TWI789082B - Secure memory card and control method thereof - Google Patents
Secure memory card and control method thereof Download PDFInfo
- Publication number
- TWI789082B TWI789082B TW110139996A TW110139996A TWI789082B TW I789082 B TWI789082 B TW I789082B TW 110139996 A TW110139996 A TW 110139996A TW 110139996 A TW110139996 A TW 110139996A TW I789082 B TWI789082 B TW I789082B
- Authority
- TW
- Taiwan
- Prior art keywords
- volatile memory
- memory controller
- chip
- special address
- security chip
- Prior art date
Links
Images
Landscapes
- Storage Device Security (AREA)
- Credit Cards Or The Like (AREA)
Abstract
Description
本案係為一種具資訊安全之記憶卡裝置與應用其中的晶片控制方法,尤指內建有安全晶片的具資訊安全之記憶卡裝置與應用其中的晶片控制方法。 This case is a memory card device with information security and a chip control method applied therein, especially a memory card device with information security built in a security chip and a chip control method applied therein.
隨著資訊科技的普及,許多需要保密的重要資料(各式帳號與密碼)都會連同一般資料共同存放在使用者端的資訊裝置中,例如常見的個人電腦、筆記型電腦或是現今更普及的智慧手機中,而且可攜式裝置會透過各式資料傳輸管道(例如USB介面或是網際網路等)來與其它資訊裝置進行資料交換或是金融交易。因此,若不妥善儲存需要保密的重要資料,該等資料便有極大可能被竊取而造成重要損失。但是,現今使用者手上的資訊裝置很少具有此類功能,僅有少數新推出的資訊裝置上可能內建有資料安全模組來完成資料安全儲存的功能,而且現存的大多數資訊處理裝置並無法透過簡單的安裝而得到資料加密功能。 With the popularization of information technology, many important information (various account numbers and passwords) that need to be kept secret will be stored together with general information in the information device on the user side, such as common personal computers, notebook computers or the more popular smart phones today. In mobile phones, and portable devices will exchange data or conduct financial transactions with other information devices through various data transmission channels (such as USB interface or Internet, etc.). Therefore, if important information that needs to be kept confidential is not properly stored, such information is likely to be stolen and cause important losses. However, today's information devices in the hands of users seldom have such functions. Only a few newly launched information devices may have built-in data security modules to complete the function of data security storage, and most of the existing information processing devices The data encryption function cannot be obtained through a simple installation.
為能有效改善此一缺失,讓現存的舊有機種可以方便地新增資料安全儲存的功能,如圖1所示之具有資安功能的記憶卡11被發展出來,其主要係以常見的記憶卡(例如安全數位記憶卡(Secure Digital Memory Card,簡稱SD)
中的microSD卡)外加一顆通過CC EAL5+認證的安全晶片(Secure Element)119來完成,用以提供密碼服務、金鑰管理、儲存資料等功能。由圖中可以看出,當主機(host)10中的應用程式100有進行資料加密程序的需求時,該應用程式100便可發出一加密指令,而檔案系統(file system)101便可因應該應用程式100所發出之該加密指令,來對記憶卡11中之快閃記憶體控制器(Flash memory controller)110發出一預設特殊組合102,該預設特殊組合102可以由多個且連續的讀寫命令所構成,舉例來說,該預設特殊組合102可以是連續進行讀取命令(Read command)兩次以及寫入命令(Write command)一次。該預設特殊組合102便會觸發該快閃記憶體控制器110來與檔案系統(file system)101之間建立一條供應商命令管道(Vendor commands Tunnel,簡稱VC Tunnel)103。當供應商命令管道103被建立後,檔案系統(file system)101緊接著透過供應商命令管道103所送進來的一個寫入命令(Write command),將會被快閃記憶體控制器110辨識成一供應商命令(Vendor command),因此當該供應商命令(Vendor command)被事先定義成資料加密相關動作時,便可以使得快閃記憶體控制器110用以完成該加密指令的對應加密動作。例如,該供應商命令(Vendor command)的內容是:使快閃記憶體控制器110將該寫入命令中相關之一筆資料傳至安全晶片119進行加密,加密完後再透過供應商命令管道103傳送回該應用程式或是儲存至快閃記憶體111。
In order to effectively improve this deficiency, the existing old organic type can be easily added with the function of safe storage of data. As shown in Figure 1, a
但由上述說明可以看出,習用手段係利用多個連續讀寫命令的預設特殊組合102來進一步定義出供應商命令(Vendor command),進而”建立一條供應商命令管道”來進行後續的加密指令,而且快閃記憶體控制器110與安全晶片119是以傳統的ISO-7816的智慧卡通訊協定來進行通訊。但預設特殊組合102
過於複雜而浪費指令週期,ISO-7816的最高操作頻率又僅能達1.25MHz,而且三個接腳(IO/CLK/RST)的配置僅能進行半雙工(Half-duplex)的信號傳輸,過慢的資料處理速度皆已無法符合現今的要求。
However, it can be seen from the above description that the usual method is to use the preset
為能改善上述習用手段的缺失,發明人便發展出下列技術概念與實施手段。本發明係有關於一種具資訊安全之記憶卡裝置,應用於與一主機完成信號連接,其記憶卡裝置包含:一非揮發性記憶體裝置,其係用以儲存資料;一安全晶片;以及一非揮發性記憶體控制器,信號連接至該主機、該非揮發性記憶體裝置以及該安全晶片,該非揮發性記憶體控制器因應該主機發出之一單一指令週期之單一指令而與該安全晶片進行互動。 In order to improve the lack of the above-mentioned conventional means, the inventors have developed the following technical concepts and implementation means. The present invention relates to a memory card device with information security, which is used to complete signal connection with a host, and the memory card device includes: a non-volatile memory device, which is used to store data; a security chip; and a A non-volatile memory controller, signally connected to the host, the non-volatile memory device, and the security chip, the non-volatile memory controller communicates with the security chip in response to a single command of a single command cycle issued by the host interactive.
根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該單一指令週期之單一指令為該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第一特殊地址的一寫入命令,該第一特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第一特殊地址時,將設定該安全晶片之加密模式。 According to the above idea, the memory card device with information security described in this case, wherein the single command of the single command cycle is a file system in the host computer to write a first special address to the non-volatile memory controller input command, the first special address is located in the range of a reserved area in the non-volatile memory device, when a firmware in the non-volatile memory controller recognizes the first special address, it will set the security chip encryption mode.
根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該安全晶片具有複數種加密模式,而該第一特殊地址的寫入命令係用將該安全晶片設定成一第一加密模式,一第二特殊地址的寫入命令則將該安全晶片設定成一第二加密模式。 According to the above idea, the memory card device with information security described in this case, wherein the security chip has multiple encryption modes, and the write command of the first special address is used to set the security chip to a first encryption mode, a The write command of the second special address sets the security chip to a second encryption mode.
根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該單一指令週期之單一指令為該主機中之一檔案系統對該非揮發性記憶體控制器進 行對一第三特殊地址寫入一第一特定資料的寫入命令,該第三特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第三特殊地址時,將改寫該安全晶片之一組參數,而該第一特定資料的內容便是要改寫的參數值。 According to the above idea, in the memory card device with information security described in this case, the single command of the single command cycle is a file system in the host computer for the non-volatile memory controller A write command for writing a first specific data to a third special address, the third special address is located in a reserved area range in the non-volatile memory device, a firmware in the non-volatile memory controller When the body recognizes the third special address, a set of parameters of the security chip will be rewritten, and the content of the first specific data is the parameter value to be rewritten.
根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該單一指令週期之單一指令為該主機中之一檔案系統來對該非揮發性記憶體控制器進行對一第四特殊地址的寫入命令,該第四特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第四特殊地址時,將用以從該安全晶片中讀取該安全晶片的特定資訊。 According to the above idea, the memory card device with information security described in this case, wherein the single command of the single command cycle is a file system in the host to write a fourth special address to the non-volatile memory controller input command, the fourth special address is located in the range of a reserved area in the non-volatile memory device, when a firmware in the non-volatile memory controller recognizes the fourth special address, it will be used from the security Read the specific information of the security chip from the chip.
根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該安全晶片的特定資訊是韌體版本,該安全晶片將該安全晶片的韌體版本傳回該非揮發性記憶體控制器,而該韌體再將該安全晶片的韌體版本寫入該保留區中或是暫存於該非揮發性記憶體控制器中,而檔案系統再從該保留區或該非揮發性記憶體控制器中將該安全晶片的韌體版本讀回。 According to the above idea, in the memory card device with information security described in this case, the specific information of the security chip is a firmware version, and the security chip sends the firmware version of the security chip back to the non-volatile memory controller, and The firmware then writes the firmware version of the security chip into the reserved area or temporarily stores it in the non-volatile memory controller, and the file system then transfers the firmware version from the reserved area or the non-volatile memory controller The firmware version of the security chip is read back.
根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該單一指令週期之單一指令為該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第五特殊地址寫入一第二特定資料的寫入命令,該第五特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第五特殊地址時,將驅動該安全晶片對該第二特定資料進行加密後將加密資料傳回該該非揮發性記憶體控制器,而該韌體再將該加密資料寫入該保留區中或是暫存於該非揮發性記憶體控制器中,而該檔案系統再從該保留區中或是該非揮發性記憶體控制器中將加密資料讀回。 According to the above idea, in the memory card device with information security described in this case, the single command of the single command cycle is that a file system in the host computer writes a fifth special address to the non-volatile memory controller. The write command of the second specific data, the fifth special address is located in a reserved area in the non-volatile memory device, when a firmware in the non-volatile memory controller recognizes the fifth special address, Drive the security chip to encrypt the second specific data and then send the encrypted data back to the non-volatile memory controller, and the firmware writes the encrypted data into the reserved area or temporarily stores it in the non-volatile memory controller In the volatile memory controller, the file system reads back the encrypted data from the reserved area or the non-volatile memory controller.
根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該單一指令週期之單一指令為對一特殊地址之資料存取命令。 According to the above idea, in the memory card device with information security described in this case, the single command of the single command cycle is a data access command to a special address.
根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該特殊地址的形式是一個預設的多位元數字。 According to the above idea, in the memory card device with information security described in this case, the form of the special address is a preset multi-digit number.
根據上述構想,本案所述之具資訊安全之記憶卡裝置,其中該特殊地址是動態地從符合一特定公式的多個多位元數字中擇一。 According to the above idea, in the memory card device with information security described in this case, the special address is dynamically selected from a plurality of multi-digit numbers conforming to a specific formula.
本案之另一方面係為一種晶片控制方法,應用於一主機與一具資訊安全之記憶卡裝置之間,該具資訊安全之記憶卡裝置包含有一非揮發性記憶體裝置、一安全晶片以及一非揮發性記憶體控制器,該控制方法包含下列步驟:該主機發出一單一指令週期之單一指令至該非揮發性記憶體控制器;以及該非揮發性記憶體控制器因應該單一指令週期之單一指令而與該安全晶片進行互動。 Another aspect of this case is a chip control method applied between a host and a memory card device with information security. The memory card device with information security includes a non-volatile memory device, a security chip and a For a non-volatile memory controller, the control method includes the following steps: the host sends a single command of a single command cycle to the non-volatile memory controller; and the non-volatile memory controller responds to the single command of the single command cycle and interact with the security chip.
根據上述構想,本案所述之晶片控制方法,其中該單一指令週期之單一指令為該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第一特殊地址的一寫入命令,該第一特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第一特殊地址時,將設定該安全晶片之加密模式。 According to the above idea, the chip control method described in this case, wherein the single command of the single command cycle is a file system in the host computer performing a write command to a first special address for the non-volatile memory controller, the The first special address is located in a reserved area in the non-volatile memory device. When a firmware in the non-volatile memory controller recognizes the first special address, it will set the encryption mode of the security chip.
根據上述構想,本案所述之晶片控制方法,其中該安全晶片具有複數種加密模式,該第一特殊地址的寫入命令係用將該安全晶片設定成一第一加密模式,而一第二特殊地址的寫入命令則將該安全晶片設定成一第二加密模式。 According to the above idea, the chip control method described in this case, wherein the security chip has a plurality of encryption modes, the write command of the first special address is used to set the security chip to a first encryption mode, and a second special address The write command then sets the security chip to a second encryption mode.
根據上述構想,本案所述之晶片控制方法,其中該單一指令週期之單一指令為該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第三特殊地址寫入一第一特定資料的寫入命令,該第三特殊地址係位於該非揮發性記 憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第三特殊地址時,將改寫該安全晶片之一組參數,而該第一特定資料的內容便是要改寫的參數值。 According to the above idea, the chip control method described in this case, wherein the single command of the single command cycle is a file system in the host computer to write a first specific data to a third special address for the non-volatile memory controller write command, the third special address is located in the non-volatile memory In the range of a reserved area in the memory device, when a firmware in the non-volatile memory controller recognizes the third special address, it will rewrite a set of parameters of the security chip, and the content of the first specific data will be is the parameter value to be overwritten.
根據上述構想,本案所述之晶片控制方法,其中該單一指令週期之單一指令為該主機中之一檔案系統來對該非揮發性記憶體控制器進行對一第四特殊地址的寫入命令,該第四特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第四特殊地址時,將用以從該安全晶片中讀取該安全晶片的特定資訊。 According to the above idea, the chip control method described in this case, wherein the single command of the single command cycle is a file system in the host to perform a write command to a fourth special address for the non-volatile memory controller, the The fourth special address is located in the range of a reserved area in the non-volatile memory device. When a firmware in the non-volatile memory controller recognizes the fourth special address, it will be used to read from the security chip Information specific to the security chip.
根據上述構想,本案所述之晶片控制方法,其中該安全晶片的特定資訊是韌體版本,該安全晶片將該安全晶片的韌體版本傳回該非揮發性記憶體控制器,而該韌體再將該安全晶片的韌體版本寫入該保留區中,而檔案系統再從該保留區中將該安全晶片的韌體版本讀回。 According to the above idea, the chip control method described in this case, wherein the specific information of the security chip is a firmware version, the security chip sends the firmware version of the security chip back to the non-volatile memory controller, and the firmware is then The firmware version of the security chip is written into the reserved area, and the file system reads back the firmware version of the security chip from the reserved area.
根據上述構想,本案所述之晶片控制方法,其中該單一指令週期之單一指令為該主機中之一檔案系統對該非揮發性記憶體控制器進行對一第五特殊地址寫入一第二特定資料的寫入命令,該第五特殊地址係位於該非揮發性記憶體裝置中一保留區範圍中,該非揮發性記憶體控制器中之一韌體辨識出該第五特殊地址時,將驅動該安全晶片對該第二特定資料進行加密後將加密資料傳回該該非揮發性記憶體控制器,而該韌體再將該加密資料寫入該保留區中,而該檔案系統再從該保留區中將加密資料讀回。 According to the above idea, the chip control method described in this case, wherein the single command of the single command cycle is a file system in the host computer to write a second specific data to a fifth special address for the non-volatile memory controller write command, the fifth special address is located in a reserved area in the non-volatile memory device, when a firmware in the non-volatile memory controller recognizes the fifth special address, it will drive the security After the chip encrypts the second specific data, the encrypted data is sent back to the non-volatile memory controller, and the firmware writes the encrypted data into the reserved area, and the file system reads the encrypted data from the reserved area Read encrypted data back.
根據上述構想,本案所述之晶片控制方法,其中該單一指令週期之單一指令為對一特殊地址之資料存取命令。 According to the above idea, the chip control method described in this case, wherein the single command of the single command cycle is a data access command to a special address.
根據上述構想,本案所述之晶片控制方法,其中該特殊地址的形式是一個預設的多位元數字。 According to the above idea, in the chip control method described in this case, the form of the special address is a preset multi-digit number.
根據上述構想,本案所述之晶片控制方法,其中該特殊地址是動態地從符合一特定公式的多個多位元數字中擇一。 According to the above idea, the chip control method described in this case, wherein the special address is dynamically selected from a plurality of multi-bit numbers conforming to a specific formula.
為了能對本發明之上述構想有更清楚的理解,下文特舉出多個實施例,並配合對應圖式詳細說明如下。 In order to have a clearer understanding of the above-mentioned idea of the present invention, a number of embodiments are specifically cited below, and detailed descriptions are given below with corresponding drawings.
11:記憶卡 11: memory card
119:安全晶片 119: security chip
10:主機 10: Host
100:應用程式 100: Apps
101:檔案系統 101: File System
110:快閃記憶體控制器 110: Flash memory controller
102:預設特殊組合 102:Preset special combination
103:供應商命令管道 103:Vendor Command Pipeline
111:快閃記憶體 111: Flash memory
21:記憶卡裝置 21:Memory card device
20:主機 20: Host
210:非揮發性記憶體裝置 210: Non-volatile memory device
211:安全晶片 211: Security chip
212:非揮發性記憶體控制器 212: Non-volatile memory controller
2120:韌體 2120:Firmware
201:應用程式 201: Application
202:檔案系統 202: File system
2100:保留區 2100: reserved area
2101:正規資料儲存區 2101: formal data storage area
圖1,其係習知具有資安功能的記憶卡的功能方塊示意圖。 FIG. 1 is a functional block schematic diagram of a conventional memory card with an information security function.
圖2,其係本案發展出來具加密功能之記憶卡裝置的功能方塊示意圖。 Fig. 2, it is the functional block schematic diagram of the memory card device with encryption function developed in this case.
圖3a、3b、3c,其係本案所提出關於加密相關程序之第一實施例的功能方塊示意圖以及流程時序示意圖。 3a, 3b, and 3c are functional block schematic diagrams and flowchart timing diagrams of the first embodiment of the encryption-related program proposed in this case.
圖4a、4b、4c,其係本案所提出關於加密相關程序之第二實施例的功能方塊示意圖以及流程時序示意圖。 4a, 4b, and 4c are functional block schematic diagrams and flowchart timing diagrams of the second embodiment of the encryption-related program proposed in this case.
圖5a、5b、5c,其係本案所提出關於加密相關程序之第三實施例的功能方塊示意圖以及流程時序示意圖。 5a, 5b, and 5c are functional block schematic diagrams and flowchart timing diagrams of the third embodiment of encryption-related programs proposed in this case.
圖6a、6b、6c,其係本案所提出關於加密相關程序之第四實施例的功能方塊示意圖以及流程時序示意圖。 6a, 6b, and 6c are functional block schematic diagrams and flowchart timing diagrams of the fourth embodiment of encryption-related programs proposed in this case.
圖7,其係本案所提出關於加密相關程序之又一流程時序示意圖。 Fig. 7 is a schematic diagram of another flow sequence of encryption-related procedures proposed in this case.
圖8,其係本案所提出關於加密相關程序之再一流程時序示意圖。 Fig. 8 is a schematic diagram of another flow sequence of encryption-related procedures proposed in this case.
本案為改善上述習知手段的缺失,係發展如圖2所示之具資訊安全之記憶卡裝置的功能方塊示意圖,該具資訊安全之記憶卡裝置21係與一主機20完成信號連接(例如是金屬接腳的有線信號連接方式或是藍牙或無線網路等的無線信號連接方式)。而其記憶卡裝置21主要包含有非揮發性記憶體裝置210、安全晶片211以及非揮發性記憶體控制器212,其中非揮發性記憶體裝置210係用以儲存資料,該安全晶片211則可以是一顆通過CC EAL5+認證的安全晶片(例如是英飛凌生產的安全晶片),其用以提供密碼服務、金鑰管理、儲存資料等功能。至於非揮發性記憶體控制器212則信號連接至該主機20、該非揮發性記憶體裝置210以及該安全晶片211,本案所發展出來之非揮發性記憶體控制器212可因應一安全晶片控制指令而與該安全晶片211進行互動,該安全晶片控制指令可以是一單一指令週期之單一指令。以本實施例來說,該非揮發性記憶體控制器212中係設置有一韌體2120來因應該單一指令週期之單一指令而來觸發該安全晶片211來進行加密相關程序。
In order to improve the deficiency of the above-mentioned known means, this case is to develop a functional block schematic diagram of a memory card device with information security as shown in Figure 2. The
詳言之,當主機20中之應用程式201需要進行各種與該安全晶片211進行互動的程序時,該應用程式201便先命令檔案系統(file system)202來對非揮發性記憶體控制器212進行一特殊地址的寫入命令(Write Command),此命令即為上述之安全晶片控制指令中之一,亦為單一指令週期之單一指令。上述之特殊地址的形式可以是一個預設的多位元數字,而該特殊地址係指向如圖中所示之該非揮發性記憶體裝置210中的某一塊保留區2100。而該非揮發性記憶體控制器212中之韌體2120,係被設定成具有可辨識出該特殊地址的位址解碼功能。因此當該特殊地址的寫入命令(Write Command)經韌體2120解碼而辨識出該特殊地址時,韌體2120便可與該安全晶片211進行互動,例如觸發該安全晶片211來進行加密相
關程序。另外,該非揮發性記憶體控制器212更可因應該主機20之檔案系統(file system)202所發出之一非安全晶片控制指令而與該非揮發性記憶體裝置210進行互動但不會與該安全晶片211進行互動,且該非安全晶片控制指令中包含有與該安全晶片無關之一正規地址,該正規地址與該第一特殊地址不相同。換言之,檔案系統(file system)202可對非揮發性記憶體控制器212進行該正規(normal)地址(即不屬於特殊地址的其他地址)的另一指令寫入命令(Write Command),而該正規地址與該第一特殊地址互不重疊,因此上述之正規地址係指向如圖中所示之該非揮發性記憶體裝置210中的一塊正規資料儲存區2101(即不與保留區2100重疊之另一資料儲存區)時,該非揮發性記憶體控制器212直接與該非揮發性記憶體裝置210進行互動但不與該安全晶片211進行互動,例如可以直接對該非揮發性記憶體裝置210中的該正規資料儲存區2101進行資料讀寫。以下再就與該安全晶片211進行互動的多種實施例來進行說明。
Specifically, when the
請先參見圖3a,其係本案所提出關於與該安全晶片211進行互動的相關程序之第一實施例的功能方塊示意圖,其主要是檔案系統(file system)202來對非揮發性記憶體控制器212進行如箭頭C1所示之一第一特殊地址的寫入命令(Write Command),此命令為沒有寫入資料之單一指令週期之單一指令,該第一特殊地址係位於保留區2100之範圍中。而該非揮發性記憶體控制器212中之韌體2120辨識出該第一特殊地址時,將發出如箭頭C2所示之命令,用以設定該安全晶片211之加密模式。舉例來說,安全晶片211可具有複數種加密模式,而該第一特殊地址的寫入命令係用將該安全晶片211設定成第一加密模式(例如AES-256-CBC)。同理,若發出的是沒有寫入資料之第二特殊地址的寫入命令(Write Command),則可以將該安全晶片211設定成第二加密模式(例如AES-256-CTR)。
Please refer to FIG. 3a first, which is a functional block diagram of the first embodiment of the relevant program for interacting with the
接著參見圖3b,其係對應圖3a之流程時序示意圖,其清楚表示出關於與該安全晶片211進行互動的相關程序之第一實施例的命令傳送與執行的細節與順序,首先,主機20發出寫入命令(Write Command)至非揮發性記憶體控制器212,非揮發性記憶體控制器212因應該寫入命令而對安全晶片211進行加密模式設定,設定成功後安全晶片211將對非揮發性記憶體控制器212發出圖中虛線所示之設定完成之信號,而非揮發性記憶體控制器212可再因應該設定完成之信號而於非揮發性記憶體裝置210中寫入代表加密模式設定成功的結果的代碼,並回復該主機20一個寫入完成的信號。
Then referring to FIG. 3b, it is a schematic diagram of the flow sequence corresponding to FIG. 3a, which clearly shows the details and sequence of the command transmission and execution of the first embodiment of the relevant program interacting with the
當然,也可以如圖3c所示的,省去”在非揮發性記憶體裝置210中寫入加密模式設定成功的結果記錄的寫入動作”的步驟,而是在設定成功後讓安全晶片211發出之設定完成信號直接送至主機20,藉此避免非揮發性記憶體裝置210的過度使用而縮短壽命。
Of course, as shown in FIG. 3c, the step of “writing the result record of successful encryption mode setting in the
圖4a其係本案所提出關於與該安全晶片211進行互動的相關程序之第二實施例的功能方塊示意圖,其主要是檔案系統(file system)202來對非揮發性記憶體控制器212進行如箭頭D1所示,對第三特殊地址寫入一第一特定資料的寫入命令(Write Command),此命令亦為單一指令週期之單一指令,該第三特殊地址係位於保留區2100之範圍中。而該非揮發性記憶體控制器212中之韌體2120辨識出該第三特殊地址時,將發出如箭頭D2所示之命令,將用以改寫該安全晶片211之一組參數,而該第一特定資料的內容便是要改寫的參數值。舉例來說,安全晶片211中具有一組參數,例如是一初始向量(initialization vector)值IV,而此D2命令則可用以設定AES-256-CBC中所使用之IV值。透過此類寫入命令便可達到改寫該安全晶片211中參數的目的。
FIG. 4a is a schematic functional block diagram of the second embodiment of the relevant program for interacting with the
接著參見圖4b,其係對應圖4a之流程時序示意圖,其清楚表示出關於與該安全晶片211進行互動的相關程序之第二實施例的命令傳送與執行的細節與順序,首先,主機20發出帶有特定資料的寫入命令至非揮發性記憶體控制器212,非揮發性記憶體控制器212因應該寫入命令以及特定資料而對安全晶片211進行參數改寫,改寫成功後安全晶片211將對非揮發性記憶體控制器212發出圖中虛線所示之改寫完成之信號,而非揮發性記憶體控制器212再因應該改寫完成之信號而於非揮發性記憶體裝置210中寫入代表參數改寫成功的結果的代碼,並回復該主機20一個寫入完成的信號。當然,也可以如圖4c所示的,省去”在非揮發性記憶體裝置210中寫入代表參數改寫成功的結果的代碼”的步驟,而是在參數改寫成功後讓安全晶片211發出之改寫完成信號直接送至主機20,藉此避免非揮發性記憶體裝置210的過度使用而縮短壽命。
Then referring to Fig. 4b, it is a flow sequence schematic diagram corresponding to Fig. 4a, which clearly shows the details and sequence of the command transmission and execution of the second embodiment of the relevant program interacting with the
再參見圖5a,其係本案所提出關於與該安全晶片211進行互動的相關程序之第三實施例的功能方塊示意圖,其主要是檔案系統(file system)202來對非揮發性記憶體控制器212進行如箭頭E1所示,沒有寫入資料之第四特殊地址的寫入命令(Write Command),此命令亦為單一指令週期之單一指令,該第四特殊地址係位於保留區2100之範圍中。而該非揮發性記憶體控制器212中之韌體2120辨識出該第四特殊地址時,用以從該安全晶片211中讀取該安全晶片211的特定資訊(例如是韌體版本),透過此類寫入命令便可達到獲取該安全晶片211中特定資訊的目的。舉例來說,該安全晶片211將該安全晶片211的韌體版本傳回該非揮發性記憶體控制器212(如箭頭E2所示),而韌體2120再將安全晶片211的韌體版本寫入該保留區2100中(如箭頭E3所示),而檔案系統(file system)202可以再從保留區
2100中將安全晶片211的韌體版本讀回(如箭頭E4所示)。透過此類寫入命令便可達到將安全晶片211的韌體版本讀回的目的。
Referring to Fig. 5a again, it is a schematic functional block diagram of the third embodiment of the relevant program for interacting with the
接著參見圖5b,其係對應圖5a之流程時序示意圖,其清楚表示出關於與該安全晶片211進行互動的相關程序之第三實施例的命令傳送與執行的細節與順序,首先,主機20發出寫入命令至非揮發性記憶體控制器212,非揮發性記憶體控制器212因應該寫入命令而對安全晶片211進行特定資訊(例如是韌體版本)的讀取,讀取成功後安全晶片211將對非揮發性記憶體控制器212發出圖中虛線所示之讀取完成之信號,而非揮發性記憶體控制器212再因應該讀取完成之信號而於非揮發性記憶體裝置210中寫入讀取到之特定資訊(例如是韌體版本),並回復該主機20一個寫入完成的信號。該主機20因應寫入完成的信號而發出讀取結果命令至非揮發性記憶體控制器212,非揮發性記憶體控制器212到非揮發性記憶體裝置210中讀取該特定資訊(例如是韌體版本),並將該特定資訊(例如是韌體版本)傳送至主機20。
Then referring to FIG. 5b, it is a schematic diagram of the flow sequence corresponding to FIG. 5a, which clearly shows the details and sequence of the command transmission and execution of the third embodiment of the relevant program interacting with the
當然,也可以如圖5c所示之方式,選擇不進行”於非揮發性記憶體裝置210中寫入讀取到之特定資訊(例如是韌體版本)”的步驟,而是將讀取到之特定資訊(例如是韌體版本)暫存於非揮發性記憶體控制器212的記憶體中,並回復該主機20一個寫入完成的信號,再由檔案系統(file system)202發出一進行讀取結果(韌體版本)命令,其內容為一特殊地址的讀取命令,該特殊地址係位於保留區2100之範圍中,而該非揮發性記憶體控制器212中之韌體2120辨識出該特殊地址時,便可將暫存於非揮發性記憶體控制器212的記憶體中資料(例如是韌體版本)傳回至主機,藉此避免非揮發性記憶體裝置210的過度使用而縮短壽命。
Of course, it is also possible to choose not to perform the step of "writing the read specific information (for example, firmware version) in the
至於圖6a,其係本案所提出關於與該安全晶片211進行互動的相關程序之第四實施例的功能方塊示意圖,其主要是檔案系統(file system)202來對非揮發性記憶體控制器212進行如箭頭F1所示,對第五特殊地址寫入一第二特定資料的寫入命令(Write Command),此命令亦為單一指令週期之單一指令,該第五特殊地址係位於保留區2100之範圍中。而該非揮發性記憶體控制器212中之韌體2120辨識出該第五特殊地址時,將驅動該安全晶片211對該第二特定資料進行加密。舉例來說,該安全晶片211對該第二特定資料進行加密後將加密資料傳回該該非揮發性記憶體控制器212(如箭頭F2所示),而韌體2120再將加密資料寫入該保留區2100中(如箭頭F3所示),而檔案系統(file system)202再從保留區2100中將加密資料讀回(如箭頭F4所示),透過此類寫入命令便可達到將特定資料進行加密而讀回加密資料的目的。
As for Fig. 6a, it is a functional block schematic diagram of the fourth embodiment of the relevant program for interacting with the
接著參見圖6b,其係對應圖6a之流程時序示意圖,其清楚表示出關於與該安全晶片211進行互動的相關程序之第四實施例的命令傳送與執行的細節與順序,首先,主機20發出帶有待加密資料的寫入命令至非揮發性記憶體控制器212,非揮發性記憶體控制器212因應該寫入命令而將待加密資料送入安全晶片211進行資料加密,加密成功後安全晶片211將對非揮發性記憶體控制器212發出圖中虛線所示之加密完成之信號,而非揮發性記憶體控制器212再因應該加密完成之信號而於非揮發性記憶體裝置210中寫入加密資料,並回復該主機20一個寫入完成的信號。該主機20因應寫入完成的信號而發出讀取加結果命令至非揮發性記憶體控制器212,非揮發性記憶體控制器212到非揮發性記憶體裝置210中讀取該加密資料,並將該加密資料傳送至主機20。
Then referring to FIG. 6b, it is a schematic diagram of the flow sequence corresponding to FIG. 6a, which clearly shows the details and sequence of the command transmission and execution of the fourth embodiment of the relevant program interacting with the
當然,也可以如圖6c所示之流程圖,選擇不進行”非揮發性記憶體控制器212將加密資料寫入該非揮發性記憶體裝置210中”的步驟,而是將加密資料暫存於非揮發性記憶體控制器212的記憶體中,並回復該主機20一個寫入完成的信號,再由檔案系統(file system)202發出一進行讀取結果(加密資料)命令,其內容為一特殊地址的讀取命令,該特殊地址係位於保留區2100之範圍中,而該非揮發性記憶體控制器212中之韌體2120辨識出該特殊地址時,便可將暫存於非揮發性記憶體控制器212的記憶體中加密資料回傳至主機,藉此避免非揮發性記憶體裝置210的過度使用而縮短壽命。
Of course, it is also possible to choose not to perform the step of "the
另外,如圖7所示之流程時序示意圖,本案所運用的單一指令週期之單一指令,除了上述之特殊地址之特定資料的寫入命令外,當然還可以選用如圖中所示之特殊地址之資料讀取命令。首先,主機20發出一帶有特殊地址之資料讀取命令至非揮發性記憶體控制器212,非揮發性記憶體控制器212的韌體2120可以辨識出該特殊地址,進而因應該資料讀取命令之觸發來對安全晶片211進行特定資訊(例如是韌體版本)的讀取,讀取成功後安全晶片211將對非揮發性記憶體控制器212發出圖中虛線所示之特定資訊讀取完成之信號,而非揮發性記憶體控制器212再因應該讀取完成之信號而於非揮發性記憶體裝置210中寫入讀取到之特定資訊(例如是韌體版本),並回復該主機20一個資料讀取命令完成的信號。當然,單一指令週期之單一指令也可以是其他類似的資料存取命令,在此就不再贅述。
In addition, as shown in the schematic diagram of the flow sequence in Figure 7, the single command of a single command cycle used in this case, in addition to the above-mentioned command to write specific data at a special address, of course, the special address shown in the figure can also be selected. Data read command. First, the
再請參見圖8之流程時序示意圖,其內容是與圖5c之類似的與該安全晶片211進行互動的相關程序,首先,主機20發出一具有一特殊動態地址的寫入命令至非揮發性記憶體控制器212,該特殊動態地址可以是動態地從符合一特
定公式的多個多位元數字中擇一,主要是可以讓韌體2120能快速辨識且具有獨特性即可。非揮發性記憶體控制器212因應符合該特定公式之該特殊動態地址的該寫入命令的觸發,便可對安全晶片211進行特定資訊(例如是韌體版本)的讀取,讀取成功後安全晶片211將對非揮發性記憶體控制器212發出圖中虛線所示之讀取完成之信號,讀取到之特定資訊(例如是韌體版本)暫存於非揮發性記憶體控制器212的記憶體中,並回復該主機20一個寫入完成的信號,然後再由檔案系統(file system)202發出一進行讀取結果(韌體版本)命令,其內容為一特殊地址的讀取命令,該特殊地址係位於保留區2100之範圍中,而該非揮發性記憶體控制器212中之韌體2120辨識出該特殊地址時,便可將暫存於非揮發性記憶體控制器212的記憶體中資料(例如是韌體版本)傳回至主機,藉此避免非揮發性記憶體裝置210的過度使用而縮短壽命。
Referring again to the schematic diagram of the flow sequence of Figure 8, its content is similar to that of Figure 5c and the relevant program for interacting with the
本案的非揮發性記憶體210可以是快閃記憶體(Flash memory)或是其他類似的記憶體,而非揮發性記憶體控制器212便可以是快閃記憶體控制器(Flash memory controller)。而非揮發性記憶體控制器212中之韌體2120與安全晶片211間可以是以序列周邊介面協定(SPI Protocol)等全雙工的通訊匯流排來進行通訊。全雙工通訊代表資料流為雙向,可以在傳送資料的同時也接收資料。因此也較傳統的ISO-7816的智慧卡通訊協定有更快的傳輸速度。
The
綜上所述,雖然本發明以實施例揭露如上,但並非用以限定本發明。本發明所屬技術領域中具有通常知識者,在不脫離本發明之技術精神和範圍內,當可作各種之更動與潤飾。因此,本發明之保護範圍當視後附之申請專利範圍請求項所界定者為準。 To sum up, although the present invention is disclosed above with the embodiments, it is not intended to limit the present invention. Those with ordinary knowledge in the technical field of the present invention can make various changes and modifications without departing from the technical spirit and scope of the present invention. Therefore, the scope of protection of the present invention should be defined by the appended patent claims.
20:主機 20: Host
21:記憶卡裝置 21:Memory card device
210:非揮發性記憶體裝置 210: Non-volatile memory device
211:安全晶片 211: Security chip
212:非揮發性記憶體控制器 212: Non-volatile memory controller
2120:韌體 2120:Firmware
201:應用程式 201: Application
202:檔案系統 202: File system
2100:保留區 2100: reserved area
2101:正規資料儲存區 2101: formal data storage area
Claims (20)
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2021176738A JP7284796B2 (en) | 2020-10-30 | 2021-10-28 | Secure memory card and its control method |
US17/513,110 US11886734B2 (en) | 2020-10-30 | 2021-10-28 | Secure memory card and control method thereof |
CN202111268035.XA CN114064559A (en) | 2020-10-30 | 2021-10-29 | Memory card device for ensuring information safety and chip control method applied therein |
EP21205460.5A EP3992830A1 (en) | 2020-10-30 | 2021-10-29 | Secure memory card and control method thereof |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109137770 | 2020-10-30 | ||
TW109137770 | 2020-10-30 |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202217573A TW202217573A (en) | 2022-05-01 |
TWI789082B true TWI789082B (en) | 2023-01-01 |
Family
ID=82558789
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW110139996A TWI789082B (en) | 2020-10-30 | 2021-10-28 | Secure memory card and control method thereof |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI789082B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8127368B2 (en) * | 1999-04-27 | 2012-02-28 | Panasonic Corporation | Semiconductor memory card and data reading apparatus, and data reading/reproducing apparatus |
US8219824B2 (en) * | 2007-06-29 | 2012-07-10 | Phison Electronics Corp. | Storage apparatus, memory card accessing apparatus and method of reading/writing the same |
TWI468940B (en) * | 2010-12-29 | 2015-01-11 | Sony Corp | Information storage apparatus, information processing method, and computer readable medium |
CN109241786A (en) * | 2018-10-08 | 2019-01-18 | 赵建和 | A kind of independent flash card |
TW202028991A (en) * | 2019-01-30 | 2020-08-01 | 旺宏電子股份有限公司 | Memory chip having security function and memory device |
-
2021
- 2021-10-28 TW TW110139996A patent/TWI789082B/en active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8127368B2 (en) * | 1999-04-27 | 2012-02-28 | Panasonic Corporation | Semiconductor memory card and data reading apparatus, and data reading/reproducing apparatus |
US8219824B2 (en) * | 2007-06-29 | 2012-07-10 | Phison Electronics Corp. | Storage apparatus, memory card accessing apparatus and method of reading/writing the same |
TWI468940B (en) * | 2010-12-29 | 2015-01-11 | Sony Corp | Information storage apparatus, information processing method, and computer readable medium |
CN109241786A (en) * | 2018-10-08 | 2019-01-18 | 赵建和 | A kind of independent flash card |
TW202028991A (en) * | 2019-01-30 | 2020-08-01 | 旺宏電子股份有限公司 | Memory chip having security function and memory device |
Also Published As
Publication number | Publication date |
---|---|
TW202217573A (en) | 2022-05-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11662918B2 (en) | Wireless communication between an integrated circuit memory device and a wireless controller device | |
US8627100B2 (en) | Separate type mass data encryption/decryption apparatus and implementing method therefor | |
JP6985011B2 (en) | Equipment and methods for ensuring access protection schemes | |
CN101853417B (en) | Working method and system of CF (Compact Flash) interface information safety equipment | |
TWI472927B (en) | Method for dispatching and transmitting data stream, memory controller and memory storage apparatus | |
TWI451248B (en) | Data protecting method, memory controller and memory storage apparatus | |
US20120124380A1 (en) | Usb composite device and method therefor | |
TWI454912B (en) | Data processing method, memory controller and memory storage device | |
US8812756B2 (en) | Method of dispatching and transmitting data streams, memory controller and storage apparatus | |
US8266713B2 (en) | Method, system and controller for transmitting and dispatching data stream | |
TWI430104B (en) | Method for dispatching and transmitting data stream, memory controller and memory storage apparatus | |
TWI521345B (en) | Method for reading response and data transmission system | |
TWI789082B (en) | Secure memory card and control method thereof | |
US8276188B2 (en) | Systems and methods for managing storage devices | |
CN114064559A (en) | Memory card device for ensuring information safety and chip control method applied therein | |
KR100574234B1 (en) | External memory card insertable secure data storage apparatus with usb interface, and storing method thereof | |
CN110069934B (en) | Memory storage system, host system verification method and memory storage device | |
KR101722159B1 (en) | Secure memory card | |
CN112084524A (en) | USB flash disk access method and USB flash disk | |
KR20020086444A (en) | Combination type usb drive having storage and operation function | |
KR101023100B1 (en) | Device for USB Banking | |
JP2008059380A (en) | Storage medium | |
JP3118160U (en) | Memory card with personal authentication function | |
KR100832820B1 (en) | Devices for Electronic Disk and Recording Medium | |
TWI424330B (en) | Limit the way files are accessed |