TWI789082B - Secure memory card and control method thereof - Google Patents

Secure memory card and control method thereof Download PDF

Info

Publication number
TWI789082B
TWI789082B TW110139996A TW110139996A TWI789082B TW I789082 B TWI789082 B TW I789082B TW 110139996 A TW110139996 A TW 110139996A TW 110139996 A TW110139996 A TW 110139996A TW I789082 B TWI789082 B TW I789082B
Authority
TW
Taiwan
Prior art keywords
volatile memory
memory controller
chip
special address
security chip
Prior art date
Application number
TW110139996A
Other languages
Chinese (zh)
Other versions
TW202217573A (en
Inventor
吳明鋌
俞能傑
林志宏
Original Assignee
銓安智慧科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 銓安智慧科技股份有限公司 filed Critical 銓安智慧科技股份有限公司
Priority to JP2021176738A priority Critical patent/JP7284796B2/en
Priority to US17/513,110 priority patent/US11886734B2/en
Priority to CN202111268035.XA priority patent/CN114064559A/en
Priority to EP21205460.5A priority patent/EP3992830A1/en
Publication of TW202217573A publication Critical patent/TW202217573A/en
Application granted granted Critical
Publication of TWI789082B publication Critical patent/TWI789082B/en

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Credit Cards Or The Like (AREA)

Abstract

A secure memory card and control method thereof, the secure memory card includes a non-volatile memory device, a secure element, and a non-volatile memory controller in communication with the non-volatile memory device and the secure element. The non-volatile memory controller is adapted to be used with a host, and triggered to interact with the secure element to conduct a securing operation in response to a single command received from the host, and the single command takes a single instruction cycle.

Description

具資訊安全之記憶卡裝置與應用其中的晶片控制方法 Memory card device with information security and chip control method applied therein

本案係為一種具資訊安全之記憶卡裝置與應用其中的晶片控制方法,尤指內建有安全晶片的具資訊安全之記憶卡裝置與應用其中的晶片控制方法。 This case is a memory card device with information security and a chip control method applied therein, especially a memory card device with information security built in a security chip and a chip control method applied therein.

隨著資訊科技的普及,許多需要保密的重要資料(各式帳號與密碼)都會連同一般資料共同存放在使用者端的資訊裝置中,例如常見的個人電腦、筆記型電腦或是現今更普及的智慧手機中,而且可攜式裝置會透過各式資料傳輸管道(例如USB介面或是網際網路等)來與其它資訊裝置進行資料交換或是金融交易。因此,若不妥善儲存需要保密的重要資料,該等資料便有極大可能被竊取而造成重要損失。但是,現今使用者手上的資訊裝置很少具有此類功能,僅有少數新推出的資訊裝置上可能內建有資料安全模組來完成資料安全儲存的功能,而且現存的大多數資訊處理裝置並無法透過簡單的安裝而得到資料加密功能。 With the popularization of information technology, many important information (various account numbers and passwords) that need to be kept secret will be stored together with general information in the information device on the user side, such as common personal computers, notebook computers or the more popular smart phones today. In mobile phones, and portable devices will exchange data or conduct financial transactions with other information devices through various data transmission channels (such as USB interface or Internet, etc.). Therefore, if important information that needs to be kept confidential is not properly stored, such information is likely to be stolen and cause important losses. However, today's information devices in the hands of users seldom have such functions. Only a few newly launched information devices may have built-in data security modules to complete the function of data security storage, and most of the existing information processing devices The data encryption function cannot be obtained through a simple installation.

為能有效改善此一缺失,讓現存的舊有機種可以方便地新增資料安全儲存的功能,如圖1所示之具有資安功能的記憶卡11被發展出來,其主要係以常見的記憶卡(例如安全數位記憶卡(Secure Digital Memory Card,簡稱SD) 中的microSD卡)外加一顆通過CC EAL5+認證的安全晶片(Secure Element)119來完成,用以提供密碼服務、金鑰管理、儲存資料等功能。由圖中可以看出,當主機(host)10中的應用程式100有進行資料加密程序的需求時,該應用程式100便可發出一加密指令,而檔案系統(file system)101便可因應該應用程式100所發出之該加密指令,來對記憶卡11中之快閃記憶體控制器(Flash memory controller)110發出一預設特殊組合102,該預設特殊組合102可以由多個且連續的讀寫命令所構成,舉例來說,該預設特殊組合102可以是連續進行讀取命令(Read command)兩次以及寫入命令(Write command)一次。該預設特殊組合102便會觸發該快閃記憶體控制器110來與檔案系統(file system)101之間建立一條供應商命令管道(Vendor commands Tunnel,簡稱VC Tunnel)103。當供應商命令管道103被建立後,檔案系統(file system)101緊接著透過供應商命令管道103所送進來的一個寫入命令(Write command),將會被快閃記憶體控制器110辨識成一供應商命令(Vendor command),因此當該供應商命令(Vendor command)被事先定義成資料加密相關動作時,便可以使得快閃記憶體控制器110用以完成該加密指令的對應加密動作。例如,該供應商命令(Vendor command)的內容是:使快閃記憶體控制器110將該寫入命令中相關之一筆資料傳至安全晶片119進行加密,加密完後再透過供應商命令管道103傳送回該應用程式或是儲存至快閃記憶體111。 In order to effectively improve this deficiency, the existing old organic type can be easily added with the function of safe storage of data. As shown in Figure 1, a memory card 11 with information security function has been developed, which is mainly based on the common memory Card (such as Secure Digital Memory Card (SD for short) microSD card) and a CC EAL5+ certified security chip (Secure Element) 119 to provide password services, key management, data storage and other functions. As can be seen from the figure, when the application program 100 in the host (host) 10 has a demand for data encryption, the application program 100 can issue an encryption command, and the file system (file system) 101 can respond to the request The encryption command issued by the application program 100 is to send a preset special combination 102 to the flash memory controller (Flash memory controller) 110 in the memory card 11. The default special combination 102 can be composed of multiple and continuous Composed of read and write commands, for example, the preset special combination 102 may be consecutively performing a read command (Read command) twice and a write command (Write command) once. The preset special combination 102 will trigger the flash memory controller 110 to establish a vendor command tunnel (VC tunnel) 103 with the file system 101 . After the provider command pipeline 103 is established, a write command (Write command) sent by the file system (file system) 101 through the provider command pipeline 103 will be recognized by the flash memory controller 110 as a A vendor command (Vendor command), so when the vendor command (Vendor command) is defined in advance as an action related to data encryption, the flash memory controller 110 can be used to complete the corresponding encryption action of the encryption command. For example, the content of the vendor command (Vendor command) is: make the flash memory controller 110 transmit a relevant piece of data in the write command to the security chip 119 for encryption, and then pass through the vendor command pipeline 103 after encryption Send back to the application program or save to flash memory 111.

但由上述說明可以看出,習用手段係利用多個連續讀寫命令的預設特殊組合102來進一步定義出供應商命令(Vendor command),進而”建立一條供應商命令管道”來進行後續的加密指令,而且快閃記憶體控制器110與安全晶片119是以傳統的ISO-7816的智慧卡通訊協定來進行通訊。但預設特殊組合102 過於複雜而浪費指令週期,ISO-7816的最高操作頻率又僅能達1.25MHz,而且三個接腳(IO/CLK/RST)的配置僅能進行半雙工(Half-duplex)的信號傳輸,過慢的資料處理速度皆已無法符合現今的要求。 However, it can be seen from the above description that the usual method is to use the preset special combination 102 of multiple continuous read and write commands to further define the vendor command (Vendor command), and then "establish a vendor command pipeline" for subsequent encryption command, and the flash memory controller 110 and the security chip 119 communicate with the traditional ISO-7816 smart card communication protocol. But preset special combination 102 It is too complicated to waste instruction cycles, and the highest operating frequency of ISO-7816 can only reach 1.25MHz, and the configuration of three pins (IO/CLK/RST) can only carry out half-duplex (Half-duplex) signal transmission, Too slow data processing speed can no longer meet today's requirements.

為能改善上述習用手段的缺失,發明人便發展出下列技術概念與實施手段。本發明係有關於一種具資訊安全之記憶卡裝置,應用於與一主機完成信號連接,其記憶卡裝置包含:一非揮發性記憶體裝置,其係用以儲存資料;一安全晶片;以及一非揮發性記憶體控制器,信號連接至該主機、該非揮發性記憶體裝置以及該安全晶片,該非揮發性記憶體控制器因應該主機發出之一單一指令週期之單一指令而與該安全晶片進行互動。 In order to improve the lack of the above-mentioned conventional means, the inventors have developed the following technical concepts and implementation means. The present invention relates to a memory card device with information security, which is used to complete signal connection with a host, and the memory card device includes: a non-volatile memory device, which is used to store data; a security chip; and a A non-volatile memory controller, signally connected to the host, the non-volatile memory device, and the security chip, the non-volatile memory controller communicates with the security chip in response to a single command of a single command cycle issued by the host interactive.

根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該單一指令週期之單一指令為該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第一特殊地址的一寫入命令,該第一特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第一特殊地址時,將設定該安全晶片之加密模式。 According to the above idea, the memory card device with information security described in this case, wherein the single command of the single command cycle is a file system in the host computer to write a first special address to the non-volatile memory controller input command, the first special address is located in the range of a reserved area in the non-volatile memory device, when a firmware in the non-volatile memory controller recognizes the first special address, it will set the security chip encryption mode.

根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該安全晶片具有複數種加密模式,而該第一特殊地址的寫入命令係用將該安全晶片設定成一第一加密模式,一第二特殊地址的寫入命令則將該安全晶片設定成一第二加密模式。 According to the above idea, the memory card device with information security described in this case, wherein the security chip has multiple encryption modes, and the write command of the first special address is used to set the security chip to a first encryption mode, a The write command of the second special address sets the security chip to a second encryption mode.

根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該單一指令週期之單一指令為該主機中之一檔案系統對該非揮發性記憶體控制器進 行對一第三特殊地址寫入一第一特定資料的寫入命令,該第三特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第三特殊地址時,將改寫該安全晶片之一組參數,而該第一特定資料的內容便是要改寫的參數值。 According to the above idea, in the memory card device with information security described in this case, the single command of the single command cycle is a file system in the host computer for the non-volatile memory controller A write command for writing a first specific data to a third special address, the third special address is located in a reserved area range in the non-volatile memory device, a firmware in the non-volatile memory controller When the body recognizes the third special address, a set of parameters of the security chip will be rewritten, and the content of the first specific data is the parameter value to be rewritten.

根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該單一指令週期之單一指令為該主機中之一檔案系統來對該非揮發性記憶體控制器進行對一第四特殊地址的寫入命令,該第四特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第四特殊地址時,將用以從該安全晶片中讀取該安全晶片的特定資訊。 According to the above idea, the memory card device with information security described in this case, wherein the single command of the single command cycle is a file system in the host to write a fourth special address to the non-volatile memory controller input command, the fourth special address is located in the range of a reserved area in the non-volatile memory device, when a firmware in the non-volatile memory controller recognizes the fourth special address, it will be used from the security Read the specific information of the security chip from the chip.

根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該安全晶片的特定資訊是韌體版本,該安全晶片將該安全晶片的韌體版本傳回該非揮發性記憶體控制器,而該韌體再將該安全晶片的韌體版本寫入該保留區中或是暫存於該非揮發性記憶體控制器中,而檔案系統再從該保留區或該非揮發性記憶體控制器中將該安全晶片的韌體版本讀回。 According to the above idea, in the memory card device with information security described in this case, the specific information of the security chip is a firmware version, and the security chip sends the firmware version of the security chip back to the non-volatile memory controller, and The firmware then writes the firmware version of the security chip into the reserved area or temporarily stores it in the non-volatile memory controller, and the file system then transfers the firmware version from the reserved area or the non-volatile memory controller The firmware version of the security chip is read back.

根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該單一指令週期之單一指令為該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第五特殊地址寫入一第二特定資料的寫入命令,該第五特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第五特殊地址時,將驅動該安全晶片對該第二特定資料進行加密後將加密資料傳回該該非揮發性記憶體控制器,而該韌體再將該加密資料寫入該保留區中或是暫存於該非揮發性記憶體控制器中,而該檔案系統再從該保留區中或是該非揮發性記憶體控制器中將加密資料讀回。 According to the above idea, in the memory card device with information security described in this case, the single command of the single command cycle is that a file system in the host computer writes a fifth special address to the non-volatile memory controller. The write command of the second specific data, the fifth special address is located in a reserved area in the non-volatile memory device, when a firmware in the non-volatile memory controller recognizes the fifth special address, Drive the security chip to encrypt the second specific data and then send the encrypted data back to the non-volatile memory controller, and the firmware writes the encrypted data into the reserved area or temporarily stores it in the non-volatile memory controller In the volatile memory controller, the file system reads back the encrypted data from the reserved area or the non-volatile memory controller.

根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該單一指令週期之單一指令為對一特殊地址之資料存取命令。 According to the above idea, in the memory card device with information security described in this case, the single command of the single command cycle is a data access command to a special address.

根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該特殊地址的形式是一個預設的多位元數字。 According to the above idea, in the memory card device with information security described in this case, the form of the special address is a preset multi-digit number.

根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該特殊地址是動態地從符合一特定公式的多個多位元數字中擇一。 According to the above idea, in the memory card device with information security described in this case, the special address is dynamically selected from a plurality of multi-digit numbers conforming to a specific formula.

本案之另一方面係為一種晶片控制方法,應用於一主機與一具資訊安全之記憶卡裝置之間,該具資訊安全之記憶卡裝置包含有一非揮發性記憶體裝置、一安全晶片以及一非揮發性記憶體控制器,該控制方法包含下列步驟:該主機發出一單一指令週期之單一指令至該非揮發性記憶體控制器;以及該非揮發性記憶體控制器因應該單一指令週期之單一指令而與該安全晶片進行互動。 Another aspect of this case is a chip control method applied between a host and a memory card device with information security. The memory card device with information security includes a non-volatile memory device, a security chip and a For a non-volatile memory controller, the control method includes the following steps: the host sends a single command of a single command cycle to the non-volatile memory controller; and the non-volatile memory controller responds to the single command of the single command cycle and interact with the security chip.

根據上述構想,本案所述之晶片控制方法,其中該單一指令週期之單一指令為該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第一特殊地址的一寫入命令,該第一特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第一特殊地址時,將設定該安全晶片之加密模式。 According to the above idea, the chip control method described in this case, wherein the single command of the single command cycle is a file system in the host computer performing a write command to a first special address for the non-volatile memory controller, the The first special address is located in a reserved area in the non-volatile memory device. When a firmware in the non-volatile memory controller recognizes the first special address, it will set the encryption mode of the security chip.

根據上述構想,本案所述之晶片控制方法,其中該安全晶片具有複數種加密模式,該第一特殊地址的寫入命令係用將該安全晶片設定成一第一加密模式,而一第二特殊地址的寫入命令則將該安全晶片設定成一第二加密模式。 According to the above idea, the chip control method described in this case, wherein the security chip has a plurality of encryption modes, the write command of the first special address is used to set the security chip to a first encryption mode, and a second special address The write command then sets the security chip to a second encryption mode.

根據上述構想,本案所述之晶片控制方法,其中該單一指令週期之單一指令為該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第三特殊地址寫入一第一特定資料的寫入命令,該第三特殊地址係位於該非揮發性記 憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第三特殊地址時,將改寫該安全晶片之一組參數,而該第一特定資料的內容便是要改寫的參數值。 According to the above idea, the chip control method described in this case, wherein the single command of the single command cycle is a file system in the host computer to write a first specific data to a third special address for the non-volatile memory controller write command, the third special address is located in the non-volatile memory In the range of a reserved area in the memory device, when a firmware in the non-volatile memory controller recognizes the third special address, it will rewrite a set of parameters of the security chip, and the content of the first specific data will be is the parameter value to be overwritten.

根據上述構想,本案所述之晶片控制方法,其中該單一指令週期之單一指令為該主機中之一檔案系統來對該非揮發性記憶體控制器進行對一第四特殊地址的寫入命令,該第四特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第四特殊地址時,將用以從該安全晶片中讀取該安全晶片的特定資訊。 According to the above idea, the chip control method described in this case, wherein the single command of the single command cycle is a file system in the host to perform a write command to a fourth special address for the non-volatile memory controller, the The fourth special address is located in the range of a reserved area in the non-volatile memory device. When a firmware in the non-volatile memory controller recognizes the fourth special address, it will be used to read from the security chip Information specific to the security chip.

根據上述構想,本案所述之晶片控制方法,其中該安全晶片的特定資訊是韌體版本,該安全晶片將該安全晶片的韌體版本傳回該非揮發性記憶體控制器,而該韌體再將該安全晶片的韌體版本寫入該保留區中,而檔案系統再從該保留區中將該安全晶片的韌體版本讀回。 According to the above idea, the chip control method described in this case, wherein the specific information of the security chip is a firmware version, the security chip sends the firmware version of the security chip back to the non-volatile memory controller, and the firmware is then The firmware version of the security chip is written into the reserved area, and the file system reads back the firmware version of the security chip from the reserved area.

根據上述構想,本案所述之晶片控制方法,其中該單一指令週期之單一指令為該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第五特殊地址寫入一第二特定資料的寫入命令,該第五特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第五特殊地址時,將驅動該安全晶片對該第二特定資料進行加密後將加密資料傳回該該非揮發性記憶體控制器,而該韌體再將該加密資料寫入該保留區中,而該檔案系統再從該保留區中將加密資料讀回。 According to the above idea, the chip control method described in this case, wherein the single command of the single command cycle is a file system in the host computer to write a second specific data to a fifth special address for the non-volatile memory controller write command, the fifth special address is located in a reserved area in the non-volatile memory device, when a firmware in the non-volatile memory controller recognizes the fifth special address, it will drive the security After the chip encrypts the second specific data, the encrypted data is sent back to the non-volatile memory controller, and the firmware writes the encrypted data into the reserved area, and the file system reads the encrypted data from the reserved area Read encrypted data back.

根據上述構想,本案所述之晶片控制方法,其中該單一指令週期之單一指令為對一特殊地址之資料存取命令。 According to the above idea, the chip control method described in this case, wherein the single command of the single command cycle is a data access command to a special address.

根據上述構想,本案所述之晶片控制方法,其中該特殊地址的形式是一個預設的多位元數字。 According to the above idea, in the chip control method described in this case, the form of the special address is a preset multi-digit number.

根據上述構想,本案所述之晶片控制方法,其中該特殊地址是動態地從符合一特定公式的多個多位元數字中擇一。 According to the above idea, the chip control method described in this case, wherein the special address is dynamically selected from a plurality of multi-bit numbers conforming to a specific formula.

為了能對本發明之上述構想有更清楚的理解,下文特舉出多個實施例,並配合對應圖式詳細說明如下。 In order to have a clearer understanding of the above-mentioned idea of the present invention, a number of embodiments are specifically cited below, and detailed descriptions are given below with corresponding drawings.

11:記憶卡 11: memory card

119:安全晶片 119: security chip

10:主機 10: Host

100:應用程式 100: Apps

101:檔案系統 101: File System

110:快閃記憶體控制器 110: Flash memory controller

102:預設特殊組合 102:Preset special combination

103:供應商命令管道 103:Vendor Command Pipeline

111:快閃記憶體 111: Flash memory

21:記憶卡裝置 21:Memory card device

20:主機 20: Host

210:非揮發性記憶體裝置 210: Non-volatile memory device

211:安全晶片 211: Security chip

212:非揮發性記憶體控制器 212: Non-volatile memory controller

2120:韌體 2120:Firmware

201:應用程式 201: Application

202:檔案系統 202: File system

2100:保留區 2100: reserved area

2101:正規資料儲存區 2101: formal data storage area

圖1,其係習知具有資安功能的記憶卡的功能方塊示意圖。 FIG. 1 is a functional block schematic diagram of a conventional memory card with an information security function.

圖2,其係本案發展出來具加密功能之記憶卡裝置的功能方塊示意圖。 Fig. 2, it is the functional block schematic diagram of the memory card device with encryption function developed in this case.

圖3a、3b、3c,其係本案所提出關於加密相關程序之第一實施例的功能方塊示意圖以及流程時序示意圖。 3a, 3b, and 3c are functional block schematic diagrams and flowchart timing diagrams of the first embodiment of the encryption-related program proposed in this case.

圖4a、4b、4c,其係本案所提出關於加密相關程序之第二實施例的功能方塊示意圖以及流程時序示意圖。 4a, 4b, and 4c are functional block schematic diagrams and flowchart timing diagrams of the second embodiment of the encryption-related program proposed in this case.

圖5a、5b、5c,其係本案所提出關於加密相關程序之第三實施例的功能方塊示意圖以及流程時序示意圖。 5a, 5b, and 5c are functional block schematic diagrams and flowchart timing diagrams of the third embodiment of encryption-related programs proposed in this case.

圖6a、6b、6c,其係本案所提出關於加密相關程序之第四實施例的功能方塊示意圖以及流程時序示意圖。 6a, 6b, and 6c are functional block schematic diagrams and flowchart timing diagrams of the fourth embodiment of encryption-related programs proposed in this case.

圖7,其係本案所提出關於加密相關程序之又一流程時序示意圖。 Fig. 7 is a schematic diagram of another flow sequence of encryption-related procedures proposed in this case.

圖8,其係本案所提出關於加密相關程序之再一流程時序示意圖。 Fig. 8 is a schematic diagram of another flow sequence of encryption-related procedures proposed in this case.

本案為改善上述習知手段的缺失,係發展如圖2所示之具資訊安全之記憶卡裝置的功能方塊示意圖,該具資訊安全之記憶卡裝置21係與一主機20完成信號連接(例如是金屬接腳的有線信號連接方式或是藍牙或無線網路等的無線信號連接方式)。而其記憶卡裝置21主要包含有非揮發性記憶體裝置210、安全晶片211以及非揮發性記憶體控制器212,其中非揮發性記憶體裝置210係用以儲存資料,該安全晶片211則可以是一顆通過CC EAL5+認證的安全晶片(例如是英飛凌生產的安全晶片),其用以提供密碼服務、金鑰管理、儲存資料等功能。至於非揮發性記憶體控制器212則信號連接至該主機20、該非揮發性記憶體裝置210以及該安全晶片211,本案所發展出來之非揮發性記憶體控制器212可因應一安全晶片控制指令而與該安全晶片211進行互動,該安全晶片控制指令可以是一單一指令週期之單一指令。以本實施例來說,該非揮發性記憶體控制器212中係設置有一韌體2120來因應該單一指令週期之單一指令而來觸發該安全晶片211來進行加密相關程序。 In order to improve the deficiency of the above-mentioned known means, this case is to develop a functional block schematic diagram of a memory card device with information security as shown in Figure 2. The memory card device 21 with information security is connected with a host 20 to complete the signal connection (such as Wired signal connection method with metal pins or wireless signal connection method such as Bluetooth or wireless network). And its memory card device 21 mainly comprises non-volatile memory device 210, security chip 211 and non-volatile memory controller 212, and wherein non-volatile memory device 210 is used for storing data, and this security chip 211 can then be It is a security chip certified by CC EAL5+ (for example, a security chip produced by Infineon), which is used to provide functions such as password service, key management, and data storage. As for the non-volatile memory controller 212, the signals are connected to the host computer 20, the non-volatile memory device 210 and the security chip 211. The non-volatile memory controller 212 developed in this case can respond to a security chip control command To interact with the security chip 211, the security chip control command can be a single command in a single command cycle. In this embodiment, the non-volatile memory controller 212 is provided with a firmware 2120 to trigger the security chip 211 to perform encryption-related procedures in response to a single command in a single command cycle.

詳言之,當主機20中之應用程式201需要進行各種與該安全晶片211進行互動的程序時,該應用程式201便先命令檔案系統(file system)202來對非揮發性記憶體控制器212進行一特殊地址的寫入命令(Write Command),此命令即為上述之安全晶片控制指令中之一,亦為單一指令週期之單一指令。上述之特殊地址的形式可以是一個預設的多位元數字,而該特殊地址係指向如圖中所示之該非揮發性記憶體裝置210中的某一塊保留區2100。而該非揮發性記憶體控制器212中之韌體2120,係被設定成具有可辨識出該特殊地址的位址解碼功能。因此當該特殊地址的寫入命令(Write Command)經韌體2120解碼而辨識出該特殊地址時,韌體2120便可與該安全晶片211進行互動,例如觸發該安全晶片211來進行加密相 關程序。另外,該非揮發性記憶體控制器212更可因應該主機20之檔案系統(file system)202所發出之一非安全晶片控制指令而與該非揮發性記憶體裝置210進行互動但不會與該安全晶片211進行互動,且該非安全晶片控制指令中包含有與該安全晶片無關之一正規地址,該正規地址與該第一特殊地址不相同。換言之,檔案系統(file system)202可對非揮發性記憶體控制器212進行該正規(normal)地址(即不屬於特殊地址的其他地址)的另一指令寫入命令(Write Command),而該正規地址與該第一特殊地址互不重疊,因此上述之正規地址係指向如圖中所示之該非揮發性記憶體裝置210中的一塊正規資料儲存區2101(即不與保留區2100重疊之另一資料儲存區)時,該非揮發性記憶體控制器212直接與該非揮發性記憶體裝置210進行互動但不與該安全晶片211進行互動,例如可以直接對該非揮發性記憶體裝置210中的該正規資料儲存區2101進行資料讀寫。以下再就與該安全晶片211進行互動的多種實施例來進行說明。 Specifically, when the application program 201 in the host computer 20 needs to perform various programs interacting with the security chip 211, the application program 201 first commands the file system (file system) 202 to execute the non-volatile memory controller 212 Perform a write command (Write Command) of a special address. This command is one of the above-mentioned security chip control commands, and it is also a single command in a single command cycle. The form of the above-mentioned special address can be a preset multi-bit number, and the special address points to a certain reserved area 2100 in the non-volatile memory device 210 as shown in the figure. The firmware 2120 in the non-volatile memory controller 212 is set to have an address decoding function that can recognize the special address. Therefore, when the write command (Write Command) of the special address is decoded by the firmware 2120 to identify the special address, the firmware 2120 can interact with the security chip 211, such as triggering the security chip 211 to perform encryption. close the program. In addition, the non-volatile memory controller 212 can interact with the non-volatile memory device 210 in response to a non-secure chip control command issued by the file system (file system) 202 of the host 20 but will not interact with the secure chip. Chip 211 interacts, and the non-secure chip control command includes a regular address that is not related to the secure chip, and the regular address is different from the first special address. In other words, the file system (file system) 202 can perform another instruction write command (Write Command) of the regular (normal) address (that is, other addresses that are not special addresses) to the non-volatile memory controller 212, and the The normal address and the first special address do not overlap each other, so the above-mentioned normal address refers to a regular data storage area 2101 in the non-volatile memory device 210 as shown in the figure (that is, another area that does not overlap with the reserved area 2100) a data storage area), the non-volatile memory controller 212 directly interacts with the non-volatile memory device 210 but does not interact with the security chip 211, for example, it can directly interact with the non-volatile memory device 210 The regular data storage area 2101 performs data reading and writing. Various embodiments for interacting with the security chip 211 will be described below.

請先參見圖3a,其係本案所提出關於與該安全晶片211進行互動的相關程序之第一實施例的功能方塊示意圖,其主要是檔案系統(file system)202來對非揮發性記憶體控制器212進行如箭頭C1所示之一第一特殊地址的寫入命令(Write Command),此命令為沒有寫入資料之單一指令週期之單一指令,該第一特殊地址係位於保留區2100之範圍中。而該非揮發性記憶體控制器212中之韌體2120辨識出該第一特殊地址時,將發出如箭頭C2所示之命令,用以設定該安全晶片211之加密模式。舉例來說,安全晶片211可具有複數種加密模式,而該第一特殊地址的寫入命令係用將該安全晶片211設定成第一加密模式(例如AES-256-CBC)。同理,若發出的是沒有寫入資料之第二特殊地址的寫入命令(Write Command),則可以將該安全晶片211設定成第二加密模式(例如AES-256-CTR)。 Please refer to FIG. 3a first, which is a functional block diagram of the first embodiment of the relevant program for interacting with the security chip 211 proposed in this case. It is mainly a file system (file system) 202 to control the non-volatile memory. The device 212 performs a write command (Write Command) of a first special address as shown by arrow C1. This command is a single command of a single command cycle without writing data. The first special address is located in the range of the reserved area 2100 middle. When the firmware 2120 in the non-volatile memory controller 212 recognizes the first special address, it will issue a command as shown by arrow C2 to set the encryption mode of the security chip 211 . For example, the security chip 211 may have multiple encryption modes, and the write command of the first special address is used to set the security chip 211 to the first encryption mode (such as AES-256-CBC). Similarly, if the write command (Write Command) of the second special address without writing data is issued, the security chip 211 can be set to the second encryption mode (such as AES-256-CTR).

接著參見圖3b,其係對應圖3a之流程時序示意圖,其清楚表示出關於與該安全晶片211進行互動的相關程序之第一實施例的命令傳送與執行的細節與順序,首先,主機20發出寫入命令(Write Command)至非揮發性記憶體控制器212,非揮發性記憶體控制器212因應該寫入命令而對安全晶片211進行加密模式設定,設定成功後安全晶片211將對非揮發性記憶體控制器212發出圖中虛線所示之設定完成之信號,而非揮發性記憶體控制器212可再因應該設定完成之信號而於非揮發性記憶體裝置210中寫入代表加密模式設定成功的結果的代碼,並回復該主機20一個寫入完成的信號。 Then referring to FIG. 3b, it is a schematic diagram of the flow sequence corresponding to FIG. 3a, which clearly shows the details and sequence of the command transmission and execution of the first embodiment of the relevant program interacting with the security chip 211. At first, the host computer 20 issues Write a command (Write Command) to the non-volatile memory controller 212, and the non-volatile memory controller 212 will set the encryption mode of the security chip 211 in response to the write command. After the setting is successful, the security chip 211 will encrypt the non-volatile memory. The non-volatile memory controller 212 sends out the signal that the setting shown by the dotted line in the figure is completed, and the non-volatile memory controller 212 can write the representative encryption mode in the non-volatile memory device 210 in response to the signal that the setting is completed Set the code of the successful result, and reply the main frame 20 with a write-in completion signal.

當然,也可以如圖3c所示的,省去”在非揮發性記憶體裝置210中寫入加密模式設定成功的結果記錄的寫入動作”的步驟,而是在設定成功後讓安全晶片211發出之設定完成信號直接送至主機20,藉此避免非揮發性記憶體裝置210的過度使用而縮短壽命。 Of course, as shown in FIG. 3c, the step of “writing the result record of successful encryption mode setting in the non-volatile memory device 210” can also be omitted, but the security chip 211 can be set after the setting is successful. The setting completion signal sent out is directly sent to the host 20, so as to prevent the non-volatile memory device 210 from being overused and shortening its lifespan.

圖4a其係本案所提出關於與該安全晶片211進行互動的相關程序之第二實施例的功能方塊示意圖,其主要是檔案系統(file system)202來對非揮發性記憶體控制器212進行如箭頭D1所示,對第三特殊地址寫入一第一特定資料的寫入命令(Write Command),此命令亦為單一指令週期之單一指令,該第三特殊地址係位於保留區2100之範圍中。而該非揮發性記憶體控制器212中之韌體2120辨識出該第三特殊地址時,將發出如箭頭D2所示之命令,將用以改寫該安全晶片211之一組參數,而該第一特定資料的內容便是要改寫的參數值。舉例來說,安全晶片211中具有一組參數,例如是一初始向量(initialization vector)值IV,而此D2命令則可用以設定AES-256-CBC中所使用之IV值。透過此類寫入命令便可達到改寫該安全晶片211中參數的目的。 FIG. 4a is a schematic functional block diagram of the second embodiment of the relevant program for interacting with the security chip 211 proposed in this case. It is mainly a file system (file system) 202 to perform such operations on the non-volatile memory controller 212. As shown by the arrow D1, write a write command (Write Command) of a first specific data to the third special address, this command is also a single command of a single command cycle, and the third special address is located in the range of the reserved area 2100 . And when the firmware 2120 in the non-volatile memory controller 212 recognizes the 3rd special address, it will issue the command shown in the arrow D2, which will be used to rewrite a group of parameters of the security chip 211, and the first The content of the specified data is the parameter value to be overwritten. For example, there is a set of parameters in the security chip 211, such as an initialization vector value IV, and the D2 command can be used to set the IV value used in AES-256-CBC. The purpose of rewriting the parameters in the security chip 211 can be achieved through such write commands.

接著參見圖4b,其係對應圖4a之流程時序示意圖,其清楚表示出關於與該安全晶片211進行互動的相關程序之第二實施例的命令傳送與執行的細節與順序,首先,主機20發出帶有特定資料的寫入命令至非揮發性記憶體控制器212,非揮發性記憶體控制器212因應該寫入命令以及特定資料而對安全晶片211進行參數改寫,改寫成功後安全晶片211將對非揮發性記憶體控制器212發出圖中虛線所示之改寫完成之信號,而非揮發性記憶體控制器212再因應該改寫完成之信號而於非揮發性記憶體裝置210中寫入代表參數改寫成功的結果的代碼,並回復該主機20一個寫入完成的信號。當然,也可以如圖4c所示的,省去”在非揮發性記憶體裝置210中寫入代表參數改寫成功的結果的代碼”的步驟,而是在參數改寫成功後讓安全晶片211發出之改寫完成信號直接送至主機20,藉此避免非揮發性記憶體裝置210的過度使用而縮短壽命。 Then referring to Fig. 4b, it is a flow sequence schematic diagram corresponding to Fig. 4a, which clearly shows the details and sequence of the command transmission and execution of the second embodiment of the relevant program interacting with the security chip 211, at first, the host computer 20 issues A write command with specific data is sent to the non-volatile memory controller 212, and the non-volatile memory controller 212 rewrites the parameters of the security chip 211 in response to the write command and the specific data. After the rewrite is successful, the security chip 211 will Send the non-volatile memory controller 212 a signal of completion of rewriting shown by the dotted line in the figure, and the non-volatile memory controller 212 writes a representative in the non-volatile memory device 210 in response to the signal of completion of rewriting. The parameter rewrites the code of the successful result, and replies to the host computer 20 with a signal of completion of writing. Of course, as shown in FIG. 4c, the step of "writing the code representing the result of parameter rewriting success in the non-volatile memory device 210" can also be omitted, but the security chip 211 sends out the code after the parameter rewriting is successful. The rewriting completion signal is directly sent to the host 20, thereby avoiding the overuse of the non-volatile memory device 210 and shortening its lifespan.

再參見圖5a,其係本案所提出關於與該安全晶片211進行互動的相關程序之第三實施例的功能方塊示意圖,其主要是檔案系統(file system)202來對非揮發性記憶體控制器212進行如箭頭E1所示,沒有寫入資料之第四特殊地址的寫入命令(Write Command),此命令亦為單一指令週期之單一指令,該第四特殊地址係位於保留區2100之範圍中。而該非揮發性記憶體控制器212中之韌體2120辨識出該第四特殊地址時,用以從該安全晶片211中讀取該安全晶片211的特定資訊(例如是韌體版本),透過此類寫入命令便可達到獲取該安全晶片211中特定資訊的目的。舉例來說,該安全晶片211將該安全晶片211的韌體版本傳回該非揮發性記憶體控制器212(如箭頭E2所示),而韌體2120再將安全晶片211的韌體版本寫入該保留區2100中(如箭頭E3所示),而檔案系統(file system)202可以再從保留區 2100中將安全晶片211的韌體版本讀回(如箭頭E4所示)。透過此類寫入命令便可達到將安全晶片211的韌體版本讀回的目的。 Referring to Fig. 5a again, it is a schematic functional block diagram of the third embodiment of the relevant program for interacting with the security chip 211 proposed in this case, and it is mainly a file system (file system) 202 to the non-volatile memory controller 212, as shown by arrow E1, the write command (Write Command) of the fourth special address without writing data, this command is also a single command of a single instruction cycle, and the fourth special address is located in the range of the reserved area 2100 . When the firmware 2120 in the non-volatile memory controller 212 recognizes the fourth special address, it is used to read the specific information (such as firmware version) of the security chip 211 from the security chip 211, through which The write-like command can achieve the purpose of obtaining specific information in the security chip 211 . For example, the security chip 211 sends the firmware version of the security chip 211 back to the non-volatile memory controller 212 (as shown by arrow E2), and the firmware 2120 writes the firmware version of the security chip 211 In the reserved area 2100 (as shown by the arrow E3), the file system (file system) 202 can be retrieved from the reserved area In 2100, the firmware version of the security chip 211 is read back (as shown by arrow E4). The purpose of reading back the firmware version of the security chip 211 can be achieved through such write commands.

接著參見圖5b,其係對應圖5a之流程時序示意圖,其清楚表示出關於與該安全晶片211進行互動的相關程序之第三實施例的命令傳送與執行的細節與順序,首先,主機20發出寫入命令至非揮發性記憶體控制器212,非揮發性記憶體控制器212因應該寫入命令而對安全晶片211進行特定資訊(例如是韌體版本)的讀取,讀取成功後安全晶片211將對非揮發性記憶體控制器212發出圖中虛線所示之讀取完成之信號,而非揮發性記憶體控制器212再因應該讀取完成之信號而於非揮發性記憶體裝置210中寫入讀取到之特定資訊(例如是韌體版本),並回復該主機20一個寫入完成的信號。該主機20因應寫入完成的信號而發出讀取結果命令至非揮發性記憶體控制器212,非揮發性記憶體控制器212到非揮發性記憶體裝置210中讀取該特定資訊(例如是韌體版本),並將該特定資訊(例如是韌體版本)傳送至主機20。 Then referring to FIG. 5b, it is a schematic diagram of the flow sequence corresponding to FIG. 5a, which clearly shows the details and sequence of the command transmission and execution of the third embodiment of the relevant program interacting with the security chip 211. At first, the host computer 20 issues Write the command to the non-volatile memory controller 212, and the non-volatile memory controller 212 reads the specific information (such as the firmware version) from the security chip 211 in response to the write command. After the read is successful, the security The chip 211 will send the non-volatile memory controller 212 the read completion signal shown in the dotted line in the figure, and the non-volatile memory controller 212 will send a signal to the non-volatile memory device in response to the read completion signal. In 210, write the read specific information (for example, firmware version), and reply the host computer 20 with a signal of completion of writing. The host computer 20 sends a read result command to the non-volatile memory controller 212 in response to the write completion signal, and the non-volatile memory controller 212 reads the specific information (for example, firmware version), and send the specific information (such as firmware version) to the host 20.

當然,也可以如圖5c所示之方式,選擇不進行”於非揮發性記憶體裝置210中寫入讀取到之特定資訊(例如是韌體版本)”的步驟,而是將讀取到之特定資訊(例如是韌體版本)暫存於非揮發性記憶體控制器212的記憶體中,並回復該主機20一個寫入完成的信號,再由檔案系統(file system)202發出一進行讀取結果(韌體版本)命令,其內容為一特殊地址的讀取命令,該特殊地址係位於保留區2100之範圍中,而該非揮發性記憶體控制器212中之韌體2120辨識出該特殊地址時,便可將暫存於非揮發性記憶體控制器212的記憶體中資料(例如是韌體版本)傳回至主機,藉此避免非揮發性記憶體裝置210的過度使用而縮短壽命。 Of course, it is also possible to choose not to perform the step of "writing the read specific information (for example, firmware version) in the non-volatile memory device 210" as shown in Figure 5c, but to read the read The specific information (for example, the firmware version) is temporarily stored in the memory of the non-volatile memory controller 212, and a write completion signal is returned to the host computer 20, and then the file system (file system) 202 sends a message to carry out Read result (firmware version) command, its content is a read command of a special address, the special address is located in the range of the reserved area 2100, and the firmware 2120 in the non-volatile memory controller 212 recognizes the When a special address is used, the data temporarily stored in the memory of the non-volatile memory controller 212 (such as a firmware version) can be sent back to the host, thereby avoiding the excessive use of the non-volatile memory device 210 and shortening life.

至於圖6a,其係本案所提出關於與該安全晶片211進行互動的相關程序之第四實施例的功能方塊示意圖,其主要是檔案系統(file system)202來對非揮發性記憶體控制器212進行如箭頭F1所示,對第五特殊地址寫入一第二特定資料的寫入命令(Write Command),此命令亦為單一指令週期之單一指令,該第五特殊地址係位於保留區2100之範圍中。而該非揮發性記憶體控制器212中之韌體2120辨識出該第五特殊地址時,將驅動該安全晶片211對該第二特定資料進行加密。舉例來說,該安全晶片211對該第二特定資料進行加密後將加密資料傳回該該非揮發性記憶體控制器212(如箭頭F2所示),而韌體2120再將加密資料寫入該保留區2100中(如箭頭F3所示),而檔案系統(file system)202再從保留區2100中將加密資料讀回(如箭頭F4所示),透過此類寫入命令便可達到將特定資料進行加密而讀回加密資料的目的。 As for Fig. 6a, it is a functional block schematic diagram of the fourth embodiment of the relevant program for interacting with the security chip 211 proposed in this case, which is mainly a file system (file system) 202 to control the non-volatile memory controller 212 As shown by arrow F1, write a write command (Write Command) of a second specific data to the fifth special address. This command is also a single command of a single command cycle. The fifth special address is located in the reserved area 2100 in range. When the firmware 2120 in the non-volatile memory controller 212 recognizes the fifth special address, it will drive the security chip 211 to encrypt the second specific data. For example, the security chip 211 encrypts the second specific data and sends the encrypted data back to the non-volatile memory controller 212 (as shown by arrow F2), and the firmware 2120 writes the encrypted data into the In the reserved area 2100 (as shown by arrow F3), and the file system (file system) 202 reads back the encrypted data from the reserved area 2100 (as shown by arrow F4), through this type of write command, the specified The purpose of encrypting data and reading back encrypted data.

接著參見圖6b,其係對應圖6a之流程時序示意圖,其清楚表示出關於與該安全晶片211進行互動的相關程序之第四實施例的命令傳送與執行的細節與順序,首先,主機20發出帶有待加密資料的寫入命令至非揮發性記憶體控制器212,非揮發性記憶體控制器212因應該寫入命令而將待加密資料送入安全晶片211進行資料加密,加密成功後安全晶片211將對非揮發性記憶體控制器212發出圖中虛線所示之加密完成之信號,而非揮發性記憶體控制器212再因應該加密完成之信號而於非揮發性記憶體裝置210中寫入加密資料,並回復該主機20一個寫入完成的信號。該主機20因應寫入完成的信號而發出讀取加結果命令至非揮發性記憶體控制器212,非揮發性記憶體控制器212到非揮發性記憶體裝置210中讀取該加密資料,並將該加密資料傳送至主機20。 Then referring to FIG. 6b, it is a schematic diagram of the flow sequence corresponding to FIG. 6a, which clearly shows the details and sequence of the command transmission and execution of the fourth embodiment of the relevant program interacting with the security chip 211. At first, the host computer 20 issues The write command with the data to be encrypted is sent to the non-volatile memory controller 212, and the non-volatile memory controller 212 sends the data to be encrypted to the security chip 211 for data encryption in response to the write command. After the encryption is successful, the security chip 211 will send the non-volatile memory controller 212 the encryption completion signal shown in the dotted line in the figure, and the non-volatile memory controller 212 will write in the non-volatile memory device 210 in response to the encryption completion signal. Enter the encrypted data, and reply the host computer 20 with a write-in completion signal. The host computer 20 sends a read and add result command to the non-volatile memory controller 212 in response to the write completion signal, and the non-volatile memory controller 212 reads the encrypted data from the non-volatile memory device 210, and The encrypted data is sent to the host 20 .

當然,也可以如圖6c所示之流程圖,選擇不進行”非揮發性記憶體控制器212將加密資料寫入該非揮發性記憶體裝置210中”的步驟,而是將加密資料暫存於非揮發性記憶體控制器212的記憶體中,並回復該主機20一個寫入完成的信號,再由檔案系統(file system)202發出一進行讀取結果(加密資料)命令,其內容為一特殊地址的讀取命令,該特殊地址係位於保留區2100之範圍中,而該非揮發性記憶體控制器212中之韌體2120辨識出該特殊地址時,便可將暫存於非揮發性記憶體控制器212的記憶體中加密資料回傳至主機,藉此避免非揮發性記憶體裝置210的過度使用而縮短壽命。 Of course, it is also possible to choose not to perform the step of "the non-volatile memory controller 212 writes the encrypted data into the non-volatile memory device 210" as shown in the flow chart in Figure 6c, but to temporarily store the encrypted data in In the memory of the non-volatile memory controller 212, and reply the signal that this host computer 20 writes to finish, send out a read result (encrypted data) order by the file system (file system) 202 again, its content is a A read command of a special address, the special address is located in the range of the reserved area 2100, and when the firmware 2120 in the non-volatile memory controller 212 recognizes the special address, it can be temporarily stored in the non-volatile memory The encrypted data in the memory of the memory controller 212 is sent back to the host, so as to prevent the non-volatile memory device 210 from being overused and shortening its lifespan.

另外,如圖7所示之流程時序示意圖,本案所運用的單一指令週期之單一指令,除了上述之特殊地址之特定資料的寫入命令外,當然還可以選用如圖中所示之特殊地址之資料讀取命令。首先,主機20發出一帶有特殊地址之資料讀取命令至非揮發性記憶體控制器212,非揮發性記憶體控制器212的韌體2120可以辨識出該特殊地址,進而因應該資料讀取命令之觸發來對安全晶片211進行特定資訊(例如是韌體版本)的讀取,讀取成功後安全晶片211將對非揮發性記憶體控制器212發出圖中虛線所示之特定資訊讀取完成之信號,而非揮發性記憶體控制器212再因應該讀取完成之信號而於非揮發性記憶體裝置210中寫入讀取到之特定資訊(例如是韌體版本),並回復該主機20一個資料讀取命令完成的信號。當然,單一指令週期之單一指令也可以是其他類似的資料存取命令,在此就不再贅述。 In addition, as shown in the schematic diagram of the flow sequence in Figure 7, the single command of a single command cycle used in this case, in addition to the above-mentioned command to write specific data at a special address, of course, the special address shown in the figure can also be selected. Data read command. First, the host 20 sends a data read command with a special address to the non-volatile memory controller 212, and the firmware 2120 of the non-volatile memory controller 212 can recognize the special address, and then respond to the data read command trigger to read specific information (such as firmware version) on the security chip 211, after the read is successful, the security chip 211 will send the non-volatile memory controller 212 to the non-volatile memory controller 212 to read the specific information shown by the dotted line in the figure. The non-volatile memory controller 212 then writes the read specific information (such as firmware version) in the non-volatile memory device 210 in response to the signal that the read should be completed, and replies to the host 20 A data read command completion signal. Certainly, the single command of a single command cycle may also be other similar data access commands, which will not be repeated here.

再請參見圖8之流程時序示意圖,其內容是與圖5c之類似的與該安全晶片211進行互動的相關程序,首先,主機20發出一具有一特殊動態地址的寫入命令至非揮發性記憶體控制器212,該特殊動態地址可以是動態地從符合一特 定公式的多個多位元數字中擇一,主要是可以讓韌體2120能快速辨識且具有獨特性即可。非揮發性記憶體控制器212因應符合該特定公式之該特殊動態地址的該寫入命令的觸發,便可對安全晶片211進行特定資訊(例如是韌體版本)的讀取,讀取成功後安全晶片211將對非揮發性記憶體控制器212發出圖中虛線所示之讀取完成之信號,讀取到之特定資訊(例如是韌體版本)暫存於非揮發性記憶體控制器212的記憶體中,並回復該主機20一個寫入完成的信號,然後再由檔案系統(file system)202發出一進行讀取結果(韌體版本)命令,其內容為一特殊地址的讀取命令,該特殊地址係位於保留區2100之範圍中,而該非揮發性記憶體控制器212中之韌體2120辨識出該特殊地址時,便可將暫存於非揮發性記憶體控制器212的記憶體中資料(例如是韌體版本)傳回至主機,藉此避免非揮發性記憶體裝置210的過度使用而縮短壽命。 Referring again to the schematic diagram of the flow sequence of Figure 8, its content is similar to that of Figure 5c and the relevant program for interacting with the security chip 211, first, the host 20 sends a write command with a special dynamic address to the non-volatile memory Body controller 212, the special dynamic address can be dynamically from a specific Choose one of multiple multi-digit numbers in the formula, mainly to allow the firmware 2120 to be quickly identified and unique. The non-volatile memory controller 212 can read specific information (for example, firmware version) from the security chip 211 in response to the trigger of the write command of the special dynamic address that conforms to the specific formula. After the read is successful The security chip 211 will send a signal to the non-volatile memory controller 212 that the reading is completed as shown by the dotted line in the figure, and the read specific information (such as a firmware version) is temporarily stored in the non-volatile memory controller 212 In the memory of the host computer 20, and reply a write-in completion signal to the host computer 20, then the file system (file system) 202 sends a command to read the result (firmware version), the content of which is a read command of a special address , the special address is located in the range of the reserved area 2100, and when the firmware 2120 in the non-volatile memory controller 212 recognizes the special address, the memory temporarily stored in the non-volatile memory controller 212 can be The data in the body (for example, the firmware version) is sent back to the host, so as to prevent the non-volatile memory device 210 from being overused and shortening its lifespan.

本案的非揮發性記憶體210可以是快閃記憶體(Flash memory)或是其他類似的記憶體,而非揮發性記憶體控制器212便可以是快閃記憶體控制器(Flash memory controller)。而非揮發性記憶體控制器212中之韌體2120與安全晶片211間可以是以序列周邊介面協定(SPI Protocol)等全雙工的通訊匯流排來進行通訊。全雙工通訊代表資料流為雙向,可以在傳送資料的同時也接收資料。因此也較傳統的ISO-7816的智慧卡通訊協定有更快的傳輸速度。 The non-volatile memory 210 in this case may be a flash memory or other similar memories, and the non-volatile memory controller 212 may be a flash memory controller. The firmware 2120 in the non-volatile memory controller 212 can communicate with the security chip 211 through a full-duplex communication bus such as SPI Protocol. Full-duplex communication means that the data flow is bidirectional, and data can be received while transmitting data. Therefore, it also has a faster transmission speed than the traditional ISO-7816 smart card communication protocol.

綜上所述,雖然本發明以實施例揭露如上,但並非用以限定本發明。本發明所屬技術領域中具有通常知識者,在不脫離本發明之技術精神和範圍內,當可作各種之更動與潤飾。因此,本發明之保護範圍當視後附之申請專利範圍請求項所界定者為準。 To sum up, although the present invention is disclosed above with the embodiments, it is not intended to limit the present invention. Those with ordinary knowledge in the technical field of the present invention can make various changes and modifications without departing from the technical spirit and scope of the present invention. Therefore, the scope of protection of the present invention should be defined by the appended patent claims.

20:主機 20: Host

21:記憶卡裝置 21:Memory card device

210:非揮發性記憶體裝置 210: Non-volatile memory device

211:安全晶片 211: Security chip

212:非揮發性記憶體控制器 212: Non-volatile memory controller

2120:韌體 2120:Firmware

201:應用程式 201: Application

202:檔案系統 202: File system

2100:保留區 2100: reserved area

2101:正規資料儲存區 2101: formal data storage area

Claims (20)

一種具資訊安全之記憶卡裝置,應用於與一主機完成信號連接,其記憶卡裝置包含:一非揮發性記憶體裝置,其係用以儲存資料;一安全晶片;以及一非揮發性記憶體控制器,信號連接至該主機、該非揮發性記憶體裝置以及該安全晶片,該非揮發性記憶體控制器因應該主機發出之一安全晶片控制指令而與該安全晶片進行互動,其中該安全晶片控制指令包含一單一指令週期之單一指令,該單一指令週期之單一指令中包含有對應於該安全晶片之一第一特殊地址,而該非揮發性記憶體控制器更可因應該主機發出之一非安全晶片控制指令而與該非揮發性記憶體裝置進行互動但不會與該安全晶片進行互動,該非安全晶片控制指令中包含有與該安全晶片無關之一正規地址,該正規地址與該第一特殊地址不相同,其中該安全晶片具有複數種加密模式,該第一特殊地址與一第二特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器辨識出該第一特殊地址時,將該安全晶片設定成一第一加密模式,該非揮發性記憶體控制器辨識出該第二特殊地址時,將該安全晶片設定成一第二加密模式。 A memory card device with information security, which is used to complete signal connection with a host, and the memory card device includes: a non-volatile memory device, which is used to store data; a security chip; and a non-volatile memory A controller, signal connected to the host, the non-volatile memory device and the security chip, the non-volatile memory controller interacts with the security chip in response to a security chip control command issued by the host, wherein the security chip control The command includes a single command of a single command cycle, the single command of the single command cycle includes a first special address corresponding to the security chip, and the non-volatile memory controller can respond to a non-secure address issued by the host The non-volatile memory device interacts with the non-volatile memory device but does not interact with the secure chip. The non-secure chip control command contains a normal address that is not related to the secure chip. The normal address is related to the first special address. different, wherein the security chip has a plurality of encryption modes, the first special address and a second special address are located in a reserved area of the non-volatile memory device, and the non-volatile memory controller recognizes the first special address When there is a special address, the security chip is set to a first encryption mode, and when the non-volatile memory controller recognizes the second special address, the security chip is set to a second encryption mode. 如請求項1所述之具資訊安全之記憶卡裝置,其中該安全晶片控制指令包含有該主機中之一檔案系統對該非揮發性記憶體控制器進行對該第一特殊地址的一寫入命令,該非揮發性記憶體控制器中之一韌體辨識出該第一特殊地址時,將設定該安全晶片之加密模式。 The memory card device with information security as described in claim 1, wherein the security chip control command includes a file system in the host computer performing a write command to the first special address of the non-volatile memory controller When a firmware in the non-volatile memory controller recognizes the first special address, it will set the encryption mode of the security chip. 如請求項2所述之具資訊安全之記憶卡裝置,其中對該第一特殊地址的寫入命令係用將該安全晶片設定該第一加密模式,對該第二特殊地址的寫入命令則將該安全晶片設定成該第二加密模式。 The memory card device with information security as described in claim 2, wherein the write command to the first special address is used to set the first encryption mode of the security chip, and the write command to the second special address is The security chip is set to the second encryption mode. 一種具資訊安全之記憶卡裝置,應用於與一主機完成信號連接,其記憶卡裝置包含:一非揮發性記憶體裝置,其係用以儲存資料;一安全晶片;以及一非揮發性記憶體控制器,信號連接至該主機、該非揮發性記憶體裝置以及該安全晶片,該非揮發性記憶體控制器因應該主機發出之一安全晶片控制指令而與該安全晶片進行互動,其中該安全晶片控制指令包含一單一指令週期之單一指令,該單一指令週期之單一指令中包含有對應於該安全晶片之一第一特殊地址,而該非揮發性記憶體控制器更可因應該主機發出之一非安全晶片控制指令而與該非揮發性記憶體裝置進行互動但不會與該安全晶片進行互動,該非安全晶片控制指令中包含有與該安全晶片無關之一正規地址,該正規地址與該第一特殊地址不相同,其中該安全晶片控制指令包含有該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第三特殊地址寫入一第一特定資料的寫入命令,該第三特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第三特殊地址時,將改寫該安全晶片之一組參數,而該第一特定資料的內容便是要改寫的參數值。 A memory card device with information security, which is used to complete signal connection with a host, and the memory card device includes: a non-volatile memory device, which is used to store data; a security chip; and a non-volatile memory A controller, signal connected to the host, the non-volatile memory device and the security chip, the non-volatile memory controller interacts with the security chip in response to a security chip control command issued by the host, wherein the security chip control The command includes a single command of a single command cycle, the single command of the single command cycle includes a first special address corresponding to the security chip, and the non-volatile memory controller can respond to a non-secure address issued by the host The non-volatile memory device interacts with the non-volatile memory device but does not interact with the secure chip. The non-secure chip control command contains a normal address that is not related to the secure chip. The normal address is related to the first special address. Not the same, wherein the secure chip control command includes a file system in the host to write a first specific data write command to a third special address for the non-volatile memory controller, the third special address It is located in the range of a reserved area in the non-volatile memory device. When a firmware in the non-volatile memory controller recognizes the third special address, it will rewrite a set of parameters of the security chip, and the first The content of the specified data is the parameter value to be overwritten. 一種具資訊安全之記憶卡裝置,應用於與一主機完成信號連接,其記憶卡裝置包含:一非揮發性記憶體裝置,其係用以儲存資料;一安全晶片;以及 一非揮發性記憶體控制器,信號連接至該主機、該非揮發性記憶體裝置以及該安全晶片,該非揮發性記憶體控制器因應該主機發出之一安全晶片控制指令而與該安全晶片進行互動,其中該安全晶片控制指令包含一單一指令週期之單一指令,該單一指令週期之單一指令中包含有對應於該安全晶片之一第一特殊地址,而該非揮發性記憶體控制器更可因應該主機發出之一非安全晶片控制指令而與該非揮發性記憶體裝置進行互動但不會與該安全晶片進行互動,該非安全晶片控制指令中包含有與該安全晶片無關之一正規地址,該正規地址與該第一特殊地址不相同,其中該安全晶片控制指令包含有該主機中之一檔案系統來對該非揮發性記憶體控制器進行對一第四特殊地址的寫入命令,該第四特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第四特殊地址時,將用以從該安全晶片中讀取該安全晶片的特定資訊。 A memory card device with information security, which is used to complete signal connection with a host, and the memory card device includes: a non-volatile memory device, which is used to store data; a security chip; and A non-volatile memory controller, signally connected to the host, the non-volatile memory device and the security chip, the non-volatile memory controller interacts with the security chip in response to a security chip control command issued by the host , wherein the security chip control command includes a single command of a single command cycle, the single command of the single command cycle includes a first special address corresponding to the security chip, and the non-volatile memory controller can respond to the The host sends a non-secure chip control command to interact with the non-volatile memory device but will not interact with the secure chip. The non-secure chip control command contains a normal address that has nothing to do with the security chip. The normal address Different from the first special address, the secure chip control command includes a file system in the host to write a fourth special address to the non-volatile memory controller, the fourth special address is located in a reserved area in the non-volatile memory device, when a firmware in the non-volatile memory controller recognizes the fourth special address, it will be used to read the security chip from the security chip specific information. 如請求項5所述之具資訊安全之記憶卡裝置,其中該安全晶片的特定資訊是韌體版本,該安全晶片將該安全晶片的韌體版本傳回該非揮發性記憶體控制器,而該韌體再將該安全晶片的韌體版本寫入該保留區中或是暫存於該非揮發性記憶體控制器中,而該檔案系統再從該保留區或該非揮發性記憶體控制器中將該安全晶片的韌體版本讀回。 The memory card device with information security as described in claim 5, wherein the specific information of the security chip is a firmware version, and the security chip sends the firmware version of the security chip back to the non-volatile memory controller, and the The firmware then writes the firmware version of the security chip into the reserved area or temporarily stores it in the non-volatile memory controller, and the file system is then downloaded from the reserved area or the non-volatile memory controller The firmware version of the security chip is read back. 如請求項1所述之具資訊安全之記憶卡裝置,其中該安全晶片控制指令包含有該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第五特殊地址寫入一第二特定資料的寫入命令,該第五特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第五特殊地址時,將驅動該安全晶片對該第二特定資料進行加密成一加密資料後將該加密資料傳回該非揮發性記憶體控制器,而該韌體再將該加密資料寫入 該保留區中或是暫存於該非揮發性記憶體控制器中,而該檔案系統再從該保留區中或是該非揮發性記憶體控制器中將該加密資料讀回。 The memory card device with information security as described in claim 1, wherein the security chip control command includes a file system in the host to write a fifth special address to a second non-volatile memory controller A write command for specific data, the fifth special address is located in a reserved area in the non-volatile memory device, when a firmware in the non-volatile memory controller recognizes the fifth special address, it will drive The security chip encrypts the second specific data into an encrypted data and sends the encrypted data back to the non-volatile memory controller, and the firmware writes the encrypted data into The reserved area is temporarily stored in the non-volatile memory controller, and the file system reads back the encrypted data from the reserved area or the non-volatile memory controller. 如請求項1所述之具資訊安全之記憶卡裝置,其中該單一指令週期之單一指令為對一特殊地址之資料存取命令。 The memory card device with information security as described in Claim 1, wherein the single command of the single command cycle is a data access command to a special address. 如請求項8所述之具資訊安全之記憶卡裝置,其中該特殊地址的形式是一個預設的多位元數字。 The memory card device with information security as described in claim 8, wherein the form of the special address is a preset multi-digit number. 如請求項8所述之具資訊安全之記憶卡裝置,其中該特殊地址是動態地從符合一特定公式的多個多位元數字中擇一。 The memory card device with information security as described in Claim 8, wherein the special address is dynamically selected from a plurality of multi-bit numbers that meet a specific formula. 一種晶片控制方法,應用於一主機與一具資訊安全之記憶卡裝置之間,該具資訊安全之記憶卡裝置包含有一非揮發性記憶體裝置、一安全晶片以及一非揮發性記憶體控制器,該控制方法包含下列步驟:該主機發出一安全晶片控制指令至該非揮發性記憶體控制器,該安全晶片控制指令包含一單一指令週期之單一指令;該非揮發性記憶體控制器因應該單一指令週期之單一指令而與該安全晶片進行互動,該單一指令週期之單一指令包含有對應於該安全晶片之一第一特殊地址;以及該非揮發性記憶體控制器因應該主機發出之一非安全晶片控制指令而與該非揮發性記憶體裝置進行互動但不會與該安全晶片進行互動,該非安全晶片控制指令中包含有與該安全晶片無關之一正規地址,該正規地址與該第一特殊地址不相同,其中該安全晶片具有複數種加密模式,且該第一特殊地址與一第二特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器辨識出該第一特殊地址時,將該安全晶片設定成一第一加密模式,該非揮發性記憶體控制器辨識出該第二特殊地址時,將該安全晶片設定成一第二加密模式。 A chip control method, applied between a host and a memory card device with information security, the memory card device with information security includes a non-volatile memory device, a security chip and a non-volatile memory controller , the control method comprises the following steps: the host sends a security chip control command to the non-volatile memory controller, the security chip control command includes a single command of a single command cycle; the non-volatile memory controller responds to the single command Interacting with the secure chip with a single command of the single command cycle, the single command of the single command cycle includes a first special address corresponding to the secure chip; and the non-volatile memory controller responds to a non-secure chip issued by the host The non-volatile memory device interacts with the non-volatile memory device but does not interact with the secure chip, and the non-secure chip control command contains a normal address that is not related to the secure chip, and the normal address is different from the first special address. Similarly, wherein the security chip has a plurality of encryption modes, and the first special address and a second special address are located in a reserved area in the non-volatile memory device, the non-volatile memory controller recognizes the first When there is a special address, the security chip is set to a first encryption mode, and when the non-volatile memory controller recognizes the second special address, the security chip is set to a second encryption mode. 如請求項11所述之晶片控制方法,其中該安全晶片控制指令包含有該主機中之一檔案系統對該非揮發性記憶體控制器進行對該第一特殊地址的一寫入命令,該非揮發性記憶體控制器中之一韌體辨識出該第一特殊地址時,將設定該安全晶片之加密模式。 The chip control method as described in claim 11, wherein the secure chip control command includes a file system in the host computer performing a write command to the first special address of the non-volatile memory controller, the non-volatile When a firmware in the memory controller recognizes the first special address, it will set the encryption mode of the security chip. 如請求項12所述之晶片控制方法,其中對該第一特殊地址的寫入命令係用將該安全晶片設定成該第一加密模式,而對該第二特殊地址的寫入命令則將該安全晶片設定成該第二加密模式。 The chip control method as described in claim 12, wherein the write command to the first special address is used to set the security chip to the first encryption mode, and the write command to the second special address will The security chip is set to the second encryption mode. 一種晶片控制方法,應用於一主機與一具資訊安全之記憶卡裝置之間,該具資訊安全之記憶卡裝置包含有一非揮發性記憶體裝置、一安全晶片以及一非揮發性記憶體控制器,該控制方法包含下列步驟:該主機發出一安全晶片控制指令至該非揮發性記憶體控制器,該安全晶片控制指令包含一單一指令週期之單一指令;該非揮發性記憶體控制器因應該單一指令週期之單一指令而與該安全晶片進行互動,該單一指令週期之單一指令包含有對應於該安全晶片之一第一特殊地址;以及該非揮發性記憶體控制器因應該主機發出之一非安全晶片控制指令而與該非揮發性記憶體裝置進行互動但不會與該安全晶片進行互動,該非安全晶片控制指令中包含有與該安全晶片無關之一正規地址,該正規地址與該第一特殊地址不相同,其中該安全晶片控制指令包含有該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第三特殊地址寫入一第一特定資料的寫入命令,該第三特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第三特殊地址時,將改寫該安全晶片之一組參數,而該第一特定資料的內容便是要改寫的參數值。 A chip control method, applied between a host and a memory card device with information security, the memory card device with information security includes a non-volatile memory device, a security chip and a non-volatile memory controller , the control method comprises the following steps: the host sends a secure chip control command to the non-volatile memory controller, the secure chip control command includes a single command of a single command cycle; the non-volatile memory controller responds to the single command Interacting with the secure chip with a single command of the single command cycle, the single command of the single command cycle includes a first special address corresponding to the secure chip; and the non-volatile memory controller responds to a non-secure chip issued by the host The non-volatile memory device interacts with the non-volatile memory device but does not interact with the secure chip. The non-secure chip control command contains a normal address that is not related to the secure chip. The normal address is different from the first special address. Same, wherein the security chip control command includes a file system in the host computer to write a first specific data write command to a third special address for the non-volatile memory controller, and the third special address is Located in the range of a reserved area in the non-volatile memory device, when a firmware in the non-volatile memory controller recognizes the third special address, it will rewrite a set of parameters of the security chip, and the first specific The content of the data is the parameter value to be overwritten. 一種晶片控制方法,應用於一主機與一具資訊安全之記憶卡裝置之間,該具資訊安全之記憶卡裝置包含有一非揮發性記憶體裝置、一安全晶片以及一非揮發性記憶體控制器,該控制方法包含下列步驟:該主機發出一安全晶片控制指令至該非揮發性記憶體控制器,該安全晶片控制指令包含一單一指令週期之單一指令;該非揮發性記憶體控制器因應該單一指令週期之單一指令而與該安全晶片進行互動,該單一指令週期之單一指令包含有對應於該安全晶片之一第一特殊地址;以及該非揮發性記憶體控制器因應該主機發出之一非安全晶片控制指令而與該非揮發性記憶體裝置進行互動但不會與該安全晶片進行互動,該非安全晶片控制指令中包含有與該安全晶片無關之一正規地址,該正規地址與該第一特殊地址不相同,其中該安全晶片控制指令包含有該主機中之一檔案系統來對該非揮發性記憶體控制器進行對一第四特殊地址的寫入命令,該第四特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第四特殊地址時,將用以從該安全晶片中讀取該安全晶片的特定資訊。 A chip control method, applied between a host and a memory card device with information security, the memory card device with information security includes a non-volatile memory device, a security chip and a non-volatile memory controller , the control method comprises the following steps: the host sends a security chip control command to the non-volatile memory controller, the security chip control command includes a single command of a single command cycle; the non-volatile memory controller responds to the single command Interacting with the secure chip with a single command of the single command cycle, the single command of the single command cycle includes a first special address corresponding to the secure chip; and the non-volatile memory controller responds to a non-secure chip issued by the host The non-volatile memory device interacts with the non-volatile memory device but does not interact with the secure chip, and the non-secure chip control command contains a normal address that is not related to the secure chip, and the normal address is different from the first special address. Same, wherein the secure chip control command includes a file system in the host computer to perform a write command to a fourth special address of the non-volatile memory controller, the fourth special address is located in the non-volatile memory In a reserved area of the device, when a firmware in the non-volatile memory controller recognizes the fourth special address, it will be used to read specific information of the security chip from the security chip. 如請求項15所述之晶片控制方法,其中該安全晶片的特定資訊是韌體版本,該安全晶片將該安全晶片的韌體版本傳回該非揮發性記憶體控制器,而該韌體再將該安全晶片的韌體版本寫入該保留區中,而該檔案系統再從該保留區中將該安全晶片的韌體版本讀回。 The chip control method as described in claim 15, wherein the specific information of the security chip is a firmware version, and the security chip sends the firmware version of the security chip back to the non-volatile memory controller, and the firmware then sends the The firmware version of the security chip is written into the reserved area, and the file system reads back the firmware version of the security chip from the reserved area. 如請求項11所述之晶片控制方法,其中該安全晶片控制指令包含有該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第五特殊地址寫入一第二特定資料的寫入命令,該第五特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第五特殊 地址時,將驅動該安全晶片對該第二特定資料進行加密成一加密資料後將該加密資料傳回該非揮發性記憶體控制器,而該韌體再將該加密資料寫入該保留區中,而該檔案系統再從該保留區中將該加密資料讀回。 The chip control method as described in claim 11, wherein the secure chip control command includes a file system in the host computer writing a fifth special address and writing a second specific data to the non-volatile memory controller input command, the fifth special address is located in a reserved area in the non-volatile memory device, and a firmware in the non-volatile memory controller recognizes the fifth special address address, the security chip will be driven to encrypt the second specific data into an encrypted data and then send the encrypted data back to the non-volatile memory controller, and the firmware will write the encrypted data into the reserved area, And the file system reads back the encrypted data from the reserved area. 如請求項11所述之晶片控制方法,其中該單一指令週期之單一指令為對一特殊地址之資料存取命令。 The chip control method as described in claim 11, wherein the single command of the single command cycle is a data access command to a special address. 如請求項18所述之晶片控制方法,其中該特殊地址的形式是一個預設的多位元數字。 The chip control method as claimed in claim 18, wherein the special address is a preset multi-bit number. 如請求項18所述之晶片控制方法,其中該特殊地址是動態地從符合一特定公式的多個多位元數字中擇一。 The chip control method as claimed in claim 18, wherein the special address is dynamically selected from a plurality of multi-bit numbers conforming to a specific formula.
TW110139996A 2020-10-30 2021-10-28 Secure memory card and control method thereof TWI789082B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
JP2021176738A JP7284796B2 (en) 2020-10-30 2021-10-28 Secure memory card and its control method
US17/513,110 US11886734B2 (en) 2020-10-30 2021-10-28 Secure memory card and control method thereof
CN202111268035.XA CN114064559A (en) 2020-10-30 2021-10-29 Memory card device for ensuring information safety and chip control method applied therein
EP21205460.5A EP3992830A1 (en) 2020-10-30 2021-10-29 Secure memory card and control method thereof

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TW109137770 2020-10-30
TW109137770 2020-10-30

Publications (2)

Publication Number Publication Date
TW202217573A TW202217573A (en) 2022-05-01
TWI789082B true TWI789082B (en) 2023-01-01

Family

ID=82558789

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110139996A TWI789082B (en) 2020-10-30 2021-10-28 Secure memory card and control method thereof

Country Status (1)

Country Link
TW (1) TWI789082B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8127368B2 (en) * 1999-04-27 2012-02-28 Panasonic Corporation Semiconductor memory card and data reading apparatus, and data reading/reproducing apparatus
US8219824B2 (en) * 2007-06-29 2012-07-10 Phison Electronics Corp. Storage apparatus, memory card accessing apparatus and method of reading/writing the same
TWI468940B (en) * 2010-12-29 2015-01-11 Sony Corp Information storage apparatus, information processing method, and computer readable medium
CN109241786A (en) * 2018-10-08 2019-01-18 赵建和 A kind of independent flash card
TW202028991A (en) * 2019-01-30 2020-08-01 旺宏電子股份有限公司 Memory chip having security function and memory device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8127368B2 (en) * 1999-04-27 2012-02-28 Panasonic Corporation Semiconductor memory card and data reading apparatus, and data reading/reproducing apparatus
US8219824B2 (en) * 2007-06-29 2012-07-10 Phison Electronics Corp. Storage apparatus, memory card accessing apparatus and method of reading/writing the same
TWI468940B (en) * 2010-12-29 2015-01-11 Sony Corp Information storage apparatus, information processing method, and computer readable medium
CN109241786A (en) * 2018-10-08 2019-01-18 赵建和 A kind of independent flash card
TW202028991A (en) * 2019-01-30 2020-08-01 旺宏電子股份有限公司 Memory chip having security function and memory device

Also Published As

Publication number Publication date
TW202217573A (en) 2022-05-01

Similar Documents

Publication Publication Date Title
US11662918B2 (en) Wireless communication between an integrated circuit memory device and a wireless controller device
US8627100B2 (en) Separate type mass data encryption/decryption apparatus and implementing method therefor
JP6985011B2 (en) Equipment and methods for ensuring access protection schemes
CN101853417B (en) Working method and system of CF (Compact Flash) interface information safety equipment
TWI472927B (en) Method for dispatching and transmitting data stream, memory controller and memory storage apparatus
TWI451248B (en) Data protecting method, memory controller and memory storage apparatus
US20120124380A1 (en) Usb composite device and method therefor
TWI454912B (en) Data processing method, memory controller and memory storage device
US8812756B2 (en) Method of dispatching and transmitting data streams, memory controller and storage apparatus
US8266713B2 (en) Method, system and controller for transmitting and dispatching data stream
TWI430104B (en) Method for dispatching and transmitting data stream, memory controller and memory storage apparatus
TWI521345B (en) Method for reading response and data transmission system
TWI789082B (en) Secure memory card and control method thereof
US8276188B2 (en) Systems and methods for managing storage devices
CN114064559A (en) Memory card device for ensuring information safety and chip control method applied therein
KR100574234B1 (en) External memory card insertable secure data storage apparatus with usb interface, and storing method thereof
CN110069934B (en) Memory storage system, host system verification method and memory storage device
KR101722159B1 (en) Secure memory card
CN112084524A (en) USB flash disk access method and USB flash disk
KR20020086444A (en) Combination type usb drive having storage and operation function
KR101023100B1 (en) Device for USB Banking
JP2008059380A (en) Storage medium
JP3118160U (en) Memory card with personal authentication function
KR100832820B1 (en) Devices for Electronic Disk and Recording Medium
TWI424330B (en) Limit the way files are accessed