| CPC G06F 21/79 (2013.01) [G06F 3/0604 (2013.01); G06F 3/0659 (2013.01); G06F 3/0679 (2013.01); G06F 16/11 (2019.01); G06F 21/602 (2013.01); H04L 9/30 (2013.01); H04L 9/3236 (2013.01); G06F 2221/2107 (2013.01)] | 20 Claims |
|
1. A data storage device comprising:
a non-volatile storage medium configured to store multiple file system data objects using block addressing, the multiple file system data objects being addressable by respective ranges of blocks; and
a device controller integrated with the data storage device and comprising hardware circuitry configured to encrypt data to be stored on the storage medium based on at least one cryptographic key, wherein the device controller is configured to:
store an association, in an encrypted form, between the multiple file system data objects and the respective ranges of blocks;
receive, from a host computer system, a request for the association between the multiple file system data objects and the respective ranges of blocks;
control the hardware circuitry to decrypt, using a cryptographic key, the association between the multiple file system data objects and the respective ranges of blocks;
send, to the host computer system, the association between the multiple file system data objects and the respective ranges of blocks in decrypted form;
receive, from the host computer system, a request for an encrypted file system data object;
identify a range of blocks where the requested encrypted file system data object is stored on the storage medium; and
send, to the host computer system, the file system data object stored in the identified range of blocks in encrypted form as stored on the storage medium.
|