CN101681253B - Secure and scalable solid state disk system - Google Patents

Secure and scalable solid state disk system Download PDF

Info

Publication number
CN101681253B
CN101681253B CN 200880015021 CN200880015021A CN101681253B CN 101681253 B CN101681253 B CN 101681253B CN 200880015021 CN200880015021 CN 200880015021 CN 200880015021 A CN200880015021 A CN 200880015021A CN 101681253 B CN101681253 B CN 101681253B
Authority
CN
Grant status
Grant
Patent type
Prior art keywords
interface
processor
memory
virtual storage
layer
Prior art date
Application number
CN 200880015021
Other languages
Chinese (zh)
Other versions
CN101681253A (en )
Inventor
Y·钱
B·W·陈
C·T·邓
Original Assignee
金士顿科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Grant date

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from or digital output to record carriers, e.g. RAID, emulated record carriers, networked record carriers
    • G06F3/0601Dedicated interfaces to storage systems
    • G06F3/0602Dedicated interfaces to storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0622Securing storage systems in relation to access
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from or digital output to record carriers, e.g. RAID, emulated record carriers, networked record carriers
    • G06F3/0601Dedicated interfaces to storage systems
    • G06F3/0628Dedicated interfaces to storage systems making use of a particular technique
    • G06F3/0662Virtualisation aspects
    • G06F3/0664Virtualisation aspects at device level, e.g. emulation of a storage device or system
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from or digital output to record carriers, e.g. RAID, emulated record carriers, networked record carriers
    • G06F3/0601Dedicated interfaces to storage systems
    • G06F3/0668Dedicated interfaces to storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device

Abstract

本发明揭露一种固态磁盘系统。 The present invention discloses a solid state disk system. 前述系统包含一使用者信标,以及耦接至前述主机系统的至少一层的安全虚拟存储控制器。 The system comprises a user beacon, and a host system coupled to the at least one virtual storage secure controller. 前述系统还包含多个虚拟存储装置,前述虚拟存储装置耦接至至少一安全虚拟存储控制器。 The system further comprises a plurality of virtual storage devices, the virtual storage apparatus coupled to at least one virtual storage secure controller. 本发明的系统以及方法可适用于一快闪式存储器、磁盘存储系统、可携式存储装置、企业存储系统、个人计算机、服务器、无线存储器以及多媒体存储系统。 The system and method of the present invention is applicable to a flash memory, magnetic disk storage system, a portable storage device, enterprise storage system, a personal computer, a server, a wireless memory, and a multimedia storage system.

Description

安全且可扩充的固态磁盘系统技术领域 Secure and scalable technology field of solid state disk system

[0001] 本发明是关于一种存储系统;更详细地说,本发明是关于一种安全且可扩充(scalable)的固态磁盘系统。 [0001] The present invention relates to a storage system; More particularly, the present invention relates to a secure and scalable (Scalable) solid state disk system.

背景技术 Background technique

[0002] 快闪式(flash based)的固态磁盘(solid state disk ;SSD)已慢慢地堀起,并自工业、国防以及企业应用端逐渐地被一般使用者消费端所广为接受。 [0002] flash (flash based) solid-state disk (solid state disk; SSD) The rise has been slowly, and from industrial, defense, and enterprise applications end gradually be widely accepted by the general consumer end user. 这股趋势背后最主要的驱动力即来自于先进的快闪技术发展以及快闪组件本身的优势。 This trend behind the main driving force that is advanced from the advantages of the flash technology development and the flash component itself. 快闪式的固态磁盘与现有硬盘机(hard disk drive ;HDD)相较之下,其具有以下的优点: Solid state flash disk with an existing hard disk drive (hard disk drive; HDD) In ​​contrast, it has the following advantages:

[0003] 1.功率耗损较低。 [0003] 1. The power consumption is low.

[0004] 2.重量较轻。 [0004] 2. weight.

[0005] 3.逸散热量较低。 [0005] 3. low heat dissipation.

[0006] 4.无噪音。 [0006] 4. No noise.

[0007] 5.无机械组件。 [0007] 5. No mechanical components.

[0008] 然而,在逐渐取代硬盘机的同时,固态磁盘也有一些待解决的问题,如:·[0009] 1.成本较高。 [0008] However, at the same time gradually replace the hard drive, solid state disk, there are some problems to be solved, such as: - [0009] 1. The higher costs.

[0010] 2.密度较低。 [0010] 2. low density.

[0011] 3.系统效能较差。 [0011] 3. The system performance is poor.

[0012] 此外,一般固态磁盘通常只能管理4阶、8阶、16阶、32阶或更多组件的一闪存群组,因此在以下方面更具有高难度的设计挑战: [0012] In addition, solid state disks usually only general management step 4, step 8, step 16, step 32 a group of flash memory or more components, and therefore more difficult design challenges in the following aspects:

[0013] 1.管理众多快闪装置接口的输出接脚(pin-outs)。 [0013] 1. an output pin (pin-outs) managing a number of flash devices interface.

[0014] 2.遍及于众多快闪组件间的均勻抹除(wear-leveling)。 [0014] 2. uniformly throughout to erase (wear-leveling) between the number of flash components.

[0015] 3.固态磁盘系统的可制作性与可测试性。 [0015] manufacturability and testability 3. The solid-state disk system.

[0016] 4.支持新快闪技术及可从中获益的时间差距。 [0016] 4. Support new flash technology and the time gap can benefit from.

[0017] 5.上市时间。 [0017] The time to market.

[0018] 6.自新快闪技术中所可节省的成本。 [0018] 6. The rehabilitation cost as flash-savings.

[0019] 现有硬盘机并无内建的安全防护。 [0019] The conventional hard disk drive has no built-in safety. 若一具有一硬盘机的主机系统被偷走后,则其硬盘机的内容将可轻易地被存取以及盗用。 If a host system having a hard disk drive machine was stolen, the contents of which are hard to machine can be accessed easily and misappropriation. 即使可通过一软件将整个磁盘进行加密,现有硬盘机在实际应用上仍存在着以下问题: Even if the entire disk can be encrypted by a software, the existing hard drive, there are still problems in the practical application of the following:

[0020] 1.因软件的加密与解密所造成的系统效能牺牲。 [0020] 1. system because the encryption and decryption software caused by the performance of sacrifice.

[0021] 2.必须另外安装驱动程序以进行加密动作。 [0021] 2. The need to install a driver for the encryption operation.

[0022] 3.若密码认证功能仅属于前述硬盘机,则仍具有被攻击的危险。 [0022] 3. If the password authentication function only belong to the aforementioned hard drives, you still have the risk of being attacked.

[0023] 倘若固态磁盘由利基型产品(niche product)转变成较为普遍的使用者产品而成为主流,则固态磁盘必须针对上述缺点进行改善,且须另外增加诸如安全性、可扩充性等其它优点。 [0023] If the transition from the solid state disk niche products (niche product) into the more common user of the product into the mainstream, the solid state disk must be improved for the above-described drawbacks, and such to be an additional security, scalability and other advantages .

[0024] 图1是一现有安全数字(secure digital ;SD)快闪卡的方块图,其包含一实体接口11、一安全数字卡控制器12以及闪存13。 [0024] FIG. 1 is a conventional secure digital (secure digital; SD) is a block diagram of a flash card, which comprises a physical interface 11, a secure digital card controller 12 and flash memory 13. 实体接口11通过接口总线(interface bus) 14连接至一主机系统。 Interface entity 11 is connected to a host system bus via an interface (interface bus) 14. 利用一安全数字卡、微型快闪(compact flash ;CF)卡以及通用串行总线(universal serial bus ;USB)驱动器即可组成一简易型式的固态磁盘。 Using a secure digital card, a micro flash (compact flash; CF) card, and a universal serial bus (universal serial bus; USB) drives can form a simple type of solid state disk.

[0025] 于一现有存储系统中,例如美国专利申请案第10/707,871号(其公开号为20050005044)、第10/709,718 号(其公开号为20050005063)、美国公告专利第6,098,119号、第6,883,083 号、第6,877,044 号、第6,421,760 号、第6,138,176 号、第6,134,630号、第6,549,981号以及美国公开专利第20030120865号所揭露的存储系统,于系统启动或运作期间(runtime),一存储控制器将自动安装及配置磁盘驱动器。 [0025] In an existing storage system, for example, U.S. Patent Application No. 10 / 707,871 (published as 20050005044), / 10, No. 709,718 (published as 20050005063), U.S. Patent No. 6 announcement, No. 098,119, No. 6,883,083, No. 6,877,044, No. 6,421,760, No. 6,138,176, No. 6,134,630, No. 6,549,981 and U.S. Patent Publication No. 20030120865 discloses a storage system in the operating system start-up or during (Runtime), a memory controller and arranged to automatically install disk drives. 前述的存储控制器可执行基本的存储识别以及汇总功能(aggregation functionality)。 The storage controller may perform the basic function of storing identification and summary (aggregation functionality). 现有技术的主要优点即在于运作期间,能够检测磁盘驱动器的插入以及移除。 The main advantage of the prior art is that during operation, i.e., into the disk drive can be detected and removed. 然而现有技术却无法在系统启动期间识别主机系统与存储系统之间存在的异步特性。 However, the asynchronous nature of the prior art was identified between the host system and the storage system during the system can not start. 由于存储控制器的功能相当于一虚拟控制器,因此在主机系统启动期间,存储控制器需要花费时间识别、测试及配置前述实体驱动器。 Since the function of the storage controller corresponds to a virtual controller, the host system during startup, the memory controller takes time to identify, test and configure the physical drives. 假如没有使主机系统与存储系统再次同步(re-synchronize)的机制存在,则主机系统仅会停止并且没有办法识别及安装虚拟逻辑存储器。 If there is no host system and the storage system so that the synchronization (re-synchronize) again mechanism exists, the host system will only be stopped and there is no way to identify the virtual logical storage and installation. 据此,现有系统顶多只能当作次要存储系统,而非主要存储系统。 Accordingly, the existing system at most only as a secondary storage system, rather than the primary storage system. 美国公告专利第6,098,119号的另一个缺点则是系统要求各实体驱动器于安装期间需有一或多个预先加载(preload)的「参数设定(parametersettings)」。 Another disadvantage of US Patent No. 6,098,119 announcement is the system requirements for each entity drive during installation need to have one or more pre-loaded (preload) of "parameter setting (parametersettings)." 此一缺点将对自动安装造成限制。 This will automatically install a drawback caused by restrictions.

[0026] 大多数的现有系统并未针对存储器的延伸性(expandabiIity)或可扩充性(scalability)提供解决的方法。 [0026] Most existing systems do not provide a solution for extending the memory (expandabiIity) or scalability (scalability). 尽管美国专利申请案第10/707,871号(其公开号为20050005044)号以及第10/709,718号(其公开号为20050005063)提出了具有扩充性的存储虚拟计算机系统,其是着重于描述耦接至一实体主机(可能为一主机计算机或一服务器)的「外接式」存储虚拟控制器。 While U.S. Patent Application / 10, No. 707,871 (published as 20050005044) and No. No. 10 / 709,718 (published as 20050005063) proposed virtual computer system having a storage scalable, which is focused on the description of the coupling connected to a physical machine (possibly a host computer or a server) to "external" virtual storage controller. 这些专利并未针对上述虚拟存储的启动问题提出讨论。 The patent does not propose to start discussions on the issue in the virtual store. 这些专利的虚拟存储的架构仍仅能作为次要存储器之用。 Virtual memory architecture of these patents are still used only as the secondary memory.

[0027] 此外,现有系统亦无法解决密码认证与硬件加密的驱动安全性的问题。 [0027] In addition, the existing system will not be able to solve the problem drive password security authentication and hardware encryption. 其中硬件加密已然成为笔记型计算机中不可或缺的主要驱动应用产品。 The hardware encryption has become an integral part of the notebook computer's main drive applications.

[0028] 如图2所示,美国专利第7,003,623号是一种较为简明的固态磁盘系统。 [0028] As shown in FIG 2, U.S. Patent No. 7,003,623 is a more concise solid state disk system. 前述固态磁盘系统包含一串行高速硬盘接口(serial advanced technologyattachment ;SATA)至闪存控制器25以及一组闪存13。 The solid-state disk system comprises a serial high-speed hard disk interface (serial advanced technologyattachment; SATA) to the flash memory controller 25 and a set of flash memory 13. 前述SATA至闪存控制器25包含一SATA主机接口251以及多个快闪装置接口252。 SATA to the flash memory controller 25 comprises a SATA host interface 251 interface 252 and a plurality of flash devices. SATA主机接口是用以连接(interfacing)主机系统20的SATA主机控制器21,同时快闪装置接口252是用以连接闪存13。 SATA host interface is used to connect (Interfacing) SATA host controller 21 host system 20, while a flash interface 252 is a means for connecting the flash memory 13.

[0029] 各闪存13具有约略15至23个信号接脚以连接至控制器25。 [0029] The flash memory 13 each having a roughly 15 to 23 signal pins to be connected to the controller 25. SATA主机接口251则需要4个信号接脚以连接至前述SATA主机控制器21。 SATA host interface 251 requires four signal pins to be connected to the SATA host controller 21. SATA至闪存控制器25则需要总数至少为124的信号接脚来管控8个闪存13 ;或总数为244的信号接脚来管控16个闪存13。 SATA flash memory controller 25 needs to be at least the total number of signal pins 124 to control the flash memory 13 8; or a total of 244 signal pins 16 to control the flash memory 13.

[0030] 同样如图2所示,控制器25必须管控错误更正码(error correction code ;ECC)、均勻抹除、坏区块重新映像(bad block re-mapping)、闲置存储空间的分配以及众多内部至闪存式固态磁盘的作业记录(book keeping tasks)。 [0030] Also shown in Figure 2, the controller 25 must control the ECC (error correction code; ECC), uniformly erased reimaging bad block (bad block re-mapping), and unused storage space allocated many job record to internal flash memory solid state disk (book keeping tasks). 由此可见,随着闪存组件数目的增力口,控制器的复杂度也将随之上升。 Thus, as the number of flash memory device port booster, the complexity of the controller will also rise. 如此一来,不仅将对控制器的成本造成影响,于现有的固态磁盘系统上,还增加了可制造性与可测试性方面的问题。 Thus, not only will affect the cost of the controller, on the existing solid-state disk system, also increased the problem of manufacturability and testability aspects. 就本质上而言,现有技术不具备可扩充的特性,意即相同的控制器将无法被使用于二种或更多不同种类密度的设计。 In essence it is, the prior art does not have the characteristics of scalable, which means the same controller will not be used in two or more different types of design densities. 若同一控制器需使用于二种或更多不同种类密度的设计,则控制器的接脚数量必须至少能容纳124个接脚,以连接四个闪存;或244个接脚,以连接八个闪存;或甚至484个接脚,以连接十六个闪存芯片。 When the same controller used for an additional two kinds of different types of design or density, the number of pins of the controller must be able to accommodate at least 124 pins, to connect the four flash memories; or pins 244, to connect eight flash memory; or even 484 pins to connect sixteen flash memory chip. 因此,现有系统仅能限用于小密度应用的固态磁盘,而不具备完整的可延伸及可扩充的特性。 Thus, conventional systems can only be restricted to low density solid state disk application, rather than have the characteristics of a complete scalable and extendable.

[0031] 据此,一种能解决上述问题的系统以及方法系必须的。 [0031] Accordingly, a system and method capable of solving the above problem is to be based. 而本发明即可满足此类需求。 And the present invention can meet such needs.

发明内容 SUMMARY

[0032] 本发明系揭露一种固态磁盘系统。 Department [0032] The present invention discloses a solid-state disk system. 前述系统包含一使用者信标(usertoken)以及一耦接至一主机系统的第一层安全虚拟存储控制器。 The system comprises a user beacon (UserToken) and a first layer coupled to the storage controller a secure virtual host system. 前述系统亦包含多个第二层安全虚拟存储控制器以及多个第三层虚拟存储装置。 The system also includes a plurality of the second-layer security virtual storage controller and the virtual storage apparatus a plurality of third layers. 其中,前述第二层安全虚拟存储控制器皆具有一与前述第一层安全虚拟存储控制器兼容的接口,而前述等第三层虚拟存储装置系耦接至前述第二层安全虚拟存储控制器。 Wherein the second layer has both a secure virtual memory controller with a first layer of the security virtual storage controller compatible interface, and the third layer other virtual storage system coupled to the second-layer security virtual storage controller .

[0033] 根据本发明的系统与方法可提供下列优点。 [0033] The system and method of the present invention may provide the following advantages.

[0034] 1.前述系统与方法系采用一安全虚拟存储控制器结构。 [0034] 1. The method and the system security system using a virtual storage controller architecture.

[0035] 2.前述系统与方法系采用一种基于前述安全虚拟存储控制器结构的可扩充的固态磁盘系统。 [0035] 2. the system and method uses a solid-state disk system based on the scalable secure virtual memory controller architecture.

[0036] 3.前述系统与方法是基于现今普遍并盛行的快闪卡/装置上所建立的区块,以采纳(tap into)最新的快闪组件技术的成本、密度及系统效能。 [0036] 3. The foregoing system and method is based on a block flash cards / devices and prevalence of widespread nowadays established to adopt (tap into) the cost of the latest flash component technology, density and system performance.

[0037] 4.前述系统与方法使用虚拟存储处理器统合密度及系统效能。 [0037] 4. The method of using the virtual storage system and the processor system performance and integration density.

[0038] 5.前述系统与方法可视需求使用较多层的虚拟存储控制器以扩充密度及系统效倉泛。 [0038] The foregoing system and method use a virtual visual controller needs more layer system efficiency and density to expand the cartridge pan.

[0039] 6.前述系统与方法可视需求于前述虚拟存储控制器中使用编码引擎,以实时(on-the-fly)处理于上传串流与下传串流的间数据交换的加/解密作业。 Plus [0039] 6. The method of the visual system and the need to use the virtual storage in the coding engine controller in real time (on-the-fly) and treated uploading streaming downlink stream between the data exchange / decryption operation. 其中,前述数据交换的进行系于主机与装置的间。 Wherein the data exchanged between the host and based on the device.

[0040] 7.前述系统与方法使用一USB信标来作为固态磁盘的独立密码认证。 [0040] 7. A method of using the system with a USB beacon password authentication as an independent solid state disk.

[0041] 8.前述系统与方法系允许前述安全且可扩充的固态磁盘(secure-and-scalablesolid state disk ;SNS_SSD)利用使用者自开机、休眠至一般使用阶段的经验来取代硬盘机。 [0041] 8. A method for the system and allows the system secure and scalable solid state disk (secure-and-scalablesolid state disk; SNS_SSD) using the user-boot, the sleep stage to experience generally used to replace hard drive.

[0042] 根据本发明的系统及方法系适用于一快闪式存储器、磁盘存储系统、可携式存储装置、企业存储系统、个人计算机、服务器、无线存储器以及多媒体存储系统。 [0042] The system and method of the present invention is applicable to a flash-based memory, magnetic disk storage system, a portable storage device, enterprise storage system, a personal computer, a server, a wireless memory, and a multimedia storage system.

[0043] 附图说明 [0043] BRIEF DESCRIPTION OF DRAWINGS

[0044] 图1是现有技术的一安全数字卡的方块图; [0044] FIG. 1 is a secure digital card prior art block diagram;

[0045] 图2是现有技术的一主机系统与一现有固态磁盘系统的稱接不意图; [0045] FIG. 2 is a host system of the prior art and a solid state disk system, said the existing ground is not intended;

[0046] 图3是一主机系统与一USB信标稱接至一基于三层结构的SATA式安全且可扩充的固态磁盘统的方块图; [0046] FIG. 3 is connected to a SATA-based solid-state disk system safety and scalable three-layer structure of a block diagram of a USB host system with a nominal channel;

[0047] 图4是安全虚拟存储控制器的方块图; [0047] FIG. 4 is a secure virtual storage controller block diagram;

[0048] 图5是一主机系统与一USB信标耦接至一基于四层结构的PATA式安全且可扩充的固态磁盘系统的方块图; [0048] FIG. 5 is a block diagram of a host system and a USB beacon coupled to a four-layer structure based PATA safety and scalable solid-state disk system;

[0049] 图6是初始化前述安全虚拟存储控制器的流程图; [0049] FIG. 6 is a flowchart initializing the secure virtual storage controller;

[0050] 图7是中断处理器执行的流程图; [0050] FIG. 7 is a flowchart executed by the interrupt processor;

[0051] 图8是主机命令处理器执行的流程图; [0051] FIG 8 is a flowchart of the host command execution by the processor;

[0052] 图9是安全虚拟存储控制器的区域命令处理器,其内部的区域命令表; [0052] FIG. 9 is a region of virtual storage controllers secure processor command, the internal command table area;

[0053] 图10是执行厂商准备的流程图; [0053] FIG. 10 is a flowchart of execution preparation manufacturers;

[0054] 图11是配置前述虚拟存储处理器的流程图; [0054] FIG. 11 is a flowchart of the virtual storage configuration of the processor;

[0055] 图12是配置编码引擎的流程图; [0055] FIG. 12 is a flowchart for the encoding engine;

[0056] 图13是前述编码引擎的方块图; [0056] FIG. 13 is a block diagram of the coding engine;

[0057] 图14A-图14D分别为前述主机系统的冷开机、关机、休眠以及由休眠被唤醒的流程图; [0057] FIG. 14A- FIG. 14D is a cold boot of the host system, off, sleep, and sleep flowchart awakened;

[0058] 图15是USB信标开机的流程图;以及 [0058] FIG. 15 is a flowchart of the USB power beacon; and

[0059] 图16是密码认证的流程图。 [0059] FIG. 16 is a flowchart of the password authentication.

[0060] 具体实施方式 [0060] DETAILED DESCRIPTION

[0061] 本发明是关于一种存储器系统。 [0061] The present invention relates to a memory system. 更详细地说,本发明是关于一种安全且可扩充的固态磁盘系统。 More specifically, the present invention relates to a secure and scalable solid state disk system. 以下的叙述是使熟悉此项技术领域者可以利用本发明,同时提供本发明的应用及所需条件。 The following description is to enable those skilled in the technical field of the present invention can be utilized, while providing the desired application and conditions of the present invention. 下述的实施例仅用以例举本发明的实施态样,以及阐释本发明的技术特征,并非用以限制本发明的范畴。 The following embodiments are merely exemplified aspects and features of the invention explain the embodiment of the present invention and is not intended to limit the scope of the invention. 任何熟悉此技术者可轻易完成的改变或均等性的安排均属于本发明所主张的范围。 Skilled in this field may proceed with a variety of modifications of the arrangement according to the present invention belong to the claimed range.

[0062] 图3是一主机系统与一USB信标稱接至一SATA式的安全且可扩充的固态磁盘系统的方块图。 [0062] FIG. 3 is a block diagram connected to a SATA-style security and scalable solid-state disk system, a USB host system with a nominal letter. 主机系统30包含一处理器(图未绘示)、存储器(图未绘示)、输入/输出(input/output ;/1/0)、一USB接口(图未绘示)以及一SATA主机控制器34。 The system 30 includes a host processor (not shown), memory (not shown), an input / output (input / output; / 1/0), a USB interface (not shown) and a SATA host control 34. SATA主机控制器34系经由一USB接口连接至一USB信标35,并通过一SATA主机接口321与安全且可扩充的固态磁盘系统31共同作业。 SATA host controller 34 is connected via a USB interface system to a USB beacon 35, via a SATA interface 321 and host security and scalable solid-state disk system 31 work together.

[0063] 于主机系统30开机之后以及存取安全且可扩充的固态磁盘系统31之前,USB信标35是作为一独立媒介(agent),用以提供密码认证功能。 [0063] After the host system 30 and the power and scalable access to the secure system before the solid-state disk 31, USB 35 as a beacon independent medium (agent), for providing password authentication. 前述功能可为一属于前述USB信标35的软件功能。 Belonging to the function may be a function of the USB software 35 of the beacon. 或较佳地,前述功能可为USB信标35中,连结至网络服务的浏览器连结,使用浏览器连结的原因系其较普遍且其仅占用系统资源的一小部份即能运作于不同平台装置。 Or preferably, it may be a function of the USB beacon 35, coupled to a network server connected to the browser, the browser-based link using the cause thereof more general and only a small portion of system resources which can be operated in different i.e. platform device.

[0064] 安全且可扩充的固态磁盘系统31包含一第一层安全虚拟存储控制器32、二个第二层安全虚拟存储控制器33以及八个第三层存储装置安全数字卡10。 [0064] Safety and scalable solid-state disk system 31 comprises a first layer of virtual storage secure controller 32, two second-layer security virtual storage controller 33, and a third layer eight storage device 10 Secure Digital card.

[0065] 前述第一层安全虚拟存储控制器32包含一SATA主机接口321、一编码引擎323以及并联的多个SATA装置接口322。 [0065] secure the first layer 32 comprises a virtual storage controller SATA host interface 321, the encoding engine 323 and a plurality of parallel device interface SATA 322. 于本实施例中,主机端的存储接口可为一串行ATA或SATA。 In the present embodiment, the host-side storage interface may be a serial ATA or SATA. 前述存储主机接口可为任一种型式的输入输出接口,例如SATA、串行式小型计算机系统接口(serial attached small computersystem interface ;SAS)、高速外围控制器接口(peripheral controllerinterface ;PCI express)、平行高速硬盘接口(paralleladvanced technologyattachment ;PATA)、USB、蓝芽、超宽带(Ultra-wideband ;UWB)或无线接口。 Storing the host interface may be any type of input and output interfaces, e.g. SATA, Serial Attached Small Computer System Interface (serial attached small computersystem interface; SAS), a Peripheral Interface Controller (peripheral controllerinterface; PCI express), a high-speed parallel hard disk interface (paralleladvanced technologyattachment; PATA), USB, Bluetooth, ultra-wideband (ultra-wideband; UWB) or wireless interface. 虚拟存储控制器32将于图4所绘示的安全虚拟存储控制器40中做更详细地说明。 Virtual memory controller 32 depicted in FIG. 4 will secure virtual storage controllers shown in 40 explained in more detail below. [0066] 第二层虚拟存储控制器33包含一SATA主机接口331、一编码引擎333以及并联的多个安全数字装置接口332。 [0066] The second layer 33 includes a virtual storage controller SATA host interface 331, a plurality of secure digital encoding engine 333 and a parallel interface 332 of the apparatus. 虚拟存储控制器33并不直接耦接至闪存,而是耦接至第三层存储装置,即一安全数字(secure digital ;SD)卡10。 Virtual memory controller 33 is not directly coupled to the flash memory, but is coupled to the third layer of the memory device, i.e., a secure digital (secure digital; SD) card 10. 只要接脚数、成本、系统效能合理,SD卡10可以任何一种快闪式卡或驱动器取代,例如:微型快闪卡(compact flash card ;CF card)、多媒体卡(multimediacompact card ;MMC card)、USB 驱动器或存储棒(memorystick)。 As long as pin count, cost, system performance is reasonable, SD card 10 may be substituted with any of a flash card or drive, for example: a flash mini-card (compact flash card; CF card), a multimedia card (multimediacompact card; MMC card) , USB drive or a memory stick (memorystick). 于本实施例中,各安全数字卡10具有六个信号接脚。 In the present embodiment, each of the secure digital card 10 has six signal pins. 四个数字安全组件即需要总数24个信号接脚,其中各前述安全数字卡具有两个闪存组件,而非现有技术中,八个闪存组件所需的总数为120个信号接脚。 Digital security requires four components i.e. the total number of signal pins 24, wherein each of the two flash memory device having a secure digital card, rather than the prior art, the total number of components required for the flash memory 120 eight signal pins. 因此,本发明可自控制器芯片的结构上减少一大笔花费,且具备较佳的可制造性及可测试性。 Accordingly, the present invention can reduce a lot of cost since the structure of the controller chip, and may have better manufacturability and testability.

[0067] 即使第一层安全虚拟存储控制器32及第二层安全虚拟存储控制器33可能具有不同型式的装置接口,两者的结构实质上是相同的。 [0067] Even if the first-layer security virtual secure storage controller 32 and second layer 33 may have a virtual memory controller means different types of interfaces, both structures are substantially the same. 只要存储装置接口322与存储主机接口331兼容,第一层安全虚拟存储控制器32即可串接(cascaded)同时扩充更多的第二层安全虚拟存储控制器33。 As long as the memory device interface 322 is compatible with the host interface 331 is stored, the first layer 32 to secure virtual storage controllers connected in series (Cascaded) while the expansion of the second layer more secure virtual storage controller 33. 据此,通过此一扩充动作,系统的密度及效能将以指数增加。 Accordingly, by this expansion action, density and performance index of the system will increase. 在最简易的安全且可扩充的固态磁盘系统的结构中,主机系统30是直接与第二层虚拟存储控制器33其中之一耦接。 In the structure of the most simple and scalable security solid state disk system, the host system 30 directly with the second layer 33, wherein one of the virtual memory controller is coupled. 此种最小的安全且可扩充的固态磁盘系统仅包含第二层存储控制器33与第三层存储装置10的两层结构。 Such minimum security and scalable system comprising a solid-state disk controller 33 stores only the second layer and the third layer of two-layer structure of the storage device 10.

[0068] 第一层的编码引擎323与第二层的编码引擎333皆可视需求独立地被致能(enable)、失能(disable)与配置(configured)。 Independently coding engine 323 [0068] The first layer and second layer coding engine 333 are visible demand is enabled (enable), disability (disable) and configuration (configured). 一般情况而言,仅需上层的编码引擎,其它下层的编码引擎都将被失能。 General case, only the upper layer encoding engine, other lower layer coding engine will be disabled. 编码引擎将于图13中做更详细地说明。 Encoding engine will be explained in more detail in Figure 13.

[0069] 于主机存储接口上,可利用一SATA主机接口331与第一层虚拟存储控制器32耦接。 [0069] stored on the host interface, a SATA host interface 331 using the first layer and the controller 32 is coupled to virtual storage. 在本实施例中,存储接口可为一串行ATA或SATA。 In the present embodiment, the storage interface may be a serial ATA or SATA. 虚拟存储控制器33将于图4所绘示的安全虚拟存储控制器40中做更详细地说明。 Virtual memory controller 33 depicted in FIG. 4 will secure virtual storage controllers shown in 40 explained in more detail below.

[0070] 如图4所示,安全虚拟存储控制器40包含一存储主机接口41、一中断处理器42、一主机指令及数据处理器43、一中央处理单元(central processingunit ;CPU) 44、一程序存储器45、一随机存取存储器(random access memory ;RAM)及缓冲器46、一数据写入处理器401、一数据读取处理器402、一通行(pass-through)指令处理器403、一状态与属性撷取处理器404、一区域指令处理器405、一编码引擎406、一虚拟存储处理器407以及多个存储装置接口408。 [0070] As shown, a secure virtual storage controller 404 comprises a host interface 41 is stored, an interrupt processor 42, a host processor 43 instructions and data, a central processing unit (central processingunit; CPU) 44, a a program memory 45, a random access memory (random access memory; RAM) and a buffer 46, a write data processor 401, a processor 402 reads data, a password (pass-through) instruction processor 403, a retrieving status attribute processor 404, a regional command processor 405, a coding engine 406, a processor 407 and a plurality of storage virtual storage device interface 408.

[0071] 只要存储接口兼容,本发明的虚拟存储控制器可被串接并扩充。 [0071] As long as compatible with the storage interface, virtual storage controller of the present invention may be connected in series and expanded. 倘若需要增加密度,则可通过增加第二层虚拟存储控制器以达到扩充密度的目标。 If the need to increase the density can be increased by a second layer of virtual storage controllers to achieve the target density expansion. 据此,可进一步增加更多的第三层存储装置以扩充密度。 Accordingly, the third layer further add more memory to expand the device density. 与现有技术相比较,本发明的安全且可扩充的固态磁盘系统可提供指数级的存储密度扩充。 Compared with the prior art, secure and scalable solid state disk system according to the present invention can provide a storage density expanded exponentially.

[0072] 相较于现有技术的固态磁盘系统,本发明的安全且可扩充的固态磁盘系统通过标准的快闪卡(如安全数字卡10)作为闪存基础区块(building block),将可带来许多好处: [0072] Compared to the prior art solid-state disk system, security and scalable solid-state disk system of the present invention by standard flash card (e.g., a secure digital card 10) as the basis for a flash memory block (building block), will be many benefits:

[0073] 1.闪存的平均抹除被指定完成于局部的安全数字卡10。 [0073] 1. Flash specified average erasing is completed in the local security digital card 10. 整体的快闪组件并不需要大幅度的平均抹除。 Overall flash components do not require substantial average erase.

[0074] 2.可制造性与可测试性系于安全数字卡的存储装置层进行。 [0074] 2. manufacturability and testability within the storage means based layer security digital card. 装置层与固态磁盘系统层相较,更易于管理。 The device layer and layer of solid-state disk systems compared, easier to manage. [0075] 3.由于设计与发展被指定完成于安全数字卡10内的标准安全数字控制器12,因此支持并取得新快闪技术的优势即无任何时间延迟。 [0075] 3. Due to the design and development is completed at the specified standard Secure Digital Secure Digital card within 10 controller 12, and therefore support and to gain new flash technology, ie without any time delay.

[0076] 4.上市时间更短。 [0076] 4. A shorter time to market. 只要安全数字卡10在成本、密度和系统效能许可之下,前述安全且可扩充的固态磁盘系统31即可开始贩卖。 Secure Digital card in under 10 as long as the cost, density and system performance license, the aforementioned secure and scalable solid state disk system 31 to start trafficking.

[0077] 5.由于安全数字卡10的基础区块结构,将可自新快闪技术中省下许多成本。 [0077] The block structure as the basis of a secure digital card 10, will save a lot of art flash rehabilitation costs.

[0078] 6.由于虚拟存储处理器32、33,系统效能得以改善。 [0078] 6. Because the Virtual processors 32 and 33, system performance is improved. 虚拟存储处理器32、33可提供虚拟存储密度集合(aggregation)以及所需的系统效能集合。 Effectiveness collection of virtual memory processors 32 and 33 may provide a set of virtual storage density (aggregation) and the desired system. 平行运作时,理论上的系统效能将相同于安全数字卡的数量与各安全数字卡实质上系统效能的两者乘积。 When the parallel operation, the theoretical system efficiency will be the same in both the number of secure digital card with a secure digital card product system performance substantially.

[0079] 7.安全性系由硬件的编码引擎323或333提供。 [0079] 7. The security provided by the hardware-based encoding engine 323 or 333. 密码认证功能则独立地属于一USB信标35中。 It is independently a password authentication function belongs to a USB beacon 35. 因此,前述安全且可扩充的固态磁盘系统具备较佳的系统效能以及安全性。 Thus, the security and scalable system with solid-state disk system performance and better security.

[0080] 存储主机接口41系用以与上传串流主机系统30或另一上层的安全虚拟存储控制器耦接。 [0080] The storage system 41 to the host interface and the host system 30 or the streaming upload another upper secure virtual storage controller is coupled. 存储装置接口408系用以与下传串流存储装置10或另一下层的安全虚拟存储控制器f禹接。 A storage device interface 408 to the system stream downlink lower layer storage device 10 or another secure virtual memory access controller f Yu.

[0081 ] 图5是根据本发明另一实施例的方块图,其是一具有PATA接口的安全且可扩充的固态磁盘系统39。 [0081] FIG. 5 is a block diagram of another embodiment of the present invention, which is a solid-state disk system having a secure and scalable PATA interface 39. 主机系统50包含一处理器(图未绘不)、存储器(图未绘不)、输入输出(图未绘示)、一USB接口(图未绘示)以及一PATA主机控制器54。 The system 50 includes a host processor (not drawn in), a memory (not drawn in), input and output (not shown), a USB interface (not shown) and a PATA host controller 54. PATA主机控制器54通过一USB接口与一USB信标35连接,并通过一PATA主机接口381与具有一PATA接口的安全且可扩充的固态磁盘系统共同作业。 PATA host controller 54 via a USB interface and a USB beacon 35 is connected, via a PATA host interface 381 having a secure and scalable PATA interface common solid-state disk system operation.

[0082] 前述具有PATA接口的安全且可扩充的固态磁盘系统39包含一第一层安全虚拟存储控制器38、一第二层安全虚拟存储控制器32、二个第三层安全虚拟存储控制器33以及八个第四层存储装置安全数字卡10。 Solid-state disk system [0082] with the PATA interface security and scalable security layer 39 comprises a first virtual storage controller 38, a second-layer security virtual storage controller 32, a third two-layer security virtual storage controllers a fourth layer 33, and eight storage devices 10 secure Digital card. 如上所述,本发明的结构在密度和系统效能上同样是可被扩充且串接的。 As described above, the structure of the present invention also can be extended in series and in density and system performance.

[0083] 如图4所示,程序存储器45可存储防火墙以及虚拟存储控制器信息,随机存取存储器及缓冲器46则可存储数据封包用以快取(caching)操作。 [0083] The program memory 45 may store a firewall and a virtual storage information controller shown in FIG. 4, a random access memory and a buffer memory 46 may be used to cache data packet (Caching) operation.

[0084] 数据写入处理器401通过编码引擎耦接至虚拟存储处理器407,编码引擎是用以实时进行硬件加密作业。 [0084] processor 401 to write data by encoding engine coupled to virtual storage processor 407, the encoding engine is used in real-time hardware encryption operation. 数据可自缓冲器中被转换、加密并传送至虚拟存储处理器407。 Data may be converted from the buffer, encrypted and transmitted to the virtual storage processor 407.

[0085] 数据读取处理器402通过编码引擎耦接至虚拟存储处理器407,编码引擎系用以实时进行硬件解密作业。 [0085] Data processor 402 is read by an encoding engine coupled to the virtual storage processor 407, the encoding engine for real-time hardware-based decryption operation. 数据可自虚拟存储处理器407被转换、加密并传送至缓冲器。 Data from virtual storage processor 407 can be converted, encrypted and transmitted to the buffer.

[0086] 通行指令处理器403用以处理未要求任何区域处理的指令。 [0086] processor 403 to access instruction processing instruction region processing in any non-claimed. 通行指令系未经加密或翻译即直接被传送至下传串流。 Pass command line without a pass down stream encryption or translation that is directly transferred to.

[0087] 状态与属性撷取处理器404回报特定状态及/或属性至上传串流主机系统,或较上层的虚拟存储控制器。 [0087] The state of the processor 404 returns to retrieve attribute specific state and / or attribute to the streaming upload host system, or the upper layer of virtual storage controllers. 若前述状态或属性耗费区域控制器太多时间回报,状态与属性撷取处理器404将对前述请求上传串流的主机系统或较上层的虚拟存储控制器显示一忙碌状态。 If the state or attribute takes too much time zone controller returns status attribute processor 404 will fetch the requested streaming upload of the upper layer or the host system virtual storage controller displays a busy state. 当前述特定状态或属性收集完成时,中断处理器42以及计算机例行程序70将开始作业。 When said certain condition or the current collecting property is completed, the interrupt routine the processor 42 and a computer 70 to start the job. 中断处理器42产生一软件重置47至中央处理单元44,用以使前述安全虚拟存储控制器40进行暖开机。 The processor 42 generates a software interrupt 47 to reset the central processing unit 44, for causing the virtual storage secure controller 40 warm boot. 据此,中断处理器42即中断前述系统的上传串流,并再次询问虚拟存储控制器40以回报正确的状态或属性。 Accordingly, the interrupt handler 42 interrupts the previous upload stream that is the system, and asked 40 to return the correct state or properties of the virtual storage controllers again. 于主机与装置以不同速度运作时,此一机制将令其同步,且于同步的要求提出后,前述装置需要耗费较多时间进行安排。 And means in the host operating at different speeds, this mechanism will make a synchronized and the synchronization request made in the post, the more time consuming apparatus arrangements.

[0088] 通过程序存储器45中预先规划的一特定ID (identity),各安全虚拟存储控制器40将可被识别。 [0088] Each virtual storage secure controller 40 will be identified by a certain ID (identity) in program memory 45 in advance planning. 图6是初始化安全虚拟存储控制器的流程图。 6 is a flowchart of initializing a secure virtual storage controllers. 于开机后,安全虚拟存储控制器40第一次被初始化60,于步骤61中,即判断虚拟存储控制器是否已就绪。 After start, the virtual secure storage controller 40 is first initialized 60, in step 61, i.e., whether the virtual storage controller is ready. 若是,则于步骤62中,主机指令处理器被启动。 If yes, in step 62, the host command processor is activated. 否则,于步骤63中,控制器将发送一识别指令至下传串流的存储装置目录。 Otherwise, at step 63, the controller sends to the downstream storage means directory an identification instruction stream. 一旦下传串流的存储装置10被识别后,前述实体存储装置10于步骤64中将被测试。 Once the mass storage device 10 of the stream is identified, the physical storage device 10 at step 64 will be tested. 接着,经由步骤65,编码引擎被初始化。 Subsequently, via step 65, the encoding engine is initialized. 虚拟存储控制器于步骤66中被设定为就绪。 Virtual memory controller in step 66 is set to be ready. 随后执行步骤67,中断处理器被启动。 Then perform step 67, the interrupt handler is activated.

[0089] 图7是中断处理器执行的流程图。 [0089] FIG. 7 is a flowchart executed by the interrupt processor. 首先,经由步骤71判断虚拟存储控制器的下传串流是否有一中断要求。 First, step 71 is determined via a virtual stream downstream of the storage controller whether a interrupt request. 若是,经由步骤74同意前述中断要求的服务。 If, via step 74 agree with the previous interrupt requested service. 否则,于步骤72中,产生一中断至上传串流主机,或一较上层的虚拟存储控制器,以再次配置安全虚拟控制器40。 Otherwise, in step 72, generates an interrupt to upload streaming host, or the upper layers of a virtual storage controllers to re-configure a secure virtual controller 40. 步骤73实质上产生一软件重置47至区域中央处理单元44,使前述安全虚拟存储控制器40进行暖开机。 The step of generating a soft reset is substantially 73 to 47 region of the central processing unit 44, so that the secure virtual storage controller 40 warm boot. 于主机与装置以不同速度运作时,此一机制将令其同步,其中,前述装置于开机初始化后需要耗费较多时间进行安排。 And means in the host operating at different speeds, this mechanism will make the synchronization, wherein the initializing means after power takes more time to arrange.

[0090] 以上叙述即为初始化安全虚拟存储控制器40的过程。 [0090] The above description is the initialization process is secure virtual storage controller 40.

[0091] 图8为前述主机指令处理器执行的流程图。 [0091] FIG 8 is a flowchart executed by the host processor instruction. 前述主机指令与数据处理器43列队(queue up)并缓冲存储主机接口41与编码引擎406之间的指令与数据封包。 The host data processor 43 and instruction queue (queue up) and instruction buffer 406 stores data packets between the host interface 41 and the coding engine. 通过步骤80,将撷取出来的指令队列移交至主机指令处理器的例行程序,以便通过步骤8 I处理。 Step 80, to be extracted is transferred to the instruction queue routine of the host processor's instruction, the processing of step I to 8. 于步骤83中,若前述撷取出来的指令队列被判断为一数据写入指令,通过步骤802,一数据写入指令处理器401即被唤醒。 In step 83, if the instruction queue is retrieved out of a data write command is determined, in step 802, a data write command processor 401 i.e. wake. 于步骤84中,若前述撷取出来的指令队列被判断为一数据读取指令,通过步骤803,一数据读取指令处理器402即被唤醒。 In step 84, if the instruction fetch queue out is judged as a data read command, 803, a data reading instruction in step 402 the processor i.e. wake. 于步骤82中,若前述撷取出来的指令队列被判断为一通行指令,通过步骤801,一通行指令处理器403即被唤醒。 In step 82, if the instruction fetch queue out is judged as an instruction access, in step 801, i.e., a wake-up processor 403 access instructions. 于步骤85中,若前述撷取出来的指令队列被判断为一状态/属性撷取指令,通过步骤804,一状态/属性撷取处理器404即被唤醒。 In step 85, if the instruction fetch queue out is judged as a state / attribute instruction fetch, fetch processor 404 in step 804, a state / attribute i.e. wake. 否则,通过步骤805,一区域指令处理器405将被唤醒。 Otherwise, in step 805, a region instruction processor 405 will wake up.

[0092] 区域指令处理器405处理编码引擎406、虚拟存储处理器407以及区域虚拟存储控制器40的区域函数。 [0092] The processor 405 processing instruction region encoding engine 406, a virtual storage area processor 407, and functions of the controller 40 virtual storage area. 如图9所示,区域指令集90包含: 9, the region 90 comprises a set of instructions:

[0093] A.使用者提供指令91 [0093] A. providing instructions to the user 91

[0094] 1.密码功能指令94 [0094] 1. Password function instruction 94

[0095] 1.设定密码941 [0095] 1. Set Password 941

[0096] 2.更改密码942 [0096] 2. Change the password 942

[0097] 3.密码认证943 [0097] 3. password authentication 943

[0098] 4.设定密码提示944 [0098] 4. Setting the password prompt 944

[0099] 5.取得密码提示945 [0099] 5. to get a password prompt 945

[0100] 6.取得一尝试(attempt)次数946 [0100] 6. made a try (attempt) number 946

[0101] 7.初始化及分割要求947 [0101] 7. The initialization and divided in claim 947

[0102] a.设定加密金钥9471 [0102] a. Setting an encryption key 9471

[0103] b.取得新加密金钥9472 [0103] b. 9472 get a new encryption key

[0104] i1.存储分割指令95 [0104] i1. Division instruction memory 95

[0105] 8.取得虚拟存储属性951 [0105] 8. Properties of virtual storage 951 acquired

[0106] 9.初始化分割大小952 [0106] 9. The initialization segment sizes 952

[0107] 10.格式化953[0108] B.区域状态撷取92 [0107] 10. Format 953 [0108] B. capturing area state 92

[0109] C.厂商提供指令93 [0109] C. vendors Directive 93

[0110] 1.虚拟存储处理器组态96 [0110] 1. The configuration processor 96 virtual storage

[0111] 11.取得虚拟存储控制器识别(identity ;ID)961 [0111] 11. The virtual storage controller acquire identification (identity; ID) 961

[0112] 12.设定虚拟存储模式(集束磁盘、独立磁盘冗余数组或它者)962 [0112] 12. The virtual storage mode is set (cluster disk, a redundant array of independent disks or a person) 962

[0113] i1.编码引擎组态97 [0113] i1. Coding engine configuration 97

[0114] 13.设定编码模式971 [0114] 13. The encoding mode is set 971

[0115] 14.致能编码引擎972 [0115] 14. The coding engine 972 enable

[0116] 15.取得加密金钥973 [0116] 15. 973 acquires the encrypted key

[0117] ii1.密码属性组态98 [0117] ii1. Password attribute configuration 98

[0118] 16.设定主密码981 [0118] 16. The master password is set 981

[0119] 17.设定尝试次数的最大值982 [0119] 17. The maximum number of attempts set 982

[0120] 18.设定管理模式标志(flag) 983 [0120] 18. The setting management mode flag (flag) 983

[0121] 19.设定预设密码984 [0121] 19. Set default password 984

[0122] iv.测试模式指令99 [0122] iv. A test mode instruction 99

[0123] 使用者提供指令91系被专业领域应用程序使用的,其包含USB信标35内的密码认证功能。 [0123] 91 provide the user with instructions to use the areas of expertise-based application, comprising a password authentication function within the USB beacon 35. 使用者提供指令91包含密码功能指令94以及存储分割指令95。 91 provides the user with instructions comprising instructions cryptographic function 94 and a memory 95 divided instructions. 厂商系使用厂商提供指令93配置固态磁盘系统。 Department of vendors use vendor-supplied configuration instructions 93 solid-state disk system. 厂商提供指令93包含虚拟存储处理器组态96、编码引擎组态指令97、密码属性组态98以及测试模式指令99。 Instructions provided by the manufacturer processor 93 comprising a virtual storage configuration 96, the encoding engine 97 configuration instructions, configure the password attribute 98 and a test mode instruction 99. 区域状态撷取指令92是用以回传虚拟存储控制器的相应状态。 Region 92 is used for instruction fetch state corresponding state of virtual storage controllers return.

[0124] 取得虚拟存储控制器ID指令961系用以回传存储于程序存储器45的特定ID。 [0124] The controller ID acquired virtual storage system 961 to the return instruction is stored in the program memory 45 of a specific ID. 设定虚拟存储模式指令962可视系统效能的需求或功率消耗,设定集束磁盘(just a bunchof disks ;JBOD)、独立磁盘冗余数组(redundant arrays of independent disks ;RAID)或它者的操作模式。 Virtual memory mode setting instruction 962 the visual system performance or power consumption requirements, sizing disk set (just a bunchof disks; JBOD), Redundant Array of Independent Disks (redundant arrays of independent disks; RAID) operation mode or it's . 设定编码模式指令971系用以设定编码引擎的加密模式。 Set coding mode command to set the encryption mode 971 based encoding engine. 致能编码引擎指令972系用以致能编码引擎。 Enabling command 972 based encoding engine encoding used to enable the engine. 设定管理模式标志983用以于使用中(in the field)允许或禁止提供固态磁盘系统。 Management mode flag is set to 983 in use (in the field) to allow or prohibit providing solid state disk system. 若前述标志被设定为非管理模式,则必须利用USB信标以再次提供并初始化前述固态磁盘系统。 If the flag is set to a non-management mode, you must use USB beacons to provide the aforementioned solid-state disk and initialize the system again. 若前述标志被设定为管理模式,则使用者必须连回至管理服务器,以再次提供及初始化固态磁盘系统。 If the flag is set to management mode, the user must connect back to the management server to provide a solid-state disk again and initialize the system. 前述标志仅能由厂商设定。 The flag can only be set by the manufacturer. 测试模式指令99可由制造商保留(reserved)以测试固态磁盘系统。 Test Mode command 99 by manufacturer reserves (reserved) to test the solid state disk system.

[0125] 于就绪使用之前,固态磁盘系统于制作过程间必须先通过厂商准备。 [0125] before ready to use, solid state disk system for inter-making process must be ready by the manufacturer. 如图3所示,前述准备系通过将安全且可扩充的固态磁盘系统31经一适当的SATA主机控制器34或一USB信标35连结至一主机系统30而达成。 3, the system prepared by solid state disk system security and scalable link 31 via a suitable controller 34 or a SATA host beacon 35-1 USB host system 30 and reach. 图10是配置前述厂商准备的流程图。 10 is a flowchart of the manufacturer ready configuration. 首先于步骤101,等待安全虚拟存储控制器就绪。 First, at step 101, waiting for a secure virtual storage controllers ready. 当控制器就绪的后,厂商预设设定值于步骤102中被加载。 When the controller is ready, factory pre-set value in step 102 is loaded. 于步骤103中,前述虚拟存储处理器开始被配置。 In step 103, the processor starts the virtual storage is configured. 之后,于步骤104中,前述编码引擎开始被配置。 Thereafter, in step 104, the coding engine start is arranged. 而于步骤105中,则视需求致能编码引擎。 And in step 105, the coding engine can be activated as needed.

[0126] 图11是配置虚拟存储处理器的流程图。 [0126] FIG. 11 is a flowchart of configuring a virtual processor. 如图11所示,于步骤111中,虚拟存储模式被设定,即利用前述区域指令其中之一设定虚拟存储模式962。 As shown in FIG. 11, in step 111, virtual storage mode is set, i.e., using the aforementioned one set of virtual instruction region storage mode 962. 虚拟存储操作模式可被设定为JBOD、RAID或它者。 Virtual memory operating mode can be set to JBOD, RAID, or by it. 因此,根据实体存储装置目录64 (请参阅图6),一虚拟存储集合于步骤112便已完成。 Thus, according to the entity store directory 64 (see FIG. 6), a set of virtual storage in step 112 is completed. 建立一虚拟存储识别目录。 The establishment of a virtual storage identification directory. 于步骤113中,一虚拟存储装置目录被建立。 In step 113, a virtual storage directory is established. 通过步骤114,利用虚拟存储处理器407(请参阅图4)建立一实体至逻辑地址转换目录。 By step 114, the processor using the virtual storage 407 (see FIG. 4) to establish a logical physical address translation directory. 随后,于步骤115中,前述虚拟存储处理器被设定为就绪状态。 Subsequently, in step 115, the virtual storage processor is set to the ready state.

[0127] 图12为配置编码引擎的流程图。 [0127] 12 is a flowchart of the encoding engine configuration in FIG. 于步骤120中,通过前述等区域指令其中之一配置编码引擎,并于步骤121中发送一编码模式设定指令971。 In step 120, one of which encode the configuration engine, a transmission and coding mode setting instruction 971 in step 121 and the like through the instruction region. 接着,于步骤122中,发送一尝试设定次数最大值的指令982。 Next, in step 122, attempts to send a command to set the maximum number of 982. 于步骤1220中,发送一取得加密金钥指令973。 In step 1220, transmits a command 973 acquires the encrypted key. 因此,于编码引擎406中,将利用一随机数产生器RNG 134产生一随机数金钥(图未绘示)。 Thus, in coding engine 406, using a random number generator RNG 134 generates a random number key (not shown). 前述随机数金钥于步骤1220中被加密并回传以取得加密金钥指令973。 The random number key is encrypted in step 1220 and return to 973 to obtain the encrypted key command. 若于步骤1221中要求一主密码,则于步骤1222中初始化一取得主密码指令程序并发送一设定主密码指令981。 If in step 1221 requires a master password, in a step 1222 initializes a program of instructions to obtain the master password and sends a command 981 to set the master password. 于步骤123中,判断标志是否为管理模式。 In step 123, it is determined whether the flag management. 若是,则于步骤124中,视需求将前述加密金钥存储于管理服务器。 If yes, in step 124, depending on the needs of the encryption key stored in the management server. 若否,则通过步骤125,将前述加密金钥存储于USB信标35。 If not, in step 125, the encryption key stored in the USB beacon 35. 于步骤126中,通过密码设定指令981发送主密码至编码引擎。 In step 126, the password setting command 981 sent by the master password to the encoding engine. 接着,加密后的主密码将被存储于固态磁盘系统中(图未绘示)。 Next, the encrypted master password will be stored in the solid-state disk system (not shown). 于步骤1260中,通过指令984设定一预设密码。 In step 1260, a default password 984 is set by an instruction. 接着,加密后的预设密码将被存储于固态磁盘系统中(图未绘示)。 Subsequently, the preset password is encrypted to be stored in the solid-state disk system (not shown). 而编码引擎可被失能或致能。 The encoding engine may be enabled or disabled. 若编码引擎被致能,编码引擎于步骤127中,可视需求被设定为执行一特定加密模式。 If the coding engine is enabled, the encoding engine in step 127, the visualization requirements are set to perform a specific encryption pattern. 随后,编码引擎准备标志记于步骤128中被设为就绪。 Subsequently, the encoding engine ready flag is expressed in step 128 is set in place.

[0128] 图13是编码引擎的方块图。 [0128] FIG. 13 is a block diagram of the encoding engine. 编码引擎406包含一随机数产生器RNG 134、一杂凑函数HASH 131、一第一通用加密引擎ENG2 132、一第二数据加密引擎ENG3 133、一存储上传串流接口135以及一存储下传串流接口136。 Coding engine 406 includes a random number generator RNG 134, a hash function HASH 131, a first common encryption engine ENG2 132, a second data encryption engine ENG3 133, the stream pass a memory interface 135, and a streaming upload stored interface 136. 编码引擎的详细实施方式请参阅美国专利申请案第11/643,101号。 Detailed embodiment encoding engine, please refer to US Patent Application No. 11 / 643,101.

[0129] 主机系统30将取决于插入的USB信标35进行密码认证。 [0129] The host system 30 will depend on the beacon 35 inserted USB password authentication. 请参阅图14A,于步骤140中,主机系统30通过冷开机之后。 Please refer to FIGS. 14A, in step 140, after the host system 30 by a cold boot. 于步骤141中,USB信标35同样冷开机。 In step 141, USB same beacon 35 cold boot. 并通过步骤142启动USB信标操作。 And the beacon 142 starts USB operation step.

[0130] 请参阅图14B,于步骤143中,主机系统30关机之后。 [0130] Refer to 14B, the step 143, the host system 30 after the shutdown. 于步骤144中,固态磁盘系统同样关机。 In step 144, the same solid-state disk system shutdown. 而由于电力中断,于步骤145中,固态磁盘系统中的加密金钥将遗失。 And because power outages, at step 145, the encryption key solid state disk system will be lost. 于步骤146中,只要加密金钥尚未通过加载USB信标35的密码认证功能回复,则前述固态磁盘系统将会维持加密。 In step 146, as long as the encryption key has not been loaded via USB beacon password authentication function 35 reply, the aforementioned solid state disk system will remain encrypted.

[0131] 请参阅图14D,于步骤1403中,主机系统30休眠之后。 [0131] Referring to FIG 14D, in step 1403, the host system 30 after the sleep. 于步骤1404中,固态磁盘系统同样休眠。 In step 1404, the same solid state disk system hibernation. 而由于电力中断,于步骤1405中,固态磁盘系统的加密金钥将遗失。 And because the power outage, in step 1405, encryption key solid state disk system will be lost. 于步骤1406中,只要加密金钥尚未通过加载USB信标35的密码认证功能回复,则前述固态磁盘系统将会维持加密状态。 In step 1406, as long as the encryption key has not been loaded via USB beacon password authentication function 35 reply, the aforementioned solid state disk system will remain encrypted.

[0132] 请参阅图14C,于步骤1400中,当主机系统30自休眠中被唤醒之后。 [0132] Please refer to FIG. 14C, in step 1400, the host system 30 after being awakened from sleep. 于步骤1401中,USB信标35同样冷开机,即如同图14A所绘示。 In step 1401, USB beacon same cold boot 35, i.e., as depicted in FIG. 14A. 最后,于步骤1402中,启动USB信标操作。 Finally, in step 1402, the beacon starts USB operation.

[0133] 图15为USB信标开机的流程图。 [0133] FIG. 15 is a flowchart beacon USB boot. 如图15所示,于步骤151中,一旦USB信标网络服务器开机。 15, in step 151, the network server once the beacon USB boot. 于步骤152中,前述USB信标等待存储器与编码引擎准备为就绪状态。 In step 152, the USB memory to wait for the beacon encoding the engine is ready to ready. 接着于步骤153中,启动密码认证功能。 Then in step 153, boot password authentication. 前述密码认证功能的详细实施步骤请参阅美国专利申请案第11/643,101号。 Detailed implementation steps preceding password authentication function, refer to US Patent Application No. 11 / 643,101.

[0134] 于步骤154中,若通过使用者指令947产生初始与分割要求则编码引擎将自随机数产生器134取得一新随机数金钥(图未绘示)。 [0134] In step 154, if the initial segmentation generated by a user instruction in claim 947 encoding engine 134 will generate a new random number to obtain a key (not shown) from a random number. 而后,于步骤1541中,前述标志将被判断是否为管理模式。 Then, in step 1541, the flag is judged whether the management mode. 若否,则于步骤1543中,自USB信标35撷取加密金钥。 If not, in step 1543, the beacon 35 from the USB capture encryption key. 否则,即于步骤1542中,自管理服务器撷取加密金钥。 Otherwise, that is, in step 1542, from the management server to retrieve encryption keys. 随后,于步骤1544中,前述加密金钥通过设定加密金钥指令9471被发送至编码引擎。 Subsequently, in step 1544, the encrypted key is sent to the encoding engine through the encryption key setting instruction 9471. 编码引擎解密并撷取前述金钥(图未绘示)。 Decrypt and retrieve the coding engine key (not shown). 编码引擎(图未绘示)撷取并解密前述加密的主密码。 Coding engine (not shown) to retrieve and decrypts the encrypted master password. 随后,自随机数产生器RNG 134(图未绘示)产生一新随机数金钥。 Then, since the random number generator RNG 134 (not shown in FIG.) To generate a new random number key. 前述主密码可通过编码引擎(图未绘示)使用前述新金钥加密。 The master password may be encoded by the engine (not shown) using the new encryption key. 于步骤1545中,前述功能将通过初始化一取得新加密金钥指令9472。 In step 1545, the function would obtain a new encrypted key 9472 by the initialization command. 于步骤1546、1547中,可视需求将新加密金钥存储于管理服务器或USB信标35中。 In step 1546,1547, visual demand new encryption key stored in the management server 35 or the USB in the beacon. 于步骤1548中,使用者要求并配置新使用者密码。 In step 1548, the user requests and configure the new user password. 主密码与使用者密码皆通过杂凑函数131重新产生并存储于固态磁盘系统(图未绘示)。 Master password and user password hash functions are re-generated by 131 and stored in solid-state disk system (not shown). 并于步骤1549中,组态前述固态磁盘系统分割。 And in step 1549, the aforementioned solid state disk system configuration split.

[0135] 倘若前述要求并非初始化及分割,则于步骤155中,将判断是否产生一密码认证请求。 [0135] If the requirement is not initialized and is divided, in a step 155, the determination whether to generate a password authentication request. 若是,则于步骤1550中,启动密码认证。 If so, then in step 1550, boot password authentication. 若否,将于步骤156中,判断是否有产生一更改密码请求。 If not, it will be 156, whether or not there is the step of generating a request to change the password. 若是,则于步骤157中,启动密码更改功能。 If so, then in step 157, to start the password change function. 否则将通过步骤154,回到步骤155中,继续判断是否有新的密码功能请求。 Otherwise, step 154 ​​returns to step 155, continues to determine whether a new password feature requests.

[0136] 图16是密码认证的流程图。 [0136] FIG. 16 is a flowchart of the password authentication. 首先,于步骤161中,判断前述密码是否已被认证。 First, in step 161, it is determined whether or not the password is authenticated. 若是,则于步骤164中撷取并加载前述编码引擎金钥至编码引擎中,同时开启存取。 If, in a step 164 to retrieve and load the encoding engine encoding key to the engine, while the access opening. 随后,于步骤165中,卸载(dismount) USB信标。 Subsequently, in step 165, unload (dismount) USB beacon. 步骤166中,前述固态磁盘系统被安装。 In step 166, the solid-state disk system is installed. 于步骤167,控制权转移至前述固态磁盘系统。 In step 167, control is transferred to the aforementioned solid state disk system. 若密码未被认证,于步骤162中,判断是否超出一尝试次数最大值(maximumnumber of attempts ;ΜΝ0Α)。 If the password is not authenticated, in step 162, it is determined whether the number of attempts exceeds a maximum value (maximumnumber of attempts; ΜΝ0Α). 若结果为肯定,贝U于步骤163中,启动一反击测量(counter measure)以抵抗恶意攻击。 If the result is positive, Tony U in step 163, the start a counter measure (counter measure) against malicious attacks. 否则,于步骤168中,增加前述尝试次数(number of attempts ;Ν0Α)的计数。 Otherwise, in step 168, attempts to increase the (number of attempts; Ν0Α) count. 最后于步骤169中结束并返回图15绘示的密码循环的步骤154。 Finally, in step 169 ends and returns to step cycle depicted in FIG password 15 154.

[0137] 尽管根据本发明的安全且可扩充的固态磁盘系统可操作于安全数字卡、多媒体卡、微型快闪卡、USB装置、存储棒、高速卡、逻辑区块寻址-与非(1gicalblockaddressing-NAND ;LBA_NAND)、开放式与非闪存接口(open NAND flashinterface ;0NFI) >内嵌式多媒体卡(embed multimedia card ;eMMC)与内嵌式安全数字卡(embed securitydigital card ;eSD)的任一接口。 [0137] Although the present invention The security and scalable solid-state disk system is operable in a secure digital card, a multimedia card, a micro flash cards, USB devices, memory stick, high-speed card, Logical Block Addressing - NAND (1gicalblockaddressing -NAND; LBA_NAND), open NAND Flash Interface (open NAND flashinterface; 0NFI)> embedded multimedia card (embed multimedia card; eMMC) with embedded secure Digital card (embed securitydigital card; eSD) according to any one of the interface . 所属领域的技术者可轻易地将前述磁盘系统置换成任一种类似的存储器装置,同时并不违反本发明的精神及保护范畴。 Those skilled in the art that the disk system can be easily replaced with any of a similar memory device while not departing from the spirit and the protection scope of the invention.

[0138] 上述的实施例仅用来例举本发明的实施态样,以及阐释本发明的技术特征,并非用来限制本发明的保护范畴。 [0138] The examples are only embodiments of the present invention to include aspects and features of the invention is explained, it is not meant to limit the scope of the invention. 任何熟悉此技术者可轻易完成的改变或均等性的安排均属于本发明所主张的范围,本发明的权利保护范围应以申请专利范围为准。 Skilled in this field may proceed with a variety of modifications of the arrangement according to the present invention belong to the scope of the claimed, the scope of rights of the present invention should be patented scope of equivalents.

Claims (29)

  1. 1.一种固态磁盘系统,其特征在于包含: 至少一安全虚拟存储控制器,耦接至一主机系统,包含: 一第一层安全存储控制器;以及多个第二层虚拟存储控制器,具有一接口,所述第二层虚拟存储控制器兼容于所述第一层虚拟存储控制器,所述第一层安全存储控制器串接所述第二层虚拟存储控制器; 多个虚拟存储装置,耦接至所述至少一安全虚拟存储控制器的所述第二层虚拟存储控制器;以及一使用者信标,作为一提供所述主机系统密码认证的媒介。 A solid-state disk system, characterized by comprising: at least one secure virtual storage controller coupled to a host system, comprising: a first layer of a secure storage controller; a second layer and a plurality of virtual storage controllers, having an interface controller of the second layer is compatible with virtual memory virtual storage controller of the first layer, the first layer of the secure storage controller serially connected second layer virtual storage controller; a plurality of virtual storage means, coupled to the at least one virtual storage secure controller of the second layer of virtual storage controller; and a user beacon, the host system as providing a password authentication medium.
  2. 2.如权利要求1所述的系统,其特征在于所述第二层安全虚拟存储控制器的数量可通过所述接口增加至所述第一层安全虚拟存储控制器。 2. The system according to claim 1, wherein said second layer is the number of virtual storage controllers may secure the first layer to the interface to increase the safety virtual storage controller.
  3. 3.如权利要求1所述的系统,其特征在于所述第一层安全虚拟存储控制器是利用一第一编码引擎以提供安全性。 3. The system according to claim 1, wherein said first layer is a secure virtual storage controller utilizing a first coding engine to provide security.
  4. 4.如权利要求3所述的系统,其特征在于所述各第二层安全虚拟存储控制器是利用一第二编码引擎以提供安全性。 4. The system according to claim 3, wherein each of the second-layer security virtual storage controller using a second coding engine to provide security.
  5. 5.如权利要求1所述的系统,其特征在于所述至少一虚拟存储控制器还包含一编码引擎以提供安全性。 5. The system according to claim 1, characterized in that said at least one virtual storage controller further comprises a coding engine to provide security.
  6. 6.如权利要求4所述的系统,其特征在于所述第一编码引擎以及所述各第二编码引擎可分别被致能、失能与配置。 6. The system of claim 4, wherein said each of said first and second encoding engine encoding each engine may be enabled, disabled and configuration.
  7. 7.如权利要求1所述的系统,其特征在于所述第一层安全虚拟存储控制器包含: 一存储主机接口; 一中断处理器,耦接至所述存储主机接口; 一主机指令与数据处理器; 一中央处理单元; 一软件重置器,耦接至所述中央处理单元; 一程序存储器; 一控制器标识符码; 一随机存取存储器及一缓冲器; 一数据写入处理器; 一数据读取处理器: 一通行指令处理器; 一状态与属性撷取处理器; 一区域指令处理器; 一编码引擎; 一虚拟存储处理器;以及多个存储装置接口。 A host instructions and data; a memory host interface; interrupt a processor, memory coupled to the host interface: 7. A system as claimed in claim 1, wherein said first layer comprises a secure virtual storage controller a processor; a central processing unit; a software reset, coupled to said central processing unit; a program memory; a controller identifier code; a and a buffer random access memory; a data write processor ; reading a data processor: a processor access instruction; retrieve a processor status attribute; a region instruction processor; a coding engine; a virtual storage processor; and a plurality of storage device interface.
  8. 8.如权利要求1所述的系统,其特征在于所述各第二层安全虚拟存储控制器包含: 一存储主机接口; 一中断处理器,耦接至所述存储主机接口; 一主机指令与数据处理器;一中央处理单元; 一软件重置器,耦接至所述中央处理单元; 一程序存储器; 一控制器标识符码; 一随机存取存储器及一缓冲器; 一数据写入处理器; 一数据读取处理器: 一通行指令处理器; 一状态与属性撷取处理器; 一区域指令处理器; 一编码引擎; 一虚拟存储处理器;以及多个存储装置接口。 8. The system according to claim 1, wherein each of the second-layer security virtual storage controller comprising: a host interface memory; interrupt a processor, memory coupled to the host interface; and a host command a data processor; a central processing unit; a software reset, coupled to said central processing unit; a program memory; a controller identifier code; a and a buffer random access memory; a data writing process device; a data reading processor: a processor access instruction; capturing a state attribute processor; a region instruction processor; a coding engine; a virtual storage processor; and a plurality of storage device interface.
  9. 9.如权利要求7所述的系统,其特征在于所述存储主机接口包含一串行高速硬盘接口,且所述各存储装置接口包含一串行高速硬盘接口。 9. The system according to claim 7, wherein said memory interface includes a host interface to a serial high-speed hard disk, and each of the memory device interface comprises a serial high-speed hard disk interface.
  10. 10.如权利要求7所述的系统,其特征在于所述存储主机接口包含一平行高速硬盘接口,且所述各存储装置接口`包含一串行高速硬盘接口。 10. The system according to claim 7, wherein said memory comprises a parallel host interface high-speed hard disk interface and the respective memory device interface comprises a serial high-speed `hard disk interface.
  11. 11.如权利要求8所述的系统,其特征在于所述存储主机接口包含一串行高速硬盘接口,且所述各存储装置接口包含一安全数字接口。 11. The system according to claim 8, wherein said memory interface includes a host interface to a serial high-speed hard disk, and each of the memory device interface comprises a secure digital interface.
  12. 12.如权利要求11所述的系统,其特征在于所述安全数字接口包含一存储装置卡、多媒体卡、一微型快闪卡、通用串行总线装置、存储棒、高速卡、逻辑区块寻址-与非、开放式与非闪存接口、内嵌式多媒体卡与内嵌式安全数字卡的任一接口。 12. The system of claim 11, wherein the secure memory means includes a digital interface card, a multimedia card, a flash mini-card, a universal serial bus means, a memory stick, a high speed card, find logic blocks site - with non-open-NAND flash memory interfaces, embedded multimedia card with built-in secure Digital card of either interface.
  13. 13.如权利要求1所述的系统,其特征在于通过增加额外的安全虚拟存储控制器,以加强存储能力及效能。 13. The system according to claim 1, characterized in that the additional security by adding virtual storage controllers, to enhance storage capacity and performance.
  14. 14.如权利要求7所述的系统,其特征在于当所述主机与装置以不同速度运作时,所述中断处理器以及所述软件重置器形成一机制,以便所述主机与装置同步。 14. The system according to claim 7, wherein when said host device operating at different speeds, the interrupt processor and the software forms a reset mechanism for the host and synchronization means.
  15. 15.如权利要求8所述的系统,其特征在于当所述主机与装置以不同速度运作时,所述中断处理器以及所述软件重置器形成一机制,以便所述主机与装置同步。 15. The system according to claim 8, wherein when said host device operating at different speeds, the interrupt processor and the software forms a reset mechanism for the host and synchronization means.
  16. 16.—种固态磁盘系统,其特征在于包含: 一第一层安全虚拟存储控制器,耦接至一主机系统; 多个第二层虚拟存储控制器,具有一接口,所述第二层虚拟存储控制器兼容于所述第一层虚拟存储控制器,所述第一层安全存储控制器串接所述第二层虚拟存储控制器;多个第二层虚拟存储装置的下层,耦接至所述第二层虚拟存储控制器的上层;以及一使用者信标,用以作为提供所述主机系统一密码认证的媒介。 16.- solid-state disk system, characterized by comprising: a first layer of a secure virtual memory controller coupled to a host system; a second layer of a plurality of virtual storage controllers, having an interface, the second dummy layer the memory controller is compatible with the first layer of virtual storage controllers, the secure storage controller of the first layer and the second layer concatenated virtual storage controller; a second layer underlying the plurality of virtual storage device, coupled to an upper layer of the second virtual storage controller; and a user beacon to the host system as providing a password authentication media.
  17. 17.如权利要求16所述的系统,其特征在于所述第二层安全虚拟存储控制器的数量可通过所述接口增加至所述第一层安全虚拟存储控制器。 17. The system according to claim 16, wherein said second layer is the number of virtual storage controllers may secure the first layer to the interface to increase the safety virtual storage controller.
  18. 18.如权利要求16所述的系统,其特征在于所述第一层安全虚拟存储控制器是利用一第一编码引擎提供安全性予所述第一层安全虚拟存储控制器。 18. The system according to claim 16, characterized in that said first security layer using a virtual storage controller to provide a first coding engine security layer to secure the first virtual storage controllers.
  19. 19.如权利要求18所述的系统,其特征在于所述各第二层安全虚拟存储控制器是利用一第二编码引擎分别提供安全性予所述各第二层安全虚拟存储控制器。 19. The system according to claim 18, wherein each of the second-layer security virtual storage controller using a second coding engine are supplied to the respective second security layer security virtual storage controller.
  20. 20.如权利要求19所述的系统,其特征在于所述第一编码引擎以及所述各第二编码引擎可分别被致能、失能与配置。 20. The system according to claim 19, wherein said each of said first and second encoding engine encoding each engine may be enabled, disabled and configuration.
  21. 21.如权利要求16所述的系统,其特征在于所述第一层安全虚拟存储控制器还包含: 一存储主机接口; 一中断处理器,耦接至所述存储主机接口; 一主机指令与数据处理器; 一中央处理单元; 一软件重置器,耦接至所述中央处理单元; 一程序存储器; 一控制器标识符码; 一随机存取存储器及一缓冲器; 一数据写入处理器; 一数据读取处理器: 一通行指令处理器; 一状态与属性撷取处理器; 一区域指令处理器; 一编码引擎; 一虚拟存储处理器;以及多个存储装置接口。 21. The system according to claim 16, wherein said first layer secure virtual storage controller further comprises: a host interface memory; interrupt a processor, memory coupled to the host interface; and a host command a data processor; a central processing unit; a software reset, coupled to said central processing unit; a program memory; a controller identifier code; a and a buffer random access memory; a data writing process device; a data reading processor: a processor access instruction; capturing a state attribute processor; a region instruction processor; a coding engine; a virtual storage processor; and a plurality of storage device interface.
  22. 22.如权利要求16所述的系统,其特征在于所述各第二层安全虚拟存储控制器还包含: 一存储主机接口; 一中断处理器,耦接至所述存储主机接口; 一主机指令与数据处理器; 一中央处理单元; 一软件重置器,耦接至所述中央处理单元; 一程序存储器; 一控制器标识符码; 一随机存取存储器及一缓冲器; 一数据写入处理器; 一数据读取处理器: 一通行指令处理器; 一状态与属性撷取处理器; 一区域指令处理器; 一编码引擎; 一虚拟存储处理器;以及多个存储装置接口。 22. The system according to claim 16, wherein each of the second-layer security virtual storage controller further comprises: a host interface memory; interrupt a processor, memory coupled to the host interface; a host command with the data processor; a central processing unit; a software reset, coupled to said central processing unit; a program memory; a controller identifier code; a and a buffer random access memory; a data write a processor; a read data processor: a processor access instruction; retrieve a processor status attribute; a region instruction processor; a coding engine; a virtual storage processor; and a plurality of storage device interface.
  23. 23.如权利要求21所述的系统,其特征在于所述存储主机接口包含一串行高速硬盘接口,且所述各存储装置接口包含一串行高速硬盘接口。 23. The system according to claim 21, wherein said memory interface includes a host interface to a serial high-speed hard disk, and each of the memory device interface comprises a serial high-speed hard disk interface.
  24. 24.如权利要求21所述的系统,其特征在于所述存储主机接口包含一平行高速硬盘接口,且所述各存储装置接口包含一串行高速硬盘接口。 24. The system according to claim 21, wherein said memory comprises a parallel host interface high-speed hard disk interface and the respective memory device interface comprises a serial high-speed hard disk interface.
  25. 25.如权利要求22所述的系统,其特征在于所述存储主机接口包含一串行高速硬盘接口,且所述各存储装置接口包含一安全数字接口。 25. The system according to claim 22, wherein said memory interface includes a host interface to a serial high-speed hard disk, and each of the memory device interface comprises a secure digital interface.
  26. 26.如权利要求25所述的系统,其特征在于所述安全数字接口包含一存储装置卡、多媒体卡、微型快闪卡、通用串行总线装置、存储棒、高速卡、逻辑区块寻址-与非、开放式与非闪存接口、内嵌式多媒体卡与内嵌式安全数字卡的任一接口。 26. The system according to claim 25, wherein said secure storage means comprises a digital interface card, a multimedia card, a flash mini-card, a universal serial bus means, a memory stick, a high speed card, Logical Block Addressing - with non-open-NAND flash memory interfaces, embedded multimedia card with built-in secure Digital of either interface.
  27. 27.如权利要求16所述的系统,其特征在于通过增加额外的安全虚拟存储控制器,以加强存储能力及效能。 27. The system according to claim 16, characterized in that the additional security by adding virtual storage controllers, to enhance storage capacity and performance.
  28. 28.如权利要求21所述的系统,其特征在于当所述主机与装置以不同速度运作时,所述中断处理器以及所述软件重置器形成一机制,以所述主机与装置同步。 28. The system according to claim 21, wherein when said host device operating at different speeds, the interrupt processor and the software forms a reset mechanism, and synchronized to the host device.
  29. 29.如权利要求22所述的系统,其特征在于当所述主机与装置以不同速度运作时,所述中断处理器以及所述软件重置器形成一机制,以便所述主机与装置同步。 29. The system according to claim 22, wherein when said host device operating at different speeds, the interrupt processor and the software forms a reset mechanism for the host and synchronization means.
CN 200880015021 2007-05-09 2008-03-28 Secure and scalable solid state disk system CN101681253B (en)

Priority Applications (7)

Application Number Priority Date Filing Date Title
US11746582 US8499168B2 (en) 2007-05-09 2007-05-09 Secure and scalable solid state disk system
US11746556 US8527781B2 (en) 2007-05-09 2007-05-09 Secure and scalable solid state disk system
US11/746,556 2007-05-09
US11/746,576 2007-05-09
US11746576 US8010768B2 (en) 2007-05-09 2007-05-09 Secure and scalable solid state disk system
US11/746,582 2007-05-09
PCT/US2008/058532 WO2008140868A1 (en) 2007-05-09 2008-03-28 Secure and scalable solid state disk system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 201310060695 CN103226678B (en) 2007-05-09 2008-03-28 Secure and scalable solid state disk system
CN 201310060707 CN103235922B (en) 2007-05-09 2008-03-28 Secure and scalable solid state disk system

Publications (2)

Publication Number Publication Date
CN101681253A true CN101681253A (en) 2010-03-24
CN101681253B true CN101681253B (en) 2013-10-16

Family

ID=40002569

Family Applications (4)

Application Number Title Priority Date Filing Date
CN 201310060707 CN103235922B (en) 2007-05-09 2008-03-28 Secure and scalable solid state disk system
CN 201310060695 CN103226678B (en) 2007-05-09 2008-03-28 Secure and scalable solid state disk system
CN 200880015021 CN101681253B (en) 2007-05-09 2008-03-28 Secure and scalable solid state disk system
CN 201310060706 CN103226679B (en) 2007-05-09 2008-03-28 Secure and scalable solid state disk system

Family Applications Before (2)

Application Number Title Priority Date Filing Date
CN 201310060707 CN103235922B (en) 2007-05-09 2008-03-28 Secure and scalable solid state disk system
CN 201310060695 CN103226678B (en) 2007-05-09 2008-03-28 Secure and scalable solid state disk system

Family Applications After (1)

Application Number Title Priority Date Filing Date
CN 201310060706 CN103226679B (en) 2007-05-09 2008-03-28 Secure and scalable solid state disk system

Country Status (2)

Country Link
CN (4) CN103235922B (en)
WO (1) WO2008140868A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8607070B2 (en) 2006-12-20 2013-12-10 Kingston Technology Corporation Secure storage system and method of use
US8499168B2 (en) 2007-05-09 2013-07-30 Kingston Technology Corporation Secure and scalable solid state disk system
US8010768B2 (en) 2007-05-09 2011-08-30 Kingston Technology Corporation Secure and scalable solid state disk system
US8595397B2 (en) 2009-06-09 2013-11-26 Netapp, Inc Storage array assist architecture

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6148387A (en) 1997-10-09 2000-11-14 Phoenix Technologies, Ltd. System and method for securely utilizing basic input and output system (BIOS) services

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1130516A1 (en) * 2000-03-01 2001-09-05 Hewlett-Packard Company, A Delaware Corporation Address mapping in solid state storage device
US6907479B2 (en) * 2001-07-18 2005-06-14 Integrated Device Technology, Inc. Integrated circuit FIFO memory devices that are divisible into independent FIFO queues, and systems and methods for controlling same
US7284126B2 (en) * 2002-11-12 2007-10-16 Agilent Technologies, Inc. Device authentication using pre-configured security keys
JP2004201038A (en) * 2002-12-18 2004-07-15 Internatl Business Mach Corp <Ibm> Data storage device, information processing apparatus mounted therewith, and data processing method and program thereof
US20050195975A1 (en) * 2003-01-21 2005-09-08 Kevin Kawakita Digital media distribution cryptography using media ticket smart cards
US7762470B2 (en) * 2003-11-17 2010-07-27 Dpd Patent Trust Ltd. RFID token with multiple interface controller
US7299316B2 (en) * 2004-02-26 2007-11-20 Super Talent Electronics, Inc. Memory flash card reader employing an indexing scheme
CN1735006B (en) * 2004-08-03 2012-05-02 伊诺瓦科技股份有限公司 Real-time data encryption/decryption system and method for IDE/ATA data transmission

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6148387A (en) 1997-10-09 2000-11-14 Phoenix Technologies, Ltd. System and method for securely utilizing basic input and output system (BIOS) services

Also Published As

Publication number Publication date Type
CN103235922B (en) 2017-08-25 grant
CN101681253A (en) 2010-03-24 application
CN103226679B (en) 2016-06-08 grant
CN103235922A (en) 2013-08-07 application
CN103226678A (en) 2013-07-31 application
CN103226679A (en) 2013-07-31 application
WO2008140868A1 (en) 2008-11-20 application
CN103226678B (en) 2016-12-28 grant

Similar Documents

Publication Publication Date Title
US8745277B2 (en) Command portal for securely communicating and executing non-standard storage subsystem commands
US7036040B2 (en) Reliability of diskless network-bootable computers using non-volatile memory cache
US20080046997A1 (en) Data safe box enforced by a storage device controller on a per-region basis for improved computer security
US7237046B2 (en) Data storage device with full access by all users
US20080320209A1 (en) High Performance and Endurance Non-volatile Memory Based Storage Systems
US7136973B2 (en) Dual media storage device
US7873837B1 (en) Data security for electronic data flash card
US20130227201A1 (en) Apparatus, System, and Method for Accessing Auto-Commit Memory
US20080177947A1 (en) Storage system and storage migration method
US20080189485A1 (en) Cooperative memory management
US8286004B2 (en) Saving encryption keys in one-time programmable memory
US20140201512A1 (en) Data storage for remote environment
US20090241103A1 (en) System and Method to Update Firmware on a Hybrid Drive
US20080126813A1 (en) Storage control device and method of controlling encryption function of storage control device
US20130311434A1 (en) Method, apparatus and system for data deduplication
US20110225431A1 (en) System and Method for General Purpose Encryption of Data
US20120072734A1 (en) Platform firmware armoring technology
US20100082898A1 (en) Methods to securely bind an encryption key to a storage device
US20130205110A1 (en) Storage Device and Method for Selective Data Compression
US20110246716A1 (en) Concatenating a first raid with a second raid
US20060112267A1 (en) Trusted platform storage controller
US20090307444A1 (en) Systems and Methods For Virtualizing Storage For WPAR Clients Using Node Port ID Virtualization
US20110289306A1 (en) Method and apparatus for secure scan of data storage device from remote server
US20100058066A1 (en) Method and system for protecting data
JP2007018483A (en) Storage system

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C14 Granted