A semiconductor device of an embodiment includes a seed generator circuit configured to generate a seed from inputted data by using first random number sequence data generated by an XorShift circuit; and a random number generator circuit configured to receive the seed as input to generate second random number sequence data by a second XorShift circuit.

Methods, systems, and devices for authenticated modification of memory system data are described. A host system may transmit a command to program data to a protection region of a memory system, and the host system may sign the command using a key associated with the protection region. In some examples, the host system may transmit the data associated with the command, or the command may include instructions to move the data from another region of the memory system. Upon receiving the command, the memory system may verify the signature to determine whether the host is authorized to modify the protection region, and may program the data as requested by the host system. In some cases, the protection regions of the memory system may be updated, for example by adjusting the size or address range of the protection regions, in response to a command from the host system.

A method for managing a storage system includes initiating, by a hardware resource manager, a boot-up of a storage controller managing the storage system comprising a plurality of storage devices, making a determination, by the storage controller, that the storage controller is in a secured mode, based on the determination: identifying a security state of each of the plurality of storage devices, determining that a storage device of the plurality of storage devices is in an unsecured state, and based on the unsecured state, sending, by the storage controller, a security operation request for securing the storage device, obtaining a secure state response from the hardware resource manager corresponding to securing the storage device, and based on the secure state response, resuming operation of the storage controller based on the secure mode.

A self-encrypting drive (SED) comprises an SED controller and a nonvolatile storage medium (NVSM) responsive to the SED controller. The SED controller enables the SED to perform operations comprising: (a) receiving an encrypted media encryption key (eMEK) for a client; (b) decrypting the eMEK into an unencrypted media encryption key (MEK); (c) receiving a write request from the client, wherein the write request includes data to be stored and a key tag value associated with the MEK; (d) using the key tag value to select the MEK for the write request; (e) using the MEK for the write request to encrypt the data from the client; and (f) storing the encrypted data in a region of the NVSM allocated to the client. Other embodiments are described and claimed.

An information processing apparatus that is capable of improving access to a nonvolatile semiconductor memory. The information processing apparatus includes a nonvolatile semiconductor memory that includes memory areas, a user interface that can accept a user operation, a memory device that stores a set of instructions, and one or more processor that executes the set of instructions to generate an erase command that instructs the semiconductor memory to execute an erasing process to each of the memory areas in a state where a user operation to the user interface is unacceptable.

A cloud-based system for securely storing data, the system having a processor which obtains a source data file; splits it into at least three fragments; and uses an encryption key associated with the fragments to encrypt the fragments and distributes the encrypted fragments among at least three cloud storage providers, creates a pointer file containing information for retrieving the encrypted fragments. When a system user requests access to the data, the system uses the information stored in the pointer file to retrieve the stored encrypted fragments from the plurality of clouds; decrypts the fragments and reconstructs the data, and provides data access to the system user.

In an information processing system, a storage control server (storage control node) that has received a read request of data from a compute server (compute node) transmits the read request to a drive box. The drive box that has received the read request from the storage control server reads encrypted read target data corresponding to the read request from non-volatile storage media, decrypts the read target data with key data acquired at a predetermined timing, and then transmits the decrypted read target data to the compute server as a read request source.

A method for use with a storage network includes generating system messages, in accordance with the system-level message processing parameters, the system messages including status information, performance information and alarms, each having one of a plurality of priorities, wherein the generating includes: generating a first message of the system messages corresponding to a first of the storage nodes based on the system-level message processing parameters, the first message including a first alarm of the alarms having a first message priority of the plurality of priorities; and generating a second message of the system messages corresponding to a second of the storage nodes based on the system-level message processing parameters, the second message including a second alarm of the alarms having a second message priority of the plurality of priorities.

There is provided a method performed by a first storage provisioning node of a system for provisioning storage in the system. In response to a first request for an encrypted storage volume for an application node, transmission of a second request is initiated (20) towards a second storage provisioning node for an unencrypted storage volume. In response to the requested unencrypted storage volume becoming available to the first storage provisioning node, an encrypted storage volume is generated (22) from the unencrypted storage volume and provisioning of the encrypted storage volume is initiated (24) to make the encrypted storage volume available at a compute node of the system for use by the application node.

States of storage nodes in a storage cluster may be transitioned from a secured state to an unsecured state. When all the storage nodes are in the secured state, a first reboot of the storage nodes is initiated. The first reboot may involve the storage nodes rebooting from the secured state into an intermediate state. During the first reboot: storage nodes that have rebooted into the intermediate state are allowed to rejoin the distributed storage cluster, and storage nodes in the unsecured state are not allowed to join the distributed storage cluster. When all the storage nodes are in the intermediate state, a second reboot of the storage nodes may be initiated. The second reboot may involve rebooting the storage nodes from the intermediate state into the unsecured state. During the second reboot, storage nodes that have rebooted into the unsecured state are allowed to rejoin the storage cluster.