Abstract: A method and solid-state storage device are disclosed for validating erasure status of data blocks on a solid-state drive. The method includes assigning each data block of a plurality of data blocks on the solid-state drive, a block identifier and an erasure status, the block identifier being system data, user data, or unmapped data, and the erasure status being erased or not erased.

Abstract: A method for backing up data includes: receiving, by a driver in a host controller of a data storage device, an indication of a threatening event identifying one or more data files in the data storage device; delaying, by the driver, the threatening event; and backing up, by the driver, the one or more data files in the data storage device, prior to allowing the threatening event.

Abstract: A method for backing up data includes: receiving, by a driver in a host controller of a data storage device, an indication of a threatening event identifying one or more data files in the data storage device; delaying, by the driver, the threatening event; and backing up, by the driver, the one or more data files in the data storage device, prior to allowing the threatening event.

Abstract: A method and solid-state storage device are disclosed for validating erasure status of data blocks on a solid-state drive. The method includes assigning each data block of a plurality of data blocks on the solid-state drive, a block identifier and an erasure status, the block identifier being system data, user data, or unmapped data, and the erasure status being erased or not erased.

Abstract: A method for controlling access to data storage based on application rights dictating usage ability of a user includes: receiving, by a first application of a computing device, a data access request from a second application of the computing device, the data access request including a user identifier, namespace identifier, application identifier associated with the second application, and data command; verifying data access authorization for a user of the second application and for the second application program based on a first permission stored in an application-application rights table associated with the user identifier, application identifier, the data command; verifying data access authorization for the first application based on a second permission stored in an application-storage rights table associated with the namespace identifier and data command; executing the data command to read from or write data to a data storage interfaced with the computing device associated with the namespace identifier.

Abstract: A method for backing up data includes: receiving, by a driver in a host controller of a data storage device, an indication of a threatening event identifying one or more data files in the data storage device; delaying, by the driver, the threatening event; and backing up, by the driver, the one or more data files in the data storage device, prior to allowing the threatening event.

Abstract: A method of verifying erasure of data from a data storage device, the method including retrieving a first metadata portion associated with a first block of data included in the plurality of blocks of data; determining, based on the retrieved first metadata portion, a current content classification associated with the first block of data and a current erasure state associated with the first block of data; and determining an erasure status associated with the first block of data based on the current content classification associated with the first block of data and the current erasure state associated with the first block of data.

Abstract: A method for backing up data includes: receiving, by a driver in a host controller of a data storage device, an indication of a threatening event identifying one or more data files in the data storage device; delaying, by the driver, the threatening event; and backing up, by the driver, the one or more data files in the data storage device, prior to allowing the threatening event.

Abstract: A method of verifying erasure of data from a data storage device, the method including retrieving a first metadata portion associated with a first block of data included in the plurality of blocks of data; determining, based on the retrieved first metadata portion, a current content classification associated with the first block of data and a current erasure state associated with the first block of data; and determining an erasure status associated with the first block of data based on the current content classification associated with the first block of data and the current erasure state associated with the first block of data.

Abstract: A method for controlling access to data storage based on application rights dictating usage ability of a user includes: receiving, by a first application of a computing device, a data access request from a second application of the computing device, the data access request including a user identifier, namespace identifier, application identifier associated with the second application, and data command; verifying data access authorization for a user of the second application and for the second application program based on a first permission stored in an application-application rights table associated with the user identifier, application identifier, the data command; verifying data access authorization for the first application based on a second permission stored in an application-storage rights table associated with the namespace identifier and data command; executing the data command to read from or write data to a data storage interfaced with the computing device associated with the namespace identifier.

Abstract: A method for backing up data includes: receiving, by a driver in a host controller of a data storage device, an indication of a threatening event identifying one or more data files in the data storage device; delaying, by the driver, the threatening event; and backing up, by the driver, the one or more data files in the data storage device, prior to allowing the threatening event.

Abstract: A method for backing up data includes: receiving, by a driver in a host controller of a data storage device, an indication of a threatening event identifying one or more data files in the data storage device; delaying, by the driver, the threatening event; and backing up, by the driver, the one or more data files in the data storage device, prior to allowing the threatening event.

Abstract: A device controller interfaced between an electronic processing device and a sector-based data storage device, includes a processor connected to a clock, and a computer memory having a control list stored therein. A control list includes a security feature entry having a target sector range, time data associated with the target sector range, and at least one security response associated with the target sector range. The processor determines, based at least in part on interrogation of the control list and a clock time, the time data of the entry conflicts with the clock time, and executes the at least one security response.

Abstract: A device controller interfaced between an electronic processing device and a sector-based data storage device, includes a processor connected to a clock, and a computer memory having a control list stored therein. A control list includes a security feature entry having a high level data characteristic, time data associated with the characteristic, and at least one security response associated with the characteristic. The processor determines, based at least in part on interrogation of the control list and a clock time, the time data of the entry conflicts with the clock time, and executes the at least one security response.

Abstract: A device controller interfaced between an electronic processing device and a sector-based data storage device, includes a processor connected to a clock, and a computer memory having a control list stored therein. A control list includes a security feature entry having a target sector range, time data associated with the target sector range, and at least one security response associated with the target sector range. The processor determines, based at least in part on interrogation of the control list and a clock time, the time data of the entry conflicts with the clock time, and executes the at least one security response.

Abstract: A device controller interfaced between an electronic processing device and a sector-based data storage device, includes a processor connected to a clock, and a computer memory having a control list stored therein. A control list including a security feature entry including a target sector range, time data associated with the target sector range, and at least one security response associated with the target sector range. The processor determines, based at least in part on interrogation of the control list and a clock time, the time data of the entry conflicts with the clock time, and executes the at least one security response. Time data can represent an expiration date or a time window, with a conflict arising if the clock time is beyond the expiration date or within the time window, respectively.

Abstract: A device controller interfaced between an electronic processing device and a sector-based data storage device, includes a processor connected to a clock, and a computer memory having a control list stored therein. A control list including a security feature entry including a target sector range, time data associated with the target sector range, and at least one security response associated with the target sector range. The processor determines, based at least in part on interrogation of the control list and a clock time, the time data of the entry conflicts with the clock time, and executes the at least one security response. Time data can represent an expiration date or a time window, with a conflict arising if the clock time is beyond the expiration date or within the time window, respectively.

Abstract: A device controller and method to forensically secure a storage device. A device controller, interfaced between a processing device and a storage device, includes a processor and computer memory having stored therein a maintenance list including a maintenance routine. In response to a forensic mode request from the processing device, the processor transitions the device controller to a forensic mode that disables execution of the maintenance routine and any write requests involving the storage device. In response to a subsequent forensic mode request, the processor returns the device controller to a free mode. Transitioning and/or returning can be conditioned on authentication of any one or more forensic mode requests.