TW200837630A - Method for code execution - Google Patents
Method for code execution Download PDFInfo
- Publication number
- TW200837630A TW200837630A TW96150862A TW96150862A TW200837630A TW 200837630 A TW200837630 A TW 200837630A TW 96150862 A TW96150862 A TW 96150862A TW 96150862 A TW96150862 A TW 96150862A TW 200837630 A TW200837630 A TW 200837630A
- Authority
- TW
- Taiwan
- Prior art keywords
- volatile memory
- memory device
- virtual
- code
- software application
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
- Storage Device Security (AREA)
Abstract
Description
200837630 九、發明說明: 【發明所屬之技術領域】 本揭示㈣關於計算系統,且更特定而言,本揭示案係 關於程式碼執行。 【先前技術】 。十方系統(獨立的及連網的)為常見的。、網際網路已增加 了電子商務(其中計算系統之使用者進行上百萬次電子交 易)之風行度。風行度之此增加亦使得計算系統及使用者 資訊易受非法翻印者(有時稱之為”駭客,,)之攻擊。 操作系統為用於執行某些計算任務(諸如,管理輸入/輸 出任務、周邊裝置(例如’儲存裝置)及檔案系統)之電腦程 式。操作系統提供一軟體平臺,在該軟體平臺上寫入其他 軟體應用程式。軟體應用程式用於多種任務,包括(例如) 文字處理、電子郵件及網際網路㈣。某些常㈣ 包括 Windows®、Linux®、IBM⑧ ’、'、 1 Ub/2、MacOS、UNIX及 S - D O S 〇 似許多操作系統經由使用破壞性軟體程式(諸如’稱為電 細病毋@蛾、擊鍵記錄器及根套件之破壞性軟體程式) 而被非法翻印(或"被侵人",亦即,其經歷未授權使用或中 斷)。保護操作系統及總體應用程式碼執行為—挑戰。 應用程式將往往執行於多個操作系統或硬體 至,必須為每一不同環境/平臺建立用於一如 體應用程式之獨立程式碼。此為昂貴的且不良的_人 種有效之方法及系統來管理待用於不同硬體及軟^臺上 128115.doc 200837630 之軟體應用程式之程式碼。 【發明内容】 在一實施例中,提供一 ^ Μ ^ ^ ^ Α 喱非揮發性記憶體裝置。該非揮 I性纪憶體包含複數個 元之唯讀區段儲存:(a)b體早^丨中複數個記憶體單 ^ ^ ^ ^ ^ ;微操作系統之程式碼,該微操 糸、、充用於執行一虛擬 ^ _ , 1擎,(b)用於該虛擬引擎之程式 碼’该虛擬引擎提供一倔 (C)用;^、 機操作系統之虛擬環境; i" (c)用於虛擬刼作系統 瑗产由袖 > 式馬’該虛擬操作系統於該虛擬 %烷中執行;及(d)用於 ^ ^ ^ ^ m 、體應用程式之程式碼,其中該用 ;μ权體應用程式之程式 系統平臺中執行。 了 w虛擬朴中之不同主機 在另一實施例中,袒# ^ ^ h入 仏一種用於程式碼執行之系統。該 糸統包含:一主機古+筲 ^ ^ is ^ ^ ° ,、冼;及一非揮發性記憶體裝置, ^ ^ is ^ ^ 了刼作地耦接至該主機計算系統, δ亥非揮發性記憶體桊 L粒展置包含複數個記 個記憶體單元之唯續區Μ— 平π…f稷數 σ 又儲存··(a)用於微操作系統之程式 碼,该被操作系統用於執 ^ 仃虛擬引擎;(b)用於該虛擬引 擎之知式碼,該虛擬引壑 擎供一獨立於主機操作系統之虛 擬兄,(C)用於虛擬操作 /、乍糸、、先之私式碼,該虛擬操作系統 於该虛擬環境中勃;f千· η β ’及_於軟體應用程式之程式碼, 不同主機系統平臺;執彳;式W碼可於該虛擬環境中之 ==之又—實施例中,提供一種用於執行軟體應 用私式之方法。該方法包括·1測一主機操作系統,·借助 128115.doc 200837630 ㈣擎執行一虛擬操作系統,其中該虛擬操料統及 及虛擬引擎儲存於-非揮發性記憶體裝置中; 環境中執行一軟體應用程式,其中該軟體應用程式儲2 :::揮發性記憶體裝置中。該虛擬操作系統及該=: 私式獨立於該主機操作系統執行而執行。 … 乂 另一實施例中’提供—種用於執行-軟雜 =Γ方法包括:鏗定,至-主機系統 之=發性記憶體裝置;由該非揮發性記憶體裝置偵測—200837630 IX. DESCRIPTION OF THE INVENTION: TECHNICAL FIELD OF THE INVENTION [4] The present disclosure (4) relates to a computing system, and more particularly, the present disclosure relates to code execution. [Prior Art]. Ten-party systems (independent and networked) are common. The Internet has increased the popularity of e-commerce, in which millions of users of computing systems conduct millions of electronic transactions. This increase in popularity also makes computing systems and user information vulnerable to attacks by illicit reprinters (sometimes referred to as "hackers,"). The operating system is used to perform certain computing tasks (such as managing input/output). A computer program for tasks, peripheral devices (such as 'storage devices' and file systems). The operating system provides a software platform on which to write other software applications. The software application is used for a variety of tasks, including, for example, text. Processing, Email, and the Internet (4). Some often (4) include Windows®, Linux®, IBM8', ', 1 Ub/2, MacOS, UNIX, and S-DOS. Many operating systems use destructive software programs ( It is illegally reprinted (or "invaded", that is, it has been subjected to unauthorized use or interruption), such as 'destructive software programs called electric diseases, moths, keystroke loggers, and root suites. Protect the operating system and overall application code execution as a challenge. Applications will often be executed on multiple operating systems or hardware and must be built for each different environment/platform A separate application code for the application. This is an expensive and unfavorable method and system for managing the software application code for 128115.doc 200837630 on different hardware and software platforms. SUMMARY OF THE INVENTION In one embodiment, a non-volatile memory device is provided. The non-volatile memory device includes a plurality of elements of a read-only segment stored: (a) b body early ^ In the middle of a plurality of memory files ^ ^ ^ ^ ^ ; the code of the micro-operating system, the micro-manipulation, is used to execute a virtual ^ _, 1 engine, (b) the code for the virtual engine 'this The virtual engine provides a virtual environment for the (C); ^, machine operating system; i" (c) for the virtual production system, the production is performed by the sleeve > the horse's virtual operating system is executed in the virtual % alkane And (d) for the ^^^^m, the code of the body application, which is used in the program system platform of the μ-right application. The different hosts in the virtual pool are in another embodiment. ,袒# ^ ^ h into a system for code execution. The system contains:机古+筲^ ^ is ^ ^ ° , 冼; and a non-volatile memory device, ^ ^ is ^ ^ is coupled to the host computing system, δ hai non-volatile memory 桊 L grain The display includes a plurality of memory cells, and the contiguous area 平 平 ... 稷 稷 σ 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 储存 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于 用于(b) a knowledge code for the virtual engine, the virtual engine is provided for a virtual brother independent of the host operating system, and (C) is used for the virtual operation/, 乍糸, and the first private code. The virtual operating system is in the virtual environment; f 千 η β ' and _ software application code, different host system platform; stubborn; W code can be implemented in the virtual environment == In an example, a method for performing a software application private is provided. The method includes: 1 measuring a host operating system, and executing a virtual operating system by means of 128115.doc 200837630 (4), wherein the virtual operating system and the virtual engine are stored in a non-volatile memory device; A software application in which the software application is stored in a ::: volatile memory device. The virtual operating system and the =: private are executed independently of execution by the host operating system. ... 乂 In another embodiment, the 'provided' method for performing - soft Γ = Γ method includes: 铿, to - the host system = the memory device; detected by the non-volatile memory device -
由兮… 執仃—虛擬操作系統,A 中“虛擬刼作系統及該虛擬引擎儲存體 裝置之-唯讀區段中;及在一虛擬 揮體 2式唯:广該軟體應用程式儲存於該非揮發性記憶 之^•唯頃區段中。該虛擬操作系統及該軟體應用程式獨立 於5亥主機操作系統執行而執行。 2簡短概述並不意欲使本揭示案限於任何特定實施例。 二不案思欲涵盍由本文隨附之申請專利範圍所界 疋之b的物及所有等效物。 【實施方式】 :促解較佳實施例’將首先描述—計算系統/非揮 u 5己憶體儲存裝置之通用架構及操作。隨後 架構描述較佳實施例之特定架構及操作。 、> 、 圖以展示一典型計算系統(亦可稱為,,主機系统"或 1〇°的方塊圖’該計算系統⑽包括-中央處理單元 (CPU)(亦可稱為微處理器/處理器⑽,其可操作地輕接至 128115.doc 200837630 系統匯机排101B。隨機存取記憶體(ram) 1〇3使cpu 101此夠存取圯憶體儲存。當執行程式指令時,CPU 1〇1將 彼等處理步驟(程式碼)儲存於RAM 103中,並在RAM 103 外執行所儲存之處理步驟。 唯讀記憶體(ROM) 102用以儲存怪定指令序列,諸如, 起動指令序列或基本輸人/輸出操作系統(BI0S)序列。 輸入/輸出(1/0)裝置102A(諸如,鍵盤、指標裝置(滑By 仃... 仃 - virtual operating system, A "virtual production system and the virtual engine storage device - in the read-only section; and in a virtual swipe 2: only the software application is stored in the non- The virtual operating system and the software application are executed independently of the execution of the 5H host operating system. 2 The brief summary is not intended to limit the disclosure to any particular embodiment. The present invention is intended to cover the substance and all equivalents of the invention as defined by the scope of the appended claims. [Embodiment]: The preferred embodiment will be described first - the computing system / non-u The general architecture and operation of the memory storage device. The architecture then describes the specific architecture and operation of the preferred embodiment. , >, to illustrate a typical computing system (also referred to as, host system " or 1〇° Block diagram 'The computing system (10) includes a central processing unit (CPU) (also referred to as a microprocessor/processor (10) operatively spliced to 128115.doc 200837630 system hub 101B. Random Access Memory (ram) 1〇3 makes cp u 101 This is enough to access the memory. When executing the program instructions, the CPU 1〇1 stores the processing steps (codes) in the RAM 103, and executes the stored processing steps outside the RAM 103. A memory (ROM) 102 is used to store a sequence of strange instructions, such as a start command sequence or a basic input/output operating system (BIOS) sequence. Input/output (1/0) device 102A (such as a keyboard, indicator device ( slip
氣)、監視器、數據機及其類似物)亦用於接收輸人/輸出指 令0 主機系統100視需要經由網路介面l〇lA連接至一電腦網 路(未圖示)。一種該網路為網際網路,其允許主機系統100 下載應用程式、程式碼、文件及其他電子資訊。 主機系統100耦接至一非揮發性記憶體裝置(例如,快閃 。己L體衣置(或卡))105,㉟非揮發性記憶體裝置i 〇5包括一 ,制器模組106(亦可稱為”記憶、體控制器,,或”控㈣器,,)及固 恶記憶體模組(亦可稱其為單元陣列)1()7至1()8(展示為記憶 體模組#1及記憶體模组#n)。控制器模組1〇6經由一匯流排 面1〇4、直接經由系統匯流排1G1B或任何其他周邊匯流 排(未圖示)而與主機系統100介接。 〃非揮發性記憶體裝置105包括一處理器(展示為,,加密引 擎”)1〇6Α ’其執行多種加密功能(例如,加密及/或解密所 儲存之内容)。加密引擎106A亦可用於鑑定一非揮發^記 憶體裝置,如以下所描述。 在某些實施例中,非揮發性記憶體裝置為快閃記憶體裝 128115.doc 200837630The air system, the monitor, the data machine and the like are also used to receive the input/output commands. The host system 100 is connected to a computer network (not shown) via the network interface l〇1A as needed. One such network is the Internet, which allows the host system 100 to download applications, code, files, and other electronic information. The host system 100 is coupled to a non-volatile memory device (for example, a flash device), and the non-volatile memory device i 〇 5 includes a controller module 106 ( Can also be called "memory, body controller, or" control (four),,) and solid memory module (also known as cell array) 1 () 7 to 1 () 8 (shown as memory Module #1 and memory module #n). The controller module 1〇6 interfaces with the host system 100 via a busbar plane 1〇4, directly via the system busbar 1G1B or any other peripheral busbar (not shown). The non-volatile memory device 105 includes a processor (shown as, cryptographic engine) 1 〇 6 Α 'which performs various encryption functions (eg, encrypts and/or decrypts stored content). The encryption engine 106A can also be used Identifying a non-volatile memory device, as described below. In some embodiments, the non-volatile memory device is a flash memory device 128115.doc 200837630
目前有許多不同的市售快閃記憶體卡,實例為There are many different commercially available flash memory cards, examples are
CompactFlash(CF)、 Digital(SD) 、miniSDCompactFlash (CF), Digital (SD), miniSD
MultiMediaCard(MMC) 、 Secure Memory Stick、SmartMedia 及MultiMediaCard (MMC), Secure Memory Stick, SmartMedia and
TransFlash卡。儘管此等卡中之每—者具有—根據其標準 化規格之獨特機械及/或電子介面(例如,基於通用串列匯 流排(USB)規格之介面,其以引用之方式全文併入本文 中)’然而包括於每一卡中之快閃記憶體非常類似。此等 卡全部可自SanDisk〜。⑽叫本中請案之受讓人㈣ 得。TransFlash card. Although each of these cards has a unique mechanical and/or electronic interface according to its standardized specifications (eg, based on the Universal Serial Bus (USB) specification interface, which is incorporated herein by reference in its entirety) 'However, the flash memory included in each card is very similar. These cards are all available from SanDisk~. (10) Call the assignee of the case (4).
SanDisk Corporation亦提供一系列商標為的快閃 驅動器,其為小型封裝之手持式記憶體㈣,其具有通用 串列匯流排(USB)插頭,該插頭藉由插入一主機的usb插 座而與主機連接。此等記憶體卡及快閃驅動器中之每一者 。括U器’ 6亥等控制器與主機介接並控制在卡或驅動器 上的快閃記憶體的操作。 、使用該等記憶體卡及快閃驅動器之主機系統有許多且各 式各樣。其包括個人電腦(PC)、膝上型電腦及其他攜帶型 包細、蜂巢式電話、個人數位助理(pDA)、數位靜態相 機、數位電影攝影機及攜帶型音訊播放機。主機系統通常 包括一用於一或多個類型之記憶體卡或快閃驅動器之内建 式插座,但某些需要配接器(記憶體卡插入其中)。 目則,圯憶體單陣列1 〇7至1 08之NAND架構為較佳 的,然而亦可替代地使用諸如N〇R之其他架構。參考美國 專利第5,57M15號、第5,774,397號、第6』46,935號、、第 128115.doc 200837630 6,373,746 號、第 6,456,528 號、第 6,522,580 號、第 6,771,536號及第6,781,877號及美國專利申請公開案第 2003/0147278號,可獲得NAND快閃記憶體及其作為記憶 體系統之一部分之操作的實例。 本文所述之多種實施例並不限於前述結構。可使用多種 其他結構及記憶體類型,例如,在此揭示案之情況下,可 使用非揮發性記憶體裝置,諸如,一次可程式化記憶體裝 置或3D記憶體裝置,其可包括一單體三維記憶體陣列。在 三維記憶體陣列中,在沒有介入基板之情況下,多個記憶 體等級形成於一單一基板(諸如,晶圓)上。形成一個記憶 體等級之層直接沈積或生長於現有等級之層上。相比之 下’堆璺記憶體已藉由在獨立基板上形成記憶體等級並使 該等記憶體等級黏附於彼此頂上而建構(如Lee(jy的美國專 利弟 5,9 15,167號"Three dimensional structure memory丨丨中所 述)。可在黏接前使該等基板變薄或自記憶體等級移除該 專基板,但g A憶體專級最初形成於獨立基板上時,該等 記憶體並非真正的單體三維記憶體陣列。 圖1B展示控制器模組1〇6之内部架構的方塊圖。控制器 模組106包括一微控制器1〇9,該微控制器1〇9經由介面邏 輯111與多種其他組件介接。記憶體UG儲㈣體及/或軟 體指令,微控制器1〇9使用該等指令來控制非揮發性記憶 體/置之操作。5己憶體110可為揮發性可重新程式化隨 機存取記憶體(RAM)、不可重新程式化之非揮發性記憶體 (ROM) _人可程式化記憶體或可重新程式化快閃電可抹 128115.doc 11 200837630 除可程式化唯讀記憶體(EEPROM)。 械>M面113與主機系統1 〇 〇介接,而快閃介面Η 2與記 憶體模組107至108介接時。 圖1C展示系統100Α的方塊圖,其中非揮發性記憶體裝 置105經由一 USB介面1〇〇Β與主機系統1〇〇介接。在允許使 用者使用非揮發性兄憶體裝置前’ 一遠端伺服器1丨4鑑定 該非揮發性記憶體裝置1 05。 因此,在一實施例中,非揮發性記憶體裝置1〇5符合 USB規格(亦即,可經由一 uSB介面存取該非揮發性記憶體 105)。可使用基於標準USB之應用程式設計介面(Ap〖)來讀 取或寫入資料。 在主機100看來,非揮發性記憶體裝置1〇5具有具儲存空 間之複數個邏輯單元(LUN),且每一 LUN可為具不同類別 之儲存裝置的LUN。舉例而言,非揮發性記憶體裝置1〇5 可具有一標準大量儲存類別卷(LUN 0、107A)(其模擬8(:81 硬碟驅動器之行為)及一 MMC類別卷(LUN 1、i〇7B)(其模 擬CD-ROM之行為)兩者。 LUN 1 107B可儲存複數個軟體應用程式(116、圖1〇)、 一操作系統之一最小版本(Micro-OS)(l 1 5、圖ID)、用於一 虛擬引擎(120、圖1D)之程式碼,及其他資訊,如以下灸 看圖1D所討論。 隱藏區域107C受保全且在無適當鑑定之情況下不可用。 專屬API可用於存取隱藏區域l〇7C。在一態樣中,一受保 護(或受保全)區域意謂一唯讀且僅可由一適當的經鐘定之 128115.doc -12· 200837630 實體(例如,主機程式及其類似物)存取之區域。隱藏區域 107C可儲存裝置認證(118、圖m)及安全密鑰(119、圖a) 及其他程式碼,如以下關於圖1D所述。 應注意,儘管上文已描述主機系統1〇〇具有CPU、 ROM、RAM及其他組件,然而本揭示案之適應性態樣可 實施於一”瘦,,客戶端(亦即,具有有限計算能力之主機系 統)上。舉例而言,具有鍵盤、滑鼠、視訊卡、網路卡及 CPU之USB項取器/執行器可代替桌上型或筆記型電腦執行 儲存於非揮發性記憶體裝置丨〇 5上之任何程式碼/應用程 式。 圖1D展示可儲存於非揮發性記憶體裝置丨〇 5中並可根據 本揭示案之一態樣使用之複數個軟體組件。韌體117用於 控制非揮發性記憶體裝置105之總體操作並由控制器1〇6執 行。SanDisk Corporation also offers a range of branded flash drives, which are small-sized handheld memory (4) with a universal serial bus (USB) plug that is connected to the host by plugging into a host's usb socket. . Each of these memory cards and flash drives. The controller, such as the U-device, interfaces with the host and controls the operation of the flash memory on the card or the drive. There are many and various host systems that use these memory cards and flash drives. These include personal computers (PCs), laptops and other portable packages, cellular phones, personal digital assistants (PDAs), digital still cameras, digital cinema cameras and portable audio players. The host system typically includes a built-in socket for one or more types of memory cards or flash drives, but some require an adapter (the memory card is inserted therein). It is preferable that the NAND architecture of the single array 1 〇 7 to 1 08 is preferable, but other architectures such as N 〇 R may alternatively be used. Reference is made to U.S. Patent Nos. 5,57 M15, 5,774,397, 6,46,935, 128,115, doc, 2008, 376, 6, 373, 746, 6, 456, 528, 6, 522, 580, 6, 771, 536, and 6,781, 877, and U.S. Patents. In the application publication No. 2003/0147278, an example of the operation of the NAND flash memory and its operation as a part of the memory system can be obtained. The various embodiments described herein are not limited to the foregoing structures. A variety of other structures and memory types can be used, for example, in the case of this disclosure, non-volatile memory devices can be used, such as a one-time programmable memory device or a 3D memory device, which can include a single Three-dimensional memory array. In a three-dimensional memory array, multiple memory levels are formed on a single substrate (such as a wafer) without intervening the substrate. A layer forming a memory level is deposited or grown directly on the existing grade. In contrast, 'stacked memory has been constructed by forming memory levels on separate substrates and adhering the memory levels to each other's tops (eg Lee (Jy's US Patent No. 5,9 15,167 "Three The structure can be thinned or the substrate can be removed from the memory level before bonding, but the memory is initially formed on a separate substrate. The body is not a true monolithic three-dimensional memory array. Figure 1B shows a block diagram of the internal architecture of the controller module 1-6. The controller module 106 includes a microcontroller 〇9, which is via the microcontroller 〇9 The interface logic 111 is interfaced with a plurality of other components. The memory UG stores (four) body and/or software instructions, and the microcontroller 1〇9 uses the instructions to control the non-volatile memory/set operation. Volatile reprogrammable random access memory (RAM), non-reprogrammable non-volatile memory (ROM) _ human programmable memory or reprogrammable fast lightning wipeable 128115.doc 11 200837630 In addition to programmable read-only memory (EEPROM) The device > M-face 113 interfaces with the host system 1 and the flash interface Η 2 interfaces with the memory modules 107 to 108. Figure 1C shows a block diagram of the system 100, wherein the non-volatile memory device 105 The host system is interfaced via a USB interface. The non-volatile memory device 105 is authenticated by a remote server 1丨4 before allowing the user to use the non-volatile brother device. In one embodiment, the non-volatile memory device 1〇5 conforms to the USB specification (ie, the non-volatile memory 105 can be accessed via a uSB interface). A standard USB-based application design interface can be used (Ap </ br> to read or write data. In the view of the host 100, the non-volatile memory device 1 具有 5 has a plurality of logical units (LUNs) with storage space, and each LUN can be a different type of storage device For example, the non-volatile memory device 1〇5 can have a standard mass storage category volume (LUN 0, 107A) (the analog 8 (: 81 hard disk drive behavior) and one MMC category volume (LUN) 1, i〇7B) (which simulates the behavior of CD-ROM) LUN 1 107B can store a plurality of software applications (116, FIG. 1), one of the operating systems, a minimum version (Micro-OS) (l 1 5, figure ID), for a virtual engine (120, FIG. 1D) The code, and other information, as discussed below, is discussed in Figure 1D. The hidden area 107C is preserved and is not available without proper authentication. The proprietary API can be used to access the hidden area l〇7C. In one aspect, a protected (or protected) area means read-only and can only be accessed by an appropriate 128115.doc -12. 200837630 entity (eg, host program and the like). region. The hidden area 107C can store device authentication (118, Figure m) and security key (119, Figure a) and other code as described below with respect to Figure 1D. It should be noted that although the host system 1 has been described above as having a CPU, ROM, RAM, and other components, the adaptability of the present disclosure can be implemented in a "thin," client (ie, having limited computing power) On the host system, for example, a USB item/actuator with a keyboard, a mouse, a video card, a network card, and a CPU can be stored in a non-volatile memory device instead of a desktop or notebook computer. Any code/application on page 5. Figure 1D shows a plurality of software components that can be stored in non-volatile memory device 5 and can be used in accordance with one aspect of the present disclosure. The overall operation of the non-volatile memory device 105 is controlled and executed by the controller 1〇6.
Micro-OS 115為一操作系統之最小版本,亦即,與一標 準操作系統相比,其具有減少之功能。Micr〇_〇s ιΐ5用於 控制執行用於一虛擬引擎之程式碼的總體環境。可定製 MiCro_〇S 115以執行用於虛擬引擎之程式碼,如以下所描 述。Micro-OS可儲存於唯讀區段1〇76中(圖⑴)。 應用程式II6可為使用者可想要在不同硬體/軟體平臺上 執行之軟體應用程式。-個以上應用程式116可儲存於非 揮發性記憶體裝置1 05中。 應用程式116可包括一網路瀏覽器(例如,Firef〇/),使 用者使用其來瀏覽網站。網路瀏覽器可於任何連接至網際 128115.doc 200837630 網路之電腦上執行。網路瀏覽器接收請求並將其發送至一 網站飼服器,並自全球資訊網(www)(電腦之網路)獲取資 訊。網站伺服器為-程式,在接收到一請求後,其㈣請 求之資料發送至一請求使用者。 虛擬引擎(或虛擬機)(VE) 120包括用於提供虛擬環境之 私式碼。該虛擬環境提供一獨立於主機操作系統之軟體平 臺。在虛擬環境中執行之程式碼不受主機操作系統控制, 而由一在該虛擬環境内執行之虛擬操作系統控制。 VE 120亦包括用於在獨立於基本主機操作系統之虛擬環 境中執行之不同操作系統的可執行碼。Micr〇_〇s ιΐ5控制 VE 120之總體執行。 用於不同操作系統之程式碼塊展示為V〇s 1、yog〕、 VOS3及VOSn。VOS1可用於執行基KWind〇ws⑧之操作系 統,VOS2可用於Linux操作系統,v〇S2可用於基於υκ[χ 之操作系統等等。操作系統特定程式碼(v〇sl至v〇s㈡在 一獨立於主機系統100操作系統的虛擬環境中執行。ve 120允許使用者在不同硬體/軟體平臺上使用非揮發性記憶 體裝置105。 可使用不同類型之虛擬引擎12〇來實施本揭示案之適應 性態樣。舉例而言,可使用可自VMware c〇rp〇rati〇n購得 之 VMWare Player 及 VMWare Ace ;可自 Micros〇ftMicro-OS 115 is the smallest version of an operating system, i.e., has a reduced functionality compared to a standard operating system. Micr〇_〇s ιΐ5 is used to control the overall environment in which the code for a virtual engine is executed. The MiCro_〇S 115 can be customized to execute the code for the virtual engine, as described below. The Micro-OS can be stored in the read-only section 1〇76 (Fig. (1)). Application II6 is a software application that users can want to execute on different hardware/software platforms. More than one application 116 can be stored in the non-volatile memory device 105. The application 116 can include a web browser (e.g., Firef(R)/) that the user uses to browse the website. The web browser can be executed on any computer connected to the Internet 128115.doc 200837630 network. The web browser receives the request and sends it to a web server, and obtains information from the World Wide Web (www) (the computer's network). The web server is a program, and after receiving a request, the information of the (4) request is sent to a requesting user. The virtual engine (or virtual machine) (VE) 120 includes a private code for providing a virtual environment. The virtual environment provides a software platform that is independent of the host operating system. The code executed in the virtual environment is not controlled by the host operating system and is controlled by a virtual operating system executing within the virtual environment. The VE 120 also includes executable code for different operating systems executing in a virtual environment independent of the base host operating system. Micr〇_〇s ιΐ5 controls the overall execution of the VE 120. The code blocks for different operating systems are shown as V〇s 1, yog], VOS3, and VOSn. VOS1 can be used to implement the operating system of the base KWind〇ws8, VOS2 can be used for the Linux operating system, and v〇S2 can be used for operating systems based on υκ[χ. The operating system specific code (v〇sl to v〇s (2) is executed in a virtual environment independent of the operating system of the host system 100. The ve 120 allows the user to use the non-volatile memory device 105 on different hardware/software platforms. Different types of virtual engines can be used to implement the adaptive aspects of the present disclosure. For example, VMWare Player and VMWare Ace available from VMware c〇rp〇rati〇n can be used; available from Micros〇ft
