CN110008148A - Memory Controller and for accessing the method for control to memory module - Google Patents
Memory Controller and for accessing the method for control to memory module Download PDFInfo
- Publication number
- CN110008148A CN110008148A CN201810929033.2A CN201810929033A CN110008148A CN 110008148 A CN110008148 A CN 110008148A CN 201810929033 A CN201810929033 A CN 201810929033A CN 110008148 A CN110008148 A CN 110008148A
- Authority
- CN
- China
- Prior art keywords
- data
- memory
- encryption
- memory module
- algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F13/00—Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
- G06F13/14—Handling requests for interconnection or transfer
- G06F13/16—Handling requests for interconnection or transfer for access to memory bus
- G06F13/1668—Details of memory controller
- G06F13/1673—Details of memory controller using buffers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0655—Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
- G06F3/0658—Controller construction arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/067—Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]
Abstract
This application discloses a kind of Memory Controller and for accessing the method for control to memory module.Memory Controller is coupled in the access between memory module and master controller to control master controller to memory module, Memory Controller includes: central buffer, it is couple to the master controller, for receiving data access command from master controller, and it is couple to memory module, for providing the data access command of encryption to memory module;Wherein, central buffer includes visit order processing module, is used to that data access command to be encrypted to generate the data access command of encryption with predetermined command Encryption Algorithm;Data channel is coupled between the memory module and the master controller, and the memory module and the master controller are via the data channel interaction data under the control of the data access command of the encryption.
Description
Technical field
This application involves memory technology fields, more particularly, to a kind of Memory Controller and for storage
Module accesses the method for control.
Background technique
The rapid development of Internet technology enables the network equipments such as computer, mobile terminal to be interconnected and is led to
Letter.By these interconnected network equipments, people can easily obtain information.However, in convenient acquisition of information
While, data and information security issue are also increasingly prominent.The equipment of networking be easy to due to accidental or malice the reason of by
The attack of unauthorized external equipment, to cause the destruction of internal data, leakage or change.
Therefore, it is necessary to existing computer or other electronic equipments be improved, to improve its Information Security.
Summary of the invention
One of the application is designed to provide a kind of Memory Controller and for accessing control to memory module
The method of system, to improve its Information Security.
According to the one aspect of the application, a kind of Memory Controller is provided, memory module and main control are coupled in
To control access of the master controller to the memory module between device, the Memory Controller includes: central buffer,
It is couple to the master controller, for receiving data access command from the master controller, and is couple to the storage mould
Block, for providing the data access command of encryption to the memory module;Wherein, the central buffer includes at visit order
Module is managed, with predetermined command Encryption Algorithm, the visit order processing module is used for the predetermined command Encryption Algorithm
The data access command is encrypted to generate the data access command of the encryption;And the wherein storage mould
Block is mutually coupled with the master controller by data channel, the storage under the control of the data access command of the encryption
Module and the master controller are via the data channel interaction data.
In some embodiments, the data access command and the data access command of the encryption include respective access
Address, the encryption make the access address for including in the data access command of the encryption be different from the data access
The access address for including in order.
In some embodiments, the central buffer receiving algorithm configuration order is come to the visit order processing module
In the predetermined command Encryption Algorithm configured, wherein the central buffer is for receiving the algorithm configuration order
Interface is the interface or system management bus interface of visit order for receiving data.
In some embodiments, the predetermined command Encryption Algorithm in the visit order processing module is deposited described
What memory controller was arranged when starting.
In some embodiments, the visit order processing module also has predetermined command decipherment algorithm, the memory
The received data access command of controller is the data access command of pre-encrypt, and the Memory Controller is also used to described pre-
Determine order decipherment algorithm the data access command of the pre-encrypt is decrypted, thus later further with described predetermined
The data access command of decryption is encrypted in order Encryption Algorithm.
In some embodiments, the Memory Controller further include: data buffer is coupled in the data channel
In, and the central buffer is couple to receive the data access command of the encryption from the central buffer, thus
The master controller and the memory module are via slow including the data under the control of the data access command of the encryption
Rush the data channel interaction data of device.
In some embodiments, the data buffer includes data processing module, and the data processing module has pre-
Determine at least one of data encryption algorithm and tentation data decipherment algorithm;The data processing module is used for from the main control
Device or the memory module receive data, and the data are encrypted with the tentation data Encryption Algorithm, and will
The data of encryption are sent to the master controller or the memory module;Or the data processing module is used for from the master control
Device processed or the memory module receive the data of encryption, are solved with the tentation data decipherment algorithm to the data of the encryption
Close processing, and the data of decryption are sent to the master controller or the memory module.
In some embodiments, there is the data processing module tentation data Encryption Algorithm and tentation data decryption to calculate
Method;The data processing module is used to receive the data of pre-encrypt from the master controller, with the tentation data decipherment algorithm
The data of the pre-encrypt are decrypted, later further with the tentation data Encryption Algorithm to the data of decryption into
Row encryption, and the data of encryption are sent to the memory module.
In some embodiments, the central buffer passes through data buffer control bus phase with the data buffer
Mutually coupling, the data processing module is by the data buffer control bus receiving algorithm configuration order, wherein the calculation
Method configuration order is for matching at least one of the tentation data Encryption Algorithm and the tentation data decipherment algorithm
It sets.
In some embodiments, the tentation data Encryption Algorithm and the tentation data in the data processing module
Decipherment algorithm is arranged in Memory Controller starting.
In some embodiments, it is synchronous dynamic with the Memory Controller to meet JEDEC Double Data Rate for the memory module
State random access memory standard, the central buffer are integrated in deposit clock driver.
According to the another aspect of the application, a kind of Memory Controller is additionally provided, memory module and master control are coupled in
To control access of the master controller to the memory module between device processed, the Memory Controller includes: central buffer
Device is couple to the master controller, for receiving data access command from the master controller, and is couple to the storage
Module, for providing data access command to the memory module;Data buffer is couple to the central buffer, uses
In receiving the data access command from the central buffer, and be coupled in the master controller and the memory module it
Between, under the control of the data access command between the master controller and the memory module interaction data;With
And wherein, the data buffer includes data processing module, the data processing module have tentation data Encryption Algorithm and
At least one of tentation data decipherment algorithm;The data processing module is used for from the master controller or the memory module
Data are received, the data are encrypted with the tentation data Encryption Algorithm, and the data of encryption are sent to
The master controller or the memory module;Or the data processing module is used for from the master controller or the storage mould
Block receives the data of encryption, and the data of the encryption are decrypted with the tentation data decipherment algorithm, and will solution
Close data are sent to the master controller or the memory module.
At the another aspect of the application, additionally provide it is a kind of for accessing the method for control to memory module, it is described
Memory module is couple to master controller by Memory Controller, and is couple to the master controller, institute by data channel
Stating Memory Controller includes the central buffer with visit order processing module, wherein the visit order processing module has
There is the predetermined command Encryption Algorithm for data visit order to be encrypted;The described method includes: being delayed by the center
It rushes device and receives data access command;The data access command is encrypted described in generation as the central buffer
The data access command of encryption;The data access command of the encryption is supplied to the storage mould by the central buffer
Block;And via the data channel according to the data access command of the encryption in the master controller and the memory module
Between interaction data.
