CPC G06F 21/79 (2013.01) [G06F 3/0623 (2013.01); G06F 3/0644 (2013.01); G06F 3/0659 (2013.01); G06F 3/0664 (2013.01); G06F 3/0673 (2013.01); G06F 9/45558 (2013.01); G06F 21/602 (2013.01); H04L 9/083 (2013.01); H04L 9/0822 (2013.01); H04L 9/0861 (2013.01); G06F 2009/45583 (2013.01); G06F 2009/45587 (2013.01)] | 20 Claims |
1. A method comprising:
transmitting, by a hardware processor associated with a virtual machine, an input/output request that includes a data payload to write to a data storage system;
identifying a virtual disk that is associated with the virtual machine;
identifying a start address and an end address of the virtual disk;
transmitting a key request for a key encryption key, wherein the key request includes the start address and the end address of the virtual disk;
generating the key encryption key in response to determining that the start address and the end address are valid;
generating a smart key encryption key based on the key encryption key;
encrypting a media encryption key with the smart key encryption key; and
encrypting the data payload with the encrypted media encryption key prior to storing the data payload in the virtual disk.
|