公开(公告)号：US09690954B2

公开(公告)日：2017-06-27

申请号：US14855824

申请日：2015-09-16

申请人： Citrix Systems, Inc.

发明人： Joseph Nord ,  Timothy Gaylor ,  Benjamin Elliot Tucker

IPC分类号： H04L9/14 ,  G06F21/79 ,  G06F21/60 ,  G06F21/78 ,  G06F21/80 ,  H04L9/18 ,  G06F3/06 ,  H04L9/08 ,  H04L29/06

CPC分类号： G06F21/79 ,  G06F3/0623 ,  G06F3/0664 ,  G06F21/602 ,  G06F21/78 ,  G06F21/80 ,  G06F2221/2107 ,  H04L9/0822 ,  H04L9/0861 ,  H04L9/0886 ,  H04L9/0894 ,  H04L9/14 ,  H04L9/3234 ,  H04L63/0428

摘要： Securing encrypted virtual hard disks may include a variety of processes. In one example, a virtual hard disk is created for a user and encrypted with a volume key, and the volume key placed in an administrator header. The administrator header may be encrypted with a protection key, the protection key created from a user identifier corresponding to the user, a volume identifier corresponding to the virtual hard disk, and two cryptographic secrets. The protection key may then destroyed after encrypting the administrator header and therefore, might never leave the encryption engine. The two cryptographic secrets may be stored in separate storage locations, one accessible to the user and the other accessible to administrators. Accordingly, the protection key might never transmitted or can be intercepted, and no single entity may be compromised to gain access to all of the information needed to recreate the protection key.

公开(公告)号：US09529805B2

公开(公告)日：2016-12-27

申请号：US13976378

申请日：2011-12-22

申请人： Paul J. Thadikaran ,  Nicholas D. Triantafillou ,  Paritosh Saxena

发明人： Paul J. Thadikaran ,  Nicholas D. Triantafillou ,  Paritosh Saxena

IPC分类号： G06F17/30 ,  G06F3/06 ,  G06F21/56 ,  G06F21/80

CPC分类号： G06F17/30082 ,  G06F3/062 ,  G06F3/0643 ,  G06F3/0673 ,  G06F21/562 ,  G06F21/80

摘要： Systems and methods for providing awareness of a host file system on a storage device are described. In one embodiment, a storage device includes a host interface and a file awareness block. The host interface provides an interface between a host and the storage device. The file awareness block provides an awareness of the host file system to the storage device.

摘要翻译： 描述用于提供对存储设备上的主机文件系统的认知的系统和方法。 在一个实施例中，存储设备包括主机接口和文件感知块。 主机接口提供主机和存储设备之间的接口。 文件感知块提供主机文件系统对存储设备的意识。

公开(公告)号：US09501349B2

公开(公告)日：2016-11-22

申请号：US14336195

申请日：2014-07-21

申请人： CLEVERSAFE, INC.

发明人： Jason K. Resch ,  S. Christopher Gladwin

IPC分类号： G11C29/00 ,  G06F11/10 ,  H03M13/05 ,  G06F21/64 ,  G06F21/80 ,  G06F17/30 ,  G06F11/14

CPC分类号： G06F11/10 ,  G06F11/1092 ,  G06F11/1402 ,  G06F17/30303 ,  G06F21/64 ,  G06F21/80 ,  G06F2211/1028 ,  H03M13/05

摘要： A method begins with a processing module of a dispersed storage network (DSN) maintaining, over time, a continuum of time-to-repair information regarding a plurality of storage units of the DSN and maintaining, over time, a continuum of time-to-failure information regarding the plurality of storage units. When the continuum of time-to-repair information and the continuum of time-to-failure information are each below undesired levels, the method continues with the processing module changing dispersed storage error encoding parameters of a logical storage vault of the DSN by lowering a decode threshold number with respect to a current decode threshold number and increasing a pillar width number with respect to a current pillar width number. The method continues with the processing module re-encoding stored encoded data of the logical storage vault based on the increased pillar width number and the decreased decode threshold number.

摘要翻译： 一种方法从分散存储网络（DSN）的处理模块开始，随着时间的推移，维持关于DSN的多个存储单元的修复时间信息的连续性，并且随着时间的推移维持连续的时间 - - 关于多个存储单元的失败信息。 当时间到修复信息的连续性和时间到故障信息的连续性都低于不期望的级别时，该方法继续处理模块通过降低DSN的逻辑存储库的分散的存储错误编码参数来改变 解码相对于当前解码阈值数的阈值数，并相对于当前柱宽数增加柱宽数。 该方法继续处理模块基于增加的柱宽数量和减小的解码阈值数量重新编码逻辑存储库的存储编码数据。

公开(公告)号：US09467512B2

公开(公告)日：2016-10-11

申请号：US13743170

申请日：2013-01-16

申请人： Intel Corporation

发明人： Eliezer Tamir ,  Ben-Zion Friedman ,  Phil C. Cayton ,  Theodore L. Willke ,  Frank Berry

