DATA PROTECTING METHOD, MEMORY CONTROLLER AND MEMORY STORAGE DEVICE

US 20130212368A1
Filed: 04/17/2012
Published: 08/15/2013
Est. Priority Date: 02/10/2012
Status: Active Grant

First Claim

Patent Images

1. A data protecting method for a rewritable non-volatile memory module, wherein the rewritable non-volatile memory module has at least a first storage area and a second storage area, the data protecting method comprising:

providing default configuration information and pre-boot codes stored in the first storage area in response to a boot command from a host system, wherein the host system is unable to recognize the second storage area according to the default configuration information, and the pre-boot codes are executed in the host system;

receiving a user identification code and a user password from the host system;

determining whether the user identification code and the user password are respectively identical to a first identification code and a first password; and

if the user identification code and the user password are respectively identical to the first identification code and the first password, transmitting a re-boot command to re-boot the host system, and providing first configuration information to the host system after re-booting the host system, wherein the host system recognizes the second storage area according to the first configuration information and accesses data stored in the second storage area.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A data protecting method for a rewritable non-volatile memory module having a first storage area and a second storage area and a memory controller and a memory storage device using the same are provided. The method includes providing default configuration information in response to a boot command from a host system, wherein the host system cannot recognize the second storage area according to the default configuration information. The method also includes requesting the host system to re-boot when a user identification code and a user password receiving from the host system pass an authentication procedure, and providing first configuration information to the host system after re-booting the host system. The host system can recognize the second storage area according to the first configuration information. Accordingly, the method can effectively protect data stored in the rewritable non-volatile memory module.

13 Citations

25 Claims

1. A data protecting method for a rewritable non-volatile memory module, wherein the rewritable non-volatile memory module has at least a first storage area and a second storage area, the data protecting method comprising:
- providing default configuration information and pre-boot codes stored in the first storage area in response to a boot command from a host system, wherein the host system is unable to recognize the second storage area according to the default configuration information, and the pre-boot codes are executed in the host system;
  
  receiving a user identification code and a user password from the host system;
  
  determining whether the user identification code and the user password are respectively identical to a first identification code and a first password; and
  
  if the user identification code and the user password are respectively identical to the first identification code and the first password, transmitting a re-boot command to re-boot the host system, and providing first configuration information to the host system after re-booting the host system, wherein the host system recognizes the second storage area according to the first configuration information and accesses data stored in the second storage area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The data protecting method according to claim 1, wherein the step of providing the default configuration information and the pre-boot codes stored in the first storage area in response to the boot command from the host system comprises:
    - reading encrypted pre-boot codes from the first storage area;
      
      decrypting the encrypted pre-boot codes with a default boot key to obtain the pre-boot codes; and
      
      transmitting the pre-boot codes to the host system.
  - 3. The data protecting method according to claim 1, wherein the step of receiving the user identification code and the user password from the host system comprises:
    - receiving an encrypted user data from the host system; and
      
      decrypting the encrypted user data to obtain the user identification code and the user password.
  - 4. The data protecting method according to claim 1, further comprising:
    - generating a first identification code digest corresponding to the first identification code according to a first one-way hash function;
      
      generating a first password digest corresponding to the first password according to a second one-way hash function;
      
      encrypting a first key with the first password to generate a first ciphertext; and
      
      storing the first identification code digest, the first password digest, and the first ciphertext into a secured area of the rewritable non-volatile memory module.
  - 5. The data protecting method according to claim 4, wherein the step of determining whether the user identification code and the user password are respectively identical to the first identification code and the first password comprises:
    - generating a user identification code digest corresponding to the user identification code according to the first one-way hash function;
      
      generating a user password digest corresponding to the user password according to the second one-way hash function;
      
      reading the first identification code digest and the first password digest from the secured area of the rewritable non-volatile memory module; and
      
      determining whether the user identification code digest and the user password digest are respectively identical to the first identification code digest and the first password digest;
      
      if the user identification code digest and the user password digest are respectively identical to the first identification code digest and the first password digest, recognizing that the user identification code and the user password are respectively identical to the first identification code and the first password;
      
      if the user identification code digest is different from the first identification code digest, outputting an identification code error message; and
      
      if the user password digest is different from the first password digest, outputting a password error message.
  - 6. The data protecting method according to claim 5, further comprising:
    - if the user identification code digest and the user password digest are respectively identical to the first identification code digest and the first password digest, decrypting the first ciphertext with the user password to obtain the first key; and
      
      decrypting data read from the second storage area with the first key.
  - 7. The data protecting method according to claim 1, wherein the rewritable non-volatile memory module further has a third storage area, and the host system is unable to recognize the third storage area according to the default configuration information.
  - 8. The data protecting method according to claim 7, further comprising:
    - determining whether the user identification code and the user password are respectively identical to a second identification code and a second password; and
      
      if the user identification code and the user password are respectively identical to the second identification code and the second password, transmitting the re-boot command to re-boot the host system, and providing second configuration information to the host system after re-booting the host system, wherein the host system recognizes the third storage area according to the second configuration information.
  - 9. The data protecting method according to claim 1, wherein the user identification code and the user password are input through the pre-boot codes executed in the host system.

10. A memory controller for controlling a rewritable non-volatile memory module and comprising:
- a host interface configured to couple to a host system;
  
  a memory interface configured to couple to the rewritable non-volatile memory module, wherein the rewritable non-volatile memory module has at least a first storage area and a second storage area; and
  
  a memory management circuit coupled to the host interface and the memory interface and configured to provide default configuration information and pre-boot codes stored in the first storage area in response to a boot command from the host system, wherein the host system is unable to recognize the second storage area according to the default configuration information, and the pre-boot codes are executed in the host system,wherein the memory management circuit is further configured to receive a user identification code and a user password from the host system and determine whether the user identification code and the user password are respectively identical to a first identification code and a first password,wherein if the user identification code and the user password are respectively identical to the first identification code and the first password, the executed pre-boot codes transmit a re-boot command to re-boot the host system, and the memory management circuit provides first configuration information to the host system after re-booting the host system, wherein the host system recognizes the second storage area according to the first configuration information and accesses data stored in the second storage area.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The memory controller according to claim 10, wherein the memory management circuit reads encrypted pre-boot codes from the first storage area, decrypts the encrypted pre-boot code with a default boot key to obtain the pre-boot codes, and transmits the pre-boot codes to the host system.
  - 12. The memory controller according to claim 10, wherein the memory management circuit receives an encrypted user data from the host system and decrypts the encrypted user data to obtain the user identification code and the user password.
  - 13. The memory controller according to claim 10,wherein the memory management circuit generates a first identification code digest corresponding to the first identification code according to a first one-way hash function, generates a first password digest corresponding to the first password according to a second one-way hash function, encrypts a first key with the first password to generate a first ciphertext, and stores the first identification code digest, the first password digest, and the first ciphertext into a secured area of the rewritable non-volatile memory module.
  - 14. The memory controller according to claim 13, wherein the memory management circuit generates a user identification code digest corresponding to the user identification code according to the first one-way hash function, generates a user password digest corresponding to the user password according to the second one-way hash function, reads the first identification code digest and the first password digest from the secured area of the rewritable non-volatile memory module, and determines whether the user identification code digest and the user password digest are respectively identical to the first identification code digest and the first password digest,wherein if the user identification code digest and the user password digest are respectively identical to the first identification code digest and the first password digest, the memory management circuit recognizes that the user identification code and the user password are respectively identical to the first identification code and the first password,wherein if the user identification code digest is different from the first identification code digest, the memory management circuit outputs an identification code error message,wherein if the user password digest is different from the first password digest, the memory management circuit outputs a password error message.
  - 15. The memory controller according to claim 14, wherein if the user identification code digest and the user password digest are respectively identical to the first identification code digest and the first password digest, the memory management circuit decrypts the first ciphertext with the user password to obtain the first key,wherein the memory management circuit decrypts data read from the second storage area with the first key.
  - 16. The memory controller according to claim 10, wherein the rewritable non-volatile memory module further has a third storage area, and the host system is unable to recognize the third storage area according to the default configuration information,wherein the memory management circuit determines whether the user identification code and the user password are respectively identical to a second identification code and a second password,wherein if the user identification code and the user password are respectively identical to the second identification code and the second password, the executed pre-boot codes transmit the re-boot command to re-boot the host system, and the memory management circuit provides second configuration information to the host system after re-booting the host system, wherein the host system recognizes the third storage area according to the second configuration information.
  - 17. The memory controller according to claim 10, wherein the pre-boot codes executed in the host system display an input interface to require a user to input the user identification code and the user password and transmit the user identification code and the user password to the memory management circuit.

18. A memory storage device comprising:
- a connector configured to couple to a host system;
  
  a rewritable non-volatile memory module having at least a first storage area and a second storage area; and
  
  a memory controller coupled to the connector and the rewritable non-volatile memory module and configured to provide default configuration information and pre-boot codes stored in the first storage area in response to a boot command from the host system, wherein the host system is unable to recognize the second storage area according to the default configuration information, and the pre-boot codes are executed in the host system,wherein the memory controller is further configured to receive a user identification code and a user password from the host system and determine whether the user identification code and the user password are respectively identical to a first identification code and a first password,wherein if the user identification code and the user password are respectively identical to the first identification code and the first password, the executed pre-boot codes transmit a re-boot command to re-boot the host system, and the memory controller provides first configuration information to the host system after re-booting the host system, wherein the host system recognizes the second storage area according to the first configuration information and accesses data stored in the second storage area.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The memory storage device according to claim 18, wherein the memory controller reads encrypted pre-boot codes from the first storage area, decrypts the encrypted pre-boot codes with a default boot key to obtain the pre-boot codes, and transmits the pre-boot codes to the host system.
  - 20. The memory storage device according to claim 18, wherein the memory controller receives an encrypted user data from the host system and decrypts the encrypted user data to obtain the user identification code and the user password.
  - 21. The memory storage device according to claim 18,wherein the memory controller generates a first identification code digest corresponding to the first identification code according to a first one-way hash function, generates a first password digest corresponding to the first password according to a second one-way hash function, encrypts a first key with the first password to generate a first ciphertext, and stores the first identification code digest, the first password digest, and the first ciphertext into a secured area of the rewritable non-volatile memory module.
  - 22. The memory storage device according to claim 21, wherein the memory controller generates a user identification code digest corresponding to the user identification code according to the first one-way hash function, generates a user password digest corresponding to the user password according to the second one-way hash function, reads the first identification code digest and the first password digest from the secured area of the rewritable non-volatile memory module, and determines whether the user identification code digest and the user password digest are respectively identical to the first identification code digest and the first password digest.wherein if the user identification code digest and the user password digest are respectively identical to the first identification code digest and the first password digest, the memory controller recognizes that the user identification code and the user password are respectively identical to the first identification code and the first password,wherein if the user identification code digest is different from the first identification code digest, the memory controller outputs an identification code error message,wherein if the user password digest is different from the first password digest, the memory controller outputs a password error message.
  - 23. The memory storage device according to claim 21, wherein if the user identification code digest and the user password digest are respectively identical to the first identification code digest and the first password digest, the memory controller decrypts the first ciphertext with the user password to obtain the first key,wherein the memory controller decrypts data read from the second storage area with the first key.
  - 24. The memory storage device according to claim 18, wherein the rewritable non-volatile memory module further has a third storage area, and the host system is unable to recognizes the third storage area according to the default configuration information,wherein the memory controller determines whether the user identification code and the user password are respectively identical to a second identification code and a second password,wherein if the user identification code and the user password are respectively identical to the second identification code and the second password, the executed pre-boot codes transmit the re-boot command to re-boot the host system, and the memory controller provides second configuration information to the host system after re-booting the host system, wherein the host system recognizes the third storage area according to the second configuration information.
  - 25. The memory storage device according to claim 18, wherein the pre-boot codes executed in the host system display an input interface to require a user to input the user identification code and the user password and transmit the user identification code and the user password to the memory controller.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Phison Electronics Corporation
Original Assignee
Phison Electronics Corporation
Inventors
Wang, Ching-Hsien, Hsu, Chia-Jung, Peng, Yi-Hung

Granted Patent

US 8,589,669 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 12/0246   in block erasable memory, e...

G06F 21/31   User authentication

G06F 21/575   Secure boot

G06F 21/79   in semiconductor storage me...

G06F 2221/2105   Dual mode as a secondary as...

G06F 9/4406   Loading of operating system

DATA PROTECTING METHOD, MEMORY CONTROLLER AND MEMORY STORAGE DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

DATA PROTECTING METHOD, MEMORY CONTROLLER AND MEMORY STORAGE DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links