A system and method for first changing the encryption key on a self-encrypting disk drive followed by a complete disk wipe. Either process can be separately performed, and they can be performed in any order. In fact, one embodiment of the invention, resets the symmetric key, wipes the disk a predetermined number of times with different predetermined data patterns, and then resets the key a second time. This assures that there is absolutely no way to recover the original key or to read the original plain text data, even if some of it's encrypted values remain on unallocated tracks after wiping. A user can be assured that in milliseconds after starting the wiping process, the entire disk is rendered unreadable and unrecoverable. Verifiable data can be pre-written to a device that is later read back to assure that wiping or firmware-based erase commands have worked.

Systems and methods for reading data are provided herein using a data archive architecture controlled by a head server. The head server can read data in a contiguous manner across multiple storage devices for data that has been partitioned into multiple portions and spread across the multiple storage devices. Portions of a first object can be transmitted and read from a first subset of storage devices and portions of a second object can be transmitted and read from a second subset of storage devices. The head server can increment a read pointer based on a length of the portions of the first object to a determine a read location of different portions of the first object or the second object. The head server can identify different read location to read sub sequent of different portions of multiple objects using one or more lengths of the objects or portions of the object.

A virtual file system (VFS) is constructed by reliably acquiring subsequent data corresponding to an information recording medium from a local storage unit, and thus, data reproduction is executed. A data processing unit executes processing of selecting data associated with the information recording medium from the local storage unit, as reproduction target data, executes directory name calculation processing in which a conversion function corresponding to a version of the information recording medium is applied to configuration data of a root certificate recorded in the information recording medium, at the time of performing the processing of selecting the reproduction target data, and selects data which is recorded in a directory having a calculated directory name from the local storage unit, as the reproduction target data.

In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.

Systems and methods for reading data are provided herein using a data archive architecture controlled by a head server. The head server can read data in a contiguous manner across multiple storage devices for data that has been partitioned into multiple portions and spread across the multiple storage devices. Portions of a first object can be transmitted and read from a first subset of storage devices and portions of a second object can be transmitted and read from a second subset of storage devices. The head server can increment a read pointer based on a length of the portions of the first object to a determine a read location of different portions of the first object or the second object. The head server can identify different read location to read sub sequent of different portions of multiple objects using one or more lengths of the objects or portions of the object.

Systems and methods for storing data are provided herein using a data archive architecture controlled by a head server. The head server can write data in a contiguous manner across multiple storage devices by partitioning objects into multiple portions and spreading the portions across the multiple storage devices. Portions of a first object can be transmitted to a first subset of storage devices and portions of a second object can be transmitted to a second subset of storage devices. The first subset of storage devices can write the portions of the first object to a first write location indicated by a write pointer. The head server can increment the write pointer based on a length of the portions of the first object to a second write location. The second subset of storage devices can write the portions of the second object to the second write location.

Systems and methods for storing data are provided herein using a data archive architecture controlled by a head server. The head server can write data in a contiguous manner across multiple storage devices by partitioning objects into multiple portions and spreading the portions across the multiple storage devices. Portions of a first object can be transmitted to a first subset of storage devices and portions of a second object can be transmitted to a second subset of storage devices. The first subset of storage devices can write the portions of the first object to a first write location indicated by a write pointer. The head server can increment the write pointer based on a length of the portions of the first object to a second write location. The second subset of storage devices can write the portions of the second object to the second write location.

In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.

In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.

In a method for enabling support for backwards compatibility in a User Domain, in one of a Rights Issuer (RI) and a Local Rights Manager (LRM), a Rights Object Encryption Key (REK) and encrypted REK are received from an entity that generated a User Domain Authorization for the one of the RI and the LRM and the REK is used to generate a User Domain Rights Object (RO) that includes the User Domain Authorization and the encrypted REK.