CN110908588B - Memory control device, control method and generation method of safety characteristics thereof - Google Patents
Memory control device, control method and generation method of safety characteristics thereof Download PDFInfo
- Publication number
- CN110908588B CN110908588B CN201811074490.4A CN201811074490A CN110908588B CN 110908588 B CN110908588 B CN 110908588B CN 201811074490 A CN201811074490 A CN 201811074490A CN 110908588 B CN110908588 B CN 110908588B
- Authority
- CN
- China
- Prior art keywords
- cells
- security feature
- memory
- memory block
- flash memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/064—Management of blocks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0646—Horizontal data movement in storage systems, i.e. moving data in between storage devices or systems
- G06F3/0652—Erasing, e.g. deleting, data cleaning, moving of data to a wastebasket
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0679—Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2143—Clearing memory, e.g. to prevent the data from being stolen
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Human Computer Interaction (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Read Only Memory (AREA)
Abstract
The application discloses a memory control device, a control method and a generation method of safety characteristics of the memory control device. A method for generating a security feature of a flash memory, comprising: erasing a memory block of the flash memory, writing the erased memory block without verification, obtaining a plurality of cells within the written memory block, and establishing a security feature based on the obtained cells.
Description
Technical Field
The present invention relates to data storage devices, and more particularly to a method for accessing flash memory.
Background
Flash Memory (Flash Memory) is a storage device commonly used in electronic devices in recent years. Flash memory is a non-volatile memory. Taking a NAND Flash memory as an example, the Flash memory is often applied to memory cards, universal serial bus Flash memory devices (usb Flash devices), solid State Disks (SSDs), and other storage devices. The memory array provided by the flash memory is composed of a plurality of blocks (blocks), and each Block comprises a plurality of pages (pages). Flash memory is performed in units of all pages within an entire block during copying or erasing (Erase) of data.
How to prevent the theft of important data (e.g., the key code of a digital wallet) is a big consideration in storage design. However, in the case of disallowing copying, the important data in the Flash memory can still be copied to another storage device by the third party Software (Software Tool) and the third party memory Controller (Flash Controller) after the storage device is disassembled.
Disclosure of Invention
In one embodiment, a method for generating a security feature of a flash memory includes: erasing a memory block of the flash memory, writing the erased memory block without verification, obtaining a plurality of cells within the written memory block, and establishing a security feature based on the obtained cells.
In one embodiment, a memory control device is adapted to control access operations of a flash memory. The flash memory includes a plurality of memory blocks. Wherein, the memory control device includes: the data reading and writing circuit is coupled with the storage unit. The storage unit stores a prestored safety feature. The data read/write circuit receives a data access request and executes a security confirmation procedure to confirm whether the data access request is allowed. In the security verification process, the data read/write circuit erases one of the plurality of memory blocks, writes the erased memory block without verification, obtains a plurality of cells within the written memory block, establishes a security feature based on the obtained cells, compares the established security feature with a pre-stored security feature, allows the data access request if the established security feature matches the pre-stored security feature, and denies the data access request if the established security feature does not match the pre-stored security feature.
In summary, the memory control device, the control method of the flash memory and the generation method of the security feature according to the present invention utilize the characteristics of the flash memory to generate the dedicated security feature as the data protection key, thereby ensuring the security of the data.
Drawings
FIG. 1 is a functional block diagram of a memory control device according to an embodiment of the invention in an applied state.
FIG. 2 is a flow chart of a method for generating a security feature of a flash memory according to an embodiment of the invention.
FIG. 3 is a flowchart of a method for generating a security feature of a flash memory according to another embodiment of the present invention.
Fig. 4 is a schematic diagram of an exemplary security feature.
FIG. 5 is a flow chart of a control method of a flash memory according to an embodiment of the invention.
Detailed Description
As used herein, "coupled" or "connected" may mean that two or more elements are in direct physical or electrical contact with each other, or in indirect physical or electrical contact with each other, and "coupled" or "connected" may also mean that two or more elements are in operation or action with each other.
Referring to FIG. 1, in one embodiment, a memory control device 10 is adapted to control access operations of a flash memory 20. The flash memory 20 includes a plurality of memory blocks.
The memory control device 10 includes a data read/write circuit 110 and a storage unit 130. The data read/write circuit 110 is coupled to the storage unit 130.
The data read/write circuit 110 is coupled to the flash memory 20. The data read/write circuit 110 is used for reading the data sequence stored in the flash memory 20 and providing the read data sequence to the external device 30, or storing the external data sequence into the flash memory 20.
In some embodiments, the data read/write circuit 110 is also used to generate security features corresponding to the characteristic features of the flash memory 20.
Referring to fig. 1 and 2, in one embodiment, the data read/write circuit 110 erases one of a plurality of memory blocks (hereinafter, a "predetermined memory block" for explanation) of the flash memory 20 (step S10). Wherein, the predetermined memory block is confirmed to be capable of normal operation and has excellent characteristics. In some embodiments, the predetermined memory block may be any one of all memory blocks of the flash memory 20. For example, the predetermined memory Block may be Block 0 (Block 0), block 1, block 2, or other memory Block, etc. In an example of step S10, the data read/write circuit 110 can perform the erase operation on the predetermined memory block only once. In another example of step S10, referring to fig. 1 and 3, the data read/write circuit 110 may also perform the erase operation on the predetermined memory block repeatedly for a plurality of times, so as to avoid the error of the characteristics of the predetermined memory block caused by the unknown human operation. Taking the second erase operation as an example, the data read/write circuit 110 first erases the predetermined memory block (step S12), and then writes the first erased predetermined memory block (step S14). In step S14, the data read/write circuit 110 performs the full write operation of the predetermined memory block with the normal write voltage. After the writing (step S14), the data read/write circuit 110 erases the written predetermined memory block again (step S16).
After erasing (step S10), the data read/write circuit 110 writes the erased predetermined memory block without verification (step S20). In other words, the data read/write circuit 110 performs the write operation of the predetermined memory block with a fixed voltage lower than the normal write voltage, so that each Cell (Cell) in the predetermined memory block generates different voltage (Vt, also called threshold voltage) due to the difference of its respective Cell characteristics (Cell Characteristic).
After writing (step S20), the data read/write circuit 110 obtains a plurality of cells in the written predetermined memory block (step S30) and establishes a security feature based on the obtained cells (step S40). In some embodiments, the security feature may be a string of numbers (i.e., a special code) derived from the retrieved unit or an image feature (Memory FingerPrint) derived from the retrieved unit. In one embodiment, the cells obtained may be cells within a predetermined area of the predetermined memory block, i.e., the cells obtained are less than the total number of cells of the predetermined memory block and are adjacent to each other in a two-dimensional array at the location of the predetermined memory block. In another embodiment, the cells obtained may be predetermined cells of a predetermined memory block. For example, the cells are taken to be less than the total number of cells of the predetermined block and are spaced apart from each other by a predetermined amount (e.g., a positive integer greater than 1 such as 4 or 10) in the order of the predetermined block. Wherein the predetermined number of intervals between adjacent cells in the obtained cells may be the same or different. Furthermore, the cells are obtained less than the total number of cells of the predetermined memory block and the current potential falls within the same voltage interval.
In one example, the data read/write circuit 110 uses a special sampling algorithm to sample the written predetermined memory block to capture a plurality of cells in the predetermined memory block (step S30), and aligns the sampled cells to align a series of different cells and uses the current potential of the aligned cells as a special code (Memory Vt Level Key) (as shown in fig. 4) (step S40). The potential Vt of fig. 4 is expressed as a unit voltage. For example, the special code may be a series of numbers made up of the potentials of the plurality of cells falling within the same voltage interval in the predetermined area, or the special code may be the positions (sequential numbers in the predetermined memory block) of the plurality of cells falling within the same voltage interval in the predetermined area, or the special code may be a series of numbers made up of the potentials of the plurality of cells spaced apart from each other by the same predetermined number in the predetermined area in sequence. In another example, the data read/write circuit 110 may also convert the obtained special codes into image features (step S40). For example, the special code may be a pattern formed by the wiring of a plurality of cells falling within the same voltage interval in a predetermined region.
In yet another example, the data read/write circuit 110 uses a special sampling algorithm to sample the written predetermined memory block to obtain a plurality of cells within the same predetermined area of the predetermined memory block and within the same voltage interval (step S30), and then connects the obtained cells to form the image feature (step S40).
In another example, the data read/write circuit 110 uses a special sampling algorithm to sample the written predetermined memory block to obtain a plurality of cells of the predetermined memory block (step S30), and then uses the electric potentials of the plurality of cells of the predetermined memory block to represent the image characteristics (step S40).
After the security feature is established (step S40), the data read/write circuit 110 stores the security feature in the storage unit 130 as a pre-stored security feature used in a confirmation procedure performed before each subsequent access operation.
In some embodiments, referring to fig. 1 and 5, the data read/write circuit 110 receives a data access request sent by the external device 30 (step S50). Upon receiving the data access request (step S50), the data read/write circuit 110 first executes a security confirmation procedure (step S60) to confirm whether the data access request is allowed. In the security verification process (step S60), the data read/write circuit 110 generates a security feature (i.e., steps S61-S64) in substantially the same manner as the previously generated pre-stored security features (i.e., steps S10-S40). The erasing step (step S61) in the security verification process may be performed the same as the erasing step (step S10) previously generating the pre-stored security feature. For example, each of the steps S61 and S10 is erased only once, or each of the steps S61 and S10 includes a first erasing step (step S12), a writing step (step S14), and a re-erasing step (step S14). In addition, the erasing step (step S61) in the security verification process may be performed for a different number of times than the erasing step (step S10) previously generating the pre-stored security features. For example, step S61 and erasing are performed only once, and step S10 includes a first erasing step (step S12), a writing step (step S14), and a re-erasing step (step S16).
After the security feature is generated (step S64), the data read/write circuit 110 compares the generated security feature with the pre-stored security feature (step S65). When the established security features match the pre-stored security features, the data read/write circuit 110 allows the data access request (step S66), so that the data read/write circuit 110 continues to perform the access operation of the data access request (e.g., read the requested data sequence). When the established security features do not match the pre-stored security features, the data read/write circuit 110 refuses the data access request (step S67), so that the data read/write circuit 110 does not continuously execute the access operation of the data access request.
In one example, the data read/write circuit 110 can update the security features stored in the storage unit 130 after each access operation is completed, e.g., update the security features stored in the storage unit 130 with the security features generated for the access operation.
In another example, the data read/write circuit 110 can update the security features stored in the storage unit 130 at regular time (i.e. re-execute steps S10 to S40).
In some embodiments, the flash memory 20 may be a nand flash memory (NANDFlash). The storage unit 130 may be an inverse OR gate Flash memory (NOR Flash).
In summary, the memory control device, the control method of the flash memory and the generation method of the security feature according to the present invention utilize the characteristics of the flash memory to generate the dedicated security feature as the data protection key, thereby ensuring the security of the data.
Symbol description
10. Memory control device
110. Data read-write circuit
130. Storage unit
20. Flash memory
30. External device
S10 to S60 steps
S61 to S67 steps
Claims (10)
1. A method for generating a security feature of a flash memory includes:
confirm the memory blocks that can be operated normally among the memory blocks in the flash memory,
erasing data in the verified memory block of the flash memory;
providing a fixed voltage lower than the normal write voltage to the identified memory block to perform a write operation to obtain a threshold voltage for each of a plurality of cells in the identified memory block, the value of each threshold voltage corresponding to the characteristics of each cell in the identified memory block;
obtaining the plurality of cells in the confirmed bank after writing; and
a security feature is established based on a plurality of respective ones of the threshold voltages of the plurality of cells.
2. The method of claim 1, wherein erasing the data of the identified memory block of the flash memory comprises:
erasing the data in the confirmed memory block of the flash memory;
writing predetermined data into the identified memory block; and
erasing the predetermined data in the confirmed memory block after writing.
3. The method of claim 1, wherein the security feature is a special code including the threshold voltages or locations of the plurality of cells obtained.
4. The method of claim 1, wherein the security feature is a feature image formed by the plurality of cells or a feature image formed by the plurality of cells connected.
5. A memory control device is adapted to control access operation of a flash memory, the flash memory includes a plurality of memory blocks, wherein the memory control device includes:
a storage unit storing pre-stored security features specific to the flash memory, wherein writing is performed by providing a fixed voltage lower than a normal writing voltage to a verified memory block of the flash memory to obtain a first threshold voltage for each of a plurality of cells in the verified memory block, wherein a value of each first threshold voltage corresponds to a characteristic of each cell in the verified memory block, wherein the pre-stored security features are a numerical representation of a plurality of the first threshold voltages of the plurality of cells; and
a data read/write circuit coupled to the flash memory, receiving a data access request and executing a security verification procedure to verify whether the data access request is allowed, wherein in the security verification procedure, the data read/write circuit verifies a memory block of the plurality of memory blocks in the flash memory that can normally operate, erases data in the verified memory block of the flash memory, provides a fixed voltage lower than the normal write voltage to the verified memory block to perform a write operation to obtain a second threshold voltage of each of the plurality of cells in the verified memory block, a value of each second threshold voltage corresponds to a characteristic of each of the plurality of cells in the verified memory block, obtains a security feature of the plurality of cells in the verified memory block after writing, compares the established security feature with the pre-stored security feature, allows the data access request when the established security feature matches the pre-stored security feature, and denies the data access request when the established security feature does not match the pre-stored security feature.
6. The memory control device of claim 5, wherein the pre-stored security feature is a special code comprising the first threshold voltages or locations of the plurality of cells taken and the established security feature is a special code comprising the second threshold voltages or locations of the plurality of cells taken.
7. A control method of flash memory includes:
receiving a data access request;
retrieving a pre-stored security feature from storage cells that is specific to the flash memory, wherein the pre-stored security feature is established by providing a fixed voltage lower than a normal write voltage to a verified block of the flash memory to obtain a first threshold voltage for each of a plurality of cells in the verified block, wherein a value of each first threshold voltage corresponds to a characteristic of each cell in the verified block, wherein the pre-stored security feature is a numerical representation of a plurality of the first threshold voltages of the plurality of cells, and
executing a security confirmation procedure to confirm whether the data access request is allowed, wherein the step of executing the security confirmation procedure comprises:
confirm the memory blocks that can be operated normally among the memory blocks in the flash memory,
erasing the data in the confirmed memory block of the flash memory;
providing a fixed voltage lower than the normal write voltage to the identified memory block to perform a write operation to obtain a second threshold voltage of each of the plurality of cells in the identified memory block;
obtaining the plurality of cells in the confirmed bank after writing;
establishing a security feature based on a plurality of corresponding second threshold voltages of the plurality of cells;
comparing the established security feature with the pre-stored security feature;
allowing the data access request when the established security feature matches the pre-stored security feature; and
and rejecting the data access request when the established security feature does not match the pre-stored security feature.
8. The method of claim 7, wherein erasing the verified block data of the flash memory comprises:
erasing the data in the confirmed memory block of the flash memory;
writing predetermined data into the identified memory block; and
erasing the predetermined data in the confirmed memory block after writing.
9. The method of claim 7, wherein the pre-stored security feature is a special code including the first threshold voltage or position of the plurality of cells and the established security feature is a special code including the second threshold voltage or position of the plurality of cells.
10. The method of claim 7, wherein the pre-stored security feature and the established security feature are a feature image formed by the plurality of cells or a feature image formed by the plurality of cells connected.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811074490.4A CN110908588B (en) | 2018-09-14 | 2018-09-14 | Memory control device, control method and generation method of safety characteristics thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811074490.4A CN110908588B (en) | 2018-09-14 | 2018-09-14 | Memory control device, control method and generation method of safety characteristics thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110908588A CN110908588A (en) | 2020-03-24 |
| CN110908588B true CN110908588B (en) | 2023-04-28 |
Family
ID=69812660
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811074490.4A Active CN110908588B (en) | 2018-09-14 | 2018-09-14 | Memory control device, control method and generation method of safety characteristics thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110908588B (en) |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102110061A (en) * | 2009-12-24 | 2011-06-29 | 群联电子股份有限公司 | Block managing method, flash controller and flash memory device |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150007337A1 (en) * | 2013-07-01 | 2015-01-01 | Christian Krutzik | Solid State Drive Physical Uncloneable Function Erase Verification Device and Method |
| KR101489758B1 (en) * | 2013-08-26 | 2015-02-04 | 한국전자통신연구원 | Method and apparatus for controlling operation of flash memory |
| KR101575810B1 (en) * | 2014-09-30 | 2015-12-08 | 고려대학교 산학협력단 | Flash memory apparatus for physical unclonable function and embodying method of the same |
| US10404478B2 (en) * | 2016-08-04 | 2019-09-03 | Macronix International Co., Ltd. | Physical unclonable function using divided threshold distributions in non-volatile memory |
-
2018
- 2018-09-14 CN CN201811074490.4A patent/CN110908588B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102110061A (en) * | 2009-12-24 | 2011-06-29 | 群联电子股份有限公司 | Block managing method, flash controller and flash memory device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110908588A (en) | 2020-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107689238B (en) | Electronic device, product, method for manufacturing integrated circuit and method for generating data set | |
| CN107977161B (en) | Data storage device and data writing method thereof | |
| US10942796B2 (en) | Identifying asynchronous power loss | |
| EP3407335A1 (en) | Non-volatile memory based physically unclonable function with random number generator | |
| CN106708754B (en) | Data storage device and data maintenance method thereof | |
| CN107918588A (en) | Data storage device and data writing method thereof | |
| US10740476B2 (en) | Tamper-proof storage using signatures based on threshold voltage distributions | |
| CN107608628A (en) | Flash controller | |
| US11328777B2 (en) | Responding to power loss | |
| CN109388974A (en) | With the non-volatile memory device read safely | |
| KR20150094543A (en) | Method for writing data into flash memory and associated memory device and flash memory | |
| US11101009B1 (en) | Systems and methods to convert memory to one-time programmable memory | |
| TWI692763B (en) | Memory control device, method for controlling flash memory and method for generating security feature of flash memory | |
| CN110908588B (en) | Memory control device, control method and generation method of safety characteristics thereof | |
| CN104916321A (en) | One-time programming in reprogrammable memory | |
| US9466384B1 (en) | Memory device and associated erase method | |
| CN115019861A (en) | Memory, programming method of memory and memory system | |
| CN114089908A (en) | Nonvolatile memory and operating method thereof | |
| US11620108B1 (en) | Random number generation systems and methods | |
| CN109767805B (en) | Erase verification method for three-dimensional memory and memory system | |
| TWI642060B (en) | Erase-verify method for three-dimensional memories and memory system | |
| KR102648229B1 (en) | Apparatus for generating restoration information of nand flash memory | |
| US11600329B1 (en) | Systems and methods for runtime analog sanitization of memory | |
| KR102648230B1 (en) | Apparatus and method for generating parameter page library of nand flash memory | |
| US11177003B1 (en) | Systems and methods for runtime analog sanitation of memory |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |