Systems, methods, and data storage devices for data recovery from network storage systems are described. The data storage device may include a host data channel for data transfer with the host and a network data channel for data transfer with the network storage system over a network. Responsive to a read error when reading a data unit, the data storage device establishes a secure data transfer connection with the network storage system to request the failed data unit from the network storage system. The data unit retrieved from the network storage system may be used to respond to the original read request and restore the data unit in the data storage device.

The present technology pertains to a organization directory hosted by a synchronized content management system. The corporate directory can provide access to user accounts for all members of the organization to all content items in the organization directory on the respective file systems of the members' client devices. Members can reach any content item at the same path as other members relative to the organization directory root on their respective client device. In some embodiments novel access permissions are granted to maintain path consistency.

Techniques for adaptive re-keying of encrypted data are provided. For example, a method comprises the following steps. Utilization information associated with a storage system is obtained, wherein the storage system comprises a set of storage devices. The method dynamically selects a re-keying process from a plurality of different re-keying processes based on at least a portion of the obtained utilization information. At least a portion of the set of storage devices are re-keyed in accordance with the selected re-keying process.

The storage part receives an I/O request including the ID of software, information regarding a storage area to and from which the software performs input and output, and a token. The storage part checks the I/O request against the software ID, the information regarding the storage area, and the token received from an I/O control part so as to determine whether access to the storage part is allowed. Upon determination that the access to the storage part is allowed, the storage part processes the I/O request.

According to one embodiment, a storage device includes a nonvolatile storage medium and a controller. The controller encrypts data with an encryption key, writes encrypted data into the storage medium, and manages a first and second encryption keys. The first encryption key encrypts data to be written into a first area and a second encryption key encrypts data to be written into a second area. The controller updates, if the first area is write protected and the second area is not write protected, the second encryption key without updating the first encryption key when receiving an initialization command from a host.

Apparatuses, methods, systems, and program products are disclosed to securely erase user data using storage regions on a shared computing device. Memory stores code executable by the processor. The code is executable to configure a nonvolatile storage device of a shared device that may be used by multiple users but is exclusively used by one user at a time. The nonvolatile storage device has shared files storing system data and a data region storing user data associated with a user. The code executes to assign read-only privileges to the system region and read-write privileges to the data region before sharing the device with the user. Requests to write data to the nonvolatile storage device while the device is shared are serviced on the data region. When the user returns the shared device to the originator the code executes to erase the data region.

Disclosed is an electronic apparatus. The electronic apparatus includes: a non-volatile memory having no internal controller; and a controller configured to: control the non-volatile memory, and transmit, to the non-volatile memory, first data and a generated first message authentication code (MAC). Accordingly, it is possible to efficiently defend against a replay attack in a non-volatile memory having no internal controller.

A storage device includes a first memory to which data can be written a plurality of times and a second memory that includes storage elements for which electrical characteristics can be changed only once. The first memory storing first encryption key information and the second memory storing second encryption key information. A controller generated an encryption key using the first encryption key information and the second encryption key information in combination and then encrypts and decrypts data written or read from the first memory. When a host requests an encryption erase, the controller attempts to erase the first encryption key information from the first memory. If the requested erase fails, the controller erases the second encryption key information from the second nonvolatile memory.

A method of decommissioning a key in a decryption storage system includes scanning a storage system to identify metadata associated with a current key to be decommissioned. The method further includes encrypting, with the current key, data corresponding to the metadata to generate encrypted data. The method further includes decrypting the encrypted data with a target key to generate decrypted data. The method further includes modifying, by a processing device, the metadata to identify the target key to generate modified metadata. The method further includes storing the decrypted data and the modified metadata to the storage system.

An electronic device includes a first non-volatile memory and an application circuit. The first non-volatile memory stores first encrypted data encrypted with a global key. The application circuit includes a second non-volatile memory, a decryption unit, a local key unit, and an encryption unit. The second non-volatile memory stores the global key. The decryption unit is coupled to the first non-volatile memory and the second non-volatile memory. The decryption unit retrieves the global key from the second non-volatile memory and decrypts the first encrypted data with the global key to generate plain data. The local key unit generates or stores a local key. The encryption unit is coupled to the local key unit. The encryption unit encrypts the plain data with the local key to generate second encrypted data and overwrites the first encrypted data in the first non-volatile memory with the second encrypted data.