The application's in another aspect, additionally provide it is a kind of for accessing the method for control to memory module, it is described
Memory module is couple to master controller by Memory Controller, and the Memory Controller includes central buffer and has
The data buffer of data processing module, wherein the data processing module has tentation data Encryption Algorithm and tentation data solution
At least one of close algorithm;The described method includes: receiving data access command by the central buffer;According to the data
Visit order, the central buffer control the data buffer and receive number from the master controller or the memory module
According to, the data are encrypted with the tentation data Encryption Algorithm by the data processing module, and will encryption
Data be sent to the master controller or the memory module;Or according to the data access command, the central buffer
Device controls the data that the data buffer receives encryption from the master controller or the memory module, by the data processing
Module is decrypted the data of the encryption with the tentation data decipherment algorithm, and the data of decryption are sent to
The master controller or the memory module.
The above are the general introductions of the application, may there is the case where simplification, summary and omission details, therefore those skilled in the art
Member is it should be appreciated that the part is only Illustrative, and is not intended to restriction the application range in any way.This general introduction portion
Point be both not intended to determine the key features or essential features of claimed subject, nor be intended as determination it is claimed
The supplementary means of the range of theme.
Detailed description of the invention
By following description and appended claims and in conjunction with attached drawing, it will be more fully clearly understood that this
Apply for the above and other feature of content.It is appreciated that these attached drawings depict only several embodiments of teachings herein, because
This is not considered as the restriction to teachings herein range.By using attached drawing, teachings herein will obtain definitely and
It explains in detail.
Fig. 1 a shows the storage system 100 according to the application one embodiment;
Fig. 1 b shows the storage system 100 ' according to the application one embodiment;
Fig. 1 c shows the storage system 100 " according to the application one embodiment;
Fig. 2 shows a kind of exemplary structures according to the central buffer 200 of the application one embodiment;
Fig. 3 shows a kind of exemplary structure of the data buffer 300 according to the application one embodiment;
Fig. 4 shows the storage system 400 according to the application one embodiment;
Fig. 5 shows the method 500 of the control that is used to access to memory module according to the application one embodiment;
Fig. 6 shows the method 600 of the control that is used to access to memory module according to the application one embodiment.
Specific embodiment
In the following detailed description, with reference to the part thereof of attached drawing of composition.In the accompanying drawings, the usual table of similar symbol
Show similar component part, unless otherwise indicated by context.Illustrative reality described in detailed description, drawings and claims
The mode of applying is not intended to limit.It, can be using other implementations without departing from the spirit or scope of the theme of the application
Mode, and other variations can be made.It is appreciated that can describing to generality in the application, diagram is said in the accompanying drawings
The various aspects of bright teachings herein carry out a variety of differently composed configurations, replacement, combination, design, and all these all bright
Really constitute a part of teachings herein.
Fig. 1 a shows the storage system 100 according to the application one embodiment.
As shown in Figure 1a, which includes memory module 102, is configured to store in the present embodiment
Mould group, for storing data.In some embodiments, memory module 102 can be meet JEDEC Double Data Rate synchronous dynamic with
Machine accesses the memory module of memory (SDRAM) standard, for example including JEDEC DDR, DDR2, DDR3, DDR4 and other pairs
Times rate memory standards.In addition, memory module 102 is also possible to meet the internal storage of other standards or agreement, such as
SDRAM or RAMBUS internal storage is also possible to meet the memory of future memory standard or agreement.In some embodiments
In, memory module 102 may include volatile memory (such as dynamic RAM), nonvolatile memory (flash memory
Reservoir, such as NAND or NOR flash memory) or combination of the two.In further embodiments, memory module 102 is gone back
It can be the novel memory devices manufactured using different production technologies, including but not limited to: reluctance type memory, phase change memory
Device, resistance-type memory, half floating-gate memory or other any type of memories.It is appreciated that memory module 102 can
To be made of a type of memory, perhaps also may include it is aforementioned or other types memory a variety of or whole or
More other types memories.
Furthermore it should be noted that memory module described herein 102 can be a memory particle, also may include
Two or more memory particles.Further, the structure of memory module 102 is included storage array or memory particle
Various suitable interconnection structures can be used.For example, multiple memory particles can constitute a memory module in parallel;Substitution
Ground, multiple memory particles can also use multilevel interconnection structure (such as two-stage).For example, one or more memory particles are made
It is stored for the first order, and other one or more memory particles can be used as second level storage, provide depositing for different levels
Storage.And the second storage level of lower layer grade can store the external interaction data with memory module entirety by the first order.Specifically
Memory hierarchy will be explained further below.
As shown in Figure 1a, storage system 100 further includes Memory Controller 104, with 106 sum number of central buffer
According to buffer (DB_P) 108.Specifically, central buffer 106 is coupled between master controller 110 and memory module 102, can
To receive the data access command for including access address and access type from master controller 110.For example, data access command can be with
It is the life of (such as read or write-in) of accessing to an address data memory (i.e. access address) in memory module 102
It enables.Data buffer 108 is coupled between memory module 102 and master controller 110, for the control in central buffer 106
Under between memory module 102 and master controller 110 interaction data.For the storage system of DDR3 or DDR4 standard, center
Buffer can be integrated in deposit clock driver (RCD).Correspondingly, central buffer passes through command/address
(Command/Address, C/A) bus is couple to master controller 110 to receive data access command.For meeting DDR4 standard
Storage system, which may include pin A0-A17, pin BG0-BG1
And/or pin BA0-BA1.Wherein, pin BG0-BG1 is used to which memory bank group (Memory in memory module 102 to be determined
Bank Group) it is processed, such as be written into or be read;Pin BA0-BA1 is for determining which of memory module 102 is deposited
It is processed to store up body (Memory Bank);And pin A0-A17 is then used to address and determine which of memory bank to store
Unit is processed.In addition, the input of A16 (RAS_n), A15 (CAS_n) and A14 (WE_n) these three pins can be used for really
Surely the data access command being entered, such as reading order, writing commands and other control commands being predefined.
Different from existing central buffer, visit order processing module (CA_P) is provided in central buffer 106
112, it is constructed with the module of data processing and operational capability.In some embodiments, visit order handles mould
Block 112 can be realized by software, hardware, firmware or combinations thereof.For example, visit order processing module 112 can be dedicated collection
At circuit or Field Programmable Logic Array chip.Visit order processing module 112 can be to the number for receiving autonomous control device 110
It is handled according to visit order, to generate the data access command of modification.
Further, the data access command of modification can be supplied to memory module 102 by visit order processing module 112
With data buffer 108, so that the two can continue to execute data access operation according to the data access command of modification.Example
Such as, visit order processing module 112 can be via the command/address bus between central buffer 106 and memory module 102
QCA provides the data access command and other control commands of modification, and via central buffer 106 and data buffer 108
Between data buffer control bus BCOM come provide modification data access command and other control commands.In some implementations
In example, visit order processing module 112 can generate one or more according to the access address for including in data access command
Access address, these access address can be provided to memory module 102 with the addressing use in access.For example, command/address
Bus QCA can be configured between memory module 102 and central buffer 106, with signal and command interaction therebetween.
Meanwhile visit order processing module 112 generates corresponding access type also according to the access type of data access command, this
Sample, data buffer 108 can be controlled according to access type generated in memory module 102 be accessed storage unit with
Data interaction between master controller 110.
Visit order processing module 112 can generate the data access command of modification in various required modes.One
In a little embodiments, visit order processing module can be encoded the access address in data access command, so that repairing
The data access command changed includes encoded access address.In further embodiments, visit order processing module can be with
Presumptive address Processing Algorithm handles the access address in data access command, to generate one based on the access address
Group access address.Each access address in the newly-generated access address of the group can correspond to the data access of a modification
Order.Optionally, the data access command of these modifications can have access type identical with original data access command.
For example, the data access command received from master controller 110 may be to read an access address in memory module 102
The data access command taken, then the data access command of newly-generated modification can be to multiple visits relevant to the access address
Ask the data access command that address is read out.
In some embodiments, visit order processing module 112 can have predetermined command Encryption Algorithm and/or predetermined life
Enable decipherment algorithm.Wherein, by order Encryption Algorithm, visit order processing module 112 can be to received data access command
In include access address be encrypted so that the access address of encryption is different from (clear-text way) before encrypting
Access address.The access address of encryption can be included in the data access command of modification, namely the data as encryption are visited
Ask order.In this way, the data access command of encryption can be provided to memory module 102 and data buffer 108 in turn, with control
Data buffer 108 processed interaction data between memory module 102 and master controller 110.It is appreciated that described herein mentioned
The data access command of the encryption of supply memory module 102 and data buffer 108 can be complete order, or complete
A part in visit order.For example, data access command usually may include access address and access type.For storing mould
For block 102, for the needs of addressing, only needs to obtain in the data access command of encryption from central buffer 106 and include
Encrypted access address.For example, the storage unit for corresponding to the access address of encryption in memory module 102 can be by
Addressing is to carry out data access.Similarly, it for data buffer 108, needs to obtain access type from central buffer 106
The information of (such as read or be written).In this way, memory module 102 and data buffer 108 are provided in central buffer 106
Encryption data access command control under, complete data access.It should be noted that the access of encryption described herein
Location is different from access address before encrypting and is not meant to the inevitable difference of the two, and refers in statistical significance (big absolutely
The two is different in most cases).In some cases, the encryption rule depending on order Encryption Algorithm exists certain
Probability, the access address of the encryption and access address of unencryption is identical (for example, for 50 access address, has one adding
The address of close front and back is identical).
It should be noted that the processing that data and/or address are encrypted or decrypted and the place for being scrambled or being descrambled
Reason is substantially similar, therefore the encryption mentioned in this application includes scrambling, and decrypting includes descrambling.
For example, the data access that master controller 110 carries out memory module 102 for example may include read operation and
Write operation.When carrying out write operation, the write operation order of unencryption is sent to central buffer by master controller 110
106.Wherein, the first address in memory module 102 is directed toward in the write operation order of unencryption.Correspondingly, central buffer 106
The write operation order is encrypted with predetermined command Encryption Algorithm, to generate the write operation order of encryption.Its
In, the second address in memory module 102 is directed toward in the write operation order of encryption.Based on second address, autonomous control is received
The data of device 110 are written in memory module 102 via data buffer 108.On the other hand, when being read,
The read operation order of unencryption is sent to central buffer 106 by master controller 110, and the read operation order is for example for reading
Take the corresponding data in the first address.Correspondingly, central buffer 106 with predetermined command Encryption Algorithm to the read operation order into
Row encryption, to generate the read operation order of encryption.Wherein, due to read operation order and write operation order into
Row encryption is using identical order Encryption Algorithm, therefore memory module 102 is similarly directed toward in the read operation order encrypted
In the second address.In this way, the data being written in the second address in write operation can be properly read out.
As can be seen that visit during above-mentioned encrypted access, between Memory Controller 104 and memory module 102
Ask it is encrypted.In the case where not knowing the information of predetermined command Encryption Algorithm, master controller 110 can not know
Which address in memory module 102 stores desired data.Therefore, the illegal program run on master controller 110, or
Other illegal programs can not be accessed in desired memory module 102 by sending the address of specified memory module
Data, which greatly enhances the safeties of data access.
In some embodiments, the data access command received from master controller 110 can be the data access of pre-encrypt
Order.Such as master controller 110 can use predetermined order Encryption Algorithm A and encrypt to data access command, and
And generate the data access command of pre-encrypt.Correspondingly, central buffer 106 the data access command for receiving pre-encrypt it
It afterwards, can be with the data access command of corresponding order decipherment algorithm A ' Lai Xiemi pre-encrypt, so that the data for obtaining unencryption are visited
Ask order.Then, central buffer 106 carrys out the data access life to unencryption further with order Encryption Algorithm B therein
Order is encrypted, to obtain the data access command of secondary encryption.Based on the data access command of the secondary encryption, connect
The data for receiving autonomous control device 110 can be written in memory module 102.As can be seen that this method is to master controller 110
Command communication between Memory Controller 104 has also carried out encryption, and which further improves the safety of storage system
Property.
Visit order processing module 112 has scheduled order Encryption Algorithm and/or order decipherment algorithm.These algorithms can
To be configured by the configuration information stored in register table.Just it has been observed that master controller 110 can be via command/address
(Command/Address, C/A) bus to send data access command to central buffer 106.In some embodiments, main
Controller 110 can be by identical bus come to 106 transmission algorithm configuration order of central buffer, which can
With for in visit order processing module 112 order Encryption Algorithm or decipherment algorithm configure.In this way, at visit order
Reason module 112 can be loaded in order Encryption Algorithm and/or order decipherment algorithm or visit order processing module 112
Some order Encryption Algorithm and/or order decipherment algorithm can be modified or be configured.For example, can use command/address bus
In for certain signal wires of sending mode configuration order (Mode Register Set, MRS) carry out transmission algorithm configuration order.
In further embodiments, master controller 110 can be matched with different interface/buses to 106 transmission algorithm of central buffer
Set order.For example, can be come by System Management Bus (System Management Bus, SMBus) interface to central buffer
106 transmission algorithm configuration order of device.Since these dedicated interfaces often can not be accessed by illegal program, these are used
Interface carrys out the safety that transmission algorithm configuration order helps to improve system.
In some embodiments, the load or modification of order Encryption Algorithm and/or order decipherment algorithm can be dynamically,
Namely when Memory Controller 104 starts (powering on), these algorithms are loaded into visit order processing module 112;And work as
When 104 power down of Memory Controller, or when central buffer 106 resets, the data of these algorithms and configuration will be clear
It removes.
In the embodiment shown in Fig. 1 a, in addition at central buffer 106 be provided with visit order processing module 112 it
Outside, data processing module (D_P) 114 is provided with also in data buffer 108.The data processing module 114 can be from its institute
The master controller 110 and/or memory module 102 of coupling receive data, and with tentation data Processing Algorithm to received data
It is handled, processed data is sent to master controller 110 and/or memory module 102 again later.In some embodiments
In, when the instruction of master controller 110 reads data from memory module 102, data buffer 108 can be buffered from memory module
102 received data, and the data are handled by data processing module 114.In this way, the number that master controller 110 obtains
According to being processed data.In further embodiments, when master controller 110 indicates that data are written to memory module 102, number
Can also buffer according to buffer 108 from the received data of master controller 110, and by data processing module 114 to the data into
Row processing, is then written memory module 102 again.In this way, the data being stored in memory module 102 are processed datas.
In some embodiments, data processing module 114 can from memory module 102 receive data and to the data into
Row processing, so that processed data is sent to memory module 102.In other words, have benefited from the number in data buffer 108
According to processing module 114, data can be directly processed in Memory Controller 104, without being transferred to master controller 110
In handled, this dramatically reduces the data interactions between master controller 110 and memory module 102, and can have
Improve data-handling efficiency in effect ground.
It is similar with visit order processing module 112, data processing module 114 can have tentation data Encryption Algorithm and/
Or tentation data decipherment algorithm.Wherein, data encryption algorithm can be encrypted data, and data deciphering algorithm can be with
The data encrypted are decrypted.It, can using data processing module 114 depending on the source of data and the difference of whereabouts
To realize complicated encryption/decryption process, to improve the safety of entire memory module.
In some embodiments, data processing module 114 can have matched data encryption algorithm and data deciphering is calculated
Method.When carrying out write operation, data buffer 108 can receive data from master controller 110, and by data processing module
114 are encrypted the data with data encryption algorithm, and the data of encryption are written in memory module 102.Phase
Ying Di, when being read, data buffer 108 can read the data of encryption from memory module 102, and with number
It is decrypted according to data of the decipherment algorithm to the encryption, and the data of decryption is sent to master controller 110.It can see
Out, also difficult even if illegal program obtains these data since the data being stored in memory module 102 are encryption datas
Decrypted to it to obtain correct data content, this improves the safety of storage system.
In other embodiments, data processing module 114 can only have data encryption algorithm, be used for from storage mould
The data read in block 102 are encrypted, so that the data of encryption can be sent to master controller 110 by data buffer 108.
Correspondingly, master controller 110 can have matched data deciphering algorithm, so that the data to encryption are decrypted.Change speech
It, master controller 110 is encryption to the read operation of memory module 102, and only legal procedure (has or can call matching
Data deciphering algorithm) to the data deciphering of reading and correct data content can be obtained.
In further embodiments, data processing module 114 can have multiple data encryption algorithm and data deciphering is calculated
Method.For example, the data that the data that master controller 110 is sent in Memory Controller 104 can be pre-encrypt (use a kind of number
According to Encryption Algorithm C).When carrying out write operation, data buffer 108 receives the data of pre-encrypt from master controller 110, and
The data of pre-encrypt are decrypted with matched data deciphering algorithm C ' by data processing module 114, thus decrypted
Data.Meanwhile data processing module 114 also has other data encryption algorithm D and data decipherment algorithm D '.Further,
Data processing module 114 can carry out encryption again with data of the data encryption algorithm D to decryption to obtain again
The data of encryption, so that the data of re-encrypted can be written in memory module 102 by data buffer 108.Correspondingly, when
When being read, data buffer 108 receives the data of encryption from memory module 102, and to data deciphering algorithm
The data of encryption are decrypted in D ', thus the data decrypted.Later, data buffer 108 can be again by decryption
Data be sent to master controller 110.
Data processing module 114 can also carry out rewriting operation to data in yet other embodiments,.In the case,
Place can be decrypted to the encryption data stored in memory module 102 with tentation data decipherment algorithm in data processing module 114
Reason, and modified later with data of the scheduled data processing algorithm to decryption.Later, data processing module 114 may be used also
Encryption is re-started with scheduled data encryption algorithm with the data to modification, and the data of encryption are write back into storage
In module 102.
In some embodiments, data buffer 108 may include multiple data buffer unit group 108i, and every number
Correspond to a data processing submodule 114i according to buffer cell group 108i.Each data processing submodule 114i is in addition to being coupled in
Except in the link of data buffer unit group 108i where it, different data processing submodule 114i also passes through bidirectional interface
BOP (such as BOP01, BOP12 ... BOP67 and BOP70 in Fig. 1 a) is mutually coupled, so as in multiple data buffering lists
Interaction data between tuple 108i.Interaction data can satisfy various data operations between different data buffer unit group 108i
The demand of operation.In some embodiments, BOP interface can be the bidirectional bus structure of two lines, include a clock and 1
Bidirectional data line carries out bidirectional data interaction by the agreement of agreement.In further embodiments, which is also possible to three lines
Bus structures, including a clock, a transmission direction indication signal and 1 bidirectional data line.The bandwidth of BOP interface can
To be increased by the quantity for increasing bidirectional data line.
The operational order that data processing module 114 can be provided with responsing center's buffer 106.For example, the operational order can
To be transmitted by the data buffer control bus (BCOM) between central buffer 106 and data buffer 108.Some
In the storage system for meeting DDR4 standard, for example, billows rise M88DDR4DB02 that scientific and technological (Shanghai) Co., Ltd. provides and
M88DDR4RCD02 chip (about the technical information of these chips, can refer to its product technology handbook, these product technology hands
The full content of volume is incorporated herein by reference), data buffer control bus can be 4 signal wires.
In some embodiments, data processing module 114 can be configured by data buffer control bus receiving algorithm
Order, wherein algorithm configuration order is used to carry out at least one of tentation data Encryption Algorithm and tentation data decipherment algorithm
Configuration.
In some embodiments, the load or modification of data encryption algorithm and/or data deciphering algorithm can be dynamically,
Namely when Memory Controller 104 starts (powering on), these algorithms are loaded into visit order processing module 112;And work as
When 104 power down of Memory Controller, or when data buffer 108 resets, the data of these algorithms and configuration will be clear
It removes.
It include simultaneously visit order processing module 112 and data processing module 114 in embodiment shown in Fig. 1 a, therefore
After visit order processing module 112 encrypts data access command, data processing module 114 can be according to the data of encryption
Visit order to carry out encryption/decryption process to data, and in turn by encryption/decryption data in memory module 102 and master
It is interacted between controller 110.In some embodiments, central buffer 106 handles data access command or encryption
Data access command can determine the encryption and/or decryption oprerations that data processing module 114 will be executed specifically.Correspondingly, in
Heart buffer 106 can provide the encryption or decryption algorithms or instruction that will specifically execute to data processing module 114, at data
Reason module 114 can be handled data according to obtained relevant information.
It is appreciated that in practical applications, Memory Controller can only include visit order processing module 112 and data
One in processing module 114.For example, Memory Controller can only include visit order processing module 112, add to generate
The data access command of close data access command, these modifications can not modify to data with designation date buffer 108
And only carry out the operation such as conventional reading, write-in.For another example Memory Controller can also only include data processing module 114,
Encryption or decryption process is carried out to the data to buffering, the type of specific data manipulation can be led to by central buffer 106
The data access command of BCOM bus offer is crossed to determine.
Fig. 2 shows a kind of exemplary structures according to the central buffer 200 of the application one embodiment.
As shown in Fig. 2, the central buffer 200 includes two be coupled between receiving side (side D) and outlet side (side Q)
Signal road warp, respectively buffer 202 and visit order processing module 204.For this path of buffer 202, receiving
To after the data access command (CMD&ADDR) including access address and access type, which will not be to data access
Order carries out additional processing, and is only to buffer the order, and later export it from outlet side.And for visit order
Processing module 204 comprising computing unit 206 and control unit 208.It is issued when it is received by main control module (not shown)
After data access command, it can judge whether to need to carry out address process and corresponding operational order by pre-set trigger condition
It generates, namely whether needs to modify to data access command.After meeting trigger condition, visit order processing module 204
It is encrypted using computing unit 206, and generates the data access command of encryption.Later, control unit 208 can lead to
It crosses multiple selector (MUX) and the output of central buffer 200 is switched to visit order processing module 204 by buffer 202
Output, at the same sent by BCOM bus corresponding control signal to data buffer each data processing module (in figure
It is not shown), to indicate that these data processing modules execute corresponding data processing operation.
In some embodiments, buffer 202 and visit order processing module 204 can be matched by what is stored in register table
Confidence breath is configured, and the configuration information of register table can be modified by SMBus interface.
Fig. 3 shows a kind of exemplary structure of the data buffer 300 according to the application one embodiment.
As shown in figure 3, the data buffer 300 includes two numbers being coupled between master controller side and memory module side
According to path, respectively via bidirectional buffer 302 and via data processing module 304.For bidirectional buffer 302 this all the way
Diameter will not be handled the data received, and only buffered data.And for data processing module 304 comprising
Computing unit 306 and control unit 308.Wherein, computing unit 306 also passes through the number of BOP interface and adjacent data buffer
According to processing module interaction data.Therefore, the control that computing unit 306 can be received from BCOM bus according to control unit 308
System order encrypts data and/or decryption processing accordingly.When operation needs the data of other data buffers, number
BOP interface and adjacent data buffer can be passed through according to processing module 304 and carry out data interaction, wherein BOP_L interface be used for and
The data buffer in left side carries out data interaction, and BOP_R interface is used for and the data buffer on right side carries out data interaction.
In some embodiments, bidirectional buffer 302 and data processing module 304 can be matched by what is stored in register table
Confidence breath is configured.
It should be noted that the circuit structure of Fig. 2 and central buffer shown in Fig. 3 and data buffer is only example
Property, in practical applications, it can according to need and modify to these circuit structures.
In the storage system 100 shown in Fig. 1 a, the data interaction between memory module 102 and master controller 110 is
It is carried out via data buffer 108, such as low-load double in-line memory module/mould group (LRDIMM, Load Reduced
Dual-Inline-Memory-Modules).In other words, data buffer 108 is by as memory module 102 and master controller
A part of data channel between 110.In the embodiment of some replacements, between memory module 102 and master controller 110
Data channel can not also include data buffer 108.
Fig. 4 shows the storage system 400 according to the application one embodiment.As shown in figure 4, in the storage system
In 400, memory module 402 and master controller 410 are mutually coupled by data channel 405, thus interaction data therebetween.With figure
The storage system 100 of 1a and Fig. 1 b is different, is not coupled with data buffer between data channel 405.In some embodiments,
Storage system 400 for example can be using deposit dual-in-line storage mould group/module (RDIMM, Registered DIMM).
In addition, storage system 400 further includes central buffer 406, master is couple to via command/address bus DCA
Controller 410, and the command/address bus QCA by buffering is couple to memory module 402.It is slow with center shown in Fig. 1 a
Rush that device 106 is similar, central buffer 406 may include the visit order processing module with predetermined command Encryption Algorithm.Center
Buffer 406 can receive data access command from master controller 410, and be encrypted data access command with life
At the data access command of encryption.Then, central buffer 406 can be via the command/address bus QCA of buffering by encryption
Data access command is sent to memory module 402.In this way, central buffer 406 is direct according to the data access command of the encryption
The addressing of memory module 402 is controlled, so that data can be written from master controller 410 or to master controller 410 for memory module 402
Read data.In some embodiments, algorithm configuration order can be sent to central buffering by System Management Bus (SMBus)
Device 406.
It, can be with reference to slow to center in embodiment shown in Fig. 1 a about the more multi-functional and characteristic of central buffer 406
The description of device 106 is rushed, details are not described herein.
On the other hand, the Memory Controller of the embodiment of the present application can also be applied to the storage of various types and structure
In device.Fig. 1 b is the storage system 100 ' shown according to another embodiment of the application, storage system 100 ' and Fig. 1 a institute
The structure for the storage system 100 shown is roughly the same, and difference essentially consists in memory module 102 ' different from the storage mould in Fig. 1 a
Block 102.In Figure 1b, Memory Controller be applied to include two-level memory submodule memory module 102 '.It can manage
Solution, in some embodiments, Memory Controller can be applied similarly to the storage system with more storage levels.Storage
Structure identical with storage system 100 shown in Fig. 1 a, principle or mechanism, just repeat no more herein in device system 100 '.
As shown in Figure 1 b, which includes multiple first order sub-module stored 102a ', the storage of these first order
Submodule 102a ' is couple to master controller 110 ' by the data buffer 108i ' of difference, to interact data.The storage
Module 102 ' further includes second level sub-module stored 102b ', passes through data/address bus 102c ' and multiple first order sub-module storeds
102a ' is mutually coupled with interaction data.In addition, all first order sub-module stored 102a ' and second level sub-module stored 102b '
Central buffer 106 ' is couple to by command/address bus QCA, to be grasped under the control of central buffer 106 '
Make.In embodiment as shown in Figure 1 b, second level sub-module stored 102b ' passes through the signal wire CON being separately provided and is couple to
Central buffer 106 ', to be operated under the control of central buffer 106 '.In further embodiments, the second level stores
Submodule 102b ' can also be couple to central buffer 106 ' by other signal wires, for example, by BCOM bus or order/
Address bus QCA is couple to central buffer 106 ';Or central buffer can also be couple to by the combination of aforementioned signal line
Device 106 '.That is, the sub-module stored of different stage can be couple to central buffer by identical or different signal wire
Device.
