A self-encrypting drive (SED) comprises an SED controller and a nonvolatile storage medium (NVSM) responsive to the SED controller. The SED controller enables the SED to perform operations comprising: (a) receiving an encrypted media encryption key (eMEK) for a client; (b) decrypting the eMEK into an unencrypted media encryption key (MEK); (c) receiving a write request from the client, wherein the write request includes data to be stored and a key tag value associated with the MEK; (d) using the key tag value to select the MEK for the write request; (e) using the MEK for the write request to encrypt the data from the client; and (f) storing the encrypted data in a region of the NVSM allocated to the client. Other embodiments are described and claimed.

A method includes receiving, at a controller of a computational storage (CS) device, a request to allocate computational storage to an application of a host device. The request includes a resource set ID associated with the application. The method further includes identifying a memory range within a memory region of the CS device. The method further includes storing, in a data structure associated with the resource set ID, an association between a memory range identifier (ID) of the memory range, the memory region, and an offset within the memory region. The method further includes sending the memory range ID to the host device.

Profiling user activity to achieve social and governance objectives, including: generating, based on data describing activities within a system, a plurality of activity groupings each including one or more user accounts and corresponding to a particular activity in the system; generating, for each of the plurality of activity groupings, one or more social groupings based on user profiles of the one or more user accounts in a corresponding activity grouping, wherein each of the one or more social groupings corresponds to one or more particular user profile attributes; identifying, for a particular user account, one or more of the activity groupings having a social grouping corresponding to user profile attributes of the particular user account; and modifying one or more user experience features of the system based on the identified one or more activity groupings.

An apparatus includes a database with device profiles, and a device programmer. The device programmer includes instructions. The instructions, when read and executed by a processor, cause the device programmer to identify a device identifier of an electronic device. The device programmer is further caused to, based upon the device identifier, access device data from the database. The device programmer is further caused to, based upon the device data, determine an area of memory of the electronic device that can be written. The device programmer is further caused to, based on the determination of the area of memory of the electronic device that can be written, write data to the area of memory.

In accordance with an embodiment, a system on chip includes: a plurality of master equipment; a plurality of slave resources, where a slave resource of the plurality of slave resources comprises a memory device includes a first memory area; an interconnection circuit; and a check circuit. A first master equipment is configured to define initial access rights for the first memory area, and to delegate access management of the first memory area to a second master equipment. The second master equipment is configured to define for the first memory area, particular access rights from the initial access rights associated with the first memory area and access right rules; and the check circuit is configured to check whether a transaction intended for the first memory area is indeed authorized to access the first memory area using applicable access rights associated with the first memory area.

In accordance with an embodiment, a method for managing a memory within a system-on-a-chip including a processor, a memory and a firewall device, includes: generating, by the processor, a request to access the memory, where the request has a access permission level; controlling, by the firewall device, access to the at least one memory region of the memory as a function of the access permission level of the request and a respective access permission level associated with at least one memory region; and erasing, by the firewall device, the at least one memory regions when its respective access permission level is modified, where erasing comprises performing a hardware-implemented erasure.

A method of distributed file deletion, performed by a storage system, is provided. The method includes receiving, at the storage system, a request to delete a directory and contents of the directory and adding the directory to a first set, listed in a memory in the storage system. The method includes operating on the first set, by examining each directory in the first set to identify subdirectories, adding each identified subdirectory to the first set as a directory, and adding each examined directory to a second set listed in the memory. The method includes deleting in a distributed manner across the storage system without concern for order, contents of directories, and the directories, listed in the second set.

An exemplary access control system controls access to a computing system such as a data storage system. For example, the exemplary access control system includes a cloud storage platform that authorizes a user to access the cloud storage platform. After access to the cloud storage platform is authorized, the cloud storage platform receives, from the user, a request to access, through the cloud storage platform, an application executing on a remote storage device. The cloud storage platform obtains an access token in response to receiving the request from the user. The cloud storage platform transmits the access token to the storage device for use by the storage device to validate the user and grant the user access, through the cloud storage platform, to the application executing on the storage device.

Disclosed is a self-deploying encrypted hard disk, a deployment method thereof, a system and a boot method thereof. The self-deploying encrypted hard disk comprises a storage medium and a master control unit for placing a host system in communication with the storage medium, which comprises a system data area comprising: a configuration module, wherein when the self-deploying encrypted hard disk boots up under an unconfigured state, executable code of the configuration module is imported into the host system to assist a user in configuring operation characteristics of the self-deploying encrypted hard disk and a system comprising the self-deploying encrypted hard disk; an identity authentication module, wherein when the identity authentication module boots up after the operation characteristics have been configured by the configuration module, the identity authentication module performs security authentication on user identity and operating environment, and grants access permission to a user who has passed the security authentication.

According to one aspect of the technique of the present disclosure, there is provided a device in a network including: a storage in a secure zone to store encryption algorithms, information generators, and keys; and an operation processor in the secure zone. When the device operates as a master device, the operation processor selects at least one of an encryption algorithm, an information generator or a key used for encrypted communication within the network, generates profile information including at least one of identification information of the encryption algorithm, the information generator or the key, and transmits the profile information to another device in the network. When the device does not operate as the master device, the operation processor receives the profile information from the master device, and designates based thereon at least one of the encryption algorithm, the information generator or the key used for the encrypted communication.