Abstract: A secure cartridge-based storage system includes a set of read/write control electronics on a control board adapted to removably couple with each of a plurality of storage cartridges. The read/write control electronics are adapted to transmit a public key to a target storage cartridge in response to a read/write command received from a host device. The target storage cartridge includes and encryption circuit that authenticates the transmitted public key against a stored public key, accesses a locally-stored encryption key responsive to successful authentication of the public key; and utilizes the locally-stored encryption key to encrypt or decrypt data of the read/write command that is in transit between the storage media and the control board.

Abstract: A method includes receiving, in a data storage device, a request from a client computer for a portion of ciphertext stored in the data storage device, and providing, by a controller of the data storage device, the portion of the ciphertext to the client computer. The method also includes receiving, in the data storage device, an update token generated by the client computer from the portion of the ciphertext. The method further includes performing, by the controller of the data storage device, re-encryption of the ciphertext using the update token.

Abstract: A method includes providing a public encryption key and a seed to a party and receiving a first encrypted data set encrypted using the public encryption key and marked by the party with a first mark based on the seed. The method also includes aggregating the first encrypted data set into an aggregated data set at an aggregator and receiving an indication that a first operation associated with the party has been performed on the aggregated data set. In response to the receiving, updating the first encrypted data set of the aggregated data set by updating the first mark to a second mark according to the first operation, generating a verification encrypted data set according to at least the second mark and at least the corresponding first operation, verifying the aggregated data set by comparing the updated first encrypted data set and the verification encrypted data set.

Abstract: Technology disclosed herein provides an object tracking multi-camera system including a plurality of cameras to capture images of one or more objects and one or more pattern recognition modules, each of the pattern recognition modules configured to identify an object in a video frame using pattern recognition and assigning a tracking number to the identified object, collect a plurality of object frames related to the identified object and associating the plurality of object frames to the assigned tracking number, compare a newly obtained object frame with the plurality of object frames related to the identified object to determine if the newly obtained object frame is related to the identified object, and in response to the comparison determine that facial recognition does not need to be performed on the newly obtained object frame.

Abstract: A method of rotating a set of keys, having a media encryption key (MEK) and a current media encryption key encryption key (MEKEK) encrypted and stored in a self-encrypting drive (SED) having data encrypted with the MEK (MEK(data)), includes decrypting the stored MEK and the current MEKEK. A new MEK (MEK?) and a new MEKEK (MEKEK?) are generated. The MEKEK? is encrypted to replace the current encrypted MEKEK. A concatenation of the MEK and the MEK? is encrypted with MEKEK?. The encrypted data MEK(data) is re-encrypted with MEK?.

Abstract: A method includes receiving, in a data storage device, a request from a client computer for a portion of ciphertext stored in the data storage device, and providing, by a controller of the data storage device, the portion of the ciphertext to the client computer. The method also includes receiving, in the data storage device, an update token generated by the client computer from the portion of the ciphertext. The method further includes performing, by the controller of the data storage device, re-encryption of the ciphertext using the update token.

Abstract: Systems, methods, and devices having systems-on-a-chip (SOCs) may utilize bootup code stored external from the SOCs. The bootup code may be verified by the SOCs. If the bootup code is not verified within a selected duration, the SOC may be reset or disabled. If the bootup code is verified within the selected duration, a reset circuit may be disabled.

Abstract: A secure cartridge-based storage system includes a set of read/write control electronics on a control board adapted to removably couple with each of a plurality of storage cartridges. For each individual storage cartridge, the read/write electronics are adapted to retrieve a unique device identifier from the storage cartridge; retrieve an encryption key stored on the control board in association with the unique device identifier; and utilize the encryption key to encrypt or decrypt data that is in transit to or from a target storage location on the storage media.

Abstract: A method includes providing a public encryption key and a seed to a party and receiving a first encrypted data set encrypted using the public encryption key and marked by the party with a first mark based on the seed. The method also includes aggregating the first encrypted data set into an aggregated data set at an aggregator and receiving an indication that a first operation associated with the party has been performed on the aggregated data set. In response to the receiving, updating the first encrypted data set of the aggregated data set by updating the first mark to a second mark according to the first operation, generating a verification encrypted data set according to at least the second mark and at least the corresponding first operation, verifying the aggregated data set by comparing the updated first encrypted data set and the verification encrypted data set.

Abstract: Secure distribution of data objects using a unique quantum-safe cryptographic key provided to a user requesting the data object that has been authenticated using a zero-knowledge authentication. A user may access the system by way of the zero-knowledge authentication to request access to a data object of a data library. The system may generate and associate a unique quantum-safe cryptographic key for the instance of the data library to be provided to the authenticated user. The data object is encrypted using the unique quantum-safe cryptographic key. The encrypted data object and the unique quantum-safe cryptographic key are provided to the authenticated user. Other instances of the data object may also be encrypted with other unique quantum-safe cryptographic keys. In turn, access to a unique quantum-safe cryptographic key may not be useful in decrypting other instances of the data object, and other data objects may not be decrypted using a given unique key for a given data object instance.

Abstract: Technology disclosed herein provides an object tracking multi-camera system including a plurality of cameras to capture images of one or more objects and one or more pattern recognition modules, each of the pattern recognition modules configured to identify an object in a video frame using pattern recognition and assigning a tracking number to the identified object, collect a plurality of object frames related to the identified object and associating the plurality of object frames to the assigned tracking number, compare a newly obtained object frame with the plurality of object frames related to the identified object to determine if the newly obtained object frame is related to the identified object, and in response to the comparison determine that facial recognition does not need to be performed on the newly obtained object frame.

Abstract: A secure cartridge-based storage system includes a set of read/write control electronics on a control board adapted to removably couple with each of a plurality of storage cartridges. For each individual storage cartridge, the read/write electronics are adapted to retrieve a unique device identifier from the storage cartridge; retrieve an encryption key stored on the control board in association with the unique device identifier; and utilize the encryption key to encrypt or decrypt data that is in transit to or from a target storage location on the storage media.

Abstract: A secure cartridge-based storage system includes a set of read/write control electronics on a control board adapted to removably couple with each of a plurality of storage cartridges. The read/write control electronics are adapted to transmit a public key to a target storage cartridge in response to a read/write command received from a host device. The target storage cartridge includes and encryption circuit that authenticates the transmitted public key against a stored public key, accesses a locally-stored encryption key responsive to successful authentication of the public key; and utilizes the locally-stored encryption key to encrypt or decrypt data of the read/write command that is in transit between the storage media and the control board.

Abstract: Secure distribution of data objects using a unique quantum-safe cryptographic key provided to a user requesting the data object that has been authenticated using a zero-knowledge authentication. A user may access the system by way of the zero-knowledge authentication to request access to a data object of a data library. The system may generate and associate a unique quantum-safe cryptographic key for the instance of the data library to be provided to the authenticated user. The data object is encrypted using the unique quantum-safe cryptographic key. The encrypted data object and the unique quantum-safe cryptographic key are provided to the authenticated user. Other instances of the data object may also be encrypted with other unique quantum-safe cryptographic keys. In turn, access to a unique quantum-safe cryptographic key may not be useful in decrypting other instances of the data object, and other data objects may not be decrypted using a given unique key for a given data object instance.