Abstract: A data storage system can consist of a network controller connected to a data storage device and a remote host. An attack mitigation strategy may be generated with an attack module connected to the network controller in response to detected data storage conditions in the data storage device. The attack mitigation strategy can be executed with the attack module by sending separate first and second security queries to the data storage device over time. At least a powered move attack can then be identified based on the second security query.

Abstract: A data storage system can consist of a network controller connected to a data storage device and a remote host. An attack mitigation strategy may be generated with an attack module connected to the network controller in response to detected data storage conditions in the data storage device. The attack mitigation strategy can be executed with the attack module by sending separate first and second security queries to the data storage device over time. At least a powered move attack can then be identified based on the second security query.

Abstract: A system includes an environment-aware storage drive comprising one or more storage medium with a location-based service wherein the environment-aware storage drive generates a signal containing information about a location of the storage drive relative to a geo-fenced area and updates a ledger unit of an event happening to the storage drive based on the signal, wherein the event is related to the current environment of the storage drive. The ledger unit keeps track of a number of events and/or data received from the environment-aware storage drive. A policy unit determines an expandable set of security policies for the storage drive triggered by the event and/or data, wherein the security policies specify access restrictions to the environment-aware storage drive based on its current environment. The policy unit transmits and enforces the set of security policies on the environment-aware storage drive to prevent data from being theft from the storage drive.

Abstract: Provided herein is a method that includes receiving a signal to erase content stored on a storage device. The method further includes erasing the content stored on the storage device in response to the signal to erase. The method also includes issuing a certificate of erasure, wherein the certificate is unique to the storage device.

Abstract: A method comprises generating a first block of a block chain and generating a second block of the block chain. The first block is associated with a first component of a storage device. The first block is generated when the first component is manufactured. The second block is associated with a second component of the storage device. The second block is generated when the second component is manufactured.

Abstract: A system includes an environment-aware storage drive comprising one or more storage medium with a location-based service wherein the environment-aware storage drive generates a signal containing information about a location of the storage drive relative to a geo-fenced area and updates a ledger unit of an event happening to the storage drive based on the signal, wherein the event is related to the current environment of the storage drive. The ledger unit keeps track of a number of events and/or data received from the environment-aware storage drive. A policy unit determines an expandable set of security policies for the storage drive triggered by the event and/or data, wherein the security policies specify access restrictions to the environment-aware storage drive based on its current environment. The policy unit transmits and enforces the set of security policies on the environment-aware storage drive to prevent data from being theft from the storage drive.

Abstract: A local key management system can be implemented with a unified extensible firmware interface (“UEFI”) basic input/output system (“BIOS”). The local key management system may be part of a removable data storage device that has a first secure area protected by a cryptographic module (e.g. hardware integrated circuit). The removable data storage device may also have a second secure area that stores a key to unlock a security enabled data storage device. The UEFI BIOS may be implemented to manage unlocking of security enabled data storage devices or data bands. The UEFI BIOS may also load a UEFI registration shell to manage registration of one or more security enabled drives or bands.

Abstract: A method comprises generating a first block of a block chain and generating a second block of the block chain. The first block is associated with a first component of a storage device. The first block is generated when the first component is manufactured. The second block is associated with a second component of the storage device. The second block is generated when the second component is manufactured.

Abstract: Provided herein is a method that includes receiving a signal to erase content stored on a storage device. The method further includes erasing the content stored on the storage device in response to the signal to erase. The method also includes issuing a certificate of erasure, wherein the certificate is unique to the storage device.

Abstract: Security of computers, data storage devices, and servers can be improved with a multiple key access system. In some embodiments, a local key management device can be a locally (or virtually) located data storage device such as a HDD or SDD. The key management device may be part of a computer or server system and can have a first secure area protected by a cryptographic module (e.g. hardware integrated circuit). The first secure area can store a key to access a second secure area, which may function as a local key management server (LKMS) and store access information to authenticate another data storage device coupled to the computer. For example, the LKMS may store an access key to provide the computer with access to another data storage device.

Abstract: Systems and methods for location-based security of storage drives are described. In one embodiment, the systems may include a storage drive and a hardware controller. In some embodiments, the hardware controller may be configured to determine a location of the storage drive; identify a current mode of the storage drive, the storage drive including at least a secure mode and a non-secure mode; block activation of the secure mode upon determining that the storage drive is located in one of one or more non-permitted areas or not located in one of one or more permitted areas; and put the storage drive in the non-secure mode upon determining the storage drive is located in one of the one or more non-permitted areas while in the secure mode.

Abstract: Security of data storage devices and servers can be improved by the system and methods described herein. In some embodiments, a key management device of a server can be a locally (or virtually) located data storage device such as a HDD or SDD. The key management device may be part of a server system and can have a secure area protected by a cryptographic module (e.g. hardware integrated circuit). The secure area can store a certificate needed to authenticate another data storage device coupled to the server. A second server may authenticate the certificate and provide the access key to the another data storage device.

Abstract: Data storage devices (“DSDs”) can be cryptographically locked, and may be unlocked with encryption keys. One or more encryption keys may be stored remotely in a key server, and may be retrieved by a removable circuit that can be coupled to a server, such as a data server, email server, file system server, other server, or other system. The removable circuit can determine which of the DSDs are locked, and may transmit a request to the key server for encryption keys corresponding to the locked DSDs. The removable circuit can unlock the locked DSDs with the encryption keys provided by the key server.