CN112395654A - 存储装置 - Google Patents
存储装置 Download PDFInfo
- Publication number
- CN112395654A CN112395654A CN202010663518.9A CN202010663518A CN112395654A CN 112395654 A CN112395654 A CN 112395654A CN 202010663518 A CN202010663518 A CN 202010663518A CN 112395654 A CN112395654 A CN 112395654A
- Authority
- CN
- China
- Prior art keywords
- sequence
- memory device
- controller
- random bit
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000006870 function Effects 0.000 claims abstract description 22
- 230000000873 masking effect Effects 0.000 claims abstract description 20
- 238000009795 derivation Methods 0.000 claims abstract description 4
- 238000000034 method Methods 0.000 description 15
- 230000004044 response Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 4
- 238000013500 data storage Methods 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000002708 enhancing effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000001174 ascending effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
- G06F21/79—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
- G06F12/14—Protection against unauthorised use of memory or access to memory
- G06F12/1408—Protection against unauthorised use of memory or access to memory by using cryptography
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
- G06F3/0622—Securing storage systems in relation to access
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0629—Configuration or reconfiguration of storage systems
- G06F3/0637—Permissions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/58—Random or pseudo-random number generators
- G06F7/588—Random number generators, i.e. based on natural stochastic processes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
- H04L9/3278—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response using physically unclonable functions [PUF]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2212/00—Indexing scheme relating to accessing, addressing or allocation within memory systems or architectures
- G06F2212/10—Providing a specific technical effect
- G06F2212/1052—Security improvement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/04—Masking or blinding
- H04L2209/046—Masking or blinding of operations, operands or results of the operations
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Human Computer Interaction (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Optimization (AREA)
- Mathematical Analysis (AREA)
- Computational Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
本发明公开了一种存储装置,包含物理不可复制函数单元、控制器及存储阵列。物理不可复制函数单元用以提供随机位池。控制器耦接于物理不可复制函数单元,用以从随机位池提取随机位序列。控制器包含屏蔽引擎,屏蔽引擎用以执行密钥推导功能以扩展提取的随机位序列及屏蔽输入信号。存储阵列耦接于屏蔽引擎,用以依据屏蔽的输入信号进行储存。
Description
技术领域
本发明系关于存储装置,特别是一种提供资安功能的存储装置。
背景技术
随着资安及通信技术的发展,资安在电子电路的重要性也逐渐获得关注。资安系关于防止未经授权的数据存取、使用、修改、检查及记录。对于存储装置而言,资安维护相当重要。
发明内容
本发明实施例提供一种存储装置,包含物理不可复制函数(physicallyunclonable function,PUF)单元、控制器及存储阵列。PUF单元用以提供随机位池。控制器耦接于PUF单元,用以从随机位池提取随机位序列。控制器包含屏蔽引擎,屏蔽引擎用以执行密钥推导功能以扩展提取的随机位序列及屏蔽输入信号。存储阵列耦接于屏蔽引擎,用以依据屏蔽的输入信号进行储存。
附图说明
图1系为本发明实施例中一种密码系统的方块图。
图2系为本发明实施例中另一种密码系统的方块图。
图3系为本发明实施例中另一种密码系统的方块图。
其中,附图标记说明如下:
1至3:存储装置
10:存储装置
100:控制器
101:屏蔽引擎
102:随机数生成器
103:唯一标识符单元
105:物理不可复制函数单元
106:存储阵列
12,22,32:微处理器
120:密码引擎
200:密码引擎
220:认证程序
300:密码处理器
Addr:存取地址
Addrm:屏蔽的存取地址
Cs:安全命令
Data:数据序列
Datam:屏蔽的数据序列
K:密钥
S:熵值
TRN:真随机数
UID:唯一标识符
具体实施方式
说明书中所使用的术语“真随机”或”真随机数”指的是比特流或数据序列的汉明权重(hamming weight)及装置间(inter-device,ID)汉明距离(hamming distance)实质上为50%,及最小熵值(min-entropy)实质上为1。
图1系为本发明实施例中一种密码系统1的方块图。密码系统1可包含存储装置10及与耦接于存储装置10的微处理器(microprocessor,MCU)12。密码系统1可适用于物联网(internet of things,IoT)网络。MCU 12可从外部装置获取数据或从存储装置10存取数据。外部装置可以是传感器或网络。存储装置10可提供安全功能,包含安全数据储存功能、唯一身份生成功能、真随机数生成功能及安全密钥储存功能,从而节省了MCU 12的数据处理资源,保护数据,使数据免于未经授权的存取及增强数据安全性。
MCU 12可包含密码引擎120,密码引擎120可由MCU 12可执行的软件码实现。存储装置10可包含控制器100、物理不可复制函数(physically unclonable function,PUF)单元105及存储阵列106。控制器100可耦接于MCU 12、PUF单元105及存储阵列106。控制器100可包含屏蔽引擎101、随机数生成器(random number generator,RNG)102及唯一标识符(unique identifier,UID)单元103。屏蔽引擎101、随机数生成器102及UID单元103可耦接于PUF单元105。屏蔽引擎101可耦接于存储阵列106。PUF单元105、存储阵列106及控制器100可形成集成电路。
密码引擎120可执行认证程序以保证数据存取的真实性,并因此控制存储装置10的数据存取。在验证授权存取之后,密码引擎120可向存储装置10发送安全命令Cs以准许对存储阵列106进行数据存取。存储装置10可接收安全命令Cs,并依据安全命令Cs控制对存储阵列106进行数据存取。存储阵列106可以是NAND闪存,数据存取可以是读取存取及/或写入存取。
PUF单元105可储存随机位池,及响应于PUF质询(PUF challenge)而从随机位池生成PUF响应(PUF response)。PUF单元105可包含一次性可编程(one time programmablememory,OTP)存储器,OTP存储器可以是基于抗熔丝(antifuse)的电路。在制造设置期间可将随机位池编程至OTP存储器中。随机位池可包含多个真正随机的PUF位。PUF单元105可依据预定的选择算法输出PUF响应。在一些实施例中,PUF单元105可选择第一组1K个PUF位作为PUF响应。在其他实施例中,PUF单元105可以预定的行顺序从存储单元的多行中选择PUF位,例如以上升顺序从奇数行中选择PUF位以用作PUF响应。在一些实施例中,一次性可编程存储器可由包含多个真随机位的非易失存储器代替。举例而言,非易失存储器可以是64位乘64位的快闪存储单元,且每一行、每一列或每一对角线的存储单元都可包含真随机位。在一些实施例中该些真随机位可定期更新。
控制器100可操作PUF单元105及屏蔽引擎101以提供安全的数据储存功能。在接收到准许数据存取的安全命令Cs之后,控制器100可从PUF单元105中的随机位池中提取随机位序列,屏蔽引擎101可执行密钥推导功能以扩展提取的随机位序列,及使用扩展的随机位序列对输入信号进行屏蔽,而存储阵列106可依据屏蔽的输入信号进行储存。输入信号可包含存取地址Addr或数据序列Data。扩展的随机位序列及输入信号的屏蔽可以是数据屏蔽或地址屏蔽,且可以逐位(bitwise)方式对扩展的随机位序列及数据序列Data或存取地址Addr执行XOR运算。在数据屏蔽中,屏蔽引擎101可使用扩展的随机位序列来屏蔽存取地址Addr以生成推导密钥,及使用推导密钥来屏蔽数据序列Data以生成屏蔽的数据序列Datam,且存储阵列106可将屏蔽的数据序列Datam储存于存取地址Addr。在一些实施例中,屏蔽引擎101可将推导密钥储存在本地存储器中,以在读取操作中使用推导密钥恢复被屏蔽的数据序列Datam。举例而言,在读取操作中,屏蔽引擎101可读取在存取地址Addr的屏蔽的数据序列Datam,使用推导密钥对屏蔽的数据序列Datam进行屏蔽以恢复数据序列Data,及将数据序列Data发送至MCU 12。在地址屏蔽中,屏蔽引擎101可使用扩展的随机位序列来屏蔽数据序列Data以生成推导密钥,及使用推导密钥来屏蔽存取地址Addr以生成屏蔽的存取地址Addrm,存储阵列106可将数据序列Data储存于屏蔽的存取地址Addrm。在一些实施例中,屏蔽引擎101可将推导的密钥储存于本地存储器中,及在读取操作中重生成被屏蔽的存取地址Addrm。举例而言,在读取操作中,屏蔽引擎101可从MCU 12接收存取地址Addr,通过将存取地址Addr及推导密钥进行屏蔽来重新生成屏蔽的存取地址Addrm,从屏蔽的存取地址Addrm读取数据序列Data,及将数据序列Data发送至MCU 12。数据屏蔽操作及地址屏蔽操作增强了数据安全性,并保护数据不受未经授权的存取。
随机数生成器102可生成真随机数。在一些实施例中,密码引擎120可向控制器100发送安全命令Cs,包含真随机数的请求,控制器100可响应于请求从PUF单元105的随机位池中提取随机位序列,随机数生成器102可利用提取的随机位序列来生成真随机数TRN,及将真随机数TRN发送至密码引擎120。
UID单元103可生成唯一标识符。在一些实施例中,密码引擎120可向控制器100发送安全命令Cs,包含唯一标识符的请求,控制器100可响应于请求从PUF单元105的随机位池中提取随机位序列,UID单元103可依据提取的随机位序列来生成唯一标识符UID,及将唯一标识符UID发送至密码引擎120。
PUF单元105可提供安全密钥储存。具体而言,PUF单元105中的OTP存储器的一部分可保留用以储存安全密钥。在一些实施例中,密码引擎120可向控制器100发送安全命令Cs,包含用于储存安全密钥的请求及安全密钥,PUF单元105可将安全密钥储存于OTP存储器的保留部分。
由于屏蔽引擎101可对数据序列及/或存取地址执行数据屏蔽及/或地址屏蔽,因此可在就地执行(execute in place,XIP)方法中使用存储装置10,在实施例的方法中,程序直接从存储阵列106执行而不须将程序复制至易失存储器中,从而减少了所需的存储空间。
密码系统1使用存储装置10来提供安全功能,包含安全数据储存功能、唯一身份生成功能、真随机数生成及安全密钥储存功能,节省了MCU 12的数据处理资源,从而在保护数据不受未经授权的存取及增强数据安全性,同时实现XIP操作。
图2系为本发明实施例中另一种密码系统2的方块图。密码系统2与密码系统1的不同之处在于,MCU 22可包含用于储存认证程序220的非易失存储器,并且存储装置20还可包含密码引擎200。密码引擎200可由硬件电路来实现,所述硬件电路能在开机时从MCU 22加载认证程序220及执行认证程序220。以下讨论将专注于认证程序220及密码引擎200的配置及操作。密码引擎200可耦接于控制器100。
密码引擎200可执行认证程序220以执行认证程序。认证程序可以包认证操作序列。认证程序220可以是用于指示密码引擎200执行认证操作序列的固件码。在一些实施例中,控制器100可从MCU 22接收安全命令Cs的序列,安全命令Cs的序列被用于执行认证操作序列。控制器100可响应于安全命令Cs的序列来指示密码引擎200执行认证操作序列,及依据认证操作序列的结果来控制存储阵列106的数据存取。认证程序成功时,控制器100可授权对存储阵列106的数据存取;认证程序失败时,控制器100可拒绝对存储阵列106的数据存取。
密码引擎200可通过使用提取的随机位序列及/或真随机数TRN来生成熵值S。MCU22可将安全命令Cs发送至控制器100,安全命令Cs包含熵值请求。在一实施例中,响应于熵值请求,控制器100可从PUF单元105中的随机位池中提取随机位序列,指示随机数生成器102生成真随机数TRN,并且密码引擎200可使用所述提取的随机位序列屏蔽真随机数TRN以生成熵值S,及将熵值S发送至MCU 22。真随机数TRN、提取的随机位序列及熵值S的长度可以相等。在另一实施例中,密码引擎200可将预定时间段中,例如3个频率周期之内的真随机数TRN中的多个位结合为一熵值位以生成熵值S,及将熵值S发送给MCU 22。熵值S的长度可小于真随机数TRN的熵值的长度。在另一实施例中,密码引擎200可将预定时间段之内的提取的随机位序列中的多个位结合为一熵值位以生成熵值S,及将熵值S发送至MCU 22,熵值S的长度可以比提取的随机位序列的长度短。
由于密码引擎200由硬件实现,因此可以更快速有效的方式执行认证程序。此外,由于密码引擎200位于存储装置20中,因此用于认证处理的所有认证数据都可保持在存储装置20内部而不会对外部电路暴露,从而提高安全性。密码系统2采用密码引擎200及认证程序220来提高认证程序的操作速度及效率,降低认证密钥暴露于外部电路的风险,保护数据免遭未经授权的存取,并节省MCU 22的数据处理资源。
图3系为本发明实施例中另一种密码系统3的方块图。密码系统3与密码系统2的不同之处在于,MCU 32可不具有认证程序220,及存储装置30可进一步包含密码处理器300。以下讨论将集中于密码处理器300的配置及操作,密码处理器300可耦接于密码引擎200。
密码处理器300可包含指示认证操作序列的电路,从而进一步提高认证处理的操作速度及效率。控制器100可接收安全命令Cs以发起认证程序。控制器100可响应于安全命令Cs而指示密码处理器300发起认证程序。接着,加密处理器300可指示密码引擎执行认证操作的序列。随后,密码引擎200可执行认证操作的序列以生成认证结果。控制器100可以依据认证结果控制存储阵列106的数据存取。具体而言,控制器100可在成功的认证程序后授权对存储阵列106的数据存取,且可以在失败的认证程序后拒绝对存储阵列106的数据存取。
密码处理器300可通过使用熵值S及提取的随机位序列来生成密钥K。MCU32可将包含密钥请求的安全命令Cs发送至控制器100。响应于密钥请求,控制器100可从PUF单元105中的随机位池中提取随机位序列,及指示密码引擎200生成熵值S,且密码处理器300可使用提取的随机位序列来屏蔽熵值S以生成密钥K,及将密钥K发送至MCU 32。熵值S、提取的随机位序列及密钥K的长度可以相等。
由于密码处理器300及密码引擎200均可由硬件实现,因此可以更快速有效的方式执行认证程序。由于密码处理器300及密码引擎200都位于存储装置30中,因此用于认证处理的所有认证数据可以保持在存储装置30内部而不会暴露于外部电路,从而提高了安全性。密码系统3采用密码处理器300来提高认证程序的操作速度及效率,降低认证密钥暴露于外部电路的风险,保护数据免遭未经授权的存取,并节省MCU 32的数据处理资源。
以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。
Claims (13)
1.一种存储装置,其特征在于,包含:
一物理不可复制函数(physically unclonable function,PUF)单元,用以提供一随机位池;
一控制器,耦接于所述PUF单元,用以从所述随机位池提取一随机位序列,包含:
一屏蔽引擎,用以执行一密钥推导功能以扩展所述提取的随机位序列及屏蔽一输入信号;及
一存储阵列,耦接于所述屏蔽引擎,用以依据所述屏蔽的输入信号进行储存。
2.根据权利要求1所述的存储装置,其特征在于,其中所述输入信号包含一存取地址及一数据序列。
3.根据权利要求2所述的存储装置,其特征在于,其中,所述屏蔽引擎使用所述扩展的随机位序列来屏蔽所述存取地址以生成一推导密钥,接着使用所述推导密钥来屏蔽所述数据序列以生成一屏蔽的数据序列。
4.根据权利要求3所述的存储装置,其特征在于,其中,所述存储阵列将所述屏蔽的数据序列储存于所述存取地址。
5.根据权利要求2所述的存储装置,其特征在于,其中,所述屏蔽引擎使用所述扩展的随机位序列来屏蔽所述数据序列以生成一推导密钥,接着使用所述推导密钥来屏蔽所述存取地址以生成一屏蔽的存取地址。
6.根据权利要求5所述的存储装置,其特征在于,其中,所述存储阵列将所述数据序列储存于所述屏蔽的存取地址。
7.根据权利要求1所述的存储装置,其特征在于,其中,所述控制器另包含一唯一标识符(unique identifier,UID)单元,用以依据所述提取的随机位序列来生成一唯一标识符。
8.根据权利要求1所述的存储装置,其特征在于,其中所述控制器另包含:
一随机数生成器,耦接于所述PUF单元并用以利用所述提取的随机位序列来生成一真随机数。
9.根据权利要求8所述的存储装置,其特征在于,另包含一密码引擎,耦接于所述控制器,并且用以通过使用所述提取的随机位序列及/或所述真随机数来生成一熵值。
10.根据权利要求9所述的存储装置,其特征在于,另包含一加密处理器,耦接于所述密码引擎,并且用以通过使用所述熵值及所述提取的随机位序列来生成一密钥。
11.根据权利要求1所述的存储装置,其特征在于,其中所述PUF单元、所述存储阵列及所述控制器形成于一集成电路。
12.根据权利要求1所述的存储装置,其特征在于,其中所述PUF单元包含一一次性可编程内存。
13.根据权利要求1所述的存储装置,其特征在于,其中,所述控制器用以接收一安全命令,并依据所述安全命令控制所述存储阵列的数据存取。
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201962887679P | 2019-08-16 | 2019-08-16 | |
US62/887,679 | 2019-08-16 | ||
US16/896,244 | 2020-06-09 | ||
US16/896,244 US20210051010A1 (en) | 2019-08-16 | 2020-06-09 | Memory Device Providing Data Security |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112395654A true CN112395654A (zh) | 2021-02-23 |
Family
ID=71120027
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010663518.9A Pending CN112395654A (zh) | 2019-08-16 | 2020-07-10 | 存储装置 |
Country Status (5)
Country | Link |
---|---|
US (1) | US20210051010A1 (zh) |
EP (1) | EP3780489A1 (zh) |
JP (1) | JP6991493B2 (zh) |
CN (1) | CN112395654A (zh) |
TW (1) | TWI741669B (zh) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20220385451A1 (en) * | 2021-05-26 | 2022-12-01 | Micron Technology, Inc. | Data invalidation for memory |
US11907409B2 (en) * | 2021-09-29 | 2024-02-20 | Dell Products L.P. | Dynamic immutable security personalization for enterprise products |
CN115189895B (zh) * | 2022-08-16 | 2024-05-17 | 国网江苏省电力有限公司电力科学研究院 | 一种适用于无线传感网络低功耗传感器的身份认证方法和系统 |
CN115987589B (zh) * | 2022-12-14 | 2023-08-29 | 深圳市富临通实业股份有限公司 | 一种防止mcu内部程序被复制的方法 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180123808A1 (en) * | 2016-08-04 | 2018-05-03 | Macronix International Co., Ltd. | Non-volatile memory with physical unclonable function and random number generator |
US20180241557A1 (en) * | 2015-08-06 | 2018-08-23 | Intrinsic Id B.V. | Cryptographic device having physical unclonable function |
US20190079878A1 (en) * | 2017-09-12 | 2019-03-14 | Ememory Technology Inc. | Security system using random number bit string |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8301912B2 (en) * | 2007-12-31 | 2012-10-30 | Sandisk Technologies Inc. | System, method and memory device providing data scrambling compatible with on-chip copy operation |
JP5770026B2 (ja) | 2011-06-20 | 2015-08-26 | ルネサスエレクトロニクス株式会社 | 半導体装置 |
CN104704768B (zh) * | 2012-10-04 | 2018-01-05 | 本质Id有限责任公司 | 用于从用作物理不可克隆功能的存储器中生成密码密钥的系统 |
JP6182371B2 (ja) | 2013-06-28 | 2017-08-16 | ルネサスエレクトロニクス株式会社 | 半導体集積回路を含むシステム |
JP2015097072A (ja) | 2013-10-11 | 2015-05-21 | 富士電機株式会社 | 組込システム |
JP6617924B2 (ja) | 2015-06-18 | 2019-12-11 | パナソニックIpマネジメント株式会社 | 耐タンパ性を有する不揮発性メモリ装置および集積回路カード、不揮発性メモリ装置の認証方法、個体識別情報生成方法 |
US10910079B2 (en) * | 2016-05-09 | 2021-02-02 | Intrinsic Id B.V. | Programming device arranged to obtain and store a random bit string in a memory device |
US10680809B2 (en) | 2016-08-04 | 2020-06-09 | Macronix International Co., Ltd. | Physical unclonable function for security key |
US10761976B2 (en) * | 2016-11-28 | 2020-09-01 | Arm Limited | Method and apparatus for memory wear leveling |
US10664413B2 (en) * | 2017-01-27 | 2020-05-26 | Lear Corporation | Hardware security for an electronic control unit |
US10462110B2 (en) * | 2017-02-16 | 2019-10-29 | Intel Corporation | System, apparatus and method for providing a unique identifier in a fuseless semiconductor device |
US20190044922A1 (en) * | 2017-08-02 | 2019-02-07 | Rubicon Labs, Inc. | Symmetric key identity systems and methods |
US11196574B2 (en) * | 2017-08-17 | 2021-12-07 | Taiwan Semiconductor Manufacturing Company, Ltd. | Physically unclonable function (PUF) generation |
EP3454318B1 (en) | 2017-09-12 | 2022-05-11 | eMemory Technology Inc. | Security system with entropy bits generated by a puf |
US11050575B2 (en) | 2018-01-10 | 2021-06-29 | Ememory Technology Inc. | Entanglement and recall system using physically unclonable function technology |
US10937339B2 (en) * | 2019-01-10 | 2021-03-02 | Bank Of America Corporation | Digital cryptosystem with re-derivable hybrid keys |
-
2020
- 2020-06-09 US US16/896,244 patent/US20210051010A1/en not_active Abandoned
- 2020-06-22 EP EP20181298.9A patent/EP3780489A1/en active Pending
- 2020-07-02 TW TW109122408A patent/TWI741669B/zh active
- 2020-07-07 JP JP2020116747A patent/JP6991493B2/ja active Active
- 2020-07-10 CN CN202010663518.9A patent/CN112395654A/zh active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180241557A1 (en) * | 2015-08-06 | 2018-08-23 | Intrinsic Id B.V. | Cryptographic device having physical unclonable function |
US20180123808A1 (en) * | 2016-08-04 | 2018-05-03 | Macronix International Co., Ltd. | Non-volatile memory with physical unclonable function and random number generator |
US20190079878A1 (en) * | 2017-09-12 | 2019-03-14 | Ememory Technology Inc. | Security system using random number bit string |
Also Published As
Publication number | Publication date |
---|---|
JP6991493B2 (ja) | 2022-01-12 |
JP2021034029A (ja) | 2021-03-01 |
EP3780489A1 (en) | 2021-02-17 |
TW202109335A (zh) | 2021-03-01 |
TWI741669B (zh) | 2021-10-01 |
US20210051010A1 (en) | 2021-02-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112395654A (zh) | 存储装置 | |
US9842212B2 (en) | System and method for a renewable secure boot | |
KR100792287B1 (ko) | 자체 생성한 암호화키를 이용한 보안방법 및 이를 적용한보안장치 | |
US8990578B2 (en) | Password authentication circuit and method | |
US11232194B2 (en) | Method for executing a binary code of a secure function with a microprocessor | |
US11533172B2 (en) | Apparatus and method for securely managing keys | |
US11683155B2 (en) | Validating data stored in memory using cryptographic hashes | |
KR20210132721A (ko) | 네트워크에 액세스 시의 보안 통신 | |
CN110659506A (zh) | 基于密钥刷新对存储器进行重放保护 | |
CN112069551B (zh) | 电子电路 | |
US20190109718A1 (en) | Method for configuring a transponder, transponder and base station | |
US11669643B2 (en) | Block chain based validation of memory commands | |
EP3096259B1 (en) | Security ram block with multiple partitions | |
EP3214567B1 (en) | Secure external update of memory content for a certain system on chip | |
US11228443B2 (en) | Using memory as a block in a block chain | |
CN108270767B (zh) | 数据验证方法 | |
CN109753821B (zh) | 数据存取装置及方法 | |
Skorobogatov | Compromising device security via NVM controller vulnerability | |
US11121884B2 (en) | Electronic system capable of self-certification | |
JP6069120B2 (ja) | 情報処理システム | |
EP3907633A1 (en) | System and method for obfuscating opcode commands in a semiconductor device | |
Fukami et al. | Keyless Entry: Breaking and Entering eMMC RPMB with EMFI | |
JP2022124424A (ja) | 効率的なデータアイテム認証 | |
CN113536331A (zh) | 存储器和计算系统的数据安全 | |
JP2006054554A (ja) | 認証装置 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |