A storage controller and a storage system comprising the same are provided. Provided is a device security manager configured to set a first device security zone to allow a first tenant to access first tenant data stored in a non-volatile memory, receive access information from a host device and writing the received access information in a mapping table, wherein the access information includes a first host memory address in which the first tenant data is stored in the host device, a first namespace identifier for identifying the first tenant data stored in the non-volatile memory, a first logic block address corresponding to the first namespace identifier, and an encryption key, encrypt the first tenant data by using the encryption key, and write the encrypted first tenant data in the first device security zone of the non-volatile memory.

Various embodiments relate to a memory controller, including: a memory interface connected to a memory; an address and control logic connected to the memory interface and a command interface, wherein the address and control logic is configured to receive a memory read request; a read inline encryption engine (IEE) connected to the memory interface, wherein the read IEE is configured to decrypt encrypted data read from the memory; a key selector configured to determine a read memory region associated with the memory read request based upon a read address where the data to be read is stored, wherein the read address is received from the address and control logic; and a key logic configured to select a first key associated with the determined read memory region and provide the selected key to the read IEE.

A memory system connectable to a host device includes a nonvolatile memory, a first circuit configured to generate a sequence of random number bits, and a processor configured to instruct the circuit to generate a sequence of random number bits having a first length, calculate a first value indicating randomness of the sequence, determine whether the first value exceeds a threshold value, upon determining that the first value exceeds the threshold value, generate a pseudo random number using the sequence, upon determining that the first value does not exceed the threshold value, instruct the first circuit to generate another sequence of random number bits having a second length greater than the first length, and generate a pseudo random number using said another sequence, and write or read data to or from the nonvolatile memory using the generated pseudo random number.

A cryptographic object management system is provided that includes physically separated first and second object management sites. The first and second object management sites each respectively include HSMs, a HSM server connected to each of the HSMs, and a persistent layer connected to the HSM server. The HSM servers respectively manage operation of each of the HSMs. The HSM server of the first object management site includes an object manager module that manages and controls the cryptographic object management system. The persistent layers respectively store cryptographic objects for use by the HSMs. Each of the HSMs respectively performs crypto-processing on one or more of the cryptographic objects.

Methods, apparatuses, and non-transitory machine-readable media associated with data transmission are described. Data transmission management can include receiving, from an edge device via a radio at a first device, instructions associated with data transmission between a second device in communication with the first device and a cloud service in communication with the first device. Data transmission management can also include managing, at the first device and based on the instructions from the edge device, data received from a memory resource of the second device for transmission to the cloud service and data received from the cloud service for transmission to the memory resource of the second device. Data transmission management can further include enabling transmission of some, none, or all of the data between the cloud service and the memory resource of the second device and vice versa based on the management of the data.

A data storage device includes a memory device and a controller coupled to the memory device. The controller is configured to set a decoder in data mode, read host memory buffer data and hashes from a host memory buffer, generate a first calculated hash, set the decoder in hash mode, generate a second calculated hash, and determine whether the second calculated hash is the same as a root hash. The controller is further configured to set an encoder in data mode, generate a first new hash, write new data and the first new hash to a host memory buffer, set the encoder to hash mode, calculate a second new hash, and update a root hash with the second new hash.

A data storage device includes a memory device and a controller coupled to the memory device. The controller comprises an XOR module, an ECC module, a scrambler, an encoder, and comparison logic. The controller is configured to retrieve data from the memory device, decode the retrieved data, execute XOR protection logic on the decoded data, encode the decoded data, and compare the encoded data to the retrieved data stored in the memory device.

A data storage method and apparatus, an electronic device, a non-transitory computer-readable storage medium, and a computer program product are provided. The method includes: receiving a storage request carrying multimedia data transmitted by a target device, storing multimedia data in local space of a target storage node, and generating a target storage proof of the multimedia data, the target storage proof indicating that the target storage node has stored the multimedia data, and transmitting the target storage proof to a consensus node, to cause the consensus node, after receiving an uploading request about the multimedia data transmitted by the target device, to perform consensus verification on the multimedia data according to the target storage proof, and store a data identifier of the multimedia data that passes the consensus verification in a blockchain of the consensus node.

A device for documenting and encrypting a face to face personal meeting that includes a casing, a connecting unit that can communicate with external data storage device, a camera or microphone, an encryption subsystem, a decryption subsystem, and a personal key reader that is capable to identify personal keys of participants of the meeting. The device can encrypt the video that can be decrypted by using the personal keys of the participants. The device can save the encrypted video only in external storage device that communicates with the connecting unit while the camera shoots the video, and it is saved with information of the participants' identified personal keys. The decryption subsystem can decrypt the encrypted video when external storage device in which the encrypted video is saved communicates with the connecting unit and when the reader identifies the identified personal keys of the participants.

Example implementations described herein provide systems and methods for detecting damage to data by malware and involve generating log information at a storage device based on a write input/output (I/O) provided to the storage device by one or more servers, the log information comprising time information for storing the write I/O to the storage device, logical block information for the write I/O, and a compression ratio associated with storing the write I/O to the storage device; and, for a request by a management server to provide the log information for a specified time range for the storage device, returning, from the storage device, the logical block information and the compression ratio associated with the time information within the specified time range.