Memory storage device and memory controller and virus scanning method thereof

US 8,561,194 B2
Filed: 05/17/2011
Issued: 10/15/2013
Est. Priority Date: 03/15/2011
Status: Active Grant

First Claim

Patent Images

1. A virus scanning method, adapted to a memory storage device coupled to a host system, wherein the memory storage device comprises a rewritable non-volatile memory chip, the rewritable non-volatile memory chip has a plurality of physical blocks, and each of the physical blocks has a plurality of physical addresses, the virus scanning method comprising:

providing a virus signature database, wherein the virus signature database records at least one predetermined file segment and at least one virus signature corresponding to the at least one predetermined file segment;

configuring a plurality of logical addresses to be mapped to a part of the physical addresses, wherein the host system accesses the logical addresses by using a file system, and the file system comprises a file allocation table (FAT);

receiving at least one binary code, wherein the at least one binary code comprises a binary code to be written by the host system or a binary code to be read by the host system and corresponding to an excess address range;

analyzing the FAT to identify a file segment containing the at least one binary code;

identifying the file segment containing the at least one binary code in a logical address linked list;

determining whether the file segment matches any one of the at least one predetermined file segment;

when the file segment matches one of the at least one predetermined file segment, determining whether the at least one binary code matches any one of the at least one virus signature corresponding to the matched predetermined file segment; and

when the at least one binary code matches one of the at least one virus signature corresponding to the matched predetermined file segment, not writing the at least one binary code into the memory storage device or not transmitting the at least one binary code back to the host system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A memory storage device, a memory controller, and a virus scanning method are provided. In the method, a virus signature database recording a predetermined file segment and a corresponding virus signature is provided. A plurality of logical addresses is mapped to a part of a plurality of physical addresses in a rewritable non-volatile memory chip of the memory storage device, a host system accesses the logical addresses by using a file system including a file allocation table (FAT). At lease one binary code is received. The FAT is analyzed to identify a file segment containing the at least one binary code. If the file segment matches the predetermined file segment, the at least one binary code is not written into the memory storage device or transmitted back to the host system when the at least one binary code matches the virus signature corresponding to the predetermined file segment.

Citations

24 Claims

1. A virus scanning method, adapted to a memory storage device coupled to a host system, wherein the memory storage device comprises a rewritable non-volatile memory chip, the rewritable non-volatile memory chip has a plurality of physical blocks, and each of the physical blocks has a plurality of physical addresses, the virus scanning method comprising:
- providing a virus signature database, wherein the virus signature database records at least one predetermined file segment and at least one virus signature corresponding to the at least one predetermined file segment;
  
  configuring a plurality of logical addresses to be mapped to a part of the physical addresses, wherein the host system accesses the logical addresses by using a file system, and the file system comprises a file allocation table (FAT);
  
  receiving at least one binary code, wherein the at least one binary code comprises a binary code to be written by the host system or a binary code to be read by the host system and corresponding to an excess address range;
  
  analyzing the FAT to identify a file segment containing the at least one binary code;
  
  identifying the file segment containing the at least one binary code in a logical address linked list;
  
  determining whether the file segment matches any one of the at least one predetermined file segment;
  
  when the file segment matches one of the at least one predetermined file segment, determining whether the at least one binary code matches any one of the at least one virus signature corresponding to the matched predetermined file segment; and
  
  when the at least one binary code matches one of the at least one virus signature corresponding to the matched predetermined file segment, not writing the at least one binary code into the memory storage device or not transmitting the at least one binary code back to the host system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The virus scanning method according to claim 1 further comprising:
    - when the file segment does not match the at least one predetermined file segment, splitting the file segment into a plurality of sub file segments matching the at least one predetermined file segment;
      
      determining whether the at least one binary code corresponding to the sub file segments matches the at least one virus signature corresponding to the at least one predetermined file segment; and
      
      when the at least one binary code corresponding to the sub file segments matches any one of the at least one virus signature corresponding to the at least one predetermined file segment, not writing the at least one binary code matching the at least one virus signature corresponding to the at least one predetermined file segment into the memory storage device, or not transmitting the at least one binary code matching the at least one virus signature corresponding to the at least one predetermined file segment back to the host system.
  - 3. The virus scanning method according to claim 1 further comprising:
    - finding the logical address linked list corresponding to the file segment containing the at least one binary code from the FAT.
  - 4. The virus scanning method according to claim 1, wherein the rewritable non-volatile memory chip is logically divided into a first partition and a second partition, the logical addresses are mapped to a part of the physical addresses in the first partition, and the second partition stores an auto-execute file and an application program, the virus scanning method further comprising:
    - making an operating system (OS) of the host system to automatically run the auto-execute file; and
      
      automatically executing the application program through the auto-execute file to perform a post-processing procedure.
  - 5. The virus scanning method according to claim 4, wherein the post-processing procedure comprises displaying a warning message to indicate that the at least one binary code is virus-infected, displaying an inquiry message to inquire whether to continue to transmit the at least one binary code, or executing a complete virus cleanup operation.
  - 6. The virus scanning method according to claim 1 further comprising:
    - receiving an entering-suspend-mode signal from the host system;
      
      analyzing the FAT to identify at least one existing file stored in the rewritable non-volatile memory chip; and
      
      before receiving an exiting-suspend-mode signal from the host system, comparing the at least one existing file with the at least one virus signature recorded in the virus signature database to determine whether the at least one existing file is virus-infected.
  - 7. The virus scanning method according to claim 6, wherein a light emitting device is disposed in the memory storage device, and the virus scanning method further comprises:
    - activating the light emitting device when the at least one binary code matches the at least one virus signature corresponding to the matched predetermined file segment or the at least one existing file is virus-infected.
  - 8. The virus scanning method according to claim 1 further comprising:
    - receiving a virus signature updating command and a virus signature updating data; and
      
      updating the virus signature database by using the virus signature updating data.

9. A memory controller, for managing a rewritable non-volatile memory chip in a memory storage device, the memory controller comprising:
- a host system interface, configured to couple a host system;
  
  a memory interface, configured to couple the rewritable non-volatile memory chip, wherein the rewritable non-volatile memory chip has a plurality of physical blocks, and each of the physical blocks has a plurality of physical addresses; and
  
  a memory management circuit, coupled to the host system interface and the memory interface, for providing a virus signature database, wherein the virus signature database records at least one predetermined file segment and at least one virus signature corresponding to the at least one predetermined file segment,wherein the memory management circuit further configures a plurality of logical addresses to be mapped to a part of the physical addresses, the host system accesses the logical addresses by using a file system, and the file system comprises a FAT,wherein when the memory management circuit receives at least one binary code, the memory management circuit further analyzes the FAT to identify a file segment containing the at least one binary code and identifies the file segment containing the at least one binary code in a logical address linked list, wherein the at least one binary code comprises a binary code to be written by the host system or a binary code to be read by the host system and corresponding to an excess address range,the memory management circuit further determines whether the file segment matches any one of the at least one predetermined file segment, and when the file segment matches one of the at least one predetermined file segment, the memory management circuit determines whether the at least one binary code matches any one of the at least one virus signature corresponding to the matched predetermined file segment,when the at least one binary code matches one of the at least one virus signature corresponding to the matched predetermined file segment, the memory management circuit does not write the at least one binary code into the memory storage device or transmit the at least one binary code back to the host system.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The memory controller according to claim 9, wherein when the file segment does not match the at least one predetermined file segment, the memory management circuit splits the file segment into a plurality of sub file segments matching the at least one predetermined file segment and determines whether the at least one binary code corresponding to the sub file segments matches the at least one virus signature corresponding to the at least one predetermined file segment,when the memory management circuit determines that the at least one binary code corresponding to the sub file segments matches any one of the at least one virus signature corresponding to the at least one predetermined file segment, the memory management circuit does not writes the at least one binary code matching the at least one virus signature corresponding to the at least one predetermined file segment into the memory storage device or transmit the at least one binary code matching the at least one virus signature corresponding to the at least one predetermined file segment back to the host system.
  - 11. The memory controller according to claim 9, wherein the memory management circuit further finds the logical address linked list corresponding to the file segment containing the at least one binary code from the FAT.
  - 12. The memory controller according to claim 9, wherein the rewritable non-volatile memory chip is logically divided into a first partition and a second partition, the logical addresses are mapped to a part of the physical addresses in the first partition, and the second partition stores an auto-execute file and an application program, after the memory management circuit not writing the at least one binary code into the memory storage device or not transmitting the at least one binary code back to the host system, the memory management circuit makes an OS of the host system to automatically run the auto-execute file, and the auto-execute file automatically executes the application program to perform a post-processing procedure.
  - 13. The memory controller according to claim 12, wherein the post-processing procedure comprises displaying a warning message to indicate that the at least one binary code is virus-infected, displaying an inquiry message to inquire whether to continue to transmit the at least one binary code, or executing a complete virus cleanup operation.
  - 14. The memory controller according to claim 9, wherein after the memory management circuit receives an entering-suspend-mode signal from the host system, the memory management circuit further analyzes the FAT to identify at least one existing file stored in the rewritable non-volatile memory chip,before the memory management circuit receives an exiting-suspend-mode signal from the host system, the memory management circuit compares the at least one existing file with the at least one virus signature recorded in the virus signature database to determine whether the at least one existing file is virus-infected.
  - 15. The memory controller according to claim 14, wherein a light emitting device is disposed in the memory storage device, and the memory management circuit further activates the light emitting device when the at least one binary code matches the at least one virus signature corresponding to the matched predetermined file segment or the at least one existing file is virus-infected.
  - 16. The memory controller according to claim 9, wherein the memory management circuit further receives a virus signature updating command and a virus signature updating data and updates the virus signature database by using the virus signature updating data.

17. A memory storage device, comprising:
- a rewritable non-volatile memory chip, having a plurality of physical blocks, wherein each of the physical blocks has a plurality of physical addresses;
  
  a connector, configured to couple a host system; and
  
  a memory controller, coupled to the rewritable non-volatile memory chip and the connector, for providing a virus signature database, wherein the virus signature database records at least one predetermined file segment and at least one virus signature corresponding to the at least one predetermined file segment,wherein the memory controller further configures a plurality of logical addresses to be mapped to a part of the physical addresses, wherein the host system accesses the logical addresses by using a file system, and the file system comprises a FAT,when the memory controller receives at least one binary code, the memory controller further analyzes the FAT to identify a file segment containing the at least one binary code and identifies the file segment containing the at least one binary code in a logical address linked list, wherein the at least one binary code comprises a binary code to be written by the host system or a binary code to be read by the host system and corresponding to an excess address range,the memory controller further determines whether the file segment matches any one of the at least one predetermined file segment, and when the file segment matches one of the at least one predetermined file segment, the memory controller determines whether the at least one binary code matches the virus signature corresponding to the matched predetermined file segment,when the at least one binary code matches one of the at least one virus signature corresponding to the matched predetermined file segment, the memory controller does not write the at least one binary code into the memory storage device or transmit the at least one binary code back to the host system.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The memory storage device according to claim 17, wherein when the file segment does not match the at least one predetermined file segment, the memory controller splits the file segment into a plurality of sub file segments matching the at least one predetermined file segment and determines whether the at least one binary code corresponding to the sub file segments matches the at least one virus signature corresponding to the at least one predetermined file segment,when the memory controller determines that the at least one binary code corresponding to the sub file segments matches any one of the at least one virus signature corresponding to the at least one predetermined file segment, the memory controller does not write the at least one binary code matching the at least one virus signature corresponding to the at least one predetermined file segment into the memory storage device or transmit the at least one binary code matching the at least one virus signature corresponding to the at least one predetermined file segment back to the host system.
  - 19. The memory storage device according to claim 17, wherein the memory controller further finds the logical address linked list corresponding to the file segment containing the at least one binary code from the FAT.
  - 20. The memory storage device according to claim 17, wherein the rewritable non-volatile memory chip is logically divided into a first partition and a second partition, the logical addresses are mapped to a part of the physical addresses in the first partition, and the second partition stores an auto-execute file and an application program, after the memory controller not writing the at least one binary code into the memory storage device or not transmitting the at least one binary code back to the host system, the memory controller makes an OS of the host system to automatically run the auto-execute file, and the auto-execute file automatically executes the application program to perform a post-processing procedure.
  - 21. The memory storage device according to claim 20, wherein the post-processing procedure comprises displaying a warning message to indicate that the at least one binary code is virus-infected, displaying an inquiry message to inquire whether to continue to transmit the at least one binary code, or executing a complete virus cleanup operation.
  - 22. The memory storage device according to claim 17, wherein after the memory controller receives an entering-suspend-mode signal from the host system, the memory controller further analyzes the FAT to identify at least one existing file stored in the rewritable non-volatile memory chip,before the memory controller receives an exiting-suspend-mode signal from the host system, the memory controller compares the at least one existing file with the at least one virus signature recorded in the virus signature database to determine whether the at least one existing file is virus-infected.
  - 23. The memory storage device according to claim 22, wherein a light emitting device is disposed in the memory storage device, and the memory controller further activates the light emitting device when the at least one binary code matches the at least one virus signature corresponding to the matched predetermined file segment or the at least one existing file is virus-infected.
  - 24. The memory storage device according to claim 17, wherein the memory controller further receives a virus signature updating command and a virus signature updating data and updates the virus signature database by using the virus signature updating data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Phison Electronics Corporation
Original Assignee
Phison Electronics Corporation
Inventors
Lee, Chien-Fu
Primary Examiner(s)
Mehedi, Morshed
Assistant Examiner(s)
LEE, JASON T

Application Number

US13/109,011
Publication Number

US 20120240230A1
Time in Patent Office

882 Days
Field of Search

726 22- 24
US Class Current

726/24
CPC Class Codes

G06F 21/564 by virus signature recognition

Memory storage device and memory controller and virus scanning method thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Memory storage device and memory controller and virus scanning method thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links