CN101398789B - Security flash memory, encrypting device, method for accessing internal memory data - Google Patents
Security flash memory, encrypting device, method for accessing internal memory data Download PDFInfo
- Publication number
- CN101398789B CN101398789B CN2007101517369A CN200710151736A CN101398789B CN 101398789 B CN101398789 B CN 101398789B CN 2007101517369 A CN2007101517369 A CN 2007101517369A CN 200710151736 A CN200710151736 A CN 200710151736A CN 101398789 B CN101398789 B CN 101398789B
- Authority
- CN
- China
- Prior art keywords
- data
- module
- sign indicating
- indicating number
- key module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention provides a password flash memory which includes a flash memory chip provided with a plurality of data transmission ends and a data encrypting device; wherein, the data encrypting device includes a validating module provided with a preset passing code, a key module and a switching module. The validating module compares a passing code with the preset passing code and is used for outputting a control signal, while the key module supplies the encryption and decryption of the data. The switching module is connected to the validating module, the data transmission end of the flash memory chip and the key module and is controlled by the control signal for connecting or cutting off the data transmission end of the flash memory chip and the key module.
Description
Technical field
The present invention relates to the method for a kind of security flash memory, encryption device and access memory data, refer to a kind of flash memory with encryption device especially and by the method for this encryption device with access data.
Background technology
The memory card that many different kenels are arranged on the market, for example SmartMedia, CompactFlash, MMC and Security Digital (SD) etc.And for the data access of aforementioned memory card be very easily, only need the data of corresponding card read mechanism in promptly can the access/memory card.So, for the user, the loss of memory card or stolen, the danger that can cause its inner confidentiality data to leak easily.
For this reason, a kind of content protecting of proposition modes such as (CPRM, DRM, ACE or IIS) is arranged then, protect the content of memory card.At this, with content protecting (Content Protection for Recordable Media; CPRM) technology explains.By the technology of CPRM, the user can set its personalized memory card privacy requirements, and so, the memory card internal data will be able to protected, even lose this memory card, also will not worry that its inner confidentiality data have the possibility that leaks.
Please refer to Fig. 1, be existing memory card system schematic with CPRM function.Memory card 1 with CPRM function includes a card body 10, several pins 12, a flash memory 14 and a control device 16.Wherein, several pins 12 are arranged at the front end of card body 10, and flash memory 14 is arranged at card body 10 inside with control device 16.Control device 16 is electrically connected several pins 12 and flash memories 14, and wherein, control device 16 has a buffer 162, and this buffer 162 stores a default value, in order to the CPRM function of decision activation or cancellation memory card 1.When memory card 1 system is in activation CPRM function; outside come data in the access flash memory 14 in the mode of access content protection (CPRM) via control device 16; otherwise, outside come data in the access flash memory 14 in the mode of general access via control device 16.
Yet above-mentioned technology by CPRM still has its defective to reach the secret function of memory card.Because having the inclination the personage can be by obtaining the stored default value of control device 16 internal buffer 162, and then cracks access content protection (CPRM), to obtain the data in the flash memory 14.
Summary of the invention
In view of this, the invention provides the method for a kind of security flash memory, encryption device and access memory data.Encryption device is packaged in the flash memory, the encrypt and decrypt when providing flash memory to do the data access.When the outer computer desire was passed through the data of control device access flash memory, it is default by sign indicating number that control device need have encryption device, and so, outer computer just is able to the data content of access flash memory.
Data encryption device provided by the invention is connected in a flash chip and a control device, and encryption device includes an authentication module, a key module and all die change pieces.Wherein, it is one default by sign indicating number that authentication module has, and receive from control device send one by sign indicating number, and comparison by sign indicating number with default by sign indicating number, in order to export a control signal.And this key module is in order to provide the encrypt and decrypt of data.Handover module is connected in a data transmission terminal and the key module of authentication module, flash chip, is controlled by control signal, in order to conducting or cut off the data transmission terminal and the key module of flash chip.
Security flash memory provided by the invention includes flash chip, a key module and all die change pieces that an authentication module, has a plurality of data transmission terminals.Wherein, it is one default by sign indicating number that authentication module has, and receive from a control device send one by sign indicating number, and comparison by sign indicating number with default by sign indicating number, in order to export a control signal.Key module is in order to provide the encrypt and decrypt of data.In addition, handover module is connected in a data transmission terminal and the key module of authentication module, flash chip, is controlled by control signal, in order to conducting or cut off the data transmission terminal and the key module of flash chip.
The method of access flash data provided by the invention is applicable to aforesaid security flash memory, and this method step comprises: at first, judge by sign indicating number whether meet presetting by sign indicating number in the authentication module.If abovementioned steps meets, the then data transmission terminal of handover module conducting flash chip and key module, and the data that allow the access flash chip, and carry out the encrypt and decrypt of data; If do not meet, then handover module cuts off the data transmission terminal and the key module of flash chip, and the data of forbidding the access flash chip.
To sum up, security flash memory of the present invention is further packed an encryption device, the encrypt and decrypt during as checking before the outer computer access flash data and data access.So, use the storage of security flash memory of the present invention, can prevent effectively that personage intentionally from obtaining the data in the flash memory as the confidentiality data.
Above general introduction and ensuing detailed description are all exemplary in nature, are in order to further specify claim of the present invention.And about other purpose of the present invention and advantage, will be set forth in follow-up explanation and icon.
Describe the present invention below in conjunction with the drawings and specific embodiments, but not as a limitation of the invention.
Description of drawings
Fig. 1 is existing memory card system schematic with CPRM function;
Fig. 2 is a security flash memory access system synoptic diagram of the present invention;
Fig. 3 is a security flash memory function block schematic diagram of the present invention; And
Fig. 4 is the method flow synoptic diagram of EMS memory data access of the present invention.
Wherein, Reference numeral
1 memory card
10 card bodies
12 pins
14 flash memories
16 control device
162 buffers
2 security flash memories
202 authentication modules
204 key module
206 handover modules
20 data encryption devices
22 flash chips
3 control device
S1 is by sign indicating number
The S2 control signal
The D1 ciphered data
D2 is data decryption
Embodiment
See also Fig. 2, be security flash memory access system synoptic diagram of the present invention.Security flash memory 2 of the present invention includes the flash chip 22 that a data encryption device 20 electric connections one have a plurality of data transmission terminals.Above-mentioned data encryption device 20 can be by encapsulation technology with flash chip 22, and packing becomes security flash memory 2.In addition, data encryption device 20 also can be by electrically connecting flash chip 22, and form security flash memory 2.
Consult Fig. 2 again, above-mentioned security flash memory 2 is electrically connected at a control device 3.
Control device 3 can be understood the order of being sent from computing machine (not indicating), and then orders the access of controlling security flash memory 2 data according to this.
Consult Fig. 2 again, after control device 3 is accepted computer command, can send one and pass through sign indicating number S1,, just be able to the data in the access flash memory 2 to obtain the mandate of flash memory 2 to flash memory 2.In addition, in the data access process, desire to deposit in the data of flash memory 2, can after encrypting, just deposit in, otherwise the data that desire is taken out from flash memory 2 can be through just taking out after the deciphering.
Cooperate Fig. 2, see also Fig. 3, be security flash memory function block schematic diagram of the present invention.The data encryption device 20 of security flash memory 2 includes an authentication module 202, a key module 204 and all die change pieces 206.Authentication module 202 is electrically connected at control device 3.And that authentication module 202 has is one default by sign indicating number, receives from what control device 3 was sent pass through a sign indicating number S1, compare by sign indicating number S1 and inner default pass through yard again, at last according to comparison result, exports a control signal S2.
In addition, key module 204 is electrically connected at control device 3.And key module 204 has an encrypt/decrypt conversion table, carries out the encrypt and decrypt of data according to the encrypt/decrypt conversion table of inside.Handover module 206 is connected in the data transmission terminal and the key module 204 of authentication module 202, flash chip 22, and handover module 206 is controlled by control signal S2, with conducting or cut off data transmission terminal and this key module 204.
Cooperate Fig. 2 again, consult Fig. 3, that sign indicating number S1 meets authentication module 202 inside is default during by sign indicating number when passing through of sending of control device 3, one activation control signal S2 is to handover module 206 in authentication module 202 outputs, with the data transmission terminal and the key module 204 of control handover module 206 conducting flash chips 22.At this moment, key module 204 ciphered data D1 is delivered to flash chip 22 by handover module 206, and data decryption D2 delivers to control device 3.In addition.Control device 3 also can be a control chip with content protecting (CPRM, DRM, ACE or IIS), and so, the control chip with content protecting is able to content protecting mode access data decryption D2.
In addition, that sign indicating number S1 do not meet authentication module 202 inside is default during by sign indicating number when passing through of sending of control device 3, one decapacitation control signal S2 is to handover module 206 in authentication module 202 outputs, cuts off the data transmission terminal and the key module 204 of flash chip 22 with control handover module 206.At this moment, control device 3 is not obtained the mandate of flash memory 2, thereby the data in can't access flash memory 2.
Cooperate Fig. 2 and Fig. 3, see also Fig. 4, be the method flow synoptic diagram of EMS memory data access of the present invention.
Control device 3 is understood from the order that computing machine sent, and then orders the access of controlling security flash memory 2 data according to this, and the access mode step is as follows:
Control device 3 action beginnings (S100) at first, are sent one according to computer commands and are passed through sign indicating number S1 (S101) to the authentication module 202 in the security flash memory 2, and then, authentication module 202 is judged a default sign indicating number (S102) that passes through that whether meets its inside by sign indicating number S1.If meet the default sign indicating number that passes through by sign indicating number S1, then authentication module 202 control handover modules 206 conductings make the data transmission terminal of flash chip 22 and key module 204 electrically connect (S104).And then, security flash memory 2 allows the data of control device 3 access flash chips 22, and when access data, key module 204 is delivered to flash chip 22 according to encrypt/decrypt conversion table ciphered data D1, and data decryption D2 has delivered to control device 3, with the encrypt and decrypt (S106) that carries out data, final step finishes (S108).
In above-mentioned, if do not meet the default sign indicating number that passes through by sign indicating number S1, then authentication module 202 control handover modules 206 cut off, and make the data transmission terminal of flash chip 22 and key module 204 end conducting (S103).And then security flash memory 2 is forbidden the data (S105) of control device 3 access flash chips 22, and final step finishes (S108).In sum, when the data of control device access security flash memory of the present invention, the sign indicating number that passes through that control device is sent needs security flash memory according to the invention default by sign indicating number, so, just is able to the data content of access security flash memory of the present invention.
Encrypt and decrypt when security flash memory of the present invention provides preceding checking of outer computer access data and data access.So, the confidentiality data storing in security flash memory of the present invention, can be prevented effectively that intentionally the personage obtains inner data.
Certainly; the present invention also can have other various embodiments; under the situation that does not deviate from spirit of the present invention and essence thereof; those of ordinary skill in the art work as can make various corresponding changes and distortion according to the present invention, but these corresponding changes and distortion all should belong to the protection domain of the appended claim of the present invention.
Claims (18)
1. a security flash memory is characterized in that, includes:
One flash chip has a plurality of data transmission terminals;
One data encryption device is connected in this flash chip, comprising:
One authentication module has one defaultly by sign indicating number, and this authentication module receives one by sign indicating number, and comparison should by sign indicating number with should be default by sign indicating number, and export a control signal;
One key module provides the encrypt and decrypt of data; And
All die change pieces are connected in data transmission terminal and this key module of this authentication module, this flash chip, and this handover module is controlled by this control signal, with conducting or cut off data transmission terminal and this key module of this flash chip;
Should be produced after accepting computer command by a control device by sign indicating number, this control device is connected in this authentication module and this key module.
2. security flash memory according to claim 1 is characterized in that, this key module has an encrypt/decrypt conversion table, and this key module is carried out the encrypt and decrypt of data according to this encrypt/decrypt conversion table.
3. security flash memory according to claim 2 is characterized in that, should meet that this is default during by sign indicating number by sign indicating number, and this authentication module is exported an activation control signal and controlled this handover module, with this data transmission terminal of conducting and this key module.
4. security flash memory according to claim 3 is characterized in that, this key module ciphered data is delivered to this flash chip, and data decryption is delivered to this control device.
5. security flash memory according to claim 2 is characterized in that, should not meet that this is default during by sign indicating number by sign indicating number, exports a decapacitation control signal, and this decapacitation control signal is controlled this handover module, to cut off this data transmission terminal and this key module.
6. security flash memory according to claim 4 is characterized in that, this control device is with the content protecting mode access of CPRM, DRM, ACE or IIS data decryption.
7. a data encryption device is connected in a flash chip, it is characterized in that, includes:
One authentication module has one defaultly by sign indicating number, and this authentication module receives one by sign indicating number, and comparison should by sign indicating number with should be default by sign indicating number, and export a control signal;
One key module provides the encrypt and decrypt of data; And
All die change pieces are connected in a data transmission terminal and this key module of this authentication module, this flash chip, and this handover module is controlled by this control signal, with conducting or cut off this data transmission terminal and this key module;
Should be produced after accepting computer command by a control device by sign indicating number, this control device is connected in this authentication module and this key module.
8. data encryption device according to claim 7 is characterized in that, this key module has an encrypt/decrypt conversion table, and this key module is carried out the encrypt and decrypt of data according to this encrypt/decrypt conversion table.
9. data encryption device according to claim 8 is characterized in that, should meet that this is default during by sign indicating number by sign indicating number, and this authentication module is exported an activation control signal and controlled this handover module, with this data transmission terminal of conducting and this key module.
10. data encryption device according to claim 9 is characterized in that, this key module ciphered data is delivered to this flash chip, and data decryption is delivered to this control device.
11. data encryption device according to claim 8 is characterized in that, should not meet that this is default during by sign indicating number by sign indicating number, exports a decapacitation control signal, this decapacitation control signal is controlled this handover module, to cut off this data transmission terminal and this key module.
12. data encryption device according to claim 10 is characterized in that, this control device is with the content protecting mode access of CPRM, DRM, ACE or IIS data decryption.
13. an access flash memory method is characterized in that, be applicable to have an authentication module, the flash memory of a flash chip, a key module and all die change pieces, this method comprises:
Judge whether one meet the default by sign indicating number of this authentication module by sign indicating number, should be produced after accepting computer command by a control device by sign indicating number, and this control device is connected in this authentication module and this key module;
If meet, then a data transmission terminal of this this flash chip of handover module conducting and this key module; And
Allow the data of access flash chip, and carry out the encrypt and decrypt of data.
14. the method for access flash data according to claim 13 is characterized in that, judge one whether meet by sign indicating number this authentication module one default by the sign indicating number step after, if do not meet, then this handover module cuts off this data transmission terminal and this key module.
15. the method for access flash data according to claim 14 is characterized in that, after this handover module cuts off this data transmission terminal and this key module step, further comprises the step of the data of forbidding the access flash chip.
16. the method for access flash data according to claim 13 is characterized in that, in carrying out the encrypt and decrypt step of data, is carried out the encrypt and decrypt of data according to an encrypt/decrypt conversion table by this key module.
17. flash data access method according to claim 16 is characterized in that, this key module ciphered data is delivered to this flash chip, and data decryption is delivered to this control device.
18. flash data access method according to claim 17 is characterized in that, in the data step that allows the access flash chip, this control device is with the content protecting mode of CPRM, DRM, ACE or IIS or general fashion access data decryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101517369A CN101398789B (en) | 2007-09-27 | 2007-09-27 | Security flash memory, encrypting device, method for accessing internal memory data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2007101517369A CN101398789B (en) | 2007-09-27 | 2007-09-27 | Security flash memory, encrypting device, method for accessing internal memory data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101398789A CN101398789A (en) | 2009-04-01 |
| CN101398789B true CN101398789B (en) | 2011-08-10 |
Family
ID=40517358
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2007101517369A Expired - Fee Related CN101398789B (en) | 2007-09-27 | 2007-09-27 | Security flash memory, encrypting device, method for accessing internal memory data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101398789B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103744793B (en) * | 2014-01-20 | 2017-03-01 | 苏州壹世通科技有限公司 | A kind of data display method to set up and device |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2519337Y (en) * | 2002-01-29 | 2002-10-30 | 记忆科技(深圳)有限公司 | Mobile data storage equipment capable of realizing on line off-line encryption and deciphering |
| CN1467750A (en) * | 2002-07-11 | 2004-01-14 | 腾研科技股份有限公司 | Secure flash memory device and method of operation |
-
2007
- 2007-09-27 CN CN2007101517369A patent/CN101398789B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2519337Y (en) * | 2002-01-29 | 2002-10-30 | 记忆科技(深圳)有限公司 | Mobile data storage equipment capable of realizing on line off-line encryption and deciphering |
| CN1467750A (en) * | 2002-07-11 | 2004-01-14 | 腾研科技股份有限公司 | Secure flash memory device and method of operation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101398789A (en) | 2009-04-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7512759B2 (en) | Memory device | |
| US7984301B2 (en) | Bi-processor architecture for secure systems | |
| EP1818941B1 (en) | Semiconductor memory and data access method | |
| US7480744B2 (en) | Method and apparatus for one time programming | |
| JP2010509662A (en) | Method and system for encryption of information stored in external non-volatile memory | |
| US20150156022A1 (en) | Critical security parameter generation and exchange system and method for smart-card memory modules | |
| US10970409B1 (en) | Security RAM block with multiple partitions | |
| US20030163717A1 (en) | Memory card | |
| US20060188099A1 (en) | Key management system and method for the same | |
| JP2011504263A (en) | Smart storage devices | |
| KR20020065855A (en) | Storage device including a non-volatile memory | |
| EP1914990A1 (en) | Electronic module for digital television receiver | |
| KR20000075917A (en) | Electronic data processing device and system | |
| US7752407B1 (en) | Security RAM block | |
| US8346215B2 (en) | Retrospective implementation of SIM capabilities in a security module | |
| FR2979443A1 (en) | Method for storing data in memory interfacing with secure microcontroller, involves processing input data according to one of data processing methods to achieve data processed in different data formats | |
| CN102831081A (en) | Transparent encryption and decryption secure digital memory card (SD card) and implementation method thereof | |
| CN101398789B (en) | Security flash memory, encrypting device, method for accessing internal memory data | |
| CN1276394C (en) | Initialization of a chip card | |
| TWI377576B (en) | Security flash memory with an apparatus for encryption and decryption, and method for accessing security flash memory | |
| CN112235263A (en) | Diagnostic device security authentication method, server, vehicle, and storage medium | |
| CN104348952B (en) | A kind of control method of card AMS | |
| JP2006524450A (en) | Protecting mobile phone type telecommunication terminals | |
| JP2000285025A (en) | Electronic device for managing security | |
| US20100058074A1 (en) | Right information encryption module, nonvolatile memory device, right information recording system, right information decryption module, right information reading system, and right information recording/reading system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20110810 Termination date: 20150927 |
|
| EXPY | Termination of patent right or utility model |