CPC G06F 21/602 (2013.01) [G06F 3/0604 (2013.01); G06F 3/0658 (2013.01); G06F 3/0679 (2013.01); G06F 21/71 (2013.01)] | 20 Claims |
1. A memory system connectable to a host, comprising:
a nonvolatile memory including a plurality of blocks, the plurality of blocks including at least a first block and a second block; and
a controller electrically connected to the nonvolatile memory and configured to:
manage correspondence between a plurality of encryption keys and a plurality of logical regions obtained by dividing a logical address space of the memory system;
in response to receiving, from the host, a write request that designates at least a first logical address for identifying data to be written,
select, from the managed plurality of encryption keys, a first encryption key associated with a first logical region of the plurality of logical regions, on the basis of the first logical address designated in the write request;
encrypt the data using (i) at least part of the first logical address and (ii) the selected first encryption key;
determine a first physical storage location and a second physical storage location of the first block to respectively write the encrypted data and the first logical address, the second physical storage location being different from the first physical storage location;
write the encrypted data to the determined first physical storage location of the first block;
write the first logical address to the determined second physical storage location of the first block;
in copying the encrypted data from the first block to the second block,
determine that the encrypted data is to be decrypted using at least the first encryption key after the encrypted data is copied to the second block; and
copy both the encrypted data and the first logical address from the first block to the second block, without decrypting or re-encrypting the encrypted data, wherein
the copying of the encrypted data without decrypting is performed on the basis of the determination that the encrypted data is to be decrypted using at least the first encryption key after the encrypted data is copied to the second block.
|