Storage device including a non-volatile memory

US 7,162,645 B2
Filed: 02/05/2002
Issued: 01/09/2007
Est. Priority Date: 02/07/2001
Status: Active Grant

First Claim

Patent Images

1. A storage device, comprising:

a controller and a second non-volatile memory, said controller including a first non-volatile memory, whereinsaid controller further includes a first interface for connecting said controller to a host terminal device, a second interface for connecting said controller to said second non-volatile memory, a central processing device, and a volatile memory utilized by said central processing device,said first non-volatile memory includes a first storage area for storing Km data used for encrypting or decrypting a program to be executed by said central processing device and a second storage area for storing data from said host terminal device,said second non-volatile memory includes an access-permitted area for storing data from said host terminal device and an access-prohibited area for storing said program encrypted using said Km data, an access by a user being permitted to said access-permitted area but being limited to said access-prohibited area, andsaid controller;

stores the data from said host terminal device in said access-permitted area of said second non-volatile memory without encryption, if a security level of the data from said host terminal device is lower than a predetermined level;

checks a free available capacity of said first non-volatile memory, if the security level of the data from said host terminal device is higher than the predetermined level;

stores the data from said host terminal device in said second storage area of said first non-volatile memory, if the free available capacity of said first non-volatile memory is sufficient; and

stores the data from said host terminal device in said access-permitted area of said second non-volatile memory after encrypting the data from said host terminal device by using said Km data, if the free available capacity of said first non-volatile memory is insufficient.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A storage device includes a tamper-resistant module and a flash memory. In correspondence with a command, a CPU inside the tamper-resistant module judges the security of data received from the outside, then recording the data as follows: High-security and small-capacity data is recorded into a memory inside the tamper-resistant module. High-security and large-capacity data is encrypted, then being recorded into the flash memory. Low-security data is recorded as it is into the flash memory. This recording method permits large-capacity data to be stored while ensuring a security (i.e., a security level) corresponding thereto.

107 Citations

View as Search Results

15 Claims

1. A storage device, comprising:
- a controller and a second non-volatile memory, said controller including a first non-volatile memory, whereinsaid controller further includes a first interface for connecting said controller to a host terminal device, a second interface for connecting said controller to said second non-volatile memory, a central processing device, and a volatile memory utilized by said central processing device,said first non-volatile memory includes a first storage area for storing Km data used for encrypting or decrypting a program to be executed by said central processing device and a second storage area for storing data from said host terminal device,said second non-volatile memory includes an access-permitted area for storing data from said host terminal device and an access-prohibited area for storing said program encrypted using said Km data, an access by a user being permitted to said access-permitted area but being limited to said access-prohibited area, andsaid controller;
  
  stores the data from said host terminal device in said access-permitted area of said second non-volatile memory without encryption, if a security level of the data from said host terminal device is lower than a predetermined level;
  
  checks a free available capacity of said first non-volatile memory, if the security level of the data from said host terminal device is higher than the predetermined level;
  
  stores the data from said host terminal device in said second storage area of said first non-volatile memory, if the free available capacity of said first non-volatile memory is sufficient; and
  
  stores the data from said host terminal device in said access-permitted area of said second non-volatile memory after encrypting the data from said host terminal device by using said Km data, if the free available capacity of said first non-volatile memory is insufficient.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The storage device as claimed in claim 1, wherein said Km data includes key information and a program used for said encryption or said decryption processing.
  - 3. The storage device as claimed in claim 1, wherein, in correspondence with a command or an attribute of data from said host terminal device, said controller determines whether to access said first non-volatile memory or to access said second non-volatile memory.
  - 4. The storage device as claimed in claim 1, wherein, in correspondence with a command or an attribute of data from said host terminal device, said controller determines whether or not to encrypt general data, said general data having been received from said host terminal device so as to be written into said second non-volatile memory.
  - 5. The storage device as claimed in claim 1, wherein said first non-volatile memory further includes at least one of a storage area for storing Ko data and a storage area for storing Ki data, said Ko data being used for cipher communication between a server and said host terminal device , said Ki data being used for cipher communication between said server and said storage device , said server being connected to said host terminal device via a network.
  - 6. The storage device as claimed in claim 5, wherein said controller, using said Km data, encrypts at least one program of a program included in said Ko data and a program included in said Ki data, and then writes said encrypted one program into said access-prohibited area.
  - 7. The storage device as claimed in claim 1, wherein said controller is an IC chip, said second non-volatile memory being a flash memory chip.
  - 8. The storage devices a claimed in claim 1, whereinsaid first non-volatile memory includes a storage area for storing Kl data which said central processing device uses for encryption or decryption according to said program stored in said second non-volatile memory.
  - 9. The storage device as claimed in claim 1, whereintamper-resistibility of said controller is higher than that of said second non-volatile memory.
  - 10. The storage device as claimed in claim 1, wherein said controller:
    - checks an attribute of the data from said host terminal device;
      
      checks a free available capacity of said first non-volatile memory, if the data from said host terminal device is smaller than a predetermined capacity based on the attribute checked;
      
      stores the data from said host terminal device in said second storage area of said first non-volatile memory, if the free available capacity of said first non-volatile memory is sufficient;
      
      stores the data from said host terminal device in said access-permitted area of said second non-volatile memory after encrypting the data from said host terminal device by using said Km data, if the free available capacity of said first non-volatile memory is insufficient; and
      
      stores the data from said host terminal device in said access-permitted area of said second non-volatile memory after encrypting the data from said host terminal device by using said Km data, if the data from said host terminal device is larger than said predetermined capacity based on the attribute checked.
  - 11. The storage device as claimed in claim 10, wherein if the data from said host terminal device has no attribute, said controller checks the security level of the data from said terminal device.
  - 12. The storage device as claimed in claim 10, wherein, if the security level of the data from said host terminal device is an intermediate level, said controller stores the data from said host terminal device in said access-permitted area of said second non-volatile memory after encrypting the data from said host terminal device by using said Km data without checking the free available capacity of said first non-volatile memory.

13. A host terminal device, comprising:
- a connectable/disconnectable storage device including a controller and a second non-volatile memory, said controller including a first non-volatile memory,a first interface for connecting said host terminal device to said storage device, anda first central processing device, whereinsaid controller further includes a second interface for connecting said controller to said first interface, a third interface for connecting said controller to said second non-volatile memory, and a second central processing device,said first non-volatile memory includes a first storage area for storing Km data used for encrypting or decrypting a program to be executed by said second central processing device and a second storage area for storing data from said host terminal device,said second non-volatile memory includes an access-permitted area for storing data from said host terminal device and an access-prohibited area for storing said program encrypted using said Km data, an access by a user being permitted to said access-permitted area but being limited to said access-prohibited area, andsaid controller;
  
  stores the data from said host terminal device in said access-permitted area of said second non-volatile memory without encryption, if a security level of the data from said host terminal device is lower than a predetermined level;
  
  checks a free available capacity of said first non-volatile memory, if the security level of the data from said host terminal device is higher than the predetermined level;
  
  stores the data from said host terminal device in said second storage area of said first non-volatile memory, if the free available capacity of said first non-volatile memory is sufficient; and
  
  stores the data from said host terminal device in said access-permitted area of said second non-volatile memory after encrypting the data from said host terminal device by using said Km data, if the free available capacity of said first non-volatile memory is insufficient.
- View Dependent Claims (14, 15)
- - 14. The host terminal device as claimed in claim 13, whereinsaid first non-volatile memory further stores Ko key information used for cipher communication a server and said host terminal device, said server being connected to said host terminal device via a network,said first central processing device reads out said Ko key information from said first non-volatile memory, encrypting said Ko key information by using an encryption key that is capable of being decrypted by said server, and transmitting said encrypted Ko key information to said server,said host terminal device then receives, from said server, data encrypted by using said Ko key information.
  - 15. The host terminal device as claimed in claim 13, whereinsaid first non-volatile memory further stores Ki key information used for cipher communication between a server and said storage device , said server being connected to said host terminal device via a network,said second central processing device reads out said Ki key information from said first non-volatile memory, encrypting said Ki key information by using an encryption key that is capable of being decrypted by said server, and transmitting said encrypted Ki key information to said server via said host terminal device, andsaid host terminal device then receives, from said server, data encrypted by using said Ki key information and transmitting the data thus received to said storage device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Renesas Electronics Corporation
Original Assignee
Renesas Technology Corporation (Renesas Electronics Corporation)
Inventors
Totsuka, Takashi, Mizushima, Nagamasa, Ishihara, Haruji, Tsunoda, Motoyasu, Tsunehiro, Takashi, Iguchi, Shinya
Primary Examiner(s)
Louis-Jacques, Jacques
Assistant Examiner(s)
Szymanski, Thomas

Application Number

US10/062,451
Publication Number

US 20020169960A1
Time in Patent Office

1,799 Days
Field of Search

713/193, 713/152, 380/286
US Class Current

713/193
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/78   to assure secure storage of...

G06F 2221/2113   Multi-level security, e.g. ...

Storage device including a non-volatile memory

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

107 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Storage device including a non-volatile memory

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links