Intel Corporation
CONCURRENT VOLUME AND FILE BASED INLINE ENCRYPTION ON COMMODITY OPERATING SYSTEMS

Abstract:

The disclosure generally relates to method, system and apparatus for concurrent volume and file based inline encryption on commodity operating systems (OS). More particularly, some embodiments of the disclosure relate to a Converged Cryptographic Engine (CCE) for storage encryption. An exemplary method for implementing non-disruptive inline encryption of a read/write transaction on a non-volatile memory (NVM) circuitry includes the steps of: generating one or more encryption keys for the read/write transaction on a storage volume of the NVM circuitry at a Setup logic; identifying a plurality of Logical Block Addresses (LBAs) corresponding to the storage volume for the read/write transaction at an NTFS logic; and, at a Storage encryption system logic: (1) receiving the plurality of LBAs and their corresponding storage volume from the NTFS, (2) identifying the storage volume on the NVM storage circuitry for the read/write transaction, (3) identifying the one or more encryption keys for the identified storage volume, (4) assigning a keyId to the identified encryption key, and (5) programming the KeyId on to the NVM circuitry.