TWI391945B - Memory system with in stream data encryption/decryption and error correction and method for correcting data in the memory system - Google Patents

Memory system with in stream data encryption/decryption and error correction and method for correcting data in the memory system Download PDF

Info

Publication number
TWI391945B
TWI391945B TW094145661A TW94145661A TWI391945B TW I391945 B TWI391945 B TW I391945B TW 094145661 A TW094145661 A TW 094145661A TW 94145661 A TW94145661 A TW 94145661A TW I391945 B TWI391945 B TW I391945B
Authority
TW
Taiwan
Prior art keywords
data
buffer
errors
buffers
volatile memory
Prior art date
Application number
TW094145661A
Other languages
Chinese (zh)
Other versions
TW200641911A (en
Inventor
Micky Holtzman
Baruch Boris Cohen
Islam Muhammed Rijwane Ul
Matthew Davidson
Original Assignee
Sandisk Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US11/313,447 external-priority patent/US20060239450A1/en
Priority claimed from US11/313,428 external-priority patent/US8396208B2/en
Application filed by Sandisk Technologies Inc filed Critical Sandisk Technologies Inc
Publication of TW200641911A publication Critical patent/TW200641911A/en
Application granted granted Critical
Publication of TWI391945B publication Critical patent/TWI391945B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/08Error detection or correction by redundancy in data representation, e.g. by using checking codes
    • G06F11/10Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's
    • G06F11/1008Adding special bits or symbols to the coded information, e.g. parity check, casting out 9's or 11's in individual solid state devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Quality & Reliability (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)
  • Detection And Correction Of Errors (AREA)
  • Storage Device Security (AREA)

Abstract

The throughput of the memory system is improved where error correction of data in a data stream is cryptographically processed with minimal involvement of any controller. To perform error correction when data from the memory cells are read, the bit errors in the data in the data stream passing between the cells and the cryptographic circuit are corrected prior to any cryptographic process performed by the circuit. Preferably the error correction occurs in one or more buffers employed to buffer the data between the cryptographic circuit and the memory where latency is reduced by using multiple buffers.

Description

具有內串流資料加密及解密與誤差校正之記憶體系統及用以校正在該記憶體系統中之資料的方法Memory system with internal stream data encryption and decryption and error correction and method for correcting data in the memory system

本發明大體上係關於記憶體系統,且詳言之係關於具有內串流資料加密及解密與誤差校正之記憶體系統。The present invention relates generally to memory systems and, more particularly, to memory systems having internal stream data encryption and decryption and error correction.

移動設備市場正在包括內容儲存以便藉由產生更多資料交換來增加平均收益的方向上發展。此意謂當內容儲存於一移動設備中時其必須受到保護。The mobile device market is including content storage to grow in the direction of increasing average revenue by generating more data exchanges. This means that content must be protected when it is stored on a mobile device.

攜帶型儲存設備已市售多年。其自一計算設備傳送資料至另一計算設備或用以儲存備份資料。更尖端攜帶型儲存設備,諸如攜帶型硬碟驅動、攜帶型快閃記憶體碟及快閃記憶卡,包括一用於控制儲存管理之微處理器。Portable storage devices have been commercially available for many years. It transfers data from one computing device to another computing device or to store backup data. More sophisticated portable storage devices, such as portable hard drive, portable flash memory and flash memory cards, include a microprocessor for controlling storage management.

為了保護儲存於攜帶型儲存設備中之內容,通常加密所儲存之資料且僅允許經授權使用者解密該資料。In order to protect the content stored in the portable storage device, the stored data is typically encrypted and only authorized users are allowed to decrypt the data.

因為在儲存於攜帶型儲存設備中之資料中可存在位元誤差,所以需要使用誤差校正。用於誤差校正之當前方案可能與具有密碼能力之攜帶型儲存設備不相容。因此需要提供一種其中減輕該等困難的經改良之局部儲存設備。Since bit errors can exist in the data stored in the portable storage device, error correction is required. Current solutions for error correction may be incompatible with cryptographically capable portable storage devices. There is therefore a need to provide an improved local storage device in which these difficulties are alleviated.

儲存於記憶體單元中之資料可含有由於若干原因而造成之誤差。因此當讀取來自該等記憶體單元之資料時執行誤差校正係普遍的。誤差校正亦可偵測在資料串流中之該等誤差的位置。藉由一電路來執行之密碼處理可改變在資料串流中之該等位元的位置,使得若當執行此等處理時未校正在資料串流中之該等位元誤差,則在該等處理之後該等位元誤差之位置的資訊將不再正確,使得在執行該等密碼處理之後可不再有可能進行誤差校正。因此本發明之一態樣基於此共識:在藉由該電路執行之任何加密處理之前,較佳地校正經過該等單元與該密碼電路之間之資料串流中之資料中的位元誤差。較佳地,在藉由該電路之資料密碼處理之前,使用至少一緩衝器以儲存在經過該等單元與該電路之間之資料串流中的資料且校正儲存於該緩衝器中並來源於該等單元之資料中的任一誤差或多個誤差。The data stored in the memory unit can contain errors due to several reasons. It is therefore common to perform error correction when reading data from such memory cells. Error correction can also detect the location of such errors in the data stream. The cryptographic processing performed by a circuit can change the position of the bits in the data stream such that if the bit errors in the data stream are not corrected when performing such processing, then The information of the position of the bit error after processing will no longer be correct, so that error correction is no longer possible after performing the cryptographic processing. Thus, one aspect of the present invention is based on the consensus that the bit error in the data in the data stream between the elements and the cryptographic circuit is preferably corrected prior to any encryption processing performed by the circuit. Preferably, at least one buffer is used to store data in the data stream passing between the units and the circuit and the correction is stored in the buffer and derived from the data cryptographic processing of the circuit. Any error or multiple errors in the data of these units.

