STORAGE SYSTEM AND METHOD FOR PERFORMING AND AUTHENTICATING WRITE-PROTECTION THEREOF

US 20150278118A1
Filed: 02/25/2015
Published: 10/01/2015
Est. Priority Date: 03/28/2014
Status: Active Grant

First Claim

Patent Images

1-5. -5. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, the method includes receiving, at a storage device, a request. The request includes a request message authentication code and write protect information. The write protect information includes at least one of start address information and length information. The start address information indicates a logical block address at which a memory area in a non-volatile memory of the storage device starts, and the length information indicates a length of the memory area. The method also includes generating, at the storage device, a message authentication code based on (1) at least one of the start address information and the length information, and (2) a key stored at the storage device; authenticating, at the storage device, the request based on the generated message authentication code and the request message authentication code; and processing, at the storage device, the request based on a result of the authenticating.

28 Citations

View as Search Results

28 Claims

1-5. -5. (canceled)

6. A storage device, comprising:
- a first memory, the first memory being a non-volatile memory; and
  
  a second memory configured to store a memory partition identifier identifying a partition of the first memory, start address information indicating a logical block address for a memory area in the identified memory partition, and length information indicating a length of the memory area in the identified memory partition; and
  
  the second memory configured to store writable information in association with the start address information and the length information, the writable information indicating whether to apply write protection to the memory area.
- View Dependent Claims (7)
- - 7. The storage device of claim 6, wherein the second memory is configured to store type information in association with the start address information and the length information, the type information indicating a type of write protection to provide the memory area.

8. A method, comprising:
- receiving, at a storage device, a request, the request including a request message authentication code and write protect information, the write protect information including at least one of start address information and length information, the start address information indicating a logical block address at which a memory area in a non-volatile memory of the storage device starts, and the length information indicating a length of the memory area; and
  
  generating, at the storage device, a message authentication code based on (1) at least one of the start address information and the length information, and (2) a key stored at the storage device;
  
  authenticating, at the storage device, the request based on the generated message authentication code and the request message authentication code; and
  
  processing, at the storage device, the request based on a result of the authenticating.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 9. The method of claim 8, whereinthe write protection information includes both the start address information and the length information;
    - andthe generating generates the generated message authentication code based on the start address information, the length information and the key.
  - 10. The method of claim 9, whereinthe write protection information includes the start address information, the length information and a partition identifier, the partition identifier identifying a partition in the non-volatile memory of the storage device, the partition including the memory area;
    - andthe generating generates the generated message authentication code based on the start address information, the length information, the partition identifier and the key.
  - 11. The method of claim 8, whereinthe write protection information includes the start address information, the length information, the partition identifier, and writable information indicating whether to apply write protection to the memory area;
    - andthe generating generates the generated message authentication code based on the start address information, the length information, the partition identifier, the writable information and the key.
  - 12. The method of claim 11, whereinthe write protection information includes the start address information, the length information, the partition identifier, the writable information, and type information indicating a type of write protection to provide the memory area;
    - andthe generating generates the generated message authentication code based on the start address information, the length information, the partition identifier, the writable information, the type information and the key.
  - 13. The method of claim 12, wherein the type information indicates a type selected from a group including at least a first type, the first type indicates that the writable information may be changed once after power on of the memory, and that the writable information indicates to apply write protection at the powering on of the memory.
  - 14. The method of claim 13, whereinthe group includes the first type, a second type and a third type;
    - the second type indicates that the writable information may be changed, and that the writable information indicates no application of write protection after the powering on of the memory; and
      
      the third type indicates that the writable information may be changed.
  - 15. The method of claim 8, wherein the generating generates a hash-based message authentication code.
  - 16. The method of claim 8, whereinthe authenticating authenticates the request if the generated message authentication code matches the request message authentication code;
    - andthe processing processes the request if the request is authenticated.
  - 17. The method of claim 8, wherein the request requests the storage device to update the write protection information with information included in the request.
  - 18. The method of claim 17, wherein the processing comprises:
    - incrementing an update counter if the processing processes the request; and
      
      sending a response message if the processing processes the request, the response message including a count value of the update counter.
  - 19. The method of claim 8, wherein the processing comprises:
    - sending a response message in response to the request if the processing processes the request.
  - 20. The method of claim 8, wherein the processing comprises:
    - storing the write protection information.

21. A method, comprising:
- receiving, at a storage device, a write command to write data to a first area of a non-volatile memory in the storage device; and
  
  determining, at the storage device, whether to process the write command based on stored write protection information for one or more memory areas covered by the first area, for each memory area, the write protection information including,start address information indicating a logical block address of a start of the memory area,length information indicating a length of the memory area, andwritable information indicating whether to apply write protection to the memory area.
- View Dependent Claims (22, 23, 24)
- - 22. The method of claim 21, wherein the determining determines not to process the write command if the first area overlaps one of the memory areas having associated writable information indicating to apply write protection.
  - 23. The method of claim 21, wherein the determining determines the first area overlaps one of the memory areas if an address associated with the write command falls within one of the memory areas.
  - 24. The method of claim 21, whereinfor each memory area, the write protection information further includes,a partition identifier, the partition identifier identifying a partition in the non-volatile memory, the partition including the memory area;
    - andif the length information is set to a reference value, the length information indicates an entirety of the identified partition is write protected; and
      
      the determining determines not to process the write command if the first area overlaps one of the memory areas having associated length information set to the reference value.

25-26. -26. (canceled)

27. A storage device, comprising:
- a non-volatile memory; and
  
  a controller configured to receive a request, the request including a request message authentication code and write protect information, the write protect information including at least one of start address information and length information, the start address information indicating a logical block address at which a memory area of the non-volatile memory starts, and the length information indicating a length of the memory area;
  
  the controller configured to generate a message authentication code based on (1) at least one of the start address information and the length information, and (2) a key stored at the storage device;
  
  the controller configured to authenticate the request based on the generated message authentication code and the request message authentication code; and
  
  the controller configured to process the request based on a result of the authenticating.

28. A storage device, comprising:
- a non-volatile memory;
  
  a controller configured to receive a write command to write data to a first area of a non-volatile memory in the storage device, and to determine whether to process the write command based on stored write protection information for one or more memory areas covered by the first area, for each memory area, the write protection information including,start address information indicating a logical block address of a start of the memory area,length information indicating a length of the memory area, andwritable information indicating whether to apply write protection to the memory area.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Samsung Electronics Co. Ltd.
Original Assignee
Jisoo Kim, Young-Jin Park
Inventors
LEE, Jaegyu, PARK, Young-Jin, KIM, Jisoo, SHIN, Bo-ram

Granted Patent

US 9,984,007 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/1072   in multilevel memories

G06F 11/1441   Resetting or repowering

G06F 12/1441   for a range

G06F 12/145   the protection being virtua...

G06F 12/1466   Key-lock mechanism

G06F 2212/1052   Security improvement

STORAGE SYSTEM AND METHOD FOR PERFORMING AND AUTHENTICATING WRITE-PROTECTION THEREOF

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

STORAGE SYSTEM AND METHOD FOR PERFORMING AND AUTHENTICATING WRITE-PROTECTION THEREOF

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links