Abstract: Method and apparatus for transferring protected data. In some embodiments, an encrypted transport solid state drive (SSD) has a non-volatile memory and a controller circuit. The controller circuit is configured to, responsive to receipt of a write command from a host device to store an encrypted data set to the non-volatile memory, decrypt the encrypted data set using a first encryption key to generate a decrypted data set, apply lossless compression to the decrypted data set to generate a decrypted compressed data set, encrypt the decrypted compressed data set using a second encryption key to generate an encrypted compressed data set, and to direct storage of the encrypted compressed data set in the non-volatile memory.

Abstract: An I/O device is coupled to a computing host. In some embodiments, the device is enabled to utilize memory of the computing host not directly coupled to the device to store information such as a shadow copy of a map of the device and/or state of the device. Storage of the shadow copy of the map enables one or both of the device and the computing host to utilize the shadow copy of the map, such as to decrease read latency. Storage of the state enables the device to save volatile state that would otherwise be lost when the device enters a low-power state. In some embodiments, the device implements one or more non-standard modifiers of standard commands. The non-standard modifiers modify the execution of the standard commands, providing features not present in a host protocol having only the standard commands.

Abstract: Method and apparatus for transferring protected data. In some embodiments, an encrypted transport solid state drive (SSD) has a non-volatile memory and a controller circuit. The controller circuit is configured to, responsive to receipt of a write command from a host device to store an encrypted data set to the non-volatile memory, decrypt the encrypted data set using a first encryption key to generate a decrypted data set, apply lossless compression to the decrypted data set to generate a decrypted compressed data set, encrypt the decrypted compressed data set using a second encryption key to generate an encrypted compressed data set, and to direct storage of the encrypted compressed data set in the non-volatile memory.

Abstract: An encrypted transport SSD controller has an interface for receiving commands, storage addresses, and exchanging data with a host for storage of the data in a compressed (and optionally encrypted) form in Non-Volatile Memory (NVM), such as flash memory. Encrypted data received from the host is decrypted and compressed using lossless compression for advantageously reducing flash memory write amplification. The compressed data is re-encrypted and stored in the flash memory. The stored data is retrieved, decrypted, decompressed, and re-encrypted before delivery to the host. When implemented within a secure physical boundary, such as a single integrated circuit, the SSD controller protects the encrypted data, from receipt through storage within the flash memory, including delivery to the host. In specific embodiments, the controller exchanges session encryption/decryption keys with the host and/or uses a security protocol such as TCG Opal to determine encryption/decryption keys.

Abstract: An I/O device is coupled to a computing host. In some embodiments, the device is enabled to utilize memory of the computing host not directly coupled to the device to store information such as a shadow copy of a map of the device and/or state of the device. Storage of the shadow copy of the map enables one or both of the device and the computing host to utilize the shadow copy of the map, such as to decrease read latency. Storage of the state enables the device to save volatile state that would otherwise be lost when the device enters a low-power state. In some embodiments, the device implements one or more non-standard modifiers of standard commands. The non-standard modifiers modify the execution of the standard commands, providing features not present in a host protocol having only the standard commands.

Abstract: An encrypted transport SSD controller has an interface for receiving commands, storage addresses, and exchanging data with a host for storage of the data in a compressed (and optionally encrypted) form in Non-Volatile Memory (NVM), such as flash memory. Encrypted data received from the host is decrypted and compressed using lossless compression for advantageously reducing flash memory write amplification. The compressed data is re-encrypted and stored in the flash memory. The stored data is retrieved, decrypted, decompressed, and re-encrypted before delivery to the host. When implemented within a secure physical boundary, such as a single integrated circuit, the SSD controller protects the encrypted data, from receipt through storage within the flash memory, including delivery to the host. In specific embodiments, the controller exchanges session encryption/decryption keys with the host and/or uses a security protocol such as TCG Opal to determine encryption/decryption keys.