Storage device including a non-volatile memory

US 20020169960A1
Filed: 02/05/2002
Published: 11/14/2002
Est. Priority Date: 02/07/2001
Status: Active Grant

First Claim

Patent Images

1. A storage device, comprising:

a controller and a 2nd non-volatile memory, said controller including a 1st non-volatile memory, wherein said controller further includes a 1st interface for connecting said controller to a host terminal device, a 2nd interface for connecting said controller to said 2nd non-volatile memory, a central processing device, and a volatile memory utilized by said central processing device, said 1st non-volatile memory including a storage area for storing Ki data used for encrypting or decrypting a program to be executed by said central processing device, said 2nd non-volatile memory including an access-permitted area for storing data from said host terminal device and an access-prohibited area for storing said program encrypted using said Ki data, an access by a user being permitted to said access-permitted area and being limited to said access-prohibited area.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A storage device includes a tamper-resistant module and a flash memory. In correspondence with a command, a CPU inside the tamper-resistant module judges the security of data received from the outside, then recording the data as follows: High-security and small-capacity data is recorded into a memory inside the tamper-resistant module. High-security and large-capacity data is encrypted, then being recorded into the flash memory. Low-security data is recorded as it is into the flash memory. This recording method permits large-capacity data to be stored while ensuring a security (i.e., a security level) corresponding thereto.

Citations

26 Claims

1. A storage device, comprising:
- a controller and a 2nd non-volatile memory, said controller including a 1st non-volatile memory, wherein said controller further includes a 1st interface for connecting said controller to a host terminal device, a 2nd interface for connecting said controller to said 2nd non-volatile memory, a central processing device, and a volatile memory utilized by said central processing device, said 1st non-volatile memory including a storage area for storing Ki data used for encrypting or decrypting a program to be executed by said central processing device, said 2nd non-volatile memory including an access-permitted area for storing data from said host terminal device and an access-prohibited area for storing said program encrypted using said Ki data, an access by a user being permitted to said access-permitted area and being limited to said access-prohibited area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 19, 20)
- - 2. The storage device as claimed in claim 1, wherein said Ki data includes key information and a program used for said encryption or said decryption processing.
  - 3. The storage device as claimed in claim 1, wherein, in correspondence with a command or an attribute of data from said host terminal device, said controller determines whether to access said 1st non-volatile memory or to access said 2nd non-volatile memory.
  - 4. The storage device as claimed in claim 1, wherein, in correspondence with a free available capacity of said 1st non-volatile memory, said controller determines whether to access said 1st non-volatile memory or to access said 2nd non-volatile memory.
  - 5. The storage device as claimed in claim 1, wherein, in correspondence with a command or an attribute of data from said host terminal device, said controller determines whether or not to encrypt general data, said general data having been received from said host terminal device so as to be written into said 2nd non-volatile memory.
  - 6. The storage device as claimed in claim 5, wherein said 1st non-volatile memory further includes a storage area for storing Ki data used for encrypting or decrypting said general data.
  - 7. The storage device as claimed in claim 1, wherein, in correspondence with a free available capacity of said 1st non-volatile memory, said controller determines whether or not to encrypt general data, said general data having been received from said host terminal device so as to be written into said 2nd non-volatile memory.
  - 8. The storage device as claimed in claim 7, wherein said 1st non-volatile memory further includes a storage area for storing Km data used for encrypting or decrypting said general data.
  - 9. The storage device as claimed in claim 1, wherein said 1st non-volatile memory further includes at least one of a storage area for storing Ko data and a storage area for storing Ki data, said Ko data being needed for a server and said host terminal device to perform a cipher communication therebetween, said Ki data being needed for said server and said storage device to perform a cipher communication therebetween, said server being connected to said host terminal device via a network.
  - 10. The storage device as claimed in claim 9, wherein said controller, using said Ki data, encrypts at least one program of a program included in said Ko data and a program included in said Ki data, and then writes said encrypted one program into said access-prohibited area.
  - 11. The storage device as claimed in claim 1, wherein, in correspondence with a security level of said data from said host terminal device, said controller determines whether to access said 1st non-volatile memory or to access said 2nd non-volatile memory.
  - 12. The storage device as claimed in claim 1, wherein, in correspondence with a security level of said data from said host terminal device, said controller determines whether or not to encrypt general data, said general data having been received from said host terminal device so as to be written into said 2nd non-volatile memory.
  - 13. The storage device as claimed in claim 12, wherein said 1st non-volatile memory further includes a storage area for storing Km data used for encrypting or decrypting said general data.
  - 14. The storage device as claimed in claim 1, wherein said controller is an IC chip, said 2nd non-volatile memory being a flash memory chip.
  - 16. The host terminal device as claimed in claim 15, wherein said 1st non-volatile memory further stores Ko key information needed for a server and said host terminal device to perform a cipher communication therebetween, said server being connected to said host terminal device via a network, said 1st central processing device reading out said Ko key information from said 1st non-volatile memory, encrypting said Ko key information by using an encryption key that is capable of being decrypted by said server, and transmitting said encrypted Ko key information to said server, said 1st central processing device then receiving, from said server, data encrypted by using said Ko key information.
  - 17. The host terminal device as claimed in claim 15, wherein said 1st non-volatile memory further stores Ki key information needed for a server and said storage device to perform a cipher communication therebetween, said server being connected to said host terminal device via a network, said 2nd central processing device reading out said Ki key information from said 1st non-volatile memory, encrypting said Ki key information by using an encryption key that is capable of being decrypted by said server, and transmitting said encrypted Ki key information to said server, said 2nd central processing device then receiving, from said server, data encrypted by using said Ki key information.
  - 19. The storage device as claimed in claim 18, wherein said controller, in correspondence with said command or said attribute of said data from said host terminal device, determines whether or not to encrypt said data that has been determined to be written into said 2nd non-volatile memory, said controller then, in accordance with its determined result, encrypting said data and writing said encrypted data into said 2nd non-volatile memory.
  - 20. The storage device as claimed in claim 19, wherein said 1st non-volatile memory includes a storage area for storing data used for encrypting said data.

15. A host terminal device, comprising:
- a connectable/disconnectable storage device including a controller and a 2nd non-volatile memory, said controller including a 1st non-volatile memory, a 1st interface for connecting said host terminal device to said storage device, and a 1st central processing device, wherein said controller further includes a 2nd interface for connecting said controller to said 1st interface, a 3rd interface for connecting said controller to said 2nd non-volatile memory, and a 2nd central processing device, said 1st non-volatile memory including a storage area for storing Ki data used for encrypting or decrypting a program to be executed by said 2nd central processing device, said 2nd non-volatile memory including an access-permitted area for storing data from said host terminal device and an access-prohibited area for storing said program encrypted using said Ki data, an access by a user being permitted to said access-permitted area and being limited to said access prohibited area.

18. A storage device, comprising:
- a controller and a 2nd non-volatile memory, said controller including a 1st non-volatile memory, wherein said controller, in correspondence with a command or an attribute of data from a host terminal device, determines whether to write said data into said 1st non-volatile memory or into said 2nd non-volatile memory, said controller then, depending on its determined result, writing said data into said 1st non-volatile memory or into said 2nd non-volatile memory.

21. A storage device, comprising:
- a controller and a 2nd non-volatile memory, said controller including a 1st non-volatile memory, wherein said controller, in correspondence with a free available capacity of said 1st non-volatile memory, determines whether to write data into said 1st non-volatile memory or into said 2nd non-volatile memory, said data being transmitted from a host terminal device, said controller then, depending on its determined result, writing said data into said 1st non-volatile memory or into said 2nd non-volatile memory.
- View Dependent Claims (22, 23, 25, 26)
- - 22. The storage device as claimed in claim 21, wherein said controller, in correspondence with at least one of a security level of said data from said host terminal device and a command or an attribute of said data from said host terminal device, determines whether or not to encrypt said data that has been determined to be written into said 2nd non-volatile memory, said controller then, in accordance with its determined result, encrypting said data and writing said encrypted data into said 2nd non-volatile memory.
  - 23. The storage device as claimed in claim 22, wherein said 1st non-volatile memory includes a storage area for storing data used for encrypting said data.
  - 25. The storage device as claimed in claim 24, wherein said controller, in correspondence with said security level of said data from said host terminal device, determines whether or not to encrypt said data that has been determined to be written into said 2nd non-volatile memory, said controller then, in accordance with its determined result, encrypting said data and writing said encrypted data into said 2nd non-volatile memory.
  - 26. The storage device as claimed in claim 25, wherein said 1st non-volatile memory includes a storage area for storing data used for encrypting said data.

24. A storage device, comprising:
- a controller and a 2nd non-volatile memory, said controller including a 1st non-volatile memory, wherein said controller, in correspondence with a security level of data from a host terminal device, determines whether to write said data into said 1st non-volatile memory or into said 2nd non-volatile memory, said controller then, depending on its determined result, writing said data into said 1st non-volatile memory or into said 2nd non-volatile memory.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Renesas Electronics Corporation
Original Assignee
Renesas Technology Corporation (Renesas Electronics Corporation)
Inventors
Iguchi, Shinya, Tsunoda, Motoyasu, Totsuka, Takashi, Tsunehiro, Takashi, Mizushima, Nagamasa, Ishihara, Haruji

Granted Patent

US 7,162,645 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/174
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/78   to assure secure storage of...

G06F 2221/2113   Multi-level security, e.g. ...

Storage device including a non-volatile memory

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Storage device including a non-volatile memory

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links