System and method for recovering from an interrupted encryption and decryption operation performed on a volume
First Claim
1. A method comprising:
- receiving at a middleware of an information handling system a generalized command from an application, the generalized command including an encryption or decryption task, the middleware comprising instructions executing on a processor;
converting, by the middleware, the generalized command into a format recognizable by an encryption accelerator;
providing the generalized command from the middleware to the encryption accelerator in the format recognizable by the encryption accelerator; and
instructing, by the middleware, a cryptoprocessor to provide an encryption key for use in connection with the generalized command, the encryption key is unique to a storage resource, the encryption key further based on a security policy, wherein the security policy defines whether an encryption or decryption task is to be executed based on one or more of;
a user logged into the information handling system,characteristics of the storage resource, orcharacteristics regarding a directory path of data to be written or read.
8 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for reducing problems and disadvantages associated with traditional approaches to encryption and decryption of data are provided. An information handling system may include a processor, a memory communicatively coupled to the processor, and a computer-readable medium communicatively coupled to the processor. The computer-readable medium may have instructions stored thereon, the instructions configured to, when executed by the processor: (i) receive a generalized command from an application of an information handling system, the generalized command including an encryption or decryption task; (ii) convert the generalized command into a format recognizable by an encryption accelerator; (iii) provide the generalized command to the encryption accelerator in the format recognizable by the encryption accelerator; and (iv) instruct a cryptoprocessor to provide an encryption key for use in connection with the generalized command, the encryption key is unique to a storage resource, the encryption key further based on a security policy, wherein the security policy defines whether an encryption or decryption task is to be executed based on one or more of: a user logged into the information handling system, characteristics of the storage resource, or characteristics regarding a directory path of data to be written or read.
74 Citations
20 Claims
-
1. A method comprising:
-
receiving at a middleware of an information handling system a generalized command from an application, the generalized command including an encryption or decryption task, the middleware comprising instructions executing on a processor; converting, by the middleware, the generalized command into a format recognizable by an encryption accelerator; providing the generalized command from the middleware to the encryption accelerator in the format recognizable by the encryption accelerator; and instructing, by the middleware, a cryptoprocessor to provide an encryption key for use in connection with the generalized command, the encryption key is unique to a storage resource, the encryption key further based on a security policy, wherein the security policy defines whether an encryption or decryption task is to be executed based on one or more of; a user logged into the information handling system, characteristics of the storage resource, or characteristics regarding a directory path of data to be written or read. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An information handling system comprising:
-
a processor; a storage resource communicatively coupled to the processor; and a non-transitory computer-readable medium communicatively coupled to the processor and having instructions stored thereon, the instructions configured to, when executed by the processor; receive a generalized command from an application, the generalized command including an encryption or decryption task; convert the generalized command into a format recognizable by an encryption accelerator; provide the generalized command to the encryption accelerator in the format recognizable by the encryption accelerator; and instruct a cryptoprocessor to provide an encryption key for use in connection with the generalized command, the encryption key is unique to the storage resource, the encryption key further based on a security policy, wherein the security policy defines whether an encryption or decryption task is to be executed based on one or more of; a user logged into the information handling system, characteristics of the storage resource, or characteristics regarding a directory path of data to be written or read. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium communicatively coupled to a processor and having instructions stored thereon, the instructions configured to, when executed by a processor:
-
receive a generalized command from an application of an information handling system, the generalized command including an encryption or decryption task; convert the generalized command into a format recognizable by an encryption accelerator; provide the generalized command to the encryption accelerator in the format recognizable by the encryption accelerator; and instruct a cryptoprocessor to provide an encryption key for use in connection with the generalized command, the encryption key is unique to a storage resource, the encryption key further based on a security policy, wherein the security policy defines whether an encryption or decryption task is to be executed based on one or more of; a user logged into the information handling system, characteristics of the storage resource, or characteristics regarding a directory path of data to be written or read. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification