CN110069934A - Storage system, host system verification method and memory storage apparatus - Google Patents
Storage system, host system verification method and memory storage apparatus Download PDFInfo
- Publication number
- CN110069934A CN110069934A CN201810062088.8A CN201810062088A CN110069934A CN 110069934 A CN110069934 A CN 110069934A CN 201810062088 A CN201810062088 A CN 201810062088A CN 110069934 A CN110069934 A CN 110069934A
- Authority
- CN
- China
- Prior art keywords
- information
- host system
- storage apparatus
- encryption
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/606—Protecting data by securing the transmission between two devices or processes
Abstract
It includes host system and memory storage apparatus that one example of the present invention embodiment, which provides a kind of storage system, host system verification method and memory storage apparatus, storage system,.In the first handshake operation, the first encryption information for corresponding to the first verification information is sent to host system by memory storage apparatus, and the second encryption information for corresponding to the first verification information is sent to memory storage apparatus by host system.In the second handshake operation, the third encryption information for corresponding to the second verification information is sent to host system by memory storage apparatus, and the 4th encryption information for corresponding to third verification information is sent to memory storage apparatus based on third encryption information by host system.Third verification information is to be encrypted in the data transmitted between host system and memory storage apparatus in developer instructs the transmission stage.
Description
Technical field
The present invention relates to a kind of encryption communication technology more particularly to a kind of storage systems, host system authentication
Method and memory storage apparatus.
Background technique
Digital camera, mobile phone and MP3 player are very rapid in growth over the years, so that consumer is to storage
The demand of media also rapidly increases.Due to reproducible nonvolatile memorizer module (rewritable non-volatile
Memory module) (for example, flash memory) have data non-volatile, power saving, small in size, and without mechanical structure etc.
Characteristic, so being very suitable to be built into above-mentioned illustrated various portable multimedia devices.
Before memory storage apparatus factory or when memory storage apparatus sends genuine maintenance back to, developer be can be used
Developer's tool that genuine provides instructs to assign developer to memory storage apparatus, to be instructed by developer to memory
Storage device executes the system updates operation such as parameter update or firmware update.However, most of memory storage apparatus only pass through
Developer's tool of simple password authentification host system.Therefore, once attacker obtains this password, then attacker can be easily
Personation developer alters the system parameter of memory storage apparatus or steals data.
Summary of the invention
The present invention provides a kind of storage system, host system verification method and memory storage apparatus, can enhance
Verifying ability of the memory storage apparatus to host system.
One example of the present invention embodiment provides a kind of storage system comprising host system and memory store
Device.The memory storage apparatus is electrically connected to the host system.In the first handshake operation, the memory storage
Device is sent to the host system will correspond to the first encryption information of the first verification information, the host system to
The second encryption information for corresponding to first verification information is sent to the memory storage apparatus, and the memory is deposited
Storage device verifies whether executable second handshake operation of the host system using second encryption information.It is handed over described second
It holds in operation, the memory storage apparatus is to be sent to the master for the third encryption information for corresponding to the second verification information
Machine system, fourth encryption information of the host system third verification information will be corresponded to based on the third encryption information
It is sent to the memory storage apparatus, and the memory storage apparatus verifies the host using the 4th encryption information
The whether executable developer of system instructs the transmission stage.The third verification information is to instruct the transmission stage in the developer
In be encrypted in the data transmitted between the host system and the memory storage apparatus.
In one example of the present invention embodiment, before entering first handshake operation, the host system is also used
The first golden key information is generated with dynamic and corresponds to the second golden key information of the first golden key information, and the host system is also
The first golden key information is provided to the memory storage apparatus.
In one example of the present invention embodiment, in first handshake operation, the memory storage apparatus is also used
To generate first encryption information based on the first golden key information and first verification information, and the host system is also
To generate second encryption information based on the second golden key information and first encryption information.
In one example of the present invention embodiment, in first handshake operation, the memory storage apparatus is also used
To generate the first comparison information, and the memory storage apparatus based on the first golden key information and second encryption information
Also to verify the host system according to first verification information and first comparison information.
In one example of the present invention embodiment, in second handshake operation, the memory storage apparatus is also used
To generate the third encryption information based on the first golden key information and second verification information, and the host system is also
To obtain second verification information based on the second golden key information and the third encryption information.
In one example of the present invention embodiment, in second handshake operation, the host system is also to be based on
Second verification information generates the third verification information, and the host system is also to be based on second verification information
The 4th encryption information is generated with the third verification information.
In one example of the present invention embodiment, in second handshake operation, the memory storage apparatus is also used
To generate the third verification information based on second verification information, and the memory storage apparatus is also to based on described
Third verification information and the 4th encryption information generate the second comparison information.The memory storage apparatus is also to according to institute
It states the second verification information and second comparison information verifies the host system.
In one example of the present invention embodiment, second handshake operation is in the host system by described first
It is executed after the verifying of handshake operation.
In one example of the present invention embodiment, it is to pass through institute in the host system that the developer, which instructs the transmission stage,
Enter after stating the first handshake operation and the verifying of second handshake operation.
In one example of the present invention embodiment, the host system includes developer's implementing procedure, developer's work
Tool program is to execute first handshake operation and second handshake operation and instruct in the transmission stage in the developer
Developer's instruction is generated, wherein developer instruction is to indicate that the memory storage apparatus executes system operatio.
In one example of the present invention embodiment, developer's implementing procedure is opened via developer's tool loader
Dynamic, developer's implementing procedure is stored in the hiding memory block of the host system, and developer's tool loader
It is stored in the open storage area of the host system.
In one example of the present invention embodiment, the hiding memory block is all deposited positioned at circumscribed with the open storage area
In storage device, and the external storage device is electrically connected to the host system pluggablely.
Another example of the present invention embodiment provides a kind of host system verification method, is used for memory storage apparatus,
The host system verification method includes: that will correspond to the first verification information in the first handshake operation with host system
First encryption information is sent to the host system, receives from the host system and corresponds to the second of first verification information
Encryption information, and whether executable second handshake operation of the host system is verified using second encryption information;With institute
It states in second handshake operation of host system, the third encryption information for corresponding to the second verification information is sent to the master
Machine system receives the 4th encryption information for corresponding to third verification information from the host system, and utilizes the 4th encryption
The whether executable developer of host system described in Information Authentication instructs the transmission stage;And the transmission stage is instructed in the developer
In, it is instructed according to third verification information parsing to the received developer of the host system.
In one example of the present invention embodiment, the host system verification method further include: entering described first
Before handshake operation, the first golden key information is stored, wherein the second golden key information for corresponding to the first golden key information is stored in
The host system.
In one example of the present invention embodiment, the host system verification method further include: hand over and hold described first
In operation, first encryption information is generated based on the first golden key information and first verification information.
In one example of the present invention embodiment, the host system verification method further include: hand over and hold described first
In operation, the first comparison information is generated based on the first golden key information and second encryption information;And according to described
One verification information and first comparison information verify the host system.
In one example of the present invention embodiment, the host system verification method further include: hand over and hold described second
In operation, the third encryption information is generated based on the first golden key information and second verification information.
In one example of the present invention embodiment, the host system verification method further include: hand over and hold described second
In operation, the third verification information is generated based on second verification information;Based on the third verification information and described the
Four encryption information generate the second comparison information;And according to second verification information and second comparison information verifying
Host system.
In one example of the present invention embodiment, the first golden key information belongs to asymmetric with the second golden key information
Formula key pair.
Another example of the present invention embodiment provides a kind of memory storage apparatus comprising connecting interface unit can answer
Write formula non-volatile memory module and memorizer control circuit unit.The connecting interface unit is electrically connected to host
System.The reproducible nonvolatile memorizer module includes multiple solid elements.The memorizer control circuit unit electricity
Property is connected to the connecting interface unit and the reproducible nonvolatile memorizer module.The memorizer control circuit list
Member is in the first handshake operation with the host system, the first encryption information for corresponding to the first verification information to be transmitted
To the host system, the second encryption information for corresponding to first verification information is received from the host system, and is utilized
Second encryption information verifies whether executable second handshake operation of the host system.The memorizer control circuit unit
Also the third encryption information of the second verification information will be corresponded in second handshake operation with the host system
It is sent to the host system, the 4th encryption information for corresponding to third verification information is received from the host system, and utilize
4th encryption information verifies the whether executable developer of the host system and instructs the transmission stage.It is instructed in the developer
In the transmission stage, the memorizer control circuit unit also to according to third verification information parsing to the host system
The received developer that unites instructs.
In one example of the present invention embodiment, before entering first handshake operation, the memory control electricity
Road unit also to store the first golden key information, and the second golden key information for corresponding to the first golden key information be stored in it is described
Host system.
In one example of the present invention embodiment, in first handshake operation, the memorizer control circuit unit
Also to generate first encryption information based on the first golden key information and first verification information.
In one example of the present invention embodiment, in first handshake operation, the memorizer control circuit unit
Also to generate the first comparison information with second encryption information based on the first golden key information and be tested according to described first
It demonstrate,proves information and first comparison information verifies the host system.
In one example of the present invention embodiment, in second handshake operation, the memorizer control circuit unit
Also to generate the third encryption information based on the first golden key information and second verification information.
In one example of the present invention embodiment, in second handshake operation, the memorizer control circuit unit
Also to generate the third verification information based on second verification information.The memorizer control circuit unit is also to base
In the third verification information and the 4th encryption information generate the second comparison information and according to second verification information with
Second comparison information verifies the host system.
In one example of the present invention embodiment, the first golden key information belongs to asymmetric with the second golden key information
Formula key pair.
In one example of the present invention embodiment, the host system in the developer instruct the transmission stage in use with
With the memory storage apparatus link up instruction set be different from the host system in the universal command transmission stage use with
The instruction set linked up with the memory storage apparatus.
In one example of the present invention embodiment, the Encryption Algorithm that the third encryption information uses is strong to the protection of data
Degree is higher than the Encryption Algorithm used with the 4th encryption information to the protection intensity of the data.
Another example of the present invention embodiment provides a kind of memory storage apparatus comprising connecting interface unit can answer
Write formula non-volatile memory module and memorizer control circuit unit.The connecting interface unit is electrically connected to host
System.The reproducible nonvolatile memorizer module includes multiple solid elements.The memorizer control circuit unit electricity
Property is connected to the connecting interface unit and the reproducible nonvolatile memorizer module.The memorizer control circuit list
Member is to verify the host system according to the first verification information in the first handshake operation with the host system.It is described to deposit
Memory control circuit unit is also to verify institute according to the second verification information in the second handshake operation with the host system
State host system.It is instructed in the transmission stage in developer, the memorizer control circuit unit is to according to third verification information
Parsing is instructed to the received developer of the host system.First verification information, second verification information and described
Third verification information is different.
Based on above-mentioned, memory storage apparatus can verify master by different verification informations at least two handshake operations
Machine system, and the information transmitted in handshake operation is all by encryption.In addition, memory storage apparatus can pass through with host system
The handshake operation exchange is instructed in developer for encrypting and/or parsing the verification information of developer's instruction in the transmission stage,
To enhance memory storage apparatus to the verifying ability of host system.
To make the foregoing features and advantages of the present invention clearer and more comprehensible, special embodiment below, and it is detailed to cooperate attached drawing to make
Carefully it is described as follows.
Detailed description of the invention
Fig. 1 is host system, memory storage apparatus and input shown by an exemplary embodiment according to the present invention/defeated
The schematic diagram of (I/O) device out.
Fig. 2 is host system shown by another exemplary embodiment according to the present invention, memory storage apparatus and I/O dress
The schematic diagram set.
Fig. 3 is the signal of host system and memory storage apparatus shown by another exemplary embodiment according to the present invention
Figure.
Fig. 4 is the schematic block diagram of memory storage apparatus shown by an exemplary embodiment according to the present invention.
Fig. 5 is the schematic block diagram of memorizer control circuit unit shown by an exemplary embodiment according to the present invention.
Fig. 6 is management reproducible nonvolatile memorizer module shown by an exemplary embodiment according to the present invention
Schematic diagram.
Fig. 7 is the schematic diagram of the storage media of host system shown by an exemplary embodiment according to the present invention.
Fig. 8 is the operation of the preparation stage of host system verification method shown by an exemplary embodiment according to the present invention
Time diagram.
Fig. 9 is the first handshake operation of host system verification method shown by an exemplary embodiment according to the present invention
Operation timing schematic diagram.
Figure 10 is the second handshake operation of host system verification method shown by an exemplary embodiment according to the present invention
Operation timing schematic diagram.
Figure 11 is that the developer of host system verification method shown by an exemplary embodiment according to the present invention instructs biography
The operation timing schematic diagram in defeated stage.
Figure 12 is the schematic diagram of storage system shown by an exemplary embodiment according to the present invention.
Figure 13 is the schematic diagram of storage system shown by another exemplary embodiment according to the present invention.
Description of symbols
10,30,1210,1310 (1)~1310 (N): memory storage apparatus;
11,31,1211,1301,1311 (1)~1311 (N): host system;
110: system bus;
111: processor;
112: random access memory;
113: read-only memory;
114: data transmission interface;
12: input/output (I/O) device;
20: motherboard;
201:U disk;
202: storage card;
203: solid state hard disk;
204: radio memory storage device;
205: GPS module;
206: network interface card;
207: radio transmitting device;
208: keyboard;
209: screen;
210: loudspeaker;
32:SD card;
33:CF card;
34: embedded storage device;
341: embedded multi-media card;
342: embedded type multi-core piece sealed storage device;
402: connecting interface unit;
404: memorizer control circuit unit;
406: reproducible nonvolatile memorizer module;
502: memory management circuitry;
504: host interface;
506: memory interface;
508: error checking and correcting circuit;
510: buffer storage;
512: electric power management circuit;
513,514: verifying circuit;
601: memory block;
602: replacement area;
610 (0)~610 (B): solid element;
612 (0)~612 (C): logic unit;
710: storage media;
711: hiding memory block;
712: open memory block;
721: hardware encryption module;
722: authentication module;
723: developer's implementing procedure;
731: developer's tool loader;
S801: step (dynamic generates PbKey and PvKey);
S802: step (provides PbKey);
S803: step (storage PbKey);
S901: step (starting developer's implementing procedure);
S902: step (notice executes the first handshake operation);
S903: step (dynamic generates Cert);
S904: step (generates CI1 based on PbKey and Cert);
S905: step (transmission CI1);
S906: step (generates CI2 based on PvKey and CI1);
S907: step (transmission CI2);
S908: step (generates Cert ' based on PbKey and CI2);
S909: step (compares Cert and Cert ');
S1001: step (notice executes the second handshake operation);
S1002: step (dynamic generates RN);
S1003: step (generates CI3 based on PbKey and RN);
S1004: step (transmission CI3);
S1005: step (obtains RN based on Pvkey and CI3);
S1006: step (generates SKey based on RN);
S1007: step (generates SKey based on RN);
S1008: step (generates CI4 based on RN and SKey);
S1009: step (transmission CI4);
S1010: step (generates RN ' based on SKey and CI4);
S1011: step (compares RN and RN ');
S1101: step (encrypts developer's instruction according to SKey);
S1102: step (developer's instruction that transmission has encrypted);
S1103: step (instructs) according to the developer that SKey parsing has encrypted;
1200,1300: external storage device.
Specific embodiment
In general, memory storage apparatus (also referred to as, storage system) includes duplicative non-volatile memories
Device module (rewritable non-volatile memory module) and controller (also referred to as, control circuit).It is commonly stored
Device storage device is used together with host system, so that host system can write data into memory storage apparatus or from depositing
Data are read in reservoir storage device.
Fig. 1 is host system, memory storage apparatus and input shown by an exemplary embodiment according to the present invention/defeated
The schematic diagram of (I/O) device out.Fig. 2 is that host system shown by another exemplary embodiment according to the present invention, memory are deposited
The schematic diagram of storage device and I/O device.
Fig. 1 and Fig. 2 are please referred to, host system 11 generally comprises processor 111, random access memory (random
Access memory, RAM) 112, read-only memory (read only memory, ROM) 113 and data transmission interface 114.Place
Reason device 111, random access memory 112, read-only memory 113 and data transmission interface 114 are all electrically connected to system bus
(system bus)110。
In this exemplary embodiment, host system 11 is by 10 electricity of data transmission interface 114 and memory storage apparatus
Property connection.For example, host system 11 can store data to memory storage apparatus 10 via data transmission interface 114 or from depositing
Data are read in reservoir storage device 10.In addition, host system 11 is electrically connected by system bus 110 and I/O device 12.
For example, output signal can be sent to I/O device 12 via system bus 110 or received from I/O device 12 defeated by host system 11
Enter signal.
In this exemplary embodiment, processor 111, random access memory 112, read-only memory 113 and data transmission
Interface 114 may be provided on the motherboard 20 of host system 11.The number of data transmission interface 114 can be one or more.It is logical
Data transmission interface 114 is crossed, motherboard 20 can be electrically connected to memory storage apparatus 10 via wired or wireless way.It deposits
Reservoir storage device 10 can be for example USB flash disk 201, storage card 202, solid state hard disk (Solid State Drive, SSD) 203 or nothing
Linear memory storage device 204.Radio memory storage device 204 can be for example close range wireless communication (Near Field
Communication, NFC) memory storage apparatus, radio facsimile (WiFi) memory storage apparatus, bluetooth (Bluetooth)
Memory storage apparatus or low-power consumption bluetooth memory storage apparatus (for example, iBeacon) etc. are with various wireless communication technique
The memory storage apparatus on basis.In addition, motherboard 20 can also be electrically connected to global positioning system by system bus 110
(Global Positioning System, GPS) module 205, network interface card 206, radio transmitting device 207, keyboard 208,
The various I/O device such as screen 209, loudspeaker 210.For example, motherboard 20 can pass through radio transmitting device in an exemplary embodiment
207 access wireless memory storage apparatus 204.
In an exemplary embodiment, mentioned host system is substantially to cooperate with memory storage apparatus to store
The arbitrary system of data.Although host system is explained with computer system, however, Fig. 3 is in above-mentioned exemplary embodiment
The schematic diagram of host system and memory storage apparatus shown by another exemplary embodiment according to the present invention.Referring to figure 3.,
In another exemplary embodiment, host system 31 is also possible to digital camera, video camera, communication device, audio player, video
The systems such as player or tablet computer, and memory storage apparatus 30 can be its used secure digital (Secure
Digital, SD) card 32, compact flash (Compact Flash, CF) block 33 or embedded storage device 34 etc. it is various non-volatile
Property memory storage apparatus.Embedded storage device 34 includes embedded multi-media card (embedded Multi Media
Card, eMMC) 341 and/or embedded type multi-core piece encapsulate (embedded Multi Chip Package, eMCP) storage device
Embedded storage device on all types of substrates that memory module is directly electrically connected to host system such as 342.
Fig. 4 is the schematic block diagram of memory storage apparatus shown by an exemplary embodiment according to the present invention.
Referring to figure 4., memory storage apparatus 10 include connecting interface unit 402, memorizer control circuit unit 404 with
Reproducible nonvolatile memorizer module 406.
Connecting interface unit 402 is to be electrically connected to host system 11 for memory storage apparatus 10.In this example reality
It applies in example, connecting interface unit 402 is to be compatible to Serial Advanced Technology Attachment (Serial Advanced Technology
Attachment, SATA) standard.However, it is necessary to be appreciated that, the invention is not limited thereto, and connecting interface unit 402 is also possible to
Meet parallel advanced technology annex (Parallel Advanced Technology Attachment, PATA) standard, it is electrical and
Electronic Engineering Association (Institute of Electrical and Electronic Engineers, IEEE) 1394 marks
Quasi-, high-speed peripheral component connecting interface (Peripheral Component Interconnect Express, PCI
Express) standard, universal serial bus (Universal Serial Bus, USB) standard, SD interface standard, a ultrahigh speed generation
(Ultra High Speed-I, UHS-I) interface standard, two generation of ultrahigh speed (Ultra High Speed-II, UHS-II) interface
Standard, MCP interface standard, MMC interface standard, eMMC interface standard, is led at memory stick (Memory Stick, MS) interface standard
With flash memory (Universal Flash Storage, UFS) interface standard, eMCP interface standard, CF interface standard, whole
Box-like driving electrical interface (Integrated Device Electronics, IDE) standard or other suitable standards.Connection
Interface unit 402 can be encapsulated in memorizer control circuit unit 404 in a chip or connecting interface unit 402 is cloth
Outside a chip comprising memorizer control circuit unit 404.
Memorizer control circuit unit 404 is to execute multiple logic gates or control with hardware pattern or firmware pattern implementation
System instructs and carries out writing for data in reproducible nonvolatile memorizer module 406 according to the instruction of host system 11
The running such as enter, read and erase.
Reproducible nonvolatile memorizer module 406 is electrically connected to memorizer control circuit unit 404 and uses
The data being written with host system 11.Reproducible nonvolatile memorizer module 406 can be single-order storage unit
(Single Level Cell, SLC) NAND type flash memory module is (that is, can store 1 bit in a storage unit
Flash memory module), multi-level cell memory (Multi Level Cell, MLC) NAND type flash memory module is (that is, one
The flash memory module of 2 bits can be stored in a storage unit), Complex Order storage unit (Triple Level Cell,
TLC) NAND type flash memory module (that is, flash memory module that 3 bits can be stored in a storage unit), other
Flash memory module or other memory modules with the same characteristics.
Each of reproducible nonvolatile memorizer module 406 storage unit (is hereinafter also referred to faced with voltage
Boundary's voltage) change store one or more bits.Specifically, the control grid (control of each storage unit
Gate) there is an electric charge capture layer between channel.By bestowing a write-in voltage to controlling grid, thus it is possible to vary charge benefit is caught
The amount of electrons of layer, and then change the critical voltage of storage unit.This change storage unit critical voltage operation be also referred to as "
Data are written to storage unit " or " sequencing (programming) storage unit ".With the change of critical voltage, can make carbon copies
Each of formula non-volatile memory module 406 storage unit has multiple storage states.It can by bestowing reading voltage
To judge a storage unit is which storage state belonged to, one or more ratios that this storage unit is stored are obtained whereby
It is special.
In this exemplary embodiment, the storage unit of reproducible nonvolatile memorizer module 406 can constitute multiple realities
Body programmed cell, and these entity program units can constitute multiple entity erased cells.Specifically, same wordline
On storage unit can form one or more entity program units.If each storage unit can store 2 or more bits,
Then the entity program unit in same wordline can at least be classified as lower entity program unit and upper entity program list
Member.For example, the minimum effective bit (Least Significant Bit, LSB) of a storage unit is to belong to lower entity program
Unit, and the highest significant bit (Most Significant Bit, MSB) of a storage unit is to belong to entity program
Unit.In general, in MLC NAND type flash memory, the writing speed of lower entity program unit can be greater than upper entity
What the reliability of the writing speed of programmed cell and/or lower entity program unit was above entity program unit can
By degree.
In this exemplary embodiment, entity program unit is the minimum unit of sequencing.That is, entity program unit is
The minimum unit of data is written.For example, entity program unit is physical page (page) or entity fan (sector).If real
Body programmed cell is physical page, then these entity program units generally include data bit area and redundancy
(redundancy) bit area.Data bit area is fanned comprising multiple entities, and to store user's data, and redundancy ratio special zone is used
With memory system data (for example, error correcting code etc. manages data).In this exemplary embodiment, data bit area includes 32
Entity fan, and the size of entity fan is 512 bit groups (byte, B).However, in other exemplary embodiments, data bit
It also may include 8,16 or the more or fewer entity fans of number in area, and the size of each entity fan is also possible to more
It is big or smaller.On the other hand, entity erased cell is the minimum unit erased.That is, each entity erased cell contains minimum
The storage unit of number being erased together.For example, entity erased cell is physical blocks (block).
Fig. 5 is the schematic block diagram of memorizer control circuit unit shown by an exemplary embodiment according to the present invention.
Referring to figure 5., memorizer control circuit unit 404 includes memory management circuitry 502, host interface 504 and deposits
Memory interface 506.
Overall operation of the memory management circuitry 502 to control memorizer control circuit unit 404.Specifically, it deposits
Reservoir, which manages circuit 502, has multiple control instructions, and when memory storage apparatus 10 operates, these control instructions can quilt
It executes the running such as to carry out the write-in of data, read and erase.It is equivalent when illustrating the operation of memory management circuitry 502 below
In the operation for illustrating memorizer control circuit unit 404.
In this exemplary embodiment, the control instruction of memory management circuitry 502 is to carry out implementation with firmware pattern.For example,
Memory management circuitry 502 has microprocessor unit (not shown) and read-only memory (not shown), and these controls refer to
Order is programmed in so far read-only memory.When memory storage apparatus 10 operates, these control instructions can be by microprocessor
Unit is executed the running such as to carry out the write-in of data, read and erase.
In another exemplary embodiment, the control instruction of memory management circuitry 502 can also be stored in procedure code pattern
The specific region of reproducible nonvolatile memorizer module 406 is (for example, be exclusively used in storage system data in memory module
System area) in.In addition, memory management circuitry 502 have microprocessor unit (not shown), read-only memory (not shown) and
Random access memory (not shown).In particular, this read-only memory has boot code (boot code), and work as memory
When control circuit unit 404 is enabled, microprocessor unit can first carry out this boot code, and will to be stored in duplicative non-volatile
Control instruction in property memory module 406 is loaded into the random access memory of memory management circuitry 502.Later, micro-
Processor unit such as can operate these control instructions to carry out the write-in of data, read and erase at the running.
In addition, the control instruction of memory management circuitry 502 can also be come in another exemplary embodiment with a hardware pattern
Implementation.For example, memory management circuitry 502 includes microcontroller, Storage Unit Management circuit, memory write circuit, storage
Device reading circuit, memory are erased circuit and data processing circuit.Storage Unit Management circuit, memory write circuit, storage
Device reading circuit, memory erase circuit and data processing circuit is electrically connected to microcontroller.Storage Unit Management circuit
To manage storage unit or its group of reproducible nonvolatile memorizer module 406.Memory write circuit is to right
Reproducible nonvolatile memorizer module 406 assigns write instruction sequence to write data into duplicative is non-volatile and deposit
In memory modules 406.Memory reading circuitry is to assign reading sequence of instructions to reproducible nonvolatile memorizer module 406
Column are to read data from reproducible nonvolatile memorizer module 406.Memory erases circuit to non-to duplicative
Volatile 406 assign erase instruction sequence with by data from reproducible nonvolatile memorizer module 406
It erases.Data processing circuit is intended to be written data to reproducible nonvolatile memorizer module 406 and from can to handle
The data read in manifolding formula non-volatile memory module 406.Write instruction sequence reads instruction sequence and sequence of instructions of erasing
Column can be distinctly including one or more procedure codes or instruction code and to indicate that reproducible nonvolatile memorizer module 406 is held
Row corresponding write-in such as reads and erases at the operation.In an exemplary embodiment, memory management circuitry 502 can also be assigned
Other kinds of instruction sequence indicates to execute corresponding operation to reproducible nonvolatile memorizer module 406.
Host interface 504 is electrically connected to memory management circuitry 502 and to receive and identification host system 11
The instruction and data transmitted.That is, the instruction that host system 11 is transmitted can be passed with data by host interface 504
It send to memory management circuitry 502.In this exemplary embodiment, host interface 504 is to be compatible to SATA standard.However, it is necessary to
It is appreciated that the invention is not limited thereto, host interface 504 is also possible to be compatible to PATA standard, 1394 standard of IEEE, PCI
Express standard, USB standard, SD standard, UHS-I standard, UHS-II standard, MS standard, MMC standard, eMMC standard, UFS mark
Standard, CF standard, IDE standard or other suitable data transmission standards.
Memory interface 506 is electrically connected to memory management circuitry 502 and non-volatile to access duplicative
Property memory module 406.That is, the data for being intended to be written to reproducible nonvolatile memorizer module 406 can be via depositing
Memory interface 506 is converted to the 406 receptible format of institute of reproducible nonvolatile memorizer module.Specifically, if storage
Device management circuit 502 will access reproducible nonvolatile memorizer module 406, and memory interface 506 can transmit corresponding finger
Enable sequence.For example, the reading that these instruction sequences may include the write instruction sequence of instruction write-in data, instruction reading data refers to
Enable sequence, instruction erase data erase instruction sequence and to indicate various storage operations (for example, change read electricity
Press level or execute garbage collection operation etc.) corresponding instruction sequence.These instruction sequences are, for example, by memory pipe
Reason circuit 502 generates and is sent to reproducible nonvolatile memorizer module 406 by memory interface 506.These refer to
Enabling sequence may include one or more signals, or the data in bus.These signals or data may include instruction code or program
Code.For example, will include the information such as identification code, the storage address of reading in reading instruction sequence.
In an exemplary embodiment, memorizer control circuit unit 404 further includes error checking and correcting circuit 508, delays
Rush memory 510 and electric power management circuit 512.
Error checking and correcting circuit 508 are electrically connected to memory management circuitry 502 and to execute wrong inspection
It looks into and correct operation is to ensure the correctness of data.Specifically, when memory management circuitry 502 is received from host system 11
When to write instruction, error checking can be the corresponding error correction of data generation of this corresponding write instruction with correcting circuit 508
Code (error correcting code, ECC) and/or error checking code (error detecting code, EDC), and deposit
Reservoir manages circuit 502 and the data of this corresponding write instruction can be written with corresponding error correcting code and/or error checking code
Into reproducible nonvolatile memorizer module 406.Later, when memory management circuitry 502 is non-volatile from duplicative
The corresponding error correcting code of this data and/or error checking code can be read simultaneously when reading data in memory module 406, and
Error checking and correcting circuit 508 can execute mistake to read data according to this error correcting code and/or error checking code
Inspection and correct operation.
Buffer storage 510 is electrically connected to memory management circuitry 502 and is configured to temporarily store from host system
11 data and instruction or the data from reproducible nonvolatile memorizer module 406.Electric power management circuit 512 is electricity
Property is connected to memory management circuitry 502 and the power supply to control memory storage apparatus 10.
In an exemplary embodiment, memorizer control circuit unit 404 further includes verifying circuit 513 and 514.Verify circuit
513 and 514 are all electrically connected to memory management circuitry 502 and all support the encryption and decryption of data.In this exemplary embodiment
In, verifying circuit 513 is verified circuit 514 and is then added using advanced using asymmetrics (asymmetric) Encryption Algorithm such as RSA
The symmetry encryptions algorithms such as Data Encryption Standard (Advanced Encryption Standard, AES).However, implementing in another example
In example, verifying circuit 513 and 514 can all support other kinds of Encryption Algorithm, as long as verifying circuit 513 and 514 is not using
Same Encryption Algorithm.In addition, verifying circuit 513 and 514 also can be set in memory pipe in another exemplary embodiment
502 inside of reason circuit is implemented in a manner of software/firmware.
Fig. 6 is management reproducible nonvolatile memorizer module shown by an exemplary embodiment according to the present invention
Schematic diagram.
Fig. 6 is please referred to, memory management circuitry 502 can be by the entity list of reproducible nonvolatile memorizer module 406
First 610 (0)~610 (B) are logically grouped to memory block 601 and replacement area 602.Solid element 610 (0) in memory block 601
~610 (A) are that the solid element 610 (A+1)~610 (B) to storing data, and in replacement area 602 is deposited to replace
The solid element damaged in storage area 601.For example, if the data read from some solid element the mistake that is included it is excessive and
When can not be corrected, this solid element can be considered to be the solid element of damage.It is noted that if not having in replacement area 602
Available entity erased cell, then whole memory storage device 10 may be declared as being written by memory management circuitry 502
(write protect) state of protection, and data can not be written again.
In this exemplary embodiment, each solid element refers to an entity erased cell.However, real in another example
Apply in example, a solid element may also mean that a physical address, an entity program unit or by it is multiple continuously or not
Continuous physical address composition.The meeting of memory management circuitry 502 configuration logic unit 612 (0)~612 (C) is with mapped memory region
Solid element 610 (0)~610 (A) in 601.In this exemplary embodiment, each logic unit refer to one logically
Location.However, a logic unit may also mean that a logical program unit, a logic in another exemplary embodiment
Erased cell is made of multiple continuous or discontinuous logical addresses.In addition, in logic unit 612 (0)~612 (C)
Each can be mapped to one or more solid elements.
In this exemplary embodiment, memory management circuitry 502 can close the mapping between logic unit and solid element
System's (also referred to as logic-physical address mapping relations) is recorded at least one logic-physical address mapping table.When host system 11 is intended to
When reading data from memory storage apparatus 10 or write data to memory storage apparatus 10, memory management circuitry 502 can
The data access operation for memory storage apparatus 10 is executed according to this logic-physical address mapping table.
In this exemplary embodiment, host system 11 is equipped with developer's implementing procedure, and host system 11 can pass through this
Developer's implementing procedure is assigned developer and is instructed to memory storage apparatus 10, to indicate that it is specific that memory storage apparatus 10 executes
System operatio.It is noted that before memory storage apparatus 10 receives developer's instruction, 10 meeting of memory storage apparatus
Host system 11 is verified by least two handshake operations, with confirm host system 11 whether be developer's implementing procedure conjunction
Whether method owner, and/or confirmation host system 11 use legal developer's implementing procedure.
It include the first handshake operation and the second friendship for verifying the handshake operation of host system 11 in this exemplary embodiment
Hold operation.Second handshake operation is executed after the verifying that host system 11 passes through the first handshake operation.It is logical in host system 11
After crossing the verifying of the first handshake operation and the second handshake operation, instructed in the transmission stage in developer, host system 11 is transmittable
Developer instructs to memory storage apparatus 10, and the transmittable data corresponding to this developer instruction of memory storage apparatus 10
To host system 11.However, can also include more for verifying the handshake operation of host system 11 in another exemplary embodiment
More handshake operation, as long as memory storage apparatus 10 can verify host system 11 via these handshake operations.In addition,
In an exemplary embodiment, developer's implementing procedure and for the data of aforementioned handshake operation be at least partly to store concealedly
In the storage media of host system 11, to avoid (such as copying to other devices) is directly accessed by attacker.
Fig. 7 is the schematic diagram of the storage media of host system shown by an exemplary embodiment according to the present invention.It please join
According to Fig. 7, in this exemplary embodiment, host system 11 includes storage media 710.Storage media 710 can be pluggable ground electricity
Property is connected to the external storage device (such as USB flash disk or external connected hand disk) of host system 11, or belongs to host system 11
Internal storage circuit.Storing media 710 has hiding memory block 711 and open memory block 712.Memory block 711 is hidden to store
There are hardware encryption module 721, authentication module 722 and developer's implementing procedure 723.Open memory block 712 is stored with exploitation
Person's tool loader 731.
In this exemplary embodiment, it is all hiding for hiding memory block 711 and it is default to disclose memory block 712.In hiding shape
Under state, user can not access via the archives economy of host system 11 hides memory block 711 and open memory block 712.Identity
Authentication module 722 is stored with authentication information.For example, this authentication information includes default account and preset password.At this
In exemplary embodiment, authentication module 722 can receive the body that user is inputted by the signal input apparatus of host system 11
Simultaneously identity-based verification information verifies the identity information of input to part information.For example, authentication module 722, which can compare, to be made
The account and default account of user's input simultaneously compare password and preset password that user inputs.If user input account with
Default account is identical and the password of user's input is identical with preset password, then authentication module 722 can will open memory block
712 releasings are hidden.Conversely, if the account of user's input and default account is not identical and/or the password of user's input and pre-
If password is not identical, then open memory block 712 is maintained hidden state by authentication module 722.
After it will disclose the releasing of memory block 712 and hide, user can be via corresponding in the archives economy of host system 11
Logic address access to open memory block 712 discloses memory block 712.In addition, after it will disclose the releasing of memory block 712 and hide,
Developer's tool loader 731 can be activated.It is noted that no matter whether user inputs correct identity information, hide
Memory block 711 maintains hidden state always and can not be accessed by user.However, storing matchmaker in another exemplary embodiment
Body 710 can not also use Hiding Mechanism, it is not default by open memory block 712 hide or using other authentication mechanisms by
Open memory block 712, which releases, to hide, and the present invention is without restriction.Hereinafter Fig. 8 to Figure 11 will be arranged in pairs or groups to the present invention with Fig. 5 and Fig. 7
Host system verification method be illustrated.
Fig. 8 is the operation of the preparation stage of host system verification method shown by an exemplary embodiment according to the present invention
Time diagram.Fig. 7 and Fig. 8 are please referred to, the preparation stage of host system verification method includes step S801 to S803.In step
In S801, hardware encryption module 721 can dynamically generate golden key information PbKey (also referred to as the first golden key according to an essential information
Information) and PvKey (also referred to as the second golden key information).In an exemplary embodiment, this essential information can be authentication module
722 authentication informations stored.However, this essential information is also possible to what dynamic generated in another exemplary embodiment
Random number or other data, the present invention are without restriction.
In this exemplary embodiment, hardware encryption module 721 is to be encrypted based on essential information using public key
(public-key cryptography) algorithm generation golden key information PbKey and PvKey, therefore golden key information PbKey and PvKey
Belong to asymmetric key pair.For example, the public key of golden key information PbKey asymmetric key pair thus, and golden key information PvKey
The private key of asymmetric key pair thus.However, in another exemplary embodiment, hardware encryption module 721 be also possible to using
Other kinds of Encryption Algorithm is to generate golden key information PbKey and PvKey or using one gold medal of symmetrical golden key Encryption Algorithm generation
Key information to use for verifying, and the present invention is without restriction.
In step S802, generated golden key information PbKey can be supplied to memory storage apparatus by host system 11
10.Golden key information PvKey is then stored in hiding memory block 711.In step S803, memory storage apparatus 10 can store gold
Key information PbKey.For example, golden key information PbKey can be stored in the reproducible nonvolatile memorizer module 406 of Fig. 4.Extremely
This, completes the preparation stage of host system verification method.Thereafter, once developer's tool loader 731 is activated, then can enter
First handshake operation of host system verification method.
Fig. 9 is the first handshake operation of host system verification method shown by an exemplary embodiment according to the present invention
Operation timing schematic diagram.Referring to figure 5., the first handshake operation of Fig. 7 and Fig. 9, host system verification method may include step
S901~S909.In step S901, developer's tool loader 731 of host system 11, which starts, to be hidden in memory block 711
Developer's implementing procedure 723.In step S902, host system 11 (such as the developer's implementing procedure 723 being activated) can be sent out
Send notification information to memory storage apparatus 10, to notify memory storage apparatus 10 to start to execute the first handshake operation.
In step S903, memory storage apparatus 10 dynamically generates verification information Cert (the also referred to as first verifying letter
Breath).For example, the disposable verification information that verification information Cert can generate for memory management circuitry 502.In step S904,
Memory storage apparatus 10 is based on golden key information PbKey and verification information Cert and generates encryption information CI1 (the also referred to as first encryption
Information).For example, verifying circuit 513 can based on golden key information PbKey using RSA cryptographic algorithms come encrypted authentication information Cert with
Generate encryption information CI1.In step S905, memory storage apparatus 10 sends encryption information CI1 to host system 11.
In step S906,11 receiving encryption key CI1 of host system is simultaneously based on golden key information PvKey and encryption information
CI1 generates encryption information CI2 (also referred to as the second encryption information).For example, developer's implementing procedure 723 can be based on golden key information
PvKey decrypts encryption information CI1 using RSA cryptographic algorithms to obtain verification information Cert.Then, developer's implementing procedure
723 can encrypt verification information Cert obtained using RSA cryptographic algorithms based on golden key information PvKey to generate encryption information
CI2.In step s 907, host system 11 sends encryption information CI2 to memory storage apparatus 10.
In step S908, memory storage apparatus 10 is based on golden key information PbKey and encryption information CI2 generation and compares letter
It ceases Cert ' (also referred to as the first comparison information).For example, verifying circuit 513 can be calculated based on golden key information PbKey using rsa encryption
Method decrypts encryption information CI2 to generate comparison information Cert '.Then, memory storage apparatus 10 can be according to verification information
Cert and comparison information Cert ' verify host system 11.For example, memory management circuitry 502 can compare in step S909
Verification information Cert and comparison information Cert '.If verification information Cert is identical as comparison information Cert ', host system 11 is indicated
Used golden key information PvKey is mutually matched with golden key information PbKey used in memory storage apparatus 10, therefore is deposited
Reservoir management circuit 502 can determine that host system 11 passes through the verifying of the first handshake operation.Conversely, if verification information Cert with than
It is not identical to information Cert ', indicate that golden key information PvKey used in host system 11 is used with memory storage apparatus 10
Golden key information PbKey be not mutually matched, therefore memory management circuitry 502 can determine that host system 11 by first hand over
Hold the verifying of operation.If host system 11 passes through the verifying of the first handshake operation, memory management circuitry 502 allows access into master
Second handshake operation of machine system Authentication method.Conversely, being stored if host system 11 does not pass through the verifying of the first handshake operation
Device management circuit 502 does not allow access into the second handshake operation of host system verification method.In other words, in the first handshake operation
In, memory management circuitry 502 is that whether executable second handshake operation of host system 11 is verified using encryption information CI2.
Figure 10 is the second handshake operation of host system verification method shown by an exemplary embodiment according to the present invention
Operation timing schematic diagram.Referring to figure 5., the second handshake operation of Fig. 7 and Figure 10, host system verification method may include step
S1001~S1011.In step S1001, host system 11 notifies memory storage apparatus 10 to execute the second handshake operation.Example
Such as, developer's implementing procedure 723 can transmit a checking request to memory storage apparatus 10.
After receiving this checking request, in step S1002, memory storage apparatus 10 dynamically generates verification information RN
(also referred to as the second verification information).For example, the disposable verifying that verification information RN can generate for memory management circuitry 502 is believed
Breath.In the step s 1003, memory storage apparatus 10 is based on golden key information PbKey and verification information RN and generates encryption information CI3
(also referred to as third encryption information).For example, verifying circuit 513 can be encrypted based on golden key information PbKey using RSA cryptographic algorithms
Verification information RN is to generate encryption information CI3.In step S1004, memory storage apparatus 10 sends encryption information CI3 to
Host system 11.
In step S1005,11 receiving encryption key CI3 of host system is simultaneously based on golden key information PvKey and encryption information
CI3 obtains verification information RN.For example, developer's implementing procedure 723 can based on golden key information PvKey using RSA cryptographic algorithms come
Encryption information CI3 is decrypted to obtain verification information RN.In step S1006, host system 11 is based on verification information RN generation and tests
It demonstrate,proves information SKey (also referred to as third verification information).For example, developer's implementing procedure 723 can be based on verification information RN and a gold
Key dynamic state of parameters generates disposable verification information SKey.
Another exemplary embodiment, after generating verification information RN, in step S1007, memory storage apparatus 10 can base
Verification information SKey is generated in verification information RN.For example, memory management circuitry 502 can be based on verification information RN and a golden key
Dynamic state of parameters generates disposable verification information SKey.It is noted that in this exemplary embodiment, host system 11 and storage
Device storage device 10 is to generate verification information SKey using identical verification information RN and identical golden key parameter, therefore produced
Raw verification information SKey also can be identical.This verification information SKey can be used in subsequent developer instructs the transmission stage encrypting
The data transmitted between host system 11 and memory storage apparatus 10.
In step S1008, host system 11 is based on verification information RN and verification information SKey and generates encryption information CI4
(also referred to as the 4th encryption information).For example, developer's implementing procedure 723 can use AES encryption algorithm based on verification information SKey
Carry out encrypted authentication information RN to generate encryption information CI4.In step S1009, host system 11 sends encryption information CI4 to
Memory storage apparatus 10.
After receiving encryption information CI4, in step S1010, memory storage apparatus 10 is based on verification information SKey
Comparison information RN ' (also referred to as the second comparison information) is generated with encryption information CI4.For example, verifying circuit 514 can be based on verifying letter
Breath SKey decrypts encryption information CI4 using AES encryption algorithm to generate comparison information RN '.Then, memory storage apparatus 10
Host system 11 can be verified according to verification information RN and comparison information RN '.For example, in step S1011, memory management electricity
It road 502 can comparison information RN and comparison information RN '.If verification information RN is identical as comparison information RN ', host system is indicated
Golden key information PvKey used in 11 is mutually matched with golden key information PbKey used in memory storage apparatus 10, and
Host system 11 and memory storage apparatus 10 are using identical verification information SKey, therefore memory management circuitry 502 can be sentenced
Determine the verifying that host system 11 passes through the second handshake operation.Conversely, being indicated if verification information RN and comparison information RN ' be not identical
Golden key information PvKey used in host system 11 is not phase with golden key information PbKey used in memory storage apparatus 10
Mutual matched and/or host system 11 and memory storage apparatus 10 are not therefore the memories using identical verification information SKey
Management circuit 502 can determine that host system 11 does not pass through the verifying of the second handshake operation.If host system 11 is handed over by second and is held
The verifying of operation, the then developer that memory management circuitry 502 allows access into host system verification method instruct the transmission stage.Instead
It, if host system 11 does not pass through the verifying of the second handshake operation, memory management circuitry 502 does not allow access into host system
The developer of verification method instructs the transmission stage.In other words, in the second handshake operation, memory management circuitry 502 is to utilize
Encryption information CI4 instructs the transmission stage to verify whether executable (or entrance) developer of host system 11.
Figure 11 is that the developer of host system verification method shown by an exemplary embodiment according to the present invention instructs biography
The operation timing schematic diagram in defeated stage.Referring to figure 5., Fig. 7 and Figure 11, the developer of host system verification method instruct transmission rank
Section may include step S1101~S1103.In step S1101, host system 11 encrypts developer according to verification information SKey and refers to
It enables.For example, developer's implementing procedure 723 can dynamically generate one or more developers instruction, and generated developer instruction can
To indicate that memory storage apparatus 10 executes particular system operation.Developer's implementing procedure 723 can be based on verification information SKey
Developer's instruction is encrypted using AES encryption algorithm.In step S1102, host system 11 instructs the developer encrypted
Send memory storage apparatus 10 to.
In step S1103, memory storage apparatus 10 receives the developer's instruction encrypted and according to verification information
Developer's instruction that SKey parsing has encrypted.For example, verifying circuit 514 can use AES encryption algorithm based on verification information SKey
To decrypt the developer encrypted instruction.According to the developer's instruction decrypted, 502 executable system of memory management circuitry ginseng
Number updates, firmware update or passback specific information are to system operatios such as host systems 11.In addition, another example in Figure 11 is implemented
In example, the verifying circuit 514 of memory storage apparatus 10 can also be used verification information SKey to encrypt host system 11 to be sent to
Data, and developer's implementing procedure 723 of host system 11 also can be used identical verification information SKey and come to decrypt
The data of memory storage apparatus 10, just do not repeat herein.
From the point of view of another angle, in the first handshake operation of such as Fig. 9, memory storage apparatus 10 is according to verification information
Cert verifies the legitimacy of host system 11;And in the second handshake operation of such as Figure 10, memory storage apparatus 10 is root
The legitimacy of host system 11 is verified according to verification information RN.In addition, the developer in such as Figure 11 instructed in the transmission stage, storage
Device storage device 10 is to be parsed to instruct from the received developer of host system 11 according to verification information SKey.In particular, verifying
Information Cert, verification information RN and verification information SKey are different.For example, verification information Cert, verification information RN and verifying
Information SKey is respectively the disposable random number generated in corresponding operating/stage.
Although it is noted that mainly being made in previous cases embodiment with RSA cryptographic algorithms collocation AES encryption algorithm
It is illustrated for the example of enciphering/deciphering, however, in another exemplary embodiment, the first handshake operation, the second handshake operation and opens
Identical or different various algorithms can be used in Encryption Algorithm employed in the originator instruction transmission stage, all can be according to practice demand
It is adjusted, the present invention is without restriction.In an exemplary embodiment, encryption information CI3 (i.e. third encryption information) is used
Encryption Algorithm (such as RSA) is higher than the encryption that encryption information CI4 (i.e. the 4th encryption information) uses to the protection intensity of data and calculates
Protection intensity of the method (such as AES) to data, however, the present invention is not limited thereto.In an exemplary embodiment, different encryption information institutes
The Encryption Algorithm and data protection intensity used can all be adjusted depending on the demand in practice.
In an exemplary embodiment, host system 11 is instructed in the transmission stage in developer and is filled using to store with memory
Set 10 communications instruction set be different from host system 11 in the universal command transmission stage using with memory storage apparatus 10
The instruction set of communication.For example, developer instruct the transmission stage in, host system 11 be using specific instruction set (also referred to as
Developer's instruction set) it updates assigning instruction system parameter, the developer of firmware update or the passback system operatios such as specific information
It instructs to host system 11;And in the universal command transmission stage, host system 11 is to assign data using universal instruction set
The universal data access instruction such as read, be written and erase to indicate that memory storage apparatus 10 executes corresponding data access behaviour
Make.In an exemplary embodiment, the universal command transmission stage is not necessary to testing via the first handshake operation and/or the second handshake operation
Card can enter.For example, in an exemplary embodiment, when the line established between host system 11 and memory storage apparatus 10
Afterwards, the universal command transmission stage can enable automatically, and host system 11 can transmit general number in this universal command transmission stage
According to access instruction.
Figure 12 is the schematic diagram of storage system shown by an exemplary embodiment according to the present invention.Please refer to figure
12, in this exemplary embodiment, the same or similar storage media 710 in Fig. 7 of external storage device 1200.By circumscribed
After storage device 1200 is electrically connected to host system 1211, host system 1211 can be via external storage device 1200 and storage
Device storage device 1210 executes the first handshake operation mentioned by previous cases embodiment.If host system 1211 is handed over by first
The verifying of operation is held, then host system 1211 can be further via external storage device 1200 and memory storage apparatus 1210
Execute the second handshake operation mentioned by previous cases embodiment.If host system 1211 is tested also by the second handshake operation
Card, then host system 1211 can further via external storage device 1200 developer instruct the transmission stage in storage
Device storage device 1210 carries out encryption communication to transmit developer's instruction.
Figure 13 is the schematic diagram of storage system shown by another exemplary embodiment according to the present invention.It please refers to
Figure 13, in this exemplary embodiment, the same or similar storage media 710 in Fig. 7 of external storage device 1300.Will be external
After formula storage device 1300 is electrically connected to host system 1301, host system 1301 can be stored external storage device 1300
Developer's implementing procedure be downloaded to host system 1311 (1)~1311 (N).Meanwhile host system 1301 can deposit circumscribed
At least partly for the information of aforementioned first handshake operation and the second handshake operation (for example, golden key information in storage device 1300
PvKey etc.) it is provided to host system 1311 (1)~1311 (N).From host system 1301 (or external storage device 1300)
Information can be temporarily stored into the buffer storage of host system 1311 (1)~1311 (N).Whereby, host system 1311 (1)~
1311 (N) can according to developer's implementing procedure in respective buffer storage come respectively with memory storage apparatus 1310 (1)
~1310 (N) execute the operation such as Fig. 9 to Figure 11, just do not repeat herein.It is deposited for example, the exemplary embodiment of Figure 13 can be description
The scene that reservoir storage device 1310 (1)~1310 (N) produce or repair in the manufacturing side.
In conclusion memory storage apparatus can verify master by different verification informations at least two handshake operations
Machine system, and the information transmitted in handshake operation is all by encryption.In addition, memory storage apparatus can pass through with host system
The handshake operation exchange is instructed in developer for encrypting and/or parsing the verification information of developer's instruction in the transmission stage,
To enhance memory storage apparatus to the verifying ability of host system, and reduces attacker and successfully use unwarranted exploitation
Person's program modifies the parameter of memory storage apparatus or steals the probability of the data in memory storage apparatus.
Although the present invention is disclosed as above with embodiment, however, it is not to limit the invention, any technical field
Middle technical staff, without departing from the spirit and scope of the present invention, when can make a little change and retouching, therefore protection of the invention
Range is subject to view as defined in claim.
Claims (34)
1. a kind of storage system characterized by comprising
Host system;And
Memory storage apparatus is electrically connected to the host system,
Wherein in the first handshake operation, first encryption of the memory storage apparatus the first verification information will be corresponded to
Information is sent to the host system, second encryption information of the host system will correspond to first verification information
It is sent to the memory storage apparatus, and the memory storage apparatus verifies the host using second encryption information
Whether executable second handshake operation of system,
Wherein in second handshake operation, third of the memory storage apparatus the second verification information will be corresponded to
Encryption information is sent to the host system, and the host system based on the third encryption information corresponding to third will be tested
4th encryption information of card information is sent to the memory storage apparatus, and the memory storage apparatus utilizes the described 4th
Encryption information verifies the whether executable developer of the host system and instructs the transmission stage,
Wherein the third verification information is to be encrypted in the host system and institute in the developer instructs the transmission stage
State the data transmitted between memory storage apparatus.
2. storage system according to claim 1, wherein before entering first handshake operation, the master
Machine system also generates the first golden key information to dynamic and corresponds to the second golden key information of the first golden key information, and described
Host system is also to be provided to the memory storage apparatus for the first golden key information.
3. storage system according to claim 2, wherein the memory is deposited in first handshake operation
Storage device also generates first encryption information to be based on the first golden key information and first verification information, and described
Host system is also to generate second encryption information based on the second golden key information and first encryption information.
4. storage system according to claim 3, wherein the memory is deposited in first handshake operation
Storage device is also to generate the first comparison information, and the storage based on the first golden key information and second encryption information
Device storage device is also to verify the host system according to first verification information and first comparison information.
5. storage system according to claim 2, wherein the memory is deposited in second handshake operation
Storage device also generates the third encryption information to be based on the first golden key information and second verification information, and described
Host system is also to obtain second verification information based on the second golden key information and the third encryption information.
6. storage system according to claim 5, wherein in second handshake operation, the host system
Also to generate the third verification information based on second verification information, and the host system is also to based on described the
Two verification informations and the third verification information generate the 4th encryption information.
7. storage system according to claim 6, wherein the memory is deposited in second handshake operation
Storage device is also to generate the third verification information based on second verification information, and the memory storage apparatus is also used
To generate the second comparison information based on the third verification information and the 4th encryption information,
Wherein the memory storage apparatus is also to verify institute according to second verification information and second comparison information
State host system.
8. storage system according to claim 1, wherein second handshake operation is in the host system
It is executed after verifying by first handshake operation.
9. storage system according to claim 1, wherein it is in the master that the developer, which instructs the transmission stage,
Machine system after first handshake operation and the verifying of second handshake operation by entering.
10. storage system according to claim 2, wherein the first golden key information and second golden key are believed
Breath belongs to asymmetric key pair.
11. storage system according to claim 1, wherein the host system includes developer's implementing procedure,
Developer's implementing procedure is to execute first handshake operation with second handshake operation and refer in the developer
It enables and generates developer's instruction in the transmission stage, wherein developer instruction is to indicate that the memory storage apparatus executes system
System operation.
12. storage system according to claim 11, wherein developer's implementing procedure is via developer
The starting of tool loader, developer's implementing procedure are stored in the hiding memory block of the host system, and the exploitation
Person's tool loader is stored in the open storage area of the host system.
13. storage system according to claim 12, wherein the hiding memory block and the open storage area
All it is located in external storage device, and the external storage device is electrically connected to the host system pluggablely.
14. storage system according to claim 1 transmits wherein the host system is instructed in the developer
It is different from the host system in universal command transmission using with the instruction set linked up with the memory storage apparatus in stage
The instruction set to link up with the memory storage apparatus is used in stage.
15. storage system according to claim 1, wherein the Encryption Algorithm pair that the third encryption information uses
The protection intensity of data is higher than the Encryption Algorithm used with the 4th encryption information to the protection intensity of the data.
16. a kind of host system verification method, which is characterized in that be used for memory storage apparatus, the host system authentication
Method includes:
In the first handshake operation with host system, the first encryption information for corresponding to the first verification information is sent to described
Host system receives the second encryption information for corresponding to first verification information from the host system, and utilizes described the
Two encryption information verify whether executable second handshake operation of the host system;
In second handshake operation with the host system, the third encryption information for corresponding to the second verification information is passed
It send to the host system, the 4th encryption information for corresponding to third verification information is received from the host system, and utilize institute
It states the 4th encryption information and verifies the host system whether executable developer's instruction transmission stage;And
It instructs in the transmission stage in the developer, is parsed according to the third verification information from received to the host system
Developer's instruction.
17. host system verification method according to claim 16, further includes:
Before entering first handshake operation, the first golden key information is stored, wherein corresponding to the first golden key information
Second golden key information is stored in the host system.
18. host system verification method according to claim 17, further includes:
In first handshake operation, described first is generated based on the first golden key information and first verification information and is added
Confidential information.
19. host system verification method according to claim 18, further includes:
In first handshake operation, first is generated based on the first golden key information and second encryption information and compares letter
Breath;And
The host system is verified according to first verification information and first comparison information.
20. host system verification method according to claim 17, further includes:
In second handshake operation, the third is generated with second verification information based on the first golden key information and is added
Confidential information.
21. host system verification method according to claim 16, further includes:
In second handshake operation, the third verification information is generated based on second verification information;
The second comparison information is generated based on the third verification information and the 4th encryption information;And
The host system is verified according to second verification information and second comparison information.
22. host system verification method according to claim 17, wherein the first golden key information and second gold medal
Key information belongs to asymmetric key pair.
23. host system verification method according to claim 16, wherein the host system is instructed in the developer
It is different from the host system in universal command using with the instruction set linked up with the memory storage apparatus in the transmission stage
The instruction set to link up with the memory storage apparatus is used in the transmission stage.
24. host system verification method according to claim 16, wherein the encryption that the third encryption information uses is calculated
Method is to the protection intensity of data higher than the Encryption Algorithm used with the 4th encryption information to the protection intensity of the data.
25. a kind of memory storage apparatus characterized by comprising
Connecting interface unit, is electrically connected to host system;
Reproducible nonvolatile memorizer module, wherein the reproducible nonvolatile memorizer module includes multiple entities
Unit;And
Memorizer control circuit unit is electrically connected to the connecting interface unit and the type nonvolatile
Module,
Wherein the memorizer control circuit unit is in the first handshake operation with the host system, will correspond to the
First encryption information of one verification information is sent to the host system, receives from the host system and tests corresponding to described first
The second encryption information of information is demonstrate,proved, and verifies whether executable second friendship of the host system using second encryption information and holds
Operation,
Wherein the memorizer control circuit unit, will be right also in second handshake operation with the host system
It should be sent to the host system in the third encryption information of the second verification information, be received from the host system and correspond to third
4th encryption information of verification information, and the whether executable developer of the host system is verified using the 4th encryption information
The transmission stage is instructed,
It is wherein instructed in the transmission stage in the developer, the memorizer control circuit unit according to the third also to test
Information parsing is demonstrate,proved to instruct to the received developer of the host system.
26. memory storage apparatus according to claim 25, wherein before entering first handshake operation, it is described
Memorizer control circuit unit is also to store the first golden key information, and the second golden key for corresponding to the first golden key information is believed
Breath is stored in the host system.
27. memory storage apparatus according to claim 26, wherein in first handshake operation, the memory
Control circuit unit is also to generate first encryption information based on the first golden key information and first verification information.
28. memory storage apparatus according to claim 27, wherein in first handshake operation, the memory
Control circuit unit is also to generate the first comparison information and root based on the first golden key information and second encryption information
The host system is verified according to first verification information and first comparison information.
29. memory storage apparatus according to claim 26, wherein in second handshake operation, the memory
Control circuit unit is also to generate the third encryption information based on the first golden key information and second verification information.
30. memory storage apparatus according to claim 25, wherein in second handshake operation, the memory
Control circuit unit also generates the third verification information to be based on second verification information,
Wherein the memorizer control circuit unit based on the third verification information and the 4th encryption information also to be produced
Raw second comparison information simultaneously verifies the host system according to second verification information and second comparison information.
31. memory storage apparatus according to claim 26, wherein the first golden key information and second golden key
Information belongs to asymmetric key pair.
32. memory storage apparatus according to claim 25 passes wherein the host system is instructed in the developer
It is different from the host system in universal command biography using with the instruction set linked up with the memory storage apparatus in the defeated stage
The instruction set to link up with the memory storage apparatus is used in the defeated stage.
33. memory storage apparatus according to claim 25, wherein the Encryption Algorithm that the third encryption information uses
It is higher than the Encryption Algorithm that uses with the 4th encryption information to the protection intensity of data to the protection intensity of the data.
34. a kind of memory storage apparatus characterized by comprising
Connecting interface unit, is electrically connected to host system;
Reproducible nonvolatile memorizer module, wherein the reproducible nonvolatile memorizer module includes multiple entities
Unit;And
Memorizer control circuit unit is electrically connected to the connecting interface unit and the type nonvolatile
Module,
Wherein the memorizer control circuit unit in the first handshake operation with the host system according to first to test
Host system described in Information Authentication is demonstrate,proved,
Wherein the memorizer control circuit unit is also in the second handshake operation with the host system, according to second
Verification information verifies the host system,
It is wherein instructed in the transmission stage in developer, the memorizer control circuit unit according to third verification information to parse
It is instructed to the received developer of the host system,
Wherein first verification information, second verification information and the third verification information are different.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810062088.8A CN110069934B (en) | 2018-01-23 | 2018-01-23 | Memory storage system, host system verification method and memory storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810062088.8A CN110069934B (en) | 2018-01-23 | 2018-01-23 | Memory storage system, host system verification method and memory storage device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110069934A true CN110069934A (en) | 2019-07-30 |
| CN110069934B CN110069934B (en) | 2022-12-13 |
Family
ID=67364826
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810062088.8A Active CN110069934B (en) | 2018-01-23 | 2018-01-23 | Memory storage system, host system verification method and memory storage device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110069934B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113378216A (en) * | 2021-05-29 | 2021-09-10 | 深圳市得一微电子有限责任公司 | eMMC control method, system and storage medium thereof |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200627325A (en) * | 2005-01-19 | 2006-08-01 | Lightuning Tech Inc | Storage device and method for protecting data stored therein |
| US20100186076A1 (en) * | 2006-03-31 | 2010-07-22 | Axalto Sa | Method and system of providing security services using a secure device |
| US20100223479A1 (en) * | 2007-10-29 | 2010-09-02 | Bundesdruckerei Gmbh | Method for Protection of A Chip Card From Unauthorized Use, Chip Card and Chip Card Terminal |
| US20100306816A1 (en) * | 2009-05-30 | 2010-12-02 | Cisco Technology, Inc. | Authentication via monitoring |
| TW201333701A (en) * | 2012-02-10 | 2013-08-16 | Phison Electronics Corp | Data protecting method, memory controller and memory storage device |
| CN103257938A (en) * | 2012-02-21 | 2013-08-21 | 群联电子股份有限公司 | Data protection method, memory controller and memory storage device |
| US20130262810A1 (en) * | 2012-04-03 | 2013-10-03 | Phison Electronics Corp. | Memory space management method and memory controller and memory storage device using the same |
| CN103427984A (en) * | 2012-05-24 | 2013-12-04 | 三星电子株式会社 | Apparatus for generating secure key using device ID and user authentication information |
| US20140317350A1 (en) * | 2011-11-15 | 2014-10-23 | Fxi Technologies As | Portable storage devices for electronic devices |
| CN104346103A (en) * | 2013-08-09 | 2015-02-11 | 群联电子股份有限公司 | Instruction executing method, memory controller and memory storage device |
| CN104573537A (en) * | 2013-10-11 | 2015-04-29 | 群联电子股份有限公司 | Data processing method, memory storage device and memory control circuit unit |
| US20170109176A1 (en) * | 2015-10-16 | 2017-04-20 | Quanta Computer Inc. | iSCSI BASED BARE METAL OS IMAGE DEPLOYMENT AND DISKLESS BOOT |
-
2018
- 2018-01-23 CN CN201810062088.8A patent/CN110069934B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW200627325A (en) * | 2005-01-19 | 2006-08-01 | Lightuning Tech Inc | Storage device and method for protecting data stored therein |
| US20100186076A1 (en) * | 2006-03-31 | 2010-07-22 | Axalto Sa | Method and system of providing security services using a secure device |
| US20100223479A1 (en) * | 2007-10-29 | 2010-09-02 | Bundesdruckerei Gmbh | Method for Protection of A Chip Card From Unauthorized Use, Chip Card and Chip Card Terminal |
| US20100306816A1 (en) * | 2009-05-30 | 2010-12-02 | Cisco Technology, Inc. | Authentication via monitoring |
| US20140317350A1 (en) * | 2011-11-15 | 2014-10-23 | Fxi Technologies As | Portable storage devices for electronic devices |
| TW201333701A (en) * | 2012-02-10 | 2013-08-16 | Phison Electronics Corp | Data protecting method, memory controller and memory storage device |
| CN103257938A (en) * | 2012-02-21 | 2013-08-21 | 群联电子股份有限公司 | Data protection method, memory controller and memory storage device |
| US20130262810A1 (en) * | 2012-04-03 | 2013-10-03 | Phison Electronics Corp. | Memory space management method and memory controller and memory storage device using the same |
| CN103427984A (en) * | 2012-05-24 | 2013-12-04 | 三星电子株式会社 | Apparatus for generating secure key using device ID and user authentication information |
| CN104346103A (en) * | 2013-08-09 | 2015-02-11 | 群联电子股份有限公司 | Instruction executing method, memory controller and memory storage device |
| CN104573537A (en) * | 2013-10-11 | 2015-04-29 | 群联电子股份有限公司 | Data processing method, memory storage device and memory control circuit unit |
| US20170109176A1 (en) * | 2015-10-16 | 2017-04-20 | Quanta Computer Inc. | iSCSI BASED BARE METAL OS IMAGE DEPLOYMENT AND DISKLESS BOOT |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113378216A (en) * | 2021-05-29 | 2021-09-10 | 深圳市得一微电子有限责任公司 | eMMC control method, system and storage medium thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110069934B (en) | 2022-12-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5662037B2 (en) | Data whitening to read and write data to non-volatile memory | |
| US9100187B2 (en) | Authenticator | |
| JP5100884B1 (en) | Memory device | |
| CN101231622B (en) | Data storage method and equipment base on flash memory, as well as data fetch method and apparatu | |
| CN103718185B (en) | Authenticate device, certified device and authentication method | |
| JP5855243B2 (en) | Memory device and memory system | |
| TWI641966B (en) | Memory storage system, host system authentication method and memory storage device | |
| JP5204291B1 (en) | Host device, device, system | |
| JP5112555B1 (en) | Memory card, storage media, and controller | |
| US9124432B2 (en) | Host device and authentication method for host device | |
| US20140006738A1 (en) | Method of authenticating a memory device by a host device | |
| KR20140002780A (en) | Data recording device, and method of processing data recording device | |
| KR20130136559A (en) | Data recording device, host device and method of processing data recording device | |
| US20150341345A1 (en) | Security system | |
| JP4991971B1 (en) | Device to be authenticated and authentication method thereof | |
| JP5204290B1 (en) | Host device, system, and device | |
| CN110069934A (en) | Storage system, host system verification method and memory storage apparatus | |
| CN210691364U (en) | Encrypted USB flash disk | |
| JP5433757B2 (en) | Memory device, host device, and system | |
| JP5443575B2 (en) | Memory card, host device, and system | |
| JP2013118616A (en) | Memory device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |