CN105868643A - Data protection method, memory control circuit unit and memory storage device - Google Patents
Data protection method, memory control circuit unit and memory storage device Download PDFInfo
- Publication number
- CN105868643A CN105868643A CN201510024806.9A CN201510024806A CN105868643A CN 105868643 A CN105868643 A CN 105868643A CN 201510024806 A CN201510024806 A CN 201510024806A CN 105868643 A CN105868643 A CN 105868643A
- Authority
- CN
- China
- Prior art keywords
- encryption
- memory
- decryption key
- identification code
- control circuit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
本发明提供一种数据保护方法、存储器控制电路单元及存储器存储装置。数据保护方法包括:通过无线通信网络与电子装置建立安全通道;通过建立在无线通信网络上的安全通道取得识别码;使用识别码来获取加解密金钥并且将加解密金钥存储于缓冲存储器中;使用加解密金钥解码从可复写式非易失性存储器模块中读取的数据,其中可复写式非易失性存储器模块的数据以加解密金钥来被加密;检测是否从建立于无线通信网络上的安全通道接收到来自于电子装置的确认信号;倘若在预定时间内未接收到来自于电子装置的确认信号,清除存储于缓冲存储器中的加解密金钥。
The present invention provides a data protection method, a memory control circuit unit and a memory storage device. The data protection method includes: establishing a secure channel with an electronic device through a wireless communication network; obtaining an identification code through the secure channel established on the wireless communication network; using the identification code to obtain an encryption and decryption key and storing the encryption and decryption key in a buffer memory; using the encryption and decryption key to decode data read from a rewritable non-volatile memory module, wherein the data of the rewritable non-volatile memory module is encrypted with the encryption and decryption key; detecting whether a confirmation signal from the electronic device is received from the secure channel established on the wireless communication network; if a confirmation signal from the electronic device is not received within a predetermined time, clearing the encryption and decryption key stored in the buffer memory.
Description
技术领域technical field
本发明是有关于一种用于可复写式非易失性存储器模块的数据保护方法、存储器控制电路单元及存储器存储装置。The invention relates to a data protection method for a rewritable non-volatile memory module, a memory control circuit unit and a memory storage device.
背景技术Background technique
U盘是一种数据存储设备,其一般是以快闪存储器作为存储媒体。快闪存储器是一种电气抹除式可编程只读存储器(Electrically ErasableProgrammable Read Only Memory,简称EEPROM),其具有可写入、可抹除、以及断电后仍可保存数据的优点。此外,快闪存储器为非易失性存储器(Non-Volatile Memory)的一种,其具有体积小、存取速度快、耗电量低的优点,且因其数据抹除(Erasing)时是采用“一次一个块”(Block by Block)的抹除方式,所以具有操作速度快的优点。由于U盘体积小容量大且携带方便,因此已广泛用于个人数据的存储。然而,当U盘不小心遗失时,其所存储的大量数据也可能随之被盗用。U disk is a kind of data storage device, and it generally uses flash memory as storage medium. Flash memory is a kind of Electrically Erasable Programmable Read Only Memory (EEPROM for short), which has the advantages of being writable, erasable, and able to save data after power failure. In addition, flash memory is a kind of non-volatile memory (Non-Volatile Memory), which has the advantages of small size, fast access speed, and low power consumption, and because of its data erasing (Erasing) uses "One block at a time" (Block by Block) erase method, so it has the advantage of fast operation speed. Due to its small size, large capacity and easy portability, the USB flash drive has been widely used for personal data storage. However, when the U disk is accidentally lost, a large amount of data stored therein may also be stolen.
为了解决以上问题,厂商开发了无线相容认证(Wireless Fidelity,简称WiFi)U盘及安全数字(Secure Digital,简称SD)卡、Wi-Fi无线读卡机或无线外接式硬盘盒等产品,其可设立个人Wi-Fi保护存取(Wi-Fi Protected AccessPersonal,简称WPA-Personal)等安全机制,但在此机制中各装置之间都是使用共享金钥方式来进行连线,因此每位在分享网络的用户都可在连线中窃取或窜改他人数据。基于上述,如何在无线通信网络环境下确保存储器存储装置的安全性是本领域中待解决的问题。In order to solve the above problems, manufacturers have developed wireless compatibility certification (Wireless Fidelity, referred to as WiFi) U disk and secure digital (Secure Digital, referred to as SD) card, Wi-Fi wireless card reader or wireless external hard disk box and other products. Security mechanisms such as Wi-Fi Protected Access Personal (WPA-Personal for short) can be set up, but in this mechanism, all devices use a shared key to connect, so everyone in the Users who share the network can steal or tamper with other people's data during the connection. Based on the above, how to ensure the security of the memory storage device in the wireless communication network environment is a problem to be solved in this field.
发明内容Contents of the invention
本发明提供一种数据保护方法、存储器控制电路单元及存储器存储装置,其利用建立于无线通信网络的安全通道传输识别码,并使用识别码产生加解密金钥来读取存储器存储装置,以提高存储器存储装置的安全性。The present invention provides a data protection method, a memory control circuit unit, and a memory storage device, which use a secure channel established in a wireless communication network to transmit an identification code, and use the identification code to generate an encryption and decryption key to read the memory storage device, so as to improve Security of memory storage devices.
本发明的一范例实施例提出一种数据保护方法,用于保护存储器存储装置中可复写式非易失性存储器模块的数据。本数据保护方法包括:通过无线通信网络与电子装置建立安全通道。本方法还包括:通过建立于无线通信网络上的安全通道取得识别码。本方法还包括:使用识别码来获取加解密金钥并且将加解密金钥存储于缓冲存储器中。本方法还包括:使用加解密金钥解码从可复写式非易失性存储器模块中读取的数据,其中可复写式非易失性存储器模块的数据以加解密金钥来被加密。本方法还包括:检测是否从建立于无线通信网络上的安全通道接收到来自于电子装置的确认信号。本方法还包括:倘若在预定时间内未接收到来自于电子装置的确认信号,清除存储于缓冲存储器中的加解密金钥。An exemplary embodiment of the present invention provides a data protection method for protecting data of a rewritable non-volatile memory module in a memory storage device. The data protection method includes: establishing a safe channel with an electronic device through a wireless communication network. The method also includes: obtaining the identification code through the secure channel established on the wireless communication network. The method also includes: using the identification code to obtain the encryption and decryption key and storing the encryption and decryption key in the buffer memory. The method further includes: using the encryption and decryption key to decode the data read from the rewritable non-volatile memory module, wherein the data of the rewritable non-volatile memory module is encrypted with the encryption and decryption key. The method further includes: detecting whether a confirmation signal from the electronic device is received through the secure channel established on the wireless communication network. The method further includes: if the confirmation signal from the electronic device is not received within a predetermined time, clearing the encryption and decryption key stored in the buffer memory.
在本发明的一实施例中,上述数据保护方法还包括:在清除存储于缓冲存储器中的加解密金钥之后,将存储器存储装置设定为无媒体状态。In an embodiment of the present invention, the above data protection method further includes: after clearing the encryption and decryption keys stored in the buffer memory, setting the memory storage device to a no-media state.
在本发明的一实施例中,上述通过建立于无线通信网络上的安全通道取得识别码的步骤包括:通过建立于无线通信网络上的安全通道取得从电子装置输入的识别码,其中电子装置为手持电子装置。In an embodiment of the present invention, the step of obtaining the identification code through the secure channel established on the wireless communication network includes: obtaining the identification code input from the electronic device through the secure channel established on the wireless communication network, wherein the electronic device is Handheld Electronic Devices.
在本发明的一实施例中,上述通过建立于无线通信网络上的安全通道取得识别码的步骤包括:通过建立于无线通信网络上的安全通道取得电子装置产生的识别码,其中电子装置为服务器并电性连接至无线网络存取点。In an embodiment of the present invention, the step of obtaining the identification code through the secure channel established on the wireless communication network includes: obtaining the identification code generated by the electronic device through the secure channel established on the wireless communication network, wherein the electronic device is a server and electrically connected to a wireless network access point.
在本发明的一实施例中,其中无线通信网络为蓝牙网络、无线相容性认证网络、近场通信网络或无线射频识别网络。In an embodiment of the present invention, the wireless communication network is a Bluetooth network, a wireless compatibility certification network, a near field communication network or a radio frequency identification network.
在本发明的一实施例中,上述使用识别码来获取加解密金钥并且将加解密金钥存储于缓冲存储器中的步骤包括:在可复写式非易失性存储器模块中存储个人识别码信息摘要及密钥。上述步骤还包括:使用单向杂凑函数产生对应识别码的信息摘要。上述步骤还包括:判断信息摘要与个人识别码信息摘要是否相符,其中当信息摘要及个人识别码信息摘要相符时,依据识别码使用加解密函数解码密钥以获得加解密金钥。In an embodiment of the present invention, the steps of using the identification code to obtain the encryption and decryption key and storing the encryption and decryption key in the buffer memory include: storing personal identification code information in a rewritable non-volatile memory module Digest and key. The above steps also include: using a one-way hash function to generate an information digest corresponding to the identification code. The above steps also include: judging whether the information summary matches the personal identification code information summary, wherein when the information summary and the personal identification code information summary match, according to the identification code, use the encryption and decryption function to decode the key to obtain the encryption and decryption key.
在本发明的一实施例中,上述在可复写式非易失性存储器模块中存储个人识别码信息摘要及密钥的步骤包括:初始地通过单向杂凑函数依据个人识别码产生个人识别码信息摘要。上述步骤还包括:初始地依据个人识别码使用加解密函数加密加解密金钥以产生密钥。In an embodiment of the present invention, the above-mentioned step of storing the personal identification code information summary and the key in the rewritable non-volatile memory module includes: initially generating the personal identification code information according to the personal identification code through a one-way hash function Summary. The above steps further include: initially encrypting the encryption and decryption key with an encryption and decryption function according to the personal identification code to generate a key.
在本发明的一实施例中,上述初始地依据个人识别码使用加解密函数加密加解密金钥以产生密钥的步骤包括:初始地以随机方式产生加解密金钥。In an embodiment of the present invention, the step of initially encrypting the encryption and decryption key using an encryption and decryption function according to the personal identification code to generate the key includes: initially generating the encryption and decryption key in a random manner.
在本发明的一实施例中,上述使用加解密金钥解码从可复写式非易失性存储器模块中读取的数据的步骤包括:依据加解密金钥使用加解密函数解码从可复写式非易失性存储器模块中读取的数据,其中可复写式非易失性存储器模块的数据依据加解密金钥使用加解密函数被加密。In an embodiment of the present invention, the above-mentioned step of decoding the data read from the rewritable non-volatile memory module using the encryption and decryption key includes: using the encryption and decryption function to decode the data read from the rewritable non-volatile memory module according to the encryption and decryption key. The data read from the volatile memory module, wherein the data of the rewritable non-volatile memory module is encrypted using an encryption and decryption function according to the encryption and decryption key.
本发明的一范例实施例提出一种存储器控制电路单元,用于控制可复写式非易失性存储器模块,其包括主机接口、存储器接口、存储器管理电路及无线通信接口。主机接口电性连接至主机系统。存储器接口电性连接至可复写式非易失性存储器模块。存储器管理电路电性连接至主机接口及存储器接口。无线通信接口电性连接至存储器管理电路。其中存储器控制电路单元通过无线通信接口以无线通信网络与电子装置建立安全通道。其中无线通信接口通过建立于无线通信网络上的安全通道取得识别码。其中存储器管理电路使用识别码来获取加解密金钥并且将加解密金钥存储于缓冲存储器中。其中存储器管理电路使用加解密金钥解码从可复写式非易失性存储器模块中读取的数据,其中可复写式非易失性存储器模块的数据以加解密金钥来被加密。其中无线通信接口检测是否从建立于无线通信网络上的安全通道接收到来自于电子装置的确认信号。其中,倘若无线通信接口在预定时间内未接收到来自于电子装置的确认信号,存储器管理电路清除存储于缓冲存储器中的加解密金钥。An exemplary embodiment of the present invention provides a memory control circuit unit for controlling a rewritable non-volatile memory module, which includes a host interface, a memory interface, a memory management circuit, and a wireless communication interface. The host interface is electrically connected to the host system. The memory interface is electrically connected to the rewritable non-volatile memory module. The memory management circuit is electrically connected to the host interface and the memory interface. The wireless communication interface is electrically connected to the memory management circuit. Wherein the memory control circuit unit establishes a secure channel with the electronic device through a wireless communication network through a wireless communication network. Wherein the wireless communication interface obtains the identification code through a safe channel established on the wireless communication network. Wherein the memory management circuit obtains the encryption and decryption key by using the identification code and stores the encryption and decryption key in the buffer memory. The memory management circuit decodes the data read from the rewritable non-volatile memory module using the encryption and decryption key, wherein the data of the rewritable non-volatile memory module is encrypted with the encryption and decryption key. Wherein the wireless communication interface detects whether the confirmation signal from the electronic device is received through the security channel established on the wireless communication network. Wherein, if the wireless communication interface does not receive the confirmation signal from the electronic device within a predetermined time, the memory management circuit clears the encryption and decryption key stored in the buffer memory.
在本发明的一实施例中,上述存储器管理电路在存储器管理电路清除存储于缓冲存储器中的加解密金钥之后,当存储器管理电路接收到主机系统的存取信号时,存储器管理电路传送无媒体信号到主机系统。In an embodiment of the present invention, after the memory management circuit clears the encryption and decryption keys stored in the buffer memory, when the memory management circuit receives an access signal from the host system, the memory management circuit transmits a no-media signal to the host system.
在本发明的一实施例中,上述无线通信网络为蓝牙网络、无线相容性认证网络、近场通信网络或无线射频识别网络。In an embodiment of the present invention, the wireless communication network is a Bluetooth network, a wireless compatibility certification network, a near field communication network or a radio frequency identification network.
在本发明的一实施例中,上述存储器管理电路在可复写式非易失性存储器模块中存储个人识别码信息摘要及密钥。上述存储器管理电路还使用单向杂凑函数产生对应识别码的信息摘要。上述存储器管理电路还判断信息摘要与个人识别码信息摘要是否相符,其中当信息摘要及个人识别码信息摘要相符时,存储器管理电路依据识别码使用加解密函数解码密钥以获得加解密金钥。In an embodiment of the present invention, the above-mentioned memory management circuit stores the personal identification code information summary and the key in the rewritable non-volatile memory module. The above memory management circuit also uses a one-way hash function to generate an information digest corresponding to the identification code. The above-mentioned memory management circuit also judges whether the information digest matches the personal identification code information digest, wherein when the information digest and the personal identification code information digest match, the memory management circuit uses the encryption and decryption function to decode the key according to the identification code to obtain the encryption and decryption key.
在本发明的一实施例中,上述存储器管理电路初始地依据个人识别码使用加解密函数加密加解密金钥以产生密钥。In an embodiment of the present invention, the memory management circuit initially encrypts the encryption and decryption key according to the personal identification code using an encryption and decryption function to generate a key.
本发明的一范例实施例提出一种存储器存储装置,其包括连接接口单元、可复写式非易失性存储器模块、存储器控制电路单元及无线通信接口。连接接口单元电性连接至主机系统。存储器控制电路单元电性连接至连接接口单元及可复写式非易失性存储器模块。无线通信接口电性连接至存储器控制电路单元。其中存储器控制单元通过无线通信接口以无线通信网络与电子装置电子装置建立安全通道。其中存储器控制电路单元通过建立于无线通信网络上的安全通道取得识别码。其中存储器控制电路单元使用识别码来获取加解密金钥并且将加解密金钥存储于缓冲存储器中。其中存储器控制电路单元使用加解密金钥解码从可复写式非易失性存储器模块中读取的数据,其中可复写式非易失性存储器模块的数据以加解密金钥来被加密。其中存储器控制电路单元检测是否从建立于无线通信网络上的安全通道接收到来自于电子装置的确认信号。其中,倘若存储器控制电路单元在预定时间内未接收到来自于电子装置的确认信号,存储器控制电路单元清除存储于缓冲存储器中的加解密金钥。An exemplary embodiment of the present invention provides a memory storage device, which includes a connection interface unit, a rewritable non-volatile memory module, a memory control circuit unit, and a wireless communication interface. The connection interface unit is electrically connected to the host system. The memory control circuit unit is electrically connected to the connection interface unit and the rewritable non-volatile memory module. The wireless communication interface is electrically connected to the memory control circuit unit. Wherein the memory control unit establishes a secure channel with the electronic device through the wireless communication interface through the wireless communication network. Wherein the memory control circuit unit obtains the identification code through the safe channel established on the wireless communication network. Wherein the memory control circuit unit obtains the encryption and decryption key by using the identification code and stores the encryption and decryption key in the buffer memory. The memory control circuit unit uses the encryption and decryption key to decode the data read from the rewritable non-volatile memory module, wherein the data of the rewritable non-volatile memory module is encrypted with the encryption and decryption key. Wherein the memory control circuit unit detects whether the confirmation signal from the electronic device is received from the secure channel established on the wireless communication network. Wherein, if the memory control circuit unit does not receive the confirmation signal from the electronic device within a predetermined time, the memory control circuit unit clears the encryption and decryption key stored in the buffer memory.
在本发明的一实施例中,上述存储器控制电路单元在存储器控制电路单元清除存储于缓冲存储器中的加解密金钥之后,当存储器控制电路单元接收到主机系统的存取信号时,存储器控制电路单元传送无媒体信号到主机系统。In an embodiment of the present invention, after the memory control circuit unit clears the encryption and decryption keys stored in the buffer memory, when the memory control circuit unit receives an access signal from the host system, the memory control circuit The unit transmits no media signal to the host system.
在本发明的一实施例中,上述存储器控制电路单元通过建立于无线通信网络上的安全通道取得从电子装置输入的识别码,其中电子装置为手持电子装置。In an embodiment of the present invention, the memory control circuit unit obtains the identification code input from the electronic device through a secure channel established on the wireless communication network, wherein the electronic device is a handheld electronic device.
在本发明的一实施例中,上述存储器控制电路单元通过建立于无线通信网络上的安全通道取得电子装置产生的识别码,其中电子装置为服务器并电性连接至无线网络存取点。In an embodiment of the present invention, the memory control circuit unit obtains the identification code generated by the electronic device through a secure channel established on a wireless communication network, wherein the electronic device is a server and is electrically connected to a wireless network access point.
在本发明的一实施例中,上述无线通信网络为蓝牙网络、无线相容性认证网络、近场通信网络或无线射频识别网络。In an embodiment of the present invention, the wireless communication network is a Bluetooth network, a wireless compatibility certification network, a near field communication network or a radio frequency identification network.
在本发明的一实施例中,上述存储器控制电路单元在可复写式非易失性存储器模块中存储个人识别码信息摘要及密钥。上述存储器控制电路单元还使用单向杂凑函数产生对应识别码的信息摘要。上述存储器控制电路单元还判断信息摘要与个人识别码信息摘要是否相符,其中当信息摘要及个人识别码信息摘要相符时,存储器管理电路依据识别码使用加解密函数解码密钥以获得加解密金钥。In an embodiment of the present invention, the above-mentioned memory control circuit unit stores the personal identification code information summary and the key in the rewritable non-volatile memory module. The memory control circuit unit also uses a one-way hash function to generate an information digest corresponding to the identification code. The above-mentioned memory control circuit unit also judges whether the information summary matches the personal identification code information summary, wherein when the information summary and the personal identification code information summary match, the memory management circuit uses the encryption and decryption function to decode the key according to the identification code to obtain the encryption and decryption key .
在本发明的一实施例中,上述存储器控制电路单元初始地依据个人识别码使用加解密函数加密加解密金钥以产生密钥。In an embodiment of the present invention, the memory control circuit unit initially encrypts the encryption and decryption key according to the personal identification code using an encryption and decryption function to generate the key.
在本发明的一实施例中,上述存储器控制电路单元初始地以随机方式产生加解密金钥。In an embodiment of the present invention, the memory control circuit unit initially generates encryption and decryption keys in a random manner.
在本发明的一实施例中,上述存储器控制电路单元依据加解密金钥使用加解密函数解码从复写式非易失性存储器模块中读取的数据,其中可复写式非易失性存储器模块的数据依据加解密金钥使用加解密函数被加密。In an embodiment of the present invention, the above-mentioned memory control circuit unit decodes the data read from the rewritable non-volatile memory module using an encryption and decryption function according to the encryption and decryption key, wherein the rewritable non-volatile memory module Data is encrypted using encryption and decryption functions based on encryption and decryption keys.
基于上述,本发明的数据保护方法通过建立于无线通信网络上的安全通道从电子装置取得识别码,使用识别码与预先存储于存储器存储装置中的密钥获取加解密金钥,并使用加解密金钥解码存储器存储装置的数据。若在预定时间内没有从安全通道接收到确认信号,可判断存储器存储装置已远离电子装置,则清除加解密金钥,并将存储器存储装置设定为无媒体状态。Based on the above, the data protection method of the present invention obtains the identification code from the electronic device through the secure channel established on the wireless communication network, uses the identification code and the key pre-stored in the memory storage device to obtain the encryption and decryption key, and uses the encryption and decryption The key decodes the data of the memory storage device. If no confirmation signal is received from the secure channel within a predetermined time, it can be judged that the memory storage device is far away from the electronic device, then the encryption and decryption key is cleared, and the memory storage device is set to a no-media state.
为让本发明的上述特征和优点能更明显易懂,下文特举实施例,并配合附图作详细说明如下。In order to make the above-mentioned features and advantages of the present invention more comprehensible, the following specific embodiments are described in detail with reference to the accompanying drawings.
附图说明Description of drawings
图1是根据本发明一范例实施例所示出的主机系统、存储器存储装置及电子装置;FIG. 1 shows a host system, a memory storage device and an electronic device according to an exemplary embodiment of the present invention;
图2是根据本发明一范例实施例所示出的主机系统与输入/输出装置的示意图;FIG. 2 is a schematic diagram of a host system and an input/output device according to an exemplary embodiment of the present invention;
图3是根据本发明一范例实施例所示出的主机系统与存储器存储装置的示意图;3 is a schematic diagram of a host system and a memory storage device according to an exemplary embodiment of the present invention;
图4是示出图1所示的存储器存储装置的概要方块图;FIG. 4 is a schematic block diagram showing the memory storage device shown in FIG. 1;
图5是根据本发明一范例实施例所示出的存储器控制电路单元的概要方块图;FIG. 5 is a schematic block diagram of a memory control circuit unit according to an exemplary embodiment of the present invention;
图6是根据本发明一范例实施例所示出的数据保护方法的流程图;FIG. 6 is a flowchart of a data protection method according to an exemplary embodiment of the present invention;
图7是根据本发明另一范例实施例所示出的数据保护方法的流程图。Fig. 7 is a flowchart of a data protection method according to another exemplary embodiment of the present invention.
附图标记说明:Explanation of reference signs:
1000:主机系统;1000: host system;
1100:计算机;1100: computer;
1102:微处理器;1102: microprocessor;
1104:随机存取存储器;1104: random access memory;
1106:输入/输出装置;1106: input/output device;
1108:系统总线;1108: system bus;
1110:数据传输接口;1110: data transmission interface;
1202:鼠标;1202: mouse;
1204:键盘;1204: keyboard;
1206:显示器;1206: display;
1208:打印机;1208: printer;
1212:U盘;1212: U disk;
1214:存储卡;1214: memory card;
1216:固态硬盘;1216: SSD;
1310:数码相机;1310: digital camera;
1312:SD卡;1312: SD card;
1314:MMC卡;1314: MMC card;
1316:记忆棒;1316: memory stick;
1318:CF卡;1318: CF card;
1320:嵌入式存储装置;1320: embedded storage device;
2000:电子装置;2000: electronic devices;
100:存储器存储装置;100: memory storage device;
102:连接接口单元;102: connect the interface unit;
104:存储器控制电路单元;104: memory control circuit unit;
106:可复写式非易失性存储器模块;106: a rewritable non-volatile memory module;
108:无线通信接口;108: wireless communication interface;
410(0)~410(N):实体抹除单元;410(0)~410(N): Entity erasing unit;
202:存储器管理电路;202: memory management circuit;
204:主机接口;204: host interface;
206:存储器接口;206: memory interface;
252:缓冲存储器;252: buffer memory;
254:电源管理电路;254: power management circuit;
256:错误检查与校正电路;256: error checking and correction circuit;
S602、S604、S606、S608、S610、S612、S702、S704、S706、S708、S710、S712、S714、S716:步骤。S602, S604, S606, S608, S610, S612, S702, S704, S706, S708, S710, S712, S714, S716: steps.
具体实施方式detailed description
一般而言,存储器存储装置(也称,存储器存储系统)包括可复写式非易失性存储器模块与控制器(也称,控制电路)。通常存储器存储装置是与主机系统一起使用,以使主机系统可将数据写入至存储器存储装置或从存储器存储装置中读取数据。Generally speaking, a memory storage device (also called a memory storage system) includes a rewritable non-volatile memory module and a controller (also called a control circuit). Typically memory storage devices are used with a host system such that the host system can write data to or read data from the memory storage device.
图1是根据本发明一范例实施例所示出的主机系统、存储器存储装置及电子装置。图2是根据本发明一范例实施例所示出的主机系统与输入/输出装置的示意图FIG. 1 shows a host system, a memory storage device and an electronic device according to an exemplary embodiment of the present invention. FIG. 2 is a schematic diagram of a host system and an input/output device according to an exemplary embodiment of the present invention
请参照图1,电子装置2000可为手机、平板计算机等可携式电子装置,通过无线网络与存储器存储装置100进行无线通信。电子装置2000也可为服务器,通过无线网络存取点与存储器存储装置100进行无线通信。然而,本发明并不以此为限,电子装置2000也可为其他具有无线通信网络功能的装置,通过无线网络与存储器存储装置100进行无线通信。Referring to FIG. 1 , the electronic device 2000 may be a portable electronic device such as a mobile phone or a tablet computer, and communicates wirelessly with the memory storage device 100 through a wireless network. The electronic device 2000 can also be a server, which communicates wirelessly with the memory storage device 100 through a wireless network access point. However, the present invention is not limited thereto, and the electronic device 2000 may also be other devices with a wireless communication network function, and perform wireless communication with the memory storage device 100 through a wireless network.
主机系统1000一般包括计算机1100与输入/输出(input/output,简称I/O)装置1106。计算机1100包括微处理器1102、随机存取存储器(random accessmemory,简称RAM)1104、系统总线1108与数据传输接口1110。输入/输出装置1106包括如图2的鼠标1202、键盘1204、显示器1206与打印机1208。必须了解的是,图2所示的装置非限制输入/输出装置1106,输入/输出装置1106可还包括其他装置。The host system 1000 generally includes a computer 1100 and an input/output (input/output, I/O for short) device 1106 . The computer 1100 includes a microprocessor 1102 , a random access memory (random access memory, RAM for short) 1104 , a system bus 1108 and a data transmission interface 1110 . The input/output device 1106 includes a mouse 1202 , a keyboard 1204 , a monitor 1206 and a printer 1208 as shown in FIG. 2 . It must be understood that the device shown in FIG. 2 is not limited to the input/output device 1106, and the input/output device 1106 may also include other devices.
在一范例实施例中,存储器存储装置100是通过数据传输接口1110与主机系统1000的其他元件电性连接。通过微处理器1102、随机存取存储器1104与输入/输出装置1106的运作可将数据写入至存储器存储装置100或从存储器存储装置100中读取数据。例如,存储器存储装置100可以是如图2所示的U盘1212、存储卡1214或固态硬盘(Solid State Drive,简称SSD)1216等的可复写式非易失性存储器存储装置。In an exemplary embodiment, the memory storage device 100 is electrically connected with other components of the host system 1000 through the data transmission interface 1110 . Data can be written into or read from the memory storage device 100 through the operation of the microprocessor 1102 , the random access memory 1104 and the input/output device 1106 . For example, the memory storage device 100 may be a rewritable non-volatile memory storage device such as a USB flash drive 1212, a memory card 1214, or a solid state drive (Solid State Drive, SSD for short) 1216 as shown in FIG. 2 .
图3是根据本发明一范例实施例所示出的主机系统与存储器存储装置的示意图。FIG. 3 is a schematic diagram of a host system and a memory storage device according to an exemplary embodiment of the present invention.
一般而言,主机系统1000为可实质地与存储器存储装置100配合以存储数据的任意系统。虽然在本范例实施例中,主机系统1000是以计算机系统来作说明,然而,在另一范例实施例中,主机系统1000可以是数码相机、摄影机、通信装置、音频播放器或视频播放器等系统。例如,在主机系统为数码相机(摄影机)1310时,可复写式非易失性存储器存储装置则为其所使用的安全数码(Secure Digital,简称SD)卡1312、多媒体存储卡(Multi Media Card,简称MMC)1314、记忆棒(memory stick)1316、小型快闪(Compact Flash,CF)卡1318或嵌入式存储装置1320(如图3所示)。嵌入式存储装置1320包括嵌入式多媒体卡(Embedded MMC,简称eMMC)。值得一提的是,嵌入式多媒体卡是直接电性连接在主机系统的基板上。In general, host system 1000 is any system that can cooperate substantially with memory storage device 100 to store data. Although in this exemplary embodiment, the host system 1000 is described as a computer system, however, in another exemplary embodiment, the host system 1000 may be a digital camera, video camera, communication device, audio player or video player, etc. system. For example, when the host system is a digital camera (video camera) 1310, the rewritable non-volatile memory storage device is a secure digital (Secure Digital, referred to as SD) card 1312, a multimedia memory card (Multi Media Card, MMC for short) 1314, memory stick (memory stick) 1316, compact flash (Compact Flash, CF) card 1318 or embedded storage device 1320 (as shown in FIG. 3 ). The embedded storage device 1320 includes an embedded multimedia card (Embedded MMC, eMMC for short). It is worth mentioning that the embedded multimedia card is directly electrically connected to the substrate of the host system.
图4是示出图1所示的存储器存储装置的概要方块图。FIG. 4 is a schematic block diagram showing the memory storage device shown in FIG. 1 .
请参照图4,存储器存储装置100包括连接接口单元102、存储器控制电路单元104、可复写式非易失性存储器模块106与无线通信接口108。在本范例实施例中,存储器存储装置100为U盘。但必须了解的是,在另一范例实施例中,存储器存储装置100也可以是存储卡或固态硬盘(Solid State Drive,简称SSD)。Referring to FIG. 4 , the memory storage device 100 includes a connection interface unit 102 , a memory control circuit unit 104 , a rewritable non-volatile memory module 106 and a wireless communication interface 108 . In this exemplary embodiment, the memory storage device 100 is a USB flash drive. But it must be understood that, in another exemplary embodiment, the memory storage device 100 may also be a memory card or a solid state drive (Solid State Drive, SSD for short).
在本范例实施例中,连接接口单元102是相容于通用串行总线(UniversalSerial Bus,简称USB)标准。然而,必须了解的是,本发明不限于此,连接接口单元102也可以是符合并行高级技术附件(Parallel Advanced TechnologyAttachment,简称PATA)标准、电气和电子工程师协会(Institute of Electricaland Electronic Engineers,简称IEEE)1394标准、高速外设互联接口(PeripheralComponent Interconnect Express,简称PCI Express)标准、串行高级技术附件(Serial Advanced Technology Attachment,简称SATA)标准、超高速一代(UltraHigh Speed-I,简称UHS-I)接口标准、超高速二代(Ultra High Speed-II,简称UHS-II)接口标准、安全数码(Secure Digital,简称SD)接口标准、记忆棒(Memory Stick,简称MS)接口标准、多媒体存储卡(Multi Media Card,简称MMC)接口标准、小型快闪(Compact Flash,简称CF)接口标准、整合式驱动电子接口(Integrated Device Electronics,简称IDE)标准或其他适合的标准。在本范例实施例中,连接接口单元102可与存储器控制电路单元104封装在一个芯片中,或布设于一包含存储器控制电路单元104的芯片外。In this exemplary embodiment, the connection interface unit 102 is compatible with the Universal Serial Bus (USB) standard. However, it must be understood that the present invention is not limited thereto, and the connection interface unit 102 may also be a device that complies with the Parallel Advanced Technology Attachment (PATA) standard, the Institute of Electrical and Electronic Engineers (IEEE) 1394 standard, Peripheral Component Interconnect Express (PCI Express for short) standard, Serial Advanced Technology Attachment (SATA for short) standard, Ultra High Speed-I (UHS-I for short) interface Standard, Ultra High Speed-II (UHS-II for short) interface standard, Secure Digital (SD for short) interface standard, Memory Stick (MS for short) interface standard, Multimedia memory card (Multi Media Card (MMC for short) interface standard, Compact Flash (CF for short) interface standard, Integrated Device Electronics (IDE for short) standard or other suitable standards. In this exemplary embodiment, the connection interface unit 102 and the memory control circuit unit 104 can be packaged in one chip, or arranged outside a chip including the memory control circuit unit 104 .
存储器控制电路单元104用以执行以硬件形式或固件形式实作的多个逻辑门或控制指令,并且根据主机系统1000的指令在可复写式非易失性存储器模块106中进行数据的写入、读取与抹除等操作。The memory control circuit unit 104 is used to execute a plurality of logic gates or control instructions implemented in the form of hardware or firmware, and write data in the rewritable non-volatile memory module 106 according to the instructions of the host system 1000, Read and erase operations.
可复写式非易失性存储器模块106是电性连接至存储器控制电路单元104,并且用以存储主机系统1000所写入的数据。可复写式非易失性存储器模块106具有实体抹除单元410(0)~410(N)。例如,实体抹除单元410(0)~410(N)可属于同一个存储器晶粒(die)或者属于不同的存储器晶粒。每一实体抹除单元分别具有复数个实体程序化单元,并且属于同一个实体抹除单元的实体程序化单元可被独立地写入且被同时地抹除。例如,每一实体抹除单元是由128个实体程序化单元所组成。然而,必须了解的是,本发明不限于此,每一实体抹除单元是可由64个实体程序化单元、256个实体程序化单元或其他任意个实体程序化单元所组成。The rewritable non-volatile memory module 106 is electrically connected to the memory control circuit unit 104 and used for storing data written by the host system 1000 . The rewritable non-volatile memory module 106 has physical erasing units 410(0)˜410(N). For example, the physical erase units 410(0)˜410(N) may belong to the same memory die or belong to different memory dies. Each physical erasing unit has a plurality of physical programming units, and the physical programming units belonging to the same physical erasing unit can be written independently and erased simultaneously. For example, each physical erasing unit is composed of 128 physical programming units. However, it must be understood that the present invention is not limited thereto, and each physical erasing unit may be composed of 64 physical programming units, 256 physical programming units, or any other number of physical programming units.
更具体来说,每一个实体抹除单元包括多条字符线与多条比特线,每一条字符线与每一条比特线交叉处配置有一个存储单元。每一个存储单元可存储一或多个比特。在同一个实体抹除单元中,所有的存储单元会一起被抹除。在此范例实施例中,实体抹除单元为抹除的最小单位。也即,每一实体抹除单元含有最小数目之一并被抹除的存储单元。例如,实体抹除单元为实体块。另一方面,同一个字符线上的存储单元会组成一或多个实体程序化单元。若每一个存储单元可存储2个以上的比特,则同一个字符线上的实体程序化单元可被分类为下实体程序化单元与上实体程序化单元。一般来说,下实体程序化单元的写入速度会大于上实体程序化单元的写入速度。在此范例实施例中,实体程序化单元为程序化的最小单元。即,实体程序化单元为写入数据的最小单元。例如,实体程序化单元为实体页面或是实体扇(sector)。若实体程序化单元为实体页面,则每一个实体程序化单元通常包括数据比特区与冗余比特区。数据比特区包含多个实体扇,用以存储用户的数据,而冗余比特区用以存储系统的数据(例如,错误更正码)。在本范例实施例中,每一个数据比特区包含32个实体扇,且一个实体扇的大小为512比特组(byte,简称B)。然而,在其他范例实施例中,数据比特区中也可包含8个、16个或数目更多或更少的实体扇,本发明并不限制实体扇的大小以及个数。More specifically, each physical erasing unit includes a plurality of word lines and a plurality of bit lines, and a storage unit is arranged at the intersection of each word line and each bit line. Each memory cell can store one or more bits. In the same physical erasing unit, all storage units will be erased together. In this exemplary embodiment, the physical erasing unit is the smallest unit of erasing. That is, each physical erase unit contains a minimum number of memory cells that are erased. For example, the physical erasing unit is a physical block. On the other hand, storage units on the same word line will form one or more physical programming units. If each storage unit can store more than 2 bits, the physical programming units on the same word line can be classified into lower physical programming units and upper physical programming units. Generally speaking, the writing speed of the lower physical programming unit is greater than that of the upper physical programming unit. In this exemplary embodiment, the entity programming unit is the smallest unit of programming. That is, the entity programming unit is the smallest unit for writing data. For example, the entity programming unit is an entity page or an entity sector. If the physical programming unit is a physical page, each physical programming unit usually includes a data bit area and a redundant bit area. The data bit area includes a plurality of physical sectors for storing user data, and the redundant bit area is used for storing system data (eg, error correction code). In this exemplary embodiment, each data bit area includes 32 physical sectors, and the size of one physical sector is 512 bytes (byte, B for short). However, in other exemplary embodiments, the data bit area may also include 8, 16 or more or less physical sectors, and the present invention does not limit the size and number of physical sectors.
在本范例实施例中,可复写式非易失性存储器模块106为多层存储单元(Multi Level Cell,简称MLC)NAND型快闪存储器模块,即一个存储单元中可存储至少2个比特。然而,本发明不限于此,可复写式非易失性存储器模块106也可是单层存储单元(Single Level Cell,简称SLC)NAND型快闪存储器模块、复数层存储单元(Trinary Level Cell,简称TLC)NAND型快闪存储器模块、其他快闪存储器模块或其他具有相同特性的存储器模块。In this exemplary embodiment, the rewritable non-volatile memory module 106 is a multi-level cell (MLC) NAND flash memory module, that is, at least 2 bits can be stored in one memory cell. However, the present invention is not limited thereto, and the rewritable non-volatile memory module 106 may also be a single-level storage unit (Single Level Cell, referred to as SLC) NAND flash memory module, a multi-level storage unit (Trinary Level Cell, referred to as TLC) ) NAND-type flash memory modules, other flash memory modules, or other memory modules with the same characteristics.
无线通信接口108电性连接至存储器控制电路单元104并且具有短距离无线通信功能。无线通信接口108可以是支援蓝牙(Bluetooth)、无线相容性认证(Wireless Fidelity,简称WiFi)、近场通信(Near Field Communication,简称NFC)、无线射频识别(Radio Frequency Identification,简称RFID)等短距离无线通信功能的通信芯片。The wireless communication interface 108 is electrically connected to the memory control circuit unit 104 and has a short-distance wireless communication function. The wireless communication interface 108 may support short-lived devices such as Bluetooth (Bluetooth), Wireless Fidelity (WiFi for short), Near Field Communication (NFC for short), and Radio Frequency Identification (RFID for short). Communication chip with distance wireless communication function.
图5是根据本发明一范例实施例所示出的存储器控制电路单元的概要方块图。FIG. 5 is a schematic block diagram of a memory control circuit unit according to an exemplary embodiment of the present invention.
请参照图5,存储器控制电路单元104包括存储器管理电路202、主机接口204及存储器接口206。Referring to FIG. 5 , the memory control circuit unit 104 includes a memory management circuit 202 , a host interface 204 and a memory interface 206 .
存储器管理电路202用以控制存储器控制电路单元104的整体运作。具体来说,存储器管理电路202具有多个控制指令,并且在存储器存储装置100运作时,此些控制指令会被执行以进行数据的写入、读取与抹除等操作。以下说明存储器管理电路202的操作时,等同于说明存储器控制电路单元104的操作,以下并不再赘述。The memory management circuit 202 is used to control the overall operation of the memory control circuit unit 104 . Specifically, the memory management circuit 202 has a plurality of control instructions, and when the memory storage device 100 is operating, these control instructions are executed to perform operations such as writing, reading, and erasing data. The following description of the operation of the memory management circuit 202 is equivalent to the description of the operation of the memory control circuit unit 104 , which will not be repeated below.
在一范例实施例中,存储器管理电路202的控制指令是以固件形式来实作。例如,存储器管理电路202具有微处理器单元(未示出)、只读存储器(未示出)及随机存取存储器(未示出),并且此些控制指令是被烧录至此只读存储器中。当存储器存储装置100运作时,此些控制指令会由微处理器单元来执行以进行数据的写入、读取与抹除等运作。In an exemplary embodiment, the control commands of the memory management circuit 202 are implemented in the form of firmware. For example, the memory management circuit 202 has a microprocessor unit (not shown), a read-only memory (not shown) and a random access memory (not shown), and these control instructions are programmed into the read-only memory . When the memory storage device 100 is in operation, these control instructions will be executed by the microprocessor unit to perform operations such as writing, reading and erasing data.
在另一范例实施例中,存储器管理电路202的控制指令也可以程序码形式存储于可复写式非易失性存储器模块106的特定区域(例如,可复写式非易失性存储器模块中专用于存放系统数据的系统区)中。此外,存储器管理电路202具有微处理器单元(未示出)、只读存储器(未示出)及随机存取存储器(未示出)。特别是,此只读存储器具有开机码(boot code),并且当存储器控制电路单元104被触发时,微处理器单元会先执行此开机码来将存储于可复写式非易失性存储器模块106中的控制指令载入至存储器管理电路202的随机存取存储器中。之后,微处理器单元会运转此些控制指令以进行数据的写入、读取与抹除等运作。In another exemplary embodiment, the control instructions of the memory management circuit 202 may also be stored in a specific area of the rewritable non-volatile memory module 106 in the form of program code (for example, the rewritable non-volatile memory module is dedicated to system area where system data is stored). In addition, the memory management circuit 202 has a microprocessor unit (not shown), a read only memory (not shown) and a random access memory (not shown). In particular, the ROM has a boot code (boot code), and when the memory control circuit unit 104 is triggered, the microprocessor unit will first execute the boot code to store the boot code in the rewritable non-volatile memory module 106. The control instructions in are loaded into the random access memory of the memory management circuit 202 . Afterwards, the microprocessor unit will execute these control instructions to perform operations such as writing, reading and erasing data.
此外,在另一范例实施例中,存储器管理电路202的控制指令也可以一硬件形式来实作。例如,存储器管理电路202包括微控制器、存储器管理单元、存储器写入单元、存储器读取单元、存储器抹除单元与数据处理单元。存储器管理单元、存储器写入单元、存储器读取单元、存储器抹除单元与数据处理单元是电性连接至微控制器。其中,存储器管理单元用以管理可复写式非易失性存储器模块106的实体抹除单元;存储器写入单元用以对可复写式非易失性存储器模块106下达写入指令以将数据写入至可复写式非易失性存储器模块106中;存储器读取单元用以对可复写式非易失性存储器模块106下达读取指令以从可复写式非易失性存储器模块106中读取数据;存储器抹除单元用以对可复写式非易失性存储器模块106下达抹除指令以将数据从可复写式非易失性存储器模块106中抹除;而数据处理单元用以处理欲写入至可复写式非易失性存储器模块106的数据以及从可复写式非易失性存储器模块106中读取的数据。In addition, in another exemplary embodiment, the control instructions of the memory management circuit 202 may also be implemented in a hardware form. For example, the memory management circuit 202 includes a microcontroller, a memory management unit, a memory writing unit, a memory reading unit, a memory erasing unit and a data processing unit. The memory management unit, the memory writing unit, the memory reading unit, the memory erasing unit and the data processing unit are electrically connected to the microcontroller. Wherein, the memory management unit is used to manage the physical erasing unit of the rewritable non-volatile memory module 106; the memory write unit is used to issue a write command to the rewritable non-volatile memory module 106 to write data In the rewritable non-volatile memory module 106; the memory reading unit is used to issue a read instruction to the rewritable non-volatile memory module 106 to read data from the rewritable non-volatile memory module 106 ; The memory erasing unit is used to issue an erase command to the rewritable non-volatile memory module 106 to erase data from the rewritable non-volatile memory module 106; and the data processing unit is used to process the write-in Data to the rewritable nonvolatile memory module 106 and data read from the rewritable nonvolatile memory module 106 .
主机接口204是电性连接至存储器管理电路202并且用以接收与识别主机系统1000所传送的指令与数据。也就是说,主机系统1000所传送的指令与数据会通过主机接口204来传送至存储器管理电路202。在本范例实施例中,主机接口204是相容于USB标准。然而,必须了解的是本发明不限于此,主机接口204也可以是相容于PATA标准、IEEE 1394标准、PCI Express标准、SATA标准、SD标准、UHS-I标准、UHS-II标准、MS标准、MMC标准、eMMC标准、UFS标准、CF标准、IDE标准或其他适合的数据传输标准。The host interface 204 is electrically connected to the memory management circuit 202 and used for receiving and identifying commands and data transmitted by the host system 1000 . That is to say, the commands and data transmitted by the host system 1000 are transmitted to the memory management circuit 202 through the host interface 204 . In this exemplary embodiment, the host interface 204 is compatible with the USB standard. However, it must be understood that the present invention is not limited thereto, and the host interface 204 may also be compatible with PATA standard, IEEE 1394 standard, PCI Express standard, SATA standard, SD standard, UHS-I standard, UHS-II standard, MS standard , MMC standard, eMMC standard, UFS standard, CF standard, IDE standard or other suitable data transmission standards.
存储器接口206是电性连接至存储器管理电路202并且用以存取可复写式非易失性存储器模块106。也就是说,欲写入至可复写式非易失性存储器模块106的数据会通过存储器接口206转换为可复写式非易失性存储器模块106所能接受的格式。The memory interface 206 is electrically connected to the memory management circuit 202 and used for accessing the rewritable non-volatile memory module 106 . That is to say, the data to be written into the rewritable nonvolatile memory module 106 will be converted into a format acceptable to the rewritable nonvolatile memory module 106 through the memory interface 206 .
缓冲存储器252是电性连接至存储器管理电路202并且用以暂存来自于主机系统1000的数据与指令或来自于可复写式非易失性存储器模块106的数据。The buffer memory 252 is electrically connected to the memory management circuit 202 and used for temporarily storing data and instructions from the host system 1000 or data from the rewritable non-volatile memory module 106 .
在一范例实施例中,存储器管理电路202会通过无线通信接口108与电子装置2000(例如,用户的手机)建立安全通道。例如,在无线通信接口108是支援蓝牙规范的例子中,此安全通道可通过无线通信接口108传输蓝牙配对密码并通过电子装置2000确认后而建立。In an exemplary embodiment, the memory management circuit 202 establishes a secure channel with the electronic device 2000 (eg, a user's mobile phone) through the wireless communication interface 108 . For example, in an example where the wireless communication interface 108 supports the Bluetooth standard, the secure channel can be established after transmitting the Bluetooth pairing password through the wireless communication interface 108 and confirming it through the electronic device 2000 .
存储器管理电路202还可通过无线通信接口108从建立于蓝牙通信的安全通道取得识别码。在此,识别码可为用户识别码、用户密码、手机识别码或手机密码等的其中之一或其组合,并可由用户通过电子装置2000自行输入,但本发明并不以此为限。识别码也可以是通过电子装置2000上的应用程序自动输入。The memory management circuit 202 can also obtain the identification code from the secure channel established in Bluetooth communication through the wireless communication interface 108 . Here, the identification code can be one or a combination of user identification code, user password, mobile phone identification code or mobile phone password, and can be input by the user through the electronic device 2000, but the present invention is not limited thereto. The identification code can also be automatically input through an application program on the electronic device 2000 .
当存储器管理电路202取得识别码时,存储器管理电路202可使用识别码来获取加解密金钥,并且将加解密金钥存储于缓冲存储器252中。详细来说,可复写式非易失性存储器模块106中会存储个人识别码信息摘要(personalidentification number message digest)及密钥(encrypted key)。存储器管理电路202具有一单向杂凑函数,并可利用此单向杂凑函数计算出对应上述识别码的信息摘要(message digest)。在本范例实施例中,上述单向杂凑函数是利用SHA-256来被实作在存储器管理电路202中。然而,本发明并不以此为限。在本发明另一范例实施例中,存储器管理电路202中的单向杂凑函数也可以由MD5、RIPEMD-160、SHA1、SHA-386、SHA-512或其他适合的函数来实作。之后,存储器管理电路202会将所计算出的信息摘要与可复写式非易失性存储器模块106中所存储的个人识别码信息摘要进行比对,若所计算出的信息摘要与可复写式非易失性存储器模块106中所存储的个人识别码信息摘要相符时,则存储器管理电路202会根据此识别码,使用加解密函数解码密钥以获得加解密金钥。在存储器管理电路202获得加解密金钥之后,便可利用加解密金钥解码从可复写式非易失性存储器模块106中读取的数据。类似地,在存储器管理电路202获得加解密金钥之后,便可利用加解密金钥加密欲写入可复写式非易失性存储器模块106中数据。When the memory management circuit 202 obtains the identification code, the memory management circuit 202 can use the identification code to obtain the encryption and decryption key, and store the encryption and decryption key in the buffer memory 252 . Specifically, the rewritable non-volatile memory module 106 stores a personal identification number message digest and an encrypted key. The memory management circuit 202 has a one-way hash function, and can use the one-way hash function to calculate a message digest corresponding to the above identification code. In this exemplary embodiment, the above-mentioned one-way hash function is implemented in the memory management circuit 202 by using SHA-256. However, the present invention is not limited thereto. In another exemplary embodiment of the present invention, the one-way hash function in the memory management circuit 202 may also be implemented by MD5, RIPEMD-160, SHA1, SHA-386, SHA-512 or other suitable functions. Afterwards, the memory management circuit 202 will compare the calculated information digest with the personal identification code information digest stored in the rewritable non-volatile memory module 106, if the calculated information digest is consistent with the rewritable non-volatile memory module 106 When the digest of the personal identification code information stored in the volatile memory module 106 matches, the memory management circuit 202 will use the encryption and decryption function to decode the key according to the identification code to obtain the encryption and decryption key. After the memory management circuit 202 obtains the encryption and decryption key, the encryption and decryption key can be used to decode the data read from the rewritable non-volatile memory module 106 . Similarly, after the memory management circuit 202 obtains the encryption and decryption key, it can use the encryption and decryption key to encrypt data to be written into the rewritable non-volatile memory module 106 .
在本范例实施例中,存储器管理电路202中的加解密函数是以高级加密标准(Advanced Encryption Standard,简称AES)128来实作,然而,本发明并不以此为限。在本发明另一范例实施例中也可使用AES256或数据加密标准(Data Encryption Standard,简称DES)来实作存储器管理电路202中的加解密函数。In this exemplary embodiment, the encryption and decryption functions in the memory management circuit 202 are implemented by the Advanced Encryption Standard (AES for short) 128 , however, the present invention is not limited thereto. In another exemplary embodiment of the present invention, AES256 or Data Encryption Standard (DES for short) may also be used to implement the encryption and decryption functions in the memory management circuit 202 .
值得一提的是,存储在可复写式非易失性存储器模块106中的个人识别码信息摘要是通过此存储器存储装置100的用户设定个人识别码,并且利用上述单向杂凑函数所产生。例如,在此存储器存储装置100出厂时会由制造商预存一组个人识别码信息摘要,并且制造商会将此个人识别码信息摘要对应的个人识别码提供给用户。之后,用户可使用制造商所提供的个人识别码成功地通过存储器存储装置100的验证。此外,当用户重新设定一组新个人识别码时,存储器管理电路202会根据用户的新个人识别码以单向杂凑函数来重新计算一组新个人识别码信息摘要,并且将新个人识别码信息摘要存储在可复写式非易失性存储器模块106中以取代原始的个人识别码信息摘要。之后,存储器管理电路202会使用最新的个人识别码信息摘要来验证用户所输入的识别码。It is worth mentioning that the PIN information digest stored in the rewritable non-volatile memory module 106 is generated by the user of the memory storage device 100 setting the PIN and using the above-mentioned one-way hash function. For example, when the memory storage device 100 leaves the factory, a set of personal identification code information abstracts will be pre-stored by the manufacturer, and the manufacturer will provide the personal identification code corresponding to the personal identification code information abstracts to the user. Thereafter, the user can successfully authenticate to the memory storage device 100 using the PIN provided by the manufacturer. In addition, when the user resets a new set of personal identification codes, the memory management circuit 202 will recalculate a set of new personal identification code information abstracts according to the user's new personal identification codes with a one-way hash function, and store the new personal identification codes The message digest is stored in the rewritable non-volatile memory module 106 in place of the original PIN message digest. Afterwards, the memory management circuit 202 will use the latest PIN information digest to verify the PIN input by the user.
另外,加解密金钥会在存储器存储装置100出厂时,通过一乱数产生器(未示出)以一随机方式产生。特别是,存储器管理电路202会依据个人识别码使用加解密函数来加密此加解密金钥,并且将加密此加解密金钥所获得的密钥存储于存储器存储装置100中。因此,当识别码通过上述验证时,此识别码即可正确地解码存储在存储器存储装置100中的密钥,而获取此加解密金钥。In addition, the encryption/decryption key is randomly generated by a random number generator (not shown) when the memory storage device 100 leaves the factory. In particular, the memory management circuit 202 encrypts the encryption and decryption key according to the personal identification code using an encryption and decryption function, and stores the key obtained by encrypting the encryption and decryption key in the memory storage device 100 . Therefore, when the identification code passes the above verification, the identification code can correctly decode the key stored in the memory storage device 100 to obtain the encryption and decryption key.
在本范例实施例中,在存储器管理电路202通过无线通信接口108与电子装置2000建立安全通道之后,存储器存储装置100可每隔一段预定时间,例如5秒,发送一个轮询(polling)信号给电子装置2000,当电子装置2000收到轮询信号时,则会回传一个确认(ack)信号给存储器存储装置100,以确认电子装置2000与存储器存储装置100的无线连线状况。只要存储器存储装置100在此环境中定期接收到电子装置2000回应轮询信号的确认信号,存储器管理电路202便可利用加解密金钥来存取可复写式非易失性存储器模块106。In this exemplary embodiment, after the memory management circuit 202 establishes a secure channel with the electronic device 2000 through the wireless communication interface 108, the memory storage device 100 may send a polling signal to the When the electronic device 2000 receives the polling signal, it will return an acknowledgment (ack) signal to the memory storage device 100 to confirm the wireless connection status between the electronic device 2000 and the memory storage device 100 . As long as the memory storage device 100 regularly receives the confirmation signal from the electronic device 2000 in response to the polling signal in this environment, the memory management circuit 202 can use the encryption and decryption key to access the rewritable non-volatile memory module 106 .
反之,当存储器存储装置100离开此环境时,若存储器存储装置100在一预定时间都没收到电子装置2000回应轮询信号的确认信号,存储器管理电路202会清除缓冲存储器252中的加解密金钥并且将存储器存储装置100设定为无媒体状态。具体来说,当存储器存储装置100被设定为无媒体状态时,若存储器管理电路202接收到主机系统1000所传送的存取信号,存储器管理电路202会回应一个无媒体信号给主机系统1000,使得主机系统1000无法识别或存取存储器存储装置100,也就是说,主机系统1000的作业系统会判断存储器存储装置100处于中断连结的状态。如此一来,他人难以取得可复写式非易失性存储器模块106中的数据,即使取得了其中数据,由于加解密金钥已从缓冲存储器252中删除,因此他人也无法解码可复写式非易失性存储器模块106中经过加密的数据。Conversely, when the memory storage device 100 leaves the environment, if the memory storage device 100 does not receive an acknowledgment signal from the electronic device 2000 to respond to the polling signal within a predetermined time, the memory management circuit 202 will clear the encryption and decryption key in the buffer memory 252 And the memory storage device 100 is set to the no-media state. Specifically, when the memory storage device 100 is set to the no-media state, if the memory management circuit 202 receives the access signal sent by the host system 1000, the memory management circuit 202 will respond a no-media signal to the host system 1000, This makes it impossible for the host system 1000 to recognize or access the memory storage device 100 , that is, the operating system of the host system 1000 will determine that the memory storage device 100 is in a disconnected state. In this way, it is difficult for others to obtain the data in the rewritable nonvolatile memory module 106. Even if the data is obtained, since the encryption and decryption key has been deleted from the buffer memory 252, others cannot decode the rewritable nonvolatile memory module 106. The encrypted data in the volatile memory module 106.
虽然以上说明了通过用户从电子装置2000输入识别码,并通过蓝牙无线通信网络传送识别码以确保存储器存储装置100的安全性,但本发明并不以此为限。在另一范例实施例中,存储器存储装置100可利用存储于其中的个人识别码信息摘要登录一个存取点(AP)的Wi-Fi无线通信网络环境,在本实施例中,电子装置2000可为连接到存取点的服务器。在存储器存储装置100以个人识别码信息摘要登录Wi-Fi之后,服务器可搜索对应个人识别码信息摘要的一识别码,并将该识别码通过存取点传送给存储器存储装置100。存储器存储装置100接收识别码并以单项杂凑函数产生对应识别码的信息摘要。若此信息摘要相同于存储在存储器存储装置100个人识别码信息摘要,则此识别码即可正确地解码存储在存储器存储装置100中的密钥,从而获取加解密金钥。因此,用户可通过加解密金钥存取存储器存储装置100。Although it has been described above that the user inputs the identification code from the electronic device 2000 and transmits the identification code through the Bluetooth wireless communication network to ensure the security of the memory storage device 100 , the present invention is not limited thereto. In another exemplary embodiment, the memory storage device 100 can utilize the PIN information abstract stored therein to log into a Wi-Fi wireless communication network environment of an access point (AP). In this embodiment, the electronic device 2000 can for the server connected to the access point. After the memory storage device 100 logs into Wi-Fi with the PIN information abstract, the server can search for an identification code corresponding to the PIN information abstract, and transmit the identification code to the memory storage device 100 through the access point. The memory storage device 100 receives the identification code and generates an information digest corresponding to the identification code by using a one-way hash function. If the information digest is the same as the personal identification code information digest stored in the memory storage device 100, the identification code can correctly decode the key stored in the memory storage device 100, thereby obtaining the encryption and decryption key. Therefore, the user can access the memory storage device 100 through the encryption and decryption key.
在又一范例实施例中,存储器存储装置100可利用预设的登录码登录存取点。在此,电子装置2000可为连接到存取点的服务器。在存储器存储装置100成功登录存取点并建立Wi-Fi网络连线之后,用户可直接在存取点利用输入装置输入识别码,使得识别码通过存取点传送到存储器存储装置100。接着,存储器存储装置100可接收识别码并以单项杂凑函数产生对应识别码的信息摘要。若此信息摘要相同于存储在存储器存储装置100个人识别码信息摘要,则此识别码即可正确地解码存储在存储器存储装置100中的密钥,从而获取加解密金钥。因此,用户可通过加解密金钥存取存储器存储装置100。In yet another exemplary embodiment, the memory storage device 100 can use a preset login code to log into the access point. Here, the electronic device 2000 may be a server connected to an access point. After the memory storage device 100 successfully logs into the access point and establishes a Wi-Fi network connection, the user can directly input the identification code through the input device at the access point, so that the identification code is transmitted to the memory storage device 100 through the access point. Next, the memory storage device 100 can receive the identification code and generate an information digest corresponding to the identification code by using a single-term hash function. If the information digest is the same as the personal identification code information digest stored in the memory storage device 100, the identification code can correctly decode the key stored in the memory storage device 100, thereby obtaining the encryption and decryption key. Therefore, the user can access the memory storage device 100 through the encryption and decryption key.
值得注意的是,当存储器存储装置100进入上述Wi-Fi无线通信网络环境时,可同时从电子装置2000取得一把数据传输金钥,以对此无线通信网络环境中传输或接收的数据进行加密或解密。举例来说,当存储器存储装置100成功登录上述Wi-Fi无线通信网络环境时,存储器存储装置100可从电子装置2000接收一把数据传输金钥并将其存储于缓冲存储器252中。电子装置2000在传输识别码之前会先利用数据传输金钥加密。当存储器存储装置100接收到电子装置2000在Wi-Fi环境中传送的数据,也就是通过数据传输金钥所加密的识别码时,存储器存储装置100可利用缓冲存储器252中的数据传输金钥解密数据以取得识别码。It is worth noting that when the memory storage device 100 enters the above-mentioned Wi-Fi wireless communication network environment, a data transmission key can be obtained from the electronic device 2000 at the same time, so as to encrypt the data transmitted or received in the wireless communication network environment or decrypt. For example, when the memory storage device 100 successfully logs into the aforementioned Wi-Fi wireless communication network environment, the memory storage device 100 may receive a data transmission key from the electronic device 2000 and store it in the buffer memory 252 . The electronic device 2000 will use the data transmission key to encrypt before transmitting the identification code. When the memory storage device 100 receives the data transmitted by the electronic device 2000 in the Wi-Fi environment, that is, the identification code encrypted by the data transmission key, the memory storage device 100 can use the data transmission key in the buffer memory 252 to decrypt data to get the ID.
在本发明一范例实施例中,存储器控制电路单元104还包括电源管理电路254与错误检查与校正电路256。In an exemplary embodiment of the invention, the memory control circuit unit 104 further includes a power management circuit 254 and an error checking and correction circuit 256 .
电源管理电路254是电性连接至存储器管理电路202并且用以控制存储器存储装置100的电源。The power management circuit 254 is electrically connected to the memory management circuit 202 and used to control the power of the memory storage device 100 .
错误检查与校正电路256是电性连接至存储器管理电路202并且用以执行错误检查与校正程序以确保数据的正确性。具体来说,当存储器管理电路202从主机系统1000中接收到写入指令时,错误检查与校正电路256会为对应此写入指令的数据产生对应的错误更正码(Error Correcting Code,简称ECC),并且存储器管理电路202会将对应此写入指令的数据与对应的错误更正码写入至可复写式非易失性存储器模块106中。之后,当存储器管理电路202从可复写式非易失性存储器模块106中读取数据时会同时读取此数据对应的错误更正码,并且错误检查与校正电路256会依据此错误更正码对所读取的数据执行错误检查与校正程序。The error checking and correcting circuit 256 is electrically connected to the memory management circuit 202 and used for executing error checking and correcting procedures to ensure the correctness of data. Specifically, when the memory management circuit 202 receives a write command from the host system 1000, the error checking and correction circuit 256 will generate a corresponding Error Correcting Code (ECC) for the data corresponding to the write command. , and the memory management circuit 202 writes the data corresponding to the write command and the corresponding error correction code into the rewritable non-volatile memory module 106 . Afterwards, when the memory management circuit 202 reads data from the rewritable non-volatile memory module 106, it will read the error correction code corresponding to the data at the same time, and the error checking and correction circuit 256 will check all the data according to the error correction code. The read data is subjected to error checking and correction procedures.
图6是根据本发明一范例实施例所示出的数据保护方法的流程图。Fig. 6 is a flowchart of a data protection method according to an exemplary embodiment of the present invention.
请参照图6,在步骤S602中,存储器管理电路202会通过无线通信接口108与电子装置2000建立安全通道,此安全通道可通过无线通信接口108传输无线网络配对识别码并通过电子装置2000确认后而建立。Please refer to FIG. 6 , in step S602, the memory management circuit 202 establishes a secure channel with the electronic device 2000 through the wireless communication interface 108, and the secure channel can transmit the wireless network pairing identification code through the wireless communication interface 108 and confirm with the electronic device 2000 And build.
在建立存储器存储装置100与电子装置之间的安全通道之后,进入步骤S604中,存储器管理电路202通过无线通信接口108从安全通道取得识别码。在此,识别码可以是用户通过电子装置2000自行输入或是通过电子装置2000上的应用程序自动输入。After establishing the secure channel between the memory storage device 100 and the electronic device, enter step S604 , where the memory management circuit 202 obtains the identification code from the secure channel through the wireless communication interface 108 . Here, the identification code may be input by the user through the electronic device 2000 or automatically through an application program on the electronic device 2000 .
在步骤S606中,存储器管理电路202使用识别码来获取加解密金钥,并将加解密金钥存储于缓冲存储器252中。In step S606 , the memory management circuit 202 obtains the encryption and decryption key by using the identification code, and stores the encryption and decryption key in the buffer memory 252 .
在存储器管理电路202获取加解密金钥之后,会进入步骤S608,使用加解密金钥与加解密函数来存取可复写式非易失性存储器模块106中的数据。详细来说,当用户欲写入数据到可复写式非易失性存储器模块106时,存储器管理电路202可根据加解密金钥使用高级加密标准(AES)对写入数据加密,接着再将加密过的数据写入可复写式非易失性存储器模块106。同理,当用户欲从可复写式非易失性存储器模块106读取数据时,存储器管理电路202可根据加解密金钥使用高级加密标准(AES)对数据解密,接着再读取解密后的数据。值得注意的是,用户除了通过USB或SATA等有线接口存取可复写式非易失性存储器模块106中的数据,用户还可通过无线通信接口108,从远端通过无线网络来存取可复写式非易失性存储器模块106中的数据。After the memory management circuit 202 obtains the encryption and decryption key, it will enter step S608 to use the encryption and decryption key and the encryption and decryption function to access the data in the rewritable non-volatile memory module 106 . In detail, when the user wants to write data into the rewritable non-volatile memory module 106, the memory management circuit 202 can use the Advanced Encryption Standard (AES) to encrypt the written data according to the encryption and decryption key, and then encrypt the encrypted data. The overwritten data is written into the rewritable non-volatile memory module 106. Similarly, when the user wants to read data from the rewritable non-volatile memory module 106, the memory management circuit 202 can use the Advanced Encryption Standard (AES) to decrypt the data according to the encryption and decryption key, and then read the decrypted data. It is worth noting that, in addition to accessing the data in the rewritable non-volatile memory module 106 through a wired interface such as USB or SATA, the user can also access the rewritable non-volatile memory module 106 from a remote end through a wireless network through the wireless communication interface 108. data in the non-volatile memory module 106.
在存储器管理电路202会通过无线通信接口108与电子装置2000建立安全通道之后,电子装置2000会通过回应存储器存储装置100的轮询信号发送一个确认信号到存储器存储装置100,以确认电子装置2000与存储器存储装置100的无线连线状况。在步骤S610中,无线通信接口108会检测是否从建立于无线通信网络上的安全通道接收到来自于电子装置2000的确认信号。若无线通信接口108检测到确认信号,则回到步骤S608,继续存取可复写式非易失性存储器模块106中的数据。After the memory management circuit 202 establishes a secure channel with the electronic device 2000 through the wireless communication interface 108, the electronic device 2000 sends a confirmation signal to the memory storage device 100 by responding to the polling signal of the memory storage device 100 to confirm that the electronic device 2000 is connected with the electronic device 2000. The wireless connection status of the memory storage device 100 . In step S610, the wireless communication interface 108 detects whether a confirmation signal from the electronic device 2000 is received through the secure channel established on the wireless communication network. If the wireless communication interface 108 detects the confirmation signal, return to step S608 and continue to access the data in the rewritable non-volatile memory module 106 .
倘若存储器存储装置100的无线通信接口108超过一预定时间内,例如10秒,没有收到电子装置2000所传送的确认信号时,代表此电子装置2000已经不在无线通信接口108短距离通信的范围之内,则在步骤S612中,存储器管理电路202会清除缓冲存储器252中的加解密金钥,并且将存储器存储装置100设定为无媒体状态。具体来说,当存储器存储装置100被设定为无媒体状态时,若存储器管理电路202接收到主机系统1000所传送的存取信号,存储器管理电路202会回应一个无媒体信号给主机系统1000,使得主机系统1000无法识别或存取存储器存储装置100,也就是说,主机系统1000的作业系统会判断存储器存储装置100处于中断连结的状态。如此一来,他人便难以取得可复写式非易失性存储器模块106中的数据,即使取得了其中数据,由于加解密金钥已从缓冲存储器252中删除,他人也无法解码可复写式非易失性存储器模块106中经过加密的数据。If the wireless communication interface 108 of the memory storage device 100 does not receive the confirmation signal sent by the electronic device 2000 within a predetermined period of time, such as 10 seconds, it means that the electronic device 2000 is no longer within the short-distance communication range of the wireless communication interface 108 Then, in step S612, the memory management circuit 202 clears the encryption and decryption keys in the buffer memory 252, and sets the memory storage device 100 to the no-media state. Specifically, when the memory storage device 100 is set to the no-media state, if the memory management circuit 202 receives the access signal sent by the host system 1000, the memory management circuit 202 will respond a no-media signal to the host system 1000, This makes it impossible for the host system 1000 to recognize or access the memory storage device 100 , that is, the operating system of the host system 1000 will determine that the memory storage device 100 is in a disconnected state. In this way, it is difficult for others to obtain the data in the rewritable nonvolatile memory module 106. Even if the data is obtained, since the encryption and decryption key has been deleted from the buffer memory 252, others cannot decode the rewritable nonvolatile memory module 106. The encrypted data in the volatile memory module 106.
图7是根据本发明另一范例实施例所示出的数据保护方法的流程图。Fig. 7 is a flowchart of a data protection method according to another exemplary embodiment of the present invention.
请参照图7,在步骤S702中,存储器管理电路202会通过无线通信接口108与电子装置2000建立安全通道,此安全通道可通过无线通信接口108传输无线网络配对密码并通过电子装置2000确认后而建立。Please refer to FIG. 7 , in step S702, the memory management circuit 202 establishes a secure channel with the electronic device 2000 through the wireless communication interface 108, and the secure channel can transmit the wireless network pairing password through the wireless communication interface 108 and confirm it with the electronic device 2000. Establish.
在建立存储器存储装置100与电子装置之间的安全通道之后,在步骤S704中,存储器管理电路202通过无线通信接口108从安全通道取得识别码。在此,识别码可以是用户通过电子装置2000自行输入或是通过电子装置2000上的应用程序自动输入。After establishing the secure channel between the memory storage device 100 and the electronic device, in step S704 , the memory management circuit 202 obtains the identification code from the secure channel through the wireless communication interface 108 . Here, the identification code may be input by the user through the electronic device 2000 or automatically through an application program on the electronic device 2000 .
在步骤S706中,存储器管理电路202会利用杂凑函数对接收到的识别码作运算以产生对应的信息摘要,接着在步骤S708中,存储器管理电路202会判断上述信息摘要与个人识别信息摘要是否相符。在此,个人识别码信息摘要及密钥是预先存储在可复写式非易失性存储器模块106中,其中个人识别码信息摘要是初始地通过单向杂凑函数依据个人识别码产生,而密钥是初始地依据个人识别码,使用例如高级加密标准或数据加密标准等加解密函数,加密由随机方式产生的加解密金钥而产生。In step S706, the memory management circuit 202 will use a hash function to operate on the received identification code to generate a corresponding information summary, and then in step S708, the memory management circuit 202 will determine whether the above information summary matches the personal identification information summary . Here, the personal identification number information abstract and the key are pre-stored in the rewritable non-volatile memory module 106, wherein the personal identification code information abstract is initially generated according to the personal identification code through a one-way hash function, and the key It is initially based on the personal identification code, using encryption and decryption functions such as Advanced Encryption Standard or Data Encryption Standard, and encryption is generated by an encryption and decryption key generated in a random manner.
若存储器管理电路202判断上述信息摘要与个人识别信息摘要不相符时,则回到步骤S704,以再一次从电子装置2000取得识别码。若存储器管理电路202判断上述信息摘要与个人识别信息摘要相符时,则在步骤S710中,存储器管理电路202依据识别码使用加解密函数解码密文以获得加解密金钥,并将加解密金钥存储于缓冲存储器252中。If the memory management circuit 202 determines that the above-mentioned information summary does not match the personal identification information summary, it returns to step S704 to obtain the identification code from the electronic device 2000 again. If the memory management circuit 202 judges that the above-mentioned information abstract matches the personal identification information abstract, then in step S710, the memory management circuit 202 decodes the ciphertext according to the identification code using the encryption and decryption function to obtain the encryption and decryption key, and converts the encryption and decryption key stored in the buffer memory 252.
获得加解密金钥之后,在步骤S712中,存储器管理电路202使用加解密金钥与加解密函数来存取可复写式非易失性存储器模块106中的数据。由于使用加解密金钥与加解密函数来存取可复写式非易失性存储器模块106中的数据的过程已在图6中说明过,因此不在赘述。After obtaining the encryption and decryption key, in step S712 , the memory management circuit 202 uses the encryption and decryption key and the encryption and decryption function to access the data in the rewritable non-volatile memory module 106 . Since the process of using the encryption/decryption key and the encryption/decryption function to access the data in the rewritable non-volatile memory module 106 has been described in FIG. 6 , it will not be repeated here.
在存储器管理电路202通过无线通信接口108与电子装置2000建立安全通道之后,电子装置2000会通过回应存储器存储装置100的轮询信号发送一个确认信号到存储器存储装置100,以确认电子装置2000与存储器存储装置100的无线连线状况。在步骤S714中,无线通信接口108会检测是否从建立在无线通信网络上的安全通道接收到来自于电子装置2000的确认信号。若无线通信接口108检测到确认信号时,则回到步骤S712,以继续存取可复写式非易失性存储器模块106中的数据。After the memory management circuit 202 establishes a secure channel with the electronic device 2000 through the wireless communication interface 108, the electronic device 2000 will send a confirmation signal to the memory storage device 100 by responding to the polling signal of the memory storage device 100 to confirm that the electronic device 2000 and the memory The wireless connection status of the storage device 100 . In step S714, the wireless communication interface 108 detects whether a confirmation signal from the electronic device 2000 is received through the secure channel established on the wireless communication network. If the wireless communication interface 108 detects the confirmation signal, return to step S712 to continue accessing the data in the rewritable non-volatile memory module 106 .
倘若存储器存储装置100的无线通信接口108超过一预定时间内,例如10秒,没有收到电子装置2000所传送的确认信号时,代表此电子装置2000已经不在无线通信接口108短距离无线通信网络的范围之内,则在步骤S716中,存储器管理电路202会清除缓冲存储器252中的加解密金钥并将存储器存储装置100设定为无媒体状态。具体来说,当存储器存储装置100被设定为无媒体状态时,若存储器管理电路202接收到主机系统1000所传送的存取信号,存储器管理电路202会回应一个无媒体信号给主机系统1000,使得主机系统1000无法识别或存取存储器存储装置100,也就是说,主机系统1000的作业系统会判断存储器存储装置100处于中断连结的状态。如此一来,他人便难以取得可复写式非易失性存储器模块106中的数据,即使取得了其中数据,由于加解密金钥已从缓冲存储器252中删除,他人也无法解码可复写式非易失性存储器模块106中经过加密的数据,从而达到保护存储装置中的数据的效果。If the wireless communication interface 108 of the memory storage device 100 does not receive the confirmation signal sent by the electronic device 2000 within a predetermined period of time, such as 10 seconds, it means that the electronic device 2000 is no longer connected to the wireless communication interface 108 of the short-distance wireless communication network. If it is within the range, then in step S716, the memory management circuit 202 clears the encryption and decryption keys in the buffer memory 252 and sets the memory storage device 100 to the no-media state. Specifically, when the memory storage device 100 is set to the no-media state, if the memory management circuit 202 receives the access signal sent by the host system 1000, the memory management circuit 202 will respond a no-media signal to the host system 1000, This makes it impossible for the host system 1000 to recognize or access the memory storage device 100 , that is, the operating system of the host system 1000 will determine that the memory storage device 100 is in a disconnected state. In this way, it is difficult for others to obtain the data in the rewritable nonvolatile memory module 106. Even if the data is obtained, since the encryption and decryption key has been deleted from the buffer memory 252, others cannot decode the rewritable nonvolatile memory module 106. The encrypted data in the volatile memory module 106 can achieve the effect of protecting the data in the storage device.
综上所述,本发明范例实施例的数据保护方法、存储器控制电路单元及存储器存储装置,建立存储器存储装置与电子装置之间的安全通道,且利用电子装置通过无线网络传送的识别码获得加解密金钥以存取可复写式非易失性存储器模块。当一定时间内没有收到来自电子装置的确认信号时,存储器存储装置判断其已经不在电子装置的短距离无线通信网络的范围之内,并删除缓冲存储器中的加解密金钥。如此一来,存储器存储装置一旦远离用户的手持电子装置或不在特定的无线网络环境内就无法运作。即使存储器存储装置被他人持有,也因为加解密金钥已被删除,而无法解码可复写式非易失性存储器模块中经过加密的数据,从而确保存储器存储装置中数据的安全性。To sum up, the data protection method, the memory control circuit unit and the memory storage device of the exemplary embodiments of the present invention establish a secure channel between the memory storage device and the electronic device, and use the identification code transmitted by the electronic device through the wireless network to obtain encrypted data. The decryption key is used to access the rewritable non-volatile memory module. When no confirmation signal is received from the electronic device within a certain period of time, the memory storage device judges that it is no longer within the range of the short-distance wireless communication network of the electronic device, and deletes the encryption and decryption key in the buffer memory. In this way, once the memory storage device is far away from the user's handheld electronic device or is not in a specific wireless network environment, it will not work. Even if the memory storage device is held by others, the encrypted data in the rewritable non-volatile memory module cannot be decoded because the encryption and decryption key has been deleted, thereby ensuring the security of the data in the memory storage device.
最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than limiting them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: It is still possible to modify the technical solutions described in the foregoing embodiments, or perform equivalent replacements for some or all of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the various embodiments of the present invention. scope.
Claims (22)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510024806.9A CN105868643A (en) | 2015-01-19 | 2015-01-19 | Data protection method, memory control circuit unit and memory storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510024806.9A CN105868643A (en) | 2015-01-19 | 2015-01-19 | Data protection method, memory control circuit unit and memory storage device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105868643A true CN105868643A (en) | 2016-08-17 |
Family
ID=56622712
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510024806.9A Pending CN105868643A (en) | 2015-01-19 | 2015-01-19 | Data protection method, memory control circuit unit and memory storage device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105868643A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112468300A (en) * | 2019-09-09 | 2021-03-09 | 新唐科技股份有限公司 | Key management device with bypass channel and processor chip |
| TWI775061B (en) * | 2020-03-30 | 2022-08-21 | 尚承科技股份有限公司 | Protection system and method for soft/firmware or data |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020108058A1 (en) * | 2001-02-08 | 2002-08-08 | Sony Corporation And Sony Electronics Inc. | Anti-theft system for computers and other electronic devices |
| US20040039925A1 (en) * | 2002-01-18 | 2004-02-26 | Mcmillan Craig | Key management |
| US20090298478A1 (en) * | 2008-05-29 | 2009-12-03 | Research In Motion Limited | Method and system for establishing a service relationship between a mobile communication device and a mobile data server for connecting to a wireless network |
| US20100058073A1 (en) * | 2008-08-29 | 2010-03-04 | Phison Electronics Corp. | Storage system, controller, and data protection method thereof |
| US20110296495A1 (en) * | 2010-05-25 | 2011-12-01 | Bernard Smeets | Redundant Credentialed Access to a Secured Network |
| US20130031600A1 (en) * | 2011-07-27 | 2013-01-31 | Michael Luna | Automatic generation and distribution of policy information regarding malicious mobile traffic in a wireless network |
| CN104239820A (en) * | 2013-06-13 | 2014-12-24 | 普天信息技术研究院有限公司 | Secure storage device |
-
2015
- 2015-01-19 CN CN201510024806.9A patent/CN105868643A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020108058A1 (en) * | 2001-02-08 | 2002-08-08 | Sony Corporation And Sony Electronics Inc. | Anti-theft system for computers and other electronic devices |
| US20040039925A1 (en) * | 2002-01-18 | 2004-02-26 | Mcmillan Craig | Key management |
| US20090298478A1 (en) * | 2008-05-29 | 2009-12-03 | Research In Motion Limited | Method and system for establishing a service relationship between a mobile communication device and a mobile data server for connecting to a wireless network |
| US20100058073A1 (en) * | 2008-08-29 | 2010-03-04 | Phison Electronics Corp. | Storage system, controller, and data protection method thereof |
| US20110296495A1 (en) * | 2010-05-25 | 2011-12-01 | Bernard Smeets | Redundant Credentialed Access to a Secured Network |
| US20130031600A1 (en) * | 2011-07-27 | 2013-01-31 | Michael Luna | Automatic generation and distribution of policy information regarding malicious mobile traffic in a wireless network |
| CN104239820A (en) * | 2013-06-13 | 2014-12-24 | 普天信息技术研究院有限公司 | Secure storage device |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112468300A (en) * | 2019-09-09 | 2021-03-09 | 新唐科技股份有限公司 | Key management device with bypass channel and processor chip |
| CN112468300B (en) * | 2019-09-09 | 2023-07-04 | 新唐科技股份有限公司 | Key management device and processor chip with bypass channel |
| TWI775061B (en) * | 2020-03-30 | 2022-08-21 | 尚承科技股份有限公司 | Protection system and method for soft/firmware or data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI536199B (en) | Data protection method, memory control circuit unit and memory storage device | |
| TWI436280B (en) | Access authentication method for accessing basic input/output system settings | |
| US11088856B2 (en) | Memory storage system, host system authentication method and memory storage device | |
| US20100058073A1 (en) | Storage system, controller, and data protection method thereof | |
| TWI454959B (en) | Storage device proection system and methods for lock and unlock storage device thereof | |
| US11736276B2 (en) | Delegation of cryptographic key to a memory sub-system | |
| CN113748698B (en) | Secure communication when accessing a network | |
| US11157181B2 (en) | Card activation device and methods for authenticating and activating a data storage device by using a card activation device | |
| US8898807B2 (en) | Data protecting method, mobile communication device, and memory storage device | |
| CN102982265B (en) | Authentication method for accessing BIOS settings | |
| CN103176917A (en) | Storage device protection system and locking and unlocking method of storage device | |
| CN102789430B (en) | Memory storage device, its memory controller and access method | |
| CN101673248A (en) | Storage system, controller and data protection method | |
| CN115599407B (en) | Firmware burning method, firmware burning system and memory storage device | |
| CN105868643A (en) | Data protection method, memory control circuit unit and memory storage device | |
| KR20150139420A (en) | Storage system and method for performing secure write protect thereof | |
| CN110069934B (en) | Memory storage system, host system verification method and memory storage device | |
| CN102375943B (en) | Identification code generation method, memory management method, controller and storage system | |
| CN103778073B (en) | Data protection method, mobile communication device and memory storage device | |
| US10324894B2 (en) | Storage device management method and system, and memory storage device thereof | |
| KR101530656B1 (en) | USB memory device with authentication by RFID and its driving method | |
| CN105809067A (en) | Data access method and system and memory storage device | |
| CN115705440A (en) | Securing secure collection of diagnostic data regarding integrated circuit memory cells |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160817 |