US 12,007,884 B2
Method of allocating and protecting memory in computational storage device, computational storage device performing the same and method of operating storage system using the same
Jaeho Shin, Gwangmyeong-si (KR); Jeongho Lee, Gwacheon-si (KR); Younggeon Yoo, Seoul (KR); and Hyeokjun Choe, Hwaseong-si (KR)
Assigned to Samsung Electronics Co., Ltd., (KR)
Filed by SAMSUNG ELECTRONICS CO., LTD., Suwon-si (KR)
Filed on Aug. 25, 2022, as Appl. No. 17/895,260.
Claims priority of application No. 10-2021-0152541 (KR), filed on Nov. 8, 2021; and application No. 10-2022-0003760 (KR), filed on Jan. 11, 2022.
Prior Publication US 2023/0143267 A1, May 11, 2023
Int. Cl. G06F 12/02 (2006.01); G06F 12/14 (2006.01); H04L 9/08 (2006.01)
CPC G06F 12/02 (2013.01) [G06F 12/14 (2013.01); H04L 9/0825 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method of allocating and protecting a memory in a computational storage device including a first computing engine and a buffer memory, the method comprising:
receiving a memory allocation request from a host device that is disposed outside the computational storage device;
based on the memory allocation request, performing a memory allocation operation in which a first memory region is generated in the buffer memory and a first key associated with the first memory region is generated;
receiving a program execution request from the host device; and
based on the program execution request, performing a program execution operation in which a first program is executed by the first computing engine by accessing the first memory region based on an encryption or a decryption using the first key,
wherein performing the program execution operation includes performing at least one of an encryption operation on write data to be stored in the first memory region and a decryption operation on read data to be retrieved from the first memory region using the first key, and
wherein performing at least one of the encryption operation and the decryption operation includes:
reading encrypted first data from the first memory region;
obtaining the first data by decrypting the encrypted first data using the first key;
obtaining second data by executing the first program based on the first data;
encrypting the second data using the first key to generate encrypted second data; and
storing the encrypted second data in the first memory region.