Abstract: Systems and methods for encrypting system level data structures are described. A storage system may include a storage drive and at least one controller for the storage drive. In some embodiments, the at least one controller may be configured to identify user data assigned to be stored on the storage drive, encrypt the user data, identify a system data structure generated in relation to the user data, and encrypt the system data structure. In some cases, the data structure may include at least one of metadata, system data, and data encapsulation relative to the user data. In some embodiments, the user data and the data structure may be encrypted with one or more encryption keys programmed on the storage drive.

Abstract: Method and apparatus for managing data in a data storage device configured as a storage compute appliance. In some embodiments, the data storage device has a non-volatile memory (NVM) and a controller circuit. The NVM stores a plurality of data sets encrypted by at least one encryption key. The controller circuit performs a storage compute appliance process by locally decrypting the plurality of data sets in a local memory of the data storage device, generating summary results data from the decrypted data sets, and transferring the summary results data across the host interface to an authorized user without a corresponding transfer of any portion of the decrypted data sets across the host interface.

Abstract: Method and apparatus for managing data in a data storage device configured as a storage compute appliance. In some embodiments, the data storage device has a controller circuit and a non-volatile memory (NVM) with an overall data storage capacity. A processor authenticates each of a plurality of authorized users of the NVM via data exchanges between a host device and the processor without reference to an external authentication authority device. Upon authentication, each authorized user is allocated a separate portion of the overall data storage capacity of the NVM using an allocation model. The size of at least one of the separate portions is subsequently adjusted based on an access history of the NVM. The storage device may be a key-value storage device so that a separate set of key values is provided to each authorized user to identify data blocks stored to and retrieved from the NVM.

Abstract: Systems and methods for encryption key shredding to protect non-persistent data are described. In one embodiment, the storage system device may include a storage drive and a controller. In some embodiments, the controller may be configured to power on the storage drive, identify an encryption key on the storage drive created upon powering on the storage drive, and encrypt data in a cache of the storage drive using the encryption key. In some embodiments, the controller may be configured to power off the storage drive and delete the encryption key upon powering off the storage drive. In some cases, the storage drive may include at least one of a solid state drive and a hard disk drive. In some embodiments, the storage drive may include a hybrid storage drive that includes both a solid state drive and a hard disk drive.

Abstract: Method and apparatus for managing data in a data storage device configured as a storage compute appliance. In some embodiments, the data storage device has a controller circuit and a non-volatile memory (NVM) with an overall data storage capacity. A processor authenticates each of a plurality of authorized users of the NVM via data exchanges between a host device and the processor without reference to an external authentication authority device. Upon authentication, each authorized user is allocated a separate portion of the overall data storage capacity of the NVM using an allocation model. The size of at least one of the separate portions is subsequently adjusted based on an access history of the NVM. The storage device may be a key-value storage device so that a separate set of key values is provided to each authorized user to identify data blocks stored to and retrieved from the NVM.

Abstract: Method and apparatus for managing data in a data storage device configured as a storage compute appliance. In some embodiments, the data storage device has a non-volatile memory (NVM) and a controller circuit. The NVM stores a plurality of data sets encrypted by at least one encryption key. The controller circuit performs a storage compute appliance process by locally decrypting the plurality of data sets in a local memory of the data storage device, generating summary results data from the decrypted data sets, and transferring the summary results data across the host interface to an authorized user without a corresponding transfer of any portion of the decrypted data sets across the host interface.

Abstract: Systems and methods for enhanced read recovery based on write time information are described. In one embodiment, the systems and methods include opening a block of flash memory cells for programming, tracking a block open time, and performing a read operation of a programmed page from the block based at least in part on the block open time. In some embodiments, the block includes a plurality of pages, each page including a plurality of flash memory cells. In some cases, the block open time includes an amount of time between the block opening for programming to a time the block closes for programming.

Abstract: Systems and methods for encryption key shredding to protect non-persistent data are described. In one embodiment, the storage system device may include a storage drive and a controller. In some embodiments, the controller may be configured to power on the storage drive, identify an encryption key on the storage drive created upon powering on the storage drive, and encrypt data in a cache of the storage drive using the encryption key. In some embodiments, the controller may be configured to power off the storage drive and delete the encryption key upon powering off the storage drive. In some cases, the storage drive may include at least one of a solid state drive and a hard disk drive. In some embodiments, the storage drive may include a hybrid storage drive that includes both a solid state drive and a hard disk drive.

Abstract: Systems and methods for hash authenticated data are described. In one embodiment, the storage device includes a storage drive and/or a controller. In some embodiments, the controller is configured to identify data to be authenticated, compute a first hash of the data using a hash function, detect a trigger event associated with the storage drive, and authenticate, after the trigger event, the data based at least in part on the first hash of the data.

Abstract: Systems and methods for encryption key shredding to protect non-persistent data are described. In one embodiment, the storage system device may include a storage drive and a controller. In some embodiments, the controller may be configured to power on the storage drive, identify an encryption key on the storage drive created upon powering on the storage drive, and encrypt data in a cache of the storage drive using the encryption key. In some embodiments, the controller may be configured to power off the storage drive and delete the encryption key upon powering off the storage drive. In some cases, the storage drive may include at least one of a solid state drive and a hard disk drive. In some embodiments, the storage drive may include a hybrid storage drive that includes both a solid state drive and a hard disk drive.

Abstract: Systems and methods for enhanced read recovery based on write time information are described. In one embodiment, the systems and methods include opening a block of flash memory cells for programming, tracking a block open time, and performing a read operation of a programmed page from the block based at least in part on the block open time. In some embodiments, the block includes a plurality of pages, each page including a plurality of flash memory cells. In some cases, the block open time includes an amount of time between the block opening for programming to a time the block closes for programming.

Abstract: Systems and methods for enhanced read recovery based on write time information are described. In one embodiment, the systems and methods include opening a block of flash memory cells for programming, tracking a block open time, and performing a read operation of a programmed page from the block based at least in part on the block open time. In some embodiments, the block includes a plurality of pages, each page including a plurality of flash memory cells. In some cases, the block open time includes an amount of time between the block opening for programming to a time the block closes for programming.

Abstract: Systems and methods for encryption key shredding to protect non-persistent data are described. In one embodiment, the storage system device may include a storage drive and a controller. In some embodiments, the controller may be configured to power on the storage drive, identify an encryption key on the storage drive created upon powering on the storage drive, and encrypt data in a cache of the storage drive using the encryption key. In some embodiments, the controller may be configured to power off the storage drive and delete the encryption key upon powering off the storage drive. In some cases, the storage drive may include at least one of a solid state drive and a hard disk drive. In some embodiments, the storage drive may include a hybrid storage drive that includes both a solid state drive and a hard disk drive.

Abstract: Systems and methods for encrypting system level data structures are described. In one embodiment, a storage system may include a storage drive and at least one controller for the storage drive. In some embodiments, the at least one controller may be configured to identify user data assigned to be stored on the storage drive, encrypt the user data, identify a system data structure generated in relation to the user data, and encrypt the system data structure. In some cases, the data structure may include at least one of metadata, system data, and data encapsulation relative to the user data. In some embodiments, the user data and the data structure may be encrypted with one or more encryption keys programmed on the storage drive.

Abstract: Systems and methods for hash authenticated data are described. In one embodiment, the storage device includes a storage drive and/or a controller. In some embodiments, the controller is configured to identify data to be authenticated, compute a first hash of the data using a hash function, detect a trigger event associated with the storage drive, and authenticate, after the trigger event, the data based at least in part on the first hash of the data.

Abstract: Systems and methods for enhanced read recovery based on write time information are described. In one embodiment, the systems and methods include opening a block of flash memory cells for programming, tracking a block open time, and performing a read operation of a programmed page from the block based at least in part on the block open time. In some embodiments, the block includes a plurality of pages, each page including a plurality of flash memory cells. In some cases, the block open time includes an amount of time between the block opening for programming to a time the block closes for programming.