13189402

Paragraph Number

118

In another embodiment, the write data pipeline 106 also includes an encryption module 314 that encrypts a data or metadata segment received from the input buffer 306, either directly or indirectly, prior sending the data segment to the packetizer 302, the data segment encrypted using an encryption key received in conjunction with the data segment. The encryption keys used by the encryption module 314 to encrypt data may not be common to all data stored within the solid-state storage device 102 but may vary on an per data structure basis and received in conjunction with receiving data segments as described below. For example, an encryption key for a data segment to be encrypted by the encryption module 314 may be received with the data segment or may be received as part of a command to write a data structure to which the data segment belongs. The solid-sate storage device 102 may use and store a non-secret cryptographic nonce in each data structure packet that is used in conjunction with the encryption key. A different nonce may be stored with every packet. Data segments may be split between multiple packets with unique nonces for the purpose of improving protection by the encryption algorithm.

Added by DJM 3 2021