Storage protection unit
First Claim
1. An apparatus, comprising:
- non-volatile memory;
a memory device interface;
a host controller configured to;
obtain Universal Flash Storage (UFS) Protocol Information Units to access the non-volatile memory; and
provide the UFS Protocol Information Units to the memory device interface, each UFS Protocol Information Unit containing an identifier of an initiator that seeks access to data at a logical address in the non-volatile memory; and
a memory controller in communication with the non-volatile memory and the memory device interface, the memory controller configured to;
process accesses by initiators to regions of the non-volatile memory during a learning phase in which access to the regions of the non-volatile memory by the initiators is trusted;
store a mapping between the initiators and the regions of the non-volatile memory accessed by the initiators during the learning phase, including store mappings between logical addresses and physical addresses in the non-volatile memory, the mappings including a first mapping between a first physical address and a first logical address to which a first initiator has access and a second mapping between a second physical address and a second logical address to which a second initiator has access;
access a first initiator identifier from a first of the UFS Protocol Information Units, the first UFS Protocol Information Unit seeking access to data for the first logical address during an access phase;
control access to data at the first physical address in the non-volatile memory to which the first logical address is presently mapped based on the first accessed initiator identifier during the access phase;
perform wear leveling to swap data at the first physical address to which the first initiator has access based on the first logical address with data at the second physical address to which the second initiator has access based on the second logical address during the access phase, including change the first mapping to be between the first logical address and the second physical address and change the second mapping to be between the second logical address and the first physical address;
access a second initiator identifier from a second of the UFS Protocol Information Units during the access phase, the second UFS Protocol Information Unit seeking access to data for the first logical address; and
control access to data at the second physical address in the non-volatile memory to which the first logical address is presently mapped based on the second accessed initiator identifier during the access phase.
5 Assignments
0 Petitions
Accused Products
Abstract
Technology is disclosed that provides security for data stored in a non-volatile memory device. The non-volatile memory device may be embedded in a host system. The host system may further have a host controller that is configured to obtain a memory access message from an initiator to access the non-volatile memory. The host controller may be further configured to provide the memory access message to the memory controller. The memory access message may contain an identifier of the initiator, which may be verified by the host controller. The memory controller may be configured to access the identifier of the initiator from the memory access message, and grant or deny non-volatile memory access to the initiator based on whether the initiator has access rights to a region of the non-volatile memory to which the initiator seeks access.
16 Citations
18 Claims
-
1. An apparatus, comprising:
-
non-volatile memory; a memory device interface; a host controller configured to; obtain Universal Flash Storage (UFS) Protocol Information Units to access the non-volatile memory; and provide the UFS Protocol Information Units to the memory device interface, each UFS Protocol Information Unit containing an identifier of an initiator that seeks access to data at a logical address in the non-volatile memory; and a memory controller in communication with the non-volatile memory and the memory device interface, the memory controller configured to; process accesses by initiators to regions of the non-volatile memory during a learning phase in which access to the regions of the non-volatile memory by the initiators is trusted; store a mapping between the initiators and the regions of the non-volatile memory accessed by the initiators during the learning phase, including store mappings between logical addresses and physical addresses in the non-volatile memory, the mappings including a first mapping between a first physical address and a first logical address to which a first initiator has access and a second mapping between a second physical address and a second logical address to which a second initiator has access; access a first initiator identifier from a first of the UFS Protocol Information Units, the first UFS Protocol Information Unit seeking access to data for the first logical address during an access phase; control access to data at the first physical address in the non-volatile memory to which the first logical address is presently mapped based on the first accessed initiator identifier during the access phase; perform wear leveling to swap data at the first physical address to which the first initiator has access based on the first logical address with data at the second physical address to which the second initiator has access based on the second logical address during the access phase, including change the first mapping to be between the first logical address and the second physical address and change the second mapping to be between the second logical address and the first physical address; access a second initiator identifier from a second of the UFS Protocol Information Units during the access phase, the second UFS Protocol Information Unit seeking access to data for the first logical address; and control access to data at the second physical address in the non-volatile memory to which the first logical address is presently mapped based on the second accessed initiator identifier during the access phase. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method comprising:
-
processing, by a memory controller in a non-volatile memory device, accesses by initiators to regions of non-volatile memory in the non-volatile memory device during a learning phase; assuming, by the memory controller, that the initiators are permitted to access the regions during the learning phase; storing a mapping between the initiators and the regions of the non-volatile memory accessed by the initiators during the learning phase, including storing, by the memory controller, a mapping between logical addresses and physical addresses in the non-volatile memory, the mapping including a first mapping from a first physical address to a first logical address to which a first initiator has access and a second mapping from a second physical address to a second logical address to which a second initiator has access; verifying, by a host controller during an access control phase, initiator identifiers in respective memory access messages; providing, by the host controller during the access control phase, the memory access messages to the non-volatile memory device; accessing, by the memory controller during the access control phase, a first initiator identifier in a first of the memory access messages, the first memory access message specifying the first logical address to which the first initiator seeks access; and granting access to the first physical address in non-volatile memory on the non-volatile memory device during the access control phase, by the memory controller, based on a determination that the stored mapping indicates that the first initiator identified in the first memory access message has access rights to the first logical address indicated by the first memory access message; performing wear leveling to swap data at the first physical address to which the first initiator has access with data at the second physical address to which the second initiator has access, including changing the mapping of the first physical address to the second logical address and changing the mapping of the second physical address to the first logical address; accessing, by the memory controller during the access control phase, a second initiator identifier in a second of the memory access messages, the second memory access message specifying the first logical address to which the first initiator seeks access; and granting access to the second physical address in the non-volatile memory on the non-volatile memory device during the access control phase, by the memory controller, based on a determination that the stored mapping indicates that the first initiator identified in the second memory access message has access rights to the first logical address. - View Dependent Claims (13, 14, 15, 16)
-
-
17. A non-volatile memory system, comprising:
-
a non-volatile memory device comprising; i) non-volatile memory; ii) first means for controlling the non-volatile memory; and iii) second means for communicating with a host connected to the non-volatile memory device; and a host comprising; i) a plurality of host sub-systems; ii) third means for communicating with the non-volatile memory device via the second means; iii) host memory; and iv) fourth means for; accessing Universal Flash Storage (UFS) Protocol Information Units from the host memory; inserting, into ones of the UFS Protocol Information Units, an identifier of an initiator host sub-system that seeks access to data at a logical address in the non-volatile memory; and providing the UFS Protocol Information Units to the non-volatile memory device; wherein the first means further comprises; means for processing accesses by initiators to regions of the non-volatile memory during a learning phase; means for assuming that the initiators are permitted to access the regions during the learning phase; means for storing a mapping between the initiators and the regions of the non-volatile memory accessed by the initiators during the learning phase, including means for storing a mapping between logical addresses and physical addresses in the non-volatile memory, the mapping including a first mapping from a first physical address to a first logical address to which a first initiator has access and a second mapping from a second physical address to a second logical address to which a second initiator has access; means for accessing an identifier of a first host sub-system and a first logical address to which the first host sub-system seeks access from a first of the UFS Protocol Information Units during an access phase; and means for granting non-volatile memory access to the first host sub-system based on a determination that the first host sub-system has access rights to the first logical address during the access phase, the first logical address mapped to a first physical address in the non-volatile memory; means for performing wear leveling to swap data at the first physical address with data at the second physical address during the access phase, including change the first mapping from the first physical address to the second logical address and change the second mapping from the second physical address to the first logical address; means for accessing an identifier of the first host sub-system and the first logical address to which the first host sub-system seeks access from a second of the UFS Protocol Information Units during the access phase; and means for granting non-volatile memory access to the first host sub-system based on a determination that the first host sub-system has access rights to the first logical address during the access phase. - View Dependent Claims (18)
-
Specification