摘要 |
An encrypted transport SSD controller has an interface for receiving commands, storage addresses, and exchanging data with a host for storage of the data in a compressed (and optionally encrypted) form in Non-Volatile Memory (NVM), such as flash memory. Encrypted data received from the host is decrypted and compressed using lossless compression for advantageously reducing flash memory write amplification. The compressed data is re- encrypted and stored in the flash memory. The stored data is retrieved, decrypted, decompressed, and re-encrypted before delivery to the host. When implemented within a secure physical boundary, such as a single integrated circuit, the SSD controller protects the encrypted data, from receipt through storage within the flash memory, including delivery to the host. In specific embodiments, the controller exchanges session encryption/decryption keys with the host and/or uses a security protocol such as TCG Opal to determine encryption/decryption keys. |