Storage protection unit

US 10,712,976 B2
Filed: 10/02/2017
Issued: 07/14/2020
Est. Priority Date: 10/02/2017
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

non-volatile memory;

a memory device interface;

a host controller configured to;

obtain Universal Flash Storage (UFS) Protocol Information Units to access the non-volatile memory; and

provide the UFS Protocol Information Units to the memory device interface, each UFS Protocol Information Unit containing an identifier of an initiator that seeks access to data at a logical address in the non-volatile memory; and

a memory controller in communication with the non-volatile memory and the memory device interface, the memory controller configured to;

process accesses by initiators to regions of the non-volatile memory during a learning phase in which access to the regions of the non-volatile memory by the initiators is trusted;

store a mapping between the initiators and the regions of the non-volatile memory accessed by the initiators during the learning phase, including store mappings between logical addresses and physical addresses in the non-volatile memory, the mappings including a first mapping between a first physical address and a first logical address to which a first initiator has access and a second mapping between a second physical address and a second logical address to which a second initiator has access;

access a first initiator identifier from a first of the UFS Protocol Information Units, the first UFS Protocol Information Unit seeking access to data for the first logical address during an access phase;

control access to data at the first physical address in the non-volatile memory to which the first logical address is presently mapped based on the first accessed initiator identifier during the access phase;

perform wear leveling to swap data at the first physical address to which the first initiator has access based on the first logical address with data at the second physical address to which the second initiator has access based on the second logical address during the access phase, including change the first mapping to be between the first logical address and the second physical address and change the second mapping to be between the second logical address and the first physical address;

access a second initiator identifier from a second of the UFS Protocol Information Units during the access phase, the second UFS Protocol Information Unit seeking access to data for the first logical address; and

control access to data at the second physical address in the non-volatile memory to which the first logical address is presently mapped based on the second accessed initiator identifier during the access phase.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technology is disclosed that provides security for data stored in a non-volatile memory device. The non-volatile memory device may be embedded in a host system. The host system may further have a host controller that is configured to obtain a memory access message from an initiator to access the non-volatile memory. The host controller may be further configured to provide the memory access message to the memory controller. The memory access message may contain an identifier of the initiator, which may be verified by the host controller. The memory controller may be configured to access the identifier of the initiator from the memory access message, and grant or deny non-volatile memory access to the initiator based on whether the initiator has access rights to a region of the non-volatile memory to which the initiator seeks access.

16 Citations

View as Search Results

18 Claims

1. An apparatus, comprising:
- non-volatile memory;
  
  a memory device interface;
  
  a host controller configured to;
  
  obtain Universal Flash Storage (UFS) Protocol Information Units to access the non-volatile memory; and
  
  provide the UFS Protocol Information Units to the memory device interface, each UFS Protocol Information Unit containing an identifier of an initiator that seeks access to data at a logical address in the non-volatile memory; and
  
  a memory controller in communication with the non-volatile memory and the memory device interface, the memory controller configured to;
  
  process accesses by initiators to regions of the non-volatile memory during a learning phase in which access to the regions of the non-volatile memory by the initiators is trusted;
  
  store a mapping between the initiators and the regions of the non-volatile memory accessed by the initiators during the learning phase, including store mappings between logical addresses and physical addresses in the non-volatile memory, the mappings including a first mapping between a first physical address and a first logical address to which a first initiator has access and a second mapping between a second physical address and a second logical address to which a second initiator has access;
  
  access a first initiator identifier from a first of the UFS Protocol Information Units, the first UFS Protocol Information Unit seeking access to data for the first logical address during an access phase;
  
  control access to data at the first physical address in the non-volatile memory to which the first logical address is presently mapped based on the first accessed initiator identifier during the access phase;
  
  perform wear leveling to swap data at the first physical address to which the first initiator has access based on the first logical address with data at the second physical address to which the second initiator has access based on the second logical address during the access phase, including change the first mapping to be between the first logical address and the second physical address and change the second mapping to be between the second logical address and the first physical address;
  
  access a second initiator identifier from a second of the UFS Protocol Information Units during the access phase, the second UFS Protocol Information Unit seeking access to data for the first logical address; and
  
  control access to data at the second physical address in the non-volatile memory to which the first logical address is presently mapped based on the second accessed initiator identifier during the access phase.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein the non-volatile memory and the memory controller are embedded within a casing.
  - 3. The apparatus of claim 1, wherein the non-volatile memory and the memory controller are embedded within a semiconductor package.
  - 4. The apparatus of claim 1, wherein the host controller is further configured to add the identifiers of the initiators to the UFS Protocol Information Units.
  - 5. The apparatus of claim 1, wherein the host controller is further configured to verify the identifier of the initiator in the UFS Protocol Information Unit.
  - 6. The apparatus of claim 5, further comprising:
    - a plurality of sub-systems that share access to the non-volatile memory, wherein the initiator is one of the plurality of sub-systems.
  - 7. The apparatus of claim 1, wherein the host controller is implemented in hardware.
  - 8. The apparatus of claim 1, wherein the memory controller is further configured to:
    - grant a third initiator write access to the non-volatile memory by sending a ready to transfer message to the host controller, the ready to transfer message indicates that the memory controller is ready to receive data to be written to the non-volatile memory.
  - 9. The apparatus of claim 8, wherein the memory controller is further configured to:
    - grant the third initiator read access to the non-volatile memory by sending a data in message to the host controller, the data in message contains at least a portion of the data that was requested from the non-volatile memory.
  - 10. The apparatus of claim 1, wherein the first physical address is on a first memory die and the second physical address is on a second memory die.
  - 11. The apparatus of claim 1, wherein the first physical address and the second physical address reside on the same memory die.

12. A method comprising:
- processing, by a memory controller in a non-volatile memory device, accesses by initiators to regions of non-volatile memory in the non-volatile memory device during a learning phase;
  
  assuming, by the memory controller, that the initiators are permitted to access the regions during the learning phase;
  
  storing a mapping between the initiators and the regions of the non-volatile memory accessed by the initiators during the learning phase, including storing, by the memory controller, a mapping between logical addresses and physical addresses in the non-volatile memory, the mapping including a first mapping from a first physical address to a first logical address to which a first initiator has access and a second mapping from a second physical address to a second logical address to which a second initiator has access;
  
  verifying, by a host controller during an access control phase, initiator identifiers in respective memory access messages;
  
  providing, by the host controller during the access control phase, the memory access messages to the non-volatile memory device;
  
  accessing, by the memory controller during the access control phase, a first initiator identifier in a first of the memory access messages, the first memory access message specifying the first logical address to which the first initiator seeks access; and
  
  granting access to the first physical address in non-volatile memory on the non-volatile memory device during the access control phase, by the memory controller, based on a determination that the stored mapping indicates that the first initiator identified in the first memory access message has access rights to the first logical address indicated by the first memory access message;
  
  performing wear leveling to swap data at the first physical address to which the first initiator has access with data at the second physical address to which the second initiator has access, including changing the mapping of the first physical address to the second logical address and changing the mapping of the second physical address to the first logical address;
  
  accessing, by the memory controller during the access control phase, a second initiator identifier in a second of the memory access messages, the second memory access message specifying the first logical address to which the first initiator seeks access; and
  
  granting access to the second physical address in the non-volatile memory on the non-volatile memory device during the access control phase, by the memory controller, based on a determination that the stored mapping indicates that the first initiator identified in the second memory access message has access rights to the first logical address.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein verifying the initiator identifiers in the memory access messages comprises:
    - inserting the initiator identifiers into the memory access messages, wherein the memory access messages comprise Universal Flash Storage (UFS) Protocol Information Units.
  - 14. The method of claim 13, wherein:
    - inserting the initiator identifiers into the memory access messages comprises writing the initiator identifiers into the memory access messages that are stored in host memory in a host system; and
      
      providing the memory access messages to the non-volatile memory device comprises transferring the memory access messages from the host memory to the non-volatile memory device.
  - 15. The method of claim 12, wherein verifying the initiator identifiers in the memory access messages comprises:
    - verifying that the initiator identifiers in the memory access messages correspond to the respective initiator that placed the memory access message into host memory.
  - 16. The method of claim 12, wherein performing the wear leveling extends a useful life of a high write access region that was mapped during the learning phase as accessible to the first initiator.

17. A non-volatile memory system, comprising:
- a non-volatile memory device comprising;
  
  i) non-volatile memory;
  
  ii) first means for controlling the non-volatile memory; and
  
  iii) second means for communicating with a host connected to the non-volatile memory device; and
  
  a host comprising;
  
  i) a plurality of host sub-systems;
  
  ii) third means for communicating with the non-volatile memory device via the second means;
  
  iii) host memory; and
  
  iv) fourth means for;
  
  accessing Universal Flash Storage (UFS) Protocol Information Units from the host memory;
  
  inserting, into ones of the UFS Protocol Information Units, an identifier of an initiator host sub-system that seeks access to data at a logical address in the non-volatile memory; and
  
  providing the UFS Protocol Information Units to the non-volatile memory device;
  
  wherein the first means further comprises;
  
  means for processing accesses by initiators to regions of the non-volatile memory during a learning phase;
  
  means for assuming that the initiators are permitted to access the regions during the learning phase;
  
  means for storing a mapping between the initiators and the regions of the non-volatile memory accessed by the initiators during the learning phase, including means for storing a mapping between logical addresses and physical addresses in the non-volatile memory, the mapping including a first mapping from a first physical address to a first logical address to which a first initiator has access and a second mapping from a second physical address to a second logical address to which a second initiator has access;
  
  means for accessing an identifier of a first host sub-system and a first logical address to which the first host sub-system seeks access from a first of the UFS Protocol Information Units during an access phase; and
  
  means for granting non-volatile memory access to the first host sub-system based on a determination that the first host sub-system has access rights to the first logical address during the access phase, the first logical address mapped to a first physical address in the non-volatile memory;
  
  means for performing wear leveling to swap data at the first physical address with data at the second physical address during the access phase, including change the first mapping from the first physical address to the second logical address and change the second mapping from the second physical address to the first logical address;
  
  means for accessing an identifier of the first host sub-system and the first logical address to which the first host sub-system seeks access from a second of the UFS Protocol Information Units during the access phase; and
  
  means for granting non-volatile memory access to the first host sub-system based on a determination that the first host sub-system has access rights to the first logical address during the access phase.
- View Dependent Claims (18)
- - 18. The non-volatile memory system of claim 17, wherein the first means is further for:
    - selecting physical addresses to store data for logical addresses in UFS Protocol Information Units;
      
      storing a mapping between the logical addresses and the physical addresses at which the data is stored; and
      
      granting or denying non-volatile memory access to the initiator host sub-system based on whether the initiator host sub-system has access rights to a logical address in the UFS Protocol Information Unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co)
Original Assignee
Western Digital Technologies Incorporated (Western Digital Corporation)
Inventors
Sela, Rotem, Sapir, Miki, Klein, Eliad Adi
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Nguy, Chi D

Application Number

US15/722,616
Publication Number

US 20190102114A1
Time in Patent Office

1,016 Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/0246   in block erasable memory, e...

G06F 12/1433   for a module or a part of a...

G06F 12/1466   Key-lock mechanism

G06F 13/385   for adaptation of a particu...

G06F 21/34   involving the use of extern...

G06F 21/44   Program or device authentic...

G06F 21/79   in semiconductor storage me...

G06F 21/805   using a security table for ...

G06F 21/85   interconnection devices, e....

G06F 2212/1024   Latency reduction

G06F 2212/1036   Life time enhancement

G06F 2212/1052   Security improvement

G06F 2212/7201   Logical to physical mapping...

G06F 2212/7202   Allocation control and poli...

G06F 2212/7203   Temporary buffering, e.g. u...

G06F 2212/7205   Cleaning, compaction, garba...

G06F 2212/7206   Reconfiguration of flash me...

G06F 2212/7211   Wear leveling

G06F 3/0679   Non-volatile semiconductor ...

Storage protection unit

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Storage protection unit

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links