CN116680714A - Distributed data encryption recording system and method - Google Patents
Distributed data encryption recording system and method Download PDFInfo
- Publication number
- CN116680714A CN116680714A CN202310684659.2A CN202310684659A CN116680714A CN 116680714 A CN116680714 A CN 116680714A CN 202310684659 A CN202310684659 A CN 202310684659A CN 116680714 A CN116680714 A CN 116680714A
- Authority
- CN
- China
- Prior art keywords
- data
- recording
- encryption
- module
- fpga chip
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 230000005540 biological transmission Effects 0.000 claims abstract description 38
- 238000004891 communication Methods 0.000 claims description 3
- 230000003993 interaction Effects 0.000 abstract description 7
- 238000010586 diagram Methods 0.000 description 12
- 238000013403 standard screening design Methods 0.000 description 4
- 238000013523 data management Methods 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000013479 data entry Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/76—Architectures of general purpose stored program computers
- G06F15/78—Architectures of general purpose stored program computers comprising a single central processing unit
- G06F15/7867—Architectures of general purpose stored program computers comprising a single central processing unit with reconfigurable architecture
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Abstract
The invention provides a distributed data encryption recording system and a distributed data encryption recording method. The system comprises: the edge storage subsystem comprises a first FPGA chip embedded with a data cache module, a first encryption and decryption module connected with the data cache module, a first transmission control module and a storage control module, a data receiving module connected with the first encryption and decryption module, a storage disk connected with the first FPGA chip and a first remote transmission module; the central computer system comprises a data receiving and sending card and a general-purpose computer connected with the first remote transmission modules of the N edge storage subsystems through the data receiving and sending card. The method comprises the following steps: PCIE driving of the data receiving and sending card is realized as a universal block device driving through a file system arranged on a universal computer, and the edge storage subsystem is simulated as a universal hard disk, so that encryption recording of distributed data is realized based on the file system. According to the invention, the requirements of high bandwidth, long-distance low interaction volume, convenient access and data security can be met while the distributed data recording is realized.
Description
Technical Field
The invention belongs to the field of data storage, and in particular relates to a distributed data encryption recording system and method.
Background
In recent years, the recording demands of various electronic systems for data are increasing, especially the data recording demands of data sources located at different positions, and in this context, how to implement high-speed distributed data recording becomes a research hotspot in the field of data storage.
As an industry consensus, an ideal distributed data recording state requires that the following objectives be achieved:
1. high bandwidth: the data recording speed reaches or approaches the writing speed of the storage disc, i.e. there is no bandwidth bottleneck from the time when the data arrives at the entrance of the receiving end until it is stored in the storage disc.
2. Remote low interaction volume: except for the necessity that the central CPU needs to access the recorded data content, long-distance transmission of user data is not performed in other cases.
3. The access is convenient: the central CPU can access the data in the storage disk in the form of a direct file without going through other tool software.
4. Data security: data security during data recording and data transmission.
For a conventional computer system, a CPU firstly controls a data receiving end to transmit data into a memory, and then the CPU sequentially carries the data into a storage disk through a file system, IO scheduling and a general block device layer to store the data in the form of a file. Although this approach can achieve the goal of easy access, it is clearly not the preferred way to achieve the other three goals, since the memory and external bus of the CPU are accessed twice, respectively. For this purpose, a common optimization method is to set an edge CPU and a storage disk at the data receiving end, and run a set of computer systems at each edge end, which can achieve the goals of high bandwidth and low interaction amount remotely, however, the disadvantage is that: on one hand, the central CPU can realize data access only through a thicker data protocol stack; on the other hand, the edge subsystem is a complete embedded system, and once the data is lost, the data is safe and can not exist.
Disclosure of Invention
In view of the above, the present invention provides a distributed data encryption recording system and method.
According to a first aspect of the present invention, there is provided a distributed data encryption recording system, the system comprising a central computer system and N edge storage subsystems connected to the central computer system, wherein N is a positive integer;
the edge storage subsystem comprises a first FPGA minimum system with a first FPGA chip, a storage disk connected with the first FPGA chip and a first remote transmission module;
the first FPGA chip is embedded with a data cache module, a first encryption and decryption module, a first transmission control module and a storage control module which are connected with the data cache module, and a data receiving module which is connected with the first encryption and decryption module;
the central computer system comprises a general computer and a data receiving and sending card, and the general computer is simultaneously connected with the first remote transmission modules of the N edge storage subsystems through the data receiving and sending card.
Optionally, the first FPGA minimum system further includes a first memory unit, a first curing unit, and a first clock chip connected to the first FPGA chip.
Optionally, the data transceiver card includes:
the second FPGA minimum system comprises a second FPGA chip;
the PCIE interface unit is connected with the second FPGA chip and is used for being connected with the general-purpose computer;
and the second remote transmission modules are connected with the second FPGA chip and are used for being in communication connection with the corresponding first remote transmission modules.
Optionally, the second FPGA chip is embedded with a PCIE control module, at least N second encryption/decryption modules, and at least N second transmission control modules, where the second transmission control modules are connected to the PCIE control module through corresponding second encryption/decryption modules.
Optionally, the second FPGA minimum system further includes a second memory unit, a second curing unit, and a second clock chip connected to the second FPGA chip.
According to a second aspect of the present invention, there is provided a distributed data encryption recording method based on any one of the above distributed data encryption recording systems, the method comprising the steps of:
when the system is deployed, in the general computer, the driving of the data receiving and sending card is realized as N general block devices, the N edge storage subsystems are simulated as N general hard disks, and the N edge storage subsystems are formatted into a conventional file system;
when recording starts, a recording program normally creates a target file in a file system, and pre-allocates a block for the target file by calling a wellrate through a system;
the recording program sends the obtained data area block distribution of the target file to the driving program of the data receiving and sending card through the ioctrl command;
the data receiving and sending card sends a data recording instruction to a corresponding edge storage subsystem according to the data area block distribution, wherein the data recording instruction is used for enabling the edge storage subsystem to fill data to be filled into a target block position of a storage disk of the data receiving and sending card according to the data area block distribution;
the driver of the data receiving and sending card obtains an interrupt notification sent by the edge storage subsystem to confirm that the recording of the next file can be continued, wherein the interrupt notification is state information which is sent by the edge storage subsystem to the data receiving and sending card when the data filling is completed and indicates that the data recording is completed.
The invention has the beneficial effects that:
the distributed data encryption recording system comprises a central computer system and N edge storage subsystems connected with the central computer system; the edge storage subsystem comprises a first FPGA minimum system with a first FPGA chip, a storage disk and a first remote transmission module, wherein the storage disk and the first remote transmission module are connected with the first FPGA chip; the central computer system comprises a general computer and a data receiving and sending card, and the general computer is simultaneously connected with the first remote transmission modules of the N edge storage subsystems through the data receiving and sending card. Based on the distributed data encryption recording system, the distributed data encryption recording method of the invention realizes PCIE driving of the data receiving and sending card as a universal block device driving through a file system arranged on the universal computer, simulates the edge storage subsystem as a universal hard disk, and further realizes encryption recording of distributed data based on the file system.
For the technical scheme of the invention, the storage disk is arranged in the edge storage subsystem, so that the high bandwidth of recording is ensured; the CPU is not added at the edge end, the data management is still realized by the central computer system, and the data management is realized based on the file system, so that the access is convenient; the method has the advantages that the data management is realized by extremely low data interaction quantity in a mode of pre-distributing block blocks to files by a file system and then filling the blocks by an edge, service data can be transmitted in a cable only when a center needs to access recorded data, and the remote low interaction quantity is realized; the data entry is immediately encrypted to ensure the security of the inventory data and the cable transmission data. Therefore, by adopting the technical scheme of the invention, the requirements of high bandwidth, long-distance low interaction volume, convenient access and data security can be met while the distributed data recording is realized.
Additional features and advantages of the invention will be set forth in the detailed description which follows.
Drawings
The invention may be better understood by referring to the following description in conjunction with the accompanying drawings in which the same or similar reference numerals are used throughout the several drawings to designate the same or similar components.
FIG. 1 illustrates a block diagram of an edge storage subsystem according to an embodiment of the invention;
FIG. 2 shows an internal functional block diagram of a first FPGA chip according to an embodiment of the invention;
FIG. 3 shows a block diagram of a distributed data encryption recording system according to an embodiment of the present invention;
FIG. 4 shows a block diagram of a data card according to an embodiment of the present invention;
FIG. 5 shows an internal functional block diagram of a second FPGA chip according to an embodiment of the invention;
FIG. 6 shows a flowchart of an implementation of a distributed data encryption recording method according to an embodiment of the present invention;
fig. 7 shows a schematic diagram of the hardware configuration of a distributed data encryption recording system configuring a dual-edge storage subsystem according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will more fully understand the technical solutions of the present invention, exemplary embodiments of the present invention will be described more fully and in detail below with reference to the accompanying drawings. It should be apparent that the following description of one or more embodiments of the invention is merely one or more of the specific ways in which the technical solutions of the invention may be implemented and is not intended to be exhaustive. It should be understood that the technical solution of the present invention may be implemented in other ways belonging to one general inventive concept, and should not be limited by the exemplary described embodiments. All other embodiments, which may be made by one or more embodiments of the invention without inventive faculty, are intended to be within the scope of the invention.
Examples: fig. 1 shows a block diagram of an edge storage subsystem according to an embodiment of the present invention, fig. 2 shows an internal functional block diagram of a first FPGA chip according to an embodiment of the present invention, fig. 3 shows a block diagram of a distributed data encryption recording system according to an embodiment of the present invention, fig. 4 shows a block diagram of a data transceiver according to an embodiment of the present invention, and fig. 5 shows an internal functional block diagram of a second FPGA chip according to an embodiment of the present invention.
1-5, a distributed data encryption recording system according to an embodiment of the present invention includes a central computer system and N edge storage subsystems accessing the central computer system;
the edge storage subsystem comprises a first FPGA minimum system with a first FPGA chip, a storage disk connected with the first FPGA chip and a first remote transmission module;
the first FPGA chip is embedded with a data cache module, a first encryption and decryption module, a first transmission control module and a storage control module which are connected with the data cache module, and a data receiving module which is connected with the first encryption and decryption module;
the central computer system comprises a general computer and a data receiving and sending card, and the general computer is simultaneously connected with the first remote transmission modules of the N edge storage subsystems through the data receiving and sending card.
Further, in the embodiment of the present invention, the first FPGA minimum system further includes a first memory unit, a first curing unit, and a first clock chip connected to the first FPGA chip.
Specifically, in the embodiment of the present invention, the storage disk is a storage device including serdes, and is specifically implemented by using multiple SATA disks, multiple NVME disks, or an SSD array, where the serdes resource of the first FPGA chip needs to be greater than the sum of the number of serdes of the storage disk and the number of serdes of the data source interface to be recorded, the first memory unit is implemented by using DDR, the first curing unit is implemented by using NOR Flash, and the first remote transmission module refers to one of connection modules of the FPGA high-speed bus, including but not limited to an optical module and a network PHY chip.
Specifically, in the embodiment of the invention, the first encryption and decryption module adopts an AES encryption algorithm to instantiate a plurality of parallel AES encryption and decryption pipeline calculations in the first FPGA chip, so that the total throughput is larger than the writing bandwidth of the storage disk. When the data enters the first FPGA chip from the outside, the data is encrypted immediately, and all other data including the data of the memory are encrypted data except the data receiving module and the first encryption and decryption module in the chip. The key adopted by the first encryption and decryption module is transmitted by the central computer system when the computer is started, and the key only exists in a trigger in the first FPGA chip in the edge storage subsystem.
Still further, in an embodiment of the present invention, a data transceiver card includes:
the second FPGA minimum system comprises a second FPGA chip;
the PCIE interface unit is connected with the second FPGA chip and is used for being connected with the general purpose computer;
and the at least N second remote transmission modules are connected with the second FPGA chip and are used for being in communication connection with the corresponding first remote transmission modules.
Still further, in the embodiment of the present invention, a PCIE control module, at least N second encryption and decryption modules, and at least N second transmission control modules are embedded in the second FPGA chip, where the second transmission control modules are connected to the PCIE control module through corresponding second encryption and decryption modules.
Still further, in an embodiment of the present invention, the second FPGA minimum system further includes a second memory unit, a second curing unit, and a second clock chip connected to the second FPGA chip.
Specifically, in the embodiment of the present invention, the general-purpose computer is a computer, a server or an embedded platform supporting PCIE protocol and Linux operating system. The number of the second remote transmission modules contained in the data receiving and transmitting card is greater than or equal to the number of the edge storage subsystems deployed in the whole distributed data encryption recording system. The instantiation number of the second encryption and decryption modules in the second FPGA chip is greater than or equal to the number of the edge storage subsystems deployed by the whole distributed data encryption recording system. In the data receiving and sending card, the number of the second transmission control modules in the second FPGA chip is the same as that of the second remote transmission modules of the hardware component of the data receiving and sending card. In the distributed data encryption recording system provided by the embodiment of the invention, the storage disk of the edge subsystem can be indirectly accessed by the central computer system and also can be directly accessed by the FPGA of the edge subsystem, and the two access modes are respectively used for realizing file system access and record data direct writing of the computer system.
Correspondingly, the embodiment of the invention also provides a distributed data encryption recording method which is realized based on the distributed data encryption recording system provided by the embodiment of the invention.
Fig. 6 shows a flowchart of an implementation of the distributed data encryption recording method according to an embodiment of the present invention.
Referring to fig. 6, the distributed data encryption recording method according to an embodiment of the present invention includes the steps of:
step S100, when the system is deployed, in the general-purpose computer, driving the data receiving and sending card is realized as N general-purpose block devices, the N edge storage subsystems are simulated as N general-purpose hard disks, and the N edge storage subsystems are formatted as a conventional file system;
step S200, when recording starts, a recording program normally creates a target file in a file system, and preallows a block for the target file by calling a FAllocate through the system;
step S300, the recording program sends the obtained data area block distribution of the target file to the driving program of the data receiving and sending card through the ioctrl command;
step S400, the data transceiver card sends a data recording instruction to a corresponding edge storage subsystem according to the data area block distribution, wherein the data recording instruction is used for enabling the edge storage subsystem to fill data to be filled into a target block position of a storage disk of the data transceiver card according to the data area block distribution;
step S500, the driver of the data receiving and sending card acquires an interrupt notification sent by the edge subsystem to confirm that the recording of the next file can be continued, wherein the interrupt notification is state information which is sent by the edge storage subsystem to the data receiving and sending card when the data filling is completed and indicates that the data recording is completed.
Specifically, in the embodiment of the invention, since the block blocks of the file are pre-allocated, the amount of pre-allocated operation data is very small, the time consumption is very low, the filling is completed after the completion of the filling, and the management of the universal file system is incorporated.
The following describes embodiments of the present invention in more detail based on a specific example:
fig. 7 is a schematic diagram showing a hardware configuration of a distributed data encryption recording system configured with a dual-edge storage subsystem according to an embodiment of the present invention. Referring to fig. 7, two sets of edge storage subsystems are constructed, the key devices of the edge storage subsystems adopt v7 690T FPGAs, the storage disk adopts 8 Sata SSDs, and the first remote transmission module adopts a 4-transmit 4-receive optical module; the central computer system adopts a conventional computer to match with a data receiving and transmitting card, and key devices of the data receiving and transmitting card adopt v7 690T FPGA to match with 8 4-transmitting and 4-receiving modules.
The FPGA logic of the edge storage subsystem comprises a data receiving module, a SATA Host module, an SRIO controller module, a data caching module and an AES encryption and decryption module, wherein the SATA Host module, the SRIO controller module and the AES encryption and decryption module respectively correspond to the storage control module, the first transmission control module and the first encryption and decryption module.
The data receiving module adjusts according to the incoming mode of external data; the SATA Host module is provided with two interfaces, namely a control end and a data end, wherein the control end is connected with the control interface of the SRIO control module, and the data end is connected with the data cache module. The AES encryption and decryption module instantiates 2 pipeline algorithms, the input end respectively encrypts the data transmitted by the data receiving module by 128 bits, and the output end transmits the encrypted data to the data caching module. The data buffer module is provided with 3 data ports which are respectively connected with the SATA Host module, the AES encryption and decryption module and the SRIO control module, and the data ports are all bidirectional data streams.
The SRIO control module is used for leading out a control interface and a data interface, wherein the control interface is used for controlling all other modules, and the data interface is connected with the data cache module. Under the logic, the SATA can mutually exclusive receive the indirect access of the central computer system from the optical fiber and the direct access of the recorded data FPGA from the AES encryption and decryption module through the data caching module. In the recording situation, the access of SRIO from the optical fiber is mainly a small amount of metadata access after pre-allocation, and the access from the AES encryption and decryption module only comprises the encrypted form writing of the recorded data.
The FPGA logic of the data receiving and sending card comprises: the system comprises 8 AES encryption and decryption modules, 8 SRIO control modules and a PCIE control module, wherein the AES encryption and decryption modules and the SRIO control module correspond to a second encryption and decryption module and a second transmission control module respectively.
The two FPGAs are controlled by the same driver, the driver controls the behavior of the FPGA of the data receiving and sending card through PCIE, controls the edge storage subsystem to become a DMA through SRIO, and registers the edge storage subsystem as block equipment. The block device registered by the driver is controlled by the file system, and the user mode application program only starts, stops and sends the block information 3 operations through the IOCTRL, and the other operations are common file operations.
The recording workflow is as follows:
1. the user starts recording.
2. The user mode pre-allocates files under the directory on which the block device is mounted, in this embodiment creating a 1G file, with a recording time of about 0.25s. The detailed access procedure is seen in the file system access workflow.
3. The user state sends the block information to the driver, and the driver sends the block information to the SATA control module in the FPGA of the edge subsystem through the data receiving and sending card.
4. The user state sends a record command.
5. The driver receives the start record command, and the driver informs the system to pause responding to the IO scheduling of the corresponding block device, and sends the command to each module in the FPGA of the edge subsystem through the data receiving and sending card.
6. Recording of the encrypted data is started.
7. After the record is completed, the edge subsystem sends the completion information to the receiving and sending card through SRIO, and the receiving and sending card completes the record of the file after receiving the record.
8. And (2) starting step 2 again after the user state confirmation file is recorded.
The recorded data can be directly accessed through files for reading, modifying, deleting and the like, and the bottom implementation process is as follows:
1. and the user normally performs file operation under the catalogue mounted by the block equipment, including file reading, file creating, file deleting or file pre-allocation.
2. The kernel converts all file operations into read or write requests and submits the read or write requests to corresponding block devices through the layers of VFS, IO scheduling and the like. The request includes information package such as read-write block address, length and storage position.
3. The block device is registered by the driver, and after the driver receives the request, the information of the read-write type, the block address, the length and the like of the request is sent to the edge subsystem through Nread/Nwrite of the SRIO.
4. If the write request is the write request, the data of the storage position is fetched through the PCIE and sent to the encryption module, and the Swrite of the SRIO is sent to the edge subsystem. If the request is read, the edge subsystem waits for the data to be taken out from the SATA, then the data is transmitted to the receiving and sending card through the SRIO, and the data is written into the storage position after passing through the encryption and decryption module.
5. The block device driver informs the system that the request has been completed and the file operation has been completed correspondingly.
According to the implementation steps, the following effects are achieved:
1. the module and bus bandwidth of data passing through the edge storage subsystem are larger than the bandwidth of the SATA SSD, the sum of the time except for the time of recording the encrypted data in the recording process is not more than 1ms, the storage bandwidth of each edge storage subsystem exceeds 3.3GB/s, and the total writing speed of a storage disk of each edge storage subsystem is close to 3.6G/s (calculated according to 450MB/s of each SATA SSD).
2. In the recording process, the interaction between the data receiving and sending card and the edge storage subsystem is very low, and only some commands, address information and some metadata blocks needing to be updated are transferred.
3. The access is quick, the access to the data is completely a way to view the file, and no network mapping or third party software is needed.
4. The safety is high. In the edge storage subsystem, except the FPGA data receiving module, all data stored in a hard disk are encrypted data, and even if the whole data are stolen, the problem that the stored data are stolen can not occur under the condition of no secret key. In addition, all the data are encrypted in the remote transmission process, the data read by the CPU are encrypted data in the hard disk and decrypted by the data receiving and transmitting card, the data written by the CPU are encrypted by the data receiving and transmitting card and written into the hard disk in an encrypted mode, and the recorded data are encrypted by the edge storage subsystem and written into the hard disk.
Although one or more embodiments of the present invention have been described above, it will be appreciated by those of ordinary skill in the art that the invention can be embodied in any other form without departing from the spirit or scope thereof. The above-described embodiments are therefore intended to be illustrative rather than limiting, and many modifications and substitutions will now be apparent to those of ordinary skill in the art without departing from the spirit and scope of the present invention as defined in the appended claims.
Claims (7)
1. A distributed data encryption recording system, which is characterized by comprising a central computer system and N edge storage subsystems connected with the central computer system;
the edge storage subsystem comprises a first FPGA minimum system with a first FPGA chip, a storage disk connected with the first FPGA chip and a first remote transmission module;
the first FPGA chip is embedded with a data cache module, a first encryption and decryption module, a first transmission control module and a storage control module which are connected with the data cache module, and a data receiving module which is connected with the first encryption and decryption module;
the central computer system comprises a general computer and a data receiving and sending card, and the general computer is simultaneously connected with the first remote transmission modules of the N edge storage subsystems through the data receiving and sending card.
2. The distributed data encryption recording system of claim 1, wherein the first FPGA minimum system further comprises a first memory unit, a first curing unit, and a first clock chip connected to the first FPGA chip.
3. The distributed data encryption recording system of claim 1, wherein the data transceiver card comprises:
the second FPGA minimum system comprises a second FPGA chip;
the PCIE interface unit is connected with the second FPGA chip and is used for being connected with the general-purpose computer;
and the second remote transmission modules are connected with the second FPGA chip and are used for being in communication connection with the corresponding first remote transmission modules.
4. The distributed data encryption recording system according to claim 3, wherein the second FPGA chip is embedded with a PCIE control module, at least N second encryption/decryption modules, and at least N second transmission control modules, and the second transmission control modules are connected to the PCIE control module through corresponding second encryption/decryption modules.
5. The distributed data encryption recording system of claim 3, wherein the second FPGA minimum system further comprises a second memory unit, a second curing unit, and a second clock chip connected to the second FPGA chip.
6. A distributed data encryption recording method based on the distributed data encryption recording system according to any one of claims 1 to 5, characterized by comprising:
when the system is deployed, in the general computer, the driving of the data receiving and sending card is realized as N general block devices, the N edge storage subsystems are simulated as N general hard disks, and the N edge storage subsystems are formatted into a conventional file system.
7. The distributed data encryption recording method according to claim 6, wherein the data recording flow includes:
the method comprises the steps that a recording program normally creates a target file in a file system, and preallocates a block for the target file through system call wellochate;
the recording program sends the obtained data area block distribution of the target file to the driving program of the data receiving and sending card through the ioctrl command;
the data receiving and sending card sends a data recording instruction to a corresponding edge storage subsystem according to the data area block distribution, wherein the data recording instruction is used for enabling the edge storage subsystem to fill data to be filled into a target block position of a storage disk of the data receiving and sending card according to the data area block distribution;
the driver of the data receiving and sending card obtains an interrupt notification sent by the edge storage subsystem to confirm that the recording of the next file can be continued, wherein the interrupt notification is state information which is sent by the edge storage subsystem to the data receiving and sending card when the data filling is completed and indicates that the data recording is completed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310684659.2A CN116680714A (en) | 2023-06-09 | 2023-06-09 | Distributed data encryption recording system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310684659.2A CN116680714A (en) | 2023-06-09 | 2023-06-09 | Distributed data encryption recording system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116680714A true CN116680714A (en) | 2023-09-01 |
Family
ID=87785163
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310684659.2A Pending CN116680714A (en) | 2023-06-09 | 2023-06-09 | Distributed data encryption recording system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116680714A (en) |
-
2023
- 2023-06-09 CN CN202310684659.2A patent/CN116680714A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8583839B2 (en) | Context processing for multiple active write commands in a media controller architecture | |
| KR101340865B1 (en) | Dma engine capable of concurrent data manipulation | |
| US7228399B2 (en) | Control method for storage device controller system, and storage device controller system | |
| US7660911B2 (en) | Block-based data striping to flash memory | |
| AU2013226133B2 (en) | Using storage controller bus interfaces to secure data transfer between storage devices and hosts | |
| CN101840306B (en) | Method and system for driving SATA (Serial Advanced Technology Attachment) device in VxWorks operating system | |
| US6105076A (en) | Method, system, and program for performing data transfer operations on user data | |
| US10387277B2 (en) | Electronic equipment including storage device | |
| KR20100124082A (en) | Solid state drive device | |
| EP4053723A1 (en) | Storage device, storage system, and method of secure data movement between storage devices | |
| US10521370B2 (en) | Chipset with near-data processing engine | |
| US11934542B2 (en) | Methods and apparatus for offloading encryption | |
| US7171396B2 (en) | Method and program product for specifying the different data access route for the first data set includes storing an indication of the different access for the first data set providing alternative data access routes to a data storage | |
| CN116680714A (en) | Distributed data encryption recording system and method | |
| KR20100133184A (en) | Solid state drive device | |
| CN115862699A (en) | Storage controller and storage system including the same | |
| JP2005346426A (en) | Data sharing disk device | |
| KR20240033958A (en) | Memory System, Memory Controller and Operating Method Thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |