CN103257938A - Data protection method, memory controller and memory storage device - Google Patents
Data protection method, memory controller and memory storage device Download PDFInfo
- Publication number
- CN103257938A CN103257938A CN2012100413221A CN201210041322A CN103257938A CN 103257938 A CN103257938 A CN 103257938A CN 2012100413221 A CN2012100413221 A CN 2012100413221A CN 201210041322 A CN201210041322 A CN 201210041322A CN 103257938 A CN103257938 A CN 103257938A
- Authority
- CN
- China
- Prior art keywords
- user
- identification code
- password
- computer system
- host computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a data protection method, a memory controller and a memory storage device, wherein the data protection method is used for protecting data stored in a rewritable nonvolatile memory module. The rewritable nonvolatile memory module comprises a first storage area and a second storage area. The data protection method comprises providing preset configuration information so as to respond to a boot instruction from a host system, wherein the host system cannot identify the second storage area according to the preset configuration information. The protection method further comprises requiring the host system to reboot and providing first configuration information again to the host system after the host system is rebooted when a user identification code and a user password which are received from the host system pass a password authentication program, wherein the host system can identify the second storage area according to the first configuration information. Therefore, the data protection method can effectively protect the stored data.
Description
Technical field
The present invention relates to Memory Controller and the memorizer memory devices of a kind of data guard method and use the method.
Background technology
Because characteristics such as can rewriteeing formula nonvolatile memory (rewritable non-volatile memory) and have that data are non-volatile, power saving, volume are little, do not have mechanical structure, read or write speed is fast, therefore, can rewrite formula nonvolatile memory industry in recent years and become a ring quite popular in the electronic industry.For example, with flash memory as the solid state hard disc of Storage Media widespread use as the hard disk of main frame, to promote the access usefulness of computing machine.
When computing machine was started shooting, (Basic Input Output System, BIOS) software can the check system element and the device that connects, for example keyboard, mouse, CD player or storage device etc. for basic input/output.For protect in the computing machine data (for example; be stored in the data in the storage device) safety; the user can start the cipher protection function of BIOS, so that person BIOS when opening computing machine can't finish the startup flow process without permission, causes computing machine to start shooting smoothly.Yet the person still can be connected to storage device another main frame of not opening BIOS cryptoguard and read data in the storage device without permission.
Therefore, propose effectively to protect the method for the data in the storage device that its necessity is arranged.
Summary of the invention
In view of this, the invention provides a kind of data guard method, it can be protected effectively and be stored in the data that can rewrite in the formula non-volatile memory module.
In addition, the invention provides a kind of Memory Controller, it can be protected effectively and be stored in the data that can rewrite in the formula non-volatile memory module.
Moreover the present invention proposes a kind of memorizer memory devices, can protect stored data effectively.
The present invention's one exemplary embodiment proposes a kind of data guard method, is used for rewriteeing the formula non-volatile memory module, and this can rewrite the formula non-volatile memory module and have first storage area and second storage area.The notebook data guard method comprises provides preset configuration information and the pretrigger sign indicating number that is stored in first storage area; come from the start-up command of host computer system with response, wherein can't identify second storage area according to this preset configuration information host computer system and the pretrigger sign indicating number is performed in the host computer system.The notebook data guard method also comprises from host computer system reception user's identification code and user's password, judges whether the user's identification code and the user's password that receive are same as first identification code and first password respectively.The notebook data guard method also comprises; if when the user's identification code that receives and user's password are same as first identification code and first password respectively; transmitting again start-up command indicates host computer system to restart and after host computer system restarts; again provide first configuration information to host computer system, wherein host computer system is identified second storage area and access according to first configuration information and is stored in data in second storage area.
In one embodiment of this invention, above-mentioned preset configuration information and the pretrigger sign indicating number that is stored in first storage area of providing, the start-up command step that comes from host computer system with response comprises: read from first storage area and encrypt the pretrigger sign indicating number; Use the golden key deciphering of default start to encrypt the pretrigger sign indicating number to obtain the pretrigger sign indicating number; And send the pretrigger sign indicating number to host computer system.
In one embodiment of this invention, the above-mentioned step from host computer system reception user's identification code and user's password comprises: receive from host computer system and encrypted the use data; And decipher this and encrypted user's data to obtain user's identification code and user's password.
In one embodiment of this invention, above-mentioned data guard method also comprises: first identification code summary (digest) that produces corresponding first identification code according to first One-Way Hash Function; Produce first cryptographic summary of corresponding first password according to second One-Way Hash Function; Use first password encryption, the first gold medal key to produce first ciphertext; And first identification code summary, first cryptographic summary and first ciphertext be stored to the closed security zone that can rewrite the formula non-volatile memory module.
In one embodiment of this invention, the above-mentioned step of judging whether user's identification code and user's password are same as first identification code and first password respectively comprises: the user's identification code summary that produces corresponding user's identification code according to first One-Way Hash Function; Produce user's cryptographic summary of corresponding user's password according to second One-Way Hash Function; From the closed security zone that can rewrite the formula non-volatile memory module, read first identification code summary and first cryptographic summary; Judge whether user's identification code summary and user's cryptographic summary are same as first identification code summary and first cryptographic summary; If when user's identification code summary was same as first identification code summary with first cryptographic summary respectively with user's cryptographic summary, identification user's identification code and user's password were same as first identification code and first password respectively; When if user's identification code summary is different from first identification code summary, output identification code error messages; And if user's cryptographic summary is when being different from first cryptographic summary, the output password error messages.
In one embodiment of this invention, above-mentioned data guard method also comprises: if when user's identification code summary is same as first identification code summary with first cryptographic summary respectively with user's cryptographic summary, use user's password to decipher first ciphertext to obtain the first gold medal key; And the data of using the deciphering of the first gold medal key from second storage area, to read.
In one embodiment of this invention, above-mentioned rewritten formula non-volatile memory module also has the 3rd storage area, and can't identify the 3rd storage area according to preset configuration information host computer system.
In one embodiment of this invention, above-mentioned data guard method also comprises: judge whether user's identification code and user's password are same as second identification code and second password respectively; And if user's identification code and user's password are when being same as second identification code and second password respectively, transmitting again start-up command indicates host computer system to restart and after host computer system restarts, again provide second configuration information to host computer system, wherein host computer system is identified the 3rd storage area according to second configuration information.
In one embodiment of this invention, above-mentioned user's identification code and user's password are to import by the pretrigger sign indicating number that is executed in host computer system.
In addition, the present invention's one exemplary embodiment proposes a kind of Memory Controller, is used for control and can rewrites the formula non-volatile memory module.This Memory Controller comprises host interface, memory interface and memory management circuitry.Host interface is in order to be electrically connected to host computer system.Memory interface can rewrite the formula non-volatile memory module in order to be electrically connected to, and wherein can rewrite the formula non-volatile memory module and have first storage area and second storage area.Memory management circuitry is electrically connected to host interface and memory interface, and in order to preset configuration information and the pretrigger sign indicating number that is stored in this first storage area to be provided, come from the start-up command of host computer system with response, wherein can't identify second storage area according to preset configuration information host computer system and the pretrigger sign indicating number is performed in the host computer system.In addition, memory management circuitry is also in order to receiving user's identification code and user's password from host computer system, and judges whether user's identification code and user's password are same as first identification code and first password respectively.When if user's identification code and user's password are same as first identification code and first password respectively, the pretrigger sign indicating number that is performed transmits again start-up command and indicates host computer system to restart and after host computer system restarts, again provide first configuration information to host computer system, wherein host computer system is identified second storage area and access according to first configuration information and is stored in data in second storage area.
In one embodiment of this invention, above-mentioned memory management circuitry reads from first storage area and encrypts the pretrigger sign indicating number, uses the golden key of default start to decipher this and has encrypted the pretrigger sign indicating number with acquisition pretrigger sign indicating number, and send the pretrigger sign indicating number to host computer system.
In one embodiment of this invention, receive in above-mentioned this host computer system of memory management circuitry to have encrypted and use data and decipher this and encrypted user's data to obtain user's identification code and user's password.
In one embodiment of this invention, above-mentioned memory management circuitry produces first identification code summary of corresponding first identification code by the first One-Way Hash Function arithmetic element, produce first cryptographic summary of corresponding first password by the second One-Way Hash Function arithmetic element, use first password encryption, the first gold medal key to produce first ciphertext, and first identification code summary, first cryptographic summary and first ciphertext are stored in the closed security zone that can rewrite the formula non-volatile memory module.
In one embodiment of this invention, above-mentioned memory management circuitry produces user's identification code summary of corresponding user's identification code by the first One-Way Hash Function arithmetic element, produce user's cryptographic summary of corresponding user's password by the second One-Way Hash Function arithmetic element, from the closed security zone that can rewrite the formula non-volatile memory module, read first identification code summary and first cryptographic summary, and judge whether user's identification code summary and user's cryptographic summary are same as first identification code summary and first cryptographic summary.If when user's identification code summary was same as first identification code summary with first cryptographic summary with user's cryptographic summary, memory management circuitry identification user's identification code and user's password were same as first identification code and first password respectively.When if user's identification code summary is different from first identification code summary, memory management circuitry output identification code error messages; And if user's cryptographic summary is when being different from first cryptographic summary, memory management circuitry output password error messages.
In one embodiment of this invention, if when user's identification code summary is same as first identification code summary with first cryptographic summary respectively with user's cryptographic summary, memory management circuitry also uses user's password to decipher first ciphertext to obtain the first gold medal key.At this, the data that memory management circuitry uses the deciphering of the first gold medal key to read from second storage area.
In one embodiment of this invention, above-mentioned rewritten formula non-volatile memory module also has the 3rd storage area, and can't identify the 3rd storage area according to preset configuration information host computer system.Above-mentioned memory management circuitry judges whether above-mentioned user's identification code and user's password are same as second identification code and second password respectively.When if user's identification code and user's password are same as second identification code and second password respectively, the pretrigger sign indicating number that is performed transmits again start-up command and indicates host computer system to restart and after host computer system restarts, again provide second configuration information to this host computer system, wherein host computer system is identified the 3rd storage area according to second configuration information.
In one embodiment of this invention, the pretrigger sign indicating number that is executed in host computer system can show that input interface is to require the user and input user's identification code and user's password and to transmit user's identification code and user's password to memory management circuitry.
Moreover the present invention's one exemplary embodiment proposes a kind of memorizer memory devices, and it comprises connector, can rewrite formula non-volatile memory module and Memory Controller.Connector is in order to be electrically connected to host computer system.Can rewrite the formula non-volatile memory module and have first storage area and second storage area.Memory Controller is electrically connected to connector and can rewrites the formula non-volatile memory module, and in order to preset configuration information and the pretrigger sign indicating number that is stored in this first storage area to be provided, come from the start-up command of host computer system with response, wherein can't identify second storage area according to preset configuration information host computer system and the pretrigger sign indicating number is performed in the host computer system.In addition, Memory Controller is also in order to receiving user's identification code and user's password from host computer system, and judges whether user's identification code and user's password are same as first identification code and first password respectively.When if user's identification code and user's password are same as first identification code and first password respectively, the pretrigger sign indicating number that is performed transmits again start-up command and indicates host computer system to restart and after host computer system restarts, again provide first configuration information to host computer system, wherein host computer system is identified second storage area and access according to first configuration information and is stored in data in second storage area.
In one embodiment of this invention, above-mentioned Memory Controller reads from first storage area and encrypts the pretrigger sign indicating number, uses the golden key of default start to decipher this and has encrypted the pretrigger sign indicating number with acquisition pretrigger sign indicating number, and send the pretrigger sign indicating number to host computer system.
In one embodiment of this invention, receive in above-mentioned this host computer system of Memory Controller to have encrypted and use data and decipher this and encrypted user's data to obtain user's identification code and user's password.
In one embodiment of this invention, above-mentioned Memory Controller produces first identification code summary of corresponding first identification code by the first One-Way Hash Function arithmetic element, produce first cryptographic summary of corresponding first password by the second One-Way Hash Function arithmetic element, use first password encryption, the first gold medal key to produce first ciphertext, and first identification code summary, first cryptographic summary and first ciphertext are stored in the closed security zone that can rewrite the formula non-volatile memory module.
In one embodiment of this invention, above-mentioned Memory Controller produces user's identification code summary of corresponding user's identification code by the first One-Way Hash Function arithmetic element, produce user's cryptographic summary of corresponding user's password by the second One-Way Hash Function arithmetic element, from the closed security zone that can rewrite the formula non-volatile memory module, read first identification code summary and first cryptographic summary, and judge whether user's identification code summary and user's cryptographic summary are same as first identification code summary and first cryptographic summary.If when user's identification code summary was same as first identification code summary with first cryptographic summary with user's cryptographic summary, Memory Controller identification user's identification code and user's password were same as first identification code and first password respectively.When if user's identification code summary is different from first identification code summary, Memory Controller output identification code error messages; And if user's cryptographic summary is when being different from first cryptographic summary, Memory Controller output password error messages.
In one embodiment of this invention, if when user's identification code summary is same as first identification code summary with first cryptographic summary respectively with user's cryptographic summary, Memory Controller also uses user's password to decipher first ciphertext to obtain the first gold medal key.At this, the data that Memory Controller uses the deciphering of the first gold medal key to read from second storage area.
In one embodiment of this invention, above-mentioned rewritten formula non-volatile memory module also has the 3rd storage area, and can't identify the 3rd storage area according to preset configuration information host computer system.Above-mentioned Memory Controller judges whether above-mentioned user's identification code and user's password are same as second identification code and second password respectively.When if user's identification code and user's password are same as second identification code and second password respectively, the pretrigger sign indicating number that is performed transmits again start-up command and indicates host computer system to restart and after host computer system restarts, again provide second configuration information to this host computer system, wherein host computer system is identified the 3rd storage area according to second configuration information.
In one embodiment of this invention, the pretrigger sign indicating number that is executed in host computer system can show that input interface is to require the user and input user's identification code and user's password and to transmit user's identification code and user's password to Memory Controller.
Based on above-mentioned, the memorizer memory devices of exemplary embodiment of the present invention, Memory Controller and data guard method can be protected stored data effectively, to avoid unwarranted access.
For above-mentioned feature and advantage of the present invention can be become apparent, embodiment cited below particularly, and be described with reference to the accompanying drawings as follows.
Description of drawings
Fig. 1 is that first exemplary embodiment illustrates host computer system and memorizer memory devices according to the present invention.
Fig. 2 is the synoptic diagram of first exemplary embodiment illustrates according to the present invention computing machine, input/output device and memorizer memory devices.
Fig. 3 A is the summary calcspar that illustrates memorizer memory devices shown in Figure 2.
Fig. 3 B is the summary calcspar of the Memory Controller that first exemplary embodiment illustrates according to the present invention.
Fig. 4 A and Fig. 4 B are the synoptic diagram that first management that exemplary embodiment illustrates can rewrite the physical blocks of formula non-volatile memory module according to the present invention.
Fig. 5 is the example schematic of the management logic block that illustrates according to first exemplary embodiment.
Fig. 6 is the synoptic diagram of the execution password authentification program that illustrates according to first exemplary embodiment.
Fig. 7 is the process flow diagram of the data guard method that illustrates according to first exemplary embodiment.
Fig. 8 is the example schematic of the management logic block that illustrates according to second exemplary embodiment.
Fig. 9 is the process flow diagram of the data guard method that illustrates according to second exemplary embodiment.
The reference numeral explanation
1000: host computer system
1100: computing machine
1102: microprocessor
1104: random access memory
1106: input/output device
1108: system bus
1110: data transmission interface
1202: mouse
1204: keyboard
1206: display
1208: printer
1216: solid state hard disc
100: memorizer memory devices
102: connector
104: Memory Controller
106: can rewrite the formula non-volatile memory module
202: memory management circuitry
204: host interface
206: memory interface
208: memory buffer
210: electric power management circuit
212: bug check and correcting circuit
502: the data field
504: idle district
506: system region
508: replace the district
410 (0)~410 (N): physical blocks
610 (0)~610 (H): logical blocks
552: the first storage areas
554: the second storage areas
556: the three storage areas
602: the password authentification program
604: decryption unit
612: the first One-Way Hash Function arithmetic elements
614: the second One-Way Hash Function arithmetic elements
622: the first comparing units
624: the second comparing units
620: the first encryption/decryption element
640: the second encryption/decryption element
690: the closed security zone
EUD: encrypted user's data
UID: user's identification code
UPW: user's password
UIDD: user's identification code summary
UPWD: user's cryptographic summary
AIDD: first identification code summary
APWD: first cryptographic summary
AC: first ciphertext
AK: the first gold medal key
S701, S703, S705, S707, S709, S711, S713, S715, S717, S719: the step of data guard method
S901, S903, S905, S907, S909, S911, S913, S915, S917, S919, S921, S923, S925, S927, S929: the step of data guard method
Embodiment
[first exemplary embodiment]
Generally speaking, memorizer memory devices (also claim, memory storage system) comprises and can rewrite formula non-volatile memory module and controller (also title, control circuit).Usually memorizer memory devices is to use with host computer system, so that host computer system can write to data memorizer memory devices or read data from memorizer memory devices.
Fig. 1 is host computer system and the memorizer memory devices that illustrates according to first exemplary embodiment.
Please refer to Fig. 1, host computer system 1000 generally comprises computing machine 1100 and I/O (input/output, I/O) device 1106.Computing machine 1100 comprise microprocessor 1102, random access memory (random access memory, RAM) 1104, system bus 1108 and data transmission interface 1110.Input/output device 1106 comprises mouse 1202, keyboard 1204, the display 1206 and printer 1208 as Fig. 2.It must be appreciated that device shown in Figure 2 is not limited to input/output device 1106, input/output device 1106 can also comprise other devices.
In embodiments of the present invention, memorizer memory devices 100 is to electrically connect by data transmission interface 1110 other elements with host computer system 1000.Data can be write to memorizer memory devices 100 or from memorizer memory devices 100, read data with the running of input/output device 1106 by microprocessor 1102, random access memory 1104.For example, memorizer memory devices 100 is as shown in Figure 1B solid state hard disc (Solid State Drive, SSD) 1216.
Fig. 3 A is the summary calcspar of the memorizer memory devices that illustrates according to first exemplary embodiment.
Please refer to Fig. 3 A, memorizer memory devices 100 comprises connector 102, Memory Controller 104 and can rewrite formula non-volatile memory module 106.
In this exemplary embodiment, connector 102 is to be compatible to sequence advanced annex (Serial Advanced Technology Attachment, SATA) standard.Yet, it must be appreciated, the invention is not restricted to this, connector 102 can also be to meet Institute of Electrical and Electric Engineers (Institute of Electrical and Electronic Engineers, IEEE) 1394 standards, high-speed peripheral component connecting interface (Peripheral Component Interconnect Express, PCI Express) standard, parallel advanced annex (Parallel Advanced Technology Attachment, PATA) standard, universal serial bus (Universal Serial Bus, USB) standard, integrated driving electrical interface (Integrated Device Electronics, IDE) standard or other standards that is fit to.
A plurality of logic gates or steering order that Memory Controller 104 is done with hardware pattern or firmware pattern in fact in order to execution, and in can rewriteeing formula non-volatile memory module 106, carry out the runnings such as writing, read, wipe and merge of data according to the instruction of host computer system 1000.
Can rewrite formula non-volatile memory module 106 is to be electrically connected to Memory Controller 104, and has a plurality of physical blocks to store the data that host computer system 1000 is write.In this exemplary embodiment, each physical blocks has a plurality of physical page respectively, and the physical page that wherein belongs to same physical blocks can be write independently and side by side be wiped.For example, each physical blocks is made up of 128 physical page, and the capacity of each physical page be 4 kilobyte (Kilobyte, KB).Yet, it must be appreciated that the invention is not restricted to this, each physical blocks also can be made up of 64 physical page, 256 physical page or other arbitrarily individual physical page.
In more detail, physical blocks is the least unit of wiping.That is each physical blocks contains the storage unit that is wiped free of in the lump of minimal amount.Physical page is the minimum unit of programming.That is, physical page is the minimum unit that writes data.Yet, it must be appreciated that in another exemplary embodiment of the present invention, the least unit that writes data can also be entity sector or other sizes.Each physical page generally includes data bit district and redundant digit district.The data bit district is in order to storing user's data, and the redundant digit district is in order to the data (for example, bug check and correcting code) of stocking system.
In this exemplary embodiment, can rewrite formula non-volatile memory module 106 and be multi-level cell memory (Multi Level Cell, MLC) NAND flash memory module.Yet, the invention is not restricted to this, can rewrite formula non-volatile memory module 106 also the single-order storage unit (Single Level Cell, SLC) NAND flash memory module, other flash memory module or other have the memory module of identical characteristics.
Fig. 3 B is the summary calcspar of the Memory Controller that illustrates according to first exemplary embodiment.
Please refer to Fig. 3 B, Memory Controller 104 comprises memory management circuitry 202, host interface 204, memory interface 206, memory buffer 208, electric power management circuit 210 and bug check and correcting circuit 212.
In this exemplary embodiment, the steering order of memory management circuitry 202 can also the procedure code pattern be stored in the specific region (for example, being exclusively used in the system region of storage system data in the memory module) that can rewrite formula non-volatile memory module 106.In addition, memory management circuitry 202 has microprocessor unit (not illustrating), ROM (read-only memory) (not illustrating) and random access memory (not illustrating).When Memory Controller 104 was enabled, microprocessor unit can be loaded in the random access memory of memory management circuitry 202 being stored in the steering order that can rewrite in the formula non-volatile memory module 106.Afterwards, microprocessor unit these steering orders that can turn round.
In another exemplary embodiment of the present invention, the steering order of memory management circuitry 202 is to do in fact with the firmware pattern.For example, memory management circuitry 202 has microprocessor unit (not illustrating) and ROM (read-only memory) (not illustrating), and these steering orders are to be burned onto in this ROM (read-only memory).When memorizer memory devices 100 runnings, these steering orders can be carried out by microprocessor unit.
In addition, in another exemplary embodiment of the present invention, the steering order of memory management circuitry 202 can also a hardware pattern be done in fact.For example, memory management circuitry 202 comprises that microcontroller, Memory Management Unit, storer write unit, storer reading unit, memory erase unit and data processing unit.It is to be electrically connected to microcontroller that Memory Management Unit, storer write unit, storer reading unit, memory erase unit and data processing unit.Wherein, Memory Management Unit can rewrite the physical blocks of formula non-volatile memory module 106 in order to management; Storer writes the unit in order to assign and write instruction and can rewrite in the formula non-volatile memory module 106 so that data are write to rewriteeing formula non-volatile memory module 106; The storer reading unit is in order to assign reading command to read data from can rewrite formula non-volatile memory module 106 to rewriteeing formula non-volatile memory module 106; The memory erase unit is in order to assign erasing instruction so that data are wiped to rewriteeing formula non-volatile memory module 106 from can rewrite formula non-volatile memory module 106; And data processing unit desires to write to the data that can rewrite formula non-volatile memory module 106 and the data that read in order to processing from can rewrite formula non-volatile memory module 106.
Electric power management circuit 210 is to be electrically connected to memory management circuitry 202 and in order to the power supply of control store storage device 100.
Bug check and correcting circuit 212 be electrically connected to memory management circuitry 202 and in order to execution error inspection and correction program to guarantee the correctness of data.Specifically, when receiving, memory management circuitry 202 writes when instruction from host computer system 1000, bug check can produce corresponding bug check and correcting code (Error Checking and Correcting Code for the corresponding data that this writes instruction with correcting circuit 256, ECC Code), and memory management circuitry 202 the corresponding data that this writes instruction can be write to corresponding bug check and correcting code and can rewrite in the formula non-volatile memory module 106.Afterwards, when memory management circuitry 202 reads data from can rewrite formula non-volatile memory module 106, can read bug check and the correcting code of this data correspondence simultaneously, and bug check and correcting circuit 256 can be according to this bug check and correcting code data execution error inspection and the correction program to reading.
Fig. 4 A and Fig. 4 B are the synoptic diagram that can rewrite the physical blocks of formula non-volatile memory module according to first management that exemplary embodiment illustrates.
Please refer to Fig. 4 A, can rewrite formula non-volatile memory module 106 and have physical blocks 410 (0)~410 (N), and the memory management circuitry 202 of Memory Controller 104 can logically be grouped into physical blocks 410 (0)~410-(N) data field (data area) 502, idle district (spare area) 504, system region (system area) 506 and replace district (replacement area) 508.
The physical blocks that belongs to data field 502 and idle district 504 in logic is the data that come from host computer system 1000 in order to storage.Specifically, the physical blocks of data field 502 (also being called the data entity block) is to be regarded as the physical blocks of storage data, and the physical blocks (also being called idle physical blocks) in idle district 504 is in order to write the physical blocks of new data.For example, when receiving from host computer system 1000 when writing instruction with the data desiring to write, memory management circuitry 202 can be extracted physical blocks physical blocks as an alternative from idle district 504, and data are write so far replaces in the physical blocks.Again for example, when a certain logical blocks is carried out the data consolidation procedure, memory management circuitry 202 can be extracted physical blocks and write data as the new data physical blocks of corresponding this logical blocks from idle district 504, and replaces the data entity block of original this logical blocks of mapping.Particularly, after finishing the data consolidation procedure, these store the data entity block of invalid datas or replace physical blocks can be by related (or recovery) again to idle district 504, with as the usefulness that writes new data next time.
The physical blocks that belongs to system region 506 in logic is in order to the register system data.For example, system data comprises physical page number about manufacturer and the model that can rewrite the formula non-volatile memory module, the physical blocks number that can rewrite the formula non-volatile memory module, each physical blocks etc.
Belonging to the physical blocks that replaces in the district 508 in logic is to replace program for bad physical blocks, with replacing damaged physical blocks.Specifically, if replace when distinguishing the physical blocks damage that still has normal physical blocks and data field 502 in 508, memory management circuitry 202 meetings normal physical blocks of extraction from replace district 508 is changed the physical blocks of damage.
Based on above-mentioned, in the running of memorizer memory devices 100, data field 502, idle district 504, system region 506 can dynamically change with the physical blocks that replaces district 508.For example, the physical blocks in order to the storage data of rotating can belong to data field 502 or idle district 504 with changing.
What deserves to be mentioned is that in this exemplary embodiment, memory management circuitry 202 is to be that unit manages with each physical blocks.Yet, the invention is not restricted to this, in another exemplary embodiment, memory management circuitry 202 also can be grouped into physical blocks a plurality of solid elements, and is that unit manages with the solid element.For example, each solid element can be made up of at least one physical blocks in same storer submodule or the different memory submodule.
Please refer to Fig. 4 B, memory management circuitry 202 can configuration logic blocks 610 (0)~610 (H) with the physical blocks in mapping (enum) data district 502, wherein each logical blocks has a plurality of logical page (LPAGE)s and these logical page (LPAGE)s are the physical page of shining upon corresponding data entity block in order.For example, when memorizer memory devices 100 was formatted, logical blocks 610 (0)~610 (H) is the physical blocks 410 (0)~410 (F-1) in mapping (enum) data district 502 initially.
In exemplary embodiment of the present invention, memory management circuitry 202 meeting service logic block-physical blocks mapping tables (logical block-physical block mapping table) are with the mapping relations between the physical blocks of record logical blocks 610 (0)~610 (H) and data field 502.For example, when host computer system 1000 is desired a certain logic of access access address, memory management circuitry 202 can be converted to the logic access address of 1000 accesses of host computer system the multi-dimensional address that logical blocks and logical page (LPAGE) with correspondence are constituted, and passes through logical blocks-physical blocks mapping table access data in the physical page of correspondence.
Fig. 5 is the example schematic of the management logic block that illustrates according to first exemplary embodiment.
Please refer to Fig. 5, memory management circuitry 202 can be divided into first storage area 552 and second storage area 554 with logical blocks 610 (0)~610 (H).For example, logical blocks 610 (0)~610 (D) belongs to first storage area 552 and logical blocks 610 (D+1)~610 (H) belongs to second storage area 554.
The application program that first storage area 552 is developed in order to the manufacturer of storing memory storage device 100.In this exemplary embodiment, first storage area 552 stores pretrigger sign indicating number (pre-boot code) and host computer system 1000 not by checking the time, only can identify and access first storage area 552.At this, first storage area 552 also is called pretrigger district 552.Specifically, when host computer system 1000 started, the basic input/output of host computer system 1000 (BIOS) can come recognition memory storage device 100 by friendship (handshaking) program of holding.Hold in the program in friendship, memory management circuitry 202 can send preset configuration information and the pretrigger sign indicating number that is stored in first storage area 552 to host computer system 1000.The base this, host computer system 1000 can be come the attribute of recognition memory storage device 100 according to the preset configuration information that receives.For example, the preset configuration information of passing through to receive, host computer system 1000 can know that the classification of memorizer memory devices 100 is that the capacity of big capacity storage class, memorizer memory devices 100 is the information such as capacity of counterlogic block 610 (0)~610 (D).Particularly, according to this preset configuration information, host computer system 1000 can be identified first storage area 552, but can't identify second storage area 554.That is to say, host computer system 1000 only can map to the logic access address logical blocks 610 (0)~610 (D) according to preset configuration information and (for example come data stored in access first storage area 552, carry out pretrigger sign indicating number stored in first storage area 552), but can't know that memorizer memory devices 100 has second storage area 554.In this exemplary embodiment, when this pretrigger sign indicating number is carried out by host computer system 1000, the password authentification program that is included in the pretrigger sign indicating number can be performed, and inputs user's identification code and user's password with the user who requires host computer system 1000, to carry out authentication.Detailed password authentification mechanism will be in do detailed explanation below in conjunction with accompanying drawing.In this exemplary embodiment, memory management circuitry 202 can initially be set at a read states with the storage attribute of first storage area 552, is stored in data or the program of first storage area 552 to avoid the deletion of user's mistake.Yet, the invention is not restricted to this, the storage attribute of first storage area 552 also can be set to read-write state.
In addition, in the present invention's one exemplary embodiment, data stored in first storage area 552 can be encrypted with the golden key of default start, and memory management circuitry 202 can use the golden key of default start to decipher the data (that is, having encrypted the pretrigger sign indicating number) that read from first storage area 552 before not by password authentification.For example, the golden key of default start is in the ROM (read-only memory) (not illustrating) that is stored in Memory Controller 104.
Second storage area 554 is for offering the cut section of user's storage data.Particularly, in this exemplary embodiment, after by password authentification, memory management circuitry 202 just can be set at second storage area 554 can be by the storage area of host computer system 1000 accesses.Specifically, behind the pretrigger sign indicating number that host computer system 1000 transmits according to preset configuration information recognition memory storage device 100 and execute store storage device 100, the password authentification program can be activated.After host computer system 1000 is by the password authentification program, the password authentification program 602 in the pretrigger sign indicating number of being included in can transmit one again start-up command give host computer system 1000.Particularly, restarting BIOS in host computer system 1000 to hand over when holding program with memorizer memory devices 100, memory management circuitry 202 can transmit new configuration information (hereinafter referred to as first configuration information) and give host computer system 1000, and by first configuration information, host computer system 1000 capacity of recognition memory storage device 100 again is the information such as capacity of counterlogic block 610 (D+1)~610 (H).For example, host computer system 1000 can map to the logic access address logical blocks 610 (D+1)~610 (H) according to first configuration information, identifies second storage area 554 thus and access data in second storage area 554.
Whether for example, memory management circuitry 202 can store a mark in memory buffer 208, and be identified in according to this mark and hand over when holding program host computer system 1000 by the password authentification program.Specifically, because host computer system 1000 is when start-up command restarts again, memorizer memory devices 100 still is in operating state, therefore, be stored in that mark in the memory buffer 208 can not be lost and memory management circuitry 202 can be according to this mark identification host computer system 1000 by the password authentification program.Further, when restarting again after if host computer system 1000 is shut down, owing to be in non-operating state at shutdown background storage storage device 100, therefore, be stored in that mark in the memory buffer 208 can be lost and when host computer system 1000 restarted again, the password authentification program 602 that is included in the pretrigger sign indicating number can require host computer system 1000 to carry out the password authentification program again after shutdown.
It must be appreciated that although in this exemplary embodiment, memory management circuitry 202 is logical blocks to be divided into 2 cut sections manage.Yet, the invention is not restricted to this.In another exemplary embodiment of the present invention, memory management circuitry 202 can be divided into logical blocks more storage areas.
Fig. 6 is the synoptic diagram of the execution password authentification program that illustrates according to first exemplary embodiment.
Please refer to Fig. 6, as mentioned above, host computer system 1000 must be by password authentification ability access second storage area 554.For example, memorizer memory devices 100 when producing one group of default user's identification code with user's password can initially be set and this default user's identification code can be passed through to encode with user's password and is stored in the closed security zone 690.In addition, the user of host computer system 1000 can preset user's identification code and user's password and finishes after the password authentification program interface of the password authentification program 602 by being executed in host computer system 1000 and reset user's identification code and user's password.
Specifically, user's identification code (hereinafter referred to as first identification code) of rebuliding of default user's identification code or user can be encoded to produce first identification code summary (digest) AIDD and first identification code summary AIDD can be stored in the closed security zone 690 through the first One-Way Hash Function arithmetic element 612.In addition, user's password (hereinafter referred to as first password) of rebuliding of default user's password or user can be encoded to produce the first cryptographic summary APWD and the first cryptographic summary APWD can be stored in the closed security zone 690 through the second One-Way Hash Function arithmetic element 614.In this exemplary embodiment, the first One-Way Hash Function arithmetic element 612 is to do in fact and the second One-Way Hash Function arithmetic element 614 is to do in fact according to second One-Way Hash Function according to first One-Way Hash Function.In this exemplary embodiment, first One-Way Hash Function and second One-Way Hash Function are SHA-512.Yet, it must be appreciated, the invention is not restricted to this, in another embodiment of the present invention, first One-Way Hash Function and second One-Way Hash Function can also be other hash functions, for example, and MD5, RIPEMD-160, SHA1, SHA-386, SHA-256 or other functions that is fit to.In addition, in another exemplary embodiment of the present invention, the first One-Way Hash Function arithmetic element 612 also can be different with the second One-Way Hash Function arithmetic element, 614 employed One-Way Hash Functions.
What deserves to be mentioned is that in this exemplary embodiment, the first gold medal key AK can encrypt to produce the first ciphertext AC with first password and the first ciphertext AC can be stored in the closed security zone 690 through first encryption/decryption element 620.At this, the first gold medal key is to desire to be stored to the data of second storage area 554 and the data that deciphering is read in order to encryption from second storage area 554.
In this exemplary embodiment, first encryption/decryption element 620 is that (Advanced Encryption Standard AES) does in fact, but the invention is not restricted to this with advanced encryption standard.For example, (Data Encryption Standard DES) makes first encryption/decryption element 620 in fact also can to use data encryption standards.
In this exemplary embodiment, closed security zone 690 can be to be configured in can rewrite in the formula non-volatile memory module 106.For example, memory management circuitry 202 some that can rewrite the physical blocks of formula non-volatile memory module 106 can be divided into closed security zone 690 or with the part storage area in the system region 506 as closed security zone 690.Perhaps, extra non-volatile memory module can be configured in the Memory Controller 104 as closed security zone 690.
After host computer system 1000 received preset configuration information and carries out password authentification program 602 in the pretrigger sign indicating number, password authentification program 602 can show that input interface input user's identification code and user's password to require the user at the output unit of host computer system 1000.For example, input interface comprises identification code field and the password field of inputing for the user.Then, user's identification code UID that password authentification program 602 can receive and user's password UPW encrypt to produce and have encrypted user's data EUD also will encrypt user's data EUD is sent to memorizer memory devices 100.For example, in this exemplary embodiment, password authentification program 602 can be encrypted user's identification code UID and user's password UPW as key and with the advanced encryption standard function with the identification code of Memory Controller 104, but the invention is not restricted to this.For example, also can use data encryption standards to encrypt user's identification code UID and user's password UPW.
When receiving when encrypting user's data EUD, memory management circuitry 202 can be decrypted to obtain user's identification code UID and user's password UPW to the received user of encryption data EUD.For example, memory management circuitry 202 can be used the identification code of Memory Controller 104 to decipher by decryption unit 604 and encrypt user's data EUD.At this, decryption unit 604 is to be same as password authentification program 602 employed advanced encryption standards to do in fact.
Then, memory management circuitry 202 can be encoded user's identification code UID to obtain user's identification code summary UIDD by the first One-Way Hash Function arithmetic element 612.In addition, memory management circuitry 202 also can be encoded user's password UPW to obtain user's cryptographic summary UPWD by the second One-Way Hash Function arithmetic element 614.
In this exemplary embodiment, memory management circuitry 202 can be from the closed security zone 690 reads first identification code summary AIDD and judges by first comparing unit 622 whether user's identification code summary UIDD is same as first identification code that the reads AIDD that makes a summary.If user's identification code summary UIDD is inequality when first identification code that reads is made a summary AIDD, memory management circuitry 202 can be given host computer system 1000 by output identification code error messages.
When if user's identification code summary UIDD is same as first identification code summary AIDD that reads, memory management circuitry 202 can be from the closed security zone 690 reads the first cryptographic summary APWD and judges by second comparing unit 624 whether user's cryptographic summary UPWD is same as the first cryptographic summary APWD that reads.If user's cryptographic summary UPWD is inequality when the first cryptographic summary APWD that reads, memory management circuitry 202 can be given host computer system 1000 by the output password error messages.
When if user's cryptographic summary UPWD is same as the first cryptographic summary APWD that reads, memory management circuitry 202 can be deciphered the first ciphertext AC with user's password UPW by first encryption/decryption element 620 and be given host computer system 1000 with the start-up command again of obtaining the first gold medal key AK and the password authentification program 602 meeting requests of transmitting in the pretrigger sign indicating number that are included in are restarted.
Afterwards, after host computer system 1000 restarted, memory management circuitry 202 can transmit first configuration information and give host computer system 1000, and host computer system 1000 can be according to the data in the first configuration information access, second storage area 554 thus.In this exemplary embodiment, second storage area 554 only just can be accessed after host computer system 1000 is by the password authentification program, and therefore, the security of data can be guaranteed.In addition, in this exemplary embodiment, data write to before second storage area 554, memory management circuitry 202 can be passed through second encryption/decryption element 640 with the first gold medal key AK enciphered data, and memory management circuitry 202 can be passed through second encryption/decryption element 640 with the first gold medal key AK data decryption before the data that will read send host computer system 1000 to from second storage area 554.It must be appreciated; in this example is implemented, by ability access second storage area 554 after the password authentification program, can reach the purpose of data protection; be also to promote the security of data with data with the mechanism of the first gold medal key AK enciphering/deciphering, but the invention is not restricted to this.That is to say, in another exemplary embodiment, first encryption/decryption element 620 and second encryption/decryption element 640 and produce the first ciphertext AC with in the closed security zone 690 functions that store the first ciphertext AC also can omit.
Fig. 7 is the process flow diagram of the data guard method that illustrates according to first exemplary embodiment.
Please refer to Fig. 7, at step S701, host computer system 1000 starts to carry out BIOS and BIOS can be sent to memorizer memory devices 100 with initialization directive (that is start-up command).Afterwards, in step S703, Memory Controller 104 can transmit preset configuration information and the pretrigger sign indicating number is given host computer system 1000, to respond this start-up command.Particularly, as mentioned above, host computer system 1000 maps to the logical blocks of first storage area 552 according to preset configuration information with the logic access address, can't identify second storage area 554.
In step S705, host computer system 1000 can and be carried out the pretrigger sign indicating number according to preset configuration information recognition memory storage device 100, and in step S707, user's identification code and user's password can be required that input and Memory Controller 104 can receive this user's identification code and user's password from host computer system 1000.For example, in step S707, password authentification program 602 meeting encryption user's identification codes and user's password and the user's identification code that will encrypt and user's password send Memory Controller 104 to.
In step S709, Memory Controller 104 can judge whether user's identification code is same as first identification code.Specifically, in step S709, Memory Controller 104 can make a summary to judge with first identification code that is stored in closed security zone 690 whether user's identification code is same as first identification code by user's identification code summary of the corresponding user's identification code of comparison.Judge identification code whether identical mechanism in conjunction with Fig. 6 explanation as before, no longer be repeated in this description at this.
If user's identification code is inequality when first identification code, in step S711, Memory Controller 104 can be performed for host computer system 1000 and step S707 by output identification code error messages.
When if user's identification code is same as first identification code, in step S713, Memory Controller 104 can judge whether user's password is same as first password.Similarly, in step S713, Memory Controller 104 can judge with first cryptographic summary that is stored in closed security zone 690 whether user's password is same as first password by user's cryptographic summary of the corresponding user's password of comparison.Judge password whether identical mechanism in conjunction with Fig. 6 explanation as before, no longer be repeated in this description at this.
If user's password is inequality when first password, in step S715, Memory Controller 104 can be given host computer system 1000 by the output password error messages, and step S707 can be performed.
Otherwise when if user's password is same as first password, in step S717, the password authentification program 602 in the pretrigger sign indicating number of being included in can transmit again start-up command and indicate host computer system 1000 to restart.And in step S719, host computer system 1000 can restart, and Memory Controller 104 can provide first configuration information to finish boot program to host computer system 1000 and host computer system 1000 according to first configuration information again.Particularly, as mentioned above, host computer system 1000 can map to the logic access address logical blocks of second storage area 554 according to first configuration information.
What deserves to be mentioned is, in an exemplary embodiment, be same as in the example of first password at user's password, Memory Controller 104 also can be deciphered first ciphertext that is stored in closed security zone 690 with this user's password and desire to write to the data of second storage area 554 and decipher the data that read from second storage area 554 to obtain the first gold medal key and to use this first gold medal key to encrypt.
[second exemplary embodiment]
The difference of second exemplary embodiment and first exemplary embodiment, be that in second exemplary embodiment logical blocks can be divided into to a plurality of storage areas that offer different users's use and memorizer memory devices can allow the corresponding storage area of host computer system access with password according to user's identification code that host computer system transmits.The hardware structure of second exemplary embodiment is to be similar to first exemplary embodiment in essence, below will use the element of first exemplary embodiment that the difference part of second exemplary embodiment and first exemplary embodiment is described.
In second exemplary embodiment, the logical blocks 610 (0)~610 (H) that the physical blocks of data field 502 is shone upon can be divided into the storage area that belongs to the different users according to Host Administration person's planning.Below will this exemplary embodiment be described with the configuration that offers two users, yet, it must be appreciated, the invention is not restricted to this.
Fig. 8 is the example schematic of the management logic block that illustrates according to second exemplary embodiment.
Please refer to Fig. 8, memory management circuitry 202 can be divided into first storage area 552, second storage area 554 and the 3rd storage area 556 with logical blocks 610 (0)~610 (H).For example, logical blocks 610 (0)~610 (D) belongs to first storage area 552, logical blocks 610 (D+1)~610 (P) belongs to second storage area 554 and logical blocks 610 (P+1)~610 (H) belongs to the 3rd storage area 556.
Be same as first exemplary embodiment, first storage area 552 is in order to the pretrigger sign indicating number of storing memory storage device 100.Second storage area 554 is the cut section that offers first user's storage data, and the 3rd storage area 556 provides the cut section to second user's storage data.In this exemplary embodiment, after user's identification code of using corresponding first user and user's password were by password authentification, memory management circuitry 202 understood that second storage area 554 is set at can be by the storage area of host computer system 1000 accesses; And after user's identification code of corresponding second user and user's password were by password authentification, memory management circuitry 202 can be set at the 3rd storage area 556 can be by the storage area of host computer system 1000 accesses.
Specifically, when according to preset configuration information recognition memory storage device 100, host computer system 1000 energy accesses first storage area 552, and can't identify second storage area 554 and the 3rd storage area 556.That is to say, host computer system 1000 maps to logical blocks 610 (0)~610 (D) according to preset configuration information with the logic access address and comes stored data in access first storage area 552, but can't know that memorizer memory devices 100 has second storage area 554 and the 3rd storage area 556.
If in carrying out the password authentification process, when the identification code that host computer system 1000 transmits and password were user's identification code of corresponding first user and user's password, the password authentification program 602 in the pretrigger sign indicating number of being included in can transmit again start-up command and give host computer system 1000.And, restarting basic input/output and memorizer memory devices 100 in this host computer system 1000 hands over when holding program, memory management circuitry 202 can transmit first configuration information and give host computer system 1000, host computer system 1000 can be the information such as capacity of counterlogic block 610 (D+1)~610 (P) according to the capacity of first configuration information recognition memory storage device 100 again and the logic access address mapped to logical blocks 610 (D+1)~610 (P) thus, identifies second storage area 554 thus and access data in second storage area 554.
If in carrying out the password authentification process, when the identification code that host computer system 1000 transmits and password were user's identification code of corresponding second user and user's password, the password authentification program 602 in the pretrigger sign indicating number of being included in can transmit again start-up command and give host computer system 1000.And, restarting basic input/output and memorizer memory devices 100 in this host computer system 1000 hands over when holding program, memory management circuitry 202 can transmit second configuration information and give host computer system 1000, host computer system 1000 can be the information such as capacity of counterlogic block 610 (P+1)~610 (H) according to the capacity of second configuration information recognition memory storage device 100 again and the logic access address mapped to logical blocks 610 (P+1)~610 (H) thus, identifies the 3rd storage area 556 thus and access data in the 3rd storage area 556.
As mentioned above, in second exemplary embodiment, memory management circuitry 202 can provide different configuration information to host computer system 1000 according to different users, and therefore, corresponding different user's identification codes and the summary of user's password can be stored in closed security zone 690.For example, closed security zone 690 stores that corresponding first user sets or the identification code of default first user's of giving first identification code summary (hereinafter referred to as first identification code summary) and corresponding first user sets or the cryptographic summary (hereinafter referred to as first cryptographic summary) of default first user's of giving first password.For example, first identification code summary is produced and first cryptographic summary is produced by the second One-Way Hash Function arithmetic element 614, first password of encoding by the first One-Way Hash Function arithmetic element, 612 codings, first identification code.In addition, closed security zone 690 also stores that corresponding second user sets or the identification code of default second user's of giving second identification code summary (hereinafter referred to as second identification code summary) and corresponding second user sets or the cryptographic summary (hereinafter referred to as second cryptographic summary) of default second user's of giving second password.For example, second identification code summary is produced and second cryptographic summary is produced by the second One-Way Hash Function arithmetic element 614, second password of encoding by the first One-Way Hash Function arithmetic element, 612 codings, second identification code.The base this, memory management circuitry 202 can be identified the user of host computer system 1000 according to the information that is recorded in the closed security zone 690.
Particularly, in the present invention's one exemplary embodiment, also store in the closed security zone 690 and use first ciphertext that first password encryption, the first gold medal key produces and second ciphertext of using second password encryption, the second gold medal key to produce.At this, the first gold medal key desires to write to the data of second storage area 554 and the second gold medal key desires to write to the 3rd storage area 556 in order to encryption data in order to encryption.
Fig. 9 is the process flow diagram of the data guard method that illustrates according to second exemplary embodiment.
Please refer to Fig. 9, at step S901, host computer system 1000 starts to carry out BIOS and BIOS can be sent to memorizer memory devices 100 with initialization directive (that is start-up command).Afterwards, in step S903, Memory Controller 104 can transmit preset configuration information and the pretrigger sign indicating number is given host computer system 1000, to respond this start-up command.Particularly, as mentioned above, host computer system 1000 only can map to the logic access address first storage area 552 according to preset configuration information, can't identify second storage area 554 and the 3rd storage area 556.
In step S905, host computer system 1000 can and be carried out the pretrigger sign indicating number according to preset configuration information recognition memory storage device 100, and in step S907, user's identification code and user's password can be required that input and Memory Controller 104 can receive this user's identification code and user's password from host computer system 1000.For example, password authentification program 602 can be encrypted user's identification code and the user's password inputed and be sent memorizer memory devices 100 to produce to have encrypted user's data and will encrypt user's data.In addition, memory management circuitry 202 can be deciphered the user of the encryption data that receive by decryption unit 604, to obtain user's identification code and user's password.
In step S909, memory management circuitry 202 can be encoded into user's identification code user's identification code summary and by the second One-Way Hash Function arithmetic element 614 user's password is encoded into user's cryptographic summary by the first One-Way Hash Function arithmetic element 612.
In step S911, memory management circuitry 202 can read first identification code summary and judge whether first identification code summary is same as user's identification code summary from closed security zone 690.For example, memory management circuitry 202 can judge whether first identification code summary is same as user's identification code summary by first comparing unit 622.
When if first identification code summary is same as user's identification code summary, in step S913, memory management circuitry 202 can read first cryptographic summary and judge whether first cryptographic summary is same as user's cryptographic summary from closed security zone 690.For example, memory management circuitry 202 can judge whether first cryptographic summary is same as user's cryptographic summary by second comparing unit 624.
If first cryptographic summary is inequality when user's cryptographic summary, in step S915, memory management circuitry 202 can be given host computer system 1000 by the output password error messages, and step S907 can be performed.
When if first cryptographic summary is same as user's cryptographic summary, in step S917, the password authentification program 602 in the pretrigger sign indicating number of being included in can transmit again start-up command and indicate host computer system 1000 to restart.And in step S919, host computer system 1000 can restart, and memory management circuitry 202 can provide first configuration information to finish boot program to host computer system 1000 and host computer system 1000 according to first configuration information again.As mentioned above, host computer system 1000 can map to the logic access address second storage area 554 according to first configuration information.Particularly, data in second storage area are in the example of being encrypted with the first gold medal key, memory management circuitry 202 can be stored in first ciphertext in the closed security zone 690 with user's password to decipher, obtain the first gold medal key thus, and encrypt the data that the data of desiring to write to second storage area 554 and deciphering are read with the first gold medal key that is obtained from second storage area 554.For example, memory management circuitry 202 can be deciphered first ciphertext by first encryption/decryption element 620 and be obtained the first gold medal key, and the data of coming enciphering/deciphering institute's access in second storage area 554 by second encryption/decryption element 640.
If judge that in step S911 first identification code summary is inequality when user's identification code is made a summary, in step S921, memory management circuitry 202 can read second identification code summary and judge whether second identification code summary is same as user's identification code summary from closed security zone 690.For example, memory management circuitry 202 can judge whether second identification code summary is same as user's identification code summary by first comparing unit 622.
When if second identification code summary is same as user's identification code summary, in step S923, memory management circuitry 202 can read second cryptographic summary and judge whether second cryptographic summary is same as user's cryptographic summary from closed security zone 690.For example, memory management circuitry 202 can judge whether second cryptographic summary is same as user's cryptographic summary by second comparing unit 624.
If second cryptographic summary is inequality when user's cryptographic summary, step S915 can be performed.
When if second cryptographic summary is same as user's cryptographic summary, in step S925, the password authentification program 602 in the pretrigger sign indicating number of being included in can transmit again start-up command and indicate host computer system 1000 to restart.And in step S927, host computer system 1000 can restart, and memory management circuitry 202 can provide second configuration information to finish boot program to host computer system 1000 and host computer system 1000 according to second configuration information again.As mentioned above, host computer system 1000 can map to the logic access address the 3rd storage area 556 logical blocks according to second configuration information.Particularly, data in the 3rd storage area are in the example of being encrypted with the second gold medal key, memory management circuitry 202 can be stored in second ciphertext in the closed security zone 690 with user's password to decipher, obtain the second gold medal key thus, and encrypt the data that the data of desiring to write to the 3rd storage area 556 and deciphering are read with the second gold medal key that is obtained from the 3rd storage area 556.For example, memory management circuitry 202 can be deciphered second ciphertext by first encryption/decryption element 620 and be obtained the second gold medal key, and the data of coming enciphering/deciphering institute's access in the 3rd storage area 556 by second encryption/decryption element 640.
If judge that in step S921 second identification code summary is inequality when user's identification code is made a summary, in step S929, memory management circuitry 202 can be performed for host computer system 1000 and step S907 by output identification code error messages.
In sum; in memorizer memory devices, Memory Controller and the data guard method of an exemplary embodiment; when host computer system is carried out boot program; only can the recognition start-up storage area and carry out the pretrigger pattern with input user's identification code and password; and when working as user's identification code of inputing and password by checking; corresponding user storage area can be identified and access, can protect the data that are stored in the user storage area effectively thus.In addition; in memorizer memory devices, Memory Controller and the data guard method of an exemplary embodiment; the user storage area also can be encrypted and when working as user's identification code of being inputed and password by checking with golden key; the data of institute's access can be deciphered with this golden key, also promote the security of data thus.Moreover; in memorizer memory devices, Memory Controller and the data guard method of above-mentioned exemplary embodiment; after by the password authentification program; host computer system can be required to restart and make BIOS identify new configuration information again; therefore, the running of storage area change can not produce the problem of compatibility.
Though the present invention discloses as above with embodiment; right its is not in order to limiting the present invention, those skilled in the art, under the premise without departing from the spirit and scope of the present invention; can do some changes and retouching, so protection scope of the present invention is to be as the criterion with claim of the present invention.
Claims (25)
1. a data guard method is used for one and can rewrites the formula non-volatile memory module, and this can rewrite the formula non-volatile memory module and have one first storage area and one second storage area at least, and this data guard method comprises:
One preset configuration information and a pretrigger sign indicating number that is stored in this first storage area are provided, come from a start-up command of a host computer system with response, wherein can't identify this second storage area according to this this host computer system of preset configuration information and this pretrigger sign indicating number is performed in this host computer system;
Receive user's identification code and user's password from this host computer system;
Judge whether this user's identification code and this user's password are same as one first identification code and one first password respectively; And
When if this user's identification code and this user's password are same as this first identification code and this first password respectively, transmit one again start-up command indicate this host computer system to restart and after this host computer system restarts, again provide one first configuration information to this host computer system, wherein this host computer system is identified this second storage area and access according to this first configuration information and is stored in data in this second storage area.
2. data guard method as claimed in claim 1 wherein provides this preset configuration information and this pretrigger sign indicating number that is stored in this first storage area, and the step that comes from this start-up command of this host computer system with response comprises:
Read one from this first storage area and encrypted the pretrigger sign indicating number;
Use the golden key of a default start to decipher this and encrypted the pretrigger sign indicating number to obtain this pretrigger sign indicating number; And
Send this pretrigger sign indicating number to this host computer system.
3. data guard method as claimed in claim 1 wherein comprises from the step that this host computer system receives this user's identification code and this user's password:
From this host computer system, receive one and encrypted the use data; And
Decipher this and encrypted user's data to obtain this user's identification code and this user's password.
4. data guard method as claimed in claim 1 also comprises:
Produce one first identification code summary that should first identification code according to one first One-Way Hash Function;
Produce one first cryptographic summary that should first password according to one second One-Way Hash Function;
Use this first password encryption, one first gold medal key to produce one first ciphertext; And
This first identification code summary, this first cryptographic summary and this first ciphertext are stored to the closed security zone that this can rewrite the formula non-volatile memory module.
5. data guard method as claimed in claim 4, judge that wherein the step whether this user's identification code and this user's password are same as this first identification code and this first password respectively comprises:
Produce user's identification code summary that should user's identification code according to this first One-Way Hash Function;
Produce user's cryptographic summary that should user's password according to this second One-Way Hash Function;
From can rewriteeing this closed security zone of formula non-volatile memory module, this reads this first identification code summary and this first cryptographic summary;
Judge whether this user's identification code summary and this user's cryptographic summary are same as this first identification code summary and this first cryptographic summary;
If when this user's identification code summary is same as this first identification code summary with this first cryptographic summary respectively with this user's cryptographic summary, identifies this user's identification code and this user's password and be same as this first identification code and this first password respectively;
If when this user's identification code summary is different from this first identification code summary, export an identification code error messages; And
When if this user's cryptographic summary is different from this first cryptographic summary, export a password error messages.
6. data guard method as claimed in claim 5 also comprises:
If when this user's identification code summary is same as this first identification code summary with this first cryptographic summary respectively with this user's cryptographic summary, use this first ciphertext of this user's password to decipher to obtain this first gold medal key; And
The data of using this first gold medal key deciphering from this second storage area, to read.
7. data guard method as claimed in claim 1, wherein this can rewrite the formula non-volatile memory module and also has one the 3rd storage area, and can't identify the 3rd storage area according to this this host computer system of preset configuration information.
8. data guard method as claimed in claim 7 also comprises:
Judge whether this user's identification code and this user's password are same as one second identification code and one second password respectively; And
When if this user's identification code and this user's password are same as this second identification code and this second password respectively, transmit this again start-up command indicate this host computer system to restart and after this host computer system restarts, again provide one second configuration information to this host computer system, wherein this host computer system is identified the 3rd storage area according to this second configuration information.
9. data guard method as claimed in claim 1, wherein this user's identification code and this user's password are to import by this pretrigger sign indicating number that is executed in this host computer system.
10. a Memory Controller is used for control one and can rewrites the formula non-volatile memory module, and this Memory Controller comprises:
One host interface is in order to be electrically connected to a host computer system;
One memory interface can rewrite the formula non-volatile memory module in order to be electrically connected to this, and wherein this can rewrite the formula non-volatile memory module and has one first storage area and one second storage area at least; And
One memory management circuitry, be electrically connected to this host interface and this memory interface, and in order to a preset configuration information and a pretrigger sign indicating number that is stored in this first storage area to be provided, a start-up command that comes from this host computer system with response, wherein can't identify this second storage area according to this this host computer system of preset configuration information and this pretrigger sign indicating number is performed in this host computer system
Wherein this memory management circuitry is also in order to receiving user's identification code and user's password from this host computer system, and judges whether this user's identification code and this user's password are same as one first identification code and one first password respectively,
When wherein if this user's identification code and this user's password are same as this first identification code and this first password respectively, this pretrigger sign indicating number that is performed transmit one again start-up command indicate this host computer system to restart and after this host computer system restarts, this memory management circuitry provides one first configuration information to this host computer system again, and wherein this host computer system is identified this second storage area and access according to this first configuration information and is stored in data in this second storage area.
11. Memory Controller as claimed in claim 10, wherein this memory management circuitry reads one from this first storage area and has encrypted the pretrigger sign indicating number, use the golden key of a default start to decipher this and encrypted the pretrigger sign indicating number obtaining this pretrigger sign indicating number, and send this pretrigger sign indicating number to this host computer system.
12. Memory Controller as claimed in claim 10, wherein this memory management circuitry receives one and has encrypted and use data and decipher this and encrypted user's data to obtain this user's identification code and this user's password from this host computer system.
13. Memory Controller as claimed in claim 10, wherein this memory management circuitry produces one first identification code summary that should first identification code by one first One-Way Hash Function arithmetic element, produce one first cryptographic summary that should first password by one second one-way Hash arithmetic element, use this first password encryption, one first gold medal key to produce one first ciphertext, and this first identification code summary, this first cryptographic summary and this first ciphertext are stored to the closed security zone that this can rewrite the formula non-volatile memory module.
14. Memory Controller as claimed in claim 13, wherein this memory management circuitry produces user's identification code summary that should user's identification code by this first One-Way Hash Function arithmetic element, produce user's cryptographic summary that should user's password by this second One-Way Hash Function arithmetic element, from can rewriteeing this closed security zone of formula non-volatile memory module, this reads this first identification code summary and this first cryptographic summary, and judge whether this user's identification code summary and this user's cryptographic summary are same as this first identification code summary and this first cryptographic summary
When wherein if this user's identification code summary is same as this first identification code summary with this first cryptographic summary respectively with this user's cryptographic summary, this memory management circuitry identifies this user's identification code and this user's password is same as this first identification code and this first password respectively
If when wherein this user's identification code summary was different from this first identification code summary, this memory management circuitry was exported an identification code error messages,
When wherein if this user's cryptographic summary is different from this first cryptographic summary, this memory management circuitry is exported a password error messages.
15. Memory Controller as claimed in claim 14, when wherein if this user's identification code summary is same as this first identification code summary with this first cryptographic summary respectively with this user's cryptographic summary, this memory management circuitry is also in order to use this first ciphertext of this user's password to decipher to obtain this first gold medal key
Wherein this memory management circuitry is used the data that this first gold medal key deciphering is read from this second storage area.
16. Memory Controller as claimed in claim 10, wherein this can rewrite the formula non-volatile memory module and also has one the 3rd storage area, and can't identify the 3rd storage area according to this this host computer system of preset configuration information,
Wherein this memory management circuitry judges whether this user's identification code and this user's password are same as one second identification code and one second password respectively,
When wherein if this user's identification code and this user's password are same as this second identification code and this second password respectively, this pretrigger sign indicating number that is performed transmit this again start-up command indicate this host computer system to restart and after this host computer system restarts, this memory management circuitry provides one second configuration information to this host computer system again, and wherein this host computer system is identified the 3rd storage area according to this second configuration information.
17. Memory Controller as claimed in claim 10, this pretrigger sign indicating number that wherein is executed in this host computer system can show that an input interface is to require a user and input this user's identification code and this user's password and to transmit this user's identification code and this user's password is given this memory management circuitry.
18. a memorizer memory devices comprises:
A connector is in order to be electrically connected to a host computer system;
One can rewrite the formula non-volatile memory module, has one first storage area and one second storage area at least; And
One Memory Controller, be electrically connected to this connector and this can rewrite the formula non-volatile memory module, and in order to a preset configuration information and a pretrigger sign indicating number that is stored in this first storage area to be provided, a start-up command that comes from this host computer system with response, wherein can't identify this second storage area according to this this host computer system of preset configuration information and this pretrigger sign indicating number is performed in this host computer system
Wherein this Memory Controller is also in order to receiving user's identification code and user's password from this host computer system, and judges whether this user's identification code and this user's password are same as one first identification code and one first password respectively,
When wherein if this user's identification code and this user's password are same as this first identification code and this first password respectively, this pretrigger sign indicating number that is performed transmit one again start-up command indicate this host computer system to restart and after this host computer system restarts, this Memory Controller provides one first configuration information to this host computer system again, and wherein this host computer system is identified this second storage area and access according to this first configuration information and is stored in data in this second storage area.
19. memorizer memory devices as claimed in claim 18, wherein this Memory Controller reads one from this first storage area and has encrypted the pretrigger sign indicating number, use the golden key of a default start to decipher this and encrypted the pretrigger sign indicating number obtaining this pretrigger sign indicating number, and send this pretrigger sign indicating number to this host computer system.
20. memorizer memory devices as claimed in claim 18, wherein this Memory Controller receives one and has encrypted and use data and decipher this and encrypted user's data to obtain this user's identification code and this user's password from this host computer system.
21. memorizer memory devices as claimed in claim 18,
Wherein this Memory Controller produces one first identification code summary that should first identification code by one first One-Way Hash Function arithmetic element, produce one first cryptographic summary that should first password by one second One-Way Hash Function arithmetic element, use this first password encryption, one first gold medal key to produce one first ciphertext, and this first identification code summary, this first cryptographic summary and this first ciphertext are stored to the closed security zone that this can rewrite the formula non-volatile memory module.
22. memorizer memory devices as claimed in claim 21, wherein this Memory Controller produces user's identification code summary that should user's identification code by this first One-Way Hash Function arithmetic element, produce user's cryptographic summary that should user's password by this second One-Way Hash Function arithmetic element, from can rewriteeing this closed security zone of formula non-volatile memory module, this reads this first identification code summary and this first cryptographic summary, and judge whether this user's identification code summary and this user's cryptographic summary are same as this first identification code summary and this first cryptographic summary
When wherein if this user's identification code summary is same as this first identification code summary with this first cryptographic summary respectively with this user's cryptographic summary, this Memory Controller identifies this user's identification code and this user's password is same as this first identification code and this first password respectively
If when wherein this user's identification code summary was different from this first identification code summary, this Memory Controller was exported an identification code error messages,
When wherein if this user's cryptographic summary is different from this first cryptographic summary, this Memory Controller is exported a password error messages.
23. memorizer memory devices as claimed in claim 21, when wherein if this user's identification code summary is same as this first identification code summary with this first cryptographic summary respectively with this user's cryptographic summary, this Memory Controller is also in order to use this first ciphertext of this user's password to decipher to obtain this first gold medal key
Wherein this Memory Controller uses the data that this first gold medal key deciphering is read from this second storage area.
24. memorizer memory devices as claimed in claim 18, wherein this can rewrite the formula non-volatile memory module and also has one the 3rd storage area, and can't identify the 3rd storage area according to this this host computer system of preset configuration information,
Wherein this Memory Controller judges whether this user's identification code and this user's password are same as one second identification code and one second password respectively,
When wherein if this user's identification code and this user's password are same as this second identification code and this second password respectively, this pretrigger sign indicating number that is performed transmit this again start-up command indicate this host computer system to restart and after this host computer system restarts, this Memory Controller provides one second configuration information to this host computer system again, and wherein this host computer system is identified the 3rd storage area according to this second configuration information.
25. memorizer memory devices as claimed in claim 18, this pretrigger sign indicating number that wherein is executed in this host computer system can show that an input interface is to require a user and input this user's identification code and this user's password and to transmit this user's identification code and this user's password is given this Memory Controller.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210041322.1A CN103257938B (en) | 2012-02-21 | 2012-02-21 | Data guard method, Memory Controller and memorizer memory devices |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210041322.1A CN103257938B (en) | 2012-02-21 | 2012-02-21 | Data guard method, Memory Controller and memorizer memory devices |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103257938A true CN103257938A (en) | 2013-08-21 |
| CN103257938B CN103257938B (en) | 2015-12-16 |
Family
ID=48961868
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210041322.1A Active CN103257938B (en) | 2012-02-21 | 2012-02-21 | Data guard method, Memory Controller and memorizer memory devices |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103257938B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103558994A (en) * | 2013-09-29 | 2014-02-05 | 记忆科技(深圳)有限公司 | Method for encrypting solid state disk partitions and solid state disk |
| CN105809067A (en) * | 2014-12-31 | 2016-07-27 | 群联电子股份有限公司 | Data access method and system as well as memory storage apparatus |
| CN107480545A (en) * | 2017-08-10 | 2017-12-15 | 合肥联宝信息技术有限公司 | A kind of data guard method and electronic equipment |
| US10191679B2 (en) | 2014-12-27 | 2019-01-29 | Phison Electronics Corp. | Data accessing method and system and memory storage apparatus |
| CN110069934A (en) * | 2018-01-23 | 2019-07-30 | 群联电子股份有限公司 | Storage system, host system verification method and memory storage apparatus |
| CN110554972A (en) * | 2018-05-31 | 2019-12-10 | 东芝存储器株式会社 | Storage system |
| CN113204805A (en) * | 2021-04-25 | 2021-08-03 | 山东英信计算机技术有限公司 | Server power-on method, system, equipment and medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100122055A1 (en) * | 2008-11-12 | 2010-05-13 | James Lee Hafner | Data integrity validation using hierarchical volume management |
| CN102184143A (en) * | 2011-04-25 | 2011-09-14 | 深圳市江波龙电子有限公司 | Data protection method, device and system for storage device |
-
2012
- 2012-02-21 CN CN201210041322.1A patent/CN103257938B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100122055A1 (en) * | 2008-11-12 | 2010-05-13 | James Lee Hafner | Data integrity validation using hierarchical volume management |
| CN102184143A (en) * | 2011-04-25 | 2011-09-14 | 深圳市江波龙电子有限公司 | Data protection method, device and system for storage device |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103558994A (en) * | 2013-09-29 | 2014-02-05 | 记忆科技(深圳)有限公司 | Method for encrypting solid state disk partitions and solid state disk |
| US10191679B2 (en) | 2014-12-27 | 2019-01-29 | Phison Electronics Corp. | Data accessing method and system and memory storage apparatus |
| CN105809067A (en) * | 2014-12-31 | 2016-07-27 | 群联电子股份有限公司 | Data access method and system as well as memory storage apparatus |
| CN109063518A (en) * | 2014-12-31 | 2018-12-21 | 群联电子股份有限公司 | Data access method and system and memory storage apparatus |
| CN105809067B (en) * | 2014-12-31 | 2019-06-04 | 群联电子股份有限公司 | Data access method and system and memory storage apparatus |
| CN109063518B (en) * | 2014-12-31 | 2022-03-15 | 群联电子股份有限公司 | Data access method and system and memory storage device |
| CN107480545A (en) * | 2017-08-10 | 2017-12-15 | 合肥联宝信息技术有限公司 | A kind of data guard method and electronic equipment |
| CN110069934A (en) * | 2018-01-23 | 2019-07-30 | 群联电子股份有限公司 | Storage system, host system verification method and memory storage apparatus |
| CN110069934B (en) * | 2018-01-23 | 2022-12-13 | 群联电子股份有限公司 | Memory storage system, host system verification method and memory storage device |
| CN110554972A (en) * | 2018-05-31 | 2019-12-10 | 东芝存储器株式会社 | Storage system |
| CN113204805A (en) * | 2021-04-25 | 2021-08-03 | 山东英信计算机技术有限公司 | Server power-on method, system, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103257938B (en) | 2015-12-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI447583B (en) | Data protecting method, memory controller and memory storage device | |
| TWI479359B (en) | Command executing method, memory controller and memory storage apparatus | |
| CN104346103B (en) | Instruction executing method, Memory Controller and memorizer memory devices | |
| CN103257938B (en) | Data guard method, Memory Controller and memorizer memory devices | |
| US8996933B2 (en) | Memory management method, controller, and storage system | |
| KR102176612B1 (en) | Secure subsystem | |
| US11416417B2 (en) | Method and apparatus to generate zero content over garbage data when encryption parameters are changed | |
| TWI405211B (en) | Flash memory storage system, controller and data protecting method thereof | |
| TWI447580B (en) | Memory space managing method, and memory controller and memory storage device using the same | |
| TWI443517B (en) | Memory stroage apparatus, memory controller and password verification method | |
| TWI451248B (en) | Data protecting method, memory controller and memory storage apparatus | |
| TW201337554A (en) | Method of programming memory cells and reading data, memory controller and memory storage device using the same | |
| CN102789430B (en) | Memorizer memory devices, its Memory Controller and access method | |
| TW201633136A (en) | Method for reading response and data transmission system | |
| CN104573537A (en) | Data processing method, memory storage device and memory control circuit unit | |
| CN103324581B (en) | Memory cells and method for reading data, Memory Controller and storage device | |
| CN103034594A (en) | Memory storage device and memory controller and password authentication method thereof | |
| CN114756885A (en) | Firmware loading method, storage device and computer readable storage medium | |
| CN102375943B (en) | Identification code generation method, memory management method, controller and storage system | |
| CN102148054A (en) | Flash memory storage system, controller of flash memory storage system and data falsification preventing method | |
| CN110069934B (en) | Memory storage system, host system verification method and memory storage device | |
| CN103839012A (en) | Flash encrypted storage device | |
| CN117272350B (en) | Data encryption key management method, device, storage control card and storage medium | |
| US20240111670A1 (en) | Method and apparatus for performing access management of memory device in host performance booster architecture with aid of device side table information encoding and decoding | |
| CN103778073A (en) | Data protection method, mobile communication device and storage storing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |