A data storage arrangement includes a memory and a controller, where the controller receives an indication of data to be anonymized. The controller further parses a data element to be stored and generates a copy of one or more data portions to be anonymized. The controller further deletes one or more data portions to be anonymized to generate a modified data element to be stored. The controller further generates a copy of the modified data element to be stored utilizing deduplication. The data storage arrangement thus takes in account data anonymization during deduplication (i.e. an anonymization aware deduplication).

Examples of scheduled and on-demand volume encryption suspension are described. A management service can identify multi-volume encryption rules for local volumes of a client device including the operating system volume as well as non-operating-system volumes. The encryption rules can be transmitted to the client device. Volume encryption samples for the client device can be received, and a console user interface can be generated to indicate compliance status information for the multi-volume encryption rules for local volumes of a client device.

A data storage method, apparatus, and device, and a readable storage medium. The method includes: after a random access memory is powered on, obtaining target data to be stored in a fixed storage address of the random access memory; determining a target transmission mode from a bit value change transmission mode and a bit value fixed transmission mode, wherein the target transmission mode is different from a historical transmission mode determined after the random access memory is powered on last time; and transmitting the target data from and to the random access memory according to the target transmission mode. The method can prevent data from being stolen after power-down of the target data, and guarantees the data security.

A system and method for encoding data using a plurality of encoding libraries. Portions of the data are encoded by different encoding libraries, depending on which library provides the greatest compaction for a given portion of the data. This methodology not only provides substantial improvements in data compaction over use of a single data compaction algorithm with the highest average compaction, but provides substantial additional security in that multiple decoding libraries must be used to decode the data. In some embodiments, each portion of data may further be encoded using different sourceblock sizes, providing further security enhancements as decoding requires multiple decoding libraries and knowledge of the sourceblock size used for each portion of the data. In some embodiments, encoding libraries may be randomly or pseudo-randomly rotated to provide additional security.

A cloud implementation of a persisted storage device, such as a disk, is provided. The implementation supports a variety of features and protocols, in full analogy with a physical storage device such as a disk drive. The present disclosure provides for implementing standard eDrive protocols in the cloud by designing internal disk storage, referred to as a “system area,” in a virtual disk instance that the virtual disk can potentially utilize for a multitude of disk features. This internal storage can be used to implement eDrive protocols, which use the system area to maintain the necessary internal virtual disk state.

A method includes receiving a request to write a data block to a volume resident on a multi-tenant storage array, wherein the request is associated with a first tenant of the multi-tenant storage array, and determining whether the data block matches an existing data block on the multi-tenant storage array, wherein the existing block corresponds to a second tenant. In response to determining that the decrypted data block matches the existing data block: encrypting the existing data block with a shared volume encryption key; encrypting the shared volume encryption key with a first tenant encryption key and providing the shared volume encryption key encrypted with the first tenant encryption key to the first tenant; and encrypting the shared volume encryption key with a second tenant encryption key and providing the shared volume encryption key encrypted with the second tenant encryption key to the second tenant.

A semiconductor device of an embodiment includes a seed generator circuit configured to generate a seed from inputted data by using first random number sequence data generated by an XorShift circuit; and a random number generator circuit configured to receive the seed as input to generate second random number sequence data by a second XorShift circuit.

Systems and methods for predicting whether a nonvolatile memory block is likely capable of being securely erased to be eligible for composing into another composable infrastructure are described. A management module receives a secure-erase command to erase at least one nonvolatile memory block, determines health parameters of the nonvolatile memory block, calculates a failure index based on the health parameters, and, based on the failure index, either securely erases the block of memory or retires the nonvolatile memory block.

The present disclosure generally relates to creating virtualized block storage devices whose data is replicated across isolated computing systems to lower risk of data loss even in wide-scale events, such as natural disasters. The virtualized device can include at least two volumes, each of which is implemented in a distinct computing system. Each volume can be encrypted with a distinct key, and an encryption service can operate to transform data “in-flight” on the replication path between the volumes, reencrypting data according to the key appropriate for each volume.

An example method for restricting read access to content in the component circuitry and securing data in the supply item is disclosed. The method identifies the status of a read command, and depending upon whether the status disabled or enabled, either blocks the accessing of encrypted data stored in the supply chip, or allows the accessing of the encrypted data stored in the supply chip.