藉由圖1之方塊圖來說明一例示性記憶體系統,其中可實現本發明之各種態樣。如圖1中所示,記憶體系統10包括一中央處理單元(CPU)12、一緩衝器管理單元(BMU)14、一主機介面模組(HIM)16及一快閃介面模組(FIM)18、一快閃記憶體20及一周邊通道模組(PAM)22。記憶體系統10經由一主機介面匯流排26及埠26a與一主機設備24通信。可為NAND(反及)型之快閃記憶體20為主機設備24提供資料儲存。用於CPU 12之軟體程式碼亦可儲存於快閃記憶體20中。FIM 18經由一快閃介面匯流排28及埠28a連接至快閃記憶體20。HIM 16適合於連接至一主機系統,如一數位相機、個人電腦、個人數位助理(PDA)、數位媒體播放器、MP3播放器及蜂巢式電話或其它數位設備。周邊通道模組22選擇諸如FIM、HIM及BMU之合適之控制模組,以用於與CPU 12通信。在一實施例中,在虛線框內之系統10之所有組件可封閉至單一單元(諸如記憶卡或記憶棒)10'中且較佳地密封至卡或棒中。An exemplary memory system is illustrated by the block diagram of FIG. 1, in which various aspects of the present invention can be implemented. As shown in FIG. 1, the memory system 10 includes a central processing unit (CPU) 12, a buffer management unit (BMU) 14, a host interface module (HIM) 16, and a flash interface module (FIM). 18. A flash memory 20 and a peripheral channel module (PAM) 22. The memory system 10 communicates with a host device 24 via a host interface bus 26 and port 26a. The NAND (reverse) type flash memory 20 can be used to provide data storage for the host device 24. The software code for the CPU 12 can also be stored in the flash memory 20. The FIM 18 is coupled to the flash memory 20 via a flash interface bus 28 and port 28a. The HIM 16 is suitable for connection to a host system such as a digital camera, personal computer, personal digital assistant (PDA), digital media player, MP3 player, and cellular telephone or other digital device. The peripheral channel module 22 selects suitable control modules such as FIM, HIM, and BMU for communication with the CPU 12. In one embodiment, all of the components of system 10 within the dashed box can be enclosed into a single unit (such as a memory card or memory stick) 10' and preferably sealed into a card or wand.

緩衝器管理單元14包括一主機直接記憶存取(HDMA)32、一快閃直接記憶存取(FDMA)控制器34、一仲裁器36、一緩衝器隨機存取記憶體(BRAM)38及一密碼引擎40。仲裁器36為一共用匯流排仲裁器,使得在任何時間僅一主控器或啟動器(其可為HDMA 32、FDMA 34或CPU 12)可為主動的,且受控器或目標為BRAM 38。該仲裁器負責引導合適之啟動器請求至BRAM 38。HDMA 32及FDMA 34負責在HIM 16、FIM 18與BRAM 38或CPU隨機存取記憶體(CPU RAM)12a之間傳輸資料。HDMA 32及FDMA 34之操作為習知的且無需在本文中詳細描述。使用BRAM 38來緩衝經過主機設備24、快閃記憶體20與CPU RAM 12a之間的資料。HDMA 32及FDMA 34負責在HIM 16/FIM 18與BRAM 38或CPU RAM 12a之間傳送資料且負責指示扇區傳送完成。如以下所述,當發現誤差時FIM 18亦具有偵測自快閃記憶體20讀取之資料中之誤差且通知CPU 12的能力。The buffer management unit 14 includes a host direct memory access (HDMA) 32, a flash direct memory access (FDMA) controller 34, an arbiter 36, a buffer random access memory (BRAM) 38, and a Password engine 40. The arbiter 36 is a shared bus arbiter such that only one master or initiator (which may be HDMA 32, FDMA 34 or CPU 12) may be active at any time, and the slave or target is BRAM 38 . The arbiter is responsible for directing the appropriate initiator request to the BRAM 38. HDMA 32 and FDMA 34 are responsible for transferring data between HIM 16, FIM 18 and BRAM 38 or CPU random access memory (CPU RAM) 12a. The operation of HDMA 32 and FDMA 34 is conventional and need not be described in detail herein. The BRAM 38 is used to buffer data passing between the host device 24, the flash memory 20, and the CPU RAM 12a. The HDMA 32 and FDMA 34 are responsible for transferring data between the HIM 16/FIM 18 and the BRAM 38 or the CPU RAM 12a and are responsible for indicating the completion of the sector transfer. As described below, the FIM 18 also has the ability to detect errors in the data read from the flash memory 20 and to notify the CPU 12 when an error is found.

首先,當藉由主機設備24讀取來自快閃記憶體20之資料時,經由匯流排28、FIM 18、FDMA 34、密碼引擎40來取出在記憶體20中之經加密資料,其中解密該經加密資料且儲存其於BRAM 38中。然後將該經解密資料自BRAM 38經由HDMA 32、HIM 16、匯流排26發送至主機設備24。在將其傳遞至HDMA 32之前可經由加密引擎40來再次加密取自BRAM 38的資料,使得發送至主機設備24的資料再次加密,但此加密係藉由一與彼等藉此解密儲存於記憶體20之資料的密鑰/或演算法相比不同之密鑰及/或演算法來進行。較佳地,且在一替代實施例中,不是在上述處理中將經解密資料儲存於BRAM 38中,其中資料可變成易受未授權訪問攻擊,而是可在將其發送至BRAM 38之前藉由密碼引擎40再次解密並加密來自記憶體20之資料。然後將在BRAM 38中之經加密資料如以前一樣發送至主機設備24。此說明在一讀取處理期間之資料串流。First, when the data from the flash memory 20 is read by the host device 24, the encrypted data in the memory 20 is retrieved via the bus bar 28, the FIM 18, the FDMA 34, and the cryptographic engine 40, wherein the decrypted data is decrypted. The data is encrypted and stored in BRAM 38. The decrypted data is then sent from the BRAM 38 to the host device 24 via the HDMA 32, the HIM 16, and the bus 26 . The data taken from the BRAM 38 can be re-encrypted via the encryption engine 40 before being passed to the HDMA 32, so that the data sent to the host device 24 is encrypted again, but the encryption is stored in the memory by a decryption with them. The key/or algorithm of the data of the volume 20 is compared to a different key and/or algorithm. Preferably, and in an alternate embodiment, the decrypted material is not stored in the BRAM 38 in the process described above, wherein the data may become susceptible to unauthorized access attacks, but may be borrowed prior to being sent to the BRAM 38. The data from the memory 20 is decrypted and encrypted again by the cryptographic engine 40. The encrypted data in BRAM 38 is then sent to host device 24 as before. This illustrates the data stream during a read process.

當藉由主機設備24將資料寫入至記憶體20時,倒轉該資料串流之方向。舉例而言,若藉由主機設備來發送未加密資料,其經由匯流排26、HIM 16、HDMA 32至密碼引擎40,則可在資料儲存於BRAM 38中之前藉由引擎40來加密該資料。或者,可將未加密資料儲存於BRAM 38中。然後在將其發送至FDMA 34之前至記憶體20之途中加密該資料。其中所寫入資料經受多級密碼處理,較佳地,在將所處理資料儲存於BRAM 38中之前引擎40完成此處理。When the data is written to the memory 20 by the host device 24, the direction of the data stream is reversed. For example, if the unencrypted material is sent by the host device via the bus 26, the HIM 16, and the HDMA 32 to the cryptographic engine 40, the data can be encrypted by the engine 40 before the data is stored in the BRAM 38. Alternatively, unencrypted material can be stored in BRAM 38. The data is then encrypted on the way to the memory 20 before being sent to the FDMA 34. The data written therein is subjected to multi-level cryptographic processing. Preferably, engine 40 performs this processing before storing the processed data in BRAM 38.

當圖1中之記憶體系統10含有一快閃記憶體時,該系統可或者替換為包含另一類型非揮發性記憶體,諸如磁碟、光學CD以及可重寫非揮發性記憶體系統之所有其它類型,且上述各種優點將同樣應用於該替代實施例。在該替代實施例中,亦較佳地將該記憶體連同該記憶體系統之剩餘組件一起密封至同一實體(諸如一記憶卡或棒)中。When the memory system 10 of FIG. 1 contains a flash memory, the system can be replaced by another type of non-volatile memory, such as a magnetic disk, an optical CD, and a rewritable non-volatile memory system. All other types, and the various advantages described above, will apply equally to this alternative embodiment. In this alternative embodiment, the memory is also preferably sealed to the same entity (such as a memory card or stick) along with the remaining components of the memory system.

誤差校正Error correction

儲存於一非揮發性(例如,快閃)記憶體中之資料可遭受破壞且含有誤差。為此,FIM 18可含有一誤差校正(ECC)電路102,該誤差校正電路102偵測來自記憶體20之資料串流的哪個位元或哪些位元含有誤差,包括在位元串流中之誤差的位置。此將在圖2中說明,圖2為一用以說明本發明之另一態樣之一記憶體系統100的方塊圖。當在該位元串流中偵測出誤差時FIM 18發送一中斷訊號至CPU 12,且電路102將關於誤差中位元之位置的資訊發送至CPU 12。在無密碼特徵之習知記憶體系統中,將藉由CPU在BRAM 38中校正該等誤差。然而,若在進行校正之前首先以密碼方式處理來自資料串流之資料,則密碼處理可導致在所處理之資料串流中之資料位元的位置及/或值發生改變,使得在密碼處理之後的位元誤差之位置及/或值可與藉由電路102發送至CPU 12之彼等資料之位元誤差的位置及/或值不同。此可使當以密碼方式所處理之資料到達BRAM 38時校正該等誤差變為不可能。本發明之一態樣源自以下共識:在將資料以密碼方式處理之前校正所偵測之誤差可使得避免此問題。Data stored in a non-volatile (eg, flash) memory can be subject to damage and contain errors. To this end, the FIM 18 can include an error correction (ECC) circuit 102 that detects which bit or bits of the data stream from the memory 20 contain errors, including in the bit stream. The location of the error. This will be illustrated in Figure 2, which is a block diagram of a memory system 100 for illustrating another aspect of the present invention. The FIM 18 sends an interrupt signal to the CPU 12 when an error is detected in the bit stream, and the circuit 102 transmits information regarding the position of the bit in the error to the CPU 12. In conventional memory systems without cryptographic features, the errors are corrected in the BRAM 38 by the CPU. However, if the data from the data stream is first cryptographically processed prior to the correction, the cryptographic processing may result in a change in the location and/or value of the data bits in the processed data stream, such that after the cryptographic processing The position and/or value of the bit error may be different from the position and/or value of the bit error of the data transmitted by the circuit 102 to the CPU 12. This makes it impossible to correct the errors when the data processed in the cryptographic manner reaches the BRAM 38. One aspect of the present invention stems from the consensus that correcting the detected errors prior to processing the data in a cryptographic manner may avoid this problem.

使用一誤差緩衝器單元(EBU)104來儲存來自經過BMU 14與FIM 18之間之資料串流的資料,使得當CPU 12接收一來自FIM 18用以指示在資料串流中存在誤差的中斷時,該CPU校正在EBU 104中之誤差,而不是在BRAM 38處校正誤差。在藉由電路102所偵測之誤差的位置處將該等誤差位元進行簡單"交換"(意即,使"1"變成"0"及使"0"變成"1")以校正數位資料。An error buffer unit (EBU) 104 is used to store data from the data stream passing between the BMU 14 and the FIM 18 such that when the CPU 12 receives an interrupt from the FIM 18 indicating that there is an error in the data stream. The CPU corrects the error in the EBU 104 instead of correcting the error at the BRAM 38. The error bits are simply "exchanged" at the position of the error detected by the circuit 102 (ie, "1" is changed to "0" and "0" is changed to "1") to correct the digital data. .

為了減少當偵測出誤差時在資料串流中之中斷數量,可在EBU 104中使用兩個或兩個以上緩衝器,諸如圖3中所示。如圖3中所示,使用兩個緩衝器104a及104b,其中該等兩個緩衝器之一者將經由FIM 18接收來自記憶體20的資料且另一者將經由在BMU 14中之FDMA 34發送資料至密碼引擎40。在圖3中,使用兩個開關106a及106b。當該等兩個開關處於如圖3中所示之實線位置中時,緩衝器104a將供給資料至BMU 14且緩衝器104b將接收來自FIM 18之資料。當該等兩個開關處於如圖3中所示之虛線位置中時,緩衝器104b將供給資料至BMU 14且緩衝器104a將接收來自FIM 18之資料。該等緩衝器之每一者在將儲存於其中之資料發送至BMU之前可首先用資料填充。當資料藉由緩衝器104a及104b發送或接收時該CPU校正在緩衝器104a及104b中之誤差。以此方式,當該資料串流開始時唯一潛伏時間為需要填充該等兩個緩衝器之一者的時間。其後,若藉由CPU來校正誤差所用之時間小於需要填充每一緩衝器之時間,則甚至當藉由電路102偵測出誤差時在該資料串流中亦將不存在中斷。To reduce the number of interrupts in the data stream when an error is detected, two or more buffers can be used in the EBU 104, such as shown in FIG. As shown in FIG. 3, two buffers 104a and 104b are used, wherein one of the two buffers will receive material from memory 20 via FIM 18 and the other will pass FDMA 34 in BMU 14. Send the data to the cryptographic engine 40. In Figure 3, two switches 106a and 106b are used. When the two switches are in the solid line position as shown in Figure 3, the buffer 104a will supply the data to the BMU 14 and the buffer 104b will receive the data from the FIM 18. When the two switches are in the dashed position as shown in Figure 3, the buffer 104b will supply the data to the BMU 14 and the buffer 104a will receive the data from the FIM 18. Each of the buffers may first be populated with data before the data stored therein is sent to the BMU. The CPU corrects errors in the buffers 104a and 104b as the data is transmitted or received by the buffers 104a and 104b. In this way, the only latency when the data stream begins is the time required to fill one of the two buffers. Thereafter, if the time taken by the CPU to correct the error is less than the time required to fill each buffer, then there will be no interruption in the data stream even when the error is detected by circuit 102.

若校正資料與填充一緩衝器相比佔用更長的時間,則僅當偵測出誤差時將中斷該資料串流且當沒有偵測出誤差時該資料串流將流動而不會中斷。連接在EBU 104與FDMA 34之間之一緩衝器為空(buffer-empty)之訊號(未圖示)以訊號告知後者,該資料串流被中斷且無法獲得更多資料。然後FDMA 34以及密碼引擎40將暫停且等待該資料串流重新開始。If the calibration data takes longer than filling a buffer, the data stream will be interrupted only when an error is detected and the data stream will flow without interruption if no error is detected. A buffer-empty signal (not shown) connected between the EBU 104 and the FDMA 34 signals the latter that the data stream is interrupted and no more information is available. FDMA 34 and cryptographic engine 40 will then pause and wait for the data stream to resume.

當藉由主機設備24將資料寫入至記憶體20時可無需校正誤差,使得其將需要跳過EBU。此可藉由開關108來完成。當開關108關閉時,來自HIM 16(在圖2中未完全展示)之資料完全跳過兩個緩衝器104a及104b。開關108亦可以一旁路模式關閉,其中當自記憶體20中讀取資料或寫入資料至記憶體20時無需密碼處理。在此模式中,將HDMA及FDMA直接連接至仲裁器36上,如同將密碼引擎40自系統10中消除,且該資料串流跳過EBU 104與密碼引擎40。此亦可藉由使用開關來完成。因此,在該旁路模式中,在系統100中之一邏輯電路(未圖示)在CPU 12控制下導致該資料串流跳過區塊40且導致開關108關閉。When the data is written to the memory 20 by the host device 24, no correction error is required so that it will need to skip the EBU. This can be done by switch 108. When the switch 108 is turned off, the data from the HIM 16 (not fully shown in Figure 2) completely skips the two buffers 104a and 104b. The switch 108 can also be turned off in a bypass mode in which no cryptographic processing is required when reading data from the memory 20 or writing data to the memory 20. In this mode, HDMA and FDMA are directly connected to the arbiter 36 as if the cryptographic engine 40 was removed from the system 10, and the data stream skips the EBU 104 and the cryptographic engine 40. This can also be done by using a switch. Thus, in the bypass mode, one of the logic circuits (not shown) in system 100 causes the data stream to skip block 40 and cause switch 108 to turn off under the control of CPU 12.

藉由圖4之流程圖來說明該誤差校正處理。CPU 12在接收來自主機設備24之一讀取指令後開始一讀取操作(橢圓150)。然後使用合適安全組態資訊或記錄組態密碼引擎40至暫存器52,且組態用於一讀取操作之BMU 14及其它參數,諸如在BRAM 38中用於該操作之記憶體空間的分配(方塊152、154)。亦諸如藉由指定在記憶體20中待讀取資料之位置來組態FIM 18(方塊156)。接著啟動HDMA引擎32及FDMA引擎34(見方塊158)。當該CPU接收一中斷時,其檢查以便查看其是否為一FIM中斷(菱形160)。當接收一FIM中斷時,該CPU檢查以便查看該中斷是否為一指示在資料串流中存在一或多個誤差之中斷(162)。若指示誤差,則其開始在緩衝器104a及/或104b中校正誤差(方塊164)且返回以組態FIM 18以便改變在記憶體20中其中資料接著待讀取之位置(方塊156)。當FIM中斷並非指示在資料串流中之誤差時,其意謂FIM已完成其操作且CPU亦返回至方塊156以便重新組態且重新啟動FIM。若藉由CPU所偵測之中斷並非一FIM中斷,則其檢查以便查看其是否為一資料結束中斷(菱形166)。若是,則讀取操作結束(橢圓168)。若不是,則該中斷與該資料之密碼處理無關(意即,時鐘中斷)且CPU 12為其服務(未圖示)且其返回至菱形160以檢查中斷。This error correction process will be explained by the flowchart of FIG. The CPU 12 starts a read operation (ellipse 150) after receiving a read command from one of the host devices 24. The cryptographic engine 40 is then configured with the appropriate security configuration information or records to the scratchpad 52, and the BMU 14 and other parameters for a read operation are configured, such as the memory space for the operation in the BRAM 38. Assignment (blocks 152, 154). The FIM 18 is also configured, such as by specifying the location of the data to be read in the memory 20 (block 156). The HDMA engine 32 and the FDMA engine 34 are then started (see block 158). When the CPU receives an interrupt, it checks to see if it is a FIM interrupt (diamond 160). When receiving a FIM interrupt, the CPU checks to see if the interrupt is an interrupt indicating that one or more errors are present in the data stream (162). If an error is indicated, it begins to correct the error in buffers 104a and/or 104b (block 164) and returns to configure FIM 18 to change the location in memory 20 where the data is then to be read (block 156). When the FIM interrupt is not indicative of an error in the data stream, it means that the FIM has completed its operation and the CPU also returns to block 156 to reconfigure and restart the FIM. If the interrupt detected by the CPU is not a FIM interrupt, it checks to see if it is a data end interrupt (diamond 166). If so, the read operation ends (ellipse 168). If not, the interrupt is independent of the cryptographic processing of the data (i.e., the clock is interrupted) and the CPU 12 is servicing it (not shown) and it returns to diamond 160 to check for the interrupt.

用於一寫入操作時僅需稍微修改圖4。因為在待寫入記憶體20之資料中不存在ECC誤差處理,所以在一寫入操作中CPU 12可跳過菱形162及方塊164中之處理。若在一寫入操作期間藉由CPU 12來接收一FIM中斷,則此意謂FIM完成其操作且CPU亦返回至方塊156以便重新組態FIM。除此區別以外,寫入操作與讀取操作大體上相似。Only a slight modification of Figure 4 is required for a write operation. Since there is no ECC error processing in the data to be written to the memory 20, the CPU 12 can skip the processing in the diamond 162 and block 164 in a write operation. If a FIM interrupt is received by the CPU 12 during a write operation, this means that the FIM completes its operation and the CPU also returns to block 156 to reconfigure the FIM. In addition to this distinction, the write operation is substantially similar to the read operation.

雖然本發明在上文中已參考各種實施例進行描述,但將理解在未脫離本發明之範疇的情況下可進行改變及修改,其僅藉由附加申請專利範圍及其等效物來界定。本文所參考之所有參照案將以引用的方式併入本文中。While the invention has been described hereinabove with reference to the various embodiments thereof, it is understood that modifications and modifications may be made without departing from the scope of the invention. All references cited herein are hereby incorporated by reference.

10...記憶體系統10. . . Memory system

10'...單一單元10'. . . Single unit

12...中央處理單元/CPU12. . . Central processing unit / CPU

12a...CPU隨機存取記憶體/CPU RAM12a. . . CPU random access memory / CPU RAM

14...緩衝器管理單元/BMU14. . . Buffer Management Unit / BMU

16...主機介面模組/HIM16. . . Host Interface Module / HIM

18...快閃介面模組/FIM18. . . Flash interface module / FIM

20...快閃記憶體20. . . Flash memory

22...周邊通道模組/PAMtwenty two. . . Peripheral channel module / PAM

24...主機設備twenty four. . . Host device

26...主機介面匯流排26. . . Host interface bus

26a...埠26a. . . port

28...快閃介面匯流排28. . . Flash interface bus

28a...埠28a. . . port

32...主機直接記憶存取/HDMA32. . . Host direct memory access / HDMA

34...快閃直接記憶存取控制器/FDMA34. . . Flash Direct Memory Access Controller / FDMA

36...仲裁器36. . . Arbitrator

38...緩衝器隨機存取記憶體/BRAM38. . . Buffer random access memory/BRAM

40...密碼引擎40. . . Password engine

100...記憶體系統100. . . Memory system

102...誤差校正電路/ECC CKT102. . . Error Correction Circuit / ECC CKT

104...誤差緩衝器單元/EBU104. . . Error buffer unit / EBU

104a...緩衝器104a. . . buffer

104b...緩衝器104b. . . buffer

106a...開關106a. . . switch

106b...開關106b. . . switch

108...開關108. . . switch

圖1係一與一主機設備相通信以說明本發明之記憶體系統的方塊圖。1 is a block diagram of a memory system in communication with a host device to illustrate the present invention.

圖2係在圖1中之記憶體系統的某些區塊的方塊圖。Figure 2 is a block diagram of certain blocks of the memory system of Figure 1.

圖3係一電路圖,其更詳細地說明圖2之誤差校正緩衝器單元的一較佳組態。3 is a circuit diagram illustrating a preferred configuration of the error correction buffer unit of FIG. 2 in more detail.

圖4係一流程圖,其說明圖2中之系統操作以說明本發明之一態樣的較佳實施例。Figure 4 is a flow diagram illustrating the operation of the system of Figure 2 to illustrate a preferred embodiment of one aspect of the present invention.

為便於描述,在本申請案中以相同數字標注同一組件。For ease of description, the same components are labeled with the same numerals in the present application.

12...中央處理單元/CPU12. . . Central processing unit / CPU

14...緩衝器管理單元/BMU14. . . Buffer Management Unit / BMU

16...主機介面模組/HIM16. . . Host Interface Module / HIM

18...快閃介面模組/FIM18. . . Flash interface module / FIM

32...主機直接記憶存取/HDMA32. . . Host direct memory access / HDMA

34...快閃直接記憶存取控制器/FDMA34. . . Flash Direct Memory Access Controller / FDMA

36...仲裁器36. . . Arbitrator

38...緩衝器隨機存取記憶體/BRAM38. . . Buffer random access memory/BRAM

40...密碼引擎40. . . Password engine

100...記憶體系統100. . . Memory system

102...誤差校正電路/ECC CKT102. . . Error Correction Circuit / ECC CKT

104...誤差緩衝器單元/EBU104. . . Error buffer unit / EBU

Claims (12)

一種記憶體系統,其包含:非揮發性記憶體;一電路,其可操作以偵測自該非揮發性記憶體所讀取之資料中的一或多個誤差的存在並進一步可操作以產生指示在該資料中的該一或多個誤差的存在之一信號;一密碼電路,其可操作以對該資料執行密碼處理;至少一緩衝器,其可操作以在該資料被發送至該密碼電路之前儲存自該非揮發性記憶體所讀取之該資料;及一處理器,其可操作以接收指示在該資料中的該一或多個誤差的存在之該信號,並回應於接收該信號以在該資料自該至少一緩衝器發送至該密碼電路之前校正儲存於該至少一緩衝器中之該資料中之該一或多個誤差;其中自該非揮發性記憶體至該密碼電路之一資料串流之一部分首先經誤差偵測並接著以密碼方式處理,且其中當該資料串流之一部分經誤差偵測時,以密碼方式處理該資料串流之另一部分。 A memory system comprising: a non-volatile memory; a circuit operative to detect the presence of one or more errors in data read from the non-volatile memory and further operable to generate an indication One of the one or more errors in the data; a cryptographic circuit operable to perform cryptographic processing on the data; at least one buffer operative to transmit the data to the cryptographic circuit The data previously stored from the non-volatile memory; and a processor operative to receive the signal indicative of the presence of the one or more errors in the data and in response to receiving the signal Correcting the one or more errors in the data stored in the at least one buffer before the data is sent from the at least one buffer to the cryptographic circuit; wherein the data from the non-volatile memory to the cryptographic circuit One of the streams is first detected by error and then cryptographically processed, and wherein one of the streams is cryptographically processed when the portion of the stream is error-detected Minute. 如請求項1之記憶體系統,其中當偵測到該一或多個誤差的存在時且校正該一或多個誤差比儲存資料於該至少一緩衝器中需要更長的時間,中斷自該非揮發性記憶體至該密碼電路之一資料串流。 The memory system of claim 1, wherein when detecting the presence of the one or more errors and correcting the one or more errors, it takes longer to store the data in the at least one buffer, interrupting from the non- A stream of volatile memory to one of the cryptographic circuits. 如請求項1之記憶體系統,其中該至少一緩衝器包含兩個緩衝器,且其中該處理器進一步可操作以交替使用該兩個緩衝器來儲存並發送自該非揮發性記憶體至該密碼電 路之資料。 The memory system of claim 1, wherein the at least one buffer comprises two buffers, and wherein the processor is further operable to alternately use the two buffers to store and transmit from the non-volatile memory to the password Electricity Road information. 如請求項3之記憶體系統,其中該處理器進一步可操作以當儲存於該兩個緩衝器中之一第二緩衝器中之資料發送至該密碼電路時,儲存自該非揮發性記憶體所讀取之資料於該兩個緩衝器中之一第一緩衝器。 The memory system of claim 3, wherein the processor is further operative to store from the non-volatile memory when data stored in one of the two buffers is sent to the cryptographic circuit The read data is in one of the two buffers. 如請求項1之記憶體系統,其中該處理器進一步可操作以當該記憶體系統操作於一旁路模式中時,跳過該至少一緩衝器。 The memory system of claim 1, wherein the processor is further operative to skip the at least one buffer when the memory system is operating in a bypass mode. 如請求項3之記憶體系統,其中僅當校正儲存於該兩個緩衝器中之一第一緩衝器中之資料中之一或多個誤差比用自該非揮發性記憶體所讀取之資料來填充該兩個緩衝器中之一第二緩衝器需要更長的時間時,中斷自該非揮發性記憶體至該密碼電路之一資料串流。 The memory system of claim 3, wherein only one or more errors in the data stored in the first buffer of the two buffers are corrected than data read from the non-volatile memory To fill one of the two buffers, the second buffer takes longer to interrupt the data stream from the non-volatile memory to the cryptographic circuit. 一種用以校正在一記憶體系統中之資料的方法,該方法包含:在包含非揮發性記憶體、可操作以偵測資料中的一或多個誤差的存在之一電路、一密碼電路、至少一緩衝器及一處理器之一記憶體系統中執行下列步驟:儲存經過該非揮發性記憶體與該密碼電路之間之資料於該至少一緩衝器中;在提供該資料至該密碼電路之前,校正儲存於該至少一緩衝器中之該資料中的一或多個誤差,其中回應於自該電路接收指示該一或多個誤差的存在之一信號而由該處理器校正該資料中之該一或多個誤差;及 在儲存於該至少一緩衝器中之該資料中的該一或多個誤差被校正之後,提供該資料至該密碼電路;其中自該非揮發性記憶體至該密碼電路之一資料串流之一部分首先經誤差偵測並接著以密碼方式處理,且其中當該資料串流之一部分經誤差偵測時,以密碼方式處理該資料串流之另一部分。 A method for correcting data in a memory system, the method comprising: a circuit comprising a non-volatile memory, operable to detect the presence of one or more errors in the data, a cryptographic circuit, Performing the following steps in at least one buffer and one processor memory system: storing data between the non-volatile memory and the cryptographic circuit in the at least one buffer; before providing the data to the cryptographic circuit Correcting one or more errors in the data stored in the at least one buffer, wherein the processor corrects the data in response to receiving a signal from the circuit indicating the presence of the one or more errors The one or more errors; and Providing the data to the cryptographic circuit after the one or more errors in the data stored in the at least one buffer are corrected; wherein a portion of the data stream from the non-volatile memory to the cryptographic circuit First, the error is detected and then processed in a cryptographic manner, and wherein one portion of the data stream is cryptographically processed when another portion of the data stream is error detected. 如請求項7之方法,其中當偵測到該一或多個誤差的存在時且校正該一或多個誤差比儲存資料於該至少一緩衝器中需要更長的時間,中斷自該非揮發性記憶體至該密碼電路之一資料串流。 The method of claim 7, wherein when the presence of the one or more errors is detected and the one or more error corrections are longer than the stored data in the at least one buffer, the non-volatile is interrupted A stream of data from the memory to the cryptographic circuit. 如請求項7之方法,其中該至少一緩衝器包含兩個緩衝器,且其中該方法進一步包含交替使用該兩個緩衝器來儲存並發送自該非揮發性記憶體至該密碼電路之資料。 The method of claim 7, wherein the at least one buffer comprises two buffers, and wherein the method further comprises alternately using the two buffers to store and transmit data from the non-volatile memory to the cryptographic circuit. 如請求項9之方法,其中當儲存於該兩個緩衝器中之一第二緩衝器中之資料發送至該密碼電路時,儲存自該非揮發性記憶體所讀取之資料於該兩個緩衝器中之一第一緩衝器。 The method of claim 9, wherein when the data stored in the second buffer of the two buffers is sent to the cryptographic circuit, the data read from the non-volatile memory is stored in the two buffers. One of the first buffers in the device. 如請求項7之方法,其進一步包含當該記憶體系統操作於一旁路模式中時,跳過該至少一緩衝器。 The method of claim 7, further comprising skipping the at least one buffer when the memory system is operating in a bypass mode. 如請求項9之方法,其中僅當校正儲存於該兩個緩衝器中之一第一緩衝器中之資料中之一或多個誤差比用自該非揮發性記憶體所讀取之資料來填充該兩個緩衝器中之一第二緩衝器需要更長的時間時,中斷自該非揮發性記憶體至該密碼電路之一資料串流。The method of claim 9, wherein only one or more errors in correcting data stored in one of the two buffers are filled with data read from the non-volatile memory. When one of the two buffers takes longer, the data stream from the non-volatile memory to the cryptographic circuit is interrupted.
TW094145661A 2004-12-21 2005-12-21 Memory system with in stream data encryption/decryption and error correction and method for correcting data in the memory system TWI391945B (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US63848504P 2004-12-21 2004-12-21
US11/313,447 US20060239450A1 (en) 2004-12-21 2005-12-20 In stream data encryption / decryption and error correction method
US11/313,428 US8396208B2 (en) 2004-12-21 2005-12-20 Memory system with in stream data encryption/decryption and error correction

Publications (2)

Publication Number Publication Date
TW200641911A TW200641911A (en) 2006-12-01
TWI391945B true TWI391945B (en) 2013-04-01

Family

ID=36602336

Family Applications (1)

Application Number Title Priority Date Filing Date
TW094145661A TWI391945B (en) 2004-12-21 2005-12-21 Memory system with in stream data encryption/decryption and error correction and method for correcting data in the memory system

Country Status (6)

Country Link
EP (1) EP1828898A2 (en)
JP (1) JP2008524754A (en)
KR (1) KR101254136B1 (en)
CN (1) CN101124545B (en)
TW (1) TWI391945B (en)
WO (1) WO2006069273A2 (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8108691B2 (en) 2005-02-07 2012-01-31 Sandisk Technologies Inc. Methods used in a secure memory card with life cycle phases
US8423788B2 (en) 2005-02-07 2013-04-16 Sandisk Technologies Inc. Secure memory card with life cycle phases
US8321686B2 (en) 2005-02-07 2012-11-27 Sandisk Technologies Inc. Secure memory card with life cycle phases
US7748031B2 (en) 2005-07-08 2010-06-29 Sandisk Corporation Mass storage device with automated credentials loading
JP4843531B2 (en) 2006-09-29 2011-12-21 富士通株式会社 Encryption conversion apparatus, encryption conversion method, and encryption conversion program
US10133883B2 (en) 2009-02-09 2018-11-20 International Business Machines Corporation Rapid safeguarding of NVS data during power loss event
JP5178839B2 (en) * 2009-11-27 2013-04-10 株式会社東芝 Memory chip
JP5017439B2 (en) * 2010-09-22 2012-09-05 株式会社東芝 Cryptographic operation device and memory system
KR102392844B1 (en) * 2017-03-10 2022-05-03 삼성전자주식회사 Memory controller and storage device including the same

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS642136A (en) * 1987-06-25 1989-01-06 Fujitsu Ltd System for controlling fifo buffer
US5438575A (en) * 1992-11-16 1995-08-01 Ampex Corporation Data storage system with stale data detector and method of operation
JPH113284A (en) * 1997-06-10 1999-01-06 Mitsubishi Electric Corp Information storage medium and its security method
JP2004110253A (en) * 2002-09-17 2004-04-08 Ricoh Co Ltd File management device
TWI223204B (en) * 2001-11-08 2004-11-01 Toshiba Corp Memory card, content transmission system, and content transmission method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1229940C (en) * 2002-04-30 2005-11-30 电子科技大学 Video/data broadcasting co-channel multi-flow transparent transmitting method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS642136A (en) * 1987-06-25 1989-01-06 Fujitsu Ltd System for controlling fifo buffer
US5438575A (en) * 1992-11-16 1995-08-01 Ampex Corporation Data storage system with stale data detector and method of operation
JPH113284A (en) * 1997-06-10 1999-01-06 Mitsubishi Electric Corp Information storage medium and its security method
TWI223204B (en) * 2001-11-08 2004-11-01 Toshiba Corp Memory card, content transmission system, and content transmission method
JP2004110253A (en) * 2002-09-17 2004-04-08 Ricoh Co Ltd File management device

Also Published As

Publication number Publication date
KR101254136B1 (en) 2013-04-12
KR20070087676A (en) 2007-08-28
WO2006069273A2 (en) 2006-06-29
JP2008524754A (en) 2008-07-10
CN101124545A (en) 2008-02-13
WO2006069273A3 (en) 2006-11-16
CN101124545B (en) 2012-05-16
TW200641911A (en) 2006-12-01
EP1828898A2 (en) 2007-09-05

Similar Documents

Publication Publication Date Title
TWI391945B (en) Memory system with in stream data encryption/decryption and error correction and method for correcting data in the memory system
US20060239450A1 (en) In stream data encryption / decryption and error correction method
KR101323746B1 (en) Memory System with In-Stream Data Encryption/Decryption
US6769087B2 (en) Data storage device and method for controlling the device
US8396208B2 (en) Memory system with in stream data encryption/decryption and error correction
US20140250348A1 (en) Controller and Method for Interfacing Between a Host Controller in a Host and a Flash Memory Device
CN1794628B (en) Apparatus and method for generating a secret key
US20110040924A1 (en) Controller and Method for Detecting a Transmission Error Over a NAND Interface Using Error Detection Code
US10983858B2 (en) Data writing method, memory control circuit unit and memory storage device
US7835518B2 (en) System and method for write failure recovery
EP2330530B1 (en) Memory system with in-stream data encryption/decryption
US20090044077A1 (en) Flash memory system having encrypted error correction code and encryption method for flash memory system
JP2008524969A5 (en)
US11216217B2 (en) Data transfer method after data encryption function is disabled and memory storage device
JP2018194948A (en) Semiconductor memory device, memory controller and method of monitoring memory
US7966539B2 (en) Digital content protection systems and methods
CN113448488B (en) Data transfer method and memory storage device
TW202403773A (en) Semiconductor device, and system and method for managing secure operations in the same
KR20080108119A (en) System and method for write failure recovery

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees