KR20230064526A - Storage device, computing system and operating method thereof - Google Patents

Abstract

A storage device according to an embodiment of the present technology may comprise: a memory device comprising a security storage area that stores data accessed according to an authentication; an access mode memory that stores device access mode information regarding an operation mode for the security storage area; and a memory controller that receives a command regarding the security storage area from an external host, and processes the command according to whether or not the host access mode information included in the command matches the device access mode information. Therefore, the present invention is capable of providing with an improved security function.

Description

Storage device, computing system and operation method thereof {STORAGE DEVICE, COMPUTING SYSTEM AND OPERATING METHOD THEREOF}

The present invention relates to an electronic device, and more particularly, the present invention relates to a storage device, a computing system, and an operation method thereof.

BACKGROUND OF THE INVENTION Thanks to the remarkable development of information and communication technology and semiconductor technology, the supply and use of various electronic devices are rapidly increasing. In particular, recent electronic devices can communicate while being carried around, can provide various services using applications, and can transmit/receive various types of data with external electronic devices or external servers.

An electronic device may include at least one processor and an operating system (OS) to provide various services, and the operating system of the electronic device is strategically opened by major manufacturers and suppliers, An application program interface, a software development kit, and even source files are open to the public.

However, with the use of such an open operating system, data security of electronic devices is weakened, and in fact, cases of damaging or hacking data of electronic devices using various malicious codes frequently occur. Therefore, various methods for protecting data of electronic devices have recently been sought.

Embodiments of the present invention provide a storage device, a computing system, and an operation method thereof that provide enhanced security functions.

A storage device according to an embodiment of the present invention includes a memory device including a secure storage area for storing data accessed according to authentication; an access mode memory for storing device access mode information about an operation mode for the secure storage area; and a memory controller that receives a command related to the secure storage area from an external host and processes the command according to whether host access mode information included in the command matches device access mode information.

An operating method according to an embodiment of the present invention includes a memory device including a secure storage area for storing data accessed according to authentication, an access mode memory for storing device access mode information about an operation mode for the secure storage area, and A method of operating a storage device including a memory controller that processes a command received from an external host, comprising: receiving a command related to the secure storage area from the external host; identifying a host access mode indicating an operation mode for the secure storage area of the external host based on the command; and comparing the host access mode and the device access mode.

A computing system according to an embodiment of the present invention includes a memory device including a secure storage area for storing data accessed according to authentication, an access mode memory for storing device access mode information about an operation mode for the secure storage area, and a storage device including a memory controller controlling the memory device and the access mode memory; and a host device configured to provide a command related to the secure storage area to the storage device, wherein the memory controller performs the command according to whether host access mode information included in the command matches the device access mode information. can handle

According to the present technology, a storage device that provides enhanced security functions, a computing system, and an operation method thereof are provided.

1 is a diagram for explaining a computing system according to an embodiment of the present invention.
FIG. 2 is a diagram for explaining the memory device of FIG. 1 .
FIG. 3 is a diagram for explaining the structure of one memory block among the memory blocks of FIG. 2 .
4 is a diagram for explaining a computing system according to an embodiment of the present invention.
5 is a diagram for explaining a data communication unit between a host access control unit and a device access control unit.
6 is a diagram for explaining the structure of a basic header segment of a PIU.
7 is a diagram showing the configuration of a command PIU (Command PIU).
8 is a diagram showing the configuration of a response PIU (Response PIU).
9 is a diagram for explaining an RPMB message.
10 is a diagram for explaining an RPMB unit descriptor stored in a storage device according to an embodiment of the present invention.
11 is a diagram for explaining a device descriptor stored in a storage device according to an embodiment of the present invention.
12 is a diagram for explaining a result code included in an RPMB message.
13 is a flowchart illustrating a method of operating a storage device according to an embodiment of the present invention.
14 is a flowchart illustrating an authenticated data write operation performed in a normal RPMB mode.
FIG. 15 is a diagram for explaining the RPMB message provided through step S1405 of FIG. 14 .
FIG. 16 is a diagram for explaining the RPMB message provided through step S1413 of FIG. 14 .
FIG. 17 is a diagram for explaining the RPMB message provided through step S1419 of FIG. 14 .
18 is a flowchart illustrating an authenticated data read operation performed in a normal RPMB mode.
FIG. 19 is a diagram for explaining the RPMB message provided through step S1805 of FIG. 18 .
FIG. 20 is a diagram for explaining the RPMB message provided through step S1811 of FIG. 18 .
21 is a flowchart illustrating an authenticated data write operation performed in the advanced RPMB mode.
FIG. 22 is a diagram for explaining the structure of the command PIU transmitted in step S2101 of FIG. 21 .
FIG. 23 is a diagram for explaining the structure of the response PIU transmitted in step S2107 of FIG. 21 .
24 is a flowchart illustrating an authenticated data read operation performed in the advanced RPMB mode.
FIG. 25 is a diagram for explaining the structure of the command PIU transmitted in step S2401 of FIG. 24 .
FIG. 26 is a diagram for explaining the structure of the response PIU transmitted in step S2405 of FIG. 24 .
27 is a diagram for explaining a PIU transmitter 2700 included in an initiator device.
28 is a diagram for explaining a PIU receiving unit 2800 included in a target device.
29 is a diagram illustrating another embodiment of the memory controller of FIG. 1 .
30 is a block diagram showing a memory card system to which a storage device according to an embodiment of the present invention is applied.
31 is a block diagram illustrating a solid state drive (SSD) system to which a storage device according to an embodiment of the present invention is applied.
32 is a block diagram showing a user system to which a storage device according to an embodiment of the present invention is applied.

Specific structural or functional descriptions of the embodiments according to the concept of the present invention disclosed in the present specification or application are only exemplified for the purpose of explaining the embodiment according to the concept of the present invention, and the implementation according to the concept of the present invention Examples may be embodied in many forms and should not be construed as limited to the embodiments described in this specification or application.

1 is a diagram for explaining a computing system according to an embodiment of the present invention.

Referring to FIG. 1 , a computing system may include a storage device 50 and a host 400 . The storage device 50 may include a memory device 100 , a memory controller 200 and an access mode memory 300 . The storage device 50 stores data under the control of the host 400, such as a mobile phone, smart phone, MP3 player, laptop computer, desktop computer, game console, TV, tablet PC, or in-vehicle infotainment system. It may be a device that Alternatively, the storage device 50 may be a device that stores data under the control of the host 400 that stores high-capacity data in one place, such as a server or data center.

The storage device 50 may be manufactured as one of various types of storage devices according to a host interface, which is a communication method with the host 400 . For example, the storage device 50 may include a multimedia card in the form of SSD, MMC, eMMC, RS-MMC, and micro-MMC, secure digital in the form of SD, mini-SD, and micro-SD. card, universal serial bus (USB) storage device, universal flash storage (UFS) device, personal computer memory card international association (PCMCIA) card-type storage device, PCI (peripheral component interconnection) card-type storage device, PCI-E ( It may be configured with any one of various types of storage devices such as a PCI express card type storage device, a CF (compact flash) card, a smart media card, a memory stick, and the like.

The storage device 50 may be manufactured in any one of various types of packages. For example, the storage device 50 may include package on package (POP), system in package (SIP), system on chip (SOC), multi-chip package (MCP), chip on board (COB), wafer- level fabricated package), wafer-level stack package (WSP), and the like.

The memory device 100 may store data. The memory device 100 operates in response to control of the memory controller 200 . The memory device 100 may include a memory cell array (not shown) including a plurality of memory cells that store data.

The memory cells are single-level cells (SLC) each storing one data bit, multi-level cells (MLC) storing two data bits, and triple-level cells storing three data bits. (Triple Level Cell; TLC) or Quad Level Cell (QLC) capable of storing four data bits.

A memory cell array (not shown) may include a plurality of memory blocks. Each memory block may include a plurality of memory cells. Each memory block may include a plurality of pages. In an embodiment, a page may be a unit for storing data in the memory device 100 or reading data stored in the memory device 100 . A memory block may be a unit for erasing data.

Memory blocks included in the memory device 100 may include a secure storage area 110a and a normal storage area 110b to which access is restricted. The secure storage area 110a may be an area for storing data accessed according to authentication. Additional conditions or procedures may be further required to access the secure storage area 110a. For example, access to the secure storage area 110a may be possible only when the storage device 50 receives a predetermined specific command or passes authentication performed by the memory controller 200 . In one embodiment, the secure storage area 110a may be a Replay Protected Memory Block (RPMB). The normal storage area 110b may be a memory block that can be accessed without separate authentication. The normal storage area 110b may be a memory block that stores data other than the data stored in the secure storage area 110a.

In this specification, for convenience of description, the secure storage area 110a may be described as an RPMB, but in embodiments of the present invention, the secure storage area 110a is not limited to an RPMB, and the normal storage area 110b and may be applied to all types of memory blocks having different access methods.

As for the method of accessing the secure storage area 110a, two or more modes having different access speeds may exist. For example, a first access mode in which the security of the secure storage area 110a is relatively strict and a second access mode in which the access speed of the secure storage area 110a is relatively fast may exist. In the case of the second access mode, the access speed to the secure storage area 110a can be improved by performing a relatively small number of authentication procedures compared to the first access mode.

For example, if the storage device 50 supports RPMB, RPMB may be accessed according to at least two modes. For example, RPMB can be accessed in either normal RPMB mode or advanced RPMB mode.

In this specification, the normal RPMB mode may be mentioned as an example of the first access mode in which the access speed to the secure storage area 110a is relatively slow, and the access speed to the secure storage area 110a is relatively high. An advanced RPMB mode may be mentioned as an example of the 2 access mode.

In an embodiment, the memory device 100 may include DDR Double Data Rate Synchronous Dynamic Random Access Memory (SDRAM), Low Power Double Data Rate 4 (LPDDR4) SDRAM, Graphics Double Data Rate (GDDR) SDRAM, Low Power DDR (LPDDR), and RDRAM. (Rambus Dynamic Random Access Memory), NAND flash memory, Vertical NAND, NOR flash memory, resistive random access memory (RRAM), phase change memory (phase-change memory: PRAM), magnetoresistive random access memory (MRAM), ferroelectric random access memory (FRAM), spin transfer torque random access memory (STT-RAM), etc. This can be. In this specification, for convenience of explanation, it is assumed that the memory device 100 is a NAND flash memory.

The memory device 100 is configured to receive a command and an address from the memory controller 200 and access a region selected by the address in the memory cell array. The memory device 100 may perform an operation indicated by a command with respect to an area selected by an address. For example, the memory device 100 may perform a write operation (program operation), a read operation, and an erase operation. During a program operation, the memory device 100 will program data into an area selected by an address. During a read operation, the memory device 100 will read data from an area selected by an address. During the erase operation, the memory device 100 will erase data stored in the area selected by the address.

The memory controller 200 may control overall operations of the storage device 50 .

When power is applied to the storage device 50 , the memory controller 200 may execute firmware (FW). When the memory device 100 is a flash memory device, the memory controller 200 may execute firmware such as a Flash Translation Layer (FTL) for controlling communication between the host 400 and the memory device 100 . there is.

In an embodiment, the memory controller 200 receives data and a logical block address (LBA) from the host 400, and the logical block address is used to indicate memory cells in which data included in the memory device 100 will be stored. It can be converted to a physical block address (PBA) representing an address.

The memory controller 200 may control the memory device 100 to perform a program operation, a read operation, or an erase operation according to a request of the host 400 . During a program operation, the memory controller 200 may provide a program command, a physical block address, and data to the memory device 100 . During a read operation, the memory controller 200 may provide a read command and a physical block address to the memory device 100 . During an erase operation, the memory controller 200 may provide an erase command and a physical block address to the memory device 100 .

In an embodiment, the memory controller 200 may generate commands, addresses, and data on its own and transmit them to the memory device 100 regardless of a request from the host 400 . For example, the memory controller 200 uses commands for performing program operations, read operations, and erase operations involved in performing wear leveling, read reclaim, garbage collection, and the like. , addresses and data may be provided to the memory device 100 .

In an embodiment, the memory controller 200 may control at least two or more memory devices 100 . In this case, the memory controller 200 may control the memory devices 100 according to an interleaving method to improve operating performance. The interleaving method may be a method of controlling operations of at least two or more memory devices 100 to overlap.

The access mode memory 300 may store various information provided by commands transmitted and received between the host 400 and the storage device 50 . For example, it may include device access mode information about an operation mode of the secure storage area 110a of the storage device 50 . For example, an access method of the storage device 50 to the secure storage area 110a may be indicated. Specifically, the device access mode information may represent information about one or more access modes supported by the storage device 50 or information about an access mode currently activated in the storage device 50 . In one embodiment, such information may be stored in the form of a descriptor. In FIG. 1 , the access mode memory 300 is shown as a separate configuration from the memory device 100 and the memory controller 200, but is not limited thereto, and is a partial storage area within the memory device 100 or the memory controller 200. It could be. In one embodiment, access mode memory 300 may be a register. This will be described in more detail with reference to FIGS. 10 and 11 to be described later.

The memory controller 200 may identify a device access mode based on device access mode information stored in the access mode memory 300 . In addition, the memory controller 200 identifies the host access mode for the secure storage area 110a of the host 400 based on a request for access to the secure storage area 110a provided by the host 400, that is, a command. You can compare device access mode and host access mode. The host access mode may be identified based on host access mode information in a command provided by the host, and the host access mode information may include information about an operation mode for a secure storage area provided by the host.

When the device access mode and the host access mode match, the memory controller 200 may access the secure storage area 110a according to the request of the host 400 . When the device access mode and the host access mode do not match, the memory controller 200 may fail the request of the host 400 . When the request of the host 400 is failed, access to the secure storage area 110a is no longer simply performed, or information that the request of the host 400 has been failed, that is, error information is transmitted to the host. can also be provided.

The device access mode and the host access mode may each be a first access mode with a relatively slow access speed or a second access mode with a relatively high access speed. When the device access mode is the first access mode, the memory controller 200 may obtain information necessary for authentication from a command received after a command related to the secure storage area 110a. When the device access mode is the second access mode, the memory controller 200 may obtain information necessary for authentication from a command related to the secure storage area 110a. At this time, information required for authentication may mean one or more of various types of information required for performing authentication. For example, information representing a command related to accessing the secure storage area 110a, an authentication code for performing authentication, and all types of information for generating an authentication code may all be information required for authentication.

In one embodiment, when the secure storage area 110a is an RPMB, the first access mode and the second access mode may be a normal RPMB mode and an advanced RPMB mode, respectively. In the case of the normal RPMB mode, the host RPMB message may be included in a data out command provided from the host 400 and provided to the storage device 50 . This data out command may be provided after the host 400 provides a command requesting access to the RPMB. In the case of the advanced RPMB mode, a host RPMB message may be included in a command requesting access to an RPMB provided from the host and provided to the storage device 50 . This will be described in more detail with reference to FIGS. 14 to 26 to be described later.

The host 400 is USB (Universal Serial Bus), SATA (Serial AT Attachment), SAS (Serial Attached SCSI), HSIC (High Speed Interchip), SCSI (Small Computer System Interface), PCI (Peripheral Component Interconnection), PCIe ( PCI express), NVMe (NonVolatile Memory express), UFS (Universal Flash Storage), SD (Secure Digital), MMC (MultiMedia Card), eMMC (embedded MMC), DIMM (Dual In-line Memory Module), RDIMM (Registered DIMM ), LRDIMM (Load Reduced DIMM), etc., may communicate with the storage device 50 using at least one of various communication methods.

In this specification, for convenience of description, it is described that the storage device 50 and the host 400 perform data communication according to the UFS communication interface, but the embodiments of the present invention are not limited to performing data communication according to the UFS communication interface. don't Specifically, the storage device 50 and the host 400 may perform data communication using a command defined as a protocol information unit (PIU). The PIU may be a kind of data packet generated according to a predetermined rule. Accordingly, in this specification, since the PIU is only one type of command transmitted and received between the storage device 50 and the host 400, the command and the PIU may have substantially the same meaning.

A command may be a request, instruction, or response for the host 400 or the storage device 50 to perform a certain operation. In an embodiment, various commands may be defined according to usage and purpose. For example, Query Request, Command, Response, Data Out, Data In, and Ready To Transfer are all encompassed and referred to as commands. In one embodiment, these commands may be transmitted in the form of the aforementioned PIU.

The size of the smallest unit of PIU may be 32 bytes, and the maximum size of the PIU may be 65600 bytes. The format of the PIU may have different sizes depending on its type.

The host 400 may provide the storage device 50 with a command related to the secure storage area 110a, and such a command may be, for example, a command requesting access to the secure storage area 110a. The command for the secure storage area 110a includes a common segment commonly included in commands transmitted and received between an external host and the memory controller, a unique field including a unique value according to the type of commands, and a segment excluding the common segment. may contain segments. Here, the common segment may include information indicating the length of the additional segment.

The memory controller 200 may identify the host access mode based on one or more of the common segment and the additional segment of these commands. Specifically, identification may be made based on one or more of information indicating the length of additional segments included in the common segment and whether or not information necessary for authentication is included in the additional segments. For example, when the length of the additional segment is 0 or the additional segment does not include information required for authentication, the memory controller 200 may identify the host access mode as the first access mode. Alternatively, if the length of the additional segment is not 0 or if information necessary for authentication is included in the additional segment, the memory controller 200 may identify the host access mode as the second access mode.

If the command is provided in the form of a PIU, a command related to the secure storage area 110a, more specifically, a command requesting access to the secure storage area 110a may be provided in the form of a command PIU. In this case, the common segment may mean a basic header segment, the unique field may mean a transaction specific field, and the additional segment may mean an extra header segment. Also, the basic header segment may include a total extra header segment length field including length information of the additional header segment. This will be described in more detail with reference to FIGS. 5 to 8 .

The memory controller 200 may include a device access controller 210 .

The device access control unit 210 may process an access request from the host 400 to the secure storage area 110a.

For example, when the secure storage area 110a is an RPMB, the device access controller 210 performs an authenticated data write operation for storing data in the RPMB and an authentication data read operation for reading data stored in the RPMB. (Authenticated Data Read Operation) can be processed. A specific method for the device access control unit 210 to process an authenticated data write operation and an authenticated data read operation will be described in more detail with reference to FIGS. 27 and 28 to be described later.

The host 400 may further include a host access controller 410 .

The host access controller 410 may generate commands for controlling the secure storage area 110a and provide them to the device access controller 210 . The host access controller 410 may receive a command from the device access controller 210 .

The device access control unit 210 and the host access control unit 410 will be described in detail with reference to FIGS. 4, 27 and 28 to be described later.

FIG. 2 is a diagram for explaining the memory device of FIG. 1 .

Referring to FIG. 2 , the memory device 100 may include a memory cell array 110 , a voltage generator 120 , an address decoder 130 , an input/output circuit 140 and a control logic 150 .

The memory cell array 110 includes a plurality of memory blocks BLK1 to BLKi. The plurality of memory blocks BLK1 to BLKi are connected to the address decoder 130 through row lines RL. The plurality of memory blocks BLK1 to BLKi may be connected to the input/output circuit 140 through column lines CL. In an embodiment, the row lines RL may include word lines, source select lines, and drain select lines. In an embodiment, the column lines CL may include bit lines.

Each of the plurality of memory blocks BLK1 to BLKi includes a plurality of memory cells. In an embodiment, the plurality of memory cells may be non-volatile memory cells. Among the plurality of memory cells, memory cells connected to the same word line may be defined as one physical page. That is, the memory cell array 110 may include a plurality of physical pages. The memory cells of the memory device 100 include a single level cell (SLC) storing one data bit, a multi-level cell (MLC) storing two data bits, and three data bits. It may be configured as a triple level cell (TLC) that stores . or a quad level cell (QLC) that can store four data bits.

Some of the plurality of memory blocks BLK1 to BLKi may be the secure storage area 110a described with reference to FIG. 1 , and the remaining part may be the normal storage area 110b. In one embodiment, the secure storage area 110a may be an RPMB.

In an embodiment, the voltage generator 120, the address decoder 130, and the input/output circuit 140 may be collectively referred to as a peripheral circuit. The peripheral circuit may drive the memory cell array 110 under the control of the control logic 150 . A peripheral circuit may drive the memory cell array 110 to perform a program operation, a read operation, and an erase operation.

The voltage generator 120 is configured to generate a plurality of operating voltages using an external power supply voltage supplied to the memory device 100 . The voltage generator 120 operates in response to control of the control logic 150 .

As an example embodiment, the voltage generator 120 may generate an internal power voltage by regulating an external power voltage. The internal power supply voltage generated by the voltage generator 120 is used as an operating voltage of the memory device 100 .

As an embodiment, the voltage generator 120 may generate a plurality of operating voltages using an external power supply voltage or an internal power supply voltage. The voltage generator 120 may be configured to generate various voltages required by the memory device 100 . For example, the voltage generator 120 may generate a plurality of erase voltages, a plurality of program voltages, a plurality of pass voltages, a plurality of select read voltages, and a plurality of non-select read voltages.

The voltage generator 120 includes a plurality of pumping capacitors receiving an internal power supply voltage in order to generate a plurality of operating voltages having various voltage levels, and generates a plurality of pumping capacitors in response to the control of the control logic 150. It will selectively activate to generate a plurality of operating voltages.

The generated operating voltages may be supplied to the memory cell array 110 by the address decoder 130 .

The address decoder 130 is connected to the memory cell array 110 through row lines RL. The address decoder 130 is configured to operate in response to control of the control logic 150 . The address decoder 130 may receive the address ADDR from the control logic 150 . The address decoder 130 may decode a block address among the received addresses ADDR. The address decoder 130 selects at least one memory block among the memory blocks BLK1 to BLKi according to the decoded block address. The address decoder 130 may decode a row address among the received addresses ADDR. The address decoder 130 may select at least one word line among word lines of the selected memory block according to the decoded row address. In an embodiment, the address decoder 130 may decode a column address among the received addresses ADDR. The address decoder 130 may connect the input/output circuit 140 and the memory cell array 110 according to the decoded column address.

Illustratively, the address decoder 130 may include components such as a row decoder, a column decoder, and an address buffer.

The input/output circuit 140 may include a plurality of page buffers. A plurality of page buffers may be connected to the memory cell array 110 through bit lines. During a program operation, data may be stored in memory cells selected according to data stored in a plurality of page buffers.

During a read operation, data stored in selected memory cells may be sensed through bit lines, and the sensed data may be stored in page buffers.

The control logic 150 may control the address decoder 130 , the voltage generator 120 and the input/output circuit 140 . The control logic 150 may operate in response to a command CMD transmitted from an external device. The control logic 150 may control peripheral circuits by generating control signals in response to the command CMD and the address ADDR.

FIG. 3 is a diagram for explaining the structure of one memory block among the memory blocks of FIG. 2 .

The memory block BLKi is a diagram showing one memory block BLKi among the memory blocks BLK1 to BLKi of FIG. 2 . Among these memory blocks BLKi, a normal storage area or a secure storage area may be selected according to a request of the host.

Referring to FIG. 3 , a plurality of word lines arranged in parallel to each other may be connected between the first select line and the second select line. Here, the first select line may be the source select line SSL, and the second select line may be the drain select line DSL. More specifically, the memory block BLKi may include a plurality of strings (ST) connected between the bit lines BL1 to BLn and the source line SL. The bit lines BL1 to BLn may be respectively connected to the strings ST, and the source line SL may be connected to the strings ST in common. Since the strings ST may be configured identically to each other, the string ST connected to the first bit line BL1 will be described in detail as an example.

The string ST may include a source select transistor SST, a plurality of memory cells MC1 to MC16, and a drain select transistor DST connected in series between the source line SL and the first bit line BL1. can One string ST may include at least one source select transistor SST and at least one drain select transistor DST, and memory cells MC1 to MC16 may also include more memory cells than shown in the figure.

A source of the source select transistor SST may be connected to the source line SL, and a drain of the drain select transistor DST may be connected to the first bit line BL1. The memory cells MC1 to MC16 may be connected in series between the source select transistor SST and the drain select transistor DST. Gates of the source select transistors SST included in different strings ST may be connected to the source select line SSL, and gates of the drain select transistors DST may be connected to the drain select line DSL, Gates of the memory cells MC1 to MC16 may be connected to a plurality of word lines WL1 to WL16. A group of memory cells connected to the same word line among memory cells included in different strings ST may be referred to as a physical page (PG). Accordingly, as many physical pages PG as the number of word lines WL1 to WL16 may be included in the memory block BLKi.

One memory cell can store 1 bit of data. This is commonly referred to as a single level cell (SLC). In this case, one physical page (PG) can store one logical page (LPG) data. One logical page (LPG) data may include as many data bits as the number of cells included in one physical page (PG).

One memory cell can store more than two bits of data. In this case, one physical page (PG) can store two or more logical page (LPG) data.

4 is a diagram for explaining a computing system according to an embodiment of the present invention.

Hereinafter, in FIGS. 4 to 12 and 14 to 26, as an embodiment of the present invention, the case where the secure storage area 110a is an RPMB may be mentioned, but the embodiment of the present invention is not limited thereto, The secure storage area may be a memory block of various types to which access is restricted.

4 to 12 and 14 to 26, as an embodiment of the present invention, commands transmitted and received between the storage device 50 and the host 400 may be described as being transmitted in the form of a PIU. , The embodiment of the present invention is not limited thereto, and various communication methods may be adopted.

Referring to FIGS. 1 and 4 , the storage device 50 may include a secure storage area 110a and a device access controller 210 . The secure storage area 110a may be at least a part of the storage areas included in the memory device 100 described with reference to FIG. 1 , and in an embodiment, the secure storage area 110a may be an RPMB. The device access controller 210 may be included in the memory controller 200 and the host access controller 410 may be included in the host 400 .

The secure storage area 110a may include an authentication key 111, a write counter 112, a result register 113, and a data area 114.

The authentication key 111 may be a value pre-stored in the secure storage area 110a to be used for authentication for access to the secure storage area 110a. For example, when the secure storage area 110a is an RPMB, the authentication key 111 is stored only once initially, cannot be read by itself, and a message authentication code used only to authenticate access to the RPMB ( Access may only be possible when computing a Message Authentication Code (MAC). In an embodiment, the authentication key (Authentication Key, 111) may have a size of 32 bytes, but the size of the authentication key is not limited to 32 bytes.

The write counter 112 may count the number of accesses to the secure storage area 110a. Access to the secure storage area 110a is allowed only within a preset number of times, thereby improving security. In one embodiment, when the secure storage area 110a is an RPMB, the write counter 112 may count the number of times an authenticated data write operation, which is an operation of storing data in the RPMB, is successfully performed. there is. A value indicated by the write counter 112 or a value stored in the write counter 112 may be a write count value. The write counter 112 may store a write count value corresponding to 4 bytes, but may also store a write count value corresponding to larger data. An initial write count value may be "0000 0000h". A write count value of the write counter 112 may not be reset or decreased. The write count value of the write counter (Write Counter, 112) may not increase any more after reaching the maximum value of “FFFF FFFFh”. Therefore, when the write count value of the write counter 112 reaches the maximum value, no more data can be stored in the secure storage area 110a, and the secure storage area 110a only reads It can act as a possible storage area.

The result register 113 may store a result of an operation performed on the secure storage area 110a. For example, when the secure storage area 110a is an RPMB, a result register 113 may store a result code representing a result of an operation performed on the RPMB. At this time, the type of result code stored in the result register will be described in detail with reference to FIG. 12 .

In the embodiment, the authentication key (Authentication Key, 111), the write counter (Write Counter, 112), and the result register (Result Register, 113) are independently included in each distinct area within the secure storage area (110a), and have a unique value can have In various embodiments, the secure storage area 110a may be partitioned into a plurality of secure storage sub-areas. In an embodiment, when the secure storage area 110a is an RPMB, the maximum number of RPMB sub areas included in the RPMB may be four. Each RPMB sub area may have a unique authentication key and write count value.

The data area may be an area in which data is stored only when authentication passes. In an embodiment, when the secure storage area 110a is RPMB, the capacity of the data area (RPMB Data Area) may be a minimum of 128 Kbytes and a maximum of 16 Mbytes.

The device access controller 210 may further include an Authentication Manager 211 , an Access Perform Unit 212 , and an Access Mode Identification Unit 213 .

The access mode identification unit 213 may check whether the host access mode and the device access mode match before accessing the secure storage area 110a. That is, only when the access method to the secure storage area 110a provided by the storage device 50 matches the access method to the secure storage area 110a provided by the host 400, a secure storage area such as authentication It is possible to perform an access operation for (110a). The access mode identification unit 213 may identify a device access mode based on information stored in the access mode memory 300 and may identify a host access mode based on a command PIU from the host 400 . Various descriptors provided from the host 400 may exist in the access mode memory 300, and may include, for example, a device descriptor 310 and a unit descriptor 320. The device descriptor 310 may include information about whether the storage device 50 supports the second access mode, and the unit descriptor 320 may include information about whether the second access mode is activated. there is. Authentication manager 211 can identify the device access mode based on one or more of these pieces of information. For example, when information included in the device descriptor indicates that the storage device 50 does not support the second access mode, the authentication manager 211 may identify the device access mode as the first access mode. Alternatively, when information included in the device descriptor indicates that the storage device 50 supports the second access mode, the device access mode may be identified according to whether the second access mode included in the unit descriptor 320 is activated. In one embodiment, when the secure storage area 110a is an RPMB, the unit descriptor 320 may be an RPMB unit descriptor, and the second access mode may be an advanced RPMB access mode.

When performing a write operation on the secure storage area 110a, the host access control unit 410 may provide a message related to access to the secure storage area 110a to the device access control unit 210 according to a predetermined format. . This message may include information representing a write request for the secure storage area 110a, metadata required for authentication, and authentication data required for authentication. For example, when the secure storage area 110a is RPMB, the host access control unit 410 transmits an RPMB message according to a predetermined format to the device access control unit 210 when performing an authenticated data write operation. ) can be provided. The RPMB message provided by the host access control unit 410 may include information necessary to perform RPMB authentication. For example, the RPMB message may include metadata necessary for performing authentication and authentication data necessary for performing authentication. The authentication data may include a Message Authentication Code (MAC) generated by the host access controller 410 .

When the host access mode and the device access mode match, the authentication manager 211 may perform authentication using an authentication key 111 stored in the secure storage area 110a. The authentication manager 211 may provide an authentication performance result to an access perform unit 212 . The access perform unit 212 may prevent data from being stored in the secure storage area 110a or stored in the secure storage area 110a according to the authentication result.

If authentication passes, the access perform unit 212 controls the secure storage area 110a so that the data to be stored in the secure storage area 110a received from the host 400 is stored in the data area 114. can When the data is successfully stored, the access perform unit (212) increases the write count value stored in the write counter (112), and stores the result of the write operation in the result register (113). ) can be stored.

If authentication fails, the access perform unit 212 may not store data requested to be stored in the secure storage area 110a in the data area 114 . The access perform unit 212 may maintain the value of the write counter 112 and store information indicating that authentication has failed in a result register 113 .

When the host access mode and the device access mode do not match, the authentication manager 211 may control to store information indicating an error without performing authentication. In an embodiment, information indicating an error may be stored in the result register 113 as in the case of failure of authentication, and then provided to the host access control unit 410 as a response PIU to the command PIU. Alternatively, it may be stored in another location and then provided to the host access control unit 410, or directly provided to the host access control unit 410 without being separately stored.

When the host access mode and the device access mode are identical, when performing a data read operation on the secure storage area 110a, the host access control unit 410 determines access related to the secure storage area 110a according to a predetermined format. The message may be provided to the device access control unit 210 . This message may include information indicating that it is a read request for the secure storage area 110a, metadata required for authentication, and the like.

The access perform unit 212 may read data stored in the secure storage area 110a and generate a response message to be provided to the host access controller 410 . The access perform unit 212 may generate meta data to be included in the response message. Meta data may be information necessary for authentication of the host access control unit 410, for example, a part of information included in a message received from the host access control unit 410, data read from the secure storage area 110a, A result code indicating a result of performing the read operation may be included. In addition, the response message may further include authentication data necessary for authentication. In an embodiment, when the secure storage area 110a is the RPMB, the access perform unit 212 uses the authentication key 111 and metadata stored in the RPMB to obtain authentication data, a message authentication code ( Message Authentication Code (MAC) can be generated.

The access perform unit 212 may generate a response message including authentication data and meta data. The access perform unit 212 may provide the read data and response message to the host access control unit 410 .

At this time, when the host access mode and the device access mode do not match, the authentication manager 211 may control the access performer 212 not to perform the authentication data read operation itself. Alternatively, it may be controlled not to generate a response message or to provide the generated response message to the host access control unit 410 .

5 is a diagram for explaining a data communication unit between a host access control unit and a device access control unit.

Referring to FIGS. 1 and 5 , the host access control unit 410 and the device access control unit 210 may communicate using data packets called Protocol Information Units (PIUs). In terms of a physical device, the host access control unit 410 is included in the host 400 and the device access control unit 210 is included in the storage device 50 . In terms of interfacing between two devices, one device may transmit a PIU to another device. In this case, a device generating the PIU may be referred to as an initiator device, and a device receiving the generated PIU may be referred to as a target device. That is, the PIU may be a data packet transmitted between two devices, rather than a data packet unilaterally transmitted by one of the host 400 or the storage device 50 to the other device.

PIUs are query request PIUs (Query Request PIUs), command PIUs, response PIUs (Response PIUs), and data out PIUs (Data Out PIUs) according to the operation that the host access control unit 410 or the device access control unit 210 intends to perform. Out PIU), data in PIU (Data In PIU), and ready to transfer PIU (Ready To Transfer PIU).

The query request PIU may provide a device descriptor providing various parameters of the storage device 50 to the storage device 50 . The device descriptor may include information indicating whether the storage device 50 supports the advanced RPMB mode.

Also, in an embodiment, a query request PIU may include a unit descriptor. The unit descriptor may include information indicating whether the second access mode is activated. In one embodiment, the unit descriptor may be an RPMB unit descriptor, and in this case, the RPMB unit descriptor may include information indicating whether the advanced RPMB mode of the storage device 50 is activated. At this time, the RPMB unit descriptor may include an 8-bit RPMB region enable field (bRPMBRegionEnable) for setting RPMB regions included in the RPMB. In an embodiment, whether the storage device 50 currently supports access to the RPMB in the normal RPMB mode or the advanced RPMB mode may be determined using the RPMB region enable field (bRPMBRegionEnable).

A command PIU may be a protocol information unit transmitted when the host 400 transmits a command to the storage device 50 .

A response PIU may be a protocol information unit transmitted when the storage device 50 provides a response to a command provided by the host 400 .

A data out PIU may be a protocol information unit transmitted when the host 400 provides data to the storage device 50 .

A Data In PIU (Data In PIU) may be a protocol information unit transmitted when the storage device 50 provides data to the host 400 .

A ready to transfer PIU (Ready To Transfer PIU) may be a protocol information unit transmitted when the storage device 50 informs that it is ready to receive a data out PIU from the host 400 . A ready to transfer PIU (Ready To Transfer PIU) may be transmitted when the storage device 50 has sufficient buffer space to store data provided by the host 400 .

The size of the smallest unit of PIU may be 32 bytes, and the maximum size may be 65600 bytes. The format of the PIU may have different sizes depending on its type.

In an embodiment, the PIU may include a basic header segment 61 , a transaction specific field 62 , an additional header segment 63 and a data segment 64 .

The basic header segment 61 may have a size of 12 bytes. The basic header segment 61 may be commonly included in all PIUs. The basic header segment 61 may include basic setting information related to the PIU.

The transaction specific field 62 may be included at byte addresses 12 through byte addresses 31 of the PIU. The transaction specific field 62 may include a dedicated transaction code according to the type of PIU.

The additional header segment 63 may be defined when the total additional header segment length (Total EHS Length) field of the basic header segment 61 has a non-zero value. Additional header segment 63 may start at byte address 32 of the PIU. The additional header segment 63 may be an area capable of additionally storing data when sufficient information is not included in the basic header segment 61 .

The data segment 64 may be included in a data out PIU or a data in PIU, and may not be included in other PIUs.

In an embodiment, the additional header segment 63 and the data segment 64 may not be included in all PIUs, but may be included only in a specific PIU.

6 is a diagram for explaining the structure of a basic header segment of a PIU.

Referring to FIG. 6, the basic header segment 61 includes a transaction type, a flag, a logical unit number (LUN), a task tag, an initiator ID, and a command set type. (Command Set Type), query function/task management function (Query Function, Task Manag. Function), response (Response), status (Status), total additional header segment length (Total EHS Length), device information (Device Information), and It may include a data segment length (Data Segment Length).

The transaction type may have a unique value according to the type of PIU. Examples of transaction types according to PIU types are shown in [Table 1].

When the initiator device provides to the target device transaction type When the target device provides to the initiator device transaction type Command PIU 00 0001b Response PIU 10 0001b Data out PIU 00 0010b Data in PIU 10 0010b X X Prepare for Delivery PIU 11 0001b

Flags may be fields having different values according to transaction types. The logical unit number (LUN) may be a field indicating the number of a logical unit to perform an operation among a plurality of logical units included in a target to perform an operation. For example, the host 400 and the storage device 50 described with reference to FIG. 1 may each include a plurality of logical units, and the logical unit number (LUN) of the basic header segment 61 included in the PIU may represent a specific logical unit among a plurality of logical units.

A task tag may be a field having different values according to a transaction type.

An initiator ID may be a field identifying who an initiator requesting an operation is. Accordingly, the initiator ID may have different values when the host generates the PIU and when the storage device generates the PIU.

The command set type may be a field included in a command PIU and a response PIU. Command Set Type This may be a field indicating which interface supports the command, such as whether the command is a SCSI command, a UFS command, or a command defined by a manufacturer.

The query function/task management function (Query Function, Task Manag. Function) may be a field input to the PIU such as a query request, query response, or task management request.

The response may be a field indicating whether the requested operation has succeeded or failed.

Status may be a field indicating a SCSI state.

The total additional header segment length (Total EHS Length) may be a field indicating the size of the additional header segment in units of 32 bits. Total additional header segment length (Total EHS Length) may be used when the PIU includes additional header segments. The length of the additional header segment may be in units of 4 bytes. The maximum size of the additional header segment may be 1024 bytes. If the additional header segment is not used, the total additional header segment length (Total EHS Length) may be zero.

Device information may include information used only when a specific function is performed.

Data Segment Length may be a field indicating the length of the data segment of the PIU. When the PIU does not include a data segment, the data segment length may be zero.

7 is a diagram showing the configuration of a command PIU (Command PIU).

8 is a diagram showing the configuration of a response PIU (Response PIU).

Referring to FIGS. 1, 7, and 8 , a command PIU and a response PIU may include a basic header segment, a transaction specific field, an additional header segment, and a data segment. The basic header segment included in the command PIU and response PIU includes a total additional header segment length (Total EHS Length) field. When the Total EHS Length field has a value other than 0, the Extra Header Segment field included in the Command PIU and Response PIU may be used. The Extra Header Segment may start from byte address 32 of the PIU. The extra header segment may be an area capable of additionally storing data when sufficient information is not included in the basic header segment.

In the advanced RPMB mode, the host 400 and the storage device 50 may transmit the RPMB message using an extra header segment included in the command PIU and response PIU. Specifically, the host 400 and the storage device 50 set the total additional header segment length (Total EHS Length) field included in the basic header segments of the command PIU and response PIU to a value other than 0. It can be configured and transmitted by including the RPMB message in the Extra Header Segment.

The memory controller 200 may identify the host access mode by checking the total additional header segment length field or the additional header segment within the basic header segment of the command PIU received from the host 400 . For example, the memory controller 200 may first check the total additional header segment length field of the command PIU. When the value of the total additional header segment length field is 0, it can be identified that the host access mode is set to normal RPMB. If the value of the Total Additional Header Segment Length field is not 0, the additional header segment can be checked, and if the RPMB message exists in the additional header segment, the host access mode can be identified as the advanced RPMB mode. Alternatively, in some cases, when the value of the Total Additional Header Segment Length field is not 0, the host access mode may be identified as the advanced RPMB mode without checking the additional header segment. Alternatively, the host access mode may be identified according to the presence or absence of the RPMB message by directly checking the additional header segment without checking the total additional header segment length field.

9 is a diagram for explaining an RPMB message.

Referring to FIGS. 1 and 9 , when the host 400 or the storage device 50 transmits/receives a PIU related to the RPMB, it may transmit an RPMB message to each other. The RPMB message may include information for authentication.

An RPMB message can include multiple components. The RPMB message may include some or all of the plurality of components shown in FIG. 9 depending on the delivery situation.

A request message type may have a size of 2 bytes. A request message type may be a component indicating the type of request for the RPMB. The request message type may be included in a request transmitted by an initiator device to a target device. Examples of code values that Request Message Type can have are shown in the following [Table 2].

Code Request Message Types 0001h Authentication Key programming request 0002h Write Counter read request 0003h Authenticated data write request 0004h Authenticated data read request 0005h Result read request 0006h Secure Write Protect Configuration Block write request 0007h Secure Write Protect Configuration Block read request Others Reserved

The authentication key programming request may be a request message type requesting programming of an authentication key. A write counter read request may be a request message type requesting a write count value stored in the write counter. The authenticated data write request may be a request message type requesting to store data in the RPMB. An authenticated data read request may be a request message type requesting a read of data stored in the RPMB. A Result Read Request may be a request message type requesting a result (value stored in a result register) of an operation related to the RPMB. An RPMB message having these request message types may be examples of a message requesting access to the secure storage area 110a. A response message type may have a size of 2 bytes. A response message type may be a component indicating a type of response. The response message type cannot be included in the request that the initiator device sends to the target device, and the response that the target device sends to the initiator device. can be included in The code values that the Response Message Type can have are shown in [Table 3].

Code Response Message Types 0100h Authentication Key programming response 0200h Write Counter read response 0300h Authenticated data write response 0400h Authenticated data read response 0500h Revered 0600h Secure Write Protect Configuration Block write response 0700h Secure Write Protect Configuration Block read response Others Reserved

The authentication key programming response may be a response message type indicating a response to an RPMB message requesting programming of an authentication key. The write counter read response may be a response message type indicating an RPMB message for transmitting a write count value stored in the write counter to an initiator device. The authenticated data write response may be a response message type indicating a response to an authenticated data write request requesting to store data in the RPMB. The authenticated data read response may be a response message type indicating a response to an authenticated data read request requesting a read of data stored in the RPMB. The Result Read Response may be a response message type indicating a response to a Result Read Request requesting a result of performing an operation related to the RPMB (a value stored in a result register). The authentication key may have a size of 32 bytes. The authentication key may be an RPMB message component included in a PIU corresponding to an authentication key programming request, that is, when requesting programming in the RPMB initially. Accordingly, the authentication key may be included only in a request transmitted from an initiator device to a target device.

A message authentication code (MAC) may have a size of 32 bytes. The MAC may be included in a request transmitted by an initiator device to a target device as well as a response transmitted by the target device to the initiator device. The MAC may be an RPMB message component used for authentication.

Result may have a size of 2 bytes. Result may be a value stored in a result register included in the RPMB. Accordingly, the result may be included in a response transmitted from the target device to the initiator device.

The write counter may have a size of 4 bytes. The write counter may indicate the total number of successfully performed authenticated data write operations. The write counter may be a write count value stored in the write counter included in the RPMB. The write counter may be included in a request transmitted from an initiator device to a target device as well as a response transmitted from the target device to the initiator device.

Address may have a size of 2 bytes. The address may be data to be stored in the RPMB or a logical address of data stored in the RPMB. The address may be included in a request transmitted from an initiator device to a target device as well as a response transmitted from the target device to the initiator device.

A nonce may have a size of 16 bytes. The nonce may be a value having randomness (randomness). The nonce may be included in a request transmitted from an initiator device to a target device as well as a response transmitted from the target device to the initiator device. In an embodiment, the host 400 may create the nonce, and the storage device 50 may copy and use the nonce created by the host 400 .

Data may be data to be stored in the RPMB or data read from the RPMB. Data may have a size of 256 bytes. In an embodiment, data may be data transferred between an initiator device and a target device when accessing the RPMB in the normal RPMB mode.

Advanced RPMB data may be data to be stored in the RPMB in the advanced RPMB mode or data read from the RPMB. Advanced RPMB data may be transmitted in units of 4 KB. Advanced RPMB data is data to be stored in the RPMB according to an authenticated data write request or data read from the RPMB by the storage device 50 according to an authenticated data read request. can be

Block Count may have a size of 2 bytes. The block count may be a value indicating the number of blocks of data transferred between an initiator device and a target device in normal RPMB mode. In normal RPMB mode, one block can be 256 bytes in size.

The advanced RPMB block count may be a value indicating the number of blocks of advanced RPMB data transmitted between an initiator device and a target device in the advanced RPMB mode. In the advanced RPMB mode, one block may be 4KB in size.

Among the above message components, information directly used for authentication, such as a message authentication code, may be referred to as authentication data. In addition, among the above-described message components, information other than authentication data such as a message authentication code may be referred to as meta data. Since this meta data can also be used to generate authentication data in a target device, for example, a message authentication code in the target device, meta data can also be information indirectly used for authentication. Accordingly, both authentication data and meta data may be information necessary for authentication.

In the case of a message related to access of the secure storage area 110a, such as the RPMB message described in FIG. 9, some or all of authentication data and meta data may be included. For example, the RPMB message components described with reference to FIG. 9 are used between the host 400 and the storage device 50 or between the initiator device and the initiator device when accessing the RPMB block in the normal RPMB mode or the advanced RPMB mode. It can be included in the RPMB message transmitted between target devices. RPMB message components may be included in one PIU or may be divided and included in a plurality of PIUs according to the type of operation.

10 is a diagram for explaining an RPMB unit descriptor stored in a storage device according to an embodiment of the present invention. At this time, the RPMB unit descriptor is only described as an example of a unit descriptor including information on whether the second access mode is activated, and the unit descriptor that can be stored in the access mode memory 300 of FIG. 4 is an RPMB unit. It is not limited to descriptors.

Referring to FIGS. 4 and 10 , the RPMB unit descriptor may be provided to the storage device 50 from the host 400 . RPMB regions included in the RPMB may be defined according to the RPMB descriptor. The RPMB unit descriptor may include an 8-bit RPMB region enable field (bRPMBRegionEnable) for setting RPMB regions included in the RPMB. In an embodiment, whether the storage device 50 supports access to the RPMB in a normal RPMB mode or an advanced RPMB mode may be determined using the RPMB region enable field (bRPMBRegionEnable). In the RPMB region enable field, in the case of RPMB region 0, it is always activated regardless of the value of BIT-0, and if the value of BIT-1 is 1, RPMB region 1 is activated, and BIT-2 If the value of is 1, RPMB region 2 is activated, and if the value of BIT-3 is 1, RPMB region 3 is activated. In addition, when the value of BIT-4 is 1, the advanced RPMB mode is activated, and when the value is 0, the normal RPMB mode is activated. In an embodiment, the RPMB access method may be set to normal RPMB mode or advanced RPMB mode according to the RPMB region enable field (bRPMBRegionEnable).

This RPMB unit descriptor may be stored in the access mode memory 300 in the storage device 50 . The memory controller may identify the device access mode based on the RPMB unit descriptor stored in the storage device 50, more specifically, based on BIT-4 of the RPMB region enable field (bRPMBRegionEnable) in the RPMB unit descriptor.

11 is a diagram for explaining a device descriptor stored in a storage device according to an embodiment of the present invention.

Referring to FIGS. 4 and 11 , the device descriptor may be provided to the storage device 50 from the host 400 . For example, it may be provided through a query request PIU (Query Request PIU). A device descriptor may provide various parameters of the storage device 50 . The device descriptor may include information indicating whether the storage device 50 supports the second access mode. In an embodiment, the device descriptor may include an extended UFS feature support field (dExtendedUFSFeatureSupport). This field indicates the functions supported by the device. Bit[0] represents the Field Firmware Update (FFU) function, bit[1] represents the Production State Awareness (PSA) function, and bit[2] represents the Device Life Span Bit[3] is the refresh operation function, bit[4] is the function when the device temperature is too high (TOO_HIGH_TEMPERATURE), and bit [5] is the function when the device temperature is too low (TOO_LOW_TEMPERATURE) , bit[6] is the function with Extended Temperature range, bit[7] is the area reserved for Host-aware Performance Booster (HPB), bit[ 8] may indicate a write booster function, bit [9] may indicate a performance throttling function, and bit [10] may indicate a second access mode function. When each bit is set to 1, it means that the function corresponding to the corresponding bit is supported. That is, bit[10] of the UFS function support field (dExtendedUFSFeatureSupport) may indicate whether the second access mode function is supported for the secure storage area 110a, and the memory controller can identify the device access mode by checking this. there is. For example, if bit[10] of the UFS function support field (dExtendedUFSFeatureSupport) is confirmed to be 0, the access mode of the corresponding device is the first access mode, so the access mode of the device can be identified as the first access mode. . This device descriptor may be stored in the access mode memory 300 in the storage device 50 . In one embodiment, when the secure storage area 110a is RPMB, bit[10] of the UFS function support field (dExtendedUFSFeatureSupport) may indicate whether the advanced RPMB function is supported.

12 is a diagram for explaining a result code included in an RPMB message.

Referring to FIGS. 4 and 12 , a result of an operation performed on the RPMB may be stored in a result register 113 . For example, the result register 113 may store a result code indicating a result of an operation performed on the RPMB. Looking at the result codes according to FIG. 12, 0000h (0008h) is displayed when the operation performed on the RPMB is performed well, 0001h (0081h) is displayed for general failure, authentication failures such as when MAC comparison does not match or MAC calculation fails. 0002h (0082h) for counter failures, such as when counters do not match on comparison or counter increment fails, 0004h (0084h) for address failures, such as addresses out of range or incorrect address alignment, 0005h (0085h) indicates write failure such as data/counter/result write failure, and 0006h (0086h) indicates read failure such as data/counter/result write failure. 0007h indicates that the authentication key has not yet been programmed. This value is valid only until the authentication key is programmed, and is no longer used once the authentication key is programmed. Also, 0008h (0088h), LUN or inactive logical unit, data length, logical block address, logical block for failure of supplemental write protect configuration block access, such as Secure Write Protect Configuration read or write failure. 0009h (0089h) when the Secure Write Protect Block Configuration parameter is invalid, such as when the number or overlapping area is invalid, and secure write protection is disabled, such as when the logical unit is configured in a different write-protect mode. When not applicable, it indicates 000Ah (008Ah). At this time, the result code value in parentheses means the value used when the write counter expires.

These result codes may be provided from the storage device 50 to the host 400 through the response PIU to the command PIU. As a result of the memory controller 200 comparing the host access mode and the device access mode, if the two RPMB modes do not match, it is determined that it corresponds to a general fail and 0001h (0081h) is stored as a result code in the result register 113. and such a result code may be provided to the host 400 through the response PIU.

13 is a flowchart illustrating a method of operating a storage device according to an embodiment of the present invention.

Referring to FIGS. 1, 4, and 13 , in step S1301, the storage device 50 may receive a command. Such a command is received from the host 400 and may be a command related to the secure storage area 110a, and more specifically, may be a command requesting access to the secure storage area 110a.

Based on the received command, the memory controller 200 may identify the host access mode in step S1303. In an embodiment, the host access mode may be identified by checking one or more of the total additional header segment length field and the additional header segment within the basic header segment of the command. For example, if the value of the Total Additional Header Segment Length field in the basic header segment of the command is 0 or the additional header segment of the command does not contain information necessary for authentication, the host access mode is identified as the first access mode. can do. In addition, if the total additional header segment length field in the basic header segment of the command has a value other than 0 or information required for authentication is included in the additional header segment of the command, the host access mode is identified as the second access mode. can do.

Thereafter, the memory controller 200 may identify the device access mode based on the device access mode information stored in the storage device 50, and may compare the host access mode and the device access mode identified in step S1305. Device access mode information may be stored in the access mode memory 300 in the storage device 50 . For example, information that the second access mode is not supported is stored in the device descriptor 310 stored in the access mode memory 300, or information that the second access mode is disabled is stored in the unit descriptor 320 If present, the device access mode may be identified as the first access mode. In addition, when information indicating that the second access mode is supported is stored in the device descriptor 310 stored in the access mode memory 300, or information indicating that the second access mode is activated is stored in the unit descriptor 320, The device access mode may be identified as the second access mode.

If the two access modes match in step S1307, that is, if the host access mode and the device access mode are both the first access mode or both are the second access mode, the access mode for the secure storage area is determined according to the matching access mode in step S1309. access can be performed.

If the two access modes do not match in step S1307, that is, if one of the host access mode and the device access mode is the first access mode and the other is the second access mode, an error message indicating an error is generated in step S1311. It may be provided to the host 400 as a response to the command.

14 is a flowchart illustrating an authenticated data write operation performed in a normal RPMB mode.

1, 4, and 14, in the normal RPMB mode, the host 400 transmits the command PIU three times to perform an authenticated data write operation, and the storage device ( 50) may deliver three response PIUs. The write operation according to the normal RPMB mode may be performed after the memory controller 200 confirms that both the host access mode and the device access mode match the normal RPMB mode.

Specifically, the authenticated data write operation transmits RPMB messages of an authenticated data write request, a result read request, and a result read response through the PIU. process may be included.

Authenticated DATA Write Request is performed through steps S1401 to S1407, Result Read Request is performed through steps S1409 to S1415, and Result Read Response is performed through steps S1417 to S1417. It may be performed through step S1421.

The authenticated data write request includes an RPMB message requesting data to be stored in the RPMB and a process in which the host 400 transfers the data to be stored to the storage device 50 .

The result read request is a request from the host 400 to the storage device 50 for a value stored in a result register included in the RPMB in which the result of performing an authenticated data write operation is stored. It can be a request that carries an RPMB message that

The result read response may be a response in which the storage device 50 transmits an RPMB message providing a value of a result register to the host 400 .

In step S1401, the host 400 may provide a command PIU to the storage device 50. The command PIU transmitted in step S1401 may be a Security Protocol Out command indicating that the host 400 will transmit data. In step S1403, the storage device 50 may provide a ready to transfer PIU (Ready To Transfer PIU) to the host 400 in response to the command PIU received in step S1401. A ready to transfer PIU (Ready To Transfer PIU) may be a PIU provided when the storage device 50 is ready to receive data to be provided by the host 400 . In an embodiment, the Ready To Transfer PIU may be a PIU that provides a message indicating that the data out PIU is ready to be received.

In step S1405, the host 400 may provide a data out protocol information unit (Data Out PIU) to the storage device 50. A data out PIU provided by the host 400 may include an RPMB message corresponding to an authenticated data write request. The RPMB message transmitted in step S1405 may include stuff bytes, authentication data, and meta data. Meta data may include data to be stored in the RPMB. 14 shows a case of performing an authenticated data write operation in normal RPMB mode, data may include a plurality of blocks having a size of 256 bytes. The RPMB message delivered in step S1405 will be described in detail with reference to FIG. 15 to be described later.

In step S1407, the storage device 50 may provide a response PIU to the host 400. The response PIU transmitted in step S1407 may be a response to the command PIU transmitted in step S1401.

In step S1409, the host 400 may provide a command PIU to the storage device 50. The command PIU transmitted in step S1409 may be a Security Protocol Out command indicating that the host 400 will transmit data. Then, in step S1411, the storage device 50 may provide a ready to transfer PIU (Ready To Transfer PIU) to the host 400 in response to the command PIU received in step S1409. A ready to transfer PIU (Ready To Transfer PIU) may be a PIU provided when the storage device 50 is ready to receive data to be provided by the host 400 . In an embodiment, the Ready To Transfer PIU may be a PIU that provides a message indicating that the data out PIU is ready to be received.

In step S1413, the host 400 may provide a data out PIU to the storage device 50. The data out PIU provided in step S1413 may include an RPMB message corresponding to the result read request. In an embodiment, the RPMB message included in the Data Out PIU provided in step S1413 will be described in detail with reference to FIG. 16 to be described later.

In step S1415, the storage device 50 may provide a response PIU to the host 400. The response PIU transmitted in step S1415 may be a response to the command PIU transmitted in step S1409.

In step S1417, the host 400 may provide a command PIU to the storage device 50. The command PIU provided in step S1417 may be a security protocol in command representing a command requesting data or information from the storage device 50 .

In step S1419 , the storage device 50 may provide data in PIU (Data In PIU) to the host 400 . The PIU (Data In PIU), which is data transmitted in step S1419, may include an RPMB message corresponding to a result read response. The RPMB message transmitted in step S1419 may include stuff bytes, authentication data, and meta data. The meta data may include an updated write count value and a value of a result register indicating a result of performing an authenticated data write operation. The RPMB message delivered in step S1419 will be described in detail with reference to FIG. 17 to be described later.

In step S1421, the storage device 50 may provide a response PIU to the host 400. The response PIU transmitted in step S1421 may be a response to the command PIU transmitted in step S1417.

15 is a diagram for explaining the RPMB message provided through step S1405 of FIG. 14 .

Referring to FIGS. 1, 4, 14, and 15 , an RPMB message corresponding to an authenticated data write request may include stuff bytes, authentication data, and meta data.

The stuff byte may be a bit added to synchronize a predetermined data format or data communication. In an embodiment, a field corresponding to a stuff byte may be “0”.

Authentication data included in the RPMB message corresponding to the authenticated data write request may be a MAC generated by the host access controller 410 described with reference to FIG. 4 .

The metadata includes the data to be stored in the RPMB, the nonce, the current write count value, the address corresponding to the data, the number of blocks of data (here, one block is 256B), and the RPMB message indicating that it is an Authenticated Data Write Request. May include Request Message Type. In an embodiment, a field corresponding to the nonce may be “0”.

FIG. 16 is a diagram for explaining the RPMB message provided through step S1413 of FIG. 14 .

Referring to FIGS. 1, 4, 14, and 16 , an RPMB message corresponding to a Result Read Request may include stuff bytes, authentication data, and meta data.

In an embodiment, the RPMB message corresponding to the Result Read Request may have a value of only the request message type included in meta data, and the values of the other fields may be “0”. The Request Message Type may include a code value (0005h) indicating that the RPMB message is a Result Read Request.

FIG. 17 is a diagram for explaining the RPMB message provided through step S1419 of FIG. 14 .

Referring to FIGS. 1, 4, 14, and 17, the RPMB message corresponding to the Result Read Response may include stuff bytes, authentication data, and meta data.

The stuff byte may be a bit added to synchronize a predetermined data format or data communication. In an embodiment, a field corresponding to a stuff byte may be “0”.

Authentication data included in the RPMB message corresponding to the Result Read Response may be a MAC generated by the device access controller 210 described with reference to FIG. 4 .

Specifically, the access perform unit 212 may generate metadata to be included in the RPMB message and generate a MAC using the generated metadata and an authentication key 111 stored in the RPMB.

Meta data includes the updated write count value, the address of the data saved by the Authenticated Data Write Operation, the result code indicating the execution result of the Authenticated Data Write Operation, and the RPMB message. It may include “0300h” which is a Response Message Type code indicating that it is a response (Authenticated Data Write Response). Here, the address may be the same value as the address included in the RPMB message corresponding to the authenticated data write request described with reference to FIG. 15 .

In an embodiment, the stuff byte, data, nonce, and block count fields included in the RPMB message corresponding to the Result Read Response may be “0”.

18 is a flowchart illustrating an authenticated data read operation performed in a normal RPMB mode.

1, 4, and 18, in the normal RPMB mode, the host 400 transmits a command PIU twice to perform an authenticated data read operation, and the storage device ( 50) may deliver the response PIU twice. The read operation according to the normal RPMB mode may be performed after the memory controller 200 confirms that both the host access mode and the device access mode match the normal RPMB mode.

Specifically, the authenticated data read operation includes a process of transmitting RPMB messages corresponding to an authenticated data read request and an authenticated data read response through the PIU. can do.

An authenticated data read request may be performed through steps S1801 to S1807, and an authenticated data read response may be performed through steps S1809 to S1813.

The authenticated data read request includes a process in which the host 400 transmits an RPMB message indicating a read request for data stored in the RPMB to the storage device 50, and an authenticated data read response (Authenticated DATA Read Request) Response includes a process in which the storage device 50 transfers data read from the RPMB to the host 400 .

In step S1801, the host 400 may provide a command PIU to the storage device 50. The command PIU provided in step S1801 may be a security protocol out command indicating that the host 400 will transmit data.

In step S1803, the storage device 50 may provide a Ready To Transfer PIU (PIU) to the host 400.

In step S1805, the host 400 may provide a data out PIU to the storage device 50. The Data Out PIU provided in step S1805 may include an RPMB message. Specifically, the RPMB message provided in step S1805 may include metadata. Here, the metadata includes a nonce generated by the host, an address to be read, a block count indicating the number of blocks of data to be read, and a Request Message Type indicating that the RPMB message is an Authenticated DATA Read Request. can include The RPMB message corresponding to the authenticated data read request will be described in detail in the description of FIG. 19 to be described later.

In step S1807, the storage device 50 may provide a response PIU to the host 400. The response PIU provided by the storage device 50 may be a response to the command PIU transmitted in step S1801.

In step S1809, the host 400 may provide a command PIU to the storage device 50. The command PIU provided in step S1809 may be a security protocol in command representing a command requesting data or information from the storage device 50 .

In step S1811 , the storage device 50 may provide data in PIU (Data In PIU) to the host 400 . Data In PIU (PIU), which is data provided by the storage device 50, may include an RPMB message. Specifically, the RPMB message provided in step S1811 may include stuff bytes, authentication data, and metadata. Here, the authentication data may be a MAC generated by the storage device 50 . The metadata may include data read from the RPMB, a nonce, an address, a block count indicating the number of blocks of the read data, and a response message type indicating that the RPMB message is an Authenticated DATA Read Response. can The RPMB message corresponding to the authenticated data read response will be described in detail in the description of FIG. 20 to be described later.

In step S1813, the storage device 50 may provide a response PIU to the host 400. The response PIU received by the host 400 in step S1813 may be a response to the command PIU transmitted in step S1809.

FIG. 19 is a diagram for explaining the RPMB message provided through step S1805 of FIG. 18 .

Referring to FIGS. 1, 4, 18, and 19 , an RPMB message corresponding to an authenticated data read request may include metadata and stuff bytes without authentication data. The stuff byte may be a bit added to synchronize a predetermined data format or data communication. In an embodiment, a field corresponding to a stuff byte may be “0”.

The meta data includes a nonce generated by the host, an address to read, a block count indicating the number of blocks of data to be read, and a Request Message Type indicating that the RPMB message is an Authenticated DATA Read Request. can do.

In various embodiments, values respectively corresponding to the stuff byte, MAC, data, write counter, and result included in the RPMB message corresponding to the authenticated data read request may be “0”.

FIG. 20 is a diagram for explaining the RPMB message provided through step S1811 of FIG. 18 .

Referring to FIGS. 1, 4, 18, and 20 , an RPMB message corresponding to an authenticated data read response may include authentication data and meta data. Authentication data may be a MAC generated by the device access controller 210 of the storage device 50 . The metadata may include data read from the RPMB, a nonce, an address, a block count indicating the number of blocks of the read data, and a response message type indicating that the RPMB message is an Authenticated DATA Read Response. can

The nonce may be a nonce included in the RPMB message corresponding to the authenticated data read request transmitted through step S1805, that is, a nonce value generated by the host 400 copied as it is. The address and the block count of read data may be the same as an address to be read included in an RPMB message corresponding to an authenticated data read request and a block count indicating the number of blocks of data to be read. The result may be a result code indicating a result of performing an authenticated data read operation. The response message type may be a code (0400h) indicating that the RPMB message is an authenticated data read response.

The host access control unit 410 included in the host 400 receives an RPMB message including data read according to an authenticated data read operation, and then receives an authentication key possessed by the host access control unit 410. The MAC can be calculated using the (authentication key) and the metadata included in the RPMB message. The host access control unit 410 may obtain the read data only when the MAC calculated by the host access control unit 410 matches the MAC generated by the storage device 50, which is authentication data included in the RPMB message.

14 to 20, the authenticated data write operation and the authenticated data read operation in the normal RPMB mode provide data to be stored or read data. Although the command PIU is provided once, the provision of an additional command PIU or response PIU may be additionally required to deliver the RPMB message. This may cause a delay in access speed to the RPMB or complexity of design.

21 is a flowchart illustrating an authenticated data write operation performed in the advanced RPMB mode.

1, 4, and 21, in the advanced RPMB mode, the host 400 transmits a command PIU once to perform an authenticated data write operation, and the storage device ( 50) may deliver the response PIU once. A write operation according to the advanced RPMB mode may be performed after the memory controller 200 confirms that both the host access mode and the device access mode match the advanced RPMB mode.

Specifically, in step S2101 , the host 400 may provide a command PIU to the storage device 50 . Command PIU (Command PIU) may include the RPMB message in the additional header segment. The command PIU may be a security protocol out command indicating that the host 400 will transmit data. The RPMB message delivered in step S2101 will be described in detail in the description of FIG. 22 to be described later.

In step S2103, the storage device 50 may provide a ready to transfer PIU (Ready To Transfer PIU) to the host 400 in response to the command PIU received in step S2101.

In step S2105, the host 400 may provide a data out PIU to the storage device 50. In step S2101, the host 400 has already included the RPMB message in the additional header segment of the command PIU and provided it to the storage device 50, so the data out PIU transmitted in step S2105 is the RPMB message. is not included, and may include only data to be stored in RPMB.

In step S2107, the storage device 50 may provide a response PIU to the host 400. A response PIU provided by the storage device 50 may include an RPMB message. The RPMB message may be included in an additional head segment of the Response PIU.

FIG. 22 is a diagram for explaining the structure of the command PIU transmitted in step S2101 of FIG. 21 .

1, 4, 21 and 22, the command PIU delivered in step S2101 is different from the command PIU delivered in the embodiment described with reference to FIGS. 14 to 20, It may be a PIU using an additional header segment. Accordingly, a field indicating total additional header segment length information included in the basic header segment may be set to a non-zero value (02h).

An additional header segment of the command PIU transmitted in step S2101 may include an RPMB message. The RPMB message included in the additional header segment may include some data of the RPMB message corresponding to the authenticated data write request described with reference to FIG. 15 .

Specifically, the additional header segment of the command PIU may include authentication data and meta data. Unlike the RPMB message of FIG. 15, meta data included in the additional header segment may not include data to be stored in the RPMB. The metadata includes the nonce generated by the host, the current write count value, the address corresponding to the data, the number of blocks of data (here, one block is 4KB), and the RPMB request message indicating that the message is an Authenticated Data Write Request. It may include the type (Request Message Type) (0003h). The authentication data may be a MAC generated by the device access controller 210 described with reference to FIG. 4 . Here, meta data or authentication data included in the additional header segment and transmitted may be information required for authentication.

FIG. 23 is a diagram for explaining the structure of the response PIU transmitted in step S2107 of FIG. 21 .

1, 4, 21, and 23, the response PIU transmitted in step S2107 is different from the response PIU transmitted in the embodiment described with reference to FIGS. 14 to 20, It may be a PIU using an additional header segment. Accordingly, a field indicating total additional header segment length information included in the basic header segment may be set to a non-zero value (02h).

An additional header segment of the response PIU transmitted in step S2107 may include an RPMB message. The RPMB message included in the additional header segment may include some data of the RPMB message corresponding to the result read response described with reference to FIG. 17 .

Specifically, the additional header segment of the response PIU may include authentication data and meta data. Meta data includes the write count value of the write counter updated according to the execution of the Authenticated Data Write Operation, the address of the data saved by the Authenticated Data Write Operation, and the Authenticated Data Write Operation (Authenticated Data Write Operation). Write Operation) and a response message type indicating that the RPMB message is an Authenticated Data Write Response. Here, the address may be the same value as the address included in the RPMB message corresponding to the authenticated data write request described with reference to FIG. 22 . The nonce may be a value obtained by copying the nonce included in the RPMB message corresponding to the authenticated data write request described with reference to FIG. 22 . The authentication data may be a MAC generated by the device access controller 210 described with reference to FIG. 4 using meta data and an authentication key stored in the RPMB.

24 is a flowchart illustrating an authenticated data read operation performed in the advanced RPMB mode.

1, 4, and 24, in the advanced RPMB mode, the host 400 transmits a command PIU once to perform an authenticated data read operation, and the storage device ( 50) may deliver the response PIU once. The read operation according to the advanced RPMB mode may be performed after the memory controller 200 confirms that both the host access mode and the device access mode match the advanced RPMB mode.

Specifically, in step S2401, the host 400 may provide a command PIU to the storage device 50. Command PIU (Command PIU) may include the RPMB message in the additional header segment. The command PIU may be a security protocol in command indicating that the host 400 requests transfer of data to the storage device 50 . The RPMB message transmitted in step S2401 will be described in more detail in the description of FIG. 25 to be described later.

In step S2403, the storage device 50 reads data stored in the RPMB using the RPMB message included in the command PIU received in step S2401, and data including the read data is a Data In PIU (PIU). ) may be provided to the host 400. In step S2401, since the host 400 includes the RPMB message in the additional header segment of the command PIU and has already provided it to the storage device 50, the PIU (Data In PIU), which is the data transmitted in step S2403, is the RPMB message. is not included, and may include only data read from RPMB.

In step S2405, the storage device 50 may provide a response PIU to the host 400. A response PIU provided by the storage device 50 may include an RPMB message. The RPMB message may be included in an additional head segment of the Response PIU. The RPMB message provided from the storage device 50 to the host 400 in step S2405 will be described in detail with reference to FIG. 26 to be described later. Here, both meta data and authentication data included in the additional header segment and transmitted may be information necessary for authentication.

FIG. 25 is a diagram for explaining the structure of the command PIU transmitted in step S2401 of FIG. 24 .

1, 4, 24, and 25, the command PIU delivered in step S2401 is different from the command PIU delivered in the embodiment described with reference to FIGS. 14 and 20, It may be a PIU using an additional header segment. Accordingly, a field indicating total additional header segment length information included in the basic header segment may be set to a non-zero value (02h).

An additional header segment of the command PIU transmitted in step S2401 may include an RPMB message. The RPMB message included in the additional header segment may include some or all of data included in the RPMB message corresponding to the authenticated data read request described with reference to FIG. 19 .

Specifically, the additional header segment of the command PIU may include authentication data and meta data. In an embodiment, the command PIU may include only meta data without authentication data. The meta data includes the nonce generated by the host, the address to be read, the advanced RPMB block count indicating the number of blocks of data to be read (here, one block is 4 KB), and the RPMB message included in the additional header segment. DATA Read Request) may include 0004h, which is a Request Message Type. In an embodiment, values respectively corresponding to the MAC, the write counter, and the result included in the RPMB message included in the additional header segment may be “0”.

FIG. 26 is a diagram for explaining the structure of the response PIU transmitted in step S2405 of FIG. 24 .

1, 4, 24, and 26, the response PIU transmitted in step S2405 is different from the response PIU transmitted in the embodiment described with reference to FIGS. 14 to 20, It may be a PIU using an additional header segment. Accordingly, a field indicating total additional header segment length information included in the basic header segment may be set to a non-zero value (02h).

An additional header segment of the response PIU transmitted in step S2405 may include an RPMB message. The RPMB message included in the additional header segment may be an RPMB message corresponding to the authenticated data read response described with reference to FIG. 20 . Additional header segments may include authentication data and meta data. Authentication data may be a MAC generated by the device access controller 210 of the storage device 50 . Meta data includes data read from RPMB, nonce, address, advanced RPMB block count indicating the number of blocks of read data, and a response message type indicating that the RPMB message is an Authenticated DATA Read Response. can include

The nonce may be a copy of the nonce included in the RPMB message corresponding to the authenticated data read request transmitted through step S2401, that is, the nonce value generated by the host 400 as it is. The address and the block count of read data may be the same as an address to be read included in an RPMB message corresponding to an authenticated data read request and a block count indicating the number of blocks of data to be read. The result may be a result code indicating a result of performing an authenticated data read operation. The response message type may be a code (0400h) indicating that the RPMB message is an authenticated data read response.

The host access control unit 410 included in the host 400 receives data read according to an authenticated data read operation in step S2403, and in step S2405, an authenticated data read response (Authenticated Data Read Response) After receiving the RPMB message corresponding to , a MAC may be calculated using an authentication key possessed by the host access control unit 410 and meta data included in the RPMB message. The host access control unit 410 may obtain the read data only when the MAC calculated by the host access control unit 410 matches the MAC generated by the storage device 50, which is authentication data included in the RPMB message.

According to the embodiments described with reference to FIGS. 21 to 26 , since the RPMB message is included in an additional header segment and transmitted in the advanced RPMB mode, unlike the normal RPMB mode, data in PIU (Data In PIU) or data out PIU (Data Out PIU) ) do not need to be transmitted. Accordingly, since the number of PIUs to be transmitted is smaller in the advanced RPMB mode than in the normal RPMB mode, the advanced RPMB mode may be a mode capable of accessing the RPMB at a higher speed than the normal RPMB mode.

27 is a diagram for explaining a PIU transmitter 2700 included in an initiator device.

Referring to FIGS. 4 and 27 , the host 400 and the storage device 50 may perform RPMB-related operations while transmitting and receiving PIUs. In the process of performing the Authenticated Data Write Operation and the Authenticated Data Read Operation described with reference to FIGS. 14 to 26, both the host access control unit 410 and the device access control unit 210 Authentication may be performed by generating a PIU, transmitting the generated PIU, or receiving the PIU transmitted by the other party. Accordingly, the host access controller 410 and the device access controller 210 may include both a PIU transmitter 2700 and a PIU receiver 2800 described with reference to FIG. 27 to be described later.

A device generating a PIU may be an initiator device. A device receiving the generated PIU may be a target device. When the host access controller 410 provides the PIU to the device access controller 210, the host 400 may be an initiator device and the storage device 50 may be a target device. Conversely, when the device access control unit 210 provides the PIU to the host access control unit 410, the storage device 50 may be an initiator device and the host 400 may be a target device. there is.

The PIU transmitter 2700 may include a MAC calculator 2720, an authentication key storage unit 2730, a meta data generator 2710, and a PIU generator 2740.

The authentication key storage unit 2730 may store an authentication key. The authentication key storage unit 2730 may correspond to the authentication key 111 included in the secure storage area 110a described with reference to FIG. 4 . The authentication key may be stored in the RPMB according to authentication key programming operation. Authentication Key is used to generate MAC when performing Authenticated Data Write Operation and Authenticated Data Read Operation, so Authenticated Data Write Operation and Authentication It must be stored in the RPMB before performing an Authenticated Data Read Operation. The meta data generator 2710 may generate meta data. Meta data may be included in RPMB messages. Meta data may include different components depending on the type of RPMB message. Components that may be included in meta data include the write count value, request message type, response message type, result, and address described with reference to FIG. ), nonce, data, advanced RPMB data, block count, and advanced RPMB block count.

The meta data generator 2710 may provide the generated meta data to the MAC calculator 2720 and the PIU generator 2740.

The MAC calculation unit 2720 may generate a MAC using metadata and an authentication key stored in the authentication key storage unit 2730. Specifically, the MAC calculation unit 2720 may generate a MAC using a hash-based message authentication code (HMAC SHA-256). The generated MAC can be used by a target device to perform authentication. A MAC may have a length of 256 bits (32 bytes). An authentication key used to generate a MAC may be 256 bits. However, the size of the MAC and authentication key is not limited according to the embodiment of the present invention. The MAC calculator 2720 may provide the generated MAC to the PIU generator 2740.

The PIU generation unit 2740 may generate a PIU to be provided to a target device. Specifically, the PIU generating unit 2740 may generate an RPMB message including authentication data and meta data. The authentication data may be a MAC generated by the MAC calculator 2720. In an embodiment, the authentication data included in the RPMB corresponding to the authentication key programming request provided in the authentication key programming operation may be the authentication key itself.

In the normal RPMB mode, the PIU generator 2740 may provide the generated RPMB message to a target device through a data in PIU or data out PIU.

In the advanced RPMB mode, the PIU generation unit 2740 may generate a PIU including an RPMB message in an additional header segment and provide the generated PIU to a target device. In the advanced RPMB mode, the total additional header segment length field in the basic header segment of the PIU containing the RPMB message may include a non-zero value.

28 is a diagram for explaining a PIU receiving unit 2800 included in a target device.

Referring to FIGS. 4 and 28 , the host 400 and the storage device 50 may perform RPMB-related operations while transmitting and receiving PIUs. In the process of performing the Authenticated Data Write Operation and the Authenticated Data Read Operation described with reference to FIGS. 14 to 26, both the host access control unit 410 and the device access control unit 210 Authentication may be performed by generating a PIU, transmitting the generated PIU, or receiving the PIU transmitted by the other party. Accordingly, the host access controller 410 and the device access controller 210 may include both the PIU transmitter 2700 and the PIU receiver 2800 described with reference to FIG. 27 .

A device generating a PIU may be an initiator device. A device receiving the generated PIU may be a target device. When the host access controller 410 provides the PIU to the device access controller 210, the host 400 may be an initiator device and the storage device 50 may be a target device. Conversely, when the device access control unit 210 provides the PIU to the host access control unit 410, the storage device 50 may be an initiator device and the host 400 may be a target device. there is.

The PIU receiver 2800 may include a PIU parser 2810, a MAC calculator 2820, and a MAC comparator 2830. The PIU parser 2810 may receive a PIU provided by an initiator device. The PIU received by the PIU parser 2810 may be a Data In PIU (Data In PIU) or Data Out PIU (Data Out PIU) in the normal RPMB mode. The PIU received by the PIU parser 2810 may be a command PIU or a response PIU in the advanced RPMB mode.

The PIU parser 2810 may obtain an RPMB message by parsing the received PIU, and obtain meta data and authentication data included by parsing the RPMB message. In an embodiment, meta data may include different components depending on the type of RPMB message. Components that may be included in meta data include the write count value, request message type, response message type, result, and address described with reference to FIG. ), nonce, data, advanced RPMB data, block count, and advanced RPMB block count.

Authentication data may be a MAC generated by an initiator device. In an embodiment, the authentication data included in the RPMB corresponding to the authentication key programming request provided in the authentication key programming operation may be the authentication key itself.

The MAC calculation unit 2820 may obtain an authentication key previously stored in the target device. The authentication key previously stored in the target device may have the same value as the authentication key stored in the initiator device.

The MAC calculator 2820 may calculate the MAC using metadata received from the PIU parser 2810 and an authentication key previously stored in the target device. For example, the MAC calculator 2820 may calculate the MAC using a hash-based message authentication code (HMAC SHA-256). The MAC calculation unit 2820 may provide the calculated MAC to the MAC comparison unit 2830.

The MAC comparator 2830 may compare whether the MAC received from the PIU parser 2810 and the MAC received from the MAC calculator 2820 match, and output an authentication result according to the comparison result. The authentication result may be used to perform an authenticated data write operation and an authenticated data read operation, which are operations for the RPMB.

As a result, if the authentication keys stored in the initiator device and the target device are different, or if the metadata used to calculate the MAC is different, authentication will fail, and the initiator device ( Authentication will be successful only when the authentication key stored in the initiator device and the target device is the same, and the metadata used to calculate the MAC is the same. Therefore, RPMB can provide a data storage function that provides high security.

29 is a diagram illustrating another embodiment of the memory controller of FIG. 1 .

Referring to FIG. 29 , the memory controller 1000 includes a processor 1010, an internal memory 1020, an error correction circuit 1030, a host interface 1040, a buffer memory interface 1050, and a memory interface 1060. can do.

The processor 1010 may perform various operations for controlling the memory device 100 or generate various commands. Upon receiving a request from the host 400, the processor 1010 may generate a command according to the received request and transmit the generated command to a queue controller (not shown). In addition, the processor 1010 may identify a host access mode for the secure storage area of the host from a command received from the host, compare it with a device access mode, and determine whether to perform an access operation for the secure storage area. In addition, the secure storage area in the memory device 100 may be accessed by performing an authentication operation for access to the secure storage area.

The internal memory 1020 may store various pieces of information necessary for the operation of the memory controller 1000 . For example, internal memory 1020 may include logical and physical address map tables. The internal memory 1020 may include at least one of random access memory (RAM), dynamic RAM (DRAM), static RAM (SRAM), cache, and tightly coupled memory (TCM). . In one embodiment, device access mode information may be stored in the internal memory 1020, but is not limited thereto, and may be stored in a separate memory distinct from the memory controller 1000.

The error correction code circuit 1030 is configured to detect and correct an error in data received from the memory device 100 using an error correction code (ECC). The processor 1010 may adjust a read voltage according to an error detection result of the error correction code circuit 1030 and control the memory device 100 to perform rereading. As an exemplary embodiment, the error correction block may be provided as a component of the memory controller 1000 .

The host interface 1040 may exchange commands, addresses, and data between the memory controller 1000 and the host 400 . For example, the host interface 1040 may receive a request, address, data, etc. from the host 400 and output data read from the memory device 100 to the host 400 . The host interface 1040 includes USB (Universal Serial Bus), SATA (Serial AT Attachment), SAS (Serial Attached SCSI), HSIC (High Speed Interchip), SCSI (Small Computer System Interface), PCI (Peripheral Component Interconnection), PCIe (PCI express), NVMe (NonVolatile Memory express), UFS (Universal Flash Storage), SD (Secure Digital), MMC (MultiMedia Card), eMMC (embedded MMC), DIMM (Dual In-line Memory Module), RDIMM (Registered DIMM), LRDIMM (Load Reduced DIMM), ESDI (Enhanced Small Disk Interface), or IDE (Integrated Drive Electronics) protocols may be used to communicate with the host 400 .

The buffer memory interface 1050 may transmit data between the processor 1010 and the buffer memory. The buffer memory may be used as an operation memory or cache memory of the memory controller 1000 and may store data used in the storage device 50 . The buffer memory interface 1050 by the processor 1010 may use the buffer memory as a read buffer, a write buffer, a map buffer, and the like. Depending on the embodiment, the buffer memory is DDR SDRAM (Double Data Rate Synchronous Dynamic Random Access Memory), DDR4 SDRAM, LPDDR4 (Low Power Double Data Rate 4) SDRAM, GDDR (Graphics Double Data Rate) SDRAM, LPDDR (Low Power DDR), or It may include Rambus Dynamic Random Access Memory (RDRAM). When the buffer memory is included in the memory controller 1000, the buffer memory interface 1050 may be omitted.

The memory interface 1060 may exchange commands, addresses, and data between the memory controller 1000 and the memory device 100 . For example, the memory interface 1060 may transmit commands, addresses, and data to the memory device 100 through a channel and may receive data from the memory device 100 . The memory interface 1060 may store data in a secure storage area within the memory device 100 or read data from the secure storage area according to instructions from the processor 1010 .

30 is a block diagram showing a memory card system to which a storage device according to an embodiment of the present invention is applied.

Referring to FIG. 30 , a memory card system 2000 includes a memory controller 2100, a memory device 2200, and a connector 2300.

The memory controller 2100 is connected to the memory device 2200 . The memory controller 2100 is configured to access the memory device 2200 . In an embodiment, the memory controller 2100 may access a secure storage area within the memory device 2200 . For example, the memory controller 2100 may be configured to control read, program, erase, and background operations of the memory device 2200 . The memory controller 2100 is configured to provide an interface between the memory device 2200 and a host. The memory controller 2100 is configured to drive firmware for controlling the memory device 2200 . The memory controller 2100 may be implemented identically to the memory controller 200 described with reference to FIG. 1 .

Illustratively, the memory controller 2100 may include components such as a random access memory (RAM), a processing unit, a host interface, a memory interface, and an error correction unit. can

The memory controller 2100 may communicate with an external device through the connector 2300 . The memory controller 2100 may communicate with an external device (eg, a host) according to a specific communication standard. For example, the memory controller 2100 may include universal serial bus (USB), multimedia card (MMC), embedded MMC (eMMC), peripheral component interconnection (PCI), PCI-express (PCI-E), and advanced technology attachment (ATA). ), Serial-ATA, Parallel-ATA, SCSI (small computer system interface), ESDI (enhanced small disk interface), IDE (Integrated Drive Electronics), Firewire, UFS (Universal Flash Storage), WIFI, Bluetooth, It is configured to communicate with an external device through at least one of various communication standards such as NVMe. Illustratively, the connector 2300 may be defined by at least one of the above-described various communication standards. An external device may request the memory controller 2100 to access a secure storage area within the memory device 2200 .

For example, the memory device 2200 may include electrically erasable and programmable ROM (EEPROM), NAND flash memory, NOR flash memory, phase-change RAM (PRAM), resistive RAM (ReRAM), ferroelectric RAM (FRAM), and STT-MRAM. (Spin Transfer Torque Magnetic RAM) and the like. The memory device 2200 may include a secure storage area, which is a memory block to which access is limited, such as access only through a predetermined special command or authentication, and a normal storage area, which is a memory block that can be accessed without any restriction.

The memory controller 2100 and the memory device 2200 may be integrated into a single semiconductor device to form a memory card. For example, the memory controller 2100 and the memory device 2200 are integrated into a single semiconductor device such as a personal computer memory card international association (PCMCIA), a compact flash card (CF), or a smart media card (SM, SMC). ), memory sticks, multimedia cards (MMC, RS-MMC, MMCmicro, eMMC), SD cards (SD, miniSD, microSD, SDHC), and universal flash memory (UFS).

31 is a block diagram illustrating a solid state drive (SSD) system to which a storage device according to an embodiment of the present invention is applied.

Referring to FIG. 31 , an SSD system 3000 includes a host 3100 and an SSD 3200 . The SSD 3200 exchanges signals with the host 3100 through the signal connector 3001 and receives power through the power connector 3002 . The SSD 3200 includes an SSD controller 3210, a plurality of flash memories 3221 to 322n, an auxiliary power supply 3230, and a buffer memory 3240.

According to an embodiment of the present invention, the SSD controller 3210 may perform the function of the memory controller 200 described with reference to FIG. 1 .

The SSD controller 3210 may control the plurality of flash memories 3221 to 322n in response to a signal received from the host 3100 . For example, the signals may be signals based on an interface between the host 3100 and the SSD 3200 . For example, signals include universal serial bus (USB), multimedia card (MMC), embedded MMC (eMMC), peripheral component interconnection (PCI), PCI-express (PCI-E), advanced technology attachment (ATA), serial- Interfaces such as ATA, Parallel-ATA, SCSI (small computer system interface), ESDI (enhanced small disk interface), IDE (Integrated Drive Electronics), Firewire, UFS (Universal Flash Storage), WIFI, Bluetooth, NVMe, etc. It may be a signal defined by at least one of The signal may be transmitted and received in the form of various commands, and may be a signal requesting access to a secure storage area located in some of the plurality of flash memories 3221 to 322n or a response signal to such a request.

The auxiliary power supply 3230 is connected to the host 3100 through a power connector 3002 . The auxiliary power supply 3230 can receive power from the host 3100 and charge it. The auxiliary power supply 3230 may provide power to the SSD 3200 when power supply from the host 3100 is not smooth. For example, the auxiliary power supply 3230 may be located inside the SSD 3200 or outside the SSD 3200 . For example, the auxiliary power supply 3230 is located on the main board and may provide auxiliary power to the SSD 3200.

The buffer memory 3240 operates as a buffer memory of the SSD 3200. For example, the buffer memory 3240 temporarily stores data received from the host 3100 or data received from the plurality of flash memories 3221 to 322n, or metadata (metadata) of the flash memories 3221 to 322n. For example, a mapping table) may be temporarily stored. The buffer memory 3240 may include volatile memories such as DRAM, SDRAM, DDR SDRAM, LPDDR SDRAM, and GRAM, or non-volatile memories such as FRAM, ReRAM, STT-MRAM, and PRAM.

32 is a block diagram illustrating a user system to which a storage device according to an embodiment of the present invention is applied.

Referring to FIG. 32 , a user system 4000 includes an application processor 4100, a memory module 4200, a network module 4300, a storage module 4400, and a user interface 4500.

The application processor 4100 may drive components included in the user system 4000, an operating system (OS), or a user program. Illustratively, the application processor 4100 may include controllers, interfaces, graphic engines, and the like that control components included in the user system 4000 . The application processor 4100 may be provided as a System-on-Chip (SoC).

The memory module 4200 may operate as a main memory, working memory, buffer memory, or cache memory of the user system 4000 . The memory module 4200 includes volatile random access memory such as DRAM, SDRAM, DDR SDRAM, DDR2 SDRAM, DDR3 SDRAM, LPDDR SDARM, LPDDR2 SDRAM, LPDDR3 SDRAM, etc., or non-volatile random access memory such as PRAM, ReRAM, MRAM, FRAM, etc. can do. For example, the application processor 4100 and the memory module 4200 may be packaged based on a package on package (POP) and provided as a single semiconductor package.

The network module 4300 may communicate with external devices. Illustratively, the network module 4300 may include code division multiple access (CDMA), global system for mobile communication (GSM), wideband CDMA (WCDMA), CDMA-2000, time division multiple access (TDMA), and long term evolution (LTE). ), wireless communication such as Wimax, WLAN, UWB, Bluetooth, Wi-Fi, etc. may be supported. For example, the network module 4300 may be included in the application processor 4100 .

The storage module 4400 may store data. For example, the storage module 4400 may store data received from the application processor 4100 . Alternatively, the storage module 4400 may transmit data stored in the storage module 4400 to the application processor 4100 . For example, the storage module 4400 is a non-volatile semiconductor memory device such as a phase-change RAM (PRAM), magnetic RAM (MRAM), resistive RAM (RRAM), NAND flash, NOR flash, or 3D NAND flash. can be implemented For example, the storage module 4400 may be provided as a removable storage medium such as a memory card or an external drive of the user system 4000 .

For example, the storage module 4400 may include a plurality of nonvolatile memory devices, and the plurality of nonvolatile memory devices may operate in the same way as the memory device 100 described with reference to FIG. 1 . That is, a secure storage area may be included in some of the plurality of non-volatile memory devices. The storage module 4400 may operate in the same way as the storage device 50 described with reference to FIG. 1 .

The user interface 4500 may include interfaces for inputting data or commands to the application processor 4100 or outputting data to an external device. For example, the user interface 4500 may include user input interfaces such as a keyboard, keypad, button, touch panel, touch screen, touch pad, touch ball, camera, microphone, gyroscope sensor, vibration sensor, piezoelectric element, and the like. there is. The user interface 4500 may include user output interfaces such as a liquid crystal display (LCD), an organic light emitting diode (OLED) display device, an active matrix OLED (AMOLED) display device, an LED, a speaker, and a monitor.

50: storage device
100: memory device
110a: secure storage area
110b: normal storage area
200: memory controller
210: device access control unit
300: access mode memory
400: host
410: host access control plane

Claims (20)

a memory device including a secure storage area for storing data accessed according to authentication;
an access mode memory for storing device access mode information about an operation mode for the secure storage area; and
and a memory controller that receives a command related to the secure storage area from an external host and processes the command according to whether host access mode information included in the command matches device access mode information.
The method of claim 1, wherein the secure storage area,
A storage device that is an area accessible when a predetermined command is received or when authentication is passed.
The method of claim 1, wherein the host access mode information comprises:
and information about an operation mode of the secure storage area provided by the host.
The method of claim 3, wherein the host access mode and the device access mode, respectively,
A storage device in a first access mode or a second access mode in which an access speed to the secure storage area is faster than the first access mode.
The method of claim 4 , wherein the memory controller comprises:
If the device access mode is the first access mode, obtaining information necessary for the authentication from a command additionally input after the command.
The method of claim 4 , wherein the memory controller comprises:
and obtaining information necessary for the authentication from the command when the device access mode is the second access mode.
The method of claim 4, wherein the command,
a common segment commonly included in commands transmitted and received between the external host and the memory controller;
a unique field including a unique value according to the type of the commands; and
and an additional segment that is a segment other than the common segment.
The method of claim 7, wherein the common segment,
A storage device including information indicating the length of the additional segment.
The method of claim 8 , wherein the memory controller comprises:
and identifying the host access mode based on at least one of information representing the length of the additional segment and the additional segment.
10. The method of claim 9, wherein the memory controller,
and identifying that the host access mode is the first access mode when the length of the additional segment is 0 or the additional segment does not include information required for the authentication.
10. The method of claim 9, wherein the memory controller,
and identifying the host access mode as the second access mode when the length of the additional segment is not 0 or the additional segment includes information necessary for the authentication.
The method of claim 11, wherein the information necessary for the authentication,
A storage device including at least a portion of metadata or authentication data included in a message requesting access to the secure storage area.
The method of claim 1 , wherein the memory controller comprises:
and accessing the secure storage area according to the access mode when the host access mode and the device access mode match.
The method of claim 1 , wherein the memory controller comprises:
If the host access mode and the device access mode do not match, access to the secure storage area is not performed.
15. The method of claim 14, wherein the memory controller,
A storage device that provides information indicating an error to the external host.
A memory device including a secure storage area for storing data accessed according to authentication, an access mode memory for storing device access mode information related to an operation mode for the secure storage area, and a memory controller for processing commands received from an external host In the operating method of the storage device comprising a,
receiving a command related to the secure storage area from the external host;
identifying a host access mode indicating an operation mode for the secure storage area of the external host based on the command; and
and comparing the host access mode and the device access mode.
17. The method of claim 16, when the host access mode and the device access mode match,
and accessing the secure storage area according to the access mode.
17. The method of claim 16, when the host access mode and the device access mode do not match,
The operation method further comprising providing information indicating an error to the external host.
According to claim 18,
The storage device does not perform access to the secure storage area.
A memory device including a secure storage area for storing data accessed according to authentication, an access mode memory for storing device access mode information related to an operation mode for the secure storage area, and controlling the memory device and the access mode memory a storage device including a memory controller; and
A host device providing a command related to the secure storage area to the storage device;
The memory controller,
A computing system that processes the command according to whether the host access mode information included in the command matches the device access mode information.

Images