This application is based upon and claims the benefit of priority from Japanese Patent Applications No. 2020-169245, filed Oct. 6, 2020; and No. 2021-042454, filed Mar. 16, 2021, the entire contents of all of which are incorporated herein by reference.
Embodiments described herein relate generally to a read controller and an input/output controller.
In general, dedicated hardware for sequentially inputting data having a specific multimedia format, decoding the data, and outputting the decoded data, which is referred to as a decoder, is used to decode multimedia data such as video and voice. Examples of the decoder include a dedicated decoder machine, general-purpose computing on GPU (GPGPU), and a CPU-incorporated decoder. Examples of the dedicated decoder machine include, for example, DVD players which decode multimedia data stored in DVD media and digital TV tuners which decode multimedia data received from broadcast waves. The GPGPU is capable of executing general-purpose processing such as CPU in addition to normal GPU. For example, CPU processing load can be remarkably reduced by decoding H.264 video data by GPGPU. In addition, according to a certain method, the CPU processing load can be reduced without GPGPU by providing a dedicated decoder circuit for a die of the CPU (Intel Quick Sync Video and the like).
In addition, according to a certain technique, when information of high confidentiality is stored in a storage device, a host CPU does not execute encryption, but executes encryption and decryption using an encryption unit built in the storage device and then executing writing and reading. In addition, according to another technique, I/O processing is executed between the storage device handling the information of high confidentiality and an appropriately verified host CPU.
When multimedia data stored in a storage such as a flash memory or a hard disk are handled, not only decoding, but also data redistribution need to be considered. The dedicated decoder machine is specialized for decoding alone and is inapplicable to data redistribution. In contrast, the GPGPU and the CPU-incorporated decoder need to read the encoded data from the storage to the memory and to write the decoded data to the memory again after decoding.
The same problem also exists in the encryption and decryption. That is, when the information encrypted with a certain encryption key is redistributed, the encryption key needs to be exchanged or shared-. Sharing the encryption key is unrealistic, and the information read from the storage device to exchange the encryption key needs to be encrypted again by the CPU and redistributed.
Embodiments will be described hereinafter with reference to the accompanying drawings.
In general, according to one embodiment, a read controller reads data to be subjected to sequential processing and metadata from a nonvolatile memory. The read controller includes a reader, a read mode changer, and a first data processor. The reader reads first data and first metadata from the nonvolatile memory. The read mode changer determines whether or not to execute the sequential processing for the first data based on the first metadata. When the read mode changer determines that the sequential processing is to be executed, the first data processor stores information necessary for the sequential processing; executes the sequential processing for the first data; and generates second metadata including a result of the sequential processing. The read controller outputs the first data, and the first metadata or the second metadata.
First, a first embodiment will be described.
The read control module 10 reads first data and first metadata from a nonvolatile memory 1, and delivers the data to the read mode changer 12. The read mode changer 12 determines whether to deliver the first data and the first metadata to the data processor 13 or output the data as they are to the outside, with the first metadata. When inputting the first data and the first metadata from the read mode changer 12, the data processor 13 sequentially processes the first data and the first metadata, and then outputs the first data and second metadata including the sequentially processed data to the outside.
The read mode changer 12 outputs the first data and the first metadata as they are to the outside in a case of, for example, not decoding but redistributing the enclosed data stored in the nonvolatile memory 1. When sequentially processing the input data, the data processor 13 stores a state necessary for sequential processing as an internal state. Examples of the internal state include, for example, a reference frame in the H.264 moving image compression, or a value of digital authentication to a block in a blockchain digital ledger.
Next,
Contents ID (a1) is a content identifier. Data associated with metadata including different content identifiers can be encoded or decoded in parallel.
Chunk Number (a2) is a number for identification assigned when the content is divided into a plurality of chunks. The definition of the chunk is varied depending on the data processed by the read control module 10. For example, when Codec Type to be described later is indicative of MPEG4, the chunk may correspond to one Box of MPEG4. Alternatively, when Codec Type to be described later is indicative of Encrypted H.264 NALU (https://developer.apple.com/lifbrary/archive/documentation/AudioVideo/Conceptual/HLS_Sample_Encryption/Encryption/Encryption.html), the chunk may correspond to one Media Data Container Box including Encrypted H.264 NALU. Alternatively, when Codec Type to be described later is indicative of Encrypted AAC (Advanced Audio Code) Frame (https://developer.apple.com/library/archive/documentation/AudioVideo/Conceptual/HLS_Sample_Encryption/Encryption/Encryption.html), the chunk may correspond to one Media Data Container Box including an encrypted AAC frame. Alternatively, when Codec Type to be described later is indicative of a blockchain, the chunk may correspond to one block of the blockchain digital ledger.
Codec Information Pointer (a3) is a pointer to the codec information that the data processor 13 of the read control module 10 refers to. If it is supposed that the codec information is stored in a memory space of a host (not shown) connected to the read control module 10, this pointer is an address of the memory space of the host. When the Codec Information Pointer is empty (NULL), this indicates that the codec process is not executed in the data processor 13 of the read control module 10. That is, the read mode changer 12 of
Codec Output Data Pointer (a4) is a pointer to the data for which the data processor 13 of the read control module 10 executes the codec process. When processed data is arranged in the memory space on the host, the pointer becomes an address of the data.
Next, an example of the codec information described with reference to
When the above-mentioned Codec Type (b1) is indicative of a blockchain, a digital signature computation process may be used as the security encryption processing and a public key of a signer where a digital signature is applied to the chunk may be specified as the Encryption Key (b4). At this time, the digital signature computation process may be executed with a private key of the signer which is associated with the public key of the signer designated as the Encryption Key (b4) and which is set in advance in the data processor, in the encoding process, and the digital signature computation process may be executed with the public key of the signer designated as the Encryption Key (b4), in the decoding process.
Next, a flowchart relating to the read control module 10 in the first embodiment illustrated in
This operation is started by receiving a read request to the nonvolatile memory 1, which the host connected to the read control module 10 issues. It is assumed here that a request accompanied by an identifier (for example, an address) specifying the information to be read and a length of the identifier has been received (S101). Then, the read control module 10 specifies a logical block of the nonvolatile memory 1 which is to be actually read from the specified identifier (not shown).
Next, the read control module 10 reads data D and metadata MD associated with the data D from a predetermined location of the nonvolatile memory 1 specified by a block number BLK of a read target logical block and the number of bytes OFFSET from a starting part of the read target logical block ((D,MD)←READ(BLK,OFFSE)). Then, the read control module 10 subtracts a length of the read data D from a length LEN of the request (S102).
Next, the read control module 10 determines whether the decoding process needs to be executed by referring to a predetermined field (for example, the Codec Information Pointer (a3) of
When determining that the decoding process needs to be executed (for example, when the Codec Information Pointer (a3) of
Finally, the read control module 10 outputs the data D processed (or not processed) in accordance with the meta-information MD, and the metadata MD to an external module (OUTPUT(D,MD)) (S105). Incidentally, when the updated state S refers to failure of the decoding process, the output data D may be NULL indicating that no value exists or an indefinite value.
The read control module 10 ends the process when all the information corresponding to the required length is read and output (LEN>0 is false) (S106: No), or returns to the reading process if the data to be read still exists (LEN>0 is true) (S106: Yes).
The above is the operation in the present embodiment. The read control module 10 can determine the necessity of the process for the information stored in the nonvolatile memory 1, in accordance with the accompanying metadata and, if the processing is necessary which contiguously reading the data, can execute the process. An advantage of reducing much data transfer between the nonvolatile memory 1 executing the process and the host CPU can be thereby achieved.
That is, in the present embodiment, processing of the data to be sequentially processed, which are stored in the storage, can be executed efficiently in consideration of redistribution of the data.
Next, a second embodiment will be described. A configuration of the present embodiment is the same as the first embodiment, but different in flow of the data and the metadata. Particularly, the embodiment is effective when the data size is the same before and after processing.
The read control module 10 reads first data and first metadata from a nonvolatile memory 1, and delivers the data to the read mode changer 12. The read mode changer 12 determines whether to deliver the first data and the first metadata to the data processor 13 or output the data as they are to the outside, with the first metadata. When inputting the first data and the first metadata from the read mode changer 12, the data processor 13 sequentially processes the first data and the first metadata, and then outputs second data including the sequentially processed data and the first metadata to the outside.
The read mode changer 12 outputs the first data and the first metadata as they are to the outside in a case of, for example, not decoding but reading the enclosed data stored in the nonvolatile memory 1 for redistribution.
Next, a flowchart relating to the read control module 10 in the second embodiment illustrated in
This operation is started by receiving a read request to the nonvolatile memory 1 which the host connected to the read control module 10 issues. It is assumed here that a request accompanied by an identifier (for example, an address) specifying the information to be read and a length of the identifier has been received (S201).
Then, the read control module 10 specifies a logical block of the nonvolatile memory 1 which is to be actually read from the specified identifier (not shown).
Next, the read control module 10 reads data D and metadata MD associated with the data D from a predetermined location of the nonvolatile memory 1 specified by a block number BLK of a read target logical block and the number of bytes OFFSET from a starting part of the read target logical block ((D,MD)←READ(BLK,OFFSE)). Then, the read control module 10 subtracts a length of the read data D from a length LEN of the request (S202).
Next, the read control module 10 determines whether the decoding process needs to be executed by referring to a predetermined field (for example, the Codec Information Pointer (a3) of
When determining that the decoding process needs to be executed (for example, when the Codec Information Pointer (a3) of
Incidentally, when the updated state S refers to failure of the decoding process, the output data D may be NULL indicating that no value exists or an indefinite value.
The present embodiment is different from the first embodiment with respect to a feature of outputting the processed data to the outside in a form of being replaced with data to be processed. Conventionally, it has been necessary to read the information stored in the nonvolatile memory 1 without change but, in the present embodiment, the information obtained by processing the stored information can be output on the premise that a subject (application or the like) requesting reading corresponds to the information. Thus, the present embodiment achieves an advantage of further reducing an information amount read from the nonvolatile memory 1 and executing the information processing more efficiently than the first embodiment.
Next, a third embodiment will be described. In the present embodiment, a simple write process is added to the first embodiment.
Since the read control module 10 is the same as the read control module 10 in the first embodiment, detailed description thereof is omitted. Incidentally, a data processor 13 of the above-described read control module 10 is also hereinafter referred to as a read side data processor 13.
Next, the write control module 20 writes the data D and the metadata MD to predetermined locations in the nonvolatile memory 1 specified by a block number BLK of a write target logical block and the number of bytes OFFSET from a starting part of the write target logical block (WRITE(D,MD,BLK,OFFSET)). In addition, the length of writing is reduced, and unprocessed data length is updated (LEN←LEN(D)) (S302). The flow returns to the write process when unwritten data exists (LEN>0 is true) (S303: Yes) or is ended when unwritten data does not exist (LEN>0 is false) (S303: No).
Incidentally, a series of explanation is omitted. When LEN>0 is true and when writing occurs a plurality of times, the block number BLK and offset byte number OFFSET of the write target logical block are appropriately updated for each writing, and then writing is executed.
The above is the third embodiment. The processing required at reading can be executed by allowing not only the data but the metadata including the processing information to be stored in the nonvolatile memory 1 together with the data at the writing. Incidentally, the write process is added to the configuration of the first embodiment here, and addition of the write process to the configuration of the second embodiment can also be implemented in the same manner.
Next, a fourth embodiment will be described. In the present embodiment, a sequential processing operation at the time of writing is added to the first embodiment.
The write control module 20 inputs first data and first metadata from an external module, delivers the first data and the first metadata to the writer 21, and delivers the first metadata to the write mode changer 22. The write mode changer 22 determines whether to deliver the first data and the first metadata to the write side data processor 23 or the writer 21, with the first metadata. The write mode changer 22 delivers the first data and the first metadata when, for example, the encoded data is written as it is to the nonvolatile memory 1. When inputting the first data and the first metadata, the write side data processor 23 sequentially processes the first data, and delivers sequentially processed second data and the first metadata to the writer 21. The writer 21 writes the first data and the first metadata input from an external module or the second data and the first metadata input from the writing side data processor 23 to the nonvolatile memory 1.
It is assumed that the write control module 20 receives the data D and the metadata MD from the outside (Receive WRITE Request(D,MD)) and specifies the length of the data D (LEN←length(D)) (S401). After that, the write control module 20 determines whether the encoding process needs to be executed by referring to a predetermined field (for example, the Codec Information Pointer (a3) of
When determining that the encoding process needs to be executed (for example, when the Codec Information Pointer (a3) of
Next, the write control module 20 writes the data D and the metadata MD to predetermined locations in the nonvolatile memory 1 specified by a block number BLK of a write target logical block and the number of bytes OFFSET from a starting part of the write target logical block (WRITE(D,MD,BLK,OFFSET)). In addition, the length of writing is reduced, and unprocessed data length is updated (LEN←LEN−length(D)) (S404). The flow returns to the write process when unwritten data exists (LEN>0 is true) (S405: Yes) or is ended when unwritten data does not exist (LEN>0 is false) (S405: No). Updating BLK and OFFSET has been described in the third embodiment.
Incidentally, when the updated state S refers to failure, the WRITE operation may be invalidated. Alternatively, the write control module 20 may notify the outside of an error as a response to the request.
The above is the fourth embodiment. The processing required at reading can be executed by allowing not only the data but the metadata including the processing information to be stored in the nonvolatile memory 1 together with the data at the writing. Furthermore, the data can be subjected to an appropriate process before storing in accordance with the state of the metadata and then stored. The data can be used for, for example, encoding multimedia data at the writing, or processing some types of information to an intermediate state and storing the information and executing a final process at the reading, or the like. It is not necessary to execute all processes at reading or writing and becomes easy to respond to situation difference, change of the distribution destination, and the like at writing and reading.
Next, a fifth embodiment will be described. In the present embodiment, an operation at the write process is added to the second embodiment. The embodiment is effective when the data size is the same before and after sequential processing, similarly to the second embodiment.
The above is the fifth embodiment. An advantage obtained from a combination of the second and fourth embodiments can be achieved.
Next, a sixth embodiment will be described. The present embodiment allows the read control module 10 to determine possibility of outputting a result of a read request and to read the metadata in a manner set for the metadata at the storing, by adding the extended metadata to the read request in the first embodiment.
The read mode changer 12 changes the read mode with the first metadata read from the nonvolatile memory 1, similarly to the first embodiment, and changes the read mode by also considering the extended metadata. In addition, “not output” can be set in addition to two of “output as it is” and “processed in the data processor” in the read mode. If “not output” is set, the read mode changer 12 does not output the information read from the nonvolatile memory 1. Alternatively, after the read mode changer 12 is controlled to execute processing in the data processor 13, the data processor 13 generates second metadata including error information.
The data processor 13 can sequentially execute processing for the first data and the first metadata and modify each of the data, based on the first metadata, similarly to the first embodiment, and can modify the data in the other form by also referring to the information added with the extended metadata. Then, the data processor 13 makes a response by including a processing result or information specifying a location where the processing result is stored in the second metadata. In addition, when the extended metadata is “not output”, the data processor 13 may execute processing so as to include information indicative of an error in the second metadata. At this time, an only error is included in the second metadata, and a response should not be made with the read data itself. Alternatively, after processing the read first data in a state in which the data cannot be presumed from the original data, the extended metadata may be replaced with the first data and may not be output.
Specifying based on the extended metadata has priority over the first metadata (when the extended metadata is not specified, the specification is based on the instruction of the first metadata). However, the specification may be made separately for each of the read mode changer 12 and the data processor 13 or the specification may be made together for both of them. Alternatively, the order of the process using the first metadata and the process using the extended metadata may be an order of the first metadata extended metadata or the data may be specified as the extended metadata.
As an example of separately specifying the extended metadata, replacing the process specified when the data is stored with the first metadata with the different process of the same type is considered (i.e., the encryption mode and the key length of small strength are changed to the encryption mode and the key length of large strength, the data is output in a state of being encrypted with an encryption key and an encryption algorithm different from the encryption key and the encryption algorithm at the storing, and the like). The instruction to the read mode changer 12 remains “processed in the read mode changer 12”, and the process content of the data processor 13 alone is changed. Thus, the instruction to the read mode changer 12 is not made, but the only instruction to the data processor 13 is made with the extended metadata (in fact, collective specification can be made if the instruction “processed in the data processor” is included in the extended metadata similarly to the instruction at the storing).
In contrast, as an example of specifying collectively, the data stored by considering that processing does not need to be executed at the storing is often newly processed. The only instruction “output as it is” is set in the first metadata, and special instructions or information for the data processor 13 is not included in the first metadata. In contrast, an instruction “to process and then output” can be given with the extended metadata, and information necessary for the instruction can be instructed at the reading.
Since the operation flow of the present embodiment is the same as the operation flow of the first embodiment, a flowchart thereof is omitted.
The above is the sixth embodiment. The process different from the process assumed at the storing can be specified at timing of reading by transmitting the extended metadata together with the read request. Furthermore, reading the information from the nonvolatile memory 1 becomes able to be controlled, based on the authentication information that an authentication subject independent of a generation subject of the read request generates, by allowing “not output” to be specified as the extended metadata.
Next, a seventh embodiment will be described. In the present embodiment, the read control module 10 is set to determine the possibility of output of the result of the read request and to read the possibility in a manner different from the assumption at the time of storage, by adding extended metadata to the read request in the second embodiment.
The above is the seventh embodiment. The advantage thereof is the same as the advantage obtained from a combination of the second and sixth embodiments.
Next, an eighth embodiment will be described. In the present embodiment, extended metadata is added to the read request in the third embodiment and corresponding components are added (
Since the detailed description has been made above in the third and sixth embodiments, the detailed description is omitted.
The above is the eighth embodiment. The advantage thereof is the same as the advantage obtained from a combination of the third and sixth embodiments.
Next, a ninth embodiment will be described. In the present embodiment, extended metadata is added to a read request or a write request in the fourth embodiment and corresponding components are added (
Since the detailed description on the read side has been made above in the fourth and sixth embodiments, the detailed description is omitted.
The write control module 20 of the present embodiment is composed of a writer 21, a write mode changer 22, and a write side data processor 23. In addition, the write control module 20 is also connected to an extended metadata extractor 14. The extended metadata extractor 14 comprises a function of fetching the extended metadata from the read request or the write request for the IC control module 2. The fetched extended metadata becomes a new input to a read mode changer 12 and a read side data processor 13 or the write mode changer 22 and the write side data processor 23.
The write mode changer 22 changes the write mode with the metadata to be written to the nonvolatile memory 1, similarly to the fourth embodiment, and changes the write mode by considering the extended metadata notified together with the write request. In addition, “not write” can be set in addition to two of “store as it is” and “process in write side data processor”, as write modes. When “not write” is set, the write mode change section 22 does not write requested first data and first metadata to the nonvolatile memory 1. When an error is to be returned, either the write side data processor 23 or the writer 21 may generate the error, and notify the outside of the IC control module 2 of the error by appropriate means (not shown).
The write side data processor 23 can sequentially execute processing for the first data and modify each of the data, based on the first metadata, similarly to the fourth embodiment, and can modify the data in the other form by also referring to the information added with the extended metadata. In addition, when the extended metadata is “not written”, the write side data processor 23 may execute a process of allowing an error to occur and notifying the request source of the error (not shown). At this time, the first data or the first metadata must not be written (i.e., the writ unit is not notified of the information).
Specifying based on the extended metadata has priority over the first metadata input together with the first data of the write target (when the extended metadata is not specified, the specification is based on the instruction of the first metadata). However, the specification may be made separately for each of the write mode changer 22 and the write side data processor 23 or the specification may be made together for both of them. Alternatively, the order of the process using the first metadata and the process using the extended metadata may be an order of the first metadata extended metadata or the data may be specified as the extended metadata.
As an example of separately specifying the extended metadata, replacing the process specified when the data is stored with the first metadata with the different process of the same type is considered. The same example has been described as the example of reading in the sixth embodiment. A case where a shared library or the operating system different from the user application which issues the write request is to replace process contents will be considered here. That is, a case of replacing the process with the other process without modifying the user application will be considered. The library or the operating system hooks the write request, and assigns extended metadata. Then, the instruction to the write mode changer 22 remains “processed in the write side data processor 23” and the information for new processes to be executed in the write side data processor 23 is assigned.
In contrast, as an example of specifying collectively, the shared library or the operating system adds the process that is considered to require no user application. The only instruction “store as it is” is described in the metadata, and special instructions or information for the write side data processor 23 is not included in the metadata. In contrast, an instruction “to process and then store” can be given with the extended metadata, and information necessary for the instruction can be instructed at the write request.
The above is the ninth embodiment. The advantage thereof is the same as the advantage obtained from a combination of the fourth and sixth embodiment and is to further execute controlling with the extended metadata at the writing.
Next, a tenth embodiment will be described. In the present embodiment, extended metadata is added to a read request or a write request in the fifth embodiment and corresponding components are added (
The detailed description is substantially the same as the above-mentioned ninth embodiment, and the embodiment is merely different from the ninth embodiment in a data outputting method on the read side. The variation is the same as that described in the sixth and seventh embodiments.
The above is the tenth embodiment. The advantage thereof is the same as the advantage obtained from a combination of the fifth and seventh embodiment and is to further execute controlling with the extended metadata at the writing.
Using an IC control module 2 in a system storing the information encrypted by (completely) homomorphic encryption will be described as the eleventh embodiment. The homomorphic encryption is the cryptography which can execute an operation (addition or multiplication or both) as a cryptogram. The types and the number of times of the operation that can be executed are constrained depending on an algorithm and, particularly, a problem that decryption cannot be executed when the number of times of operation exceeds the constraint occurs. For this reason, processes for regularly avoiding the constraint (referred to as Bootstrapping, ModSwitch, and Relinearize; hereinafter referred to as a recovery process) need to be executed. In the present embodiment, these processes will be focused.
Configuration diagrams of the present embodiment are the same as the ninth embodiment (
The IO control module 2 of the present embodiment receives operated cryptograms obtained by executing the operation for the cryptograms which the homomorphic encryption is applied in a connected host (not shown), as the first data, and receives the information accompanying the cryptograms as the first metadata (a part of the first metadata may be encrypted). In addition, a write process is executed by receiving a write command instructing the cryptograms to be written and the accompanying extended metadata. The extended metadata includes the necessity of execution of the recovery process and information necessary to execute the recovery process additionally (to the information described in the above embodiments).
When receiving the above write command, an extended metadata extractor 14 fetches the extended metadata and transmits the extended metadata to a write mode changer 22 and a write side data processor 23. The write mode changer 22 executes change by referring to the information relating to the necessity of execution of the recovery process as included in the extended metadata. When it is instructed that the recovery process is necessary, the write mode changer 22 changes to deliver the first data and the first metadata to the write side data processor 23. When it is instructed that the recovery process is unnecessary, the write mode changer 22 delivers the first data and the first metadata to the writer 21 as they are.
The write side data processor 23 executes an appropriate recovery process according to each algorithm, by referring to information necessary for the recovery process included in the extended metadata. The result becomes the second data and is delivered to the writer 21 together with the first metadata.
The writer 21 stores the first metadata that is not subjected to the recovery process, or the second data that is subjected to the recovery process, and the accompanying first metadata, in the nonvolatile memory 1.
Incidentally, since the recovery process is accompanied by complicated calculation, the recovery process may require more time than the other processes that the IO control module 2 of the present embodiment assumes and may inhibit a subsequent write process. For this reason, when the present embodiment is applied, a plurality of write side data processors 23 may be prepared or the write side data processor 23 may be provided independently as a dedicated circuit.
Since the operation flow of the present embodiment is the same as the operation flow of the ninth or tenth embodiment, the operation flow is omitted.
The above is the present embodiment. Conventionally, a part executing the arithmetic processing of the cryptogram, such as the CPU, has executed the recovery process of the homomorphic encryption, but can be replaced with the IO control module 2 of the present embodiment. Since the CPU or the like can appropriately determine the timing for requiring the recovery process, the CPU may transmit cryptograms as extended meta-information together with the instruction of the recovery process only when storing the operated cryptograms of the homomorphic encryption which are expected to be reused.
Next, a twelfth embodiment will be described. The present embodiment is also directed to a cryptogram encrypted by homomorphic encryption, similarly to the eleventh embodiment. In the present embodiment, executing the recovery process while executing a plurality of read commands that execute the process while reading a cryptogram will be considered.
Configuration diagrams of the present embodiment are the same as the sixth embodiment (
A read control module 10 of the present embodiment starts the process by receiving a Read command that reads a cryptogram and metadata corresponding thereto from the connected host (not shown) and the accompanying extended metadata, by the extended metadata extractor 14. The extended metadata extractor 14 fetches the extended metadata, and transmits the extended metadata to the read mode changer 12 and the read side data processor 13. In addition, the extended metadata extractor 14 notifies the nonvolatile memory 1 of the Read command via the reader 11. The nonvolatile memory 1 receiving the Read command reads the first data that is a cryptogram and the accompanying first metadata from a predetermined region.
The extended metadata of the present embodiment includes information relating to an operation instruction for the cryptogram that is the read first data, and an execution instruction of the recovery process of the operated cryptogram (=second data). The operation instruction includes the necessity of operation and the type of operation for both the first data and the cryptogram read immediately before, and the necessity of operation and the type of operation (including the operand designation) for the first data and the result of the operation executed immediately before. The execution instruction of the recovery process may include information necessary for the execution in addition to the necessity of the recovery process.
The read mode changer 12 changes the output based on the first metadata and the extended metadata. When the extended metadata is instructed that “an operation is necessary” or “the recovery process is necessary”, the first data is delivered to the read mode changer 12.
The data processor 13 executes the operation instructed by the extended metadata or the recovery process. In the case of the operation instruction, the operation (addition or multiplication, comparison, or other indicated operation) between the first data input to the data processor 13 by reading immediately before or the output second data or a value input as the extended metadata, and the first data that is being currently processed is executed. Then, the operation result is referred to as the second data. The data processor 13 stores at least one of the first data and the second data as an internal state to prepare for the operation instruction in a subsequent read process. For this reason, a temporary storage unit may be added to the data processor 13 in the present embodiment. Information indicative of the necessity of the recovery process may be included as the internal state. In addition, the number of times of remaining operations (level value) until the next recovery process may be used as the information indicative of the necessity of the recovery process.
Furthermore, the recovery process is necessary for the second data that is the operation result, in accordance with the states of two data that are to be inputs. At this time, the necessity of the recovery process may be included in either output (second data inside or the first metadata or second metadata (depending on the configuration)). The host (not shown) that has received the information indicative of the necessity of the recovery process may execute the recovery process by itself or may update the information with the recovery process by the method of the eleventh embodiment when reuse of the information is expected.
The above is the twelfth embodiment. When reading information encrypted by the homomorphic encryption, the cryptogram can be subjected to a necessary operation as it is, by applying the present embodiment. In addition, the necessity of the recovery process can be detected and notified to the host. For this reason, the host can obtain the operation result without executing a complicated operation. In addition, it can be detected rapidly that the recovery process is necessary.
Incidentally, the nonvolatile memory 1 in each of the embodiments may be either a block type storage or a Key-Value type storage, or may be any one of SSD, HDD, and a Storage Class Memory (SCM). When the nonvolatile memory 1 is a block type storage, in NVMe SSD, the Read command and the Write command of NVMe may be used as the I/O commands between the read control module 10 and write control module 20, and an external module, in each embodiment. When the nonvolatile memory 1 is a Key-Value type storage, in NVMe SSD, the Retrieve command and the Store command of NVMe may be used as the I/O commands between the read control module 10 and write control module 20, and an external module, in each embodiment. In addition, when a block type storage is used as the nonvolatile memory 1 in each of the embodiments, the metadata may be read or written with ioctl( ) system call of the host OS and, in this case, each of METADATA GET command and METADATA SET command may be used.
In addition, a case where the write control module 20 is provided independently is not described in each of the above embodiments. However, in a case where the only write process is to be controlled, the write control module 20 may be executed alone.
In addition, the read request and the write request are not limited in the case where they are generated by the software running on the CPU of this figure. For example, the read request and the write request may be generated by the software run on another calculating machine connected through a network.
Based on the above, each of the embodiments reads the data and the metadata that are to be sequentially processed for the nonvolatile memory, determines whether to apply the sequential processes based on the information on the sequential processes of the metadata and, when the sequential processes are applied, executes the sequential processes of the data while referring to the sequential process state stored inside, and includes the processed data in the metadata and outputs the metadata to the external module together with the data or, when the sequential processes are not applied, outputs the read data and the read metadata as they are to the external module, and can thereby remarkably reduce the CPU process load. In addition, when data redistribution is executed, the data can be read as it is without executing sequential processes for the data, similarly to the conventional storage.
While certain embodiments have been described, these embodiments have been presented by way of example only, and are not intended to limit the scope of the inventions. Indeed, the novel embodiments described herein may be embodied in a variety of other forms; furthermore, various omissions, substitutions and changes in the form of the embodiments described herein may be made without departing from the spirit of the inventions. The accompanying claims and their equivalents are intended to cover such forms or modifications as would fall within the scope and spirit of the inventions.
Number | Date | Country | Kind |
---|---|---|---|
2020-169245 | Oct 2020 | JP | national |
2021-042454 | Mar 2021 | JP | national |