Abstract: There is provided a computer implemented method encrypting and/or decrypting data, comprising: accessing data for encryption and/or decryption, wherein the data is of a user account of a plurality of user accounts, obtaining an account key in an encrypted state, the account key is obtained from an account key dataset storing at least one encrypted account key for each of the user accounts, providing over the network, the encrypted account key to a key management system(s) (KMS) hosted by a server, receiving over the network, a decrypted account key from the server hosting the KMS(s), wherein the KMS(s) decrypts the encrypted account key using an organization key stored and managed by the KMS(s), storing the decrypted account key in a data storage device set to provide temporary storage for decrypted account keys, and encrypting and/or decrypting the data associated with the user account using the decrypted account key.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for referenced access control lists. In one aspect, a method includes accessing an object hierarchy for a plurality of objects, each object being representative of one of a storage location or a file. The object hierarchy includes for each object, a respective node, for each object that is a parent object having a child object, a directed edge connecting the node representing the parent object. In addition, for each object, including metadata that includes an access control list identifier that identifies an access control list for the object and that is owned by an access control list root object. The method including receiving updates to an access control list for particular objects, generating a new access control list, and storing the new access control list identifier in metadata for each object that descends from the particular object.

Abstract: A system and methods for facilitating secure computing device control and operation. The invention discloses a framework to supply security and policy-based control to computing applications as a software service. Clients running the framework make requests for services whereby they identify the service needed and its required parameters, encrypt and sign them, and send them to the service handler. The service handler decrypts, checks for policy allowance, and then, if allowed, executes the functions. The handler then encrypts and returns the response to the client. The framework allows for an aggregator that collects service requests for any number of clients and manages the distribution to service handlers and communications back to the clients.

Abstract: Various examples are directed to systems and methods for executing a web application with client-side encryption. A web browser can receive a document comprising a plurality of data elements including a secure element that comprises an encrypted value. An extension component may generate a secure container element to replace the secure element. The extension component can also insert a subdocument into the secure container element. The web browser may be configured to prevent web applications from accessing the subdocument. The extension component may also decrypt the encrypted value to generate a clear value and write the clear value to the subdocument. The web browser may render the document using the clear value.

Abstract: A method and system for performing authentication for a backup service provided by a server is provided. The method receives a request for authentication from a client device, the request for authentication including a signature generated using a private key. The method sends a request to obtain a public key corresponding to the private key to the server and receives the public key from the server, the public key being retrieved by the server from a backup of a virtual machine. The method verifies the signature using the public key and generates a token encrypted using the public key, the token enabling the client device to access the server for the backup service. The method sends the token to the client device, the token to be decrypted using the private key by the client device.

Abstract: The description relates to systems and methods for extending applications. For example, a voice assistant application can be the application to be extended. In an example, a mobile banking application can be the application that provides the extension. For example, a voice assistant might not have capability to conduct fingerprint (or biometric) authentication and bill payment function. An extension point within the voice assistant application that would enable this kind of capability might not exist. The mobile banking application can have a biometric tool for fingerprint authentication capability and a payment tool for a bill payment or money transfer function. Embodiments described herein can involve a deep link from the voice assistant application to the mobile banking application (which does offer fingerprint authentication and bill payment capability). The navigation to the mobile banking application can generate a visual impression at the UI similar or consistent with the voice assistant application.

Abstract: The systems, devices, and methods discussed herein are directed to a portable communication device, or a user equipment (UE), for obtaining cellular network services with an unassociated cellular network with assistance from a wireless local area network (WLAN). The UE registers with the WLAN, discovers the unassociated cellular network, sends request to a WLAN service provider of the WLAN to obtain cellular network services with the unassociated cellular network, and obtains cellular network services with the unassociated cellular network.

Abstract: Embodiments are directed to providing remote healthcare services including remote diagnostics, and facilitating third-party healthcare payments. In one embodiment, a computer system receives an input including authentication credentials from a healthcare entity, and also requests assistance from another healthcare entity. The computer system authenticates the first healthcare entity using the authentication credentials, receives an input including authentication credentials from the other healthcare entity, and authenticates the other healthcare entity using these authentication credentials. The computer system further receives real-time information related to a health condition of a patient, where the real-time health condition information is provided to the second healthcare entity.

Abstract: A cloud-based platform encrypts data imported from an organization using respective data encryption keys (DEK). The platform prevents decrypted data of the organization, and the DEK(s) used to encrypt such data, from being persistently retained within the platform. Access to the DEK may be controlled by the organization. Accordingly, the organization may retain control over access to its data, after the data has been exported to the platform. The platform may provide a purge control by which the organization can configure the platform the purge any cached DEK and/or unencrypted data pertaining to the organization.

Abstract: A method for combining different partial data includes providing a secure connection between a connection unit in a first network and an analysis unit a second network, separating original data into at least two items of partial data comprised of analysis data and personal data as first and second partial data that can be assigned to each other by way of assigning information, pseudonymizing the second partial data, transmitting the first partial data and pseudonymized second partial data and the assigning information to the analysis unit, storing the second partial data on the connection unit, providing third partial data on the analysis unit in the form of analyzed first partial data, transmitting the third partial data and the pseudonymized second partial data with the assigning information to the connection unit via the secure connection, and combining the third partial data and the second partial data using the assigning information.

Abstract: Authentication is a key procedure in information systems. Conventional biometric authentication system is based on a trusted third-party server which is not secure. The present disclosure provides a privacy preserving multifactor biometric authentication for authenticating a client without the third-party authentication server. The server receives a plurality of encrypted biometric features from the client, encrypted using Fully Homomorphic Encryption. Further, the server evaluates the plurality of encrypted biometric features to obtain a client identifier value and a plurality of encrypted resultant values. The server encrypts each of the plurality of resultant values based on a time based nonce and the client identifier value. The encrypted authentication tags and the corresponding resultant values are aggregated by the server and transmitted to the client. The client decrypts the resultant value and the authentication tag and transmits to the server.

Abstract: An object blocking method, a terminal, a server, and a storage medium are provided. The method includes: sending, when whether to block a target object cannot be determined according to a first blocking strategy library, feature information of the target object to a server. The feature information instructs the server to generate a target blocking strategy according to the feature information and feed back the target blocking strategy. The method also includes: receiving the target blocking strategy fed back by the server; adding the target blocking strategy to the first blocking strategy library; and performing subsequent object blocking according to the first blocking strategy library added with the target blocking strategy, including: determining whether to block the target object according to the target blocking strategy in the first blocking strategy library.

Abstract: A method and a computing apparatus for tracking device utilization are provided. The method includes: obtaining first data that relates to a physical location of a device; obtaining second data that relates to network switch information of the device; obtaining third data that relates to a network activity performed by using the device; using each of the first data, second data, and third data to determine a utilization of the device; and outputting a result of the determination. The first data may include a building identification, a floor number, and/or a seat identification. The second data may include a switch host name, card information, and/or port information. The third data may include a management system into which the device is logged in.

Abstract: Systems and methods utilized to protect data. One method includes maintaining, by one or more processing circuits in a production environment, encrypted data associated with a cryptographic function. The method further includes decrypting, by the one or more processing circuits in the production environment, the encrypted data to generate cleartext data. The method further includes encrypting, by the one or more processing circuits, the cleartext data using a homomorphic encryption function to generate ciphertext data. The method further includes masking, by the one or more processing circuits, the ciphertext data using a masking function to generate alternate ciphertext data. The method further includes decrypting, by the one or more processing circuits, the alternate ciphertext data to generate masked cleartext data and storing, by the one or more processing circuits in a lower environment, the masked cleartext data.

Abstract: A computing device can perform operations to unlock encrypted volumes of the computing device while the computing device is in a recovery environment. In some examples, the computing device can work in conjunction with a test computing device to unlock the encrypted volumes using an unlock token and a PIN. In other examples, the computing device can perform operations without a test computing device. For example, the computing device can, while in the recovery environment, use credentials associated with a user of the computing device to obtain a recovery password to unlock keys for interpreting the encrypted volumes. In some examples, the computing device can use a shortened recovery password in conjunction with anti-hammering capabilities of a Trusted Platform Module in order to unlock keys for interpreting the encrypted volumes. These and other operations can facilitate secure unlock of volumes of encrypted data on a consumer device.

Abstract: A method for validating a message recipient includes: storing, in a memory of a processing server, a device profile, wherein the device profile is related to a mobile computing device and includes at least a device identifier, and token validation data; receiving, by a receiver of the processing server, a data signal from an external system that is encoded with a message packet, wherein the message packet includes at least the device identifier, a device token, and a content message; validating, by a processing device of the processing server, the device token using at least the token validation data; and electronically transmitting, by a transmitter of the processing server, the content message to the mobile computing device.

Abstract: A method of blockchain-based data management of distributed binary objects includes identifying a binary object to be stored in a first data store. The method further includes encrypting, by a processing device, the binary object using a cryptographic function of a blockchain to generate an encrypted binary object. The method further includes storing the encrypted binary object in the first data store. The method further includes storing a reference to the encrypted binary object on the blockchain.

Abstract: Generating a rights blockchain storing rights of a user, including: receiving an enrollment request and a public key from the user; verifying that the user has a private key corresponding to the public key; generating a user identifier using the public key; and generating and delivering the rights blockchain having a genesis block including the user identifier to the user.

Abstract: A method of storing data allowing a seed value for generating an encryption key to be retrieved is provided. The method comprises obtaining, for each of a plurality of biological data sources, a respective set of biometric data from an authorised user. A respective biometric identifier is generated from each set of biometric data. The biometric identifiers are stored in a database. A plurality of seed portions are generated that are combinable using a function to generate the seed value. Each seed portion is stored in the database in association with a biometric identifier.

Abstract: The present invention discloses an intelligent cloud server for cloud storage information management and encryption. In some embodiments, the intelligent cloud server can save and store documents without the need of first saving them in a local drive for upload. Upon storage, the document can be scanned and classified in a security level according to pre-determined settings and parameters. In some embodiments, depending on the classification, the system can encrypt portions of the document in order to facilitate the sharing and access of information in a secure way. Encryption keys and access to the encrypted portions are only provided upon authentication of the user, network, and/or need, according to corresponding protocols for the information.

Abstract: This disclosure is directed to computing services that provide secure network connections using public-private key-based security for Internet of Things (IoT) devices, such as voice devices, that may have more than a predefined set of users. Device certificates that authorize IoT devices to access a secure network, such as an enterprise network and/or services eternal to an enterprise network are provided. A setup system may cooperate with an IoT device and a subordinate CA to generate a device certificate that allows the IoT device to access a secure enterprise network and services outside of the secure enterprise network. The IoT device may generate a certificate signing request (CSR) which may be signed by a remote subordinate CA to generate the device certificate using a root certificate of an enterprise CA. Systems are also disclosed that renew certificates for the IoT devices prior to their expiration.

Abstract: A method includes sending an encrypted first hash value set to a data provider; receiving an encrypted second hash value set and a double-encrypted first hash value set from the data provider; re-encrypting the received encrypted second hash value set to obtain a double-encrypted second hash value set; calculating an intersection of the double-encrypted first hash value set and the double-encrypted second hash value set to determine one or more shared users shared with the data provider; and recommending or providing a service to the one or more shared users.

Abstract: Technologies are described for retaining configuration information for software applications during upgrades. For example, when an addon software package is deployed to a web application server running a main software platform, the configuration information for the addon software package can be preserved separately (e.g., independent of the common configuration file) and used later to restore the addon configuration information if needed. In some implementations, an addon presence file is used to store an entry for the addon software package. The entry identifies another file containing the configuration information for the addon software package. If the main software platform is upgraded resulting in the common configuration file being overwritten or replaced, then the addon configuration information can be added back to the common configuration file using the preserved configuration information.

Abstract: Techniques are described for sampling across trusted and untrusted distributed components. In accordance with embodiments, a first computing device receives a request from a second computing device, the first request including an operation identifier (ID) and a sampling ID that was generated by transforming a telemetry scope ID from a first value in a first domain to a second value in a second domain. The transformation may serve to anonymize and compress the telemetry scope ID. The first computing device determines whether or not to sample by comparing a ratio between the sampling ID and a size of the second domain with a sampling rate associated with the first computing device. The first computing device records telemetry about its processing of the first request in response to determining to sample and does not record any telemetry about its processing of the first request in response to determining not to sample.

Abstract: Examples include blocking an interface of a sponsor networking device from receiving data packets and receiving at the sponsor networking device an authentication packet from a first networking device. The first networking device is physically connected to the interface. Examples also include automatically setting by the first networking device, a unique local address for the first networking device; receiving, at the sponsor networking device, a local data packet from the first networking device, and translating, by the sponsor networking device, the local data packet to an off-fabric data packet.

Abstract: Embodiments are directed towards collecting, aggregating and indexing unique and non-unique user data from a plurality of users. The result for a query of this indexed aggregation of user data is provided in a plurality of sub-sets of aggregated user data. Each subset of aggregated user data corresponds to a particular portion of the plurality of users. Also, each of these particular portions of the users is set at least large enough to provide general anonymity for the individual users. User data may be collected by one or more user data suppliers and provided to a user data aggregator. In some embodiments, user data may be collected as unique user data, non-unique user data, or any combination thereof. In some embodiments, user data may be aggregated by zip code, expanded zip code, and/or one or more attributes.

Abstract: A smart tag and methods of interacting with and authenticating interactions with the same are provided. The smart tag is enabled to generate a Tag Authentication Cryptogram (TAC) and include the TAC in response to a read request. Accordingly, each response generated by the smart tag will include a different TAC. It follows that interactions between the smart tag and a reading device can be authenticated as unique interactions if the TAC is validated as a unique and correct TAC.

Abstract: The present invention discloses methods and systems for redundantly securing data using an array of independent networks. Methods include the steps of: upon receiving a storage request and secret data for securely storing the secret data, independently requesting random data from each of at least one independent partner network out of an array of at least two independent partner networks; independently receiving the random data from each of at least one independent partner network, wherein respective random data is also stored on a respective independent partner network; cumulatively calculating complementary data as an encrypted form of the secret data with a complement function using the random data; and sending the complementary data to an independent storage partner network for storage, wherein the independent storage partner network is part of the array, and wherein the independent storage partner network is independent from at least one independent partner network.

Abstract: A method and system for bringing together online and offline advertising uses partner-encoded anonymous links that are associated with consumer data. The partner-encoded anonymous links allow processing without personally identifiable information (PII) in a secure environment. Data is matched using identifiers that are encrypted for use in connection with individual match distribution partners. The method and system allows a marketer to utilize offline data to precisely target advertisements without the use of PII, and to perform analytics concerning the use of the online advertisements to more precisely determine the effectiveness of multichannel marketing efforts.

Abstract: An example operation may include one or more of initiating, by a file verification device, verification of a source file or a redacted source file, executing one of a smart contract or chaincode to verify the chameleon hash signature and the auxiliary data hash signature, and providing a notification whether the verification was successful or unsuccessful. In response to initiating verification of the source file, the method further includes the file verification device receiving stored source file segments and stored auxiliary data segments, generating a chameleon hash signature, and generating an auxiliary data hash signature. In response to initiating verification of the redacted source file, the method further includes receiving stored redacted file segments, stored auxiliary data segments, and stored modified auxiliary data, generating a chameleon hash signature, and generating an auxiliary data hash signature.

Abstract: Network and/or application resources can be dynamically instantiated based on service attributes and/or network capabilities. In one aspect, a customized and/or localized core slice can be selected that can deliver the requested service with target performance parameters. According to an aspect, dynamic selection, control, and/or management reporting can be provided for core network slices. Moreover, optimal core network slice selection can be performed to reduce network transport costs and efficiently deliver various services using an optimal core slice that matches a service profile being requested by an end user and/or device.

Abstract: A method, a non-transitory computer readable medium, and a system are disclosed for a single sign-on for services. The method includes: receiving, on a computer processor, user identification captured by a biometric device of a user; forwarding, by the computer processor, the user identification to an authentication server; receiving, on the computer processor, a user JSON Web Token (user-JWT), user principle name, active directory domain name, and user domain name password, upon authentication of the user by the authentication server; performing, by the computer processor, an active directory join operation with an active directory using the user principle name, the active directory domain name, and the user domain name password; launching, on the computer processor, a browser that communicates with the authentication server; and receiving, on the computer processor, an HTML page constructed with JavaScript code with clickable icons for provisioned services from the authentication server.

Abstract: An example operation may include one or more of determining, by a file redaction device, redacted segments of a source file, receiving, by a signature update device, the redacted source file segments, a stored trapdoor key, and stored auxiliary data segments, determining modified auxiliary data from the redacted source file segments, the trapdoor key and the auxiliary data segments, executing chaincode to obtain a modified auxiliary data signature and identifiers of the redacted source file segments, and storing the modified auxiliary data signature and identifiers of the redacted source file segments to a shared ledger of a blockchain network. Each stored auxiliary data segment including a random string of data corresponding to a segment of the source file.

Abstract: A client device accesses an online system using an authentication process when it is connected to a public network and not a private network. The client device requests access using an authentication broker via the public network. The authentication broker determines an authentication system and transmits identification information for the client device to the authentication system via the private network. The authentication broker receives an authentication vector generated by the authentication system via the private network, and receives a verification response from the client device via the public network. The verification response corresponds to a verification challenge generated based on the authentication vector by the authentication broker.

Abstract: Implementations of this specification provide a method and an apparatus for creating a blockchain account and verifying blockchain transactions. An example method performed by a blockchain platform includes receiving a transaction, the transaction including at least an initiator field that specifies an account to be created, a receiver field that specifies a pre-determined field value, and a data field that specifies a user-defined key control rule. The user-defined key control rule includes at least one 3-tuple, and each 3-tuple includes a key identifier, an action identifier, and a permission setting. The blockchain platform seals the transaction into a block, and sends the sealed transaction to at least one other full node in the blockchain network.

Abstract: Methods, computer program products, and systems are presented. The method computer program products, and systems can include, for instance: recording position data for a mobile device over time, the position data being associated to an identifier of the mobile device; outputting to a user an identification code associated to the identifier; receiving input data from a user, the input data including the identification code and user identifying information from a user; responsively to the receiving the input data from a user associating the identification code and the user identifying information; based on the associating processing the position data and user profile data associated to the user identifying information; sending a message to the user based on a result of the processing.

Abstract: A method for validating data structures includes generating and storing, at each of multiple intervals, a signature for each of multiple data structures, including a parent data structure and a child data structure. The method also includes, in response to a request to validate the child data structure, retrieving active state signatures of the parent and child data structures, and comparing the active state signatures. The method further includes, when the active state signatures are inconsistent, comparing the active state signature of the child data structure to a first prior state signature of the parent data structure; and when the active state signature of the child data structure is consistent with the first prior state signature of the parent data structure, notifying a user that the child data structure is a match for the parent data structure but out of sync therewith.

Abstract: Techniques for obtaining electronic signatures via word processing applications are described. One approach utilizes a code module, also referred to as a “markup module,” that executes within a word processing application and that facilitates the preparation of a document for electronic signature. A user can operate the word processing application together with the markup module in order to add signature tag markers to the document and to provide recipient information about intended signers, such as names and email addresses. Once the document has been prepared, the code module transmits the document (including the added signature tag markers) and the recipient information to a digital transaction service. The digital transaction service then manages the signing of the document, such as by notifying the recipient, receiving the recipient's signature and securely storing the signature in association with the document.

Abstract: The invention relates to a method and an apparatus for encrypted communication between a client and a server, wherein the communication comprises request messages, each with request elements, and response messages, each with response elements. Request elements and response elements can comprise data. It is an object of the invention to hamper or prevent unauthorized access to the data during communication and also during storage and processing on the server. In this case, it is assumed that the communication channel and also the server itself are not trustworthy and neither client nor server provide measures or are adaptable in order to counter said risks of unauthorized access, for example by means of cryptographic methods.

Abstract: Systems and methods for dynamic application level encryption are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for dynamic application level encryption include: (1) receiving a plurality of data classification rules; (2) classifying data using the data classification rules; (3) identifying at least one protection option of a plurality of protection options for protecting the data in at least a rest state, an in-transit state, and an in-memory state; and (4) applying the at least one protection option to the data at rest.

Abstract: A system and method for responding to changes in social traffic in a geographic area receives, via an electronic communications interface, information describing a geographic area and one or more attributes of people expected to be in the geographic area. A geofence is defined based on the information describing the geographic area, and a cohort of people expected to be in the geofence is defined based on the one or more attributes. Information from a sensor regarding an attribute of a person at a geographic location is received via an electronic communications network. Based on the attribute, a determination is made whether or not the person is a member of the cohort of people expected to be in the geofence. An alert may be triggered based at least in part on whether or not the person is a member of the cohort of people expected to be in the geofence.

Abstract: Methods and apparatus for ensuring protection of transferred content. In one embodiment, content is transferred while enabling a network operator (e.g., MSO) to control and change rights and restrictions at any time, and irrespective of subsequent transfers. This is accomplished in one implementation by providing a premises device configured to receive content in a first encryption format and encodes using a first codec, with an ability to transcrypt and/or transcode the content into an encryption format and encoding format compatible with a device which requests the content therefrom (e.g., from PowerKey/MPEG-2 content to DRM/MPEG-4 content). The premises device uses the same content key to encrypt the content as is used by the requesting device to decrypt the content.

Abstract: A method for verifying trusted communication between an agent device and an application providing apparatus using a registry apparatus. The registry apparatus maintains a device registry comprising authentication information for uniquely authenticating at least one agent device. The method includes the steps of obtaining from the device registry the authentication information for the agent device identified by a device identifier specified in an the authentication request from the agent device, performing verification of the agent device using the authentication information obtained from the device registry, and if the verification is not successful, transmitting to at least one of the agent device and the application providing apparatus revocation information for denying the trusted communication between the agent device and the application providing apparatus.

Abstract: A system and method for encryption and decryption of data is disclosed. The decryption system provides access to remotely stored data items, each of the data items being independently accessible. At least a subset of the remotely stored data items are encrypted and each encrypted data item has an associated access condition. Upon a client requesting access to a remotely stored data item, the decryption system is arranged provide non-encrypted data items and for encrypted data items provide a decrypted data item if the associated access condition is met.

Abstract: Techniques for sorting encrypted data within a software as a service (SaaS) environment. Data is encrypted on a per symbol basis with a symbol based encryption module. Sort and search functionality preserving encryption that allows other modules to sort tokens and to search for tokens is provided. Encrypted tokens that have been encrypted by the symbol based encryption module are stored in a database. Access to the encrypted tokens is provided through the SaaS environment.

Abstract: Various examples are directed to systems and methods for executing a web application with client-side encryption. A web application may execute in a web browser at a client computing device. The web browser may generate a document comprising a secure display element. The web browser may request to render the document at the client computing device. A cryptographic tool of the web browser may decrypt the first encrypted value to generate a first clear value. The web browser may render the document at an output device of the client computing device using the clear value. The web browser may also be programmed to prevent the web application from accessing the first clear value.

Abstract: An approach is provided in which a system analyzes a first set of data to derive a first distribution output that is based on a first conjugated distribution corresponding to the first set of data and a domain class model. The system utilizes the first distribution output as a baseline input to generate a second conjugated distribution corresponding to a second set of data and the domain class model. Next, the system derives a second distribution output of the second set of data based on the second conjugated distribution. The second distribution output identifies at least one personally identifiable information (PII) data field corresponding to the second set of data that was not identified as a PII data field in the domain class model. In turn, the system tags at least a portion of the second set of data as PII based on the derived second distribution output.

Abstract: A non-transitory computer-readable storage medium storing a control program that causes a computer to execute a process including receiving specified information generated in response to reception of an acquisition request of data from a terminal device that decrypts an encrypted data corresponding to the data, and identification information on the terminal device, determining whether or not the specified information is stored, in a storage unit, in association with the received identification information on the terminal device that has sent the acquisition request, the storage unit storing the specified information to be generated in association with the identification information on a terminal device for which a data acquisition is permitted for each of the plurality of pieces of data, and transmitting information that permits decryption of the encrypted data corresponding to the data to the terminal device when the specified information is stored in association with the received identification information.

Abstract: An authentication control method, system, and computer program product, includes performing an initial calibration to login to a registered device by detecting a plurality of biological signals, biometric signals, and idiosyncratic signals of a user and selecting a combination of the plurality of biological signals, biometric signals, and idiosyncratic signals to use in an initial calibration-authentication score, computing a login-authentication score at a time of the login based on a user input of signals corresponding to the signals of the initial calibration-authentication score, and allowing the login to the registered device if the login-authentication score is within a predetermined threshold of the initial calibration-authentication score.

Abstract: A system includes a read/write controller removably coupled to a storage drive. Responsive to detection of a coupling between the read/write controller and the storage drive, the read/write controller retrieves key information from the storage drive, uses the key information to locate adaptives associated with the primary storage medium, and loads the adaptives into volatile memory to configure read/write settings for access to the primary storage medium.