Corporation購得之Virtualpc及其他。應注意,可儲存一個 以上虛擬引擎且其可用於應用程式執行。此將使非法侵權 者難以闖入操作系統,因為病毒或其他破壞性軟體將需連 128115.doc •14- 200837630 接(hook)至用於兩個或兩個以上之虛擬引擎而非一個虛擬 引擎之低級支援。 在鑑定階段期間,非揮發性記憶體裝置1 〇5使用裝置認 證11 8,如以下所述。 安全密鑰119可用於產生一次密碼以鑑定一使用者/裝 置。使用標準或專屬加密技術,加密引擎1 〇6a可使用安全 密鑰119來加密所儲存之内容。 提供虛擬專用網路(VPN)程式碼121以促進VPN連接,如 以下所述。限制對VPN程式碼121之存取(藉由儲存於ίυΝ 1 (107B)中,圖1C)以使得難以非法翻印或闖入一虛擬連 應注意’用於複數個軟體組件(Micro-〇S 115、應用程式 116、韌體117、裝置認證ns、安全密鑰119、虛擬引擎 120及VPN程式碼122)之可執行碼可儲存於保全區段1〇7C 中或唯讀區段107B中。此外,用於複數個組件之可執行碼 可分叉並部分地儲存於唯讀區段丨〇7B及保全區段丨〇7c 中。 圖2展示本揭示案之一態樣中之用於保護操作系統/應用 程式執行的處理流程圖。處理起始於步驟S2〇〇,此時非揮 發性記憶體裝置105耦接至偵測非揮發性記憶體裝置1〇5之 主機系統100。現今大多數主機系統具有一,,隨插即用,,選 項,只要裝置插入便可偵測得到。韌體117或硬體(未圖示) 偵測於主機系統100上執行之操作系統的類型。 在偵測到主機操作系統後,在步驟S2〇2中,鑑定非揮發 128115.doc -15- 200837630 性記憶體裝置1 05及使用該裝置之使用者。在一態樣中, 伺服為114使用裝置認證丨18鑑定非揮發性記憶體裝置 105。可使用標準或專屬技術來鑑定非揮發性記憶體裝置 105。舉例而言,可使用公鑰基礎建設(ρκι)認證(例如, 118)來鑑定非揮發性記憶體裝置1〇5。在允許使用非揮發 性記憶體裝置105之使用者存取非揮發性記憶體裝置 前,該使用者亦可必須鑑定其自纟。此可藉由使用一獨特 的使用者特定密碼而執行,該使用者特定密碼藉由使用安 全密鑰119而產生。可使用加密引擎1〇6八來鑑定非揮發性 記憶體裝置105及使用者。步驟S2〇2試圖防止對非揮發性 記憶體裝置105之未授權使用。 在步驟S204中,非揮發性記憶體裝置1〇5將用於一虛擬 機之程式碼(VOS1、V0S2、V0S3 或 v〇Sn)載入 ram 1〇3 中。在本揭示案之一態樣中,控制器1〇6可執行虛擬引擎 程式碼120以初始化一虛擬環境。在另一態樣中,虛擬引 擎程式碼120執行可分開,使得一個程式碼區段由主機 CPU (101、K 1A)執行,而另一區段由非揮發性記憶體裝 置1 〇 5執行。此使得非法翻印或侵入變得困難。 在初始化虛擬引擎程式碼120後,在一獨立於主機操作 系統之虛擬環境中執行所有其他應用程式/程式碼(例如, 應用程式116)。 在步驟S206,主機系統100開放一至一企業伺服器或閘 道器(未圖示)之虛擬專用網路(VPN)連接(未圖示)。網路連 接之性質將視連接而定,例如,該連接係連接至一網站伺 128115.doc • 16 - 200837630 服器抑或係連接至區域網路。可使用VPN程式碼121來開 放VPN連接。 在步驟S208,在適當之虛擬操作系統環境中執行應用程 式116。應用程式116於一由虛擬引擎12〇控制之獨立於主 機操作系統之虛擬環境中執行。因此,難以闖入(侵入)應 用程式116執行。Virtualpc and others purchased by Corporation. It should be noted that more than one virtual engine can be stored and used for application execution. This will make it difficult for illegal infringers to break into the operating system, because viruses or other destructive software will need to be connected to 128115.doc •14- 200837630 for two or more virtual engines instead of one virtual engine. Low level support. During the authentication phase, the non-volatile memory device 1 〇 5 uses device authentication 11 8 as described below. Security key 119 can be used to generate a password to authenticate a user/device. Using standard or proprietary encryption techniques, encryption engine 1 〇 6a can use secure key 119 to encrypt the stored content. A virtual private network (VPN) code 121 is provided to facilitate VPN connections, as described below. Restrict access to the VPN code 121 (by being stored in ίυΝ 1 (107B), Figure 1C) to make it difficult to illegally reprint or break into a virtual connection. Note for multiple software components (Micro-〇S 115, The executable code of the application 116, the firmware 117, the device authentication ns, the security key 119, the virtual engine 120, and the VPN code 122) may be stored in the security section 1-7C or the read-only section 107B. In addition, the executable code for the plurality of components can be forked and partially stored in the read-only section 丨〇 7B and the security section 丨〇 7c. Figure 2 illustrates a process flow diagram for protecting an operating system/application execution in one aspect of the present disclosure. The process begins in step S2, where the non-volatile memory device 105 is coupled to the host system 100 that detects the non-volatile memory device 1〇5. Most host systems today have one, plug and play, and options that can be detected as long as the device is plugged in. The firmware 117 or hardware (not shown) detects the type of operating system executing on the host system 100. After detecting the host operating system, in step S2〇2, the non-volatile 128115.doc -15-200837630 memory device 105 and the user using the device are identified. In one aspect, the servo identifies the non-volatile memory device 105 using device authentication 丨18. Standard or proprietary techniques can be used to identify the non-volatile memory device 105. For example, public key infrastructure (pκι) authentication (eg, 118) can be used to identify non-volatile memory devices 1〇5. The user may also have to authenticate himself or herself before allowing the user of the non-volatile memory device 105 to access the non-volatile memory device. This can be performed by using a unique user specific password generated by using the security key 119. The cryptographic engine 106 can be used to identify the non-volatile memory device 105 and the user. Step S2〇2 attempts to prevent unauthorized use of the non-volatile memory device 105. In step S204, the non-volatile memory device 1〇5 loads the code for a virtual machine (VOS1, V0S2, V0S3 or v〇Sn) into the ram 1〇3. In one aspect of the present disclosure, controller 1-6 can execute virtual engine code 120 to initialize a virtual environment. In another aspect, the virtual engine code 120 is detachable such that one code segment is executed by the host CPU (101, K 1A) and the other segment is executed by the non-volatile memory device 1 〇 5. This makes illegal copying or intrusion difficult. After initializing the virtual engine code 120, all other applications/codes (e.g., application 116) are executed in a virtual environment separate from the host operating system. In step S206, the host system 100 opens a virtual private network (VPN) connection (not shown) of one to one enterprise server or gateway (not shown). The nature of the network connection will depend on the connection, for example, the connection to a website 128115.doc • 16 - 200837630 or connected to the local area network. VPN code 121 can be used to open a VPN connection. At step S208, application 116 is executed in a suitable virtual operating system environment. The application 116 executes in a virtual environment independent of the host operating system controlled by the virtual engine 12A. Therefore, it is difficult to break into (invade) the application 116 to execute.
在本揭示案之一態樣中,寫入用於應用程式116之程式 碼以便可在一可獨立於一主機系統操作系、统的虛擬環境中 執仃該程式碼。因此,無需用於不同操作系統及平臺之應 用耘式1 16之不同版本。此減少程式碼開發/維護之總成 〇 在本揭示案之另 、 街奶座擬W擎120及/您用$ 式116儲存於非揮發性記憶體裝置105之唯讀區段(例如, 咖(或107C))中’因此難以對其進行非法翻印。 在本揭示案之又-態樣中,向使用者提供一保全環境以 在不改變總體使用者經驗之情況下進行電子商務交易,例 ▲銀订乂易。一旦連接非揮發性記憶體裝置105並開創 擬環境後,使用者便可在最小非法翻印風險之情況下 間單地導航至一網站。 梦=上文參考目前認為較佳之實施例描述了本揭示案, 荦?:瞭解’本揭示案並不限於上述内容。㈣,本揭示 ==隨附申請專利範圍之精神及範脅内之多種修 口又及4效配置。 【圖式簡單說明】 128115.doc 200837630 圖1A展示一實施例之計算系統的方塊圖; 實施例之系 圖1Β展示圖ία中之記憶體控制器的方塊圖; 圖1C展示用於鑑定非揮發性記憶體裝置之一 ’ 統的頂層方塊圖; 圖1D展示一實施例之軟體架構的方塊圖;及 圖2展示一實施例的處理流程圖。 【主要元件符號說明】 100 計算系統/主機 100Α 系統 100Β USB介面 101 處理器/中央處理單元(CPU) 101Α 網路介面 101Β 系統匯流排 102 唯讀記憶體(ROM) 102Α 輸入輸出(I/O)裝置 103 隨機存取記憶體(RAM) 104 匯流排介面 105 非揮發性記憶體裝置 106 控制器模組 106Α 加密引擎 107 記憶體模組 107Α 大量儲存類別卷 107Β MMC類別卷 107C Βέ藏區域 128115.doc -18 - 200837630 108 記憶體模組 109 微控制器 110 記憶體 111 介面邏輯 112 快閃介面 113 主機介面 114 伺服器 115 微操作糸統 116 應用程式 117 韌體 118 裝置認證 119 安全密鑰 120 虛擬引擎 121 虛擬專用網路(VPN)程式碼 ί 128115.doc -19-In one aspect of the present disclosure, the code for the application 116 is written so that the code can be executed in a virtual environment that is independent of a host system operating system. Therefore, different versions of the application 1 16 for different operating systems and platforms are not required. The reduced code development/maintenance assembly is stored in the read-only section of the non-volatile memory device 105 (eg, coffee). (or 107C)) 'It is therefore difficult to illegally reprint it. In a further aspect of the present disclosure, the user is provided with a security environment to conduct e-commerce transactions without changing the overall user experience, such as ▲ silver ordering. Once the non-volatile memory device 105 is connected and the environment is created, the user can navigate to a website with minimal piracy risk. Dream = The present disclosure has been described above with reference to what is presently preferred, 荦? : Understanding 'This disclosure is not limited to the above. (4) This disclosure == The spirit of the scope of the patent application and the various modifications and four-effect configurations in the scope of the patent application. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1A is a block diagram of a computing system of an embodiment; FIG. 1A shows a block diagram of a memory controller in FIG. 1A; FIG. 1C shows a non-volatile method for identifying A top-level block diagram of one of the memory devices; FIG. 1D shows a block diagram of a software architecture of an embodiment; and FIG. 2 shows a process flow diagram of an embodiment. [Main component symbol description] 100 Computing system/host 100Α System 100Β USB interface 101 Processor/Central processing unit (CPU) 101Α Network interface 101Β System bus 102 Read-only memory (ROM) 102Α Input/output (I/O) Device 103 Random Access Memory (RAM) 104 Bus Interface 105 Non-volatile Memory Device 106 Controller Module 106Α Encryption Engine 107 Memory Module 107Α Mass Storage Category Volume 107Β MMC Category Volume 107C Storage Area 128115.doc -18 - 200837630 108 Memory Module 109 Microcontroller 110 Memory 111 Interface Logic 112 Flash Interface 113 Host Interface 114 Server 115 Micro Operation System 116 Application 117 Firmware 118 Device Authentication 119 Security Key 120 Virtual Engine 121 Virtual Private Network (VPN) Code ί 128115.doc -19-
Claims (1)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US11/618,519 US7890723B2 (en) | 2006-12-29 | 2006-12-29 | Method for code execution |
| US11/618,526 US7890724B2 (en) | 2006-12-29 | 2006-12-29 | System for code execution |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW200837630A true TW200837630A (en) | 2008-09-16 |
| TWI367449B TWI367449B (en) | 2012-07-01 |
Family
ID=39272933
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW096150862A TWI367449B (en) | 2006-12-29 | 2007-12-28 | Non-volatile memory device, system for code execution, and method for code execution |
Country Status (2)
| Country | Link |
|---|---|
| TW (1) | TWI367449B (en) |
| WO (1) | WO2008083168A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI609272B (en) * | 2016-06-24 | 2017-12-21 | 阿貝爾環球國際有限公司 | Terminal device and terminal operating system thereof and cloud device and cloud operating system thereof |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| GB0205751D0 (en) * | 2002-03-12 | 2002-04-24 | James Barry E | Improvements relating to memory devices |
| CN1648863A (en) * | 2005-03-07 | 2005-08-03 | 优网通国际资讯股份有限公司 | Portable software application method |
| US8887295B2 (en) * | 2005-06-27 | 2014-11-11 | Safend Ltd. | Method and system for enabling enterprises to use detachable memory devices that contain data and executable files in controlled and secure way |
-
2007
- 2007-12-26 WO PCT/US2007/088839 patent/WO2008083168A1/en active Application Filing
- 2007-12-28 TW TW096150862A patent/TWI367449B/en not_active IP Right Cessation
Also Published As
| Publication number | Publication date |
|---|---|
| TWI367449B (en) | 2012-07-01 |
| WO2008083168A1 (en) | 2008-07-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10931451B2 (en) | Securely recovering a computing device | |
| JP5900911B2 (en) | File system access for one or more sandboxed applications | |
| JP4971466B2 (en) | Secure boot of computing devices | |
| US9015848B2 (en) | Method for virtualizing a personal working environment and device for the same | |
| US8930713B2 (en) | System and method for general purpose encryption of data | |
| JP4709992B2 (en) | Authentication password storage method, generation method, user authentication method, and computer | |
| EP2389645B1 (en) | Removable memory storage device with multiple authentication processes | |
| US7890723B2 (en) | Method for code execution | |
| TWI420879B (en) | Anti-hack protection to restrict installation of operating systems and other software | |
| US9098727B2 (en) | System and method for recovering from an interrupted encryption and decryption operation performed on a volume | |
| US9135471B2 (en) | System and method for encryption and decryption of data | |
| US20130081124A1 (en) | Trusting an unverified code image in a computing device | |
| US20140115316A1 (en) | Boot loading of secure operating system from external device | |
| US20120278597A1 (en) | Compatible trust in a computing device | |
| US10776095B2 (en) | Secure live media boot system | |
| CN103299311A (en) | Methods and apparatus for trusted boot optimization | |
| US20060004974A1 (en) | Portable non-volatile memory device and method for preventing unauthorized access to data stored thereon | |
| US20090013165A1 (en) | Portable usb device that boots a computer as a server | |
| US8856550B2 (en) | System and method for pre-operating system encryption and decryption of data | |
| US20060080540A1 (en) | Removable/detachable operating system | |
| US7890724B2 (en) | System for code execution | |
| TW200837630A (en) | Method for code execution | |
| US20090125998A1 (en) | Systems, methods and devices for secure remote-access computing | |
| CN114780929A (en) | Electronic equipment and processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |