TWI330320B - Cryptographic serial ata apparatus and method - Google Patents
Cryptographic serial ata apparatus and method Download PDFInfo
- Publication number
- TWI330320B TWI330320B TW95108844A TW95108844A TWI330320B TW I330320 B TWI330320 B TW I330320B TW 95108844 A TW95108844 A TW 95108844A TW 95108844 A TW95108844 A TW 95108844A TW I330320 B TWI330320 B TW I330320B
- Authority
- TW
- Taiwan
- Prior art keywords
- fis
- data
- sata
- host
- instruction
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
- Train Traffic Observation, Control, And Security (AREA)
- Lock And Its Accessories (AREA)
Description
99年4月27日修正替換 九、發明說明: 【發明所屬之技術領域】 本發明係有關一種加/解密應用,特別是提供一種加/解密序列式 ATA (Serial ΑΤΑ,或 SATA)裝置及方法。”ΑΤΑ”(AT 介面,AT Attachment) 一詞係指供儲存裝置内部配置之實體的、電的、傳送的及指令的各項 協定。其中,”AT”一詞係演繹自1984年引進之IBM®個人電腦(Personal Computer,PC)AT(Advanced Technology),其係為當時最先進之個人電 腦。 【先前技術】 序列式ATA(Serial ATA,SΑΤΑ)規格係用以取代並列式ΑΤΑ之高速 介面。SATA規格定義了三種不同的速度’即第一代操作於傳輸率為每 秒15億位元(ι·5 Gbps),第二代傳輸率於每秒3.0Gbps,及第三代傳輸 率於每秒6·0 Gbps。且SATA規格定義了主機轉接器與儲存裝置控制器 間之點對點傳輸。舉例來說,主機轉接器可能是包括具有周邊元件連 接(Peripheral Component Interconnect ’ PCI)介面之序列式 ΑΤΑ 控制器的 1C。’’pci”係為Intd®公司發展之區域匯流排(L〇caiBus)標準。儲存裝置 :能f 一序列式ATA硬碟機(Hard_Disk Drive卜此一點對點傳輸不共 旱思即,每個SATA裝置和控制器通訊時會使用獨佔的點對點通道。 '對於作業系統(Operating System,0S)來說,SATA控制器就如同 並列式ATA(parallel ATA)控制器一般,因此,SATA控制器支援與並列 式ΑΤΑ控制器相同的指令及相同的初始化行為。特別是,序列式々Μ 提供主機軟體相同於並列式ΑΤΑ的工作職可程式暫存印她恤MODIFICATION OF THE EMBODIMENT OF THE INVENTION EMBODIMENT OF THE INVENTION The present invention relates to an encryption/decryption application, and more particularly to an encryption/decryption serial ATA (Serial®, or SATA) device and method . The term "AT" (AT interface) refers to the physical, electrical, transmission, and command agreements for the internal configuration of a storage device. Among them, the term "AT" is derived from the IBM® Personal Computer (PC) AT (Advanced Technology) introduced in 1984, which is the most advanced personal computer at that time. [Prior Art] The Serial ATA (Serial ATA, SΑΤΑ) specification is used to replace the high-speed interface of the parallel type. The SATA specification defines three different speeds', ie the first generation operates at a transmission rate of 1.5 billion bits per second (ι·5 Gbps), the second generation transmission rate at 3.0 Gbps per second, and the third generation transmission rate at each Seconds 6:00 Gbps. And the SATA specification defines point-to-point transmission between the host adapter and the storage controller. For example, the host adapter may be a 1C that includes a serial ΑΤΑ controller with a Peripheral Component Interconnect (PCI) interface. ''pci' is the regional bus (L〇caiBus) standard developed by Intd®. Storage device: can be a serial ATA hard disk drive (Hard_Disk Drive) This point-to-point transmission is not a common idea, each SATA The device communicates with the controller using an exclusive point-to-point channel. 'For the Operating System (OS), the SATA controller is like a parallel ATA controller. Therefore, the SATA controller supports and juxtaposes The same command and the same initialization behavior as the controller. In particular, the serial program provides the host software with the same workmanship as the side-by-side program.
Regi叫。但,在序狀ΑΤΑ巾,鱗暫辆通常並非 ^地配置於剌機巾。反之,其已娜至域控巾,在SATA規 稱為”影子”暫存器(Shad〇w Registers)。準確模傲磁碟機之相同 瞀存益"面,可確保軟體相容性。 1330320 s麗規格侦供魏之分層。SATA結財之最 ㈣㈣’ PHY)層’其中實體層負責產生實際的電子信號,傳輸$ 的電子«’以及解密接收到之電子信號。實縣能力亦包括特殊強 制重設信號之傳輸,域插接魅的躺,自裤管難態及速度協 ^轉換。此-方面,該SATA規格使用健差分信號傳輸。特別是, 信號並非在-與共同接地相關之導體上以電壓傳輸,而以兩相鄰導體 間之電位差傳輸。當-導體上電壓為,高,時,另—導體之電壓為,低,,Called Regi. However, in the case of a serrated towel, the scale is usually not placed on the towel. On the contrary, it has been applied to the domain control towel, which is called the “Shad〇w Registers” in SATA. Accurate and versatile disk drive is the same as 瞀存益" face to ensure software compatibility. 1330320 S Li specification for Wei stratification. SATA is the most abundant (four) (four) 'PHY) layer' where the physical layer is responsible for generating the actual electronic signal, transmitting the electronic «' and decrypting the received electronic signal. The real county capacity also includes the transmission of special forced reset signals, the field plugged in the charm of the lying, from the difficult state of the pants and speed conversion. In this regard, the SATA specification uses robust differential signaling. In particular, the signal is not transmitted at a voltage on a conductor associated with a common ground but at a potential difference between two adjacent conductors. When the voltage on the conductor is high, the voltage of the other conductor is low,
99年4月27日修正替拖 任-兩相轉體作為另—導體之相反。此種麵驗號傳輪可達到免 除雜訊及串音之好處。任何等量影響相鄰信號之電磁干擾 (Elec^Magnetic Interference,EMI) ’包括雜訊及串音,均可在接收: 受到差分消除。 貫體層之上為連結層,該層負責將傳輸之資料編碼、將接收到之 資料解碼、基本通信及協定。使用一種甚為常用之8位元(8b)/1〇位元 (10b)編碼方法。一個8-位元之位元組可表示成256個不同的值,其被 列於不同的美國標準資訊交換碼(American standard C()de加 Information Interchange,ASCII)代碼表中。一個10位元之位元組具有 1024個不同值。利用一 ίο-位元欄位對256個可能的位元組值編碼時, 可自1024個可能值中選出256個值被用於編碼方法中。這種8b/1〇b編 碼方法包括有限之游程長度、資料通信(DataCommunication,DC)的平 衡及將如同基本型別(primitives)的特殊控制字元編碼之能力。 基本型別被用來標示在輸出端與接收端之間特殊條件的傳輸,例 如 SOF(Start 〇f Frame)、EOF(End of Frame),以及 ALIGN(用以辨認位 元流中字元邊界的位置)。連結層包括(a)’’閒置’’(idle)協定,用以建立通 信,(b)”傳輸”協定,用以處理資料承載之傳輸,⑹’,接收,,協定,用以 處理已傳送的資料承載之接收’及(d)”電源管理”(p〇wer Management) 協定’其用以處理自二電源管理狀態之進入/出。 連結層亦負責傳送資料承載封包’其中資料承載封包稱為訊框資 6 1330320 99年4月27日修正替換 料結構(Frame Information Structure,FIS)。一訊框(Frame)為一至複數個 在主機與裝置間傳輸資料雙字組(Double Word,DWORD)之集合。― DWORD能表示為32位元(bits)資料,或為二相鄰字組(word),或為 四個相鄰之位元組(byte)。當以位元表示時,由右至左,最右邊為最 低有效位元’其為位元0,最左邊為最高有效位元,其為位元31。On April 27, 1999, the correction was made for the tow-two-phase swivel as the opposite conductor. This type of inspection mark can achieve the benefits of eliminating noise and crosstalk. Any equivalent amount of electromagnetic interference (Elec^), including noise and crosstalk, can be received: subject to differential cancellation. Above the layer is the link layer, which is responsible for encoding the transmitted data, decoding the received data, basic communications and protocols. A very common 8-bit (8b) / 1 〇 bit (10b) encoding method is used. An 8-bit byte can be represented as 256 different values, which are listed in a different American Standard C (Data Standard Interchange, ASCII) code table. A 10-bit byte has 1024 different values. When 256 possible byte values are encoded using a ίο-bit field, 256 values can be selected from the 1024 possible values to be used in the encoding method. This 8b/1〇b encoding method includes limited run length, data communication (DC) balance, and the ability to encode special control characters like primitives. The basic type is used to indicate the transmission of special conditions between the output and the receiver, such as SOF (Start 〇f Frame), EOF (End of Frame), and ALIGN (to identify the position of the character boundary in the bit stream). ). The link layer includes (a) ''idle'' (idle) agreement for establishing communication, (b) "transport" protocol for handling data bearer transmission, (6) 'receiving, and agreement, for handling transmitted The data-bearing receiving 'and (d) "power management" (p〇wer Management) agreement is used to handle the entry/exit of the two power management states. The link layer is also responsible for transmitting the data bearer packet. The data bearer packet is called the frame resource. 6 1330320 The frame information structure (FIS) was revised on April 27, 1999. A frame is one to a plurality of sets of Double Word (DWORD) data transmitted between the host and the device. ― DWORD can be expressed as 32 bits of data, or as two adjacent words (words), or as four adjacent bytes (bytes). When represented by a bit, from right to left, the rightmost bit is the least significant bit' which is bit 0, and the leftmost bit is the most significant bit, which is bit 31.
在連結層協定中描述主機與裝置間交換之基本型別之序列,及對 各種基本型別及條件之回應。連結層協定也負責為每一個已傳輸之FJS 資料承載計算其循環冗餘檢查碼(Cyclic Redundancy Check eade, code)。計算出之CRC附加在已傳送之FIS資料之末端。連結層驗證並 移除每一個接收到之HS中的CRC。為使在資料承載轉移上之電磁干 擾影響最小,連結層在FIS傳輸至SATA介面前,先打散(scramble;) fIS 中之承載資料。 SATA結構中,連結層上方為傳輸層’其主要工作係為建構(封裝) 欲傳輸的FIS及分解已接收的FIS。當一較高層要求建構一 FIS資料時, 傳輸層(a)根據要求之FIS之類型,搜集資料内容;(b)將FIS内容排序; (c)通知連結層傳輸所要求之訊框,並且傳送ns内容至連結層;管 理緩衝器/先進先出(First In First Out,FIFO)流程及通知連結層所需之 流程控制;(e)自連結層接收訊框回應訊息;及(f)向較高層回報傳輸正 常與否及其錯誤訊息。傳輸層在ΑΤΑ指令或先前HS内容上而言保持 無上下文之分。 FIS之一般型式係包含一 FIS標頭及一 FIS本體^ FIS標頭通常包 含一 FIS類型攔位之值及至少一控制欄位。FIS本體包含資料承載。FIS 類型攔位之值紀錄於第一個位元組中。其中,FIS類型包含(a)暫存器· 主機至裝置(Register-Host to Device),(b)暫存器-裝置至主機 (Register-Device to Host),(c)資料,⑷直接記憶體存取(Direct Memory Access ’ DMA)啟動,(e)可程式輸入/輸出(Programmed Input/Output,PIO) 設定’(f)設定裝置位元,(g)DMA設定’及⑻内建式自我測試(Built-in 7 99年4月27日修正替換The basic types of exchanges between the host and the device are described in the link layer agreement, and responses to various basic types and conditions. The link layer protocol is also responsible for calculating the Cyclic Redundancy Check eade (code) for each transmitted FJS data bearer. The calculated CRC is appended to the end of the transmitted FIS data. The link layer verifies and removes the CRC in each of the received HSs. In order to minimize the influence of electromagnetic interference on the data bearer transfer, the link layer first scrambles the bearer data in the fIS before the FIS transmits to the SATA interface. In the SATA structure, above the link layer is the transport layer' whose main work is to construct (package) the FIS to be transmitted and to decompose the received FIS. When a higher layer requires the construction of a FIS data, the transport layer (a) collects the data content according to the type of FIS required; (b) sorts the FIS content; (c) notifies the link layer of the required frame transmission, and transmits Ns content to the link layer; manage buffer/First In First Out (FIFO) process and process control required to notify the link layer; (e) receive frame response message from the link layer; and (f) compare The high-level return transmission is normal or not and its error message. The transport layer remains context-free on the ΑΤΑ command or previous HS content. The general version of the FIS includes a FIS header and a FIS body. The FIS header typically contains a value for the FIS type block and at least one control field. The FIS ontology contains data bearers. The value of the FIS type block is recorded in the first byte. Among them, the FIS type includes (a) register to Host to Device, (b) Register-Device to Host, (c) data, and (4) direct memory. Access (Direct Memory Access 'DMA), (e) Programmable Input/Output (PIO) Settings '(f) Set Device Bits, (g) DMA Settings' and (8) Built-in Self-Test (Built-in 7 April 27, 1999 revised replacement
Self-Test,BIST)啟動。第二位元組係包含FIS之控制資訊及具有三限 定位元,及數個保留位元。其令,這三個限定位元不適用於所有型態 的FIS。這三個限定位元包括c(較高)位元,此為指令/控制位元,I位 元,此係用以標示是否應觸發一中斷指令,及D位元,此位元記載資 料傳輸方向。於上述兩個位元組之後之所有欄位係為FIS承載資料 (Payload Data) ° 舉例來說’暫存器-主機至裝置型態其FIS類別攔位之值為16進制 值0x27 ’在打散(scramble)後此攔位為16進制值〇χΑΑ,及二進制型式 之10位元編碼值為010101101(^資料ns之格式,不論其從主機傳輸 至裝置或從裝置傳輸至主機均相同。資料FIS包括二攔位供識別FIS 類別及相關控制資訊,其餘則為被傳輸之承載資料。 為使在FIS上做高速加/解密運算,二個主要任務必須實施。第一, 要能立即檢查出是否為資料FIS,並與非資料型FIS分開;第二,每一 偵測出為資料FIS應迅速加以檢查其是否包含應加/解密處理之資料。 其中’加/解密處理可包括下列步驟:(a)檢測繞徑旗標(邮咖F㈣, 若繞徑旗標為真(True) ’表示訊框不做任何加/解密運算,立即通過,及 (b)若繞徑旗標為假(False),表示訊框必須個別做加/解密運算。習知技 ,實施此等運算之方法包括,首先,分解接收到的SAm協^堆疊,接 著’分析分解後的之_,最後’飾封裝資料至SATA協定堆疊中以 備傳輸。雌序在硬體/賴複誠顧t之健咖等社效率不佳。 在SATA規格之下,提供一種更有效及不複雜之實施密碼作業裝置 係必要的。此-加/解冑SATAS理裝置應可高速加/解密處理每一個從 輸入/輸出端(主機及裝置)選取的資料流。此外,此—裝置應具有快速判 斷所接收的FIS及其資料承載是否需要加解密處理的能力。 【發明内容】 有鑑於此,本發明係針對上述之 裝置及其方法,以改善上述之問題。‘出—種加/解密序列式ΑΓΑ 下述為加解密序列式ΑΤΑ裝置之具體實現: 含-,提供一種加/解密序列式⑽裝置,-係包 f適用於差分信號傳輸之協定堆疊,及至少力/ 加,解_雛咖 根據本發明另一特性,提供一種加/解密 含一主控制器,至少_sata+a— 飞裝置,其係包 密器係耦接於主控制器盥SATA^ ^至少—加/解密器。其中加/解 處理。 LSATA協疋堆豐之間用以提供高速之加/解密 含一^特性’提供—種加/解密械ΑΓΑ裝置,其俜包 二制益,-SATA裝置協定堆疊,一 Sata± 、 A裝置協4疊之間,用以提供高速加/解密處理。 下述為加解密序列式ATA方法之具體實現: 2本發明之—娜,提供—種轉_彳式雜方法,直係包 «Ιπ * ATA^)f^ pi〇資’利用加/解密嶋裝置以_出自主機接收之一 ㈣#Data加CGmmand)FIS,及決定接收到之ρι〇 SATAh" —IS是否屬於預定綱(該職_騎應之加/解密 收之所i p之加莫式);再來,利用加/解密SATA裝置,將自裝置接 出自主機拉!^定ns旁路至主機;接著,利用加/解密sata裝置偵 接收到之育料FIS承載(偵測出之資料肥承載已加旬;最 ^用加/解⑧SATA裝置偵出自裝置接收之狀態暫存器ns。其中, L測出之裝置狀態暫存器FIS促使加/解密sata裝置重新設定為繞徑 9 模式。 99年4月27日修正替換 步驟根Ξί發Γ—舰’触—種鱗ata綠包含數個 之間,·接下办 加/解密序列式ATA(SATA)裝置於一主機與一裝置 料轸入;^miv利用加/解也SATA裝置谓測出自主機接收之DMA資 加/解密SATaI置™。財,伽H㈣存11 ™促使 刀口/解在SATA裝置重新設定為繞徑模式。 連处.以二' 二,定堆疊’經由—差分串列通道與外部主機 ㈣執行或不執行―加/解密演算法,運 自協與協定堆疊之間,肋提供密碼處理,其中當 之次接收到為非轉鶴之資料或是不需加/解密的資料型鲅 之-貝料時,加/解密器不執行蝴密操作,反之則執行加/解密操作。〜、 式特性,提供一種加/解密裝置包含:一種加/解密序列 &置的SATA)裝置’包含:―驗協定堆疊,用以與一 ,置的一“溝通,—加/解㈣料,運作上_接於SATA協定堆 豐,用以加密搞密自SATA財堆錄 堆疊接收之第一承載的至二部份·==:密自S-協定 處理自裝置之介面接收之-暫存^置及協疋/疊不經解密即 Host FIS)。 置至主機 FIS (Raster-Device toSelf-Test, BIST) starts. The second tuple contains control information of the FIS and has three-level positioning elements and several reserved bits. Therefore, these three qualifying bits are not applicable to all types of FIS. The three qualified bits include a c (higher) bit, which is an instruction/control bit, an I bit, which is used to indicate whether an interrupt instruction should be triggered, and a D bit, which records the data transfer. direction. All fields after the above two bytes are FIS bearer data (Payload Data) ° For example, 'scratchpad-host to device type, its FIS category block value is hexadecimal value 0x27' After the scramble, the block is hexadecimal value 〇χΑΑ, and the binary code has a 10-bit code value of 010101101 (^ the format of the data ns, whether it is transmitted from the host to the device or from the device to the host. The data FIS includes two blocks for identifying the FIS category and related control information, and the rest is the transmitted bearer data. In order to perform high-speed encryption/decryption operations on the FIS, two main tasks must be implemented. First, it must be immediately Check whether the data is FIS and separate from the non-data FIS; secondly, each detected data FIS should be quickly checked to see if it contains data to be added/decrypted. The 'addition/decryption process can include the following Steps: (a) Detect the diameter of the flag (mail coffee F (four), if the path flag is true (True) ' indicates that the frame does not do any encryption / decryption operations, immediately pass, and (b) if the diameter flag is False, indicating that the frame must be added/resolved individually. The conventional method of performing such operations includes, first, decomposing the received SAm protocol stack, then 'analysing the decomposed _, and finally decorating the package data into the SATA protocol stack for transmission. In the hardware / Lai Fu Cheng Gu, the health of the company is not efficient. Under the SATA specification, it is necessary to provide a more efficient and uncomplicated implementation of the password operation device. This - add / unlock SATAS device should be high speed Add/decrypt processing each data stream selected from the input/output terminals (host and device). In addition, the device should have the ability to quickly determine whether the received FIS and its data bearer require encryption and decryption processing. In view of the above, the present invention is directed to the above-described apparatus and method thereof to improve the above-mentioned problems. 'Output-type encryption/decryption sequence type ΑΓΑ The following is a specific implementation of the encryption/decryption sequence type device: -, providing an addition /decryption sequence (10) device, - the package f is suitable for the protocol stack of differential signal transmission, and at least force / add, solution - according to another feature of the present invention, provides an encryption / decryption containing a master The controller, at least _sata+a-flying device, is coupled to the main controller 盥 SATA ^ ^ at least - add / decrypt device. The addition / de-processing. LSATA cooperation between the heap Provides high-speed encryption/decryption with a feature-providing-addition/decryption device, which is packaged in two packages, - SATA device protocol stacking, a Sata±, A device coordination between 4 stacks to provide high speed Add/decrypt processing. The following is a specific implementation of the encryption and decryption sequence ATA method: 2 - the invention of the invention - provides a kind of conversion _ 彳 type of hybrid method, the direct package «Ιπ * ATA ^) f ^ pi 〇 ' Use the encryption/decryption device to receive one (four) #Data plus CGmmand) FIS from the host, and decide whether the received ρι〇SATAh"-IS is a predetermined program (the job _ riding should be added/decrypted) Add the Momo type;; again, use the add/decrypt SATA device to pull the self device out of the host! ^ ns ns bypass to the host; then, using the add/decrypt sata device to detect the received FIS bearer (the detected data fat bearer has been added; the most use plus / solve 8 SATA device to detect the state of receiving from the device The register ns, wherein the device status register FIS detected by L detects the encryption/decryption sata device to be reset to the path 9 mode. The correction replacement step is performed on April 27, 1999. The scale aa green contains several, and then the add/decrypt serial ATA (SATA) device is inserted into a host and a device; ^miv uses the add/disassemble SATA device to measure the DMA received from the host. Add/decrypt SATAI to set TM. Fortune, gamma H (four) save 11 TM to promote the knife edge / solution in the SATA device reset to the routing mode. Connection. Take two 'two, fixed stack' via - differential serial channel and external host (four) Execution or non-execution of the encryption/decryption algorithm, between the stacks of the agreement and the protocol, the ribs provide cryptographic processing, in which the second time to receive data for non-transfer cranes or data types that do not need to be added/decrypted - When the material is in the feed, the add/uncryptor does not perform the key operation, otherwise the encryption/decryption operation is performed. ~, a feature, provides an encryption / decryption device comprising: an encryption / decryption sequence & set SATA) device 'includes: - agreement stack, used to communicate with one, set a "communication, - plus / solve (four) Material, operation _ connected to the SATA agreement heap, used to encrypt the first part of the first bearer received from the SATA stack recording. ==: The secret is received from the interface of the S-protocol processing device - Temporary storage and coordination / stack without decryption is Host FIS. Set to host FIS (Raster-Device to
SATA裝置,包含:一 SATA 根據本發明一特性,提供—種加/解密 1330320 驻罢 f〜丁兮月Ζ/ ίΜ ϋ協雜疊’肋與—SATA域的-主齡面溝通;—s概 2堆疊’用以與-SATA裝置的—裝置介面溝通;—加/解密器引擎, t係^於SATA裝置财堆疊及SATA域齡堆疊之間,用以 口被或解密自裝置介面輪入或輪出的一資料FIS的至少—子SATA device, comprising: a SATA according to a feature of the present invention, providing - an encryption/decryption 1330320 station f ~ 兮 兮 Ζ / Μ ϋ 杂 杂 ' 肋 — — — — — — — — SATA SATA SATA SATA SATA SATA SATA SATA SATA SATA SATA SATA SATA 2 stacking 'used to communicate with the device interface of the -SATA device; -adder/decryptor engine, t system ^ between the SATA device stack and the SATA domain age stack, used to port or decrypt the device interface or One of the materials of the FIS
==器係裝配用以:當第_資_與—預定類別的指令集相關時, 主機協定堆疊傳送第—資料FIS的至少一第一承载至加/解密 ㈣擎,使加/解密H引擎解密自SATA主機協定堆疊接收之第一承載 的至少-部份;使SATA裝置協定堆疊傳輸第一資料肥的第一承載的 解密部分^域介®;从使SATA裝題輯4秘 置介面接收之-暫存器_裝置至主機FIS。 '自裝 根據本發明-特性’提供一種加/解密方法用於一加/解密裝置,包 含以下步驟:不經加密即傳送—PIO資料輸出指令(PIO Data outThe == device is configured to: when the ___ is associated with the instruction set of the predetermined category, the host agreement stack transmits at least one first bearer of the first data FIS to the encryption/decryption (four) engine to enable the encryption/decryption H engine Decrypting at least a portion of the first bearer received from the SATA host protocol stack; causing the SATA device to negotiate the stack to transmit the decrypted portion of the first bearer of the first data fertilizer; receiving the SATA device 4 secret interface - The register_device to the host FIS. 'Self-installation according to the present invention-characteristic' provides an encryption/decryption method for an encryption/decryption apparatus comprising the following steps: transmission without encryption - PIO data output instruction (PIO Data out)
Command)FIS至一裝置的一介面;自裝置之介面接收一聊設定_ Setup) FIS,PI0設^ ns指出裝置之介面^❻+Command) FIS to an interface of a device; receiving a chat setting from the interface of the device _ Setup) FIS, PI0 setting ^ ns indicates the interface of the device ^❻+
—*—. 月27日修 須解密接收到的HO設定FIS,即產生並傳送—第一訊號;反應傳送的 第-訊號,接收-資料承載;當資料承載與_預定類別的指令集相關 時’則加密⑽承涵至少-部份;依據諸承載加密_份以產生 一資料FIS ;傳送資料FIS至裝置之介面;自裝置之介面接收一暫存器 -裝置至主機戸叫吻丨咖指士心出心叫:以及不經解密暫存器-裝 置至主機FIS即產生並傳送一第二訊號,第二訊號表示資料承載之加密 部分的傳送是否成功。 根據本發明一特性’提供一種加/解密方法用於一加/解密裝置,包 含以下步驟:自一主機之一介面接收一 PIO資料輸出指令FIS ;傳送一 PIO設定FIS至主機之介面,PIO設定FIS指出裝置之介面是否已準備 好接收一資料;自主機的介面接收一資料FIS;當資料ns與一預定類 別之指令集相關時,則加密資料FIS中的一資料承載的至少一部份;傳 送資料承載的加密部分;以及不須解密一暫存器-裝置至主機FIS即傳 送暫存器-裝置至主機F1S,暫存器-裴置至主機FIS表示資料承載之加 11 1330320 99年4月27日修正替換 密部分的傳送是否成功。 ~ 1 " 根據本發明一特性,提供一種加/解密方法用於-加/解密裝置,包 ' 含以下步驟:不須加密即傳送一 資料輸入指令(DMA Data In—*—. On the 27th of the month, the repaired HO setting FIS must be decrypted, that is, the generated and transmitted—the first signal; the first signal received by the response, the receiving-data bearing; when the data bearing is related to the instruction set of the _predetermined category 'Encryption (10) bears at least part of; according to the bearer encryption _ share to generate a data FIS; transfer data FIS to the device interface; from the device interface to receive a register - device to the host 戸叫丨丨The singer calls out: and generates and transmits a second signal without decrypting the scratchpad-device to the host FIS, and the second signal indicates whether the transmission of the encrypted portion of the data bearer is successful. According to a feature of the present invention, an encryption/decryption method is provided for an encryption/decryption apparatus, comprising the steps of: receiving a PIO data output command FIS from one host interface; transmitting a PIO setting FIS to the host interface, PIO setting FIS indicates whether the interface of the device is ready to receive a data; receiving a data FIS from the interface of the host; and when the data ns is associated with a predetermined set of instructions, encrypting at least a portion of a data in the data FIS; Transmitting the encrypted portion of the data bearer; and eliminating the need to decrypt a scratchpad-device to the host FIS, ie transferring the scratchpad-device to the host F1S, and registering the register to the host FIS indicating the data bearing plus 11 1330320 99 4 On the 27th of the month, it is corrected whether the transmission of the replacement secret part is successful. ~ 1 " According to a feature of the present invention, there is provided an encryption/decryption method for an encryption/decryption apparatus, the package comprising the following steps: transmitting a data input instruction without encryption (DMA Data In
Command) HS至-裝置的一介面;自裝置之介面接收一資料fis ;當 資料FIS與-預定類別之指令集相關時,則解密資料ns中的一資料承 載的至少一部份;依據資料承載的解密部分產生並傳送-第-訊號; 傳送資料承載的解密部分;自褒置之介面接收—暫存器-裝置至主機 fis ;以及賴解㈣存m至域FIS,即產生並傳送二赠, $ 第二訊號表示資料承載之解密部分的傳送是否成功。 4 、根據本發明-特性,提供一種加/解密方法用於一加/解密裝置,包 含以下步驟:自-主機的一介面接收一 DMA資料輸入指令(dma d血 * InC〇_nd)FIS ;傳送一第-訊號至主機之介面,第一訊號指出一裝 • 4之一介面是否已準備好傳送一資料FIS ;當資料FIS與一預定麵之 指令集相關時,則解密資料FIS中的一資料承載的至少一部份;依據資 料承載的解密部分,產生一資料FIS :傳送資料呢至主機的介面;以 及不須解密PIO暫存器-袭置至主機FIS,即傳送一暫存器-裝置至主機 FIS ’暫存益-裝置至主機FIS表示資料承載之解密部分的傳送是否成 功。 • 、^ 以下藉由具體實施例配合所附的圖式詳加說明,當更容易瞭解本 發明之目的、技術内容、特點及其所達成之功效。 【實施方式】 本發明之某些實施例歡參考目式帛丨目至第u目予以詳細說 明。本發明之額外實施例’特性,特徵及/或優點可自說明或實施本發 明而更為麵。圖巾’各圖式並不合比例,全圖及說明巾相同之號瑪 代表同特性。 12 1330320 99年4月27日修正替榼 第1圖為;鬼圖,說明本發明之一加/解密SATA裝置 接ΜΑ裝置2〇可用以分別自SATA主機轉接器(圖中未示) 主機轉接n(之後文中_為,,主機,,)可提供在例如_主個人電腦上。於 解密黯裝置20可用以自難裝置控制器接收輸入 ^傳达輸出TXd至SATA裝置控制器(圖中未示)。其中SATA裝置 控制盗(,後文令係稱為裝置)可提供在一周邊裝置上,例如硬碟機,光 學驅動器等(如CD ROM、DVD R〇M物。加_簡裝置2〇經 由一適當it_合’修-序狀ATA錢,與域及裝置通信,缺, 此處不限定只能侧序列式ATA電纜。於主機與裝賴傳輸的資料, f含指令、㈣、㈣及資料信號’縣賊裝至相式ata協定堆 f再予以序州t,俾其可在-電狀二差分信號中傳輪。 在本發明之-實施例中,加/解密SATA裝置Μ包含一加/解密器 22 ’其係祕於主控制器24與裝置協定堆疊%及主機龄堆疊28 ^ 間。任-協定堆疊(26,28)包括-實體層(Physical Layer,ρΗγ)3〇,一 連結層⑹虹啊呒服饵及一傳輸層伽哪机啊…一應用層 (ApplicationLayer)36包括加/解密器22及主控制器24,如第丨圖所示。 加/解密器22在預定及/或選取在主機與裝置間交換的資料肥承 載上’作加密/解密運算。非資料FIS或不需加密,解密之資料阳,例 如FIS指令(Command)、控制(Control)或狀態(Status)資訊,被允許直接 通過(由-側至另-側),即,繞過加/解密器22,如第i圖所繪示。精 於此技藝人士可瞭解,已有許多習知的加/解密器,其中任何一加/解密 器均可適用於本發明之加/解密SATA裝置20中。 主控制器24係用以規範所有含資料、指令、控制及狀態信號之信 號路住。主控制器24自所有較低層(例如傳輸層34、連結層32及實體 層30)接收信號。接收之信號可能包含FIS類別及侧出的指令、傳輸 方向(主機至裝置或裝置至主機)、控制信號,例如自連結層之基本 13 99年4月27日修正替換 型別偵測指示器、自實體層30之OOB(Om0fBand)例外處理程式(或段 外)偵測指示器、其它通道狀態指示器,及異常條件,如傳輸誤差或中 止等。主控制器24亦規範加/解密器22之運算,如第丨圖所說明。主 控制器24協助加/解密SATA裝置20自異常運算條件恢復,及保持一 穩定之主機與裝置間之連線。 第2圖為SATA傳輸層34中之資料FIS 38之位元配置之表格示意 圖。資料FIS 38由複數個雙字組(DW0RD)組成。資料FIS 38之第一個 雙字組為資料FIS 38的標頭4〇。資料FIS 38標頭40之第一位元組42 為資料FIS 38之類別欄位。第一個DW0RD之其餘三個位元組包含保 留位元、保留位元攔位及保留位元組(圖中未示)。資料38剩餘的N 個DWORD為資料承載(Data Payload)。特定的某些資料FIS 38之承載 由加/解密器22做加密/解密(如第i圖所示)運算。非資料ns則不用由 加/解密器22處理。重新傳輸自加/解密器22密碼處理後之資料輸出係 藉由增加一資料標頭之方式予以重新封裝至一資料FIS中。 一種迅速決定接收之FIS是否為資料FIS或非資料FIS之方法係將 加/解密SATA裝置20設置為使其能檢驗FIS類別攔位,即,所接收到 之FIS標頭之第一個位元組。特別是,在傳輸層34或連結層32中可提 供一 FIS類別偵測器,如以下之第7圖至第8圖所繪示。一精於此技藝 人士可瞭解,接收之資料FIS 38之第一個DW〇RD之剩餘位元組,亦 可用本發明之一般原則加以分析。如FIS類別攔位之值為16進制值 0x46 ’表示接收之FIS則為資料FIS。反之,則為非資料^此一方 面,苐2圖顯示資料FIS標頭4〇之第一位元組42中之pig類別(46h)。 第3圖為SATA連結層32中之資料FIS 44之位元配置之表格示意 圖。其中,位元配置包括SOF基本型別46,其為_ 32位元之獨特二 碼子,用以表示訊框之開始。SOF基本型別46之後為傳輸層資料FIS 之加/解密版本,及一 32位元CRC檢查碼48,其中CRC檢查碼48亦 被編碼。CRC檢查碼48之後為EOF基本型別50,其為—32位元基本 1330320 99 年 4 月 27 日 型別用以表示訊框之結束。Command) HS to - an interface of the device; receiving a data fis from the interface of the device; when the data FIS is associated with the instruction set of the predetermined category, decrypting at least a portion of a data bearing in the data ns; The decryption part generates and transmits a -first signal; transmits the decrypted part of the data bearer; receives the interface from the device-scratch-device to the host fis; and relies on (4) saves the m to the domain FIS, ie generates and transmits the second gift , The second signal indicates whether the transmission of the decrypted part of the data bearer is successful. 4, according to the present invention - characteristics, providing an encryption / decryption method for an encryption / decryption device, comprising the steps of: receiving a DMA data input command (dma d blood * InC 〇 nd) FIS from an interface of the host; Transmitting a first-signal to the interface of the host, the first signal indicates whether one of the devices is ready to transmit a data FIS; when the data FIS is associated with a predetermined set of instructions, one of the decrypted data FIS At least one part of the data bearer; according to the decrypted part of the data bearer, generating a data FIS: transmitting the data to the interface of the host; and without decrypting the PIO register - hitting the host FIS, that is, transmitting a register - Device-to-host FIS 'Suspension Benefit-Device-to-Host FIS indicates whether the transmission of the decrypted portion of the data bearer was successful. The following is a detailed description of the specific embodiments and the accompanying drawings, and it is easier to understand the purpose, technical contents, features, and effects of the present invention. [Embodiment] Some embodiments of the present invention will be described in detail with reference to the objects of the present invention. Additional features, features, and/or advantages of the invention are apparent from the description or the embodiments. The drawings are not proportional to each other. The same figure and the same number of the description towel represent the same characteristics. 12 1330320 Modified on April 27, 1999, Figure 1 is a ghost diagram illustrating one of the encryption/decryption SATA device interface devices of the present invention can be used separately from the SATA host adapter (not shown). Transfer n (hereinafter _, ,, host, ,) can be provided, for example, on the main PC. The decryption device 20 can be used to receive input from the device controller ^ to communicate the output TXd to the SATA device controller (not shown). The SATA device control piracy (hereinafter referred to as the device) can be provided on a peripheral device, such as a hard disk drive, an optical drive, etc. (such as a CD ROM, a DVD R 〇 M object. Appropriate it_合' repair-sequence ATA money, communication with domain and device, lack, here is not limited to only side-sequence ATA cable. The data transmitted by the host and the device, f contains instructions, (4), (4) and data The signal 'county thief loaded to the phase ata protocol stack f and then the state t, which can carry the wheel in the -electric two differential signal. In the embodiment of the invention, the add/decrypt SATA device includes one plus The /decryptor 22' is secreted between the main controller 24 and the device agreement stack % and the host age stack 28 ^. The any-contract stack (26, 28) includes - physical layer (Physical Layer, ρ Η γ) 3 〇, a link Layer (6) Rainbow 呒 呒 及 及 及 及 及 及 及 ... ... ... ... 一 一 一 一 一 一 一 一 Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application Application / or select the data fat carrier exchanged between the host and the device 'for encryption / decryption operations. Non-data FIS or no encryption, The decrypted data positivity, such as FIS Command, Control, or Status information, is allowed to pass directly (from side to side), ie, bypassing the encryptor/decryptor 22, such as i It will be apparent to those skilled in the art that there are many conventional add/drop devices, any of which can be applied to the add/uncrypt SATA device 20 of the present invention. It is used to regulate all signal paths containing data, command, control and status signals. The main controller 24 receives signals from all lower layers (eg, transport layer 34, link layer 32, and physical layer 30). The received signal may contain FIS category and side-out commands, transmission direction (host-to-device or device-to-host), control signals, such as the self-joining layer, April 27, 1999, correction of the replacement type detection indicator, from the physical layer 30 OOB (Om0fBand) exception handler (or out-of-band) detection indicator, other channel status indicators, and abnormal conditions, such as transmission errors or aborts, etc. The main controller 24 also regulates the operation of the cipher/decryptor 22, such as As illustrated in the figure, the main controller 24 assists with / The SATA device 20 recovers from the abnormal operation condition and maintains a stable connection between the host and the device. Fig. 2 is a table diagram showing the bit configuration of the FIS 38 in the SATA transport layer 34. The data FIS 38 is composed of a plurality of The double word group (DW0RD) consists of the first double word of the data FIS 38 is the header 4 of the data FIS 38. The first byte 42 of the data FIS 38 header 40 is the category field of the data FIS 38. The remaining three bytes of the first DW0RD contain reserved bits, reserved bit blocks, and reserved bytes (not shown). The remaining N DWORDs of the data 38 are Data Payload. The specific payload of certain data FIS 38 is encrypted/decrypted by the add/drop decoder 22 (as shown in Figure i). The non-data ns is not processed by the add/drop device 22. The data output after retransmission of the encryption/decryptor 22 is repackaged into a data FIS by adding a data header. A method of quickly determining whether a received FIS is a data FIS or a non-data FIS is to set the add/decrypt SATA device 20 to enable it to verify the FIS class block, ie, the first bit of the received FIS header. group. In particular, an FIS type detector can be provided in the transport layer 34 or the tie layer 32, as shown in Figures 7 through 8 below. As will be appreciated by those skilled in the art, the remaining bits of the first DW〇RD of the received data FIS 38 can also be analyzed using the general principles of the present invention. For example, if the value of the FIS category block is hexadecimal value 0x46 ’, the received FIS is the data FIS. On the other hand, it is the non-data side, and the 苐2 picture shows the pig category (46h) in the first byte 42 of the data FIS header. Figure 3 is a table diagram showing the bit configuration of the FIS 44 data in the SATA link layer 32. The bit configuration includes an SOF basic type 46, which is a unique two-bit code of _32 bits, used to indicate the beginning of the frame. The SOF base type 46 is followed by an encryption/decryption version of the transport layer data FIS, and a 32-bit CRC check code 48, wherein the CRC check code 48 is also encoded. The CRC check code 48 is followed by the EOF basic type 50, which is -32 bits. Basic 1330320 April 27, 1999 The type is used to indicate the end of the frame.
於一實施例中,打散運算係以預先定義好之打散器序列群 (Scrambler Syndrome Sequence)和 FIS 的複數個 DWORD 做 XOR(ExclusiveOR)運算。其中,XOR為一布林運算子,其在任其一運 算元為真(TRUE)時’回傳TRUE之一值。打散器序列群產生器 (Scrambler Syndrome Sequence Generator)之值在 SOF 基本型別,及緊跟 著SOF基本型別之後的FIS類別攔位的值後被重新設定。在FIS類別 欄位之值傳輸時之打散器序列群等於供打散器使用之種子。FIS打散處 理之主要目的為降低電磁干擾。應瞭解,任何適當之打散或能轉換資 料FIS之方法均可使用,但其使用不能有悖本發明之目的。 第4圖顯示第3圖插入ALIGN基本型別52、54之位元配置示意 圖。ALIGN基本型別52、54由傳輸器植入,且不用打散處理。姐伽 基本型別52、54被植入在第3圖之資料FIS 44之位元配置之預定位置。 ALIGN基本型別52、54係提供信號調整流程控制。於一實施例中,每 傳輸256個DWORD中,可能會有連續偶數之处1(^基本型別產生。 而這些ALIGN基本型職轉财之—部分,·在接收到後自 内文中刪除。為說明本發明之-般原理,假定所有从髓基本型別均 已被刪除。In one embodiment, the break-out operation is performed by a pre-defined Scrambler Syndrome Sequence and a plurality of DWORDs of the FIS for an XOR (ExclusiveOR) operation. Where XOR is a Boolean operator that returns a value of TRUE when any of its operands is true (TRUE). The value of the Scrambler Syndrome Sequence Generator is reset after the SOF base type and the value of the FIS category block immediately following the SOF base type. The group of disperser sequences when the value of the FIS category field is transmitted is equal to the seed used for the dissipator. The main purpose of FIS break-up processing is to reduce electromagnetic interference. It should be understood that any suitable method of breaking up or converting the FIS can be used, but its use cannot be for the purpose of the present invention. Figure 4 shows a schematic diagram of the configuration of the bit inserted into the ALIGN basic type 52, 54 in Figure 3. The ALIGN basic models 52, 54 are implanted by the transmitter and do not need to be broken up. Sister gamma Basic types 52, 54 are implanted at the predetermined location of the bit configuration of FIS 44 in Figure 3. ALIGN basic models 52 and 54 provide signal adjustment process control. In an embodiment, for every 256 DWORDs transmitted, there may be consecutive even numbers 1 (the basic type is generated. And these ALIGN basic functions are transferred to the part, and are deleted from the text after receiving. To illustrate the general principles of the invention, it is assumed that all of the basic types of the marrow have been deleted.
如上所述,可提供-FIS類別侧器於連結層32(如第8圖所會 示)’以決定以連結層協定格式封裝之FIS是否為一資料肥。若打散 之後之8位元FIS類別值之值是16進制之〇χ(:Β,其為一資料阳。另 -方法為檢«料打散財列群之值,若其16進制值為㈣d即為一 資料HS。尚有-方法為偵測s〇F基本型別後面之1〇_位元編碼字元(若 其以二進制格式之值為1101000110,則為—資料打幻。 f非所有偵出之資料之FIS必須加以加解密處理。就像是具有與裝 ΐ 定Γ態細象ATA指令的f _ «要經過加/解 後益22的處理(請參考第1圖)。舉例來說盘ρι〇下的 15 1330320 ---------- 4月27曰修正替換 IDENTIFY_DEVICE指令相關之資料FIS,不需要由加/解密器22做加 密/解密運算,如同所有與裝置組態、設定與狀態查詢相關的指令或資 料。各種相關之PIO指令/資料C’BypassTrue”類別)列表如下.As described above, the -FIS category side device can be provided at the tie layer 32 (as shown in Fig. 8) to determine whether the FIS packaged in the tie layer protocol format is a data fertilizer. If the value of the 8-bit FIS category value after the break is hexadecimal (: Β, it is a data yang. Another method is to check the value of the scatter column, if its hexadecimal value For (4)d, it is a data HS. There is still a method to detect the 1〇_bit coded character following the basic type of s〇F (if it has a value of 1101000110 in binary format, it is - data fiction. f The FIS of all non-detected data must be encrypted and decrypted. It is like the processing of f__ after the addition/resolution of the ATA instruction with the ATA command (see Figure 1). For example, the 15 1330320 ---------- April 27 曰 correction replaces the information related to the IDENTIFY_DEVICE instruction FIS, does not need to be encrypted / decrypted by the encryption / decryptor 22, as all The device configuration, setting and status query related instructions or data. The various related PIO instructions / data C'BypassTrue" category) is listed below.
CFA-TRANSLATE-SECTORCFA-TRANSLATE-SECTOR
DEVICE-CONFIGURATION-IDENTIFYDEVICE-CONFIGURATION-IDENTIFY
IDENTIFY-DEVICEIDENTIFY-DEVICE
IDENTIFY-PACKET-DEVICEIDENTIFY-PACKET-DEVICE
READ-LOG_DATAREAD-LOG_DATA
SMART-READ-LOG-SECTORSMART-READ-LOG-SECTOR
CFA-WRITE-MULTIPLE-WITHOUT-ERASECFA-WRITE-MULTIPLE-WITHOUT-ERASE
CFA-WRITE-SECTOR-WUTHOUT-ERASECFA-WRITE-SECTOR-WUTHOUT-ERASE
DEVICE-CONFIGURATION-SETDEVICE-CONFIGURATION-SET
DOWNLOAD-MICROCODEDOWNLOAD-MICROCODE
SECURITY-DISABLE-PASSWORDSSECURITY-DISABLE-PASSWORDS
SECURITY-ERASE-UNITSECURITY-ERASE-UNIT
SECURITY-SET-PASSWORDSSECURITY-SET-PASSWORDS
SECURITY-UNLOCKSECURITY-UNLOCK
SMART-WRITE-LOG-SECTORSMART-WRITE-LOG-SECTOR
WRITE-LOG-EXT 精於此技藝人士可瞭解’各式各樣新的PI〇指令可被增加於sata 規格之未來版本中,以供根據本發明之一般原理之使用。 [0038] — ΑΤΑ資料傳輸指令通常攜有—或多個資料FIS,直到其協定 序列終止。所有ΑΤΑ指令可經由檢查在SATA傳輸層34中之暫存器_ 16 1330320 主機至裝置fis 56之指令欄位(第三位元⑷, 替換 示意圖所示。如第5圖中所示,暫存器·主機= 貞出’如第5圖之 16進制之值為0x27(已還原,de-scramWed)。因^岱56之HS類別 /解密器22處理,可以指令來控制。即,如偵否不經由加WRITE-LOG-EXT It is understood by those skilled in the art that a wide variety of new PI commands can be added to future versions of the sata specification for use in accordance with the general principles of the present invention. [0038] - The data transfer instruction typically carries - or multiple data FIS until its agreed sequence is terminated. All instructions can be checked by checking the register field of the register _ 16 1330320 host to the device fis 56 in the SATA transport layer 34 (the third bit (4), as shown in the alternative diagram. As shown in Figure 5, temporary storage The host/host = output 'as shown in Figure 5, the value of hexadecimal is 0x27 (restored, de-scramWed). Because of the HS class/decryptor 22 of ^岱56, it can be commanded to control. No, no plus
True”類別時,如上所述,所有在指令 ^ ,Bypass 1 Υ之貝枓FIS將不經由加/ 解“ 22(如弟i圖戶㈣處理。反之,如谓測出之指令屬於 麻,類別時,在此類指令協定下之所有資料阳均應由加/解密器Μ 予以加解密處理。各種的PIO及高速直接記憶體存取(uitm dma, UDMA)”Bypass False”類別指令之舉例下:In the True category, as mentioned above, all the FIS FIS in the command ^, Bypass 1 will not be processed via the addition/decomposition "22" (ie, if the instruction is a hemp, category) All data under the command protocol shall be encrypted and decrypted by the add/drop device. Examples of various PIO and high-speed direct memory access (uitm dma, UDMA) "Bypass False" class instructions :
READ-SECTORREAD-SECTOR
READ-SECTOR-EXTREAD-SECTOR-EXT
READ-MULTIPLEREAD-MULTIPLE
READ-MULTIPLE-EXTREAD-MULTIPLE-EXT
READ-BUFFERREAD-BUFFER
READ-DMAREAD-DMA
READ-DMA-EXTREAD-DMA-EXT
WRITE-SECTORWRITE-SECTOR
WRITE-SECTOR-EXTWRITE-SECTOR-EXT
WRITE-MULTIPLE WRITE-MULTIPLE-EXT WRITE-BUFFER WRITE-DMA WRITE一DMA—EXT 17 1330320WRITE-MULTIPLE WRITE-MULTIPLE-EXT WRITE-BUFFER WRITE-DMA WRITE-DMA-EXT 17 1330320
Lfl午4月Z7日1Lfl noon April Z7 1
=此,如-SATA指令龄侧於自/至實體齡髓(如C丽之 先執故碟機之區段)之讀出/寫入資料,該特別指令協 之承載均須加/解密處理。 貝科IS t曝人士射雜,各;物_ PIQ鱗齡及DMA W寫k可增加至SATA㈣之未來版本中’再根據本發明之原理鹿 用。例如,目前之SATA規格僅提供PI〇運算碼,但對F7、fb、== This, if the -SATA command age side reads/writes data from the physical age to the physical age (such as the section of C Li's first disc drive), the special command coherent bearer must be added/decrypted. Beike IS t exposure people, each; _ PIQ squad and DMA W write k can be added to the future version of SATA (four)' and then according to the principle of the present invention deer. For example, the current SATA specification only provides PI〇 opcodes, but for F7, fb, =
,5E則無齡綱,其柯_絲如,傳輸長度由區段計數暫存 益控制(值0-255代表256個區段)。他們遵照ΑΤΑρι〇的時序及控制流 程信號,但如指令security—eraslu^t(參考上述)可能需一長時 間執行。所魏在未制之UDMA運算碼㈣沿迎隐㈤, 5F-UDMAWrite。其指令特性目前不明。 在本發明-貫施例中,指令協定中之所有資料類別FIS,其中偵出 之指令未列入”Bypass False”類別或”Bypass True,,類別者,均不經由加/ 解密器22處理。例如,加/解密SATA裝置2〇可能無法被設定去支援 DMA 4曰令QUEUE(係一攜帶資料需要密碼處理的資料讀/寫指令),因 此,指令及資料被通過,意即,不需經由加/解密器22處理。5E is no age, its ke-si, the transmission length is controlled by the segment count temporary benefit (value 0-255 represents 256 segments). They follow the timing of the ΑΤΑρι〇 and control the flow signal, but the instruction security-eraslu^t (refer to the above) may take a long time to execute. Wei in the unmade UDMA opcode (four) along the Yingxian (five), 5F-UDMAWrite. Its command characteristics are currently unknown. In the present invention, all data categories FIS in the instruction protocol, in which the detected instructions are not listed in the "Bypass False" category or "Bypass True", are not processed via the encryptor/decryptor 22. For example, the encryption/decryption SATA device 2 may not be configured to support the DMA 4 command QUEUE (a data read/write command that requires data processing with a password), so the instructions and data are passed, meaning that no The add/drop decoder 22 processes.
99年4月27日修正替換 第6圖為連結層32中之暫存器·主機至裝置FIS 58之位元配置之 表格示意圖,其分別說明在傳輸層及連結層中之一’,暫存器_主機至裝 置’’FIS之位元配置。如第6圖所示,FIS類別具有8位元編碼之16進 制值OxAA。第6圖中指令攔位60之資料打散器序列群具有預定之16 進制值0xD2。因此’連結層32中之指令攔位的值會等同於16進制值 0xD2與還原(de-scrambling)運算前之運算碼之,,互斥或,,(x〇R)運算結 果。 第7圖為本發明加/解密SATA裝置20(如第1圖所示)之一實施例 之部分示意圖(僅一側)。精於此技藝人士可瞭解,其他選擇的組態(如 並列式ΑΤΑ介面及/或通用序列匯流排(Universai Serial Bus,USB)介面) 可提供於加/解密SATA裝置20之另一側。 18 卯年4月27日修正替換 第7圖繪示提供於傳輸層34中之FIS類別偵測器62。FIS類別憤 測器62之可用以偵測及檢查從連結層32而來之Fis標頭之FIS類別攔 位(第一個位元組)。如FIS類別攔位值為一 16進制值〇χ46,則接收到 之FIS為資料FIS。否則’其為非資料FIS。如接收到之FIS為資料FIS, 則FIS類別偵測器62將資料FIS承載送至加/解密器22做加/解密運算。 如在HS類別欄位中未找到16進制值0x46,則FIS類別偵測器62將 非資料之FIS自傳輸層34經應用層36導離加/解密器22,即不需加解 密處理。 傳輸層34中亦包含一 ΑΤΑ指令過濾器64,並適於檢驗來自連結 層32之任何暫存器_主機至裝置FIS(FIS類別之16進制值為ο。?)之指 令攔位(第一個32位元DWORD之第三個位元組,見第5圖)。ΑΤΑ指 令過濾器64提供加/解密器22之繞徑(Bypass)控制。如偵出之暫存器_ 主機至裝置FIS的第三個位元組不屬於上述”Bypass True„指令類別的 裝置組態、設定及狀態查詢時,即將,’繞徑,,旗標設定為,,假”(False)。否 則,ΑΤΑ指令過濾器64設定,’繞徑,,旗標為,,真,,(True)。則全部暫存器· 主機至襄置FIS被導至應用層36,即,不由加/解密器u作任何處理。 =/解密22保持為先前執行後之狀態,直到下一個從ATA指令過遽 器64之繞徑旗標控制信號來改變它。如必須作所需之適當資料緩衝 時,一 FIFO緩衝器66(如第7圖所繪示),可耦接於ns類別偵測器& 與加/解密器22之間。 如第8圖所示之本發明之加/解密器SATA裝置20(如第1圖所繪示) 之另貫她例之部分(僅一側)示意圖。精於此技藝人士可瞭解,其他 構型之(如並列式ATA介面及/或USB介面)需要時,可備於加/解 SATA裝置20之另一側。 如第8圖所繪示,連結層32中亦備有FIS類別债測器68。FIS類 ,偵測器68可_四方法之―,以決定自實體層之3()進人之位元流 疋否包括封包的貧料FIS。第一種方法係決定一規定之還原後之位元 1330320 99年4月27日修正替換 值,例如在SOF基本型別之後之第一個還原後之位元值。在SOF基本 型別之後第一個已還原之值若為16進制值0x46,則其屬資料HS。第 二個方法包含檢查一規定之打散後之位元值,例如SOF基本型別後之 第一個打散後之位元值。在SOF基本型別之後,第一個打散後之位元 值若為16進制值OxCB,則其屬資料FIS。第三個方法係以0x8D相關 的打散器序列群之16進制值來決定。一資料FIS應有8位元已打散之 16進制值OxCB。第四個方法決定在SOF基本類別之後之第一個10-位元字元之内容。其應具有二進制值(1101000110)。Correction and replacement of Figure 6 on April 27, 1999 is a table diagram of the bit configuration of the register to host to device FIS 58 in the connection layer 32, which respectively illustrates one of the transport layer and the link layer, temporarily storing _ Host to device ''FIS bit configuration. As shown in Fig. 6, the FIS category has an 8-bit coded 16-value OxAA. The data shuffler sequence group of command block 60 in Fig. 6 has a predetermined hexadecimal value of 0xD2. Therefore, the value of the instruction block in the link layer 32 is equivalent to the hexadecimal value 0xD2 and the operation code before the de-scrambling operation, the exclusive OR, (x〇R) operation result. Figure 7 is a partial schematic view (only one side) of one embodiment of an encryption/decryption SATA device 20 (shown in Figure 1) of the present invention. Those skilled in the art will appreciate that other configurations (e.g., a side-by-side interface and/or a universal serial bus (USB) interface) may be provided on the other side of the add/uncrypt SATA device 20. 18 April 27, Amendment Replacement Figure 7 depicts the FIS category detector 62 provided in the transport layer 34. The FIS category anger 62 can be used to detect and check the FIS category block (first byte) of the Fis header from the link layer 32. If the FIS category intercept value is a hexadecimal value 〇χ 46, the received FIS is the data FIS. Otherwise, it is a non-data FIS. If the received FIS is the data FIS, the FIS category detector 62 sends the data FIS bearer to the encryption/decryptor 22 for the encryption/decryption operation. If the hexadecimal value 0x46 is not found in the HS category field, the FIS category detector 62 directs the non-data FIS from the transport layer 34 to the add/drop device 22 via the application layer 36, i.e., no decryption is required. The transport layer 34 also includes a command filter 64 and is adapted to check the instruction block from any register_host to device FIS of the link layer 32 (the hexadecimal value of the FIS category is ο.?) The third byte of a 32-bit DWORD, see Figure 5). The filter 64 is provided with the Bypass control of the add/drop device 22. If the third byte of the detected device_host to device FIS does not belong to the device configuration, setting and status query of the above "Bypass True" command class, the 'winding, flag' is set to , false (False). Otherwise, the command filter 64 is set, 'by-path, flag is,, true, (True). Then all the registers · host to device FIS are led to the application layer 36, that is, no processing by the encryptor/decryptor u. =/Decryption 22 remains in the state after the previous execution until the next ATA command passes the bypass flag control signal of the buffer 64 to change it. When the appropriate data buffer is required, a FIFO buffer 66 (as shown in FIG. 7) can be coupled between the ns type detector & and the add/drop device 22. As shown in FIG. A schematic diagram of a portion (only one side) of the additional/decryptor SATA device 20 (shown in Figure 1) of the present invention. Those skilled in the art will appreciate that other configurations (e.g., parallel ATA) The interface and/or USB interface can be provided on the other side of the add/drop SATA device 20 as needed. As shown in FIG. 8, the bonding layer 32 There is also a FIS class debt detector 68. The FIS class, the detector 68 can be used to determine whether the bit stream from the physical layer 3() is included in the packet, including the poor FIS of the packet. The method determines a specified restored bit 1330320 on April 27, 1999 to correct the replacement value, such as the first restored bit value after the SOF basic type. The first after the SOF basic type If the restored value is hexadecimal value 0x46, it belongs to the data HS. The second method involves checking the specified bit value after the break, for example, the first bit after the SOF basic type. The value of the element. After the SOF basic type, the first bit value after the break is hexadecimal value OxCB, which belongs to the data FIS. The third method is the 0x8D related disperser sequence group 16 The hexadecimal value is determined. A data FIS should have a hexadecimal value of OxCB with 8 bits broken. The fourth method determines the content of the first 10-bit character after the SOF base class. It should have Binary value (1101000110).
如一資料FIS已被偵測出,FIS類別偵測器68將此資料HS送至 加/解密器22用以做加/解密運算。否則,FIS類別偵測器68將此非資 料FIS通過實體層30及連結層32遠離力σ/解密器22,即,不作密碼處 理。If the data FIS has been detected, the FIS category detector 68 sends the data HS to the encryptor/decryptor 22 for the encryption/decryption operation. Otherwise, the FIS class detector 68 moves the non-material FIS through the physical layer 30 and the link layer 32 away from the force σ/decryptor 22, i.e., without cryptographic processing.
連結層32中亦包含一 ΑΤΑ指令過濾器70,並適於決定自實體層 30進入之位元流是否包含一暫存器-主機至裝置FIS,其包含屬於上 述’’Bypass True”類別之ΑΤΑ指令。於連結層32中暫存器-主機至裝置 FIS可利用四種方法之一被偵測出。第一個方法決定預定還原後位元組 之值,例如在SOF基本型別後之第一個已被還原後之位元組之值。若 為暫存器-主機至裝置FIS,SOF基本類別後之第一個已被還原後之位 元組值應為16進制值0x27。第二個方法決定一預定打散位元組之值, 例如SOF基本型別後之第-個打散後之位元組之值。若為暫存器-主機 至裝置FIS,SQF基本侧後之第-谢了散後之位元組之值應為16進 繼ΟχΑΑ。第三個方法以相關打散器序列群16進制值〇側。用以決定 位元組值。其若為暫存器·主機至裝置FIS其應具有8位元編碼之Μ進 制值OxAA。第四個方法決定S0F基本型另懷之第—個1〇_位元字元之 内容。其應具有以二進制格式之值_1011〇1〇)。一 FIF〇緩衝考72(如 第8圖所示)係麵接至FIS類別偵測器68與加/解密器22 當之資料緩衝。 週 20 1330320 99年4月27日修正替換 一精於此技藝人士將無疑的認為在二實施例中(第7圖及第8圖), 並非必須將本發明之加/解密SATA裝置中之傳輸層及/或連結層協定之 集合全部分解,以便實施資料之密碼處理。因此,實施第7圖及第8 圖說明之實施例之軟體/硬體之等待時間及複雜度可以大為降低。 第9圖為一方塊圖’說明本發明實施之加解密作業控制。應瞭解 在任一貫施例中(如第7圖及第8圖),ΑΤΑ指令過濾器(64或70)之,,繞 控制信號與主控制器24中之”預設定繞徑”信號加以邏輯,,或”(〇R) 運算,其中,主控制24之輸出控制加/解密器22之作業。主控制器24 中之”預設定繞徑”信號在加/解密SATA裝置20之全部功率週期可保 持怪疋。如預设定繞控”信號被設定為邏輯”丨”,則,,繞徑,,旗標將設定 為真,不淪ΑΤΑ指令過濾器之狀態為何。如其被設定為邏輯,,〇,,,加 /解密器22之作業則僅視ΑΤΑ指令過濾器提供之,,繞徑,,控制信號而定。 將FIS類別偵測器及ΑΤΑ指令過濾器設置於連結層32 ,如第8圖 所示,可有各種優點。例如,如在連結層32中實施偵測作業,將 類別DWORD輸送至傳輸層之等待時間可降低。自彻裡反應之時間 將較為不被侷限。較費時之流程㈣在嵌人式中錢理單元((:論31 Processing Unit,CPU)中實作時,所獲得之額外時間將甚為有用。另一 方面’第7圖之實施例之優點為簡單,意即,只需要較不複雜之控制 邏輯設計即可。 第10圖為經由本發明之加/解密SATA裝置2〇(如第】圖所示)之資 料流程之示意圖。特別是’基於pi〇 f料輸出指令(ρι〇触㈤ Command)之資料流程將予以說明。序列式紙加/解密裝置2〇根據反 應及響應在主機及裝置序列式ATA通道上所接收及_出之資料而作 業。在此實施例中’假定加_ SATA裝置2〇初始設定為”閒置,,狀態, 此時,其柃聽主機與裝置端序列式ATA通道之任何活動。在此狀離下 之”繞徑,,旗標為,’真”。在步驟i中,加/解密SAm裝置Μ侧出一至 主機接收狀pio資料輸出指令❿其次,決定收到之ρι〇資料輸出 21 1330320 _99年4月27曰修正替換_ 指令是否屬於預定類別。如PIO t料輸出指令屬於預定類別,則加/解 密SATA裝置20之主控制器24重新設定,,繞徑,,旗標(如第9圖所示)為” 假”,即加/解密器22為加密模式。 步驟2中,加/解密SATA裝置2〇將自裝置接收之ρι〇設定pH旁 路至主機。步驟3中,加/解密SATA裝置2(H貞出已自主機接收之資料 FISj其資料FIS中之所有資料DW〇R〇將被引導至加/解密器Μ以備 加密。步驟4中,如加/解密SATA裝置2(M貞出一(狀態)暫存器肥已 自裝置(指令完成或令止)收到,於是,,繞徑,,旗標(如第9圖所示)將被再The link layer 32 also includes a command filter 70 and is adapted to determine whether the bit stream entered from the physical layer 30 includes a register-host to device FIS containing the category of the 'Bypass True' category described above. The instruction. The scratchpad-host to device FIS in the link layer 32 can be detected by one of four methods. The first method determines the value of the byte after the predetermined restore, for example, after the SOF basic type. The value of a byte that has been restored. If it is a scratchpad-host to device FIS, the first byte after the SOF base class has been restored should be a hexadecimal value of 0x27. The two methods determine the value of a predetermined break bit, such as the value of the first broken bit after the SOF basic type. If it is a scratchpad-host to device FIS, the SQF base side is followed by The value of the first and second bytes should be 16. The third method is based on the hexadecimal value of the relevant disperser sequence group. It is used to determine the value of the byte. The host-to-device FIS should have an 8-bit encoded binary value of OxAA. The fourth method determines the S0F basic type. The content of the first - 1 _ _ character character. It should have the value of the binary format _1 011 〇 1 〇). A FIF 〇 buffer test 72 (as shown in Figure 8) is connected to the FIS category The detector 68 and the encryptor/decryptor 22 are buffered as data. Week 20 1330320 April 27, 1999 Amendment to a skilled person will be undoubtedly considered in the second embodiment (Fig. 7 and Fig. 8) It is not necessary to decompose the transport layer and/or the link layer protocol in the SATA device of the present invention to implement the cryptographic processing of the data. Therefore, the software of the embodiment described in the FIGS. 7 and 8 is implemented. The waiting time and complexity of the hardware can be greatly reduced. Figure 9 is a block diagram illustrating the encryption and decryption operation control implemented in the present invention. It should be understood that in any consistent application (such as Figures 7 and 8), ΑΤΑ command filter (64 or 70), logic signal, or "(R) operation around the control signal and the "pre-set path" signal in the main controller 24, wherein the output control of the main control 24 is added /Decryptor 22 operation. The "pre-set routing" signal in the main controller 24 maintains quirks throughout the power cycle of the add/uncrypt SATA device 20. If the pre-set winding control signal is set to logic "丨", then, the path, the flag will be set to true, regardless of the state of the command filter. If it is set to logic, 〇,, The operation of the add/drop device 22 is only determined by the command filter, the path, and the control signal. The FIS type detector and the command filter are set at the link layer 32, as shown in FIG. It can be seen that there are various advantages. For example, if the detection operation is performed in the connection layer 32, the waiting time for transporting the category DWORD to the transport layer can be reduced. The time from the Chery reaction will be less limited. The time-consuming process (4) The extra time obtained will be very useful when implemented in the embedded processing unit (CPU). On the other hand, the advantages of the embodiment of Fig. 7 are simple, meaning Only a less complicated control logic design is needed. Fig. 10 is a schematic diagram of the data flow of the SATA device 2 (as shown in the figure) via the present invention. In particular, 'based on pi〇f material Output instruction (ρι〇 (5) Command) data stream The sequential paper adding/decrypting apparatus 2 operates according to the response and response data received and transmitted on the serial ATA channel of the host and the device. In this embodiment, 'assumed to add _ SATA device 2 〇 initial Set to "idle, state, at this time, it listens to any activity of the serial ATA channel between the host and the device. In this case, the path, the flag is, 'true.' In step i, Add/decrypt SAm device Μ side to host receiving pio data output command ❿ second, decide to receive ρι〇 data output 21 1330320 _99 April 27 曰 correction replacement _ command belongs to the predetermined category. For example, PIO t material output instruction In the predetermined category, the main controller 24 of the add/decrypt SATA device 20 resets, the path, and the flag (as shown in Fig. 9) is "false", that is, the encryptor/decryptor 22 is in the encryption mode. 2, the add/decrypt SATA device 2 旁路 bypasses the ρι〇 setting pH received from the device to the host. In step 3, the SATA device 2 is added/decrypted (H 贞 已 已 已 接收 接收 接收 接收 接收 F F F F F All data DW〇R〇 will be directed to the encryption/decryptor In order to encrypt, in step 4, such as adding/decrypting SATA device 2 (M 贞 one (state) register has been received from the device (command completed or terminated), then, the path, the flag ( As shown in Figure 9) will be re
設,為”真,,,加/解密SATA裝置2〇返回”閒置,,狀態。否則,如指令尚 未完成,處理程序分別重復步驟2、步驟3及步驟4 ^ -為根據本發明另一實施例之經加/解密Sata穿置如之 料流程之。朗是,聽職資機人齡(DMA Data In Com臟歇資料流程將予以說明。假定加/解密ΜΑ裝置2〇初始設 定為間置”狀態’其岭聽主機與裝置端序列式ata通道之任何活動。 於此狀態時之,’繞徑”旗標為,,真,,。 硬碟機準備傳輸龍至主機時,硬碟機發出一適當 要,5敍主機。在收到主機之回應訊息後,硬碟機傳送-資料類別 之™。依據收到的資料FIS後,主機控制器中之DMA引擎傳送接收 之資料至域端之已先行規默《'財之錄。 =加7解密_裝置2〇偵測出已自主機收到一臟 貝枓輸才曰々™ ’如該指令屬於預定類別,加繼SATA裝置20之Set, for "true,,, add/decrypt SATA device 2〇 return" idle, state. Otherwise, if the instruction has not been completed, the processing procedure repeats steps 2, 3, and 4, respectively, for the process of adding/decrypting the Sata according to another embodiment of the present invention. Long is, listening to the age of the employee (the DMA Data In Com data system will be explained. Assume that the encryption/decryption device 2 is initially set to the inter-statement state] the ridge listens to the host and the device-end serial ata channel Any activity. In this state, the 'winding' flag is,, true,,. When the hard disk machine is ready to transmit the dragon to the host, the hard disk machine sends a proper request, and the host is responded to. After the message, the hard disk drive transmits the data-type TM. After the FIS is received, the DMA engine in the host controller transmits the received data to the domain side and has already preempted the rule. _Device 2〇 detects that a dirty shell has been received from the host. If the command belongs to a predetermined category, the SATA device 20 is added.
驻番川…眭以… 旗椒第圖所示)為,,假,,,加/解密SATA 裝,此時為解贱式,2中,當序 _自裝置料ns中之所有動 已22自3中’如序列式ATA加/瓣置如 «會被主_ :令已完成或中止),”繞徑” 丹。又足為真,加/解密SATA裝置20變為,,間 22 1330320 99年4月27日修正替換 置。否則,如決定指令未完成,將重複步驟2及步驟3。 第12圖概略說明本發明之加/解密SATA至In Fanchuan...眭... The flag of the pepper is shown in the figure),,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, From 3 in the 'sequence ATA plus / flap set such as « will be the main _: order has been completed or aborted", "around the path" Dan. It is true that the SATA device 20 is added/decrypted, and the replacement is set on April 27, 1999. Otherwise, if the decision command is not completed, steps 2 and 3 will be repeated. Figure 12 is a schematic view of the encryption/decryption SATA of the present invention to
DriveDrive
Electronics,IDE)實作。特別是,加/解密SATA裝置2〇之一側係經由 - SATA-to-IDE狀轉譯馳接至—⑽信號介面%。IDE信號介面 76提供一 IDE通道至-裝置(圖中未示)。加/解密SAm裝置2〇之另一 側提供- SATA通道至主機(圖中未示),如第12騎心加/解密sata 裝置20經由SATA-to-IDE協定轉譯器74傳送下流控制訊號及資料至 IDE信號介面76。加/解密SATA裝置2〇自咖信號介面%經 SATA-to-IDE協定轉譯器74接收上流控制訊號及資料。 在第I2圖之-實施例中,加_SATA裝置Μ根據第7圖說明 之組態實施4傳輸層34上提供-ATA指令·器6心在第12圖十 之另-實例中,加/解密SATA裝置2〇根據第8目說明之組態實施。趣 指令過濾器70係備於連結層32上。 上述之實施例可以由硬體及/或軟體型式實施。利用本發明之加/解 密SATA裝置可提供不同之優點。例如,F][S分析時間可縮短。此外, 硬體及軟H複雜'轉低。此外,Μ要分解所有資料以決定是否 要加/解宠。Electronics, IDE) implementation. In particular, one side of the add/uncrypt SATA device 2 is connected to the -10 signal interface via a SATA-to-IDE translation. The IDE signal interface 76 provides an IDE channel to the device (not shown). The other side of the add/decrypt SAm device 2 provides a SATA channel to the host (not shown), such as the 12th riding center encryption/decryption sata device 20 transmitting the downstream control signal via the SATA-to-IDE protocol translator 74 and Data to the IDE signal interface 76. The add/decrypt SATA device 2 receives the upstream control signal and data via the SATA-to-IDE protocol translator 74. In the embodiment of FIG. 12, the _SATA device is implemented according to the configuration illustrated in FIG. 7 and the ATA command is provided on the transport layer 34. In the other example of FIG. 12, plus / The decrypted SATA device 2 is implemented according to the configuration described in the eighth item. The fun command filter 70 is provided on the joining layer 32. The above embodiments may be implemented in a hard and/or soft type. The use of the add/drop SATA device of the present invention provides different advantages. For example, F][S analysis time can be shortened. In addition, the hardware and soft H complex 'turns low. In addition, you should break down all the data to decide whether you want to add/receive.
揭不,加/職SATA錢及紐可迅龍财料_訊框(触 FIS)與非諸訊框⑽收Data FIS),因峨整體加/解密作業更有效率及 降低複雜度。此外,本發衡揭露的加/解密SATA裝置可將自二(序列 式湯)介面接收之選擇性資料流加/解密。此夕卜帛12圖之加/解^篇 ,置:將自序列式ΑΤΑ及IDE介面接收之選擇性資料流加以加/解密運 异。貫作包括—相式ATA_tD彻刚相匯流排,馳_ι §祝 =’ =_合(連接器),其可將自序列式鑛及聰介面接收 擇貝枓流加/解密。 如以上所述,各種實施燃實作於許多朗裝置卜這些裝置包 括’而不限於内部硬碟機、CDR⑽、DVDR〇M、cdrw、wdrw, 23 1330320 99年4月27日修正替換 及裝有序列式ΑΤΑ之關記憶體;外部可攜式硬顿、cdr〇m, WDROM、CDRW、DVDRW ’裝有序列式ata介面之网記憶體;序 列式ΑΤΑ办IDE/IDE-t。-序列式规模組、序列式规心⑽舰纽如 序列式ΑΤΑ 4莫組、個人電腦(PC)、筆記型電腦、膝上型%,及圖 入板(Tablet) PC 等。 精於此技藝人士有解,其她似/或_,在不_本發明之 目的及其綱時,可驗上述之實施例卜此外,所有名詞均應以廣 ^而與上下文匹配方式轉。特別是,,,包含”及,,包括,,應以非排除方 式解釋參考之元件,組件,或步驟,指出其出現,被制,或鮮他 組件合用,或絲明參权鱗,元件或步驟細。 、 本發明已以較佳貫施例詳細朗,但應瞭解不同之修改及變化 ,離本發明之精神及細下,均可實施。此—方面,甚為重要的是 ====述之朗。許多其議崎化在鱗於 術者發明之特點:其目的在使熟習該技 故 今並據以貫把,而非限疋本發明之專利範圍。 魯 =其他未悻離本發明賴示之精神所完成之等效修飾或修改 應包含在以下所述之申請專利範圍中。 【圖式簡單說明】 第1圖為根據本發明之加/解密SATA裝置之方塊圖; 示意圖; =2圖為根據本發明之SATA#輸層中之資料ns之位元配置表格 圖;第3圖為據本發明之SATA連結層中資料FIS位元配置表格示 第4圖為拫據本發明之第3 1植人ALIGN齡侧叙位元配 意 置 24 丄⑽320 99年4 j 27日修正替換 配置據本發明之8皿#輪層中暫存器-主機至裝置之位元 =^根縣㈣之SATA連騎巾暫存器·主齡裝置之位元 配置之表格示意圖; 立第7圖為本發明第1圖之加/解密SATA裝置之一實施例之部分示 思圖;Uncovering, adding/serving SATA money and Newcomer Dragon's material _ frame (touch FIS) and non-frame (10) receive Data FIS), because the overall encryption/decryption operation is more efficient and reduces complexity. In addition, the encryption/decryption SATA device disclosed in the present specification can add/decrypt selective data streams received from the two (sequence soup) interface. In addition, the addition/resolution of the 12th image is set to: add/decrypt the selective data stream received from the serial port and the IDE interface. The continuous process includes a phase-to-phase ATA_tD punctual flow bus, and a _ _ § wish == = _ (connector), which can receive/decrypt the self-sequence mine and the Congjie interface. As mentioned above, various implementations have been implemented in many devices including 'not limited to internal hard disk drives, CDRs (10), DVDR〇M, cdrw, wdrw, 23 1330320, revised and replaced on April 27, 1999. Serial memory: external portable hard drive, cdr〇m, WDROM, CDRW, DVDRW 'network memory with serialized ata interface; serial system IDE/IDE-t. -Sequence size group, sequence type regulation (10) Ships such as serial type 莫 4 groups, personal computer (PC), notebook computer, laptop type, and tablet PC. Those skilled in the art have a solution, and others seem to be / or _, in the absence of the purpose of the invention and its outline, the above embodiments can be examined. In addition, all nouns should be transferred in a wide-ranging and context-matching manner. In particular, the inclusion of "and", "including", "comprising", "comprising", "," The present invention has been described in detail in the preferred embodiments, but it should be understood that various modifications and changes can be made without departing from the spirit and scope of the invention. In this aspect, it is important that === = 朗朗。 Many of the characteristics of the discussion of the invention in the scale of the invention: its purpose is to familiarize themselves with the technology and to do so, not limited to the scope of the patent of the invention. The equivalent modifications or modifications made by the spirit of the present invention should be included in the scope of the following patent application. [FIG. 1] FIG. 1 is a block diagram of an AAA device according to the present invention; ; = 2 is a bit configuration table diagram of the data ns in the SATA# transmission layer according to the present invention; FIG. 3 is a table showing the FIS bit configuration table in the SATA connection layer according to the present invention. The invention of the 3rd implanted ALIGN age side meta-location is intended to set 24 丄320 99 4 4 27 modified replacement configuration according to the present invention 8 dishes # wheel layer in the register - host to device bit = ^ root county (four) SATA even the towel register / the device of the age-old device FIG. 7 is a partial view of an embodiment of an encryption/decryption SATA device according to FIG. 1 of the present invention;
表格示意圖; 第8圖為本發明第1圖之加/解密SATA裝置之又-實施例之部分 示意圖; 第9圖根據本發明之加/解密運算控制方塊圖; 第ίο圖為根據本發明一實施例,通過第丨圖之加/解密裝置 之資料流之示意圖; 第11圖為根據本發明又一實施例,通過第1圖之加/解密SATA 裝置之資料流示意圖; 第12圖為根據本發明之加/解密SATA-to-IDE實作示意圖。FIG. 8 is a partial schematic view of an embodiment of an encryption/decryption SATA device according to FIG. 1 of the present invention; FIG. 9 is a block diagram of an encryption/decryption operation control according to the present invention; Embodiments, a schematic diagram of a data flow through an encryption/decryption device of the first drawing; FIG. 11 is a schematic diagram of data flow through an encryption/decryption SATA device of FIG. 1 according to still another embodiment of the present invention; The schematic diagram of the SATA-to-IDE implementation of the encryption/decryption of the present invention.
【主要元件符號說明】 20 加/解密式SATA裝置 22 加/解密器 24 主控制器 26 裝置協定堆疊 28 主機協定堆疊 30 實體層 32 連結層 34 傳輸層 25 1330320 36 應用層 38, 44 資料FIS 40 標頭 42 第一位元組 46 SOF基本型別 48 CRC檢查碼 50 EOF基本型別 52, 54 ALIGN基本型別 56,58 暫存器-主機至裝置FIS 60 指令欄位 62, 68 FIS類別偵測器 64,70 ΑΤΑ指令過濾器 66, 72 FIFO緩衝器 74 SATA-to-IDE協定轉譯器 76 IDE信號介面 99年4月27日修正替換 26[Description of main component symbols] 20 Add/Decrypt SATA device 22 Adder/decryptor 24 Host controller 26 Device protocol stack 28 Host protocol stack 30 Physical layer 32 Link layer 34 Transport layer 25 1330320 36 Application layer 38, 44 Data FIS 40 Header 42 First tuple 46 SOF basic type 48 CRC check code 50 EOF basic type 52, 54 ALIGN basic type 56, 58 register - host to device FIS 60 command field 62, 68 FIS category Detector 64, 70 ΑΤΑ command filter 66, 72 FIFO buffer 74 SATA-to-IDE protocol translator 76 IDE signal interface April 27, 1999 correction replacement 26
Claims (1)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/282,175 US7900057B2 (en) | 2000-11-03 | 2005-11-18 | Cryptographic serial ATA apparatus and method |
Publications (2)
Publication Number | Publication Date |
---|---|
TW200720936A TW200720936A (en) | 2007-06-01 |
TWI330320B true TWI330320B (en) | 2010-09-11 |
Family
ID=38051464
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW95108844A TWI330320B (en) | 2005-11-18 | 2006-03-15 | Cryptographic serial ata apparatus and method |
Country Status (4)
Country | Link |
---|---|
JP (1) | JP4762861B2 (en) |
CN (1) | CN101008931B (en) |
CA (1) | CA2567219C (en) |
TW (1) | TWI330320B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105468983B (en) * | 2015-11-17 | 2020-01-03 | 北京华大智宝电子系统有限公司 | Data transmission method and device based on SATA interface |
CN112416830B (en) * | 2020-12-09 | 2024-03-26 | 鸿秦(北京)科技有限公司 | NVME and SATA protocol conversion realization circuit |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1373461A (en) * | 2001-02-28 | 2002-10-09 | 伊诺瓦科技股份有限公司 | Encrypting-decrypting device for data storage |
JP2003271487A (en) * | 2002-03-12 | 2003-09-26 | Nec Corp | Communication system, gateway device and gateway program |
EP1540957A4 (en) * | 2002-04-30 | 2009-07-08 | Gen Dynamics Advanced Inf Sys | Method and apparatus for in-line serial data encryption |
US7248696B2 (en) * | 2002-09-12 | 2007-07-24 | International Business Machines Corporation | Dynamic system bus encryption using improved differential transitional encoding |
-
2006
- 2006-03-15 TW TW95108844A patent/TWI330320B/en active
- 2006-11-06 CA CA2567219A patent/CA2567219C/en active Active
- 2006-11-13 JP JP2006306383A patent/JP4762861B2/en active Active
- 2006-11-17 CN CN2006101624794A patent/CN101008931B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CA2567219A1 (en) | 2007-05-18 |
TW200720936A (en) | 2007-06-01 |
CA2567219C (en) | 2013-01-22 |
CN101008931B (en) | 2010-05-26 |
JP4762861B2 (en) | 2011-08-31 |
CN101008931A (en) | 2007-08-01 |
JP2007143149A (en) | 2007-06-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11876785B2 (en) | System and method for routing-based internet security | |
US7900057B2 (en) | Cryptographic serial ATA apparatus and method | |
EP2082199B1 (en) | A data storage device and method | |
CN108701191B (en) | Data processing device and method for verifying the integrity of a data processing device | |
CN104156677B (en) | FPGA-based hard disk encryption and decryption system | |
TW201023047A (en) | Method and apparatus for the secure processing of confidential content within a virtual machine of a processor | |
TWI377467B (en) | Method and system for remotely debugging a failed computer machine | |
CN110289947A (en) | Data transmit consistency desired result method, apparatus, computer equipment and storage medium | |
CN107612683A (en) | A kind of encipher-decipher method, device, system, equipment and storage medium | |
JP2012044577A5 (en) | ||
TWI330320B (en) | Cryptographic serial ata apparatus and method | |
KR101043255B1 (en) | Usb hub device for providing datasecurity and method for providing datasecurity using the same | |
CN107861892A (en) | A kind of method and terminal for realizing data processing | |
JP2007233993A (en) | Data transfer control device and electronic apparatus | |
CN205176854U (en) | Mobile terminal application software encryption device and applied mobile terminal who has device | |
CN112860275B (en) | Software and hardware cooperative encryption circuit and method for embedded computer | |
CN107277579A (en) | Information encipher-decipher method and set top box | |
TW200820711A (en) | Electronic apparatus and method for decryption, electronic apparatus and method for inputting password encryption, and electronic system with a password | |
CN207541651U (en) | Encrypted u disk | |
TW202407562A (en) | Secure cryptographic coprocessor | |
JP2024515450A (en) | Read-Only Memory (ROM) Security | |
CN202018657U (en) | Encrypting system for mobile storage equipment | |
CN112860275A (en) | Software and hardware cooperative encryption circuit and method for embedded computer | |
Lanz | High assurance cryptographic interface | |
COWART | AN IMPLEMENTATION AND EXPERIMENTAL EVALUATION OF HARDWARE ACCELERATED CIPHERS IN ALL-PROGRAMMABLE SoCs ON EMBEDDED AND WORKSTATION COMPUTER PLATFORMS |