CN1147793C - Semiconductor memory device - Google Patents
Semiconductor memory deviceInfo
- Publication number
- CN1147793C CN1147793C CNB011147628A CN01114762A CN1147793C CN 1147793 C CN1147793 C CN 1147793C CN B011147628 A CNB011147628 A CN B011147628A CN 01114762 A CN01114762 A CN 01114762A CN 1147793 C CN1147793 C CN 1147793C
- Authority
- CN
- China
- Prior art keywords
- data
- user
- semiconductor memory
- memory apparatus
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
- 239000004065 semiconductor Substances 0.000 title claims abstract description 160
- 230000006870 function Effects 0.000 claims abstract description 34
- 238000012545 processing Methods 0.000 claims abstract description 10
- 230000008023 solidification Effects 0.000 claims description 32
- 238000000034 method Methods 0.000 claims description 24
- 230000005059 dormancy Effects 0.000 claims description 14
- 238000006243 chemical reaction Methods 0.000 claims description 11
- 238000001514 detection method Methods 0.000 claims description 7
- 238000012856 packing Methods 0.000 claims description 7
- 230000007246 mechanism Effects 0.000 claims description 6
- 230000004048 modification Effects 0.000 claims description 6
- 238000012986 modification Methods 0.000 claims description 6
- 230000001755 vocal effect Effects 0.000 claims description 5
- 230000000052 comparative effect Effects 0.000 claims description 4
- 210000001210 retinal vessel Anatomy 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 20
- 230000008569 process Effects 0.000 description 12
- 239000003990 capacitor Substances 0.000 description 5
- 241000700605 Viruses Species 0.000 description 3
- 239000013078 crystal Substances 0.000 description 3
- 238000013461 design Methods 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000004913 activation Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005265 energy consumption Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 229920002457 flexible plastic Polymers 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 210000001747 pupil Anatomy 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 230000007474 system interaction Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 230000004308 accommodation Effects 0.000 description 1
- 230000037007 arousal Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 210000003813 thumb Anatomy 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention relates to a semiconductor storage device. The present invention comprises semiconductor storage equipment and a firmware part thereof, a universal interface and a software part, wherein the semiconductor storage equipment is used for storing data, the universal interface is used for connecting the semiconductor storage equipment with a host machine system, and the software part is arranged in a host machine; the semiconductor storage equipment and the firmware part thereof comprise a device control module, a semiconductor storage medium module, a data access module and a secondary encryption and decryption module; the software part which runs in the host machine comprises a primary encryption and decryption module, a file system processing module, a device driving module, a user authentication module and a user control module. The present invention provides the functions of user authentication and data encryption and decryption and makes the operation and access of private information in the host machine having no security measures possible.
Description
Technical field the present invention relates to electric numerical data and handles, and relates in particular to the data safety access method and the system that use semiconductor memory apparatus.
A clear proof of the current scientific technological advance of background technology is that computer technology is by the develop rapidly of mole law, when, memory capacity more and more faster in computing velocity is increasing, the for example PDA(Personal Digital Assistant) of international popular of portable notebook computer and hand-held data handling system has appearred in also more and more miniaturization, lighting.Traditional magnetic disk memory and disc driver are because of volume is too big, heaviness and access speed are too slow and inapplicable, the equipment that people's exploitation makes new advances, for example U.S. Pat 6,148,354 " structures of USB (universal serial bus) PC flash disk " (" ARCHITECTURE FOR AUNIVERSAL SERIAL BUS-BASED PC FLASH DISK ") disclose the flash dish that a kind of USB of employing standard interface is connected in main frame in this patent.Comprise flash memory (flash memory), can realize connector (USB connector), electrical interface (electrical interface), logic interfacing (logical interface), application data bag extraction apparatus (application packet extractor) and the utility command code translator (application commandinterpreter) etc. of USB standard feature, realize flash memory is used for the purpose of PC.But lack the authentication restriction to the user today that popularize day by day in the Internet, ecommerce develops rapidly, lacks the confidential treatment to institute's canned data content, limited the purposes of this flash disc.And this USB PC flash disk is in state of activation all the time after being connected in PC, and energy consumption is bigger, does not meet world's theme of current energy-conserving and environment-protective.
The summary of the invention the technical problem to be solved in the present invention is to avoid above-mentioned the deficiencies in the prior art part and proposes a kind of data safety access method and system that uses semiconductor memory apparatus, authentification of user and data encryption and decipher function are provided, to user's authentication in addition of using this semiconductor memory apparatus, and the information that deposits in this semiconductor memory apparatus carried out encipherment protection, enciphered message is decrypted again when reading; Provide dormancy and arousal function simultaneously, to reduce energy consumption; And the write-protect switch circuit is provided, and provide duplicate protection to the data in this flash memory, prevent the virus intrusion.
The technical problem to be solved in the present invention can be by realizing by the following technical solutions: design and implement a kind of data security access system that uses semiconductor memory apparatus, described semiconductor memory apparatus comprises device control module, semiconductor storage medium module, data access module; Described semiconductor memory apparatus links to each other by general-purpose interface with the data handling system main frame and carries out exchanges data by the information exchanging channel based on general-purpose interface, described data handling system main frame comprises file system processing module and the device driver module corresponding to described semiconductor memory apparatus, and especially the data handling system host side also comprises:
One-level encrypting and decrypting module is encrypted the data of desiring to deposit in described memory device, will be decrypted from the data that this memory device is read;
User authentication module is used to carry out the access rights check of user to memory device;
User's control module supports the user with storage device access authority to select open/to forbid authentification of user mechanism and data ciphering and deciphering mechanism;
Described semiconductor memory apparatus end also comprises secondary encrypting and decrypting module, will be encrypted by the data that described general-purpose interface receives, and perhaps the data that will read from described memory device are decrypted; Described secondary encrypting and decrypting module can adopt the encrypting and decrypting algorithm identical or different with one-level encrypting and decrypting module.
Described device control module comprises general-purpose interface controller and microprocessor unit; Described microprocessor unit is used to control the work of general-purpose interface controller and described semiconductor storage medium, comprises the solidification software program, is realized semiconductor storage medium is carried out data manipulation by the solidification software program; Described general-purpose interface controller links to each other with described semiconductor storage medium, and described microprocessor unit links to each other with semiconductor storage medium, general-purpose interface controller and secondary encrypting and decrypting module, and above-mentioned chord is held the two-way exchange of data and information.
Described microprocessor unit and described general-purpose interface controller can be merged into a functional unit or use an integrated circuit modules.
Also comprise dormancy and wake-up circuit in the described device control module, be connected with described device control module and controlled by it, make this equipment enter dormant state when realizing the free time, activate the function that enters wake-up states when operation requests is arranged.
Described user authentication module can realize that authentication method can comprise that the requirement user provides password, detects user's vocal print, detection user's retinal vessel distribution plan and/or detection user's fingerprint in conjunction with soft, the hardware of prior art.
Described user forbids/opens the authentification of user function by described user's control module, and after the authentification of user function was exempted, it was addressable described semiconductor memory apparatus that the user need not carry out authentification of user; After the authentification of user function was open, the user must can obtain access rights to described semiconductor memory apparatus by authentification of user.
Described general-purpose interface not only comprises USB interface, IEEE 1394 interfaces, can also comprise wireless blue tooth interface, IrDA infrared interface, HomeRF interface, IEEE 802.11a interface and/or IEEE 802.11b interface.
Described semiconductor memory apparatus, use therein storage medium can comprise flash memory, DRAM, EEPROM, SRAM, FRAM and/or MRAM, by one or how soon chip connect by various existing addressing modes.
Be provided with the specific information district in the described semiconductor storage medium, be used for memory device descriptor, user authentication information, authentification of user selection information and/or data ciphering and deciphering and select information.
Described semiconductor memory apparatus also comprises the write-protect switch circuit, utilizes switch to provide physical protection to semiconductor storage medium, makes its content do not rewritten or wipe; Described write-protect switch circuit is connected with semiconductor storage medium with microprocessor unit respectively.
The present invention can also further implement by following technical scheme.
Implement the data safety access method in a kind of semiconductor memory apparatus, adopt aforesaid data security access system, comprise step:
1, the user sends data operation commands to semiconductor memory apparatus by main frame;
2, whether data handling system main frame inspection user authentication function is opened, and whether needs to carry out authentification of user;
3, authentication information that the user is provided and the user authentication information in the semiconductor memory apparatus relatively judge according to comparative result whether the user has the access rights of semiconductor memory apparatus;
4, for user with access rights, judge its operational order type, adopt corresponding execution in step: for the read data operational order, solidification software program in the described semiconductor memory apparatus is according to the data in the described read operation order read semiconductor storage medium, carry out two level decryptions through described secondary encrypting and decrypting module, return to the data handling system main frame through general-purpose interface, after described one-level encrypting and decrypting module is carried out a level decryption, return to user's execution result or status information by the data handling system main frame; For data writing operation order or modification user authentication information operational order, the data that the data handling system main frame will write are issued one-level encrypting and decrypting module and are carried out the one-level encryption, send to semiconductor memory apparatus through general-purpose interface, after secondary encrypting and decrypting module in the described semiconductor memory apparatus is carried out the secondary encryption, by the solidification software program the described data that will write of carrying out after two-stage is encrypted are write in the semiconductor storage medium, return execution result or status information;
For the user who does not have access rights, return state information is also forbidden its data operation request.
Compared with prior art, the present invention adopts unique design, authentification of user and data encrypting and deciphering function are provided in semiconductor memory apparatus, make this semiconductor memory apparatus can deposit important security information in, and the user's authentication in addition to using this semiconductor memory apparatus by authentification of user and data ciphering and deciphering module, user-friendly and carry private data, make that operation access security information becomes possibility on the main frame of not taking secrecy provision.The invention provides hard defencive function, protect the content of semiconductor memory apparatus not rewritten or wipe physically, prevent loss of data, prevent the virus intrusion with write-protect switch.The invention provides dormancy and wake-up circuit when main frame does not have operational order, make semiconductor memory apparatus enter dormant state, cut down the consumption of energy.The present invention uses novel semi-conductor storage medium and general channels interface, can realize not having the movable external memory of driver, no external power supply, and hot-pluggable, plug and play, need not the shutdown; Access speed is fast, and capacity substantially exceeds flexible plastic disc; Volume is little, and is easy to carry, not fragile; More than 20 flash memory can be connected simultaneously to data system, the data handling system of any support general channels can be used in.
Description of drawings Fig. 1 is the software and hardware high-level schematic functional block diagram of semiconductor memory apparatus of the present invention;
Fig. 2 is the authentification of user and the data ciphering and deciphering workflow synoptic diagram of semiconductor memory apparatus of the present invention;
Fig. 3 is the structural principle block diagram that the present invention adopts wired general-purpose interface embodiment;
Fig. 4 is the structural principle block diagram that the present invention adopts USB interface;
Fig. 5 is the structural principle block diagram that the present invention adopts the IEEE1394 interface;
Fig. 6 is the present invention's write-protect switch circuit theory diagrams when adopting USB interface;
Fig. 7 is the circuit theory diagrams of the present invention's microprocessor unit and dormancy and wake-up circuit when adopting USB interface;
Fig. 8 is the circuit theory diagrams of the present invention's DC power convertor when adopting USB interface;
Fig. 9 is the circuit theory diagrams of the present invention's interface controller when adopting USB interface;
Figure 10 is the control and management software systems synoptic diagram that the present invention adopts USB interface and flash memory embodiment;
Figure 11 is the driver process flow diagram that the present invention adopts USB interface and flash memory embodiment;
Figure 12 is the solidification software process flow diagram of employing USB interface of the present invention and flash memory embodiment.
Embodiment is done further detailed explanation below in conjunction with accompanying drawing to the present invention, shown in Fig. 1~12: implement to use the data security access system of semiconductor memory apparatus, described semiconductor memory apparatus comprises device control module, semiconductor storage medium module 1 and data access module; Described semiconductor memory apparatus links to each other by general-purpose interface with the data handling system main frame and carries out exchanges data by the information exchanging channel based on general-purpose interface, described data handling system main frame comprises file system processing module and the device driver module corresponding to described semiconductor memory apparatus, and especially the data handling system host side also comprises:
One-level encrypting and decrypting module is encrypted the data of desiring to deposit in described memory device, will be decrypted from the data that this memory device is read;
User authentication module is used to carry out the access rights check of user to memory device;
User's control module supports the user with storage device access authority to select open/to forbid authentification of user mechanism and data ciphering and deciphering mechanism;
Described semiconductor memory apparatus end also comprises secondary encrypting and decrypting module 25, will be encrypted by the data that described general-purpose interface receives, and perhaps the data that will read from described memory device are decrypted; Described secondary encrypting and decrypting module 25 can adopt the encrypting and decrypting algorithm identical or different with one-level encrypting and decrypting module.
Described device control module comprises general-purpose interface controller 22 and microprocessor unit 21; Described microprocessor unit 21 is used to control the work of general-purpose interface controller 22 and described semiconductor storage medium 1, comprises the solidification software program, is realized semiconductor storage medium 1 is carried out data manipulation by the solidification software program; Described general-purpose interface controller 22 links to each other with described semiconductor storage medium 1, and described microprocessor unit 21 links to each other the two-way exchange of above-mentioned interconnection supports data traffic and information with semiconductor storage medium 1, general-purpose interface controller 22 and secondary encrypting and decrypting module 25.
Described microprocessor unit 21 and described general-purpose interface controller 22 can be merged into a functional unit or use an integrated circuit modules.
Also comprise dormancy and wake-up circuit 24 in the described device control module, be connected with described device control module and controlled by it, make this equipment enter dormant state when realizing the free time, activate the function that enters wake-up states when operation requests is arranged.
Described user authentication module can realize that authentication method can comprise that the requirement user provides password, detects user's vocal print, detection user's retinal vessel distribution plan and/or detection user's fingerprint in conjunction with soft, the hardware of prior art.
Described user forbids/opens the authentification of user function by described user's control module, and after the authentification of user function was exempted, it was addressable described semiconductor memory apparatus that the user need not carry out authentification of user; After the authentification of user function was open, the user must can obtain access rights to described semiconductor memory apparatus by authentification of user.
Described general-purpose interface not only comprises USB interface, IEEE 1394 interfaces, can also comprise wireless blue tooth interface, IrDA infrared interface, HomeRF interface, IEEE 802.11a interface and/or IEEE 802.11b interface.
Described semiconductor memory apparatus, use therein storage medium can comprise flash memory, DRAM, EEPROM, SRAM, FRAM and/or MRAM, by one or how soon chip connect by various existing addressing modes.
Be provided with the specific information district in the described semiconductor storage medium 1, be used for memory device descriptor, user authentication information, authentification of user selection information and/or data ciphering and deciphering and select information.
Described semiconductor memory apparatus also comprises write-protect switch circuit 4, utilizes switch to provide physical protection to semiconductor storage medium 1, makes its content do not rewritten or wipe; Described write-protect switch circuit 4 is connected with semiconductor storage medium 1 with microprocessor unit 21 respectively.
Implement the data safety access method in the semiconductor memory apparatus, adopt aforesaid data security access system, comprise step:
(1), the user sends data operation commands to semiconductor storage by main frame;
(2), whether data handling system main frame inspection user authentication function open, and whether needs to carry out authentification of user;
(3), authentication information that the user is provided and the user authentication information in the semiconductor storage relatively, judge according to comparative result whether the user has the access rights of semiconductor storage;
(4), for user with access rights, judge its operational order type, adopt corresponding execution in step:
For the read data operational order, solidification software program in the described semiconductor memory apparatus is according to the data in the described read operation order read semiconductor storage medium 1, carry out two level decryptions through described secondary encrypting and decrypting module 25, return to the data handling system main frame through general-purpose interface, after described one-level encrypting and decrypting module is carried out a level decryption, return to user's execution result or status information by the data handling system main frame; For data writing operation order or modification user authentication information operational order, the data that the data handling system main frame will write are issued one-level encrypting and decrypting module and are carried out the one-level encryption, send to semiconductor memory apparatus through general-purpose interface, after secondary encrypting and decrypting module 25 in the described semiconductor memory apparatus is carried out the secondary encryption, by the solidification software program the described data that will write of carrying out after two-stage is encrypted are write in the semiconductor storage medium 1, return execution result or status information;
For the user who does not have access rights, return state information is also forbidden its data operation request.
Step (4) comprises, described driver is in the described data handling system main frame, the upper strata host operating system requires the specific read-write operation order of the paired described semiconductor memory apparatus of standard disk read operation command conversion of data manipulation, and to the packing of the read operation order after the conversion, send to underlying operating system, by underlying operating system described particular read operation order is sent to microprocessor unit 21 by described general-purpose interface, carry out read operation by described solidification software program.
Step (4) also comprises, described driver is in the described data handling system main frame, upper strata operating system becomes three different built-in functions to the standard disk write operation command conversion of described semiconductor memory apparatus--and read, wipe and write: carry out an inner read operation, the former meaningful of writing position read out and preserve; Carry out an internal erase operation to remove the data of writing position; New data and legacy data that needs are write combine, and the data after the combination are carried out an inner write operation.
Fig. 1 is the software and hardware high-level schematic functional block diagram of semiconductor memory apparatus of the present invention, comprises by what general-purpose interface was connected operating in the software section in the main frame and being used to store the semiconductor memory apparatus and the solidification software part thereof of data.
Here general-purpose interface refers to wired general-purpose interface or radio universal interface, for example USB interface, IEEE1394 interface, bluetooth (Bluetooth) interface, IrDA infrared interface, HomeRF interface, IEEE802.11a interface, IEEE802.11b interface.
Operate in and comprise user authentication module, one-level encrypting and decrypting module, user's control module file system processing module and device driver module in the software section in the main frame.Wherein, user authentication module is accepted the authentication information of user input, reads the authentication information of being stored simultaneously from semiconductor memory apparatus, and with the two back feedback comparative result relatively in addition, if mate the right that user then obtains to use this equipment, otherwise this user is rejected use; User authentication module supports that also amended user authentication information is written into semiconductor memory apparatus by its user authentication information of user's modification of authentication.The support of user's control module selects to exempt the setting of user authentication process by the user of authentication; After the release, support the user to recover to require the setting of user authentication process.User's control module is also supported to select to exempt the setting of data ciphering and deciphering process by the user of authentication; After the release, the data of reading and writing semiconductor memory apparatus do not need to carry out encrypting and decrypting through the first and second encrypting and decrypting modules; After the release, the setting that the user can restore data encrypting and decrypting function; One-level encrypting and decrypting module is encrypted the data of desiring to deposit in semiconductor memory apparatus, and the data that will read from semiconductor memory apparatus are decrypted; The file system processing module is carried out read operation and write operation according to the desired form of file system, and explanation is the semiconductor memory apparatus operational order from the file operation instruction of main frame and this instruction transformation; The function of device driver module comprises: 1. set up being connected between main frame and the semiconductor memory apparatus according to the agreement of selected general-purpose interface; 2. accept operational order that the file system processing module transmits and data and send to semiconductor memory apparatus according to the protocol requirement form of selected general-purpose interface; 3. accept data and the status information that semiconductor memory apparatus returns from general-purpose interface, and send to the file system processing module.
Fig. 2 is the workflow synoptic diagram of semiconductor memory apparatus of the present invention, to the semiconductor storage medium request user authentication information of being stored and the user authentication information comparison of importing with the user are proposed at the initial state user authentication module, the authentication check mark is set, if identical then the permission used, otherwise refusal uses.The user who enters use may require to read file, written document, modification user authentication information, these three kinds of operations all need the check by the authentication check mark, if by check, deposit semiconductor storage medium in after then encrypting module encryption of written document and amended password process one-level and secondary encrypting module are encrypted; Read file and then from semiconductor storage medium, read file and process secondary deciphering module and the deciphering of one-level deciphering module.
The support of user's control module selects to exempt the setting of user authentication process by the user of authentication.After the release, Any user can use semiconductor memory apparatus to carry out data storage without user authentication process, and under the state of exempting authentification of user, Any user can recover to require the setting of user authentication process.User authentication module is also supported to select to exempt the data ciphering and deciphering function by the user of authentication, after the release, the data of semiconductor memory apparatus that Any user is read and write do not need to carry out encryption and decryption through the first encrypting and decrypting module and the second encrypting and decrypting module, exempting under the state of data ciphering and deciphering the setting that Any user can restore data encrypting and decrypting function.The specific information district is arranged in the semiconductor storage medium, be used for memory device descriptor, user authentication information, authentification of user selection information, data ciphering and deciphering selection information.
Shown in the structural principle block diagram of Fig. 3, the present invention adopts the structure of wired general-purpose interface embodiment to comprise semiconductor storage medium 1, storage control circuit 2, DC power convertor 3, write-protect switch 4.Semiconductor storage medium 1 comprises one or more semiconductor storage modules, is used to store data and control information; Storage control circuit 2 control semiconductor memory apparatus are realized the communication, the reading and writing data in semiconductor storage medium between semiconductor memory apparatus and the main frame, the encrypting and decrypting function that is read and write data; It is the semiconductor memory apparatus power supply that DC power convertor 3 obtains power supply source from general channels, and write-protect switch 4 has the hardware protection function, and the content in the protection semiconductor storage medium can not be changed or wipe.Storage control circuit 2 is controlled semiconductor storage mediums 1 and is checked the state of write-protect switch 4.
To the method that the user carries out authentication, can be that the requirement user inputs password, and verify whether this password is correct that if import password bad, can allow the retry of limited number of times, incorrect all the time, then refusal is read and write semiconductor storage medium 1.The user is carried out the method for authentication; can be that the requirement user provides password; can also be fingerprint, pupil, the vocal print of verifying the user in conjunction with the software and hardware that prior art provides; the user who has only the feature of its fingerprint and pupil, vocal print to meet just is allowed to read and write semiconductor memory 1; mandatory declaration is not limited to enumerate herein, and other kind authentification of user identification ways are combined in and also belong to protection scope of the present invention in the semiconductor memory apparatus of the present invention.
Dormancy and wake-up circuit 24 make flash memory enter dormant state when main frame does not have operational order, cut down the consumption of energy, and when main frame has operational order flash memory wake-up activation from dormant state are entered normal operating state.
Semiconductor memory apparatus of the present invention is designed to an integral body on appearance structure, all component accommodation is arranged on the circuit board in single housing, realizes memory function under the driving of drive software.Flash memory of the present invention does not have mechanical component, and entire equipment remains static during work, and its volume can be done very for a short time, and is big as thumb, easy to carry and use.As one embodiment of the present of invention, semiconductor memory apparatus can not have housing yet.
Be the embodiment that the present invention adopts the general-purpose serial bus USB interface as shown in Figure 4.The semiconductor storage medium of present embodiment adopts flash memory, and adopt the USB connecting interface that semiconductor storage medium is linked to each other with main frame, adopt USB socket 231 as interface socket, the command information between employing usb interface controller 221 control semiconductor memory apparatus and the main frame and the transmission of data.Usb interface controller 221 and microprocessor unit 21 can be same modules.Secondary encrypting and decrypting module 25 is arranged between this module and flash memory.According to the USB standard, DC power convertor 3 inserts power supply by USB socket 231 from main frame.
USB has become new PC industry standard, and all are configured to Pentium II or above computer and compatible and all have USB interface now, so the alternative existing floppy drive of present embodiment flash memory and floppy disk become the standard component of these computers.
Be the embodiment that the present invention adopts the IEEE1394 interface as shown in Figure 5.Present embodiment adopts IEEE1394 connecting interface 202 that semiconductor memory apparatus is linked to each other with main frame, adopt IEEE1394 socket 232 as interface socket, the command information between employing IEEE1394 interface controller 222 control semiconductor memory apparatus and the main frame and the exchange and the transmission of data.According to the IEEE1394 standard, DC power convertor 3 inserts host power supply with IEEE1394 socket 232.
Fig. 6 be the present invention when adopting USB interface semiconductor storage medium 1 adopt the circuit theory diagrams of flash memory, adopt flash memory chip D1, the invention is not restricted to be shown in the embodiment that has only a flash chip among the figure, also can use a plurality of flash chips to connect and management by various existing addressing modes.As shown in Figure 6; its flash memory chip D1 is used to store data; it can adopt but be not limited to the chip that one or more pieces models are TC58V64FT/128FT/256FT/512FT/100FT/K9F6408/K9F2808/K9F280 8/K9F5608/K9K1208, and 5 pin of this chip D1 are connected with 5 pin of write-protect switch S1.
Fig. 7 be the present invention when adopting USB interface, flash memory microprocessor and the circuit theory diagrams of dormancy and wake-up circuit, microprocessor unit 21 is used to control USB controller 221, flash memory 1 and dormancy and wake-up circuit 24.It contains microprocessor chip D4 and two models is 4053 multiway analog switch chip D5, D6, connect 12 pin of chip D4 behind 12,1,3 pin of chip D5, the 12 pin short circuits of D6, connect 13 pin of chip D4 behind 13,2,5 pin of chip D5, the 13 pin short circuits of D6; 11,10,9 pin of chip D5 and 11 pin of D6 connect 44,1,2,3 pin of chip D4 respectively; The leg that the DATA0 of chip D4~DATA7 pin is corresponding with the chip D2 of USB controller 221 and flash memory chip D1 respectively links to each other; No. 4 pin of chip D5 connect No. 4 pin of flash memory D1, and 14 pin of chip D6 connect 42 pin of flash memory D1; 14,15 pin of chip D5 connect 15,16 pin of D2.
Dormancy and wake-up circuit 24 contain triode V1, capacitor C 4, diode V2, resistance R 5~R9; The base stage of triode V1 is connected 12 pin of the chip D2 of serial bus interface controller 22 after resistance R 9, capacitor C 4 and resistance R 8, the emitter of triode V1 connects 4 pin of microprocessor chip D4.
Fig. 8 is the circuit theory diagrams that the present invention adopts the DC power convertor of USB interface, flash memory; Adopt three end power supply D3, and between its port one VSS and port 2VOUT, be connected in parallel capacitor C3 and C6, convert input voltage VCC-BUS to output voltage FVCC-33.
Fig. 9 is the circuit theory diagrams of interface controller that adopt the embodiment of USB interface, flash memory, and its usb interface controller 221 can adopt but be not limited to chip D2, crystal oscillator Y1, capacitor C 1~C2, C7~C8, resistance R 1~R3, R10, the light emitting diode V3 that model is PDIUSBD12; Crystal oscillator Y1, capacitor C 1~C2 are connected in series mutually and form the closed-loop path, connect 22 and 23 pin of chip D2 respectively at the two ends of crystal oscillator Y1, and 25,26 pin of chip D2 are connected 2, No. 3 pin with universal serial bus socket 23 through resistance R 1, R2 respectively.This usb interface controller 221 is responsible for the input and output and the control thereof of usb datas stream, meets USB1.0 and 1.1 or 2.0 standards, has the quick and simple parallel interface that can join with most of single-chip microcomputers, and can realize the function of DMA.
The present invention need not driver and external power supply when adopting USB interface and flash memory, under the control of control and management software, work, its control and management software comprises user authentication module, upper strata operating system, driver (Driver), underlying operating system and solidification software program (Firmware), as shown in figure 10.The solidification software program is the supervisory routine that is cured in the microprocessor unit 21, solidification software program and underlying operating system interaction, driver is loaded between the underlying operating system and upper strata operating system of main frame, and with underlying operating system and upper strata operating system interaction.The process flow diagram of driver and solidification software program such as Figure 11 and shown in Figure 12.
Be example with the semiconductor memory apparatus that adopts USB interface and flash memory below, in conjunction with the accompanying drawings 11, Figure 12, Figure 10 illustrate the course of work of the present invention under the control of control and management software systems.
When inserting semiconductor memory apparatus, host operating system is by the automatic detection to USB interface, excited users authentication module and driver immediately, prompting user input or modification user authentication information, driver is promptly carried out initialization operation, and an indication upper strata operating system corresponding movable memory equipment configuration of generation (or being called the active storage equipment disposition), this memory device that upper strata operating system is insertion produces movable memory equipment configuration and distributes corresponding apparatus to accord with.When user's pointing device accorded with, driver was checked the authentification of user sign, and judged according to this sign, and acceptance is passed through the user of authentication or refused the not user access semiconductor memory apparatus by authenticating.After this driver enters the operation requests state that waits.
When semiconductor memory apparatus is inserted into the USB interface of main frame, the solidification software program in addition that is activated, microprocessor unit 21 begins to carry out the solidification software program that is solidificated in wherein immediately, carry out initialization, this moment, upper strata operating system can be inquired about USB interface chip D2, D2 can produce interrupt request and send microprocessor unit 21 to, microprocessor unit 21 is by to the response of USB interface chip D2 interrupt request and get in touch with upper strata operating system, various characteristics state or sign that operating system is fed back according to USB interface chip D2 and microprocessor unit 21, notice USB interface chip D2 carries out relevant initial setting up with microprocessor D4, for next step exchanges data is got ready.The initialization solidification software program that finishes promptly enters waiting status, waits for operation requests.
When this semiconductor memory apparatus when the USB interface of main frame is extracted, the solidification software program stops carrying out immediately.Host operating system detects this incident automatically and notifies driver immediately; Driver is carried out relevant the processing, and indication operating system is eliminated the movable memory equipment configuration corresponding with this semiconductor memory apparatus; The upper strata host operating system is cancelled corresponding movable memory equipment symbol.
When the upper strata host operating system requires read operation, can give driver the read operation order.Because this operational order belongs to the disk read operation order of standard, do not meet the read operation mode requirement of flash memory, so driver becomes this read operation command conversion the specific action command of flash memory.Afterwards, driver further carries out the USB packing to the operational order after the conversion, and underlying operating system is issued in the read operation order after the packing, by underlying operating system the read operation order is sent to solidification software program in the microprocessor unit 21 by USB interface, carry out read operation by the solidification software program, be to notify microprocessor D4 after usb interface controller D2 receives the read operation order, and microprocessor D4 reads desired data from flash memory D1 under the solidification software programmed control send into the secondary deciphering module and be decrypted after, data and relevant information are passed to underlying operating system by USB interface, and the data and the status information that read return to driver through USB interface by underlying operating system, comprise one-level encrypting and decrypting module in the driver, this module is decrypted institute's read data, and data and the status information after the deciphering sent to upper strata operating system.
When the upper strata host operating system requires memory write, can send to driver to this write operation order.Because this operational order belongs to the disk write operation order of standard, different with the operational order that flash memory requires, so driver can convert it to the specific action command of flash memory.When the write operation order arrived flash memory D1, if writing position has comprised valid data, then new data can't be write direct, and have only after effective data are moved, and just can write new data.Based on this reason, driver converts write operation to three different built-in functions: read, wipe and write.At first, the new data that the one-level encrypting and decrypting program of driver need write is encrypted, and then carries out an inner read operation, and the former meaningful of writing position read out and preserve; And then carry out an internal erase operation, to remove all data of writing position; At last, new data and legacy data that needs are write combine, and the data after the combination are carried out an inner write operation.After above-mentioned three operations were all finished, driver returned to upper strata operating system to the execution state information of write operation, finishes write operation.Its operating process is, when write operation order during to flash memory D1, usb interface controller D2 notice microprocessor D4, and microprocessor D4 under the solidification software programmed control from USB interface control chip D2 reading corresponding data send into flash memory D1.Will carry out when erasable flash memory D1 when operating system, the general channels interface circuit D2 can notify microprocessor D4, and D4 can send a string command to give flash memory D1, thereby wipe the content of respective regions in the D1.Driver can carry out the USB packing respectively to above-mentioned three built-in functions, and underlying operating system is issued in the operation after the packing, send to solidification software program in the microprocessor unit 21 by underlying operating system by USB interface, the solidification software program is carried out this operation, and the operation after data and status information return to underlying operating system by USB, issue driver by underlying operating system then.
As Figure 12, shown in Figure 11, semiconductor memory apparatus of the present invention is except that the disk operating of supporting upper strata host operating system requirement, also support plug and play or other specific operations, the request of this plug and play and other specific operations is from the upper strata host operating system, become the form of suitable semiconductor memory apparatus to pack after USB interface is passed to usb interface controller D2 by the USB standard through driver handles again to underlying operating system, under the control of solidification software program, carry out, and give interface controller D2 with execution result information, return to the upper strata host operating system through USB interface.
Facts have proved, the present invention adopts unique design, authentification of user and data encrypting and deciphering function are provided in semiconductor memory apparatus, make this semiconductor memory apparatus can deposit important security information in, and the user's authentication in addition to using this semiconductor memory apparatus by authentification of user and data ciphering and deciphering module, user-friendly and carry private data, make that operation access security information becomes possibility on the main frame of not taking secrecy provision.The invention provides hard defencive function, protect the content of semiconductor memory apparatus not rewritten or wipe physically, prevent loss of data, prevent the virus intrusion with write-protect switch.The invention provides dormancy and wake-up circuit when main frame does not have operational order, make semiconductor memory apparatus enter dormant state, cut down the consumption of energy.The present invention uses novel semi-conductor storage medium and general channels interface, can realize not having the movable external memory of driver, no external power supply, and hot-pluggable, plug and play, need not the shutdown; Access speed is fast, and capacity substantially exceeds flexible plastic disc; Volume is little, and is easy to carry, not fragile; More than 20 flash memory can be connected simultaneously to data system, the data handling system of any support general channels can be used in.
Claims (13)
1, a kind of data security access system that uses semiconductor memory apparatus, described semiconductor memory apparatus comprises device control module, semiconductor storage medium (1), data access module; Described semiconductor memory apparatus links to each other by general-purpose interface with the data handling system main frame and carries out exchanges data by the information exchanging channel based on general-purpose interface, described data handling system main frame comprises file system processing module and the device driver module corresponding to described semiconductor memory apparatus, it is characterized in that the data handling system host side comprises:
One-level encrypting and decrypting module is encrypted the data of desiring to deposit in described memory device, maybe will be decrypted from the data that this memory device is read;
User authentication module is used to carry out the access rights check of user to memory device;
User's control module is supported to select opening/release authentification of user mechanism and/or data ciphering and deciphering mechanism by the user of authentication;
Described semiconductor memory apparatus end also comprises secondary encrypting and decrypting module (25), will be encrypted by the data that described general-purpose interface receives, and perhaps the data that will read from described memory device are decrypted; Described secondary encrypting and decrypting module (25) can adopt the encrypting and decrypting algorithm different with one-level encrypting and decrypting module.
2, data security access system according to claim 1 is characterized in that, described device control module comprises general-purpose interface controller (22) and microprocessor unit (21); Described microprocessor unit (21) is used to control the work of general-purpose interface controller (22) and described semiconductor storage medium (1), comprises the solidification software program, is realized semiconductor storage medium (1) is carried out data manipulation by the solidification software program; Described general-purpose interface controller (22) links to each other with described semiconductor storage medium (1), described microprocessor unit (21) links to each other the two-way exchange of above-mentioned interconnection supports data traffic and information with semiconductor storage medium (1), general-purpose interface controller (22) and secondary encrypting and decrypting module (25).
3, data security access system according to claim 2 is characterized in that, described microprocessor unit (21) and described general-purpose interface controller (22) can be merged into a functional unit or use an integrated circuit modules.
4, data security access system according to claim 1, it is characterized in that, also comprise dormancy and wake-up circuit (24) in the described device control module, be connected with described device control module and controlled by it, make this equipment enter dormant state when realizing the free time, activate the function that enters wake-up states when operation requests is arranged.
5, data security access system according to claim 1, described user authentication module can realize that authentication method can comprise that the requirement user provides password, detects user's vocal print, detection user's retinal vessel distribution plan and/or detection user's fingerprint in conjunction with soft, the hardware of prior art.
6, data security access system according to claim 1, the user is by described user's control module release/opening authentification of user function, and after the authentification of user function was exempted, it was addressable described semiconductor memory apparatus that the user need not carry out authentification of user; After the authentification of user function was open, the user must can obtain access rights to described semiconductor memory apparatus by authentification of user.
7, data security access system according to claim 1, it is characterized in that, described general-purpose interface not only comprises USB interface, IEEE1394 interface, can also comprise wireless blue tooth interface, IrDA infrared interface, HomeRF interface, IEEE802.11a interface and/or IEEE802.11b interface.
8, data security access system according to claim 1, it is characterized in that, described semiconductor memory apparatus, use therein storage medium can comprise flash memory, DRAM, EEPROM, SRAM, FRAM and/or MRAM, by one or how soon chip connect by various existing addressing modes.
9, data security access system according to claim 1, it is characterized in that, described semiconductor storage medium is provided with the specific information district in (1), is used for memory device descriptor, user authentication information, authentification of user selection information and/or data ciphering and deciphering and selects information.
10, data security access system according to claim 1 is characterized in that, described semiconductor memory apparatus also comprises write-protect switch circuit (4), utilizes switch to provide physical protection to semiconductor storage medium (1), makes its content do not rewritten or wipe; Described write-protect switch circuit (4) is connected with semiconductor storage medium (1) with microprocessor unit (21) respectively.
11, the data safety access method in a kind of semiconductor memory apparatus adopts data security access system as claimed in claim 1, comprises step:
1, the user sends data operation commands to semiconductor memory apparatus by main frame;
2, whether the check of data handling system main frame needs to carry out authentification of user, and whether the authentification of user function is opened;
3, carry out authentification of user if desired, then in the authentication information and semiconductor memory apparatus that the user is provided
The user authentication information of storage relatively judges according to comparative result whether the user has the access rights of semiconductor memory apparatus;
4, for user with access rights, judge its operational order type, adopt corresponding execution in step: for the read data operational order, solidification software program in the described semiconductor memory apparatus is according to the data in the described read operation order read semiconductor storage medium (1), carry out two level decryptions through described secondary encrypting and decrypting module (25), return to the data handling system main frame through general-purpose interface, after described one-level encrypting and decrypting module is carried out a level decryption, return to user's execution result or status information by the data handling system main frame; For data writing operation order or modification user authentication information operational order, the data that the data handling system main frame will write are issued one-level encrypting and decrypting module and are carried out the one-level encryption, send to semiconductor memory apparatus through general-purpose interface, after secondary encrypting and decrypting module (25) in the described semiconductor memory apparatus is carried out the secondary encryption, by the solidification software program the described data that will write of carrying out after two-stage is encrypted are write in the semiconductor storage medium (1), return execution result or status information;
For the user who does not have access rights, return state information is also forbidden its data operation request.
12, data safety access method according to claim 11, its step 4 comprises, described driver is in the described data handling system main frame, the upper strata host operating system requires the specific read-write operation order of the paired described semiconductor memory apparatus of standard disk read operation command conversion of data manipulation, and to the packing of the read operation order after the conversion, send to underlying operating system, by underlying operating system described particular read operation order is sent to microprocessor unit (21) by described general-purpose interface, carry out read operation by described solidification software program.
13, data safety access method according to claim 11, its step 4 comprises, described driver is in the described data handling system main frame, upper strata operating system becomes three different built-in functions to the standard disk write operation command conversion of described semiconductor memory apparatus--read, wipe and write: carry out an inner read operation, the former meaningful of writing position read out and preserve---carries out an internal erase operation to remove the data of writing position; New data and legacy data that needs are write combine, and the data after the combination are carried out an inner write operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB011147628A CN1147793C (en) | 2001-05-30 | 2001-05-30 | Semiconductor memory device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB011147628A CN1147793C (en) | 2001-05-30 | 2001-05-30 | Semiconductor memory device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1317744A CN1317744A (en) | 2001-10-17 |
| CN1147793C true CN1147793C (en) | 2004-04-28 |
Family
ID=4661382
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB011147628A Expired - Lifetime CN1147793C (en) | 2001-05-30 | 2001-05-30 | Semiconductor memory device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1147793C (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1318934C (en) * | 2005-01-18 | 2007-05-30 | 利特国际有限公司 | Data encryption and decryption method of portable data storage device with hierarchical storage structure |
Families Citing this family (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU2002304041A1 (en) * | 2001-11-23 | 2003-06-10 | Netac Technology Co., Ltd. | Semiconductor storage method and device supporting multi-interfaces |
| CN1331061C (en) * | 2001-11-28 | 2007-08-08 | 联想(北京)有限公司 | Movable external memory content enciphering method independent of computer |
| CN1302390C (en) * | 2002-07-25 | 2007-02-28 | 联想(北京)有限公司 | Method and apparatus for using NOT-AND flash as system memory |
| US7873700B2 (en) * | 2002-08-09 | 2011-01-18 | Netapp, Inc. | Multi-protocol storage appliance that provides integrated support for file and block access protocols |
| CN1276363C (en) * | 2002-11-13 | 2006-09-20 | 深圳市朗科科技有限公司 | Method of actualizing safety data storage and algorithm storage in virtue of semiconductor memory device |
| JP4242682B2 (en) * | 2003-03-26 | 2009-03-25 | パナソニック株式会社 | Memory device |
| US6961852B2 (en) * | 2003-06-19 | 2005-11-01 | International Business Machines Corporation | System and method for authenticating software using hidden intermediate keys |
| CN1301465C (en) * | 2003-08-11 | 2007-02-21 | 其乐达科技股份有限公司 | Method, device and system for planning memory |
| CN1700643B (en) * | 2004-05-20 | 2014-07-16 | 深圳市朗科科技股份有限公司 | Data exchange unit and network based data exchange method |
| JP2006018499A (en) * | 2004-06-30 | 2006-01-19 | Sony Corp | Data storage device, data providing system, and data providing method |
| JP4119881B2 (en) * | 2004-11-15 | 2008-07-16 | 株式会社メガチップス | Semiconductor memory device |
| CN100446018C (en) * | 2006-07-11 | 2008-12-24 | 北京飞天诚信科技有限公司 | Secure information storage method and information security apparatus thereof |
| CN100395733C (en) * | 2006-08-01 | 2008-06-18 | 浪潮齐鲁软件产业有限公司 | Method for improving SOC chip security dedicated for financial tax control |
| US8423794B2 (en) * | 2006-12-28 | 2013-04-16 | Sandisk Technologies Inc. | Method and apparatus for upgrading a memory card that has security mechanisms for preventing copying of secure content and applications |
| CN100437618C (en) * | 2006-12-29 | 2008-11-26 | 北京飞天诚信科技有限公司 | Portable information safety device |
| CN101106455B (en) * | 2007-08-20 | 2010-10-13 | 北京飞天诚信科技有限公司 | Identity authentication method and intelligent secret key device |
| CN101345619B (en) * | 2008-08-01 | 2011-01-26 | 清华大学深圳研究生院 | Electronic data protection method and device based on biological characteristic and mobile cryptographic key |
| CN101635019B (en) * | 2009-08-25 | 2011-07-20 | 中国华录集团有限公司 | Encryption System of Embedded Software Program Based on Secure MCU |
| CN103942504B (en) * | 2013-01-17 | 2018-04-06 | 银灿科技股份有限公司 | Portable storage device and data security control method thereof |
| CN108985079B (en) * | 2018-06-08 | 2020-09-08 | 深圳大普微电子科技有限公司 | Data verification method and verification system |
| CN113467841B (en) * | 2021-05-17 | 2024-06-11 | 翱捷智能科技(上海)有限公司 | Dual-operating-system equipment and rapid dormancy and awakening method thereof |
-
2001
- 2001-05-30 CN CNB011147628A patent/CN1147793C/en not_active Expired - Lifetime
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1318934C (en) * | 2005-01-18 | 2007-05-30 | 利特国际有限公司 | Data encryption and decryption method of portable data storage device with hierarchical storage structure |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1317744A (en) | 2001-10-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1147793C (en) | Semiconductor memory device | |
| CN2847380Y (en) | Suspending type enciphering/de-ciphering device | |
| CN1291750A (en) | Electronic flash storage method and device for data processing system | |
| CN1190735C (en) | Data exchange and storing method and device | |
| US8528096B2 (en) | Secure universal serial bus (USB) storage device and method | |
| CN101208657B (en) | Portable integrated circuit storage device and operation method thereof | |
| CN1403926A (en) | Memory | |
| CN101266590A (en) | Method and system for dynamically switching device configuration | |
| CN1687905A (en) | Multi-smart cards for internal operating system | |
| CN1786867A (en) | Method for ciphering and diciphering of file, safety managing storage apparatus and system method thereof | |
| CN1257595A (en) | Fingerprint recognition system | |
| CN1377481A (en) | Removable active, personal storage device, system and method | |
| CN1767033A (en) | Storage medium access control method | |
| CN1501263A (en) | Method of actualizing safety data storage and algorithm storage in virtue of semiconductor memory device | |
| CN1193151A (en) | IC card system and security method of IC card system | |
| CN1661581A (en) | Wireless data storage device and method | |
| CN1152307C (en) | Method and device for implementing fully electronic flash storage | |
| CN1991800A (en) | Fingerprint identification storage device and fingerprint identification method | |
| CN1661582A (en) | Data processing chip and memory device | |
| CN1912884A (en) | Mobile key disc implementing method and device based on biological characteristic identification technology | |
| CN2479547Y (en) | Micro memory with USB plug | |
| CN1595423A (en) | Safety industrial control system with fingerprint encryption | |
| CN1929379A (en) | Intelligent cipher key capable of security control for movable storage device and its working method | |
| CN101079090A (en) | Apparatus for reproducing personal application environment | |
| CN102223227A (en) | Safe and intelligent code memory chip and automatic communication file reestablishing method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee |
Owner name: SHENZHEN CITY LANGKE TECHNOLOGY CO.,LTD. Free format text: FORMER NAME OR ADDRESS: LANGKE SCIENCE AND TECHNOLOGY CO LTD, SHENZHEN CITY |
|
| CP01 | Change in the name or title of a patent holder |
Address after: Guangdong city of Shenzhen province Nanshan District Gao Xin Road Chinese Development Institute of science and technology incubator building, six floor Patentee after: NETAC TECHNOLOGY Co.,Ltd. Address before: Guangdong city of Shenzhen province Nanshan District Gao Xin Road Chinese Development Institute of science and technology incubator building, six floor Patentee before: Netac Technology Co.,Ltd. |
|
| CX01 | Expiry of patent term |
Granted publication date: 20040428 |
|
| CX01 | Expiry of patent term | ||
| DD01 | Delivery of document by public notice |
Addressee: Patent of Shenzhen Longke Technology Co.,Ltd. The person in charge Document name: Notice of expiration and termination of patent right |
|
| DD01 | Delivery of document by public notice |