IPC分类号： G06F13/12 ,  G06F15/167 ,  H04L29/08 ,  G06F21/80 ,  G06F21/44 ,  G06F21/79 ,  H04L29/06 ,  G06F3/06

CPC分类号： G06F15/17331 ,  G06F3/061 ,  G06F3/0611 ,  G06F3/0655 ,  G06F3/0659 ,  G06F3/0683 ,  G06F3/0688 ,  G06F13/4282 ,  G06F15/167 ,  G06F21/44 ,  G06F21/79 ,  G06F21/80 ,  G06F2213/0026 ,  H04L67/1097 ,  H04L69/12 ,  Y02D10/14 ,  Y02D10/151

摘要： Examples include client access to a storage medium coupled with a server. A network input/output device for the server receives a remote direct memory access (RDMA) command including a steering tag (S-Tag) from a client remote to the server. For these examples, the network input/output device forwards the RDMA command to a Non-Volatile Memory Express (NVMe) controller and access is provided to a storage medium based on an allocation scheme that assigned the S-Tag to the storage medium. In some other examples, an NVMe controller generates a memory mapping of one or more storage devices controlled by the NVMe controller to addresses for a base address register (BAR) on a Peripheral Component Interconnect Express (PCIe) bus. PCIe memory access commands received by the NVMe controller are translated based on the memory mapping to provide access to the storage device.

摘要翻译： 示例包括客户端访问与服务器耦合的存储介质。 用于服务器的网络输入/输出设备从远程服务器的客户端接收包括转向标签（S-Tag）的远程直接存储器访问（RDMA）命令。 对于这些示例，网络输入/输出设备将RDMA命令转发到非易失性存储器Express（NVMe）控制器，并且基于将S-Tag分配给存储介质的分配方案向存储介质提供访问。 在其他一些示例中，NVMe控制器生成由NVMe控制器控制的一个或多个存储设备的存储器映射到外围组件互连Express（PCIe）总线上的基地址寄存器（BAR）的地址。 由NVMe控制器接收的PCIe存储器访问命令基于存储器映射进行转换，以提供对存储设备的访问。

公开(公告)号：US09467511B2

公开(公告)日：2016-10-11

申请号：US13743112

申请日：2013-01-16

申请人： Intel Corporation

发明人： Eliezer Tamir ,  Ben-Zion Friedman ,  Steen Larsen

IPC分类号： G06F13/12 ,  G06F15/167 ,  H04L29/08 ,  G06F21/80 ,  G06F21/44 ,  G06F21/79 ,  H04L29/06 ,  G06F3/06

CPC分类号： G06F15/17331 ,  G06F3/061 ,  G06F3/0611 ,  G06F3/0655 ,  G06F3/0659 ,  G06F3/0683 ,  G06F3/0688 ,  G06F13/4282 ,  G06F15/167 ,  G06F21/44 ,  G06F21/79 ,  G06F21/80 ,  G06F2213/0026 ,  H04L67/1097 ,  H04L69/12 ,  Y02D10/14 ,  Y02D10/151

摘要： Examples are disclosed for use of vendor defined messages to execute a command to access a storage device maintained at a server. In some examples, a network input/output device coupled to the server may receive the command from a client remote to the server for the client to access the storage device. For these examples, elements or components of the network input/output device may be capable of forwarding the command either directly to a Non-Volatile Memory Express (NVMe) controller that controls the storage device or to a manageability module coupled between the network input/out device and the NVMe controller. Vendor specific information may be forwarded with the command and used by either the NVMe controller or the manageability module to facilitate execution of the command. Other examples are described and claimed.

摘要翻译： 公开了使用供应商定义的消息来执行访问维护在服务器上的存储设备的命令的示例。 在一些示例中，耦合到服务器的网络输入/输出设备可以从远程服务器的客户端接收命令，以使客户端访问存储设备。 对于这些示例，网络输入/输出设备的元件或组件可能能够将命令直接转发到控制存储设备的非易失性存储器Express（NVMe）控制器或耦合在网络输入/ 输出设备和NVMe控制器。 供应商的具体信息可以使用命令转发，并由NVMe控制器或可管理性模块使用，以便于执行命令。 其他的例子被描述和要求保护。

公开(公告)号：US20160234173A1

公开(公告)日：2016-08-11

申请号：US14988477

申请日：2016-01-05

申请人： Intertrust Technologies Corporation

发明人： Umesh Maheshwari ,  Radek Vingralek ,  W. Olin Sibert

IPC分类号： H04L29/06 ,  H04L9/06

CPC分类号： H04L63/0428 ,  G06F21/6218 ,  G06F21/80 ,  G06F21/805 ,  G06F2211/007 ,  H04L9/0643

摘要： Systems and methods are disclosed for providing a trusted database system that leverages a small amount of trusted storage to secure a larger amount of untrusted storage. Data are encrypted and validated to prevent unauthorized modification or access. Encryption and hashing are integrated with a low-level data model in which data and meta-data are secured uniformly. Synergies between data validation and log-structured storage are exploited.

公开(公告)号：US20160140334A1

公开(公告)日：2016-05-19

申请号：US14540784

申请日：2014-11-13

申请人： Seagate Technology LLC

发明人： Monty A. Forehand ,  Manuel A. Offenberg ,  Christopher J. DeMattio

IPC分类号： G06F21/44

CPC分类号： G06F21/44 ,  G06F21/80 ,  G06F2221/2103 ,  G06F2221/2107 ,  H04L9/0643 ,  H04L63/0853

摘要： Apparatus and method for controlling access to protected functionality of a data storage device. In some embodiments, a plurality of identification (ID) values associated with a data storage device are combined to form a combined ID value. The combined ID value is cryptographically processed using a secret symmetric encryption key in combination with a hash function or a key derivation function to generate a unique device credential for the data storage device. The unique device credential is used as an input to a selected cryptographic function to control access to a protected function of the data storage device.

摘要翻译： 用于控制对数据存储设备的受保护功能的访问的装置和方法。 在一些实施例中，与数据存储设备相关联的多个识别（ID）值被组合以形成组合的ID值。 组合的ID值使用秘密对称加密密钥与散列函数或密钥导出函数组合进行加密处理，以生成用于数据存储设备的唯一设备凭证。 独特的设备凭证被用作所选密码功能的输入，以控制对数据存储设备的保护功能的访问。

公开(公告)号：US09336387B2

公开(公告)日：2016-05-10

申请号：US11882105

申请日：2007-07-30

申请人： Donald E. Allison ,  Kenneth A. Mendelson

发明人： Donald E. Allison ,  Kenneth A. Mendelson

IPC分类号： G06F12/02 ,  G06F21/55 ,  G06F21/79 ,  G06F12/14 ,  G06F21/80 ,  G06F21/78

CPC分类号： G06F21/552 ,  G06F3/0622 ,  G06F3/0625 ,  G06F3/0634 ,  G06F3/0653 ,  G06F3/0655 ,  G06F3/0688 ,  G06F12/14 ,  G06F12/1433 ,  G06F21/78 ,  G06F21/79 ,  G06F21/80

摘要： Discrete events that take place with respect to a hard disk drive or other I/O device or port are indicated to logic that implements Self-Monitoring Analysis and Reporting Technology (SMART) or similar technology. These events are communicated to SMART as event data. Examples of such discrete events include power on, power off, spindle start, and spindle stop, positioning of the actuator, and the time at which such events occur. SMART then compiles event data to create compiled activity data. Compiled activity data represents summary statistical information that is created by considering some or all of the event data. Examples of compiled activity data include the Time Powered On and Power Cycle Count. Collection logic then writes the compiled activity data to a memory medium. An analyst can then read data from log file(s).

公开(公告)号：US20160125196A1

公开(公告)日：2016-05-05

申请号：US14858277

申请日：2015-09-18

申请人： CRAM Worldwide. Inc.

发明人： R. Daren KLUM

IPC分类号： G06F21/62 ,  G06F21/32

CPC分类号： G06F21/6218 ,  G06F21/32 ,  G06F21/79 ,  G06F21/80 ,  G06F2221/2101 ,  G06F2221/2107 ,  G06F2221/2125 ,  G06F2221/2143

摘要： Secured electronic data storage on a hard drive is described. A computer system that incorporates the hard drive includes a shrink, shred, and data randomization algorithm built into the read/write function of the computer system for the purposes of securing any data that is stored on the hard drive. Data to be stored on the hard drive is processed using the algorithm which shrinks, shreds, and randomly distributes the data into multiple storage locations, for example multiple partitions of storage, different data storage drives of the hard drive, different folders of a storage device, and the like. An electronic log of where the data is distributed is kept in electronic data storage, on the computer system and/or separate from the computer system, that allows the data on the hard drive to be retrieved, reassembled, decompressed, and if necessary decrypted, upon receipt of a read/access request.

摘要翻译： 描述硬盘驱动器上的安全电子数据存储。 包含硬盘驱动器的计算机系统包括内置在计算机系统的读/写功能中的收缩，碎片和数据随机化算法，用于保护存储在硬盘驱动器上的任何数据。 要存储在硬盘驱动器上的数据将使用收缩，分片和随机分配数据到多个存储位置的算法进行处理，例如存储的多个分区，硬盘驱动器的不同数据存储驱动器，存储设备的不同文件夹 ，等等。 将数据分发的电子日志保存在电子数据存储器中，计算机系统上和/或与计算机系统分离，允许硬盘驱动器上的数据被检索，重新组装，解压缩，并且如果需要解密， 一旦接收到读/访问请求。

公开(公告)号：US09317217B1

公开(公告)日：2016-04-19

申请号：US13464456

申请日：2012-05-04

申请人： Eden G. Adogla

发明人： Eden G. Adogla

IPC分类号： G06F12/00 ,  G06F3/06

CPC分类号： G06F3/0652 ,  G06F21/80 ,  G06F2221/2143

摘要： Systems and methods for wiping and verifying the wiping of a data storage device where the dirtying of blocks of the storage device is tracked and only the dirtied blocks are scanned to verify if the storage device has been sufficiently wiped.

摘要翻译： 用于擦拭和验证擦除存储设备的块的脏污并且仅扫描脏污块以检查存储设备是否已被充分擦拭的数据存储设备的擦拭和擦除的系统和方法。