or more actions, via one or more applications stored on the entity system, utilizing the information associated with the one or more operations.

A method including determining, by a first user device, a sharing encryption key based at least in part on a folder access private key associated with a folder and an assigned public key associated with a second user device; encrypting the folder access private key associated with the folder utilizing the sharing encryption key; and transmitting the encrypted folder access private key to enable the second user device to access the folder. Various other aspects are contemplated.