TWI330320B - Cryptographic serial ata apparatus and method - Google Patents

Description

MODIFICATION OF THE EMBODIMENT OF THE INVENTION EMBODIMENT OF THE INVENTION The present invention relates to an encryption/decryption application, and more particularly to an encryption/decryption serial ATA (Serial®, or SATA) device and method . The term "AT" (AT interface) refers to the physical, electrical, transmission, and command agreements for the internal configuration of a storage device. Among them, the term "AT" is derived from the IBM® Personal Computer (PC) AT (Advanced Technology) introduced in 1984, which is the most advanced personal computer at that time. [Prior Art] The Serial ATA (Serial ATA, SΑΤΑ) specification is used to replace the high-speed interface of the parallel type. The SATA specification defines three different speeds', ie the first generation operates at a transmission rate of 1.5 billion bits per second (ι·5 Gbps), the second generation transmission rate at 3.0 Gbps per second, and the third generation transmission rate at each Seconds 6:00 Gbps. And the SATA specification defines point-to-point transmission between the host adapter and the storage controller. For example, the host adapter may be a 1C that includes a serial ΑΤΑ controller with a Peripheral Component Interconnect (PCI) interface. ''pci' is the regional bus (L〇caiBus) standard developed by Intd®. Storage device: can be a serial ATA hard disk drive (Hard_Disk Drive) This point-to-point transmission is not a common idea, each SATA The device communicates with the controller using an exclusive point-to-point channel. 'For the Operating System (OS), the SATA controller is like a parallel ATA controller. Therefore, the SATA controller supports and juxtaposes The same command and the same initialization behavior as the controller. In particular, the serial program provides the host software with the same workmanship as the side-by-side program.

Called Regi. However, in the case of a serrated towel, the scale is usually not placed on the towel. On the contrary, it has been applied to the domain control towel, which is called the “Shad〇w Registers” in SATA. Accurate and versatile disk drive is the same as 瞀存益" face to ensure software compatibility. 1330320 S Li specification for Wei stratification. SATA is the most abundant (four) (four) 'PHY) layer' where the physical layer is responsible for generating the actual electronic signal, transmitting the electronic «' and decrypting the received electronic signal. The real county capacity also includes the transmission of special forced reset signals, the field plugged in the charm of the lying, from the difficult state of the pants and speed conversion. In this regard, the SATA specification uses robust differential signaling. In particular, the signal is not transmitted at a voltage on a conductor associated with a common ground but at a potential difference between two adjacent conductors. When the voltage on the conductor is high, the voltage of the other conductor is low,

On April 27, 1999, the correction was made for the tow-two-phase swivel as the opposite conductor. This type of inspection mark can achieve the benefits of eliminating noise and crosstalk. Any equivalent amount of electromagnetic interference (Elec^), including noise and crosstalk, can be received: subject to differential cancellation. Above the layer is the link layer, which is responsible for encoding the transmitted data, decoding the received data, basic communications and protocols. A very common 8-bit (8b) / 1 〇 bit (10b) encoding method is used. An 8-bit byte can be represented as 256 different values, which are listed in a different American Standard C (Data Standard Interchange, ASCII) code table. A 10-bit byte has 1024 different values. When 256 possible byte values are encoded using a ίο-bit field, 256 values can be selected from the 1024 possible values to be used in the encoding method. This 8b/1〇b encoding method includes limited run length, data communication (DC) balance, and the ability to encode special control characters like primitives. The basic type is used to indicate the transmission of special conditions between the output and the receiver, such as SOF (Start 〇f Frame), EOF (End of Frame), and ALIGN (to identify the position of the character boundary in the bit stream). ). The link layer includes (a) ''idle'' (idle) agreement for establishing communication, (b) "transport" protocol for handling data bearer transmission, (6) 'receiving, and agreement, for handling transmitted The data-bearing receiving 'and (d) "power management" (p〇wer Management) agreement is used to handle the entry/exit of the two power management states. The link layer is also responsible for transmitting the data bearer packet. The data bearer packet is called the frame resource. 6 1330320 The frame information structure (FIS) was revised on April 27, 1999. A frame is one to a plurality of sets of Double Word (DWORD) data transmitted between the host and the device. ― DWORD can be expressed as 32 bits of data, or as two adjacent words (words), or as four adjacent bytes (bytes). When represented by a bit, from right to left, the rightmost bit is the least significant bit' which is bit 0, and the leftmost bit is the most significant bit, which is bit 31.

The basic types of exchanges between the host and the device are described in the link layer agreement, and responses to various basic types and conditions. The link layer protocol is also responsible for calculating the Cyclic Redundancy Check eade (code) for each transmitted FJS data bearer. The calculated CRC is appended to the end of the transmitted FIS data. The link layer verifies and removes the CRC in each of the received HSs. In order to minimize the influence of electromagnetic interference on the data bearer transfer, the link layer first scrambles the bearer data in the fIS before the FIS transmits to the SATA interface. In the SATA structure, above the link layer is the transport layer' whose main work is to construct (package) the FIS to be transmitted and to decompose the received FIS. When a higher layer requires the construction of a FIS data, the transport layer (a) collects the data content according to the type of FIS required; (b) sorts the FIS content; (c) notifies the link layer of the required frame transmission, and transmits Ns content to the link layer; manage buffer/First In First Out (FIFO) process and process control required to notify the link layer; (e) receive frame response message from the link layer; and (f) compare The high-level return transmission is normal or not and its error message. The transport layer remains context-free on the ΑΤΑ command or previous HS content. The general version of the FIS includes a FIS header and a FIS body. The FIS header typically contains a value for the FIS type block and at least one control field. The FIS ontology contains data bearers. The value of the FIS type block is recorded in the first byte. Among them, the FIS type includes (a) register to Host to Device, (b) Register-Device to Host, (c) data, and (4) direct memory. Access (Direct Memory Access 'DMA), (e) Programmable Input/Output (PIO) Settings '(f) Set Device Bits, (g) DMA Settings' and (8) Built-in Self-Test (Built-in 7 April 27, 1999 revised replacement

Self-Test, BIST) starts. The second tuple contains control information of the FIS and has three-level positioning elements and several reserved bits. Therefore, these three qualifying bits are not applicable to all types of FIS. The three qualified bits include a c (higher) bit, which is an instruction/control bit, an I bit, which is used to indicate whether an interrupt instruction should be triggered, and a D bit, which records the data transfer. direction. All fields after the above two bytes are FIS bearer data (Payload Data) ° For example, 'scratchpad-host to device type, its FIS category block value is hexadecimal value 0x27' After the scramble, the block is hexadecimal value 〇χΑΑ, and the binary code has a 10-bit code value of 010101101 (^ the format of the data ns, whether it is transmitted from the host to the device or from the device to the host. The data FIS includes two blocks for identifying the FIS category and related control information, and the rest is the transmitted bearer data. In order to perform high-speed encryption/decryption operations on the FIS, two main tasks must be implemented. First, it must be immediately Check whether the data is FIS and separate from the non-data FIS; secondly, each detected data FIS should be quickly checked to see if it contains data to be added/decrypted. The 'addition/decryption process can include the following Steps: (a) Detect the diameter of the flag (mail coffee F (four), if the path flag is true (True) ' indicates that the frame does not do any encryption / decryption operations, immediately pass, and (b) if the diameter flag is False, indicating that the frame must be added/resolved individually. The conventional method of performing such operations includes, first, decomposing the received SAm protocol stack, then 'analysing the decomposed _, and finally decorating the package data into the SATA protocol stack for transmission. In the hardware / Lai Fu Cheng Gu, the health of the company is not efficient. Under the SATA specification, it is necessary to provide a more efficient and uncomplicated implementation of the password operation device. This - add / unlock SATAS device should be high speed Add/decrypt processing each data stream selected from the input/output terminals (host and device). In addition, the device should have the ability to quickly determine whether the received FIS and its data bearer require encryption and decryption processing. In view of the above, the present invention is directed to the above-described apparatus and method thereof to improve the above-mentioned problems. 'Output-type encryption/decryption sequence type ΑΓΑ The following is a specific implementation of the encryption/decryption sequence type device: -, providing an addition /decryption sequence (10) device, - the package f is suitable for the protocol stack of differential signal transmission, and at least force / add, solution - according to another feature of the present invention, provides an encryption / decryption containing a master The controller, at least _sata+a-flying device, is coupled to the main controller 盥 SATA ^ ^ at least - add / decrypt device. The addition / de-processing. LSATA cooperation between the heap Provides high-speed encryption/decryption with a feature-providing-addition/decryption device, which is packaged in two packages, - SATA device protocol stacking, a Sata±, A device coordination between 4 stacks to provide high speed Add/decrypt processing. The following is a specific implementation of the encryption and decryption sequence ATA method: 2 - the invention of the invention - provides a kind of conversion _ 彳 type of hybrid method, the direct package «Ιπ * ATA ^) f ^ pi 〇 ' Use the encryption/decryption device to receive one (four) #Data plus CGmmand) FIS from the host, and decide whether the received ρι〇SATAh"-IS is a predetermined program (the job _ riding should be added/decrypted) Add the Momo type;; again, use the add/decrypt SATA device to pull the self device out of the host! ^ ns ns bypass to the host; then, using the add/decrypt sata device to detect the received FIS bearer (the detected data fat bearer has been added; the most use plus / solve 8 SATA device to detect the state of receiving from the device The register ns, wherein the device status register FIS detected by L detects the encryption/decryption sata device to be reset to the path 9 mode. The correction replacement step is performed on April 27, 1999. The scale aa green contains several, and then the add/decrypt serial ATA (SATA) device is inserted into a host and a device; ^miv uses the add/disassemble SATA device to measure the DMA received from the host. Add/decrypt SATAI to set TM. Fortune, gamma H (four) save 11 TM to promote the knife edge / solution in the SATA device reset to the routing mode. Connection. Take two 'two, fixed stack' via - differential serial channel and external host (four) Execution or non-execution of the encryption/decryption algorithm, between the stacks of the agreement and the protocol, the ribs provide cryptographic processing, in which the second time to receive data for non-transfer cranes or data types that do not need to be added/decrypted - When the material is in the feed, the add/uncryptor does not perform the key operation, otherwise the encryption/decryption operation is performed. ~, a feature, provides an encryption / decryption device comprising: an encryption / decryption sequence & set SATA) device 'includes: - agreement stack, used to communicate with one, set a "communication, - plus / solve (four) Material, operation _ connected to the SATA agreement heap, used to encrypt the first part of the first bearer received from the SATA stack recording. ==: The secret is received from the interface of the S-protocol processing device - Temporary storage and coordination / stack without decryption is Host FIS. Set to host FIS (Raster-Device to

SATA device, comprising: a SATA according to a feature of the present invention, providing - an encryption/decryption 1330320 station f ~ 兮 兮 Ζ / Μ ϋ 杂 杂 ' 肋 — — — — — — — — SATA SATA SATA SATA SATA SATA SATA SATA SATA SATA SATA SATA SATA 2 stacking 'used to communicate with the device interface of the -SATA device; -adder/decryptor engine, t system ^ between the SATA device stack and the SATA domain age stack, used to port or decrypt the device interface or One of the materials of the FIS

The == device is configured to: when the ___ is associated with the instruction set of the predetermined category, the host agreement stack transmits at least one first bearer of the first data FIS to the encryption/decryption (four) engine to enable the encryption/decryption H engine Decrypting at least a portion of the first bearer received from the SATA host protocol stack; causing the SATA device to negotiate the stack to transmit the decrypted portion of the first bearer of the first data fertilizer; receiving the SATA device 4 secret interface - The register_device to the host FIS. 'Self-installation according to the present invention-characteristic' provides an encryption/decryption method for an encryption/decryption apparatus comprising the following steps: transmission without encryption - PIO data output instruction (PIO Data out)

Command) FIS to an interface of a device; receiving a chat setting from the interface of the device _ Setup) FIS, PI0 setting ^ ns indicates the interface of the device ^❻+

—*—. On the 27th of the month, the repaired HO setting FIS must be decrypted, that is, the generated and transmitted—the first signal; the first signal received by the response, the receiving-data bearing; when the data bearing is related to the instruction set of the _predetermined category 'Encryption (10) bears at least part of; according to the bearer encryption _ share to generate a data FIS; transfer data FIS to the device interface; from the device interface to receive a register - device to the host 戸叫丨丨The singer calls out: and generates and transmits a second signal without decrypting the scratchpad-device to the host FIS, and the second signal indicates whether the transmission of the encrypted portion of the data bearer is successful. According to a feature of the present invention, an encryption/decryption method is provided for an encryption/decryption apparatus, comprising the steps of: receiving a PIO data output command FIS from one host interface; transmitting a PIO setting FIS to the host interface, PIO setting FIS indicates whether the interface of the device is ready to receive a data; receiving a data FIS from the interface of the host; and when the data ns is associated with a predetermined set of instructions, encrypting at least a portion of a data in the data FIS; Transmitting the encrypted portion of the data bearer; and eliminating the need to decrypt a scratchpad-device to the host FIS, ie transferring the scratchpad-device to the host F1S, and registering the register to the host FIS indicating the data bearing plus 11 1330320 99 4 On the 27th of the month, it is corrected whether the transmission of the replacement secret part is successful. ~ 1 " According to a feature of the present invention, there is provided an encryption/decryption method for an encryption/decryption apparatus, the package comprising the following steps: transmitting a data input instruction without encryption (DMA Data In

Command) HS to - an interface of the device; receiving a data fis from the interface of the device; when the data FIS is associated with the instruction set of the predetermined category, decrypting at least a portion of a data bearing in the data ns; The decryption part generates and transmits a -first signal; transmits the decrypted part of the data bearer; receives the interface from the device-scratch-device to the host fis; and relies on (4) saves the m to the domain FIS, ie generates and transmits the second gift , The second signal indicates whether the transmission of the decrypted part of the data bearer is successful. 4, according to the present invention - characteristics, providing an encryption / decryption method for an encryption / decryption device, comprising the steps of: receiving a DMA data input command (dma d blood * InC 〇 nd) FIS from an interface of the host; Transmitting a first-signal to the interface of the host, the first signal indicates whether one of the devices is ready to transmit a data FIS; when the data FIS is associated with a predetermined set of instructions, one of the decrypted data FIS At least one part of the data bearer; according to the decrypted part of the data bearer, generating a data FIS: transmitting the data to the interface of the host; and without decrypting the PIO register - hitting the host FIS, that is, transmitting a register - Device-to-host FIS 'Suspension Benefit-Device-to-Host FIS indicates whether the transmission of the decrypted portion of the data bearer was successful. The following is a detailed description of the specific embodiments and the accompanying drawings, and it is easier to understand the purpose, technical contents, features, and effects of the present invention. [Embodiment] Some embodiments of the present invention will be described in detail with reference to the objects of the present invention. Additional features, features, and/or advantages of the invention are apparent from the description or the embodiments. The drawings are not proportional to each other. The same figure and the same number of the description towel represent the same characteristics. 12 1330320 Modified on April 27, 1999, Figure 1 is a ghost diagram illustrating one of the encryption/decryption SATA device interface devices of the present invention can be used separately from the SATA host adapter (not shown). Transfer n (hereinafter _, ,, host, ,) can be provided, for example, on the main PC. The decryption device 20 can be used to receive input from the device controller ^ to communicate the output TXd to the SATA device controller (not shown). The SATA device control piracy (hereinafter referred to as the device) can be provided on a peripheral device, such as a hard disk drive, an optical drive, etc. (such as a CD ROM, a DVD R 〇 M object. Appropriate it_合' repair-sequence ATA money, communication with domain and device, lack, here is not limited to only side-sequence ATA cable. The data transmitted by the host and the device, f contains instructions, (4), (4) and data The signal 'county thief loaded to the phase ata protocol stack f and then the state t, which can carry the wheel in the -electric two differential signal. In the embodiment of the invention, the add/decrypt SATA device includes one plus The /decryptor 22' is secreted between the main controller 24 and the device agreement stack % and the host age stack 28 ^. The any-contract stack (26, 28) includes - physical layer (Physical Layer, ρ Η γ) 3 〇, a link Layer (6) Rainbow 呒 呒 及 及 及 及 及 及 及 ... ... ... ... 一 一 一 一 一 一 一 一 Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application / or select the data fat carrier exchanged between the host and the device 'for encryption / decryption operations. Non-data FIS or no encryption, The decrypted data positivity, such as FIS Command, Control, or Status information, is allowed to pass directly (from side to side), ie, bypassing the encryptor/decryptor 22, such as i It will be apparent to those skilled in the art that there are many conventional add/drop devices, any of which can be applied to the add/uncrypt SATA device 20 of the present invention. It is used to regulate all signal paths containing data, command, control and status signals. The main controller 24 receives signals from all lower layers (eg, transport layer 34, link layer 32, and physical layer 30). The received signal may contain FIS category and side-out commands, transmission direction (host-to-device or device-to-host), control signals, such as the self-joining layer, April 27, 1999, correction of the replacement type detection indicator, from the physical layer 30 OOB (Om0fBand) exception handler (or out-of-band) detection indicator, other channel status indicators, and abnormal conditions, such as transmission errors or aborts, etc. The main controller 24 also regulates the operation of the cipher/decryptor 22, such as As illustrated in the figure, the main controller 24 assists with / The SATA device 20 recovers from the abnormal operation condition and maintains a stable connection between the host and the device. Fig. 2 is a table diagram showing the bit configuration of the FIS 38 in the SATA transport layer 34. The data FIS 38 is composed of a plurality of The double word group (DW0RD) consists of the first double word of the data FIS 38 is the header 4 of the data FIS 38. The first byte 42 of the data FIS 38 header 40 is the category field of the data FIS 38. The remaining three bytes of the first DW0RD contain reserved bits, reserved bit blocks, and reserved bytes (not shown). The remaining N DWORDs of the data 38 are Data Payload. The specific payload of certain data FIS 38 is encrypted/decrypted by the add/drop decoder 22 (as shown in Figure i). The non-data ns is not processed by the add/drop device 22. The data output after retransmission of the encryption/decryptor 22 is repackaged into a data FIS by adding a data header. A method of quickly determining whether a received FIS is a data FIS or a non-data FIS is to set the add/decrypt SATA device 20 to enable it to verify the FIS class block, ie, the first bit of the received FIS header. group. In particular, an FIS type detector can be provided in the transport layer 34 or the tie layer 32, as shown in Figures 7 through 8 below. As will be appreciated by those skilled in the art, the remaining bits of the first DW〇RD of the received data FIS 38 can also be analyzed using the general principles of the present invention. For example, if the value of the FIS category block is hexadecimal value 0x46 ’, the received FIS is the data FIS. On the other hand, it is the non-data side, and the 苐2 picture shows the pig category (46h) in the first byte 42 of the data FIS header. Figure 3 is a table diagram showing the bit configuration of the FIS 44 data in the SATA link layer 32. The bit configuration includes an SOF basic type 46, which is a unique two-bit code of _32 bits, used to indicate the beginning of the frame. The SOF base type 46 is followed by an encryption/decryption version of the transport layer data FIS, and a 32-bit CRC check code 48, wherein the CRC check code 48 is also encoded. The CRC check code 48 is followed by the EOF basic type 50, which is -32 bits. Basic 1330320 April 27, 1999 The type is used to indicate the end of the frame.

In one embodiment, the break-out operation is performed by a pre-defined Scrambler Syndrome Sequence and a plurality of DWORDs of the FIS for an XOR (ExclusiveOR) operation. Where XOR is a Boolean operator that returns a value of TRUE when any of its operands is true (TRUE). The value of the Scrambler Syndrome Sequence Generator is reset after the SOF base type and the value of the FIS category block immediately following the SOF base type. The group of disperser sequences when the value of the FIS category field is transmitted is equal to the seed used for the dissipator. The main purpose of FIS break-up processing is to reduce electromagnetic interference. It should be understood that any suitable method of breaking up or converting the FIS can be used, but its use cannot be for the purpose of the present invention. Figure 4 shows a schematic diagram of the configuration of the bit inserted into the ALIGN basic type 52, 54 in Figure 3. The ALIGN basic models 52, 54 are implanted by the transmitter and do not need to be broken up. Sister gamma Basic types 52, 54 are implanted at the predetermined location of the bit configuration of FIS 44 in Figure 3. ALIGN basic models 52 and 54 provide signal adjustment process control. In an embodiment, for every 256 DWORDs transmitted, there may be consecutive even numbers 1 (the basic type is generated. And these ALIGN basic functions are transferred to the part, and are deleted from the text after receiving. To illustrate the general principles of the invention, it is assumed that all of the basic types of the marrow have been deleted.

As described above, the -FIS category side device can be provided at the tie layer 32 (as shown in Fig. 8) to determine whether the FIS packaged in the tie layer protocol format is a data fertilizer. If the value of the 8-bit FIS category value after the break is hexadecimal (: Β, it is a data yang. Another method is to check the value of the scatter column, if its hexadecimal value For (4)d, it is a data HS. There is still a method to detect the 1〇_bit coded character following the basic type of s〇F (if it has a value of 1101000110 in binary format, it is - data fiction. f The FIS of all non-detected data must be encrypted and decrypted. It is like the processing of f__ after the addition/resolution of the ATA instruction with the ATA command (see Figure 1). For example, the 15 1330320 ---------- April 27 曰 correction replaces the information related to the IDENTIFY_DEVICE instruction FIS, does not need to be encrypted / decrypted by the encryption / decryptor 22, as all The device configuration, setting and status query related instructions or data. The various related PIO instructions / data C'BypassTrue" category) is listed below.

CFA-TRANSLATE-SECTOR

DEVICE-CONFIGURATION-IDENTIFY

IDENTIFY-DEVICE

IDENTIFY-PACKET-DEVICE

READ-LOG_DATA

SMART-READ-LOG-SECTOR

CFA-WRITE-MULTIPLE-WITHOUT-ERASE

CFA-WRITE-SECTOR-WUTHOUT-ERASE

DEVICE-CONFIGURATION-SET

DOWNLOAD-MICROCODE

SECURITY-DISABLE-PASSWORDS

SECURITY-ERASE-UNIT

SECURITY-SET-PASSWORDS

SECURITY-UNLOCK

SMART-WRITE-LOG-SECTOR

WRITE-LOG-EXT It is understood by those skilled in the art that a wide variety of new PI commands can be added to future versions of the sata specification for use in accordance with the general principles of the present invention. [0038] - The data transfer instruction typically carries - or multiple data FIS until its agreed sequence is terminated. All instructions can be checked by checking the register field of the register _ 16 1330320 host to the device fis 56 in the SATA transport layer 34 (the third bit (4), as shown in the alternative diagram. As shown in Figure 5, temporary storage The host/host = output 'as shown in Figure 5, the value of hexadecimal is 0x27 (restored, de-scramWed). Because of the HS class/decryptor 22 of ^岱56, it can be commanded to control. No, no plus

In the True category, as mentioned above, all the FIS FIS in the command ^, Bypass 1 will not be processed via the addition/decomposition "22" (ie, if the instruction is a hemp, category) All data under the command protocol shall be encrypted and decrypted by the add/drop device. Examples of various PIO and high-speed direct memory access (uitm dma, UDMA) "Bypass False" class instructions :

READ-SECTOR

READ-SECTOR-EXT

READ-MULTIPLE

READ-MULTIPLE-EXT

READ-BUFFER

READ-DMA

READ-DMA-EXT

WRITE-SECTOR

WRITE-SECTOR-EXT

WRITE-MULTIPLE WRITE-MULTIPLE-EXT WRITE-BUFFER WRITE-DMA WRITE-DMA-EXT 17 1330320

Lfl noon April Z7 1

= This, if the -SATA command age side reads/writes data from the physical age to the physical age (such as the section of C Li's first disc drive), the special command coherent bearer must be added/decrypted. Beike IS t exposure people, each; _ PIQ squad and DMA W write k can be added to the future version of SATA (four)' and then according to the principle of the present invention deer. For example, the current SATA specification only provides PI〇 opcodes, but for F7, fb, =

5E is no age, its ke-si, the transmission length is controlled by the segment count temporary benefit (value 0-255 represents 256 segments). They follow the timing of the ΑΤΑρι〇 and control the flow signal, but the instruction security-eraslu^t (refer to the above) may take a long time to execute. Wei in the unmade UDMA opcode (four) along the Yingxian (five), 5F-UDMAWrite. Its command characteristics are currently unknown. In the present invention, all data categories FIS in the instruction protocol, in which the detected instructions are not listed in the "Bypass False" category or "Bypass True", are not processed via the encryptor/decryptor 22. For example, the encryption/decryption SATA device 2 may not be configured to support the DMA 4 command QUEUE (a data read/write command that requires data processing with a password), so the instructions and data are passed, meaning that no The add/drop decoder 22 processes.

Correction and replacement of Figure 6 on April 27, 1999 is a table diagram of the bit configuration of the register to host to device FIS 58 in the connection layer 32, which respectively illustrates one of the transport layer and the link layer, temporarily storing _ Host to device ''FIS bit configuration. As shown in Fig. 6, the FIS category has an 8-bit coded 16-value OxAA. The data shuffler sequence group of command block 60 in Fig. 6 has a predetermined hexadecimal value of 0xD2. Therefore, the value of the instruction block in the link layer 32 is equivalent to the hexadecimal value 0xD2 and the operation code before the de-scrambling operation, the exclusive OR, (x〇R) operation result. Figure 7 is a partial schematic view (only one side) of one embodiment of an encryption/decryption SATA device 20 (shown in Figure 1) of the present invention. Those skilled in the art will appreciate that other configurations (e.g., a side-by-side interface and/or a universal serial bus (USB) interface) may be provided on the other side of the add/uncrypt SATA device 20. 18 April 27, Amendment Replacement Figure 7 depicts the FIS category detector 62 provided in the transport layer 34. The FIS category anger 62 can be used to detect and check the FIS category block (first byte) of the Fis header from the link layer 32. If the FIS category intercept value is a hexadecimal value 〇χ 46, the received FIS is the data FIS. Otherwise, it is a non-data FIS. If the received FIS is the data FIS, the FIS category detector 62 sends the data FIS bearer to the encryption/decryptor 22 for the encryption/decryption operation. If the hexadecimal value 0x46 is not found in the HS category field, the FIS category detector 62 directs the non-data FIS from the transport layer 34 to the add/drop device 22 via the application layer 36, i.e., no decryption is required. The transport layer 34 also includes a command filter 64 and is adapted to check the instruction block from any register_host to device FIS of the link layer 32 (the hexadecimal value of the FIS category is ο.?) The third byte of a 32-bit DWORD, see Figure 5). The filter 64 is provided with the Bypass control of the add/drop device 22. If the third byte of the detected device_host to device FIS does not belong to the device configuration, setting and status query of the above "Bypass True" command class, the 'winding, flag' is set to , false (False). Otherwise, the command filter 64 is set, 'by-path, flag is,, true, (True). Then all the registers · host to device FIS are led to the application layer 36, that is, no processing by the encryptor/decryptor u. =/Decryption 22 remains in the state after the previous execution until the next ATA command passes the bypass flag control signal of the buffer 64 to change it. When the appropriate data buffer is required, a FIFO buffer 66 (as shown in FIG. 7) can be coupled between the ns type detector & and the add/drop device 22. As shown in FIG. A schematic diagram of a portion (only one side) of the additional/decryptor SATA device 20 (shown in Figure 1) of the present invention. Those skilled in the art will appreciate that other configurations (e.g., parallel ATA) The interface and/or USB interface can be provided on the other side of the add/drop SATA device 20 as needed. As shown in FIG. 8, the bonding layer 32 There is also a FIS class debt detector 68. The FIS class, the detector 68 can be used to determine whether the bit stream from the physical layer 3() is included in the packet, including the poor FIS of the packet. The method determines a specified restored bit 1330320 on April 27, 1999 to correct the replacement value, such as the first restored bit value after the SOF basic type. The first after the SOF basic type If the restored value is hexadecimal value 0x46, it belongs to the data HS. The second method involves checking the specified bit value after the break, for example, the first bit after the SOF basic type. The value of the element. After the SOF basic type, the first bit value after the break is hexadecimal value OxCB, which belongs to the data FIS. The third method is the 0x8D related disperser sequence group 16 The hexadecimal value is determined. A data FIS should have a hexadecimal value of OxCB with 8 bits broken. The fourth method determines the content of the first 10-bit character after the SOF base class. It should have Binary value (1101000110).

If the data FIS has been detected, the FIS category detector 68 sends the data HS to the encryptor/decryptor 22 for the encryption/decryption operation. Otherwise, the FIS class detector 68 moves the non-material FIS through the physical layer 30 and the link layer 32 away from the force σ/decryptor 22, i.e., without cryptographic processing.

The link layer 32 also includes a command filter 70 and is adapted to determine whether the bit stream entered from the physical layer 30 includes a register-host to device FIS containing the category of the 'Bypass True' category described above. The instruction. The scratchpad-host to device FIS in the link layer 32 can be detected by one of four methods. The first method determines the value of the byte after the predetermined restore, for example, after the SOF basic type. The value of a byte that has been restored. If it is a scratchpad-host to device FIS, the first byte after the SOF base class has been restored should be a hexadecimal value of 0x27. The two methods determine the value of a predetermined break bit, such as the value of the first broken bit after the SOF basic type. If it is a scratchpad-host to device FIS, the SQF base side is followed by The value of the first and second bytes should be 16. The third method is based on the hexadecimal value of the relevant disperser sequence group. It is used to determine the value of the byte. The host-to-device FIS should have an 8-bit encoded binary value of OxAA. The fourth method determines the S0F basic type. The content of the first - 1 _ _ character character. It should have the value of the binary format _1 011 〇 1 〇). A FIF 〇 buffer test 72 (as shown in Figure 8) is connected to the FIS category The detector 68 and the encryptor/decryptor 22 are buffered as data. Week 20 1330320 April 27, 1999 Amendment to a skilled person will be undoubtedly considered in the second embodiment (Fig. 7 and Fig. 8) It is not necessary to decompose the transport layer and/or the link layer protocol in the SATA device of the present invention to implement the cryptographic processing of the data. Therefore, the software of the embodiment described in the FIGS. 7 and 8 is implemented. The waiting time and complexity of the hardware can be greatly reduced. Figure 9 is a block diagram illustrating the encryption and decryption operation control implemented in the present invention. It should be understood that in any consistent application (such as Figures 7 and 8), ΑΤΑ command filter (64 or 70), logic signal, or "(R) operation around the control signal and the "pre-set path" signal in the main controller 24, wherein the output control of the main control 24 is added /Decryptor 22 operation. The "pre-set routing" signal in the main controller 24 maintains quirks throughout the power cycle of the add/uncrypt SATA device 20. If the pre-set winding control signal is set to logic "丨", then, the path, the flag will be set to true, regardless of the state of the command filter. If it is set to logic, 〇,, The operation of the add/drop device 22 is only determined by the command filter, the path, and the control signal. The FIS type detector and the command filter are set at the link layer 32, as shown in FIG. It can be seen that there are various advantages. For example, if the detection operation is performed in the connection layer 32, the waiting time for transporting the category DWORD to the transport layer can be reduced. The time from the Chery reaction will be less limited. The time-consuming process (4) The extra time obtained will be very useful when implemented in the embedded processing unit (CPU). On the other hand, the advantages of the embodiment of Fig. 7 are simple, meaning Only a less complicated control logic design is needed. Fig. 10 is a schematic diagram of the data flow of the SATA device 2 (as shown in the figure) via the present invention. In particular, 'based on pi〇f material Output instruction (ρι〇 (5) Command) data stream The sequential paper adding/decrypting apparatus 2 operates according to the response and response data received and transmitted on the serial ATA channel of the host and the device. In this embodiment, 'assumed to add _ SATA device 2 〇 initial Set to "idle, state, at this time, it listens to any activity of the serial ATA channel between the host and the device. In this case, the path, the flag is, 'true.' In step i, Add/decrypt SAm device Μ side to host receiving pio data output command ❿ second, decide to receive ρι〇 data output 21 1330320 _99 April 27 曰 correction replacement _ command belongs to the predetermined category. For example, PIO t material output instruction In the predetermined category, the main controller 24 of the add/decrypt SATA device 20 resets, the path, and the flag (as shown in Fig. 9) is "false", that is, the encryptor/decryptor 22 is in the encryption mode. 2, the add/decrypt SATA device 2 旁路 bypasses the ρι〇 setting pH received from the device to the host. In step 3, the SATA device 2 is added/decrypted (H 贞 已 已 已 接收 接收 接收 接收 接收 F F F F F All data DW〇R〇 will be directed to the encryption/decryptor In order to encrypt, in step 4, such as adding/decrypting SATA device 2 (M 贞 one (state) register has been received from the device (command completed or terminated), then, the path, the flag ( As shown in Figure 9) will be re

Set, for "true,,, add/decrypt SATA device 2〇 return" idle, state. Otherwise, if the instruction has not been completed, the processing procedure repeats steps 2, 3, and 4, respectively, for the process of adding/decrypting the Sata according to another embodiment of the present invention. Long is, listening to the age of the employee (the DMA Data In Com data system will be explained. Assume that the encryption/decryption device 2 is initially set to the inter-statement state] the ridge listens to the host and the device-end serial ata channel Any activity. In this state, the 'winding' flag is,, true,,. When the hard disk machine is ready to transmit the dragon to the host, the hard disk machine sends a proper request, and the host is responded to. After the message, the hard disk drive transmits the data-type TM. After the FIS is received, the DMA engine in the host controller transmits the received data to the domain side and has already preempted the rule. _Device 2〇 detects that a dirty shell has been received from the host. If the command belongs to a predetermined category, the SATA device 20 is added.

In Fanchuan...眭... The flag of the pepper is shown in the figure),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, From 3 in the 'sequence ATA plus / flap set such as « will be the main _: order has been completed or aborted", "around the path" Dan. It is true that the SATA device 20 is added/decrypted, and the replacement is set on April 27, 1999. Otherwise, if the decision command is not completed, steps 2 and 3 will be repeated. Figure 12 is a schematic view of the encryption/decryption SATA of the present invention to

Drive

Electronics, IDE) implementation. In particular, one side of the add/uncrypt SATA device 2 is connected to the -10 signal interface via a SATA-to-IDE translation. The IDE signal interface 76 provides an IDE channel to the device (not shown). The other side of the add/decrypt SAm device 2 provides a SATA channel to the host (not shown), such as the 12th riding center encryption/decryption sata device 20 transmitting the downstream control signal via the SATA-to-IDE protocol translator 74 and Data to the IDE signal interface 76. The add/decrypt SATA device 2 receives the upstream control signal and data via the SATA-to-IDE protocol translator 74. In the embodiment of FIG. 12, the _SATA device is implemented according to the configuration illustrated in FIG. 7 and the ATA command is provided on the transport layer 34. In the other example of FIG. 12, plus / The decrypted SATA device 2 is implemented according to the configuration described in the eighth item. The fun command filter 70 is provided on the joining layer 32. The above embodiments may be implemented in a hard and/or soft type. The use of the add/drop SATA device of the present invention provides different advantages. For example, F][S analysis time can be shortened. In addition, the hardware and soft H complex 'turns low. In addition, you should break down all the data to decide whether you want to add/receive.

Uncovering, adding/serving SATA money and Newcomer Dragon's material _ frame (touch FIS) and non-frame (10) receive Data FIS), because the overall encryption/decryption operation is more efficient and reduces complexity. In addition, the encryption/decryption SATA device disclosed in the present specification can add/decrypt selective data streams received from the two (sequence soup) interface. In addition, the addition/resolution of the 12th image is set to: add/decrypt the selective data stream received from the serial port and the IDE interface. The continuous process includes a phase-to-phase ATA_tD punctual flow bus, and a _ _ § wish == = _ (connector), which can receive/decrypt the self-sequence mine and the Congjie interface. As mentioned above, various implementations have been implemented in many devices including 'not limited to internal hard disk drives, CDRs (10), DVDR〇M, cdrw, wdrw, 23 1330320, revised and replaced on April 27, 1999. Serial memory: external portable hard drive, cdr〇m, WDROM, CDRW, DVDRW 'network memory with serialized ata interface; serial system IDE/IDE-t. -Sequence size group, sequence type regulation (10) Ships such as serial type 莫 4 groups, personal computer (PC), notebook computer, laptop type, and tablet PC. Those skilled in the art have a solution, and others seem to be / or _, in the absence of the purpose of the invention and its outline, the above embodiments can be examined. In addition, all nouns should be transferred in a wide-ranging and context-matching manner. In particular, the inclusion of "and", "including", "comprising", "comprising", "," The present invention has been described in detail in the preferred embodiments, but it should be understood that various modifications and changes can be made without departing from the spirit and scope of the invention. In this aspect, it is important that === = 朗朗。 Many of the characteristics of the discussion of the invention in the scale of the invention: its purpose is to familiarize themselves with the technology and to do so, not limited to the scope of the patent of the invention. The equivalent modifications or modifications made by the spirit of the present invention should be included in the scope of the following patent application. [FIG. 1] FIG. 1 is a block diagram of an AAA device according to the present invention; ; = 2 is a bit configuration table diagram of the data ns in the SATA# transmission layer according to the present invention; FIG. 3 is a table showing the FIS bit configuration table in the SATA connection layer according to the present invention. The invention of the 3rd implanted ALIGN age side meta-location is intended to set 24 丄320 99 4 4 27 modified replacement configuration according to the present invention 8 dishes # wheel layer in the register - host to device bit = ^ root county (four) SATA even the towel register / the device of the age-old device FIG. 7 is a partial view of an embodiment of an encryption/decryption SATA device according to FIG. 1 of the present invention;

FIG. 8 is a partial schematic view of an embodiment of an encryption/decryption SATA device according to FIG. 1 of the present invention; FIG. 9 is a block diagram of an encryption/decryption operation control according to the present invention; Embodiments, a schematic diagram of a data flow through an encryption/decryption device of the first drawing; FIG. 11 is a schematic diagram of data flow through an encryption/decryption SATA device of FIG. 1 according to still another embodiment of the present invention; The schematic diagram of the SATA-to-IDE implementation of the encryption/decryption of the present invention.

[Description of main component symbols] 20 Add/Decrypt SATA device 22 Adder/decryptor 24 Host controller 26 Device protocol stack 28 Host protocol stack 30 Physical layer 32 Link layer 34 Transport layer 25 1330320 36 Application layer 38, 44 Data FIS 40 Header 42 First tuple 46 SOF basic type 48 CRC check code 50 EOF basic type 52, 54 ALIGN basic type 56, 58 register - host to device FIS 60 command field 62, 68 FIS category Detector 64, 70 ΑΤΑ command filter 66, 72 FIFO buffer 74 SATA-to-IDE protocol translator 76 IDE signal interface April 27, 1999 correction replacement 26

Claims (1)

April 27, 1999, Amendment 10, Patent Application Range · An encryption/decryption device, including: a main controller; at least - a protocol for the differential signal transmission, a host connection; and a differential serial channel and at least one add/decryptor for performing. The _ face is connected to the main spoof = method, and the operation is generally used in the stack of the agreement (8 code processing) -Ph 'Beibei material or data type that does not need to be added/decrypted. 2. When the bellows, the add/decryptor does not perform the addition (10)m - kind of encryption/decryption sequence type pro (SerialATA, two 亍 plus / Decryption operation. A SATA protocol stack, used for the device-plus/decryptor engine, operates on Sun Nuradi - re-acquired or decrypted from the SATA protocol stack into the SATA protocol stack for encryption - And at least one main controller of the FIS (DataFIS) is configured to: at least one first bearer to the add/on A data FIS and a predetermined class of SATA financial stacks to transmit the first - data yang solution a cache engine; causing the encryption/decryption engine to decrypt at least a portion of the first carrier that is steadily received from the SATA protocol; and causing the SATA protocol stack to be processed without receiving the decryption interface - Register-device to host FIS (RegisterDevicet〇H〇st -3, - Add/Decrypt SATA device, including: - SATA device protocol stacking - read-SATA host - host interface communication; - SATA host protocol stacking For communication with the device interface of the SATA device; an encryption/decryption for the engine, the operation is wired to the SATA device protocol stack and the SATA host protocol stack is rib encrypted or decrypted from the device interface Person or output - at least a subset of the data FIS; and 27 A main controller is configured to: when the first-data FIS is associated with a predetermined set of instruction sets, cause the add/disassemble 4 to transmit at least the first-to-bearer of the first-long FIS to The SATA device is configured to transmit the first decrypted portion of the first data positive to the host interface; and the SATA device is stacked; the transfer processing is performed from a register-device to the device Host FIS. Such as applying for a patent = adding/decrypting SATA device of item 3, wherein the main controller is older - the second data FIS and the predetermined type of the SATA device are stacked to transmit the second: at least = New /Decryptor Engine; ^ ^ causes the encryption/decryption (5) engine to encrypt at least a portion of the second bearer; and causes the SATA host protocol stack to transmit the encrypted portion of the second payload to the device interface. ^一水: 2 The device of the second aspect of the invention relates to the adding/decrypting device, wherein the s comprises a physical layer, a connecting layer and a transport layer. And the SATA device for adding/decrypting the fifth item of the scope of the patent application includes the application layer. An encryption/decryption device as claimed in claim 6 wherein the add/drop engine and the main controller operate in the application layer. For example, the SATA device of claim 2, wherein the main controller is further configured to: when a second data FIS is associated with the instruction set of the predetermined category, cause the SATA protocol stack to transmit a second At least one second of the data fertilizer is carried to the adder/decryptor engine; causing the add/drop engine to encrypt at least a portion of the second bearer; and causing the SATA protocol stack to transmit the second of the second data FIS The bearer's 1330320 was revised on April 27, 1999 to replace the encrypted portion to the interface of the device. 9. The add/uncrypt SATA device of claim 2, wherein the main controller is configured to transmit a signal to the encryption/decryption engine, the signal indicating whether the encryption/decryption engine is to be encrypted or decrypted. Or the data received by the path ns. 10. The add/uncrypt SATA device of claim 6 wherein the primary controller receives a plurality of signals from the physical layer, the link layer or the transport layer. 11. The add/decrypt SATA device of claim 1, wherein the received signals are based on one of the link layer or the transport layer; the FIS analysis indicates the FIS class and the command. . 12. The add/uncrypt SATA device of claim 1 of the patent application, wherein the received signals display a data transmission direction. 13. The add/decrypt SATA device of claim 1, wherein the received signals comprise a Primitive Deteetbn Indicator and an external detection indicator from the link layer. 〇 〇 〇f Band Detecti〇n. 14. If the SATAk is added/decrypted in item 4 of the patent application scope, if the data is not related to the instruction set of the predetermined category, then the data FIS loading instruction Information 15. If the SAm device is added/decrypted in item 4 of the patent application, if the data is not related to the instruction set of the predetermined category, then the data F1S is loaded with control information. Μ 4 item of adding/decrypting SATA device, wherein if the data Fis is not related to the instruction set of the predetermined category, the data FIS loading status information. 如. As claimed in claim 10, the SATA device is added/decrypted. The FIS surface detector is further configured to detect the category of the m decoded at the link layer. The SATA device of claim 17 is claimed in the patent scope, wherein the link layer is decoded. The FIS, its standard The first byte includes a category field. 19. The SATA device of claim 18, wherein the fertilizer type detector is configured to determine the FIS decoded at the link. If the FIS category has a value of Μ 0 0x46, the primary controller transmits the decoded yang to at least one of the cipher/decryptor engines for encryption, decryption or routing. 29 1330320 99 4 j 27曰Correcting and replacing 2〇. The SATA device of claim 19, wherein the ns class detector*' is configured to determine the FIS decoded at the link layer, if the FIS category field If the value is not 16 • the hexadecimal value is 0x46, the host controller causes the decoded FIS to bypass at least one of the add/drop engine. ^ 21. Add/decrypt SATA device as claimed in claim 1 The method further includes an AM command filter in the transport layer for checking a register field of the register to the FIS (Register-Host to Device FIS). 22. Add/decrypt SATA devices, including an ns category detector In the layer, the one that determines whether one of the bit streams received from the physical layer is the data # FIS is based on the decision to be located after the -s〇F primitive (s〇F primitive) - the first one has been restored The value of the subsequent byte. 23. The SATA device of claim 22, wherein if the first one has been restored, the last byte has a value of hexadecimal value 0x46, then the FIS category The detector determines that the bit stream is part of the data FIS. 24. The add/uncrypt SATA device of claim 1, further comprising a ns class detector in the link layer, wherein determining whether a bit stream received from the physical layer is part of the data FIS It is based on the value of the first dislocation byte located after one of the basic types of a s〇F. φ 25. The add/uncrypt SATA device of claim 24, wherein when the first break bit has a value of hexadecimal value OxCB, the FIS class detector determines that the bit stream is This information is part of the FIS. 26. The add/decrypt sata device of the first aspect of the Shenqing patent scope further includes a pis class detector in the link layer, wherein the FIS class detector determines to receive one bit stream from the physical layer Part of the FIS for this data is based on a hexadecimal value of 相关x8D for a related scatterer sequence group (Ass〇ciated • Scrambler Syndrome). 27. The AAA device of claim 1, wherein the FIS class detector determines that one bit stream is received from the entity layer. Part of the FIS for this data is based on the hexadecimal value of the hexadecimal value 30 1330320 _ April 27, 1999 revised replacement OxCB 〇 28. Add/decrypt SATA device as claimed in item 10 of the patent scope And further comprising an FIS category detector in the link layer, wherein determining whether a bit stream received from the physical layer is part of the data FIS is determined according to a first one of the SOF basic types The content of the metacharacter. 29. The AAA device of claim 28, wherein the first 10-bit character after the SOF basic type has a binary value of 11〇1〇〇〇11〇, the category detection The device determines that the bit stream is part of the data FIS. 30. The ATA ATA device of claim 1 includes an ATA Command Filter for checking an instruction block of a FIs in the link layer. The right SOF basic type After the first restored byte has a hexadecimal value of 0x27, the ATA command transitioner determines that one bit stream is received from the physical layer for the register-host to device FIS. portion. 31. If the AAA device of the patent application scope 申请1〇 is included, a spoofing filter is included to check an instruction block of an FIS in the link layer, if a s〇f basic type is followed by ί First, the value of the set of 70 sets is hexadecimal value 〇 xAA, then the ATA command filter, the 位 self and the pass layer receive one bit stream for the register - host to the part of the device Fig 32 .=Applicable to the add/delete device of the first paragraph of the patent scope, and further includes a command line that is too much in the link layer, if the associated bit value of the bit value is 0x8D, then the value is 0x8D. The ΑΤΑ command passes through the physical layer to determine where the peach is part of the register-host to device FIS. 33· ^ Shen Qing patent scope of the first item of the add / decrypt sata device, but also includes a command to pass a command in the junction of a TM, if the break-up byte is 16 into the == = Determining the add/decrypt leg device of the bit stream 1 from the physical layer, and including an instruction field in the -ATA command to check in the link layer, where if - SOF basic _ 31 34 1330320 99 On April 27, the corrected first ten-bit character has a binary value 〇1〇1〇11〇1〇, then the ΑΤΑ finger. (4) The determinant receives the-bit stream from the physical layer. For this register - host to part of the device F/s. 35. For example, the encryption/decryption SATA device of item 21 of the patent scope, wherein the control signal provided by the ΑΤΑ command is used to control the signal strength and the k-OR operation in the main control (4)舁 generating a wrap flag signal, causing the add/deep decoder engine to encrypt, decrypt or circumscribe the data FIS by at least one of the encrypters according to the value of the wrap flag signal. 36. An encryption/decryption method comprising the steps of: locating/decommissioning a SATA device for measuring a pm (programmable input/output) data output command received from a host interface (Data 〇ut c〇 Mmand) FIS; The SATA device determines whether the received PIO data output command FIS is * side-to-vertical touch command set, and Gu Qian Gu sets the add/share SATA device as the encryption mode; 〇玄加/解The SATA device transmits one of the pis received from a device interface. Set (pi. Setup) FIS to the host interface; The Xuanjia/Unlocking SATA device detects that one of the data is received from the host interface, and the FIS bearer is encrypted by the encryption/decryption SATA device; and the 5Higabit/decrypt SATA device is detected from the device. The interface receives one of the register_device_host_FIS (Register_Device t0 H〇st FIS), and the register device to the host commits a completion operation or a suspension operation related to the PIO data output instruction FIS. 37--addition/decryption method, comprising the following steps: an encryption/decryption SATA device detects one DMA (Direct Memory Access) data input command (Data In Command) FIS received from a host interface; - the addition/ Decrypting the SATA device determines whether the received DMA data input command FIS is related to a predetermined type of instruction set, the predetermined category is required to set the encryption/decryption SATA device to a decryption mode; and the adding/decrypting SATA device is detected from a device interface Received a data FIS bearer; 32 May 14th, 99th repair jLy exchange 100% plus/solve SATA device decryption detected the data bearer; and stomach force ° / solution φ SATA device detected from the device interface Receiving a temporary storage device to the host FIS The temporary storage device-to-host FIS indicates a completion operation or a suspension operation related to the DMA data input command FIS. 38. If the application of the MONT protocol touches the second item of the encryption/decryption SATA device, the SATA protocol stack ’ factory TA to-USB protocol converter is connected to a usB (Universal Serial Bus) interface. 39. An encryption/decryption method for an encryption/decryption device i, comprising the steps of: transmitting a PI data out command (PIOData Out Command) to an interface of a device without encryption; The interface receives a PI 〇 setting (pi〇Setup) ns, the ρι〇 setting FIS indicates whether the interface of the device is ready to receive data; without first decrypting the received PIO setting FIS, generating and transmitting a first Transmitting the first signal transmitted, receiving a data bearer; when the data bearer is associated with a predetermined type of instruction set, encrypting at least a portion of the data bearer; and carrying the encrypted portion according to the data to generate a data Fis; transmitting the data FIS to the interface of the device; receiving a register-device to the host FIS (Register_Device to Host HS) from the interface of the device; and not decrypting the register-device to the host The FIS generates and transmits a second signal indicating whether the transmission of the encrypted portion of the data bearer is successful. 40_ The method of adding/decrypting the item of claim 39, and further comprising setting the encryption mode when transmitting the PI data output command FIS. 41. The method of claim 39, wherein the predetermined set of instructions comprises a WRITE SECTOR instruction, a WRITE SECTOR EXT instruction, a WRITE MULTIPLE instruction, a WRITE MULTIPLE EXT instruction, and a WRITE BUFFER instruction. 33 42. An encryption/decryption system for an encryption/decryption device, comprising the steps of receiving a PI data output instruction hs from one host interface; • transporting -pio to set the interface of the FIS to the host, The ρι〇 setting view indicates whether the interface of the device is ready to receive a data; receiving a data from the interface of the host! 718; when the data FIS is associated with the instruction set of the predetermined category, encrypting the data At least one part of a data bearer; transmitting an encrypted portion carried by the data; and decrypting the buffer-storage device to the host FIS, transmitting the register_device to the host FIS riding the storage device to the host Indicates whether the transmission of the encrypted portion of the data bearer was successful. 43. The method of adding/decrypting according to item 42 of the patent application scope, further comprising setting an encryption mode when receiving the ρι〇 data output command FIS. 44. If the method of adding/decrypting item 42 of the patent scope is claimed, wherein the instruction set of the predetermined category includes a WRITE SECTOR^曰, a Nayang SECT〇R Εχτ instruction, and a WRITE MULTIPLE EXT instruction. , and the 'wjqte BUFFER directive. 45·-addition/decryption method 'for an encryption/decryption device, comprising the following steps: no need to encrypt, ie transmit-DMA data input command (DMA Data In. leg (4)) HS to an interface of a device; The interface of the device receives a data FIS; when the tribute FIS is associated with a predetermined set of instructions, decrypting at least a portion of a data payload in the data view; generating a Transmitting a first signal; transmitting a decrypted portion of the data bearer; receiving a register device to the host FIS from the interface of the device; and generating and transmitting a buffer device without decrypting the register device to the host FIS The second signal, the second signal indicates whether the transmission of the decrypted part of the data bearer is successful. 46. The method for adding/decrypting the 45th item of the patent application, further comprising setting the decryption mode when transmitting the DMA data to the FIS when the replacement page is modified on May 14, 1999. 47. The method of adding/decrypting a patent application scope ’45帛, wherein the instruction set of the predetermined category includes a READ DMA instruction and a read DMA EXT instruction. 48. An add/unblock method for an add/drop device, comprising the steps of: receiving a DMA Data In Command FIS from an interface of a host; transmitting a first signal to the host The first signal indicates whether an interface of a device is ready to transmit a data FIS; when the data FIS is associated with a predetermined type of instruction set, decrypting at least one of a data bearing in the data FIS Part: generating a data FIS according to the decrypted portion carried by the data; transmitting the data FIS to the interface of the host; and transmitting the temporary storage device without decrypting the PIO register-device to the host FIS To the host FIS, the register-device to host pis indicates whether the transmission of the decrypted portion of the data bearer was successful. 49. The method of adding/decrypting the 48th item of the patent application, further comprising setting a decryption mode when receiving the DMA data input command FIS. 50. The method of claim 48, wherein the predetermined set of instructions comprises a READ DMA instruction and a READ DMA EXT instruction. 51. As claimed in claim 2, the instruction set of the predetermined category includes a READ SECTOR instruction, a READ SECTOR EXT instruction, a READ MULTIPLE instruction, a READ MULTIPLE EXT instruction, a READ BUFFER instruction, a READ DMA instruction, and a READDMAEXT. instruction. 52. If the SATA device is added/decrypted according to item 8 of the patent application, the instruction set of the predetermined category includes a WRITE SECTOR command, a WRITE SECTOR EXT command, a WRITE MULTIPLE command, a WRITE MULTIPLE EXT command, a WRITE BUFFER command, a WRITE DMA command, and a WRITE. DMA EXT instruction. 53. The SATA device for adding/decrypting the third item of the patent application, wherein the predetermined category of instructions 35 1330320 was amended on April 27, 1999 The set includes the READ SECTOR instruction, the READ SECTOR EXT instruction, the READ MULTIPLE instruction, the READ MULTIPLE EXT instruction, the READ BUFFER instruction, the READ DMA instruction, and the READ DMA EXT instruction. 54. The add/uncrypt SATA device of claim 4, wherein the predetermined class of instruction set includes a WRITE SECTOR instruction, a WRITE SECTOR EXT instruction, a WRITE MULTIPLE instruction, a WRITE MULTIPLE EXT instruction, a WRITE BUFFER instruction, a WRITE DMA instruction, and WRITE DMAEXT instruction. 36