Storage device and data destruction method thereof
By combining encryption algorithms and wireless power receivers in storage devices, the problems of high cost and information leakage associated with physical shredding of storage devices are solved, achieving low-cost and secure data deletion and destruction proof.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SAMSUNG ELECTRONICS CO LTD
- Filing Date
- 2021-01-27
- Publication Date
- 2026-07-07
AI Technical Summary
In existing technologies, physically shredding storage devices to delete data is costly and poses a risk of information leakage, failing to effectively protect important data.
It employs a combination of encryption algorithms and wireless power receivers to encrypt and store data, and performs data erasure operations when the security element is destroyed. It uses wireless power to provide energy for data erasure, and combines barcode/QR code/RFID verification devices to confirm the destruction.
It enables low-cost and secure deletion of data from storage devices, reduces the risk of information leakage, provides proof of breach, and simplifies the data protection process.
Smart Images

Figure CN113535600B_ABST
Abstract
Description
[0001] Cross-reference to related applications
[0002] This application claims priority to Korean Patent Application No. 10-2020-0038093, filed on March 30, 2020, with the Korean Intellectual Property Office, the disclosure of which is incorporated herein by reference in its entirety. Technical Field
[0003] This disclosure relates to a storage device and a method for data destruction thereof. Background Technology
[0004] Typically, important data is stored on storage devices such as hard disk drives (HDDs) or solid-state drives (SSDs) installed in computers, laptops, servers, etc. Therefore, in the event of damage to a computer, laptop, server, etc., the data inside its storage device must be completely removed. Physical shredding has been used to completely remove data stored on such storage devices through physical destruction, but physical destruction can be expensive. Summary of the Invention
[0005] On the one hand, it provides a storage device and a method for deleting stored data at low cost.
[0006] According to one or more exemplary embodiments, a storage device is provided, the storage device comprising: at least one non-volatile memory device; a memory controller configured to encrypt data using key information and store the encrypted data in the at least one non-volatile memory device, or configured to read encrypted data from the at least one non-volatile memory device and decrypt the read encrypted data using the key information, and configured to output the decrypted data to an external device; a security element configured to store the key information; and a wireless power receiver configured to receive wireless power from an external wireless device and provide the wireless power to the security element when the key information of the security element is destroyed.
[0007] According to another aspect of one or more exemplary embodiments, a storage device is provided, comprising: at least one non-volatile memory device; and a memory controller configured to control the at least one non-volatile memory device, wherein the memory controller includes: at least one processor configured to control operation of the storage device; a buffer memory configured to temporarily store data; an error correction circuit configured to generate a first error correction code for the first data in a write operation and to generate second data using a second error correction code in a read operation; a cryptographic module configured to generate the first data by encrypting the data using an encryption algorithm in a write operation, or to decrypt the second data using an encryption algorithm in a read operation, and to perform a data corruption operation in response to a data corruption signal; a code memory configured to store code data for operating the memory controller; a host interface circuit configured to provide interface functionality with an external device; a non-volatile memory interface circuit configured to provide interface functionality with the at least one non-volatile memory device; and a wireless power receiver configured to receive wireless power from an external wireless device and to provide wireless power to the cryptographic module when performing a data corruption operation.
[0008] According to another aspect of one or more exemplary embodiments, a data corruption method for a storage device is provided, the storage device including at least one non-volatile memory device, a memory controller, and a security element, the memory controller being configured to encrypt data using an encryption algorithm and store the encrypted data in at least one non-volatile memory device, or being configured to read encrypted data from at least one non-volatile memory device and decrypt the read encrypted data using an encryption algorithm, the security element being configured to store the encryption algorithm or key information related to the encryption algorithm, the data corruption method including: performing a cleanup operation on at least one non-volatile memory device; and performing a data corruption operation in the security element in response to a data corruption signal.
[0009] According to another aspect of one or more exemplary embodiments, a data corruption method is provided, the method comprising: receiving a data corruption signal from a wireless device by each of a plurality of storage devices; and performing a data corruption operation in a security element of each of the plurality of storage devices in response to the data corruption signal, wherein, when the data corruption operation is performed, each of the plurality of storage devices receives wireless power from the wireless device and provides the received wireless power to the security element.
[0010] According to another aspect of one or more exemplary embodiments, a method for destroying data in a storage device is provided, the method comprising: receiving wireless power from an external device outside the storage device; receiving a data destruction signal from the external device; and, in response to the data destruction signal, performing a data destruction operation using the received wireless power. Attached Figure Description
[0011] The above and other aspects will become clearer from the following detailed description taken in conjunction with the accompanying drawings, in which:
[0012] Figure 1 This is a view illustrating a storage device according to an exemplary embodiment;
[0013] Figure 2 It is shown Figure 1 A view of an example of a non-volatile memory device shown;
[0014] Figure 3 It is shown Figure 2 A view of an example of a storage block in a non-volatile memory device;
[0015] Figure 4 It is shown Figure 1 A view of another example of a non-volatile memory device shown;
[0016] Figure 5 It is shown Figure 4 A view of the memory cell array of the non-volatile memory device shown;
[0017] Figure 6 It is shown Figure 1 A view of an example memory controller for a storage device;
[0018] Figure 7 This is a view illustrating a retrieved security module for proof of breach according to an exemplary embodiment;
[0019] Figure 8A , Figure 8B , Figure 8C and Figure 8D This is a view showing the start of a data corruption operation due to physical damage to a safety element;
[0020] Figure 9A , Figure 9B , Figure 9C and Figure 9D This is a view illustrating the process of separating and retrieving a security module from a storage device;
[0021] Figure 10A and Figure 10B This is a view illustrating examples of safety elements according to various exemplary embodiments;
[0022] Figure 11 This is a ladder diagram illustrating the data destruction operation of a security element according to an exemplary embodiment;
[0023] Figure 12This is a ladder diagram illustrating the data destruction operation of a security element according to another exemplary embodiment;
[0024] Figure 13 This is a ladder diagram illustrating the data destruction operation of a security element according to another exemplary embodiment;
[0025] Figure 14 This is a ladder diagram illustrating the data destruction operation of a security element according to another exemplary embodiment;
[0026] Figure 15 This is a ladder diagram illustrating the data destruction operation of a security element according to another exemplary embodiment;
[0027] Figure 16 This is a ladder diagram illustrating data corruption operations in an overwritable memory of a security element according to an exemplary embodiment;
[0028] Figure 17 This is a ladder diagram illustrating data corruption operations in a rewritable memory device of a security element according to another exemplary embodiment;
[0029] Figure 18 This is a ladder diagram illustrating data corruption operations in a non-writable memory device of a security element according to an exemplary embodiment;
[0030] Figure 19A , Figure 19B and Figure 19C This is a flowchart illustrating data erasure techniques in a non-rewritable memory device according to various exemplary embodiments;
[0031] Figure 20 This is a view illustrating data corruption operations for multiple storage devices according to an exemplary embodiment;
[0032] Figure 21A This is a flowchart illustrating a data corruption operation of a storage device according to an exemplary embodiment;
[0033] Figure 21B This is a flowchart illustrating a data corruption operation of a storage device according to another exemplary embodiment;
[0034] Figure 22 This is a view illustrating a storage device according to another exemplary embodiment;
[0035] Figure 23 It is shown Figure 22 A flowchart illustrating an example of data corruption operations on a storage device is shown.
[0036] Figure 24 It is shown Figure 22A flowchart illustrating another example of data corruption operations on a storage device is shown;
[0037] Figure 25 This is a ladder diagram illustrating the process of deleting mapped data / user data from a storage device according to an exemplary embodiment;
[0038] Figure 26 This is a view illustrating a mobile device according to an exemplary embodiment;
[0039] Figure 27 This is a block diagram illustrating a computing system according to an exemplary embodiment;
[0040] Figure 28 This is a block diagram illustrating an electrical system according to an exemplary embodiment; and
[0041] Figure 29 This is a view illustrating a data center employing a memory device according to an exemplary embodiment. Detailed Implementation
[0042] In the following, exemplary embodiments will be described in detail with reference to the accompanying drawings.
[0043] Typically, even when a security element storing important security information (e.g., a security chip) is separated from the storage device, this information can still be obtained from the separated security element without authorization. Therefore, when such a security element is removed, it must be destroyed to prevent leakage of its internal information. Storage devices and data destruction methods according to various exemplary embodiments can securely protect data and easily provide proof of destruction of the storage device when it is destroyed. For example, storage devices according to various exemplary embodiments protect their internal data by removing a security element (e.g., a security chip) after destruction and simplify the method of proving destruction, thereby potentially reducing the likelihood of information leakage and the cost of destruction.
[0044] Figure 1 This is a view illustrating a storage device 100 according to an exemplary embodiment. (Reference) Figure 1 The storage device 100 may include at least one non-volatile memory device NVM 110, a memory controller CNTL 120, a security element SE 130, and a wireless power receiver WPR 140.
[0045] Storage device 100 can be implemented to store user data. For example, storage device 100 can be a solid-state drive (SSD), a memory card (e.g., CompactFlash, Secure Digital (SD), microSD, etc.), a Universal Serial Bus (USB) storage device, etc.
[0046] At least one non-volatile memory device 110 can be implemented to store data. The non-volatile memory device 110 may include NAND flash memory, vertical NAND flash memory (VNAND), NOR flash memory, resistive random access memory (RRAM), phase-change memory (PRAM), magnetoresistive random access memory (MRAM), ferroelectric random access memory (FRAM), spin-transfer torque random access memory (STTMRAM), etc. Furthermore, the non-volatile memory device 110 can be implemented as a three-dimensional (3D) array structure.
[0047] In an exemplary embodiment, the non-volatile memory device 110 can be implemented to store encrypted data.
[0048] The memory controller CNTL 120 can be implemented to control the non-volatile memory device 110 in response to commands or addresses from a host device. The memory controller 110 can send commands, addresses, or control signals (CTRL) to the non-volatile memory device 110, write data to the non-volatile memory device 110, or read data from the non-volatile memory device 110. For example, commands or addresses provided from the host device can be signals based on a communication protocol (e.g., a host interface) previously determined between the host device and the memory controller 120. Additionally, commands, addresses, and control signals provided to the non-volatile memory device 110 can be signals based on a communication protocol (e.g., a non-volatile interface) previously determined between the memory controller 120 and the non-volatile memory device 110.
[0049] Additionally, the memory controller 120 can encrypt data received from the host device based on an encryption algorithm and write the encrypted data into the non-volatile memory device 110. Furthermore, the memory controller 120 can be implemented to decrypt encrypted data read from the non-volatile memory device 110 based on an encryption algorithm. Here, the encryption algorithm can be a symmetric encryption algorithm or an asymmetric encryption algorithm. In an exemplary embodiment, the symmetric encryption algorithm can be Data Encryption Standard (DES), Advanced Encryption Standard (AES) (AES-128, AES-192, AES-256, etc.), SEED, RC4, Twofish, Serpent, Blowfish, CAST5, 3DES, IDEA, etc. In an exemplary embodiment, the asymmetric encryption algorithm can be Diffie-Hellman key exchange, DSS, ElGamal, ECC, RSA, etc.
[0050] In an exemplary embodiment, the memory controller 120 may include a cryptographic module 124 that performs encryption or decryption operations based on an encryption algorithm. Here, the cryptographic module may be implemented in hardware, software, or firmware.
[0051] The secure element SE 130 can be connected to the memory controller 120 and can be implemented to store encryption algorithms and / or key information used to execute the encryption algorithms. For example, in some exemplary embodiments, the secure element SE 130 can be a secure chip. Here, the key information may include encryption key information or decryption key information. In some exemplary embodiments, the secure element 130 can be connected to the memory controller 120 via a flexible printed circuit board (PCB). In some exemplary embodiments, the secure element 130 can be implemented so that it can be easily removed from the memory controller 120 by a user.
[0052] Additionally, the security element 130 can be configured to internally perform a data destruction operation in response to a data destruction request signal. Here, the data destruction operation may include deleting data related to an encryption algorithm stored on the security element 130. The security element 130 may include a data destruction circuit (DDC) 132 configured to perform the data destruction operation.
[0053] In an exemplary embodiment, the security element 130 and the storage device 100 may be implemented with identification information such as barcodes / QR codes / RFID attached thereto for mutual identification.
[0054] Figure 1 The security element 130 shown is disposed externally to the memory controller CNTL 120. However, the exemplary embodiments are not limited thereto. For example, in some exemplary embodiments, the security element may be embedded within the memory controller CNTL 120.
[0055] The wireless power receiver 140 can be implemented to connect to the secure element 130, receive wireless power from the external wireless device 200, and supply the received power to the secure element 130. In an exemplary embodiment, the wireless power receiver 140 can supply power to the secure element 130 during a data destruction operation. That is, the secure element 130 can receive wireless power from the external wireless device 200 without a separate power supply provided on the flexible PCB or otherwise to power the secure element 130, and use the wireless power to perform the data destruction operation.
[0056] In an exemplary embodiment, the power receiver 140 may include an antenna for power transfer. For example, the antenna for power transfer may use near-field communication (NFC) signals to receive wireless power.
[0057] According to an exemplary embodiment, the storage device 100 may store encryption / decryption key information in a secure element 130. The encryption / decryption key information is used to store data in the storage device 100. For example, the encryption / decryption key information can be used to encrypt / decrypt data stored in the storage device 100. When the secure element 130 is physically removed to protect personal information, the encryption / decryption key information can be permanently destroyed. Additionally, according to some exemplary embodiments, the destruction of the storage device 100 (in the sense of rendering the data stored in the storage device 100 unreadable / unusable) can be proven by verifying the pairing between the storage device 100 and the removed secure element 130 using barcodes, QR codes, RFID, etc. Furthermore, according to some exemplary embodiments, the internal key information of the secure element 130 can be deleted using NFC power transfer without separate internal power, thereby potentially allowing the storage device 100 to be reused for storing personal information.
[0058] In some exemplary embodiments, Figure 1 The non-volatile memory device 110 shown can generally be divided into rewritable memory (typically, PRAM / MRAM) and non-rewritable memory (NAND flash memory).
[0059] Figure 2 It is shown Figure 1 This is a view of an example of a non-volatile memory device (NVM) 110. The non-volatile memory device 110 may include a memory cell array 111, an address decoder 112, a page buffer 113, input / output (I / O) circuitry 114, and control logic 115.
[0060] The memory cell array 111 may include multiple memory blocks BLK1-BLKz. Each of the multiple memory blocks may include multiple cell strings. Each of the multiple cell strings may include multiple memory cells. The multiple memory cells may be connected to multiple word lines WL. Each of the multiple memory cells may include a single-level cell (SLC) storing 1 bit or a multi-level cell (MLC) storing at least 2 bits. The address decoder 112 may be connected to the memory cell array 111 via multiple word lines WL, at least one string select line SSL, and at least one ground select line GSL. The address decoder 112 may receive logical addresses from an external source, decode the received logical addresses, and drive the multiple word lines WL. For example, the address ADDR may represent the physical address of the non-volatile memory device 110 translated from a logical address.
[0061] Page buffer 113 can be connected to memory cell array 111 via multiple bit lines BL. Page buffer 113 can be implemented as a control bit line BL, such that, under the control of control logic 115, data DATA received from I / O circuit 114 is stored on memory cell array 111. Under the control of control logic 115, page buffer 113 can read data stored on memory cell array 111 and provide the read data to I / O circuit 114. In an exemplary embodiment, page buffer 113 can receive data from I / O circuit 114 or read data from memory cell array 111 on a page-by-page basis.
[0062] I / O circuit 114 can be implemented to receive data DATA from an external device and provide the received data DATA to page buffer 113.
[0063] Control logic 115 can be implemented to receive a command CMD or at least one control signal CTRL from an external source, and to control the address decoder 112, page buffer 113, and I / O circuitry 114 in response to the received signal. For example, control logic 115 can control other components such that data DATA is stored on memory cell array 111 in response to signals CMD and CTRL. Additionally, control logic 115 can control other components such that data DATA stored on memory cell array 111 is sent to an external device in response to signals CMD and CTRL. The control signal CTRL can be from memory controller 120 (see [link to memory controller]). Figure 1 The signals provided are for controlling the non-volatile memory device 110.
[0064] Control logic 115 can generate various voltages required for the operation of non-volatile memory device 110. For example, control logic 115 can generate multiple programming voltages, multiple pass voltages, multiple selected read voltages, multiple unselected read voltages, multiple erase voltages, and multiple verification voltages. Control logic 115 can provide the various generated voltages to the substrate of address decoder 112 or memory cell array 111.
[0065] Figure 3 It is shown Figure 2 A view of the circuitry of the memory block shown. (Reference) Figure 3 The storage block BLK can include multiple cell strings CS11, CS12, CS21 and CS22.
[0066] Multiple unit strings CS11, CS12, CS21, and CS22 can be arranged along the row and column directions to form rows and columns. For example, unit strings CS11 and CS12 can be connected to string select lines SSL1a and SSL1b to form a first row. Unit strings CS21 and CS22 can be connected to string select lines SSL2a and SSL2b to form a second row. For example, unit strings CS11 and CS21 can be connected to the first bit line BL1 to form a first column. Unit strings CS12 and CS22 can be connected to the second bit line BL2 to form a second column.
[0067] Each of the multiple cell strings CS11, CS12, CS21, and CS22 may include multiple cell transistors. For example, each of the multiple cell strings CS11, CS12, CS21, and CS22 may include string select transistors SSTa and SSTb, multiple memory cells MC1 to MC8, ground select transistors GSTA and GSTb, and pseudo memory cells DMC1 and DMC2. For example, each of the multiple cell transistors included in the multiple cell strings CS11, CS12, CS21, and CS22 may be a charge-trapping flash (CTF) memory cell.
[0068] Multiple memory cells MC1 to MC8 can be connected in series and stacked in a height direction perpendicular to the plane formed by the row and column directions. Serial select transistors SSTa and SSTb can be connected in series, and the series-connected serial select transistors SSTa and SSTb can be provided between the multiple memory cells MC1 to MC8 and the bit line BL. Ground select transistors GSTA and GSTb are connected in series, and the series-connected ground select transistors GSTA and GSTb can be provided between the multiple memory cells MC1 to MC8 and the common source line CSL.
[0069] In an exemplary embodiment, a first pseudo-memory cell DMC1 may be provided between the plurality of memory cells MC1 to MC8 and ground select transistors GSTA and GSTb. In an exemplary embodiment, a second pseudo-memory cell DMC2 may be provided between the plurality of memory cells MC1 to MC8 and string select transistors SSTa and SSTb. The ground select transistors GSTA and GSTb of cell strings CS11, CS12, CS21, and CS22 may be commonly connected to the ground select line GSL. In an exemplary embodiment, ground select transistors in the same row may be connected to the same ground select line, and ground select transistors in different rows may be connected to different ground select lines. For example, the first ground select transistor GSTA of cell strings CS11 and CS12 in the first row may be connected to the first ground select line, and the first ground select transistor GSTA of cell strings CS21 and CS22 in the second row may be connected to the second ground select line.
[0070] In an exemplary embodiment, although not shown, ground select transistors provided at the same height from the substrate can be connected to the same ground select line, and ground select transistors provided at different heights can be connected to other ground select lines. For example, the first ground select transistor GSTA of cell strings CS11, CS12, CS21, and CS22 can be connected to the first ground select line, and the second ground select transistor GSTb can be connected to the second ground select line. Memory cells at the same height from the substrate (or ground select transistors GSTA and GSTb) can be connected to the same word line, and memory cells at different heights can be connected to different word lines. For example, the first memory cells MC1 to the eighth memory cell MC8 of cell strings CS11, CS12, CS21, and CS22 can be connected to the first word line WL1 to the eighth word line WL8, respectively.
[0071] It should be understood that Figure 3 The block BLK shown is merely an example of a block of non-rewritable NAND flash memory. Exemplary embodiments are not particularly limited, and other block BLK structures may be used in some exemplary embodiments.
[0072] Figure 4 This is to illustrate according to another exemplary embodiment. Figure 1 A view of another example of a non-volatile memory device of the storage device 100 shown. (See reference) Figure 4 The non-volatile memory device 110a may include a memory cell array 111a, a word line driver 112a, a bit line driver 113a, a read / write circuit RWC 114a, a data input / output (I / O) circuit 115a, an error correction circuit ECC 116a, and control logic 117a.
[0073] The memory cell array 111a can be connected to the word line driver 112a via multiple word lines WL, and can be connected to the bit line driver 113a via multiple bit lines BL.
[0074] The memory cell array 111a may include multiple memory banks BANK1 to BANKm (where m is an integer of 2 or greater). Each of the multiple memory banks may include multiple blocks TILE1 to TILEj (j is an integer of 2 or greater). Each of the multiple blocks may include multiple memory cells connected to multiple word lines WL and multiple bit lines BL. Here, the memory cells may be connected between the word lines and the bit lines respectively. The memory cells may use resistive material to store at least one bit.
[0075] Word line driver 112a can be connected to memory cell array 111a via word line WL. Word line driver 112a may include at least one row decoder. Here, the row decoder can select one of the word lines using a row address under the control of control logic 117a. Moreover, word line driver 112a can apply a word line voltage to the selected word line. Here, the word line voltage may include read word line voltage, write word line voltage, etc. Although not shown, word line driver 112a may include voltage generation circuitry for generating these word line voltages.
[0076] Bit line driver 113a can be connected to memory cell array 111a via bit line BL. Bit line driver 113a may include at least one column decoder. Here, the column decoder can select one of the bit lines using a column address under the control of control logic 117a. Moreover, bit line driver 113a can apply bit line voltages to the selected bit line. Here, bit line voltages may include read bit line voltages, set bit line voltages, reset bit line voltages, etc. Although not shown, bit line driver 113a may include voltage generation circuitry for generating these bit line voltages.
[0077] The read / write circuit RWC 114a can perform read or write operations on the memory cell array 111a under the control of the control logic 117a. The read / write circuit RWC 114a may include write circuitry and read circuitry.
[0078] The write circuit can be connected to word line driver 112a and bit line driver 113a. The write circuit can be implemented to perform a write operation (set or reset operation) on memory cells connected to selected bit lines and selected word lines under the control of control logic 117a. For example, the write circuit can apply a word line voltage to the selected word line and a bit line voltage to the selected bit line in response to a write control signal from control logic 117a. In an exemplary embodiment, the write circuit can generate a set pulse or reset pulse corresponding to the data to be written during the write operation and apply the set pulse or reset pulse to the selected word line / bit line. In an exemplary embodiment, when writing data to the selected memory cell, the write circuit can determine the write current based on the resistance of the selected memory cell.
[0079] The read circuit can be implemented to read data from memory cells connected to selected bit lines and selected word lines under the control of control logic 117a. For example, the read circuit can read data from memory cells connected to selected bit lines and selected word lines in response to a read control signal from control logic 117a. In an exemplary embodiment, the read circuit can detect the voltage difference between the voltage of the selected word line / bit line and a reference voltage, and perform a sensing operation based on the sensed voltage difference to distinguish ON / OFF cells.
[0080] Data I / O circuit 115a can be implemented to transfer write data received from an external device (e.g., a memory controller) to a data latch of control logic 117a under the control of control logic 117a during a write operation. Furthermore, data I / O circuit 115a can be implemented to output data read from a data register to an external device (e.g., a memory controller) during a read operation. In an exemplary embodiment, data I / O circuit 115a can be implemented to input / output data on a sector-by-sector basis.
[0081] The error correction circuit ECC 116a can generate error correction codes (or parity, low-density parity-check (LDPC) codes) by receiving write data from the data I / O circuit 115a during a write operation. Subsequently, the write data and the codeword with the error correction code can be stored on the memory cell array corresponding to the write address. Additionally, the error correction circuit 116a can use the error correction code to correct errors in read data during a read operation. For example, a codeword is read from the memory cell array corresponding to the read address, and a syndrome can be generated from the read codeword. The syndrome can be used to correct errors in the read codeword.
[0082] Control logic 117a can be implemented to control the overall operation of non-volatile memory device 110a. Control logic 117a can control word line driver 112a, bit line driver 113a, read / write circuit RWC 114a, data I / O circuit 115a, or error correction circuit ECC 116a in response to externally input commands CMD, address ADDR, or control signals. In an exemplary embodiment, control logic 117a can select one of a plurality of write modes and perform a write operation according to the selected write mode. In an exemplary embodiment, the plurality of write modes may include a normal mode, a data comparison write (DCW) mode, an active data comparison write (aDCW) mode, and / or a read skip active data comparison mode (read skip aDCW) mode, and a write operation can be performed in one of these modes. Here, the normal mode is a mode that does not reflect resistance drift, the DCW mode is a mode that reflects resistance drift for the reset state, and the aDCW mode and the read skip aDCW mode are modes that reflect resistance drift in both the set and reset states.
[0083] Figure 5 It is shown Figure 4 A view of a memory cell array of a non-volatile memory device. (Reference) Figure 5 The memory cell array 111a can be implemented as a cross-point structure. Here, a cross-point structure refers to a structure in which a resistive memory cell MC is formed in the region where one line and another line intersect each other. For example, bit lines BL1 to BL4 extend in a first direction, word lines WL1 to WL3 extend in a second direction to intersect with bit lines BL1 to BL4, and the resistive memory cell MC can be formed in the region where bit lines BL1 to BL4 and word lines WL1 to WL3 intersect each other.
[0084] like Figure 5 As shown, the memory cell MC may include a variable resistor GST and a switching element OTS. In an exemplary embodiment, the variable resistor (GST) may be a phase change material. For example, various materials can be used as phase change materials, such as GaSb, InSb, InSe, Sb2Te3, and GeTe (combining two elements), GeSbTe, GaSeTe, InSbTe, SnSb2Te4, and InSbGe (combining three elements), and AgInSbTe, (GeSn)SbTe, GeSb(SeTe), and Te (combining four elements). 81 Ge 15 Sb2S2, etc. In another exemplary embodiment, the variable resistor GST may include perovskite compounds, transition metal oxides, magnetic materials, ferromagnetic materials, or antiferromagnetic materials, rather than phase change materials.
[0085] The switching element OTS can include a bidirectional (ovonic) threshold switch. The switching element can include materials similar to germanium-antimony-telluride (GST) (Ge2Sb2Te5). For example, a bidirectional threshold switch is a combination of selenium (Se), arsenic (As), Ge (germanium), and Si (silicon), and can include chalcogenides that alter the crystalline and amorphous states.
[0086] It should be understood that Figure 5 The memory cells shown are merely examples of rewritable PRAM. Exemplary embodiments are not particularly limited, and other memory cell structures may be used in some exemplary embodiments.
[0087] Figure 6 It is shown Figure 1 A view of the memory controller CNTL 120 of the storage device 100 is shown. (Reference) Figure 6 The memory controller 120 may include at least one processor 121, a buffer memory 122, an error correction circuit (ECC) 123, a cryptographic module 124, a code memory 125, a host interface circuit (host I / F circuit) 126, and a non-volatile memory interface circuit (NVM I / F circuit) 127.
[0088] At least one processor 121 may be implemented to control storage device 100 (see...) Figure 1 The processor 121 may include a central processing unit (CPU) for the overall operation of the system.
[0089] The buffer memory 122 can temporarily store the data required for the operation of the memory controller 120. Figure 6 The buffer memory 122 shown is disposed within the memory controller 120, but it should be understood that the exemplary embodiments are not limited thereto. In some exemplary embodiments, the buffer memory 122 may be disposed as a separate intellectual property (IP) block outside the memory controller 120.
[0090] The error correction circuit ECC 123 can be implemented to: calculate the error correction code value of the data to be written in the write operation (first data), and / or correct errors in the data read in the read operation (second data) based on the error correction code value. The error correction circuit 123 can also be implemented to correct errors in data recovered from the non-volatile memory device 110 during a data recovery operation. The error correction circuit 123 can use coding modulation such as low-density parity-check (LDPC) codes, BCH codes, turbo codes, Reed-Solomon codes, convolutional codes, recursive systematic codes (RSC), trellis-coded modulation (TCM), and block-coded modulation (BCM) to correct errors.
[0091] The cryptographic module CRYPTO MODULE 124 can be implemented to encrypt data (first data) using an encryption algorithm and / or to decrypt encrypted data (second data) using an encryption algorithm. For example... Figure 1 As shown, the cryptographic module 124 can use the key information stored on the secure element 130 to execute encryption algorithms.
[0092] The code memory 125 can be implemented to store the code data required by the operating memory controller 120. Here, the code memory can be implemented as a non-volatile memory device.
[0093] The host interface circuit (host I / F circuit) 126 can be implemented to provide interface functionality with external devices. The host interface circuit 126 can be implemented as non-volatile memory express (NVMe), peripheral component interconnect express (PCIe), Serial Advanced Technology Attachment (SATA), Small Computer System Interface (SCSI), Serial Attached SCSI (SAS), Universal Serial Bus (USB) Attached SCSI (UAS), Internet Small Computer System Interface (iSCSI), Fibre Channel, Ethernet Fibre Channel (FCoE), etc.
[0094] The non-volatile memory interface circuit (NVM I / F circuit) 127 can be implemented to provide interface functionality with the non-volatile memory device 110 (or non-volatile memory device 110a). Figure 6 The safety element SE 130 and wireless power receiver WPR 140 shown can be implemented as an extraction type.
[0095] Figure 6 The security element 130 shown is disposed externally to the memory controller CNTL 120. However, the exemplary embodiments are not limited thereto. In some exemplary embodiments, the security element 130 may be embedded within the memory controller CNTL 120.
[0096] Figure 7 This is a view illustrating a retrieved security module for proving damage to a storage device, according to an exemplary embodiment. (Reference) Figure 7 The retrieved security module 300 may include a connection via a first flexible printed circuit board (FPCB) 301 to the memory controller 120 (see [link to relevant documentation]). Figure 1The system includes a security element 330, a wireless power receiver 340 provided in the second FPCB 302, and a ring 303 attached to the second FPCB 302. In some exemplary embodiments, the security element 330 may be a security chip. In some exemplary embodiments, the ring 303 may be omitted. The wireless power receiver 340 may include at least one antenna for wirelessly receiving power. The security element 330 and the wireless power receiver 340 may correspond to the security element SE 130 and the wireless power receiver 140, respectively.
[0097] In an exemplary embodiment, when a user physically removes the retrievable security module 300 from the storage device 100, physical damage may occur to the security element 330. Here, such physical damage is detected by an internal detector of the security element 330, and the security element 330 can permanently delete important data (personal information, key information, etc.) based on the detection result.
[0098] Figure 8A , Figure 8B , Figure 8C and Figure 8D This is a view showing the data corruption operation initiated due to physical damage to the safety element 330.
[0099] Figure 8A and Figure 8B This shows the connection to memory controller 120 (see...) Figure 1 A view of the retrieved safety module 300. (See reference) Figure 8A and Figure 8B The top plate 331 and bottom plate 332 of the package of safety element 330 can be connected to different devices using an FPCB. For example, the top plate 331 can be connected to a first FPCB 301, and the bottom plate 332 can be connected to a second FPCB 302. In some exemplary embodiments, the top plate 331 can be connected to the first FPCB 301, and the bottom plate 332 can be connected to both the first FPCB 301 and the second FPCB 302.
[0100] like Figure 8C and 8D As shown, when a user physically pulls the ring from the outside, the top plate 331 and the bottom plate 332 of the safety element 330 can be separated. When the active shielding structure connected to the top plate 331 (or to the bottom plate 332) is damaged, the safety element 330 can internally generate an alarm signal (data corruption signal). It should be understood that the exemplary embodiments are not limited thereto. In some embodiments, the alarm signal may be generated by different mechanisms when a user physically pulls the ring from the outside.
[0101] Figure 9A , Figure 9B , Figure 9C and Figure 9D This is a schematic view illustrating the process of separating and retrieving a security module from a storage device. (For example...) Figure 9A As shown, the ring portion of the retrieved security module can be folded for storage within a storage device. Figure 9B As shown, the folded ring section can be unfolded when evidence needs to be destroyed. Figure 9C As shown, the user can pull the ring portion in the unfolded state using their finger. In response to pulling the ring, the top plate 331 and bottom plate 332 of the safety element 330 can be physically separated, as... Figure 8C and Figure 8D As shown. Figure 9D As shown, the retrieved security module may include unique identification information 304. For example, the identification information may be a pairing identification information such as a barcode / QR code / RFID (Radio Frequency Identification) that identifies the correspondence between the motherboard of the storage device and the retrieved security module. Subsequently, the identification information 304 can be used as evidence of destruction when the storage device is damaged.
[0102] The data corruption operation of the security element will be described below.
[0103] Figure 10A and Figure 10B This is a view illustrating examples of safety elements according to various exemplary embodiments.
[0104] refer to Figure 10A The security element 400 may include a data destruction circuit (DDC) 432 and a memory device 434. The data destruction circuit 432 may perform a data destruction operation in response to a data destruction signal to destroy the data in the memory device 434. Here, the memory device 434 may store sensitive personal information or key information.
[0105] In an exemplary embodiment, data destruction can be performed upon receiving power from a wireless power receiver (WPR) (see [link]). Figure 1 ).
[0106] According to some exemplary embodiments, a security element may include a wireless power receiver (WPR). (See reference...) Figure 10B ,and Figure 10A Compared to the safety element shown, safety element 400a may further include a wireless power receiver (WPR) 431. According to various exemplary embodiments, safety elements 400 and 400a may correspond to the aforementioned safety element SE 130 or safety element 330, and wireless power receiver WPR 431 may correspond to the aforementioned wireless power receiver WPR 140 or wireless power receiver WPR 340.
[0107] Figure 11This is a ladder diagram illustrating the data destruction operation of a security element according to an exemplary embodiment. (Reference) Figure 11 Safety element 500 can perform data corruption operations as follows. Safety element 500 may correspond to safety element SE 130, safety element 330, or safety element 400 or 400a.
[0108] The security element 500 can generate a data destruction signal (S11). For example, the security element 500 can generate a data destruction signal according to an internal strategy. Here, the internal strategy may include detecting a destruction operation of the security element 500 (see...). Figures 8A-8D Subsequently, the wireless device 600 can provide wireless power to the secure element 500 (S12). For example, the wireless device 600 can provide wireless power to the secure element 500 using wireless communication. The wireless device 600 may correspond to the wireless device 200 as described above. The secure element 500 can receive wireless power from the wireless device 600 (S13). For example, the secure element 500 can receive wireless power from the wireless device 600 using wireless communication. In some exemplary embodiments, the secure element 500 may separately include a charging capacitor for storing power. The secure element 500 can perform a data destruction operation (S14). For example, the secure element 500 can perform a data destruction operation on a memory device in the secure element using wireless power.
[0109] Generate in safety element 500 Figure 11 The example shown illustrates a data corruption signal. However, the exemplary embodiments are not limited thereto. In some exemplary embodiments, the security element 500 may receive the data corruption signal from outside the security element 500.
[0110] Figure 12 This is a ladder diagram illustrating the data destruction operation of a security element according to another exemplary embodiment. (Reference) Figure 12 The security element 500 can perform data destruction operations as follows: The wireless device 600 can provide wireless power to the security element 500 (S21). For example, the wireless device 600 can provide wireless power to the security element 500 using wireless communication. The wireless device 600 can send a data destruction signal to the security element 500 (S22). Figure 12 The diagram illustrates the transmission of a data destruction signal S22 following wireless power S21. However, this is merely an example, and in some exemplary embodiments, the wireless device 600 may transmit a data destruction signal to the security element 500 while simultaneously providing wireless power to the security element 500. The security element 500 may then perform a data destruction operation (S24). For example, the security element 500 may use wireless power to perform a data destruction operation on an internal memory device.
[0111] In some exemplary embodiments, after the data destruction operation is completed, the security element 500 may generate a completion signal and send the generated completion signal to the wireless device 600.
[0112] Figure 13 This is a ladder diagram illustrating the data destruction operation of a security element according to another exemplary embodiment. (Reference) Figure 13 Operations S21, S22, and S24 are related to Figure 12 The same applies to the examples shown, and therefore, repeated descriptions are omitted for brevity. Figure 12 Compared to the data destruction operation shown, the data destruction operation may further include: generating a completion signal for the data destruction operation (S25), and sending the generated completion signal to the wireless device 600 (S26).
[0113] In some exemplary embodiments, an authentication process may be further included between the secure element 500 and the wireless device 600 before performing a data destruction operation on the secure element 500.
[0114] Figure 14 This is a ladder diagram illustrating the data destruction operation of a security element according to another exemplary embodiment. (Reference) Figure 14 The following data corruption operation can be performed on the security element 500.
[0115] Wireless device 600 can transmit wireless power to secure element 500 (S31). Secure element 500 can receive wireless power from wireless device 600 (S32). Wireless device 600 can send an authentication request to secure element 500 (S33). Secure element 500 can verify the authentication of wireless device 600 in response to the authentication request (S34). If wireless device 600 sends an authorized authentication request, secure element 500 can send an acknowledgment to wireless device 600 (S35). The acknowledgment may include the authentication result. Afterward, wireless device 600 can send a data destruction signal to secure element 500 (S36). Secure element 500 can perform a data destruction operation (S37). For example, secure element 500 can use the received power to perform the data destruction operation. Secure element 500 can generate a completion signal after the data destruction operation is completed (S38) and send the generated completion signal to wireless device 600 (S39).
[0116] In some exemplary embodiments, the security element 500 receives power from an external wireless device 600 during a data corruption operation. However, the exemplary embodiments are not limited thereto. The security element 500, according to some exemplary embodiments, can perform a data corruption operation even when connected to the memory controller 120 (e.g., see [link to relevant documentation]). Figure 1 and Figure 11 ).
[0117] Figure 15 This is a ladder diagram illustrating the data destruction operation of a security element according to another exemplary embodiment. (Reference) Figure 15 ,Apart from Figure 15 The data corruption operation of the security element 500 in the middle is omitted. Figure 14 In the data destruction operation, wireless power is transmitted from wireless device 600 to secure element 500 (S31) and received by secure element 500 from wireless device 600 (S32). The data destruction operation of the secure element is related to... Figure 14 The same as in.
[0118] In some exemplary embodiments, the data corruption operation may be performed differently depending on the type of memory device that is the target of deletion in the security element (e.g., a rewritable memory device and a non-rewritable memory device). In other words, the security element may include a memory device for storing secure data, and the data corruption operation may be performed differently depending on the type of memory device. The data corruption operations performed differently depending on the target of deletion will be described below.
[0119] Figure 16 This is a ladder diagram illustrating data corruption operations in the rewritable memory of a security element according to an exemplary embodiment. (Reference) Figure 16 The data destruction operation of the data destruction circuit DDC 710 for the rewritable memory device 720 in the security element can be performed as follows.
[0120] The data corruption circuit DDC 710 can generate a data corruption signal (S41). For example, the data corruption circuit DDC 710 can internally generate the data corruption signal. The data corruption circuit 710 can generate random data in response to the data corruption signal (S42). The data corruption circuit 710 can send an overwrite request to the rewritable memory device 720 (S43). For example, the data corruption circuit 710 can use the generated random data to send the overwrite request. The rewritable memory device 720 can overwrite the previous data with the random data in response to the overwrite request (S44). In some exemplary embodiments, the random data can be generated by a random number generator. In some exemplary embodiments, the random number generator can be implemented by a Physically Unclonable Function (PUF) circuit. After the overwrite is completed, the rewritable memory device 720 can send a completion signal to the data corruption circuit 710 (S45).
[0121] Overwriting in data corruption operations is not limited to using random data. In some exemplary embodiments, previously determined secure data in an overwriteable memory device can be read, subsequently modified by modulating (encrypting) the read data, and the modified data can be used to overwrite the previously determined secure data.
[0122] Figure 17 This is a ladder diagram illustrating data corruption operations in a rewritable memory device according to another exemplary embodiment of a security element. (Reference) Figure 17 The data destruction operation of the data destruction circuit DDC 710 for the rewritable memory device 720 in the security element can be performed as follows.
[0123] The data corruption circuit DDC 710 can generate a data corruption signal (S51). For example, the data corruption circuit DDC 710 can internally generate the data corruption signal. The data corruption circuit 710 can send a read request to the rewritable memory device 720 (S52). For example, the data corruption circuit 710 can send a read request for secure data to be deleted. In some exemplary embodiments, the read request may be a read request for all data stored on the rewritable memory device 720. In other exemplary embodiments, the read request may be a read request for some data stored on the rewritable memory device 720. The rewritable memory device 720 can send secure data to the data corruption circuit 710 in response to the read request (S53). The data corruption circuit 710 can modify the secure data using a predetermined method (S54). Here, the predetermined method may be modulation technology or encryption technology, etc.
[0124] The data corruption circuit 710 can send an overwrite request to the rewritable memory device 720 (S55). For example, the data corruption circuit 710 can use modulated data to send the overwrite request. The rewritable memory device 720 can, in response to the overwrite request, overwrite the modified security data onto the previous security data (S56). After the overwrite is completed, the rewritable memory device 720 can send a completion signal to the data corruption circuit 710 (S57).
[0125] Figure 18 This is a ladder diagram illustrating data corruption operations in a non-writable memory device of a security element according to an exemplary embodiment. (Reference) Figure 18 The following operations can be performed to corrupt the data in the non-writable memory device 720a in the security element.
[0126] The data corruption circuit DDC 710 can generate a data corruption signal (S61). For example, the data corruption circuit DDC 710 can internally generate the data corruption signal. The data corruption circuit 710 can generate a deletion command in response to the data corruption signal (S62). The data corruption circuit 710 can send the deletion command (CMD) to the non-rewritable memory device 720a (S63). The memory device 720a can perform a deletion operation in response to the deletion command (S64). In some exemplary embodiments, in the case of NAND flash memory, the deletion command can be a sanitization command. After the deletion operation is completed, the non-rewritable memory device 720a can send a completion signal to the data corruption circuit 710 (S65).
[0127] Figure 19A , Figure 19B and Figure 19C This is a flowchart illustrating various data erasure techniques in a non-writable memory according to various exemplary embodiments.
[0128] refer to Figure 19A The non-rewritable memory device 720a, such as NAND flash memory, can receive a deletion command from the data corruption circuit 710 (S71). The non-rewritable memory device 730 can perform an erase operation on a predetermined block (all or part) in response to the received deletion command (S72).
[0129] refer to Figure 19B The non-rewritable memory 720a can receive an erase command from the data destruction circuit 710 (S81). In response to the erase command, the non-rewritable memory device 720a can apply an erase pulse to the substrate of all memory blocks or some of the corresponding memory blocks (S82).
[0130] refer to Figure 19C The non-rewritable memory 720a can receive a deletion command from the data destruction circuit 710 (S91). The non-rewritable memory device 720a can heat the substrate corresponding to all or some of the memory blocks in response to the deletion command (S92).
[0131] In some exemplary embodiments, a wireless device can simultaneously perform data corruption operations on multiple storage devices using wireless communication methods.
[0132] Figure 20 This is a diagram illustrating data corruption operations for multiple storage devices according to an exemplary embodiment. (Reference) Figure 20 Wireless devices 200 (reference) Figure 1 It can broadcast data corruption signals to multiple storage devices (SSDs). Each of the multiple storage devices can include the above-mentioned references. Figures 1 to 1The security element SE described in section 9 can receive a data erasure signal from the wireless device and initiate a data deletion or data destruction operation. Furthermore, after performing the data deletion or data destruction operation, the security element SE can send a completion signal to the wireless device. In some exemplary embodiments, the completion signal may include an identification number corresponding to a storage device (SSD) that successfully completed the data deletion or data destruction operation. In some exemplary embodiments, the wireless device 200 can identify the identification number corresponding to the security element SE. Therefore, the wireless device 200 can prove the destruction of the storage device.
[0133] In some exemplary embodiments, the wireless device 200 may be a mobile device. For example, the wireless device 200 may perform data corruption operations on a storage device (SSD) via a data corruption application installed on the mobile device.
[0134] The method for requesting data corruption is not limited to broadcasting. In some exemplary embodiments, data corruption requests can be sent via unicast or multicast.
[0135] In some exemplary embodiments, during a data corruption operation of a storage device, the internal data of the non-volatile memory device may be deleted first, and then the internal data of the security element may be deleted.
[0136] Figure 21A This is a flowchart illustrating a data corruption operation of a storage device according to an exemplary embodiment. (Reference) Figure 21A Storage device 100 can be executed as follows (see storage device 100) Figure 1 The storage device 100 can perform a cleanup operation (S110) on the non-volatile memory NVM 110. In an exemplary embodiment, when performing the cleanup operation, the storage device 100 can receive wireless power from the host device. Thereafter, the storage device 100 can be disconnected from the host device and the cleanup process can be performed. The security element 130 of the storage device 100 can perform the data corruption operation as described above. Figures 1 to 20 The data destruction operation (S120) is described above. In some exemplary embodiments, when the data destruction operation is performed, the security element 130 can be activated from an external wireless device 200 (see [link to documentation]). Figure 1 It receives wireless power. Therefore, storage device 100 can delete data stored on non-volatile memory device 110 and sensitive information (personal information, key information, financial information, etc.) stored on secure element 130.
[0137] In some exemplary embodiments, a data corruption operation of storage device 100 may include receiving a cleanup command from a host device. In some exemplary embodiments, security element 130 may further include generating a data corruption signal according to an internal policy. In some exemplary embodiments, during a data corruption operation of storage device 100, security element 130 may further receive a data corruption signal from an external wireless device. In some exemplary embodiments, when performing a data corruption operation, storage device 100 may further receive wireless power from an external wireless device. In some exemplary embodiments, a data corruption operation may include overwriting the memory of security element 130, applying an erase pulse to the memory of security element 130, or heating the substrate of the memory of security element 130. In some exemplary embodiments, during a data corruption operation, wireless device 200 may further identify an identification number associated between security element 130 and storage device 100.
[0138] Figure 21B This is a flowchart illustrating a data corruption operation of a storage device according to another exemplary embodiment. (Reference) Figure 21B Storage device 100 can be executed as follows (see storage device 100) Figure 1 The storage device 100 can receive wireless power from an external device (e.g., wireless device 200) (S210). Furthermore, the storage device 100 can receive a data corruption signal from the external device (S220). Then, the storage device 100 can perform a data corruption operation based on the data corruption signal (S230).
[0139] In some exemplary embodiments, performing the data destruction operation S230 may include deleting key information necessary for security in the encryption / decryption operation. In some exemplary embodiments, the data destruction operation may include overwriting the memory storing the key information. In some exemplary embodiments, the data destruction operation may include erasing the memory storing the key information. In some exemplary embodiments, it may further include sending a completion signal to an external device after the data destruction operation is completed.
[0140] In some exemplary embodiments, the data destruction operation may further include: receiving an authentication request signal from an external device; performing an authentication operation on the external device in response to the authentication request signal; and initiating the data destruction operation after the authentication operation is completed.
[0141] In some exemplary embodiments, performing a data destruction operation may include deleting data from at least one non-volatile memory device. In some exemplary embodiments, deleting data may include deleting map data from at least one non-volatile memory device. In some exemplary embodiments, deleting map data may include overwriting or erasing the map data. In other exemplary embodiments, deleting data may include deleting user data from a non-volatile memory device. In some exemplary embodiments, deleting user data may include overwriting or erasing the user data. (Refer to the above...) Figures 1 to 2 The security element described in 1 exists outside the memory controller. However, exemplary embodiments are not limited thereto. According to some exemplary embodiments, the security element may be implemented in a form embedded in the memory controller.
[0142] Figure 22 This is a view illustrating a storage device according to another exemplary embodiment. Reference Figure 22 The storage device 100b may include at least one non-volatile memory device (NVM) 110b and a memory controller CNTL 120b. The memory controller 120b and... Figure 6 The difference between the illustrated memory controller CNTL 120 and the one shown is that the memory controller 120 includes a cryptographic device CRYPTO DEVICE 124a with a secure element function and a wireless power receiver WPR 128 for receiving wireless power from an external wireless device 200. The cryptographic device 124a can perform a data corruption operation to erase its internal data in response to a data corruption signal. Here, the data corruption signal can be generated internally through an internal policy or received externally.
[0143] Figure 23 It is shown Figure 22 A flowchart illustrating an example of data corruption operations on the storage device 100b. (See reference) Figure 22 and Figure 23 The data corruption operation of storage device 100b can be performed as follows: The cryptographic device 124a of memory controller 120b can generate a data corruption signal (S210a). Here, the data corruption signal can be generated when damage to memory controller 120b is detected. The wireless power receiver 128 of memory controller 120b can receive wireless power (S220a). For example, the wireless power receiver 128 of memory controller 120b can receive and store wireless power via wireless communication. The cryptographic device 124a can perform a data corruption operation (S230a). For example, using the power received by wireless power receiver 128, the cryptographic device 124a can perform a data corruption operation to internally delete important data.
[0144] Figure 24 It is shown Figure 22 A flowchart illustrating another example of data corruption operations on the shown storage device 100b. (See reference) Figure 22 and Figure 24 The following data corruption operation can be performed on storage device 100b.
[0145] The memory controller 120b can receive wireless power from the external wireless device 200 (S310). The storage device 100b can perform an authentication operation (S320). For example, the storage device 100b can perform an authentication operation between the storage device 100b and the external wireless device 200. Here, a challenge-response authentication method can be used to perform the authentication operation. Afterwards, the memory controller 120b can perform a data corruption operation (S330). For example, the memory controller 120b can perform a data corruption operation in response to a data corruption signal generated internally or received externally. Here, the data corruption operation can be performed on the cryptographic device 124a or on the non-volatile memory device 110b. Afterwards, when the data corruption operation is completed, the memory controller 120b can generate a data corruption operation completion signal (S340).
[0146] Figure 25 This is a flowchart illustrating a data corruption operation performed on a non-volatile memory device according to an exemplary embodiment. (Reference) Figure 25 Non-volatile memory devices can perform data corruption operations as follows.
[0147] The non-volatile memory device can receive a data corruption request from the memory controller (S410). In response to the data corruption request, the non-volatile memory device can delete mapped data or user data (S420). For example, the non-volatile memory device can perform an erase operation on at least one memory block storing mapped data, or it can perform an erase operation on at least one memory block storing predetermined user data. Afterward, the non-volatile memory device can generate a completion signal for the data corruption operation (S430). The non-volatile memory device can send the completion signal to the memory controller.
[0148] Already referenced Figures 1 to 25 Data corruption for data protection of storage device 100 is described. However, the exemplary embodiments are not limited to data protection of storage devices. The techniques disclosed herein are also applicable to mobile devices.
[0149] Figure 26 This is a view illustrating a mobile device according to an exemplary embodiment. (Reference) Figure 26The mobile device 1000 may include an application processor (AP) 1100, at least one buffer memory 1200, at least one storage device 1300, a display / touch module 1400, and a security element 1500. In some exemplary embodiments, the security element 1500 may be a security chip. The mobile device 1000 may be implemented as a laptop computer, mobile phone, smartphone, tablet PC, wearable computer, etc.
[0150] Application processor (AP) 1100 can be implemented to control the overall operation of mobile device 1000. Application processor 1100 can run applications providing internet browsers, games, videos, etc. In an exemplary embodiment, application processor 1100 may include a single core or multiple cores. In an exemplary embodiment, application processor 1100 may further include internal or external cache memory. Additionally, application processor 1100 may optionally include a controller, neural processing unit (NPU), etc.
[0151] In an exemplary embodiment, the application processor 1100 may be implemented as a system-on-a-chip (SoC). The kernel of the operating system running on the SoC may include an input / output scheduler and a device driver for controlling the storage device 1300. The device driver may control the access performance of the storage device 1300, or control the CPU mode, DVFS level, etc. in the SoC, by referring to the number of synchronization queues managed by the input / output scheduler.
[0152] The buffer memory 1200 can be implemented to store data required for the operation of the application processor 1100. For example, the buffer memory 1200 can temporarily store operating system (OS) and application data, or it can be used as a runtime space for various software codes. Additionally, the buffer memory 1200 can store data related to artificial intelligence operations. In an exemplary embodiment, the buffer memory 1200 can be implemented as DRAM or PRAM.
[0153] Storage device 1300 can be implemented to store user data. Storage device 1300 can be included in mobile device 1000 in an embedded form. In another exemplary embodiment, storage device 1300 can be included in mobile device 1000 in a detachable manner.
[0154] Storage device 1300 can store data collected from at least one sensor or store data such as network data, augmented reality (AR) / virtual reality (VR) data, and high-definition (HD) content. Storage device 1300 may include data from solid-state drives (SSDs), embedded multimedia cards (eMMC), etc.
[0155] The display / touch module 1400 can be implemented to output data or receive input via touch. For example, the display / touch module 1400 can output image data sensed using at least one sensor, or output data calculated using the application processor 1100. Furthermore, the display / touch module 1400 can recognize user touches.
[0156] The security element 1500 can perform or process general security operations of the mobile device 1000. The security element 1500 can store critical information necessary for performing these security operations. The security element 1500 can receive wireless power wirelessly and internally perform data corruption operations, as referenced above. Figures 1 to 26 As stated above.
[0157] Furthermore, the technology disclosed herein can be applied to computing systems.
[0158] Figure 27 This is a block diagram illustrating a computing system according to an exemplary embodiment. (Reference) Figure 27 The computing system 2000 may include at least one memory module (DIMM) 2100, at least one non-volatile memory module (NVDIMM) 2200, and at least one processor 2300. Here, each of the at least one memory module 2100 and the at least one non-volatile memory module 2200 may include a security element SE that performs the data corruption operation described above.
[0159] The technology disclosed herein is applicable to various types of computing systems (e.g., central processing unit (CPU) / graphics processing unit (GPU) / neural processing unit (NPU) platforms).
[0160] The technology disclosed herein is applicable to electrical systems protected from hacking.
[0161] Figure 28 This is a block diagram illustrating an electrical system according to an exemplary embodiment. (Reference) Figure 28 The electrical system 4000 may include an electronic control unit (ECU) 4100, a memory device 4200, at least one dynamic range sensor (DVS) 4300, a display device 4400, a communication processor 4500, and a safety ECU 4600. The electrical system 4000 may be a vehicle electrical system.
[0162] ECU 4100 can be implemented to control the overall operation of electrical system 4000. ECU 4100 can process image data received from DVS 4300. ECU 4100 may include a neural processing unit (NPU). The NPU can quickly derive the optimal image for driving by comparing the images received from DVS 4300 with a learned model.
[0163] The memory device 4200 can be implemented to store learning models related to the operation of the NPU. The memory device 4200 can include volatile or non-volatile memory devices. For example, the memory device 4200 can be DRAM or PRAM, etc.
[0164] The DVS 4300 can be implemented to detect the external environment of the electrical system 4000. The DVS 4300 can output an event signal in response to changes in relative light intensity. The DVS 4300 may include a pixel array comprising multiple DVS pixels and an address event processor.
[0165] The display device 4400 can be implemented to display images processed by the ECU 4100 or images transmitted by the communication processor 4500.
[0166] The communication processor 4500 can be implemented to send processed images to external devices, such as external vehicles, or to receive images from external devices. That is, the communication processor 4500 can be implemented to communicate with external devices via wired or wireless means.
[0167] The safety ECU 4600 can be implemented to control general operations related to the safety of the electrical system 4000. The safety ECU 4600 may include the configuration or function of a safety element that performs the above-mentioned references. Figures 1 to 25 The data destruction operation described. In some exemplary embodiments, when the security ECU 4600 detects a hacker threat, the security ECU 4600 can perform a data destruction operation on the internal data stored in the security ECU.
[0168] Furthermore, this disclosure applies to data server systems.
[0169] Figure 29 This is a view illustrating a data center of a storage device applied according to an exemplary embodiment. (Reference) Figure 29 Data center 7000 is a facility that collects various types of data and provides services; it can also be called a data storage center. Data center 7000 can be a system used to operate search engines and databases, or it can be a computing system used by companies such as banks or government agencies. Data center 7000 can include application servers 7100 to 7100n and storage servers 7200 to 7200m. The number of application servers 7100 to 7100n and the number of storage servers 7200 to 7200m can be selected differently according to exemplary embodiments, and the number of application servers 7100 to 7100n and the number of storage servers 7200 to 7200m can differ from each other.
[0170] Each of the application servers 7100 and each of the storage servers 7200 may respectively include at least one processor 7110 and 7210, and at least one memory 7120 and 7220, respectively. Referring to the storage server 7200 as an example, at least one processor 7210 may control the overall operation of the storage server 7200 and access at least one memory 7220 to execute instructions and / or data loaded in at least one memory 7220. At least one memory 7220 may be Double Data Rate Synchronous DRAM (DDR SDRAM), High Bandwidth Memory (HBM), Hybrid Memory Cube (HMC), Dual In-line Memory Module (DIMM), Optane DIMM, Non-Volatile DIMM (NVMDIMM), etc. According to exemplary embodiments, the number of processors 7210 and the number of memories 7220 included in the storage server 7200 may be selected differently. In exemplary embodiments, the processors 7210 and the memories 7220 may provide processor-memory pairs. In exemplary embodiments, the number of processors 7210 and the number of memories 7220 may be different from each other. Processor 7210 may include a single-core processor or a multi-core processor. The above description of storage server 7200 can be similarly applied to application server 7100. According to some exemplary embodiments, application server 7100 may omit storage device 7150. According to some exemplary embodiments, storage server 7200 may include at least one storage device 7250. The number of storage devices 7250 included in storage server 7200 may be selected differently according to exemplary embodiments.
[0171] Application servers 7100 to 7100n and storage servers 7200 to 7200m can communicate with each other via network 7300. Network 7300 can be implemented using Fibre Channel (FC) or Ethernet. Here, FC can be a medium for relatively high-speed data transmission and can be an optical switch providing high performance / high availability. Depending on the access method of network 7300, storage servers 7200 to 7200m can be provided as file storage, block storage, or object storage.
[0172] In an exemplary embodiment, network 7300 may be a storage-only network, such as a storage area network (SAN). For example, the SAN may be an FC-SAN implemented using an FC network and according to the FC protocol (FCP). As another example, the SAN may be an IP-SAN implemented using a TCP / IP network and according to the iSCSI (SCSI over TCP / IP or Internet SCSI) protocol. In other exemplary embodiments, network 7300 may be a general network such as a TCP / IP network. For example, network 7300 may be implemented according to protocols such as FC over Ethernet (FCoE), network-attached storage (NAS), and NVMe over Fabrics (NVMe-oF).
[0173] The following text will primarily describe the application server 7100 and the storage server 7200. The description of the application server 7100 can also be applied to other application servers 7100n, and the description of the storage server 7200 can also be applied to other storage servers 7200m.
[0174] Application server 7100 can store data requested by users or clients in one of storage servers 7200 to 7200m via network 7300. Additionally, application server 7100 can retrieve data requested by users or clients from one of storage servers 7200 to 7200m via network 7300. For example, application server 7100 can be implemented as a web server, a database management system (DBMS), etc.
[0175] Application server 7100 can access memory 7120n or storage device 7150n included in another application server 7100n via network 7300, or access memory 7220 to 7220m or storage device 7250 to 7250m included in storage servers 7200 to 7200m via network 7300. Therefore, application server 7100 can perform various operations on data stored on application servers 7100 to 7100n and / or storage servers 7200 to 7200m. For example, application server 7100 can run commands to move or copy data between application servers 7100 to 7100n and / or storage servers 7200 to 7200m. Here, data can be moved directly or via storage devices 7250 to 7250m of storage servers 7200 to 7200m to storage devices 7220 to 7220m of application servers 7100 to 7100n. Data moved over network 7300 can be encrypted for security or privacy purposes.
[0176] Referring to the storage server 7200 as an example, interface (NIC) 7254 can provide physical connections between processor 7210 and controller 7251, and between NIC 7240 and controller 7251. For example, interface 7254 can be implemented using a Direct Attach Storage (DAS) method, which directly accesses storage device 7250 via a dedicated cable. Alternatively, interface 7254 can be implemented using various interface methods, such as Advanced Technology Attachment (ATA), Serial ATA (SATA), External SATA (e-SATA), Small Computer Small Interface (SCSI), Serial Attached SCSI (SAS), Peripheral Component Interconnect (PCI), PCI Express (PCIe), NVM Express (NVMe), IEEE 1394, Universal Serial Bus (USB), Secure Digital (SD) card, Multimedia Card (MMC), Embedded Multimedia Card (e-MMC), Universal Flash Storage (UFS), Embedded Universal Flash Storage (eUFS), and Compact Flash (CF) card interfaces.
[0177] The storage server 7200 may also include a switch 7230 and a NIC 7240. The switch 7230 can selectively connect the processor 7210 and the storage device 7250, or selectively connect the NIC 7240 and the storage device 7250, under the control of the processor 7210.
[0178] In an exemplary embodiment, NIC 7240 may include a network interface card, a network adapter, etc. NIC 7240 can connect to network 7300 via a wired interface, wireless interface, Bluetooth interface, optical interface, etc. NIC 7240 may include internal memory, a DSP, a host bus interface, etc., and can be connected to processor 7210 and / or switch 7230 via the host bus interface. The host bus interface can be implemented as one of the examples of interface 7254 described above. In an exemplary embodiment, NIC 7240 can be combined with at least one of processor 7210, switch 7230, and storage device 7250.
[0179] In storage servers 7200 to 7200m or application servers 7100 to 7100n, the processor can send commands to storage devices 7150 to 7150n and 7250 to 7250m or memories 7120 to 7120n and 7220 to 7220m to program or retrieve data. Here, data error correction can be performed using an error correction code (ECC) engine. The data can be data that has undergone Data Bus Inversion (DBI) or Data Masking (DM) and can include Cyclic Redundancy Check (CRC) information. The data can be encrypted for security or privacy.
[0180] Storage devices 7150 to 7150n and 7250 to 7250m can send control signals and command / address signals to NAND flash memory devices 7252 to 7252m in response to a read command received from the processor. Therefore, when reading data from NAND flash memory devices 7252 to 7252m, a read enable (RE) signal can be input as a data output control signal to output data to the DQ bus. The RE signal can be used to generate a data strobe (DQS). Command and address signals can be latched into the page buffer based on the rising or falling edge of the write enable (WE) signal.
[0181] Controller 7251 can control the overall operation of storage device 7250. In an exemplary embodiment, controller 7251 may include static random access memory (SRAM). Controller 7251 may write data to NAND flash memory device 7252 in response to a write command, or may read data from NAND flash memory device 7252 in response to a read command. For example, write commands and / or read commands may be provided from processor 7210 in storage server 7200, processor 7210m in another storage server 7200m, or processors 7110 to 7110n in application servers 7100 to 7100n. DRAM 7253 may temporarily store (buffer) data written to or read from NAND flash memory device 7252. Moreover, DRAM 7253 may store metadata. Here, metadata includes user data or data generated by controller 7251 to manage NAND flash memory device 7252. Storage device 7250m may include a security element (SE) for security or privacy. Figure 29 The security element (SE) shown is located outside the memory controller, but the exemplary embodiments are not limited thereto. In some exemplary embodiments, the security element (SE) may be embedded in the memory controller.
[0182] A storage device according to an exemplary embodiment may include a structure that allows damage to an integrated circuit (IC) caused by the user's physical force by connecting each structure to a safety element.
[0183] Additionally, the storage device according to an exemplary embodiment may include a structure for attaching identification information, such as barcode / QR / RFID, to a security element and a retrieval structure of the storage device.
[0184] Additionally, the storage device according to an exemplary embodiment may include an antenna attachment structure for wireless power transmission within the storage device.
[0185] The content of this disclosure described above is merely a specific exemplary embodiment used to carry out this disclosure. This disclosure may include abstract technical ideas and conceptual ideas that can be used as future technologies, as well as concrete and practical available means.
[0186] As described above, according to exemplary embodiments of the present disclosure, a storage device and its data corruption method can safely and easily perform data corruption operations by deleting internal data of a security element.
[0187] Furthermore, the storage device and its data destruction method according to the exemplary embodiments can achieve data destruction at low cost by using a secure element to perform the data destruction operation.
[0188] Although exemplary embodiments have been shown and described above, it will be apparent to those skilled in the art that modifications and variations may be made without departing from the scope of this disclosure as defined by the appended claims.
Claims
1. A storage device, comprising: At least one non-volatile memory device; The memory controller is configured to encrypt data using key information and store the encrypted data in the at least one non-volatile memory device, or to read encrypted data from the at least one non-volatile memory device and decrypt the read encrypted data using key information, and is configured to output the decrypted data to an external device. A security element, connected to the memory controller, is configured to store key information and perform data corruption operations when the security element is separated from the memory controller; as well as A wireless power receiver is configured to receive wireless power from an external wireless device via at least one antenna without a separate internal power supply when the data corruption operation is performed, and to supply wireless power to the security element.
2. The storage device according to claim 1, wherein The at least one non-volatile memory device includes a NAND flash memory device or a phase-change memory device.
3. The storage device according to claim 1, wherein The memory controller includes a cryptographic module configured to encrypt data using key information or to decrypt read encrypted data using key information.
4. The storage device according to claim 1, wherein The security element is a security chip, and The security chip is connected to the memory controller via a first flexible printed circuit board (FPCB).
5. The storage device of claim 1, wherein the security element is further configured to perform the data corruption operation in response to a data corruption signal.
6. The storage device according to claim 5, wherein The data corruption signal is generated through the internal strategy of the memory controller.
7. The storage device according to claim 5, wherein The data corruption signal is received from an external device via wired or wireless means.
8. The storage device according to claim 1, wherein The data corruption operation includes destroying the key information used to execute the encryption algorithm.
9. The storage device according to claim 1, wherein The data corruption operation includes deleting the mapped data of the at least one non-volatile memory device or deleting user data.
10. A method for destroying data in a storage device as described in any one of claims 1-9, the method comprising: It receives wireless power from an external wireless device outside the storage device via at least one antenna without requiring a separate internal power supply; When the security element is separated from the memory controller, it uses received wireless power to perform a data corruption operation.
11. The method of claim 10, wherein Performing data corruption operations includes destroying the key information required for encryption and decryption operations.
12. The method of claim 11, wherein Destroying key information includes overwriting security data on the memory where the key information is stored.
13. The method of claim 11, wherein Destroying key information involves performing an erase operation on the memory where the key information is stored.
14. The method of claim 10, further comprising: Receive data corruption signals from the external wireless device; as well as Perform data corruption operations in response to data corruption signals.
15. The method of claim 14, further comprising: After the data corruption operation is completed, a completion signal will be sent to the external wireless device.
16. The method of claim 14, further comprising: Receive authentication request signal from the external wireless device; In response to an authentication request signal, perform an authentication operation on the external wireless device; as well as After the authentication process is completed, perform a data corruption operation.
17. The method according to claim 10 or 16, wherein Performing a data corruption operation includes deleting data from at least one non-volatile memory device.
18. The method of claim 17, wherein Deleting data includes deleting the mapping data of the at least one non-volatile memory device.
19. The method of claim 18, wherein Deleting mapped data includes overwriting the mapped data or performing an erase operation on the mapped data.
20. The method of claim 17, wherein Deleting data includes deleting user data from the at least one non-volatile memory device.
21. The method of claim 20, wherein Deleting user data includes overwriting user data or performing an erase operation on user data.