A data transfer device including an enclosure with a plurality of input/output connection ports, a processor, a memory including a data store, and a data transfer component. The data transfer component directs the processor to transfer data from an external data source via at least one of the plurality of input/output connection ports, encrypt the transferred data, store the encrypted data on the data store, responsive to a successful transfer of the encrypted data to the data store, delete the data from the external data source, establish a connection to an external data storage service, responsive to a successful connection to the external data storage service, transfer the encrypted stored data to the external data storage service, responsive to a successful transfer of the encrypted stored data to the external data storage service, deleting the encrypted stored data from the data store.

An access revocation system for removing user data from a service provider device includes a processing device and a memory storing instructions for performing an access revocation method. The method includes receiving user data from a user device via a data channel, storing the user data in a data storage module, and receiving an access revocation message via a request channel separate from the data channel. The method also includes decrypting the access revocation message and performing at least one action defined by the access revocation message, the at least one action including scrubbing of user data from the data storage module.

An example operation may include one or more of receiving, from at least one sensor associated with a transport, severity of damage information related to the transport, when the severity of damage exceeds a threshold, sending sensitive data on the transport to a storage apart from the transport, and deleting the information and the sensitive data from the transport.

Systems and methods are described for implementing load-dependent encryption mechanism selection in an elastic computing system. The elastic computing system can include a set of host devices configured to implement block storage volumes on behalf of users. Users may desire that such volumes be encrypted prior to storing data. It may be generally preferable for encryption to occur on the same host devices that host the volume, to reduce latency and bandwidth usage needed to encrypt the data. However, encryption of data can utilize significant computational resources, which may not be available on host devices that also have sufficient storage resources to host the volume. The present disclosure describes systems and methods that can account for computational resource availability on host devices, selecting “in-place” encryption only when available resources exist on host devices, and otherwise implementing remote encryption of volume data.

A system includes a memory component and a processing device, operatively coupled with the memory component, to generate a physical presence security identification (PSID) for the memory component using a statistically random number generator. The processing device, operatively coupled with the memory component, can securely retrieve the PSID and revert the memory component to an original state using the PSID.

In some embodiments, a system for synchronizing content with client devices receives a request from a client device to synchronize operations pertaining to content items associated with a user account registered at the system. The request can include the operations and a cursor identifying a current position of the client in a journal of revisions on the system. Based on the operations, the system generates linearized operations associated with the content items. The linearized operations can include a respective operation derived for each of the content items from one or more of the operations. The system converts each respective operation in the linearized operations to a respective revision for the journal of revisions and, based on the cursor, determines whether the respective revision conflicts with revisions in the journal. When the respective revision does not conflict with revisions in the journal, the system adds the respective revision to the journal.

Compressibility instrumented dynamic volume provisioning is disclosed. For example, a plurality of storage pools includes first and second storage pools, and is managed by a storage controller that receives a request to provision a first persistent storage volume associated with a first container, where the first storage pool has a first storage configuration including a deduplication setting, a compression setting, and/or an encryption setting. The first persistent storage volume is created in the first storage pool based on a first storage mode stored in metadata associated with the first container, where the storage mode includes a deduplication mode, a compression mode, and/or an encryption mode. A second persistent storage volume is in the second storage pool with a second storage configuration different from the first storage configuration based on a second storage mode associated with a second container.

A method for encrypting data in one or more data blocks is provided. The method receives a first data block to be written to a physical storage that includes one or more physical disks. The method applies a first random tweak to data indicative of the first data block to generate a first encrypted data block, and writes the first encrypted data block and the first random tweak to a first physical block of the physical storage. The method receives a second data block to be written to the physical storage. The method then applies a second random tweak, different than the first random tweak, to data indicative of the second data block to generate a second encrypted data block, and writes the second encrypted data block and the second random tweak to a second physical block of the physical storage.

Various embodiments include a memory device that recovers from write errors and read errors more quickly relative to prior memory devices. Certain patterns of write data and read data may result on poor signal quality on the memory interface between memory controllers and memory devices. The disclosed memory device, synchronously with the memory controller, scrambles read data before transmitting the data to the memory controller and descrambles received from the memory controller. The scrambling and descrambling results in a different pattern on the memory interface even for the same read data or write data. Therefore, when a write operation or a read operation fails, and the operation is replayed, the pattern transmitted on the memory interface is different when the operation is replayed. As a result, the memory device more easily recovers from data patterns that cause poor signal quality on the memory interface.

A disk device includes a volatile memory, a nonvolatile memory, and a controller. The controller is configured to receive, from a host, a key setting request that includes a cryptographic key, a key ID thereof, and tag information of the cryptographic key and generate generation information of the cryptographic key. The controller is also configured to store a first entry including the tag information, the cryptographic key, and the generation information associated with each other in the volatile memory, and store a second entry including the key ID and the generation information associated with each other in the nonvolatile memory.