WO2007104092A1 - A method and arrangement for providing write protection for a storage device - Google Patents

A method and arrangement for providing write protection for a storage device Download PDF

Info

Publication number
WO2007104092A1
WO2007104092A1 PCT/AU2007/000300 AU2007000300W WO2007104092A1 WO 2007104092 A1 WO2007104092 A1 WO 2007104092A1 AU 2007000300 W AU2007000300 W AU 2007000300W WO 2007104092 A1 WO2007104092 A1 WO 2007104092A1
Authority
WO
WIPO (PCT)
Prior art keywords
storage device
command
write
circuit
arrangement
Prior art date
Application number
PCT/AU2007/000300
Other languages
French (fr)
Inventor
David Perriman
Brian Johnson
David Spicer
Mark Philips
Original Assignee
Stargames Corporation Pty Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2006901335A external-priority patent/AU2006901335A0/en
Application filed by Stargames Corporation Pty Limited filed Critical Stargames Corporation Pty Limited
Publication of WO2007104092A1 publication Critical patent/WO2007104092A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1416Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights
    • G06F12/1425Protection against unauthorised use of memory or access to memory by checking the object accessibility, e.g. type of access defined by the memory independently of subject rights the protection being physical, e.g. cell, word, block
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0706Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment
    • G06F11/0727Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation the processing taking place on a specific hardware platform or in a specific software environment in a storage system, e.g. in a DASD or network based storage system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/0703Error or fault processing not based on redundancy, i.e. by taking additional measures to deal with the error or fault not making use of redundancy in operation, in hardware, or in data representation
    • G06F11/0766Error or fault reporting or storing
    • G06F11/0772Means for error signaling, e.g. using interrupts, exception flags, dedicated error registers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories

Definitions

  • This invention relates to a method and arrangement for providing write protection for a storage device.
  • the invention is applicable to compact flash memories, but can be utilized with other types of storage device, including ATA (Advanced Technology Attachment) (also known as IDE (Intelligent/Integrated Drive Electronics) and SATA (Serial ATA)) storage devices.
  • ATA Advanced Technology Attachment
  • IDE Intelligent/Integrated Drive Electronics
  • SATA Serial ATA
  • Storage devices can be totally write protected or can have protected data in specific locations, and the remaining locations may be used for data which can be overwritten.
  • US4388695 describes a hardware circuit for protecting against the accidental writing in an area of memory which contains critical data.
  • predetermined memory access cycles which include, for example, the writing of predetermined data at a predetermined address.
  • the hardware After detection of such a "fictitious" write cycle, the hardware allows the next write cycle to access the critical data memory area.
  • This invention controls the RAV input of a RAM, and allows a single write cycle in the protected data area.
  • US5721872 describes an information processing apparatus with a write protection function for a target storage area which includes a holding section for a write enable flag for indicating whether writing is to be permitted to the target storage area, and a write control section for permitting an intended write operation to the target storage area when the write enable flag held by the holding section indicates the same is to be permitted.
  • the apparatus further includes a setting section for setting the write enable flag in the holding section when a dummy write instruction is executed for a command address, and a resetting section for resetting the write enable flag in the holding section when the intended write operation to the target storage area is executed.
  • the resetting section may further include a section for resetting the write enable flag in the holding section when a predetermined number of instructions or bus cycles are executed after the dummy write instruction.
  • US5751998 describes a memory mapping and module enabling circuit for allowing logical 128 kbyte memory blocks to be defined for any location in any module connected to a memory system.
  • a RAM is addressed by the system address lines defining 128 kbyte blocks, with the output data providing the row address strobe enable signals for a particular memory module and the address values necessary to place the 128 kbyte block within the module.
  • Various other parameters such as write protect status and memory location are also provided by the RAM.
  • the RAM is only programmed once, with modifications to the RAM- provided write protect status and memory location values being made based on write protect and relocation status information contained in a separate register.
  • US5802583 describes a system and method for selective write protection for a non- volatile memory device which comprises a superset of the existing JEDEC 21 -C standard and in which user definable portions of a non- volatile memory device can be write protected instead of only the entire device.
  • This write-protection technique can be enabled or disabled dynamically as determined by a user.
  • US6611904 describes a memory system with a memory array having a plurality of memory locations; a plurality of write ports for writing to the memory array; write protection circuitry for preventing more than one memory location from being addressed at the same time in a write operation, the write protection circuitry providing one write enable signal for each write port, the write enable signals being applied to the memory array; and circuitry for controlling the timing of the application of the write enable signals to the memory array, the circuitry for controlling the timing being upstream of the write protection circuitry.
  • US6202012 describes a device installed in a computer system for protecting the program or data inside a programmable non-volatile memory.
  • the device includes a first and a second combinatorial logic circuit, a delay circuit, a low-enable latching device with reset capability, an AND gate and " a memory cell array.
  • a specified memory read/write program that matches the preset internal parameters of a logic circuit is activated so that output from the AND gate is a logic "false"
  • the memory cell array is permanently locked in a non-programmable state, unless the power is turned off and then restarted again.
  • US6488581 describes a mass storage data protection system for use with a mass storage device in a gaming machine to protect the mass storage device from unauthorized commands.
  • the mass storage data protection system includes a mass storage device command latch, a timing circuit for timing signals between the mass storage device command latch and the mass storage device, a comparator and a comparator command register in communication with the comparator.
  • the comparator command register includes commands that generate a fault within the mass storage data protection system such that when the comparator receives a command from the mass storage device command latch corresponding to the command within the comparator command register, a fault is generated within the mass storage command latch.
  • US20030005241 describes a write protect system including a write protect circuit that provides write protection for a protected register.
  • Write protect circuit detects whether or not a write sequence has been followed.
  • the write sequence includes first, second, and third commands.
  • First command includes write of data to a protected register.
  • Second command includes a write of inverted data to a protected register.
  • a third command includes a write of data to a protected register.
  • Write protect circuit only allows a write to a protected register if write sequence has been followed. In this way, a protected register is protected against erroneous writes and a system including a CPU has improved reliability.
  • US20030056070 describes a method of preventing unauthorized write access to a non-volatile memory using a secure write blocking circuit with enable and disable block input terminals coupled to a blocking circuit.
  • the blocking circuit e.g., a set/reset latch, generates a block signal to prevent write access to a nonvolatile memory device, such as flash memory, in response to signals provided to the enable and disable input terminals.
  • the secure write blocking circuit also includes an interrupt generator, coupled to the disable block input terminal, that generates an interrupt signal in response to a signal at the disable input terminal, hi one embodiment the secure write blocking circuit also includes a logic circuit, coupled to the blocking circuit, that receives the block signal and a write enable signal and in response thereto generates a control signal to a write enable input of the nonvolatile memory device.
  • US20030200411 describes a partitioned memory devices having writable areas and protected areas using file allocation tables, the invention is directed to reducing the amount of erasing and rewriting done on an EEPROM memory.
  • US 2006036804 describes a write protection access table which permits writing to portions of a memory while inhibiting writing to other portions of the memory.
  • WO2005029272 describes a mass storage protection arrangement which latches the write command in a store for subsequent lookup verification, and is adapted to answer some commands on behalf of the storage device. [016] It is an important requirement of many storage device applications that at least part of the storage device be protected against accidental or deliberate overwriting. The present invention is broadly applicable to storage device protection.
  • the invention provides a method for preventing writing to at least some portions of a storage device, the method including the steps of: detecting an unauthorized write command, and blocking the transmission of the unauthorized write command.
  • the method can also include the step of sending a command error message to a controller associated with the storage device.
  • the method can also include the step of capturing the error message by an associated application program.
  • the method can also include the step of creating a system management interrupt
  • the method can also include the step of recording the SMI by the system management module (SMM).
  • SMM system management module
  • a storage device protection arrangement including a write detect circuit and a command blocking circuit responsive to the detection of an unauthorized write command to block the write command from being applied to a storage device.
  • the write detection circuit can be a high speed logic circuit adapted to detect unauthorized write commands.
  • the blocking circuit can be a high speed switch adapted to be inserted in the input signal lines of a storage device.
  • the detector can hold a first error status for transmission to a controller to notify the controller of the termination of the unauthorized write command when requested by the controller.
  • the detector can transmit a second signal for transmission to the BIOS in the form of a System Management Interrupt (SMI).
  • SMI System Management Interrupt
  • the invention also encompasses a computer system including a controller and a storage device, and a write protection arrangement adapted to prevent unauthorized write commands from causing unauthorized write operations in the storage device.
  • the storage device can be a flash memory.
  • the storage device can be a compact flash memory.
  • the write protect arrangement can include a gate circuit arranged in the signal bus to block unauthorized write commands from reaching the storage device.
  • the detector circuit can be located in the signal bus upstream of the gate circuit.
  • the detector circuit can have its input bridging the bus upstream of the gate circuit.
  • the detector and gate can be implemented as hardware circuits.
  • the hardware circuits can be implemented using high speed components.
  • the hardware circuits can be incorporated, in a Programmable
  • PLD Logic Device
  • the storage device module can be a flash ATA storage device module including an integrated connector, such as a USB device.
  • Figure 1 is a block diagram illustrating an embodiment of the invention
  • Figure 2 is a block diagram representing a second embodiment of the invention.
  • Figure 3 is a block diagram representing a third embodiment of the invention.
  • Figure 4 illustrated the principle of a logic detector/gate arrangement.
  • Figure 5 in conjunction with Figure 4, illustrates an implementation of the
  • Figure 6 illustrates a write protection device adapted for use with a serial bus.
  • Figure 7 is a timing diagram showing the comparative operation of normally closed and normally open switches
  • Figure 8 is a flow diagram illustrating a process according to an embodiment of the invention.
  • the invention will be described with reference to a compact flash storage device in a gaming machine, an application in which it is imperative to maintain the integrity of the gaming machine programs, hi particular, such programs need to be protected from tampering.
  • the invention can be adapted to write protect a mass storage device or to write protect specified regions of a storage device.
  • Figure 1 illustrates an embodiment of the invention
  • Figure 8 illustrates a flow diagram of a process according to an embodiment of the invention.
  • Figure 1 is an illustrative block diagram of the significant components of an electronic gaming machine (EGM) showing relevant functions of the EGM.
  • EGM electronic gaming machine
  • a processor 120 controls a number of gaming interfaces, such as player interface 130, credit interface 1132, video interface 134, as well as communications interface 136 via bus 122.
  • a memory controller 102 controls a number of memory devices and ancillary registers such as mass storage device 104, cache 124, buffers and DRAMS 126, and hard disc 128.
  • the mass storage device 104 can be, for example a compact flash memory.
  • the mass storage device 104 is connected to the memory controller 102 via memory protection device 106.
  • the arrangement of Figure 1 includes a data storage controller 102, a mass storage device 104, and a write protection device 106 interconnected by a bus 101.
  • 103 is a system management interrupt (SMI) connection.
  • SI system management interrupt
  • the mass storage device 104 includes a status register 110.
  • the status register includes the addresses of the protected locations in the mass storage device 104.
  • the write protection device 106 contains an emulated status register 110' derived from the status register 110 of the storage device 104.
  • the status register 110 is emulated at 110' in the write protection device 106.
  • the commands from the data storage controller 101 are decoded in the write protection device 106 and prevented from passing to the mass storage device 104.
  • the write protection device 106 sets an error flag in the emulated mass storage device status register 110' when a write command is attempted, and this is passed to the application program so that it can tell that the write attempt has failed and handle the failure gracefully in the correct manner in accordance with the error handling procedure of the application.
  • a hardware SMI is generated on line 103 so that the event can be recorded by the system management mode (SMM) code.
  • the system management interrupt provides a basic input output system (BIOS) level monitoring system which is completely independent of and undetectable by the operating system and application program.
  • BIOS basic input output system
  • the system management module is loaded by the BIOS at boot or initial load time and cannot be altered without re-programming the BIOS chip.
  • the write protection device is bidirectional to permit transfer of data between the storage device and the processor.
  • the write protection can include upstream insertion circuitry to permit the
  • the operation of the protection device 106 is described with reference to the flow diagram of Figure 8.
  • the write protection device 106 decodes the command addresses at 802 and, at 804, compares it with the emulated status register 110'. In the hardware device 106, these two operations can occur concurrently. If the command address corresponds with a protected address of the storage device, the protection device prevents the write attempt from passing to the mass storage device 104 as shown at 808. Other commands pass through the write protection circuit 106 unaltered as shown at 806. [060] In one embodiment, an error process can be initiated if an unauthorized write attempt is detected, as shown at 810.
  • the write protection device sets a flag in the emulated status register 110' when an unauthorized write command is attempted and this is reported to the memory controller 102 by an abort response and can be captured by the application program as shown at 812. The application program can then handle the failure in accordance with the programmed procedure.
  • the application runs under the operating system.
  • the write operation is handled by the operating system, which will detect the failure and write the time, date and other relevant information to a log file.
  • the application can continue uninterrupted, however, the presence of an unauthorized write command indicates a significant error.
  • a separate process can be used to inspect the log file regularly and cause some sort of alarm or error condition.
  • the SMI event is intended to capture write attempts and log them in the same way as described above, either to a log file or to non volatile ram.
  • the SMI mechanism will detect write attempts whether an operating system is running or not. Since the SMI handler is part of the BIOS it operates at a very low level and is difficult to defeat.
  • a hardware system management interrupt (SMI) 103 can be generated by the protection circuitry 106 as shown at 814 and the SMI can be recorded by the system management mode (SMM) code as shown at 816.
  • SMI provides Basic Input Output System (BIOS) level monitoring independent of the operating system and application program. This monitoring function is undetectable by the application program and operating system.
  • BIOS Basic Input Output System
  • the SMM code is loaded by the BIOS at boot or initial load time and cannot be altered without re- programming the BIOS chip.
  • Figure 2 shows a further embodiment of the invention including a controller 202 and an ATA storage device 204 connected by a bus 201.
  • a detector circuit 206 and a gate circuit 208 are inserted in series in the bus 201.
  • the detector 206 is adapted to detect unauthorized write commands. When the detector detects an unauthorized write command, it sends a command to the gate circuit 208 causing the gate circuit to block the unauthorized write instruction from reaching the ATA storage device 204.
  • the detector circuit 206 can also send an abort command to the controller 202 notifying the controller of the blocking of the write command.
  • the abort command can be transmitted via bus 201.
  • a link 203 can be provided between the detector 206 and the controller 202.
  • the detector is connected to at least those bus lines which carry the write commands so that , in the case where the whole ATA storage device is to be protected, the detection of a write command by the detector 206 is used to trigger the gate 208 to block the write command.
  • bus 201 is a serial bus
  • the detector of necessity sees all the commands on the bus.
  • the detector 206 is arranged to detect a write command directed to the protected locations. Thus the detector 206 detects both a write command and the address to which the write command is directed.
  • the detector 206 and gate 208 can be implemented in hardware.
  • the detector is a logic array circuit which is configured to detect unauthorized write commands.
  • the detector and gate can be implemented in high speed integrated circuit technology.
  • Figure 3 shows an alternative embodiment in which the detector 306 shunts the bus rather than being in series in the bus.
  • the detector 306 is connected to the gate circuit 308 by line 305.
  • detector 306 detects an unauthorized write command, it causes the gate 308 to block the write command.
  • Figure 4 illustrates a simplified gate array which exemplifies the principle of the detector/gate combination. This figure is intended only to illustrate the mode of operation of a gate/detector arrangement, and a practical embodiment of the invention may use more than four lines, and a different logic protocol.
  • Figure 4 illustrates a four line detector/gate assembly 406/408 connected to a four line bus 401.
  • the bus 401 includes four lines 4011, 4012, 4013, 4014 to which the controller (not shown) is connected.
  • the storage device (not shown) can be connected to the output of the gates 4081 to 4084.
  • the detector 406 is an AND gate whose inputs have been programmed to detect the signal 1010 on the lines 4011, 4012, 4013, 4014 of bus 401. When this combination appears on the bus 401, the output of detector 406 goes to 1. This output is applied to the inverse inputs of each of the gates 4081, 4082, 4083, 4084 of the gate arrangement 408. Thus, when this signal 1010 is applied to the bus 401, the outputs of gates 4081, 4082, 4083, 4084 are set to 0, so the signal is blocked by the gates.
  • More than one signal combination can be detected by having additional detectors programmed to detect the wanted signals and then applying the detector outputs to an OR gate.
  • PLD Programmable logic devices
  • the status register 110 is emulated at 110' ( Figure 1) in the PLD.
  • Some operating systems may require that the signals be passed or blocked without significant delay, so that a bit is passed or blocked within that particular bit period.
  • the operation of the detector and gate must be sufficiently fast to meet this requirement. Accordingly, the detector/gate combination must be implemented in high speed logic where the "same bit period" requirement must be met. Such high speed detection is referred to herein as "on-the-flv”.
  • the gates are normally blocking, and only enable a command to pass when the command is not an UWC (unauthorized write command). As shown in Figure 7, this prevents the initial portion of the UWC from passing to the storage device before the gate can operate.
  • Figure 7 shows by way of example, four input address lines A, B, C, D. Lines A and C are shown with pulses of duration T P U LSE • Th e operating time of the gates is T S w • The lines A', B', C, D', are the corresponding outputs when the gates are normally blocking and the address A*(-B)*C*(-D) is a permitted address, where * is AND, and (-B) is "NOT B"). Lines A' and C have pulses of duration T P UL S E - Tsw • If the address were a forbidden address, the gates do not switch, and no signal appears at A', B', C, D'.
  • Figure 4 illustrates the "downstream” transmission direction from the processor to the storage device
  • Figure 5 illustrates the "upstream” direction.
  • a signal injection means 510 is also connected to the bus 401. This can be used, for example, to inject the "command aborted" message onto the bus for transmission to the processor. However, it is preferable that this message is not transmitted to the memory. In addition, it is desirable that there is no collision between the injected message from 510 and data from the memory.
  • the gates 5091 to 5094 are controllable by a signal on line 511 to block signals from the memory while 510 is injecting a message onto the bus 401.
  • the line 511, via terminal 512 is connected to the control line of the gates 4081 to 4081 via terminal 407. This ensures that the message injected by 510 is not sent to the memory.
  • Figure 6 illustrates an adaptation of the arrangement of Figure 4 for use with a serial bus.
  • a serial to parallel converter 660 converts the signals on the serial line from the processor to parallel format, whence they are treated as parallel signals as described with reference to Figure 4.
  • a parallel to serial converter 662 converts the signals back to serial format for transmission to the memory.
  • a similar arrangement can be used in the upstream direction to first convert serial signals from the memory to parallel format and reconvert to serial format after processing as described with reference to Figure 5.
  • a flash memory can be used as the storage device.
  • a data sheet describing the commands and programming procedure for such devices can be obtained from the supplier.
  • the invention provide a system in which a write protection logic device is inserted between the data storage controller and the mass storage device.
  • a mass storage device status register is emulated in the write protect logic hardware which enables the write protect logic to set an error flag in the emulated status register when a write command is attempted, and this is passed to the application program to inform it that the write has failed, so that the application program can handle the failure gracefully in the correct manner.
  • the storage device commands from the data storage controller which cause data to be written to the mass storage device are decoded by the write protection logic hardware which can prevent unauthorized write commands from passing to the mass storage device and cause an error (abort) to be reported to the data storage controller so the error is captured by the application program.
  • a hardware system management interrupt (SMI) is created so the event can be recorded by the system management module (SMM) code.
  • SMI system management interrupt
  • the write protect logic device decodes the command address and prevents write attempts from passing through the logic device while all other commands pass through unaltered.

Abstract

A write protection circuit includes an unauthorized write command detector (106), and a gate circuit (108) adapted to be inserted between a storage device controller (102) and a storage device (104), in which the unauthorized write command detector (106) detects unauthorized write commands and causes the gate circuit to block the unauthorized write commands from reaching the storage device. The gate circuit can be normally in a blocking state and passes commands only when a valid command is detected. The blocking circuit can generate error and SMI signals to notify the application and SMM of unauthorized write attempts.

Description

A Method and Arrangement for Providing Write Protection for a Storage Device
Field of the invention
[001] This invention relates to a method and arrangement for providing write protection for a storage device.
[002] The invention is applicable to compact flash memories, but can be utilized with other types of storage device, including ATA (Advanced Technology Attachment) (also known as IDE (Intelligent/Integrated Drive Electronics) and SATA (Serial ATA)) storage devices.
Background of the invention
[003] Storage devices can be totally write protected or can have protected data in specific locations, and the remaining locations may be used for data which can be overwritten.
[004] US4388695 describes a hardware circuit for protecting against the accidental writing in an area of memory which contains critical data. In order to access the critical data memory area during a write cycle, it is necessary first to control predetermined memory access cycles which include, for example, the writing of predetermined data at a predetermined address. After detection of such a "fictitious" write cycle, the hardware allows the next write cycle to access the critical data memory area. This invention controls the RAV input of a RAM, and allows a single write cycle in the protected data area.
[005] US5721872 describes an information processing apparatus with a write protection function for a target storage area which includes a holding section for a write enable flag for indicating whether writing is to be permitted to the target storage area, and a write control section for permitting an intended write operation to the target storage area when the write enable flag held by the holding section indicates the same is to be permitted. The apparatus further includes a setting section for setting the write enable flag in the holding section when a dummy write instruction is executed for a command address, and a resetting section for resetting the write enable flag in the holding section when the intended write operation to the target storage area is executed. The resetting section may further include a section for resetting the write enable flag in the holding section when a predetermined number of instructions or bus cycles are executed after the dummy write instruction.
[006] US5751998 describes a memory mapping and module enabling circuit for allowing logical 128 kbyte memory blocks to be defined for any location in any module connected to a memory system. A RAM is addressed by the system address lines defining 128 kbyte blocks, with the output data providing the row address strobe enable signals for a particular memory module and the address values necessary to place the 128 kbyte block within the module. Various other parameters such as write protect status and memory location are also provided by the RAM. The RAM is only programmed once, with modifications to the RAM- provided write protect status and memory location values being made based on write protect and relocation status information contained in a separate register.
[007] US5802583 describes a system and method for selective write protection for a non- volatile memory device which comprises a superset of the existing JEDEC 21 -C standard and in which user definable portions of a non- volatile memory device can be write protected instead of only the entire device. This write-protection technique can be enabled or disabled dynamically as determined by a user.
[008] US6611904 describes a memory system with a memory array having a plurality of memory locations; a plurality of write ports for writing to the memory array; write protection circuitry for preventing more than one memory location from being addressed at the same time in a write operation, the write protection circuitry providing one write enable signal for each write port, the write enable signals being applied to the memory array; and circuitry for controlling the timing of the application of the write enable signals to the memory array, the circuitry for controlling the timing being upstream of the write protection circuitry.
[009] US6202012 describes a device installed in a computer system for protecting the program or data inside a programmable non-volatile memory. The device includes a first and a second combinatorial logic circuit, a delay circuit, a low-enable latching device with reset capability, an AND gate and" a memory cell array. As soon as all the necessary system startup operations dictated by the BIOS program inside the memory cell array are executed and a specified memory read/write program that matches the preset internal parameters of a logic circuit is activated so that output from the AND gate is a logic "false", the memory cell array is permanently locked in a non-programmable state, unless the power is turned off and then restarted again.
[010] US6488581 describes a mass storage data protection system for use with a mass storage device in a gaming machine to protect the mass storage device from unauthorized commands. The mass storage data protection system includes a mass storage device command latch, a timing circuit for timing signals between the mass storage device command latch and the mass storage device, a comparator and a comparator command register in communication with the comparator. The comparator command register includes commands that generate a fault within the mass storage data protection system such that when the comparator receives a command from the mass storage device command latch corresponding to the command within the comparator command register, a fault is generated within the mass storage command latch.
[011] US20030005241 describes a write protect system including a write protect circuit that provides write protection for a protected register. Write protect circuit detects whether or not a write sequence has been followed. The write sequence includes first, second, and third commands. First command includes write of data to a protected register. Second command includes a write of inverted data to a protected register. A third command includes a write of data to a protected register. Write protect circuit only allows a write to a protected register if write sequence has been followed. In this way, a protected register is protected against erroneous writes and a system including a CPU has improved reliability.
[012] US20030056070 describes a method of preventing unauthorized write access to a non-volatile memory using a secure write blocking circuit with enable and disable block input terminals coupled to a blocking circuit. The blocking circuit, e.g., a set/reset latch, generates a block signal to prevent write access to a nonvolatile memory device, such as flash memory, in response to signals provided to the enable and disable input terminals. The secure write blocking circuit also includes an interrupt generator, coupled to the disable block input terminal, that generates an interrupt signal in response to a signal at the disable input terminal, hi one embodiment the secure write blocking circuit also includes a logic circuit, coupled to the blocking circuit, that receives the block signal and a write enable signal and in response thereto generates a control signal to a write enable input of the nonvolatile memory device.
[013] US20030200411 describes a partitioned memory devices having writable areas and protected areas using file allocation tables, the invention is directed to reducing the amount of erasing and rewriting done on an EEPROM memory.
[014] US 2006036804 describes a write protection access table which permits writing to portions of a memory while inhibiting writing to other portions of the memory.
[015] WO2005029272 describes a mass storage protection arrangement which latches the write command in a store for subsequent lookup verification, and is adapted to answer some commands on behalf of the storage device. [016] It is an important requirement of many storage device applications that at least part of the storage device be protected against accidental or deliberate overwriting. The present invention is broadly applicable to storage device protection.
[017] Any reference herein to known prior art does not, unless the contrary indication appears, constitute an admission that such prior art is commonly known by those skilled in the art to which the invention relates, at the priority date of this application.
Summary of the invention
[018] The invention provides a method for preventing writing to at least some portions of a storage device, the method including the steps of: detecting an unauthorized write command, and blocking the transmission of the unauthorized write command.
[019] In this manner, the write command can be prevented from being applied to the storage device.
[020] The method can also include the step of sending a command error message to a controller associated with the storage device.
[021] The method can also include the step of capturing the error message by an associated application program.
[022] The method can also include the step of creating a system management interrupt
(SMI).
[023] The method can also include the step of recording the SMI by the system management module (SMM).
[024] According to an embodiment of the invention, there is provided a storage device protection arrangement including a write detect circuit and a command blocking circuit responsive to the detection of an unauthorized write command to block the write command from being applied to a storage device.
[025] The write detection circuit can be a high speed logic circuit adapted to detect unauthorized write commands.
[026] The blocking circuit can be a high speed switch adapted to be inserted in the input signal lines of a storage device. [027] The detector can hold a first error status for transmission to a controller to notify the controller of the termination of the unauthorized write command when requested by the controller.
[028] The detector can transmit a second signal for transmission to the BIOS in the form of a System Management Interrupt (SMI).
[029] The invention also encompasses a computer system including a controller and a storage device, and a write protection arrangement adapted to prevent unauthorized write commands from causing unauthorized write operations in the storage device.
[030] The storage device can be a flash memory.
[031] The storage device can be a compact flash memory.
[032] The write protect arrangement can include a gate circuit arranged in the signal bus to block unauthorized write commands from reaching the storage device.
[033] The detector circuit can be located in the signal bus upstream of the gate circuit.
[034] The detector circuit can have its input bridging the bus upstream of the gate circuit.
[035] The detector and gate can be implemented as hardware circuits.
[036] The hardware circuits can be implemented using high speed components.
[037] In one embodiment, the hardware circuits can be incorporated, in a Programmable
Logic Device (PLD).
[038] The storage device module can be a flash ATA storage device module including an integrated connector, such as a USB device.
Brief description of the drawings
[039] An embodiment or embodiments of the present invention will now be described, by way of example only, with reference to the accompanying drawings, in which:
[040] Figure 1 is a block diagram illustrating an embodiment of the invention;
[041] Figure 2 is a block diagram representing a second embodiment of the invention;
[042] Figure 3 is a block diagram representing a third embodiment of the invention;
[043] Figure 4 illustrated the principle of a logic detector/gate arrangement. [044] Figure 5, in conjunction with Figure 4, illustrates an implementation of the
"upstream" portion of a bidirectional arrangement permitting signal injection.
[045] Figure 6 illustrates a write protection device adapted for use with a serial bus.
[046] Figure 7 is a timing diagram showing the comparative operation of normally closed and normally open switches
[047] Figure 8 is a flow diagram illustrating a process according to an embodiment of the invention.
Detailed description of the embodiment or embodiments
[048] The invention will be described with reference to a compact flash storage device in a gaming machine, an application in which it is imperative to maintain the integrity of the gaming machine programs, hi particular, such programs need to be protected from tampering. The invention can be adapted to write protect a mass storage device or to write protect specified regions of a storage device.
[049] Figure 1 illustrates an embodiment of the invention, and Figure 8 illustrates a flow diagram of a process according to an embodiment of the invention. Figure 1 is an illustrative block diagram of the significant components of an electronic gaming machine (EGM) showing relevant functions of the EGM.
[050] In Figure 1, a processor 120 controls a number of gaming interfaces, such as player interface 130, credit interface 1132, video interface 134, as well as communications interface 136 via bus 122. A memory controller 102 controls a number of memory devices and ancillary registers such as mass storage device 104, cache 124, buffers and DRAMS 126, and hard disc 128.
[051] The mass storage device 104 can be, for example a compact flash memory. The mass storage device 104 is connected to the memory controller 102 via memory protection device 106.
[052] The arrangement of Figure 1 includes a data storage controller 102, a mass storage device 104, and a write protection device 106 interconnected by a bus 101. 103 is a system management interrupt (SMI) connexion.
[053] The mass storage device 104 includes a status register 110. The status register includes the addresses of the protected locations in the mass storage device 104. The write protection device 106 contains an emulated status register 110' derived from the status register 110 of the storage device 104.
[054] In this embodiment, the status register 110 is emulated at 110' in the write protection device 106. The commands from the data storage controller 101 are decoded in the write protection device 106 and prevented from passing to the mass storage device 104. When commands which cause data to be written to protected locations of the mass storage device 104 are detected, the write protection device 106 sets an error flag in the emulated mass storage device status register 110' when a write command is attempted, and this is passed to the application program so that it can tell that the write attempt has failed and handle the failure gracefully in the correct manner in accordance with the error handling procedure of the application.
[055] An error is reported to the data storage controller 102, and the error is captured by the application program.
[056] A hardware SMI is generated on line 103 so that the event can be recorded by the system management mode (SMM) code. The system management interrupt provides a basic input output system (BIOS) level monitoring system which is completely independent of and undetectable by the operating system and application program. The system management module is loaded by the BIOS at boot or initial load time and cannot be altered without re-programming the BIOS chip.
[057] Preferably the write protection device is bidirectional to permit transfer of data between the storage device and the processor.
[058] The write protection can include upstream insertion circuitry to permit the
"command aborted" message to be inserted and sent to the processor without affecting the storage device.
[059] The operation of the protection device 106 is described with reference to the flow diagram of Figure 8. The write protection device 106 decodes the command addresses at 802 and, at 804, compares it with the emulated status register 110'. In the hardware device 106, these two operations can occur concurrently. If the command address corresponds with a protected address of the storage device, the protection device prevents the write attempt from passing to the mass storage device 104 as shown at 808. Other commands pass through the write protection circuit 106 unaltered as shown at 806. [060] In one embodiment, an error process can be initiated if an unauthorized write attempt is detected, as shown at 810. The write protection device sets a flag in the emulated status register 110' when an unauthorized write command is attempted and this is reported to the memory controller 102 by an abort response and can be captured by the application program as shown at 812. The application program can then handle the failure in accordance with the programmed procedure.
[061] The application runs under the operating system. The write operation is handled by the operating system, which will detect the failure and write the time, date and other relevant information to a log file. The application can continue uninterrupted, however, the presence of an unauthorized write command indicates a significant error. A separate process can be used to inspect the log file regularly and cause some sort of alarm or error condition.
[062] Similarly, the SMI event is intended to capture write attempts and log them in the same way as described above, either to a log file or to non volatile ram. The SMI mechanism will detect write attempts whether an operating system is running or not. Since the SMI handler is part of the BIOS it operates at a very low level and is difficult to defeat.
[063] Any write attempt indicates a serious system failure, and in both cases the unit would be shut down or enter a failure mode so that the casino management or a technician can investigate and rectify the problem. Writes to the device should never happen, so they are an indication that something is seriously wrong. The system of the present invention catches these events and handles them cleanly as described, whereas the prior solutions usually result in the system crashing.
[064] Further, a hardware system management interrupt (SMI) 103 can be generated by the protection circuitry 106 as shown at 814 and the SMI can be recorded by the system management mode (SMM) code as shown at 816. The SMI provides Basic Input Output System (BIOS) level monitoring independent of the operating system and application program. This monitoring function is undetectable by the application program and operating system. The SMM code is loaded by the BIOS at boot or initial load time and cannot be altered without re- programming the BIOS chip.
[065] Figure 2 shows a further embodiment of the invention including a controller 202 and an ATA storage device 204 connected by a bus 201. A detector circuit 206 and a gate circuit 208 are inserted in series in the bus 201. [066] The detector 206 is adapted to detect unauthorized write commands. When the detector detects an unauthorized write command, it sends a command to the gate circuit 208 causing the gate circuit to block the unauthorized write instruction from reaching the ATA storage device 204.
[067] The detector circuit 206 can also send an abort command to the controller 202 notifying the controller of the blocking of the write command. The abort command can be transmitted via bus 201. Alternatively, a link 203 can be provided between the detector 206 and the controller 202.
[068] In the case where the bus 201 is a multi-line bus, the detector is connected to at least those bus lines which carry the write commands so that , in the case where the whole ATA storage device is to be protected, the detection of a write command by the detector 206 is used to trigger the gate 208 to block the write command.
[069] Where the bus 201 is a serial bus, the detector of necessity sees all the commands on the bus.
[070] In the case where only specified locations in the ATA storage device 204 are protected, the detector 206 is arranged to detect a write command directed to the protected locations. Thus the detector 206 detects both a write command and the address to which the write command is directed.
[071] The detector 206 and gate 208 can be implemented in hardware. Preferably the detector is a logic array circuit which is configured to detect unauthorized write commands. The detector and gate can be implemented in high speed integrated circuit technology.
[072] In Figure 3, similar elements have similar numbers except that the number prefix changes to correspond with the figure number. Thus, for example, 202 in Figure 2 becomes 302 in Figure 3.
[073] Figure 3 shows an alternative embodiment in which the detector 306 shunts the bus rather than being in series in the bus. In this embodiment, the detector 306 is connected to the gate circuit 308 by line 305. Thus, when detector 306 detects an unauthorized write command, it causes the gate 308 to block the write command.
[074] Figure 4 illustrates a simplified gate array which exemplifies the principle of the detector/gate combination. This figure is intended only to illustrate the mode of operation of a gate/detector arrangement, and a practical embodiment of the invention may use more than four lines, and a different logic protocol.
[075] Figure 4 illustrates a four line detector/gate assembly 406/408 connected to a four line bus 401. The bus 401 includes four lines 4011, 4012, 4013, 4014 to which the controller (not shown) is connected. The storage device (not shown) can be connected to the output of the gates 4081 to 4084.
[076] The detector 406 is an AND gate whose inputs have been programmed to detect the signal 1010 on the lines 4011, 4012, 4013, 4014 of bus 401. When this combination appears on the bus 401, the output of detector 406 goes to 1. This output is applied to the inverse inputs of each of the gates 4081, 4082, 4083, 4084 of the gate arrangement 408. Thus, when this signal 1010 is applied to the bus 401, the outputs of gates 4081, 4082, 4083, 4084 are set to 0, so the signal is blocked by the gates.
[077] More than one signal combination can be detected by having additional detectors programmed to detect the wanted signals and then applying the detector outputs to an OR gate.
[078] hi a similar manner, signals from additional lines can be analysed and their outputs combined.
[079] This principle can be applied to busses with more than four lines. For example, the bus may have 64 lines. Programmable logic devices (PLD) can implement more complex arrangements than that illustrated in Figure 4, and, in an embodiment of the present invention, the status register 110 is emulated at 110' (Figure 1) in the PLD.
[080] Some operating systems may require that the signals be passed or blocked without significant delay, so that a bit is passed or blocked within that particular bit period. In this case, the operation of the detector and gate must be sufficiently fast to meet this requirement. Accordingly, the detector/gate combination must be implemented in high speed logic where the "same bit period" requirement must be met. Such high speed detection is referred to herein as "on-the-flv".
[081] In one embodiment of the invention, the gates are normally blocking, and only enable a command to pass when the command is not an UWC (unauthorized write command). As shown in Figure 7, this prevents the initial portion of the UWC from passing to the storage device before the gate can operate. Figure 7 shows by way of example, four input address lines A, B, C, D. Lines A and C are shown with pulses of duration TPULSE • The operating time of the gates is TSw • The lines A', B', C, D', are the corresponding outputs when the gates are normally blocking and the address A*(-B)*C*(-D) is a permitted address, where * is AND, and (-B) is "NOT B"). Lines A' and C have pulses of duration TPULSE - Tsw • If the address were a forbidden address, the gates do not switch, and no signal appears at A', B', C, D'.
[082] On the other hand, if A*(-B)*C*(-D) were a forbidden address and the gates were normally set to permit signals to pass, the output would be as shown in the lowest set of address lines A", B", C", D". A short pules of duration Tsw would appear on the lines A" and C", giving rise to the possibility of a false signal being transmitted to the storage device.
[083] Figures 4 & 5 can be combined to illustrate a bidirectional arrangement in which
Figure 4 illustrates the "downstream" transmission direction from the processor to the storage device, and Figure 5 illustrates the "upstream" direction.
[084] In Figure 5, the upstream signals from the memory are applied to gates 5091 to
5094 and then to the bus 401 which is connected to the processor.
[085] A signal injection means 510 is also connected to the bus 401. This can be used, for example, to inject the "command aborted" message onto the bus for transmission to the processor. However, it is preferable that this message is not transmitted to the memory. In addition, it is desirable that there is no collision between the injected message from 510 and data from the memory. Thus the gates 5091 to 5094 are controllable by a signal on line 511 to block signals from the memory while 510 is injecting a message onto the bus 401. hi addition, the line 511, via terminal 512 is connected to the control line of the gates 4081 to 4081 via terminal 407. This ensures that the message injected by 510 is not sent to the memory.
[086] Figure 6 illustrates an adaptation of the arrangement of Figure 4 for use with a serial bus. A serial to parallel converter 660 converts the signals on the serial line from the processor to parallel format, whence they are treated as parallel signals as described with reference to Figure 4. A parallel to serial converter 662 converts the signals back to serial format for transmission to the memory. A similar arrangement can be used in the upstream direction to first convert serial signals from the memory to parallel format and reconvert to serial format after processing as described with reference to Figure 5.
[087] A flash memory can be used as the storage device. A data sheet describing the commands and programming procedure for such devices can be obtained from the supplier. [088] As described above, the invention provide a system in which a write protection logic device is inserted between the data storage controller and the mass storage device. A mass storage device status register is emulated in the write protect logic hardware which enables the write protect logic to set an error flag in the emulated status register when a write command is attempted, and this is passed to the application program to inform it that the write has failed, so that the application program can handle the failure gracefully in the correct manner. The storage device commands from the data storage controller which cause data to be written to the mass storage device are decoded by the write protection logic hardware which can prevent unauthorized write commands from passing to the mass storage device and cause an error (abort) to be reported to the data storage controller so the error is captured by the application program. A hardware system management interrupt (SMI) is created so the event can be recorded by the system management module (SMM) code. The write protect logic device decodes the command address and prevents write attempts from passing through the logic device while all other commands pass through unaltered.
[089] Throughout the specification and claims, unless otherwise required by the context or expressly stated, terms which can be interpreted exclusively or inclusively are to be interpreted inclusively.
[090] It will be understood that the invention disclosed and defined herein extends to all alternative combinations of some or all of the individual features mentioned or evident from the text. All of these different combinations constitute various alternative aspects of the invention.
[091] While particular embodiments of this invention have been described, it will be evident to those skilled in the art that the present invention may be embodied in other specific forms without departing from the essential characteristics thereof. The present embodiments and examples are therefore to be considered in all respects as illustrative and not restrictive, and all modifications which would be obvious to those skilled in the art are therefore intended to be embraced therein.

Claims

Claims
1. A method for preventing writing to at least one portion of a storage device controlled by memory control means, the method including the steps of: intercepting commands upstream of the storage device; detecting an unauthorized write command; and inhibiting the transmission of the unauthorized write command to the storage device; passing other commands; wherein the steps of intercepting, detecting, inhibiting or passing are carried out on the fly.
2. A method as claimed in claim 1, including the steps of: blocking all commands; and unblocking the commands when no unauthorized write command is detected.
3. A method as claimed in claim 1 including the step of comparing the address of each command with a second status register emulating a first status register associated with the storage device to determine whether a command is an unauthorized write command.
4. A method as claimed claim 1 , include the step of sending a first abort message to the memory control means when an unauthorized write command is detected.
5. A .method as claimed in claim 4, including the step of sending a second abort message to the BIOS, and/or setting an error flag when an unauthorized write attempt is detected.
6. A method as claimed in claim 1, including the step of informing an application program which sent the unauthorized write command of the detection of the error.
7. A method as claimed in claim 4, including the step of recording the first abort message in a status register.
8. A storage device protection arrangement for preventing writing to at least one portion of a storage device controlled by memory control means, wherein the storage device includes a first status register, the protection arrangement including: a second status register emulating the first status register; a command recognition circuit adapted to compare command addresses with the second status register; and a command blocking circuit adapted to be located upstream of the storage device input; the blocking circuit being responsive to the detection by the recognition circuit of an unauthorized write command to inhibit the write command from being applied to a storage device.
9. An arrangement as claimed in claim 8, wherein the blocking circuit is normally in a blocking state, and is changed to a non-blocking state when the recognition circuit detects that an unauthorized write command is not present.
10. An arrangement as claimed in claim 8, wherein the recognition circuit is a high speed logic circuit adapted to detect unauthorized write commands, and the blocking circuit includes a high speed switch in the input command lines of a storage device.
11. An arrangement as claimed claim 8, wherein the recognition circuit generates a first error command for transmission to a controller to notify the controller of the termination of the unauthorized write command.
12. An arrangement as claimed in claim 8, wherein the recognition circuit sends an error message notifying the application software of the error.
13. An arrangement as claimed claim 8, wherein the recognition circuit generates a second command for transmission to the BIOS.
14. An arrangement as claimed in claim 8, wherein the storage device is a flash storage device.
15. An arrangement as claimed in claim 8, wherein the recognition circuit and blocking circuit are implemented as hardware circuit incorporated in programmable logic.
16. An arrangement as claimed in claim 15, wherein the programmable logic includes a flash memory module and an integrated connector, such as a USB device.
17. A computer system including a storage controller and a storage device, and a write protection arrangement as claimed in claim 8, the blocking circuit of the protection arrangement being located between the controller and the storage device.
18. A computer system as claimed in claim 17, wherein the write protect arrangement includes a gate circuit arranged in the command bus to block unauthorized write commands from reaching the storage device.
19. A computer system as claimed in claim 17, wherein the recognition circuit is located in the signal bus upstream of the gate circuit, and wherein the recognition circuit has its input bridging an input bus of the storage devices upstream of the gate circuit.
20. A gaming machine including a storage device protection arrangement as claimed in any one of claims 8 to 16.
PCT/AU2007/000300 2006-03-15 2007-03-09 A method and arrangement for providing write protection for a storage device WO2007104092A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2006901335A AU2006901335A0 (en) 2006-03-15 A method and arrangement for providing write protection for a storage device
AU2006901335 2006-03-15

Publications (1)

Publication Number Publication Date
WO2007104092A1 true WO2007104092A1 (en) 2007-09-20

Family

ID=38508962

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2007/000300 WO2007104092A1 (en) 2006-03-15 2007-03-09 A method and arrangement for providing write protection for a storage device

Country Status (1)

Country Link
WO (1) WO2007104092A1 (en)

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1993009495A1 (en) * 1991-11-05 1993-05-13 Australian Tech Support Pty. Ltd. Computer memory protection
WO1996038775A1 (en) * 1995-05-31 1996-12-05 Ast Research, Inc. A method and apparatus for limiting access to a nonvolatile memory device
US5912849A (en) * 1996-09-30 1999-06-15 Hitachi, Ltd. Write Protection for a non-volatile memory
US6148384A (en) * 1998-06-02 2000-11-14 Adaptec, Inc. Decoupled serial memory access with passkey protected memory areas
US6285583B1 (en) * 2000-02-17 2001-09-04 Advanced Micro Devices, Inc. High speed sensing to detect write protect state in a flash memory device
US20010055227A1 (en) * 2000-06-15 2001-12-27 Hidekazu Takata Semiconductor device and control device for use therewith
US20020040418A1 (en) * 2000-09-29 2002-04-04 Steven Bress Write protection for computer long-term memory devices
US20050259484A1 (en) * 2004-05-19 2005-11-24 Newell Russell D Systems and methods for write protection of non-volatile memory devices
AU2005202939A1 (en) * 2005-06-24 2006-08-03 Konami Gaming, Incorporated Data Protection System and Game Machine
US20060190675A1 (en) * 2005-01-27 2006-08-24 Kabushiki Kaisha Toshiba Control apparatus

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1993009495A1 (en) * 1991-11-05 1993-05-13 Australian Tech Support Pty. Ltd. Computer memory protection
WO1996038775A1 (en) * 1995-05-31 1996-12-05 Ast Research, Inc. A method and apparatus for limiting access to a nonvolatile memory device
US5912849A (en) * 1996-09-30 1999-06-15 Hitachi, Ltd. Write Protection for a non-volatile memory
US6148384A (en) * 1998-06-02 2000-11-14 Adaptec, Inc. Decoupled serial memory access with passkey protected memory areas
US6285583B1 (en) * 2000-02-17 2001-09-04 Advanced Micro Devices, Inc. High speed sensing to detect write protect state in a flash memory device
US20010055227A1 (en) * 2000-06-15 2001-12-27 Hidekazu Takata Semiconductor device and control device for use therewith
US20020040418A1 (en) * 2000-09-29 2002-04-04 Steven Bress Write protection for computer long-term memory devices
US20050259484A1 (en) * 2004-05-19 2005-11-24 Newell Russell D Systems and methods for write protection of non-volatile memory devices
US20060190675A1 (en) * 2005-01-27 2006-08-24 Kabushiki Kaisha Toshiba Control apparatus
AU2005202939A1 (en) * 2005-06-24 2006-08-03 Konami Gaming, Incorporated Data Protection System and Game Machine

Similar Documents

Publication Publication Date Title
AU2005246819B2 (en) Systems and methods for write protection of non-volatile memory devices
EP0851358B1 (en) Processing system security
US5144660A (en) Securing a computer against undesired write operations to or read operations from a mass storage device
US4812675A (en) Security element circuit for programmable logic array
EP2294526B1 (en) A method for secure data reading and a data handling system
US9274573B2 (en) Method and apparatus for hardware reset protection
US5682496A (en) Filtered serial event controlled command port for memory
US20210117109A1 (en) Transparently Attached Flash Memory Security
US5721877A (en) Method and apparatus for limiting access to nonvolatile memory device
US6499092B1 (en) Method and apparatus for performing access censorship in a data processing system
US20030056070A1 (en) Secure write blocking circuit and method for preventing unauthorized write access to nonvolatile memory
US6883075B2 (en) Microcontroller having embedded non-volatile memory with read protection
US7657722B1 (en) Method and apparatus for automatically securing non-volatile (NV) storage in an integrated circuit
US20040010702A1 (en) Secure system firmware by disabling read access to firmware ROM
CN110968254A (en) Partition protection method and device for nonvolatile memory
US7330979B1 (en) Method for protecting the processing of sensitive information in a monolithic security module, and associate security module
WO1998012623A1 (en) Single port first-in-first-out (fifo) storage device having over-write protection and diagnostic capabilities
WO2007104092A1 (en) A method and arrangement for providing write protection for a storage device
WO2005029272A2 (en) Method and device for data protection and security in a gaming machine
US4651323A (en) Fault protection flip flop
CN112947861A (en) Data reading method of storage device and electronic device system
JP2003203012A (en) Microcomputer device
JP2793623B2 (en) emulator
TW202112114A (en) Security monitoring of spi flash
JPH11282699A (en) Data transmission protecting method and data transmitting device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07710556

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07710556

Country of ref document: EP

Kind code of ref document: A1