Fig. 1 c is the storage system 100 " shown according to another embodiment of the application.As illustrated in figure 1 c, the memory
First order sub-module stored 102a " and second level sub-module stored 102b " in the memory module 102 " of system 100 " passes through
Command/address bus QCA is couple to central buffer 106 ".The other parts and Fig. 1 b of storage system 100 " shown in Fig. 1 c
Shown in storage system 100 ' it is essentially identical, details are not described herein.
Referring still to shown in Fig. 1 b, it will be understood that first order sub-module stored 102a ' can be with second level sub-module stored
102b ' has different type of memory.For example, first order sub-module stored 102a ' can be volatile memory, and second
Grade sub-module stored 102b ' can be nonvolatile memory (such as solid-state memory or magnetic storage).It is appreciated that
In embodiment shown in Fig. 1 b, second level sub-module stored 102b ' is single memory particle.In some other embodiments
In, second level sub-module stored 102b ' may include multiple memory particles, and each first order sub-module stored 102a '
Accordingly it is couple to the memory particle of one or more second level sub-module stored 102b '.
When data are written, central buffer 106b ' can send order, indicate first to first order sub-module stored
Data are written in 102a ', and then further instruction second level sub-module stored 102b ' is obtained from first order sub-module stored 102a '
Data, data at this moment are safe.Alternatively, central buffer 106b ' can also send order, indicate first to the first order
Data are written in sub-module stored 102a ', then further indicate sub-module stored 102b ' in the second level from first order sub-module stored
102a ' obtains data and designation date storage address, and the data of moment address field are safe.
The process for reading data from memory module is similar with write-in, and details are not described herein.
The Memory Controller of embodiments herein can be applied in memory, and this storage system
It can be used in different computer systems.
Fig. 5 shows the method 500 of the control that is used to access to memory module according to the application one embodiment.It should
Method 500 can the Memory Controller shown in such as Fig. 1 a or Fig. 1 b, 1c deposited to execute, or by for example shown in Fig. 4
Memory controller executes.
As shown in figure 5, method 500 includes:
Step 502, data access command is received by central buffer;
Step 504, data access command is encrypted by central buffer to generate the data access of encryption and order
It enables;
Step 506, the data access command of encryption is supplied to memory module by central buffer;And
Step 508, it is handed between master controller and memory module via data channel according to the data access command of encryption
Mutual data.
In some embodiments, data buffer is coupled in data channel.
In some embodiments, the data access command and the data access command of the encryption include respective access
Address, the encryption make the access address for including in the data access command of the encryption be different from the data access
The access address for including in order.
In some embodiments, the predetermined command Encryption Algorithm in the visit order processing module is deposited described
What memory controller was arranged when starting.
In some embodiments, the visit order processing module also has predetermined command decipherment algorithm, and the center is slow
The data access command that the received data access command of device is pre-encrypt is rushed, the method also includes:
The data access command is being encrypted by the central buffer to generate the data of the encryption
Before the step of visit order, visited by the central buffer with data of the predetermined command decipherment algorithm to the pre-encrypt
Ask that order is decrypted.
Fig. 6 shows the method 600 of the control that is used to access to memory module according to the application one embodiment.It should
Method 600 can shown in such as Fig. 1 a or 1b, 1c Memory Controller execute.
As shown in fig. 6, in step 602, receiving data access command by central buffer;And
In step 604, according to data access command, central buffer controls data buffer from master controller or storage
Module receives data, and data are encrypted with tentation data Encryption Algorithm by data processing module, and by encryption
Data are sent to master controller or the memory module;Or
According to the data access command, the central buffer controls data buffer from master controller or memory module
The data for receiving encryption, are decrypted by the processing module with data of the tentation data decipherment algorithm to encryption, and
The data of decryption are sent to master controller or the memory module.
In some embodiments, the step of the data of decryption are sent to the master controller or the memory module it
Before, the method also includes:
The data of the decryption are encrypted with the tentation data Encryption Algorithm, and later by the number of encryption
According to being sent to the master controller or the memory module.
In some embodiments, the tentation data Encryption Algorithm and the tentation data in the data processing module
Decipherment algorithm is arranged in Memory Controller starting.
About the more details of the application embodiment of the method, the associated description of the application Installation practice can be referred to.
It should be noted that although being in the above detailed description referred to for accessing the method for control to memory module
Several modules or submodule of several steps and Memory Controller, but this division is only exemplary and optional
Property.In fact, according to an embodiment of the present application, the feature and function of two or more above-described modules can be at one
It is embodied in module.Conversely, the feature and function of an above-described module can with further division be by multiple modules Lai
It embodies.
The those skilled in the art of the art can pass through research specification, disclosure and attached drawing and appended power
Sharp claim understands and implements other changes to the embodiment of disclosure.In the claims, word " comprising " is not excluded for it
His element and step, and wording " one ", "one" be not excluded for plural number.In the practical application of the application, a part can
The function of cited multiple technical characteristics in energy perform claim requirement.Any appended drawing reference in claim should not be construed as
Limitation to range.
Claims (36)
1. a kind of Memory Controller is coupled between memory module and master controller to control the master controller to described
The access of memory module, the Memory Controller include:
Central buffer is couple to the master controller, for receiving data access command, and coupling from the master controller
It is connected to the memory module, for providing the data access command of encryption to the memory module;Wherein, the central buffer
Including visit order processing module, with predetermined command Encryption Algorithm, the visit order processing module is used for described pre-
Determine order Encryption Algorithm the data access command to be encrypted to generate the data access command of the encryption;And
Wherein, the memory module is mutually coupled with the master controller by data channel, in the data access of the encryption
The memory module and the master controller are via the data channel interaction data under the control of order.
2. Memory Controller according to claim 1, which is characterized in that the data access command and the encryption
Data access command includes respective access address, the encryption make include in the data access command of the encryption
Access address is different from the access address in the data access command included.
3. Memory Controller according to claim 1, which is characterized in that the central buffer receiving algorithm configuration life
It enables to be configured to the predetermined command Encryption Algorithm in the visit order processing module, wherein the central buffer
Interface for receiving the algorithm configuration order is the interface or System Management Bus of visit order for receiving data
Interface.
4. Memory Controller according to claim 1, which is characterized in that described in the visit order processing module
Predetermined command Encryption Algorithm is arranged in Memory Controller starting.
5. Memory Controller according to claim 1, which is characterized in that the visit order processing module also has pre-
Determine order decipherment algorithm, the received data access command of Memory Controller is the data access command of pre-encrypt, described
Memory Controller is also used to that place is decrypted to the data access command of the pre-encrypt with the predetermined command decipherment algorithm
Reason, so that further the data access command of decryption be encrypted with the predetermined command Encryption Algorithm later.
6. Memory Controller according to claim 1, which is characterized in that the Memory Controller further include:
Data buffer is coupled in the data channel, and is couple to the central buffer with slow from the center
The data access command that device receives the encryption is rushed, thus the main control under the control of the data access command of the encryption
Device and the memory module are via the data channel interaction data including the data buffer.
7. Memory Controller according to claim 6, which is characterized in that the data buffer includes data processing mould
Block, the data processing module have at least one of tentation data Encryption Algorithm and tentation data decipherment algorithm;
The data processing module is used to receive data from the master controller or the memory module, is added with the tentation data
The data are encrypted in close algorithm, and the data of encryption are sent to the master controller or the storage mould
Block;Or
The data processing module is used to receive the data of encryption from the master controller or the memory module, with described predetermined
The data of the encryption are decrypted in data deciphering algorithm, and by the data of decryption be sent to the master controller or
The memory module.
8. Memory Controller according to claim 7, which is characterized in that the data processing module has tentation data
Encryption Algorithm and tentation data decipherment algorithm;
The data processing module is used to receive the data of pre-encrypt from the master controller, with the tentation data decipherment algorithm
The data of the pre-encrypt are decrypted, later further with the tentation data Encryption Algorithm to the data of decryption into
Row encryption, and the data of encryption are sent to the memory module.
9. Memory Controller according to claim 7, which is characterized in that the central buffer and the data buffering
Device is mutually coupled by data buffer control bus, and the data processing module is connect by the data buffer control bus
Algorithm configuration order is received, wherein the algorithm configuration order is used for the tentation data Encryption Algorithm and the tentation data solution
At least one of close algorithm is configured.
10. Memory Controller according to claim 7, which is characterized in that described pre- in the data processing module
Determine data encryption algorithm and the tentation data decipherment algorithm is arranged in Memory Controller starting.
11. Memory Controller according to claim 1, which is characterized in that the memory module and the memory control
Device processed meets JEDEC Double Data Rate Synchronous Dynamic Random Access Memory standard, when the central buffer is integrated in deposit
In clock driver.
12. a kind of Memory Controller is coupled between memory module and master controller to control the master controller to institute
The access of memory module is stated, the Memory Controller includes:
Central buffer is couple to the master controller, for receiving data access command, and coupling from the master controller
It is connected to the memory module, for providing data access command to the memory module;
Data buffer is couple to the central buffer, for receiving the data access life from the central buffer
Enable, and be coupled between the master controller and the memory module, under the control of the data access command
Interaction data between the master controller and the memory module;And
Wherein, the data buffer includes data processing module, and the data processing module has tentation data Encryption Algorithm
At least one of with tentation data decipherment algorithm;
The data processing module is used to receive data from the master controller or the memory module, is added with the tentation data
The data are encrypted in close algorithm, and the data of encryption are sent to the master controller or the storage mould
Block;Or
The data processing module is used to receive the data of encryption from the master controller or the memory module, with described predetermined
The data of the encryption are decrypted in data deciphering algorithm, and by the data of decryption be sent to the master controller or
The memory module.
13. Memory Controller according to claim 12, which is characterized in that the data processing module has predetermined number
According to Encryption Algorithm and tentation data decipherment algorithm;
The data processing module is used to receive the data of pre-encrypt from the master controller, with the tentation data decipherment algorithm
The data of the pre-encrypt are decrypted, later further with the tentation data Encryption Algorithm to the data of decryption into
Row encryption, and the data of encryption are sent to the memory module.
14. Memory Controller according to claim 12, which is characterized in that the central buffer and the data are slow
It rushes device to be mutually coupled by data buffer control bus, the data processing module passes through the data buffer control bus
Receiving algorithm configuration order, wherein the algorithm configuration order is used for the tentation data Encryption Algorithm and the tentation data
At least one of decipherment algorithm is configured.
15. Memory Controller according to claim 12, which is characterized in that described pre- in the data processing module
Determine data encryption algorithm and the tentation data decipherment algorithm is arranged in Memory Controller starting.
16. a kind of memory, including according to claim 1 to Memory Controller and memory module described in any one of 15.
17. memory according to claim 16, which is characterized in that the memory module includes volatile memory and non-
One or more of volatile memory.
18. memory according to claim 16, which is characterized in that the memory module includes one in following memories
Kind is a variety of: flash memory, reluctance type memory, phase transition storage, resistance-type memory and half floating-gate memory.
19. memory according to claim 16, which is characterized in that the memory module is multilevel interconnection structure.
20. memory according to claim 19, which is characterized in that the storage submodule of different stage in the memory module
Block is couple to central buffer by different signal wires.
21. a kind of computer system, including memory described according to claim 1 any one of 6 to 20.
22. a kind of for accessing the method for control to memory module, the memory module passes through Memory Controller and couples
It is couple to the master controller to master controller, and by data channel, the Memory Controller includes having access life
The central buffer of processing module is enabled, wherein the visit order processing module has for encrypting to data access command
The predetermined command Encryption Algorithm of processing;The described method includes:
Data access command is received by the central buffer;
The data access command is encrypted by the central buffer to generate the data access of encryption life
It enables;
The data access command of the encryption is supplied to the memory module by the central buffer;And
Via the data channel according to the data access command of the encryption the master controller and the memory module it
Between interaction data.
23. according to the method for claim 22, which is characterized in that be coupled with data buffer in the data channel.
24. according to the method for claim 22, which is characterized in that the data access command and the data of the encryption are visited
Ask that order includes respective access address, the encryption makes the access for including in the data access command of the encryption
Location is different from the access address in the data access command included.
25. according to the method for claim 22, which is characterized in that the predetermined life in the visit order processing module
Enabling Encryption Algorithm is arranged in Memory Controller starting.
26. according to the method for claim 22, which is characterized in that the visit order processing module also has predetermined command
Decipherment algorithm, the received data access command of central buffer are the data access commands of pre-encrypt, and the method is also wrapped
It includes:
The data access command is being encrypted by the central buffer to generate the data access of the encryption
Before the step of order, ordered by the central buffer with data access of the predetermined command decipherment algorithm to the pre-encrypt
Order is decrypted.
27. according to the method for claim 22, which is characterized in that the memory module includes volatile memory and Fei Yi
One or more of the property lost memory.
28. according to the method for claim 22, which is characterized in that the memory module includes one of following memories
It is or a variety of: flash memory, reluctance type memory, phase transition storage, resistance-type memory and half floating-gate memory.
29. according to the method for claim 22, which is characterized in that the memory module is multilevel interconnection structure.
30. a kind of for accessing the method for control to memory module, the memory module passes through Memory Controller and couples
To master controller, the Memory Controller includes central buffer and the data buffer with data processing module,
Described in data processing module have at least one of tentation data Encryption Algorithm and tentation data decipherment algorithm;The method
Include:
Data access command is received by the central buffer;
According to the data access command, the central buffer controls the data buffer from the master controller or described
Memory module receives data, carries out encryption to the data with the tentation data Encryption Algorithm by the data processing module
Reason, and the data of encryption are sent to the master controller or the memory module;Or
According to the data access command, the central buffer controls the data buffer from the master controller or described
Memory module receives the data of encryption, by the data processing module with the tentation data decipherment algorithm to the number of the encryption
According to being decrypted, and the data of decryption are sent to the master controller or the memory module.
31. according to the method for claim 30, which is characterized in that by the data of decryption be sent to the master controller or
Before the step of memory module, the method also includes:
The data of the decryption are encrypted with the tentation data Encryption Algorithm, and later send out the data of encryption
Give the master controller or the memory module.
32. according to the method for claim 30, which is characterized in that the tentation data in the data processing module adds
Close algorithm and the tentation data decipherment algorithm are arranged in Memory Controller starting.
33. according to the method for claim 30, which is characterized in that the memory module includes volatile memory and Fei Yi
One or more of the property lost memory.
34. according to the method for claim 30, which is characterized in that the memory module includes one of following memories
It is or a variety of: flash memory, reluctance type memory, phase transition storage, resistance-type memory and half floating-gate memory.
35. according to the method for claim 30, which is characterized in that the memory module is multilevel interconnection structure.
36. according to the method for claim 35, which is characterized in that the sub-module stored of different stage in the memory module
Central buffer is couple to by different signal wires.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US16/239,549 US10936212B2 (en) | 2018-01-04 | 2019-01-04 | Memory controller, method for performing access control to memory module |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810008762 | 2018-01-04 | ||
CN2018100087624 | 2018-01-04 | ||
CN2018100645885 | 2018-01-23 | ||
CN201810064588 | 2018-01-23 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110008148A true CN110008148A (en) | 2019-07-12 |
CN110008148B CN110008148B (en) | 2021-03-12 |
Family
ID=67164770
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810321501.8A Active CN110007849B (en) | 2018-01-04 | 2018-04-11 | Memory controller and method for access control of memory module |
CN201810929033.2A Active CN110008148B (en) | 2018-01-04 | 2018-08-15 | Memory controller and method for access control of memory module |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810321501.8A Active CN110007849B (en) | 2018-01-04 | 2018-04-11 | Memory controller and method for access control of memory module |
Country Status (1)
Country | Link |
---|---|
CN (2) | CN110007849B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110007849A (en) * | 2018-01-04 | 2019-07-12 | 澜起科技股份有限公司 | Memory Controller and for accessing the method for control to memory module |
US10936212B2 (en) | 2018-01-04 | 2021-03-02 | Montage Technology Co., Ltd. | Memory controller, method for performing access control to memory module |
US10983711B2 (en) | 2018-01-04 | 2021-04-20 | Montage Technology Co., Ltd. | Memory controller, method for performing access control to memory module |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1536311A1 (en) * | 2003-11-28 | 2005-06-01 | Bull S.A. | Modular cryptographic system with high flow rate |
CN103154963A (en) * | 2010-10-05 | 2013-06-12 | 惠普发展公司,有限责任合伙企业 | Scrambling an address and encrypting write data for storing in a storage device |
US20150235056A1 (en) * | 2012-02-28 | 2015-08-20 | Samsung Electronics Co., Ltd. | Storage device and memory controller thereof |
CN105868125A (en) * | 2015-01-23 | 2016-08-17 | 澜起科技(上海)有限公司 | Buffer memory as well as apparatus and method used for controlling internal memory data access |
CN110007849A (en) * | 2018-01-04 | 2019-07-12 | 澜起科技股份有限公司 | Memory Controller and for accessing the method for control to memory module |
-
2018
- 2018-04-11 CN CN201810321501.8A patent/CN110007849B/en active Active
- 2018-08-15 CN CN201810929033.2A patent/CN110008148B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1536311A1 (en) * | 2003-11-28 | 2005-06-01 | Bull S.A. | Modular cryptographic system with high flow rate |
CN103154963A (en) * | 2010-10-05 | 2013-06-12 | 惠普发展公司,有限责任合伙企业 | Scrambling an address and encrypting write data for storing in a storage device |
US20150235056A1 (en) * | 2012-02-28 | 2015-08-20 | Samsung Electronics Co., Ltd. | Storage device and memory controller thereof |
CN105868125A (en) * | 2015-01-23 | 2016-08-17 | 澜起科技(上海)有限公司 | Buffer memory as well as apparatus and method used for controlling internal memory data access |
CN110007849A (en) * | 2018-01-04 | 2019-07-12 | 澜起科技股份有限公司 | Memory Controller and for accessing the method for control to memory module |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110007849A (en) * | 2018-01-04 | 2019-07-12 | 澜起科技股份有限公司 | Memory Controller and for accessing the method for control to memory module |
US10936212B2 (en) | 2018-01-04 | 2021-03-02 | Montage Technology Co., Ltd. | Memory controller, method for performing access control to memory module |
CN110007849B (en) * | 2018-01-04 | 2021-03-12 | 澜起科技股份有限公司 | Memory controller and method for access control of memory module |
US10983711B2 (en) | 2018-01-04 | 2021-04-20 | Montage Technology Co., Ltd. | Memory controller, method for performing access control to memory module |
Also Published As
Publication number | Publication date |
---|---|
CN110007849B (en) | 2021-03-12 |
CN110007849A (en) | 2019-07-12 |
CN110008148B (en) | 2021-03-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9489540B2 (en) | Memory controller with encryption and decryption engine | |
US9483664B2 (en) | Address dependent data encryption | |
US9904804B2 (en) | Layout-optimized random mask distribution system and method | |
US10936212B2 (en) | Memory controller, method for performing access control to memory module | |
CN110007850A (en) | Memory Controller and method for accessing to memory module | |
CN110008148A (en) | Memory Controller and for accessing the method for control to memory module | |
CN104364760B (en) | Using the parallel computation of multiple memory devices | |
US20120030421A1 (en) | Maintaining states for the request queue of a hardware accelerator | |
US11481337B2 (en) | Securing data direct I/O for a secure accelerator interface | |
US20170093823A1 (en) | Encrypting Observable Address Information | |
US10146701B2 (en) | Address-dependent key generation with a substitution-permutation network | |
US20200241768A1 (en) | Configurable security memory region | |
CN104115230A (en) | Efficient PCMS refresh mechanism background | |
US10983711B2 (en) | Memory controller, method for performing access control to memory module | |
KR102588600B1 (en) | Data Storage Device and Operation Method Thereof, Storage System Having the Same | |
US11050569B2 (en) | Security memory scheme | |
US20230325326A1 (en) | Memory encryption | |
US11907120B2 (en) | Computing device for transceiving information via plurality of buses, and operating method of the computing device | |
US11636046B1 (en) | Latency free data encryption and decryption between processor and memory | |
CN109753821A (en) | data access device and method | |
US11288406B1 (en) | Fast XOR interface with processor and memory | |
US11226768B2 (en) | Memory controller and method for accessing memory module | |
KR20200059494A (en) | Memory system | |
US20230133922A1 (en) | Electroinc devices and electroinc systems for transmitting bit stream including programming data | |
CN113448891B (en) | Memory controller and method for monitoring access to memory modules |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |