TWI690805B - Card activation device and methods for authenticating and activating a data storage device by using a card activation device - Google Patents

Card activation device and methods for authenticating and activating a data storage device by using a card activation device Download PDF

Info

Publication number
TWI690805B
TWI690805B TW107140756A TW107140756A TWI690805B TW I690805 B TWI690805 B TW I690805B TW 107140756 A TW107140756 A TW 107140756A TW 107140756 A TW107140756 A TW 107140756A TW I690805 B TWI690805 B TW I690805B
Authority
TW
Taiwan
Prior art keywords
data storage
storage device
data
card opening
control unit
Prior art date
Application number
TW107140756A
Other languages
Chinese (zh)
Other versions
TW202006558A (en
Inventor
王德凱
黃興郎
Original Assignee
慧榮科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 慧榮科技股份有限公司 filed Critical 慧榮科技股份有限公司
Priority to CN201910445472.0A priority Critical patent/CN110781532B/en
Priority to US16/505,159 priority patent/US11157181B2/en
Publication of TW202006558A publication Critical patent/TW202006558A/en
Application granted granted Critical
Publication of TWI690805B publication Critical patent/TWI690805B/en

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

A card activation device, for authenticating and activating a data storage device, includes a first control unit and a central control unit. The first control unit is coupled to the data storage device via a first interface. The central control unit is coupled to the first control unit via a system bus. In response to a first control command received from an electronic device, the central control unit is configured to provide first authentication data to the first control unit via the system bus and the first authentication data is transmitted to the data storage device by the first control unit via the first interface. After the first authentication data is transmitted to the data storage device, the central control unit is configured to provide second authentication data to the first control unit via a system bus in response to a second control command received from the electronic device, and the second authentication data is transmitted to the data storage device by the first control unit via the first interface. After transmission of the first authentication data is finished, the card activation device enters a fully locked stage. In the fully locked stage, the central control unit is configured to perform an authentication procedure of the data storage device. Before the central control unit determines that the data storage device is authorized, the central control unit is not allowed to transmit any data to the data storage device.

Description

開卡裝置及利用開卡裝置驗證並且啟用一資料儲存裝置之方法 Card opening device and method for verifying and activating a data storage device using the card opening device

本發明係有關於一種啟用一資料儲存裝置之裝置與方法,特別有關於一種利用一開卡裝置驗證並且啟用資料儲存裝置之方法。 The present invention relates to a device and method for enabling a data storage device, and in particular to a method for verifying and activating a data storage device using a card opening device.

隨著資料儲存裝置的科技在近幾年快速地成長,許多資料儲存裝置,如符合安全數位卡(Secure Digital Memory Card縮寫為SD)/多媒體記憶卡(Multimedia Memory Card,縮寫為MMC)規格、CF規格、MS規格與XD規格的記憶卡、固態硬碟、嵌入式多媒體記憶卡(embedded Multi Media Card,縮寫為eMMC)以及通用快閃記憶體儲存(Universal Flash Storage,縮寫為UFS)已經廣泛地被應用在多種用途上。 As the technology of data storage devices has grown rapidly in recent years, many data storage devices, such as the Secure Digital Memory Card (abbreviated as SD)/Multimedia Memory Card (MMC) specification, CF Memory cards, solid state drives, embedded Multi Media Card (abbreviated as eMMC) and Universal Flash Storage (Universal Flash Storage, abbreviated as UFS) of the specifications, MS specifications and XD specifications have been widely used Used in multiple applications.

一般而言,於資料儲存裝置的量產階段,需載入裝置韌體,以啟用資料儲存裝置。其中裝置韌體通常根據客戶需求而設計,因此,通常不會在晶片封裝時預先寫入內部的記憶體裝置,而是會在量產階段才被載入。為了能更有效率且更安全的載入裝置韌體,需要一種新穎的啟用資料儲存裝置之裝置與方法。 Generally speaking, in the mass production stage of the data storage device, the device firmware needs to be loaded to enable the data storage device. The device firmware is usually designed according to customer needs. Therefore, it is usually not pre-written into the internal memory device when the chip is packaged, but it is only loaded during the mass production stage. In order to load the device firmware more efficiently and safely, a novel device and method for enabling a data storage device is needed.

根據本發明之一實施例,一種開卡裝置,用以驗證並啟用一資料儲存裝置,包括一第一控制單元以及一中央控制單元。 第一控制單元透過一第一介面耦接至資料儲存裝置。中央控制單元透過一系統匯流排耦接至第一控制單元。中央控制單元因應自一電子裝置接收之一第一控制指令將一第一驗證資料透過系統匯流排提供至第一控制單元,並且由第一控制單元透過第一介面將第一驗證資料傳送至資料儲存裝置。於第一驗證資料被傳送至資料儲存裝置後,中央控制單元因應自電子裝置接收之一第二控制指令將一第二驗證資料透過系統匯流排提供至第一控制單元,並且由第一控制單元透過第一介面將第二驗證資料傳送至資料儲存裝置。於第二驗證資料之傳送被執行後,經由中央控制單元之控制使開卡裝置進入一完全鎖定階段,於完全鎖定階段,中央控制單元執行資料儲存裝置之一驗證程序,並且於中央控制單元判斷資料儲存裝置通過驗證程序前,中央控制單元不被允許將任何資料傳送給資料儲存裝置。 According to an embodiment of the invention, a card opening device for verifying and activating a data storage device includes a first control unit and a central control unit. The first control unit is coupled to the data storage device through a first interface. The central control unit is coupled to the first control unit through a system bus. The central control unit provides a first verification data to the first control unit through the system bus in response to a first control command received from an electronic device, and the first control unit transmits the first verification data to the data through the first interface Storage device. After the first verification data is sent to the data storage device, the central control unit provides a second verification data to the first control unit through the system bus in response to a second control command received from the electronic device, and the first control unit Send the second verification data to the data storage device through the first interface. After the transfer of the second verification data is performed, the card opening device enters a completely locked phase under the control of the central control unit. During the completely locked phase, the central control unit executes a verification procedure of the data storage device, and the central control unit determines Before the data storage device passes the verification procedure, the central control unit is not allowed to send any data to the data storage device.

根據本發明之一實施例,一種利用一開卡裝置驗證並且啟用一資料儲存裝置之方法,包括:因應自一電子裝置接收之一第一控制指令將一第一驗證資料傳送至資料儲存裝置;於第一驗證資料被傳送至資料儲存裝置後,因應自電子裝置接收之一第二控制指令將一第二驗證資料傳送至資料儲存裝置;於第二驗證資料之傳送被執行後,控制開卡裝置運作於一完全鎖定階段,其中於完全鎖定階段,在開卡裝置判斷該資料儲存裝置通過一驗證程序前,開卡裝置與資料儲存裝置之間不允許資料傳輸;執行資料儲存裝置之驗證程序,以判斷資料儲存裝置是否通過驗證程序;於判斷資料儲 存裝置通過驗證程序後,控制開卡裝置運作於一解鎖階段;以及於解鎖階段,開卡裝置自電子裝置接收一第三控制指令與資料儲存裝置之一裝置韌體,並且因應第三控制指令將該裝置韌體傳送至資料儲存裝置,以啟用資料儲存裝置。 According to an embodiment of the invention, a method for verifying and activating a data storage device using a card opening device includes: transmitting a first verification data to the data storage device in response to a first control command received from an electronic device; After the first verification data is transmitted to the data storage device, a second verification data is transmitted to the data storage device in response to a second control command received from the electronic device; after the second verification data transmission is performed, the card opening is controlled The device operates in a completely locked stage. In the fully locked stage, before the card opening device judges that the data storage device passes a verification procedure, data transmission is not allowed between the card opening device and the data storage device; the verification procedure of the data storage device is performed To determine whether the data storage device has passed the verification procedure; After the storage device passes the verification procedure, the card opening device is controlled to operate in an unlocking phase; and in the unlocking phase, the card opening device receives a third control command from the electronic device and the firmware of one of the data storage devices, and responds to the third control command Send the device firmware to the data storage device to activate the data storage device.

21A:中央控制單元 21A: Central control unit

21B:UFS控制單元 21B: UFS control unit

100:資料儲存裝置 100: data storage device

110:記憶體控制器 110: memory controller

112:微處理器 112: Microprocessor

112M:唯讀記憶體 112M: read-only memory

112C:程式碼 112C: Code

114:控制邏輯 114: control logic

116:緩衝記憶體 116: Buffer memory

118:介面邏輯 118: Interface logic

120:記憶體裝置 120: Memory device

130:主機裝置 130: Host device

132:編碼器 132: Encoder

134:解碼器 134: decoder

140:處理器 140: processor

200:開卡裝置 200: card opening device

210:主要部分 210: main part

211:USB實體層電路單元 211: USB physical layer circuit unit

212:USB MAC層電路單元 212: USB MAC layer circuit unit

213、CPU:中央處理單元 213. CPU: Central Processing Unit

214、ROM:唯讀記憶體 214, ROM: read-only memory

215、DMA裝置:直接記憶體存取裝置 215. DMA device: direct memory access device

216、SRAM:靜態隨機存取記憶體 216. SRAM: static random access memory

217:UFS主機控制器 217: UFS host controller

218:UniPRO電路單元 218: UniPRO circuit unit

219:M-PHY層電路單元 219: M-PHY layer circuit unit

220:SD主機控制器 220: SD host controller

221:eMMC主機控制器 221: eMMC host controller

222:系統匯流排 222: System bus

230:記憶體裝置 230: memory device

Interface_1、Interface_2、Interface_3、Interface_4、Interface_5:介面 Interface_1, Interface_2, Interface_3, Interface_4, Interface_5: Interface

Tiny_code:程式碼 Tiny_code: code

第1圖係顯示根據本發明之一實施例所述之資料儲存裝置的示意圖。 FIG. 1 is a schematic diagram showing a data storage device according to an embodiment of the invention.

第2圖係顯示根據本發明之一實施例所述之一開卡裝置範例方塊圖。 FIG. 2 is a block diagram showing an example of a card opening device according to an embodiment of the invention.

第3圖係顯示根據本發明之一實施例所述之一電子裝置系統架構。 FIG. 3 shows an electronic device system architecture according to an embodiment of the invention.

第4圖係顯示根據本發明之一實施例所述之利用一開卡裝置驗證並且啟用一資料儲存裝置之方法流程圖。 FIG. 4 is a flowchart of a method for verifying and activating a data storage device using a card opening device according to an embodiment of the invention.

第5圖係顯示根據本發明之第一實施例所述之利用開卡裝置驗證並且啟用一資料儲存裝置之訊息流程圖。 FIG. 5 is a message flow diagram illustrating verification and activation of a data storage device using a card opening device according to the first embodiment of the present invention.

第6圖係顯示根據本發明之第二實施例所述之利用開卡裝置驗證並且啟用一資料儲存裝置之訊息流程圖。 FIG. 6 is a message flow diagram illustrating verification and activation of a data storage device using a card opening device according to a second embodiment of the invention.

第7圖係顯示根據本發明之第三實施例所述之利用開卡裝置驗證並且啟用一資料儲存裝置之訊息流程圖。 FIG. 7 is a message flow diagram illustrating verification and activation of a data storage device using a card opening device according to a third embodiment of the present invention.

為讓本發明之目的、特徵和優點能更明顯易懂,下文特舉出本發明之具體實施例,並配合所附圖式,作詳細說明如下。目的在於說明本發明之精神而非用以限定本發明之保護範圍,應理 解下列實施例可經由軟體、硬體、韌體、或上述任意組合來實現。 In order to make the purpose, features and advantages of the present invention more obvious and understandable, specific embodiments of the present invention are specifically listed below, and in conjunction with the accompanying drawings, detailed descriptions are as follows. The purpose is to illustrate the spirit of the present invention and not to limit the scope of protection of the present invention. The following embodiments can be implemented by software, hardware, firmware, or any combination of the above.

第1圖係顯示根據本發明之一實施例所述之資料儲存裝置100的示意圖。資料儲存裝置100包括一記憶體裝置120,例如,一NAND型快閃記憶體(NAND Flash Memory)模組,以及一記憶體控制器110,且記憶體控制器110用來存取(Access)記憶體裝置120。根據本發明一實施例,記憶體控制器110包含一微處理器112、一唯讀記憶體(Read Only Memory,ROM)112M、一控制邏輯114、一緩衝記憶體116、與一介面邏輯118。唯讀記憶體112M係用來儲存一程式碼112C,而微處理器112則用來執行程式碼112C以控制對記憶體裝置120之存取。控制邏輯114包含了一編碼器132以及一解碼器134。編碼器132用來對寫入到記憶體裝置120中的資料進行編碼以產生對應的校驗碼(或稱,錯誤更正碼(Error Correction Code),ECC)。解碼器134用來對從記憶體裝置120所讀出的資料進行解碼。 FIG. 1 is a schematic diagram of a data storage device 100 according to an embodiment of the invention. The data storage device 100 includes a memory device 120, for example, a NAND flash memory (NAND Flash Memory) module, and a memory controller 110, and the memory controller 110 is used to access memory体装置120。 Body device 120. According to an embodiment of the present invention, the memory controller 110 includes a microprocessor 112, a read only memory (Read Only Memory, ROM) 112M, a control logic 114, a buffer memory 116, and an interface logic 118. The read-only memory 112M is used to store a program code 112C, and the microprocessor 112 is used to execute the program code 112C to control access to the memory device 120. The control logic 114 includes an encoder 132 and a decoder 134. The encoder 132 is used to encode the data written into the memory device 120 to generate a corresponding check code (or Error Correction Code (ECC)). The decoder 134 is used to decode the data read from the memory device 120.

於典型狀況下,記憶體裝置120包含了多個快閃記憶體晶片,而每一個快閃記憶體晶片包含複數個記憶體區塊(Block),而控制器(例如,透過微處理器112執行程式碼112C之記憶體控制器110)對記憶體裝置120進行抹除資料運作係以區塊為單位來進行。另外,一記憶體區塊可記錄(包含)特定數量的資料頁(Page),其中該控制器(例如,透過微處理器112執行程式碼112C之記憶體控制器110)對記憶體裝置120進行寫入資料之運作係以資料頁為單位來進行寫入。 Under typical conditions, the memory device 120 includes a plurality of flash memory chips, and each flash memory chip includes a plurality of memory blocks (Block), and the controller (for example, through the microprocessor 112 executes The memory controller 110 of the program code 112C) erases data on the memory device 120 in units of blocks. In addition, a memory block can record (include) a specific number of data pages (Page), in which the controller (for example, the memory controller 110 that executes the program code 112C through the microprocessor 112) performs operations on the memory device 120 The operation of writing data is to write data in units of data pages.

實作上,透過微處理器112執行程式碼112C之記憶體控制器110可利用其本身內部之元件來進行諸多控制運作,例 如:利用控制邏輯114來控制記憶體裝置120之存取運作(尤其是對至少一區塊或至少一資料頁之存取運作)、利用緩衝記憶體116進行所需之緩衝處理、以及利用介面邏輯118來與一主機裝置(Host Device)130溝通。緩衝記憶體116係以隨機存取記憶體(Random Access Memory,RAM)來實施。例如,緩衝記憶體116可以是靜態隨機存取記憶體(Static RAM,SRAM),但本發明不限於此。 In practice, the memory controller 110 that executes the program code 112C through the microprocessor 112 can use its own internal components to perform many control operations, for example For example, the control logic 114 is used to control the access operation of the memory device 120 (especially the access operation of at least one block or at least one data page), the buffer memory 116 is used for required buffer processing, and the interface is used The logic 118 communicates with a host device (Host Device) 130. The buffer memory 116 is implemented by random access memory (Random Access Memory, RAM). For example, the buffer memory 116 may be static random access memory (Static RAM, SRAM), but the invention is not limited thereto.

一般而言,主機裝置130可對資料儲存裝置100發出指令,例如,讀取指令或寫入指令,用以存取記憶體裝置120所儲存之資料,或者進一步控制、管理資料儲存裝置100。資料儲存裝置100可被配置於一數位相機、一手機、一消費型電子裝置、或其他。在一實施例中,資料儲存裝置100可以是可攜式記憶體裝置(例如:符合SD/MMC、CF、MS、XD標準之記憶卡),且主機裝置130為一可與資料儲存裝置連接的電子裝置。而在另一實施例中,資料儲存裝置100可以是固態硬碟或符合通用快閃記憶體儲存(Universal Flash Storage,UFS)或嵌入式多媒體記憶卡(Embedded Multi Media Card,EMMC)規格之嵌入式儲存裝置,以設置在一電子裝置中,而此時主機裝置130可以是該電子裝置的一處理器或者可與資料儲存裝置連接的另一電子裝置。其中,UFS和eMMC是目前常見的快閃記憶體規範,可為快閃記憶體快閃記憶體帶來更高的資料傳輸速度和更高的可靠性。 In general, the host device 130 can issue commands to the data storage device 100, for example, read commands or write commands, to access data stored in the memory device 120, or to further control and manage the data storage device 100. The data storage device 100 may be configured in a digital camera, a mobile phone, a consumer electronic device, or others. In one embodiment, the data storage device 100 may be a portable memory device (for example: a memory card conforming to SD/MMC, CF, MS, XD standards), and the host device 130 is a device that can be connected to the data storage device Electronic device. In another embodiment, the data storage device 100 may be a solid-state hard drive or an embedded device that conforms to Universal Flash Storage (UFS) or Embedded Multi Media Card (EMMC) specifications. The storage device may be provided in an electronic device, and the host device 130 may be a processor of the electronic device or another electronic device connectable to the data storage device. Among them, UFS and eMMC are currently common flash memory specifications, which can bring higher data transmission speed and higher reliability to flash memory flash memory.

如上述,於資料儲存裝置100的量產階段,需載入裝置韌體,以啟用資料儲存裝置100。一般而言,裝置韌體的載入可透過與資料儲存裝置100連接的主機裝置130完成。此時,與資 料儲存裝置100連接的主機裝置130可以是一開卡裝置或者一讀卡機(card reader)。 As described above, in the mass production stage of the data storage device 100, the device firmware needs to be loaded to activate the data storage device 100. Generally speaking, the loading of the device firmware can be done by the host device 130 connected to the data storage device 100. At this time, with the capital The host device 130 connected to the material storage device 100 may be a card opening device or a card reader.

第2圖係顯示根據本發明之一實施例所述之一開卡裝置範例方塊圖。於本發明之實施例中,開卡裝置200可以是如第1圖所示之主機裝置130,透過一既定介面與資料儲存裝置100連接,用以驗證資料儲存裝置100,並且於確認資料儲存裝置100通過驗證後,將資料儲存裝置100所需之裝置韌體載入資料儲存裝置100。 FIG. 2 is a block diagram showing an example of a card opening device according to an embodiment of the invention. In the embodiment of the present invention, the card opening device 200 may be the host device 130 shown in FIG. 1, which is connected to the data storage device 100 through a predetermined interface to verify the data storage device 100 and confirm the data storage device After 100 is verified, the device firmware required by the data storage device 100 is loaded into the data storage device 100.

根據本發明之一實施例,開卡裝置200可包括一主要部分210與一外部記憶體裝置230,其中外部記憶體裝置230係配置於主要部分210的外部。根據本發明之一實施例,開卡裝置200可包括一第一介面Interface_1。開卡裝置透過介面Interface_1並使用一標準通訊協定與處理器140溝通,標準通訊協定可以是,例如,(通用序列匯流排(Universal Serial Bus,縮寫為USB)之通訊協定、高技術組態(Advanced Technology Attachment,縮寫為ATA)之通訊協定、序列高技術組態(Serial ATA,縮寫為SATA)之通訊協定、快捷外設互聯標準(Peripheral Component Interconnect-Express,縮寫為PCI-E)之通訊協定、或其他。根據本發明之一實施例,開卡裝置200可包括一USB實體層電路單元211與一USB媒體存取控制(Media Access Control,縮寫為MAC)層電路單元212,用以依循USB之通訊協定執行不同層的資料處理。 According to an embodiment of the invention, the card opening device 200 may include a main part 210 and an external memory device 230, wherein the external memory device 230 is disposed outside the main part 210. According to an embodiment of the invention, the card opening device 200 may include a first interface Interface_1. The card opening device communicates with the processor 140 through the interface Interface_1 and uses a standard communication protocol. The standard communication protocol may be, for example, a communication protocol (Universal Serial Bus (USB)), a high-tech configuration (Advanced Technology Attachment (abbreviated as ATA) communication protocol, Serial High Technology Configuration (Serial ATA, abbreviated as SATA) communication protocol, Express Peripheral Component Interconnect-Express (abbreviated as PCI-E) communication protocol, Or other. According to an embodiment of the invention, the card opening device 200 may include a USB physical layer circuit unit 211 and a USB media access control (Media Access Control, abbreviated as MAC) layer circuit unit 212 to follow the USB The communication protocol performs data processing at different layers.

開卡裝置200可更包括一中央控制單元21A。中央控制單元21A包括一中央處理單元(Central Processing Unit,縮 寫為CPU)213、一唯讀記憶體(Read Only Memory,縮寫為ROM)214、一直接記憶體存取(Direct Memory Access,縮寫為DMA)裝置215、以及一靜態隨機存取記憶體(Static Random Access Memory,縮寫為SRAM)216。根據本發明之一實施例,開卡裝置200可包括一第二介面Interface_2。開卡裝置透過介面Interface_2並使用一標準通訊協定與外部記憶體裝置230溝通,標準通訊協定可以是,例如,積體電路匯流排(Inter-Integrated Circuit Bus,縮寫為I2C)、串列週邊介面(Serial Peripheral Interface,縮寫為SPI)、或其他。ROM 214用以儲存開機程式碼(boot code),而外部記憶體裝置230則用以儲存在系統程式設計(In-system programming,縮寫為ISP)或在電路程式設計(In-circuit programming,縮寫為ICP)的程式碼。 當開卡裝置200被供電後,中央處理單元213可執行ROM 214所儲存之開機程式碼,用以初始化開卡裝置200,並且自外部記憶體裝置230讀取ISP程式碼,並將之載入SRAM 216,接著執行ISP程式碼,用以根據ISP程式碼所編譯的內容提供既定的功能。中央控制單元21A可透過系統匯流排222與UFS控制單元21B、SD控制單元以及eMMC控制單元溝通。UFS控制單元21B透過第三介面Interface_3與外部之UFS裝置溝通,其中介面Interface_3可以是UFS介面。SD控制單元透過第四介面Interface_4與外部之SD卡溝通,其中介面Interface_4可以是SD介面。eMMC控制單元透過第五介面Interface_5與外部之eMMC卡溝通,其中介面Interface_5可以是eMMC介面。 The card opening device 200 may further include a central control unit 21A. The central control unit 21A includes a central processing unit (Central Processing Unit, Written as CPU) 213, a read-only memory (Read Only Memory, abbreviated as ROM) 214, a direct memory access (Direct Memory Access, abbreviated as DMA) device 215, and a static random access memory (Static Random Access Memory, abbreviated as SRAM) 216. According to an embodiment of the invention, the card opening device 200 may include a second interface Interface_2. The card opening device communicates with the external memory device 230 through the interface Interface_2 and uses a standard communication protocol. The standard communication protocol may be, for example, an integrated circuit bus (Inter-Integrated Circuit Bus, abbreviated as I2C), a serial peripheral interface ( Serial Peripheral Interface (abbreviated as SPI), or other. The ROM 214 is used to store the boot code, and the external memory device 230 is used to store in-system programming (abbreviated as ISP) or in-circuit programming (abbreviated as ICP) code. After the card opening device 200 is powered, the central processing unit 213 can execute the boot code stored in the ROM 214 to initialize the card opening device 200, and read the ISP code from the external memory device 230 and load it The SRAM 216 then executes the ISP code to provide a predetermined function according to the content compiled by the ISP code. The central control unit 21A can communicate with the UFS control unit 21B, the SD control unit, and the eMMC control unit through the system bus 222. The UFS control unit 21B communicates with an external UFS device through a third interface Interface_3, where the Interface_3 may be a UFS interface. The SD control unit communicates with the external SD card through the fourth interface Interface_4, where the Interface_4 may be an SD interface. The eMMC control unit communicates with the external eMMC card through the fifth interface Interface_5, where the interface_5 can be an eMMC interface.

UFS控制單元21B可包括一UFS主機控制器217、 一移動產業處理器介面(Mobile Industry Processor Interface,縮寫為MIPI)標準化通訊協定(UniPRO)電路單元218以及MIPI實體(M-PHY)層電路單元219。UFS主機控制器217可透過系統匯流排222自中央處理單元213接收指令,例如讀取/寫入指令,以及接收資料,並且依循UFS通訊協定將接收到的指令及資料轉換為既定的格式。UniPRO電路單元218與M-PHY層電路單元219用以依循UFS通訊協定執行不同層(例如,資料連結層與實體層)的資料處理。於格式轉換及處理後,指令與資料會被透過介面Interface_3被傳送至外部之UFS裝置。 The UFS control unit 21B may include a UFS host controller 217, A Mobile Industry Processor Interface (Mobile Industry Processor Interface, MIPI) standardized communication protocol (UniPRO) circuit unit 218 and MIPI physical (M-PHY) layer circuit unit 219. The UFS host controller 217 can receive commands from the central processing unit 213 through the system bus 222, such as read/write commands and receive data, and convert the received commands and data into a predetermined format according to the UFS communication protocol. The UniPRO circuit unit 218 and the M-PHY layer circuit unit 219 are used to perform data processing in different layers (for example, the data connection layer and the physical layer) according to the UFS communication protocol. After format conversion and processing, commands and data will be sent to the external UFS device through Interface_3.

SD控制單元可包括一SD主機控制器220。SD主機控制器220可透過系統匯流排222自中央處理單元213接收指令,例如讀取/寫入指令,以及接收資料,並且依循SD通訊協定將接收到的指令及資料轉換為既定的格式。於格式轉換及處理後,指令與資料會被透過介面Interface_4被傳送至外部之SD裝置。 eMMC控制單元可包括一eMMC主機控制器221。eMMC主機控制器221可透過系統匯流排222自中央處理單元213接收指令,例如讀取/寫入指令,以及接收資料,並且依循eMMC通訊協定將接收到的指令及資料轉換為既定的格式。於格式轉換及處理後,指令與資料會被透過介面Interface_5被傳送至外部之eMMC裝置。 The SD control unit may include an SD host controller 220. The SD host controller 220 can receive commands from the central processing unit 213 through the system bus 222, such as read/write commands and receive data, and convert the received commands and data into a predetermined format according to the SD communication protocol. After format conversion and processing, the commands and data will be sent to the external SD device through Interface_4. The eMMC control unit may include an eMMC host controller 221. The eMMC host controller 221 can receive commands from the central processing unit 213 through the system bus 222, such as read/write commands and receive data, and convert the received commands and data into a predetermined format according to the eMMC communication protocol. After format conversion and processing, commands and data will be sent to external eMMC devices through Interface_5.

第3圖係顯示根據本發明之一實施例所述之一電子裝置系統架構。電子裝置系統可包括資料儲存裝置100、開卡裝置200與處理器140。資料儲存裝置100可包括記憶體控制器110與記憶體裝置120。開卡裝置200與資料儲存裝置100可透過上述之 既定介面溝通,既定介面可以是一快閃記憶體介面,例如一UFS介面或eMMC介面。此時,資料儲存裝置100可以是UFS裝置或eMMC裝置。 FIG. 3 shows an electronic device system architecture according to an embodiment of the invention. The electronic device system may include a data storage device 100, a card opening device 200, and a processor 140. The data storage device 100 may include a memory controller 110 and a memory device 120. The card opening device 200 and the data storage device 100 can pass the above Communication with a predetermined interface. The predetermined interface can be a flash memory interface, such as a UFS interface or eMMC interface. At this time, the data storage device 100 may be a UFS device or an eMMC device.

根據本發明之一實施例,開卡裝置200(或上述的主機裝置130)可為主機端用以啟用資料儲存裝置100之一硬體裝置。 舉例而言,如上述,開卡裝置200可於資料儲存裝置的量產階段驗證資料儲存裝置100,並且於驗證後啟用資料儲存裝置100。啟用流程也可被稱為開卡流程,用以將對應之裝置韌體載入資料儲存裝置100,以啟用資料儲存裝置100。開卡裝置200可如上述透過一介面並使用一標準通訊協定與處理器140溝通。處理器140可以是另一電子裝置,例如,一電腦裝置,之處理器。根據本發明之一實施例,處理器140可發出指令用以控制上述開卡流程。因應自處理器140接收到的指令,開卡裝置200可傳送對應之指令(例如,UFC或eMMC等指令)以及資料至記憶體控制器110,以及自記憶體控制器110接收訊息。 According to an embodiment of the present invention, the card opening device 200 (or the host device 130 described above) may be a hardware device used by the host to activate the data storage device 100. For example, as described above, the card opening device 200 may verify the data storage device 100 during the mass production stage of the data storage device, and activate the data storage device 100 after verification. The activation process may also be referred to as a card opening process, which is used to load the corresponding device firmware into the data storage device 100 to activate the data storage device 100. The card opening device 200 can communicate with the processor 140 through an interface and using a standard communication protocol as described above. The processor 140 may be another electronic device, for example, a processor of a computer device. According to an embodiment of the invention, the processor 140 may issue instructions to control the card opening process. In response to the commands received from the processor 140, the card opening device 200 may send corresponding commands (such as UFC or eMMC commands) and data to the memory controller 110, and receive messages from the memory controller 110.

參考回第2圖,根據本發明之一實施例,於開卡裝置200被供電後,經由中央控制單元21A之控制(例如,經由中央控制單元21A之中央處理單元213之控制),開卡裝置200會進入一第一鎖定階段。於第一鎖定階段,中央控制單元21A(或對應之開卡裝置200)僅被允許對資料儲存裝置100執行至多一第一既定次數之資料傳輸。此外,於第一鎖定階段中,可被允許傳送至資料儲存裝置100之資料量亦可被限定為不超過一既定資料量。 Referring back to FIG. 2, according to one embodiment of the present invention, after the card opening device 200 is powered, it is controlled by the central control unit 21A (for example, by the central processing unit 213 of the central control unit 21A), the card opening device 200 will enter a first lock phase. In the first locking stage, the central control unit 21A (or the corresponding card opening device 200) is only allowed to perform at most a first predetermined number of data transmissions to the data storage device 100. In addition, in the first locking stage, the amount of data that can be allowed to be transferred to the data storage device 100 can also be limited to a predetermined amount of data.

中央控制單元21A可自處理器140(或對應之包含處理器140之電子裝置,以下亦同)接收一第一控制指令與第一驗 證資料。第一控制指令用以指示開卡裝置200將第一驗證資料傳送至資料儲存裝置100。 The central control unit 21A can receive a first control command and a first verification from the processor 140 (or corresponding electronic device including the processor 140, the same applies hereinafter) Information. The first control command is used to instruct the card opening device 200 to send the first verification data to the data storage device 100.

因應第一控制指令,中央控制單元21A將第一驗證資料透過系統匯流排222提供至另一控制單元,例如,UFS控制單元21B,並且由UFS控制單元21B經執行如上述對應之資料處理後透過對應之介面Interface_3將第一驗證資料傳送至資料儲存裝置100。於此實施例中,資料儲存裝置100是一UFS裝置。 In response to the first control instruction, the central control unit 21A provides the first verification data to another control unit through the system bus 222, for example, the UFS control unit 21B, and the UFS control unit 21B performs the corresponding data processing as described above through The corresponding interface Interface_3 sends the first verification data to the data storage device 100. In this embodiment, the data storage device 100 is a UFS device.

根據本發明之一實施例,第一驗證資料可以是包含用以產生加密資料之一程式碼Tiny_code,其為一筆小量的資料,用以輔助資料儲存裝置100於驗證程序產生對應之驗證回應資料。 According to an embodiment of the present invention, the first verification data may include a code Tiny_code for generating encrypted data, which is a small amount of data used to assist the data storage device 100 to generate corresponding verification response data during the verification process .

根據本發明之一實施例,於第一驗證資料被傳送至資料儲存裝置100後,經由中央控制單元21A之控制,開卡裝置200會進入一第二鎖定階段。於第二鎖定階段,中央控制單元21A(或對應之開卡裝置200)僅被允許對資料儲存裝置100執行至多一第二既定次數之資料傳輸。此外,於第二鎖定階段中,可被允許傳送至資料儲存裝置之資料量亦可被限定為不超過一既定資料量。 According to an embodiment of the present invention, after the first verification data is transmitted to the data storage device 100, under the control of the central control unit 21A, the card opening device 200 will enter a second locking stage. In the second locking stage, the central control unit 21A (or the corresponding card opening device 200) is only allowed to perform at most a second predetermined number of data transmissions to the data storage device 100. In addition, in the second locking stage, the amount of data that can be allowed to be transferred to the data storage device can also be limited to no more than a predetermined amount of data.

於第一驗證資料被傳送至資料儲存裝置100後,中央控制單元21A可自處理器140接收第二控制指令。第二控制指令用以指示開卡裝置200將第二驗證資料傳送至資料儲存裝置100,其中,第二驗證資料可以是由處理器140提供,或者由開卡裝置200所產生(以下將於不同實施中做更詳細的介紹)。 After the first verification data is sent to the data storage device 100, the central control unit 21A can receive the second control command from the processor 140. The second control instruction is used to instruct the card opening device 200 to send the second verification data to the data storage device 100, wherein the second verification data may be provided by the processor 140 or generated by the card opening device 200 (the following will be different More detailed introduction during implementation).

因應第二控制指令,中央控制單元21A將第二驗證資料透過系統匯流排222提供至對應之控制單元,例如,UFS控制 單元21B,並且由UFS控制單元21B經執行如上述對應之資料處理後透過對應之介面Interface_3將第二驗證資料傳送至資料儲存裝置100。 In response to the second control command, the central control unit 21A provides the second verification data to the corresponding control unit through the system bus 222, for example, UFS control Unit 21B, and the UFS control unit 21B performs the corresponding data processing as described above, and then transmits the second verification data to the data storage device 100 through the corresponding interface Interface_3.

於第二驗證資料之傳送被執行後,開卡裝置200會等待資料儲存裝置100回傳對應的驗證回應資料。待接收驗證回應資料後,中央控制單元21A根據驗證回應資料執行資料儲存裝置100之一驗證程序。根據本發明之一實施例,於第二驗證資料之傳送被執行後,經由中央控制單元21A之控制,開卡裝置200會進入一完全鎖定階段。於完全鎖定階段,在判斷資料儲存裝置100通過驗證程序前,中央控制單元21A不被允許再將任何資料傳送給資料儲存裝置100。 After the transfer of the second verification data is performed, the card opening device 200 will wait for the data storage device 100 to return the corresponding verification response data. After receiving the verification response data, the central control unit 21A executes a verification procedure of the data storage device 100 according to the verification response data. According to an embodiment of the present invention, after the transfer of the second verification data is performed, the card opening device 200 enters a completely locked stage under the control of the central control unit 21A. In the fully locked stage, before determining that the data storage device 100 passes the verification procedure, the central control unit 21A is not allowed to send any more data to the data storage device 100.

於判斷資料儲存裝置100通過驗證程序後,經由中央控制單元21A之控制,開卡裝置200進入一解鎖階段,於解鎖階段,中央控制單元21A自處理器140接收一第三控制指令與資料儲存裝置100之一裝置韌體。因應第三控制指令,中央控制單元21A將裝置韌體透過系統匯流排222提供至對應之控制單元,例如,UFS控制單元21B,並且由UFS控制單元21B經執行如上述對應之資料處理後透過對應之介面Interface_3將裝置韌體傳送至資料儲存裝置100,以啟用資料儲存裝置100。 After determining that the data storage device 100 passes the verification procedure, the card opening device 200 enters an unlocking stage under the control of the central control unit 21A. During the unlocking stage, the central control unit 21A receives a third control command and data storage device from the processor 140 One of 100 device firmware. In response to the third control command, the central control unit 21A provides the device firmware to the corresponding control unit through the system bus 222, for example, the UFS control unit 21B, and the UFS control unit 21B performs the corresponding data processing as described above and then transmits the corresponding Interface_3 sends the device firmware to the data storage device 100 to activate the data storage device 100.

第4圖係顯示根據本發明之一實施例所述之利用一開卡裝置驗證並且啟用一資料儲存裝置之方法流程圖。值得注意的是,於本發明之實施例中,開卡裝置亦可被稱為主機裝置,例如,第1圖所示之主機裝置130。首先,開卡裝置可因應自一電子裝置接收之第一控制指令將第一驗證資料傳送至資料儲存裝置(步驟 S402)。接著,於第一驗證資料被傳送至資料儲存裝置後,開卡裝置可因應自電子裝置接收之第二控制指令將第二驗證資料傳送至資料儲存裝置(步驟S404)。接著,於第二驗證資料之傳送被執行後,控制開卡裝置運作於一完全鎖定階段(步驟S406),並且執行資料儲存裝置之一驗證程序(步驟S408)。接著,開卡裝置判斷資料儲存裝置是否通過驗證程序(步驟S410)。若是,控制開卡裝置運作於一解鎖階段,使開卡裝置可因應自電子裝置接收之第三控制指令將裝置韌體傳送至資料儲存裝置,以啟用資料儲存裝置(步驟S412)。若否,則不進行解鎖,使開卡裝置持續運作於完全鎖定階段。由於於完全鎖定階段,直到判斷資料儲存裝置通過驗證程序前,開卡裝置不被允許將任何資料傳送給資料儲存裝置,因此,在判斷資料儲存裝置通過驗證程序前,開卡裝置不會將裝置韌體傳送給資料儲存裝置。換言之,無法通過驗證的資料儲存裝置便不會被啟用。 FIG. 4 is a flowchart of a method for verifying and activating a data storage device using a card opening device according to an embodiment of the invention. It should be noted that in the embodiment of the present invention, the card opening device may also be referred to as a host device, for example, the host device 130 shown in FIG. 1. First, the card opening device can send the first verification data to the data storage device in response to the first control command received from an electronic device (step S402). Then, after the first verification data is sent to the data storage device, the card opening device may send the second verification data to the data storage device in response to the second control command received from the electronic device (step S404). Then, after the transfer of the second verification data is performed, the card opening device is controlled to operate in a completely locked phase (step S406), and a verification procedure of the data storage device is performed (step S408). Next, the card opening device determines whether the data storage device passes the verification procedure (step S410). If so, the card opening device is controlled to operate in an unlocking stage, so that the card opening device can transmit the device firmware to the data storage device in response to the third control command received from the electronic device to activate the data storage device (step S412). If not, unlocking is not performed, so that the card opening device continues to operate in the completely locked stage. Since the card-opening device is not allowed to send any data to the data storage device until the data storage device passes the verification process during the complete lock phase, the card-opening device will not pass the device until the data storage device passes the verification process. The firmware is sent to the data storage device. In other words, data storage devices that cannot be verified will not be activated.

根據本發明之第一實施例,第二驗證資料包含由處理器140(或對應之包含處理器140之電子裝置,以下亦同)所選擇之一金鑰以及一加密方法。中央控制單元21A(或對應之開卡裝置200,以下亦同)自處理器140接收此第二驗證資料,並且於驗證程序中,中央控制單元21A進一步使用此金鑰以及加密方法計算一第一加密過的金鑰,並且比較第一加密過的金鑰與自資料儲存裝置100接收之一第二加密過的金鑰(即,驗證回應資料)是否相同,以及於第一加密過的金鑰與第二加密過的金鑰相同時,判斷資料儲存裝置通過驗證程序。 According to the first embodiment of the present invention, the second verification data includes a key and an encryption method selected by the processor 140 (or corresponding electronic device including the processor 140, the same applies hereinafter). The central control unit 21A (or the corresponding card opening device 200, the same below) receives the second verification data from the processor 140, and in the verification process, the central control unit 21A further uses the key and encryption method to calculate a first The encrypted key, and comparing whether the first encrypted key is the same as the second encrypted key (ie, the verification response data) received from the data storage device 100, and the first encrypted key When it is the same as the second encrypted key, it is determined that the data storage device passes the verification procedure.

第5圖係顯示根據本發明之第一實施例所述之利用開卡裝置驗證並且啟用一資料儲存裝置之訊息流程圖。第5圖顯示 出電子裝置(或其所包含之處理器140,以下亦同)、開卡裝置200/主機裝置130(或其所包含之中央控制單元21A,以下亦同)以及資料儲存裝置100(或其所包含之記憶體控制器110,以下亦同)之間的訊息流程。 FIG. 5 is a message flow diagram illustrating verification and activation of a data storage device using a card opening device according to the first embodiment of the present invention. Figure 5 shows Electronic device (or its processor 140, the same below), card opening device 200/host device 130 (or its central control unit 21A, the same below), and data storage device 100 (or its The message flow between the included memory controller 110, the same below).

根據本發明之一實施例,於開卡裝置200被供電後,開卡裝置進入一第一鎖定階段。在成功地被解鎖前,開卡裝置200僅被允許對資料儲存裝置100執行第一既定次數之資料傳輸,並且於各資料傳輸中可被傳送的資料量也被限定為不超過一既定資料量。 According to an embodiment of the present invention, after the card opening device 200 is powered, the card opening device enters a first locking stage. Before being successfully unlocked, the card opening device 200 is only allowed to perform the first predetermined number of data transmissions to the data storage device 100, and the amount of data that can be transmitted in each data transmission is also limited to not exceed a predetermined amount of data .

根據本發明之一實施例,於第一鎖定階段,開卡裝置200僅被允許對資料儲存裝置100執行至多兩次的資料傳輸,並且於第一次資料傳輸中由開卡裝置200傳送至資料儲存裝置100之資料量被限定為,例如,不超過64kB。 According to an embodiment of the present invention, in the first locking stage, the card opening device 200 is only allowed to perform data transmission to the data storage device 100 at most twice, and the card opening device 200 transmits data to the data in the first data transmission The data amount of the storage device 100 is limited to, for example, no more than 64kB.

如第5圖所示,於開卡裝置200被供電後,電子裝置將第一控制指令及第一驗證資料傳送至開卡裝置200,其中,於本發明之實施例,第一驗證資料包含用以產生加密資料(例如,加密過的金鑰)之一程式碼Tiny_code。開卡裝置200因應第一控制指令將包含程式碼Tiny_code之第一驗證資料傳送至資料儲存裝置100。 As shown in FIG. 5, after the card opening device 200 is powered, the electronic device transmits the first control command and the first verification data to the card opening device 200. In the embodiment of the present invention, the first verification data includes To generate a code Tiny_code of one of the encrypted data (for example, the encrypted key). The card opening device 200 transmits the first verification data including the code Tiny_code to the data storage device 100 in response to the first control command.

於第一驗證資料被傳送至資料儲存裝置100後,開卡裝置200進入一第二鎖定階段。根據本發明之一實施例,於第二鎖定階段,開卡裝置200僅被允許對資料儲存裝置100執行第二既定次數之資料傳輸,並且於各資料傳輸中可被傳送的資料量也被限定為不超過一既定資料量,其中第二既定次數可少於第一既定次數。 舉例而言,於第二鎖定階段,開卡裝置200僅被允許對資料儲存裝置100執行至多一次的資料傳輸,並且於此次資料傳輸中由開卡裝置200傳送至資料儲存裝置100之資料量被限定為,例如,不超過64kB。 After the first verification data is sent to the data storage device 100, the card opening device 200 enters a second locking stage. According to an embodiment of the present invention, in the second locking stage, the card opening device 200 is only allowed to perform a second predetermined number of data transmissions to the data storage device 100, and the amount of data that can be transmitted in each data transmission is also limited In order not to exceed a predetermined amount of data, the second predetermined number of times may be less than the first predetermined number of times. For example, in the second locking stage, the card opening device 200 is only allowed to perform at most one data transmission to the data storage device 100, and the amount of data transmitted from the card opening device 200 to the data storage device 100 in this data transmission Limited to, for example, no more than 64kB.

於接收到包含程式碼Tiny_code之第一驗證資料後,資料儲存裝置100可回應一傳輸完成訊息至開卡裝置200,而開卡裝置200可進一步回應一傳輸完成訊息至電子裝置。根據本發明之一實施例,資料儲存裝置100可將接收到的第一驗證資料儲存於緩衝記憶體116內,藉此可執行程式碼Tiny_code。值得注意的是,於本發明之實施例中,資料儲存裝置100並不會進一步將程式碼Tiny_code存入記憶體裝置120內。 After receiving the first verification data including the code Tiny_code, the data storage device 100 can respond to a transmission completion message to the card opening device 200, and the card opening device 200 can further respond to a transmission completion message to the electronic device. According to an embodiment of the present invention, the data storage device 100 may store the received first verification data in the buffer memory 116, thereby executing the program code Tiny_code. It is worth noting that in the embodiment of the present invention, the data storage device 100 does not further store the code Tiny_code into the memory device 120.

根據本發明之一實施例,程式碼Tiny_code可包含一既定數量之加密程式碼與解密程式碼,以及一既定數量之虛設資料(dummy data)。即,於本發明之實施例中,真實的加密/解密程式碼被嵌入程式碼Tiny_code內,並且程式碼Tiny_code會被虛設資料打亂。藉由執行事先儲存於唯讀記憶體112M內之內建韌體,資料儲存裝置100之記憶體控制器110可從語法上分析程式碼Tiny_code,解析出真實的加密/解密程式碼,並將之儲存於緩衝記憶體116內,以供後續執行。 According to an embodiment of the invention, the program code Tiny_code may include a predetermined amount of encrypted code and decryption code, and a predetermined amount of dummy data. That is, in the embodiment of the present invention, the real encryption/decryption code is embedded in the code Tiny_code, and the code Tiny_code will be disrupted by the dummy data. By executing the built-in firmware stored in the read-only memory 112M in advance, the memory controller 110 of the data storage device 100 can grammatically analyze the code Tiny_code, parse out the real encryption/decryption code, and convert it Stored in the buffer memory 116 for subsequent execution.

根據本發明之第一實施例,於接收到傳輸完成訊息後,電子裝置可隨機地選擇一加密方法以及產生一金鑰。電子裝置可將此金鑰與所選之加密方法作為第二驗證資料傳送至開卡裝置200。因應電子裝置所發出之對應的控制訊息,開卡裝置200進一步將此金鑰與加密方法之資訊作為第二驗證資料傳送至資料儲存裝 置100。 According to the first embodiment of the present invention, after receiving the transmission completion message, the electronic device can randomly select an encryption method and generate a key. The electronic device may send the key and the selected encryption method to the card opening device 200 as the second verification data. In response to the corresponding control message sent by the electronic device, the card opening device 200 further sends the information of the key and the encryption method to the data storage device as second verification data Set 100.

於第二驗證資料被傳送至資料儲存裝置100後,開卡裝置200進入一第三鎖定階段,此為一完全鎖定階段。於完全鎖定階段,開卡裝置200不被允許再將任何資料傳送給該資料儲存裝置。即,開卡裝置200與資料儲存裝置100之間不再允許進一步的指令與資料傳輸。 After the second verification data is sent to the data storage device 100, the card opening device 200 enters a third locking stage, which is a complete locking stage. In the fully locked stage, the card opening device 200 is not allowed to send any data to the data storage device. That is, no further commands and data transmission are allowed between the card opening device 200 and the data storage device 100.

於接收到金鑰與加密方法之資訊後,資料儲存裝置100可執行程式碼Tiny_code,用以根據加密方法與金鑰產生加密過的資料。如上述,資料儲存裝置100之記憶體控制器110可根據電子裝置所指示之加密方法從語法上分析程式碼Tiny_code,解析出其所需要的真實的加密/解密程式碼。 After receiving the information of the key and the encryption method, the data storage device 100 can execute the program code Tiny_code to generate encrypted data according to the encryption method and the key. As described above, the memory controller 110 of the data storage device 100 can grammatically analyze the code Tiny_code according to the encryption method instructed by the electronic device, and parse out the real encryption/decryption code it needs.

根據本發明之一實施例中,資料儲存裝置100可計算加密過的金鑰作為加密過的資料,並且可將加密過的資料回傳給開卡裝置200。 According to an embodiment of the invention, the data storage device 100 can calculate the encrypted key as encrypted data, and can return the encrypted data to the card opening device 200.

根據本發明之另一實施例,資料儲存裝置100可隨機產生一筆大量的虛設資料,計算加密過的金鑰,並且根據加密方法將加密過的金鑰嵌入虛設資料中作為加密過的資料,再將加密過的資料回傳給開卡裝置200。 According to another embodiment of the present invention, the data storage device 100 can randomly generate a large amount of dummy data, calculate the encrypted key, and embed the encrypted key in the dummy data according to the encryption method as encrypted data, and then Send the encrypted data back to the card opening device 200.

於接收到加密過的資料後,開卡裝置200可將其自己計算的加密過的金鑰與自資料儲存裝置100接收到之加密過的金鑰做比較,比較兩者是否相同,用以驗證資料儲存裝置是否為被認可的裝置。於將加密過的金鑰嵌入虛設資料中作為加密過的資料的一些實施例中,開卡裝置200可進一步使用加密方法找出嵌入虛設資料中的有效資料(即,加密過的金鑰)所在的位置,以找出資料儲 存裝置100所傳送之加密過的金鑰。於找到加密過的金鑰後,開卡裝置200可將其自己計算的加密過的金鑰與自資料儲存裝置100接收到之加密過的金鑰做比較,比較兩者是否相同,用以驗證資料儲存裝置是否為被認可的裝置(即,裝置之正直性(integrity))。 After receiving the encrypted data, the card opening device 200 can compare the encrypted key calculated by itself with the encrypted key received from the data storage device 100, and compare whether the two are the same for verification Whether the data storage device is an approved device. In some embodiments where the encrypted key is embedded in the dummy data as encrypted data, the card opening device 200 may further use an encryption method to find the valid data (ie, the encrypted key) embedded in the dummy data To locate the data store The encrypted key transmitted by the storage device 100. After finding the encrypted key, the card opening device 200 can compare the encrypted key calculated by itself with the encrypted key received from the data storage device 100, and compare whether the two are the same for verification Whether the data storage device is an approved device (ie, the integrity of the device).

於本發明之一實施例中,開卡裝置200可執行程式碼Tiny_code,用以進一步根據加密方法使用金鑰自行產生(計算出)加密過的金鑰。於本發明之另一實施例中,開卡裝置200可執行於記憶體裝置230內所儲存之程式碼,以根據加密方法使用金鑰自行產生(計算出)加密過的金鑰。若開卡裝置200計算的加密過的金鑰不符合自資料儲存裝置100接收到之加密過的金鑰,則開卡裝置200持續運作於完全鎖定階段。 In one embodiment of the present invention, the card opening device 200 can execute the program code Tiny_code to further generate (calculate) the encrypted key by using the key according to the encryption method. In another embodiment of the present invention, the card opening device 200 can execute the program code stored in the memory device 230 to automatically generate (calculate) the encrypted key using the key according to the encryption method. If the encrypted key calculated by the card opening device 200 does not match the encrypted key received from the data storage device 100, the card opening device 200 continues to operate in the fully locked stage.

若開卡裝置200計算的加密過的金鑰符合自資料儲存裝置100接收到之加密過的金鑰,代表資料儲存裝置100通過驗證程序。於判斷資料儲存裝置100通過驗證程序後,開卡裝置200運作於一解鎖階段。開卡裝置200可傳送一解鎖回應訊息至電子裝置。 If the encrypted key calculated by the card opening device 200 matches the encrypted key received from the data storage device 100, it means that the data storage device 100 has passed the verification procedure. After determining that the data storage device 100 passes the verification procedure, the card opening device 200 operates in an unlocking stage. The card opening device 200 can send an unlock response message to the electronic device.

因應解鎖回應訊息,電子裝置可確認資料儲存裝置100已通過驗證程序,因而藉由傳送啟用資料儲存裝置100所需之裝置韌體至開卡裝置200開始資料儲存裝置100之開卡程序。開卡裝置200接著將裝置韌體傳送至資料儲存裝置100。裝置韌體最終可經由記憶體控制器110的控制被載入資料儲存裝置100之記憶體裝置120內。當裝置韌體成功被載入後,開卡程序完成,資料儲存裝置100可傳送一開卡完成訊息至開卡裝置200。 In response to the unlock response message, the electronic device can confirm that the data storage device 100 has passed the verification procedure, so the card storage device 100 starts the card opening process by sending the device firmware required to activate the data storage device 100 to the card opening device 200. The card opening device 200 then transmits the device firmware to the data storage device 100. The device firmware can finally be loaded into the memory device 120 of the data storage device 100 under the control of the memory controller 110. After the device firmware is successfully loaded, the card opening procedure is completed, and the data storage device 100 can send a card opening completion message to the card opening device 200.

當開卡裝置200接收到開卡完成訊息後,會進一步 將開卡完成訊息傳送至電子裝置。當電子裝置接收到開卡完成訊息後,電子裝置可發出一指令用以關閉開卡裝置200或關閉開卡裝置200內用以與資料儲存裝置100溝通的相關電路。爾後,當開卡裝置200或相關電路重新被供電後,開卡裝置200將再度進入第一鎖定階段,用以為下一個資料儲存裝置執行驗證與開卡程序。 When the card opening device 200 receives the card opening completion message, it will further Send the card opening completion message to the electronic device. After the electronic device receives the card opening completion message, the electronic device may issue a command to close the card opening device 200 or close the relevant circuit in the card opening device 200 for communicating with the data storage device 100. After that, when the card opening device 200 or related circuits are powered on again, the card opening device 200 will enter the first locking stage again to perform the verification and card opening procedures for the next data storage device.

根據本發明之第二實施例,第二驗證資料包含加密過的金鑰及對應之加密/解密方法。中央控制單元21A自處理器140接收由處理器140所選擇之一加密方法與一金鑰,並且根據此加密方法使用此金鑰計算出加密過的金鑰,再將加密過的金鑰與對應之加密或解密方法作為第二驗證資料傳送給資料儲存裝置100。 資料儲存裝置100需根據加密或解密方法將此加密過的金鑰解密,再將其解密過的金鑰(即,驗證回應資料)回傳給開卡裝置200。於驗證程序中,中央控制單元21A比較自處理器140接收之金鑰與自資料儲存裝置100接收之解密過的金鑰是否相同,以及於兩者相同時,判斷該資料儲存裝置通過驗證程序。 According to the second embodiment of the present invention, the second verification data includes the encrypted key and the corresponding encryption/decryption method. The central control unit 21A receives from the processor 140 an encryption method and a key selected by the processor 140, and uses the key to calculate an encrypted key according to the encryption method, and then compares the encrypted key with the corresponding The encryption or decryption method is sent to the data storage device 100 as the second verification data. The data storage device 100 needs to decrypt the encrypted key according to the encryption or decryption method, and then return the decrypted key (ie, the verification response data) to the card opening device 200. In the verification process, the central control unit 21A compares whether the key received from the processor 140 and the decrypted key received from the data storage device 100 are the same, and when the two are the same, determines that the data storage device passes the verification process.

第6圖係顯示根據本發明之第二實施例所述之利用開卡裝置驗證並且啟用一資料儲存裝置之訊息流程圖。第6圖顯示出電子裝置(或其所包含之處理器140,以下亦同)、開卡裝置200/主機裝置130(或其所包含之中央控制單元21A,以下亦同)以及資料儲存裝置100(或其所包含之記憶體控制器110,以下亦同)之間的訊息流程。 FIG. 6 is a message flow diagram illustrating verification and activation of a data storage device using a card opening device according to a second embodiment of the invention. FIG. 6 shows the electronic device (or the processor 140 included in it, the same below), the card opening device 200/host device 130 (or the central control unit 21A included in it, the same below) and the data storage device 100 (Or the memory controller 110 included in it, the same applies hereinafter).

類似於第一實施例,於開卡裝置200被供電後,開卡裝置200進入一第一鎖定階段。在成功地被解鎖前,開卡裝置200僅被允許對資料儲存裝置100執行第一既定次數之資料傳輸, 並且於各資料傳輸中可被傳送的資料量也被限定為不超過一既定資料量。 Similar to the first embodiment, after the card opening device 200 is powered, the card opening device 200 enters a first locking stage. Before being successfully unlocked, the card opening device 200 is only allowed to perform the first predetermined number of data transmissions to the data storage device 100, And the amount of data that can be transmitted in each data transmission is also limited to not exceed a predetermined amount of data.

根據本發明之一實施例,於第一鎖定階段,開卡裝置200僅被允許對資料儲存裝置100執行至多兩次的資料傳輸,並且於第一次資料傳輸中由開卡裝置200傳送至資料儲存裝置100之資料量被限定為,例如,不超過64kB。 According to an embodiment of the present invention, in the first locking stage, the card opening device 200 is only allowed to perform data transmission to the data storage device 100 at most twice, and the card opening device 200 transmits data to the data in the first data transmission The data amount of the storage device 100 is limited to, for example, no more than 64kB.

如第6圖所示,於開卡裝置200被供電後,電子裝置將第一控制指令及第一驗證資料傳送至開卡裝置200,其中,於本發明之實施例,第一驗證資料包含用以產生加密資料(例如,加密過的金鑰)之一程式碼Tiny_code。開卡裝置200因應第一控制指令將包含程式碼Tiny_code之第一驗證資料傳送至資料儲存裝置100。 As shown in FIG. 6, after the card opening device 200 is powered, the electronic device transmits the first control command and the first verification data to the card opening device 200. In the embodiment of the present invention, the first verification data includes To generate a code Tiny_code of one of the encrypted data (for example, the encrypted key). The card opening device 200 transmits the first verification data including the code Tiny_code to the data storage device 100 in response to the first control command.

於第一驗證資料被傳送至資料儲存裝置100後,開卡裝置200進入一第二鎖定階段。根據本發明之一實施例,於第二鎖定階段,開卡裝置200僅被允許對資料儲存裝置100執行第二既定次數之資料傳輸,並且於各資料傳輸中可被傳送的資料量也被限定為不超過一既定資料量,其中第二既定次數可少於第一既定次數。 舉例而言,於第二鎖定階段,開卡裝置200僅被允許對資料儲存裝置100執行至多一次的資料傳輸,並且於此次資料傳輸中由開卡裝置200傳送至資料儲存裝置100之資料量被限定為,例如,不超過64kB。 After the first verification data is sent to the data storage device 100, the card opening device 200 enters a second locking stage. According to an embodiment of the present invention, in the second locking stage, the card opening device 200 is only allowed to perform a second predetermined number of data transmissions to the data storage device 100, and the amount of data that can be transmitted in each data transmission is also limited In order not to exceed a predetermined amount of data, the second predetermined number of times may be less than the first predetermined number of times. For example, in the second locking stage, the card opening device 200 is only allowed to perform at most one data transmission to the data storage device 100, and the amount of data transmitted from the card opening device 200 to the data storage device 100 in this data transmission Limited to, for example, no more than 64kB.

於接收到包含程式碼Tiny_code之第一驗證資料後,資料儲存裝置100可回應一傳輸完成訊息至開卡裝置200,而開卡裝置200可進一步回應一傳輸完成訊息至電子裝置。根據本發明之 一實施例,資料儲存裝置100可將接收到的第一驗證資料儲存於緩衝記憶體116內,藉此可執行程式碼Tiny_code。值得注意的是,於本發明之實施例中,資料儲存裝置100並不會進一步將程式碼Tiny_code存入記憶體裝置120內。 After receiving the first verification data including the code Tiny_code, the data storage device 100 can respond to a transmission completion message to the card opening device 200, and the card opening device 200 can further respond to a transmission completion message to the electronic device. According to the invention In one embodiment, the data storage device 100 may store the received first verification data in the buffer memory 116, thereby executing the program code Tiny_code. It is worth noting that in the embodiment of the present invention, the data storage device 100 does not further store the code Tiny_code into the memory device 120.

根據本發明之第二實施例,於接收到傳輸完成訊息後,電子裝置可隨機地選擇一加密方法以及產生一金鑰。電子裝置可將此金鑰與所選之加密方法之資訊傳送至開卡裝置200。根據本發明之一實施例,開卡裝置200接著可執行程式碼Tiny_code或儲存於記憶體裝置230內之程式,用以根據此加密方法使用此金鑰產生加密過的金鑰作為加密過的資料。根據本發明之另一實施例,開卡裝置200可隨機產生一筆大量的虛設資料,計算加密過的金鑰,並且根據加密方法將加密過的金鑰嵌入虛設資料中作為加密過的資料。 According to the second embodiment of the present invention, after receiving the transmission completion message, the electronic device can randomly select an encryption method and generate a key. The electronic device can send the information of the key and the selected encryption method to the card opening device 200. According to an embodiment of the present invention, the card opening device 200 can then execute the program code Tiny_code or the program stored in the memory device 230 for generating an encrypted key as encrypted data using the key according to the encryption method . According to another embodiment of the present invention, the card opening device 200 can randomly generate a large amount of dummy data, calculate the encrypted key, and embed the encrypted key in the dummy data according to the encryption method as encrypted data.

根據本發明之一實施例,開卡裝置200接著將加密過的資料以及加密方法之資訊傳送給資料儲存裝置100。 According to an embodiment of the present invention, the card opening device 200 then transmits the encrypted data and the information of the encryption method to the data storage device 100.

於本發明之另一實施例中,開卡裝置200可將加密過的資料與解密方法之資訊傳送給資料儲存裝置100。於此實施例中,唯讀記憶體214或記憶體裝置230內可儲存一對照表,用以紀錄加密程式碼與對應之加密方法,以及對應之解密程式碼與解密方法等的對應關係。因此,此實施例中,於接收到電子裝置所選擇之加密方法的資訊後,開卡裝置200可查找此對照表以得知哪個解密方法係對應於電子裝置所選擇之加密方法,並且將加密過的資料與解密方法之資訊傳送給資料儲存裝置100。 In another embodiment of the present invention, the card opening device 200 can send the encrypted data and the decryption method information to the data storage device 100. In this embodiment, the read-only memory 214 or the memory device 230 may store a comparison table for recording the correspondence between the encryption code and the corresponding encryption method, and the corresponding decryption code and decryption method. Therefore, in this embodiment, after receiving the information of the encryption method selected by the electronic device, the card opening device 200 can look up the comparison table to know which decryption method corresponds to the encryption method selected by the electronic device, and encrypt The data and the decryption method are sent to the data storage device 100.

於本發明之一實施例中,於接收到加密過的資料與 加密方法之資訊後,資料儲存裝置100可執行程式碼Tiny_code,以使用此加密方法找出嵌入虛設資料中的有效資料(即,加密過的金鑰)所在的位置,以找出開卡裝置200所傳送之加密過的金鑰。於找到加密過的金鑰後,資料儲存裝置100進一步將此金鑰解密。更具體的說,於此實施例中,程式碼Tiny_code內可儲存一對照表,用以紀錄加密程式碼與對應之加密方法,以及對應之解密程式碼與解密方法等的對應關係。於接收到電子裝置所選擇之加密方法之資訊後,資料儲存裝置100可查找此對照表以得知哪個解密方法係對應於電子裝置所選擇之加密方法,並且取得對應的解密程式碼。資料儲存裝置100可進一步藉由執行解密程式碼將此金鑰解密。於完成解密後,資料儲存裝置100可將解密過的金鑰傳送給開卡裝置200。 In one embodiment of the invention, upon receiving the encrypted data and After encrypting the information of the method, the data storage device 100 can execute the code Tiny_code to use the encryption method to find the location of the valid data (ie, the encrypted key) embedded in the dummy data to find the card opening device 200 The encrypted key sent. After finding the encrypted key, the data storage device 100 further decrypts the key. More specifically, in this embodiment, a comparison table may be stored in the code Tiny_code to record the correspondence between the encrypted code and the corresponding encryption method, and the corresponding decryption code and decryption method. After receiving the information of the encryption method selected by the electronic device, the data storage device 100 can look up the comparison table to know which decryption method corresponds to the encryption method selected by the electronic device, and obtain the corresponding decryption code. The data storage device 100 can further decrypt the key by executing the decryption code. After the decryption is completed, the data storage device 100 can send the decrypted key to the card opening device 200.

於開卡裝置200將加密過的資料與解密方法之資訊傳送給資料儲存裝置100之另一實施例中,於接收到加密過的資料與解密方法之資訊後,資料儲存裝置100可執行程式碼Tiny_code,以使用對應之加密方法找出嵌入虛設資料中的有效資料(即,加密過的金鑰)所在的位置,用以找出開卡裝置200所傳送之加密過的金鑰。於找到加密過的金鑰後,資料儲存裝置100進一步藉由執行根據所接收到的解密方法之資訊而取得的解密程式碼將此金鑰解密。 於完成解密後,資料儲存裝置100可將解密過的金鑰傳送給開卡裝置200。 In another embodiment where the card opening device 200 transmits the encrypted data and the decryption method information to the data storage device 100, after receiving the encrypted data and the decryption method information, the data storage device 100 can execute the program code Tiny_code, to find the location of the valid data (ie, the encrypted key) embedded in the dummy data using the corresponding encryption method, to find the encrypted key transmitted by the card opening device 200. After finding the encrypted key, the data storage device 100 further decrypts the key by executing the decryption code obtained according to the received decryption method information. After the decryption is completed, the data storage device 100 can send the decrypted key to the card opening device 200.

於接收到解密過的金鑰後,開卡裝置200可將此解密過的金鑰與自電子裝置接收到的金鑰做比較,比較兩者是否相同,用以驗證資料儲存裝置是否為被認可的裝置(即,裝置之正直性 (integrity))。 After receiving the decrypted key, the card opening device 200 may compare the decrypted key with the key received from the electronic device, and compare whether the two are the same to verify whether the data storage device is approved Device (ie, device integrity (integrity)).

若資料儲存裝置100計算的解密過的金鑰不符合自電子裝置接收到的金鑰,則開卡裝置200持續運作於完全鎖定階段。 If the decrypted key calculated by the data storage device 100 does not match the key received from the electronic device, the card opening device 200 continues to operate in the fully locked stage.

若資料儲存裝置100計算的解密過的金鑰符合自電子裝置接收到的金鑰,代表資料儲存裝置100通過驗證程序。於判斷資料儲存裝置100通過驗證程序後,開卡裝置200運作於一解鎖階段。開卡裝置200可傳送一解鎖回應訊息至電子裝置。 If the decrypted key calculated by the data storage device 100 matches the key received from the electronic device, it means that the data storage device 100 passes the verification procedure. After determining that the data storage device 100 passes the verification procedure, the card opening device 200 operates in an unlocking stage. The card opening device 200 can send an unlock response message to the electronic device.

因應解鎖回應訊息,電子裝置可確認資料儲存裝置100已通過驗證程序,因而藉由傳送啟用資料儲存裝置100所需之裝置韌體至開卡裝置200開始資料儲存裝置100之開卡程序。開卡裝置200接著將裝置韌體傳送至資料儲存裝置100。裝置韌體最終可經由記憶體控制器110的控制被載入資料儲存裝置100之記憶體裝置120內。當裝置韌體成功被載入後,開卡程序完成,資料儲存裝置100可傳送一開卡完成訊息至開卡裝置200。 In response to the unlock response message, the electronic device can confirm that the data storage device 100 has passed the verification procedure, so the card storage device 100 starts the card opening process by sending the device firmware required to activate the data storage device 100 to the card opening device 200. The card opening device 200 then transmits the device firmware to the data storage device 100. The device firmware can finally be loaded into the memory device 120 of the data storage device 100 under the control of the memory controller 110. After the device firmware is successfully loaded, the card opening procedure is completed, and the data storage device 100 can send a card opening completion message to the card opening device 200.

當開卡裝置200接收到開卡完成訊息後,會進一步將開卡完成訊息傳送至電子裝置。當電子裝置接收到開卡完成訊息後,電子裝置可發出一指令用以關閉開卡裝置200或關閉開卡裝置200內用以與資料儲存裝置100溝通的相關電路。爾後,當開卡裝置200或相關電路重新被供電後,開卡裝置200將再度進入第一鎖定階段,用以為下一個資料儲存裝置執行驗證與開卡程序。 After the card opening device 200 receives the card opening completion message, it will further send the card opening completion message to the electronic device. After the electronic device receives the card opening completion message, the electronic device may issue a command to close the card opening device 200 or close the relevant circuit in the card opening device 200 for communicating with the data storage device 100. After that, when the card opening device 200 or related circuits are powered on again, the card opening device 200 will enter the first locking stage again to perform the verification and card opening procedures for the next data storage device.

根據本發明之第三實施例,第二驗證資料包含加密過的金鑰及對應之加密/解密方法。中央控制單元21A自處理器140接收由處理器140所產生的金鑰,自行選擇一加密方法,並且 根據此加密方法使用此金鑰計算出加密過的金鑰,再將加密過的金鑰與對應之加密或解密方法作為第二驗證資料傳送給資料儲存裝置100。資料儲存裝置100需根據加密或解密方法將此加密過的金鑰解密,再將其解密過的金鑰(即,驗證回應資料)回傳給開卡裝置200。 於驗證程序中,中央控制單元21A比較自處理器140接收之金鑰與自資料儲存裝置100接收之解密過的金鑰是否相同,以及於兩者相同時,判斷該資料儲存裝置通過驗證程序。 According to the third embodiment of the present invention, the second verification data includes the encrypted key and the corresponding encryption/decryption method. The central control unit 21A receives the key generated by the processor 140 from the processor 140, selects an encryption method by itself, and The encrypted key is calculated using the key according to the encryption method, and then the encrypted key and the corresponding encryption or decryption method are sent to the data storage device 100 as second verification data. The data storage device 100 needs to decrypt the encrypted key according to the encryption or decryption method, and then return the decrypted key (ie, the verification response data) to the card opening device 200. In the verification process, the central control unit 21A compares whether the key received from the processor 140 and the decrypted key received from the data storage device 100 are the same, and when the two are the same, determines that the data storage device passes the verification process.

第7圖係顯示根據本發明之第三實施例所述之利用開卡裝置驗證並且啟用一資料儲存裝置之訊息流程圖。第7圖顯示出電子裝置(或其所包含之處理器140,以下亦同)、開卡裝置200/主機裝置130(或其所包含之中央控制單元21A,以下亦同)以及資料儲存裝置100(或其所包含之記憶體控制器110,以下亦同)之間的訊息流程。 FIG. 7 is a message flow diagram illustrating verification and activation of a data storage device using a card opening device according to a third embodiment of the present invention. FIG. 7 shows the electronic device (or the processor 140 included in it, the same below), the card opening device 200/host device 130 (or the central control unit 21A included in it, the same below) and the data storage device 100 (Or the memory controller 110 included in it, the same applies hereinafter).

類似於第一實施例,於開卡裝置200被供電後,開卡裝置200進入一第一鎖定階段。在成功地被解鎖前,開卡裝置200僅被允許對資料儲存裝置100執行第一既定次數之資料傳輸,並且於各資料傳輸中可被傳送的資料量也被限定為不超過一既定資料量。 Similar to the first embodiment, after the card opening device 200 is powered, the card opening device 200 enters a first locking stage. Before being successfully unlocked, the card opening device 200 is only allowed to perform the first predetermined number of data transmissions to the data storage device 100, and the amount of data that can be transmitted in each data transmission is also limited to not exceed a predetermined amount of data .

根據本發明之一實施例,於第一鎖定階段,開卡裝置200僅被允許對資料儲存裝置100執行至多兩次的資料傳輸,並且於第一次資料傳輸中由開卡裝置200傳送至資料儲存裝置100之資料量被限定為,例如,不超過64kB。 According to an embodiment of the present invention, in the first locking stage, the card opening device 200 is only allowed to perform data transmission to the data storage device 100 at most twice, and the card opening device 200 transmits data to the data in the first data transmission The data amount of the storage device 100 is limited to, for example, no more than 64kB.

如第7圖所示,於開卡裝置200被供電後,電子裝置將第一控制指令及第一驗證資料傳送至開卡裝置200,其中,於 本發明之實施例,第一驗證資料包含用以產生加密資料(例如,加密過的金鑰)之一程式碼Tiny_code。開卡裝置200因應第一控制指令接著將包含程式碼Tiny_code之第一驗證資料傳送至資料儲存裝置100。 As shown in FIG. 7, after the card opening device 200 is powered, the electronic device transmits the first control command and the first verification data to the card opening device 200, wherein, In an embodiment of the present invention, the first verification data includes a code Tiny_code for generating encrypted data (for example, an encrypted key). In response to the first control command, the card opening device 200 then sends the first verification data including the code Tiny_code to the data storage device 100.

於第一驗證資料被傳送至資料儲存裝置100後,開卡裝置200進入一第二鎖定階段。根據本發明之一實施例,於第二鎖定階段,開卡裝置200僅被允許對資料儲存裝置100執行第二既定次數之資料傳輸,並且於各資料傳輸中可被傳送的資料量也被限定為不超過一既定資料量,其中第二既定次數可少於第一既定次數。 舉例而言,於第二鎖定階段,開卡裝置200僅被允許對資料儲存裝置100執行至多一次的資料傳輸,並且於此次資料傳輸中由開卡裝置200傳送至資料儲存裝置100之資料量被限定為,例如,不超過64kB。 After the first verification data is sent to the data storage device 100, the card opening device 200 enters a second locking stage. According to an embodiment of the present invention, in the second locking stage, the card opening device 200 is only allowed to perform a second predetermined number of data transmissions to the data storage device 100, and the amount of data that can be transmitted in each data transmission is also limited In order not to exceed a predetermined amount of data, the second predetermined number of times may be less than the first predetermined number of times. For example, in the second locking stage, the card opening device 200 is only allowed to perform at most one data transmission to the data storage device 100, and the amount of data transmitted from the card opening device 200 to the data storage device 100 in this data transmission Limited to, for example, no more than 64kB.

於接收到包含程式碼Tiny_code之第一驗證資料後,資料儲存裝置100可回應一傳輸完成訊息至開卡裝置200,而開卡裝置200可進一步回應一傳輸完成訊息至電子裝置。 After receiving the first verification data including the code Tiny_code, the data storage device 100 can respond to a transmission completion message to the card opening device 200, and the card opening device 200 can further respond to a transmission completion message to the electronic device.

根據本發明之第三實施例,於接收到傳輸完成訊息後,電子裝置可產生一金鑰。電子裝置可將此金鑰傳送至開卡裝置200。於本發明之第三實施例中,開卡裝置200可隨機選擇用以加密此金鑰之一加密方法,並且可執行程式碼Tiny_code或儲存於記憶體裝置230內之程式,用以根據此加密方法使用此金鑰產生加密過的金鑰。於本發明之一實施例中,開卡裝置200可產生加密過的金鑰作為加密過的資料,並且將加密過的資料以及加密或解密方法之資訊傳送給資料儲存裝置100。於本發明之另一實施例中,開卡 裝置200可隨機產生一筆大量的虛設資料,產生加密過的金鑰,並且根據加密方法將加密過的金鑰嵌入虛設資料中作為加密過的資料。 開卡裝置200接著將加密過的資料以及加密或解密方法之資訊傳送給資料儲存裝置100。 According to the third embodiment of the present invention, after receiving the transmission completion message, the electronic device can generate a key. The electronic device can send the key to the card opening device 200. In the third embodiment of the present invention, the card opening device 200 can randomly select an encryption method for encrypting the key, and can execute the program code Tiny_code or the program stored in the memory device 230 to encrypt according to this The method uses this key to generate an encrypted key. In one embodiment of the present invention, the card opening device 200 can generate an encrypted key as encrypted data, and send the encrypted data and the information of the encryption or decryption method to the data storage device 100. In another embodiment of the invention, the card is opened The device 200 can randomly generate a large amount of dummy data, generate an encrypted key, and embed the encrypted key in the dummy data according to an encryption method as encrypted data. The card opening device 200 then transmits the encrypted data and the information of the encryption or decryption method to the data storage device 100.

於接收到加密過的資料與加密或解密方法之資訊後,資料儲存裝置100可執行程式碼Tiny_code,以使用此加密或解密方法找出嵌入虛設資料中的有效資料(即,加密過的金鑰)所在的位置,藉由根據接收到的加密或解密方法之資訊執行解密程式碼將此金鑰解密。於完成解密後,資料儲存裝置100可將解密過的金鑰傳送給開卡裝置200。 After receiving the encrypted data and the information of the encryption or decryption method, the data storage device 100 can execute the code Tiny_code to use the encryption or decryption method to find valid data embedded in the dummy data (ie, the encrypted key ), decrypt the key by executing the decryption code based on the received encryption or decryption method information. After the decryption is completed, the data storage device 100 can send the decrypted key to the card opening device 200.

於接收到解密過的金鑰後,開卡裝置200可將此解密過的金鑰與自電子裝置接收到的金鑰做比較,比較兩者是否相同,用以驗證資料儲存裝置是否為被認可的裝置(即,裝置之正直性(integrity))。 After receiving the decrypted key, the card opening device 200 may compare the decrypted key with the key received from the electronic device, and compare whether the two are the same to verify whether the data storage device is approved Device (ie, the integrity of the device).

若資料儲存裝置100計算的解密過的金鑰不符合自電子裝置接收到的金鑰,則開卡裝置200持續運作於完全鎖定階段。 If the decrypted key calculated by the data storage device 100 does not match the key received from the electronic device, the card opening device 200 continues to operate in the fully locked stage.

若資料儲存裝置100計算的解密過的金鑰符合自電子裝置接收到的金鑰,代表資料儲存裝置100通過驗證程序。於判斷資料儲存裝置100通過驗證程序後,開卡裝置200運作於一解鎖階段。開卡裝置200可傳送一解鎖回應訊息至電子裝置。 If the decrypted key calculated by the data storage device 100 matches the key received from the electronic device, it means that the data storage device 100 passes the verification procedure. After determining that the data storage device 100 passes the verification procedure, the card opening device 200 operates in an unlocking stage. The card opening device 200 can send an unlock response message to the electronic device.

因應解鎖回應訊息,電子裝置可確認資料儲存裝置100已通過驗證程序,因而藉由傳送啟用資料儲存裝置100所需之裝置韌體至開卡裝置200開始資料儲存裝置100之開卡程序。開卡 裝置200接著將裝置韌體傳送至資料儲存裝置100。裝置韌體最終可經由記憶體控制器110的控制被載入資料儲存裝置100之記憶體裝置120內。當裝置韌體成功被載入後,開卡程序完成,資料儲存裝置100可傳送一開卡完成訊息至開卡裝置200。 In response to the unlock response message, the electronic device can confirm that the data storage device 100 has passed the verification procedure, so the card storage device 100 starts the card opening process by sending the device firmware required to activate the data storage device 100 to the card opening device 200. Open card The device 200 then transmits the device firmware to the data storage device 100. The device firmware can finally be loaded into the memory device 120 of the data storage device 100 under the control of the memory controller 110. After the device firmware is successfully loaded, the card opening procedure is completed, and the data storage device 100 can send a card opening completion message to the card opening device 200.

當開卡裝置200接收到開卡完成訊息後,會進一步將開卡完成訊息傳送至電子裝置。當電子裝置接收到開卡完成訊息後,電子裝置可發出一指令用以關閉開卡裝置200或關閉開卡裝置200內用以與資料儲存裝置100溝通的相關電路。爾後,當開卡裝置200或相關電路重新被供電後,開卡裝置200將再度進入第一鎖定階段,用以為下一個資料儲存裝置執行驗證與開卡程序。 After the card opening device 200 receives the card opening completion message, it will further send the card opening completion message to the electronic device. After the electronic device receives the card opening completion message, the electronic device may issue a command to close the card opening device 200 or close the relevant circuit in the card opening device 200 for communicating with the data storage device 100. After that, when the card opening device 200 or related circuits are powered on again, the card opening device 200 will enter the first locking stage again to perform the verification and card opening procedures for the next data storage device.

如上述,於本發明之實施例中,開卡裝置於執行資料儲存裝置之開卡程序前,會先驗證資料儲存裝置是否為被認可或者被允許的裝置,並且於判斷資料儲存裝置通過驗證前,開卡裝置會運作於完全鎖定狀態,使得開卡裝置與資料儲存裝置之間不得再有資料傳輸,用以保護裝置韌體不會輕易地被載入非經認可或非經允許的裝置。換言之,於本發明之實施例中,無法通過驗證的資料儲存裝置便無法透過本發明所提出之開卡裝置被啟用。相較於傳統技術,藉由本發明所提出之方法與開卡裝置,可更有效率且更安全的啟用資料儲存裝置。 As described above, in the embodiment of the present invention, before performing the card opening procedure of the data storage device, the card opening device first verifies whether the data storage device is an approved or permitted device, and before determining that the data storage device passes the verification The card opening device will operate in a completely locked state, so that no data transmission can be allowed between the card opening device and the data storage device to protect the device firmware from being easily loaded into non-approved or non-permitted devices. In other words, in the embodiment of the present invention, the data storage device that cannot pass the verification cannot be activated through the card opening device proposed by the present invention. Compared with the conventional technology, the method and the card opening device proposed by the present invention can enable the data storage device to be activated more efficiently and more securely.

雖然本發明已以較佳實施例揭露如上,然其並非用以限定本發明,任何熟悉此項技藝者,在不脫離本發明之精神和範圍內,當可做些許更動與潤飾,因此本發明之保護範圍當視後附之申請專利範圍所界定者為準。 Although the present invention has been disclosed as above with preferred embodiments, it is not intended to limit the present invention. Anyone who is familiar with this skill can do some modifications and retouching without departing from the spirit and scope of the present invention. Therefore, the present invention The scope of protection shall be as defined in the scope of the attached patent application.

21A:中央控制單元 21A: Central control unit

21B:UFS控制單元 21B: UFS control unit

140:處理器 140: processor

200:開卡裝置 200: card opening device

210:主要部分 210: main part

211:USB實體層電路單元 211: USB physical layer circuit unit

212:USB MAC層電路單元 212: USB MAC layer circuit unit

213、CPU:中央處理單元 213. CPU: Central Processing Unit

214、ROM:唯讀記憶體 214, ROM: read-only memory

215、DMA裝置:直接記憶體存取裝置 215. DMA device: direct memory access device

216、SRAM:靜態隨機存取記憶體 216. SRAM: static random access memory

217:UFS主機控制器 217: UFS host controller

218:UniPRO電路單元 218: UniPRO circuit unit

219:M-PHY層電路單元 219: M-PHY layer circuit unit

220:SD主機控制器 220: SD host controller

221:eMMC主機控制器 221: eMMC host controller

222:系統匯流排 222: System bus

230:記憶體裝置 230: memory device

Interface_1、Interface_2、Interface_3、Interface_4、Interface_5:介面 Interface_1, Interface_2, Interface_3, Interface_4, Interface_5: Interface

Claims (15)

一種開卡裝置,用以驗證並啟用一資料儲存裝置,包括:一第一控制單元,透過一第一介面耦接至該資料儲存裝置;以及一中央控制單元,透過一系統匯流排耦接至該第一控制單元,其中該中央控制單元因應自一電子裝置接收之一第一控制指令將一第一驗證資料透過該系統匯流排提供至該第一控制單元,並且由該第一控制單元透過該第一介面將該第一驗證資料傳送至該資料儲存裝置,於該第一驗證資料被傳送至該資料儲存裝置後,該中央控制單元因應自該電子裝置接收之一第二控制指令將一第二驗證資料透過該系統匯流排提供至該第一控制單元,並且由該第一控制單元透過該第一介面將該第二驗證資料傳送至該資料儲存裝置,並且於該第二驗證資料之傳送被執行後,經由該中央控制單元之控制使該開卡裝置進入一完全鎖定階段,於該完全鎖定階段,該中央控制單元執行該資料儲存裝置之一驗證程序,並且於該中央控制單元判斷該資料儲存裝置通過該驗證程序前,該中央控制單元不被允許將任何資料傳送給該資料儲存裝置,以及於判斷該資料儲存裝置通過該驗證程序後,經由該中央控制單元之控制使該開卡裝置進入一解鎖階段,並且於該解鎖階段,由該第一控制單元透過該第一介面將一裝置韌體傳送至該資料儲存裝置,以啟用該資料儲存裝置。 A card opening device for verifying and activating a data storage device, comprising: a first control unit, coupled to the data storage device through a first interface; and a central control unit, coupled to a system bus The first control unit, wherein the central control unit provides a first verification data to the first control unit through the system bus in response to a first control command received from an electronic device, and is transmitted by the first control unit The first interface transmits the first verification data to the data storage device. After the first verification data is sent to the data storage device, the central control unit responds to a second control command received from the electronic device. The second verification data is provided to the first control unit through the system bus, and the first control unit transmits the second verification data to the data storage device through the first interface, and the second verification data After the transfer is performed, the card opening device enters a fully locked stage under the control of the central control unit. During the fully locked stage, the central control unit executes a verification procedure of the data storage device, and the central control unit determines Before the data storage device passes the verification procedure, the central control unit is not allowed to transmit any data to the data storage device, and after judging that the data storage device passes the verification procedure, the control of the central control unit enables the open The card device enters an unlocking stage, and in the unlocking stage, the first control unit transmits a device firmware to the data storage device through the first interface to activate the data storage device. 如申請專利範圍第1項所述之開卡裝置,其中於該開卡裝置被供電後,經由該中央控制單元之控制使該開卡裝置進 入一第一鎖定階段,於該第一鎖定階段,該中央控制單元僅被允許對該資料儲存裝置執行至多一第一既定次數之資料傳輸。 The card opening device as described in item 1 of the patent application scope, wherein after the card opening device is powered, the card opening device is controlled by the central control unit In a first locking stage, the central control unit is only allowed to perform at most a first predetermined number of data transmissions to the data storage device. 如申請專利範圍第2項所述之開卡裝置,其中於該第一驗證資料被傳送至該資料儲存裝置後,經由該中央控制單元之控制使該開卡裝置運作於一第二鎖定階段,於該第二鎖定階段,該中央控制單元僅被允許對該資料儲存裝置執行至多一第二既定次數之資料傳輸。 The card opening device as described in item 2 of the patent application scope, wherein after the first verification data is transmitted to the data storage device, the card opening device is operated in a second locking stage under the control of the central control unit, In the second locking stage, the central control unit is only allowed to perform at most a second predetermined number of data transmissions to the data storage device. 如申請專利範圍第1項所述之開卡裝置,其中於該解鎖階段,該中央控制單元因應自該電子裝置接收之一第三控制指令將自該電子裝置接收之該裝置韌體透過該系統匯流排提供至該第一控制單元。 The card opening device as described in item 1 of the patent application scope, wherein in the unlocking stage, the central control unit passes the device firmware received from the electronic device through the system in response to a third control command received from the electronic device The bus bar is provided to the first control unit. 如申請專利範圍第1項所述之開卡裝置,其中該第一驗證資料包含用以產生加密資料之一程式碼。 The card opening device as described in item 1 of the patent application scope, wherein the first verification data includes a program code for generating encrypted data. 如申請專利範圍第1項所述之開卡裝置,其中該第二驗證資料包含由該電子裝置所選擇之一金鑰以及一加密方法,該中央控制單元自該電子裝置接收該第二驗證資料,並且於該驗證程序,該中央控制單元進一步使用該金鑰以及該加密方法計算一第一加密過的金鑰,自該資料儲存裝置接收之一第二加密過的金鑰,並且比較該第一加密過的金鑰與該第二加密過的金鑰是否相同,以及於該第一加密過的金鑰與該第二加密過的金鑰相同時,判斷該資料儲存裝置通過該驗證程序。 The card opening device as described in item 1 of the patent application scope, wherein the second verification data includes a key selected by the electronic device and an encryption method, and the central control unit receives the second verification data from the electronic device , And in the verification process, the central control unit further uses the key and the encryption method to calculate a first encrypted key, receives a second encrypted key from the data storage device, and compares the first Whether an encrypted key is the same as the second encrypted key, and when the first encrypted key is the same as the second encrypted key, it is determined that the data storage device passes the verification process. 如申請專利範圍第1項所述之開卡裝置,其中該第二驗證資料包含一加密過的金鑰以及對應之一加密/解密方法,並且於該驗證程序,該中央控制單元進一步自該資料儲存裝置接 收之一解密過的金鑰,比較自該電子裝置接收之一金鑰與該解密過的金鑰是否相同,以及於該金鑰與該解密過的金鑰相同時,判斷該資料儲存裝置通過該驗證程序。 The card opening device as described in item 1 of the patent application scope, wherein the second verification data includes an encrypted key and a corresponding encryption/decryption method, and in the verification process, the central control unit further extracts the data Storage device connection Receiving a decrypted key, comparing whether a key received from the electronic device is the same as the decrypted key, and when the key is the same as the decrypted key, determining that the data storage device passes The verification procedure. 如申請專利範圍第1項所述之開卡裝置,其中該第一介面為一UFS介面。 The card opening device as described in item 1 of the patent application scope, wherein the first interface is a UFS interface. 一種利用一開卡裝置驗證並且啟用一資料儲存裝置之方法,包括:因應自一電子裝置接收之一第一控制指令將一第一驗證資料傳送至該資料儲存裝置;於該第一驗證資料被傳送至該資料儲存裝置後,因應自該電子裝置接收之一第二控制指令將一第二驗證資料傳送至該資料儲存裝置;於該第二驗證資料之傳送被執行後,控制該開卡裝置運作於一完全鎖定階段,其中於該完全鎖定階段,在該開卡裝置判斷該資料儲存裝置通過一驗證程序前,該開卡裝置與該資料儲存裝置之間不允許資料傳輸;執行該資料儲存裝置之該驗證程序,以判斷該資料儲存裝置是否通過該驗證程序;於判斷該資料儲存裝置通過該驗證程序後,控制該開卡裝置運作於一解鎖階段;以及於該解鎖階段,該開卡裝置自該電子裝置接收一第三控制指令與該資料儲存裝置之一裝置韌體,並且因應該第三控制指令將該裝置韌體傳送至該資料儲存裝置,以啟用該資料儲存裝置。 A method for verifying and activating a data storage device by using a card opening device includes: transmitting a first verification data to the data storage device in response to a first control command received from an electronic device; After transmitting to the data storage device, a second verification data is transmitted to the data storage device in response to a second control command received from the electronic device; after the transmission of the second verification data is executed, the card opening device is controlled Operate in a completely locked stage, wherein in the completely locked stage, before the card opening device judges that the data storage device passes a verification procedure, data transmission is not allowed between the card opening device and the data storage device; the data storage is performed The verification procedure of the device to determine whether the data storage device passes the verification procedure; after determining that the data storage device passes the verification procedure, control the card opening device to operate in an unlocking stage; and in the unlocking stage, the card opening The device receives a third control command from the electronic device and a device firmware of the data storage device, and transmits the device firmware to the data storage device in response to the third control command to activate the data storage device. 如申請專利範圍第9項所述之方法,更包括: 於該開卡裝置被供電後,控制該開卡裝置運作於一第一鎖定階段,其中於該第一鎖定階段,該開卡裝置僅被允許對該資料儲存裝置執行至多一第一既定次數之資料傳輸。 The method described in item 9 of the patent application scope further includes: After the card opening device is powered, the card opening device is controlled to operate in a first locking stage, wherein in the first locking stage, the card opening device is only allowed to execute the data storage device for at most a first predetermined number of times Data transmission. 如申請專利範圍第10項所述之方法,更包括:於該第一驗證資料被傳送至該資料儲存裝置後,控制該開卡裝置運作於一第二鎖定階段,其中於該第二鎖定階段,該開卡裝置僅被允許對該資料儲存裝置執行至多一第二既定次數之資料傳輸。 The method as described in item 10 of the patent application scope further includes: after the first verification data is transmitted to the data storage device, controlling the card opening device to operate in a second locking stage, in which the second locking stage The card opening device is only allowed to perform at most a second predetermined number of data transmissions to the data storage device. 如申請專利範圍第9項所述之方法,其中該第一驗證資料包含用以產生加密資料之一程式碼。 The method as described in item 9 of the patent application scope, wherein the first verification data includes a code for generating encrypted data. 如申請專利範圍第9項所述之方法,其中該第二驗證資料包含由該電子裝置所選擇之一金鑰以及一加密方法,並且其中執行該資料儲存裝置之該驗證程序,以判斷該資料儲存裝置是否通過該驗證程序之步驟更包括:使用該金鑰以及該加密方法計算一第一加密過的金鑰;自該資料儲存裝置接收一第二加密過的金鑰;比較該第一加密過的金鑰與該第二加密過的金鑰是否相同;以及於該第一加密過的金鑰與該第二加密過的金鑰相同時,判斷該資料儲存裝置通過驗證。 The method as described in item 9 of the patent application scope, wherein the second verification data includes a key selected by the electronic device and an encryption method, and wherein the verification procedure of the data storage device is executed to determine the data The step of whether the storage device passes the verification process further includes: using the key and the encryption method to calculate a first encrypted key; receiving a second encrypted key from the data storage device; comparing the first encryption Whether the encrypted key is the same as the second encrypted key; and when the first encrypted key is the same as the second encrypted key, it is determined that the data storage device passes verification. 如申請專利範圍第9項所述之方法,其中該第二驗證資料包含一加密過的金鑰以及對應之一加密/解密方法,並且其中執行該資料儲存裝置之該驗證程序,以判斷該資料儲存裝置是否通過該驗證程序之步驟更包括:自該資料儲存裝置接收一解密過的金鑰; 比較自該電子裝置接收之一金鑰與自該資料儲存裝置接收之該解密過的金鑰是否相同;以及於該解密過的金鑰與該金鑰相同時,判斷該資料儲存裝置通過驗證。 The method as described in item 9 of the patent application scope, wherein the second verification data includes an encrypted key and a corresponding encryption/decryption method, and wherein the verification process of the data storage device is executed to determine the data The step of whether the storage device passes the verification procedure further includes: receiving a decrypted key from the data storage device; Comparing whether a key received from the electronic device is the same as the decrypted key received from the data storage device; and when the decrypted key is the same as the key, it is determined that the data storage device passes verification. 如申請專利範圍第9項所述之方法,其中該資料儲存裝置為一UFS裝置。 The method as described in item 9 of the patent application scope, wherein the data storage device is a UFS device.
TW107140756A 2018-07-12 2018-11-16 Card activation device and methods for authenticating and activating a data storage device by using a card activation device TWI690805B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201910445472.0A CN110781532B (en) 2018-07-12 2019-05-27 Card opening device and method for verifying and enabling data storage device by using card opening device
US16/505,159 US11157181B2 (en) 2018-07-12 2019-07-08 Card activation device and methods for authenticating and activating a data storage device by using a card activation device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201862696885P 2018-07-12 2018-07-12
US62/696,885 2018-07-12

Publications (2)

Publication Number Publication Date
TW202006558A TW202006558A (en) 2020-02-01
TWI690805B true TWI690805B (en) 2020-04-11

Family

ID=70412871

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107140756A TWI690805B (en) 2018-07-12 2018-11-16 Card activation device and methods for authenticating and activating a data storage device by using a card activation device

Country Status (1)

Country Link
TW (1) TWI690805B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110291834A1 (en) * 2010-05-28 2011-12-01 Nokia Corporation Method and apparatus for transferring data via radio frequency (rf) memory tags
US20150339664A1 (en) * 2014-05-21 2015-11-26 Erick Wong Offline authentication
CN105339919A (en) * 2013-06-20 2016-02-17 株式会社东芝 Device and memory system
CN105631496A (en) * 2015-12-30 2016-06-01 深圳中科讯联科技有限公司 Remote card opening method and system and terminal equipment
CN107862514A (en) * 2017-11-06 2018-03-30 北京小米移动软件有限公司 Mass transit card management method, apparatus and system, storage medium
US9984007B2 (en) * 2014-03-28 2018-05-29 Samsung Electronics Co., Ltd. Storage system and method for performing and authenticating write-protection thereof

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110291834A1 (en) * 2010-05-28 2011-12-01 Nokia Corporation Method and apparatus for transferring data via radio frequency (rf) memory tags
CN105339919A (en) * 2013-06-20 2016-02-17 株式会社东芝 Device and memory system
US9984007B2 (en) * 2014-03-28 2018-05-29 Samsung Electronics Co., Ltd. Storage system and method for performing and authenticating write-protection thereof
US20150339664A1 (en) * 2014-05-21 2015-11-26 Erick Wong Offline authentication
CN105631496A (en) * 2015-12-30 2016-06-01 深圳中科讯联科技有限公司 Remote card opening method and system and terminal equipment
CN107862514A (en) * 2017-11-06 2018-03-30 北京小米移动软件有限公司 Mass transit card management method, apparatus and system, storage medium

Also Published As

Publication number Publication date
TW202006558A (en) 2020-02-01

Similar Documents

Publication Publication Date Title
CN110781532B (en) Card opening device and method for verifying and enabling data storage device by using card opening device
JP6985011B2 (en) Equipment and methods for ensuring access protection schemes
TWI384366B (en) Intelligent controller system and method for smart card memory modules
US20230020278A1 (en) Secure boot assist for devices, and related systems, methods and devices
EP2248063B1 (en) Method and apparatus for controlling system access during protected modes of operation
JP5419776B2 (en) Semiconductor device and data processing method
US20080107275A1 (en) Method and system for encryption of information stored in an external nonvolatile memory
JP2011522469A (en) Integrated circuit having protected software image and method therefor
TWI454959B (en) Storage device proection system and methods for lock and unlock storage device thereof
TWI536199B (en) Data protection method, memory control circuit unit and memory storage device
JP2006527433A (en) Verification method based on private space of USB flash memory disk storage medium
CN101615161B (en) Method for encrypting and decrypting hard disk, hard disk driving device and hard disk
US10747884B2 (en) Techniques for coordinating device boot security
US8219978B2 (en) Information processing device
CN106156827A (en) A kind of chip information protection device and method
KR100972540B1 (en) Secure memory card with life cycle phases
WO2024099183A1 (en) Multi-medium secure boot method and system, storage medium, device and chip
TWI690805B (en) Card activation device and methods for authenticating and activating a data storage device by using a card activation device
TWI529553B (en) Authentication method, associated controller, host computer, and machine-readable medium
JP5761880B2 (en) Automobile
CN114154443A (en) Chip authorization and verification method and device and electronic equipment
JP5603993B2 (en) Electrical unit and data processing method
US9158943B2 (en) Encryption and decryption device for portable storage device and encryption and decryption method thereof
TW202343231A (en) Managing ownership of an electronic device
CN117332386A (en) Solid state disk encryption authentication method and solid state disk