Method and apparatus for performing selective encryption/decryption in a data storage system

Assignee

• Oracle International Corporation · US

Inventors

• Adam Y. Lee · San Jose, US
• Varun Sagar Malhotra · Sunnyvale, US
• Daniel ManHung Wong · Sacramento, US
• Tirthankar Lahiri · Palo Alto, US
• Kiran Goyal · Foster City, US
• Juan R. Loaiza · Woodside, US
• Paul Youn · Redwood City, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L9/0894
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

One embodiment of the present invention provides a system for performing selective encryption/decryption in a data storage system. During operation, the system receives a data block from a storage medium at an input/output layer, wherein the input/output layer serves as an interface between the storage medium and a buffer cache. Next, the system determines whether the data block is an encrypted data block. If not, the system stores the data block in the buffer cache. Otherwise, if the data block is an encrypted data block, the system retrieves a storage-key, wherein the storage-key is associated with a subset of storage, which is associated with the encrypted data block. Using the storage-key, the system then decrypts the encrypted data block to produce a decrypted data block. Finally, the system stores the decrypted data block in the buffer cache, wherein the data block remains encrypted in the storage medium.