JP4957577B2 - Disk controller - Google Patents

Description

  The present invention relates to a disk control device that controls data exchange between an external device and a hard disk drive.

  A disk control device including a plurality of hard disk drive devices (HDDs) is known. By the way, the maximum data amount that the HDD can store per unit time is smaller than the maximum data amount that the volatile memory can store per unit time.

  Therefore, one of the disk control devices of this type includes a volatile memory as a cache memory. The cache memory temporarily stores data exchanged between the external device and the HDD.

  According to this, for example, when an instruction indicating that data is to be stored (written) in the HDD in a specific storage area is generated a plurality of times within a relatively short time, each time the instruction is generated, it is stored in the cache memory. The stored data is updated. Therefore, the disk control device can store only data based on the last generated instruction in the HDD. That is, the number of accesses to the HDD (the number of times data is read from the HDD and / or the number of times data is written to the HDD) can be reduced.

  By the way, when the power supplied to the disk control device is cut off unexpectedly (for example, during a power failure), the power supplied to the cache memory is also cut off, so that the data in the cache memory is erased. Therefore, when data that has not yet been stored (transferred) in the HDD exists in the cache memory, this data cannot be stored in the HDD.

Therefore, the disk control device described in Patent Document 1 includes a battery and a nonvolatile memory. When the power supplied to the disk control device is cut off unexpectedly, the disk control device supplies power to the cache memory by a battery and stores (saves) data in the cache memory in the nonvolatile memory. According to this, even in the event of a power failure, the data in the cache memory can be held in the nonvolatile memory.
JP 2006-268419 A

  However, the disk control device has a problem that when the nonvolatile memory is taken out of the disk control device, the data in the nonvolatile memory is easily acquired.

  For this reason, the object of the present invention is to solve the above-mentioned problem “when the cache data is held when the power supplied to the cache memory is cut off, the data may leak to the outside”. It is an object of the present invention to provide a disk control device capable of performing the above.

In order to achieve such an object, a disk control apparatus according to one aspect of the present invention is
This is a device that stores data received from an external device in the hard disk drive device and sends data stored in the hard disk drive device to the external device.

Furthermore, this disk controller is
A cache memory that is a volatile memory that temporarily stores data exchanged between the external device and the hard disk drive device;
Encryption processing means for encrypting data stored in the cache memory;
First storage processing means for storing the encrypted data in a first nonvolatile memory;
Is provided.

Further, a disk system according to another aspect of the present invention is
A hard disk drive device that stores data, and a disk control device that stores data received from an external device in the hard disk drive device and sends data stored in the hard disk drive device to the external device. .

In addition, this disk system
A cache memory that is a volatile memory that temporarily stores data exchanged between the external device and the hard disk drive device;
Encryption processing means for encrypting data stored in the cache memory;
First storage processing means for storing the encrypted data in a first nonvolatile memory;
Is provided.

Further, a disk control method according to another embodiment of the present invention includes:
The data received from the external device is stored in the hard disk drive device, the data stored in the hard disk drive device is sent to the external device, and data exchanged between the external device and the hard disk drive device is temporarily performed. It is a method for controlling a disk control device comprising a cache memory, which is a volatile memory for storing information.

Furthermore, this disk control method
An encryption processing step for encrypting data stored in the cache memory;
A first storage processing step of storing the encrypted data in a first nonvolatile memory;
including.

A disk control program according to another embodiment of the present invention is
The data received from the external device is stored in the hard disk drive device, the data stored in the hard disk drive device is sent to the external device, and data exchanged between the external device and the hard disk drive device is temporarily performed. In a disk control device provided with a cache memory that is a volatile memory to store automatically,
Encryption processing means for encrypting data stored in the cache memory;
First storage processing means for storing the encrypted data in a first nonvolatile memory;
It is a program for realizing.

  According to the present invention configured as described above, when the power supplied to the cache memory is cut off, it is possible to prevent the data from leaking to the outside while holding the cache data.

A disk control apparatus according to one aspect of the present invention
This is a device that stores data received from an external device in the hard disk drive device and sends data stored in the hard disk drive device to the external device.

Furthermore, this disk controller is
A cache memory that is a volatile memory that temporarily stores data exchanged between the external device and the hard disk drive device;
Encryption processing means for encrypting data stored in the cache memory;
First storage processing means for storing the encrypted data in a first nonvolatile memory;
Is provided.

  According to this, the data in the cache memory (cache data) is encrypted, and the encrypted data is stored in the first nonvolatile memory. Accordingly, even when the data in the cache memory is erased by cutting off the power supply, the data can be held in the first nonvolatile memory.

  Further, the data stored in the first nonvolatile memory is encrypted data. Therefore, even when the encrypted data in the first nonvolatile memory is illegally acquired, it is possible to prevent the data (cache data) before encryption from being easily acquired. That is, the cache data can be prevented from leaking outside.

In this case, the disk control device
A battery for supplying power to the cache memory when the supply of power to the cache memory from the outside is interrupted;
The first storage processing unit is preferably configured to store the encrypted data in the first nonvolatile memory when the battery supplies power to the cache memory. is there.

  According to this, for example, even when the battery does not supply power to the cache memory, the data in the first nonvolatile memory is compared with the case where the encrypted data is stored in the first nonvolatile memory. The number of times of storing can be reduced. As a result, it is possible to reduce the possibility that a failure occurs in the first nonvolatile memory (the state of the first nonvolatile memory becomes an abnormal state).

Furthermore, in this case
The encryption processing means is configured to encrypt data stored in the cache memory based on encryption key information,
The disk controller is
Second storage processing for storing decryption key information, which is information for decrypting data encrypted based on the encryption key information, in a second nonvolatile memory different from the first nonvolatile memory It is preferable to provide means.

  According to this, even when the encrypted data in the first non-volatile memory is obtained illegally, it is compared with the case where the first non-volatile memory stores the decryption key information. Thus, the possibility that the encrypted data in the first nonvolatile memory is decrypted can be reduced.

In addition, the disk control device
Key information generating means for generating the encryption key information,
It is preferable that the encryption processing unit is configured to receive the generated encryption key information and encrypt data stored in the cache memory based on the received encryption key information. is there.

  According to this, it is possible to change the encryption key information that is the basis for encrypting the data in the cache memory. Therefore, compared with the case where data is encrypted based on certain encryption key information, the possibility that pre-encrypted data is obtained from the encrypted data in the first nonvolatile memory is increased. Further reduction can be achieved.

Further, the key information generating means is configured to generate the decryption key information,
It is preferable that the second storage processing unit is configured to receive the generated decryption key information and store the received decryption key information in the second nonvolatile memory.

In addition, the disk control device
It is preferable that a cache module including the first nonvolatile memory, the cache memory, the encryption processing unit, and the first storage processing unit is provided.

Further, the disk control device according to another aspect of the present invention provides:
The first non-volatile memory, the first cache memory constituting the cache memory, the encryption processing means, and the first cache memory stored based on the first encryption key information First encryption processing means for encrypting data stored in the first nonvolatile memory, and the first data encrypted by the first encryption processing means is stored in the first nonvolatile memory. A first storage module; a first cache module including:
The second nonvolatile memory, the second cache memory constituting the cache memory, and the first decryption key information, which is information for decrypting the first data, are stored in the second nonvolatile memory. A second cache processing unit configured to store in a memory, a second cache module,
Is preferably provided.

In this case, the second cache module encrypts data stored in the second cache memory based on the second encryption key information and constituting the encryption processing means. Including encryption processing means,
The second storage processing unit is configured to store the second data encrypted by the second encryption processing unit in the second nonvolatile memory,
The first storage processing means is preferably configured to store second decryption key information, which is information for decrypting the second data, in the first nonvolatile memory. is there.

Further, the disk control device according to another aspect of the present invention provides:
Controlling data exchange between the cache module and the external device or the hard disk drive device, and a control module having a nonvolatile memory,
It is preferable that the non-volatile memory included in the control module constitutes the second non-volatile memory.

  According to this, the first nonvolatile memory is compared with the case where the cache module has the second nonvolatile memory (that is, the decryption key information is stored in the nonvolatile memory in the cache module). The possibility that the encrypted data in the memory is decrypted can be reduced.

In this case, the disk control device
A plurality of the control modules are provided,
The second storage processing unit is preferably configured to distribute and store the partial information obtained by dividing the decryption key information in the nonvolatile memory included in each of the plurality of control modules. .

  According to this, the partial information obtained by dividing the decryption key information is distributed and stored in the nonvolatile memory included in each of the plurality of control modules. Therefore, it is possible to reduce the possibility that the encrypted data in the first nonvolatile memory is decrypted as compared with the case where one nonvolatile memory stores the decryption key information.

In this case, the disk control device
An external device control module for controlling the exchange of data between the cache module and the external device;
A disk control module that controls data exchange between the cache module and the hard disk drive;
A switcher for switching a path between the external device and the hard disk drive device;
With
Each of the external device control module, the disk control module, and the switch preferably constitutes the control module.

In addition, in this case
The decryption key information includes first partial information, second partial information, and third partial information,
The second storage processing means stores the first partial information in the nonvolatile memory included in the external device control module, and the second partial information stored in the nonvolatile memory included in the disk control module. And the third partial information is preferably stored in the nonvolatile memory of the switch.

In this case, the disk control device
A plurality of the external device control module, the disk control module, and the switch;
A plurality of paths between the external device and the hard disk drive device, each routed through each of the external device control module, the disk control module, and the switch, are formed. It is preferable to be configured.

  According to this, even when the external device control module, the disk control module, and the switch are in an abnormal state, the external device control module, the disk control module, and , A route via a switch can be used. As a result, data can be normally exchanged between the external device and the hard disk drive device. Further, regardless of which path is used, all the partial information necessary for generating the decryption key information from the external device control module, the disk control module, and the switch on the path ( First partial information, second partial information, and third partial information) can be acquired.

Any of the above disk control devices
It is preferable that data erasure means for erasing data in the cache memory after the encrypted data is stored in the first nonvolatile memory by the first storage processing means.

  According to this, it is possible to reliably prevent the data in the cache memory from leaking.

Further, a disk system according to another aspect of the present invention is
A hard disk drive device that stores data, and a disk control device that stores data received from an external device in the hard disk drive device and sends data stored in the hard disk drive device to the external device. .

Furthermore, the disk system
A cache memory that is a volatile memory that temporarily stores data exchanged between the external device and the hard disk drive device;
Encryption processing means for encrypting data stored in the cache memory;
First storage processing means for storing the encrypted data in a first nonvolatile memory;
Is provided.

In this case, the disk system is
A battery for supplying power to the cache memory when the supply of power to the cache memory from the outside is interrupted;
The first storage processing unit is preferably configured to store the encrypted data in the first nonvolatile memory when the battery supplies power to the cache memory. is there.

Further, in this case, the encryption processing means is configured to encrypt the data stored in the cache memory based on encryption key information,
The above disk system
Second storage processing for storing decryption key information, which is information for decrypting data encrypted based on the encryption key information, in a second nonvolatile memory different from the first nonvolatile memory It is preferable to provide means.

Further, a disk control method according to another embodiment of the present invention includes:
The data received from the external device is stored in the hard disk drive device, the data stored in the hard disk drive device is sent to the external device, and data exchanged between the external device and the hard disk drive device is temporarily performed. It is a method for controlling a disk control device comprising a cache memory, which is a volatile memory for storing information.

Furthermore, this disk control method
An encryption processing step for encrypting data stored in the cache memory;
A first storage processing step of storing the encrypted data in a first nonvolatile memory;
including.

  In this case, in the first storage processing step, the battery configured to supply power to the cache memory when the supply of power to the cache memory from the outside is cut off is supplied to the cache memory. It is preferable that the encrypted data is stored in the first non-volatile memory when the data is supplied.

Furthermore, in this case, the encryption processing step is configured to encrypt the data stored in the cache memory based on encryption key information,
The disk control method is
Second storage processing for storing decryption key information, which is information for decrypting data encrypted based on the encryption key information, in a second nonvolatile memory different from the first nonvolatile memory It is preferable to include a process.

A disk control program according to another embodiment of the present invention is
The data received from the external device is stored in the hard disk drive device, the data stored in the hard disk drive device is sent to the external device, and data exchanged between the external device and the hard disk drive device is temporarily performed. In a disk control device provided with a cache memory that is a volatile memory to store automatically,
Encryption processing means for encrypting data stored in the cache memory;
First storage processing means for storing the encrypted data in a first nonvolatile memory;
It is a program for realizing.

  In this case, the first storage processing unit has a battery configured to supply power to the cache memory when power supply from the outside to the cache memory is interrupted. It is preferable that the encrypted data is stored in the first non-volatile memory when the data is supplied.

Further, in this case, the encryption processing means is configured to encrypt the data stored in the cache memory based on encryption key information,
The disk control program is further stored in the disk control device.
Second storage processing for storing decryption key information, which is information for decrypting data encrypted based on the encryption key information, in a second nonvolatile memory different from the first nonvolatile memory A program for realizing the means is preferable.

  Even the invention of the disk system, the disk control method, or the disk control program having the above-described configuration can achieve the above-described object of the present invention because it has the same operation as the above-described disk control apparatus.

  Hereinafter, embodiments of a disk control device, a disk system, a disk control method, and a disk control program according to the present invention will be described with reference to FIGS.

<First Embodiment>
As shown in FIG. 1, the disk system 1 according to the first embodiment is a system that configures a RAID (Redundant Arrays of Independent Disks). The disk system 1 is driven by power supplied from an external commercial power source (not shown). The disk system 1 is connected to a host device (external device) 30 including a processor, a memory, and the like.

  The disk system 1 includes a disk enclosure 10 and a disk control device 20. The disk enclosure 10 includes a plurality (eight in this example) of hard disk drive devices (HDDs) 10a to 10h.

  The disk control device 20 includes a plurality (two in this example) host directors (external device control modules) 21a and 21b, a plurality (two in this example) disk directors (disk control modules) 22a, 22b, a plurality (four in this example) of cache directors (cache modules) 23a-23d, a plurality (four in this example) of batteries 24a-24d, and a plurality (two in this example). Switches (switches) 25a and 25b, and a service processor 26.

  The host directors 21a and 21b, the disk directors 22a and 22b, the cache directors 23a to 23d, the batteries 24a to 24d, and the switches 25a and 25b are detachably mounted on the main body of the disk controller 20.

  In the present specification, the host director 21a is also referred to as host director # 0, and the host director 21b is also referred to as host director # 1. As shown in FIG. 1, the disk directors 22a and 22b, the cache directors 23a to 23d, the batteries 24a to 24d, and the switches 25a and 25b are similar to the host directors 21a and 21b. Also indicated as cache directors # 0 to # 3, batteries # 0 to # 3, and switches # 0 and # 1.

  Each of the host directors 21a and 21b is a module that controls data exchange between the host device 30 and the cache directors 23a to 23d. Each of the host directors 21 a and 21 b is connected to the host device 30. The host directors 21a and 21b are connected to the switches 25a and 25b, respectively. Each of the host directors 21a and 21b includes a processor (not shown) and a nonvolatile memory that stores firmware and the like. Each of the host directors 21a and 21b operates as described later when the processor executes its firmware.

  Each of the disk directors 22a and 22b is a module that controls data exchange between the disk enclosure 10 and the cache directors 23a to 23d. Each of the disk directors 22 a and 22 b is connected to the disk enclosure 10. The disk directors 22a and 22b are connected to the switches 25a and 25b, respectively. Each of the disk directors 22a and 22b includes a processor (not shown) and a nonvolatile memory that stores firmware and the like. Each of the disk directors 22a and 22b operates as described later when the processor executes its firmware.

Each of the cache directors 23a to 23d is connected to each of the switches 25a and 25b. One battery 24a-24d is connected to each of the cache directors 23a-23d. The cache directors 23a to 23d include processors 23a1 to 23d1 (processors # 0 to # 3) and cache memories 23a2 to 23d2 (cache memories # 0 to # 3) which are volatile memories (DRAM (Dynamic Random Access Memory) in this example). # 3) and a nonvolatile memory (flash memory in this example) 23a3 to 23d3 (nonvolatile memories # 0 to # 3) each storing firmware and the like.
Further, each of the cache directors 23a to 23d is configured to detect a current supplied from the connected batteries 24a to 24d.

The cache directors 23a to 23d operate as will be described later when the processors 23a1 to 23d1 execute the firmware.
In this example, the cache memories 23a2 to 23d2 are DRAMs, but may be other volatile memories such as SRAM (Static Random Access Memory). In this example, the non-volatile memory is a flash memory, but may be another non-volatile memory such as an MRAM (Magnetic Random Access Memory) or an FeRAM (Ferroelectric Random Access Memory), or an HDD. Also good.

  Each of the batteries 24a to 24d is configured to supply power to the connected cache directors 23a to 23d when power supplied to the cache directors 23a to 23d from an external commercial power supply is cut off.

  In this example, the wiring (power supply line) for supplying the power supplied from the external commercial power source to the disk system 1 to the cache directors 23a to 23d and the output terminals of the batteries 24a to 24d are connected. Yes. That is, in this embodiment, when the power supplied from the external commercial power source to the cache directors 23a to 23d is cut off, the batteries 24a to 24d are discharged to maintain the voltage of the power supply line. That is, power is supplied from the batteries 24a to 24d to the cache directors 23a to 23d.

  Each of the switches 25 a and 25 b is a module that switches a path between the host device 30 and the disk enclosure 10. Each switch 25a, 25b is connected to a service processor 26. Each switch 25a, 25b includes a processor (not shown) and a nonvolatile memory for storing firmware and the like. Each switch 25a, 25b operates as follows when the processor executes its firmware.

  Each switch 25a, 25b connects each host director 21a, 21b and one cache director 23a-23d according to connection instruction information from the service processor 26, and each disk director 22a, 22b and one cache director. 23a to 23d are connected.

  That is, each of the host directors 21a and 21b, the disk directors 22a and 22b, and the switches 25a and 25b is a control module that controls data exchange between the cache directors 23a to 23d and the host device 30 or the disk enclosure 10. Is configured.

  The service processor 26 includes a non-illustrated non-volatile memory that stores firmware and the like. The service processor 26 operates as follows by executing the firmware.

  The service processor 26 is a path between the host device 30 and the disk enclosure 10, and includes one each of the host directors 21a and 21b, the disk directors 22a and 22b, the cache directors 23a to 23d, and the switches 25a and 25b. Connection instruction information is sent to the switches 25a and 25b so as to form a route through each.

Further, the service processor 26 detects whether or not each of the control modules (host directors 21a and 21b, disk directors 22a and 22b, cache directors 23a to 23d, and switches 25a and 25b) is abnormal. Is configured to do. When the service processor 26 detects that one of the control modules is in an abnormal state, the service processor 26 instructs the connection so as to form a path that passes only through the control module in the normal state among the control modules. Information is sent to the switches 25a and 25b.
In addition, the service processor 26 operates as described later by executing the firmware.

The host device 30 sends (outputs) write request information or read request information to the disk array device 1.
The write request information includes write data and write position information indicating a write position, and indicates that the write data is requested to be written (stored) in the HDD 10a to 10h at the write position. It is information to represent. The read request information includes read position information indicating a read position, and is information indicating that data stored in the HDDs 10a to 10h is requested to be read at the read position.

Next, the operation of the disk system 1 configured as described above will be described.
First, the operation of the disk system 1 for storing write data in the HDDs 10a to 10h according to the write request information from the host device 30 will be described.

  Each of the host directors 21 a and 21 b receives write request information from the host device 30. Each host director 21a, 21b sends the received write request information to the cache directors 23a-23d connected by the switches 25a, 25b.

  Each of the cache directors 23a to 23d receives write request information from the host directors 21a and 21b. Each cache director 23a to 23d stores the received write request information in the cache memories 23a2 to 23d2. At this time, each of the cache directors 23a to 23d has the write request information including the same write position information as the write position information included in the received write request information already stored in the cache memories 23a2 to 23d2. The stored write request information is replaced (updated) with the received write request information.

When the storage of the received write request information is completed, each of the cache directors 23a to 23d sends the write completion information to the host directors 21a and 21b.
In this specification, the write request information stored in the cache memories 23a2 to 23d2 is data also called cache data.

  Each of the disk directors 22a and 22b reads the write request information stored in the cache memories 23a2 to 23d2 at a preset timing (for example, every time a preset time elapses).

Each of the disk directors 22a and 22b stores (writes) the write data included in the read write request information in the HDDs 10a to 10h at positions corresponding to the write position information included in the write request information. Further, each of the disk directors 22a and 22b erases the read write request information from the cache memories 23a2 to 23d2.
That is, it can be said that the cache memories 23a2 to 23d2 temporarily store data exchanged between the host device 30 and the HDDs 10a to 10h.

  Next, the operation of the disk system 1 for reading data stored in the HDDs 10a to 10h in accordance with the read request information from the host device 30 will be described.

  Each of the host directors 21 a and 21 b receives read request information from the host device 30. Each host director 21a, 21b sends the received read request information to the cache directors 23a-23d connected by the switches 25a, 25b.

  Each of the cache directors 23a to 23d receives read request information from the host directors 21a and 21b. When read information including read position information identical to the read position information included in the received read request information is stored in the cache memories 23a2 to 23d2, each of the cache directors 23a to 23d transmits the read information to the host director. Send to 21a, 21b. The read information is information including read data read from the HDDs 10a to 10h and read position information corresponding to positions in the HDDs 10a to 10h in which the read data are stored.

  On the other hand, when the read information including the read position information identical to the read position information included in the received read request information is not stored in the cache memories 23a2 to 23d2, each of the cache directors 23a to 23d receives the read request information. The data is sent to the disk directors 22a and 22b.

  When the disk directors 22a and 22b receive the read request information from the cache directors 23a to 23d, the data stored in the HDDs 10a to 10h at the positions corresponding to the read position information included in the read request information are stored in the HDDs 10a to 10h. Read from 10h. Each of the disk directors 22a and 22b sends read information including read data and read position information to the cache directors 23a to 23d.

  Each of the cache directors 23a to 23d stores the received read information in the cache memories 23a2 to 23d2 and sends it to the host directors 21a and 21b. Further, when the host directors 21 a and 21 b receive the read information from the cache directors 23 a to 23 d, the host directors 21 a and 21 b send the received read information to the host device 30.

  Next, when the operation of the disk control device 20 does not end normally due to an unexpected interruption of the power supply from the external commercial power source to the disk system 1, it is stored in the cache memories 23a2 to 23d2. The operation of the disk system 1 for holding the cache data (write request information) is described.

  First, the service processor 26 generates a random number and decrypts the encryption key information (in this example, 96-byte information) and the data encrypted based on the encryption key information based on the generated random number. Key combination information (key information generation means) representing a combination of the decryption key information (in this example, 96-byte information) and Specifically, the service processor 26 generates four key set information when the disk controller 20 is activated.

  The four key set information includes key set information indicating encryption key information # 0 and decryption key information # 0, key set information indicating encryption key information # 1 and decryption key information # 1, and encryption key information. It consists of key set information representing # 2 and decryption key information # 2, and key set information representing encryption key information # 4 and decryption key information # 4.

  Then, the service processor 26 sends the generated four pieces of encryption key information # 0 to # 4 to the cache directors 23a to 23d one by one. Further, the service processor 26 sends the decryption key information included in the three key set information other than the key set information including the encryption key information to be sent to the cache directors 23a to 23d to the cache directors 23a to 23d.

  That is, the service processor 26 sends (distributes) the encryption key information # 0 and the decryption key information # 1 to # 3 to the cache director 23a (cache director # 0). Similarly, the service processor 26 sends the encryption key information # 1 and the decryption key information # 0, # 2, # 3 to the cache director # 1, and decrypts the encryption key information # 2 to the cache director # 2. Key information # 0, # 1, and # 3 are sent, and encryption key information # 3 and decryption key information # 0 to # 2 are sent to cache director # 3.

  Each of the cache directors 23 a to 23 d receives one encryption key information and three decryption key information from the service processor 26. Each of the cache directors 23a to 23d stores the received encryption key information and decryption key information in the cache memories 23a2 to 23d2. As a result, the information stored in each of the cache memories 23a2 to 23d2 includes three pieces of key set information other than one encryption key information and key set information including the encryption key information as shown in FIG. Decryption key information (that is, decryption key information not corresponding to the encryption key information).

  Further, the service processor 26 generates a new four key set information and a cache director 23a for the encryption key information and the decryption key information every time a preset time (1 hour in this example) elapses. To 23d.

Here, the description is continued focusing on the cache director 23a (cache director # 0).
The processor # 0 of the cache director # 0 executes the cache data holding processing program shown by the flowchart in FIG.

  Specifically, processor # 0 stands by in step 305 until power is supplied from battery # 0 to cache director # 0. In this example, the processor # 0 receives the current supplied from the battery # 0 to the cache director # 0, and the current detected by the cache director # 0 is equal to or greater than the threshold current, the battery # 0 to the cache director # 0. It is determined that power is being supplied to.

  It is assumed that the current supplied from the battery # 0 to the cache director # 0 exceeds the threshold current due to unexpected power interruption from the external commercial power supply to the disk system 1. Continue the explanation.

  In this case, the processor # 0 determines “Yes” in step 305, proceeds to step 310, and performs encryption processing. That is, the processor # 0 reads the cache data # 0, the encryption key information # 0, and the decryption key information # 1 to # 3 stored in the cache memory # 0. Next, the processor # 0 encrypts the read cache data # 0 based on the read encryption key information # 0. Note that the execution of the processing of step 305 corresponds to the achievement of the function of the encryption processing means (encryption processing step).

  Further, in step 315, the processor # 0 stores (writes) the encrypted encrypted data # 0 and the read decryption key information # 1 to # 3 in the nonvolatile memory # 0. That is, the writing process is executed. Note that the execution of the processing of step 315 achieves the function of the first storage processing means (first storage processing step) and the function of the second storage processing means (second storage processing step). It corresponds to that.

In step 320, the processor # 0 erases all information from the cache memory # 0. That is, the erasing process is executed. According to this, it is possible to reliably prevent the data in the cache memory # 0 from leaking. Note that the execution of the process of step 320 corresponds to the achievement of the function of the data erasing means.
Also, the cache directors 23b to 23d (cache directors # 1 to # 3) operate in the same manner as the cache director # 0.

  As a result, the information stored in each of the non-volatile memories # 0 to # 3 includes, as shown in FIG. 4, one encrypted data and an encryption key that is a basis for encrypting the encrypted data. And decryption key information included in the three key set information other than the key set information including the information.

  That is, encrypted data # 0 and decryption key information # 1 to # 3 encrypted based on the encryption key information # 0 are stored in the nonvolatile memory # 0, and encrypted data is stored in the nonvolatile memory # 1. Encryption data # 1 encrypted based on the encryption key information # 1 and decryption key information # 0, # 2, # 3 are stored, and the nonvolatile memory # 2 is based on the encryption key information # 2. Encrypted data # 2 and decryption key information # 0, # 1, # 3 are stored, and the non-volatile memory # 3 is encrypted based on the encryption key information # 3. Data # 3 and decryption key information # 0 to # 2 are stored.

As described above, in the disk control device 20 described above,
The cache director # 0 includes a nonvolatile memory # 0 (first nonvolatile memory), a cache memory # 0 (first cache memory), and encryption key information # 0 (first encryption key information). Based on the first encryption processing means for encrypting the data stored in the cache memory # 0, encrypted encrypted data # 0 (first data) and decryption key information # 1 (second And a first storage processing means for storing the decryption key information) in the nonvolatile memory # 0,
The cache director # 1 includes a nonvolatile memory # 1 (second nonvolatile memory), a cache memory # 1 (second cache memory), and encryption key information # 1 (second encryption key information). Based on the second encryption processing means for encrypting the data stored in the cache memory # 1, encrypted encrypted data # 1 (second data), and decryption key information # 0 (first It is possible to say that the second cache module includes a second storage processing unit that stores the decryption key information) in the nonvolatile memory # 1.

  Similarly, when the encryption key information # 0 is handled as the first encryption key information and the encryption key information # 2 is handled as the second encryption key information, the cache director # 0 is used for the first cache. It can be said that the cache director # 2 constitutes a second cache module. Similarly, when the encryption key information # 0 is handled as the first encryption key information and the encryption key information # 3 is handled as the second encryption key information, the cache director # 0 is used for the first cache. It can be said that the cache director # 3 constitutes a second cache module. Note that the case where the encryption key information # 1, the encryption key information # 2, or the encryption key information # 3 is handled as the first encryption key information is the same as described above.

  Next, when the power supply to the disk system 1 from the external commercial power supply is unexpectedly cut off and then the power supply is resumed, the data stored in the nonvolatile memories # 0 to # 3 The operation of the disk system 1 for restoring cache data to the cache memories # 0 to # 3 will be described based on the above.

  When the operation of the disk controller 20 ends (for example, when a shutdown is instructed), the service processor 26 includes normal end information indicating that the operation of the disk controller 20 has ended normally. Store in non-volatile memory. That is, for example, if the operation of the disk control device 20 does not end normally due to unexpected power interruption from an external commercial power supply (at the time of abnormal end), the nonvolatile memory stores normal end information. I don't remember.

  On the other hand, when the operation of the disk controller 20 starts (when activation is instructed), the service processor 26 receives the key request information when the normal end information is not stored in the nonvolatile memory included in the service processor 26. The data is sent to each of the cache directors # 0 to # 3. The key request information is information indicating that transmission of decryption key information is requested.

  When the cache directors # 0 to # 3 receive the key request information, the cache directors # 0 to # 3 read the three decryption key information stored in the non-volatile memories # 0 to # 3, and the read three decryption key information to the service processor 26.

  When the service processor 26 receives the decryption key information from the cache directors # 0 to # 3, the service processor 26 sends decryption instruction information including one corresponding decryption key information # 0 to # 3 to each cache director # 0 to # 3. send. That is, the service processor 26 sends the decryption key information # 0 to the cache director # 0. Similarly, the service processor 26 sends the decryption key information # 1 to the cache director # 1, sends the decryption key information # 2 to the cache director # 2, and sends the decryption key information # 3 to the cache director # 3.

Here, the description is continued focusing on the cache director 23a (cache director # 0).
The processor # 0 of the cache director # 0 executes the cache data restoration processing program shown by the flowchart in FIG.

  Specifically, processor # 0 waits until receiving decoding instruction information in step 505. In this state, the processor # 0 receives (receives) the decryption instruction information from the service processor 26.

  Therefore, the processor # 0 determines “Yes” in step 505, proceeds to step 510, and performs a decoding process. That is, the processor # 0 reads the encrypted data # 0 from the nonvolatile memory # 0. Further, the processor # 0 decrypts the read encrypted data # 0 based on the decryption key information # 0 included in the decryption instruction information.

  Next, the processor # 0 writes the decrypted data (cache data) # 0 into the cache memory # 0 in step 515. That is, the writing process is executed. Then, in step 520, the processor # 0 erases all information from the nonvolatile memory # 0. That is, the erasing process is executed.

The cache directors 23b to 23d (cache directors # 1 to # 3) also operate in the same manner as the cache director # 0.
As a result, the cache memories # 0 to # 3 store the cache data # 0 to # 3 (that is, immediately before the power supply from the external commercial power supply to the disk system 1 is unexpectedly cut off). The state of the cache memories # 0 to # 3) is restored (reproduced).

  As described above, according to the first embodiment of the disk system of the present invention, the data in the cache memories # 0 to # 3 is encrypted, and the encrypted data # 0 to # 3 is the first data. Stored in the non-volatile memories # 0 to # 3. Therefore, even if the data in the cache memories # 0 to # 3 is erased by cutting off the power supply, the data (encrypted data) is retained in the nonvolatile memories # 0 to # 3. Can be made.

  Furthermore, the data stored in the nonvolatile memories # 0 to # 3 are encrypted data (encrypted data) # 0 to # 3. Therefore, even if the encrypted data (encrypted data) # 0 to # 3 in the non-volatile memories # 0 to # 3 are illegally acquired, the data (cache data) before encryption is easy. Can be prevented. That is, the cache data can be prevented from leaking outside.

  In the first embodiment, the data # 0 to # 3 encrypted when the batteries # 0 to # 3 supply power to the cache directors # 0 to # 3 (cache memories # 0 to # 3). 3 is stored in the non-volatile memories # 0 to # 3.

  According to this, even when the batteries # 0 to # 3 are not supplying power to the cache memories # 0 to # 3, the encrypted data # 0 to # 3 are stored in the nonvolatile memories # 0 to # 3. Compared with the case where it makes it, the frequency | count of memorize | storing data in non-volatile memory # 0- # 3 can be decreased. As a result, it is possible to reduce the possibility that a failure occurs in the nonvolatile memories # 0 to # 3 (the state of the nonvolatile memories # 0 to # 3 becomes an abnormal state).

  In the first embodiment, decryption key information # 0 to # 3, which is information for decrypting encrypted data (encrypted data) # 0 to # 3, is stored as encrypted data # 0. Are configured to be stored in a second non-volatile memory different from the first non-volatile memory storing # 3. That is, in the first embodiment, the decryption key information # 0, which is information for decrypting the encrypted data # 0, is stored in the first nonvolatile memory # 0 in which the encrypted data # 0 is stored. Are configured to be stored in second non-volatile memories # 1 to # 3 different from the above.

  According to this, even when the encrypted data in the first non-volatile memory is illegally acquired, the decryption key information for the first non-volatile memory to decrypt the encrypted data is obtained. Compared with the case where it is stored, the possibility that the encrypted data is decrypted can be reduced.

  Further, the first embodiment is configured to generate encryption key information and encrypt data stored in the cache memories # 0 to # 3 based on the generated encryption key information.

  According to this, it is possible to change the encryption key information # 0 to # 3 that is the basis for encrypting the data in the cache memories # 0 to # 3. Therefore, the encrypted data (encrypted data) # 0 to # 3 in the non-volatile memories # 0 to # 3 is encrypted compared to the case where the data is encrypted based on the fixed encryption key information. The possibility that data before conversion (cache data) is acquired can be further reduced.

  In addition, in the first embodiment, in each of the non-volatile memories # 0 to # 3, one piece of encrypted data and all the decryption key information other than the decryption key information for decrypting the encrypted data Are stored. That is, the first embodiment is configured to store one decryption key information in a plurality of nonvolatile memories.

  According to this, when the decryption key information # 0 to # 3 cannot be obtained from one of the non-volatile memories # 0 to # 3 (for example, when one of the cache directors # 0 to # 3 is removed, or Even if a failure occurs in one of the cache directors # 0 to # 3, the decryption key information # 0 to # 3 can be obtained from the other nonvolatile memories # 0 to # 3. . Therefore, the encrypted data # 0 to # 3 stored in the nonvolatile memories # 0 to # 3 can be reliably decrypted.

  In the first embodiment, all the decryption key information other than one encryption data and the decryption key information for decrypting the encrypted data is stored in each of the nonvolatile memories # 0 to # 3. And was configured to memorize. By the way, in the first embodiment, each of the non-volatile memories # 0 to # 3 includes one piece of encrypted data and decryption key information other than the decryption key information for decrypting the encrypted data. One of them may be stored. That is, the first embodiment may be configured to store only one decryption key information in one non-volatile memory.

  Next, a disk system according to a second embodiment of the present invention will be described. In the disk system according to the second embodiment, only the partial information obtained by dividing the decryption key information is distributed and stored in the host director, the disk director, and the switch in the disk system according to the first embodiment. Is different. Accordingly, the following description will focus on such differences.

  The service processor 26 generates four key set information as in the first embodiment. Then, the service processor 26 divides the decryption key information # 0 to # 3 included in the generated key set information into three pieces of key part information (32-byte information in this example). That is, the decryption key information # 0 is divided into key part information # 0A (first part information), key part information # 0B (second part information), and key part information # 0C (third part information). Is done. Similarly, decryption key information # 1 is divided into key part information # 1A, key part information # 1B, and key part information # 1C, and decryption key information # 2 is divided into key part information # 2A, key part information # 2B, and key part information # 1B. Divided into key part information # 2C, decryption key information # 3 is divided into key part information # 3A, key part information # 3B, and key part information # 3C.

  Then, the service processor 26 sends the divided key part information (first partial information) # 0A to # 3A to each of the host directors # 0 and # 1. As shown in FIG. 6, the host director # 0 receives the key part information # 0A to # 3A from the service processor 26, and receives the received key part information # 0A to # 3A in the nonvolatile memory (first memory module). 2 non-volatile memory) # 10. Similarly, the host director # 1 stores the key part information # 0A to # 3A in the nonvolatile memory (second nonvolatile memory) # 11 in its own module.

  Further, the service processor 26 sends the divided key part information (second part information) # 0B to # 3B to each of the disk directors # 0 and # 1. The disk director # 0 stores the key part information # 0B to # 3B from the service processor 26 in the nonvolatile memory (second nonvolatile memory) # 20 in the own module. Similarly, the disk director # 1 stores the key part information # 0B to # 3B in the nonvolatile memory (second nonvolatile memory) # 21 in its own module.

  In addition, the service processor 26 sends the divided key part information (third part information) # 0C to # 3C to each of the switches # 0 and # 1. The switch # 0 stores the key part information # 0C to # 3C from the service processor 26 in the nonvolatile memory (second nonvolatile memory) # 30 in its own module. Similarly, the switch # 1 also stores the key part information # 0C to # 3C in the nonvolatile memory (second nonvolatile memory) # 31 in its own module.

  In this way, the key part information # 0C to # 3C obtained by dividing the decryption key information # 0 to # 3 is distributed and stored in the nonvolatile memories # 10 to # 31 included in each of the plurality of control modules. . That is, the execution of this process corresponds to the achievement of the function of the second storage processing means.

  Further, the service processor 26 sends the encryption key information # 0 to # 3 one by one to the cache directors # 0 to # 3. Each of the cache directors # 0 to # 3 stores the received encryption key information # 0 to # 3 in the cache memories # 0 to # 3.

  As a result, as in the first embodiment, when the supply of power from the external commercial power source to the disk system 1 is interrupted, the cache data # 0 stored in the cache memories # 0 to # 3 is stored. To # 3 are encrypted based on the encryption key information # 0 to # 3, and encrypted encrypted data # 0 to # 3 are stored in the non-volatile memories # 0 to # 3 (see FIG. 7). .)

  On the other hand, when the operation of the disk controller 20 starts (when activation is instructed), the service processor 26 receives the key request information when the normal end information is not stored in the nonvolatile memory included in the service processor 26. , And control modules (host directors # 0 and # 1, disk directors # 0 and # 1, and switches # 0 and # 1).

  Upon receiving the key request information, each control module reads the key part information # 0A to # 3C stored in the non-volatile memories # 10 to # 31, and the read key part information # 0A to # 3C is service processor 26.

  Upon receiving the key part information # 0A to # 3C from the control module, the service processor 26 generates decryption key information # 0 to # 3 from the received key part information # 0A to # 3C. The service processor 26 instructs the cache directors # 0 to # 3 to include the generated decryption key information # 0 to # 3 and include the decryption key information # 0 to # 3 corresponding to the destination cache director. Send information.

  As a result, as in the first embodiment, the cache directors # 0 to # 3 decrypt the encrypted encrypted data # 0 to # 3 stored in the nonvolatile memories # 0 to # 3. The decrypted data (cache data) is stored in the cache memories # 0 to # 3.

  As described above, the second embodiment of the disk system according to the present invention is configured to store the decryption key information # 0 to # 3 in the nonvolatile memories # 10 to # 31 in the control module. ing. According to this, compared with the case where the decryption key information # 0 to # 3 is stored in the nonvolatile memories 23a3 to 23d3 in the cache directors (cache modules) 23a to 23d, the contents in the nonvolatile memories 23a3 to 23d3 are compared. The possibility that the encrypted data is decrypted can be reduced.

  Further, in the second embodiment, non-volatile memories # 10 to # 31 each having key part information # 0C to # 3C obtained by dividing the decryption key information # 0 to # 3, respectively. Are distributed and stored.

  According to this, compared with the case where one non-volatile memory has memorize | stored decoding key information # 0- # 3, reducing possibility that decoding key information # 0- # 3 will be acquired. Can do. That is, the possibility that the encrypted data in the nonvolatile memories 23a3 to 23d3 is decrypted can be reduced.

In addition, the second embodiment includes a plurality of host directors, disk directors, and switches.
According to this, even when the status of the host director, disk director, and switch becomes an abnormal state, it is possible to use a route that passes through the host director, disk director, and switch in a normal state. it can. As a result, data can be normally exchanged between the host device 30 and the disk enclosure 10.

  Furthermore, in the second embodiment, the same key part information # 0A to # 3A is stored in the nonvolatile memories # 10 and # 11 of the plurality of host directors 21a and 21b. In addition, in the second embodiment, the same key part information # 0B to # 3B is stored in the nonvolatile memories # 20 and # 21 of the plurality of disk directors 22a and 22b, respectively. Further, in the second embodiment, the same key part information # 0C to # 3C is stored in the nonvolatile memories # 30 and # 31 of the plurality of switches 25a and 25b, respectively.

  According to this, even if the path is changed due to the abnormal state of the host director, the disk director, and the switch (that is, which path is used) ), All the key part information necessary for generating the decryption key information can be obtained from the host director, the disk director, and the switch on the path.

  In addition, this invention is not limited to said each embodiment, A various modification can be employ | adopted within the scope of the present invention. For example, each of the above embodiments is configured to erase the data in the cache memories 23a2 to 23d2 after storing the encrypted data in the nonvolatile memories 23a3 to 23d3. By the way, each said embodiment may be comprised so that the data in cache memory 23a2-23d2 may not be erased. Even in this case, when the cache directors 23a to 23d are removed from the disk controller 20 and no power is supplied to the cache memories 23a2 to 23d2, the data in the cache memories 23a2 to 23d2 is erased (volatile). Therefore, it is possible to prevent the data in the cache memories 23a2 to 23d2 from leaking.

  Each of the above embodiments is configured to decrypt the encrypted data based on the decryption key information different from the encryption key information. However, the same decryption key information as the encryption key information (that is, The encryption data may be decrypted based on the encryption key information.

  In each of the above embodiments, the decryption key information is stored in the nonvolatile memories # 0 to # 3 in the cache directors # 0 to # 3 or the nonvolatile memories # 10 to # 31 in the control module. However, it may be configured to be stored in another nonvolatile memory (for example, a nonvolatile memory included in the service processor 26), or may be configured to be stored in the HDDs 10a to 10h. Good.

  The present invention is applicable to a disk array system including a plurality of hard disk drive devices.

1 is a diagram illustrating a schematic configuration of a disk system according to a first embodiment of the present invention. It is a figure showing the information memorize | stored in the cache memory and non-volatile memory of the cache director shown in FIG. 2 is a flowchart showing a cache data holding processing program executed by a processor of the cache director shown in FIG. It is a figure showing the information memorize | stored in the cache memory and non-volatile memory of the cache director shown in FIG. 2 is a flowchart showing a cache data restoration processing program executed by a processor of the cache director shown in FIG. It is a figure showing the information memorize | stored in the non-volatile memory of the control module which concerns on 2nd Embodiment of this invention, and the non-volatile memory of a cache director. It is a figure showing the information memorize | stored in the non-volatile memory of the control module which concerns on 2nd Embodiment of this invention, and the non-volatile memory of a cache director.

Explanation of symbols

1 disk system 10 disk enclosure 10a to 10h HDD
20 disk controllers 21a, 21b host directors 22a, 22b disk directors 23a, 23b cache directors 23a1-23d1 processors 23a2-23d2 cache memories 23a3-23d3 non-volatile memories 24a-24d batteries 25a, 25b switches 26 service processors 30 host devices

Claims (19)

A disk control device that stores data received from an external device in the hard disk drive device and sends data stored in the hard disk drive device to the external device,
A cache memory that is a volatile memory that temporarily stores data exchanged between the external device and the hard disk drive device;
Encryption processing means for encrypting data stored in the cache memory;
First storage processing means for storing the encrypted data in a first nonvolatile memory;
A battery for supplying power to the cache memory when the supply of power to the cache memory from the outside is interrupted;
With
The disk control device configured to store the encrypted data in the first nonvolatile memory when the battery is supplying power to the cache memory . The disk control device according to claim 1 ,
The encryption processing means is configured to encrypt data stored in the cache memory based on encryption key information,
Second storage processing for storing decryption key information, which is information for decrypting data encrypted based on the encryption key information, in a second nonvolatile memory different from the first nonvolatile memory A disk control device comprising means. The disk control device according to claim 1 or 2 ,
Key information generating means for generating the encryption key information,
The disk control device configured to receive the generated encryption key information and to encrypt data stored in the cache memory based on the received encryption key information. The disk control device according to claim 3 ,
The key information generating means is configured to generate the decryption key information;
The disk controller configured to receive the generated decryption key information and store the received decryption key information in the second nonvolatile memory, the second storage processing means. The disk control device according to any one of claims 1 to 4 ,
A disk control device comprising a cache module including the first nonvolatile memory, the cache memory, the encryption processing means, and the first storage processing means. The disk control device according to claim 2 ,
The first non-volatile memory, the first cache memory constituting the cache memory, the encryption processing means, and the first cache memory stored based on the first encryption key information First encryption processing means for encrypting data stored in the first nonvolatile memory, and the first data encrypted by the first encryption processing means is stored in the first nonvolatile memory. A first storage module; a first cache module including:
The second nonvolatile memory, the second cache memory constituting the cache memory, and the first decryption key information, which is information for decrypting the first data, are stored in the second nonvolatile memory. A second cache processing unit configured to store in a memory, a second cache module,
A disk control device comprising: The disk control device according to claim 6 ,
The second cache module configures the encryption processing means and encrypts data stored in the second cache memory based on second encryption key information. Including means,
The second storage processing unit is configured to store the second data encrypted by the second encryption processing unit in the second nonvolatile memory,
The disk controller configured to store the second decryption key information, which is information for decrypting the second data, in the first nonvolatile memory. The disk control device according to claim 5 ,
Controlling data exchange between the cache module and the external device or the hard disk drive device, and a control module having a nonvolatile memory,
The non-volatile memory included in the control module is a disk control device that constitutes the second non-volatile memory. The disk control device according to claim 8 , wherein
A plurality of the control modules are provided,
The disk control apparatus configured to distribute and store the partial information obtained by dividing the decryption key information in the nonvolatile memory included in each of the plurality of control modules. The disk control device according to claim 9 , wherein
An external device control module for controlling the exchange of data between the cache module and the external device;
A disk control module that controls data exchange between the cache module and the hard disk drive;
A switcher for switching a path between the external device and the hard disk drive device;
With
A disk control device in which each of the external device control module, the disk control module, and the switch constitutes the control module. The disk control device according to claim 10 , wherein
The decryption key information includes first partial information, second partial information, and third partial information,
The second storage processing means stores the first partial information in the nonvolatile memory included in the external device control module, and the second partial information stored in the nonvolatile memory included in the disk control module. And the third partial information is stored in the nonvolatile memory of the switch. The disk control device according to claim 11 ,
A plurality of the external device control module, the disk control module, and the switch;
A plurality of paths between the external device and the hard disk drive device, each routed through each of the external device control module, the disk control module, and the switch, are formed. Configured disk controller. A disk control device according to any one of claims 1 to 12 ,
A disk control device comprising data erasure means for erasing data in the cache memory after the encrypted data by the first storage processing means is stored in the first nonvolatile memory. A hard disk drive device that stores data, and a disk control device that stores data received from an external device in the hard disk drive device and sends data stored in the hard disk drive device to the external device. There,
A cache memory that is a volatile memory that temporarily stores data exchanged between the external device and the hard disk drive device;
Encryption processing means for encrypting data stored in the cache memory;
First storage processing means for storing the encrypted data in a first nonvolatile memory;
A battery for supplying power to the cache memory when the supply of power to the cache memory from the outside is interrupted;
With
The first storage processing means is a disk system configured to store the encrypted data in the first nonvolatile memory when the battery supplies power to the cache memory . 15. The disk system according to claim 14 , wherein
The encryption processing means is configured to encrypt data stored in the cache memory based on encryption key information,
Second storage processing for storing decryption key information, which is information for decrypting data encrypted based on the encryption key information, in a second nonvolatile memory different from the first nonvolatile memory A disk system comprising means. The data received from the external device is stored in the hard disk drive device, the data stored in the hard disk drive device is sent to the external device, and data exchanged between the external device and the hard disk drive device is temporarily performed. A disk control method for controlling a disk control device comprising a cache memory, which is a volatile memory for storing data,
An encryption processing step for encrypting data stored in the cache memory;
A first storage processing step of storing the encrypted data in a first nonvolatile memory;
Including
In the first storage processing step, a battery configured to supply power to the cache memory when power supply from the outside to the cache memory is interrupted supplies power to the cache memory. A disk control method configured to store the encrypted data in the first non-volatile memory when the data is stored . The disk control method according to claim 16 , comprising:
The encryption processing step is configured to encrypt data stored in the cache memory based on encryption key information,
Second storage processing for storing decryption key information, which is information for decrypting data encrypted based on the encryption key information, in a second nonvolatile memory different from the first nonvolatile memory A disk control method including a process. The data received from the external device is stored in the hard disk drive device, the data stored in the hard disk drive device is sent to the external device, and data exchanged between the external device and the hard disk drive device is temporarily performed. In a disk control device provided with a cache memory that is a volatile memory to store automatically,
Encryption processing means for encrypting data stored in the cache memory;
First storage processing means for storing the encrypted data in a first nonvolatile memory;
With to realize,
A battery configured to supply power to the cache memory when power supply from the outside to the cache memory is interrupted, the first storage processing means supplies power to the cache memory. A disk control program configured to store the encrypted data in the first nonvolatile memory . A disk control program according to claim 18 ,
The encryption processing means is configured to encrypt data stored in the cache memory based on encryption key information,
Second storage processing for storing decryption key information, which is information for decrypting data encrypted based on the encryption key information, in a second nonvolatile memory different from the first nonvolatile memory A disk control program comprising means.

Images